Re: CUPS and AVAHI (bloatware)
I don't like the idea of splitting packages, but I get weirded out when ghostscript (which DOES have a no_x11 variant) winds up pulling in dbus. I guess there's no escaping freedesktop.org. khm
Re: New question, do I really need a AAAA record?
On Thu, Aug 10, 2017 at 08:18:31PM +0200, Walter Alejandro Iglesias wrote: > > Sorry, I think I didn't formulate the question well. What I meant was, > do I need also a static ipv6 to be considered by big smtp servers as a > legal sender? > No. khm
Re: gmail and hotmail blocking mail sent from my IP
You're the last person anyone wants email advice from, Rupert. khm
Re: How do you do "family remote support"?
On Tue, Jul 11, 2017 at 05:22:29PM -0400, Rupert Gallagher wrote: > Never heard of whatismyip.org? > Sent from ProtonMail Mobile Never heard of NAT? Sent from QMail Stationary
Re: Current FreeBSD looking to switch to OpenBSD
On Sat, Jun 10, 2017 at 09:20:49PM -0400, Baho Utot wrote: > > I dual boot now between Win7 and FreeBSD > > on I lapdog I have 5 os on it and use grub2 to boot them > > How is this helpful? I don't know. Some people just like talking about their computers to strangers, I guess. khm
Re: spamd and outlook.com
On Fri, Apr 21, 2017 at 10:40:42PM +0100, Kevin Chadwick wrote: > On Fri, 21 Apr 2017 09:21:48 -0700 > Kurt H Maier <k...@sciops.net> wrote: > > > Greylisting is a hack, an abuse of a side-effect. Most such > > approaches have deleterious side effects. This particular side > > effect is why I don't like greylisting in general, even though it's > > fairly effective. > > Do you answer your phone before looking at the number/caller? In fact, there are some numbers I will not respond to (and these do not cause my phone to ring) and the rest I just answer. Just like having a blacklist I don't accept SMTP connections from at all, and the rest get processed normally. What I don't do it set an outgoing voicemail greeting informing correspondents that my time is more valuable than theirs, and if they want to contact me I have a list of hoops through which they must jump. That would make me an asshole. > It is not a hack at all. It is. SMTP is mandated to retry as a reliability factor, in a world with bad network connections and unreliable software. It is not mandated to retry so people can play cute games with the sending unit. I personally have no burning desire to see greylisting expunged from the internet, but I also have no sympathy for people who think it's a real solution to anything. If it works for someone, good for them, but I will never be even a little surprised when it becomes a pain in someone's ass. khm
Re: spamd and outlook.com
On Fri, Apr 21, 2017 at 04:02:20PM +, Stuart Henderson wrote: > On 2017-04-21, Craig Skinnerwrote: > > Hi Markus, > > > > On Fri, 21 Apr 2017 11:25:14 +0200 Markus Rosjat wrote: > >> so if you have spamd in place in greylisting mode and you have > >> customers that work with people who use Office365 as a service you > >> will get calls that emails are delayed for a freaking long time > > > > Email is not instant messaging. > > > > Customers need educated to that fact. > > How do you educate them to that when they send to their gmail account > and it shows up on their phone within seconds? > > Sometimes there are delays but there's no reason for that to be the norm. > There's no reason email can't be instant messaging. Postmasters have spent decades training users that email just sucks and is necessarily unreliable. All they did was corral users toward services where they don't have to hear the administrators whining about how hard that job is. Greylisting is a hack, an abuse of a side-effect. Most such approaches have deleterious side effects. This particular side effect is why I don't like greylisting in general, even though it's fairly effective. khm
Re: Sony Vaio VPCSA
On Wed, Mar 29, 2017 at 09:22:42PM -0400, Nick Holland wrote: > Why exactly a laptop which only takes one disk would ship in RAID mode, > no idea, but I've seen it a number of times. Many of the laptops in this series could take up to four custom SSDs, which would be presented as a single drive via Intel's Matrix RAID stuff. Others were capable of taking an msata drive to use as cache in front of a spinning disk drive, which also required RAID mode to be enabled. khm
Re: Looking for replacement of thinkpad x201
On Sun, Feb 26, 2017 at 10:26:58AM +0100, Florian Ermisch wrote: > With the x260 support for a 16gb RAM stick (now DDR4) in the single slot is > now official > but it's not clear if you can have both a 2.5" > (7mm thick) drive and a m.2/NVMe SSD. > The option of having an m.2/_SATA_ SSD sure > is gone from what I've found. My X250 shipped from Lenovo with a 16GB DIMM and I put my own m.2 ssd in. I also configured it with the cache ssd, so right now I have a 512gb 2.5" SSD for openbsd, a 512gb m.2 SSD for 9front, and a 16gb m.2 SSD with a vfat filesystem that either one can mount. If you can get over the keyboard, x250 is a very capable machine. khm
Re: thinkpad X11 wheel emulation for middle button
On Tue, Jan 24, 2017 at 07:01:45PM +0200, Μάνος Πιτσιδιανάκης wrote: > I want to enable wheel emulation for the middle button in my Thinkpad > (T420s) I have this in my .xsession: xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation" 1 xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Button" 2 xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Axes" 6 7 4 5 This has worked for me on several machines, including the X250 I'm using to send this message. khm
Re: expect and spawn
On Tue, Nov 09, 2010 at 09:48:15AM -0600, Aaron Martinez wrote: I am trying to use openbsd as my workstation here at work but one of the tools we use, creates an expect script and it's not working at all. The developer of the tool uses linux primarily so he's not sure except to tell me that the expect in openbsd doesn't know spawn which I looked and the expect man page is loaded with stuff about spawn. The script I try to run is this: # cat 227254.test #!/usr/local/bin/expect -f set timeout -1 spawn -noecho ssh -X -vvv -p 22 -o StrictHostKeyChecking=no -o \ UserKnownHostsFile=/dev/null -o GSSAPIAuthentication=no \ r...@192.168.0.10 interact { \034 exit } Executing this from the command line returns the following: # sh -x 227254.test When invoked like this, the interpreter is sh, not expect. -- Will Maier http://will.m.aier.us/
Re: MPD-0.15.7 will not do httpd streamingi on my system.
Hi Sarah- On Fri, Jan 29, 2010 at 08:05:46PM -0500, s.casw...@protocol6.com wrote: [...] audio_output { typehttpd nameMy HTTP Stream encoder vorbis# optional, vorbis or lame port8000 # quality 5.0 # do not define if bitrate is bitrate 128 # do not define if quality is format 44100:16:1 } All this makes the control port 6600 show up (in netstat), but I can't for the life of me get port 8000 to be open - thus no streaming. I've tried to start mpd via sudo mpd and that still doesn't help. Try starting the daemon with --verbose --no-daemon --stdout and watching the messages on the console (or looking at the server logs). I use something similar to your config snippet (with 44100:16:2 as the format) with no problems. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | email.willma...@ml1.net | *-[ BSD: Live Free or Die ]*
Re: Automated service/daemon management
On Tue, Jun 09, 2009 at 02:06:59PM -0400, (private) HKS wrote: The much larger problem, though, is with starting/stopping/restarting services. Say I add spamd as an enabled service on host1. For my scripts to start it properly, I have to replicate the code already in /etc/rc defining how spamd starts. This is prone to errors and runs the risk of breaking on upgrades. Restarting services that need more than a HUP is also a chore. As for stopping, some services like postgresql need some careful attention. This means replicating code from /etc/rc.shutdown. You can make this easier in rc.local by using a construct along the lines described here: http://erdelynet.com/tech/openbsd/rclocal-trick/ I've looked at adding some stupid delimiters to /etc/rc, /etc/rc.local, and /etc/rc.shutdown so I can just pull in the necessary chunks, but I'm wondering if there's anything available that's more elegant and won't break on every upgrade. It sounds like using rc.d would be better suited to your environment. FreeBSD and NetBSD both use rcorder(8), which runs well on OpenBSD. Hook that into your rc.local and write/manage init scripts under /etc/rc.d. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | email.willma...@ml1.net | *-[ BSD: Live Free or Die ]*
Re: Separate desktop list?
