from:"xSAPPYx"

Re: rcctl ansible service support

2014-10-15 Thread xSAPPYx

On Oct 13, 2014 10:40 PM, Patrik Lundin patrik.lundin@gmail.com
wrote:

 On Sat, Sep 13, 2014 at 02:39:04AM +0200, Patrik Lundin wrote:
 
  armani@ has laid the groundwork for this and I recently started
  contributing to his fork as well.
 
  The work-in-progress can be found here:
  https://github.com/jarmani/ansible/tree/openbsd_rcctl/library/system
 

 Just a heads up: ansible has since had its modules split into two new
 repositories, core and extras. The current service module (with
 additional fixes that requires a recent rcctl(8)) can be found here:


https://github.com/jarmani/ansible-modules-core/blob/openbsd_rcctl/system/service.py

 Regards,
 Patrik Lundin

Thanks, I appreciate the heads up. I've been using this module for a few
weeks and everything is working well.

Is a recent rcctl post the 5.6 freeze or will this work with the next
release?

Thanks again.

rcctl ansible service support

2014-09-12 Thread xSAPPYx

Just a quick check to see if anyone is anyone working on this yet..

I can give a hand if someone is already working on it, otherwise I'm going
to take a run at it.

Re: [Was: OT - gmail alternatives] PGP web mail anyone?

2010-12-14 Thread xSAPPYx

Dan Kaminsky (http://dankaminsky.com) has been working on Domain Key
Infrastructure bootstrapped of of dnssec that looks pretty
interesting. I'm not sure where the video is for this talk (it was at
blackhat/defcon 2010), but I found the slides..
http://www.slideshare.net/dakami/phreebird-suite-10-introducing-the-domain-key-infrastructure

On Tue, Dec 14, 2010 at 14:06, Tomas Vavrys vav...@cleancode.cz wrote:
Is there a light at the end of the tunnel somewhere to make email
secure even for amateurs who don't know how to use PGP? I'm very
curious about the future of email, especially now. I would like to
hear opinions of OpenBSD wizards. The thing is that it is very hard to
persuade someone to use PGP all the time.

2010/12/13 Joel Wiramu Pauling j...@aenertia.net:
On 13 December 2010 22:23, Joachim Schipper joac...@joachimschipper.nl
wrote:
On Sun, Dec 12, 2010 at 09:11:16PM -0700, Travis King wrote:
Joel Wiramu Pauling j...@aenertia.net wrote:
Marti Martinez ma...@ece.arizona.edu wrote:
Ted Unangst ted.unan...@gmail.com wrote:
At some point you're going to realize that the javascript that
decrypts your mail has to come from someplace.

A better alternative would be a PGP browser addon (...)

[See] firegpg

firegpg is the only way I can get friends and family to communicate
with me securely. I don't even know what the interface looks like, but
it does work (apparently).

It's unmaintained. I would also be surprised if the server can't get at
your plaintext (e.g. with Javascript, or even Java/Flash).

You may want to look at
http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/ and
the comments (in particular, my

http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/#comment-623
9).

Summary: it doesn't work, and can't work unless you add a plugin with
*many* restrictions.

B B B B B B B B B B B B B B B Joachim

--
PotD: devel/ivy - dependency manager for Java
http://www.joachimschipper.nl/

Firegpg was basically just chrome extensions to local(read client)
side gpg binaries. It wasn't insecure for the reasons you cite, the
author just got sick of having to update it to work with gmail (it's
initial target). It is still useful for easy access to gpg functions
within firefox.

Re: My pf.conf and an nmap scan

2010-11-12 Thread xSAPPYx

Try:
set block-policy return

You should get your proper closed messages in nmap


On Fri, Nov 12, 2010 at 13:27, woolsherpahat woolsherpa...@gmail.com wrote:
 (please see my in-line comments)

 On Fri, Nov 12, 2010 at 12:09 PM, Kenneth Gober kgo...@gmail.com wrote:
 is it this?
# redirect external ssh traffic from ?
pass in log on $ext_if inet proto tcp to ($ext_if) port ?\
 B  B  B  rdr-to 127.0.0.1 port 22
 to me, that rule looks like it will accept any inbound traffic on the
 external interface and redirect it to 127.0.0.1:22. B but I don't know
what
 the question marks do; I've never seen them used in a pf rule before. B my
 guess is, if pf accepts them at all, it treats them as a wildcard.
 -ken

 The ? marks are just replacements for the actual port number. This
 rule should forward outside traffic from port ? to the SSH server
 but I think you are probably on the right track. I really don't
 understand the new rdr-to and match nat-to rules as well as the older
 pre 4.6 syntax.

