Re: Determining which patches a snapshot contains

[Jonathan Schleifer]

Fair enough - I can understand you don't want to give any guarantees for 
snapshots.

I guess it's fair to assume that snapshots are only built from full commits and 
not partial commits? In this case then, I guess I should be fine.

-- 
Jonathan

> Am 25.02.2020 um 20:35 schrieb Theo de Raadt :
> 
> You are asking questions beyond the promises we make about snapshots.
> 
> Sorry, no answer to your question.  Sorry if you think that is unfair.
> 
> Jonathan Schleifer  wrote:
> 
>> Hi!
>> 
>> I'm wondering: If I upgrade to snapshots/sparc64/base66.tgz that is listed 
>> on ftp as
>> base66.tgz 24-Feb-2020 20:01 
>>   175147678
>> Will it include 
>> <https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig>?
>> 
>> I saw that the patch added two new strings, and those seem to match (this is 
>> after upgrading):
>> 
>> # strings /usr/sbin/smtpd | grep 'has bad uid' 
>> warn: smtpd: file %s has bad uid %d
>> # strings /usr/sbin/smtpd | grep 'has bad gid' 
>> warn: smtpd: file %s has bad gid %d
>> 
>> As well as the change to using the full path to makemap:
>> # strings /usr/sbin/smtpctl | grep makemap
>> makemap
>> makemap
>> makemap
>> usage: makemap [-U] [-d dbtype] [-o dbfile] [-t type] file
>> /usr/sbin/makemap
>> 
>> So does this mean the patch is included, or were some parts of the patch 
>> already applied earlier and this is still incomplete? It looks like 
>> https://github.com/openbsd/src/commit/0228dab008714e5c4cb4c4fdb7e20836742f6fc9
>>  contains all changes at once, so should I be good?
>> 
>> Thanks.
>> 
>> -- 
>> Jonathan
>> 

Determining which patches a snapshot contains

[Jonathan Schleifer]

Hi!

I'm wondering: If I upgrade to snapshots/sparc64/base66.tgz that is listed on 
ftp as
base66.tgz 24-Feb-2020 20:01   
175147678
Will it include 
?

I saw that the patch added two new strings, and those seem to match (this is 
after upgrading):

# strings /usr/sbin/smtpd | grep 'has bad uid' 
warn: smtpd: file %s has bad uid %d
# strings /usr/sbin/smtpd | grep 'has bad gid' 
warn: smtpd: file %s has bad gid %d

As well as the change to using the full path to makemap:
# strings /usr/sbin/smtpctl | grep makemap
makemap
makemap
makemap
usage: makemap [-U] [-d dbtype] [-o dbfile] [-t type] file
/usr/sbin/makemap

So does this mean the patch is included, or were some parts of the patch 
already applied earlier and this is still incomplete? It looks like 
https://github.com/openbsd/src/commit/0228dab008714e5c4cb4c4fdb7e20836742f6fc9 
contains all changes at once, so should I be good?

Thanks.

-- 
Jonathan

GCC 4.9.1 or Clang 3.8 on OpenBSD/SPARC64 6.0

[Jonathan Schleifer]

Hi!

I'm trying to build ObjFW[1] on my OpenBSD 6.0/SPARC64 machine. However, I
encountered the following problems:

1.)
lang/gcc/4.9 does not emit proper unwind tables. No exception can be caught
(in both, ObjC and C++).

2.)
When compiling things with Clang, for about 25% of files, I get this error:

> .runtime_runtime.lib.a.objs/lookup.lib.o: could not read symbols: Bad value

There is nothing above this line, like it usually is on linker errors (e.g.
PIC vs. non-PIC). I tried several flags, but no difference. I noticed that
Clang is using its internal assembler for OpenBSD/SPARC64, and that using
-no-integrated-as actually throws hundreds of errors (as OpenBSD's as is
pretty much complaining about every line). This lead me to the idea that Clang
is emitting things just not understood by OpenBSD's rather old ld, but
unfortunately, there doesn't seem to be a newer binutils in ports.

Any ideas? My current plan is to build a newer binutils and a newer Clang
manually and see what fails and fix things as they come up. However, before I
do that and spend a lot of time waiting/compiling, I wanted to know if anyone
else already hit the same problems. FWIW, this all works without any problems
on amd64.

[1] https://heap.zone/objfw/ or https://github.com/Midar/objfw

--
Jonathan

Re: softraid crypto performance on Sun Fire T1000

[Jonathan Schleifer]

> Uhm, but the dd command wasn't :-) (the guest's root disk is sd2, not
sd0...)
>
> Now our numbers align much better:
>
> # dd if=/dev/rsd2c of=/dev/null bs=10m count=50
> 50+0 records in
> 50+0 records out
> 524288000 bytes transferred in 131.796 secs (3978008 bytes/sec)

Ah, thanks. I was just about to destroy my RAID-1 and see it that makes a
difference :).

So, the difference is pretty much the kernel locking: The fewer cores, the
better the performance.

But this still means that the softraid crypto performance is way below what
openssl speed gives. I wonder if openssl (well, libressl) is just using a more
efficient AES implementation, possibly one with inline assembly. Time to look
at sources :).

> For reference, the guest's raw disk read speed was:
>
> # dd if=/dev/rsd0c of=/dev/null bs=10m count=50
> 50+0 records in
> 50+0 records out
> 524288000 bytes transferred in 11.481 secs (45663843 bytes/sec)
> # dd if=/dev/rsd0c of=/dev/null bs=10m count=500
> 500+0 records in
> 500+0 records out
> 524288 bytes transferred in 128.997 secs (40643390 bytes/sec)

Yup, that matches mine. Which is still way below what the HD should be able to
get. But, as said, with bsd.sp I get 80 MB/s, which seems closer to what it
should be.

Thanks for your help in debugging!

--
Jonathan

Re: softraid crypto performance on Sun Fire T1000

[Jonathan Schleifer]

> I have the 1GHz version with 4 cores (32 threads).

Ok, so same per-core speed, so single-threaded performance should be the
same.
(Btw, you have 8 cores, not 4. 8 cores @ 4 threads each.)

> Otherwise it's probably similar to yours.
> It's running 6.0 at the moment, yes. Some guests are running -current.

Was the guest in which you ran softraid crypto -current or 6.0?

> Here's a dmesg from a few years ago which I copied before LDOMs were
configured.
> With guests configured the host dmesg changes since it has fewer resources.
>
> real mem = 8455716864 (8064MB)
> avail mem = 8304115712 (7919MB)
> mainbus0 at root: SPARC Enterprise T1000
> cpu0 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu1 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu2 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu3 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu4 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu5 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu6 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu7 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu8 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu9 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu10 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu11 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu12 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu13 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu14 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu15 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu16 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu17 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu18 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu19 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu20 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu21 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu22 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu23 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu24 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu25 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu26 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu27 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu28 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu29 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu30 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> cpu31 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1000 MHz
> vbus0 at mainbus0
> "flashprom" at vbus0 not configured
> cbus0 at vbus0
> vldc0 at cbus0
> vldcp0 at vldc0 chan 0x0: ivec 0x200, 0x201 channel "hvctl"
> "ldom-primary" at vldc0 chan 0x1 not configured
> "fmactl" at vldc0 chan 0x3 not configured
> vldc1 at cbus0
> "ldmfma" at vldc1 chan 0x4 not configured
> vldc2 at cbus0
> vldcp1 at vldc2 chan 0x14: ivec 0x228, 0x229 channel "spds"
> "system-management" at vldc2 chan 0xd not configured
> vcons0 at vbus0: ivec 0x111, console
> vrtc0 at vbus0
> "fma" at vbus0 not configured
> "sunvts" at vbus0 not configured
> "sunmc" at vbus0 not configured
> "explorer" at vbus0 not configured
> "led" at vbus0 not configured
> "flashupdate" at vbus0 not configured
> "ncp" at vbus0 not configured
> vpci0 at mainbus0: bus 2 to 2, dvma map 8000-
> pci0 at vpci0
> ebus0 at mainbus0
> com0 at ebus0 addr c2c000-c2c007 ivec 0xa: st16650, 32 byte fifo
> vpci1 at mainbus0: bus 2 to 4, dvma map 8000-
> pci1 at vpci1
> ppb0 at pci1 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xb3
> pci2 at ppb0 bus 3
> bge0 at pci2 dev 4 function 0 "Broadcom BCM5714" rev 0xa2, BCM5715 A1
(0x9001): ivec 0x7d4, address 00:14:4f:ae:b5:28
> brgphy0 at bge0 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0
> bge1 at pci2 dev 4 function 1 "Broadcom BCM5714" rev 0xa2, BCM5715 A1
(0x9001): ivec 0x7d5, address 00:14:4f:ae:b5:29
> brgphy1 at bge1 phy 1: BCM5714 10/100/1000baseT/SX PHY, rev. 0
> ppb1 at pci2 dev 8 function 0 "ServerWorks HT-1000 PCIX" rev 0xb3
> pci3 at ppb1 bus 4
> bge2 at pci3 dev 1 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0
(0x2100): ivec 0x7c2, address 00:14:4f:ae:b5:2a
> brgphy2 at bge2 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
> bge3 at pci3 dev 1 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0
(0x2100): ivec 0x7c1, address 00:14:4f:ae:b5:2b
> brgphy3 at bge3 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
> mpi0 at pci3 dev 2 function 0 "Symbios Logic SAS1064" rev 0x02: msi
> scsibus0 at mpi0: 63 targets
> sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct
fixed naa.5000cca20ec9a366
> sd0: 476940MB, 512 bytes/sector, 976773168 sectors
> vscsi0 at root
> scsibus1 at vscsi0: 256 targets
> softraid0 at root
> scsibus2 at softraid0: 256 targets
> bootpath: /pci@7c0,0/pci@0,0/pci@8,0/scsi@2,0/disk@0,0
> root on sd0a (c29f49f8ceac7c2e.a) swap on sd0b dump on sd0b

