[no subject]

2021-09-12 Thread Edisson Calderon

subscribe misc




[no subject]

2021-05-01 Thread Irshad Sulaiman
Hi 


is it possible to change from passphrase to key disk in 
bictl (8) , or do I need to recreate whole RAID again


Thank you
Etchers



(No Subject)

2021-01-17 Thread ndelluomo
subscribe


[no subject]

2020-09-19 Thread Unicorn
Hello,

I am encountering a network related issue in a KVM VPS that I am using
for OpenBSD. The way it appears to me is that /etc/netstart fails to
get a network connection using dhcp on its first attempt, but works on
the second attempt.

While the system is booting, I see the following:
> em0: no link. sleeping

However, executing 'sh /etc/netstart' once the system is booted works:
> em0: 123.123.123.123 lease accepted from [...]

The same happened during first installation of OpenBSD, I just told it
to use dhcp, it fails the first time, but works if I just do the same
thing for the same interface again.

Attached is the full output of dmesg, I attached it as a plain text
file due to the line breaks hindering readability in email.

I would appreciate any pointers as to what is happening and how I
could fix it or work around it.

Thanks a lot in advance!
OpenBSD 6.7 (GENERIC.MP) #182: Thu May  7 11:11:58 MDT 2020 
   
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
   
real mem = 4278165504 (4079MB)  
   
avail mem = 4135882752 (3944MB) 
   
mpath0 at rootscsibus0 at mpath0: 256 targets   
 
mainbus0 at root
   
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf61e0 (13 entries)   
   
bios0: vendor Seabios version "0.5.1" date 01/01/2011   
   
bios0: Red Hat KVM  
   
acpi0 at bios0: ACPI 1.0
   
acpi0: sleep states S5  
   
acpi0: tables DSDT FACP SSDT APIC   





acpi0: wakeup devices   
   
acpitimer0 at acpi0: 3579545 Hz, 24 bits
   
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
   
cpu0 at mainbus0: apid 0 (boot processor)   
   
cpu0: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 180.94 MHz, 06-4f-01   
   
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,XSAVEOPT,MELTDOWN


cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache 
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped 
   
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped 





cpu0: smt 0, core 0, package 0  
   
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges   
   
cpu0: apic clock running at 999MHz  
   
cpu1 at mainbus0: apid 1 (application processor)
   

[no subject]

2020-07-15 Thread sylvain . saboua
https://rubedo.press/

Sylvain
emails by spamgourmet.com



[no subject]

2020-06-17 Thread Switch 1024
set-check all



[no subject]

2020-06-17 Thread Switch 1024
set misc unique,selfcopy



(No Subject)

2020-04-03 Thread ejez
Empty Message


[no subject]

2020-02-15 Thread Jazz Man
subscribe



[no subject]

2019-08-17 Thread OpenBSD OpenBSD
�  0� �  C TURKEY�  P Ankara�  T Cankaya�  Z 06510�  A 2139. Street 2/11� 
O Rakort Information Technologies�  I Ibrahim Topbasi�  M
open...@rakort.com�  U http://www.rakort.com�  B 90-850-460-10-58�  X
90-850-460-10-58�  N More than 5 years, OpenBSD setup/installation/remote
administration. Network engineering, software development� � � 
� (C/Python/PHP/PostgreSQL/MySQL). Also experienced with Solaris and
Linux.� �  � We specialize in providing solid open source solutions for
businesses using OpenBSD,� � �  � and Linux. MCSE, CCNA, RHCE
certifications, VPNs, firewalls, wireless, DNS, squidGuard, mail - even
training with OpenBSD.� 


[no subject]

2019-08-04 Thread omer
�  0� �  C TURKEY�  P Ankara�  T Cankaya�  Z 06510�  A 2139. Street 2/11� 
O Rakort Information Technologies�  I Ibrahim Topbasi�  M
ibra...@rakort.com�  U http://www.rakort.com�  B 90-850-460-10-58�  X
90-850-460-10-58�  N More than 5 years, OpenBSD setup/installation/remote
administration. Network engineering, software development� � � 
� (C/Python/PHP/PostgreSQL/MySQL). Also experienced with Solaris and
Linux.� �  � We specialize in providing solid open source solutions for
businesses using OpenBSD,� � �  � and Linux. MCSE, CCNA, RHCE
certifications, VPNs, firewalls, wireless, DNS, squidGuard, mail - even
training with OpenBSD.


[no subject]

2019-02-18 Thread Leitinger Elias
subscribe misc


[no subject]

2019-01-16 Thread Lasse Hamann
unregister



[no subject]

2018-04-19 Thread Muhammad Zohaib
I meant 6-9 June 2017 instead of 2018


[no subject]

2018-03-24 Thread elo morio
Are there any existing  Documentation, manuals or supplementary
expository books that details out the internals of OpenBSD. Otherwise
what books or materials would be close enough to better aid the newbie
wishing to hack on the systems internals.



[no subject]

2017-12-04 Thread x9p
Hi,

I ordered about 40 stickers 10x10 to see if quality is ok with local
maker. They arrive in a week or 2.

Intention isnt to make money out of it for myself, I can post via mail to
the ones willing to try/see the sticker quality - maybe is crappy, who
knows...

Just send me your name+address. I will be posting from Rio de Janeiro /
Brazil, if mail fee gets expensive to me, will ask the ones who want the
sticker to cover it via BTC or Paypal.

If project agrees, I am fine with putting them in an online store and
forwarding the income to the project, minus expenses of the maker.

cheers.

x9p




[no subject]

2017-09-14 Thread olivier
Rpartition des postes :


Terrain : 74 000 
Notaire : 7 000  (estimation qui m' a t fournie)
Frais Agence : Aucun
Construction: 132 104 
--> Ici les postes peuvent être revus car estimés (cuisine, clorture, 
superficie...)

Apport envisagé de mon coté :  8 000 € (Frais de notaires + Frais Bancaires) 
--> A voir ensemble quel est le meilleure scénario à utiliser dans mon cas.

N'hésitez-pas à revenir vers moi si vous avez des questions. 

De mon coté, j'ai besoin de comprendre comment va se dérouler le financement 
durant la phase des travaux où je paierai un loyer en parallele.

Bien cordialement,

Olivier Burelli.


Dorothee PLACE - PROJETDEXPERT  Thu., 14. September 2017 9:35
 Bonjour Monsieur Burelli,
 
 Afin de pouvoir vous prsenter une simulation de financement, pouvez-vous 
me donner un montant de la construction mme approximatif ?
 
 - terrain : 74 000
 - frais de notaire : 3 300 environ
 - frais d'agence ?
 - construction ?
 - apport : 7 900
 
 En fonction des diffrents montants, je pourrai calculer les frais 
bancaires et avoir ainsi le montant total  emprunter et dfinir des montages 
financiers.
 
 Nous pourrons ensuite nous rencontrer pour que je vous explique les 
propositions. Ce sera je pense plus clair ainsi.
 
 Cordialement
 
 
 Dorothe PLACE
 Expert financier
 
 10 ZAC de la Carrire Dore - 59310 Orchies
 Tl : 03.http://20.64.52.42; rel="noreferrer" 
target="_blank">20.64.52.42 - Port : 06.http://89.18.14.85; 
rel="noreferrer" target="_blank">89.18.14.85
 mailto:dorothee.pl...@projetdexpert.fr;>dorothee.pl...@projetdexpert.fr
 site : http://www.projetdexpert.fr; rel="noreferrer" 
target="_blank">www.projetdexpert.fr
 
 
 
 -Message d'origine-
 De: olivier [mailto:mailto:oliv...@burelli.fr;>oliv...@burelli.fr] 
 Envoy: jeudi 14 septembre 2017 09:04
 : olivier
 Cc: Dorothee PLACE - PROJETDEXPERT
 Objet: 
 
 Bonjour Madame Place,
 
 J'espre que vous vous portez bien.
 
 Je reviens vers vous suite  nos derniers changes.
 
 Je pense qu'il serait opportun de nous rencontrer une deuxieme fois :
 
 * Apprhender correctement de mon cot correctement les difrentes solutions 
de montage et plan financiers sur lesquels j'ai beaucoup d'inconnues et de 
questions.
 
 J'ai beson de votre aide, ne sachant pas o je vais. Quels sont les risques 
inhrents selon les scnarii.
 
 * Une promesse orale a t effectue entre le vendeur est moi. Je commence  
fournir des documents selon ses demandes.
 
 * CCMI ; sur quelle base de taux et montage financier pouvons nous 
commencer   travailler.
 
 Un samedi matin vous conviendrait-il ?
 
 Par avance, merci pour votre retour.
 
 Regards,
 
 Olivier Burelli.
 
 
 Olivier Burelli  Wed., 13. September 2017 11:09 gt; Bonjour, gt; 
gt; Merci. Je souhaite juste savoir si ce projet est ralisable ou non. Si 
oui sous quelles conditions.
 gt;
 gt;
 gt; En parallle ma banque en ligne refuse de financer un terrain seul.
 gt;
 gt;
 gt; Merci.
 gt;
 gt;
 gt; Cordialement.
 gt;
 gt;
 gt;
 gt;
 gt; Olivier Burelli
 gt;
 gt; Le13 sept. 2017 9:04 AM, Dorothee PLACE - PROJETDEXPERT 
lt;a href="mailto:mailto:dorothee.pl...@projetdexpert.fr;>dorothee.pl...@projetdexpert.fr"mailto:dorothee.pl...@projetdexpert.fr;>dorothee.pl...@projetdexpert.fr/agt;
 a crit:
 gt;
 gt;
 gt; Bonjour Monsieur Burelli,
 gt;
 gt;
 gt;
 gt; Jai bien votre message hier soir.
 gt;
 gt;
 gt;
 gt; Je regarde tout a et je reviens vers vous.
 gt;
 gt;
 gt;
 gt; Cordialement
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt; Dorothe PLACE
 gt;
 gt; Expert financier
 gt;
 gt;
 gt;
 gt; 10 ZAC de la Carrire Dore - 59310 Orchies gt; gt; Tl : 
03.a href="http://20.64.52.42; rel="noreferrer" 
target="_blank">20.64.52.42" rel="noreferrer" target="_blank"http://20.64.52.42; rel="noreferrer" 
target="_blank">20.64.52.42/a - Port : 06.a href="http://89.18.14.85; rel="noreferrer" target="_blank">89.18.14.85" 
rel="noreferrer" target="_blank"http://89.18.14.85; 
rel="noreferrer" target="_blank">89.18.14.85/a gt; gt; 
a href="mailto:mailto:dorothee.pl...@projetdexpert.fr;>dorothee.pl...@projetdexpert.fr"mailto:dorothee.pl...@projetdexpert.fr;>dorothee.pl...@projetdexpert.fr/a
 gt;
 gt; site : 
 gt; a href="http://www.projetdexpert.fr; 
rel="noreferrer" target="_blank">www.projetdexpert.fr" rel="noreferrer" 
target="_blank"http://www.projetdexpert.fr; rel="noreferrer" 
target="_blank">www.projetdexpert.fr/a
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt;
 gt; De: Olivier [mailto:a href="mailto:mailto:oliv...@burelli.fr;>oliv...@burelli.fr"mailto:oliv...@burelli.fr;>oliv...@burelli.fr/a]
 gt; Envoy: mercredi 13 septembre 2017 00:05 gt; : Dorothee PLACE 
- PROJETDEXPERT gt; Objet: RE: Confirmation RDV gt; gt; gt; 
gt; gt; gt; gt; gt; Bonsoir Madame Place, gt; 
gt; gt; gt; Je reviens vers vous suite  notre change de ce jour. 
Comme indiqu sur votre rpondeur:
 gt;
 gt;
 gt;
 gt;
 gt;
 gt; Ma Banque en ligne, noctroie pas de crdit pour des CCMI gt; 
gt; gt; gt; Je me suis engag sur un terrain de 74 000 gt; 
gt; gt; gt; Mon pargne:
 gt;
 

[no subject]

2017-06-29 Thread John Ireland

unsubscribe misc



[no subject]

2017-06-27 Thread Mihai Popescu
> I have followed the FAQ on "building a router" almost vebatim.

So your packets are almost passing. I wasn;t aware of this router
section in FAQ, so I was looking there. Even one slight modification
can make pf behave totally different.



[no subject]

2016-05-16 Thread 1 9
What editor? vim or emacs? what is the reason?



[no subject]

2016-05-06 Thread Alan Corey
Re: Performance of Firefox and Chromium

> I'm not  sure what  hardware you guys  run OpenBSD on,  but on  my (old,
> crusty,  crummy, shitty)  laptop,  it  and a  lot  of Gui-requiring  and

My laptop was made in 2008, my desktop in 2002.

