OpenBSD 4.6 distributed through Linux For You magazine India

hi. http://www.lfymag.com/currentissue.asp?id=13 towards the end OpenBSD 4.6 Eclipse 3.5 OpenBSD being security guru Theo de Raadts baby, includes a number of security features absent or optional in other OS. Siju

Re: OpenBSD 4.6 pfsync kernel panic

Hi David Thank you for the quick reply! The stack trace from the console at the time of the crash: Starting stack trace panic(d07a8c58,0,de1b4b28,0,d8a282b8) at panic+0x65 panic(d071ad67,6,0,d031baf5,de1b4b20) at panic+0x65 trap() at trap+0x119 --- trap (number 6) ---

PF per-ip statistics

Hi all, reading pfctl manpage I've seen this: # pfctl -t test -vTshow 129.128.5.191 Cleared: Thu Feb 13 18:55:18 2003 In/Block:[ Packets: 0Bytes: 0] In/Pass: [ Packets: 10

Stacking RAID sets

It was said in http://marc.info/?l=openbsd-miscm=125139976027774w=2 that stacking RAID sets is not a good idea. I.e. this # bioctl -ih softraid0 Volume Status Size Device softraid0 0 Online 447G sd2 RAID0 0 Online 149G 0:0.0 noencl wd1a

Re: anyone, low power rack-mount server for home usage?

Just a note, although supermicro says max 2g of ram, the X7SLA-H works well with 4G of ram. spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1 at iic0 addr 0x52: 2GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1

Re: PF per-ip statistics

* Leonardo Lombardo l.lomba...@jwizard.it [2009-11-18 10:23]: Hi all, reading pfctl manpage I've seen this: # pfctl -t test -vTshow 129.128.5.191 Cleared: Thu Feb 13 18:55:18 2003 In/Block:[ Packets: 0Bytes:

Re: Spanish language resources for OpenBSD

Abel Abraham Camarillo Ojeda wrote: I also don't like too much translating... but can help whenever possible (native spanish speaker). It's just that all the people that I know that can use (thoroughly) OpenBSD in my city can also read english very well (at least)... On Tue, Nov 17, 2009 at

Re: Spanish language resources for OpenBSD

On Wed, Nov 18, 2009 at 7:54 AM, Chris Bennett ch...@bennettconstruction.biz wrote: There is that website that records older websites, waybackmachine or something like that. Maybe the Mexican site has been recorded there? I will try and look for it. http://www.archive.org/index.php

Re: Spanish language resources for OpenBSD

On Wed, 18 Nov 2009, Chris Bennett wrote: There is that website that records older websites, waybackmachine or something like that. http://www.archive.org/

Re: why is pf reseting this ssh connection?

Todd Alan Smith wrote: This only happens with SSH connections? Are the rulesets identical between the two machines? Also, why are you still running 4.2? As I'm sure you know, there have been many improvements to pf since that release. No, I also see it happening with every TCP-based protocol

PCI ADSL2+ watchdog timeout

I've been getting frequent 'watchdog timeout' errors with 4.6: Nov 18 18:00:13 net /bsd: re0: watchdog timeout Nov 18 18:01:03 net /bsd: re0: watchdog timeout Nov 18 18:18:55 net /bsd: re0: watchdog timeout Nov 18 18:28:56 net last message repeated 4 times

Changing the NIC on installed system?

Hello, I did not yet understand very well, how the NIC drivers are selected. Is it done while installing OpenBSD or is it done at boot? In the latter case, I assume, I can replace a PCI network interface without changing any driver settings. If the logical interface name will be different, I

Re: Changing the NIC on installed system?

On Wed, Nov 18, 2009 at 06:01:26PM +0100, Roger Schreiter wrote: Hello, I did not yet understand very well, how the NIC drivers are selected. Is it done while installing OpenBSD or is it done at boot? In the latter case, I assume, I can replace a PCI network interface without changing

Re: OpenBSD blog software

[...] P.S. And this will be the last you hear about it from me. ;) I hope this doesn't come to mean the project falls dead. I've been reading the source and seems surprisingly simple, but those damned regulars... hehehe. My treat!

Re: OpenBSD blog software

On Tue, Nov 17, 2009 at 06:56:40PM +0100, Daniel Gracia Garallar wrote: [...] P.S. And this will be the last you hear about it from me. ;) I hope this doesn't come to mean the project falls dead. I've been reading the source and seems surprisingly simple, but those damned regulars...

