Has Matthieu@ been talking to Randall Munroe?

[Rod Whitworth]

Or maybe it was some disgruntled X user

http://xkcd.com/963/


It tickled my funny-bone anyway.


*** NOTE *** Please DO NOT CC me. I  subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Asistentes de Recursos Humanos - Claves para el Exito

[Areliz de Carmen Massanges]

EL MEJOR SEMINARIO PARA ASISTENTES DE RECURSOS HUMANOS

Mixico D.F. 21 de Octubre de 2011

Conviirtase en un portavoz profesional y confiable de su organizacisn,
realice su trabajo con menos estris, cometiendo menos errores y
obteniendo mayor satisfaccisn con este programa enfocado en practicas
probadas, informacisn y gumas recomendadas por expertos de Recursos
Humanos y aplicadas con ixito por compaqmas grandes y pequeqas en todo el
pams.

Usted  obtendra  las  habilidades  necesarias  para:

- Aplicar las zltimas estrategias para maximizar los esfuerzos de
reclutar, entrevistar y contratar al personal indicado.
- Mantener protegida a su organizacisn generando documentacisn detallada
que cumpla con los requisitos de la Ley Federal del Trabajo.
- Explicar y administrar polmticas de RH y balancear las polmticas de la
compaqma con los derechos del personal.
- Crear sesiones de capacitacisn y desarrollo efectivas, que impulsen el
rendimiento y las habilidades del personal.

!NO DEJE PASAR LA OPORTUNIDAD! !Inscrmbase HOY MISMO !

Para obtener informacisn detallada
1) Responda este correo con los siguientes datos:
-Empresa:
-Nombre:
-Ciudad:
-Telifono:
2) Llame a nuestra lada sin costo: 01-800-2501020

Cordialmente,

Lic. Areliz Massanges
Lider de Proyectos

ESTE CORREO NO PUEDE SER CONSIDERADO INTRUSIVO YA QUE CUMPLE CON LAS
POLMTICAS ANTISPAM INTERNACIONALES Y LOCALES: Responda este correo con el
SUBJECT des suscribir y automaticamente quedara fuera de nuestras listas.
?Este correo ha sido enviado a: misc@openbsd.org

Re: The OpenBSD user community needs to shake things up

[Stuart Henderson]

On 2011-10-10, Alexey E. Suslikov  wrote:
> Marc Espie  nerim.net> writes:
>> Don't blame the tools. Blame the *people* who don't test.
>
> I wonder why jasper@ went to github if mailing lists are
> good enough.

That (openbsd-wip) has nothing to do with tracking bugs, it's a place
where people can collaborate on ports development for things that aren't
ready for the tree yet.

Re: ccd gone - what next?

[Josh Grosse]

On Tue, Oct 11, 2011 at 03:23:16PM -0400, Jiri B wrote:
> theo@ doomed ccd - http://marc.info/?l=openbsd-cvs&m=131805777910632&w=2 -
> and Michal asked what could be replacement for ccd and got no reply -
> - http://marc.info/?l=openbsd-cvs&m=131805777910645&w=2.
> 
> Do devs want to put ccd-like spanning volume feature into softraid or
> what would be similar feature in OpenBSD in the future?

OpenBSD can concatenate devices without ccd two ways that I can think of.

I think one could reproduce ccd's concatenation of dissimilar sized disks
via the RAID 0 discipline and using BSD partitioning with a partition size 
that is a factor of the various disk sizes you're interested in.  For example,
to concatenate a 1-TB disk with a 2-TB disk, you merely need to have three 
1-TB partitions in your bioctl(8) device list for softraid(4), or your 
raidctl(8) config_file for raid(4) while RAIDframe remains available.

This is probably beyond what you were looking for, but AFS has logical volume
management baked right in, as AFS file servers can be quite distributed yet
still provide a seamless storage pool.  AFS client software from Arla is in 
the base; net/openafs is the server software.  I think, though, that this
may be too much complexity and overhead for use as a local solution.  

