Re: How to open PDF that requires Adobe 9
On Tuesday 07 December 2010 08:40:01 am Clint Pachl wrote: Anthony Bentley wrote: This happens when there are multiple PDFs embedded in a single PDF file. I remember reading a Ghostscript bug about this (could probably find it again if I had the exact error message), but unfortunately Mupdf still doesn't support it. Here is the Ghostscript bug: http://bugs.ghostscript.com/show_bug.cgi?id=690422 From here it looks like you might be able to get it with gs after all. Good research Anthony. That bug describes my situation exactly. The only thing is that I didn't know what the hell a portfolio PDF was until now. Unfortunately, the gs ports is version 8.63 (released 2008-08-01). This bug report/fix happened in April 2009. Shit, now Mr. Schroder is going to be on my ass about patches again. :-P kili@ posted a ghostscript update to ports@ in October IIRC, you may consult the archives. cheers, Sebastian
Re: seeking SQLite on OpenBSD stories
On Tue, Dec 07, 2010 at 09:57:22AM +0800, Edwin Eyan Moragas wrote: Hi Misc, i'm looking for experience of using SQLite on OpenBSD. if anybody in the list can share 1) how SQLite is being used 2) size of the database 3) performance metrics (if you have them) anything about SQLite on OpenBSD. link would be appreciated too. Well, we enjoy nice relations with the people developping sqlite, who seem to be very nice people. Apart from that, sqlite is currently in our ports tree, most specifically because of a 'chicken and egg' issue: it could be useful in base, but nothing uses it yet, so there's no incentive to put it in base. And since it's not in base, nothing develops to use it. Personally, if I did use it, it would be through the perl frontend, so that's even more daunting, as I don't believe DBI is audited enough nor sane enough to fit in base yet... Apart from that, it's used for sqlports, a very useful database that holds about every meta-information for every port (very useful when you're looking for all usage of a specific construct before changing it). It weighs in at roughly 40M. There is a smaller version at 24M, with a saner schema, but not a lot of things use it. I think landry has tools that use this as well. In all, it's used precisely for its defining purposes: a simple database when you don't want to go to the hastle of setting up a server. In my personal case, it's been the first time ever I started using databases. All the shit required to set up mysql/postgres and adding new users with new priority did not seem relevant in a world where I have limited time to do enjoyable stuff. I've since learnt minimal amounts of database knowledge thanks to drupal, and ended up with an healthy loathing of the bloated industry giant that calls itself Oracle, along with its mafia of instructors and certifications, and paid services that could often run on much lighter systems, but would be ways less profitable to all those crooks...
Re: using bgp mpls vpn
On Fri, Dec 03, 2010 at 01:10:30AM +0200, Imre Oolberg wrote: Hi! Claudio Jeker wrote: It looks like the connection from PE1 to PE2 is not using MPLS. It looks like the ldp session between PE1 and the P router is not established. Thank you very much for your suggestion to look over the network below, i didnt expect it to be a source of my problems and excuse me to waste time for such a stupid reason. Now packets with double labels come and go, so i search bgp mpls vpn further using several PE routers and create relationships between networks behind them etc. Is my understanding correct that mpls-labeled packets going thru network themselves dont need ip networking configured on P routers (and not even net.inet.ip.forwarding switched on) but since ldpd needs to run on them and it uses udp multicast and tcp-based connections ip configuration is still needed? And usually ldpd processes communicate only with other ldpd processes which run on their adjacent neighbors? You need an IP backbone that connects all P and PE routers because that's the way the topology and pathes are calculated. LDP currently only runs on top of IP and that will not change any time soon. So you need an IP backbone to build the label pathes on which the various mpls VPN will be switched over. Currently you must enable IP forwarding (because of penultimate hop popping) on all routers. Every ethernet interface needs an IP address so that LDP can be run over those links. Additionally you need the IP address as nexthop on the MPLS pathes. In theory it is possible to use static setups using MAC addresses as nexthops but such static networks are unfeasible in reality. -- :wq Claudio Just for the record, my second attempt was made using OpenBSD 4.8-current (GENERIC) #501: Mon Nov 29 11:58:38 MST 2010 and i386. Claudio Jeker wrote: On Fri, Nov 26, 2010 at 11:02:06PM +0200, Imre Oolberg wrote: eHi! I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov 1 11:04:25 MDT 2010' i set up some good number of testing machines and started to try out the bgp mpls vpn stuff (based on man bgpd.conf, man ldpd.conf man man route + http://marc.info/?l=openbsd-miscm=127470697232025w=1 and i also did some general reading on mpls mpls-vpn) This is a fairly old current. But IIRC nothing super important happend in between. What i got so far is working bgp mpls vpn between two computers if they are directly connected like this. (The objective was to create behind PE1 two private vlans 172.116.93/24 and 172.117.93/24 into different rdomains which can communicate which their respective counterpart vlans behind PE2, 172.116.94/24 and 172.117.94/24)) ... big snip ... at P in the middle it says mpls-4:~# ldpctl show lib Destination Nexthop Local LabelRemote Label In Use 0.0.0.0/0192.168.10.25416 Untagged yes 10.0.11.0/24 10.0.171.117 Pop tagyes 10.0.12.0/24 10.0.172.118 Untagged yes 10.0.171.0/2410.0.171.254 3 Untagged yes 10.0.171.0/240.0.0.0 3 Untagged yes 10.0.172.0/2410.0.172.254 3 Untagged yes 10.0.172.0/240.0.0.0 3 Untagged yes 10.10.11.1/3210.0.171.119 19 yes 10.10.12.1/3210.0.172.120 Untagged yes 192.168.10.0/24 10.0.172.13 Untagged yes 192.168.10.0/24 10.0.171.13 Pop tagyes 192.168.10.0/24 0.0.0.0 3 Untagged yes mpls-4:~# route -n show -mpls Routing tables MPLS: In label Out label Op GatewayFlags Refs Use Mtu Prio Interface 16- LOCAL 192.168.10.254 UGT00 - 8 em0 17- POP10.0.171.1 UGT00 - 32 em1 18- LOCAL 10.0.172.1 UGT00 - 32 em2 1919SWAP 10.0.171.1 UGT0 10 - 32 em1 20- LOCAL 10.0.172.1 UGT00 - 32 em2 Looking at the routing table you show here it seems that there is an issue with ldpd. There are to many Untagged FEC in the ldpctl show lib output. It looks like the session between the P/PE systems did not get up. Did you look at the ldpctl show nei output? Btw. look at the route -n show -inet output and check which routes have MPLS pathes attached to them (T in the flags section). You can also use route -n get IP or
ftp5.eu.openbsd.org down?
