Re: CUPS and AVAHI (bloatware)

[Kurt H Maier]

I don't like the idea of splitting packages, but I get weirded out when
ghostscript (which DOES have a no_x11 variant) winds up pulling in dbus.
I guess there's no escaping freedesktop.org.

khm

Re: New question, do I really need a AAAA record?

[Kurt H Maier]

On Thu, Aug 10, 2017 at 08:18:31PM +0200, Walter Alejandro Iglesias wrote:
> 
> Sorry, I think I didn't formulate the question well.  What I meant was,
> do I need also a static ipv6 to be considered by big smtp servers as a
> legal sender?
> 

No.

khm

Re: gmail and hotmail blocking mail sent from my IP

[Kurt H Maier]

You're the last person anyone wants email advice from, Rupert.

khm

Re: How do you do "family remote support"?

[Kurt H Maier]

On Tue, Jul 11, 2017 at 05:22:29PM -0400, Rupert Gallagher wrote:
> Never heard of whatismyip.org?
> Sent from ProtonMail Mobile

Never heard of NAT?
Sent from QMail Stationary

Re: Current FreeBSD looking to switch to OpenBSD

[Kurt H Maier]

On Sat, Jun 10, 2017 at 09:20:49PM -0400, Baho Utot wrote:
> > I dual boot now between Win7 and FreeBSD
> > on I lapdog I have 5 os on it and use grub2 to boot them
>
> How is this helpful?


I don't know.  Some people just like talking about their computers to
strangers, I guess.

khm

Re: spamd and outlook.com

[Kurt H Maier]

On Fri, Apr 21, 2017 at 10:40:42PM +0100, Kevin Chadwick wrote:
> On Fri, 21 Apr 2017 09:21:48 -0700
> Kurt H Maier <k...@sciops.net> wrote:
> 
> > Greylisting is a hack, an abuse of a side-effect.  Most such
> > approaches have deleterious side effects.  This particular side
> > effect is why I don't like greylisting in general, even though it's
> > fairly effective.
> 
> Do you answer your phone before looking at the number/caller?

In fact, there are some numbers I will not respond to (and these do not
cause my phone to ring) and the rest I just answer.  Just like having a
blacklist I don't accept SMTP connections from at all, and the rest get
processed normally.

What I don't do it set an outgoing voicemail greeting informing
correspondents that my time is more valuable than theirs, and if they
want to contact me I have a list of hoops through which they must jump.

That would make me an asshole.

> It is not a hack at all. 

It is.  SMTP is mandated to retry as a reliability factor, in a world
with bad network connections and unreliable software.  It is not
mandated to retry so people can play cute games with the sending unit.
I personally have no burning desire to see greylisting expunged from the
internet, but I also have no sympathy for people who think it's a real
solution to anything.  If it works for someone, good for them, but I
will never be even a little surprised when it becomes a pain in
someone's ass.

khm

Re: spamd and outlook.com

[Kurt H Maier]

On Fri, Apr 21, 2017 at 04:02:20PM +, Stuart Henderson wrote:
> On 2017-04-21, Craig Skinner  wrote:
> > Hi Markus,
> >
> > On Fri, 21 Apr 2017 11:25:14 +0200 Markus Rosjat wrote:
> >> so if you have spamd in place in greylisting mode and you have
> >> customers that work with people who use Office365 as a service you
> >> will get calls that emails are delayed for a freaking long time
> >
> > Email is not instant messaging.
> >
> > Customers need educated to that fact.
> 
> How do you educate them to that when they send to their gmail account
> and it shows up on their phone within seconds?
> 
> Sometimes there are delays but there's no reason for that to be the norm.
> 

There's no reason email can't be instant messaging.  Postmasters have
spent decades training users that email just sucks and is necessarily
unreliable.  All they did was corral users toward services where they
don't have to hear the administrators whining about how hard that job
is.  

Greylisting is a hack, an abuse of a side-effect.  Most such approaches
have deleterious side effects.  This particular side effect is why I
don't like greylisting in general, even though it's fairly effective.

khm

Re: Sony Vaio VPCSA

[Kurt H Maier]

On Wed, Mar 29, 2017 at 09:22:42PM -0400, Nick Holland wrote:
> Why exactly a laptop which only takes one disk would ship in RAID
mode,
> no idea, but I've seen it a number of times.
   
Many of the laptops in this series could take up to four custom SSDs,   
which would be presented as a single drive via Intel's Matrix RAID
stuff.
   
Others were capable of taking an msata drive to use as cache in front of
a spinning disk drive, which also required RAID mode to be enabled.
   
khm

Re: Looking for replacement of thinkpad x201

[Kurt H Maier]

On Sun, Feb 26, 2017 at 10:26:58AM +0100, Florian Ermisch wrote:
> With the x260 support for a 16gb RAM stick (now DDR4) in the single
slot is
> now official
> but it's not clear if you can have both a 2.5"
> (7mm thick) drive and a m.2/NVMe SSD.
> The option of having an m.2/_SATA_ SSD sure
> is gone from what I've found.
   
My X250 shipped from Lenovo with a 16GB DIMM and I put my own m.2 ssd   
in.  I also configured it with the cache ssd, so right now I have a 
512gb 2.5" SSD for openbsd, a 512gb m.2 SSD for 9front, and a 16gb m.2  
SSD with a vfat filesystem that either one can mount.
   
If you can get over the keyboard, x250 is a very capable machine.
   
khm

Re: thinkpad X11 wheel emulation for middle button

[Kurt H Maier]

On Tue, Jan 24, 2017 at 07:01:45PM +0200, Μάνος Πιτσιδιανάκης wrote:
> I want to enable wheel emulation for the middle button in my Thinkpad 
> (T420s)

I have this in my .xsession:

xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation" 1
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Button" 2
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Axes" 6 7 4 5

This has worked for me on several machines, including the X250 I'm using
to send this message.

khm

Re: expect and spawn

[Will Maier]

On Tue, Nov 09, 2010 at 09:48:15AM -0600, Aaron Martinez wrote:
 I am trying to use openbsd as my workstation here at work but one of the
 tools we use, creates an expect script and it's not working at all.  The
 developer of the tool uses linux primarily so he's not sure except to
 tell me that the expect in openbsd doesn't know spawn which I looked and
 the expect man page is loaded with stuff about spawn.
 
 The script I try to run is this:
 # cat 227254.test   
  
 #!/usr/local/bin/expect -f
 set timeout -1
 spawn -noecho ssh -X -vvv -p 22 -o StrictHostKeyChecking=no -o \
 UserKnownHostsFile=/dev/null -o GSSAPIAuthentication=no \
 r...@192.168.0.10
 interact {
 \034 exit
 }
 
 
 Executing this from the command line returns the following:
 
 # sh -x 227254.test

When invoked like this, the interpreter is sh, not expect.

-- 

Will Maier
http://will.m.aier.us/

Re: MPD-0.15.7 will not do httpd streamingi on my system.

[Will Maier]

Hi Sarah-

On Fri, Jan 29, 2010 at 08:05:46PM -0500, s.casw...@protocol6.com wrote:
[...]
 audio_output {
typehttpd
nameMy HTTP Stream
encoder vorbis# optional, vorbis or lame
port8000
  # quality 5.0   # do not define if bitrate is
bitrate 128   # do not define if quality is
format  44100:16:1
 }

 All this makes the control port 6600 show up (in netstat), but I can't
 for the life of me get port 8000 to be open - thus no streaming. I've
 tried to start mpd via sudo mpd and that still doesn't help.

Try starting the daemon with --verbose --no-daemon --stdout and watching
the messages on the console (or looking at the server logs). I use
something similar to your config snippet (with 44100:16:2 as the format)
with no problems.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

Re: Automated service/daemon management

[Will Maier]

On Tue, Jun 09, 2009 at 02:06:59PM -0400, (private) HKS wrote:
 The much larger problem, though, is with starting/stopping/restarting
 services. Say I add spamd as an enabled service on host1. For my
 scripts to start it properly, I have to replicate the code already in
 /etc/rc defining how spamd starts. This is prone to errors and runs
 the risk of breaking on upgrades. Restarting services that need more
 than a HUP is also a chore. As for stopping, some services like
 postgresql need some careful attention. This means replicating code
 from /etc/rc.shutdown.

You can make this easier in rc.local by using a construct along the
lines described here:

http://erdelynet.com/tech/openbsd/rclocal-trick/

 I've looked at adding some stupid delimiters to /etc/rc,
 /etc/rc.local, and /etc/rc.shutdown so I can just pull in the
 necessary chunks, but I'm wondering if there's anything available
 that's more elegant and won't break on every upgrade.

It sounds like using rc.d would be better suited to your
environment. FreeBSD and NetBSD both use rcorder(8), which runs well
on OpenBSD. Hook that into your rc.local and write/manage init
scripts under /etc/rc.d.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

Re: Separate desktop list?

[Will Maier]

Hi Bill-

On Mon, Jun 08, 2009 at 04:33:56PM +0200, Bill Maas wrote:
[...]

 Granted, only the last one is a potential GNOME bug, but they're
 definitely all desktop. These occur on _my_ machine, I don't know
 if these quirks are universal and reproducible, hence the need for
 discussion before firing bug reports at maintainers.

You don't need to show that the failure is universal to make it worth a
note to the maintainer. If you can reproduce it (and you're running a
reasonably configured system without any frankentweaks), send a message.
If the maintainer can't help you (or times out), contact po...@.

 I've been reluctant to post a message each time I encounter an issue
 like these, because I know (and strongly agree) that desktop isn't
 OpenBSD's core business. 

There certainly are developers for whom OpenBSD-on-the-desktop matters
very much.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

Re: Recommendation for Beowulf/Apache Setup

[Will Maier]

Hi Vivek-

On Thu, May 07, 2009 at 09:36:17AM -0700, Vivek Ayer wrote:
 1 OpenBSD Router running 4.5 routing to a subnet of 13 nodes running
 FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql server and the
 12 nodes will run apache running LAMP-like services. The router will
 round-robin using hoststated for load-balancing.