Since softraid is extensible with disciplines, a concatenation discipline
could be written, though I think with a little planning, RAID 0 could meet
needs.  I'm not a developer, and couldn't answer if such a discipline is
planned.  I would suspect that patches to add such a discipline would be 
given appropriate consideration.

Re: xinput -list shows multiple keyboards as one

[Philip Guenther]

On Tue, Oct 11, 2011 at 12:34 PM, S V  wrote:
> I have one pretty specific problem, i have two USB keyboards
> attached to the samsung nc10 laptop. And then i want to
> attach different layouts to each i
> stumble into one problem.
>
> $ xinput -list
...
> So i can't separate each keyboard from others by device ids...
> Can anybody help me to find where source of this behavior
> lie and how i can fix it?

The multiplexing of the two keyboards to one input is done here, I
believe, in the wscons layer.  If so, it should be possible to use
wsconsctl to set the mappings of the two independently.  For example,
on my laptop, when docked with a USB keyboard plugged in, wsconsctl
shows entries for "keyboard.map" (the built-in keyboard) and
"keyboard1.map" (the USB keyboard).


Philip Guenther

Limitsiz Hayat - Roman, hemen okuyabilirsiniz

[Kitap - roman]

Clmek D0C'in DoDmayanlar
--

TanrD1 bazD1 kullarD1na limitsiz bir hayat bahEeder ama bu kimileri
iC'in lChttp://thesoulbender.files.wordpress.com/2011/10/limitsiz-hay
at-roman.pdf

**

Roman henC

Re: Only noise from Azalia

[Jairo Souto]

On Tue, Oct 11, 2011 at 02:38:09PM +0200, Tomas Bodzar wrote:
> On Tue, Oct 11, 2011 at 3:25 AM, Jairo Souto  wrote:
> > I can get only noise from the audio of a notebook Acer Aspire
> > 5820T-6825. dmesg, audioctl and mixerctl are attached.
> >
> > Any advice? Thank you.
> 
> Go for snapshot

The problem remains on the last snapshot (Oct 6, 2011). Attached
dmesg, audioctl and mixerctl.

--Jairo Souto (38)8816-1254
dmesg

OpenBSD 5.0-current (GENERIC.MP) #96: Thu Oct  6 16:12:43 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 3948367872 (3765MB)
avail mem = 3829137408 (3651MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9460 (51 entries)
bios0: vendor INSYDE version "V1.23" date 12/21/2010
bios0: Acer Aspire 5820T
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT WDAT SSDT
acpi0: wakeup devices EHC1(S3) EHC2(S3) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4) 
PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.95 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 3 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus -1 (RP03)
acpiprt6 at acpi0: bus -1 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpitz0 at acpi0: critical temperature is 105 degC
acpibat0 at acpi0: BAT1 model "AS10B3E" serial 7F5A type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
acpivideo1 at acpi0: VGA_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266, 2133, 
1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x18
vga1 at pci0 dev 2 function 0 "Intel Mobile HD graphics" rev 0x18
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1: apic 2 int 16
drm0 at inteldrm0
"Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x05: msi
azalia0: codecs: Realtek ALC269, Intel/0x2804, using Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x05: msi
pci1 at ppb0 bus 1
alc0 at pci1 dev 0 function 0 "Attansic Technology L1D" rev 0xc0: msi, address 
60:eb:69:d8:e3:e3
atphy0 at alc0 phy 0: F1 10/100/1000 PHY, rev. 15
ppb1 at pci0 dev 28 function 5 "Intel 3400 PCIE" rev 0x05: msi
pci2 at ppb1 bus 2
"Broadcom BCM43225" rev 0x01 at pci2 dev 0 function 0 not configured
ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 23
usb1 at ehci1: USB revis

xinput -list shows multiple keyboards as one

[S V]

Hello, list.

I have one pretty specific problem, i have two USB keyboards 
attached to the samsung nc10 laptop. And then i want to 
attach different layouts to each i
stumble into one problem.