>  javascript heavy sites send
> javascript from many domains which is slow and insecure and probably
> increases threading a lot by it's distributed nature.

I blame a lot on Javascipt libraries like Ajax where lazy webmasters
include them to use 1% of what they stick in the page.  But yes, every
page requires 50 or so DNS lookups.  And web pages have gotten to be 3
megabytes and over.  And web servers have timeouts so lots of times I
see them time out before the pages load, I have to hit reload 5-10
times fairly often.  The OpenBSD site is fast, stupid sites like
Facebook I avoid.

-- 
Credit is the root of all evil.  - AB1JX



[no subject]

2016-01-26 Thread S.V.
unsuscribe misc



Re: relayd ssl interception and certificate subject

2015-12-02 Thread Uwe Werler
On 25. Nov  8:02:17, Stuart Henderson wrote:
> On 2015-11-24, Uwe Werler <uwe.wer...@retiolum.eu> wrote:
> > Hello,
> >
> > I'm just testing ssl interception and noticed the following problem. 
> > Sometimes the Subject/Subject Alternative Name of the cert is altered with 
> > a different name than the one the original cert has:
> 
> When relayd connects to the server to find out what names to use in
> the subject/SAN, it doesn't send the requested hostname (SNI) in
> the ClientHello, so it only has the information from the server's
> "default" certificate to include in the new generated certificate.
> 
> You can see this for yourself with openssl s_client -connect hostname:443
> compared with openssl s_client -connect hostname:443 -servername hostname.
> 

Hello Stuart,

thanks! Ok, got it.

Only for my understanding: is there a reason (probably security related?) for
not using the host name from ClientHello in relayd for fetching the target
cert?

And if not - is it planned to implement it in relayd?

Thanks in advance!

Regards Uwe



Re: relayd ssl interception and certificate subject

2015-12-02 Thread Stuart Henderson
On 2015/12/02 14:53, Uwe Werler wrote:
> On 25. Nov  8:02:17, Stuart Henderson wrote:
> > On 2015-11-24, Uwe Werler <uwe.wer...@retiolum.eu> wrote:
> > > Hello,
> > >
> > > I'm just testing ssl interception and noticed the following problem. 
> > > Sometimes the Subject/Subject Alternative Name of the cert is altered 
> > > with a different name than the one the original cert has:
> > 
> > When relayd connects to the server to find out what names to use in
> > the subject/SAN, it doesn't send the requested hostname (SNI) in
> > the ClientHello, so it only has the information from the server's
> > "default" certificate to include in the new generated certificate.
> > 
> > You can see this for yourself with openssl s_client -connect hostname:443
> > compared with openssl s_client -connect hostname:443 -servername hostname.
> > 
> 
> Hello Stuart,
> 
> thanks! Ok, got it.
> 
> Only for my understanding: is there a reason (probably security related?) for
> not using the host name from ClientHello in relayd for fetching the target
> cert?
> 
> And if not - is it planned to implement it in relayd?
> 
> Thanks in advance!
> 
> Regards Uwe

AFAIK it's just not implemented yet, I don't see a security reason
for not doing this. (if you need this now, squid can do it, but config
is more complex - there's also sslsplit in ports but that's not really
a normal proxy).

Setting a hostname in an outgoing request is pretty simple
(SSL_set_tlsext_host_name) but you need to get it from the request
first and that's a little more complicated, afaik you need to setup
a callback (with SSL_CTX_set_tlsext_servername_callback and
SSL_CTX_set_tlsext_servername_arg) to point at a function which
will do a SSL_get_tlsext_host_name call to fetch the hostname and
store it for later use in the request.



Re: relayd ssl interception and certificate subject

2015-11-26 Thread Uwe Werler
Thank You very much for the explanation Stuart!

I'll check this.

On 25. Nov  8:02:17, Stuart Henderson wrote:
> On 2015-11-24, Uwe Werler <uwe.wer...@retiolum.eu> wrote:
> > Hello,
> >
> > I'm just testing ssl interception and noticed the following problem. 
> > Sometimes the Subject/Subject Alternative Name of the cert is altered with 
> > a different name than the one the original cert has:
> 
> When relayd connects to the server to find out what names to use in
> the subject/SAN, it doesn't send the requested hostname (SNI) in
> the ClientHello, so it only has the information from the server's
> "default" certificate to include in the new generated certificate.
> 
> You can see this for yourself with openssl s_client -connect hostname:443
> compared with openssl s_client -connect hostname:443 -servername hostname.
> 

-- 



Re: relayd ssl interception and certificate subject

2015-11-25 Thread Stuart Henderson
On 2015-11-24, Uwe Werler <uwe.wer...@retiolum.eu> wrote:
> Hello,
>
> I'm just testing ssl interception and noticed the following problem. 
> Sometimes the Subject/Subject Alternative Name of the cert is altered with a 
> different name than the one the original cert has:

When relayd connects to the server to find out what names to use in
the subject/SAN, it doesn't send the requested hostname (SNI) in
the ClientHello, so it only has the information from the server's
"default" certificate to include in the new generated certificate.

You can see this for yourself with openssl s_client -connect hostname:443
compared with openssl s_client -connect hostname:443 -servername hostname.



relayd ssl interception and certificate subject

2015-11-24 Thread Uwe Werler
Hello,

I'm just testing ssl interception and noticed the following problem. Sometimes 
the Subject/Subject Alternative Name of the cert is altered with a different 
name than the one the original cert has:

The faked cert:

#

X.509 Certificate Information:
Version: 3
Serial Number (hex): 051f332aed0c96
Issuer: 
C=DE,ST=Saxony,L=Dresden,O=Retiolum,OU=WEB,CN=SUB_CA,EMAIL=uwe.wer...@retiolum.eu
Validity:
Not Before: Wed Jan 28 03:58:40 UTC 2015
Not After: Fri Jan 29 14:31:49 UTC 2016
Subject: C=DE,CN=blog.b1-systems.de,EMAIL=postmas...@b1-systems.de
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (4096 bits)

...

Extensions:
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Key Usage (not critical):
Digital signature.
Key encipherment.
Key agreement.
Key Purpose (not critical):
TLS WWW Server.
Subject Key Identifier (not critical):
47c3adafb6c9b8d26507975d444b07c30a85f020
Authority Key Identifier (not critical):
eb4234d098b0ab9ff41b6b08f7cc642eef0e2c45
Subject Alternative Name (not critical):
--> DNSname: blog.b1-systems.de
--> DNSname: b1-systems.de
Certificate Policies (not critical):
2.23.140.1.2.1
1.3.6.1.4.1.23223.1.2.3
URI: http://www.startssl.com/policy.pdf
Note: This certificate was issued according to the Class 1 
Validation requirements of the StartCom CA policy, reliance only for the 
intended purpose in compliance of the relying party obligations.
CRL Distribution points (not critical):
URI: http://crl.startssl.com/crt1-crl.crl
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.startssl.com/sub/class1/server/ca
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: 
http://aia.startssl.com/certs/sub.class1.server.ca.crt
Issuer Alternative Name (not critical):
URI: http://www.startssl.com/
Signature Algorithm: RSA-SHA1
#

The original cert:

X.509 Certificate Information:
Version: 3
Serial Number (hex): 0813002129d4f6
Issuer: C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate 
Signing,CN=StartCom Class 2 Primary Intermediate Server CA
Validity:
Not Before: Thu Sep 24 15:20:33 UTC 2015
Not After: Sun Sep 24 23:00:39 UTC 2017
Subject: C=DE,ST=Bayern,L=Vohburg,O=B1 Systems 
GmbH,CN=www.b1-systems.de,EMAIL=postmas...@b1-systems.de
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (4096 bits)
Modulus (bits 4096):

...

Extensions:
Basic Constraints (not critical):
Certificate Authority (CA): FALSE
Key Usage (not critical):
Digital signature.
Key encipherment.
Key agreement.
Key Purpose (not critical):
TLS WWW Client.
TLS WWW Server.
    Subject Key Identifier (not critical):
2c6fafda29839f35c51c0ccde681e036168b10a9
Authority Key Identifier (not critical):
11db2345fd54cc6a716f848a03d7bef7012f2686
    Subject Alternative Name (not critical):
--> DNSname: www.b1-systems.de
--> DNSname: b1-systems.de
Certificate Policies (not critical):
2.23.140.1.2.2
1.3.6.1.4.1.23223.1.2.3
URI: http://www.startssl.com/policy.pdf
Note: This certificate was issued according to the Class 2 
Validation requirements of the StartCom CA policy, reliance only for the 
intended purpose in compliance of the relying party obligations.
CRL Distribution points (not critical):
URI: http://crl.startssl.com/crt2-crl.crl
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.startssl.com/sub/class2/server/ca
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: 
http://aia.startssl.com/certs/sub.class2.server.ca.crt
Issuer Alternative Name (not critical):
URI: http://www.startssl.com/
Signature Algorithm: RSA-SHA256
#

In this case the DNS name www.b1-systems.de is removed from the cert what leads 
to an error message in the webbrowser.

apu01$ dig @8.8.8.8 +short www.b1-systems.de
b1-systems.de.
84.200.69.202
apu01$ dig @8.8.8.8 +short blog.b1-systems.de
spacelords.systems.b1-systems.de.
84.200.69.20

[no subject]

2015-11-01 Thread ANSHUMAN BISWAL
*REPLY REQUIRED: Very Very Funny Jokes Subscription Verify*



[no subject]

2015-09-12 Thread Jan Stary
This is 5.8-current on an ALIX (dmesg below), used as my home router.
The upstream connection is an ethernet, the other two ethernets are
the internal network and the dmz, plus there is a ral(4) wifi.

I am experiencing Oerrs and device timeouts on the ral.

hans@gw:~$ ifconfig ral0
ral0: flags=8843 mtu 1500
lladdr 00:11:09:0d:d3:36
priority: 4
groups: wlan
media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap)
status: active
ieee80211: nwid stare.cz chan 11 bssid 00:11:09:0d:d3:36 wpakey  wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher 
tkip 100dBm
inet 192.168.112.1 netmask 0xff00 broadcast 192.168.112.255

hans@gw:~$ netstat -i
NameMtu   Network Address  Ipkts IerrsOpkts Oerrs Colls
lo0 32768 3229 0 3229 0 0
lo0 32768 fe80::%lo0/ fe80::1%lo0   3229 0 3229 0 0
lo0 32768 localhost/1 localhost 3229 0 3229 0 0
lo0 32768 127/8   localhost 3229 0 3229 0 0
vr0 150000:0d:b9:12:9f:2c 34776087 0 24076275 0 0
vr0 1500  192.168.167 192.168.167.1 34776087 0 24076275 0 0
vr1 150000:0d:b9:12:9f:2d 16420441 0 27179401 0 0
vr1 1500  192.168.111 gw.stare.cz   16420441 0 27179401 0 0
vr2 150000:0d:b9:12:9f:2e  7785814 0  7597590 0 0
vr2 1500  192.168.222 192.168.222.1  7785814 0  7597590 0 0
ral0150000:11:09:0d:d3:36   488808 62712   657003 14631 0
ral01500  192.168.112 192.168.112.1   488808 62712   657003 14631 0
enc0*   00 00 0 0
pflog0  331920 0   163817 0 0


What can I do to debug this? Is there a way to tell which client
(there is two androids and a macbook) this happened to?
Is the client relevant, or is this a problem of the ral itself?

Thank you for your time

Jan


OpenBSD 5.8-current (GENERIC) #1092: Mon Aug 24 11:58:09 MDT 2015
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 432 
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem  = 133713920 (127MB)
avail mem = 118882304 (113MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
mtrr: K6-family MTRR support (2 registers)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, address 
00:0d:b9:12:9f:2c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address 
00:0d:b9:12:9f:2d
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address 
00:0d:b9:12:9f:2e
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
ral0 at pci0 dev 12 function 0 "Ralink RT2560" rev 0x01: irq 9, address 
00:11:09:0d:d3:36
ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit 
3579545Hz timer, watchdog, gpio, i2c
gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 7279MB, 14909328 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0, 
legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
nvram: invalid checksum
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a 

[no subject]

2015-07-10 Thread Reza Kakhki
Yesterday i tried to enable OSPF routing on OpenBSD 5.7 . so i created
/etc/ospfd.conf and added this codes to it ( just for test )

routet-id 127.0.0.1

area 0.0.0.0 {
interface em0
}

but after type /etc/rc.d/ospfd -fd start i got this logs in terminal

doing _rc_parse_conf
doing _rc_quirks
ospfd_flags empty, using default 
doing _rc_read_runfile
doing rc_check
ospfd
doing rc_start
/etc/ospfd.conf: group writable or world read/writable
doing _rc_rm_runfile
(failed)

can any body tell me why i got this ? Note : my OpenBSD is running under
vitualbox4.3 and host system is Fedora22



[no subject]

2015-02-22 Thread Jan Stary
This is current/macppc on a Mac Mini.
Just wanted to report that the upgrade on the system
somehow reduced the radeon errors in the dmesg (see below).
The radeon firmware is radeondrm-firmware-20131002p0.