 However, if I comment that rule out, an nmap still shows a bunch open
 ports. If I try manually connecting to one of the ports that are
 listed as open by nmap I get a Could not open connection to the host,
 on port 7800: Connect failed. Is it possible that nmap is just full
 of crap?

 On Fri, Nov 12, 2010 at 3:41 PM, woolsherpahat woolsherpa...@gmail.com
 wrote:

 Hello @misc!

 I have a lovely little Soekris 4501 running OpenBSD 4.7 (Release).
 However, I get some strange results if I run a nmap scan on it from
 work. I get hundreds of ports listed as open. Now it's likely that I
 have mis-configured my firewall but I can' see exactly where.
 Hopefully someone here on @misc can hit me with the clue stick.

 $ext_if (sis0) is my external facing interface. $int_if and $apple_if
 (sis1 and sis2, respectively) are my internal subnets. The Soekris is
 obviously doing NAT for all my internal subnets -- NAT works, as does
 the restrictions on sis1 and sis2 from being able to send traffic to
 sis0's subnet. Now unless I am terribly mistaken the 'block in log'
 should by default block any inbound packets on any interface unless
 there is a subsequent rule that matches that packet as the packet will
 do whatever the last matching rule told it too. So all inbound traffic
 will either A) be blocked or B) match an exception later on in the
 ruleset right? So how come a scan from the outside, reveals hundreds
 of unfiltered ports?

 Advice would be much welcome.
 Thank you!



 /etc/pf.conf:

 # macros
 ext_if=sis0
 int_if=sis1
 apple_if=sis2
 wifi_if=ral0

 table bogons persist file /etc/bogon-bn-agg.txt

 # options
 set require-order yes
 set block-policy drop
 set optimization normal
 set skip on lo0



 # flag packets from all internal interfaces for NAT
 match out on $ext_if inet from !($ext_if:network) to any nat-to
 ($ext_if:0)

 # policy: default deny on all inbound traffic on all interfaces
 block in log

 # immediately pass out traffic on external interface, modulate state to
 make
 # ISNs (initial sequence numbers) harder to guess
 pass out quick on $ext_if proto tcp modulate state

 # policy: default allow on all outbound traffic on all interfaces
 pass out

 # antispoofing for internal interfaces
 antispoof quick for { $int_if $apple_if $wifi_if }

 # ingress/egress bogon filtering
 block in quick log on $ext_if from bogons
 block out quick log on $ext_if from bogons

 # allow internal traffic in, except from untrusted -- trusted
 pass in on $int_if from $int_if:network
 pass in on $apple_if from $apple_if:network to !$int_if:network
 pass in on $wifi_if from $wifi_if:network to !$int_if:network

 # allow ssh traffic on trusted interface
 pass in log on $int_if inet proto tcp from $int_if:network to $int_if
port
 22

 # redirect external ssh traffic from ?
 pass in log on $ext_if inet proto tcp to ($ext_if) port ?\
 B  B  B  B rdr-to 127.0.0.1 port 22

Re: PF challenge dealing with HTTPS URL restriction policies.. would it help, other possible solution?

2009-10-29 Thread xSAPPYx

On Thu, Oct 29, 2009 at 1:16 PM, Joachim Schipper
joac...@joachimschipper.nl wrote:
 I believe that work is currently underway to make it possible for
 multiple SSL-enabled hostnames to share a single IP address, but it will
 probably be quite a few years before this is remotely common.


There is an tls extension, defined in rfc 4366, called Server Name
Indication for just the purpose.
http://en.wikipedia.org/wiki/Server_Name_Indication
http://en.wikipedia.org/wiki/Transport_Layer_Security#Support_for_name-based_virtual_servers

Re: Sendmail Locking Up System

2009-10-05 Thread xSAPPYx

On Mon, Oct 5, 2009 at 2:25 PM, Chris cjd...@brokensolstice.com wrote:

 Yes, I do run it as an hvm, and I have an AMD/Pacifica compliant chip

 Maybe if you can clarify what you meant by hardware support


I think he means running OpenBSD as an hvm guest, not paravirtualized,
which you are.