Re: Authpf and more than 992 users

On Thu, Jan 08, 2009 at 03:21:42PM +0100, Janusz Gumkowski wrote: I'm running out of PTYs on my authpf firewall. Simply, more than 992 (max pty limit) users are trying to log in simultaneously. In theory I could disable (in authpf.c) checking whether or not session has been successfully

Intel PRO/1000 QP

Hi, we have a Dell PowerEdge R610 with two Intel PRO/1000 QP cards connected to a Cisco 2960G switch. Each card has four giga interfaces, but only two interfaces per card work properly. Works only the first and third interface of each card. The other interfaces do not negotiate the correct speed.

Re: OpenBSD blog software

now a wiki On Wed, Nov 18, 2009 at 12:33:32PM -0500, Jason Dixon wrote: On Tue, Nov 17, 2009 at 06:56:40PM +0100, Daniel Gracia Garallar wrote: [...] P.S. And this will be the last you hear about it from me. ;) I hope this doesn't come to mean the project falls dead. I've been

Re: OpenBSD blog software

On Wed, 18 Nov 2009, Jason Dixon wrote: Not at all. I intentionally wrote Blogsum so I could begin blogging. I avoided installing the bloat-heavy CMS/blogging alternatives out there until I was satisfied it would meet my own criteria. howabout a Blogsum LKM ? ;-)

Re: OpenBSD blog software

On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote: now a wiki And before you know, it, a social networking site. I want you to be my friend on Dixonspace!!! On Wed, Nov 18, 2009 at 12:33:32PM -0500, Jason Dixon wrote: On Tue, Nov 17, 2009 at 06:56:40PM +0100, Daniel

Re: OpenBSD blog software

I was actually being serious :-) But a little ragging never hurt anyone. I be teh jdixon freind!! On Wed, Nov 18, 2009 at 07:37:48PM +0100, Bret S. Lambert wrote: On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote: now a wiki And before you know, it, a social networking

Re: OpenBSD blog software

Bret S. Lambert wrote: On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote: now a wiki And before you know, it, a social networking site. Wake me when it becomes a cloud.

Re: OpenBSD blog software

Bret S. Lambert wrote: On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote: now a wiki And before you know, it, a social networking site. I want you to be my friend on Dixonspace!!! so you can draw ascii-art penises on his Dixonspace profile ? :-) Gilles

Re: OpenBSD blog software

On Wed, Nov 18, 2009 at 07:37:48PM +0100, Bret S. Lambert wrote: On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote: now a wiki And before you know, it, a social networking site. I want you to be my friend on Dixonspace!!! Gotta have realtime plaintext chat for

Re: Authpf and more than 992 users

2009/11/18 Janusz Gumkowski janusz.gumkow...@am.torun.pl: Is it at all possible to have more than 992 simultaneous authpf users ? Yes, use more than one machine. Digging out an old post of mine, still not having any real solution but a couple of ugly hacks instead, trying to get rid of

php5-core package install problems

I am having trouble with installing a package, php5-core for OpenBSD 4.6 (i386). There is a dependency that cannot be resolved. php5-core requires libiconv-1.12, and a package only exists for libiconv-1.13. # pkg_add -r php5-core Can't install

Odd name lookup behavior

Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158

Re: OpenBSD blog software

On Wed, 18 Nov 2009 20:04:01 +0100 Gilles Chehade gil...@poolp.org wrote: Bret S. Lambert wrote: On Wed, Nov 18, 2009 at 12:00:21PM -0600, Marco Peereboom wrote: now a wiki And before you know, it, a social networking site. I want you to be my friend on Dixonspace!!!

5 PKK'lı İmralıya gönderildi

BC6lgesel Haberler GCnlCk Flash Haber 5 PKK'lD1 D0mralD1ya gC6nderildi CcalanD1n yalnD1zlD1DD1 sona erdi. BC6lCcCbaED1nD1n komEularD1 D0mralD1ya gC6nderildi bile... Eimdilik 5 PKK'lD1 Ccalana arkadaElD1k edecek; DevamD1nD1 okumak iC'in Tiklayiniz BC6lgesel Haberler Haber AboneliD

Questions about chrooted apache and exec() in php

Hello, Iam running the apache in base 4.5 with the chroot. Iam trying to run this simple script (as a test) but I cannot make it to output anything... I have done a cp /usr/bin/whoami /var/www/bin/ , made sure that ownership is root:daemon, and permissions are 600, i have even tried 777 i

Re: php5-core package install problems

On Thu, Nov 19, 2009 at 05:10:12AM +1100, John wrote: I am having trouble with installing a package, php5-core for OpenBSD 4.6 (i386). There is a dependency that cannot be resolved. php5-core requires libiconv-1.12, and a package only exists for libiconv-1.13. # pkg_add -r php5-core