Jan


Before:

[ using 550696 bytes of bsd ELF symbol table ]
console out [ATY,RockHopper2_A]console in [keyboard] , using USB
using parent ATY,RockHopper2Paren:: memaddr 9800 size 800, : consaddr 
9c008000, : ioaddr 9002, size 2: width 1280 linebytes 1280 height 1024 
depth 8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2015 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 5.7-beta (GENERIC) #417: Wed Jan 28 16:49:17 MST 2015
dera...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC
real mem = 1073741824 (1024MB)
avail mem = 1030995968 (983MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root: model PowerMac10,2
cpu0 at mainbus0: 7447A (Revision 0x102): 1499 MHz: 512KB L2 cache
mem0 at mainbus0
spdmem0 at mem0: 1GB DDR SDRAM non-parity PC3200CL3.0
memc0 at mainbus0: uni-n rev 0xd2
hw-clock at memc0 not configured
kiic0 at memc0 offset 0xf8001000
iic0 at kiic0
mpcpcibr0 at mainbus0 pci: uni-north
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 Apple UniNorth AGP rev 0x00
radeondrm0 at pci0 dev 16 function 0 ATI Radeon 9200 rev 0x01
drm0 at radeondrm0
radeondrm0: irq 48
mpcpcibr1 at mainbus0 pci: uni-north
pci1 at mpcpcibr1 bus 0
macobio0 at pci1 dev 23 function 0 Apple Intrepid rev 0x00
openpic0 at macobio0 offset 0x4: version 0x4614 feature 3f0302 LE
macgpio0 at macobio0 offset 0x50
modem-reset at macgpio0 offset 0x1d not configured
modem-power at macgpio0 offset 0x1c not configured
macgpio1 at macgpio0 offset 0x9: irq 47
programmer-switch at macgpio0 offset 0x11 not configured
gpio5 at macgpio0 offset 0x6f not configured
gpio6 at macgpio0 offset 0x70 not configured
extint-gpio15 at macgpio0 offset 0x67 not configured
escc-legacy at macobio0 offset 0x12000 not configured
zsc0 at macobio0 offset 0x13000: irq 22,23
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
aoa0 at macobio0 offset 0x1: irq 30,1,2
audio0 at aoa0
timer at macobio0 offset 0x15000 not configured
adb0 at macobio0 offset 0x16000
apm0 at adb0: battery flags 0x0, 0% charged
piic0 at adb0
iic1 at piic0
maxtmp0 at iic1 addr 0xc8: max6642
kiic1 at macobio0 offset 0x18000
iic2 at kiic1
wdc0 at macobio0 offset 0x2 irq 24: DMA
ohci0 at pci1 dev 26 function 0 Apple Intrepid USB rev 0x00: irq 29, version 
1.0, legacy support
ohci1 at pci1 dev 27 function 0 NEC USB rev 0x43: irq 63, version 1.0
ohci2 at pci1 dev 27 function 1 NEC USB rev 0x43: irq 63, version 1.0
ehci0 at pci1 dev 27 function 2 NEC USB rev 0x04: irq 63
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NEC EHCI root hub rev 2.00/1.00 addr 1
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 Apple OHCI root hub rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 NEC OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci2: USB revision 1.0
uhub3 at usb3 NEC OHCI root hub rev 1.00/1.00 addr 1
mpcpcibr2 at mainbus0 pci: uni-north
pci2 at mpcpcibr2 bus 0
kauaiata0 at pci2 dev 13 function 0 Apple Intrepid ATA rev 0x00
wdc1 at kauaiata0 irq 39: DMA
wd0 at wdc1 channel 0 drive 0: ST9160821A
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(wdc1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
Apple UniNorth Firewire rev 0x81 at pci2 dev 14 function 0 not configured
gem0 at pci2 dev 15 function 0 Apple Uni-N2 GMAC rev 0x80: irq 41, address 
00:14:51:17:42:34
bmtphy0 at gem0 phy 0: BCM5221 100baseTX PHY, rev. 4
uhidev0 at uhub2 port 1 configuration 1 interface 0 Logitech Optical USB 
Mouse rev 2.00/3.40 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev1 at uhub3 port 1 configuration 1 interface 0 Chicony USB Keyboard rev 
1.10/1.02 addr 2
uhidev1: iclass 3/1
ukbd0 at uhidev1: 8 variable keys, 6 key codes
wskbd0 at ukbd0: console keyboard
uhidev2 at uhub3 port 1 configuration 1 interface 1 Chicony USB Keyboard rev 
1.10/1.02 addr 2
uhidev2: iclass 3/0, 3 report ids
uhid0 at uhidev2 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev2 reportid 2: input=1, output=0, feature=2
uhid2 at uhidev2 reportid 3: input=3, output=0, feature=0
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
bootpath: /pci@f400/ata-6@d/disk@0:/bsd
root on wd0a (2e09198b7adf58b1.a) swap on wd0b dump on wd0b
drm: initializing kernel modesetting (RV280 0x1002:0x5962 0x1002:0x5962).
error: [drm:pid0:radeon_get_bios] *ERROR* Unable to locate a BIOS ROM
drm: Using device-tree clock info
radeondrm0: VRAM: 128M 0x9800 - 0x9FFF (64M used)
trying to bind memory to uninitialized GART !
error: [drm:pid0:radeon_ttm_backend_bind] *ERROR* failed to bind 1 pages at 
0x
error: [drm:pid0:radeon_wb_init] *ERROR* (-22) 

[no subject]

2014-10-01 Thread Ravi Kanth Vanapalli
Hello All,

 I was trying to use openIKED to setup up multiple IKEv2 tunnels
simultaneously.
Can OPenIKEd  software handle simultaneous IKEv2 connections to different
end point or Gateways.

 i.,e UE1 connecting to Gateway1, UE1 connecting to GW2.
Can both requests be processed by the software simultaenously, setup 2
parallel connections.
and operate each tunnel independently  ?


-- 
Regards,
Venkata



[no subject]

2014-06-05 Thread Theo de Raadt
Fcc: +outbox
Subject: Re: that private mailing list (fwd) Solar Designer: Re: that private 
mailing list

I haven't even read this.

I don't care.

if this is the situation with open source disclosure, all of you
users are fucked.


--- Forwarded Message

Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
by cvs.openbsd.org (8.14.8/8.12.1) with SMTP id s564LjFg027340
for dera...@cvs.openbsd.org; Thu, 5 Jun 2014 22:21:46 -0600 (MDT)
Received: (qmail 19629 invoked from network); 6 Jun 2014 04:21:39 -
Received: from localhost (HELO pvt.openwall.com) (127.0.0.1)
  by localhost with SMTP; 6 Jun 2014 04:21:39 -
Received: by pvt.openwall.com (Postfix, from userid 503)
id 82DA048BCE; Fri,  6 Jun 2014 08:21:05 +0400 (MSK)
Date: Fri, 6 Jun 2014 08:21:05 +0400
From: Solar Designer so...@openwall.com
To: Theo de Raadt dera...@cvs.openbsd.org
Subject: Re: that private mailing list
Message-ID: 20140606042105.gb26...@openwall.com
References: 201406052157.s55lvh7j020...@cvs.openbsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 201406052157.s55lvh7j020...@cvs.openbsd.org
User-Agent: Mutt/1.4.2.3i

Hi Theo,

I'll reply only in private first, because I am referring to the past
discussion we had in private and that you didn't want to be made public.

Also, please note that I wrote the below with no hard feelings, and I
don't mean to offend you.  I am just being sincere and direct.  I think
that is your preferred way to communicate, so I've adopted it. :-)

On Thu, Jun 05, 2014 at 03:57:43PM -0600, Theo de Raadt wrote:
 I only know parts. It sound like some people who claim they stand
 up for what is right really don't stand up for what is right.

I can't comment about OpenSSL folks, but my own impression certainly was
that you didn't want your project to be provided advance notification -
not only via distros list, but at all.  Now you're saying you actually
wanted folks on your team to be notified, just not you personally.  Hmm?
As you had mentioned to me in the private discussion when stu@ wanted to
get OpenBSD onto distros, you didn't want folks on your team to accept
any kind of embargo.  I wish we had that discussion in public, as I had
suggested at the time.  You objected to that.  (And I understand that
with that discussion in public you might not have been willing to blame
some others in it, which would possibly hamper my understanding of your
position.  So your objection did make some sense.)  Now you appear to be
misinforming folks on your own team (I hope not intentionally) that
those evil people on distros list and OpenSSL maintainers deliberately
didn't want to notify you.  You might be right about OpenSSL maintainers
(although I think you are not) - I just don't know, and can't speak for
them - but at least for me (as someone who was notified via distros
list) it appeared that you actually didn't want your team to be notified
in a manner that would impose any restrictions on when you can commit a
fix.  So, believe it or not, it didn't even occur to me to put your
project in a position where your folks would be asked to accept an
embargo, which you didn't want.

Would you like me to suggest (to whoever reports an issue) that someone
on your team (who?) be notified next time an OpenSSL issue is brought up
on distros?  (It doesn't have to be one person on your team - it can be
several.  This is to address Bob's comment on your lists.)  What about
issues in other projects (not OpenSSL)?  Which other projects would you
also like notifications about?

It appears that you've made a (political) decision for your projects not
to join distros (or possibly any such channels in general), but are now
asking for people/projects to be notifying your folks anyway when
appropriate (whatever that means), and this is difficult for everyone.

How do you suggest we make things better (in whatever sense you like)
going forward?

/sd

--- End of Forwarded Message



[no subject]

2014-04-21 Thread jendavis
The original message was received at Mon, 21 Apr 2014 11:26:46 +0800
from nmsu.edu [129.247.149.220]

- The following addresses had permanent fatal errors -
misc@openbsd.org

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of readme.zip]



[no subject]

2014-01-14 Thread Josef Weissacher

unsubscribe misc@openbsd.org



[no subject]

2014-01-07 Thread Hugo Pompougnac
Good morning,

Before all, please forgive my language, I'm french.

As a
student, I'm discovering OpenBSD. I'm trying to automount USB keys with
hotplug, 
but it's quite difficult. That's why I ask to you.


To recap :
- I
downloaded hotplug-diskmount
- I created the directory /vol with
/usr/local/libexec/hotplug-diskmount init
- I added hotplug to rc.conf with
echo hotplugd_flags=\\  /etc/rc.conf.local
- I created
/etc/hotplug/attach following the manual :

DEVCLASS=${1}
DEVNAME=${2}
LOGIN=joeuser
case ${DEVCLASS} in
2)
   
/usr/local/libexec/hotplug-diskmount attach -u ${LOGIN} -m 700 ${DEVNAME}
    ;;
esac

- I launched the daemon with

/etc/rc.d/hotplugd start
However, when I insert an USB stick (FAT16 or FAT32), hotplug doesn't mount
them and /vol/ is empty. Nevertheless I can see them with dmesg, and I can
mount them with mount.


My /var/log/daemon says that :

Jan  8 07:54:47
home hotplugd[32702]: sd0 attached, class 2
Jan  8 07:54:47 home
hotplugd[32702]: scsibus3 attached, class 0
Jan  8 07:54:47 home
hotplugd[32702]: umass0 attached, class 0
Jan  8 07:54:47 home
hotplugd[32702]: child exit status: 1
The last line may be important, but I
don't undersand it ; that's why I ask you. You may know what the problem is ?
Gratefully,
Hugo P.



[no subject]

2013-05-28 Thread David Walker
Tim Nelson tnelson () rockbochs ! com
 Fantastic points, I'd love to hear more, from both sides.

I'll blink.
This is a big deal ... but it's not specific to OpenBSD and further,
this is not news.

http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
This discussion is pertinent on any forum. Hence here where the focus
is tight and anecdotally anti-turbo-legal ... it's bound to be off
topic.

Still, it's about the fourth and perhaps the fifth but not the first
and definitely not the second ...
While I don't have the protection afforded by the bill of rights (the
US one not the englsh one), the fourth is understood where habeus
corpus rules, i.e. those of us in free societies.
This is relevant but, ranting about the amendments to a global
crowd, while allowed by the first, is hot air. I have no first nor
second sir ...
So, relevant but poorly phrased. Anything else?
Sure. Where we have the rule of law, the plan is to stand up for
yourself, in law (i.e. the fourth if that's what you've got) and get
some case law under your belt.
You've got to stand up for yourself ...
Everything else is hot air or text (i.e. hot air).