There are some FreeBSD clusters out there (NCSA has one, IIRC), but
they're certainly not as common as Linux. If your users can run on
FreeBSD, you might as well use it. If their code is all Linuxy (and lots
of cluster and -- even more so -- grid code make silly assumptions like
that), you should give them a platform that they can easily use.

 However, they will serve an additional task: The master mysql server
 will be head node for MPI jobs delivered to the 12 nodes. Basically,
 this setup will double up as a beowulf and web server. Is this
 efficient? I imagine the MPI jobs won't be running all the time and
 while they're up, might as well do something.

This might work. But you're setting yourself up for contention and
degraded service to at least one set of users. Do the people who care
about perfomance of your LAMP stack mind waiting a bit while MPI jobs
chew memory and network bandwidth? Do your MPI users mind if their jobs
take longer to complete while your LAMP stuff is getting pounded?

With regard to MPI, what sort of interconnects will your execute nodes
have? MPI wants lots of bandwidth between nodes and regular gigabit
might not cut it (depending on your users' applications).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

[OT] Re: Recommendation for Beowulf/Apache Setup

[Will Maier]

Hi Vivek-

This has gone decidedly off topic...

On Thu, May 07, 2009 at 12:05:35PM -0700, Vivek Ayer wrote:
 I was going to start small given the budget I have. Eventually, I'd
 like dedicate a gigabit switch for HTTP traffic and Infiniband for
 compute traffic. At first, I don't expect too much MPI work to be
 done, but I've heard FreeBSD performing better under duress than linux
 as the number of HTTP threads increases.
[...]
 The final option would be to divide and conquer: 6 for HTTP, 6 for
 computing, but my reasoning is why not scale for HTTP as much as
 possible.

This is really the only reasonable approach. No one would run a
production web service on top of a parallel computing cluster unless
they had to. Remember that your execute nodes will run random jobs from
random users -- do you want that on a box that hosts a critical database
or webserver? The scenario is worse if you participate on a grid.

As always, use the best tool for the job. As you've noticed, OpenBSD
will do well managing your network. Frankly, in most cases it also
makes for an excellent database or webserver. As for the execute nodes,
run Linux on them unless you have some reason (user requirements,
demonstrated performance gains, etc) to do otherwise.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

Re: clearing /tmp

[Will Maier]

Hi Lars-

On Thu, Oct 30, 2008 at 05:15:53PM +0200, Lars Nood'en wrote:
 I notice there is also /var/tmp.  What is the reason for having
 two directories for apparently similar purposes?   Would there be
 any major problems from combining the two, either by linking or
 symlinking one to the other?

Did you check hier(7)?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: OpenBSD 4.3 FAQ in PDF?

[Will Maier]

On Tue, Jul 22, 2008 at 09:32:15AM -0500, Daniel A. Ramaley wrote:
 The number list could be collapsed into `seq 1 15` on a system
 with seq installed.

Have you met jot(1)?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: 'Nother broken package - git-1.5.4.2

[Will Maier]

On Tue, Jul 15, 2008 at 02:30:36PM -0500, L. V. Lammert wrote:
 Depends on tcl-8.4.7p6, .. maybe, .. but what does X have to do
 with git??

http://en.wikipedia.org/wiki/Tk_%28framework%29

   Can't install tk-8.4.7p1: lib not found X11.11.1

 Is this a broken dependency 

No.

 or . . . ? Seems like git installed cleanly on 4.2.

Are you going to send a mail to misc@ every time a package depends
on X?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Sendmail won't use port 587 instead of 25

[Will Maier]

On Sun, Jul 13, 2008 at 04:16:20PM -0700, Joe S wrote:
 I can't get sendmail to use port 587 and not port 25, which my ISP
 Comcast blocks.
 
 I've added these lines to my sendmail.mc file, which is a copy of
 openbsd-proto.mc I've tried this with the openbsd-localhost.mc file
 also, but no success.
 
 ~
 define(`SMART_HOST', `smtp.comcast.net')dnl
 define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
 define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
 define(`SMTP_MAILER_ARGS', `TCP $h 587')dnl
 MASQUERADE_AS(`comcast.net')dnl
 FEATURE(masquerade_envelope)dnl
 ~

These defines need to come before the MAILER macros. Though you
didn't post your whole .mc, I bet the above defines are down by the
MASQUERADE* section, which is too late.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: sendmail STARTTLS

[Will Maier]

On Thu, Jul 10, 2008 at 02:08:30PM +0200, GVG GVG wrote:
[...]
 did try to setup STARTTLS but I don't think that it works! here are the
 modifications in my .mc file:
 
 --
 define(`CERT_DIR', `MAIL_SETTINGS_DIR`'CA')dnl
 define(`confCACERT_PATH', `CERT_DIR')dnl
 define(`confCACERT', `CERT_DIR/cacert.pem')dnl
 define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
 define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
 define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
 define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
 -

Do those files exist?

 Following 'man starttls' I should get:
[...]
 but I'm missing the '250 STARTTLS' entry from the above output!
 
 Any idea what might gone wrong?

Did you look in your maillogs?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: sendmail STARTTLS

[Will Maier]

On Thu, Jul 10, 2008 at 03:56:48PM +0200, GVG GVG wrote:
 On Thu, Jul 10, 2008 at 3:33 PM, Will Maier [EMAIL PROTECTED] wrote:
  On Thu, Jul 10, 2008 at 02:08:30PM +0200, GVG GVG wrote:
   --
   define(`CERT_DIR', `MAIL_SETTINGS_DIR`'CA')dnl
   define(`confCACERT_PATH', `CERT_DIR')dnl
   define(`confCACERT', `CERT_DIR/cacert.pem')dnl
   define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
   define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
   define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
   define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
   -
[...]
 Yes they do exist:
 
 --
 -bash-3.2$ pwd
 /etc/mail/CA
 -bash-3.2$ ls -l
 total 56
 -rw-r--r--  1 root  wheel  1229 Jun 23 17:02 cacert.pem
 -rw-r--r--  1 root  wheel   875 Jun 18 13:46 cacert.pm
 -rw---  1 root  wheel  3848 Jun 23 17:11 cert.pem
 drwxr-xr-x  2 root  wheel   512 Jun 17 16:25 certs
 drwxr-xr-x  2 root  wheel   512 Jun 23 17:17 crl
 -rw---  1 root  wheel 3 Jun 23 17:17 crlnumber
 -rw---  1 root  wheel68 Jun 23 17:11 index.txt
 -rw---  1 root  wheel21 Jun 23 17:11 index.txt.attr
 -rw-r--r--  1 root  wheel 0 Jun 23 16:46 index.txt.old
 -rw-r--r--  1 root  wheel  1679 Jun 23 17:04 key.pem
 drwxr-xr-x  2 root  wheel   512 Jun 23 17:11 newcerts
 drwx--  2 root  wheel   512 Jun 23 16:53 private
 -rw---  1 root  wheel 3 Jun 23 17:11 serial
 -rw-r--r--  1 root  wheel 3 Jun 23 16:46 serial.old
 ---

You're missing my{cert,key}.pem.

 and in the mail_log there is nothing recorded! No errors or
 warnings!

Did you restart sendmail?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: sendmail STARTTLS

[Will Maier]

On Thu, Jul 10, 2008 at 04:26:38PM +0200, GVG GVG wrote:
 In a sendmail book I found following entry they suggested to put
 in the .mc file. Could be the reason for my problems?
 
 --
 dnl define(`confCRL', `CERT_DIR/crl/crl.pem')dnl
 -

No. So you updated your .mc file as above, installed it as
/etc/mail/localhost.cf and HUPed sendmail? By default on OpenBSD,
sendmail is started with the following flags:

-L sm-mta -C/etc/mail/localhost.cf -bd -q30m

If you installed your new .cf file as sendmail.cf, sendmail won't
read it (unless you change or drop the -C flag).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: sshd_config(5) PermitRootLogin yes

[Will Maier]

On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote:
 Am I reading this right?

Yes.

[...]
 I remember that I filed PRs with FreeBSD/NetBSD a few years ago to get  
 this changed, but Redhat Support is giving some some noise about:

 Well the source vendor doesn't disable it by default ...

This has been discussed. Check the archives if you'd like.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Broken Webalizer for 4.3?

[Will Maier]

On Tue, Jul 08, 2008 at 01:34:32PM -0500, L. V. Lammert wrote:
 OpenBSD Zeus.omnitec.net 4.3 GENERIC#698 i38

 Looks like a problem with webalizer:

 # pkg_add webalizer-2.01.10p5
 Can't install gd-2.0.35: lib not found fontconfig.5.1
 Dependencies for gd-2.0.35 resolve to: libiconv-1.9.2p5, jpeg-6bp3, png-1.2.22
 Full dependency tree is libiconv-1.9.2p5,jpeg-6bp3,png-1.2.22
 Can't install gd-2.0.35: lib not found freetype.16.0
 Can't install webalizer-2.01.10p5: can't resolve gd-2.0.35

 Looks like gd-2.0.35 is requiring freetype.16.0? The current freetype is: 
 freetype-1.3.1p3?

Do you have the X sets installed?

http://www.openbsd.org/faq/faq15.html#NoFun

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Broken Webalizer for 4.3?

[Will Maier]

On Tue, Jul 08, 2008 at 01:43:06PM -0500, L. V. Lammert wrote:
 At 01:34 PM 7/8/2008 -0500, you wrote:
 # pkg_add webalizer-2.01.10p5
 Can't install gd-2.0.35: lib not found fontconfig.5.1

 Looks like fontconfig might have been moved to xbase? WHY?? What's
 the  reason to install X on a production server just to get some
 bogus libraries for web work? Sounds pretty BOGUS to me??

If you can't stand the idea of untarring the entire fileset (and
you're moderately clever), grab the libraries you need.

