Re: procfs in OpenBSD
if it's use is far from recommended, indeed rather forbidden, why is it left to rot? It is left there for historical reasons, because some old applications may use it. For new applications we do not use it, but prefer to use a properly designed sysctl or ioctl interface to retrieve information from the kernel. The major reason for moving away from procfs is that there are numerous TOCTOU problems.
Re: procfs in OpenBSD
hmm, on Fri, Sep 25, 2009 at 02:44:07PM -0600, Theo de Raadt said that The major reason for moving away from procfs is that there are numerous TOCTOU problems. out of curiousity, in principle, what is the difference between accessing a through /procfs and the same value through sysctl, and/or kernel memory? isn't procfs just a window to peek at those values? no. also, don't the other systems care about these TOCTTOU problems? or they do it in a correct, secure way? what happens if you read procfs files byte by byte, with sleeps between?
Re: 4.6 arriving
On Fri, Oct 2, 2009 at 12:19 PM, Dave Anderson d...@daveanderson.com wrote: The CD set showed up in today's mail (near Boston, Mass.) Dave I received ship notice this morning. So, after all, Oct 1st (-ish) did end up to be the release date(?). Every release, we have tried to ship the CDs before the actual release date so that a large fraction of our users get them just bnfore the release date. We may have to open up the FTP servers slightly before November, to satisfy the users who purchased CDs and who now find themselves without a full set of 'packages'.. we will try to figure out what day. But we won't open up the ftp servers today. I want a sizeable percentage of purchasers to receive their product first. So we'll see how it goes.
Re: 4.6 arriving
But we won't open up the ftp servers today. I want a sizeable percentage of purchasers to receive their product first. Is setting a password on the new package hierarchy and including the password with the CD feasible or desired? I don't see any benefit to that.
Re: 4.6 arriving
But we won't open up the ftp servers today. I want a sizeable percentage of purchasers to receive their product first. Is setting a password on the new package hierarchy and including the password with the CD feasible or desired? Actually, I want to be a bit more long winded about this. Have you thought this through, at all? So we should go out and talk to all the ftp server admins, and have them set this up? OK, let's skip that, since it is too much work for PEOPLE WHO VOLUNTEER THEIR BANDWIDTH FOR YOU AND I AND EVERYONE ELSE. So, we'll set it up on only a few special ftp servers, and then they will get slammed off the internet when someone leaks that password. Yeah, that will sure encourage continued support from PEOPLE WHO VOLUNTEER THEIR BANDWIDTH FOR YOU AND I AND EVERYONE ELSE. So... did you think it through, or as is so typical these days, did you only think of yourself? For instance, OpenSSH hit it's 10 year and a total of 16 people donated in the last 48 hours. $1000 collected because of such a special occasion really is not going go to far. If $1000 is collected for such a special occasion, can anyone guess what the total is for a year? How do hackathons get run? Where does the magic come from? It's just another example of everyone only thinking of themselves, more so these days. Some days I want to just quit and say fuck it all. You, members of the world, deserve to live in the filth of telnet.
Re: 4.6 arriving
On Saturday, October 3, 2009, 02:13:51, Theo de Raadt wrote: But we won't open up the ftp servers today. I want a sizeable percentage of purchasers to receive their product first. Is setting a password on the new package hierarchy and including the password with the CD feasible or desired? Actually, I want to be a bit more long winded about this. Have you thought this through, at all? Nope, not at all. It was just an idea tossed out to: - see if it had any merit - perhaps spark some other thoughts on how to increase CD purchases - or to get flamed Its obvious which one you chose. I don't believe you. You suggested it because you only thought of your own benefit, not of the amount of work others would have to do.
Re: 4.6 arriving
Nope, not B at B all. B It was just an idea tossed out to: B - see if it had any merit B - perhaps spark some other thoughts on how to increase CD purchases B - or to get flamed Its obvious which one you chose. I don't believe you. B You suggested it because you only thought of your own benefit, not of the amount of work others would have to do. Perhaps not everyone who uses OpenBSD has your depth of understanding of all these processes, Theo. You're obviously intimately acquainted with them, but it is possible Rod might not have been. You make very salient points about the suggestion being completely unfeasable, but it seems quite possible that Rod thought he was making a simple suggestion to solve a perceived problem. Reading between the lines, it seems likely that Rod is also a subscriber to the disc set and might perhaps feel a little taken aback at the vehemence of the response. And yes, it might be that he's just some schmoe with a mate who's gonna give him this password he's suggesting... But to assume that would also assume a much greater depth of thought than you've otherwise attributed. You're right. Everything else which we do is so complicated, so why can't we coordinate 50+ people we don't know to setup special accounts on their ftp servers. Why can't we do something so trivial? Must be simple resistance. Or we must be utterly incompetent morons to not be able to do that! Good god! We're such morons, why trust us for anything at all. I am just plain fed up with the bullshit you cowards spew.
Re: batch -f command does not know working directory info at invocation time
On Mon, Oct 05, 2009 at 17:14 -0400, you wrote: On Mon, Oct 5, 2009 at 4:00 PM, Bernd Siggy Brentrup b...@free-it.org wrote: AFAICT from at(1), the code is still mostly T-Rex's implementation. You may want to have a look at https://launchpad.net/~at-ng for a reimplementation from scratch, The client side is mostly done I don't think one small bug is sufficient reason to replace a generally working BSD licensed program with a GPL one. The oldest sources by Thomas Koenig (aka T-Rex) I have at hand (3.1.8 iirc) definitely carry a GPL license statement. I'm curious in how far openBSD's source code for at differs to warrant a different license if at all possible. Up to now I only checked the manpage. btw, Debian's at package has collected ~60 open bug reports over the years, dunno if they apply to openBSD's at too. Really. How interesting. The word on the street is that your stuff is the biggest pile of shit. 400 bug reports, I hear. Or, wait, did you want to start a constructive discussion? It sure doesn't look like it. Let's keep it simple. Why don't you just go away, and stop acting the fool?
Re: batch -f command does not know working directory info at invocation time
The word goes Theo de Raadt himself is driving away ppl from using openBSD by pissing them of publicly. I am more than happy to drive away people who come to our mailing list trying to sell their wares.
Re: mkisofs(1) reference in mkhybrid(1) man page
I see that there exists a reference to an earlier mkisofs man page within the mkhybrid(1) man page, whereas no such man page seems to exist. There is a mkisofs.c which seems to be incorporated into mkhybrid nowadays, but I don't think there is any intention to support a man page for it. Would submission of a diff to just eliminate the (1) reference, inside the man page for mkhybrid, be appropriate? No. This is a nasty piece of imported code. We tend to leave problems like that untouched, because otherwise it just creates a conflict next time we update it. There are very few places in the tree left with this.
Re: VirtualBox2.2+OpenBSD4.4 (fail)
Is it that VirtualBox isn't emulating x86 hardware properly? Or, is it a bug in obsd? (I am thinking the former). Any Ideas/suggestion are entertained (Trying in VMware right now) Yes, Virtualbox is not emulating a PC correctly.
CD Distribution
Please be nice to the other distributors shipping OpenBSD CD's. Not all of them have the CDs yet to distribute. Be patient.
Re: mmap'ing to address 0x0
I was reading some information that indicated that letting user process to map to address 0x0 can exploit some kernel NULL-pointer bugs. I checked how different operating systems mitigate this problem and I found information about Linux and FreeBSD. I was trying to find the same information for OpenBSD with no luck. Can anybody help me with this one? We have been aware of the particular problem (which results from an architectural decision made by some machines) for many years, and it took us a long time to decide what to do. Eventually we decided to make userland suffer. Unfortunately we only fixed it in the middle of last year. Other platforms do not have this problem, since the kernel runs in an un-shared address space. CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2008/06/24 15:24:03 Modified files: sys/arch/alpha/include: vmparam.h sys/arch/amd64/include: vmparam.h sys/arch/arm/include: vmparam.h sys/arch/i386/include: vmparam.h sys/arch/sh/include: vmparam.h sys/arch/sparc/include: vmparam.h sys/arch/vax/include: vmparam.h sys/arch/sh/sh : trap.c Log message: On user/kernel shared page table machines, do not let processes map their own page 0, as discussed with miod (and many others previously, including art and toby). On sparc, make this __LDPGSZ because PAGE_SIZE is non-constant ok miod tedu
Re: Auditing code
I'd like to start auditing code for a few classes of defects. Would the bugs list be the correct place to submit a pile of diffs? Just mail the people who last worked on the code, and if that does not work, feel free to mail me and I will tell you who to talk to. The defect classes I'm looking at are gleaned from Ian Darwin and Geoff Collyer's 1985 USENIX paper, Can't Happen [1]. BSD 4.2 took a beating almost 25 years ago; OpenBSD still has some room for improvement. I think you are wrong. Two examples: - Check that input files aren't directories; indent doesn't check, and auditing would be an excuse to get my eyeballs on more code. The kernel handles that. % indent dir indent: dir: Is a directory - Handle signals correctly, e.g., /* catch interrupts iff not ignoring them */ if (signal(SIGINT, SIG_IGN) != SIG_IGN) (void) signal(SIGINT, onintr); I assume you are talking about resetting the signals when they are caught. That is not required in BSD unix. Unix has not stayed the same. It seems that paper was written according to ancient Unix.