Hi Bill- On Mon, Jun 08, 2009 at 04:33:56PM +0200, Bill Maas wrote: [...] Granted, only the last one is a potential GNOME bug, but they're definitely all desktop. These occur on _my_ machine, I don't know if these quirks are universal and reproducible, hence the need for discussion before firing bug reports at maintainers. You don't need to show that the failure is universal to make it worth a note to the maintainer. If you can reproduce it (and you're running a reasonably configured system without any frankentweaks), send a message. If the maintainer can't help you (or times out), contact po...@. I've been reluctant to post a message each time I encounter an issue like these, because I know (and strongly agree) that desktop isn't OpenBSD's core business. There certainly are developers for whom OpenBSD-on-the-desktop matters very much. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | email.willma...@ml1.net | *-[ BSD: Live Free or Die ]*
Re: Recommendation for Beowulf/Apache Setup
Hi Vivek- On Thu, May 07, 2009 at 09:36:17AM -0700, Vivek Ayer wrote: 1 OpenBSD Router running 4.5 routing to a subnet of 13 nodes running FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql server and the 12 nodes will run apache running LAMP-like services. The router will round-robin using hoststated for load-balancing. There are some FreeBSD clusters out there (NCSA has one, IIRC), but they're certainly not as common as Linux. If your users can run on FreeBSD, you might as well use it. If their code is all Linuxy (and lots of cluster and -- even more so -- grid code make silly assumptions like that), you should give them a platform that they can easily use. However, they will serve an additional task: The master mysql server will be head node for MPI jobs delivered to the 12 nodes. Basically, this setup will double up as a beowulf and web server. Is this efficient? I imagine the MPI jobs won't be running all the time and while they're up, might as well do something. This might work. But you're setting yourself up for contention and degraded service to at least one set of users. Do the people who care about perfomance of your LAMP stack mind waiting a bit while MPI jobs chew memory and network bandwidth? Do your MPI users mind if their jobs take longer to complete while your LAMP stuff is getting pounded? With regard to MPI, what sort of interconnects will your execute nodes have? MPI wants lots of bandwidth between nodes and regular gigabit might not cut it (depending on your users' applications). -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | email.willma...@ml1.net | *-[ BSD: Live Free or Die ]*
[OT] Re: Recommendation for Beowulf/Apache Setup
Hi Vivek- This has gone decidedly off topic... On Thu, May 07, 2009 at 12:05:35PM -0700, Vivek Ayer wrote: I was going to start small given the budget I have. Eventually, I'd like dedicate a gigabit switch for HTTP traffic and Infiniband for compute traffic. At first, I don't expect too much MPI work to be done, but I've heard FreeBSD performing better under duress than linux as the number of HTTP threads increases. [...] The final option would be to divide and conquer: 6 for HTTP, 6 for computing, but my reasoning is why not scale for HTTP as much as possible. This is really the only reasonable approach. No one would run a production web service on top of a parallel computing cluster unless they had to. Remember that your execute nodes will run random jobs from random users -- do you want that on a box that hosts a critical database or webserver? The scenario is worse if you participate on a grid. As always, use the best tool for the job. As you've noticed, OpenBSD will do well managing your network. Frankly, in most cases it also makes for an excellent database or webserver. As for the execute nodes, run Linux on them unless you have some reason (user requirements, demonstrated performance gains, etc) to do otherwise. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | email.willma...@ml1.net | *-[ BSD: Live Free or Die ]*
Re: clearing /tmp
Hi Lars- On Thu, Oct 30, 2008 at 05:15:53PM +0200, Lars Nood'en wrote: I notice there is also /var/tmp. What is the reason for having two directories for apparently similar purposes? Would there be any major problems from combining the two, either by linking or symlinking one to the other? Did you check hier(7)? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: OpenBSD 4.3 FAQ in PDF?
On Tue, Jul 22, 2008 at 09:32:15AM -0500, Daniel A. Ramaley wrote: The number list could be collapsed into `seq 1 15` on a system with seq installed. Have you met jot(1)? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: 'Nother broken package - git-1.5.4.2
On Tue, Jul 15, 2008 at 02:30:36PM -0500, L. V. Lammert wrote: Depends on tcl-8.4.7p6, .. maybe, .. but what does X have to do with git?? http://en.wikipedia.org/wiki/Tk_%28framework%29 Can't install tk-8.4.7p1: lib not found X11.11.1 Is this a broken dependency No. or . . . ? Seems like git installed cleanly on 4.2. Are you going to send a mail to misc@ every time a package depends on X? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Sendmail won't use port 587 instead of 25
On Sun, Jul 13, 2008 at 04:16:20PM -0700, Joe S wrote: I can't get sendmail to use port 587 and not port 25, which my ISP Comcast blocks. I've added these lines to my sendmail.mc file, which is a copy of openbsd-proto.mc I've tried this with the openbsd-localhost.mc file also, but no success. ~ define(`SMART_HOST', `smtp.comcast.net')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl define(`SMTP_MAILER_ARGS', `TCP $h 587')dnl MASQUERADE_AS(`comcast.net')dnl FEATURE(masquerade_envelope)dnl ~ These defines need to come before the MAILER macros. Though you didn't post your whole .mc, I bet the above defines are down by the MASQUERADE* section, which is too late. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: sendmail STARTTLS
On Thu, Jul 10, 2008 at 02:08:30PM +0200, GVG GVG wrote: [...] did try to setup STARTTLS but I don't think that it works! here are the modifications in my .mc file: -- define(`CERT_DIR', `MAIL_SETTINGS_DIR`'CA')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl - Do those files exist? Following 'man starttls' I should get: [...] but I'm missing the '250 STARTTLS' entry from the above output! Any idea what might gone wrong? Did you look in your maillogs? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: sendmail STARTTLS
On Thu, Jul 10, 2008 at 03:56:48PM +0200, GVG GVG wrote: On Thu, Jul 10, 2008 at 3:33 PM, Will Maier [EMAIL PROTECTED] wrote: On Thu, Jul 10, 2008 at 02:08:30PM +0200, GVG GVG wrote: -- define(`CERT_DIR', `MAIL_SETTINGS_DIR`'CA')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl - [...] Yes they do exist: -- -bash-3.2$ pwd /etc/mail/CA -bash-3.2$ ls -l total 56 -rw-r--r-- 1 root wheel 1229 Jun 23 17:02 cacert.pem -rw-r--r-- 1 root wheel 875 Jun 18 13:46 cacert.pm -rw--- 1 root wheel 3848 Jun 23 17:11 cert.pem drwxr-xr-x 2 root wheel 512 Jun 17 16:25 certs drwxr-xr-x 2 root wheel 512 Jun 23 17:17 crl -rw--- 1 root wheel 3 Jun 23 17:17 crlnumber -rw--- 1 root wheel68 Jun 23 17:11 index.txt -rw--- 1 root wheel21 Jun 23 17:11 index.txt.attr -rw-r--r-- 1 root wheel 0 Jun 23 16:46 index.txt.old -rw-r--r-- 1 root wheel 1679 Jun 23 17:04 key.pem drwxr-xr-x 2 root wheel 512 Jun 23 17:11 newcerts drwx-- 2 root wheel 512 Jun 23 16:53 private -rw--- 1 root wheel 3 Jun 23 17:11 serial -rw-r--r-- 1 root wheel 3 Jun 23 16:46 serial.old --- You're missing my{cert,key}.pem. and in the mail_log there is nothing recorded! No errors or warnings! Did you restart sendmail? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: sendmail STARTTLS
On Thu, Jul 10, 2008 at 04:26:38PM +0200, GVG GVG wrote: In a sendmail book I found following entry they suggested to put in the .mc file. Could be the reason for my problems? -- dnl define(`confCRL', `CERT_DIR/crl/crl.pem')dnl - No. So you updated your .mc file as above, installed it as /etc/mail/localhost.cf and HUPed sendmail? By default on OpenBSD, sendmail is started with the following flags: -L sm-mta -C/etc/mail/localhost.cf -bd -q30m If you installed your new .cf file as sendmail.cf, sendmail won't read it (unless you change or drop the -C flag). -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: sshd_config(5) PermitRootLogin yes
On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote: Am I reading this right? Yes. [...] I remember that I filed PRs with FreeBSD/NetBSD a few years ago to get this changed, but Redhat Support is giving some some noise about: Well the source vendor doesn't disable it by default ... This has been discussed. Check the archives if you'd like. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Broken Webalizer for 4.3?
On Tue, Jul 08, 2008 at 01:34:32PM -0500, L. V. Lammert wrote: OpenBSD Zeus.omnitec.net 4.3 GENERIC#698 i38 Looks like a problem with webalizer: # pkg_add webalizer-2.01.10p5 Can't install gd-2.0.35: lib not found fontconfig.5.1 Dependencies for gd-2.0.35 resolve to: libiconv-1.9.2p5, jpeg-6bp3, png-1.2.22 Full dependency tree is libiconv-1.9.2p5,jpeg-6bp3,png-1.2.22 Can't install gd-2.0.35: lib not found freetype.16.0 Can't install webalizer-2.01.10p5: can't resolve gd-2.0.35 Looks like gd-2.0.35 is requiring freetype.16.0? The current freetype is: freetype-1.3.1p3? Do you have the X sets installed? http://www.openbsd.org/faq/faq15.html#NoFun -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Broken Webalizer for 4.3?