In my book, 'BOGUS' includes:

* Not checking the archives for answers to a question before
  spamming the list
* Not checking the FAQ
* Whining

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: mirror.cs.wisc.edu

[Will Maier]

Hi Roger-

On Tue, Jul 01, 2008 at 06:54:32AM -0500, Roger Midmore wrote:
 I actually made a mistake for the email address for technical
 support is [EMAIL PROTECTED] although the I think csl might work as
 well since it stands for Computer Systems Lab. But sending to lab
 actually creates a complaint that is logged and taken care of as
 soon as possible. I forwarded your message on to the department
 though. If you notice anything else just send a message to lab
 with [CSL #354961] in the subject since someone else noticed that
 to be the proper path to the release should be /pub/OpenBSD not
 /pub/mirrors/OpenBSD. I created a request for them to add a link
 to fix that problem as well.

Thanks for getting this started. I've contacted the CSL and will
work to get their mirror in order and listed on ftp.html. I work at
hep.wisc.edu, so it shouldn't be too hard to keep them on top of
updates. ;)

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Monitor Open Files

[Will Maier]

On Fri, Jun 20, 2008 at 07:22:40PM -0700, Peter_APIIT wrote:
 I think this command may help you. lsof. 

On OpenBSD, fstat(1) is often more interesting. As an added bonus,
it's in base.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Why Perl for pkg_* tools ?

[Will Maier]

On Fri, May 23, 2008 at 01:42:05PM +0200, Almir Karic wrote:
 On Fri, May 23, 2008 at 9:37 AM, Marc Espie [EMAIL PROTECTED] wrote:
  As far as perl goes, it's about the only language that fit the
  bill.  The older pkg_* were totally impossible to maintain and
  extend, and I needed a sensible script language that was in
  base.
 
 at the risk of starting a flame war, considered python? beside not
 being in the base, any other downsides for this particular task?

That's a pretty big downside.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Unbound: a validating, recursive, and caching DNS resolver

[Will Maier]

On Wed, May 21, 2008 at 02:09:23PM -0300, Andr'es wrote:
 I just read about this project, might be of interest:
 http://unbound.net/
 
 It's developed by Kirei, NLnet Labs, Nominet, and VeriSign; and
 released under a permissive free software license:
 http://unbound.net/svn/trunk/LICENSE
 
 I read about it at:
 http://tech.slashdot.org/tech/08/05/21/0153201.shtml
 
 Original source for the article:
 http://www.networkworld.com/news/2008/052008-open-source-dns-server.html

And jakob@ has already made a draft port[0] available. There's still
time to follow up on ports@ with test results.

[0] http://www.schlyter.se/jakob/openbsd/unbound.tar.gz
http://archive.netbsd.se/?ml=openbsd-portsa=2008-05m=7431665

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*

Re: Forcing ports install

[Will Maier]

On Wed, Apr 02, 2008 at 10:33:00PM +1000, N J wrote:
 Basically my question is how do I get the port to install without
 having to remove then old package and dependencies first?  I'm
 trying to build pidgin out of the ports tree.

See bsd.port.mk(5) -- specifically, look at the update (or
reinstall) target. Folks using ports should be pretty familiar with
things like bsd.port.mk(5) and ports(7), though. Is there a reason
you're not using packages from the mirrors?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Possible discrepancy between sshd_config(5) and ssh-agent(1)

[Will Maier]

On Thu, Mar 13, 2008 at 02:07:57PM +0200, Lars Nood'en wrote:
 http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agentsektion=1
  ssh-agent(1)
...
  -t life
   Set a default value for the maximum lifetime of
   identities added to the agent.  The lifetime may
   be specified in seconds or in a time format
   specified in sshd_config(5).  A lifetime
   specified for an identity with ssh-add(1)
   overrides this value.  Without this option the
   default maximum lifetime is forever...

Both this reference and the quoted reference in ssh-add(1) refer to
a _time format_ defined in sshd_config(5), not a keyword. Look in
sshd_config(5) under TIME FORMATS.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Best way to automate administration of multiple servers

[Will Maier]

On Wed, Nov 14, 2007 at 07:45:06PM +1100, Mikel Lindsaar wrote:
 1) Create images or post install diffs so that if I need to add a
 blade to expand, I put it in, connect via the console, install via
 PXE and then download the diff - I know you can do this wth the
 post install scrips in OpenBSD's install script, but any real
 world use of this, things to avoid or good things to do?

cfengine[0] (which we use at work to manage ~500 Linux machines) or
radmind (which I use at home to manage my OpenBSD servers,
workstations and laptops).

There are at least two schools of thought on how one should manage 
1 machine. cfengine is the most popular convergent tool, where you
specify an ideal state using a declarative language and the clients
iterate towards that state. radmind is the most useful congruent
tool, where you specify (or directly imply) the exact sequence of
operations that each client must perform to reach an ideal state.

I've used both approaches for years, and I greatly prefer radmind
both for its simple design and the implicit guarantees of
congruence. See below for references on each:

http://www.cfengine.org/papers.html
http://www.infrastructures.org/papers/turing/turing.html

 2) Keeping 10 - 20 copies of OpenBSD up to the latest patch levels
 without having to do more than trial on one (for each type) and
 then for the rest type something as trivial as /bin/sh -x
 update.sh rotating through the servers and testing as you go?  I
 can see myself spending two days a month otherwise doing upgrades
 on all the servers.

Same as above.

 3) Guides on how to manage the logs of this many servers.  Any
 experiences with splunk on this sort of environment, other
 options?

Log centrally using syslog; syslog-ng is a well-used central log
server.

[0] http://www.cfengine.org/
[1] http://rsug.itd.umich.edu/software/radmind/

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Best way to automate administration of multiple servers

[Will Maier]

On Wed, Nov 14, 2007 at 02:30:34PM +, Edd Barrett wrote:
 On 14/11/2007, Mikel Lindsaar [EMAIL PROTECTED] wrote:
  Hello all,
  I want to automate handling them as much as possible and would like
  some list suggestions on reading materials, software, or web howtos.
 
 The multixterm program that comes with expect is useful for ssh'ing to
 lots of machines and running the same commands on them all.

See also sysutils/clusterit, which has several tools useful for this
purpose. I use dsh to run oneliners on groups of machines, though
you can use it interactively, too.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Looking for something similar to screen-command

[Will Maier]

On Wed, Sep 12, 2007 at 01:50:00PM +0200, Jon Sjostedt wrote:
 I have installed BitTorrent-4.2.2 on my 3.9-box. With this i would like to
 start file sharing on a console, logout, login later and reattach to the
 console of the BitTorrent-4.2.2 session. AFAIK this is done in most
 Linux-distros using the command screen, but how can I do it in BSD?

You can install the screen package?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: pkg_add can't install a package

[Will Maier]

On Fri, Aug 17, 2007 at 11:48:34AM +0300, Tomas wrote:
 I'm having some trouble installing clamav-0.90.3.tgz package. I'm using 
 OpenBSD_4_1.
 My steps:
 1. export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386
 2. sudo pkg_add -v clamav-0.90.3.tgz
 And I have this error:
 
 parsing clamav-0.90.3
 Can't install clamav-0.90.3 because of conflicts (.libs-clamav-0.90)
^
 Error from ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/:
 ftp: -: short write
 421 Service not available, remote server has closed connection.
 /usr/sbin/pkg_add: clamav-0.90.3.tgz:Fatal error

Use pkg_delete(1) to remove the .libs- package.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: pkg_add can't install a package

[Will Maier]

On Fri, Aug 17, 2007 at 12:58:34PM +0300, Tomas Stankevicius wrote:
 But then again... Why .libs-clamav-0.90 was left behind when I
 removed clamav-0.90.tgz with pkg_delete ?

This has been covered in the archives[0]. When you delete a package
that may still have shared libraries in use by other packages, a
.libs stub is kept for compatibility purposes with older stuff.

[0] http://marc.info/?l=openbsd-miscm=117742456031949w=2

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: howto set global environment variable (e.g. PATH, JAVA_HOME)

[Will Maier]

On Wed, Aug 08, 2007 at 06:09:16AM -0700, pixotec wrote:
 but I want it for all users:
 1. could change all .profile-files of all users: no thanx ;-( (and
 change /etc/skel/.profile for future new users)

This would work.

 2. change /etc/login.conf ???

This would also work (see login.conf(5)).

 3. create /etc/profile, change all existing .profile of users (to
 source /etc/profile) and change /etc/skel/.profile

As would this.

 4. change /etc/ksh.kshrc and create .kshrc sourcing /etc/ksh.kshrc
 for all users (and in /etc/skel...)

And this.

 IS THERE A EASY WAY (change only on central file for all users) TO
 SET THEM?

Well, choose whichever of the above is easiest for you. Based on
your criteria, it seems that modifying login.conf would require the
fewest keystrokes. I prefer to provide a global/site profile or
shell init script and allow users to source it if they'd like, but
that fits my site's policies well; depending on what you do and
where you work, loginf.conf(5) may be more appropriate.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: How to track port updates in stable?

[Will Maier]

On Fri, Aug 03, 2007 at 06:35:51PM -0500, Todd Pytel wrote:
 I don't spend as much time following OpenBSD as I used to, so
 perhaps I'm missing something. But there used to be a
 ports-security mailing list used for announcing updated ports.
 That list doesn't exist any more, or at least doesn't appear to
 have had anything posted to it in a very long time.

It exists, but is inactive.

 Is there some other official way to track changes to ports? 

By looking at the output of `cvs up`? By watching commits via
[EMAIL PROTECTED] I do both, and find it sufficient.

 Absent that, has anyone come up with a simple hack to feed to cron
 to accomplish the same thing? 

I pull updated ports and src daily via cron, and read
(ports|source)-changes@ for commit messages, etc. Does that not
achieve what you need?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Secure Network File System - Or Lack Thereof

[Will Maier]

On Sat, Jul 14, 2007 at 02:41:40PM +0200, Landry Breuil wrote:
 man -k afs seems to say that AFS is in base, using ARLA
 implementation. 

This is true, but ARLA doesn't have a production server
implementation available. The AFS client is great (and obviously)
interoperates with OpenAFS servers).