The US is the light on the hill. Stand up for yourself. Use the law.
The constitution if that's all you've got. Talking about it is one
thing.

DHS told me I had to hand over my password and I did ...
I'm so angry they violated my rights. That's neither precedent nor threadworthy.



[no subject]

2013-04-13 Thread Jan Stary
Going over the X FAQ, I see

  11.1.1 - How much computer do I need to run X?

While How much computer is slightly amusing,
was it meant to be how much computer power
or something?

Jan



[no subject]

2012-09-17 Thread Jan Stary
This is a -recent/macppc. It runs fine, but I am puzzled
about how it uses the memory and swap; top says:

Memory: Real: 83M/266M act/tot Free: 719M Cache: 162M Swap: 39M/1024M

I might be missing something obvious, but if there is 719M of free memory,
why is the system swapping at all?

Also, what would be the preffered way to see
exactly which processes do account for the swap usage?

Jan



OpenBSD 5.2-current (GENERIC.MP) #2: Sun Sep  9 21:45:10 CEST 2012
r...@biblio.stare.cz:/usr/src/sys/arch/macppc/compile/GENERIC.MP
real mem = 1073741824 (1024MB)
avail mem = 1032171520 (984MB)
mainbus0 at root: model PowerMac10,2
cpu0 at mainbus0: 7447A (Revision 0x102): 1499 MHz: 512KB L2 cache
mem0 at mainbus0
spdmem0 at mem0: 1GB DDR SDRAM non-parity PC3200CL3.0
memc0 at mainbus0: uni-n
hw-clock at memc0 not configured
kiic0 at memc0 offset 0xf8001000
iic0 at kiic0
mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 Apple UniNorth AGP rev 0x00
vgafb0 at pci0 dev 16 function 0 ATI Radeon 9200 rev 0x01, mmio
wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation)
mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x5
pci1 at mpcpcibr1 bus 0
pchb1 at pci1 dev 11 function 0 Apple UniNorth PCI rev 0x00
bwi0 at pci1 dev 18 function 0 Broadcom BCM4318 rev 0x02: irq 52, address 
00:11:24:bf:cb:2a
macobio0 at pci1 dev 23 function 0 Apple Intrepid rev 0x00
openpic0 at macobio0 offset 0x4: version 0x4614 feature 3f0302 LE
macgpio0 at macobio0 offset 0x50
modem-reset at macgpio0 offset 0x1d not configured
modem-power at macgpio0 offset 0x1c not configured
macgpio1 at macgpio0 offset 0x9 irq 47
programmer-switch at macgpio0 offset 0x11 not configured
gpio5 at macgpio0 offset 0x6f not configured
gpio6 at macgpio0 offset 0x70 not configured
extint-gpio15 at macgpio0 offset 0x67 not configured
escc-legacy at macobio0 offset 0x12000 not configured
zsc0 at macobio0 offset 0x13000: irq 22,23
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
aoa0 at macobio0 offset 0x1: irq 30,1,2
audio0 at aoa0
timer at macobio0 offset 0x15000 not configured
adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets
apm0 at adb0: battery flags 0x0, 0% charged
piic0 at adb0
iic1 at piic0
maxtmp0 at iic1 addr 0xc8: max6642
kiic1 at macobio0 offset 0x18000
iic2 at kiic1
wdc0 at macobio0 offset 0x2 irq 24: DMA
ohci0 at pci1 dev 24 function 0 Apple Intrepid USB rev 0x00: couldn't map 
interrupt
ohci1 at pci1 dev 25 function 0 Apple Intrepid USB rev 0x00: couldn't map 
interrupt
ohci2 at pci1 dev 26 function 0 Apple Intrepid USB rev 0x00: irq 29, version 
1.0, legacy support
ohci3 at pci1 dev 27 function 0 NEC USB rev 0x43: irq 63, version 1.0
ohci4 at pci1 dev 27 function 1 NEC USB rev 0x43: irq 63, version 1.0
ehci0 at pci1 dev 27 function 2 NEC USB rev 0x04: irq 63
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NEC EHCI root hub rev 2.00/1.00 addr 1
usb1 at ohci2: USB revision 1.0
uhub1 at usb1 Apple OHCI root hub rev 1.00/1.00 addr 1
usb2 at ohci3: USB revision 1.0
uhub2 at usb2 NEC OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci4: USB revision 1.0
uhub3 at usb3 NEC OHCI root hub rev 1.00/1.00 addr 1
mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x6
pci2 at mpcpcibr2 bus 0
pchb2 at pci2 dev 11 function 0 Apple UniNorth PCI rev 0x00
kauaiata0 at pci2 dev 13 function 0 Apple Intrepid ATA rev 0x00
wdc1 at kauaiata0 irq 39: DMA
atapiscsi0 at wdc1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-R UJ-825, DAND ATAPI 5/cdrom 
removable
wd0 at wdc1 channel 0 drive 1: ST9808211A
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
cd0(wdc1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
wd0(wdc1:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
Apple UniNorth Firewire rev 0x81 at pci2 dev 14 function 0 not configured
gem0 at pci2 dev 15 function 0 Apple Uni-N2 GMAC rev 0x80: irq 41, address 
00:14:51:17:42:34
bmtphy0 at gem0 phy 0: BCM5221 100baseTX PHY, rev. 4
umass0 at uhub0 port 2 configuration 1 interface 0 JMicron USB to ATA/ATAPI 
Bridge rev 2.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0: SAMSUNG, HM251JJ,  SCSI2 0/direct fixed 
serial.152d233919D0105140FF
sd0: 238475MB, 512 bytes/sector, 488397168 sectors
uhidev0 at uhub1 port 1 configuration 1 interface 0 Apple Computer HID-proxy 
rev 2.00/19.65 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub1 port 1 configuration 1 interface 1 Apple Computer HID-proxy 
rev 2.00/19.65 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 5 buttons
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
bootpath: /pci@f400/ata-6@d/disk@1:/bsd
root on wd0a swap on wd0b dump on wd0b



[SPAM]: Re: (no subject)

2012-07-26 Thread Eric Oyen
is it me or does there seem to be a lot more spam on the lists of late?


-eric
On Jul 26, 2012, at 9:36 AM, Jan Izary wrote:

 Learn H0w T0 Earn M0ney 0nline N0w
 link snipped



Re: [SPAM]: Re: (no subject)

2012-07-26 Thread Ted Unangst
On Thu, Jul 26, 2012 at 10:44, Eric Oyen wrote:
 is it me or does there seem to be a lot more spam on the lists of late?

There's a spam filter, sometimes it works, sometimes not so much.  You
should probably be running your own.

As an aside, gmail's spam filter is great until it isn't.



Re: [SPAM]: Re: (no subject)

2012-07-26 Thread Mikkel C. Simonsen

Eric Oyen wrote:

is it me or does there seem to be a lot more spam on the lists of late?


Bogofilter removes almost all the spam for me. But when somebody replies 
to it, the spam does get through ;)


Best regards,

Mikkel C. Simonsen



Re: [SPAM]: Re: (no subject)

2012-07-26 Thread Eric Oyen
yeah. Gmail is famous for that. It is also famous for the number of false
positives.

I will have to see if I can find a version of SpamAssasin to run locally here.
the Mail.app application here on OS X has some filtering abilities, but they
are woefully inadequate to the task.

-eric

On Jul 26, 2012, at 12:18 PM, Ted Unangst wrote:

 On Thu, Jul 26, 2012 at 10:44, Eric Oyen wrote:
 is it me or does there seem to be a lot more spam on the lists of late?

 There's a spam filter, sometimes it works, sometimes not so much.  You
 should probably be running your own.

 As an aside, gmail's spam filter is great until it isn't.



(no subject)

2012-07-23 Thread Jan Izary
Earn m0ney using pc and internet
http://www.leonardobieber.it/httpcnbc9home-1.com.php?jqigoto=571




Mon, 23 Jul 2012 16:14:17


  Iopened my mouth to begin; but she grabbed me and hustled me in behind
thebed, and says:Here he comes!  Stick your head down lower--there, thatll do;
you cantbe seen now. luciano winsor



[no subject]

2012-05-26 Thread Jan Stary
The Passing Traffic example at
http://www.openbsd.org/faq/pf/filter.html
doesn't seem to be completely accurate.

# Pass traffic in on dc0 from the local network, 192.168.0.0/24,
# to the OpenBSD machine's IP address 192.168.0.1. Also, pass the
# return traffic out on dc0.
pass in  on dc0 from 192.168.0.0/24 to 192.168.0.1
pass out on dc0 from 192.168.0.1 to 192.168.0.0/24

It's the return that bugs me: the first rule alone
makes the _return_ traffic be passed. The second
rule allows traffic that originates (creates state)
on the way out. Right?



[no subject]

2012-04-09 Thread Mihai Popescu
  Andres Perera wote:
  i don't understand why is such a simple problem turning into drama

It is not. As for the understanding part, you need to identify what is
stopping you in the first place - is it that english is not your first
language and you don't have enough of it, or is it that you read
between lines, or any other thing. Once you will find it, you can
asjust it and come to an understanding. Eventually.

 that's outside the conditions. i am talking about a real world
 situation where i had ONE COMPUTER and it did not have a cd drive

Nick, the FAQ and a bunch of internet out there ARE TALKING about the
same thing. Didn't you really see this?

 that's it. there's no other way to look at it

Says who? Take a look at soekris.com stuff and believe this boards are
able to get OpenBSD installed on them and run it successfully. And
guess what? Only ONE COMPUTER is involved to prepare the OS.

Excuse my intervention, please, but your answers keep remainding me of
someone I work with, who got a habit of telling people around him how
they CAN'T accomplish something. Pretty useless.



[no subject]

2012-03-21 Thread admin
Unbelievable.

This new software is the best I've EVER seen
at making money AUTOMATICALLY for you...

But you need a p r i v a t e  invitation to get in.

Here's yours:

Click Here!

Get in and grab this software before they take it down.



[no subject]

2011-11-24 Thread Julien Crapovich
Hi,

I'm under OpenBSD 5.0, and I would like to compile a kernel without INET6.

# cd /usr/src
# wget ftp://ftp.openbsd.org/pub/OpenBSD/5.0/sys.tar.gz
# tar zxvf sys.tar.gz

I edited /usr/src/sys/conf/GENERIC, and disabled INET6 (line 59, #INET6)


# cd /usr/src/sys/arch/`arch -s`/conf
# config GENERIC  cd ../compile/GENERIC
# make clean ; make depend ; make
[.]

cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  -Wno-main
-Wno-uninitialized -Wno-format  -Wstack-larger-than-2047  -fno-builtin-printf
-fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
-fno-builtin-log2 -fno-builtin-malloc -O2 -pipe -nostdinc -I. -I../../../..
-I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS
-DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_43
-DCOMPAT_O48 -DLKM -DFFS -DFFS2 -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA
-DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO
-DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ -DIPSEC
-DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS -DBOOT_CONFIG
-DUSER_PCICONF -DKVM86 -DUSER_LDT -DAPERTURE -DCOMPAT_LINUX -DPROCFS -DNTFS
-DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL
-DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS=6
-DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL -MD
-MP  -c ../../../../net/pipex.c
../../../../net/pipex.c: In function 'pipex_l2tp_output':
../../../../net/pipex.c:1894: error: invalid application of 'sizeof' to
incomplete type 'struct ip6_hdr'
../../../../net/pipex.c:1911: error: invalid application of 'sizeof' to
incomplete type 'struct ip6_hdr'
*** Error code 1

Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 92 of
/usr/share/mk/sys.mk)

Thank you

J.Crapovich



Re: (no subject)

2011-10-06 Thread Amps2005
604051828   http://www.cbs.so/571ff2



[no subject]

2011-08-25 Thread igor denisov
Hello there,

May someone help me with this:

#Xorg -configure

Xorg:/usr/X11R6/lib/modules/drivers/radeonhd_drv.so:/usr/X11R6/lib/modules/drivers/radeon_drv.so:WARNING:
symbol (AtomBiosRequestList) size mismatch, relink your program
(**) Using config file: /root/xorg.conf.new

No idea how to do it. And it looks simple.

Regards,
Igor



[no subject]

2011-08-25 Thread igor denisov
Hello there,

I am going to try to insert additional RAM TRUMP D1SC0816D DDR
1GB-333Mhz SO.DIMM the native RAM is 256MB, and I know for sure when
the additional RAM inserted I have lot of kernel panics and all the
time they are different and occur at different times when PC is ran.
My question is how to get kernel panics dump to a file for further
investigation?