Re: Questions for OpenBGPd Developers
In my case it has nothing to do with whether or not millions of people use a particular OS but simply that I am constrained to Linux for this project and it is non-negotiable. So I could use that as an excuse to ignore OpenBGPd but I think it's a nice BGP implementation and I think it may be a nice implementation on Linux too, or maybe not, that is the reason for my questions here, which have been answered very well by Claudio and Henning and others. The message has been misunderstood. Let me be clear, here are the two messages: Firstly, Linux has a routing socket and in-kernel routing table which lacks the right capabilities, so you won't get all you want. Secondly, Henning and Claudio don't do slave labour.
Re: WARNING: / was not properly unmounted
I was having this issue with -current from Oct 9th, and now with -current from Oct 14th. Basically, I issue: # halt -p And get all the proper messages, including the: Synching Disks... Done. That happens just before the power is flipped off. Everytime I turn the machine back on, I get the WARNING: / was not properly unmounted and fsck is run, and marks all the filesystems as clean. Just in case, I issued a: # shutdown now dropped into single user mode and ran fsck on all partitions manually, marked them all as clean and issued: You have a multiprocessor machine. This issue is known... and we think we know how to fix it. It affects only a few people, which is curious.
OpenBSD 4.6 release Oct 28, 2009
there. Note: If you end up needing to write a raw floppy using Windows, you can use fdimage.exe located in the pub/OpenBSD/4.6/tools directory to do so. X.Org has been integrated more closely into the system. This release contains X.Org 7.4. Most of our architectures ship with X.Org, including amd64, sparc, sparc64 and macppc. During installation, you can install X.Org quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD. The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 4.6 ports collection, including many of the distribution files, is included on the 3-CD set. Please see the PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see BINARY PACKAGES, below). A large number of binary packages are provided. Please see the PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.6/PACKAGES) for more details. The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/4.6/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/4.6/ directory: xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz OpenBSD 4.6 includes artwork and CD artistic layout by Ty Semaka, who also arranged an audio track on the OpenBSD 4.6 CD set. Ports tree and package building by Jasper Lievisse Adriaanse, Michael Erdely, Simon Bertrang, Stuart Henderson, Antoine Jacoutot, Robert Nagy, Nikolay Sturm, and Christian Weisgerber. System builds by Theo de Raadt, Mark Kettenis, and Miod Vallat. X11 builds by Todd Fries and Miod Vallat. ISO-9660 filesystem layout by Theo de Raadt. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 4.6 CD-ROM or bought our previous CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Alexander Bluhm, Alexander Hall, Alexander von Gernler, Alexander Yurchenko, Alexandre Ratchov, Alexey Vatchenko, Anders Magnusson, Andreas Gunnarsson, Anil Madhavapeddy, Antoine Jacoutot, Ariane van der Steldt, Artur Grabowski, Austin Hook, Benoit Lecocq, Bernd Ahlers, Bob Beck, Bret Lambert, Can Erkin Acar, Chad Loder, Charles Longeau, Chris Cappuccio, Chris Kuethe, Christian Weisgerber, Claudio Jeker, Constantine A. Murenin, Dale Rahn, Damien Bergamini, Damien Miller, Darren Tucker, David Gwynne, David Hill, David Krause, Eric Faurot, Esben Norby, Federico G. Schwindt, Felix Kronlage, Gilles Chehade, Giovanni Bechis, Gordon Willem Klok, Hans-Joerg Hoexer, Henning Brauer, Ian Darwin, Igor Sobrado, Ingo Schwarze, Jacek Masiulaniec, Jacob Meuser, Jakob Schlyter, Janne Johansson, Jared Yanovich, Jason Dixon, Jason George, Jason McIntyre, Jason Meltzer, Jasper Lievisse Adriaanse, Jim Razmus II, Joel Sing, Joerg Goltermann, Johan Mson Lindman, Jolan Luff, Jonathan Gray, Jordan Hargrave, Joris Vink, joshua stein, Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding, Kurt Miller, Landry Breuil, Laurent Fanis, Marc Espie, Marco Peereboom, Marco Pfatschbacher, Marco S Hyman, Marcus Glocker, Mark Kettenis, Mark Uemura, Markus Friedl, Martin Reindl, Martynas Venckus, Mathieu Sauve-Frankel, Mats O Jansson, Matthias Kilian, Matthieu Herrb, Michael Erdely, Michael Knudsen, Michele Marchetto, Mike Larkin, Miod Vallat, Moritz Grimm, Moritz Jodeit, Nicholas Marriott, Nick Holland, Nikolay Sturm, Okan Demirmen, Oleg Safiullin, Otto Moerbeek, Owain Ainsworth, Paul de Weerd, Paul Irofti, Peter Hessler, Peter Stromberg, Peter Valchev, Philip Guenther, Pierre-Emmanuel Andre, Pierre-Yves Ritschard, Rainer Giedat, Ray Lai, Reyk Floeter, Robert Nagy, Rui Reis, Ryan Thomas McBride, Simon Bertrang, Stefan Kempf, Steven Mestdagh, Stuart Henderson, Ted Unangst, Theo de Raadt, Thordur I. Bjornsson, Tobias Stoeckmann, Tobias Weingartner, Todd C. Miller, Todd Fries, Will Maier, William Yodlowsky, Xavier Santolaria, Yojiro Uo
Re: less minor install issue
There used to be a message before the install script wiped out filesystems with newfs, listing the partitions and asking if you were sure. Was this removed, or did I somehow miss something? And WHY??? Because it is the install script. What did you think it was going to do. It's installing. It's job is to wipe disks. There is no need for stupid questions.
Re: Patch file for 4.6 isn't on the ftp server
the link on this site: http://www.openbsd.org/errata46.html for the .tar.gz file with all patches (001 and 002) isn't on the ftp server. Link directs to: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6.tar.gz I get 550 No such file or directory. Ah. A script wasn't updated. That file will be on some of the mirrors within a few hours.
Re: bioctl crypto passphrase file?
On Thu, Oct 22, 2009 at 3:01 PM, elias r. obs...@crudp.ath.cx wrote: thank you :) I'll update it later that day! one question: why did you choose tty over stdin? would using stdin be a security flaw? As you discovered, making it read from tty makes it harder for people to put their put their password in a script, which is generally a good idea. As well, -p /dev/stdin will work.
Re: less minor install issue
On Thu, Oct 22, 2009 at 5:41 PM, Nick Holland n...@holland-consulting.net wrote: Daniel Malament wrote: On 10/22/2009 5:37 AM, William Boshuck wrote: And here I thought I remembered the new installer being described as easier to use. It is. Were it not so quick it would be positively boring. Just don't set mount points for the partitions Perhaps I should clarify: IMO, not double-checking with the user about what specifically to wipe, especially when it used to, is a step back in 'usability' (in the Jakob Nielsen sense) - or to put it another way, user-friendliness. I presume you are talking about this question: The next step *DESTROYS* all existing data on these partitions! Are you really sure that you're ready to proceed? [no] y This question was asked AFTER you had fdisk'd and disklabled your disk. By this point, the data had been already potentially destroyed, I thought this question quite silly, in that it implies data has been safe up to this point...no, it hasn't, you have potentially been destroying things all over the place. Hey Nick, I don't wish to contradict you here, but ... I usually do installs and never upgrades. So what I do is keep /home out of the mount points in the disklabel stage, go through install, then re-add /home. I recall a while back, I did get to this stage and agreed to proceed and as the partitions were being newfs-ed I realized I had forgotten and included /home in the list. I ^C out before the /home slice was reached. I restarted the install, this time doing it correctly, and my data in /home was OK! Might have been a fluke ... but, it is what it is. You missed the point.
Re: PowerEdge 650 fan speed
People have the same issue with IBM servers - the fans run like crazy, and I believe it is the OS' responsibility to check temperatures and adjust fans as necessary. Not true. On a PC, it is acpi's responsibility to do that, if they even exist.
Re: powering off with shutdown -hp?
From the dmesg (below), this appears to be an old APM-based motherboard. The shutdown(8) manpage states that not all hardware supports automatic power down. That's fine if this hardware doesn't support it, but given the Attempting to power down... message, I am curious if it might be possible. apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured Your dmesg show that your machine can do apm and acpi. OpenBSD uses always apm if both is possible. Wrong. There is a sophisticated heuristic in play. Sometimes these old machines can poweroff only with acpi, but not with apm. Wrong. Something else is wrong. You can try to disable apm in the kernel config. OpenBSD then uses acpi. Maybe this works for poweroff. I have a old machine that can't poweroff with apm, but can do it with acpi.