Re: small pc recommendation

2008-05-20 Thread xSAPPYx

I have a couple jetway mini-itx boxen I like. There are daughter
boards for these guys, I put a 3x10/100/1000 card in there for 4 nics
total.

Boards: http://www.jetwaycomputer.com/VIA.html
Daughter: http://www.jetwaycomputer.com/Daughter_Board.html

Sample Dealer: http://www.logicsupply.com/


On Mon, May 19, 2008 at 7:51 PM, Lord Sporkton [EMAIL PROTECTED] wrote:
 I just figured out the slow usb speed im seeing is because
 my router/lan server only has usb1.0(optiplex GX100)
 so im looking for a recommendation of a small form computer
 to use as my home router/server, im going to ebay it until i
 can fund myself a soekris

 requirements are simple:

 usb 2.0
 at least 1 pci slot free or 2 built in ethernet ports
 OpenBSD compatible
 cheap


 thank you
 --
 -Lawrence

Re: 4.2 Errata 006 failed to compile.

2008-04-01 Thread xSAPPYx

Take a quick look in the archives talking about expat. It was in xbase
for the 4.2 release, is moving to base IIRC, and it looks like you
dont have it installed:/usr/bin/ld: cannot find -lexpat


On Tue, Apr 1, 2008 at 8:56 AM, Sunnz [EMAIL PROTECTED] wrote:
 I am not sure what I did wrong, I simply followed the instruction in
  006_xorg.patch today

 cd /usr/src/xenocara # Assuming Xenocara is in /usr/src/xenocara
 patch -p0  006_xorg.patch
 make build

  Thought I did not have xenocara till today, I just grabbed from my
  local mirror when I need to apply the patch and recompile it.

  The patch itself was applied fine, it is just not compiled... make build 
 failed.

  This is where the error begins:

  cc  -L/usr/src/xenocara/lib/expat/xmlwf/../obj  -o xmlwf xmlwf.o
  xmlfile.o codepage.o unixfilemap.o -lexpat
  /usr/bin/ld: cannot find -lexpat
  collect2: ld returned 1 exit status
  *** Error code 1

  Stop in /usr/src/xenocara/lib/expat/xmlwf (line 95 of
  /usr/share/mk/bsd.prog.mk).
  *** Error code 1

  Stop in /usr/src/xenocara/lib/expat.
  *** Error code 1

  Stop in /usr/src/xenocara/lib/expat (line 133 of
  /usr/X11R6/share/mk/bsd.xorg.mk).
  *** Error code 1

  Stop in /usr/src/xenocara/lib.
  *** Error code 1

  Stop in /usr/src/xenocara.
  # ld
  ld: no input files

  I am running OpenBSD 4.2 AMD64 release.

  I haven't used OpenBSD for that long... this is the first time I tried
  to learn about applying errata patches (for the sake of learning) and
  I might have made come common mistakes. And this might sound stupid...
  X was running when I was recompiling Xenocara, could that be the
  cause? I don't know I haven't thought of that till now... I will
  probably try that as soon as my next reboot. (got a few things running
  at the moment.)

  Thanks.

  --

  This e-mail may be confidential. You may not copy, forward,
  distribute, or, use any part of it. If you have received this message
  in error, please delete it from your system and notify the sender
  immediately by return e-mail. The sender does not accept liability for
  any errors, or, omissions. Note, this text has no effective legal
  binding on your part. There is no obligation to abide any or all parts
  of this, just as any texts appended to e-mail messages on rest of the
  Internet. For more information about disclaimers, please see:
  http://www.goldmark.org/jeff/stupid-disclaimers/

Re: OpenBSD with pf on a mini-ITX?

2008-03-11 Thread xSAPPYx

I am running a couple jetway mini-itx c7 boxes with the 3x1Gig
daughter boards running without any problems. I also have a couple
stock via mini-itx boards that have run obsd in the past without
problem also.