Regards,

Igor



[no subject]

2011-02-23 Thread Alpino
Subject: Oferta comerciala alpinism utilitar

Stimate partener, 
 Sunt Andrei Neboisa si reprezint ALPINO-Servicii la inaltime. 
 Compania noastra presteaza servicii de alpinism utilitar si industrial la 
 cele mai inalte standarde si cele mai bune preturi preturi pe tot 
 teritoriul Romaniei si in toate statele unde aceasta activitate este 
 autorizata. 
 
 In cazul in care sunteti interesat de o oferta de pret nu ezitati sa ne 
contactati. 
 Va multumesc! 
 
 O zi buna, 
 Andrei Neboisa, administrator 
 
 mobil: +40.747.87.87.41 
 e-mail: off...@alpino.ro 
 www.alpino.ro 
 facebook.com/alpinobyqconstruct 
 Piatra Neamt, str. Aleea Ulmilor nr.19, bl.B6, 
 610292, Neamt(NT), ROMANIA



[no subject]

2010-12-09 Thread Steve
http://osgefic.org.br/images/to.php



[no subject]

2010-12-06 Thread Steve
http://partytops.co.uk/images/to.php



[no subject]

2010-09-22 Thread Dave Del Debbio
I, unfortunately, am still experiencing livelocks on my em interfaces on my 
Dell 
R200 server in bridging mode.  I'm going to have to schedule an upgrade to the 
latest snapshot first to see if that clears up any issues, but barring that 
I'm 
not sure where to look.  Perhaps I'll also try the UP kernel.

Are you currently running amd64? Maybe you should try running an i386
bridge.  Please see how devio.us solved their livelock problem here:
http://devio.us/forums/topic/88/openbsd-amd64-updated/ and here:
http://devio.us/forums/topic/116/scheduled-downtime-tonight-1000-pm-est/
and http://devio.us/forums/topic/245/4k-account-and-40-days-uptime/

D.



[no subject]

2010-05-16 Thread patrick kristensen
Hi

I have 4.6-RELEASE on a lenovo x200s system with Ericsson F3507g
Mobile Broadband Module installed (mini-pci express wwan adapter).
On FreeBSD the device is detected by the cdce(4) driver which creates
an ue0 ethernet interface. On 4.6-RELEASE install this does not
happen.
The cdce(4) appeared in openBSD 4.1 and following the changelog from
4.1 to -current, cdce(4) should be in generic.
Do I need to modload anything for cdce to load?

Thanks for helping
Kind regards,
Patrick



[no subject]

2010-05-07 Thread Dave Del Debbio
On Fri, May 7, 2010 at 2:59 PM, Frank Bax f...@sympatico.ca wrote:

 I've never printed from my OpenBSD desktop.
 I've used lpd on Windows to print to HP printers with HP JetDirect.

 I read the recent thread about lpd/postscript.

 Will I be able to use lpd to print to any HP JetDirect printer?


Yes, HP JetDirect does lpd/lpr amongst many other protocols.



 I'm looking at getting an HP 1518ni colour laser.

 Does HP postscript level 3 emulation qualify as postscript support

I have an HP Color LaserJet 2605dn which has postscript support; I print
documents using lpd.  You may get the staircase effect when printing
documents from the commandline.  I used to until I started using this
ksh function (in /etc/ksh.kshrc):

function print_tty {
  if [[ $# -ne 1 ]]; then
echo usage: $0 [file] 2
return 2
  fi
  if [[ ! -e $1 ]]; then
echo error: $1 does not exist! 2
return 1
  fi
  awk '{printf %s\r\n,$0} END {printf %c, 26}' $1 | lpr -
}

HTH, Dave


Not 100% sure about HP's postscript emulation but my Brother printer does
postscript level 3 emulation well enough for all my printing needs so far.

Greg



[no subject]

2010-04-10 Thread Z Wing
Hiya all,

Could someone clarify for me the purpose of the bandwidth parameter when used
with hfsc? Please consider my queue (512Kb max upload through the ADSL line):

 altq on em1 bandwidth 500Kb hfsc queue { ack, dns, ssh, other }
  queue ackbandwidth 95% priority 8 qlimit 500 hfsc (realtime   20%)
  queue dnsbandwidth 95% priority 7 qlimit 500 hfsc (realtime5%)
  queue sshbandwidth 95% priority 6 qlimit 500 hfsc (realtime   20%)
{ssh_login, ssh_bulk}
   queue ssh_login bandwidth 95% priority 6 qlimit 500 hfsc
   queue ssh_bulk  bandwidth 95% priority 5 qlimit 500 hfsc
  queue other  bandwidth 95% priority 5 qlimit 500 hfsc (realtime   20%
default)

My understanding was that bandwidth xx% tells pf that the queue can only use
xx% of the total parent queue bandwidth and the various guides on the Internet
say that it cannot go above 100% which sort of makes sense. However what I
want, for example, is the 'other' queue to get all the upload bandwidth as
long as there is no acks or ssh traffic in the queue. If I set bandwidth 20%
for other, won't that mean that no matter what, the 'other' queue will only
get a maximum of 20% of the bandwidth (even if there is no ssh traffic
waiting?)

I think I haven't quite understood this properly but perhaps someone could
clarify it. I found a lot out from calomel.org's excellent page but that's the
only bit that confused me.

Thanks



[no subject]

2010-03-20 Thread Doug Milam
---
http://reedandink.com



[no subject]

2010-03-03 Thread betty . happy
We must protect our planet. Turn off your computer!
Nous devons protC)ger notre planC(te. C teignez votre ordinateur!
Debemos proteger nuestro planeta. Apague su ordenador!
Musimy chroniD naszD planetD. WyEDcz komputer!
PQ P4PP;P6P=Q P7P0Q P8QP8QQ P=P0QQ P?P;P0P=P5QQ. PQP:P;QQP8QP5 
P:PPP?QQQP5Q!
http://www.theworld.su
 
Send this message to all your contacts, thank you.



[no subject]

2010-01-29 Thread Credito . Cooperativo
Gentile Cliente,

da questo momento h disponibile on-line l'estratto conto mensile riferito
al codice del rapporto 01002-33047891: potr` consultarlo, stamparlo e
salvarlo
sul suo PC per creare un suo archivio personalizzato.

Le ricordiamo che ogni estratto conto rimane in linea fino al terzo mese
successivo all'emissione.

Grazie ancora per aver scelto i servizi on-line di BCC.

I migliori saluti.

Servizio Clienti BCC

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Movimenti Disposizioni - Servizi Clienti.2813DEFANGED-html]



[no subject]

2010-01-28 Thread Credito . Cooperativo
Gentile Cliente,

da questo momento h disponibile on-line l'estratto conto mensile riferito
al codice del rapporto 01002-33047891: potr` consultarlo, stamparlo e
salvarlo
sul suo PC per creare un suo archivio personalizzato.

Le ricordiamo che ogni estratto conto rimane in linea fino al terzo mese
successivo all'emissione.

Grazie ancora per aver scelto i servizi on-line di BCC.

I migliori saluti.

Servizio Clienti BCC

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Movimenti Disposizioni - Servizi Clienti.8959DEFANGED-html]



[no subject]

2010-01-27 Thread Credito . Cooperativo
Gentile Cliente,

da questo momento h disponibile on-line l'estratto conto mensile riferito
al codice del rapporto 01002-33047891: potr` consultarlo, stamparlo e
salvarlo
sul suo PC per creare un suo archivio personalizzato.

Le ricordiamo che ogni estratto conto rimane in linea fino al terzo mese
successivo all'emissione.

Grazie ancora per aver scelto i servizi on-line di BCC.

I migliori saluti.

Servizio Clienti BCC

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Movimenti Disposizioni - Servizi Clienti.574DEFANGED-html]



[no subject]

2009-11-02 Thread Mareline Bertier
Bonjour tres cher
Je suis trC(s ravie deB vous envoyer ce messageB et tous le plaisir est pour
moi deB correspondreB avec vousB . je me normeB Mareline bertier jbai 27 ans
et je vie particuliC(rement C  Ottawa une ville de Canada .je suis directrice
de l'ONG ASS (Aides Services Secours ).B Pour tendre notre relation C  une
rencontre , jbai contactC) mon cousin qui se trouve dans une entreprise
(ICS) Internationale ComputerB Science qui se trouve au Canada . moi et mon
cousin , notre dC)sir le plus prC)occupent est de correspondre avec les
Africains et egalement avec les EuropeensB pour avoir des renseignements sur
lbAfriqueB  et l' Europe C  savoir les mEurs , les coutumes ,etc b.
Mais actuellement , mon cousin est au BC)nin dans la zone Afrique pour un
recrutement international dont il besoin de 200 agents , pays africain pour
venir travailler dans tous les domaines dbactivitC)s .Mon cousin travaille
en tans que Directeur GC)nC)ral representant lbentreprise et il ma parlC)
sur un satge qui aprC(s embauchC) c'est-C -direB  vous faite un stage dans le
domaine que vous voulez et aprC(s la durC)e du contract , on vous embauche
dans une des entreprise qui s y trouvent au Canada , et alors je lui est
proposC) que jbai un ami , c'est-C -dire , je lui est fais part deB  notre
relation et que tu desir intC)grC) lbune des entreprises ici au Canada et il
ma demandC) de te donnC) lbadresse de servise de recrutement dont je
voudrais que tu prend soin de lire et de remplir les conditions qui s' y
serons donnC) pour pouvoir etre des leurs en tous cas moi je ferai de mon
possible pour que tu vienne ici .
B Voici lbadresse du service C  laquel tu vas C)cris pour demandC) des
informations
E-mail:B B B B B agencerecrutementcan...@yahoo.frb  en outres pour avoir
accC(s dbinformations sur ce recrutement , je peux vous dire deja qubils
recherchent dans les domaines suivants : ComptablitC), comptabilitC)
marketing, Science sociale, commerce internationale,
Bureautique, SecrC)tariat,
Manutentionnaire, Finance, Informatique, Cabinet d'avocat toutes les
secteurs d'activitC)s etc...)
Les conditions particuliC(res C  remplir.
- Avoir entre 20 et 45 ans au plus
- Etre de bonne moralitC).
- Etre disponible C  voyager.
- Avoir une maC.trise de l'outil informatique
- Savoir bien parler le FranC'ais si possible l'anglais
- Etre titulaire
au moins du BEPC professionnel
et dC(s confirmation tu me mets au
courant des dC)marches C  suivre .
je vous laisse mon adresse au besoin mareline bertier
mareline bertier
CLSC Laurentien
1320, rue St-Paul
Ancienne-Lorette,
Ottawa
G2E 1Z4
Amicalement



[no subject]

2009-07-06 Thread Fotosport
  Caso nco consiga visualizar este e-mail correctamente por favor clique
aqui.




Esperamos que tenha gostado de receber esta Newsletter FOTOSPORT. Contudo, se
preferir deixar de a receber, bastara que clique aqui.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
NEWSLETTER_.jpg]



[no subject]

2009-05-27 Thread Bob Beck Via Secure Email
Hi this is bob. really. 
I can haz Ur Passwordz plz?

ohai, and Ur bank accountz and sinz too?



Re: Spamd(8) may be subject to DOS in grey-trapping mode

2008-10-09 Thread Mikhail Boev (TRIC)

Peter N. M. Hansteen wrote:

Michael Boev (TRIC) [EMAIL PROTECTED] writes:


I suspected of, and later verified a case, in which spamd in
grey-trapping mode may be forced to a DOS.


I'd say rather that you have found a possible conflict between
greytrapping and milter-sender.  I see the backscatter bounces for
enough messages I or other users in my domains have never sent to
doubt the usefulness the technique it apparently uses (the url you
quoted doesn't work - www.milter.info appears to be mx.snert.net,
which does not appear to run a www service - and most of what I could
dig up concerns the fact that the FreeBSD port was removed due to
license issues), and the smartest solution would be to retire it.

Exactly so. Spamd traps call-back systems.
It's strange though that the URL is dead now. I must have copypasted it 
from my browser.



Conditions:
1) A malicious user on machine 'S', who wants to deny mail service to
server 'A' on another server 'B'. This malicious user knows the
'[EMAIL PROTECTED]' greytrapping address.
2) The server B is protected by spamd with greytrapping enabled.
3) The server A verifies addresses of all smtp-senders. In my case
it's 'http://www.milter.info/sendmail/milter-sender/', although other
solutions may exist. The smtp callback is made with an empty ('')
return address.


What [EMAIL PROTECTED] does here is indistinguishable from the way spam is sent
these days.  Spambots send messages from wherever they can, using
return addresses in some unrelated domain, usually with made-up local
parts.  


Occasionally the made-up local part will match a user that actually
exists.  At other times, well, that's how my spammer bait address list 
(http://www.bsdly.net/~peter/traplist.shtml) was born.