 (and OpenAFS is in ports)

This port is a bit broken, IIRC, and out of date. I spent a week or
two a few months ago trying to update the port, but it's
non-trivial. It would be great to update it, but I wasn't really
making progress.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: dhcp question

[Will Maier]

On Tue, Jul 03, 2007 at 02:45:00PM +0100, mgb wrote:
 So if I defined a large pool of IP addresses in dhcpd.conf that
 would avert the problem described above, however I'm struggling to
 think of a solution on how would clients would request the correct
 configuration file? and how could I handle new clients replacing
 broken ones with regard to dishing out the correct configuration
 file?

Use lladdrs, not IP addresses, to name or serve the files. This is
how most PXE setups work. See pxeboot(8) for some discussion.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Rename multiple files at once

[Will Maier]

On Wed, Jun 27, 2007 at 02:37:07PM +0200, Pieter Verberne wrote:
 How do I rename multiple files at once?

This is a function of your shell, not mv. See ksh(1), zsh(1), etc...

Alternatively, you could write a simple script/function to address
the same problem:

for FILE in *jpg; do
NEW=$(echo $FILE | sed -e 's/\.jpg$/_thumb.jpg/')
mv ${FILE} ${NEW}
done

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Double mails from mailing list

[Will Maier]

On Wed, Jun 27, 2007 at 04:57:17PM +0200, Pieter Verberne wrote:
 I'm getting some mails double from [EMAIL PROTECTED] In the
 header is this:
 X-Loop: misc@openbsd.org
 
 Does that say enough?

Some people are setting To: to misc@openbsd.org and adding you to
the Cc:.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: ps wrapping

[Will Maier]

On Tue, Jun 26, 2007 at 02:28:37PM -0400, Nick Guenther wrote:
 Is there anyway to make ps format its output to not cut off lines
 at the edge of the screen? Is have a long command line I'm trying
 to remember and I can't see it all. I tried -o command but it's
 still too long.

ps(1):

 -w  Use 132 columns to display information, instead of the default,
 which is the window size.  If the -w option is specified more
 than once, ps will use as many columns as necessary without re-
 gard for window size.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: telnetd ?

[Will Maier]

On Mon, Jun 25, 2007 at 02:59:58PM -0400, stan wrote:
 Yes, I know it's a bad idea, but for reasons beyond my control, I
 need to provide a telnet service on an OpeBSD 4.0 machine.
 Unfortunately there does not seem to be a telnetd built by
 default.
 
 How can I get this daemon built?

Search the archives...

http://marc.info/?l=openbsd-miscw=2r=1s=telnetdq=b?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Locations of stable ports vs current ports

[Will Maier]

On Wed, Jun 20, 2007 at 10:05:25AM -0700, Joe S wrote:
 This site has a nice interface to ports: http://ports.openbsd.nu/
 But they ports it says are in OpenBSD are not in my tree. Is this
 site showing current only?

That site isn't run by the project; I assume it follows -current,
but you could check their FAQ (or compare file revisions).

 The cvs website on openbsd.org
 (http://www.openbsd.org/cgi-bin/cvsweb/ports/) also has the www/rt
 port. Is the cvs website showing current too?

cvsweb will show you whatever you want it to. Look for the 'Show
only files with tag' button at the bottom, and select the version
you're interested in.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: OpenBSD and Kerberos Client

[Will Maier]

On Tue, Jun 05, 2007 at 01:59:07PM +0100, [EMAIL PROTECTED] wrote:
 Any chance you could help write up some documentation? Kerberos on
 OpenBSD doesn't really have any good docs that I could find. Maybe
 I could then retry this effort in the future. For expediency
 though, I will have to reinstall with RedHat as it only takes 5
 minutes to get it working as a kerberos client.

I set up a Heimdal kdc and several OpenBSD clients with krb5 auth in
about ten minutes based on the info page. What, exactly, is lacking
in the documentation? I'm no fan of info pages, but Heimdal's
covered all the topics I needed to get set.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: OpenBSD and Kerberos Client

[Will Maier]

On Tue, Jun 05, 2007 at 03:16:06PM +0100, [EMAIL PROTECTED] wrote:
 I don't have the audacity to do anything. The email signature is
 defined through company policy and tacked on by the M$ Exchange
 Server on the way out. I have no say and only see it when I get
 replies to my email.

Have you considered getting a free mail account somewhere else and
using that for your non-work correspondence?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: issues starting wmii window manager

[Will Maier]

On Sun, May 20, 2007 at 12:21:16AM +1000, atstake atstake wrote:
 I just installed wmii window manager on 4.1 on i386 but when I try
 to start by typing wmii it says -
 
 wmiiwm: cannot open display
 
 However, I can start fvwm fine by typing startx in the console. And
 /usr/X11R6/bin in my $PATH

xinit(1), startx(1); specifically, look at ~/.xinitrc.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: www.openbsd.org (and vs openbsd.org)

[Will Maier]

On Fri, May 11, 2007 at 12:10:13AM +0200, Martin Toft wrote:
 Nobody answered my second question though :) Maybe nobody knows
 the answer? :) Summary: I was once told not to use openbsd.org; it
 was said that www.openbsd.org was the only valid site (ignoring
 mirror sites). Is this just bullshit?

Yes, it's bullshit, and yes, Theo answered your question. www is
a mirror.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Webservers with Terrabytes of Data in - recomended setups

[Will Maier]

On Fri, Apr 20, 2007 at 09:03:54AM -0500, Jacob Yocom-Piatt wrote:
 from my observations redundancy is the biggest problem with NFS
 and that its ability to efficiently serve up data is more than
 ample.

Redundancy is certainly a problem, but lots of US HPC and
distributed computing sites have severe scaling problems with NFS.
High r/w traffic has killed several file servers in projects that we
work with, and it sucks big time. I don't know anyone who's happy or
excited or confident in their HPC NFS deployments; everyone I've
talked to hopes for a real solution to this problem. ;)

If the OP's use case involves lots of writes (especially from many
clients), I'd be concerned about NFS' ability to keep up. Then
again, I've had problems with pretty much all of the network
filesystems (including AFS, though it's the least bad in my
experience).

I'm still waiting for Ceph[0] to mature (and to shed its linuxisms).
;)

[0] http://ceph.sf.net/

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Problem: Raid mounting root as read-only, and not from the partition desired...

[Will Maier]

On Sat, Apr 07, 2007 at 12:11:23PM -0700, Merp.com Volunteer wrote:
 Considering all the workarounds to even just getting
 python/zope/plone to install, let alone the list of other
 bugs/issues related to that config on openbsd (that hasn't been an
 issue on other bsd and nix setups for us), as well as the
 scattered knowledge/experience of openbsd in the volunteer group
 (whereas most are familiar with Linux), should we just abandon the
 entire effort of converting to openbsd and just stick with Linux?

You sound like a Linux shop. It doesn't sound like your group has
sufficient background to migrate whole-hog to OpenBSD (or Solaris,
or AIX, or Windows). What problem are you trying to solve by
migrating to OpenBSD?

 Or will there be sufficient support from the openbsd community to
 help us get through the entire trainsition to openbsd?

This list (and the other various parts of the user and developer
communities) is a great resource, but it shouldn't be part of your
migration plan. From what you've described, OpenBSD is a fine
technical solution to your problem. But with your group, it doesn't
sound like you can make it work in the time you have. Migrations are
big, scary things, and they need planning and experience. Even a
great list like this can't be the cornerstone of your plan.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

cron doesn't run commands in /etc/crontab?

[Will Maier]

According to cron(8), cron should be able to read commands from a
properly formatted and chmoded /etc/crontab file. I've created such
a file, but I can't seem to get cron to run the test command in it.

# cat EOF  /etc/crontab
*/1  *   *   *   *   /usr/bin/touch /tmp/crontest
EOF
# chmod 0600 /etc/crontab

cron then successfully loads the changes made to that file:

Mar 28 07:23:01 lass cron[11652]: (*system*) RELOAD (/etc/crontab)

I can also verify that the system file is loaded by watching the
output of `cron -x load`. The command is valid per crontab(5) and
works when inserted in root's tab using `crontab -e`.

After the system tab is reloaded, cron fails to run any commands
listed there: no CMD messages are logged (or seen in the debugging
output) and the file is never touched.

I've tried to get this to work on a semi-recent -current/i386 as
well as the latest snapshot (also i386) with no luck. I browsed the
code, but didn't see any obvious problems.

Any ideas?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: cron doesn't run commands in /etc/crontab?

[Will Maier]

On Wed, Mar 28, 2007 at 03:58:35PM +0200, Paul de Weerd wrote:
 Reread crontab(5), the /etc/crontab has a slightly different
 format (to specify username).

Oh. ;) Quite right -- thanks for the cluestick.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Problem on installing new packages

[Will Maier]

On Mon, Mar 26, 2007 at 11:31:56PM +0800, Stephen Liu wrote:
  On 2007/03/26 23:14, Stephen Liu wrote:
   250 CWD command successful
   ftp exit
   221 Goodbye
  
  try 'ls' too; it will open a data channel. certain
  firewall/nat-related problems will allow the command channel to
  open but not the data channel.
 
 # ls
 .Xauthority .cshrc .klogin .login .profile .ssh
 
 Other noted wit tks.

Is that in a shell? or during your FTP session? Simply running
/bin/ls in your shell isn't helpful. Stuart wanted you to use FTP's
data channel to make sure that you could fully communicate with the
server. I doubt he cares what files you have in your home directory.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: sshd.config and AllowUsers

[Will Maier]

On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:
 I want to add something like this:
 
 AllowUsers user1, user2, user3
 
 I added that in but also with an # in front like all the other
 entries. Now I find that I can still ssh to the box with a user
 acct that I didn't include in the entry. Should it be in there
 without the #? 

Yes. sshd_config(5)

 And if so, do I also then have to uncomment all the other
 entries??

No, they're the default settings.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Can OpenBSD do what BusyBox does?