Re: php5-core package install problems

On Thu, 19 Nov 2009 05:10:12 +1100 John john.n.t...@live.com wrote: I am having trouble with installing a package, php5-core for OpenBSD 4.6 (i386). There is a dependency that cannot be resolved. php5-core requires libiconv-1.12, and a package only exists for libiconv-1.13. # pkg_add -r

Re: midwest US mirror

I should mention things that I didn't before and reiterate others . . . 1) I am committed to maintaining this service 2) At the moment, I have a ~300G hard drive devoted to it (and willing to devotre more, in the future) 3) I have a DSL (high-speed) connection i'm not sure what kind of

Re: Questions about chrooted apache and exec() in php

On Wed, 18 Nov 2009 14:23:42 -0600 Matthew Young myoung24...@gmail.com wrote: Hello, Iam running the apache in base 4.5 with the chroot. Iam trying to run this simple script (as a test) but I cannot make it to output anything... I have done a cp /usr/bin/whoami /var/www/bin/ , made

Re: Questions about chrooted apache and exec() in php

On Wed, 18 Nov 2009 22:44:51 +0100 Robert rob...@openbsd.pap.st wrote: # kdump ktrace.out kdump -f ...

Re: Odd name lookup behavior

On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs

Re: Odd name lookup behavior

On Wed, 18 Nov 2009 15:06:28 -0500 stan st...@panix.com wrote: Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1

SPAMd blacklists unavailable

Hi, While trying to get http://www.openbsd.org/spamd/chinacidr.txt.gz and http://www.openbsd.org/spamd/koreacidr.txt.gz i'm getting 404's. Have those resources been moved ? I'm in the meantime using http://ipdeny.com/ipblocks/data/countries/cn.zone and

Re: Odd name lookup behavior

On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file:

Re: Odd name lookup behavior

On Wed, Nov 18, 2009 at 11:21:41PM +0100, Robert wrote: On Wed, 18 Nov 2009 15:06:28 -0500 stan st...@panix.com wrote: Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs

Re: Odd name lookup behavior

On Wed, Nov 18, 2009 at 11:21:41PM +0100, Robert wrote: On Wed, 18 Nov 2009 15:06:28 -0500 stan st...@panix.com wrote: Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs

OT: Have you hugged your local OpenBSD dev lately?

So glad we don't have these kinds of issues... https://bugzilla.redhat.com/show_bug.cgi?id=534047

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote: So glad we don't have these kinds of issues... https://bugzilla.redhat.com/show_bug.cgi?id=534047 no one offered a diff to implement that feature on OpenBSD yet ? it can easily be done by writing a sudoKit policy :-) Gilles -- Gilles

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote: So glad we don't have these kinds of issues... https://bugzilla.redhat.com/show_bug.cgi?id=534047 Wow that's tremendously funny. -- DISCLAIMER: http://goldmark.org/jeff/stupid-disclaimers/ This message will self-destruct in 3

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, Nov 18, 2009 at 16:55, Abel Abraham Camarillo Ojeda acam...@the00z.org wrote: On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote: So glad we don't have these kinds of issues... https://bugzilla.redhat.com/show_bug.cgi?id=534047 Wow that's tremendously funny. -- DISCLAIMER:

Re: OT: Have you hugged your local OpenBSD dev lately?

Before everyone goes too bonkers, consider exactly how safe/dangerous this behavior actually is on a single user machine. Food for thought. Think to yourself: what *exactly* is the difference between the only user account on your machine and root? How are you safe? On Nov 18, 2009, at

Re: OT: Have you hugged your local OpenBSD dev lately?

Before everyone goes too bonkers, consider exactly how safe/dangerous this behavior actually is on a single user machine. Food for thought. Think to yourself: what *exactly* is the difference between the only user account on your machine and root? How are you safe? Not everyone runs

Re: OT: Have you hugged your local OpenBSD dev lately?

2009/11/19 Ted Unangst ted.unan...@gmail.com: Think to yourself: what *exactly* is the difference between the only user account on your machine and root? How are you safe? And then you create a guest account on your netbook... Read the comments. There are some interesting exploits for this...

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, 18 Nov 2009 17:08 -0800, Bryan bra...@gmail.com wrote: On Wed, Nov 18, 2009 at 16:55, Abel Abraham Camarillo Ojeda acam...@the00z.org wrote: On Wed, Nov 18, 2009 at 04:05:04PM -0800, Bryan wrote: So glad we don't have these kinds of issues...

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, Nov 18, 2009 at 05:38:38PM -0800, Ted Unangst wrote: Before everyone goes too bonkers, consider exactly how safe/dangerous this behavior actually is on a single user machine. Food for thought. Think to yourself: what *exactly* is the difference between the only user account on

Re: OT: Have you hugged your local OpenBSD dev lately?