On Tue, Jul 08, 2008 at 01:43:06PM -0500, L. V. Lammert wrote: At 01:34 PM 7/8/2008 -0500, you wrote: # pkg_add webalizer-2.01.10p5 Can't install gd-2.0.35: lib not found fontconfig.5.1 Looks like fontconfig might have been moved to xbase? WHY?? What's the reason to install X on a production server just to get some bogus libraries for web work? Sounds pretty BOGUS to me?? If you can't stand the idea of untarring the entire fileset (and you're moderately clever), grab the libraries you need. In my book, 'BOGUS' includes: * Not checking the archives for answers to a question before spamming the list * Not checking the FAQ * Whining -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: mirror.cs.wisc.edu
Hi Roger- On Tue, Jul 01, 2008 at 06:54:32AM -0500, Roger Midmore wrote: I actually made a mistake for the email address for technical support is [EMAIL PROTECTED] although the I think csl might work as well since it stands for Computer Systems Lab. But sending to lab actually creates a complaint that is logged and taken care of as soon as possible. I forwarded your message on to the department though. If you notice anything else just send a message to lab with [CSL #354961] in the subject since someone else noticed that to be the proper path to the release should be /pub/OpenBSD not /pub/mirrors/OpenBSD. I created a request for them to add a link to fix that problem as well. Thanks for getting this started. I've contacted the CSL and will work to get their mirror in order and listed on ftp.html. I work at hep.wisc.edu, so it shouldn't be too hard to keep them on top of updates. ;) -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Monitor Open Files
On Fri, Jun 20, 2008 at 07:22:40PM -0700, Peter_APIIT wrote: I think this command may help you. lsof. On OpenBSD, fstat(1) is often more interesting. As an added bonus, it's in base. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Why Perl for pkg_* tools ?
On Fri, May 23, 2008 at 01:42:05PM +0200, Almir Karic wrote: On Fri, May 23, 2008 at 9:37 AM, Marc Espie [EMAIL PROTECTED] wrote: As far as perl goes, it's about the only language that fit the bill. The older pkg_* were totally impossible to maintain and extend, and I needed a sensible script language that was in base. at the risk of starting a flame war, considered python? beside not being in the base, any other downsides for this particular task? That's a pretty big downside. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Unbound: a validating, recursive, and caching DNS resolver
On Wed, May 21, 2008 at 02:09:23PM -0300, Andr'es wrote: I just read about this project, might be of interest: http://unbound.net/ It's developed by Kirei, NLnet Labs, Nominet, and VeriSign; and released under a permissive free software license: http://unbound.net/svn/trunk/LICENSE I read about it at: http://tech.slashdot.org/tech/08/05/21/0153201.shtml Original source for the article: http://www.networkworld.com/news/2008/052008-open-source-dns-server.html And jakob@ has already made a draft port[0] available. There's still time to follow up on ports@ with test results. [0] http://www.schlyter.se/jakob/openbsd/unbound.tar.gz http://archive.netbsd.se/?ml=openbsd-portsa=2008-05m=7431665 -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *-[ BSD: Live Free or Die ]*
Re: Forcing ports install
On Wed, Apr 02, 2008 at 10:33:00PM +1000, N J wrote: Basically my question is how do I get the port to install without having to remove then old package and dependencies first? I'm trying to build pidgin out of the ports tree. See bsd.port.mk(5) -- specifically, look at the update (or reinstall) target. Folks using ports should be pretty familiar with things like bsd.port.mk(5) and ports(7), though. Is there a reason you're not using packages from the mirrors? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Possible discrepancy between sshd_config(5) and ssh-agent(1)
On Thu, Mar 13, 2008 at 02:07:57PM +0200, Lars Nood'en wrote: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agentsektion=1 ssh-agent(1) ... -t life Set a default value for the maximum lifetime of identities added to the agent. The lifetime may be specified in seconds or in a time format specified in sshd_config(5). A lifetime specified for an identity with ssh-add(1) overrides this value. Without this option the default maximum lifetime is forever... Both this reference and the quoted reference in ssh-add(1) refer to a _time format_ defined in sshd_config(5), not a keyword. Look in sshd_config(5) under TIME FORMATS. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Best way to automate administration of multiple servers
On Wed, Nov 14, 2007 at 07:45:06PM +1100, Mikel Lindsaar wrote: 1) Create images or post install diffs so that if I need to add a blade to expand, I put it in, connect via the console, install via PXE and then download the diff - I know you can do this wth the post install scrips in OpenBSD's install script, but any real world use of this, things to avoid or good things to do? cfengine[0] (which we use at work to manage ~500 Linux machines) or radmind (which I use at home to manage my OpenBSD servers, workstations and laptops). There are at least two schools of thought on how one should manage 1 machine. cfengine is the most popular convergent tool, where you specify an ideal state using a declarative language and the clients iterate towards that state. radmind is the most useful congruent tool, where you specify (or directly imply) the exact sequence of operations that each client must perform to reach an ideal state. I've used both approaches for years, and I greatly prefer radmind both for its simple design and the implicit guarantees of congruence. See below for references on each: http://www.cfengine.org/papers.html http://www.infrastructures.org/papers/turing/turing.html 2) Keeping 10 - 20 copies of OpenBSD up to the latest patch levels without having to do more than trial on one (for each type) and then for the rest type something as trivial as /bin/sh -x update.sh rotating through the servers and testing as you go? I can see myself spending two days a month otherwise doing upgrades on all the servers. Same as above. 3) Guides on how to manage the logs of this many servers. Any experiences with splunk on this sort of environment, other options? Log centrally using syslog; syslog-ng is a well-used central log server. [0] http://www.cfengine.org/ [1] http://rsug.itd.umich.edu/software/radmind/ -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Best way to automate administration of multiple servers
On Wed, Nov 14, 2007 at 02:30:34PM +, Edd Barrett wrote: On 14/11/2007, Mikel Lindsaar [EMAIL PROTECTED] wrote: Hello all, I want to automate handling them as much as possible and would like some list suggestions on reading materials, software, or web howtos. The multixterm program that comes with expect is useful for ssh'ing to lots of machines and running the same commands on them all. See also sysutils/clusterit, which has several tools useful for this purpose. I use dsh to run oneliners on groups of machines, though you can use it interactively, too. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Looking for something similar to screen-command
On Wed, Sep 12, 2007 at 01:50:00PM +0200, Jon Sjostedt wrote: I have installed BitTorrent-4.2.2 on my 3.9-box. With this i would like to start file sharing on a console, logout, login later and reattach to the console of the BitTorrent-4.2.2 session. AFAIK this is done in most Linux-distros using the command screen, but how can I do it in BSD? You can install the screen package? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: pkg_add can't install a package
On Fri, Aug 17, 2007 at 11:48:34AM +0300, Tomas wrote: I'm having some trouble installing clamav-0.90.3.tgz package. I'm using OpenBSD_4_1. My steps: 1. export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386 2. sudo pkg_add -v clamav-0.90.3.tgz And I have this error: parsing clamav-0.90.3 Can't install clamav-0.90.3 because of conflicts (.libs-clamav-0.90) ^ Error from ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/: ftp: -: short write 421 Service not available, remote server has closed connection. /usr/sbin/pkg_add: clamav-0.90.3.tgz:Fatal error Use pkg_delete(1) to remove the .libs- package. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: pkg_add can't install a package
On Fri, Aug 17, 2007 at 12:58:34PM +0300, Tomas Stankevicius wrote: But then again... Why .libs-clamav-0.90 was left behind when I removed clamav-0.90.tgz with pkg_delete ? This has been covered in the archives[0]. When you delete a package that may still have shared libraries in use by other packages, a .libs stub is kept for compatibility purposes with older stuff. [0] http://marc.info/?l=openbsd-miscm=117742456031949w=2 -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: howto set global environment variable (e.g. PATH, JAVA_HOME)
On Wed, Aug 08, 2007 at 06:09:16AM -0700, pixotec wrote: but I want it for all users: 1. could change all .profile-files of all users: no thanx ;-( (and change /etc/skel/.profile for future new users) This would work. 2. change /etc/login.conf ??? This would also work (see login.conf(5)). 3. create /etc/profile, change all existing .profile of users (to source /etc/profile) and change /etc/skel/.profile As would this. 4. change /etc/ksh.kshrc and create .kshrc sourcing /etc/ksh.kshrc for all users (and in /etc/skel...) And this. IS THERE A EASY WAY (change only on central file for all users) TO SET THEM? Well, choose whichever of the above is easiest for you. Based on your criteria, it seems that modifying login.conf would require the fewest keystrokes. I prefer to provide a global/site profile or shell init script and allow users to source it if they'd like, but that fits my site's policies well; depending on what you do and where you work, loginf.conf(5) may be more appropriate. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: How to track port updates in stable?