[Will Maier]

On Wed, Mar 21, 2007 at 11:04:32PM +1100, Sunnz wrote:
 I doubt if OpenBSD can be replace it on the router... but if you
 has done so it be cool to know how you made it work.

It would help if you mentioned what hardware you're running on...

OpenBSD is an operating system; Busybox is a single executable that
rolls many common *nix utilities into one. They're totally
different things. Busybox doesn't have a kernel or a packet filter
(or a web server, or a...), so I don't know what the point of
comparing them is.

If you want to run OpenBSD on your router, you'd need to tell us
what hardware you're using, though I haven't heard of anyone
installing OpenBSD on something like the Linksys WRT54G. If you want
to run an OpenBSD router, grab a Soekris or an old i386 and install
OpenBSD on it. Many, many people do this; it works well.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: packages question

[Will Maier]

On Mon, Jan 29, 2007 at 02:56:44PM -0800, Daniel E. Hassler wrote:
 Is it reasonable to assume all of the dependencies for a package
 should also be available as either packages or via ports?

Yes. Some ports have licenses which prohibit redistribution as
packages, though, so N(ports)  N(packages).

 I'm trying to install p5-Mail-Box-2.018.  - p5-Mail-Box-2.018:Can't 
 find p5-Convert-BinHex-1.119
 I can't find p5-Convert-BinHex-1.119 in either packages or ports.
 p5-MIME-tools-5.420 has the same dependency.

How are you looking?

$ man 7 ports
$ cd /usr/ports
$ make search name=BinHex
Port:   p5-Convert-BinHex-1.119p1
Path:   converters/p5-Convert-BinHex
Info:   module to extract data from Macintosh BinHex files
Maint:  The OpenBSD ports mailing-list ports@openbsd.org
Index:  converters perl5
L-deps:
B-deps:
R-deps:
Archs:  any

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Virtualisation on OpenBSD?

[Will Maier]

On Wed, Jan 24, 2007 at 08:02:01AM -0800, Lawrence Horvath wrote:
 I tried looking for source but was unable, vmware is a closed
 source as far as i can tell(please correct me if im wrong, as i
 like to get hold of the source) when i was looking for it online
 you have to download the binarys, and you have to email in for a
 serial number to use it, they also have higher up pay-for
 versions, with more features

VMware is closed source.

http://www.vmware.com/download/eula/workstation.html

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: p5-MIME-tools-5.420.tgz

[Will Maier]

On Wed, Jan 17, 2007 at 06:36:31PM -0800, sausted wrote:
 I am trying to install p5-MIME-tools-5.420 using pkg_add but I keep getting
 the following error:
 
 p5-MIME-tools-5.420:Can't find p5-Convert-BinHex-1.119
 /usr/sbin/pkg_add: p5-Convert-BinHex-1.119:Fatal error
 
 I am new to OpenBSD...could someone help me?

Did you read the FAQ[0] and pkg_add[1] man page? Is PKG_PATH set
correctly in your environment?

[0] http://www.openbsd.org/faq
[1] http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add, pkg_add(1)

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Groklaw artical about the BSD license

[Will Maier]

On Tue, Jan 16, 2007 at 10:44:54PM +0100, Vim Visual wrote:
 btw are you using X? and if so, which wm? most of them are under
 the gpl, right? this must hurt if you're such a bsd license
 defender...

Stop baiting the list. 

Also, not that it's related to anything, but there are a number of
BSD-licensed WMs, several of which can be found in the ports tree.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: revision control system for system administration

[Will Maier]

On Wed, Dec 20, 2006 at 02:31:09PM +, Brian Candler wrote:
 That makes a lot of sense. But enforcing that policy might be
 difficult. This is important if you're relying on your gold server
 for disaster recovery purposes - if the target machines had some
 change made which nobody remembers and weren't reflected in the
 gold server, then any freshly-built machines will be
 non-functional.

This is a cultural problem, but there's an adequate technical
solution: aggressively sync the client machines. Admins quickly
learn to make changes in the central when their changes get blown
away every hour.

At my last job, we used cfengine to manage a handful of Solaris
zones that bounced around a cluster of machines. Each zone would be
built and destroyed every time it moved from one machine to the
other, so any non-cfengine changes made to the system would be lost.
We hadn't been using cfengine for very long, but everyone picked up
on it quite rapidly. ;)

cfengine (and other configuration management thingies, I suppose)
can alert you when key files change. So if someone's mucking around
with /etc/rc on the machine, cfengine can back it up, put in the
'gold' copy, and whine about it.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: revision control system for system administration

[Will Maier]

On Tue, Dec 19, 2006 at 03:00:04AM -0700, Clint Pachl wrote:
 I would use a dedicated, highly secure and always backed-up box to
 store/manage a central repository (CVS/SVN). This repos will hold
 all the necessary bytes (binaries, config files, ports, etc.) to
 re-image any machine from scratch. Each node on the network
 would then pull everything it needs from the central repos using
 method X. That's the part I'm trying to figure out. I want the
 whole automation system to be simple and would like to use only
 default tools.

I think I understand the reason why you want this ('only default
tools'). That said, there are good reasons that specialized tools
exist to solve this problem: it's complex. You want your install and
configuration management system to be robust; something hacked out
of whatever happens to be in base seems potentially quite fragile.

A pull-only system assumes that the clients actually pull. What if
they don't? How do you know when their last successful pull was? If
all they're doing is pulling, do you need eg one pf.conf file per
client? How many clients do you have? How many might you have in a
year? two years? Using a client imaging system as the sole
configuration management system is heavy-handed and inflexible --
you'll find lots of situations where you want more control over who
gets what file (or what action occurs where).

cfengine was mentioned elsewhere in this thread, and it's the most
prominent FOSS configuration management thingy that I'm aware of.
It's got warts, but it's widely used and mostly solves the problems
you're looking to solve. I've worked at large sites that used
cfengine, and large sites that used hacked imaging systems based on
rsync or rdist. I quickly came to understand and appreciate _why_
cfengine exists, even if I also started a list of Things I Don't
Really Like About CFengine. It's a mixed bag, but in my experience,
the warts are worth it.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: revision control system for system administration

[Will Maier]

On Tue, Dec 19, 2006 at 05:44:45AM -0700, Clint Pachl wrote:
 So your're saying cfengine would need to be included in an install
 set, such as base40.tgz or some custom install set in order to be
 used in a base install (an obvious yes)? So how do we automate to
 that point? I would like to automate the install process, as well
 as the upgrade process. What do you do when you need to install 50
 machines? I may be wrong, but if cfengine can take me from a bare
 bones system to a fully function server, let me know.

I assume you've already checked the FAQ:

http://www.openbsd.org/faq/faq4.html#site
http://www.openbsd.org/faq/faq4.html#Multiple

 I am currently working on the automated install script and it is
 fairly simple. In fact, once it is setup and talking to a central
 repository for install purposes, making it also perform system
 updates will be a breeze.

cfengine isn't an automated installer; it's a configuration
management thingy. At my previous job, we used kickstart (solaris)
and FAI (debian) to automate the installation, and cfengine to
manage post-install configuration.

 I will look into cfengine. I always figured it was one of those
 bloated apps that did about 90% of what you needed, dropping the
 ball on the last and most complex 10%. For that last 10% you
 usually end up building a custom solution. Can others comment on
 cfengine? How many managed boxen? What are its quirks, pros, cons?

We manage several thousand compute and storage nodes in a dozen or
so labs with cfengine in our grid; in my department, we manage maybe
600 CPUs. We use it to install complicated software (eg dCache,
which requires java and postgres and all sorts of badnesses), sync
user accounts/uids, etc. cfengine is the best thing available, but
it's not perfect. I've looked briefly at the obvious alternatives
(bcfg2, puppet), but wasn't impressed. radmind (also in ports) might
work for some sites; I haven't had time to really evaluate it.

I and others have already mentioned some benefits of cfengine --
other advantages should be obvious by now. As for drawbacks, you
should know that cfengine is declarative, so some procedural tasks
(like, in our case, installing dCache) are a bit trickier than I
wish they were. There are some problems with the upstream code, too
(string handling) that have been kludged-around in the OpenBSD port.
Lastly, cfengine2 has been evolving for a while, so it's a bit
crufty and at times befuddling. cfengine3 will (hopefully) address
this problem with a rewrite, but that's still years away.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: revision control system for system administration

[Will Maier]

On Tue, Dec 19, 2006 at 06:23:16AM -0700, Clint Pachl wrote:
 I'm not so convinced it is that complex on a homogeneous OpenBSD
 network. OpenBSD is a very manageable system, such as the entire
 OS contained in compressed tarballs for easy extraction and the
 flexible ports system. Both of these entities are easily
 scriptable. Then all there is to worry about is system configs and
 custom binaries, which can be easily managed by CVS. A hierarchal
 CVS structure can be built to mange global (all nodes in network),
 group (groups of similar servers), and single (things specific to
 a node, like /etc/myname) nodes. You apply global settings first,
 overwriting with more specific settings.

You now have an asston of files to keep track of. We did this _exact
thing_ using rsync at my previous job. It sucked. We moved to
cfengine. It sucked less.

 If you implement a push system, how do you know if something was
 actually pushed? What if something was pushed, how do you know the
 pushee did the right thing with what it was given? This argument
 goes both ways, but solved simply. A system should report what it
 does after it pushes or pulls. The other end should also report.
 So if the results show someone is pushing, but no one is pulling
 or visa-versa, you have a problem. This system could be
 implemented using mail or central syslog.

My point wasn't that it's not possible, but that you have to do it
yourself. There are lots of details that make these management
systems reasonable; if you're building your own, you've got a lot of
work cut out for you. And if you make a mistake, things hit the fan
rather quickly. It's not fun, and, in a lot of cases, not necessary.

[...]
 This is what I don't like to hear:  as you say, It's got
 worts..., mostly solves the problems.. Why not build something
 that has no worts and solves all problems all the time to your
 specs. And most importantly, I use OpenBSD because of its
 simplicity and robustness and I like my tools to act the same. I
 guess I haven't heard enough good about cfengine to pique my
 interest in it.