Your dmesg looks similar to 

Re: softraid crypto performance on Sun Fire T1000

[Jonathan Schleifer]

Am 29.10.2016 um 18:34 schrieb Stefan Sperling <s...@stsp.name>:

> On Sat, Oct 29, 2016 at 06:08:37PM +0200, Jonathan Schleifer wrote:
>> Hm, my main problem seems to be that whenever I decrypt something from the
>> disk, all other 23 cores seem to get stalled.
>>
>> So, would you recommend doing the following then:
>>
>> * Have a partition for the main system on a softraid crypto
>> * Have an unencrypted partition for the LDOMs
>> * Do softraid crypto in every LDOM
>
> I don't care about encrypting the host. It has no secrets.
> Some of my guests boot from softraid crypto disks (see 'man boot_sparc64').

Yeah, that's what I'm doing on the host. My main reason for encrypting the
host was that this does not allow leaking something (and giving some
authentication, so only the bootloader could be changed - I was actually
considering writing some FORTH to check it before loading it).

> On the host (single 3.5" SAS disk which came with the system, no softraid):
>
> # dd if=/dev/rsd0c of=/dev/null bs=10m count=50
> 50+0 records in
> 50+0 records out
> 524288000 bytes transferred in 8.658 secs (60551625 bytes/sec)
> # dd if=/dev/rsd0c of=/dev/null bs=10m count=500
> 500+0 records in
> 500+0 records out
> 524288 bytes transferred in 83.572 secs (62734555 bytes/sec)
> # sysctl hw.ncpu
> hw.ncpu=2
>
> In a guest which uses softraid crypto as its root disk:
>
> # dd if=/dev/rsd0c of=/dev/null bs=10m count=50
> 50+0 records in
> 50+0 records out
> 524288000 bytes transferred in 11.481 secs (45663843 bytes/sec)
> # dd if=/dev/rsd0c of=/dev/null bs=10m count=500
> 500+0 records in
> 500+0 records out
> 524288 bytes transferred in 128.997 secs (40643390 bytes/sec)
> # sysctl hw.ncpu
> hw.ncpu=2

Oh, wow, these are *much* better than what I get. Which CPU do you have? I
have 6x 1 GHz (meaning 24 threads). Are you running 6.0?

Thank you for these numbers, they make me much more hopeful about this
machine.

--
Jonathan

Re: softraid crypto performance on Sun Fire T1000

[Jonathan Schleifer]

Hi,

> I run a T1000 which is segregated into a couple of LDOM guests (about 10).
> Some of the guests use softraid crypto inside. The host does not.

Yeah, I was planning on using LDOMs as well. However, since I wanted to put
this into a datacenter (for a cheap price, so it not being the most current
hardware is OK), I wanted to encrypt as much as possible.

> Disk i/o is slow across the board, and when one guest upgrades (extracts
> sets) or makes builds, the other guests experience slowed down i/o as well.

Without the crypto, I get 30 - 40 MB/s. Granted, that's still slow for 10k RPM
drives. However, the RAID 1 is still rebuilding, so that might be why.

> It's fine for network-bound tasks but I would not run a database or mail
> server on it, if that's what you were planning to use this box for.

I was planning to use it for a small mail server (only my mail + my family's
mail), a web server, a git server and and XMPP server. So I guess that would
be a bad idea?

> In the near term I am planning to replace the disks with SSDs to see if
> that helps. This requires the 2.5" disk frame which isn't easy to track
> down, or some self-built disk frame which holds a 2.5" disk.

I guess I'm lucky then, as mine came with two 2.5" SAS disks.

> I've never used this system with just the host. The OpenBSD kernel is
> mostly giant-locked so having many CPUs for one kernel doesn't make sense.

Yeah, that was exactly my fear: The GKL stalling the entire systems. Which
seems to be what's happening here.

> If you're running your tests without any LDOM guests configured, your
> system is probably using something in the order of 32 CPUs. In which case
> reducing the number of CPUs on the host by assigning some CPUs to guests
> might help a bit. See 'man ldomctl' for details about setting up guests.

Hm, my main problem seems to be that whenever I decrypt something from the
disk, all other 23 cores seem to get stalled.

So, would you recommend doing the following then:

* Have a partition for the main system on a softraid crypto
* Have an unencrypted partition for the LDOMs
* Do softraid crypto in every LDOM

That would at least mean one system reading from disk will not stall all the
other systems.

Just out of curiosity, what read performance do you get in one of the LDOMs
where you do use softraid crypto? 2 MB/s just seems too low, IMHO, when
openssl speed can reach 5 times that.

--
Jonathan

Re: softraid crypto performance on Sun Fire T1000

[Jonathan Schleifer]

Another thing I noticed:

When running dd if=/dev/zero of=foo bs=65536, my SSH connection gets extremely
laggy. If I open 4 more in parallel, all go down to KB/s of writes, and SSH
becomes unusable. Now unusable as in things need forever to start. Unusable as
in I press a key and it takes forever to print that letter.

Is this supposed to be like this, or is here something seriously wrong? Is
OpenBSD only using a single core for the kernel and thus once that core is
busy, the entire system starts to become unusable slow?

--
Jonathan

softraid crypto performance on Sun Fire T1000

[Jonathan Schleifer]

Hi!

I just installed OpenBSD 6.0 on my Sun Fire T1000 (with 2 SAS HDs in a
hardware RAID 1 that I set up from OpenBoot). However, I only get read rates
of less than 2 MB/s from sd1a (the softraid), but reads from sd0d (the
underlying partition of the softraid) get magnitudes more.

While a single core of the T1000 is quite slow, this just seems too slow,
making this setup unusable. openssl speed shows 10 MB/s for AES-128-CBC and 7
MB/s for AES-256-CBC on a single core. So a single core is definitely capable
of more than just 2 MB/s. While even 10 MB/s is still slow for today, it's
actually something I could live with, unlike the 2 MB/s. Any ideas on how to
debug what is going wrong here?

Also, is it possible to use multiple cores for decryption when reading
multiple files in parallel?

--
Jonathan

Re: OT: Risks of CAs (Re: Your web development opinions)

[Jonathan Schleifer]

Am 28.02.2011 um 03:10 schrieb Hugo Osvaldo Barrera:

 You CAN submit the CSR through the web interface.


Nobody doubted that.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: OT: Risks of CAs (Re: Your web development opinions)

[Jonathan Schleifer]

Am 24.02.2011 um 18:34 schrieb Hugo Osvaldo Barrera:

 I use their web interface to generate them.  It gets stuck sometime, buy
 usually works. (Yeah, it's definitely not the best).

Letting them generate one is a stupid idea - then they got your private key.
Better is it to just send them a CSR.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: relayd to load balance xmpp/jabberd??

[Jonathan Schleifer]

Tom Murphy open...@pertho.net wrote:

 ext_if=em0
 ext_xmpp_addr=aaa.bbb.ccc.ddd

 table xmppServers { 192.168.1.1 192.168.1.2 192.168.1.3 }
 redirect xmpp {
listen on $ext_xmpp_addr port 5222 interface $ext_if
tag xmpp
forward to xmppServers port 5222 mode roundrobin sticky-address
 check tcp }

I'm pretty certain this breaks things if you don't have server-support
for load-balancing. If all the servers listen for the same domain and
each server thinks it is resposible for the domain and thinks it is
resposible alone, you will have the following problems:

(Let's assume you have servers A, B and C, all handling the domain
foobar.org)

* A user on A can't send a message to a user on B or C
* When server A is connected to Server qux.org, servers B and C can't
  connect to qux.org.

You can interchange A, B and C here.

Thus, the servers need to do some communication to allow
load-balancing. Just distributing all incoming connections among
servers A, B and C is not going to work. If you read the XMPP RFC, you
will see why exactly.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: whiteboard over the net

[Jonathan Schleifer]

Am 30.03.2010 um 06:55 schrieb Marco Peereboom:

I have been looking for some sort of whiteboard like software that  
runs

over the net.  Anyone know a name of a port?


The Psi Jabber Client has Whiteboard suppport, IIRC. Not sure the  
version in ports is new enough, though.


--
Jonathan

Re: OT: Python (was Re: vi in /bin)

[Jonathan Schleifer]

Am 19.12.2009 um 20:47 schrieb Darrin Chandler:

When you can write your code to remain testable. If you've changed  
code,

then you're only testing test code instead of production code. If you
change it back for production, did you change it back correctly?  
Better

to call the same code from both production and testing.

Yes, I have used your approach. I only use that approach when I must.


I'm more talking about debugging here. It's awfully annoying to change  
indentation for that. And yes, I don't commit my debug code by  
accident, as I always read the diff first ;).