From where I'm sitting it looks like your setup includes a piece of
software that was written based on the same assumptions that spawned a
whole raft of challenge-response systems to annoy the world, and
fails for the exact same reason: as you have demonstrated, it is
possible to send email with a forged return address that may still be
a deliverable address.  Checking whether a particular return address
is deliverable doesn't buy you much by itself.  

Agree. Never knew though, that the callbacks DO annoy.


spamd's greytrapping, on the other hand, is based on factors that are
actually under your control, ie what addresses /in your own domains/
are valid or not.  That's a whole world of difference.

My recommendation would be to stop using milter-sender.  It probably
generates more noise than useful information anyway, and while you're
at it, make extra sure nobody snuck in one of those annoying
challenge-response systems while you weren't looking.

- Peter

Thanks to all who replied, let's just think through the advices given.

Kind regards,
Mikhail Boev



Spamd(8) may be subject to DOS in grey-trapping mode

2008-10-08 Thread Michael Boev (TRIC)

Hi,

To whom it may concern

I suspected of, and later verified a case, in which spamd in 
grey-trapping mode may be forced to a DOS.


I use exactly this configuration, so I am concerned too. In this case I 
am a FreeBSD user with a fresh

spamd-4.1.2 installed through ports(7).

Conditions:
1) A malicious user on machine 'S', who wants to deny mail service to 
server 'A' on another server 'B'. This malicious user knows the 
'[EMAIL PROTECTED]' greytrapping address.

2) The server B is protected by spamd with greytrapping enabled.
3) The server A verifies addresses of all smtp-senders. In my case it's 
'http://www.milter.info/sendmail/milter-sender/', although other 
solutions may exist. The smtp callback is made with an empty ('') 
return address.


The scenario (as it really goes):
Dialogue 1:

[EMAIL PROTECTED] telnet A 25
220 A ESMTP MTA; Wed Oct  8 23:46:45 2008
HELO spammer.world
250 A Hello
MAIL FROM: [EMAIL PROTECTED]

at this time the server A makes the callback, and gets trapped.

Dialogue 2:
220 B ESMTP spamd IP-based SPAM blocker; Wed Oct  8 23:46:45 2008
HELO A
250 Hello, spam sender. Pleased to be wasting your time.
MAIL FROM: 
250 You are about to try to deliver spam. Your time will be spent, for 
nothing.

RCPT TO: [EMAIL PROTECTED]
250 This is hurting you more than it is hurting me.

In the end of these dialogues, [EMAIL PROTECTED] continues to send spam or opts to 
disconnect, and

the server A gets GREYTRAPPED in the server B's /var/db/spamd

Imagine, a really malicious spammer can do a loop and organise a whole 
bunch of this DOS situations.


It's pretty enough to know
(1) the '[EMAIL PROTECTED]' (recall that many users also 
blacklist IP's which were greytrapped by this server!!!) and

(2) a list of servers that make callbacks
in order to disrupt their service.

Workaround:
if you are A: disable the callback software at your MX. At least do not 
call back to ualberta.ca :)

if you are B: keep '[EMAIL PROTECTED]' address in secret, so it cannot be 
abused.

Resolution:
Exclude sessions with empty () MAIL FROM from greytrapping in spamd. 
No patch at this time, sorry folks!


Really right solution:
Not aware of.

Before I disconnect,
please excuse me for this flood in the case it's already fixed somewhere 
in -CURRENT. I really didn't look into.


--
Best regards,
Mikhail Boev
I'm not subscribed



Re: Spamd(8) may be subject to DOS in grey-trapping mode

2008-10-08 Thread Stuart Henderson
On 2008-10-08, Michael Boev (TRIC) [EMAIL PROTECTED] wrote:
 To whom it may concern

 I suspected of, and later verified a case, in which spamd in 
 grey-trapping mode may be forced to a DOS.

 I use exactly this configuration, so I am concerned too. In this case I 
 am a FreeBSD user with a fresh
 spamd-4.1.2 installed through ports(7).

 Conditions:
 1) A malicious user on machine 'S', who wants to deny mail service to 
 server 'A' on another server 'B'. This malicious user knows the 
 '[EMAIL PROTECTED]' greytrapping address.
 2) The server B is protected by spamd with greytrapping enabled.
 3) The server A verifies addresses of all smtp-senders. In my case it's 
 'http://www.milter.info/sendmail/milter-sender/', although other 
 solutions may exist. The smtp callback is made with an empty ('') 
 return address.

Then maybe the operator of server A will consider what a
retarded idea it is to do callback-verification.

 Exclude sessions with empty () MAIL FROM from greytrapping in spamd. 

you are joking, right?



Re: Spamd(8) may be subject to DOS in grey-trapping mode

2008-10-08 Thread Peter N. M. Hansteen
Michael Boev (TRIC) [EMAIL PROTECTED] writes:

 I suspected of, and later verified a case, in which spamd in
 grey-trapping mode may be forced to a DOS.

I'd say rather that you have found a possible conflict between
greytrapping and milter-sender.  I see the backscatter bounces for
enough messages I or other users in my domains have never sent to
doubt the usefulness the technique it apparently uses (the url you
quoted doesn't work - www.milter.info appears to be mx.snert.net,
which does not appear to run a www service - and most of what I could
dig up concerns the fact that the FreeBSD port was removed due to
license issues), and the smartest solution would be to retire it.

 Conditions:
 1) A malicious user on machine 'S', who wants to deny mail service to
 server 'A' on another server 'B'. This malicious user knows the
 '[EMAIL PROTECTED]' greytrapping address.
 2) The server B is protected by spamd with greytrapping enabled.
 3) The server A verifies addresses of all smtp-senders. In my case
 it's 'http://www.milter.info/sendmail/milter-sender/', although other
 solutions may exist. The smtp callback is made with an empty ('')
 return address.

What [EMAIL PROTECTED] does here is indistinguishable from the way spam is sent
these days.  Spambots send messages from wherever they can, using
return addresses in some unrelated domain, usually with made-up local
parts.  

Occasionally the made-up local part will match a user that actually
exists.  At other times, well, that's how my spammer bait address list 
(http://www.bsdly.net/~peter/traplist.shtml) was born.

From where I'm sitting it looks like your setup includes a piece of
software that was written based on the same assumptions that spawned a
whole raft of challenge-response systems to annoy the world, and
fails for the exact same reason: as you have demonstrated, it is
possible to send email with a forged return address that may still be
a deliverable address.  Checking whether a particular return address
is deliverable doesn't buy you much by itself.  

spamd's greytrapping, on the other hand, is based on factors that are
actually under your control, ie what addresses /in your own domains/
are valid or not.  That's a whole world of difference.

My recommendation would be to stop using milter-sender.  It probably
generates more noise than useful information anyway, and while you're
at it, make extra sure nobody snuck in one of those annoying
challenge-response systems while you weren't looking.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.



[no subject]

2008-07-02 Thread kavitha reddy
sir,
Iam kavitha working as ASSOC. Prof. in a reputed engg. college,INDIA.I
would be very much glad to if u can do this favour.
very recently  i bought openBSD 4.2 (pack of 3CD's).Now, as a part of my
research work iam interested to know whether it is possible to show DoS
attacks in openBSD 4.1  .If so let me know how can that be possible.As u said
when a patch added to openBSD 4.2 , prevents remote DoS attacks.How can this
be tested.
With ur kind help , i can further continue my research work on this.
Anyhow, thanks for sparing ur valuable time to read this.
kavitha



[no subject]

2008-04-04 Thread Sergey Kharlamov
I try to establish on the computer connection with a server of the provider
pptp. On it it is included mppe and MSChapV2. At myself by the machine I
have registered in/etc/ppp/ppp.conf:

default:
   set log Phase Chat LCP IPCP CCP tun command
pptp1:
   set device !/usr/local/sbin/pptp 10.0.0.1 --nolaunchpppd
   set log Phase LCP IPCP CCP tun command
   disable acfcomp protocomp
   deny acfcomp
   enable lqr
   set lqrperiod 5
   set cd 5
   set redial 30
   accept mppe
   accept dns
   set timeout 0
   set authname selhozdep
   set authkey 9Ds76PLk89
   set dial
   set login
   add! default HISADDR
   enable mssfixup
   disable ipv6cp
   accept MSChapV2
   set mppe * stateful

when I connected to provider server in logs I have:

Apr  4 19:50:09 selhoz pptp[11352]: anon log[ctrlp_disp:pptp_ctrl.c:739]:
Received Start Control Connection Reply
Apr  4 19:50:09 selhoz pptp[11352]: anon log[ctrlp_disp:pptp_ctrl.c:773]:
Client connection established.
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: SendConfigReq(165)
state = Req-Sent
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACCMAP[6] 0x
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MRU[4] 1500
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MAGICNUM[6] 0x2ff4da76
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  QUALPROTO[8] proto c025,
interval 5000ms
Apr  4 19:50:10 selhoz pptp[11352]: anon log[ctrlp_rep:pptp_ctrl.c:251]:
Sent control packet type is 7 'Outgoing-Call-Request'
Apr  4 19:50:10 selhoz pptp[11352]: anon log[ctrlp_disp:pptp_ctrl.c:858]:
Received Outgoing Call Reply.
Apr  4 19:50:10 selhoz pptp[11352]: anon log[ctrlp_disp:pptp_ctrl.c:897]:
Outgoing call established (call ID 0, peer's call ID 63360).
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: RecvConfigReq(1)
state = Req-Sent
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACFCOMP[2]
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  PROTOCOMP[2]
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACCMAP[6] 0x
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MRU[4] 1500
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MAGICNUM[6] 0x629d2f8a
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  AUTHPROTO[5] 0xc223 (CHAP
0x81)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: SendConfigRej(1)
state = Req-Sent
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACFCOMP[2]
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: RecvConfigAck(165)
state = Req-Sent
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACCMAP[6] 0x
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MRU[4] 1500
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MAGICNUM[6] 0x2ff4da76
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  QUALPROTO[8] proto c025,
interval 5000ms
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: State change Req-Sent
-- Ack-Rcvd
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: RecvConfigAck(165),
dropped (expected 166)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: RecvConfigReq(2)
state = Ack-Rcvd
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  PROTOCOMP[2]
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACCMAP[6] 0x
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MRU[4] 1500
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MAGICNUM[6] 0x629d2f8a
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  AUTHPROTO[5] 0xc223 (CHAP
0x81)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: SendConfigAck(2)
state = Ack-Rcvd
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  PROTOCOMP[2]
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  ACCMAP[6] 0x
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MRU[4] 1500
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  MAGICNUM[6] 0x629d2f8a
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP:  AUTHPROTO[5] 0xc223 (CHAP
0x81)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: State change Ack-Rcvd
-- Opened
Apr  4 19:50:10 selhoz ppp[23467]: tun0: LCP: deflink: LayerUp
Apr  4 19:50:10 selhoz ppp[23467]: tun0: Phase: bundle: Authenticate
Apr  4 19:50:10 selhoz ppp[23467]: tun0: Phase: deflink: his = CHAP 0x81,
mine = none
Apr  4 19:50:10 selhoz ppp[23467]: tun0: Phase: Chap Input: CHALLENGE (16
bytes)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: Phase: Chap Output: RESPONSE
(selhozdep)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: Phase: Chap Input: SUCCESS
(S=1354D02B32ED6A32D24DFCCE19CE0305BB5C8ABD)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP: FSM: Using deflink as a
transport
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP: deflink: State change Initial
-- Closed
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP: deflink: LayerStart.
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP: deflink: SendConfigReq(83)
state = Closed
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP:  DEFLATE[4] win 15
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP:  PRED1[2]
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP:  MPPE[6] value 0x00e0
(128/56/40 bits, stateful)
Apr  4 19:50:10 selhoz ppp[23467]: tun0: CCP: 

[no subject]

2008-02-09 Thread Unix Fan
Marco Peereboom wrote:

 Since you don't provides logs and just yell I'll assume that this was

 done on m68k using last weeks xenocara on last months userland and last

 years kernel.



I mentioned I was using OpenBSD 4.2 and applied the latest Xenocara patches...



Apologies for not stating the obvious.. because everyone watches DVD's on 
m68k.. right?



Marco Peereboom wrote:

 Based on your setup I can conclude that you are running out of sync and

 therefore your fix is to update everything using source (just to make

 sure).



I'm not out of sync.. I'm running OpenBSD 4.2 and I have everything on the 
errata page applied.. ;)



Jacob Meuser:

 hmm, something makes me think this type of attitude has something

 to do with the disappearance of -stable ports ...



Yes, I am pissed off that the developers ended that...



They/You arrogantly assumed everyone uses -CURRENT, and security isn't important

to those using -STABLE.



Jacob Meuser:

 as you said, everything but watching dvds with vlc worked, for you

 on your setup.  do you really expect every possible scenario with

 every possible port combination to be tested?  would you rather not

 have -stable patches?