On Fri, Aug 03, 2007 at 06:35:51PM -0500, Todd Pytel wrote: I don't spend as much time following OpenBSD as I used to, so perhaps I'm missing something. But there used to be a ports-security mailing list used for announcing updated ports. That list doesn't exist any more, or at least doesn't appear to have had anything posted to it in a very long time. It exists, but is inactive. Is there some other official way to track changes to ports? By looking at the output of `cvs up`? By watching commits via [EMAIL PROTECTED] I do both, and find it sufficient. Absent that, has anyone come up with a simple hack to feed to cron to accomplish the same thing? I pull updated ports and src daily via cron, and read (ports|source)-changes@ for commit messages, etc. Does that not achieve what you need? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Secure Network File System - Or Lack Thereof
On Sat, Jul 14, 2007 at 02:41:40PM +0200, Landry Breuil wrote: man -k afs seems to say that AFS is in base, using ARLA implementation. This is true, but ARLA doesn't have a production server implementation available. The AFS client is great (and obviously) interoperates with OpenAFS servers). (and OpenAFS is in ports) This port is a bit broken, IIRC, and out of date. I spent a week or two a few months ago trying to update the port, but it's non-trivial. It would be great to update it, but I wasn't really making progress. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: dhcp question
On Tue, Jul 03, 2007 at 02:45:00PM +0100, mgb wrote: So if I defined a large pool of IP addresses in dhcpd.conf that would avert the problem described above, however I'm struggling to think of a solution on how would clients would request the correct configuration file? and how could I handle new clients replacing broken ones with regard to dishing out the correct configuration file? Use lladdrs, not IP addresses, to name or serve the files. This is how most PXE setups work. See pxeboot(8) for some discussion. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Rename multiple files at once
On Wed, Jun 27, 2007 at 02:37:07PM +0200, Pieter Verberne wrote: How do I rename multiple files at once? This is a function of your shell, not mv. See ksh(1), zsh(1), etc... Alternatively, you could write a simple script/function to address the same problem: for FILE in *jpg; do NEW=$(echo $FILE | sed -e 's/\.jpg$/_thumb.jpg/') mv ${FILE} ${NEW} done -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Double mails from mailing list
On Wed, Jun 27, 2007 at 04:57:17PM +0200, Pieter Verberne wrote: I'm getting some mails double from [EMAIL PROTECTED] In the header is this: X-Loop: misc@openbsd.org Does that say enough? Some people are setting To: to misc@openbsd.org and adding you to the Cc:. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: ps wrapping
On Tue, Jun 26, 2007 at 02:28:37PM -0400, Nick Guenther wrote: Is there anyway to make ps format its output to not cut off lines at the edge of the screen? Is have a long command line I'm trying to remember and I can't see it all. I tried -o command but it's still too long. ps(1): -w Use 132 columns to display information, instead of the default, which is the window size. If the -w option is specified more than once, ps will use as many columns as necessary without re- gard for window size. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: telnetd ?
On Mon, Jun 25, 2007 at 02:59:58PM -0400, stan wrote: Yes, I know it's a bad idea, but for reasons beyond my control, I need to provide a telnet service on an OpeBSD 4.0 machine. Unfortunately there does not seem to be a telnetd built by default. How can I get this daemon built? Search the archives... http://marc.info/?l=openbsd-miscw=2r=1s=telnetdq=b? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Locations of stable ports vs current ports
On Wed, Jun 20, 2007 at 10:05:25AM -0700, Joe S wrote: This site has a nice interface to ports: http://ports.openbsd.nu/ But they ports it says are in OpenBSD are not in my tree. Is this site showing current only? That site isn't run by the project; I assume it follows -current, but you could check their FAQ (or compare file revisions). The cvs website on openbsd.org (http://www.openbsd.org/cgi-bin/cvsweb/ports/) also has the www/rt port. Is the cvs website showing current too? cvsweb will show you whatever you want it to. Look for the 'Show only files with tag' button at the bottom, and select the version you're interested in. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: OpenBSD and Kerberos Client
On Tue, Jun 05, 2007 at 01:59:07PM +0100, [EMAIL PROTECTED] wrote: Any chance you could help write up some documentation? Kerberos on OpenBSD doesn't really have any good docs that I could find. Maybe I could then retry this effort in the future. For expediency though, I will have to reinstall with RedHat as it only takes 5 minutes to get it working as a kerberos client. I set up a Heimdal kdc and several OpenBSD clients with krb5 auth in about ten minutes based on the info page. What, exactly, is lacking in the documentation? I'm no fan of info pages, but Heimdal's covered all the topics I needed to get set. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: OpenBSD and Kerberos Client
On Tue, Jun 05, 2007 at 03:16:06PM +0100, [EMAIL PROTECTED] wrote: I don't have the audacity to do anything. The email signature is defined through company policy and tacked on by the M$ Exchange Server on the way out. I have no say and only see it when I get replies to my email. Have you considered getting a free mail account somewhere else and using that for your non-work correspondence? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: issues starting wmii window manager
On Sun, May 20, 2007 at 12:21:16AM +1000, atstake atstake wrote: I just installed wmii window manager on 4.1 on i386 but when I try to start by typing wmii it says - wmiiwm: cannot open display However, I can start fvwm fine by typing startx in the console. And /usr/X11R6/bin in my $PATH xinit(1), startx(1); specifically, look at ~/.xinitrc. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: www.openbsd.org (and vs openbsd.org)
On Fri, May 11, 2007 at 12:10:13AM +0200, Martin Toft wrote: Nobody answered my second question though :) Maybe nobody knows the answer? :) Summary: I was once told not to use openbsd.org; it was said that www.openbsd.org was the only valid site (ignoring mirror sites). Is this just bullshit? Yes, it's bullshit, and yes, Theo answered your question. www is a mirror. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Webservers with Terrabytes of Data in - recomended setups
On Fri, Apr 20, 2007 at 09:03:54AM -0500, Jacob Yocom-Piatt wrote: from my observations redundancy is the biggest problem with NFS and that its ability to efficiently serve up data is more than ample. Redundancy is certainly a problem, but lots of US HPC and distributed computing sites have severe scaling problems with NFS. High r/w traffic has killed several file servers in projects that we work with, and it sucks big time. I don't know anyone who's happy or excited or confident in their HPC NFS deployments; everyone I've talked to hopes for a real solution to this problem. ;) If the OP's use case involves lots of writes (especially from many clients), I'd be concerned about NFS' ability to keep up. Then again, I've had problems with pretty much all of the network filesystems (including AFS, though it's the least bad in my experience). I'm still waiting for Ceph[0] to mature (and to shed its linuxisms). ;) [0] http://ceph.sf.net/ -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Problem: Raid mounting root as read-only, and not from the partition desired...
On Sat, Apr 07, 2007 at 12:11:23PM -0700, Merp.com Volunteer wrote: Considering all the workarounds to even just getting python/zope/plone to install, let alone the list of other bugs/issues related to that config on openbsd (that hasn't been an issue on other bsd and nix setups for us), as well as the scattered knowledge/experience of openbsd in the volunteer group (whereas most are familiar with Linux), should we just abandon the entire effort of converting to openbsd and just stick with Linux? You sound like a Linux shop. It doesn't sound like your group has sufficient background to migrate whole-hog to OpenBSD (or Solaris, or AIX, or Windows). What problem are you trying to solve by migrating to OpenBSD? Or will there be sufficient support from the openbsd community to help us get through the entire trainsition to openbsd? This list (and the other various parts of the user and developer communities) is a great resource, but it shouldn't be part of your migration plan. From what you've described, OpenBSD is a fine technical solution to your problem. But with your group, it doesn't sound like you can make it work in the time you have. Migrations are big, scary things, and they need planning and experience. Even a great list like this can't be the cornerstone of your plan. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
cron doesn't run commands in /etc/crontab?
According to cron(8), cron should be able to read commands from a properly formatted and chmoded /etc/crontab file. I've created such a file, but I can't seem to get cron to run the test command in it. # cat EOF /etc/crontab */1 * * * * /usr/bin/touch /tmp/crontest EOF # chmod 0600 /etc/crontab cron then successfully loads the changes made to that file: Mar 28 07:23:01 lass cron[11652]: (*system*) RELOAD (/etc/crontab) I can also verify that the system file is loaded by watching the output of `cron -x load`. The command is valid per crontab(5) and works when inserted in root's tab using `crontab -e`. After the system tab is reloaded, cron fails to run any commands listed there: no CMD messages are logged (or seen in the debugging output) and the file is never touched. I've tried to get this to work on a semi-recent -current/i386 as well as the latest snapshot (also i386) with no luck. I browsed the code, but didn't see any obvious problems. Any ideas? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: cron doesn't run commands in /etc/crontab?
On Wed, Mar 28, 2007 at 03:58:35PM +0200, Paul de Weerd wrote: Reread crontab(5), the /etc/crontab has a slightly different format (to specify username). Oh. ;) Quite right -- thanks for the cluestick. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Problem on installing new packages
On Mon, Mar 26, 2007 at 11:31:56PM +0800, Stephen Liu wrote: On 2007/03/26 23:14, Stephen Liu wrote: 250 CWD command successful ftp exit 221 Goodbye try 'ls' too; it will open a data channel. certain firewall/nat-related problems will allow the command channel to open but not the data channel. # ls .Xauthority .cshrc .klogin .login .profile .ssh Other noted wit tks. Is that in a shell? or during your FTP session? Simply running /bin/ls in your shell isn't helpful. Stuart wanted you to use FTP's data channel to make sure that you could fully communicate with the server. I doubt he cares what files you have in your home directory. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: sshd.config and AllowUsers
On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote: I want to add something like this: AllowUsers user1, user2, user3 I added that in but also with an # in front like all the other entries. Now I find that I can still ssh to the box with a user acct that I didn't include in the entry. Should it be in there without the #? Yes. sshd_config(5) And if so, do I also then have to uncomment all the other entries?? No, they're the default settings. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Can OpenBSD do what BusyBox does?