On Tue, Mar 11, 2008 at 10:57 AM, Jordi Prats [EMAIL PROTECTED] wrote:
 Hi all,
  Have anyone tried to run OpenBSD with pf on a Jetway J7F2 (or similar)
  motherboard to act as a firewall and do NAT?

  Any inputs will be welcome! Thanks,
  --
  Jordi

Re: named dhcpd network problems after update

2008-02-28 Thread xSAPPYx

Missed the misc@ CC:, sry richard

On Wed, Feb 27, 2008 at 8:26 PM, Richard Daemon
[EMAIL PROTECTED] wrote:
SNIP

  For the dhcpd, /etc/dhcpd.interfaces is ok? or try 'dhcpd bge0' ?
Specifiing bge0 on the command line has the same effect:

root:/root:10# dhcpd -df bge0
Can't listen on bge0 - it has no IP address.
No interfaces to listen on.
exiting.

  For named, you're using /etc/named.conf instead of /var/named/etc/named.conf?
named is reading /var/named/etc/named.conf, I think the log line says
/etc/named.conf since it reads the config file after chroot() to
/var/named/

I'm not sure about the [rt]xpause and what that means on the media:
line from ifconfig; the man pages for bge, ifmedia, ifconfig don't
mention anything.

named dhcpd network problems after update

2008-02-27 Thread xSAPPYx

Heya misc:

Base dhcpd and named are failing to start after an update. I'm really
confused at this point. Other daemons are working fine and I can't see
anything else 'wrong' with the system. Any thoughts at all would be
greatly appreciated.

This was a 4.2-release system. I followed the standard process (build
kernel, reboot, build userland). I've done it twice now figuring I
screwed something up (which i still believe)

I updated my source tree with:
cvs -d$CVSROOT update -rOPENBSD_4_2 -Pd src
cvs -d$CVSROOT update -rOPENBSD_4_2 -Pd ports


Here is a snippit of /var/log/messages during bootup:
Feb 27 15:54:49 vash named[21321]: starting BIND 9.3.4
Feb 27 15:54:50 vash named[21321]:
/usr/src/usr.sbin/bind/lib/isc/unix/ifiter_getifaddrs.c:107:
INSIST(ifa != 0L) failed
Feb 27 15:54:50 vash named[21321]: exiting (due to assertion failure)
Feb 27 15:54:51 vash savecore: no core dump
Feb 27 15:54:52 vash dhcpd: Can't listen on bge0 - it has no IP address.
Feb 27 15:54:52 vash dhcpd: No interfaces to listen on.
Feb 27 15:54:52 vash dhcpd: exiting.
Feb 27 15:54:54 vash squid[3353]: Squid Parent: child process 19826 started


Trying to start named and dhcpd manually we get:

root:/root/scripts:8# named -f -g -d7
Starting privilege seperation
27-Feb-2008 16:32:47.378 starting BIND 9.3.4 -f -g -d7
27-Feb-2008 16:32:47.381 loading configuration from '/etc/named.conf'
27-Feb-2008 16:32:47.397 set maximum stack size to 33554432: success
27-Feb-2008 16:32:47.397 set maximum data size to 1073741824: success
27-Feb-2008 16:32:47.397 set maximum core size to 9223372036854775807: success
27-Feb-2008 16:32:47.397 set maximum open files to 1024: success
27-Feb-2008 16:32:47.397
/usr/src/usr.sbin/bind/lib/isc/unix/ifiter_getifaddrs.c:107:
INSIST(ifa != 0L) failed
27-Feb-2008 16:32:47.397 exiting (due to assertion failure)

root:/root/scripts:9# dhcpd -d -f
No interfaces to listen on.
exiting.
root:/root/scripts:10#


Random pieces of possibly useful output follow

root:/root/scripts:7# ifconfig -a
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33168
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0a:e4:26:dd:30
description: Internal to my cube
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.24.5 netmask 0xff00 broadcast 192.168.24.255
inet6 fe80::20a:e4ff:fe26:dd30%bge0 prefixlen 64 scopeid 0x1
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:11:0a:60:0d:82
description: Lans Scare Me
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.100.7.38 netmask 0xff00 broadcast 10.100.7.255
inet6 fe80::211:aff:fe60:d82%em0 prefixlen 64 scopeid 0x2
em1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:11:0a:60:0d:83
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0 mtu 1536
pflog0: flags=141UP,RUNNING,PROMISC mtu 33168
groups: pflog