I gave up looking for perfect software a long time ago. Everything I
use -- including OpenBSD -- has bugs. I accept that. I agree that
finding the simplest solution to a problem is a good approach, but I
haven't found that designing and implementing a brand new
configuration management scheme is ever a simple approach, and I've
designed a couple in-house ones before. These days, I look for what
sucks the least, and improve it as best I can to meet my needs.

There are presentations every year at conferences like LISA about
the state of configuration management, and it's getting better. But
all of those systems have problems, and the one you plan to build
will have problems, too. People have been working on this for
decades, now, and it's not an easy problem to solve. Perhaps your
site/case is relatively straightforward and you can come up with a
compact solution that works for you. That'd be cool. 

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Errors Compiling OpenOffice

[Will Maier]

On Sun, Dec 17, 2006 at 08:22:05AM -0500, Jim Michael wrote:
 I apologize.  I incorrectly reported that I am using stable.  I
 did upgrade ports to -current on 12/16 before make install.  

Did you also upgrade your base system to -current?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: how to get new port versions when following 4.0-patch

[Will Maier]

On Mon, Dec 11, 2006 at 01:12:15PM +0100, Robert Urban wrote:
 Is there any supported way of getting 0.88.6 via ports? 

If you're following the -stable branch, you will receive security
(and, as of late, some feature) updates to your ports tree. If you
want/need a feature that isn't backported to -stable but is in
-current, you have to do the (unsupported) backporting yourself.

 Or are people running production systems installed from -RELEASE
 versions never supposed to benefit from newer port versions?

You get the new ports when you update your system to the next
release.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: submit.cf

[Will Maier]

On Tue, Dec 05, 2006 at 10:04:25AM -0800, stupidmail4me wrote:
 What exaclty is this file for? I know that localhost.cf is the
 default an doesn't accept connections from the outside world.
 sendmail.cf is for accepting connections to the outside world. But
 I can't find anything about submit.cf that explains exactly what
 it does.

/usr/share/sendmail/cf/submit.mc will make it clearer.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Links sources and GPL

[Will Maier]

On Mon, Dec 04, 2006 at 04:56:46PM +0100, Karel Kulhavy wrote:
 a) Accompany it with the complete corresponding machine-readable
 source code, which must be distributed under the terms of Sections
 1 and 2 above on a medium customarily used for software
 interchange; or,
 
 I didn't find a copy of source code in the .tgz. The FTP directory
 doesn't seem to contain source code of Links and it doesn't
 contain a README saying where the source is to be downloaded.

All distfiles (that can be mirrored) are mirrored at
ftp.openbsd.org.

 I came to this by chance when I was searching for the source of
 Transcode distributed with OpenBSD, but couldn't find it.

That is available in the same place. Modifications to the source are
available in the port directory (in patches/), which you can
download as ports.tar.gz.

This seems to fulfill the GPL's requirements to me (though I haven't
read the license in full for a few years, now).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Why Sendmail?

[Will Maier]

On Thu, Nov 23, 2006 at 01:32:29PM +, Conrad Winchester wrote:
 I do have one question though and I apologize if people always ask
 this: At the end of the install I asked whether I want to run sshd
 and ntpd by default - very nice BUT why am I not given the option
 to turn off Sendmail at this point? 

So that mail delivery works? OpenBSD has a number of useful
automated reports enabled by default which provide you with
important information, among other reasons.

 I NEVER use sendmail

Do you use a different MTA? That's fine -- sendmail is the default
MTA, but you can easily install others (eg Postfix) using
precompiled packages. In most cases, you simply run
'newMTA-enable' and clean up a few loose ends. See the
installation message for your MTA of choice for more information.

 and for an OS that prides itself on being as minimal as possible I
 would have thought giving you the option to not run sendmail would
 also be there right from the start.

IANAD, but...the goals[0] of the OpenBSD project are pretty clear,
and minimalism isn't explicitly one of them. Providing an audited
and specific featureset in the base distribution makes the task of
securing the whole system easier, but 'shipping the least stuff'
isn't in itself a goal (AFAICT).

Sendmail is there as a convenience, as is a heavily modified Apache.
If you don't need them, or want different MTAs or web servers, the
package system gives you plenty of easy options.

As you're new, I'll also plug the FAQ:

http://www.openbsd.org/faq/

In fact, this _very question_ is answered in the FAQ[1]. It helps to
check the FAQ and the mailing list archives first if you have a
question. You'll also find the man pages handy.

[0] http://www.openbsd.org/goals.html
[1] http://www.openbsd.org/faq/faq1.html#HowAbout

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: ports installing files in /etc?

[Will Maier]

On Sat, Nov 18, 2006 at 02:35:27PM +0100, Igor Sobrado wrote:
 I suppose that configuration files were on a different directory,
 as in NetBSD.  As both NetBSD and OpenBSD are using the same tools
 to manage ports/packages, and I am certainly accustomed to
 /usr/pkg/etc on NetBSD, I supposed it was an error on these
 packages.

OpenBSD and NetBSD do not use the same tools to manage ports and
packages.

 As I said, it is a certainly unusual behaviour and it is not
 described on the pkg_* manual pages (though!).  As I did not find
 a comment on this behaviour on pkg_add(1), but there are detailed
 notes on the use of /usr/ports, /usr/local, /var/db/pkg and so on
 I supposed I did a mistake installing the packages.

Look at hier(7):

 /usr/  Contains the majority of user utilities and applications.
 [...]
local/Local executables, libraries, etc.

Also, look at packages(7):

 [...]
 Some packages installation scripts will also create new configuration
 files in /etc, or need some working directory under /var to function cor-
 rectly (e.g., squid, or mysql).

This is well documented; as you noted, there's even a helpful FAQ
entry.

 I read a lot of documentation on the utilities for managing
 packages on NetBSD, where /usr/pkg/etc is used.  I expected the
 same behaviour on OpenBSD.  

Why would you expect that?

 I just asked because this behaviour is not documented on the man
 pages and it is certainly different to the way pkg_* works on
 NetBSD (where there is a different /etc for the packages).

Assuming OpenBSD works just like NetBSD will make things hard for
you. Read the FAQ and man pages, and trust pkg_info(1).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Disable rsh or not?

[Will Maier]

On Sat, Nov 18, 2006 at 06:58:13AM -0800, Maverick wrote:
 I am quite new to OpenBSD so i am reading the book Mastering
 FreeBSD And OpenBSD Security 

The FAQ and man pages are authoritative; books can be useful, but
quickly fall out of date.

 It said Your rsh/rlogin daemons (that for some crazy reason you
 didn't disable yet) will now permit root logins from any system
 with no password
 
 Is that mean i should disable rsh ? Or disable rlogin ?

Did you check that these were even enabled on your system in the
first place? They're not on mine:

$ grep -i rsh /etc/inetd.conf
#shell  stream  tcp nowait  root/usr/libexec/rshd   
rshd -L
#shell  stream  tcp6nowait  root/usr/libexec/rshd   
rshd -L

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: packages

[Will Maier]

On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:
 Hi, is there any way I can find out the entire list of files (and
 dependencies) needed before installing a given package? Let's say
 I  want to add wget to openbsd. I export the PKG_PATH to the
 appropriate mirror, then type pkg_add wget. This will do the
 installation of wget and all dependencies, but I would like to
 know  before the actual installation what files are needed (if
 possible of  course).

First, ftp(1) does much of what you get from wget(1), and is
included in base.

As to your question, pkg_add(1) suggests:

 [...]
 -n   Don't actually install a package, just report the steps that
  would be taken if it was.

As espie@ noted in a previous thread on this topic[0], you can just
install pkg_add on the system with the nice network connection and
use PKG_CACHE to download the files.

See also pkg_info(1), though package signatures will give you more
information than you're probably looking for:

 [...]
 -S  Show the package signature for each package.  This signature is a
 unique tag showing the package name, and the version number of
 every dependency and shared library necessary to build this pack-
 age.

If you have a ports tree handy, you could also use the
'print-run-depends' or 'describe' make targets documented in
bsd.port.mk(5) and ports(7).

 My reason for this is so that I can generate a complete list of
 files  needed to download for a given program, run over to a
 computer with  high speed, download, run back to my computer, dump
 the files in the  correct directory (/var/db/pkg) and then install
 the package.

Don't do that. You can use pkg_add(1) on local files, too, you know.

$ sudo pkg_add all the packages you downloaded at your friend's house

This is a rather common question -- search the archives next time.

[0] http://marc.theaimsgroup.com/?l=openbsd-miscm=115041186327151w=2

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Firewall partially failing with high traffic

[Will Maier]

On Tue, Nov 14, 2006 at 09:28:47AM -0700, Chris Cameron wrote:
 Upgrading isn't an option. I mean it is, but as soon as I say
 Don't know, lets just upgrade, that's a major hit to something
 that was tough to get in in the first place. This will be a
 Firewall-1 shop again quite quickly and any future thing I
 recommend isn't going to have much weight.

You need to upgrade anyway to properly keep up with security
updates. You're now running a system that is no longer supported;
upgrading to a supported system is a Good Thing regardless of the
issue you're currently dealing with.

As a bonus, things generally get better and 'more fixed' with each
new version and, as Tobias says, there's a good chance the problem
you're running up against is resolved.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: where is unarj-2.43?

[Will Maier]

On Sat, Nov 11, 2006 at 08:07:24PM -0600, Default User wrote:
 Okay, I give up. Where is unarj-2.43 in the OpenBSD 4.0 i386
 packages?  Clamav seems to need it, but pkg_add said it could not
 be found.  Is it indeed missing? 