-- see ya, giovanni
Re: Donations
On 7 December 2010 07:36, fqui nonez fquinon...@gmail.com wrote: In fact, the people in El Salvador who were responsible to assassinate 80,000 persons; were trained at La escuela de las Americas in US. http://en.wikipedia.org/wiki/School_of_the_Americas Note the cute renaming and attempted post-hoc legitimization.
Re: Campus internet connection
This problem has already occured in NetBSD. http://lists.shmoo.com/pipermail/hostap/2009-August/020080.html I have created a new diff for OpenBSD patch-driver_wired_c (wpa_supplicant) which works fine. --- original/driver_wired.c Sun Dec 31 04:28:05 2006 +++ driver_wired.c Fri May 18 02:06:07 2007 @@ -18,7 +18,7 @@ #ifdef __linux__ #include netpacket/packet.h #endif /* __linux__ */ -#ifdef __FreeBSD__ +#if defined(__FreeBSD__) || defined(__OpenBSD__) #include net/if_dl.h #endif /* __FreeBSD__ */ @@ -132,6 +132,15 @@ os_memcpy(LLADDR(dlp), addr, ETH_ALEN); } #endif /* __FreeBSD__ */ +#ifdef __OpenBSD__ + { + struct sockaddr *sap; + sap = (struct sockaddr *) ifr.ifr_addr; + sap-sa_len = sizeof(struct sockaddr); + sap-sa_family = AF_UNSPEC; + os_memcpy(sap-sa_data, addr, ETH_ALEN); + } +#endif /* __OpenBSD __ */ if (ioctl(s, add ? SIOCADDMULTI : SIOCDELMULTI, (caddr_t) ifr) 0) { perror(ioctl[SIOC{ADD/DEL}MULTI]); 2010/11/17 David Coppa dco...@gmail.com: On Wed, Nov 17, 2010 at 4:38 PM, Tomas Vavrys vav...@cleancode.cz wrote: Hello, I would like to use OpenBSD at school, but current documentation is only for Windows, Linux. Could you please guide me what is different and what man pages should I read? What bothers me is WPA supplicant. PF should not be a problem. Link to translated documentation, I know it is not perfect but I actually read it and it's fine to get the fundamental meaning. http://translate.google.cz/translate?hl=cssl=autotl=enu=http://www.kolej.mff.cuni.cz/faq/connect_linux.html%23mac Sorry, no way. 802.1X authentication is currently unsupported on OpenBSD. ciao, david
Problems with sound card
Hi misc@, I have a Dell Vostro 1510 with -current and my sound card it's not supported, Here is my dmesg and pcidump: http://x61.com.ar/tmp/pcidump http://x61.com.ar/tmp/dell.dmesg I build the kernel with AZALIA_DEBUG but nothing. $ mixerctl -av mixerctl: /dev/mixer: Device not configured $ audioctl audioctl: /dev/audioctl: Device not configured Any ideas? Cheers -- Sending from my Computer.
Re: OpenBSD in Rock Band 3
On Mon, Dec 06, 2010 at 07:38:10PM -0500, Doug Clements wrote: Misc, I sat through the ending credits of Rock Band 3 for the PS3 tonight, and I saw a license inclusion from OpenBSD. I'm guessing they lifted some bit of code and used it in the game. Does anyone have any idea what portion it might have been? There were also license notifications for AES, MD5, and RSA. I'm guessing these were probably for making sure online play integrity is assured, but I'm curious of those as well. --Doug Aw, I read the subject and thought that some openbsd release songs had made it in..
Re: seeking SQLite on OpenBSD stories
On Tue, Dec 07, 2010 at 09:57:22AM +0800, Edwin Eyan Moragas wrote: Hi Misc, i'm looking for experience of using SQLite on OpenBSD. if anybody in the list can share 1) how SQLite is being used I use it left and right on a product we are developing and it is very very good and easy to use. The API is surprisingly good considering the underlying complexity. The docs are pretty good once you get a grip on the API but the threshold is relatively high. 2) size of the database We use them in all kinds of sizes and we will use it in the (100s of) millions of records in the near future. So far I have not seen any issues. 3) performance metrics (if you have them) I have no metrics for you just some advice. Use the prepare/commit thing and life is good. If you don't then you'll get max 160 inserts per second. anything about SQLite on OpenBSD. link would be appreciated too. I just used the sqlite webpages at http://www.sqlite.org/capi3ref.html Again the docs are very good but require practice. The only thing I don't like is not having access to a non-sql API. One of the things I use it for is for a basic b+tree and I really could have done without the sql shiz. That said, I have nothing ugly to say about it and in fact am very pleased with it.
Re: Problems with sound card
On Tue, Dec 07, 2010 at 10:39:23AM -0300, Gonzalo L. R. wrote: Hi misc@, I have a Dell Vostro 1510 with -current and my sound card it's not supported, Here is my dmesg and pcidump: http://x61.com.ar/tmp/pcidump http://x61.com.ar/tmp/dell.dmesg I build the kernel with AZALIA_DEBUG but nothing. $ mixerctl -av mixerctl: /dev/mixer: Device not configured $ audioctl audioctl: /dev/audioctl: Device not configured Any ideas? are you sure it's not turned off in the bios? Cheers -- Sending from my Computer. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Des idées cadeaux
Voir ce message dans un navigateur. Laissez-vous surprendre par cette magnifique collection. Du style ` petit prix. Avec l'approche des fjtes, il est temps de penser ` vos cadeaux de fin d'annie. Lillibox vous offre la possibiliti de faire vos achats tranquillement ` la maison via notre boutique en ligne. Bagues, colliers, bracelets, boucles d'oreilles, bijoux fantaisies ou en argent, tous nos articles sont garantis sans nickel et traitis contre les allergies. Si vous souhaitez recevoir notre offre(une fois par mois), inscrivez-vous sur lillibox.com, si vous ne souhaitez plus recevoir de courrier de notre part, cliquez sur le lien de disabonnement ci-bas. )Lillibox * Pour ne plus recevoir ce message cliquer sur le lien suivant: http://www.stat-rec-1.com/out/desinscrquestion.php?u=13852b=Fc=57105m=m...@openbsd.orglng=fr **
Re: 4.8-current snap, possible OSX NFS issue?
Just a quick update with the Dec.6 amd64 snapshot, and the problem still exists. I had hoped with some recent attention to nfs re: the systat -m freeze that there might have been some movement on this one. I had written a couple other replies previously that never made it to list. Hope this one fares better. Cheers, -- Jason
Re: Problems with sound card
well the BIOS don't have a option to enable it, but I boot with Windows and I have the same, no sound card, so the hw is fried :( sorry for the noise cheers On 12/07/10 13:05, Jacob Meuser wrote: On Tue, Dec 07, 2010 at 10:39:23AM -0300, Gonzalo L. R. wrote: Hi misc@, I have a Dell Vostro 1510 with -current and my sound card it's not supported, Here is my dmesg and pcidump: http://x61.com.ar/tmp/pcidump http://x61.com.ar/tmp/dell.dmesg I build the kernel with AZALIA_DEBUG but nothing. $ mixerctl -av mixerctl: /dev/mixer: Device not configured $ audioctl audioctl: /dev/audioctl: Device not configured Any ideas? are you sure it's not turned off in the bios? Cheers -- Sending from my Computer. -- Sending from my Computer.