--
Jonathan

Re: OT: Python (was Re: vi in /bin)

[Jonathan Schleifer]

Floor Terra flo...@gmail.com wrote:

 This is because most of the copy/paste goes like this:
 1) Write some loop
 2) Need similar loop
 3) copy/paste old loop
 4) Modify pasted loop (but forget one tiny change)
 5) New loop has bug

This is why I never just copy code, but type it. While you type, you
also think about whether it makes sense to just copy the code and you
will notice if you have to adjust something. Saved me quite a few times
and doesn't take too long if you copy only short code. And long code
should never be copied anyway.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OT: Python (was Re: vi in /bin)

[Jonathan Schleifer]

Darrin Chandler dwchand...@stilyagin.com wrote:

 I agree that copy/paste from the web would be challenging for
 newcomers. Pastes from the web do horrible things to indenting. If
 you aren't comfortable with Python it'd be a huge pain.

Well, enforced whitespaces are a double-edges sword: While enforcing
newcomes to indent their code correctly and thus getting them used to
the right style and avoiding bad behaviour, it is really a pain in the
ass for testing. If you are just going to test something, you often
have to reindent code. Luckily, vim can do that for you, but still,
it's rather annoying that I have to reformat the code then.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OT: Python (was Re: vi in /bin)

[Jonathan Schleifer]

Darrin Chandler dwchand...@stilyagin.com wrote:

 You're doing testing wrong and the wrongness has nothing to do with
 python. ;-)

Erm, since when is it wrong to change code for testing, to make sure it
even works under strange circumstances? oO

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Why is getaddrinfo breaking POSIX?

[Jonathan Schleifer]

Am 08.12.2009 um 15:52 schrieb Bret Lambert:


The existing resolver code is compleat balls, as oga@ would spell it.
Frankly, it needs to be dragged behind the chemical sheds and
quietly suffocated.



Wouldn't it be possible to at least put a lock around it, so that at  
least it does not produce bogus lookups, but is does sequentiel but  
correct lookups instead? This would at least not break POSIX and would  
be compatible to thread-safe implementations, though slower than  
thread-safe implementations. It would already be a big relieve for  
programmers if they can just use getaddrinfo and know that they at  
least get a correct result on any OS. ATM, I have to do a whitelist of  
operating systems that are known to have thread-safe implementations  
and do a lock for the others.


--
Jonathan

Re: Why is getaddrinfo breaking POSIX?

[Jonathan Schleifer]

Am 08.12.2009 um 15:41 schrieb Otto Moerbeek:


Nobody did the work yet. If it's very important to you, consider
spending effort making it thread safe. I believe netbsd and freebsd
have thread safe implementations. But actullay verifying that is
pretty hard.


Yes, the NetBSD implementation is thread-safe since 4.0. For FreeBSD,  
I don't know since which version it is thread-safe, but it's thread- 
safe in recent versions.


For the verifying part: If the implementation has no side-effects  
(like modifying some global variable that is not per-thread), the  
implementation is thread-safe.


--
Jonathan

Why is getaddrinfo breaking POSIX?

[Jonathan Schleifer]

Just wondering: Why is getaddrinfo breaking POSIX by not being thread- 
safe and what is the thread-safe alternative to it? (Please don't tell  
me to use locks, as that would kill the possibility to lookup multiple  
hosts at once).


I consider it very strange that an OS still has a thread-unsafe  
getaddrinfo in the year 2009, even though POSIX and RFC 2553 both  
require it to be thread-safe. And it makes it especially hard to write  
portable applications, as there is no way to check if getaddrinfo is  
thread-safe in a configure script.


--
Jonathan

Re: OT: Iphone with OpenBSD

[Jonathan Schleifer]

Am 24.09.2009 um 05:11 schrieb Alvaro Mantilla Gimenez:


After the upgrade to 3.0 I losted a lot of unix commands (top, for
example) which it seems to work only on 2.X firmwares.


Those were only removed from the base system, you can still install  
them via Cydia.


--
Jonathan

Re: OT: Iphone with OpenBSD

[Jonathan Schleifer]

Mark Mathias markdmath...@gmail.com wrote:

 I remember reading somewhere that the jail broken OS is actually based
 on OpenBSD.

No, if you jailbreak it, you just break out of the jail in which all
applications run. The OS running on the iPhone is almost the same as OS
X, which is based on Darwin and Darwin uses some parts of FreeBSD.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

systrace insecure [was: Re: chroot browser]

[Jonathan Schleifer]

Am 26.03.2009 um 07:17 schrieb Tobias Weisserth:

 I guess you should take a look at Systrace:
 http://en.wikipedia.org/wiki/Systrace


This was removed from NetBSD some time ago because it is vulnerable.  
They said it's not only possible to circumvent it, but also gain root  
using it. Is this fixed in OpenBSD somehow?

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: systrace insecure [was: Re: chroot browser]

[Jonathan Schleifer]

Am 26.03.2009 um 16:12 schrieb Theo de Raadt:

 They freaked out and did the wrong thing.

It was removed when I reported a bug in NETBSD-5-0 that would crash  
the Kernel when you tried to use systrace. Instead of fixing that,  
they removed it.

 systrace has a small problem.  It is a very difficult problem to fix
 because of the kernel system call argument fetching is spread so
 widely.  This problem was documented since the beginning:

 BUGS
 Applications that use clone()-like system calls to share the  
 complete ad-
 dress space between processes may be able to replace system call  
 argu-
 ments after they have been evaluated by systrace and escape  
 policy en-
 forcement.

This sounds really hard to exploit, indeed.

 That said, this is not enough reason to entirely delete the code.  It
 still has uses.  With the other address space security changes we have
 made, the risks from this are subtantially mitigated.  You also cannot
 gain root except in extremely well crafted situations which are not
 real; systrace does have the ability to grant root unless you build
 the policy specifically to do such a stupid thing (actually, I am not
 certain if our systrace, the original, ever had that deluded ability
 of escalation; I think it was added by netbsd).

I couldn't really believe that you can gain root when the application  
you systrace isn't running as root. Thanks for clarifying that.

I'm talking about this thread btw:
http://mail-index.netbsd.org/netbsd-users/2009/03/19/msg003309.html

The gaining root issue was mentioned here:
http://mail-index.netbsd.org/netbsd-users/2009/03/18/msg003300.html
and here:
http://mail-index.netbsd.org/netbsd-users/2009/03/19/msg003313.html

 So a project that does zero about real security issues overreacted --
 probably because the code had originally come from here.  Typical.
 One can only hope that some issue comes up in openssh, and that they
 then delete openssh, too.

Yes, that's definitely something I like about OpenBSD. You can't care  
too much for security. But unfortunately, OpenBSD has some issues on  
this machine :(.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: persistent bios infection paper and openbsd

[Jonathan Schleifer]

Am 26.03.2009 um 18:45 schrieb Toni Mueller:

 this begs the question: Which machines are NOT vulnerable?

All !x86 machines, of course ;).

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Can someone please suggest a replacement for xterm for me?

[Jonathan Schleifer]

Am 06.03.2009 um 17:24 schrieb Matthew Szudzik:

 No, Shift-Insert does not work.  Suppose you've copied String1 to  
 the
 CLIPBOARD in firefox.  That is, you've highlighted String1 and  
 pressed
 Ctrl-C.  Then suppose that you highlight some other string String2.
 (For example, you may have gone to the firefox Save Page As...  
 dialog
 box, which automatically highlights the title of the current page.)  
 Now,
 if you go to xterm and press Shift-Insert, you do not get String1
 which is in the CLIPBOARD, but String2 which is in the PRIMARY.
 That's the problem!

 You can paste the PRIMARY to xterm, but you cannot paste the CLIPBOARD
 to xterm.  (Unless you use xsel.)

You could use gnome-terminal and press Ctrl-Shift-V to insert it. :)

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Can someone please suggest a replacement for xterm for me?

[Jonathan Schleifer]

Am 06.03.2009 um 18:39 schrieb Nick Guenther:

 But that's not terribly lightweight, is it?

It's way faster than rxvt-unicode and doesn't have too many deps. I  
think it only depends on gtk2 and libvte. The XFCE terminal should  
have about the same deps.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Wireless USB Adapters For OpenBSD

[Jonathan Schleifer]

The D-Link DWL-122 works fine for me, although it's only b and not g.  
If that's ok with you, it seems to be one of the best supported USB  
WiFi Sticks on OpenBSD.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

OpenBSD, GCC 4 and Objective C

[Jonathan Schleifer]

Hello!

I'm currently writing on an Objective C framework and trying to port it
to OpenBSD. However, whenever I throw an exception using @throw,
abort() gets called. This is the usual behaviour if an exception isn't
cought. However, when I put it into a @try {} @catch {} block, that
doesn't change anything. For example, try this code:

#import objc/Object.h

int
main()
{
@try {
@throw [Object new];
} @catch (id e) {
[e free];
}

return 0;
}

Now if you compile it with egcc -fexceptions test.m -lobjc (you need
GCC 4.x), it will just abort. It will do the same on any other OS if you
don't specify -fexception or didn't catch the exception anywhere.
However, it doesn't make any difference on OpenBSD whether you specify
-fexceptions or not. Which is why I'm wondering: What's wrong here? Are
we missing exception support in the OpenBSD libc? If so, wouldn't that
give trouble with C++ as well? Or do I just need to specify some extra
flags on OpenBSD?