Re: Partitioning an external USB drive through OpenBSD -- disklabel
Sorry for top-posting, but please: Disk sectors start with 1 Just pathetic. Hope you actually get a life sometime.
Re: What VM does OpenBSD run well under
It works under KVM. I vaguely recall mpbios0 and acpmiadt0 need to be disabled. Then it doesn't work. I've got this car, but the engine won't start. But it works fine, because if some friends help me I can push it down the road. We won't cripple OpenBSD just because the virtual machines out there are full of bugs. It should be a warning to you. How many of those bugs are holes? Your assumption is that none are. My assumption is that every single of them is some kind of hole.
Re: What VM does OpenBSD run well under
OpenBSD 4.5+ works if mpbios is disabled, more info here: http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04 OpenBSD 4.5 works on 99.9% of PCs out there with mpbios enabled, so KVM must have a really stupid bug.
Re: What VM does OpenBSD run well under
On Sat, Oct 31, 2009 at 05:50:57PM -0600, Theo de Raadt wrote: OpenBSD 4.5+ works if mpbios is disabled, more info here: http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04 OpenBSD 4.5 works on 99.9% of PCs out there with mpbios enabled, so KVM must have a really stupid bug. Something about the mpbios implementation on OpenBSD does not seem Wait. We don't implement MPBIOS. It is a table provided by a machine. That machine is KVM. On all real machines machine, we don't crash. Get it? right as disabling with 'bsd -c' does not have the same result as building a kernel with mpbios0 disabled in the config. That and your 99.9% comment lead me to believe there is a bug in OpenBSD. Given 1) Per mpbios.c ACPI and a useable MPBIOS appear to be mutually exclusive That would be false. 2) New PCs are shipping with ACPI instead of APM What is your point? 3) GENERIC with mpbios enabled breaks on 0.1% of PCs. No, that is not true. The result we get with KVM does not happen on *any real machine*. I'm at a bit of a loss as to why mpbios is still enabled in GENERIC. To make you cry, obviously. There couldn't be *any other explanation* could there? My memory of the brief discussion on the KVM mailing list was that KVM/QEMU emulation of one of the instructions executed by going through the mpbios code was mishandled. If you'd like me to find the relevant thread and forward it on to the mpbios maintainer, I'll gladly do so. MPBIOS is a table given by the hardware. KVM is trying to act as if it is hardware, but compared to even QEMU, it sucks. Now to pragmatic considerations. I understand and appreciate your mistrust of running OpenBSD under a virtual machine emulator. But there are folks like me that find it useful to be able to hold a dog and pony show for a network and cluster design on a laptop rather than an anvil case of laptops, switches, and routers. That is not what is going on here.
Re: pf n00b
The earlier poster (Jason) is right: this *is* the way a firewall should work -- spend your time on implementing the security policy and let the 'compiler' worry about efficiency. But since the others don't, it might be a good idea to go into this at some length. Since it just does what a good system should do, what is there to go into at length about? Yes, other systems taught you to hand-optimise. How do we go into don't do hand optimization at length? It is a manual page, not a howto.
Re: pf n00b
Since it just does what a good system should do, what is there to go into at length about? What it does. How it does it. If that were documented, it'd sure be easier to use the tools more effectively. It does what it does, how it does it, in the source code. Manual pages do not serve those purposes. pf(4) describes what pf is capable of. pf.conf(5) describes the grammer used to communicate with pf. pfctl(8) describes the flags and features of the front-end parser that converts text rules to requests against pf(4)'s capabilities. None of the manual pages can exhaustively describe the workings of pf without losing their purpose. Each of those manual pages are already far too long as it is. Yes, other systems taught you to hand-optimise. How do we go into don't do hand optimization at length? http://undeadly.org/cgi?action=articlesid=20060927091645 It is a manual page, not a howto. I was responding here to the remark about the man pages, and making the point that, IMHO, the statement was not correct. That posting was written more than 3 years ago. Then, as now, it was written _in that forum_ because it does not belong in the manual pages. The FAQ at the website and the books I'd been able to find don't explain this area either, although they do go into other areas in detail. Perhaps the way that pf works is not a FAQ. And perhaps the book authors did not research deeply enough into how pf works, to be able to write the best book. Perhaps their books simply regurgitate the best most common ways to use pf. I'd say that is fine for most. You want to dig in deeper? Well, the source code is available. And yes, if lots of people are using pf wrong? So what. It meets their purposes. The earlier posts told me where to go to fill in a lot of holes; the info's out there. It's just hard to find for someone new to the 'culture' (who didn't know about undead yet). And it strikes me as odd that what looks like a significant advantage over other ways of doing things is so kept under wraps. You've been told twice now that it is not under wraps. Stop it: set ruleset-optimization basic Enable basic ruleset optimization. This is the default behaviour. Basic ruleset optimization does four things to improve the performance of ruleset evaluations: 1. remove duplicate rules 2. remove rules that are a subset of another rule 3. combine multiple rules into a table when advanta- geous 4. re-order the rules to improve evaluation perfor- mance none Disable the ruleset optimizer. profile Uses the currently loaded ruleset as a feedback profile to tailor the ordering of quick rules to actual network traffic. It is important to note that the ruleset optimizer will modify the ruleset to improve performance. A side effect of the ruleset modification is that per-rule accounting statistics will have different meanings than before. If per-rule accounting is impor- tant for billing purposes or whatnot, either the ruleset optimiz- er should not be used or a label field should be added to all of the accounting rules to act as optimization barriers. Optimization can also be set as a command-line argument to pfctl(8), overriding the settings in pf.conf. I've been running OpenBSD for only a few days, and I'm just beginning to take a few baby steps -- I'm sorry if I stepped on some toes. I certainly didn't intend to. FWIW, I'm willing to put my time where my mouth is and see if I could fix what I claim is bent. I'm way not qualified to do that on my own yet, but I might be able to help... We always accept diffs. If the manual pages are not super clear, try to write small diffs to help improve them. First of all that means you must understand the central purpose to each manual page. Whatever gets added to it must follow in the main direction of the page.
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
[bcc'd to Dan Goodin @ theregister] If anyone wants a choice quote from me about the recent Linux holes, this is what I have to say: Linus is too busy thinking about masturabating monkeys, he doesn't have time to care about Linux security. For the record, this particular problem was resolved in OpenBSD a while back, in 2008. We are not super proud of the solution, but it is what seems best faced with a stupid Intel architectural choice. However, it seems that everyone else is slowly coming around to the same solution. The commit message: CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2008/06/24 15:24:03 Modified files: sys/arch/alpha/include: vmparam.h sys/arch/amd64/include: vmparam.h sys/arch/arm/include: vmparam.h sys/arch/i386/include: vmparam.h sys/arch/sh/include: vmparam.h sys/arch/sparc/include: vmparam.h sys/arch/vax/include: vmparam.h sys/arch/sh/sh : trap.c Log message: On user/kernel shared page table machines, do not let processes map their own page 0, as discussed with miod (and many others previously, including art and toby). On sparc, make this __LDPGSZ because PAGE_SIZE is non-constant ok miod tedu There are four things interesting about this change: 1) The #1 reason why the Linux team has not commited this by default is because it breaks Wine, which wants to play with page 0 -- so basically they are resisting this for Windows binary compatibility Ironic, isn't it? If anyone else tells you that is not the #1 reason, they are lying. We decided we don't care about Wine. 2) At least three of our developers were aware of this exploitation method going back perhaps two years before than the commit, but we gnashed our teeth a lot to try to find other solutions. Clever cpu architectures don't have this issue because the virtual address spaces are seperate, so i386/amd64 are the ones with the big impact. We did think long and hard about tlb bashing page 0 everytime we switch into the kernel, but it still does not look attractive from a performance standpoint. 3) Last week a bug was found in OpenBSD's kernel which was locally exploitable before the commit on Jun 24, 2008. Afterwards that fix, it simply becomes a kernel crash; you cannot gain priviledge from it. The reality is that kernel bugs will always exist, no matter how hard we try. Our focus therefore is always on finding innovative ideas which make bugs very hard to exploit succesfully. Bugs will exist. At least they should be more difficult to exploit. 3) Note the date of the commit, 2008/06/24. Interestingly, this commit was done 1 month before Linus posted this: http://article.gmane.org/gmane.linux.kernel/706950 I'm glad we care about security and trying to make things better, and I am glad that Linus prefers to write articles about monkey masturbation. In life, everyone should stick to what they know the most about. Because Linus knows dick all about security research.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
Theo de Raadt wrote: http://article.gmane.org/gmane.linux.kernel/706950 I replaced Linux around '01 or '02 with OpenBSD both at companies I've worked for since and at home. I don't really care what other people use for their needs, and I've been neutral in my opinion about Torvalds and Linux (mostly because I don't pay any attention to what he or anyone else in the Linux crowd have to say.) I didn't move to, or stick with, OpenBSD as an anti-Linux (or anti-anything) statement. My opinion changed today when I read Linus' email from Theo's link. Linus seriously thinks that any random bug in any app that causes a crash is just as important as a security hole that gets your box rooted? Now I don't just think he's an idiot, I know it. Now I understand the background to the disparaging comments Theo has made about Linus now and then. Don't tell us; we know. Tell linus. You can google for his email address. Not that he'll care. He's too busy watching monkey porn instead of building researching last-year's security technology that will stop an exploit technique that has been exploited multiple times. He's got redhat to try to cover for that now, they're a public company filling his bank account, and the best way to increase his stock is to accuse other people of having the wrong standards. Security technology? Why does he need to bother. He's got NSA to write that code for him! (a previous exploitable hole using this exploit mechanism was in NSA-donated code. And God bless America.)