Re: OpenBSD in Rock Band 3
On Tue, Dec 7, 2010 at 10:07 AM, Josh Rickmar joshua_rick...@eumx.net wrote: Aw, I read the subject and thought that some openbsd release songs had made it in.. Me too! That would've been awesome!
Re: Donations
What you don't realize is that when paypal locks accounts they effectively seize the money because you cannot get it out of the FDIC registered banks that they have placed it. You can't, until you file to get it back. You need to do more research. Perhaps. But if this is true, it is something that is a consequence of using Paypal as a payment processor. It may even be in their TOS. I even feel for Mr. Assange a bit here, since this is something that may not be obvious to the average Paypal payment-processing client. It's certainly a pretty solid reason for OpenBSD not to accept payments through them. But I still fail to see the due process (again, in the Constitutional sense) requirements for Paypal here. They are a private company, contracted by people to process payments -- which inherently involves their holding onto your money for some period of time. If they decide not to process any more payments for you, it is probably a breach of contract at most, and you go after them in civil court. If they possess some of your payments, and won't give them to you, you might be able to bring fraud or possibly theft charges, depending on the jurisdiction. I suspect the filing thing would get Paypal around that, and is standard arse-covering for client disputes of any kind. This is getting off-topic, so I'll shut up for now. I don't use Paypal to process payments, and would need to go read their TOS to offer any further commentary. Corey
Re: Donations
Better add Visa to the list as well http://www.salon.com/news/feature/2010/12/07/wikileaks_17/ On Sat, Dec 4, 2010 at 10:25 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: In the future, if people can show preference for the non-Paypal transaction methods when they donate, we would appreciate that over Paypal. Since the projects hackathons (and many other things) are very much funded by donations, it is hard for us to fully dissasociate completely from Paypal. However we can ask and recommend that people pass less money through them. If you don't know why I am sending this mail.. you are reading US managed news, and need to much much more informed Thanks.
OpenBSD Access Point?
Hi All, First post to misc. I'd like to create an OpenBSD based router + wifi access point. I thought I might buy myself one of these for Christmas: PC Engines ALIX 2D13: http://www.pcengines.ch/alix2d13.htm That's a AMD Geode LX800 with on-board serial, Ethernet (3), USB and miniPCI. The same vendor also sells several compatible wireless cards e.g. Wistron DNMA92 Atheros 802.11a/b/g/n - Chipset: Atheros AR9220 Compex WLM54SAG23 200mW Atheros 802.11a/b/g - Chipset: Atheros AR5414 I checked the 4.8 man pages and the faq (openbsd.org/faq/faq6.html) to try to determine my best choice ... Naturally I'd like to run 11n for the high speed and the 4.8 man page for the athn driver says the newer 9220 chip _is_ supported. However the list archives contain some remarks about it being supported only in client BBS mode, not in AP (Access Point) mode. The athn man page is not so clear on this, it mentions the existence of BSS and AP modes, but is not explicit about exactly what modes are supported by which chipsets. The FAQ page indicates that the ath driver (i.e. the non - n driver) does support AP mode. But neither the ath or athn man pages mention the older AR5414 chip at all :-( Any suggestions on how to go forward here? Is the project feasible and which of these components would be best? From my perspective it would be useful if the information on the support modes (BBS/AP) were to be added into the tables in those man pages that already enumerate the supported chipsets/bus-interfaces/bands/channels. Cheers, Robb. -- +---+ | I've seen things you people wouldn't believe. | | Attack ships on fire off the shoulder of Orion. I watched | | C-Beams glitter in the dark near the Tannhauser Gate. All | | those moments will be lost in time, like tears in rain. | | Time to die. -- Roy Batty, Nexus6, N6MAA10816, Combat | +---+
Re: Donations
On Tue, Dec 7, 2010 at 1:24 PM, Jason Crawford ja...@purebsd.net wrote: Better add Visa to the list as well http://www.salon.com/news/feature/2010/12/07/wikileaks_17/ yep | MasterCard and Visa have cut off support for | WikiLeaks. They claimed WikiLeaks breaches its | rules, but you can still use those cards to | support overtly racist orgainsations supported by | the Ku Klux Klan. source: http://www.guardian.co.uk/news/blog/2010/dec/07/wikileaks-us-embassy-cables-l ive-updates On Sat, Dec 4, 2010 at 10:25 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: In the future, if people can show preference for the non-Paypal transaction methods when they donate, we would appreciate that over Paypal. Since the projects hackathons (and many other things) are very much funded by donations, it is hard for us to fully dissasociate completely from Paypal. However we can ask and recommend that people pass less money through them. If you don't know why I am sending this mail.. you are reading US managed news, and need to much much more informed Thanks.
Riparty con Postepay
Riparty con PostepayConcorso Riparty con PostepayDal 10 ottobre 2010 al 31 maggio 2011 ricarica la tua carta postepay* e parteciperai al concorso! In palio per te ogni mese un fantastico premio! Scrigno Elation long week end tra arte e sapori per due persone + Fotocamera Digitale Samsung WP 10 E se fai almeno 3 pagamenti sul circuito Visa durante il periodo del concorso, potrai partecipare all'estrazione finale e vincere una Vespa 125 GTS Giallo Lime. Ma non solo: effettua una ricarica da 10 euro sul tuo telefonino dalla tua carta postepay entro il 31/12/2010: Postepay, te la regala* !!! Allora cosa aspetti? Entra subito nel sito: postepay.it *Partecipano alle estrazioni mensili i titolari che avranno effettuato almeno una transazione Visa nello stesso mese. Sono escluse le transazioni effettuate sul circuito Postamat (es. ricarica carta, pagamento bollettini o altri acquisti sul sito poste.it o presso gli uffici postali) * La ricarica omaggio e' valida una sola volta per ogni carta postepay, ed il bonus e' fruibile entro il 31 dicembre 2010; eventuali tentativi di doppia ricarica, verranno rigettati.
Re: Donations
Jason Crawford wrote: Better add Visa to the list as well And Swiss banks and Swedish women. :-)
Re: OpenBSD Access Point?