On Wed, Mar 21, 2007 at 11:04:32PM +1100, Sunnz wrote: I doubt if OpenBSD can be replace it on the router... but if you has done so it be cool to know how you made it work. It would help if you mentioned what hardware you're running on... OpenBSD is an operating system; Busybox is a single executable that rolls many common *nix utilities into one. They're totally different things. Busybox doesn't have a kernel or a packet filter (or a web server, or a...), so I don't know what the point of comparing them is. If you want to run OpenBSD on your router, you'd need to tell us what hardware you're using, though I haven't heard of anyone installing OpenBSD on something like the Linksys WRT54G. If you want to run an OpenBSD router, grab a Soekris or an old i386 and install OpenBSD on it. Many, many people do this; it works well. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: packages question
On Mon, Jan 29, 2007 at 02:56:44PM -0800, Daniel E. Hassler wrote: Is it reasonable to assume all of the dependencies for a package should also be available as either packages or via ports? Yes. Some ports have licenses which prohibit redistribution as packages, though, so N(ports) N(packages). I'm trying to install p5-Mail-Box-2.018. - p5-Mail-Box-2.018:Can't find p5-Convert-BinHex-1.119 I can't find p5-Convert-BinHex-1.119 in either packages or ports. p5-MIME-tools-5.420 has the same dependency. How are you looking? $ man 7 ports $ cd /usr/ports $ make search name=BinHex Port: p5-Convert-BinHex-1.119p1 Path: converters/p5-Convert-BinHex Info: module to extract data from Macintosh BinHex files Maint: The OpenBSD ports mailing-list ports@openbsd.org Index: converters perl5 L-deps: B-deps: R-deps: Archs: any -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Virtualisation on OpenBSD?
On Wed, Jan 24, 2007 at 08:02:01AM -0800, Lawrence Horvath wrote: I tried looking for source but was unable, vmware is a closed source as far as i can tell(please correct me if im wrong, as i like to get hold of the source) when i was looking for it online you have to download the binarys, and you have to email in for a serial number to use it, they also have higher up pay-for versions, with more features VMware is closed source. http://www.vmware.com/download/eula/workstation.html -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: p5-MIME-tools-5.420.tgz
On Wed, Jan 17, 2007 at 06:36:31PM -0800, sausted wrote: I am trying to install p5-MIME-tools-5.420 using pkg_add but I keep getting the following error: p5-MIME-tools-5.420:Can't find p5-Convert-BinHex-1.119 /usr/sbin/pkg_add: p5-Convert-BinHex-1.119:Fatal error I am new to OpenBSD...could someone help me? Did you read the FAQ[0] and pkg_add[1] man page? Is PKG_PATH set correctly in your environment? [0] http://www.openbsd.org/faq [1] http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add, pkg_add(1) -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Groklaw artical about the BSD license
On Tue, Jan 16, 2007 at 10:44:54PM +0100, Vim Visual wrote: btw are you using X? and if so, which wm? most of them are under the gpl, right? this must hurt if you're such a bsd license defender... Stop baiting the list. Also, not that it's related to anything, but there are a number of BSD-licensed WMs, several of which can be found in the ports tree. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: revision control system for system administration
On Wed, Dec 20, 2006 at 02:31:09PM +, Brian Candler wrote: That makes a lot of sense. But enforcing that policy might be difficult. This is important if you're relying on your gold server for disaster recovery purposes - if the target machines had some change made which nobody remembers and weren't reflected in the gold server, then any freshly-built machines will be non-functional. This is a cultural problem, but there's an adequate technical solution: aggressively sync the client machines. Admins quickly learn to make changes in the central when their changes get blown away every hour. At my last job, we used cfengine to manage a handful of Solaris zones that bounced around a cluster of machines. Each zone would be built and destroyed every time it moved from one machine to the other, so any non-cfengine changes made to the system would be lost. We hadn't been using cfengine for very long, but everyone picked up on it quite rapidly. ;) cfengine (and other configuration management thingies, I suppose) can alert you when key files change. So if someone's mucking around with /etc/rc on the machine, cfengine can back it up, put in the 'gold' copy, and whine about it. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: revision control system for system administration
On Tue, Dec 19, 2006 at 03:00:04AM -0700, Clint Pachl wrote: I would use a dedicated, highly secure and always backed-up box to store/manage a central repository (CVS/SVN). This repos will hold all the necessary bytes (binaries, config files, ports, etc.) to re-image any machine from scratch. Each node on the network would then pull everything it needs from the central repos using method X. That's the part I'm trying to figure out. I want the whole automation system to be simple and would like to use only default tools. I think I understand the reason why you want this ('only default tools'). That said, there are good reasons that specialized tools exist to solve this problem: it's complex. You want your install and configuration management system to be robust; something hacked out of whatever happens to be in base seems potentially quite fragile. A pull-only system assumes that the clients actually pull. What if they don't? How do you know when their last successful pull was? If all they're doing is pulling, do you need eg one pf.conf file per client? How many clients do you have? How many might you have in a year? two years? Using a client imaging system as the sole configuration management system is heavy-handed and inflexible -- you'll find lots of situations where you want more control over who gets what file (or what action occurs where). cfengine was mentioned elsewhere in this thread, and it's the most prominent FOSS configuration management thingy that I'm aware of. It's got warts, but it's widely used and mostly solves the problems you're looking to solve. I've worked at large sites that used cfengine, and large sites that used hacked imaging systems based on rsync or rdist. I quickly came to understand and appreciate _why_ cfengine exists, even if I also started a list of Things I Don't Really Like About CFengine. It's a mixed bag, but in my experience, the warts are worth it. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: revision control system for system administration
On Tue, Dec 19, 2006 at 05:44:45AM -0700, Clint Pachl wrote: So your're saying cfengine would need to be included in an install set, such as base40.tgz or some custom install set in order to be used in a base install (an obvious yes)? So how do we automate to that point? I would like to automate the install process, as well as the upgrade process. What do you do when you need to install 50 machines? I may be wrong, but if cfengine can take me from a bare bones system to a fully function server, let me know. I assume you've already checked the FAQ: http://www.openbsd.org/faq/faq4.html#site http://www.openbsd.org/faq/faq4.html#Multiple I am currently working on the automated install script and it is fairly simple. In fact, once it is setup and talking to a central repository for install purposes, making it also perform system updates will be a breeze. cfengine isn't an automated installer; it's a configuration management thingy. At my previous job, we used kickstart (solaris) and FAI (debian) to automate the installation, and cfengine to manage post-install configuration. I will look into cfengine. I always figured it was one of those bloated apps that did about 90% of what you needed, dropping the ball on the last and most complex 10%. For that last 10% you usually end up building a custom solution. Can others comment on cfengine? How many managed boxen? What are its quirks, pros, cons? We manage several thousand compute and storage nodes in a dozen or so labs with cfengine in our grid; in my department, we manage maybe 600 CPUs. We use it to install complicated software (eg dCache, which requires java and postgres and all sorts of badnesses), sync user accounts/uids, etc. cfengine is the best thing available, but it's not perfect. I've looked briefly at the obvious alternatives (bcfg2, puppet), but wasn't impressed. radmind (also in ports) might work for some sites; I haven't had time to really evaluate it. I and others have already mentioned some benefits of cfengine -- other advantages should be obvious by now. As for drawbacks, you should know that cfengine is declarative, so some procedural tasks (like, in our case, installing dCache) are a bit trickier than I wish they were. There are some problems with the upstream code, too (string handling) that have been kludged-around in the OpenBSD port. Lastly, cfengine2 has been evolving for a while, so it's a bit crufty and at times befuddling. cfengine3 will (hopefully) address this problem with a rewrite, but that's still years away. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: revision control system for system administration
On Tue, Dec 19, 2006 at 06:23:16AM -0700, Clint Pachl wrote: I'm not so convinced it is that complex on a homogeneous OpenBSD network. OpenBSD is a very manageable system, such as the entire OS contained in compressed tarballs for easy extraction and the flexible ports system. Both of these entities are easily scriptable. Then all there is to worry about is system configs and custom binaries, which can be easily managed by CVS. A hierarchal CVS structure can be built to mange global (all nodes in network), group (groups of similar servers), and single (things specific to a node, like /etc/myname) nodes. You apply global settings first, overwriting with more specific settings. You now have an asston of files to keep track of. We did this _exact thing_ using rsync at my previous job. It sucked. We moved to cfengine. It sucked less. If you implement a push system, how do you know if something was actually pushed? What if something was pushed, how do you know the pushee did the right thing with what it was given? This argument goes both ways, but solved simply. A system should report what it does after it pushes or pulls. The other end should also report. So if the results show someone is pushing, but no one is pulling or visa-versa, you have a problem. This system could be implemented using mail or central syslog. My point wasn't that it's not possible, but that you have to do it yourself. There are lots of details that make these management systems reasonable; if you're building your own, you've got a lot of work cut out for you. And if you make a mistake, things hit the fan rather quickly. It's not fun, and, in a lot of cases, not necessary. [...] This is what I don't like to hear: as you say, It's got worts..., mostly solves the problems.. Why not build something that has no worts and solves all problems all the time to your specs. And most importantly, I use OpenBSD because of its simplicity and robustness and I like my tools to act the same. I guess I haven't heard enough good about cfengine to pique my interest in it. I gave up looking for perfect software a long time ago. Everything I use -- including OpenBSD -- has bugs. I accept that. I agree that finding the simplest solution to a problem is a good approach, but I haven't found that designing and implementing a brand new configuration management scheme is ever a simple approach, and I've designed a couple in-house ones before. These days, I look for what sucks the least, and improve it as best I can to meet my needs. There are presentations every year at conferences like LISA about the state of configuration management, and it's getting better. But all of those systems have problems, and the one you plan to build will have problems, too. People have been working on this for decades, now, and it's not an easy problem to solve. Perhaps your site/case is relatively straightforward and you can come up with a compact solution that works for you. That'd be cool. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Errors Compiling OpenOffice
On Sun, Dec 17, 2006 at 08:22:05AM -0500, Jim Michael wrote: I apologize. I incorrectly reported that I am using stable. I did upgrade ports to -current on 12/16 before make install. Did you also upgrade your base system to -current? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: how to get new port versions when following 4.0-patch
On Mon, Dec 11, 2006 at 01:12:15PM +0100, Robert Urban wrote: Is there any supported way of getting 0.88.6 via ports? If you're following the -stable branch, you will receive security (and, as of late, some feature) updates to your ports tree. If you want/need a feature that isn't backported to -stable but is in -current, you have to do the (unsupported) backporting yourself. Or are people running production systems installed from -RELEASE versions never supposed to benefit from newer port versions? You get the new ports when you update your system to the next release. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: submit.cf
On Tue, Dec 05, 2006 at 10:04:25AM -0800, stupidmail4me wrote: What exaclty is this file for? I know that localhost.cf is the default an doesn't accept connections from the outside world. sendmail.cf is for accepting connections to the outside world. But I can't find anything about submit.cf that explains exactly what it does. /usr/share/sendmail/cf/submit.mc will make it clearer. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Links sources and GPL
On Mon, Dec 04, 2006 at 04:56:46PM +0100, Karel Kulhavy wrote: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, I didn't find a copy of source code in the .tgz. The FTP directory doesn't seem to contain source code of Links and it doesn't contain a README saying where the source is to be downloaded. All distfiles (that can be mirrored) are mirrored at ftp.openbsd.org. I came to this by chance when I was searching for the source of Transcode distributed with OpenBSD, but couldn't find it. That is available in the same place. Modifications to the source are available in the port directory (in patches/), which you can download as ports.tar.gz. This seems to fulfill the GPL's requirements to me (though I haven't read the license in full for a few years, now). -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Why Sendmail?