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability
For the record, this particular problem was resolved in OpenBSD a while back, in 2008. Nice, but: Since 2.6.23, it has been possible to prevent applications from mapping low pages (to prevent null pointer dereferencing in the kernel) via the /proc/sys/vm/mmap_min_addr sysctl, which sets the minimum address allowed for such mappings. 2.6.23 released: Tue, 9 Oct 2007 Ref: http://lkml.org/lkml/2007/10/9/241 http://james-morris.livejournal.com/26303.html And that knob was turned off.
Re: Installing OpenBSD on SSD drives
2009/11/5 Jean-Frangois SIMON jfsimon1...@gmail.com: Hello, Is there any particular problem with installing OpenBSD on a SSD HD ? I've been using flash based SSD's in OpenBSD systems for 6 or 7 years, starting with small CF in firewalls and now SATA SSD's in desktops and laptops. Never had a problem installing to them and never had one go bad. I just use noatime, softdep and no swap (but I guess looking at the opinions of devs here, no swap is now just a bad habit). As a result of your luck, tomorrow you will be hit by a bus. Or so say the internet-surfing drama queens on our mailing lists.
Re: OT: VMware on Donations page
On Saturday 07 November 2009 18:45:08 TomC!E! BodEC!r wrote: Hi all, I'm just curious (from informational point of view) why is VMware on donations.html webpage. Is it safe to say for what they send money or was it just donation without specific target? Thanks a lot I know you are curious Tomas, but I don't think it would be good policy for the OpenBSD folks to say why people donate. Actually, they don't know why, in the majority of cases. Just appreciate that they did. That's right.
Re: Truncation Data Loss
On Tue, Nov 10, 2009 at 4:29 AM, Nick Guenther kou...@gmail.com wrote: So, as nicely summarized at http://www.h-online.com/open/news/item/Possible-data-loss-in-Ext4-740467.html, ext4 is kind of broken. It won't honor fsync and, as a /feature/, will wait up to two minutes to write out data, leading to lots of files emptied to the great bitbucket in the sky if the machine goes down in that period. Why is this relevant to OpenBSD? Well sometimes I've been writing a file in vi or mg and had my machine go down, and when it comes back I find that the file is empty and I'm just trying to figure out if this is just because the data wasn't fsync'd or if it's because of softdep or what. softdep has that effect. The file was created and then data written. But softdep cares more about the first op than the second, so there's a window where crashing will cause you to wake up with empty files. Without softdep, it's more likely you'll have your data (though it may even be the old version, and you may have to look in lost+found for it). softdep works fine with fsync, but the old unix trick of write data then rename leads to empty files, because the rename is sped up but the data isn't. There is a very simple explanation for why things are so. Actual data file loss has never been what these things were coded for. filesystem *tree and meta-data*, ie. the structure of how things are knit together, is the main concern. If you lose the filesystem tree structure, you've lost all your files, not just the newest ones. Therefore the goal is safe metadata handling. The result is you can lose specific data in specific (newly written to) files, but the structure of the filesystem is consistant enough for fsck to not damage it. If you want to never lose data, you have an option. Make the filesystem syncronous, using the -o sync option. If you can't accept the performance hit from that, then please accept that all the work done over the ages is only on ensuring metadata-safety for a low performance penalty. It has never been about trying to promise file data consistancy when that could only be achieved by syncronous file data writing.
Re: which raid card? [was: aac raid status]
On Tue, Nov 10, 2009 at 08:37, Marco Peereboom sl...@peereboom.us wrote: mfi, there basically is no competition these days. I currently have a MegaRAID 8X, and the 48-bit LBA limits logical drives to 2TB. I can't speak for the other LSI offerings, but this would definitely be something to check into depending on your needs. In my case, I need something larger, and am currently looking at an ARC-1220 to replace it. Areca products seem to be well supported, although I welcome someone to disprove this statement - as I'm in the market for a new card. You say MegaRAID 8X in response to someone saying mfi?
Re: Truncation Data Loss
Okay, one last question: one of the original softdep papers (http://www.usenix.org/publications/library/proceedings/bsdcon02/mckusick.htm l) is all about how softdeps can avoid fsck, but I just set softdep on all my filesystems, rebooted (to start fresh), wrote some files, wrote some more files, edited the first files, and jacked the power plug right after it said wrote. When the system came up fsck ran, what gives? Does OpenBSD only implement softdep for the write speedups? I'm just really confused about what softdep -is- I guess. What semantics get changed? Do all the BSDs use the same softdep code? Did they pick and choose ideas from the original softdep papers? You are misreading the fsck manual page. Let me take you through it: fsck - file system consistency check and interactive repair Note what it says carefully. It says file system. It does not say file consistency check and interactive repair. If you want your files to not lose a byte, use the sync option. Come on. Just do it. Give it a try. Then you will understand.
Re: POOR support for layer 7 security in OBSD. Options or another OS?
Indeed, mod_security is only currently available for apache-1.3. But I think the lack of modsecurity-2.x is only because nobody has stepped up to complete the port, not because of any technical hurdles. As i said, modsecurity 2 is only compatible with apache2, otherwise I would be able to install modsecurity2 on top of apache1 and that is not the case because of library differences. Well perhaps more people should have gotten upset when Apache started adding contract law language to their copyright notice.
Re: IP Aliasing with DHCP
On Wed, Nov 11, 2009 at 6:19 PM, Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar wrote: I'v already seen the alias option for ifconfig, however, it always refers to static IPs, and I've found no reference to this being possible with dynamic IPs. Is this possible? A single interface, with TWO dynamic IPs? This is completely untested (and using very recently added to -current), but could you create a bridge(4) connecting the primary interface to several vether(4) interfaces, and then run dhclient on each vether with a dhclient.conf with 'supercede network-mask 255.255.255.255' for each? No idea if this would actually work though... It should, but I think a few more things need to get fixed before that. The bridge is not very efficient, though.
Re: parfait
I noticea tool called parfait is being used by some OpenBSD developers to check code for problems. Is parfait available to average people? Can't find a download for it. http://research.sun.com/projects/parfait We aren't using it. The people who work there ran it against our entire codebase and sent us a log. There's a fairly large number of false positives to go through, but some problems are real and worth fixing. This is the second time they have sent us a log. For me, it is a game to see how quickly we can go through the entire dump of errors they give us, fixing all of them. Almost done.
Re: OT: Have you hugged your local OpenBSD dev lately?
Before everyone goes too bonkers, consider exactly how safe/dangerous this behavior actually is on a single user machine. Food for thought. Think to yourself: what *exactly* is the difference between the only user account on your machine and root? How are you safe? Not everyone runs firefox as root, like you Ted. Blurring all the lines is the wrong assesment. Yes, a lot of safety is about hurdles. The sidewalk is raised to a different height than the road as a hurdle, and it has a safety benefit. It reduces the danger for pedestrians because drivers don't what want the hurdle of replacing their rims. That is safety. I prefer the hurdles.
Re: SHA256 still used or not ?
I'm installing -current from snapshots, from time to time. I use to download the .iso file then burn it and check the files on cdrom against SHA256 file downloaded together with .iso. Since some time, the x*.tgz are reported as FAILED in this check. I send another email to the list, I got one answer but I'm not able yet to get the idea. So, I ask again, is still this SHA256 used for _all_ files or it is just for non x* files in snapshots? Should I use it to check the files snaphots or not ? Because if I don;t have this check, how could I be sure about files integrity after download and even after burning ? The SHA256's of the sets build just before bsd.rd are encoded directly into the bsd.rd. This is no PKI. It means the bsd.rd can only validate the sets that were built at the same time. If time passes, the bsd.rd will not recognize the next set of files. We cannot even promise that the SHA256 file in the directory matches what the bsd.rd file knows. The ftp servers are not atomic.
Re: SHA256 still used or not ?
Using cdio I burn a cdrom , mount it and then run inside i386 directory the same command 'cksum -a sha256 -c SHA256', SHA256 being the file I mentioned first - the one downloaded with the .iso file, from the same ftp directory. That's how I get FAILED for x*.tgz files. The X snapshots are not neccessarily built atomically with respect to the other stuff. Sorry.