$ xinput -list 
Virtual core pointer id=2 [master pointer (3)] 
Virtual core XTEST pointer id=4 [slave pointer (2)] 
Mouse0 id=6 [slave pointer (2)]

Virtual core keyboard id=3 [master keyboard (2)] 
Virtual core XTEST keyboard id=5 [slave keyboard (3)] 
Keyboard0 id=7 [slave keyboard (3)]

So i can't separate each keyboard from others by device ids... 
Can anybody help me to find where source of this behavior 
lie and how i can fix it?

Thanks in advance

ccd gone - what next?

[Jiri B]

Hello,

theo@ doomed ccd - http://marc.info/?l=openbsd-cvs&m=131805777910632&w=2 -
and Michal asked what could be replacement for ccd and got no reply -
- http://marc.info/?l=openbsd-cvs&m=131805777910645&w=2.

Do devs want to put ccd-like spanning volume feature into softraid or
what would be similar feature in OpenBSD in the future?

http://en.wikipedia.org/wiki/Non-RAID_drive_architectures#Concatenation_.28SPAN.2C_BIG.29

jirib

Japanese used cars for sale,Good condition, Good price, Quick service.

[SUZUKI EVERY Co.,Ltd]

Dear Sir/Madam
We are a Japanese used car export company selling Japanese used cars and
foreign cars.We export Japanese used cars to various countries in the world.
We have extensive stocks of Japanese used cars which satisfy your needs.We
guarantee Good condition, Good price, Quick service.
Right now we have an overflow of new stocks of 1,500 units of land cruisers
4wd
at a very cheep price.We are giving out the land cruisers to our customers
in DRC/KENYA/UGANDA/ZAMBIA. CIF to darrasalam for each land cruiser is 9000
dollars only.We are giving 50% discount because it is our marketing strategy
to attract more customers in Africa and sell off the overflow of new stocks as
quick as possible.
The usual price for these land crusiers is 18,000 dollars CIF to
darrasalam,but we are now giving it for only 9000 dollars CIF to darrasalam.
We want you to take an advantage of this opportunity because our big regular
customers like Mr Phoba Bakambana of lubumbashi city has paid for 50 units and
Mr Jules Kabambi has paid for 30 units of landcrusiers.We do not want you to
miss out before all the 1,500 units will finish.We have no space to upload the
pictures on our website,but we can send the pictures manauly from our yahoo
account
directly to your email address if you are intreasted.
Sincerely yours,
Suzuki "SALES TEAM"
EVERY Co.,Ltd
Tel:81-25-211-3260 Fax:81-25-211-3264

Yahoo messenger life chat Id: ssuzuki91
---
Website : http://everycar.jp/
Tradecarview : http://www.tradecarview.com/pr/?uid=504755
---
Main office : 1-8-5,Kamioumi,Chuo-ku,Niigata-shi,Niigata,Japan
Right now we have an overflow of new stocks of 1,500 units of land cruisers
4wd
at a very cheep price.We are giving out the land cruisers to our customers
in DRC/KENYA/UGANDA/ZAMBIA. CIF to darrasalam for each land cruiser is 9000
dollars only.We are giving 50% discount because it is our marketing strategy
to attract more customers in Africa and sell off the overflow of new stocks as
quick as possible.
The usual price for these land crusiers is 18,000 dollars CIF to
darrasalam,but we are now giving it for only 9000 dollars CIF to darrasalam.
We want you to take an advantage of this opportunity because our big regular
customers like Mr Phoba Bakambana of lubumbashi city has paid for 50 units and
Mr Jules Kabambi has paid for 30 units of landcrusiers.We do not want you to
miss out before all the 1,500 units will finish.We have no space to upload the
pictures on our website,but we can send the pictures manauly from our yahoo
account
directly to your email address if you are intreasted.
Sincerely yours,
Suzuki "SALES TEAM"
EVERY Co.,Ltd
Tel:81-25-211-3260 Fax:81-25-211-3264