Look at the port's Makefile.

http://www.openbsd.org/cgi-bin/cvsweb/ports/archivers/unarj/Makefile

Blame upstream. If you need the package, you get to build it
yourself.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Error in php5-gd-5.1.4 packages for OpenBSD 4.0

[Will Maier]

On Thu, Nov 09, 2006 at 05:00:34PM +0100, Anders J wrote:
 I think something is wrong in the php5-gd-5.1.4 packages (all
 flavors) The dependency can't be satisfied (see below) and i find
 only freetype-1.3.1p2.tgz and not freetype.13.1 in
 /4.0/packages/i386

It's not a package dependency; freetype.13.1 is provided by the X
install sets. Read the FAQ.

http://www.openbsd.org/faq/faq15.html#PkgInstall

If you're still confused, read the port's Makefile.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Shared library without SHARED_LIBS:

[Will Maier]

On Tue, Nov 07, 2006 at 11:04:26AM +0100, Badbanchi Hossein wrote:
 Tried to install the 3.8 package. Didn't work since the 3.8 packages are
 linked against 3.8 libraries.

This is documented in the FAQ; it's unsupported.

 Next installed 3.8 ports.tar.gz on my 3.9 OpenBSD, and tried make build
 key=mysql-server-4.0.24p1.

ports(7); key=... is not used.

 The process stops by creating the mysql-client-4.0.24 package, with
 the following message:

This, too, is documented in the FAQ; it's unsupported.

[...]
 Have tried all I could think of, and have done much googling, but
 no chance.

In all your googling, you didn't find the FAQ entries that make it
clear that what your doing isn't supposed to work?

 From the list of what I have already tried:
 1) Added 
 #SHARED_LIBS= ???
 to /usr/ports/infrastructure/templates/Makefile.template.

bsd.port.mk(5); Makefile.template isn't read by anything. Moreover,
how could adding a comment affect anything?

The right way to do what you want to do is to build the old MySQL
yourself. Better yet, fix/ditch the software that requires the old
MySQL.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Large scale deployments

[Will Maier]

On Thu, Nov 02, 2006 at 08:10:50PM -0500, Michael Lockhart wrote:
 2. Command and Control.  What projects or capabilities are
 available for performing remote command and control over services,
 packages, and system health?  Currently, all push/pull is done
 with perl/sh scripts to bring files over, sanity check, install,
 update, etc.  I've been leaning towards creating a daemon that
 runs on each system and has a secure connection back to a
 centralized location for determining if updates are available.  My
 proof of concept works, but thoughts on how to do this right are
 GREATLY appreciated.

I've used cfengine on large (500+ nodes) Linux clusters. There lots
of things I wish were better in cfengine, but I haven't found a more
capable tool. For one-time mass administration tasks, I use dsh from
sysutils/clusterit, though the scenario you describe above seems
cfenginy to me.

 3. Remote upgrading.  Going from 3.2 - 3.8 or 4.0 is going to be
 very difficult, and the approach that I am taking right now is
 creating a bsd.rd based kernel/image that will boot fully into
 memory, and contain the appropriate scripts to re-initialized the
 disks, rsync/scp/ftp/get/whatever the new base image and kernel
 over, then reboot, and go into the new image, and perform the rest
 of the upgrade from there.  Has anyone done something similar to
 this or know of any projects along these lines?

Upgrading from 3.2 to 4.0 is going to be a headache. The clusters
I've worked in have all used network filesystems (mostly AFS) for
most data storage; reimaging a node has never cost much. Combined
with a well-thought-out configuration management system, and major
upgrades seem like less of a problem.

Of course, you need to vet your new system image with your
applications first.

I sure wish I had 600 OpenBSD boxes to worry about...Scientific
Linux is a headache.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: pkg_add(1) over ssh(1)?

[Will Maier]

On Wed, Nov 01, 2006 at 07:45:16PM +0100, Andreas Bartelt wrote:
 is there any documentation about using pkg_add over ssh available
 yet?  

pkg_add(1); look for 'scp://'...

 Can this feature be used with some of the official mirrors?

If you have ssh access on them, sure.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: update automaticly

[Will Maier]

On Thu, Oct 19, 2006 at 09:28:23PM +0700, sonjaya wrote:
 i have script for update automaticly here:
 # cat /root/update_part1.sh
 #!/bin/csh
 cd /usr/src
 setenv CVS_CLIENT_PORT -1
 setenv CVSROOT [EMAIL PROTECTED]:/cvs
 cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd
 date  /root/update_part1.log
 
 when i try run that script get error such like this :
 # sh /root/update_part1.sh
 /root/update_part1.sh[3]: setenv: not found
 /root/update_part1.sh[4]: setenv: not found
 cvs update: CVSROOT -q must be an absolute pathname
 cvs [update aborted]: Bad CVSROOT.

sh(1) isn't csh(1) -- if you run `sh your_csh_script.sh`, sh ignores
the interpreter line and tries to run the script itself. sh doesn't
use setenv, which is why you get 'setenv: not found.'

If I were you, I'd write the script in sh. csh has long been
considered harmful, and isn't very much fun to write.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: ports question

[Will Maier]

On Wed, Oct 11, 2006 at 03:28:08PM -0700, Bryan Irvine wrote:
 Sometimes these get installed as a dependency of another app
 though and so the screen just keeps right on trucking and you
 don't have time to read it.  Is there some command or somewhere
 you can go to see what the message was?

$ man pkg_info
$ pkg_info -D python-2.4.3p0
Information for python-2.4.3p0

Install notice:
If you want to use this package as your default system python, create
symbolic links like so:
ln -s /usr/local/bin/python2.4 /usr/local/bin/python
ln -s /usr/local/bin/pydoc2.4  /usr/local/bin/pydoc

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: File system monitoring: another PCI cert requirement question

[Will Maier]

On Mon, Oct 09, 2006 at 04:07:52PM -0400, stuartv wrote:
 In the company I work for's ever expanding quest for PCI certification,
 I am told that we are required to have in place something to monitor all
 system files and log files for changes.  Does anyone have any suggestions
 on software to do this?  I am currently looking at Osiris but would like
 some input as to what is out there and actually being used by people.

Well, /etc/security already does some of this. See security(8) for
more info; you can extend it pretty easily.

Otherwise, there's AIDE or Tripwire, among others.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: ipsec vpn: freebsd and openbsd

[Will Maier]

On Thu, Oct 05, 2006 at 03:47:07PM +0200, Martin Schroder wrote:
 Should I take the silence of the list as evidence that all ports
 are secure or is the list simply ignored by the developers? Or is
 it only used in dire emergencies (like security-announce)?

The list just hasn't been used in a while. It could be seen as
redundant effort, since ports-changes@ receives messages for each
commit to the ports tree (including security-related commits), and
pkg-stable.html is updated rather frequently.

This issue has come up on #OpenBSD on freenode a few times recently,
too. Would it be a good idea to update the FAQ to point to
pkg-stable.html and [EMAIL PROTECTED] Or would it be preferable to
make use of that list again (in conjunction, perhaps, with updates
to the VuXML)?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: couple of scp questions

[Will Maier]

On Sat, Sep 23, 2006 at 12:27:21PM +0200, frantisek holop wrote:
 i realize that for some, this might seem as an unnecessary wasting
 of resources (think moving lots of small files) but i think it's
 good to know if the transport was really finished and the files
 really are the ones i started copying and not only its parts.
 
 was there any consideration to give scp similar functionality?

$ scp [EMAIL PROTECTED]:file file.part  mv file.part file

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Some recommendations on file locations sought

[Will Maier]

On Fri, Sep 22, 2006 at 01:29:56PM -0700, John Draper wrote:
 Here is what I did...
 
 htpasswd -c /var/www/conf/auth/passwd edp
  I set the password here 
 
 chown root.nogroup /var/www/conf/auth/passwd
 chmod 640 /var/www/conf/auth/passwd

What user/group are you running httpd as? Is that user a member of
nogroup? Can that user read the file?

[...]
 But the Apache rejects my password.  I tried it several times,
 same thing,  rejection.

Did you look at the error_log?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Upgrading 3.7 - 3.9

[Will Maier]

On Tue, Sep 19, 2006 at 02:28:06PM -0400, ICMan wrote:
 I want to upgrade from 3.7 to 3.9.  Can someone give me some pointers?

http://www.openbsd.org/faq/

If you have specific problems, ask here again. You may find it
easier to simply reinstall.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Low priority or real coders

[Will Maier]

On Thu, Sep 14, 2006 at 11:29:49AM -0400, steve szmidt wrote:
 (Say what you will about Linux being inferior in ways, it managed
 to do what no other Unice did for all that time -- captured a
 mainstream. A lot of development is being done benefitting most if
 not all Open Source platforms because of the attention coming down
 the Linux shute. So in the end we all win regardless of the O/S.)

In many cases, this is simply not true. Much of the hardware support
added to Linux is prohibitively Linux-specific or not worth the
effort to bring over to OpenBSD (or other BSDs) -- assuming the
driver is something more than a wrapper around a binary. Much of the
new software developed for GNU/Linux systems is messy, unportable
and utterly useless on different platforms. Linux's popularity has
drawn developers to Linux, and they've developed Linuxy things. In
some cases, BSD users benefit, too, especially when licensing and
code portability aren't total disasters. In lots of cases, though,
we get nil.

And as you should know, Unix *was* the computing mainstream for a
long period. Not on home desktops (which didn't exist for most of
that period), granted, but on workstations and servers, Unix was The
Right Choice. IMHO, Unix *continues* to be the right choice in its
traditional environments, and has become quite useful on desktops
and laptops in the last decade or so.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: preferred hardware platform

[Will Maier]

On Sun, Sep 10, 2006 at 11:39:57AM +0530, Raja Subramanian wrote:
 rdiff-backup however, does not suffer from this problem.
 And it's a bit more space efficient than rsnapshot as
 well.  Give it a shot and I doubt you'll be disappointed.

I've had an experimental port of rdiff-backup 1.0.4 and librsync
(upon which it depends) available[0] for a month or two. I haven't
looked at it much since the ports tree locked, but it's working well
on several systems running -current.

Feel free to give it a try; I'd be glad to get feedback on it, but
it won't be a priority until after the thaw.