Thanks, help would be appreciated.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD, GCC 4 and Objective C

[Jonathan Schleifer]

Forgot to mention that this is on OpenBSD 4.4 on SPARC64. But I guess
this isn't so important, as letting someone else test it on x86 had
the same result.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD, GCC 4 and Objective C

[Jonathan Schleifer]

Ted Unangst ted.unan...@gmail.com wrote:

 Well, libc doesn't have any support for exceptions, but that's because
 c doesn't have exceptions.  (not the problem).

Well, actually libc was the wrong term. I more meant all the
libraries OpenBSD provides that are used by the GNU stuff like GCC ;).
Don't know any better term for that.

 It's possible that the libstdc++ built with gcc 4 doesn't have
 exception support

It shouldn't use the libstdc++ for ObjC at all. And it doesn't do
according to ldd. Only libobjc, and the correct one, the one provided
by gcc 4, and libc.

 or maybe the objective c compiler doesn't

GCC 4 should support exceptions for ObjC when specifying -fexceptions.

 or it links with the wrong library

Nope, it doesn't. See above.

 or one of a million things that arent turned on because some esoteric
 autoconf check failed.

That'd be a bug in the GCC 4 port then, I guess.

 Did you check if a c++ program exhibits the same problem?

Not with gcc 4, as I built that without C++ support and I don't want to
rebuild gcc 4 just for that test, if possible, as that took quite a
while on that 440 MHz machine. But with the gcc that comes with
OpenBSD, it works.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Oптимизация бухгалтepcкoй cлужбы в уcлoвиях кpизиcа

[Jonathan Schleifer]

Am 12.11.2008 um 01:12 schrieb P!PP2P5QP=P8P:_PP4P5P;QP2P5P9Q
:


C`loe cobpelemmoe hgkofemhe, c`l{e oockedmhe m`p`aorjh g`o`dm{u h
orewecrbemm{u jolo`mhi, ophbgj` j op`jrhje! Ophuodhre!.


That looks like it's XORed with some pattern like 0x1 for the first
byte, 0x2 for the second byte, 0x3 for the next, then 0x1 again etc.
or something like that :). At least, when I did that to normal english
text, it looked similar :).

--
Jonathan

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Am 28.10.2008 um 08:49 schrieb Neko:

 IF YOU took time to read PROPERLY Jonathan,

1.) Top posting is evil.
2.) Stop using caps all the time.
3.) I wasn't replying to your post. You are not the only person
discussing on this list.
4.) If YOU took the time to read PROPERLY Neko, to which post it was a
reply

 the drivers WORKS, BUT ONLY FOR ONE NATIVE ENTRY in the disklabel.

I was not talking about the disklabel at all

 but like I WROTE, i structured my bsd system in more THAN ONE native

Honestly? I don't care. I was replying to the post about fs-driver.org.

 so get back to your project , ill get back to subsidaries who
 actually cares about openbsd full market deployment overlordship.

Please, troll somewhere else. No, you won't get any fish here.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?

[Jonathan Schleifer]

Am 28.10.2008 um 08:33 schrieb Neko:

 WO obviously you read what you want to read,

Same for you.

 i have being using openbsd since 2.6 and contributing, so
 please read before posting.

If you have been contributing

 ihave being wanted this request since 3.7.

 then why do you cry instead of implementing it yourself?

 nothing has being done, allthou a project like backtrack,
 released it
 in their first month of deployment.

Implement it yourself or STFU, that's how OpenSource works.

 you getting digital dusted here, im suggesting and your
 flaming back to either get the f out or got to microsoft

I (and I think may others) suggest you just leave this list and troll
somewhere else.

 YOU HAVE SERIOUS TROLLING ISSUES

Uhm, am I the only one finding huge amounts of irony here?

 I KNEW BUT NOW I KNOW WHY THEO NEVER READS MISC

He does read misc, you can even find postings from him here

PS: Creating a new thread doesn't give you more credibility, it does
the opposite

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.

[Jonathan Schleifer]

Am 28.10.2008 um 13:37 schrieb Neko:

 Lots of shit written in caps

I think it should be clear now that he's just a kid and that we should  
all just ignore him. He's not worth it wasting any time replying.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Am 27.10.2008 um 10:49 schrieb Aram HAVARNEANU:

 I have been using it extensively for several years (since it first
 appeared) on about ~10 systems and never had a single problem
 with it. Is your bug reproducible? Did you fill a bug report?

It was reproducable, as it seemed to always happen when an application  
tried to write to it. Some directories would get unreadble in Windows  
then and when booting back to Linux, the FS was always unclean and  
e2fsck tried to fix it with the beforementioned result.

I did not report it as the driver seemed to be already dead at that  
time. The driver still doesn't run on Vista, but the ext2fsd driver  
does, so I think fs-driver.org can be considered obsoleted by ext2fsd  
- which has its own, different problems (at least no data loss), but  
supports UTF-8 encoded filenames.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Matthew Weigel [EMAIL PROTECTED] wrote:

 Actually, (2^32)-1, or 4GB, is the max size per file
 (http://support.microsoft.com/kb/314463).  I can see that being a
 problem if you're trying to run a database off of your thumb drive,
 but otherwise... can you give examples of files that you (or anyone
 you know) would like to access in Windows and OpenBSD that exceed
 this limit?

2^31 - 1. Seems to be signed. At least, the orignal implementation from
Microsoft has this limit.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Alexey Suslikov [EMAIL PROTECTED] wrote:

 And there is the http://www.fs-driver.org/ - also free
 and do read/write on ext2 for Windows.

Crashed my ext2 data partition more than once, but I could always
recover it with e2fsck, but the files in / all lost their names then.
However, the stuff in sub directories still had names. So /foo/bar
was /lost+found/$inode_no/bar after e2fsck.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Alexey Suslikov [EMAIL PROTECTED] wrote:

 I crashed many FAT32 partitions. NTFS is kinda complex
 to crash but, as discussed above, it is hard to access in
 full-blown read/write mode from non-Windows.

Did you crash yoru FAT32 partitions on a regular basis? The ext2
crashed every 2 - 4 weeks.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Am 26.10.2008 um 04:05 schrieb Rod Whitworth:

 On Sat, 25 Oct 2008 18:12:57 -0700 (PDT), Neko wrote:

 so there can be an end to this retard cant write on the file  
 system bs

 http://www.ntfs-3g.org/


 so will it be merged in the next obsd release ?
 this is the future. people use multiple os on their machine, not just
 vm , they will local install too, so action should be taken to have
 a filesystem stream that can be viewed by anyone,


 neko


 With a GPL licence? I don't think so.

 (NO off-list reply is needed. replies to the From: address are
 tarpitted.)
 Rod/
 /earth: write failed, file system is full
 cp: /earth/creatures: No space left on device



Not only that it is GPL, it also needs fuse. AFAIK, there is no fuse  
for OpenBSD yet. And it's not running in the kernel space anyway, so  
why the hell merge it?

--
Jonathan

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Modern operating systems are flawed by design, including OpenBSD.

[Jonathan Schleifer]

Marco Peereboom [EMAIL PROTECTED] wrote:

 bwahahahahahahahahaah that was awesome!

 signed binaries, that made my day.

 On Thu, Oct 23, 2008 at 06:54:27PM +0800, mak maxie wrote:
  http://www.computerworld.com.au/index.php?id=264209080rid=-219
 
  Microsoft Windows is the only operating that supports signed
  binaries.
  _
  [EMAIL PROTECTED] http://msn.com.hk


That's exactly what I thought on reading. Really gave me a good laugh.
Maybe someone should tell that guy that also signed software can have
buffer overflows etc. and thus allow running arbitrary code? We've
already seen that on the XBox etc. where everything is signed, and yet
Linux runs there :).

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: VESA 1280x800

[Jonathan Schleifer]

Am 12.10.2008 um 15:30 schrieb Jairo Souto:

 It's possible for Xorg to run on VESA mode 1280x800?

As this is not a VESA resolution: No.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: assembly for x86

[Jonathan Schleifer]

Am 22.09.2008 um 13:45 schrieb Gabri Mati:

 Dear List,
 I'd like to study the assembly language of the x86 architecture. I've
 searched for books, but there are a lot of them. Could you please
 recommend
 me a good writer/book about this topic?

 Thank You!

Google for 386INTEL.TXT and 387INTEL.TXT. These files are official
documentation from Intel and the best on x86 assembly I've seen so
far. Get some basic understanding about how a processor works and how
you use a processor from the assembly level, then you are just fine
with 386INTEL.TXT (if you are a good C programmer, you already should
know enough to read 386INTEL.TXT).

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Patching a SSH 'Weakness'

[Jonathan Schleifer]

Am 12.09.2008 um 23:19 schrieb Stuart Henderson:

 On 2008/09/12 13:59, Marti Martinez wrote:
 On Fri, Sep 12, 2008 at 1:16 PM, Stuart Henderson [EMAIL PROTECTED] 
 wrote:

 Wait, how do you know someone is typing a password inside the  
 session
 and not just writing a text file or typing arbitrary commands?

 e.g. when eve's machine that's hijacking the network packets picks
 up an outgoing SSH connection.


 man ssh-keygen

 Enter passphrase for key '/home/sthen/.ssh/id_rsa':

1.) That promopt's local!
2.) ssh-agent
3.) RTFM first.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Patching a SSH 'Weakness'

[Jonathan Schleifer]

Am 13.09.2008 um 11:36 schrieb Stuart Henderson:

 Not always. You might connect to another machine and connect
 out again from there.