I just assembled my ALIX 2d13, and had a similar discussion (check the archives). But I had to make some compromises. 802.11n isn't supported by OpenBSD yet. Period. Simple consultation of the driver man pages would have noted that. I also believe that all drivers that support hostap also have difficulties with power-saving functionality (please correct me if I'm wrong!). So unless you know that all of your wifi clients can disable this, you theoretically may have packet loss issues. Read your chipset's man pages closely. To work around this issue, I picked up a cheap-o consumer wifi router to hang off one of the ethernet interfaces. --david On Tue, Dec 7, 2010 at 3:38 PM, Lists Account li...@y42.org wrote: Hi All, First post to misc. I'd like to create an OpenBSD based router + wifi access point. I thought I might buy myself one of these for Christmas: PC Engines ALIX 2D13: http://www.pcengines.ch/alix2d13.htm That's a AMD Geode LX800 with on-board serial, Ethernet (3), USB and miniPCI. The same vendor also sells several compatible wireless cards e.g. Wistron DNMA92 Atheros 802.11a/b/g/n - Chipset: Atheros AR9220 Compex WLM54SAG23 200mW Atheros 802.11a/b/g - Chipset: Atheros AR5414 I checked the 4.8 man pages and the faq (openbsd.org/faq/faq6.html) to try to determine my best choice ... Naturally I'd like to run 11n for the high speed and the 4.8 man page for the athn driver says the newer 9220 chip _is_ supported. However the list archives contain some remarks about it being supported only in client BBS mode, not in AP (Access Point) mode. The athn man page is not so clear on this, it mentions the existence of BSS and AP modes, but is not explicit about exactly what modes are supported by which chipsets. The FAQ page indicates that the ath driver (i.e. the non - n driver) does support AP mode. But neither the ath or athn man pages mention the older AR5414 chip at all :-( Any suggestions on how to go forward here? Is the project feasible and which of these components would be best? From my perspective it would be useful if the information on the support modes (BBS/AP) were to be added into the tables in those man pages that already enumerate the supported chipsets/bus-interfaces/bands/channels. Cheers, Robb. -- +---+ | I've seen things you people wouldn't believe. | | Attack ships on fire off the shoulder of Orion. I watched | | C-Beams glitter in the dark near the Tannhauser Gate. All | | those moments will be lost in time, like tears in rain. | | Time to die. -- Roy Batty, Nexus6, N6MAA10816, Combat | +---+
Re: Sil 3112a drive timeout.
Jan Johansson janj+open...@wenf.org wrote: My backup server ran out of space and I got my hands on a SATA pci card carrying a Sil 3112a chip. The problem beeing that when booting bsd the drive timeout with a message like: pciide0:0:0: not ready, st=0xd0BSY,DRDY,DSC, err=0x00 pciide0 channel 0: reset failed for drive 0 wd0c: device timeout reading fsbn 0 (wd0 bn 0; cn 0 tn 0 sn 0), retrying So I have been comparing RAMDISK_CD and GENERIC for a few days and it seems I can compile a working GENERIC by commenting options DIAGNOSTIC in the config file. Trying to find exactly which ifdef that kills the card I started getting unpredictable results while changing ifdef's in /usr/src/sys/kern and /usr/src/sys/scsi. Sometimes it work sometimes it dosen't. :-( Any suggestions would be very welcome.
Re: Donations
Which sucks because I was ver pro-sweedish women! Damn it all to hell... On Dec 7, 2010 5:19 PM, Clint Pachl pa...@ecentryx.com wrote: Jason Crawford wrote: Better add Visa to the list as well And Swiss banks and Swedish women. :-)
'cvs update' asking for password?!
No doubt I've screwed something up, but I can't figure out what. I've tried all of the North American anoncvs servers (and each time checked that I was actually talking to the server I thought I was connected to) and all of them ask me for a password rather than processing my request. I vaguely remember seeing something on this list a year or so ago, but my search of the archives hasn't found anything relevant. Sample information: # echo $CVSROOT anoncvs.comstyle.com:/cvs # cvs -t -d$CVSROOT -q up -Pd - main loop with CVSROOT=anoncvs.comstyle.com:/cvs - Starting server: ssh anoncvs.comstyle.com cvs server r...@anoncvs.comstyle.com's password: # ssh -v anoncvs.comstyle.com cvs server OpenSSH_5.6, OpenSSL 1.0.0a 1 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to anoncvs.comstyle.com [206.51.28.2] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type 3 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6 debug1: match: OpenSSH_5.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server-client aes128-ctr hmac-md5 none debug1: kex: client-server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Host 'anoncvs.comstyle.com' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering DSA public key: /root/.ssh/id_dsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering ECDSA public key: /root/.ssh/id_ecdsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password r...@anoncvs.comstyle.com's password: -- Dave Anderson d...@daveanderson.com
Re: OpenBSD in Rock Band 3
On Tue, Dec 7, 2010 at 12:09 AM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: :) well, possible to sit through those again? This time, prepare your camera. :) Here's the best I got: http://www.freeimagehosting.net/image.php?5bec65cccf.jpg - SGI http://www.freeimagehosting.net/image.php?29f575c27e.jpg - Rgindael/AES http://www.freeimagehosting.net/image.php?80e8f1270b.jpg - Mark Borgerding http://www.freeimagehosting.net/image.php?7b8ba7a5c6.jpg - Simon Brown http://www.freeimagehosting.net/image.php?3bd1000b8f.jpg - RSA/MD5 http://www.freeimagehosting.net/image.php?be87682cdd.jpg - OpenBSD http://www.freeimagehosting.net/image.php?2b516d12eb.jpg - Nvidia Not much info there, so it's hard for me to speculate. --Doug
Re: 'cvs update' asking for password?!