On Thu, Nov 23, 2006 at 01:32:29PM +, Conrad Winchester wrote: I do have one question though and I apologize if people always ask this: At the end of the install I asked whether I want to run sshd and ntpd by default - very nice BUT why am I not given the option to turn off Sendmail at this point? So that mail delivery works? OpenBSD has a number of useful automated reports enabled by default which provide you with important information, among other reasons. I NEVER use sendmail Do you use a different MTA? That's fine -- sendmail is the default MTA, but you can easily install others (eg Postfix) using precompiled packages. In most cases, you simply run 'newMTA-enable' and clean up a few loose ends. See the installation message for your MTA of choice for more information. and for an OS that prides itself on being as minimal as possible I would have thought giving you the option to not run sendmail would also be there right from the start. IANAD, but...the goals[0] of the OpenBSD project are pretty clear, and minimalism isn't explicitly one of them. Providing an audited and specific featureset in the base distribution makes the task of securing the whole system easier, but 'shipping the least stuff' isn't in itself a goal (AFAICT). Sendmail is there as a convenience, as is a heavily modified Apache. If you don't need them, or want different MTAs or web servers, the package system gives you plenty of easy options. As you're new, I'll also plug the FAQ: http://www.openbsd.org/faq/ In fact, this _very question_ is answered in the FAQ[1]. It helps to check the FAQ and the mailing list archives first if you have a question. You'll also find the man pages handy. [0] http://www.openbsd.org/goals.html [1] http://www.openbsd.org/faq/faq1.html#HowAbout -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: ports installing files in /etc?
On Sat, Nov 18, 2006 at 02:35:27PM +0100, Igor Sobrado wrote: I suppose that configuration files were on a different directory, as in NetBSD. As both NetBSD and OpenBSD are using the same tools to manage ports/packages, and I am certainly accustomed to /usr/pkg/etc on NetBSD, I supposed it was an error on these packages. OpenBSD and NetBSD do not use the same tools to manage ports and packages. As I said, it is a certainly unusual behaviour and it is not described on the pkg_* manual pages (though!). As I did not find a comment on this behaviour on pkg_add(1), but there are detailed notes on the use of /usr/ports, /usr/local, /var/db/pkg and so on I supposed I did a mistake installing the packages. Look at hier(7): /usr/ Contains the majority of user utilities and applications. [...] local/Local executables, libraries, etc. Also, look at packages(7): [...] Some packages installation scripts will also create new configuration files in /etc, or need some working directory under /var to function cor- rectly (e.g., squid, or mysql). This is well documented; as you noted, there's even a helpful FAQ entry. I read a lot of documentation on the utilities for managing packages on NetBSD, where /usr/pkg/etc is used. I expected the same behaviour on OpenBSD. Why would you expect that? I just asked because this behaviour is not documented on the man pages and it is certainly different to the way pkg_* works on NetBSD (where there is a different /etc for the packages). Assuming OpenBSD works just like NetBSD will make things hard for you. Read the FAQ and man pages, and trust pkg_info(1). -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Disable rsh or not?
On Sat, Nov 18, 2006 at 06:58:13AM -0800, Maverick wrote: I am quite new to OpenBSD so i am reading the book Mastering FreeBSD And OpenBSD Security The FAQ and man pages are authoritative; books can be useful, but quickly fall out of date. It said Your rsh/rlogin daemons (that for some crazy reason you didn't disable yet) will now permit root logins from any system with no password Is that mean i should disable rsh ? Or disable rlogin ? Did you check that these were even enabled on your system in the first place? They're not on mine: $ grep -i rsh /etc/inetd.conf #shell stream tcp nowait root/usr/libexec/rshd rshd -L #shell stream tcp6nowait root/usr/libexec/rshd rshd -L -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: packages
On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote: Hi, is there any way I can find out the entire list of files (and dependencies) needed before installing a given package? Let's say I want to add wget to openbsd. I export the PKG_PATH to the appropriate mirror, then type pkg_add wget. This will do the installation of wget and all dependencies, but I would like to know before the actual installation what files are needed (if possible of course). First, ftp(1) does much of what you get from wget(1), and is included in base. As to your question, pkg_add(1) suggests: [...] -n Don't actually install a package, just report the steps that would be taken if it was. As espie@ noted in a previous thread on this topic[0], you can just install pkg_add on the system with the nice network connection and use PKG_CACHE to download the files. See also pkg_info(1), though package signatures will give you more information than you're probably looking for: [...] -S Show the package signature for each package. This signature is a unique tag showing the package name, and the version number of every dependency and shared library necessary to build this pack- age. If you have a ports tree handy, you could also use the 'print-run-depends' or 'describe' make targets documented in bsd.port.mk(5) and ports(7). My reason for this is so that I can generate a complete list of files needed to download for a given program, run over to a computer with high speed, download, run back to my computer, dump the files in the correct directory (/var/db/pkg) and then install the package. Don't do that. You can use pkg_add(1) on local files, too, you know. $ sudo pkg_add all the packages you downloaded at your friend's house This is a rather common question -- search the archives next time. [0] http://marc.theaimsgroup.com/?l=openbsd-miscm=115041186327151w=2 -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Firewall partially failing with high traffic
On Tue, Nov 14, 2006 at 09:28:47AM -0700, Chris Cameron wrote: Upgrading isn't an option. I mean it is, but as soon as I say Don't know, lets just upgrade, that's a major hit to something that was tough to get in in the first place. This will be a Firewall-1 shop again quite quickly and any future thing I recommend isn't going to have much weight. You need to upgrade anyway to properly keep up with security updates. You're now running a system that is no longer supported; upgrading to a supported system is a Good Thing regardless of the issue you're currently dealing with. As a bonus, things generally get better and 'more fixed' with each new version and, as Tobias says, there's a good chance the problem you're running up against is resolved. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: where is unarj-2.43?