You could directly connect from your machine to the other machine. You
might bring the argument that you can't get a direct connection, but
for that purpose, SSH tunneling exists.

 Of course there are some times ssh-agent is reasonably safe
 and useful. There are other times it isn't. RTFM first -
 you mean the one which says This method is easily abused by
 root or another instance of the same user?

Sorry, I assumed that you own the machine you ssh to and are root
there. Sure, if it's not your machine, root could get a security
issue. But root could also give you a version of ssh that has
backdoors. So ssh-agent wouldn't be the concern. If I don't trust
root, I wouldn't use that machine at all! And never even think about
sshing from there to somewhere else!

That RTFM first was about that you type the password locally and that
ssh-agent exists. Sorry, your reply seemed like you didn't know how
ssh and ssh-agent works.

 There is also the case that in some jurisdictions you can be
 required to hand over encryption keys. Some people might prefer
 to use passwords instead of encrypted certificates when they
 connect to certain hosts.

I don't know a single country where you are forced to hand over keys,
but not to hand over passwords

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Patching a SSH 'Weakness'

[Jonathan Schleifer]

David Higgs [EMAIL PROTECTED] wrote:

 When it detects that *s are being echoed instead of the actual input
 character.

I have never seen a password prompt on a UNIX terminal that echo'd *s.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Window Manager

[Jonathan Schleifer]

Gonzalo Lionel Rodriguez [EMAIL PROTECTED] wrote:

 I dont know if it is the place to ask it, but that window manager
 uses? And why?

For small systems, I use evilwm (with a few patches of my own) or
OpenBox, on systems with more power (and RAM!) I use Gnome ( + compiz
when I have 3D support, for example on Linux).

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: issue on Attansic Technology L1 network card and OpenBSD

[Jonathan Schleifer]

Hm, you really should try talk to the Linux guys.
I'm a bit astonished about Attansic's/Atheros' behaviour as even on my
Asus driver CD, there is source code for a driver for that chip, IIRC it
was even commented so you don't have only magic numbers.
If you're interested in that code, I'll search my Asus driver CD and
look if the license allows me to publish that files, IIRC it was GPL'd.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: How to write drivers?

[Jonathan Schleifer]

Sviatoslav Chagaev [EMAIL PROTECTED] wrote:

 I need to write a driver for a primitive device which connects to the
 LPT port, so I was wondering, are there any
 manuals/tutorials/HOWTOs/... on this subject?

You don't even need a driver in the kernel for that, you can just
access the lpt device in /dev.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: How to write drivers?

[Jonathan Schleifer]

Sviatoslav Chagaev [EMAIL PROTECTED] wrote:

 Yes, I even wrote a program which talks with the device directly,
 with the help of inb()/outb().

I doubt you could use inb/outb in OpenBSD. The kernel will prevent that.
Just talk with the device in /dev directly - there is really no need to
write a driver. OpenBSD already has an LPT driver that gives access to
it to the userland, so why reinvent the wheel here?

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: issue on Attansic Technology L1 network card and OpenBSD

[Jonathan Schleifer]

Jonathan Gray [EMAIL PROTECTED] wrote:

 Actually it only seems to be used in a handful of asus boards.
 There is a FreeBSD driver that is at least partially working but
 no developers seem to have the hardware so we can't even try
 to port it.

I have the hardware, but the problem is that OpenBSD won't run with my
RAID :/ (Intel Fakeraid).
Maybe I'll try OpenBSD on a SCSI HD on that machine.

-- 
Jonathan

Re: issue on Attansic Technology L1 network card and OpenBSD

[Jonathan Schleifer]

Attansic was bought by Atheros IIRC, so maybe try asking there.
Anyway, there's a GPL'd driver which was integrated into linux some
time ago. This could be helpful for reverse engineering. Not supporting
that chip isn't really an option since it's one of the most used in
new motherboards as of today.

-- 
Jonathan

Re: poll(2) vs kqueue(2) performance

[Jonathan Schleifer]

Edwin Eyan Moragas [EMAIL PROTECTED] wrote:

 the question is, which one is more useful when writing new servers?
 kqueue or poll?

poll is more portable, while kqueue should be more performant (at
least, that's why it was invented). If your app only needs to run on
OpenBSD, NetBSD and FreeBSD, you're just fine with kqueue, otherwise
use poll. Generally, I think it's better to use poll and sacrifice that
unnoticable performance gain.

-- 
Jonathan

Re: PC Camera?

[Jonathan Schleifer]

Unix Fan [EMAIL PROTECTED] wrote:

 So who's working on OpenBSD's implementation? get busy!! :D :D :D

IIRC, someone's working on a webcam USB driver for NetBSD. I'd suggest
to wait 'till that works and then port it.

-- 
Jonathan

Re: IPv6 LAN - IPv4 Internet

[Jonathan Schleifer]

Barry Commander [EMAIL PROTECTED] wrote:

 Is this possible? Where would I find the information required to set
 this up?

It reads like you want to be able to connect to v6 servers although you
only have v4 connectivity provided by your provider. If so, have a look
at:

http://www.tunnelbroker.net/
http://www.sixxs.net/
http://www.freenet6.net/

-- 
Jonathan

Re: IPv6 LAN - IPv4 Internet

[Jonathan Schleifer]

Barry Commander [EMAIL PROTECTED] wrote:

 I basically want the IPv6 clients on my LAN to be able to access IPv4
 servers on the
 internet transparantly - the router doing the IPv6-IPv4/IPv4-IPv6
 conversion.

You'd have to use IPv4 inside then LAN and NAT at the router as well for
that to properly work. There was some way to map IPv4 adresses inside
the IPv6 space, but IIRC, there were some issues with it.

 I was under the impression those tunnel brokers simply allow the IPv4
 interface on my
 router to access the limited IPv6 sites/servers

Yup, that's what they do.

-- 
Jonathan

Re: IPv6 LAN - IPv4 Internet

[Jonathan Schleifer]

Paul de Weerd [EMAIL PROTECTED] wrote:

 I'd recommend SixXS. It's what I use when there's no native v6. Just
 Works (tm).

While technically not bad, they suck when it comes to problems. My
account was deleted with no further explaination, thus I asked them
why. I got a reply really fast and they said it was because I was lying
to them (which I weren't, I tried getting a tunnel at another PoP and
they said I was lying because it was in a different country then where I
live) and because a mail was bounced. My RIPE handle had an old e-mail
and my MNT wasn't reachable, so I told them that. They responded me
very quickly and said I should talk to RIPE directly and get the mail
changed. I did so, and after that, I told them that it's fixed and they
should please reactivate the account. But now they weren't replying
quickly anymore, no, then ignored me. I sent them 3 mails in 2 months
and all 3 were ignored. Before the e-mail was fixed, they answered in 1
day, but when it came to reactivating the account, they decided to
ignore me. Today, I still haven't got my account reactivated.

 disclaimer : I know the people behind SixXS in person

They are exactly the reason why you don't want to go there. I switched
to HE then and it worked fine, but don't use HE anymore since I got
native IPv6 now which works even better.

-- 
Jonathan

Re: Singularity OS

[Jonathan Schleifer]

Vikas N Kumar [EMAIL PROTECTED] wrote:

 There  is a kernel being written in Lisp called Movitz (
 http://common-lisp.net/project/movitz/)  and there was one in Python
 as well that I saw a few years ago but I forget the name (it started
 with U...)

Unununium.org

-- 
Jonathan

Re: OSS v4.0 released under BSD license

[Jonathan Schleifer]

Jacob Meuser [EMAIL PROTECTED] wrote:

 that would require kernel level ALSA emulation, just as we have kernel
 level OSS emulation for linux binaries using OSS.  I have absolutely
 no interest in that whatsoever.  you'd have better luck convincing
 Adobe to make an OpenBSD native version of their plugin.

That wouldn't be required if we have a different alsa-lib than normal
linux systems have. It's possible that compiling libsalsa for Linux and
using in with compat_linux is already enough.

-- 
Jonathan

Re: OSS v4.0 released under BSD license

[Jonathan Schleifer]

Deanna Phillips [EMAIL PROTECTED] wrote:

 Should a worthy
 alsa-only *open source* app appear, I'm sure that someone could
 port it to Sun audio.

What about libjingle for example? It's opensource and used by all
Jabber clients which support VoIP - and it only supports ALSA (at least
the last time I looked at it - it wouldn't even compile without it).

-- 
Jonathan

Re: Skype on the OpenBSD

[Jonathan Schleifer]

ropers [EMAIL PROTECTED] wrote:

 If you chose to dig your heels in over this, you could sue the German
 revenue service and very likely win.

AFAIK, somebody has already tried that. That's why they granted to send
it in using the postal way for a few companies which meet certain
conditions.
Anyway, quitting the job isn't the best thing to do if you can still
keep your job if you run Skype in a VM. I'm happy that I don't have
to :).

 a) Buy (preferably well-documented) hardware for which free and open
 source drivers exist.