Re: allow dhcpd with pf
Where are the details written up for how pf is bypassed by dhcpd and dhclient? Would that mean that the machine with dhcpd could still serve dhcp requests despite a filter ruleset like this: block in all pass out all Damn right it will. Where is it written up? In the manual pages. I can't believe we are here in 2009 and people still believe they can get away with being an idiot because they believe they are above doing research: From the dhclient manual page: You must have the Berkeley Packet Filter (BPF) configured in your kernel. dhclient requires at least one /dev/bpf* file for each broadcast network interface that is attached to your system. See bpf(4) for more informa- tion. See that last sentence? From the bpf manual page: The Berkeley Packet Filter provides a raw interface to data link layers in a protocol-independent fashion. All packets on the network, even those destined for other hosts, are accessible through this mechanism. See that last sentence? All packets on the network.
Re: X issue with Nov 24 amd46 snap
Me too, I updated my kernels yesterday, hoping to get to recent userland during the day and got this very experience twice on my X60s (i386). Intel gfx on it also. Mouse moves, some distorted pixels but apart from that, no life. Caps/num/scroll lock wouldnt flip the LEDs anymore. So something like 2 weeks old userland, and yesterdays -current for kernel reproduces it for me. If you mix and match, it is your own problem.
Re: OpenBSD on Xserve G5 dual core, 2 GHz
We're considering replacing our PII based OpenBSD DNS servers with some surplus Xserve G5 dual core, 2 GHz. While the OpenBSD PPC page lists this model as being know to work, it states SATA does not work on PowerMac G5 and Xserve G5 systems. Is that still current? Yes. Are there any work around measures? Put an mfi or mpi card in it which has OFW. But there are other issues in 4.6, too. I think bsd.rd right now locks up at boot. I don't think anyone is digging into that right now.
Re: having 4.6 on amd64 panicing when pfsync runs over ipsec
panic: tcp_output: template len != hdrlen - optlen Stopped at Debuuger+0x5: leave RUN AT LEAST 'trace' .. You didn't run trace, why not? You don't want the bug fixed, do you.
Re: df - du discrepancy
After it's been up for a few weeks I start seeing discrepancies between what df tells me is free space and how much space du reports as being used. A few weeks ago I got 'disk full' errors and rebooted the thing which solved it for the moment, but not permanently. From the newfs manual page: -m free-space The percentage of space reserved from normal users; the mini- mum free space threshold. The default value used is 5%. See tunefs(8) for more details on how to set this option.
Re: uthum1
Why does a uthum(4) unit show up as two devices? The sensors are only attached to the second one. uhidev2 at uhub2 port 2 configuration 1 interface 0 Ten X Technology, Inc. TEMPer sensor rev 1.10/1.50 addr 4 uhidev2: iclass 3/1 uthum0 at uhidev2 uhidev3 at uhub2 port 2 configuration 1 interface 1 Ten X Technology, Inc. TEMPer sensor rev 1.10/1.50 addr 4 uhidev3: iclass 3/0 uthum1 at uhidev3 $ sysctl hw.sensors | grep uthum hw.sensors.uthum1.temp0=22.31 degC (temp) hw.sensors.uthum1.percent0=41.98% (humidity) There are two uhid's on the device. The first one is a eeprom that says which type of sensor it is. Not connecting it as a device is more difficult than connecting it.
Re: CPUID support on top
Not sure if useful to anyone else, but here it goes a patch that adds a new column to top, showing the last CPUID where a process has been seen. Other top implementations have this feature, which can be useful on some situations. Not needed. It is already there in the STATE field, after the /
Re: Open Source hardware (Re: can't get vesa @ 1280x800 or nv)
You are a prick.
Re: hw.setperf on HP Elite Book
No really, what could possibly set hw.setperf besides sysctl (which I do not call) and apmd (which is not running)? And where does the number 5 come from? Or, what obvious triviality have I overlooked? Is hw.setperf meaningless when apm/acpi is disabled? The kernel is manipulating this. I've already told the guilty parties that they are wrong in doing so.
Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]
So .. in the end, the fact that ComixWall uses OpenBSD as it's fundation, _does_ help promote OpenBSD use and expand it's user base Bullshit. Please get this off our lists.
Re: SMP
Soo... Your performance requirements may met by OpenBSD despite it's current poor SMP support - other OSes will scale on SMP. Trade-offs, trade-offs... It's a psychological issue. We have all this multicore hardware that doesn't get taken advantage of by this OS, and it's always in the backs of our minds, but the security and simplicity trade-offs may be worth it anyway, so screw the hardware. Or put it another way. I couldn't help but smile when someone told me their 16-way SMP box had been holed by a bug in their ld.so.
Re: Why is getaddrinfo breaking POSIX?
I did a quick perusal of the source (and compared it against the NetBSD tree) and it looks like the easiest way to make getaddrinfo() thread safe is to TURN OFF Yellow Pages (pee). NetBSD changes the only variable globals to local (in they yp code by removing the caching optimization) and puts a mutex in the yp code to protect its global variables. I would do the work but I can't test it (I have refused to use YP for the last 17.5 years). If someone volunteers to test, I'll rework the code. It would be silly to turn off YP to solve this. It's much like saying that the simplest way to avoid children being hurt in car accidents during their teens is to abort them at birth. YP is good stuff. It is going to get us LDAP for nearly free.
Re: Inside Out Networks Edgeport USB Serial Adapters
Aaron Mason On top of that the firmware is a sort of binary blob, which will never be used in any OpenBSD system. Nonsense, binary firmware/microcode images are perfectly acceptable in OpenBSD, so long as the redistribution terms are clearly defined and suitable. That's completely true. If the redistribution terms make the firmware become just free data, then we can distribute it, and use it. Binary-only *drivers* however are not acceptable, these would have to be loaded into kernel space.. performing all sorts of black magic that would complicate development. Completely true. In this case, I found a site which seems to indicate a few models require a separate driver.. however it also indicates that later models use a TI-based chip, perhaps it might be possible to adapt the uticom(4) driver? http://www.kroah.com/linux/usb/edgeport/ I don't know what that site means either. Get it working, and get back to us.
Re: A question about puting OpenBSD on a Soekris
On Tue, 15 Dec 2009 15:15:25 -0500, Ted Unangst ted.unan...@gmail.com wrote: As the manufacturers point out, 10,000 write cycles (basically the minimum) means you can overwrite the flash once per day for 27 years. That's a lot of IO for a soekris. It's possible to kill CF cards doing builds or similar. The wear leveling isn't that great. I've been at this for a while, as you might guess. I've only ever seen two CF cards die. Around ten years ago, when they came to the market. I've used hundreds for various purposes. I've run a zaurus on a CF card (replace the drive to make it faster and run last longer). They never die. Same with SD and XD cards. I've taken nearly a hundred thousand photos and none of my cards are dead. The cards just plain don't die, and apparently the meme won't either.
Re: A question about puting OpenBSD on a Soekris
i havent been using flash media as long as theo, but i will second this. i also figure it is cheaper for me to replace the media if it fails = (which hasnt happened yet) than spend the time tweaking the install to = not write to the media much. same applies to cutting the install down to = fit on small disks. maybe other people have less value associated with = their time than i do though :) Do what I do: 1) Install a full system to a CF, and configure it fully. 2) dd the entire CF it to a file that you safe somewhere 3) Learn how to forget about the file. The landisk builds were done on a CF flash for about a year before I replaced it with a Hitachi microdrive. BTW, if anyone has any undamaged CF microdrives, I would like to have some spares lined up.
Re: A question about puting OpenBSD on a Soekris
On Wed, Dec 16, 2009 at 07:45:58AM +0100, Tomas Bodzar wrote: Ufff, did you read link which I send before? http://www.kernel-panic.it/openbsd/embedded/ Because there is everything described including mounting fs ro, install and so on. It's giving bad advices. You can setup a soekris using a perfectly normal install using pxeboot and a serial cable. If still you want to tweak things, you can do this after the install. There's absolutely no need for a soekris howto. No kidding. I'll quote just one line from the document to prove the point that the author is missing the point. Pri Mas SanDisk SDCFB-64LBA 490-8-32 62 Mbyte The third world has larger CF cards (apparently because all the old ones died because their sectors were rewritten too much, so the meme goes.) Or to put it simpler: get a life.
Re: Additional wd-devices
I have 6 IDE devices; 4 of them are connected to the primary and secondary IDE channels and 2 of them are connected to the SATA ports with IDE to SATA adapter. I assumed the two drives connected to the SATA ports would show up as sd0 and sd1, instead the show up as wd0 resp wd1. Was I wrong in my assumption? that depends if the SATA controller is in AHCI mode or IDE mode. I now have wd0-wd5, how do I get the additional devices wd4 and wd5 in /dev/ ? If you had this problem during the installer, it would have created the nodes for you. You can do this by cd /dev sh MAKEDEV wd4 wd5 That makes the nodes you need.