--- On Wed, 11/18/09, Bryan bra...@gmail.com wrote: From: Bryan bra...@gmail.com Subject: OT: Have you hugged your local OpenBSD dev lately? To: Misc OpenBSD misc@openbsd.org Received: Wednesday, November 18, 2009, 7:05 PM So glad we don't have these kinds of issues...

Re: Match rule with scrub options cause some websites to hang

Here's a brief overview of what I did. If it's not what you are looking for, let me know (or we can take a more detailed discussion off-list). I don't claim to be an expert in this. I did a lot of Googling/reading, and cobbled together my strategy from several sources. Even then, I think

Re: OT: Have you hugged your local OpenBSD dev lately?

On Nov 18, 2009, at 5:47 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: Before everyone goes too bonkers, consider exactly how safe/dangerous this behavior actually is on a single user machine. Food for thought. Think to yourself: what *exactly* is the difference between the only user

Re: OT: Have you hugged your local OpenBSD dev lately?

If you give untrusted people unsupervised access to your laptop, I hope you have a better lock than I do. On Nov 18, 2009, at 5:45 PM, Martin SchrC6der mar...@oneiros.de wrote: 2009/11/19 Ted Unangst ted.unan...@gmail.com: Think to yourself: what *exactly* is the difference between the only

Re: OT: Have you hugged your local OpenBSD dev lately?

Not a change i would make, but for a desktop? Not a big deal. On Nov 18, 2009, at 5:48 PM, Eric Furman misc@openbsd.org wrote: but making it *default* behaviour?? On Wed, 18 Nov 2009 17:38 -0800, Ted Unangst ted.unan...@gmail.com wrote: Before everyone goes too bonkers, consider exactly how

Re: Odd name lookup behavior

On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the

Re: Changing the NIC on installed system?

Roger Schreiter ro...@planinternet.de writes: Hello, I did not yet understand very well, how the NIC drivers are selected. Is it done while installing OpenBSD or is it done at boot? In the latter case, I assume, I can replace a PCI network interface without changing any driver settings.

pam-devel package??

Hi all, I need to build a pam-dependent plugin (openvpn-auth-pam) that requires the pam-devel libraries; I think that's why it's failing to build. I can't seem to find them in any OpenBSD port or package list; can someone point me in the right direction or tell me what to look for?

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, Nov 18, 2009 at 05:38:38PM -0800, Ted Unangst wrote: Before everyone goes too bonkers, consider exactly how safe/dangerous this behavior actually is on a single user machine. but did they also by default restrict the system to 1 user? it's not so much the idea that's laughable, but

Re: Odd name lookup behavior

You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. snip You made that up. Yes it can. If it's configured to do so. I'm guessing

Re: OT: Have you hugged your local OpenBSD dev lately?

To be sure, I don't think it's the best idea. But practically? For actual users running fedora? I doubt the change makes much difference for many of them. The reason I even brought this up is not because I like the idea, but because I think it is a good opportunity to reflect on what user

Re: Odd name lookup behavior

On Wed, 18 Nov 2009, Bryan Irvine wrote: You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. snip You made that up. Yes it can. If

Re: pam-devel package??

On Wed, 18 Nov 2009 19:28:55 -0800, Elliott Barrere wrote: Hi all, I need to build a pam-dependent plugin (openvpn-auth-pam) that requires the pam-devel libraries; I think that's why it's failing to build. I can't seem to find them in any OpenBSD port or package list; can someone point me in

Re: pam-devel package??

Openbsd doesn't use pam, so you aren't going to have much luck getting openvpn to use it either. On Nov 18, 2009, at 7:28 PM, Elliott Barrere elli...@mywedding.com wrote: Hi all, I need to build a pam-dependent plugin (openvpn-auth-pam) that requires the pam-devel libraries; I think

Re: OT: Have you hugged your local OpenBSD dev lately?

On Wed, 18 Nov 2009 16:05:04 -0800 Bryan wrote: So glad we don't have these kinds of issues... New around here, but I'm noticing a lot of tooting of our own horn...so to speak. With all the possible vectors for compromising a system that are available it just sounds naive to keep touting how

Re: pam-devel package??

Check out the port net/openbsd_bsdauth. While not PAM auth, it will actually work on OpenBSD. (Hint: we don't do PAM) On 2009 Nov 18 (Wed) at 19:28:55 -0800 (-0800), Elliott Barrere wrote: :Hi all, : :I need to build a pam-dependent plugin (openvpn-auth-pam) that requires the :pam-devel