On Tue, Dec 07, 2010 at 05:40:39PM -0500, Dave Anderson wrote: No doubt I've screwed something up, but I can't figure out what. # echo $CVSROOT anoncvs.comstyle.com:/cvs ^ # cvs -t -d$CVSROOT -q up -Pd - main loop with CVSROOT=anoncvs.comstyle.com:/cvs - Starting server: ssh anoncvs.comstyle.com cvs server r...@anoncvs.comstyle.com's password: ^ anon...@anoncvs -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: OpenBSD in Rock Band 3
That's a little strange, because I don't think there is any code anywhere copyrighted by OpenBSD. All the code is copyright by the individual contributors. On Tue, Dec 7, 2010 at 5:47 PM, Doug Clements dcleme...@gmail.com wrote: On Tue, Dec 7, 2010 at 12:09 AM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: :) well, possible to sit through those again? This time, prepare your camera. :) Here's the best I got: http://www.freeimagehosting.net/image.php?5bec65cccf.jpg - SGI http://www.freeimagehosting.net/image.php?29f575c27e.jpg - Rgindael/AES http://www.freeimagehosting.net/image.php?80e8f1270b.jpg - Mark Borgerding http://www.freeimagehosting.net/image.php?7b8ba7a5c6.jpg - Simon Brown http://www.freeimagehosting.net/image.php?3bd1000b8f.jpg - RSA/MD5 http://www.freeimagehosting.net/image.php?be87682cdd.jpg - OpenBSD http://www.freeimagehosting.net/image.php?2b516d12eb.jpg - Nvidia Not much info there, so it's hard for me to speculate. --Doug
Re: How to open PDF that requires Adobe 9
You may want to look at Pdftk at http://www.pdflabs.com/. You may be able to use Pdftk to massage the pdf file you can open it. I don't know if it will build on OpenBSD (although there is a FreeBSD port.) Regards, On 12/07/10 03:47, Sebastian Reitenbach wrote: On Tuesday 07 December 2010 08:40:01 am Clint Pachl wrote: Anthony Bentley wrote: This happens when there are multiple PDFs embedded in a single PDF file. I remember reading a Ghostscript bug about this (could probably find it again if I had the exact error message), but unfortunately Mupdf still doesn't support it. Here is the Ghostscript bug: http://bugs.ghostscript.com/show_bug.cgi?id=690422 From here it looks like you might be able to get it with gs after all. Good research Anthony. That bug describes my situation exactly. The only thing is that I didn't know what the hell a portfolio PDF was until now. Unfortunately, the gs ports is version 8.63 (released 2008-08-01). This bug report/fix happened in April 2009. Shit, now Mr. Schroder is going to be on my ass about patches again. :-P kili@ posted a ghostscript update to ports@ in October IIRC, you may consult the archives. cheers, Sebastian
Re: Donations
2010/12/7 ropers rop...@gmail.com: 2010/12/5 Theo de Raadt dera...@cvs.openbsd.org: Such an American viewpoint. On 7 December 2010 08:02, fqui nonez fquinon...@gmail.com wrote: Well, revising old documents, the word America was not used by the Government of US; but after I and II world war; when Europeans properly used America to refer to the continent or its troops from Canada, US and maybe others countries this word was taken as if it were referring to US; i do not know if it is by ignorance or by conceit. Do you have any sources or links to such research? regards, --ropers http://www.archives.gov/exhibits/charters/constitution_transcript.html -- Agr. francisco Quinonez. Our mission, feed the World notre mission, nourrir au monde Nuestra mision, alimentar al mundo
Re: 'cvs update' asking for password?!
On Tue, 7 Dec 2010, Jacob Meuser wrote: On Tue, Dec 07, 2010 at 05:40:39PM -0500, Dave Anderson wrote: No doubt I've screwed something up, but I can't figure out what. # echo $CVSROOT anoncvs.comstyle.com:/cvs ^ # cvs -t -d$CVSROOT -q up -Pd - main loop with CVSROOT=anoncvs.comstyle.com:/cvs - Starting server: ssh anoncvs.comstyle.com cvs server r...@anoncvs.comstyle.com's password: ^ anon...@anoncvs D'Oh! There are none so blind as those who already know what's there... Thanks, Dave -- Dave Anderson d...@daveanderson.com
Doubts about dynamic forwarding and traffic queueing
Hello everyone, I'm trying to come up with a solution for the following scenario, and its answer still eludes me... An user sets up an SSH connection (using flags -N -D) with dynamic forwarding enabled (for web surfing, git, messenger, etc), to an OpenBSD machine. That machine runs PF and traffic queueing. Is there a way to shape/queue traffic for that user, based on that user id (for example, using authpf-noip)? Since port forwarding has to be disabled in the SSH daemon, in order to prevent users from circumventing authpf, is there a way to still have the dynamic forwarding behaviour using only PF rules loaded by authpf-noip for that user? Any insight on the matter is welcomed =)
Re: OpenBSD Access Point?
I agree I use openbsd for my home router but hang an access point off of an Ethernet port for my wifi access. On Tuesday, December 7, 2010, David Higgs hig...@gmail.com wrote: I just assembled my ALIX 2d13, and had a similar discussion (check the archives). B But I had to make some compromises. 802.11n isn't supported by OpenBSD yet. B Period. B Simple consultation of the driver man pages would have noted that. I also believe that all drivers that support hostap also have difficulties with power-saving functionality (please correct me if I'm wrong!). B So unless you know that all of your wifi clients can disable this, you theoretically may have packet loss issues. B Read your chipset's man pages closely. To work around this issue, I picked up a cheap-o consumer wifi router to hang off one of the ethernet interfaces. --david On Tue, Dec 7, 2010 at 3:38 PM, Lists Account li...@y42.org wrote: Hi All, First post to misc. I'd like to create an OpenBSD based router + wifi access point. I thought I might buy myself one of these for Christmas: B PC Engines ALIX 2D13: http://www.pcengines.ch/alix2d13.htm That's a AMD Geode LX800 with on-board serial, Ethernet (3), USB and miniPCI. The same vendor also sells several compatible wireless cards e.g. B Wistron DNMA92 Atheros 802.11a/b/g/n - Chipset: Atheros AR9220 B Compex WLM54SAG23 200mW Atheros 802.11a/b/g - Chipset: Atheros AR5414 I checked the 4.8 man pages and the faq (openbsd.org/faq/faq6.html) to try to determine my best choice ... Naturally I'd like to run 11n for the high speed and the 4.8 man page for the athn driver says the newer 9220 chip _is_ supported. However the list archives contain some remarks about it being supported only in client BBS mode, not in AP (Access Point) mode. The athn man page is not so clear on this, it mentions the existence of BSS and AP modes, but is not explicit about exactly what modes are supported by which chipsets. The FAQ page indicates that the ath driver (i.e. the non - n driver) does support AP mode. But neither the ath or athn man pages mention the older AR5414 chip at all :-( Any suggestions on how to go forward here? Is the project feasible and which of these components would be best? From my perspective it would be useful if the information on the support modes (BBS/AP) were to be added into the tables in those man pages that already enumerate the supported chipsets/bus-interfaces/bands/channels. Cheers, Robb. -- B B B B +---+ B B B B | B B B B B I've seen things you people wouldn't believe. B | B B B B | Attack ships on fire off the shoulder of Orion. I watched | B B B B | C-Beams glitter in the dark near the Tannhauser Gate. All | B B B B | those moments will be lost in time, like tears in rain. B | B B B B | Time to die. B -- Roy Batty, Nexus6, N6MAA10816, Combat B | B B B B +---+ -- Josh Smith KD8HRX email/jabber: juice...@gmail.com phone: 304.237.9369(c)
Re: Attention.your account has been blocked
Oh no! they are now after the obsd crowd! 2010/12/7 Bank security nore...@b.o.a.com: PayPal [IMAGE] Informations concernant votre compte Cher Utilisateur PayPal: Attention ! Votre compte PayPal a ete restreint! Dans le cadre de notre compagne de protection anti-pirates, nous inspectant rigulihrement les activitis de nos utilisateurs. Nous vous avons ricemment contacti aprhs avoir noti des activitis inhabituelles dans votre compte. Votre compte a iti restreint pour la raison suivante : Notre systhme a ditecti un nombre important de virements et ceux dans un temps trhs riduit. Une fois que vous ouvrez votre session, vous serez automatiquement redirigi vers la page qui vous permettra de ritablir l acchs ` votre compte. Cliquez ici pour activer votre compte Numiro de rifirence : PP-269-137-994 C'est le dernier rappel avant la suppression difinitive de votre compte PayPal. Veuillez ne pas repondre ` cet email Les messages regus ` cette adresse ne sont pas lus et ne regoivent donc aucune reponse. Pour obtenir de l'aide, connectez-vous ` votre compte PayPal et cliquez sur le lien Aide situe en haut ` droite de n'importe quelle page PayPal. Email PayPal n0 PP468 Protect Your Account Info Veillez ` ne jamais communiquer votre mot de passe ` des sites frauduleux. Pour acceder de manihre securisee au site PayPal ou ` votre compte, ouvrez une nouvelle session de votre navigateur Internet (Internet Explorer ou Netscape par exemple) et saisissez l'URL PayPal (http://paypal.com/fr/) pour acceder au site authentique de PayPal. . Pour en apprendre plus sur les manihres de vous proteger contre la fraude, consultez le Dossier sur la securite. Cliquez sur Dossier sur la securite, Cliquez sur Dossier sur la securite, en bas de n'importe quelle page du site PayPal. Protegez votre mot de passe Ne donnez jamais votre mot de passe PayPal ` quiconque,y compris au personnel de PayPal.