root:/root/scripts:3# uname -a
OpenBSD vash.copart.com 4.2 GENERIC#2 amd64


root:/root/scripts:5# cat /var/run/dmesg.boot
OpenBSD 4.2-stable (GENERIC) #2: Wed Feb 27 14:31:04 PST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1609551872 (1534MB)
avail mem = 1549684736 (1477MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.33 @ 0xefeb0 (37 entries)
bios0: vendor Sun Microsystems version R01-B5 S1 date 09/29/2006
bios0: Sun Microsystems W1100z/2100z
acpi at mainbus0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Opteron(tm) Processor 144, 1795.14 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3
DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD errata 86, 89, 97, 104 present, BIOS upgrade may be required
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07
pci1 at ppb0 bus 1
ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: irq 11,
version 1.0, legacy support
ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: irq 11,
version 1.0, legacy support
ohci2 at pci1 dev 3 function 0 NEC USB rev 0x43: irq 10, version
1.0, legacy support
ohci3 at pci1 dev 3 function 1 NEC USB rev 0x43: irq 11, version
1.0, legacy support
ehci0 at pci1 dev 3 function 2 NEC USB rev 0x04: irq 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: NEC EHCI root hub, rev 2.00/1.00, addr 1
TI TSB43AB22 FireWire rev 0x00 at pci1 dev 4 function 0 not configured
usb1 at ohci0: USB revision 1.0
uhub1 at usb1: AMD OHCI

Re: delete deleted data

2007-12-31 Thread xSAPPYx

On Dec 31, 2007 10:25 AM, Marco Peereboom [EMAIL PROTECTED] wrote:
 Grind them up.  There is nothing else you can do to permanently wipe
 disks.  Residual magnetism is always there provided good enough
 equipment.  If your data is that sensitive there is nothing else but the
 grinder.

Someone linked me this article a couple calling into question the
ability to actually read overwritten data:
http://www.nber.org/sys-admin/overwritten-data-guttman.html

I'de love to read something from the other side, showing real examples
of getting usable data off of a disk that has been overwritten / wiped
/ etc

any links or info?

Re: This list: CC and TO fields

2007-12-03 Thread xSAPPYx

On Dec 3, 2007 5:04 AM, ropers [EMAIL PROTECTED] wrote:
 On 03/12/2007, L [EMAIL PROTECTED] wrote:
  I can't find the 'reply only to group' feature my mail client yet.. but
  I just started using this email client recently. It is Mozilla Thunderbird.

 Reply to all.



Alpine is another good one for lists.
http://www.washington.edu/alpine/

ropers, I think your time is a 'little' off.

Re: scp doesn´t recognizes 127.0.0.1* as filename

2007-11-26 Thread xSAPPYx

Giving a path should work (it did on my
/tmp/127.0.0.1-2007-11-26-18:31/ dir I just tested with, and it failed
the same way yours did without the ./ )
scp -r ./127.0.0.1-2007-11-26-18:31 [EMAIL PROTECTED]:/u02/snap


On Nov 26, 2007 1:24 PM, Eduardo Alvarenga [EMAIL PROTECTED] wrote:
 Hi there,

 [EMAIL PROTECTED] crash]# scp -r 127.0.0.1-2007-11-26-18:31 [EMAIL 
 PROTECTED]:/u02/snap
 ssh: 127.0.0.1-2007-11-26-18: Name or service not known

 127.0.0.1-2007-11-26-18:31 is a directory

 It seems that scp is not understanding that 127.0.0.1-2007-11-26-18:31 is a
 directory.
 Can anyone help?

 This is an OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 running on RHEL 4.4


 Regards,

 --
 Eduardo Alvarenga

Re: maybe openssh's bug

2007-11-26 Thread xSAPPYx

Not sure if it was gmail that blew chunks on your message or somewhere
else along the way, but it seems some of your message lines were
trunked.
Either way, your attachment won't make it through...