On Sat, Nov 11, 2006 at 08:07:24PM -0600, Default User wrote: Okay, I give up. Where is unarj-2.43 in the OpenBSD 4.0 i386 packages? Clamav seems to need it, but pkg_add said it could not be found. Is it indeed missing? Look at the port's Makefile. http://www.openbsd.org/cgi-bin/cvsweb/ports/archivers/unarj/Makefile Blame upstream. If you need the package, you get to build it yourself. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Error in php5-gd-5.1.4 packages for OpenBSD 4.0
On Thu, Nov 09, 2006 at 05:00:34PM +0100, Anders J wrote: I think something is wrong in the php5-gd-5.1.4 packages (all flavors) The dependency can't be satisfied (see below) and i find only freetype-1.3.1p2.tgz and not freetype.13.1 in /4.0/packages/i386 It's not a package dependency; freetype.13.1 is provided by the X install sets. Read the FAQ. http://www.openbsd.org/faq/faq15.html#PkgInstall If you're still confused, read the port's Makefile. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Shared library without SHARED_LIBS:
On Tue, Nov 07, 2006 at 11:04:26AM +0100, Badbanchi Hossein wrote: Tried to install the 3.8 package. Didn't work since the 3.8 packages are linked against 3.8 libraries. This is documented in the FAQ; it's unsupported. Next installed 3.8 ports.tar.gz on my 3.9 OpenBSD, and tried make build key=mysql-server-4.0.24p1. ports(7); key=... is not used. The process stops by creating the mysql-client-4.0.24 package, with the following message: This, too, is documented in the FAQ; it's unsupported. [...] Have tried all I could think of, and have done much googling, but no chance. In all your googling, you didn't find the FAQ entries that make it clear that what your doing isn't supposed to work? From the list of what I have already tried: 1) Added #SHARED_LIBS= ??? to /usr/ports/infrastructure/templates/Makefile.template. bsd.port.mk(5); Makefile.template isn't read by anything. Moreover, how could adding a comment affect anything? The right way to do what you want to do is to build the old MySQL yourself. Better yet, fix/ditch the software that requires the old MySQL. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Large scale deployments
On Thu, Nov 02, 2006 at 08:10:50PM -0500, Michael Lockhart wrote: 2. Command and Control. What projects or capabilities are available for performing remote command and control over services, packages, and system health? Currently, all push/pull is done with perl/sh scripts to bring files over, sanity check, install, update, etc. I've been leaning towards creating a daemon that runs on each system and has a secure connection back to a centralized location for determining if updates are available. My proof of concept works, but thoughts on how to do this right are GREATLY appreciated. I've used cfengine on large (500+ nodes) Linux clusters. There lots of things I wish were better in cfengine, but I haven't found a more capable tool. For one-time mass administration tasks, I use dsh from sysutils/clusterit, though the scenario you describe above seems cfenginy to me. 3. Remote upgrading. Going from 3.2 - 3.8 or 4.0 is going to be very difficult, and the approach that I am taking right now is creating a bsd.rd based kernel/image that will boot fully into memory, and contain the appropriate scripts to re-initialized the disks, rsync/scp/ftp/get/whatever the new base image and kernel over, then reboot, and go into the new image, and perform the rest of the upgrade from there. Has anyone done something similar to this or know of any projects along these lines? Upgrading from 3.2 to 4.0 is going to be a headache. The clusters I've worked in have all used network filesystems (mostly AFS) for most data storage; reimaging a node has never cost much. Combined with a well-thought-out configuration management system, and major upgrades seem like less of a problem. Of course, you need to vet your new system image with your applications first. I sure wish I had 600 OpenBSD boxes to worry about...Scientific Linux is a headache. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: pkg_add(1) over ssh(1)?
On Wed, Nov 01, 2006 at 07:45:16PM +0100, Andreas Bartelt wrote: is there any documentation about using pkg_add over ssh available yet? pkg_add(1); look for 'scp://'... Can this feature be used with some of the official mirrors? If you have ssh access on them, sure. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: update automaticly
On Thu, Oct 19, 2006 at 09:28:23PM +0700, sonjaya wrote: i have script for update automaticly here: # cat /root/update_part1.sh #!/bin/csh cd /usr/src setenv CVS_CLIENT_PORT -1 setenv CVSROOT [EMAIL PROTECTED]:/cvs cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd date /root/update_part1.log when i try run that script get error such like this : # sh /root/update_part1.sh /root/update_part1.sh[3]: setenv: not found /root/update_part1.sh[4]: setenv: not found cvs update: CVSROOT -q must be an absolute pathname cvs [update aborted]: Bad CVSROOT. sh(1) isn't csh(1) -- if you run `sh your_csh_script.sh`, sh ignores the interpreter line and tries to run the script itself. sh doesn't use setenv, which is why you get 'setenv: not found.' If I were you, I'd write the script in sh. csh has long been considered harmful, and isn't very much fun to write. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: ports question
On Wed, Oct 11, 2006 at 03:28:08PM -0700, Bryan Irvine wrote: Sometimes these get installed as a dependency of another app though and so the screen just keeps right on trucking and you don't have time to read it. Is there some command or somewhere you can go to see what the message was? $ man pkg_info $ pkg_info -D python-2.4.3p0 Information for python-2.4.3p0 Install notice: If you want to use this package as your default system python, create symbolic links like so: ln -s /usr/local/bin/python2.4 /usr/local/bin/python ln -s /usr/local/bin/pydoc2.4 /usr/local/bin/pydoc -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: File system monitoring: another PCI cert requirement question
On Mon, Oct 09, 2006 at 04:07:52PM -0400, stuartv wrote: In the company I work for's ever expanding quest for PCI certification, I am told that we are required to have in place something to monitor all system files and log files for changes. Does anyone have any suggestions on software to do this? I am currently looking at Osiris but would like some input as to what is out there and actually being used by people. Well, /etc/security already does some of this. See security(8) for more info; you can extend it pretty easily. Otherwise, there's AIDE or Tripwire, among others. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: ipsec vpn: freebsd and openbsd
On Thu, Oct 05, 2006 at 03:47:07PM +0200, Martin Schroder wrote: Should I take the silence of the list as evidence that all ports are secure or is the list simply ignored by the developers? Or is it only used in dire emergencies (like security-announce)? The list just hasn't been used in a while. It could be seen as redundant effort, since ports-changes@ receives messages for each commit to the ports tree (including security-related commits), and pkg-stable.html is updated rather frequently. This issue has come up on #OpenBSD on freenode a few times recently, too. Would it be a good idea to update the FAQ to point to pkg-stable.html and [EMAIL PROTECTED] Or would it be preferable to make use of that list again (in conjunction, perhaps, with updates to the VuXML)? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: couple of scp questions
On Sat, Sep 23, 2006 at 12:27:21PM +0200, frantisek holop wrote: i realize that for some, this might seem as an unnecessary wasting of resources (think moving lots of small files) but i think it's good to know if the transport was really finished and the files really are the ones i started copying and not only its parts. was there any consideration to give scp similar functionality? $ scp [EMAIL PROTECTED]:file file.part mv file.part file -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Some recommendations on file locations sought
On Fri, Sep 22, 2006 at 01:29:56PM -0700, John Draper wrote: Here is what I did... htpasswd -c /var/www/conf/auth/passwd edp I set the password here chown root.nogroup /var/www/conf/auth/passwd chmod 640 /var/www/conf/auth/passwd What user/group are you running httpd as? Is that user a member of nogroup? Can that user read the file? [...] But the Apache rejects my password. I tried it several times, same thing, rejection. Did you look at the error_log? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Upgrading 3.7 - 3.9
On Tue, Sep 19, 2006 at 02:28:06PM -0400, ICMan wrote: I want to upgrade from 3.7 to 3.9. Can someone give me some pointers? http://www.openbsd.org/faq/ If you have specific problems, ask here again. You may find it easier to simply reinstall. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Low priority or real coders
On Thu, Sep 14, 2006 at 11:29:49AM -0400, steve szmidt wrote: (Say what you will about Linux being inferior in ways, it managed to do what no other Unice did for all that time -- captured a mainstream. A lot of development is being done benefitting most if not all Open Source platforms because of the attention coming down the Linux shute. So in the end we all win regardless of the O/S.) In many cases, this is simply not true. Much of the hardware support added to Linux is prohibitively Linux-specific or not worth the effort to bring over to OpenBSD (or other BSDs) -- assuming the driver is something more than a wrapper around a binary. Much of the new software developed for GNU/Linux systems is messy, unportable and utterly useless on different platforms. Linux's popularity has drawn developers to Linux, and they've developed Linuxy things. In some cases, BSD users benefit, too, especially when licensing and code portability aren't total disasters. In lots of cases, though, we get nil. And as you should know, Unix *was* the computing mainstream for a long period. Not on home desktops (which didn't exist for most of that period), granted, but on workstations and servers, Unix was The Right Choice. IMHO, Unix *continues* to be the right choice in its traditional environments, and has become quite useful on desktops and laptops in the last decade or so. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: preferred hardware platform