AMD started to document their hardware, but still, they haven't
released all the required documentation. As soon as they have, I might
buy a card from them. And as soon as there a usable drivers, a buy is
definite, to show them I support their attitude of releasing specs.

 b) Write a free and open source driver for your hardware. (Learn to
 reverse-engineer and program if necessary.)

nouveau already does so. It's a *VERY* time consuming task - too much
time consuming for me, sadly, but I'd be interested in helping, though.

 c) Pay someone to write a free and open source driver for your
 existing hardware

Oh, that would be really expensive and I'm low on money :(. It will
take ages until someone finishes a WORKING driver WITH 3D support
which is completely based on reverse engineering.

 d) Refuse to play games that require blobs to run.

Yup, that's the only possibility for me. But honestly, I prefer to be
able to play games and have one blob. Anyway, most games are blobs as
well.

 These are all choices. Not all of them are easy or very comfortable or
 quick choices, but they are choices. Nobody ever suggested that
 freedom was free.

Yeah, it are choices, but none of them is satisfying.

 I didn't say (and IIRC Daniel didn't say) that you promoted the use of
 buggy software. We both DID say that you **sort of** promoted the use
 of buggy software, and I think that's accurate.

Well, I wouldn't call it promoting blobs just because you use one.

 You repeatedly *proposed* to get rid of them, but actions speak louder
 than words and you (and I admittedly, I'm ashamed to say) still use
 some blobs, which is sort of promoting the use of buggy software.

All my systems besides my main desktop are blob-free. My laptop is, so
is my second desktop, so is my router, so is my EFIKA. So I *am* doing
something against it :).

 If the Jabber-ICQ gateway you use didn't suck, would you then no
 longer urge people to switch?

It's not only the gateway I use which sucks. I already setup my own
gateway to get around the too many connections problem. It's the ICQ
protocol itself that sucks.
Additionally, their server's EULA is unacceptable for me. If I can't
convince users to switch to Jabber, I encourage them to use
encryption.
I think it's a crime to save the logs of all conversation and even
selling them to 3rd parties if they want to (you have to agree to
that). They even create a search index for the logs, so the music
industry could ask for all logs which contain MP3 and sue a lot of
people. For me, this is totally unacceptable and thus I promote Jabber
whereever I can. And I have success with this, most of my friends
switched to Jabber and it are only very few left who insist on ICQ.

 
 When you say you have it again, are you referring to use of the ICQ
 protocol or software? Pidgin (
 http://www.openbsd.org/4.2_packages/i386/pidgin-2.0.1p0-gtkspell.tgz-long.html
 ) is free and open source and can use the ICQ protocol, so avoiding
 the ICQ software at least is painless. Avoiding the ICQ protocol is
 more difficult, I grant you that. But it's your choice to make.

I'm refering to the protocol as I only use Windows for games. :)
Anyway, the client is the worst.
I know Pidgin, but it can't help me to get rid of the ICQ Protocol.
Anyway, I prefer Gajim over Pidgin, which is a pure Jabber client which
supports far more of the Jabber features. I can only recommend Gajim's
SVN version, it rocks :).

 If your friends won't bother with you unless you sacrifice your PC's
 security, your money, and your principles, then what good are they?

Well, they will bother with me even if I don't use ICQ, but I like to
have the possibility to have a way to contact them besides Real Life
and telephone.
And hey, I even found another reason for having ICQ:
When someone asks for your ICQ number, you give it to him and as soon
as you get added, you tell them how much better Jabber is. I already
had success with this, very often even and it's far easier then telling
them No, I don't have ICQ, please create yourself a Jabber account,
because when they added you in ICQ, you can explain everything they
need to know on how to create a Jabber account to them via ICQ.

  -BEGIN PGP SIGNATURE-
 
 Are you doing this for non-repudiation?

I'm doing this due to lazyness. I often forget to disable it when
sending to mailing lists.

-- 
Jonathan

Re: Skype on the OpenBSD

[Jonathan Schleifer]

Predrag Punosevac [EMAIL PROTECTED] wrote:

 When I checked the Skype website I see that the current version 1.4
 is for Fedora Core 6.0 There is also Skype Static OSS.

You should try static OSS.

 Can anyone share hers/his experience in running Skype on OpenBSD.

I tried it a long time ago, when Skype used OSS and not ALSA. The
result was that I could hear the calling partner, but the calling
partner couldn't hear me. But this seems to be a generic problem with
the Linux OSS emulation, since I couldn't get the microphone to work
with ANY linux binary.

-- 
Jonathan

Re: Skype on the OpenBSD

[Jonathan Schleifer]

Lars NoodC)n [EMAIL PROTECTED] wrote:

   http://forum.skype.com/index.php?showtopic=95261

That's why you run it in a chroot (or a vm).

--
Jonathan

Re: Skype on the OpenBSD

[Jonathan Schleifer]

David Kaye [EMAIL PROTECTED] wrote:

 If you're interested in VoIP, then you might want to look at
 wengophone, ( http://www.openwengo.com ), it seems to be basically
 the same thing, but it's GPL'd and the linux version is kept up to
 date. It might be easier to get working than Skype. Please note that
 I've not tried to get it working on OpenBSD, I just thought this
 might be of interest to the list.

Sure, there are alternatives, but the problem with them is that they
aren't that wide-spread like Skype. It's the same problem from which
Jabber suffers :(. Superior technology, but not spread enough.

For WengoPhone, I might be wrong, but IIRC, it only supports ALSA. At
least, it showed no available audio device on my Linux system with
OSS4.1. It's really a huge pain in the ass that more and more apps only
support ALSA :(

-- 
Jonathan

Re: Skype on the OpenBSD

[Jonathan Schleifer]

-BEGIN PGP SIGNED MESSAGE-

Hash: RIPEMD160



Daniel Ouellet [EMAIL PROTECTED] wrote:



 I find this to be an interesting statement here. I hope I miss 

 understood it.



You totally misunderstood it.



 So, you may run OpenBSD, I assume this as you are on 

 OpenBSD list, so your choice of OS is then based on it's merit for 

 security most likely, but at the same time, you kind of promote to

 use buggy software and fell to justify it access to private data, etc

 that it really have no business doing by the fact that it is widely

 use and as such you can't run something else?



Nope. I neither use Skype, nor do I promote it. It's just that I made

the experience that most users use Skype and are unwilling to try

something else because all of their friends also use it. Same for

Jabber. I really prefer Jabber, but still I have to use the ICQ Gateway

since there are too many people who I can't convince to switch over to

Jabber. And so this is with Skype. Most users are unwilling to change

or too inexperienced to use something else, because it's different from

what they know.

And I have never said that it's ok to access private data, please stop

stating that I have said that, because I clearly haven't.



 I find this very disturbing at best?

 

 So, it's OK to run virus, bad software, compromise stuff because they 

 are in wide spread and alternative would at the moment less

 convenient until others see the light as well and ditch it?



Again: I never said it's ok to run it. Some might not have another

choice since all their friends use Skype. And if you would have read a

little more of my answer, you'd have come to the point where I've

recommended not running it outside of a chroot.



 No wonder there is so many compromise computers and servers on the 

 Internet with attitude like that and that it is so hard to fight

 against BLOB and required to get good quality and bug free software.



You really start to piss me off. I never advertised the use of BLOBs,

but sometimes there just isn't an alternative. For example, I'm against

BLOBs, but still I use the proprietary NVidia drivers on Linux since I

need 3D support.

And - again - if you would've read my other reply as well, you'd have

seen that I care about security and recommended to run Skype *ONLY* in

chroot or vm.



 No intention to offend you in anyway really, that's not my point at

 all, but honestly I don't get it!



Well, then stop implying things I've never said.



 The situation at large will only change if you make the choice

 knowing to force it to change and simply do not accept it to start

 with.



It helps a lot if you cancel all your social contacts just to promote

alternatives, yes, really.

I once tried this with ICQ, I just dropped the account. Well, a few

users changed to Jabber, but the majority didn't, and sooner or later I

had to get a new ICQ account.



 SO, it's ok for anyone at Skype, partners and anyone that compromise 

 Skype software to have access to all your data, private informations, 

 motherboard BIOS, etc and know everything you did in the pass and 

 everything you will do in the future?



Where the fuck should I have said this? I never said this, please stop

accusing me of having that said.



 If that's really the point of convenience you make, may as well run 

 Windows and have no security setup, but let everything open, at a 

 minimum, you wouldn't pretend to try to be secure and protect your 

 privacy, but would knowingly make it public to anyone that care to

 see it.



Yes, sometimes I have to use windows. And you know what? I even try to

keep that as secure as possible, which means that it only has

connection to the internet if really necessary and always behind a

PF-firewalled gateway.



 Again, nothing personal to you or anything like that. It's not my 

 intention at all and if you take it as such, I sure apologies ahead

 of time.



You should stop accusing other of having said something which they

clearly haven't if you don't want to offend somebody.



 My point is this attitude at large that we see way to often.



You totally got my attitude wrong. I use free software and open

standards wherever I can, but since I have a lot of friends who use ICQ

and Skype, I'm forced to use it as well as many of them are unwilling

to switch to something else.



 As long as this attitude stay and we do not say no to this kind of 

 practice, it will never stop and trying to built secure OS OpenBSD or 

 the like, and stop the BLOB is pointless unless users put their 

 integrity together and will use software, hardware and OS that are

 fit together and respect the same goal.