The only mailing list that allows attachments is the ports list, they
will be removed from messages on the other mailing lists.
http://openbsd.org/mail.html

On Nov 26, 2007 6:14 PM, PowerBSD [EMAIL PROTECTED] wrote:
 pls read ssh.log attachment
 # ifconfig sis0
 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 150
 lladdr 00:16:ec:b0:25:d
 groups: egres
 media: Ethernet autoselect (100baseTX half-duplex
 status: activ
 inet 192.168.1.248 netmask 0xff00 broadcast 192.168.1.25
 inet6 fe80::216:ecff:feb0:25d7%sis0 prefixlen 64 scopeid 0x

 I use ssh connect to remote sshd server 192.168.1.191 , then i us

 # ssh 192.168.1.1911
 The authenticity of host '192.168.1.1911 (202.102.2.116)' can't be established
 RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7
 Are you sure you want to continue connecting (yes/no)? ^
 # ssh 192.168.1.1912
 ssh: 192.168.1.1912: non-recoverable failure in name resolutio
 # ssh 192.168.1.1913
 ssh: 192.168.1.1913: non-recoverable failure in name resolutio
 # ssh 192.168.1.1914
 The authenticity of host '192.168.1.1914 (202.102.2.116)' can't be established
 RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7
 Are you sure you want to continue connecting (yes/no)? ^
 # ssh 192.168.1.1915
 The authenticity of host '192.168.1.1915 (202.102.2.116)' can't be established
 RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7
 Are you sure you want to continue connecting (yes/no)? ^
 # ssh 192.168.1.1916
 ssh: 192.168.1.1916: non-recoverable failure in name resolutio
 # ssh 192.168.1.1917
 ssh: 192.168.1.1917: non-recoverable failure in name resolutio
 # ssh 192.168.1.1918
 The authenticity of host '192.168.1.1918 (202.102.2.116)' can't be established
 RSA key fingerprint is 88:43:7d:20:64:c8:40:bc:57:96:ac:12:cd:38:e3:c7
 Are you sure you want to continue connecting (yes/no)? ^

 at this line , when i input correct password , but authenticate is incorrec

 # ssh 192.168.1.1919
 [EMAIL PROTECTED]'s password:
 Permission denied, please try again
 [EMAIL PROTECTED]'s password:

 # uname -
 OpenBSD EServer-01.evermoresw.com.cn 4.2 GENERIC#0 i38
 # sysctl hw
 hw.machine=i38
 hw.model=Intel(R) Pentium(R) 4 CPU 2.93GHz (GenuineIntel 686-class
 hw.ncpu=
 hw.byteorder=123
 hw.physmem=46926643
 hw.usermem=46926233
 hw.pagesize=409
 hw.disknames=cd0,wd
 hw.diskcount=
 hw.sensors.it0.temp0=48.00 deg
 hw.sensors.it0.temp1=39.00 deg
 hw.sensors.it0.temp2=22.00 deg
 hw.sensors.it0.fan0=1231 RP
 hw.sensors.it0.volt0=1.25 VDC (VCORE_A
 hw.sensors.it0.volt1=2.62 VDC (VCORE_B
 hw.sensors.it0.volt2=3.31 VDC (+3.3V
 hw.sensors.it0.volt3=5.00 VDC (+5V
 hw.sensors.it0.volt4=11.71 VDC (+12V
 hw.sensors.it0.volt5=2.01 VDC (Unused
 hw.sensors.it0.volt6=-0.77 VDC (-12V
 hw.sensors.it0.volt7=4.97 VDC (+5VSB
 hw.sensors.it0.volt8=4.08 VDC (VBAT
 hw.cpuspeed=293
 hw.setperf=10
 hw.vendor=Ace
 hw.product=Aspire SA80/AP S28
 hw.version=R01-C
 hw.uuid=Not Se
 # ssh -
 OpenSSH_4.7, OpenSSL 0.9.7j 04 May 200

Re: About Xen: maybe a reiterative question but ..

2007-10-23 Thread xSAPPYx

On 10/23/07, Lars NoodC)n [EMAIL PROTECTED] wrote:
 Per-Erik Persson wrote:
  ... not being able to run inside a
  virtualized environment is not an option in the future.

 Virtualization is available already.  See the package qemu.
 http://www.openbsd.org/4.1_packages/

 Or are you aiming for Xen specifically?


fwiw, kvm works well too if Xen isn't a hard requirement
http://kvm.qumranet.com/kvmwiki

Re: Scaling DNS with CARP + pf (+ hoststated ?)