Evento sin costo, Tu opcion mas sencilla para cumplir con el SAT, evento sin costo
Si no visualizas correctamente este email da click AQUI http://publicoms.info/newphplist/lt.php?id=YUkCDANfBl1WUxoBBkkABAMMAQc%3D http://publicoms.info/newphplist/lt.php?id=YUkCDANfBl1WUxoBBkkABAMMAQc%3D Sabias que ahora existen 4 esquemas de facturaciC3n? FacturaciC3n tradicional FacturaciC3n impresa con cC3digo bidimensional FacturaciC3n electrC3nica esquema 2010 sin la intervenciC3n de un ProveedorAutorizado de CertificaciC3n. FacturaciC3n electrC3nica esquema 2011 con la intervenciC3n de un ProveedorAutorizado de CertificaciC3n folio por folio. Y que el SAT nos exige que cambiemos al Codigo Bidimensional o la FacturaciC3n Electronicabb. Para quienes facturan mas de 4 millones de pesos ES OBLIGATORIO para el 1 ero de enero del 2011 y para quienes facturan menos el SAT nos ofrece BENEFICIOS FISCALES por adoptarla. Contpaqi estC! preparado para apoyarte en la ejecuciC3n de los 4esquemas con nuestros sistemas Adminpaq, Contpaq i Factura ElectrC3nica y Contpaq iPunto de Venta. Y ya sabias que . Los contribuyentes que durante el ejercicio fiscl de 2011 y anteriores hayan optado por expedir CFD`s al amparo de lo dispuesto por el artC-culo 29 del CFF, vigente hasta el 31 de diciembre de 2010 y los hayan emitido efectivamente, podrC!n optar por continuar generando y emitiendo directamente CFD`s sin necesidad de remitirlos a unproveedor de certificacion de CFD`s para la validaciC3n de requisitos, asignacion de folio e incorporaciC3n del sellodigital del SAT. Considerando, ademC!s, que los contribuyentes que emiten facturas electrC3nicas a travC)s de proveedores o prestadores de servicios de factura electronica actuales (TERCEROS) podrC!n seguir operando C)ste esquema, SOLAMENTE durante el primer semestre de 2011 unicamente. Los contribuyentes que utilizan la facturaciC3n electrC3nica han visto sus beneficios en materia de seguridad, disminuciC3n de costos, optimizaciC3n de controles internos, impulso de mejores procesos tecnolC3gicos y cambio de prC!cticas, por lo que han ido incrementando paulatinamente su uso, disminuyendo o eliminando la emisiC3n de comprobantes impresos. Existen muchas lagunas con respecto a este tema.Y LA FECHA YA ESTA ENCIMA te invitamos a asistir a nuestro evento sobre este tema, donde se trataran todos los temas vigentes expuestos por expertos en la materia. Podras resolver todas tus dudas. AcompC!C1anos y entC)rate de toda la informaciC3n al respecto. Apunta tus dudas y ahi podras discutirlas. El evento sera el dia 14 DE DICIEMBRE a las 4:00 DE LA TARDE, en Ejercito Nacional 613 , en la nueva Torre del Hospital EspaC1ol. Col. Polanco El registro sera a las 3:30 Solicita tu clave de asistencia, sera indispensable para entrar. CADA CONFERENCIA SE ESTAN MANEJANDO TEMAS NUEVOS! NOTE LA PIERDAS!! SOMOS UN DISTRIBUIDOR MASTER AUTORIZADO POR LA MARCA CONTPAQ I Te ofrecemos todos los servicios que necesitas para implementar este sistema: Instalacion gratis por soporte remoto
Re: OpenBSD Access Point?
On 10-12-07 4:26 PM, Josh Smith wrote: I agree I use openbsd for my home router but hang an access point off of an Ethernet port for my wifi access. +1. I used to run an assortment of ath(4) or ral(4) cards in my WRAP.1e2 boards, but there always seems to be some niggling problem with them. Not saying it didn't work, but each card failed in amusingly different ways which was counter-intuitive of what I was trying to achieve with an Open-BSD router. For the cost / time of a stand-alone AP, I found it was just easier to hang one off one of the board's ports. If it dies, plug a new one into the port. Getting back to the initial question though... Any suggestions on how to go forward here? Is the project feasible and which of these components would be best? In terms of hardware, I've found the AR5212 based Atheros cards to be the least overall trouble / best performance as far as output power and rx sensitivity goes when it comes to comparing published spec vs real-world. As for 802.11n, I can't really comment on it - never had the need / want for it myself. -- http://blog.sarlok.com/ Sometimes all the left hand needs to know is where the right hand is, so it knows where to point the blame.
Última Oportunidad para Licitaciones Públicas en 2010, México y Cancún.