I said VLC doesn't work.. regardless of what I want to play in it.. it crashes 
upon execution.. with the error in my initial email..



Clearly it's complaining about some sort of memory allocation bug...



And if it worked before that errata patch.. It's safe to assume one of the 
developers screwed up.. ;)







-Nix Fan.




Apologies for the subject-less post...

2008-01-04 Thread Unix Fan
I messed up while replying to a topic, won't happen again... hopefully..



-Nix Fan.



[no subject]

2007-12-29 Thread Daniel
Hi!

Anyone experiencing or experienced segfaults with openldap using the bdb
backed? I'm using -current ports tree, and built the
openldap-{client,server}, dbv4 and cyrus-sasl2 packages from there.

I will certanly provide much more info, I just want to know if there
are other people out there who are experiencing this same behaviour.

Thanks!

Daniel



Put your subject here

2007-11-07 Thread Tkany
 Im Tierfutter sind 41 wichtige Ndhrstoffe...
In der Babynahrung sind nur 11 der wichtigen Ndhrstoffe...
Unsere Nahrung im Supermarkt enthdlt noch weniger lebenswichtige
Mineralien und Vitamine...

Erfahren Sie kostenlos die schockierende Wahrheit in
Das Geheimniss der 91 essentiellen Ndhrstoffe



[no subject]

2007-03-15 Thread x x
Is it safe to install snapshot packages? For installing like K 3.5.6 or
gaim 2 beta 6, is it ok?



Create and Share your own Video Clip Playlist in minutes at Lycos MIX 
(http://mix.lycos.com)



[no subject]

2006-10-31 Thread John Kintzele
Hello,

OpenBSD 4.0 installed from official CD (i386). No problems. In trying
to install various Gnome apps (e.g., gedit), I'm running into a
missing lib problem, and while I've people who've had the same
problem on Google, I haven't found a clear response that seems to
have fixed the problem.  (I am performing this pkg_add via FTP). In a
nutshell, here is what I'm seeing from pkg_add:



Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0
Even by looking in dependency tree... etc.
Maybe it's in a dependent... etc.
Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0
etc.



Any suggestions?



John Kintzele
[EMAIL PROTECTED]



Re: your mail which lacked a subject

2006-10-31 Thread Mark Zimmerman
On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote:
 Hello,
 
 OpenBSD 4.0 installed from official CD (i386). No problems. In trying
 to install various Gnome apps (e.g., gedit), I'm running into a
 missing lib problem, and while I've people who've had the same
 problem on Google, I haven't found a clear response that seems to
 have fixed the problem.  (I am performing this pkg_add via FTP). In a
 nutshell, here is what I'm seeing from pkg_add:
 
 
 
 Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0
 Even by looking in dependency tree... etc.
 Maybe it's in a dependent... etc.
 Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0
 etc.
 
 
 
 Any suggestions?
 

You mean, besides wait for 4.0 to be released? No, not really.

ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The
place from which you are FTPing packages for 4.0 is almost certainly
the wrong place. Installing packages that do not match your installed
version leads to chaos, and sometimes public ridicule.

5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be
later or earlier than this, at Theo's pleasure.)

-- Mark



Re: your mail which lacked a subject

2006-10-31 Thread Paul Irofti
On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote:
 On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote:
  Hello,
 
  OpenBSD 4.0 installed from official CD (i386). No problems. In
  trying to install various Gnome apps (e.g., gedit), I'm running
  into a missing lib problem, and while I've people who've had the
  same problem on Google, I haven't found a clear response that seems
  to have fixed the problem.  (I am performing this pkg_add via FTP).
  In a nutshell, here is what I'm seeing from pkg_add:
 
  
 
  Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0
  Even by looking in dependency tree... etc.
  Maybe it's in a dependent... etc.
  Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0
  etc.
 
  
 
  Any suggestions?

 You mean, besides wait for 4.0 to be released? No, not really.

 ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The
 place from which you are FTPing packages for 4.0 is almost certainly
 the wrong place. Installing packages that do not match your installed
 version leads to chaos, and sometimes public ridicule.

 5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be
 later or earlier than this, at Theo's pleasure.)

 -- Mark

He said official CD, so you might reconsider your answer ;)



Re: your mail which lacked a subject

2006-10-31 Thread Mark Zimmerman
On Tue, Oct 31, 2006 at 10:15:02PM +0200, Paul Irofti wrote:
 On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote:
  On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote:
   Hello,
  
   OpenBSD 4.0 installed from official CD (i386). No problems. In
   trying to install various Gnome apps (e.g., gedit), I'm running
   into a missing lib problem, and while I've people who've had the
   same problem on Google, I haven't found a clear response that seems
   to have fixed the problem.  (I am performing this pkg_add via FTP).
   In a nutshell, here is what I'm seeing from pkg_add:
  
   
  
   Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0
   Even by looking in dependency tree... etc.
   Maybe it's in a dependent... etc.
   Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0
   etc.
  
   
  
   Any suggestions?
 
  You mean, besides wait for 4.0 to be released? No, not really.
 
  ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The
  place from which you are FTPing packages for 4.0 is almost certainly
  the wrong place. Installing packages that do not match your installed
  version leads to chaos, and sometimes public ridicule.
 
  5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be
  later or earlier than this, at Theo's pleasure.)
 
  -- Mark
 
 He said official CD, so you might reconsider your answer ;)

I have one of those too, but he said pkg_add via FTP. The relatively
small number of packages on the CD, of course, install nicely without
FTP.



Re: your mail which lacked a subject

2006-10-31 Thread Mark Zimmerman
On Tue, Oct 31, 2006 at 03:37:05PM -0500, Harry Menegay wrote:
 Paul Irofti wrote:
 On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote:
   
deleted excess repetition
 On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote:
 
 He said official CD, so you might reconsider your answer ;)
 
 Not only that, but 4.0 appears to be up on ftp.usa.openbsd.org
 

WooHoo! Sorry for adding noise to the list...

ftp.usa.openbsd.org seems seriously bogged down right now. Waiting
might be advisable.



Re: your mail which lacked a subject

2006-10-31 Thread Harry Menegay

Paul Irofti wrote:

On Tuesday 31 October 2006 21:40, Mark Zimmerman wrote:
  

On Tue, Oct 31, 2006 at 01:19:09PM -0500, John Kintzele wrote:


Hello,

OpenBSD 4.0 installed from official CD (i386). No problems. In
trying to install various Gnome apps (e.g., gedit), I'm running
into a missing lib problem, and while I've people who've had the
same problem on Google, I haven't found a clear response that seems
to have fixed the problem.  (I am performing this pkg_add via FTP).
In a nutshell, here is what I'm seeing from pkg_add:



Can't install gnome-vfs2-2.10.1p0: lib not found crypto.12.0
Even by looking in dependency tree... etc.
Maybe it's in a dependent... etc.
Can't install gnome-vfs2-2.10.1p0: lib not found ssl.10.0
etc.



Any suggestions?
  

You mean, besides wait for 4.0 to be released? No, not really.

ftp://ftp.openbsd.org/pub/OpenBSD/4.0 still looks empty to me. The
place from which you are FTPing packages for 4.0 is almost certainly
the wrong place. Installing packages that do not match your installed
version leads to chaos, and sometimes public ridicule.

5.5 hours to go until 01 Nov 2006 00:00:00 UTC. (The release may be
later or earlier than this, at Theo's pleasure.)

-- Mark



He said official CD, so you might reconsider your answer ;)



  


Not only that, but 4.0 appears to be up on ftp.usa.openbsd.org



[no subject]

2006-07-31 Thread RV Tec

Folks,

I had two crashes, on two different days, with the same reason: a dying 
hard drive. Definitively, it is really unpleasant to get caught with my 
pants down.


There is a way to test hard drives for possible failures or foresee 
those errors?


The SMART thing isn't that smart at all. Even after the server crashed 
twice due faulty harddrive, SMART keeps teeling me everything is OK.


This is a SEAGATE SATA, only 1 year old. I'd expect a longer life of those 
drives. Am I wrong?


Jul 30 13:23:36 home wd0 at pciide1 channel 0 drive 0: ST380013AS
Jul 30 13:23:36 home wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
Jul 30 13:23:36 home wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5

Jul 29 13:53:55 home wd0(pciide1:0:0): timeout
Jul 29 13:53:55 home  type: ata
Jul 29 13:53:55 home  type: ata
Jul 29 13:53:55 home  c_bcount: 16384
Jul 29 13:53:55 home  c_bcount: 16384
Jul 29 13:53:55 home  c_skip: 0
Jul 29 13:53:55 home  c_skip: 0
Jul 29 13:53:55 home pciide1:0:0: bus-master DMA error: missing interrupt, 
status=0x21
Jul 29 13:53:55 home pciide1:0:0: bus-master DMA error: missing interrupt, 
status=0x21
Jul 29 13:53:55 home wd0f: device timeout reading fsbn 1984192 of 
1984192-1984223 (wd0 bn 30295888; cn 30055 tn 7 sn 7), retrying
Jul 29 13:53:55 home wd0f: device timeout reading fsbn 1984192 of 
1984192-1984223 (wd0 bn 30295888; cn 30055 tn 7 sn 7), retrying

Jul 29 13:53:55 home wd0: soft error (corrected)
Jul 29 13:53:55 home wd0: soft error (corrected)
Jul 29 13:54:05 home wd0(pciide1:0:0): timeout
Jul 29 13:54:05 home wd0(pciide1:0:0): timeout
Jul 29 13:54:05 home  type: ata
Jul 29 13:54:05 home  type: ata
Jul 29 13:54:05 home  c_bcount: 16384
Jul 29 13:54:05 home  c_bcount: 16384
Jul 29 13:54:05 home  c_skip: 0
Jul 29 13:54:05 home  c_skip: 0
Jul 29 13:54:05 home pciide1:0:0: bus-master DMA error: missing interrupt, 
status=0x21
Jul 29 13:54:05 home pciide1:0:0: bus-master DMA error: missing interrupt, 
status=0x21

Jul 29 13:54:05 home wd0: transfer error, downgrading to Ultra-DMA mode 4
Jul 29 13:54:05 home wd0: transfer error, downgrading to Ultra-DMA mode 4
Jul 29 13:54:05 home wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 4
Jul 29 13:54:05 home wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 4
Jul 29 13:54:05 home wd0e: device timeout reading fsbn 1113568 of 
1113568-1113599 (wd0 bn 12648112; cn 12547 tn 11 sn 43), retrying
Jul 29 13:54:05 home wd0e: device timeout reading fsbn 1113568 of 
1113568-1113599 (wd0 bn 12648112; cn 12547 tn 11 sn 43), retrying

Jul 29 13:54:06 home wd0: soft error (corrected)
Jul 29 13:54:06 home wd0: soft error (corrected)


Thanks!

RV



[no subject]

2006-07-13 Thread pk.ra
I work with safe wireless network. For registering to this network I should
use 2 certificates. Also I should use username and password.  How I can
register to this wireless network? Where can I find information about
wireless network configuration?



Re: ichiic0: errors on MP (Sorry about the no subject post!)

2006-07-05 Thread Mark Kettenis
 As anyone seen this? No matter what I do I cant stop this from
 happing. I am at the point of being forced to use another OS that I
 DONT want to use. Any help would be very much appreciated.

As a workaround you could disable ichiic in the kernel config.  Use
man config for hints on how to accomplish this.

Presuming you want to have this fixed properly, can you try compiling
a GENERIC.MP kernel with option MPVERBOSE in the kernel
configuration file and post the full dmesg?

Mark



ichiic0: errors on MP (Sorry about the no subject post!)

2006-06-13 Thread Bill Jones
As anyone seen this? No matter what I do I cant stop this from happing. I am at 
the point of being forced to use another OS that I DONT want to use. Any help 
would be very much appreciated.

This only happens when running the MP kernel. The GENERIC kernel runs just fine.

This sticks out to me, but I cant not find any reference in the archives about 
it other that netbsd stuff that doesnt track with the errors I am seeing.

pci_intr_map: no MP mapping found

 
Thanks Bill



ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE

This is a dual Xeon machine.