2007-08-29 Thread xSAPPYx

it is highly recommended you cruise the DNS rfcs and/or read the dns
bible.. these are problems solved 20 years ago

On 8/28/07, reje [EMAIL PROTECTED] wrote:
 In the sense of expanding DNS infrastructure, your
 comments seem sane enough (you definitely read that
 DNS  BIND book :-)

 On the other side, I really need to introduce
 _additional_ availability of DNS servers/resolvers.
 This is especially true for resolvers as they are the
 first layer users are facing. Assume the situation
 when ordinary Windows user tries to access a web page
 not yet cached in his box local DNS cache. From my
 experience, it's needed up to 15 seconds for Windows
 box to contact the other resolver. And that is
 something I'm trying to avoid by using
 high-availability and load-balancing.

 As already seen, it cannot be done (yet) using
 hoststated or rdr alone because packet payload
 inspection and modification is needed for it to work,
 and it is a hack, etc.etc.

 I was also reading about new features of IP-based
 load-balancing in carp(4) in the upcoming release of
 OpenBSD (4.2). It seems that it would be enough to
 install a farm of OpenBSD resolver boxes with CARP and
 IP load balancing enabled on the boxes themselves. No
 external load-balancing boxes, no packet modifications
 required. Altough, it seems that it does require some
 extra configuring depending on network equipment being
 used. Also, IP load-balancing imposses additional load
 to network equipment. (I'm dealing with Cisco Catalyst
 6500 series switches)

 To conclude my goals:
 - remove 15 second timeout for end users,
 - deal with only 2 resolver addresses,
 - use more than 2 resolver boxes.

 Anyone successfully running similar scenario ?

 Cheers (and thanks for all suggestions),
 r.

  reje wrote:
   Yes, we have that much DNS requests hiting our
   servers
   (we are not experiencing any DoS but from
   legitimate
   user requests :-)
  
   Furthermore, the DNS infrastructure tiemouts are
   unacceptable in our scenario. Registering
   additinal NS records is also unacceptable.
  
   FYI: our primary DNS experiences cca. 4000
   requests per second, secondary goes with cca. 3000
   req/sec.
  
   Primary server is SUN Fire V480 with 16GB RAM,
   secondary is also  SUN Fire V480 with 8GB RAM.
   Both servers are running Solaris 9 + BIND 9.
   Firewall is PIX 535, works like a charm.
 
  Increase some of your heavily used records' TTLs.
 
  Add more public slave servers, 5-7 is a good number.
 
  Have them pull from a hidden master.
 
  Put some of the servers far away from you, but near
  your clients. e.g: London, Franfurt, Paris, Sydney,
  where ever (can't do that with load bal).
 
  If you have both of your only 2 servers in the same
  rack, you will have problems. I once saw one idiot
  put both DNS servers into Solaris 10 zones on a
  single box (e15k). What is the point??
 
  I used to work for an ISP serving some popular
  domains. Used white i386 boxes in various colo racks
  (own and others), nae probs.
 
  Fire walling was done by Juniper, no load balancing.
 
  Go re-read the DNS and BIND book.
  --
 
  
  Craig Skinner[EMAIL PROTECTED]
 
  Phone +44 (0) 1506 6730245-digit
  shortdial:x73024
 
  Sun Remote Support Centre, Linlithgow, Scotland, UK
 
  



 
 Be a better Heartthrob. Get better relationship answers from someone who 
 knows. Yahoo! Answers - Check it out.
 http://answers.yahoo.com/dir/?link=listsid=396545433

Re: pagedaemon: deadlock detected

2007-08-02 Thread xSAPPYx

What does df -i show? maybe you filled up a disk or ran out of inodes?