[IMAGE] !Promociones Especiales para grupos! Capacitacisn Impartida por: Mtro. Alberto Ledesma Gonzalez. Pms Capacitacisn Efectiva de Mixico presenta: Licitaciones Pzblicas de Adquisiones, Arrendamientos y Servicios. Experto Consultor Mtro. Alberto Ledesma Gonzalez Empresa Registrada ante la STPS Reg. COLG640205CP30005 Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJALICITACION Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJALICITACION Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of =?windows-1252?Q?licitaciones_p=FAblicas.jpg?=]
Advice on pf no-sync
I understand (from pf.conf(5)) what no-sync is supposed to do, however the only example I've seen of it in use is on the pfsync and carp examples in pfsync(4). I was wondering if anyone had some advice on some specific examples of when the use of no-sync is appropriate, specifically in a two-node firewall cluster that uses pfsync. Assume that there are DMZ and internal network segments, some of which are routable and some of which are NAT'd private space. Further assume that some services are hosted from the firewall nodes themselves. I understand that most pf rules under these circumstances would *not* use no-sync, but it's not clear if there's anything other than pfsync/carp that should/might. Thanks in advance. Devin
Vacante si proprietati
Daca aveti probleme cu vizionarea acestui email dati [click aici] pentru a vizualiza varianta online! [IMAGE] [IMAGE] Newsletter 07.12.2010 [IMAGE] CaseFaraIntermediari.roUrmariti-ne pe Facebook!Urmariti-ne pe Twitter!Urmariti-ne pe Blogger! Ultimele anunturi adaugate Vezi toate anunturile [IMAGE] [IMAGE] Apartament 3 camere - Kaufland Sebastian, Bucuresti Apartament 3 camere - Kaufland Sebastian, Bucuresti 85.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Apartament 3 camere - Veteranilor-Gorjului, Bucuresti Apartament 3 camere - Veteranilor-Gorjului, Bucuresti 400 EUR/luna INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Apartament 3 camere - Barajul Dunarii, Bucuresti Apartament 3 camere - Barajul Dunarii, Bucuresti 80.000 EUR VANZARE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Apartament 2 camere - Dorobanti, Bucuresti Apartament 2 camere - Dorobanti, Bucuresti 800 EUR/luna INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Teren - Vasilati, Calarasi Teren - Vasilati, Calarasi 7.500 EUR VANZARE DETALII ; [IMAGE] [IMAGE] Publica si tu un anunt! [IMAGE] Stiri Imobiliare Vezi toate stirile [IMAGE] [IMAGE] Constructia de mall-uri ia pauza in urmatorii cinci ani Constructia de mall-uri ia pauza in urmatorii cinci ani In urmatorii cinci ani nu vor mai fi construite cladiri de mari dimensiuni in Bucuresti, iar investitiile vor viza nn principal lucrari de infrastructura si proiecte rezidentiale, considera Mihai Rohan, presedintele patronatului din industria cimentului si altor produse minerale pentru ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Cora aloca 100 mil. euro pentru un centru comercial la Constanta Cora aloca 100 mil. euro pentru un centru comercial la Constanta Reteaua franceza de hipermarketuri Cora a inceput luni lucrarile de constructie la un centru comercial in Constanta, cel mai mare proiect al companiei in Romania si care va atrage o investitie de 100 de milioane de euro, inaugurarea fiind programata nn 2012. âCentrul Comercial va ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Europenii se muta in case bmade in Harghitab Europenii se muta in case bmade in Harghitab Europenii se mutA nn casele romAnilor. Nu vin ei aici, ci noi le ducem casele acolo. In Harghita, romanii de etnie maghiara au descoperit cum sa iasa din criza: construiesc case de lemn Ei le exportD nn lumea largD. Un reportaj din cadrul campaniei âRombnia, ...[CITESTE TOT] [IMAGE] [IMAGE] Oferte turistice Vezi toate ofertele [IMAGE] [IMAGE] Pensiunea Millenium - Moieciu Pensiunea Millenium - Moieciu negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Monica - Bran Pensiunea Monica - Bran negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Perla Bucegilor - Bran Pensiunea Perla Bucegilor - Bran negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Pensiunea Popasul Vanatorilor - Poiana Tapului Pensiunea Popasul Vanatorilor - Poiana Tapului negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] [IMAGE] [IMAGE] Vila Silvana - Moieciu Vila Silvana - Moieciu negociabil INCHIRIERE DETALII ; [IMAGE] [IMAGE] Publica si tu un anunt! Stiri economice Vezi toate stirile [IMAGE] [IMAGE] La sase ani de mandat, zero sprijin din partea presedintelui pentru capitalul romanesc in strainatate, pentru investitii sau export La sase ani de mandat, zero sprijin din partea presedintelui pentru capitalul romanesc in strainatate, pentru investitii sau export Aflat in vizita in India, presedintele Frantei Nicolas Sarkozy a anuntat chiar ieri semnarea d! e catre companiile franceze a unor contracte de export de 15 mld. dolari. Presedintele Traian Basescu, care a implinit ieri un an de cand a castigat un al doilea mandat, are un bilant zero la acest ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Topul domeniilor in care patronii vor sa faca angajari la primavara Topul domeniilor in care patronii vor sa faca angajari la primavara Piata muncii din Romania da semne de stabilizare: 62% dintre patroni sustin ca vor sa pDstreze numarul actual de locuri de munca iar 15% spun ca vor face noi angajari in primele trei luni ale anului viitor. Rombnii care nEi cautD locuri de muncD ar putea avea Eanse mai mari la ...[CITESTE TOT] [IMAGE] [IMAGE] [IMAGE] [IMAGE] Vezi ce afaceri sunt profitabile de Sarbatori! Vezi ce afaceri sunt profitabile de Sarbatori! Globurile romanesti care ajung in pomii americanilor sau ai germanilor si brazii vanduti online sunt doar cateva dintre afacerile ce iau avant nn luna decembrie. Nici cei care cauta un job nu sunt uitati, pentru un rol de Mos Craciun la o petrecere de cateva ore acestia pot primi si 200 de ...[CITESTE TOT] [IMAGE] [IMAGE] Scoala romaneasca Vezi toate scolile [IMAGE] [IMAGE] Scoala Nr, 205 Scoala Nr, 205 Aleea Compozitorilor DETALII ; [IMAGE] [IMAGE] [IMAGE]
Re: Donations
Still off-topic but in light of the current Wikileaks brouhaha the following press statement from the US Department of State is quite funny (unintentionally, I assume): http://www.state.gov/r/pa/prs/ps/2010/12/152465.htm U.S. to Host World Press Freedom Day in 2011 [...] we are concerned about the determination of some governments to censor and silence individuals, and to restrict the free flow of information Philippe
re(4) benchmarking - unusually slow