Yahoo messenger life chat Id: ssuzuki91
---
Website : http://everycar.jp/
Tradecarview : http://www.tradecarview.com/pr/?uid=504755
---
Main office : 1-8-5,Kamioumi,Chuo-ku,Niigata-shi,Niigata,Japan

Re: android's adb

[Brynet]

On Tue, Oct 11, 2011 at 08:28:28PM +0200, Martin Pieuchot wrote:
> On 11/10/11(Tue) 11:07, Brynet wrote:
> > I'd be interested in testing this, does he plan on submitting it to ports@?
> 
> Of course, what a question ;)

I was just wondering if you something that could be tested, sorry if that came
across as rude.

> But for the moment the port, or more precisely the backend based on
> ugen(4) is not quite ready. I've still some issues to fix before
> submitting it to ports@.

That's great, thanks. I had a look at it in the past when I noticed that a lot 
of projects were using it now, at the time only Linux has libusb-1.0.

FreeBSD has their own libusb 1.0 API implementation, but it didn't appear worth 
the effort to port.

I'd like to get usbmuxd/libimobiledevice working so I can play with one of my 
iDevices without wireless.

> Martin

-Bryan.

Re: android's adb

[Martin Pieuchot]

On 11/10/11(Tue) 11:07, Brynet wrote:
> Antoine Jacoutot wrote:
> > mpi has a port of libusb 1.0 which I am actually putting under tests.
> 
> I'd be interested in testing this, does he plan on submitting it to ports@?

Of course, what a question ;)

But for the moment the port, or more precisely the backend based on
ugen(4) is not quite ready. I've still some issues to fix before
submitting it to ports@.

Martin

Re: Scanning detection, Single Packet Authorization

[Kevin Chadwick]

On Tue, 11 Oct 2011 14:31:01 +0100
Fred Crowson wrote:

> Port knocking has been discussed many times on the mailing list:

Single packet authorisation is a lot more useful and less falible than
port knocking, though you could do similar with ssh, some magic and
have the benefit of lots of clients to use, though maybe? it's not
quite so convenient to add commands etc..

Re: Scanning detection, Single Packet Authorization

[Peter N. M. Hansteen]

Fred Crowson  writes:

> PF has excellent logging capabilities - which should help in detecting
> port scanning, and if you read the src tracking part of the man page
> it should prove useful.

Very true.  The various state tracking options can help detect and head
off various types of floods and scans.  An example of a distantly
related use case (heading off ssh bruteforcers) can be found at
http://home.nuug.no/~peter/pf/en/bruteforce.html, that and the pf.conf
man page should give you a few ideas. There is a good number of
approaches that may fit your scenarios.

> Port knocking has been discussed many times on the mailing list:
> http://marc.info/?l=openbsd-misc&w=2&r=1&s=port+knocking&q=b

Heh. That search turns up quite a few gems, even mention (but not
detailed explanation, mind you) of the fact that port knocking can be
implemented via PF features if you have a mind to.

For single packet authorization, I'm not aware of any tool in base with
that capability, but a quick web search on "OpenBSD single packet
authorization" turns up evidence that others have been at least
considering the combination (and written some code).

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: android's adb

[Antoine Jacoutot]

On Tue, 11 Oct 2011, Brynet wrote:

> Antoine Jacoutot wrote:
> > mpi has a port of libusb 1.0 which I am actually putting under tests.
> 
> I'd be interested in testing this, does he plan on submitting it to ports@?

Sure when it's in a working state. But leave him answer :)

-- 
Antoine

Re: android's adb

[Brynet]

Antoine Jacoutot wrote:
> mpi has a port of libusb 1.0 which I am actually putting under tests.

I'd be interested in testing this, does he plan on submitting it to ports@?

-Bryan.