On 8/2/07, Timo Schoeler [EMAIL PROTECTED] wrote:
 hi,

 i have an amd64 system running for about six months now flawlessly
 (however, due to following -current, not with uptimes 10 days).

 today it crashed twice when i had two torrents active (not very big
 ones, one 900MByte and one 1300MByte in size -- i did use this machine
 for far bigger ones, with rtorrent running several instances in
 parallel, without problems).

 the hardware is okay, i'm sure it is; the machine uses ECC RAM and is
 cooled very good (besides running on an Athlon64 3500+ EE SFF, which
 means a TDP of 35Watt) with several big fans and a gigantic
 copper/heatpipe heatspreader on the CPU to make it SILENT.

 unfortunately, the machine does NOT have a serial port that could
 provide some more information, i'm stuck on the console which spits out:

 'pagedaemon: deadlock detected'

 in very high speed. i can still change between the tty's, but cannot
 type to login or anything else. ssh is dead. apache dies. didn't try
 ICMP, though.

 dmesg applied -- thanks for any hint!

 timo

 ---

 OpenBSD 4.2-beta (GENERIC) #6: Tue Jul 31 10:43:55 CEST 2007
  [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 1055444992 (1006MB)
 avail mem = 1013542912 (966MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (70 entries)
 bios0: ASUSTek Computer INC. M2NPV-VM
 acpi0 at mainbus0: rev 0
 acpi0: tables DSDT FACP SSDT MCFG APIC
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 4 (HUB0)
 acpicpu0 at acpi0 PSS
 acpicpu1 at acpi0
 acpitz0 at acpi0, critical temperature: 75 degC
 acpibtn0 at acpi0: PWRB
 cpu0 at mainbus0: (uniprocessor)
 cpu0: AMD Athlon(tm) 64 Processor 3500+, 2204.92 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
 64b/line 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: PowerNow! K8 2204 MHz: speeds: 2200 2000 1800 1000 MHz
 pci0 at mainbus0 bus 0: configuration mode 1
 NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 1 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured
 NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured
 ppb0 at pci0 dev 2 function 0 NVIDIA C51 PCIE rev 0xa1
 pci1 at ppb0 bus 1
 ppb1 at pci0 dev 3 function 0 NVIDIA C51 PCIE rev 0xa1
 pci2 at ppb1 bus 2
 ppb2 at pci0 dev 4 function 0 NVIDIA C51 PCIE rev 0xa1
 pci3 at ppb2 bus 3
 vga1 at pci0 dev 5 function 0 NVIDIA GeForce 6150 rev 0xa2
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 NVIDIA MCP51 Host rev 0xa2 at pci0 dev 9 function 0 not configured
 pcib0 at pci0 dev 10 function 0 NVIDIA MCP51 ISA rev 0xa3
 nviic0 at pci0 dev 10 function 1 NVIDIA MCP51 SMBus rev 0xa3
 iic0 at nviic0
 iic1 at nviic0
 NVIDIA MCP51 Memory rev 0xa3 at pci0 dev 10 function 2 not configured
 ohci0 at pci0 dev 11 function 0 NVIDIA MCP51 USB rev 0xa3: irq 5,
 version 1.0, legacy support
 ehci0 at pci0 dev 11 function 1 NVIDIA MCP51 USB rev 0xa3: irq 10
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
 pciide0 at pci0 dev 13 function 0 NVIDIA MCP51 IDE rev 0xa1: DMA,
 channel 0 configured to compatibility, channel 1 configured to compatibility
 pciide0: channel 0 disabled (no drives)
 atapiscsi0 at pciide0 channel 1 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: _NEC, DVD_RW ND-4570A, 1.02 SCSI0
 5/cdrom removable
 cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
 pciide1 at pci0 dev 14 function 0 NVIDIA MCP51 SATA rev 0xa1: DMA
 pciide1: using irq 5 for native-PCI interrupt
 wd0 at pciide1 channel 0 drive 0: WDC WD2500YD-01NVB1
 wd0: 16-sector PIO, LBA48, 239372MB, 490234752 sectors
 wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
 pciide2 at pci0 dev 15 function 0 NVIDIA MCP51 SATA rev 0xa1: DMA
 pciide2: using irq 11 for native-PCI interrupt
 ppb3 at pci0 dev 16 function 0 NVIDIA MCP51 PCI-PCI rev 0xa2
 pci4 at ppb3 bus 4
 TI TSB43AB22 FireWire rev 0x00 at pci4 dev 5 function 0 not configured
 pciide3 at pci4 dev 8 function 0 Promise PDC40718 rev 0x02: DMA
 wd1 at pciide3 channel 3 drive 0: WDC WD2500YD-01NVB1
 wd1: 16-sector PIO, LBA48, 239372MB, 490234752 sectors
 wd1(pciide3:3:0): using BIOS timings,