Well, the real problem is that I don't care attitude many of my

friends have. They don't care if ICQ logs messages or if Skype spys.

And that's why I'm having so big problems to make them switch to

Jabber/SIP and because I don't want to cancel all my social contacts, I

use 

Re: Skype on the OpenBSD

[Jonathan Schleifer]

-BEGIN PGP SIGNED MESSAGE-

Hash: RIPEMD160



ropers [EMAIL PROTECTED] wrote:



 So you DO use Skype, after all. You said above that you didn't. Which

 is it?



No, not anymore. I used it in the past but now I use the normal

telephone since I got a flatrate. 



Well, it's untrue that you have a choice. For example, in Germany the

tax computation program that companies need runs only on Windows and

they *HAVE* to use it and to send it over the internet using it.

Same for 3D games: You don't have another chance than to use the BLOB

to play them.



   you kind of promote to

   use buggy software (...) by the fact that it is widely

   use and as such you can't run something else?  



 This seems to me to be a perfectly reasonable summary of your

 position.



Not at all. I never promoted the use of BLOBs, I promoted to get rid of

them. But still I'm forced to use them. Same for ICQ: I urge every ICQ

user nearly *DAILY* to switch to Jabber since the gateway sucks a lot.

I even got rid of ICQ once, but too many still wouldn't switch so now I

have it again :(.



I prefer free software and open standards, but canceling social

contacts because of that is just plain stupid. Most of my real life

friends sadly use ICQ and won't switch. I'm glad that I got a telephon

flatrate now and don't need to use Skype anymore.



- -- 

Jonathan

-BEGIN PGP SIGNATURE-



iQGVAwUBR1MfcUab4FbSWhEgAQMsXQv+N5k3sQLghdxmFpHeeMZCdN7b9dQNZ9+h

BxVZ3b6Pc74lt361INUFdHvzxGOXkQsKXI+hTZXkayopoikTTbY+m34hlGmwwPTH

xGK6x5H5O0/Zt27JTBJoPzMnff5HxeYGXpVHPm/bv5P5ZZli4CTQduwa42Bl40LC

3pVJF3GVFNNGO6JuFcfudtFYujPQJE0Rbi2lAs/REspvmnf9ZN9YRK2/hqQfk6Ur

UaRohtpr8zmN56k2xdsckhqfbmTBKRszBd6z3uLaTMZ/EgT8bgGCKE2x8nFqRHJf

kmUSotRnoyPEbhydE/WzjaAtpxAo6WKNE9EAd4nIiS9FthiRVkSFaig9iZH3+xG9

uVrS3yHuPPxZL8PQ9ptRH+SKbIuK9cEh7OPNi1vffVhUrdH0+ijajEuMl3HeMwUN

VDxLQnADAPCXhtyCDFQGk+E02EUNZ8TXdyhuDcp9LsyUqguMp5GEOpxN09ukN7xQ

tD7ylEsxjWCTO7eJ7sOkLjPu3I2ngNjb

=l3t7

-END PGP SIGNATURE-

Re: 5.1 sound card recommendation

[Jonathan Schleifer]

Unix Fan [EMAIL PROTECTED] wrote:

 OpenBSD has it's own BSD/ISC licenced OSS compatible layer... OSSv4
 is also under the GPL and CDDL.. 
 
 I don't think OSSv4 should be ported... Bad Idea (TM).

OSS 2 (for which the compatibility layer is) and OSS 4 are a LOT
different. I'm not talking about replacing it with OSS 4 and not even
talking about putting it in base. I'm just talking about porting the
kernel modules to OpenBSD so that those who want to use it can do so.

-- 
Jonathan

Re: Recommendations for a wireless USB adapter

[Jonathan Schleifer]

Alexey Vatchenko [EMAIL PROTECTED] wrote:

 I bought today DWL-G122, it's rum(4):

DWL-122 is NOT DWL-G122. DWL-122 is definitely wi(4).


-- 
Jonathan

Re: 5.1 sound card recommendation

[Jonathan Schleifer]

Paul Irofti [EMAIL PROTECTED] wrote:

 Short answer, get another OS. Windows would be best for amateur sound
 recording/processing/listening. I don't think the BSDs nor Linux we'll
 see real 5.1 support for a good period of time. ALSA is trying
 something at the moment but its very specific and broken most of the
 time, a hassle really.

OSS4 works just fine, even with 7.1. And it has been open-sourced. Maybe
someone could port it to OpenBSD? It has already been ported to FreeBSD.
And there are drivers for ALSA that support 5.1, without an NDA being
signed. IIRC, back when I used ALSA, my Intel HDA worked with all
channels. And it definitely does with OSS4.1.

-- 
Jonathan

Re: Recommendations for a wireless USB adapter

[Jonathan Schleifer]

Alexey Vatchenko [EMAIL PROTECTED] wrote:

 What driver does it use?

wi(4).

-- 
Jonathan

Re: Recommendations for a wireless USB adapter

[Jonathan Schleifer]

Erik WikstrC6m [EMAIL PROTECTED] wrote:

 So I will need to use an USB adapter for the
 wireless network and was wondering what people would recommend.

I'm using a D-Link DWL 122 without any problems. Works out of the box
on USB, plug it and use it. Even in AP mode.

--
Jonathan

Re: Gnome 2.18 bytecode renderer enabled, but still ugly aliased fonts

[Jonathan Schleifer]

-BEGIN PGP SIGNED MESSAGE-

Hash: RIPEMD160



Soner Tari [EMAIL PROTECTED] wrote:



 But Tahoma (and other similar fonts) still looks ugly. Do I need to do

 anything else? Could somebody help?



Disable the autohinter.



- -- 

Jonathan

-BEGIN PGP SIGNATURE-



iQGVAwUBRzC8sUab4FbSWhEgAQOx7wv/YEkNMsvtge4GzfwDyR9inQIPUtpQKIp/

qcg6zyqvTLGF/kRgs8vodcjwhxrh5OpHz/o0c1cIB2wFdd2xlRAqfn95T0REISlZ

ckii9EeAR1aH+kTyLtao7lAj77MWk7RUzruPoZlYMrmyO1/ZTg9VcZmlBsOgEMaa

VQ0n5E2jzqEZrcZBnmHUAYfgZcqWXf9UsmRsHfXcoeBBblmp6h/QI6ehNyTJqlDk

LyZUhkL9Y8u1OfRlQXJj2OEiypGli2ISP+rQKHiqC6SlWhk9DK3iia4nOv+ob05n

i/ybUv1JcYoFKyrinddgoHPXZG+5ee88Y4XZyJXvzXRHTGRss7XwKRdIq7h83npW

jxytBthyOb3fQkkWNvB38+AR7FUYqdpPz4YMWvsYUaH9nNS2V/7VkkK30LeW7/I2

h86rctVMZfKrNNt0SzheoCQT8HiLxlp5ej2T31tM2g+S2ANB8aOQ8pXWWJCCQpsm

si0NEp9ys46HH/E7Hz6jtX7p5VXU5V2D

=8xU0

-END PGP SIGNATURE-

Re: radeon driver in -current Xorg 7.2?

[Jonathan Schleifer]

Sunnz [EMAIL PROTECTED] wrote:


Well I'd need a PCI-E card so what should I really look for? A R400
PCI-E card? It says experimental so is it unstable?


There's no 3D support on OpenBSD due to lack of DRI and DRM.

--
Jonathan

Re: radeon driver in -current Xorg 7.2?

[Jonathan Schleifer]

Stefan Sperling [EMAIL PROTECTED] wrote:


If you want 3D and BSD, your only option currently is FreeBSD.


IIRC, NetBSD has made some progress and they got some drivers working.

--
Jonathan

Missing checksums on FTP server?

[Jonathan Schleifer]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Hi!

I already searched the archives for that, but only found out that the
missing xorg sets checksums have something to do with the build process.
But why aren't they just added after the build? Where can I get the
checksums for the xorg sets? And why not sign the packages, using
gzsign for example? An operation system that calls it's self secure is
only useful when you can be sure that you got it from good sources.

- -- 
Jonathan
-BEGIN PGP SIGNATURE-

iQGVAwUBRVd0l11Xpe24xp0rAQNoqwwAkmikk7Env/cFeaV4syllb/U5mTxmX849
XsjPDpdPDsKcn3yn+FHz3RDxdt5wCtYnzeahCsNgNU/sTKFNTnkKB7fC03rP0vVN
cel/NqNK93XBuLYB4wYL7sPhbZmV3xD4RNyc+Kii76sX/loQu5bwdkW5KlgbGf3T
1QdDBB9Mu4jUW7kykpxssRGUz5QWhzpnUfcxXoELhiiWZjbOZEkVN9d4swT5ZnhY
n5c8VcyGGDAmrvT1bH0Htbdkhh3JqBoYH2QhV+HYlzcrs3GLV4EE8hEtVR49Zjfo
W4w4G8L2CjPnc1BPaQDfnwWezeGEs1V181iTCWL/gngP+2pQK7Ct2RS/wnGn2Lvf
0W3odyA5fFnitE1Vf7Nq7TcV6l3zzUFYoDjSM8niiNDbM+EzT73WRwxo5IhQ0z71
RvZS5oNXihGx63e0BOJ+Z3N3ZviFOGdVciQTc5t2R1Uvrehw/vAmrylShcRfx+7b
JA54TsOtaE9n5st91lNs9ccJm9F1xd32
=zqJJ
-END PGP SIGNATURE-

Route does not time out

[Jonathan Schleifer]

Hi!