Re: mandoc
I just wanted to write a short note about mandoc. You may have seen it mentioned in some recent posts. It's a fantastic replacement for groff. How fantastic? This fantastic: mini:~/src/share/man/man9 time nroff -Tascii -mandoc *.9 /dev/null 0m2.23s real 0m2.29s user 0m0.03s system mini:~/src/share/man/man9 time mandoc *.9 /dev/null 0m0.20s real 0m0.19s user 0m0.01s system Or, on a vax, after preloading the pages into the buffer cache: time nroff -Tascii -mandoc *.9 /dev/null 242.7u 1.3s 4:06.18 99.1% 0+0k 66+8io 123pf+0w time mandoc *.9 /dev/null 9.5u 0.8s 0:10.45 99.3% 0+0k 0+1io 0pf+0w That's 25 times faster.
Re: -current i386 (#501): massive performance drop from #448
going from #448 (March 16th) to #501 (April 8th), Don't you think the onus is on you to figure out which change during that period is causing this? We don't have your hardware. We don't have your setup. Don't you understand that you have access to the source so that you can figure out what changed? Help yourself!
Re: OpenBSD culture?
As a long time Linux user I will soon try out OpenBSD, I have been reading the list emails and contacted 1 OpenBSD top person who was very rude. There is some of the RTFM or get lost attitude in Linux, but if a questioner seems sincere there is usually a certain level of friendliness in Linux community towards them. Just what I have briefly observed the OpenBSD community is more abrupt and less interested in helping newbies, they prefer one find the answer solely on their own if possible. I must say I detect a certain attitude that smacks of superiority and even condescension at times. Is this a fair assessment of 6the OpenBSD culture? I guess this is the get lost mail he is referring to. Yes, it is a damn fair assessment. When you pay your taxes, do you go make a personal request for assistance of your prime minister? Your mail lies about what you saw, so here is the full exchange: --- To: Zachary Uram net...@gmail.com Subject: Re: hi In-reply-to: Your message of Fri, 09 Apr 2010 20:27:54 EDT. w2yecfa260c1004091727r983abd02i222e76d7932f6...@mail.gmail.com Date: Sun, 11 Apr 2010 12:35:26 -0600 From: Theo de Raadt dera...@cvs.openbsd.org I am a long time Linux user and am interested in trying OpenBSD for its reputation in being secure. Can I install OpenBSD along side Linux and Windows in the Grub 2 boot loader? I downloaded the OpenBSD 4.6 boot CD. I was wondering if there are any free guides or books for teaching Linux users how to make the transition to OpenBSD system administration? Currently I run Debian testing on my desktop and Debian stable on my VPS. You have to be joking me. Questions like that is what the web is there for.
Re: OpenBSD culture?
rude to the casual users. Maybe that is why OpenBSD is so far down the list at http://bsdstats.org/ . For whatever reason the bsdstats initiative never gained much popularity in OpenBSD circles, but it's really easy to start dropping data into the pool there if you want to. As far as I can tell my notes from way back (http://www.bsdly.net/~peter/bsdstat/) still apply. The data in it has no quality. Around 3 months after starting it, the author deleted all the records except the FreeBSD ones. That made it more than clear that the author has no quality. He should get a job with the IPCC.
Re: OpenBSD culture?
Around 3 months after starting it, the author deleted all the records except the FreeBSD ones. That's really bizarre behavior. I was not aware of that part. If the data isn't actually collected or used sensibly, then there is of course no reason to try submitting data. No, keep submitting data, just be sure to set your Country as Panama. In summary -- the entire effort is a complete load of crap. The author does it only to serve his own interests; ie. to back the lies he spreads. Otherwise, why would anyone else go through that effort?
Re: OpenBSD culture?
Actually two of the top linux kernel developers answered my email directly to them when I had some questions. There was no ridicule or belittling. Please get off the mailing lists and go read the documentation.
Re: licensing
On Thu, 15 Apr 2010 10:41:35 -0600 Ted Roby ted.r...@gmail.com wrote: I didn't think OpenBSD was even interested in such licensing schemes in the Ports tree. There's non-free software in the ports tree. Not in a real sense. The ports tree is a build infrastructure containing Makefiles, lists of files and where they should go, and (in a perfect world, continously shrinking) minimal patches. It does not contain source, per se. There are small code snippets which are _patches_, but the patches are largely of no great consequences. They exist to adapt foreign software to our interfaces, and the idea is that those patches should eventually be fed upsteam, or become unneccesary.
Re: OpenBSD culture?
I don't know for certain, but I believe that in the United States a work whithout copyright notices goes to the public domain after 25 years. I don't know for certain, but I believe you are just making things up as you go along, because you are nothing but a troll.
Re: thinkpad windows refund
I would like to ask Thinkpad or Lenovo machine owners on the mailing list if they had any experience on returning and receiving a refund for windows bundled with newly bought machines in the US or Canada. This has ABSOLUTELY ZERO to do with OpenBSD.
Re: trouble installing on t2000
I am trying to install the version sparc64 4.7 openBSD on a T2000 Enterprise. It will let me get all the way through to installingn sets. I have tried to install the sets from cd, ftp, http, rsync and it never finishes. Does anyone have any ideas why this might be? It usually gets about 90% through before freezing up. A possible fix for this has been commited recently. RCS file: /cvs/src/sys/arch/sparc64/sparc64/intr.c,v revision 1.35 date: 2010/04/16 22:35:24; author: kettenis; state: Exp; lines: +11 -3 Fix handling of shared interrupts. Make sure we use the lowest priority of all the interrupt handles when reprioritizing the interrupt on reception, but always run the handler at the desired priority. Make sure ci_handled_intr_level is set correctly. Gets rid of splassert warnings seem on many of the PCIe systems with mpi(4). tested by deraadt@, jbg@ It seems to only affect some machines, and none of us had a T2000...
Re: Source Overview
To beat a dead horse a little deader and make one final attempt to help, I'll add a few remarks about a diff I committed last night. The diff had previously been posted to tech. On the learning front, the first question to ask might be Why does removing proc.h from uvm_map.h cause an error in sysctl.h when compiling if_iwn.c? This immediately gets you four more questions, what are proc.h, uvm_map.h, sysctl.h, and if_iwn.c? On the contributing front, I said in my first mail the diff was incomplete and asked for help, but nobody did. All you had to do to find a bug was apply the patch and type make on an exotic architecture. And by exotic architecture, I mean i386 GENERIC. Or amd64. Actually, any and every kernel config other than i386 MP. So when people can't/don't/won't type make, it doesn't inspire much confidence that they will be able to modify the code and then type make. Followup questions for the advanced contributor: Why did vfs_biomem.c fail to compile except with an MP kernel? What was the obvious fix for SP? What then broke when Theo tried it? Why did we commit the gross workaround? What's the right solution? In the last month, I mailed 8 patches to tech. They were in areas as various the kernel to userland to documentation. All of them featured fairly obvious followups for someone to build upon. Not a single one earned a response from anyone who's not already a committer. I concur. In summary, everyone offering help is lying; fact is they are unwilling to get off the couch.
Re: Source Overview
I concur. In summary, everyone offering help is lying; fact is they are unwilling to get off the couch. I appreciate the sentiment, but this isn't true. How many new developers have been added over the past few of years? How many patches have been taken from non-comitters? Never enough, but plenty to clearly show how it works. If you go back and look at who actually got an account, I bet you'll find they have one thing in common: They mailed diffs. Not requests for tasks. End of story.
Re: CVS: cvs.openbsd.org: src
On Friday 23 April 2010 15:32:57 Owain Ainsworth wrote: CVSROOT:/cvs Module name:src Changes by: o...@cvs.openbsd.org2010/04/23 13:32:57 Modified files: sys/ntfs : ntfs_ihash.c Log message: It is about time that we stopped pretending simple_locks are locks. replace ntfs_nthash_slock usage with comments prefixed XXXLOCKING (for grepability). This lock looks to be correct, but it could well be the bad way to do it (having a rwlock for inserts to avoid races inserting the same inode but then simple locking on list accesses). approach discussed with deraadt@ First, thanks for the bit of love on the ntfs stuff. I use my laptop routinely now, to rescue files from diseased Windows machines. For this change (and the cd?), is there anything special I should be looking out for, when testing this? Anything that might push the envelope some? Read the commit again. It changes nothing.
Re: confused about updating -current
if i install a system from install47.iso taken from the snapshots folder on a mirror i end up with a -current system eg: OpenBSD 4.7-current (GENERIC) #636: the docs state that you cant go from -current to -stable so my question is - what happens if i do update it? You'll experience anguish, and then if you try to ask for sympathy a lot of people will laugh at you. They'll point their fingers and go ha ha, look at Alastair, he sure blew it. surely thats exactly what will happen once 4.7 is released. Yup. ie, if i do this: cd /usr ; cvs -qd anon...@anoncvs.server-somewhere:/cvs get -rOPENBSD_4_7 -P src and then follow the instructions for rebuilding the kernel and binaries. http://www.openbsd.org/stable.html will i just end up with a mess or a sligtly more uptodate -current Well, you're also going to need a sharp knife and some chickens. And even then it might not end well. what happens to my 4.7-current system after 4.7 is released. can i still update it with bug fixes and security patches etc? surely it will become a -stable system? 4.7-current is newer than 4.7. Backtracking is not tested by anyone (and never will be) because backtracking is not the purpose of a forward-moving project like ours.
wanted: sgi origin 350
We are looking for one more origin 350, specifically for the upcoming hackathon in edmonton so that SMP support can be added. Anyone have any lying around?