[0]http://www.lfod.us/openbsd/ports.html#rdiff-backup
   http://www.lfod.us/openbsd/ports.html#librsync

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: XEN

[Will Maier]

On Fri, Sep 08, 2006 at 11:08:49PM +0200, openbsd misc wrote:
 I wasn't able to figure out if it is possible to run openbsd
 as xen guest system. Does anyone know?

Short answer: not yet, really.

Longer answer: people are working on it.

http://www.google.com/search?rls=enq=openbsd+xen
http://anil.recoil.org/blog/articles/2006/08/21/openbsd-xen-boots-multi-user
http://kerneltrap.org/openbsd/c2k6/who1
http://hg.recoil.org/openbsd-xen-sys.hg

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: packages failure (was dsniff ports failure)

[Will Maier]

On Thu, Aug 24, 2006 at 01:44:04PM -0700, Edward Ray wrote:
[...]
 
 # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/
 
 # pkg_add bash-3.1.1p0.tgz
 Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
 Unknown command.
 Not an ustar archive header
 bash-3.1.1p0:libiconv-1.9.2p3: complete
 Adjusting md5 for /usr/local/lib/libiconv.a from
 044a57b2de335fa8b5c24f977e9dc0af to 4e50ca5fc370e7247ffddea2ac1bd5af
 /usr/sbin/pkg_add: Installation of libiconv-1.9.2p3 failed , partial
 installation recorded as partial-libiconv-1.9.2p3 # bash

$(pkg_info | grep partial) should verify that
partial-libiconv-1.9.2p3 is installed. You should use pkg_delete to
get rid of the partial- package (and figure out what you did to
cause pkg_add to fail).

 ksh: bash: not found
 # pkg_add amap-5.2.tgz
 Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
 Unknown command.
 amap-5.2:pcre-6.4p1: complete
 
 amap-5.2: complete

OK...

 # pkg_add nmap-3.95p0.tgz
 Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
 Unknown command.
 Can't install libiconv-1.9.2p3 because of conflicts
 (partial-libiconv-1.9.2p3)
 /usr/sbin/pkg_add: libiconv-1.9.2p3:Fatal error # pkg_add wget-1.10.2p0.tgz
 Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
 Unknown command.
 Can't install libiconv-1.9.2p3 because of conflicts
 (partial-libiconv-1.9.2p3)
 /usr/sbin/pkg_add: libiconv-1.9.2p3:Fatal error

This is quite clear. It can't install libiconv because it conflicts
with the partial- package it told you that it installed above.
Delete the partial- package, figure out what's really wrong (if
anything), and try again.

 My only choice appears to be rebuild, which I have done three
 times now.

Rebuild what? libiconv? pkg_add will fetch dependencies for you. If
you're having trouble with ports, stop using them (except for the
very few cases where licensing dictates otherwise).

 If someone could point me to the magic formula of package
 downloads, much appreciated.

pkg_add(1), pkg_delete(1), the FAQ.

 I am trying to build a box for pen testing, and will switch to a
 Linux variant or FreeBSD if OpenBSDs ports and packages are
 screwed up.

Packages and ports have worked just fine for me on 3.9 and -current.

 It never used to be that difficult to build an OpenBSD pen test
 box, at least with v3.6/v3.7/v3.8

It still isn't. Make sure your kernel and userland are up to date,
and use packages. It's easy.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Web access to sysctl hw.sensors

[Will Maier]

On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote:
 1. Is there an easier way to remotely observe such hardware status?

SNMP (for better or worse) or any number of real monitoring products
do that for you; nagios and munin are both in ports.

If you really want to write your own, consider logging information
from hw.sensors to a file available in the chroot and running your
CGI on that.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: mirroring packages without much bandwidth overhead

[Will Maier]

On Mon, Aug 14, 2006 at 03:47:07PM +0200, Andreas Bartelt wrote:
 is there a simple way to efficiently mirror packages solely based on 
 package filenames in order to reduce bandwidth overhead?

A bit of shell/Perl scripting could compare the index.txt on the FTP
mirror with what you have locally...

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: obsd 3.8 does not detect new HD

[Will Maier]

On Wed, Aug 09, 2006 at 04:29:26PM -0300, Gustavo Rios wrote:
 i am running 3.8 stable on a DELL Precision Workstation 370. In my
 first hard disk i have openbsd and Windows XP. I have bought a
 second Hard Disk. It is working perfectly on XP, OpenBSD 3.8 does
 not detec it.
 
 Have anyone already faced such scenario?

Maybe -- how should I know, though, when you don't even say what
type of disk it is? or provide a dmesg? or give us any indication as
to what you've tried to do to get it recognized?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Tyan v. Supermicro for Opteron?

[Will Maier]

On Sun, Aug 06, 2006 at 03:47:02PM -0700, Darrin Chandler wrote:
 Ok, I've got it narrowed down a bit. Anyone have experiences good
 or bad to report with Tyan versus Supermicro mobos? I find
 archives for people using one or the other, so they both seem
 workable. Anyone used both and prefer one for some reason? I'm
 looking at 2xCPU, and maybe dual-core in addition.

We've been buying Supermicro Opterons (dual duals) for the past year
or so. We're not running OpenBSD, but we've been quite pleased with
the boards. 

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Multi-tabbed Terminal

[Will Maier]

On Fri, Aug 04, 2006 at 10:02:50AM -0700, Clint Pachl wrote:
 Can anyone recommend a light-weight multi-tabbed terminal for OBSD 3.9? 
 I looked through the i386 packages, but didn't notice any. I'm using FVWM2.

xterm + misc/screen.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: firefox 1.5.0.6 for openbsd

[Will Maier]

On Thu, Aug 03, 2006 at 12:11:08PM -0400, David T Harris wrote:
 The easiest way to install firefox on OpenBSD or any other package
 (that is available from OpenBSD) is to download the package from
 the OpenBSD website (or a mirror) or the ftp mirrors.

No, the easiest way is like so:

$ man pkg_add
[...]

$ ftp ftp://ftp.openbsd.org/pub/OpenBSD/ftplist
[choose a mirror]
$ export PKG_PATH=ftp://your.mirror.com/pub/OpenBSD/$(sysctl -n 
kern.version)/packages/$(machine)/
$ sudo pkg_add -i your-package

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Easy for a newbie to manage an OpenBSD server?

[Will Maier]

On Tue, Aug 01, 2006 at 10:26:23AM -0500, Titan wrote:
 I have quite a predicament.  I have been tasked with setting up an
 FTP server for the research group I'm involved with.

Do you need FTP? Can you use SFTP instead?

 The problem is once I'm gone someone with no *NIX experience will
 be maintaining the server.

Why? Can't you train them? I can understand if most research groups
can't afford to hire a full sysadmin, but hiring an up-and-coming
undergrad for seven peanuts an hour shouldn't be too bad.

 I've been considering using OpenBSD because it looks like it can
 go far longer without updates than Windows and Linux servers and
 looks to be very secure.

/me sighs

OpenBSD, while very, very useful, isn't a magic bullet. System
security is as much the admin's job as it is the OS's. If you leave
your box unpatched, even if it's running IdealOS v20, you'll
eventually regret it. Period.

No matter what OS you put on your server, you'll need to make sure
that it's patched. Some OSes make that task easier; others have
strong security track records. But with a dumb or negligent admin at
the console, it doesn't matter what bonafides your OS has -- you're
screwed.

 In your experience, would it be possible for someone with no *NIX
 experience to maintain a simple FTP server?

Yes.

 How long would you trust an unpatched OpenBSD server to go
 unhacked?

This is silly. Patch your system. If you and your successor spend a
day or two reading the FAQ and afterboot(8) and keep your eye on
your system, you'll stand a good chance of not having too much
trouble.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Man mksmbpasswd

[Will Maier]

On Wed, Jul 26, 2006 at 12:50:41PM +0200, Karel Kulhavy wrote:
 [EMAIL PROTECTED]:~$ which mksmbpasswd
 /usr/local/bin/mksmbpasswd
 [EMAIL PROTECTED]:~$ man mksmbpasswd
 man: no entry for mksmbpasswd in the manual.
 [EMAIL PROTECTED]:~$ pkg_info | grep samba
 samba-3.0.21bp2 SMB and CIFS client and server for UNIX
 
 Is there an aim in OpenBSD to have also manual pages for programs
 where the original supplier doesn't supply a manual page?

Sure, but not every binary has/needs its own man page. The package
you're talking about comes with fully 39 man pages, including
smbpasswd(8). I don't use samba, but I'd be surprised if whatever it
was you were looking for wasn't described in one of those 39 pages.

$ grep '@man' /usr/ports/net/samba/pkg/PLIST*
39

net/samba could hardly be called undocumented. If you think
mksmbpasswd needs a man page, you should probably send a diff to the
samba folks.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: OpenWebMail (package)

[Will Maier]

On Thu, Jul 20, 2006 at 04:06:54PM -0700, Rob Baldassano wrote:
 However, when I tried to install the package, the system gave an
 error message about not finding a library. Forgive me I don't
 have the error handy at the moment but it was a P5 (something
 about compression) lib. 

I'd take a look at the FAQ[0]; did you install the x* filesets? It's
hard to read minds -- pasting the error will get you better help
here.

 Does anyone know if this is fixed in the 3.9 release? If so,
 COOL. If Not, any suggestions for getting around this issue? 

The port hasn't been touched in 16 months[1]. If you really have
found a problem, it still need fixing, although I bet you're just
missing some libs.

[0]http://www.openbsd.org/faq/faq15.html#PkgInstall
[1]http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/openwebmail/

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: nload on OpenBSD - or an alternative

[Will Maier]

On Wed, Jul 19, 2006 at 04:34:49PM +0100, Richard Wilson wrote:
 Did it ever make it in? Might it at some point? Possibly a better
 question, is there something similar/better already there?

$ cd /usr/ports  make search key='bandwidth.*monitor'
Port:   bwm-ng-0.5p0
Path:   net/bwm-ng
Info:   realtime bandwidth monitoring of interfaces
Maint:  Genadijus Paleckis [EMAIL PROTECTED]
Index:  net
L-deps: 
B-deps: 
R-deps: 
Archs:  any

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*