Re: Help setting up a PF NAT gateway

[Rodrigo Mosconi]

2011/10/10 Stefan Midjich :
> Simplest of things but I'm failing miserably.
>
> $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address
> inet 50.50.50.59 255.255.255.0 50.50.50.255
>
> $ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two
> machines on same network
> inet 10.221.181.10 255.255.255.0 10.221.181.255
>
> For troubleshooting I have removed the block all rule, to confirm that
> it is in fact my NAT related rules that don't work.
>
> These are my first and only NAT rules. The other rules work fine and
> are just to allow SSH to my management interface and ICMP response
> from the external IP and from the internal gateway IP. Besides I've
> removed the block all so the other rules don't matter much now.
>
> match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin
> pass inet from 10.221.181.0/24 to any flags S/SA keep state

can be changed to

pass out on vic2 inet from 10.221.181.0/24 to any nat-to vic2

Hardware for 1Gbps IPsec

[BARDOU Pierre]

Hello,

I'm looking for hardware capable of doing 1bgps IPsec, under OpenBSD of
course.
Do you think it is possible with a brand new high end server and their new
instructions (AES/NI and/or AVX) ?

Or would a crypto card be necessary ? If yes, do you have a brand/model to
recommend ?

In the crypto section most of the devices I see are old chipsets, which are
far from 1 Gbps throughput.
The only thing I see is the Via Padlock, but I think the CPU is not capable of
Gigabit routing. There is also the BCM5862, but I can't find a card embedding
it.

Thank you

--
Cordialement, 
Pierre BARDOU

Re: Scanning detection, Single Packet Authorization

[Fred Crowson]

On 11 October 2011 13:36, Cezary Cieplinski  wrote:
> Dear All,
> I am new member here, also noob in OpenBSD.
> And have some simple question.
> Can you please tell me if there any technique to detect port scanning.
> Is there any PF feature which I can use? Or any independent package similar to
> linux psad?
> I am also interested in port knocking is there any support for it in OpenBSD.
> I am looking for similar functionality like fwknop - Single Packet 
> Authorization.
> Best regards.
>
>

PF has excellent logging capabilities - which should help in detecting
port scanning, and if you read the src tracking part of the man page
it should prove useful.

Port knocking has been discussed many times on the mailing list:
http://marc.info/?l=openbsd-misc&w=2&r=1&s=port+knocking&q=b

hth

Fred

Re: smtpd and virtuals

[David Walker]

Here's a couple of manual diffs.

smtpd.8 against revision 1.12 ...

--- smtpd.8 Wed Oct 12 08:01:04 2011
+++ diffs/smtpd.8   Tue Oct 11 22:56:22 2011
@@ -126,3 +126,16 @@ The
 .Nm
 program first appeared in
 .Ox 4.6 .
+.Sh CAVEATS
+.Nm
+may not be suitable for production use at the present time.
+.Pp
+It should be noted that while the requisite
+.Nm
+binaries are included in the default installation,
+in cases where there is a corresponding Sendmail utility,
+the OpenSMTPD manual page(s) should be fetched from CVS.
+Currently this affects
+.Xr makemap 8
+and
+.Xr newaliases 8 .

smtpd.conf.5 against revision 1.45 ...

--- smtpd.conf.5Wed Oct 12 09:49:54 2011
+++ diffs/smtpd.conf.5  Tue Oct 11 23:07:18 2011
@@ -217,7 +217,7 @@ The rule matches only locally originating connections.
 This is the default,
 and may be omitted.
 .It Ic from Ar network
-The rule matches if the connection is made from the specified
+The rule matches if the connection is made from
 .Ar network ,
 specified in CIDR notation.
 .El
@@ -431,3 +431,16 @@ accept for all relay
 .Xr smtpd 8
 first appeared in
 .Ox 4.6 .
+.Sh CAVEATS
+.Xr smtpd 8
+may not be suitable for production use at the present time.
+.Pp
+It should be noted that while the requisite
+.Xr smtpd 8
+binaries are included in the default installation,
+in cases where there is a corresponding Sendmail utility,
+the OpenSMTPD manual page(s) should be fetched from CVS.
+Currently this affects
+.Xr makemap 8
+and
+.Xr newaliases 8 .