Re: traffic management
Hello Misc, Are there any plans have changed in the system of traffic control? For example removal of code altq from pf and make a separate management interface traffic other than pf. Or replace altq to something else, more fast, simple and functional. Or revision of an existing traffic management system. obvious troll is obvious no kidding. As we've told irix before, it will not happen.
Re: traffic management
All of a sudden started talking about some fixes. Have I mentioned somewhere that something needs to be corrected, or that something is not working? I just said about remaking to simplify the code. Alternatives queue was initially conceived as framework in which you can with minimal effort to connect disciplines to develop. With the existing code in the form pf/altq add a new discipline has been a daunting task, you need a heap of places to dopiski indicate the new variables need to finish the new syntax. I simply asked why the code altq not do the same as the code nat / rdr, scrub to remove it and greatly simplified. As an option to make altq separately from firewall. Where's the diffs?
Re: traffic management
Ideally this control altq the similarity in the tc tool in Linux. It is not going to happen.
Re: traffic management
Hello Misc, Ideally this control altq the similarity in the tc tool in Linux. Who would want this? This was the main reason for me to switch my routers to OpenBSD. (consistency, ease of configuring) I didn't want to fiddle with iptables and tc, search in outdated tc documentations or make (or use) huge scripts just to set a sane firewall-trafficshaping with a little extensibility. The native OpenBSD tools are just fine. (wifi-configuration's the same) Well, Andreas, don't worry -- it won't be changing.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Based on the latest results, the problem seems to exist only for most of the /sbin files. So, the upgrade runs through as programmed. With a public mirror, it will take hours. I really hope SHA256 is good enough to confirm the integrity of the archives. Serial console seems a good idea; I have to use it in any case. What I have in mind, is, before the reboot, to use the command prompt to check the files in the /sbin-to-be. I have a hunch, that they'll be there, then. Then I'll do the same after the reboot, and once again, after the package upgrade. Should the phenomenon show again, by now I can imagine that the changes are happening some time later. We'll see ... Just for clarity: is everything that fails to change on the same disk? I.e. can you post the output of 'mount' (within bsd.rd) as well? And I presume you shut down in a sensible fashion, right? A chit-chat on a public mailing list isn't going to find this supposed bug. Why discuss it? Why not just keep prove it happened. Don't you see how tiring it is to discuss it when we've seen no evidence?
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Theo de Raadt deraadt at cvs.openbsd.org writes: A chit-chat on a public mailing list isn't going to find this supposed bug. Why discuss it? Why not just keep prove it happened. Yes, Theo. Though: How? This is what I tried to find out. I showed the list if files. Do you assume I tinkered with it? Why should I? pfctl wasn't working correctly. Without the help of the list, I wouldn't have been able to drill it down to some 70 files being of the previous version. Thanks to everyone who helped! Don't you see how tiring it is to discuss it when we've seen no evidence? It might be tiring, but what evidence do you want? Here, I want to solve a problem of files missing. Since I followed the Upgrade guide to the dot, rebooted to bsd.rd in the beginning, rebooted at the command prompt, we (I) need to find what went wrong. That's all. I don't even mind if the mistake was on my side, then I could learn. So, please, specify the evidence that you need. If everyone felt the need to debug the personal problem with their own machines on this giant mailing list in the fashion you just did, I will unsubscribe. It isn't tiring -- it is just plain ridiculous. Figure out what is wrong, THEN POST THAT.
Re: mouse warp problem - dmesg
Are you running an amd64 kernel? Sigh, I wish people would not change these things and use the standard compilation setup which allows us to see which arch you are running. It's simpler than that. He's running his own custom kernel, so you can ignore what he saying. He's chosen to take care of his own problems by choosing to be different. OpenBSD 4.7-current (sys) #0: Wed Jun 2 17:04:24 CEST 2010 madro...@pundit:/var/obj/sys real mem = 1071841280 (1022MB) avail mem = 1029640192 (981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries) bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006 bios0: ASUSTeK Computer INC. K8S-MV-P acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4) USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 199MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P6) acpiprt3 at acpi0: bus 3 (P0P7) acpicpu0 at acpi0: PSS aibs0 at acpi0 acpibtn0 at acpi0: PWRB cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48 pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, DVD-ROM SH-D162C, TS04 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int 18 (irq 11), SiS7012 AC97 ac97: codec id 0x41445368 (Analog Devices AD1888) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1 int 20 (irq 5), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1 int 21 (irq 10), version 1.0, legacy support ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1 int 22 (irq 5), version 1.0, legacy support ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int 23 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1 se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq 5), address 00:15:f2:64:0c:83 rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1 pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: SAMSUNG SP2504C wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00 pci3 at ppb2 bus 3 pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83627EHF rev 0x54 lm1 at wbsio0 port 0x290/8: W83627EHF-A usb1 at ohci0: USB revision 1.0 uhub1 at usb1 SiS OHCI root hub rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 SiS OHCI root hub rev 1.00/1.00 addr 1 usb3 at ohci2: USB revision 1.0 uhub3 at usb3 SiS OHCI root hub rev 1.00/1.00 addr 1 mtrr: Pentium Pro
Re: mouse warp problem - dmesg
My kernel contains a bugfix and several improvements for the auich(4) driver which are waiting to be committed. Other than that it contains a workaround in USB2.0 takeover code for my broken BIOS. I think it is very improbable that these changes have an effect on the apparantly well known mouse warp problem. Therefore the dmesg may very well be of some use to debug the problem. OR IT MIGHT NOT BE. We don't know what it contains, and you didn't say what it contains, so the right thing for us to do is ASSUME IT IS USELESS. You've got it all wrong.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
On Fri, Jun 4, 2010 at 7:49 PM, Jacob Meuser jake...@sdf.lonestar.org wrote: I'm still curious how anything left in /usr/obj can be anything but a possible problem after updating system binaries and sources to a new release. especially for people who are just following the directions as they are written. Do you not agree barring broken makefiles and unreliable system clock (as someone pointed out), object files and binaries (in obj/) should have been rebuilt? It's a source tree with nearly 40,000 .[chyl] source code files, and probably another 40,000 further source code dependencies if you include manual pages and the perl parts. We try very hard, and the bsd.*.mk macro package helps a lot (enforcing consistancy-because-of-simplicity), but if you think we can get all the dependencies right every single time, it is a tough call. But this case is worse -- when the trash in the obj tree totally mis-matches the src tree since it is so far in the past... that is totally impossible. Dependencies don't help when they don't know about the files. Even make clean or cleandir won't help you then. This was not an installer bug. It had nothing to do with upgrades. We've said it before, and I guess we get to say it again: If don't know what you are doing, install a new snapshot. How many more times do we have to say that? Why are people defending a person who thinks they are smart enough, and has just proved that they're not? Miod, Dale, Kurt, Kettenis and I am quite often the first people to deal with bumping systems forward over bumps. Some bumps are so difficult that after they are done the rest of us jump over them using snapshots. When they happen, WE -- THE DEVELOPERS -- USE THE SNAPSHOTS! They happen in lots of releases. Why would we use snapshots, because we are stupid? Or are we smart enough to not waste our time doing things the hard way? Uwe thinks he's being really clever, but he's not clever at all. He's got a record of choosing the hardest paths. That's his problem. I just wish he wouldn't be such a loud whiner when he screws his system up.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
I was following the Upgrade Guide to the dot, following Applying patches in OpenBSD to the dot, This thread perhaps wouldn't have happened if you hadn't waited until your 13th message to describe that last part. You now have and now it seems the core discussion is just about whether (or where) an additional rm -rf /usr/obj/* should be added to help people that ^^ know enough to set up the source tree for building/patching by untaring src.tar.gz but don't know to remove the obj tree at the same time. shurg I'm just glad to hear that it's PEBCAK instead of some bizarre bug in the kernel or installer. Not people. One person, who (a) miscommunicated, (b) thought he was smart enough and wasn't. Now there's calls for more text to be added to various places. Will it be read by anyone? Nope.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
So, no diff here, but a suggestion: If one needs to avoid stale stuff lying around in /usr/obj at applying a patch, the only logical consequence is, to clean out all /obj totally, even before applying a single patch. If I am correct, the instructions should be clear for 00N_ThisApp.patch: Apply by doing: cd /usr/src patch -p0 00N_ThisApp.patch Clean the build directories by issuing the command /usr/sbin/mk_build_clean And then rebuild and install the library and statically-linked binaries that depend upon it: cd lib/libThisApp make obj make depend make includes make make install cd ../../sbin make obj make depend make make install , where mk_build_clean is just the set of steps pointed out in 'man release', respectively in FAQ5. To me, and I guess Richard Toohey, the case is solved. Everyone who can read, and likes following instructions, can read and follow this easily. No. You must be at least this tall to use OpenBSD; sorry -- you are a midget.