Recently I just had a look at netstat -nrf inet and saw an IP not even
in the network. Two days later I realized it was my friend's PC (he
visisted me here with his PC) because he had the same IP again on a
second visit with his PC. But then I wondered why it was still in the
routing table. After the second visit, the same happened again: He
wasn't even here anymore and 24h later, the IP was still in the routing
table.

The problem is only with my friend's box. All other machines here get
removed from the routing table after they are off for a while. The line
always remaining in the routing table is this:

192.168.1.44   link#2 UHLc1   261582  -   rl0

Looking for link#2:
192.168.1/24   link#2 UC  40  -   rl0

That's why I'm wondering: Are there any reasons why a route does NOT
timeout? Can a machine request to get not removed from the routing
table in some way? The only thing I know about his machine is that he
uses Windows XP (*sigh*) without any SP.

The quoted lines from netstat -nrf inet are from my router, running
OpenBSD 4.0-beta. I can't test how it is on the other OpenBSD boxes
here, since none of them runs for 24h or longer.

If you need more information, just tell me what you need.

PS: Removing it manually from the routing table works. But if I don't
do this, the route doesn't timeout and is kept forever.

--
Jonathan

Re: Route does not time out

[Jonathan Schleifer]

Joachim Schipper [EMAIL PROTECTED] wrote:

 More than a *sigh* is in order here. What's he doing on your network,
 and where's the cluebat?

He only used the gateway to surf the web. Oh, and not to forget: He's a
user on the jabber server (jabberd2) running on my router, so he
connected it.

 There's a reference, so something seems to be holding open a
 connection (or at least trying to; this is according to my reading of
 man netstat | grep -A3 [Rr]ef). netstat(8) may be useful in finding
 this connection, and tcpdrop(8) in dealing with it.

According to netstat, there is no open connection?
And what's strange: If I remove it manually and he restarts his
machine, it's in the routing table again - as expected. But if he turns
his PC off then the route won't timeout again.

I think he's got some malware on his PC - that would be just typical
for a Windows box (*sigh* Why are there still people using Windows
seriously?). But how would that malware be able to keep the route even
if the machine is off and there's no open connection?

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Route does not time out

[Jonathan Schleifer]

Claudio Jeker [EMAIL PROTECTED] wrote:

 Please send the output of route -n get IP -- the route timeout
 should be included this output. Do other machines on the LAN timeout
 normaly?

$ route -n get 192.168.1.44
   route to: 192.168.1.44
destination: 192.168.1.44
  interface: rl0
 if address: 192.168.1.1
  flags: UP,HOST,DONE,LLINFO,CLONED
 use  hopcount   mtuexpire
  264256 0 0-15355 

And yes, all other machines on the LAN timeout as expected.

-- 
Jonathan

Re: Do mp3 concatenation programs exist?

[Jonathan Schleifer]

Peter Philipp [EMAIL PROTECTED] wrote:

 Oh did I say I change my MAC?  Since it takes so long for the modem
 to learn it, I only do this on a daily basis.  But I don't expect you
 to copy my behaviour or anything...

That won't change anything. The provider keeps your telephon number. Or
do you want to order a new telephon number every day? *lol*

All you achieve with this idiotic idea is that you get the providers
attention because you spam their logs and they'll propably cancel the
contract because of abuse.

 You too are just jealous.

That's one of the most idiotic things I've ever heard so far. Are you
really thinking that someone could be joulous of such an idiotic idea?

-- 
Jonathan

Re: proper way to format/use floppies (i386)

[Jonathan Schleifer]

Michael Adam [EMAIL PROTECTED] wrote:

 Well yes, it is working. But still: The floppy does have a disklabel
 which does only have partition c by default. And it seems strange
 to me, that I should create a filesystem on a partition c. And even
 stranger, this file system can afterwards be accessed through
 partition a which does not even show up in the disklabel.

That's normal. c is always the whole disk, and because the disk has no
disklabel and no partition table, it's also a. It's the same like with
CD-ROMs. You can access them also as cd0a and cd0c.

 What puzzles me even more is the fact, that in the boot Absolute
 OpenBSD by Michael W. Lucas, it is said on page 310, that FFS file
 systems need a valid partition table on every disk and then the
 author desribes the  following steps:
   # disklabel -w /dev/rfd0c floppy
   # newfs /dev/rfd0c

I don't see any sense for a partition table and / or disklabel on a
floppy disk.

-- 
Jonathan

Re: proper way to format/use floppies (i386)

[Jonathan Schleifer]

Michael Adam [EMAIL PROTECTED] wrote:

 Well, as I wrote above, I know about the fdformat program,
 and low level formatting is actually not what my question
 was aimed at -- it was aimed at the disklabel / filesystem
 level of formatting. But this may have got lost in my overly 
 long email. :-)

 Also, the question was not how to get the job of putting
 a filesystem onto a floppy accomplished at all, but which
 is the right or preferred way to do so (since there are, as
 I pointed out several possible ways).

I already answered that before:
Jonathan Schleifer [EMAIL PROTECTED] wrote:

 Floppies usually don't have a partition table nor a disk label, so
 just newfs fd0c and you should be fine.

You also heart this from others. So it's not that your main question got
lost ;).

-- 
Jonathan

Re: Problems with pf+nat+some websites

[Jonathan Schleifer]

Guido Tschakert [EMAIL PROTECTED] wrote:

 BTW. this morning I tried the suggestions from Jonathan and it didn't 
 work :-(

This is normal. I thought you use the OpenBSD Box for PPPoE and NAT
directly, not through another router, which is a hardware box.

I noticed in the past that hardware routers often have problems with the
MTU/MSS and that made eBay very slow for me, too, when using my hardware
router. Many sites with IIS-Servers also had problems.

Maybe you could try to use an OBSD Box as router and test if it works
better? For me, eBay works just fine with an OBSD Box as router with the
settings I posted. And it's a lot superior to my hardware router ;).

-- 
Jonathan

Re: Problems with pf+nat+some websites

[Jonathan Schleifer]

I don't see where you set the MTU/MSS? Are you sure you have set them
somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
-mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
section MTU/MSS ISSUES.

-- 
Jonathan

Re: proper way to format/use floppies (i386)

[Jonathan Schleifer]

Floppies usually don't have a partition table nor a disk label, so just
newfs fd0c and you should be fine.

-- 
Jonathan

Re: Hard Disk Password Security Info

[Jonathan Schleifer]

Chris Kuethe [EMAIL PROTECTED] wrote:

 Before we get too worked up over this, can someone who actually cares
 spend an afternoon with a pair of identical disks to tell us whether
 or not a board swap will defeat the password (and on what sort of
 drive)?

It won't. The password isn't saved in the firmware, it's saved on the
disk. Thus changing the firmware won't change anything since the
replaced firmware will also read the password from the disk. Only a
patched firmware that does not read the password will help.

-- 
Jonathan

Re: suggested /etc/skel/ modifications

[Jonathan Schleifer]

Moritz Grimm [EMAIL PROTECTED] wrote:

 This kind of paranoia adds nothing to security (~/.ssh and others that
 need it are already set to restrictive permissions), and there is no 
 privacy from root no matter what. The rest is, again, personal 
 preference and/or something about local policies.

Ever heart of a multiuser system where one user shouldn't be able to
acces the files of another user? Not all users are thinking about this
issue and many forget to change the modes for confidential files. IMO,
it's not paranoid, but useful. On a singleuser system, it might not
matter, for example on your desktop. On my desktop, I don't have 700
either. But on my server, it's very important for me to have 700.

-- 
Jonathan

Re: suggested /etc/skel/ modifications

[Jonathan Schleifer]

Timothy Donahue [EMAIL PROTECTED] wrote:

 This is fairly easy to customize since the adduser command is just a
 perl  script.  (Hint: I believe that line 1143 in 3.7 might be a good
 place to  start looking.)  

I know, just wanted to say that changing it is not stupid. ;)

Moritz Grimm [EMAIL PROTECTED] wrote:

 But keeping confidential files on true multiuser systems is
 stupid ...
 IMNSHO. And you cannot hide anything from the administrator. You
 depend on how well the admin is capable of securing the rest of the
 system and not have it rooted by a 3rd party(*) including the other
 users. 

But if you can depend on root, then it's useful. I don't mean top secret
files, I mean private files noone else should read, like mail or
letters for example.

All in all, I just wanted to say that it's not stupid to secure the
homes, not more but also not less.

-- 
Jonathan

Re: MySQL socket problem (solved)

[Jonathan Schleifer]

Another way is this:

# MySQL
if [ -x /usr/local/bin/mysqld_safe ]; then
echo -n ' mysqld'
rm -f /var/www/var/run/mysql/mysql.sock
/usr/local/bin/mysqld_safe  /dev/null 
sleep 10
ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock
fi

That's my rc.local for starting mysql. Works just fine here :)
This way, it's /var/run/mysql.sock inside and outside the chroot. But
you have to recreate the hardlink if mysql restarts.

-- 
Jonathan