On Sun, Sep 10, 2006 at 11:39:57AM +0530, Raja Subramanian wrote: rdiff-backup however, does not suffer from this problem. And it's a bit more space efficient than rsnapshot as well. Give it a shot and I doubt you'll be disappointed. I've had an experimental port of rdiff-backup 1.0.4 and librsync (upon which it depends) available[0] for a month or two. I haven't looked at it much since the ports tree locked, but it's working well on several systems running -current. Feel free to give it a try; I'd be glad to get feedback on it, but it won't be a priority until after the thaw. [0]http://www.lfod.us/openbsd/ports.html#rdiff-backup http://www.lfod.us/openbsd/ports.html#librsync -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: XEN
On Fri, Sep 08, 2006 at 11:08:49PM +0200, openbsd misc wrote: I wasn't able to figure out if it is possible to run openbsd as xen guest system. Does anyone know? Short answer: not yet, really. Longer answer: people are working on it. http://www.google.com/search?rls=enq=openbsd+xen http://anil.recoil.org/blog/articles/2006/08/21/openbsd-xen-boots-multi-user http://kerneltrap.org/openbsd/c2k6/who1 http://hg.recoil.org/openbsd-xen-sys.hg -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: packages failure (was dsniff ports failure)
On Thu, Aug 24, 2006 at 01:44:04PM -0700, Edward Ray wrote: [...] # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/ # pkg_add bash-3.1.1p0.tgz Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/: Unknown command. Not an ustar archive header bash-3.1.1p0:libiconv-1.9.2p3: complete Adjusting md5 for /usr/local/lib/libiconv.a from 044a57b2de335fa8b5c24f977e9dc0af to 4e50ca5fc370e7247ffddea2ac1bd5af /usr/sbin/pkg_add: Installation of libiconv-1.9.2p3 failed , partial installation recorded as partial-libiconv-1.9.2p3 # bash $(pkg_info | grep partial) should verify that partial-libiconv-1.9.2p3 is installed. You should use pkg_delete to get rid of the partial- package (and figure out what you did to cause pkg_add to fail). ksh: bash: not found # pkg_add amap-5.2.tgz Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/: Unknown command. amap-5.2:pcre-6.4p1: complete amap-5.2: complete OK... # pkg_add nmap-3.95p0.tgz Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/: Unknown command. Can't install libiconv-1.9.2p3 because of conflicts (partial-libiconv-1.9.2p3) /usr/sbin/pkg_add: libiconv-1.9.2p3:Fatal error # pkg_add wget-1.10.2p0.tgz Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/: Unknown command. Can't install libiconv-1.9.2p3 because of conflicts (partial-libiconv-1.9.2p3) /usr/sbin/pkg_add: libiconv-1.9.2p3:Fatal error This is quite clear. It can't install libiconv because it conflicts with the partial- package it told you that it installed above. Delete the partial- package, figure out what's really wrong (if anything), and try again. My only choice appears to be rebuild, which I have done three times now. Rebuild what? libiconv? pkg_add will fetch dependencies for you. If you're having trouble with ports, stop using them (except for the very few cases where licensing dictates otherwise). If someone could point me to the magic formula of package downloads, much appreciated. pkg_add(1), pkg_delete(1), the FAQ. I am trying to build a box for pen testing, and will switch to a Linux variant or FreeBSD if OpenBSDs ports and packages are screwed up. Packages and ports have worked just fine for me on 3.9 and -current. It never used to be that difficult to build an OpenBSD pen test box, at least with v3.6/v3.7/v3.8 It still isn't. Make sure your kernel and userland are up to date, and use packages. It's easy. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Web access to sysctl hw.sensors
On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote: 1. Is there an easier way to remotely observe such hardware status? SNMP (for better or worse) or any number of real monitoring products do that for you; nagios and munin are both in ports. If you really want to write your own, consider logging information from hw.sensors to a file available in the chroot and running your CGI on that. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: mirroring packages without much bandwidth overhead
On Mon, Aug 14, 2006 at 03:47:07PM +0200, Andreas Bartelt wrote: is there a simple way to efficiently mirror packages solely based on package filenames in order to reduce bandwidth overhead? A bit of shell/Perl scripting could compare the index.txt on the FTP mirror with what you have locally... -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: obsd 3.8 does not detect new HD
On Wed, Aug 09, 2006 at 04:29:26PM -0300, Gustavo Rios wrote: i am running 3.8 stable on a DELL Precision Workstation 370. In my first hard disk i have openbsd and Windows XP. I have bought a second Hard Disk. It is working perfectly on XP, OpenBSD 3.8 does not detec it. Have anyone already faced such scenario? Maybe -- how should I know, though, when you don't even say what type of disk it is? or provide a dmesg? or give us any indication as to what you've tried to do to get it recognized? -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Tyan v. Supermicro for Opteron?
On Sun, Aug 06, 2006 at 03:47:02PM -0700, Darrin Chandler wrote: Ok, I've got it narrowed down a bit. Anyone have experiences good or bad to report with Tyan versus Supermicro mobos? I find archives for people using one or the other, so they both seem workable. Anyone used both and prefer one for some reason? I'm looking at 2xCPU, and maybe dual-core in addition. We've been buying Supermicro Opterons (dual duals) for the past year or so. We're not running OpenBSD, but we've been quite pleased with the boards. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Multi-tabbed Terminal
On Fri, Aug 04, 2006 at 10:02:50AM -0700, Clint Pachl wrote: Can anyone recommend a light-weight multi-tabbed terminal for OBSD 3.9? I looked through the i386 packages, but didn't notice any. I'm using FVWM2. xterm + misc/screen. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: firefox 1.5.0.6 for openbsd
On Thu, Aug 03, 2006 at 12:11:08PM -0400, David T Harris wrote: The easiest way to install firefox on OpenBSD or any other package (that is available from OpenBSD) is to download the package from the OpenBSD website (or a mirror) or the ftp mirrors. No, the easiest way is like so: $ man pkg_add [...] $ ftp ftp://ftp.openbsd.org/pub/OpenBSD/ftplist [choose a mirror] $ export PKG_PATH=ftp://your.mirror.com/pub/OpenBSD/$(sysctl -n kern.version)/packages/$(machine)/ $ sudo pkg_add -i your-package -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Easy for a newbie to manage an OpenBSD server?
On Tue, Aug 01, 2006 at 10:26:23AM -0500, Titan wrote: I have quite a predicament. I have been tasked with setting up an FTP server for the research group I'm involved with. Do you need FTP? Can you use SFTP instead? The problem is once I'm gone someone with no *NIX experience will be maintaining the server. Why? Can't you train them? I can understand if most research groups can't afford to hire a full sysadmin, but hiring an up-and-coming undergrad for seven peanuts an hour shouldn't be too bad. I've been considering using OpenBSD because it looks like it can go far longer without updates than Windows and Linux servers and looks to be very secure. /me sighs OpenBSD, while very, very useful, isn't a magic bullet. System security is as much the admin's job as it is the OS's. If you leave your box unpatched, even if it's running IdealOS v20, you'll eventually regret it. Period. No matter what OS you put on your server, you'll need to make sure that it's patched. Some OSes make that task easier; others have strong security track records. But with a dumb or negligent admin at the console, it doesn't matter what bonafides your OS has -- you're screwed. In your experience, would it be possible for someone with no *NIX experience to maintain a simple FTP server? Yes. How long would you trust an unpatched OpenBSD server to go unhacked? This is silly. Patch your system. If you and your successor spend a day or two reading the FAQ and afterboot(8) and keep your eye on your system, you'll stand a good chance of not having too much trouble. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Man mksmbpasswd
On Wed, Jul 26, 2006 at 12:50:41PM +0200, Karel Kulhavy wrote: [EMAIL PROTECTED]:~$ which mksmbpasswd /usr/local/bin/mksmbpasswd [EMAIL PROTECTED]:~$ man mksmbpasswd man: no entry for mksmbpasswd in the manual. [EMAIL PROTECTED]:~$ pkg_info | grep samba samba-3.0.21bp2 SMB and CIFS client and server for UNIX Is there an aim in OpenBSD to have also manual pages for programs where the original supplier doesn't supply a manual page? Sure, but not every binary has/needs its own man page. The package you're talking about comes with fully 39 man pages, including smbpasswd(8). I don't use samba, but I'd be surprised if whatever it was you were looking for wasn't described in one of those 39 pages. $ grep '@man' /usr/ports/net/samba/pkg/PLIST* 39 net/samba could hardly be called undocumented. If you think mksmbpasswd needs a man page, you should probably send a diff to the samba folks. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: OpenWebMail (package)
On Thu, Jul 20, 2006 at 04:06:54PM -0700, Rob Baldassano wrote: However, when I tried to install the package, the system gave an error message about not finding a library. Forgive me I don't have the error handy at the moment but it was a P5 (something about compression) lib. I'd take a look at the FAQ[0]; did you install the x* filesets? It's hard to read minds -- pasting the error will get you better help here. Does anyone know if this is fixed in the 3.9 release? If so, COOL. If Not, any suggestions for getting around this issue? The port hasn't been touched in 16 months[1]. If you really have found a problem, it still need fixing, although I bet you're just missing some libs. [0]http://www.openbsd.org/faq/faq15.html#PkgInstall [1]http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/openwebmail/ -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: nload on OpenBSD - or an alternative
On Wed, Jul 19, 2006 at 04:34:49PM +0100, Richard Wilson wrote: Did it ever make it in? Might it at some point? Possibly a better question, is there something similar/better already there? $ cd /usr/ports make search key='bandwidth.*monitor' Port: bwm-ng-0.5p0 Path: net/bwm-ng Info: realtime bandwidth monitoring of interfaces Maint: Genadijus Paleckis [EMAIL PROTECTED] Index: net L-deps: B-deps: R-deps: Archs: any -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*