Re: 4.7 identifies HDDs differently than 4.6 (during upgrade)
Don't act like this is normal. It is normal. Where in the archives has this been reported? Why did it have to be reported? You expect every semantic of the way our kernel behaves to be reported ... in the archives? In your dreams.. Like I said, I appreciate the difference and the suggestions. The archives require this post, because it is unexpected. Thanks for the help. Every release lots of things change. You can get used to it, or stay with that release. Changing things is what we do.
Re: pf and !
On Thu, Jun 10, 2010 at 02:08:04PM -0400, Peter Fraser wrote:
I (and I realize I was wrong ) always considered that
pass quick from { addr 1, addr2 }
Could be written as
pass quick from addr1
pass quick from addr2
put if ! are used this obvious should not be true
pass quick from { !addr1, !addr2 }
cannot be the same as ( at least I hope since I haven't built the system to
test it)
pass quick from !addr1
pass quick from !addr2
Yes, it means exactly that.
This is not what you'd naively expect, but completely obvious once you
understand that {} just macro-expands (copy-and-pastes). You can use a
table to do what you expect to work.
In these grammers it is obvious that things listed after each other
are joined with an implicit OR operator:
addr1 OR addr2
And thus,
!addr1 OR !addr2
How could it mean anything else? The language does not read minds.
And of course we don't commute it in an english sense. Not in a spanish
sense either. This is a programming langauge, not some wishy washy thing.
Re: pf and !
The same view of oring items should then apply to tables as well, as does
the use of { } as macro expansion,
and we all know this not true.
You are making up rules as you go along. Why don't you go read the code?
It is also true that { and } elsewhere are not simple macro expansion.
Oh cut the crap. Obviously there are different levels that macro
expansion can happen. It isn't at the level that cpp works. It isn't
at the level that m4, a different macro expansion language works,
either. It isn't at the level that ksh expands it's macros, either.
Nor is it at the level that many other languages expand their macros.
But it is simple. Perhaps what you mean is that when people say it is
simple, is too complex for you to understand. Trust me. It is
simple. There have been proposals for other ways of doing this, but
(a) they were a lot more complex and (b) it is too late to change it
without very serious consideration. Especially considering how angry
people got at the last serious pf change made (which we had to, to
advance pf's internal architecture for many reasons).
If they were simple macro expansion then
Block {in out} from addr
Would be valid and it is not
Let me put it this way: valid everything no not.
The wishy washy words do tell you that those rules do not apply to address
inside of tables
(well at least in the pf faq they do, but not in man pf.conf) and that the use
of { } there do not cause macro expansion.
It does not bother me one way or another how it works. I can do what I want
by creating an additional table.
I got the information that I needed without the necessity of building a test
system to try it.
I don't think it is obvious, but I agree it would have be obvious if { },
were a simple macro expansion, but they are not.
They are simple -- they are a simple substitution, even in the table
code. The problem is you don't understand that tables can keep track
of positive and negative matches internally -- when given the lists of
objects.
Frankly, I think you are a whiner.
Re: dhcpd knob
On 18 Jun, patric conant wrote: Is there a line to be added to dhcpd.conf to tell dhcpd to attempt to update bind9 with hostnames from dhcp client, BIND is configured to allow updates from the lan, and dhcpd and BIND are running on the same machine, I've seen other bind implementations that do this by default, and others still that have a knob in dhcpd.conf, but nothing in dhcpd's man pages seem to say either way. you need at least isc dhcp version 3.X for dynamic updates - openbsd ships with something older last time i checked. a isc dhcp 3.something package is available. we don't ship with something older. what we ship has been audited, seperated, rinsed, and made extra clean and unscary. the changes are very substantial. anyone is welcome to run the official isc stuff if they want. they're also welcome to drink the water in india. we don't mind when other people take risks with their own lives.
Re: pfctl: Cannot allocate memory and spamd-setup -bd
avail mem = 87961600 (83MB) with:uatraps:china:korea: - pfctl: Cannot allocate memory. Not enough kernel memory.
Re: pfctl: Cannot allocate memory and spamd-setup -bd
OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 234MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 100233216 (95MB) avail mem = 87961600 (83MB) pstat -s Device 512-blocks UsedAvail Capacity Priority swap_device 3299800 329980 0%0 OK, I'm game to ask after seeing Theo's response. I actually have some equipment like this, not that I use it this way, normally. You're kidding. So, change a setting or rewrite things to fit better in this small memory space? There is no solution. The tables are in kernel memory. The kernel isn't going to go out to swap space to check if packets should flow through. Would anyone want that? No, of course not. I was actually using that laptop to make some pretty extensive website changes last year, while traveling with little internet access. Filled those boring hours while I waked up hours before the world back then. No regrets having brought that old thing with me! :) Laptops tend to have more than 83MB of available memory.
Re: OT: Australia may allow punitive damages for security vulns
How come the university acting as proxy, got so much of OpenBSDs DARPA grant? What was the justification? Graft, influence trading, and patronage are institutionalized in the relationship between universities, research grants, and the government in the US to roughly the same level as anywhere else in the world. The finances just aren't talked about as much in the US because the people who benefit from it know to keep their mouths shut. Upon the remainder of the population, the other the coin is a very fast growing but hidden inflation. But your media is playing the same game with your government. The word propoganda has fallen out of vogue. Anyways, in that instance the a few University people got around 50% because of their connections, and did nothing except a few bits of paperwork -- except for one grad student (who worked very hard, but was already doing so beforehands). Oh, but the university staff sure worked hard in the last few days trying to steal payments back from openbsd people who were on contract, when the Department of Defence got upset.
Re: Phoronix Test Suite
What are the unsurpassable real world weaknesses in OpenBSD, that you know of? Lots of fake people attacking the project on the mailing lists makes them a poor resource for users.
Re: Why is status not set to ^T by stty?
My question is where in the boot or logon process is stty(1) executed, or more to the point, why is my system not configured with the default behaviour? ^T is considered an extension about the requirements of POSIX ttys, so we have it disabled by default. Enable it yourself if you want.
Re: Thanks for the ACPI suspend+resume work!
A big thank you to everyone who has been working on the ACPI code! Suspend and resume now work nearly flawlessly on my Thinkpad T500 (dmesg below) on the July 8 current snapshot. The only thing I've noticed is that my iwn(4) wifi connection doesn't automaticaly reconnet, but that's minor. Make sure you run apmd(8). Then create /etc/apm/resume with executable bit: 8- #!/bin/sh # ifconfig iwn0 down ifconfig iwn0 up 8- This makes my iwn(4) comes back on resume. That is a workaround. Please don't discourage people from pushing to get it fixed properly, in the driver. (Yes, I know... this is a more difficult driver to fix...)
Re: Music + NFS == skipping?
I guess your NFS server makes short pauses that cause the player to not produce audio samples fast enough. If this is it true, how could my Linux clients be unaffected? Why don't you figure that out.
Re: PTY allocation error
I'm setting up (well, trying to I guess :-) ) a read-only OpenBSD system to run off a small CF card. Never having done this before, I found an excellent article written by Daniele Mazzocchio (http://www.kernel-panic.it/openbsd/embedded/) to use as my guide. I had a few minor issues crop up, but have been able to work my way through them. However I finally got to one that I am stumped with. If you installed real OpenBSD you would not have this problem. You are trying to be too clever; it is therefore your own responsibility.
Re: PTY allocation error
I have been following the discussion on this list regarding the wear-ability of CF cards, and in the past have done non-Read Only installs, using both CF and microdrives. There are two primary reasons why I am interested in doing this: 1) To learn more about OpenBSD itself. Solving all of the issues that have come up so far has been very beneficial and I've enjoyed the process 2) Setting up a RO system FULL STOP. At that stage, you are not running OpenBSD. You've made serious changes, and you are the one responsible for facing the consequences of that action, and working your own way through them. Your decisions; your consequences. So now you have a system which can survive a power outage, but you can't even fix the pty problems of your own creation. Sounds like pure genius.
Re: PTY allocation error
So now you have a system which can survive a power outage, but you can't even fix the pty problems of your own creation. Sounds like pure genius. This is not about Theo personally, it's about everyone in this thread. Peter did't pretend to get a custommer support, neither he said someone is obliged to answer his question. He simply wanted someone familiar with pty allocation to give him an advice. If you don't want or don't know how to help him, why just not ignore the message? No -- this is about people continuing to make ridiculous I can make massive changes to OpenBSD so that it isn't OpenBSD, and people who are there will spend their time to help me. Everyone who is running massively modified OpenBSD is doing themselves _AND US_ a diservice. We will not help them.