Hi, I'm benchmarking OpenBSD 4.8 for use as a firewall/router, and I'm getting some unusually slow results when using a re(4) interface. The hardware is a little OpenVox board[1] as sold by Yawarra[2] - it's a 1.6GHz Atom CPU with two rl(4) 10/100 interfaces and one re(4) gigabit interface. I have a connection from the re(4) interface to a Gigabit port on a switch. This is on the same VLAN as a laptop (A), and a Cisco router. Laptop (B) sits behind the Cisco router. I have assigned an IP alias (see [5] for the config) on the re(4) interface such that laptop A routes via the OpenVox board. Both laptops run Ubuntu 10.04.1. Here's a routing diagram: Laptop A (10.9.0.2/16) - re0 (10.9.0.1/16, alias) OpenBSD re0 (10.20.3.1/16) - (10.20.0.1/16) Cisco 6509 (10.15.0.1/16) - Laptop B (10.15.200.44/16) I have confirmed that I can get 900Mb/s between the laptops, if they are on the same VLAN. I can also get 900 Mb/s between the laptops, passing only through the switch and the Cisco 6509. My problem occurs when I test using the configuration in the diagram above. Using [3] from laptop A (TCP, 1400-byte packets) I get around 240Mb/s. Using [4] (UDP, 1400-byte packets), I get around 500 Mb/s. What gets me is that the CPU is not saturated for either test - it sits at about 70% (interrupts) for the UDP test, and 40% (interrupts) for the TCP test. I've eliminated most of the variables (I think, anyway): - The re(4) interface is connected using a PCIe link, so I would expect there to be sufficient bandwidth there. - Cables are at least CAT5e - The Cisco router, the switch and the laptops can both do in excess of 900 Mb/s (above) - CPU on the OpenBSD box is not saturated by interrupts or anything else - sysctls are at defaults, except for IP forwarding, multicast forwarding, and CARP preemption. I have tried the recommendations at https://calomel.org/network_performance.html with no effect. Does anyone have any ideas on why I'm not seeing higher throughput? Once I've solved this issue, I'll post some decent benchmarks. Cheers, Patrick -- http://www.labyrinthdata.net.au - WA Backup, Web and VPS Hosting [1] http://www.openvox.cn/products/show.php?itemid=161lang=2 [2] http://www.yawarra.com.au/product.php?productCode=HW-NV16-R [3] On laptop A: netperf -H 10.15.200.44 -t UDP_STREAM -- -m 1400 -M 1400 [4] On laptop A: netperf -H 10.15.200.44 -t TCP_STREAM -- -m 1400 -M 1400 [5] Network config: r...@newrouter:~# ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 rl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr a0:98:05:01:00:fa priority: 0 media: Ethernet autoselect status: no carrier rl1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr a0:98:05:01:00:f9 priority: 0 media: Ethernet autoselect status: no carrier re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:98:05:01:ab:28 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 10.20.3.1 netmask 0x broadcast 10.20.255.255 inet6 fe80::a298:5ff:fe01:ab28%re0 prefixlen 64 scopeid 0x3 enc0: flags=0 priority: 0 groups: enc status: active pflog0: flags=141UP,RUNNING,PROMISC mtu 33200 priority: 0 groups: pflog r...@newrouter:~# ifconfig re0 re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:98:05:01:ab:28 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 10.20.3.1 netmask 0x broadcast 10.20.255.255 inet6 fe80::a298:5ff:fe01:ab28%re0 prefixlen 64 scopeid 0x3 inet 10.9.0.1 netmask 0x broadcast 10.9.255.255 r...@newrouter:~# pfctl -s rules pass inet from 10.9.0.0/16 to any flags S/SA keep state pass inet from any to 10.9.0.0/16 flags S/SA keep state r...@newrouter:~# dmesg below. OpenBSD 4.8 (FLASHRD) #2: Fri Oct 1 15:21:03 PDT 2010 ch...@ref.nmedia.net:/usr/src/sys/arch/i386/compile/FLASHRD cpu0: Intel(R) Atom(TM) CPU Z530 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,xTPR,PDCM,MOVBE real mem = 2141278208 (2042MB) avail mem = 2093256704 (1996MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/12/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfbe70 (18 entries) bios0: vendor American Megatrends Inc. version 080015 date 08/12/2010 bios0: OpenVox IPC100 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI acpi0: wakeup devices USB0(S4) USB1(S4)
Re: Donations
On Tue, Dec 7, 2010 at 10:41 PM, Philippe Meunier meun...@ccs.neu.edu wrote: Still off-topic but in light of the current Wikileaks brouhaha the following press statement from the US Department of State is quite funny (unintentionally, I assume): http://www.state.gov/r/pa/prs/ps/2010/12/152465.htm U.S. to Host World Press Freedom Day in 2011 [...] we are concerned about the determination of some governments to censor and silence individuals, and to restrict the free flow of information yep... pointed out earlier today at (5:30pm time-frame): http://www.guardian.co.uk/news/blog/2010/dec/07/wikileaks-us-embassy-cables-live-updates --patrick p.s., attached tiny pdf (which misc@ will strip), copy-and-save from above link, is being passed around, printed, etc. [demime 1.01d removed an attachment of type application/pdf which had a name of shameless.pdf]
Re: Advice on pf no-sync
i put no-sync on connections that are specific to a firewall. for example, there is no point syncing states for tcp connections that have one end terminated on the firewall, so on my firewalls i put no-sync on connections going to and from relayd. if you have a network on one firewall but not the other, there isnt much point syncing states to/from that network either. cheers, dlg On 08/12/2010, at 2:15 PM, Devin Reade wrote: I understand (from pf.conf(5)) what no-sync is supposed to do, however the only example I've seen of it in use is on the pfsync and carp examples in pfsync(4). I was wondering if anyone had some advice on some specific examples of when the use of no-sync is appropriate, specifically in a two-node firewall cluster that uses pfsync. Assume that there are DMZ and internal network segments, some of which are routable and some of which are NAT'd private space. Further assume that some services are hosted from the firewall nodes themselves. I understand that most pf rules under these circumstances would *not* use no-sync, but it's not clear if there's anything other than pfsync/carp that should/might. Thanks in advance. Devin
Re: Advice on pf no-sync
Hi, On Tue, 07 Dec 2010 21:15:13 -0700 Devin Reade g...@gno.org wrote: I understand (from pf.conf(5)) what no-sync is supposed to do, however the only example I've seen of it in use is on the pfsync and carp examples in pfsync(4). I was wondering if anyone had some advice on some specific examples of when the use of no-sync is appropriate, specifically in a two-node firewall cluster that uses pfsync. Assume that there are DMZ and internal network segments, some of which are routable and some of which are NAT'd private space. Further assume that some services are hosted from the firewall nodes themselves. I understand that most pf rules under these circumstances would *not* use no-sync, but it's not clear if there's anything other than pfsync/carp that should/might. In my understanding any connection made to the firewall own address or service (so not through the firewall, no nated or redirected one) should be no-sync'ed, because that connection would simply be invalid when carp-master will change. -- Greetings Rafal Bisingier