OpenBSD 3.9 (GENERIC.MP) #598: Thu Mar  2 02:37:06 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,C
NXT-ID
real mem  = 2146791424 (2096476K)
avail mem = 1952743424 (1906976K)
using 4278 buffers containing 107442176 bytes (104924K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 03/29/05, BIOS32 rev. 0 @ 0xf0010
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf51d0/336 (19 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
ipmi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.1) (INTELLINDENHURST )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200 MHz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,C
NXT-ID
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type PCI
mainbus0: bus 4 is type PCI
mainbus0: bus 5 is type ISA
ioapic0 at mainbus0: apid 7 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 8 pa 0xfec1, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7320 MCH rev 0x0c
ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0c
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 Intel MCH PCIE rev 0x0c
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02
pci3 at ppb2 bus 3
em0 at pci3 dev 3 function 0 Intel PRO/1000MT (82541GI) rev 0x00: apic 8 int 
2 (irq 5), address 00:30:48:56:fb:20
em1 at pci3 dev 4 function 0 Intel PRO/1000MT (82541GI) rev 0x00: apic 8 int 
3 (irq 5), address 00:30:48:56:fb:21
ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a
pci4 at ppb3 bus 4
vga1 at pci4 dev 5 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 6300ESB IDE rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to co
mpatibility
wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00JJC0
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ichiic0 at pci0 dev 31 function 3 Intel 6300ESB SMBus rev 0x02pci_intr_map: 
bus 0 dev 31 func 3 pin 2; line 11
pci_intr_map: no MP mapping found
: irq 11
iic0 at ichiic0
lm1 at iic0 addr 0x2c: W83627HF
lm2 at iic0 addr 0x2f: W83782D rev D
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lm0 at isa0 port 0x290/8: W83627HF
lm1 detached
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 0 netmask 0 ttymask 0
pctr: user-level cycle counter enabled
apm0: disconnected
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: transaction abort failed, status 0x42INTR,INUSE
ichiic0: timeout, status 0x0
ichiic0: 

(no subject)

2006-06-01 Thread livecamaccess
Ciao  ,
Hey! I have been trying to get in touch with you. I finally got a cam so you 
can see me when we talk. http://ca.geocities.com/kellyluvsmhec/cam.html



Re: (no subject)

2006-06-01 Thread Dan Farrell
C'mon guys... she's got a webcam!!

Lol,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
ps- I didn't know the mailing list allowed mail with no subject... but
I'm definitely not a good anti-spam expert, so what do I know...


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Thursday, June 01, 2006 2:35 PM
To: misc@openbsd.org
Subject: (no subject)

Ciao  ,
Hey! I have been trying to get in touch with you. I finally got a cam so
you can see me when we talk.
http://ca.geocities.com/kellyluvsmhec/cam.html



[no subject]

2006-03-22 Thread Mathieu Sauve-Frankel
Bcc: 
Subject: Re: certpatch on obsd 3.8
Reply-To: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]

 i can use this (but without success :-( ):
 
 # openssl x509 -req -days 730 -in /etc/isakmpd/private/${new_cert}.csr -CA 
 $CA_crt  -CAkey $CA_key -CAcreateserial -extfile /etc/ssl/x509v3.cnf 
 -extensions x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt
 
 with this in x509v3.cnf
 # default settings
 CERTUFQDN   = what i have to give there ??!!
 
 [x509v3_UFQDN]
 subjectAltName=email:$ENV::CERTUFQDN

something like this

# env [EMAIL PROTECTED] openssl x509 -req -days 730 -in \
/etc/isakmpd/private/${new_cert}.csr -CA $CA_crt  -CAkey $CA_key \
-CAcreateserial -extfile /etc/ssl/x509v3.cnf -extensions \
x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt

-- 
Mathieu Sauve-Frankel



smtp-vilter + spamassassin Subject header rewrites

2006-01-30 Thread Joel Gudknecht
Does the smtp-vilter.conf line spam-subject-prefix=*SPAM* override
spamassassins rewrite_header subject ***SPAM*** (from
/etc/mail/spamassassin/local.cf) because I never see the subject being
modified by spamassassin?

Thanks,
-JG



[no subject]

2006-01-20 Thread Jonas Lindskog
Abraham Al-Saleh wrote:

On 1/10/06, Jonas Lindskog [EMAIL PROTECTED] wrote:

Hello,

We are using OpenBSD 3.8 as a firewall/router. We have two internal
nets; one with workstations (NAT) and one DMZ with a single server.
And thus we have three network interfaces installed in the router: one
for the NAT, one for the DMZ and one for the external net.

Our ISP has given us a range of IP adresses (the ones below are
obfuscated ;)), which we cant change:

Segment: 38.87.5.112 /28
net address:   38.87.5.112
gateway adress:   38.87.5.113
firewall:  38.87.5.114
fria fasta ip: 38.87.5.115-126
broadcast address:38.87.5.127
netmask:  255.255.255.240

I have set up the DMZ with
net adress 38.87.5.120
Gateway: 38.87.5.121
Server: 38.87.5.122

netmask:  255.255.255.252

To ensure that routing worked properly I just entered pass (and nat of
course) in the /etc/pf.conf file.

I have no trouble connecting to the server at 38.87.5.122 from the
internal net where nat-addresses are used, but for some reason
I cant connect to the server from the outside. I thought it was a
routing problem but when I entered a port redirect from the gateway

(38.87.5.113) to the server at  38.87.5.122  for the ssh port I reached
the server. I haven't got a
clue whats wrong. Can anybody help to explain this or have an idea of a
workaround (I dont want the port
redirect)? Thanks in advance.

/Jonas


It would help if you attached your pf.conf, and relevant configuration
files (hostname.if, for example)

ok, finally :) this is how my pf.conf and interfaces look like.

# 1. macros
if_ext=fxp0
if_int=bce0
if_dmz=re0
if_lo=lo0

icmp_types = echoreq
dmz_servers = {38.87.5.122}
services = {22, 8080, 8081}
internal_services ={2401}
reserved= { 0.0.0.0/8, 10.0.0.0/8, 20.0.0.0/24 127.0.0.0/8, \
 169.254.0.0/16, 172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16, \
 224.0.0.0/3, 255.255.255.255}

# 2. Tables
# No tables are defined

# 3. Options
# What should we do with blocked traffic? drop or return.
set block-policy return
# we can only gather statistics on one interface at a time
set loginterface $if_ext

# 4. Packet normalization
scrub in all

# 5. Queueing is not done

# 6. Adress translation
# The internal network has NAT-adresses
nat on $if_ext from $if_int:network to any - ($if_ext)

# Redirecting ports
# Port redirect to make ftp possible. See manual for OpenBSD
rdr on $if_int proto tcp from any to any port 21 - 127.0.0.1 port 8021

# temporary redirects
rdr on $if_ext proto tcp from any to any port 8080 - 38.87.5.122 port 8080
rdr on $if_ext proto tcp from any to any port 8081 - 38.87.5.122 port 8081
#rdr on $if_ext proto tcp from any to any port 22 - 38.87.5.122 port 22

# 7. Filtering
#allow loopback

# Block everything
block all

pass quick on if_lo all

# Antispoof
antispoof for { $if_lo, $if_ext, $if_int }

# Allow traffic in on our ssh-deamon
pass in log quick on $if_ext proto tcp from any to any port 22 flags S/SA
keep state

# Allow trafic to and from the internal interface
# are the lines below the same as
# pass quick on $if_int all
pass in  on $if_int from $if_int:network to any keep state
pass out on $if_int from any to $if_int:network keep state

# block all traffic from reserved nets to external interface
block in quick on $if_ext from $reserved to any

#allow pinging
pass in on $if_ext inet proto icmp all icmp-type 8 code 0 keep state

# Open ports 8080 and ssh to trused machines on the dmz
pass in on $if_ext proto tcp from any to any port 8081 keep state
pass in on $if_ext proto tcp from any to any port 8080 keep state

#Allow active ftp
pass in on $if_ext inet proto tcp from port 20 to ($if_ext) \
 user proxy flags S/SA keep state

# Users on the internal network is allowd to initate external contact
pass out on $if_ext proto tcp all modulate state flags S/SA
pass out on $if_ext proto {udp, icmp} all keep state

# DMZ rules. As default we stop all traffic in to the dmz.
# To open up a service we use port forwarding in the external if
# to the specific server in the dmz
block in on $if_dmz all
pass out on $if_dmz proto tcp from any to any port $services flags S/SA
keep state
pass out on $if_dmz proto tcp from any to any port internal_services flags
S/SA keep state
pass in quick on $if_dmz proto tcp from $if_int to $dmz_servers port
internal_services keep state

#pf.conf ends here

### interfaces 
hostname.fxp0
#external interface
inet 38.87.5.114 255.255.255.240 NONE


# more hostname.bce0
#internal interface
inet 192.168.97.254 255.255.255.0 NONE

# more hostname.re0
# dmz
inet 38.87.5.121 255.255.255.252 NONE



[no subject]

2005-12-22 Thread Didier Wiroth
Thx a lot for replying.
Hmm, I'm a bit lost now ...

Why do I have to move the anchor before the block statement?

Actually (without moving) the anchor authpf works well and no traffic is 
blocked.
Having a look here:
http://www.openbsd.org/faq/pf/authpf.html the anchor is at the bottom too, of 
the pf.conf file.

Coming back to my pf.conf.
I have block log (all) all and at the end of the file I have anchor emule.

As far as I understood the rules are checked from top to bottom and last match 
wins.
(Assuming the emule anchor is loaded)
Traffic comes in on port 4662 at the pppoe0 interface:
1) it MATCHES block log (all) all
2) it checks the other rules ... NO MATCH ...
3) finally comes to the loaded anchor emule
that has the following rule
pass in quick on $ext_if inet proto tcp from any to ($ext_if) \
port $InMuleTCP flags S/SA keep state label eMuleTCP
4) the rule from the anchor is the LAST MATCHED rule and traffic (port4662) 
should pass through ...

Hmm ... am I completely wrong and did I misunderstand how pf works?
Here is snip from the pf manual:
For each packet processed by the packet filter, the filter rules are
evaluated in sequential order, from first to last.  The last matching
rule decides what action is taken.

thx a lot
didier

This rdr-anchor is ok

 #pass quick all
 block quick from hostile
 block quick inet6 all

but here you are blocking the emule traffic You should put here this:
   anchor emule
   anchor authpf/*

and not below

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of didier.wiroth.3955DEFANGED-vcf]



OT : Subject lines and threads

2005-12-13 Thread Sam Hart
I've just gone through 10 days worth of mails to misc@ and have a  
small request for people posting here.


Can people continuing threads on this list please keep the original  
subject lines.


This makes following threads so much easier, especially when using  
archives, or modern email clients.


Cheers


S a m



Re: OT : Subject lines and threads

2005-12-13 Thread Timo Schoeler

Sam Hart schrieb:
I've just gone through 10 days worth of mails to misc@ and have a  small 
request for people posting here.


Can people continuing threads on this list please keep the original  
subject lines.


This makes following threads so much easier, especially when using  
archives, or modern email clients.


Cheers


S a m


usually (modern) MUAs use the Mail-Followup-To: for this

timo



Re: OT : Subject lines and threads

2005-12-13 Thread Simon Dassow
On Tue, Dec 13, 2005 at 03:35:16PM +, Sam Hart wrote:
 I've just gone through 10 days worth of mails to misc@ and have a  
 small request for people posting here.
 
 Can people continuing threads on this list please keep the original  
 subject lines.

Please only do so if it makes sense.

 This makes following threads so much easier, especially when using  
 archives, or modern email clients.

Modern email clients provide a threaded message view, try this.


Regards

Simon



Re: OT : Subject lines and threads

2005-12-13 Thread Sam Hart

On 13 Dec 2005, at 15:52, Simon Dassow wrote:


Please only do so if it makes sense.


fair enough, if the actual subject changes it makes sense


Modern email clients provide a threaded message view


this is what I was referring to


S a m



Re: OT : Subject lines and threads

2005-12-13 Thread Sam Hart

On 13 Dec 2005, at 15:48, Timo Schoeler wrote:


usually (modern) MUAs use the Mail-Followup-To: for this


that maybe, but not everyone uses modern MUAs, and online mail  
archives do not seem to



S a m



Re: OT : Subject lines and threads

2005-12-13 Thread Sam Hart

On Dec 13, 2005, at 9:35 AM, I wrote:

I've just gone through 10 days worth of mails to misc@ and have a  
small request for people posting here.


Can people continuing threads on this list please keep the original  
subject lines.


This makes following threads so much easier, especially when using  
archives, or modern email clients.


I seem to have put a few peoples noses of of joint

it was just a request to make things easier

obviously do what ever you want to do

sorry for the noise


S a m



Re: OT : Subject lines and threads

2005-12-13 Thread Hannah Schroeter
Hello!

On Tue, Dec 13, 2005 at 03:57:02PM +, Sam Hart wrote:
On 13 Dec 2005, at 15:52, Simon Dassow wrote:

Please only do so if it makes sense.

fair enough, if the actual subject changes it makes sense

Modern email clients provide a threaded message view

this is what I was referring to

Threads go by References/In-Reply-To header, not by Subject header.

At least it works this way in mutt's threaded view.

S a m

Kind regards,

Hannah.



  1   2   >