I took the liberty of changing the previous diff ...

 from network
 The rule matches if the connection is made from the spec-
 ified network, specified in CIDR notation.

... "specified network, specified in CIDR" is a little too repetitive
for me and unnecessary.

Best wishes.

Re: Only noise from Azalia

[Tomas Bodzar]

On Tue, Oct 11, 2011 at 3:25 AM, Jairo Souto  wrote:
> I can get only noise from the audio of a notebook Acer Aspire
> 5820T-6825. dmesg, audioctl and mixerctl are attached.
>
> Any advice? Thank you.

Go for snapshot

>
> --Jairo
> dmesg
> 
> OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar B 2 06:57:49 MST 2011
> B  B dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> RTC BIOS diagnostic error 80
> real mem = 3008843776 (2869MB)
> avail mem = 2914725888 (2779MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9460 (51 entries)
> bios0: vendor INSYDE version "V1.23" date 12/21/2010
> bios0: Acer Aspire 5820T
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT WDAT SSDT
> acpi0: wakeup devices EHC1(S3) EHC2(S3) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4)
PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.90 MHz
> cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: apic clock running at 133MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
> cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
> cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu3 at mainbus0: apid 5 (application processor)
> cpu3: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
> cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
> cpu3: 256KB 64b/line 8-way L2 cache
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> ioapic0: misconfigured as apic 0, remapped to apid 2
> acpimcfg0 at acpi0 addr 0xf000, bus 0-127
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (P0P2)
> acpiprt2 at acpi0: bus 3 (P0P1)
> acpiprt3 at acpi0: bus 1 (RP01)
> acpiprt4 at acpi0: bus -1 (RP02)
> acpiprt5 at acpi0: bus -1 (RP03)
> acpiprt6 at acpi0: bus -1 (RP04)
> acpiprt7 at acpi0: bus -1 (RP05)
> acpiprt8 at acpi0: bus -1 (RP07)
> acpiprt9 at acpi0: bus -1 (RP08)
> acpiprt10 at acpi0: bus -1 (PEG3)
> acpiprt11 at acpi0: bus -1 (PEG5)
> acpiec0 at acpi0
> acpicpu0 at acpi0: C3, C1, PSS
> acpicpu1 at acpi0: C3, C1, PSS
> acpicpu2 at acpi0: C3, C1, PSS
> acpicpu3 at acpi0: C3, C1, PSS
> acpitz0 at acpi0: critical temperature 105 degC
> acpibat0 at acpi0: BAT1 model "AS10B3E" serial 7F5A type LION oem "SANYO"
> acpiac0 at acpi0: AC unit online
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: LID0
> acpibtn2 at acpi0: SLPB
> acpivideo0 at acpi0: GFX0
> acpivout0 at acpivideo0: LCD_
> acpivideo1 at acpi0: VGA_
> cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266,
2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x18
> vga1 at pci0 dev 2 function 0 "Intel Mobile HD graphics" rev 0x18
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> intagp0 at vga1
> agp0 at intagp0: aperture at 0xc000, size 0x1000
> inteldrm0 at vga1: apic 2 int 16 (irq 7)
> drm0 at inteldrm0
> "Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
> ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 16
(irq 7)
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x05: apic 2 int
22 (irq 11)
> azalia0: codecs: Realtek ALC269, Intel/0x2804, using Realtek ALC269
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x05: apic 2 int 17
(irq 255)
> pci1 at ppb0 bus 1
> "Attansic Technology L1D" rev 0xc0 at pci1 dev 0 function 0 not configured
> ppb1 at pci0 dev 28 function 5 "Intel 3400 PCIE" rev 0x05: apic 2 int 16
(irq 255)
> pci2 at ppb1 bus 2
> "Broadcom BCM43225" rev 0x01 at pci2 dev 0 function 0 not configured
> ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 23
(irq 11)
> usb1 at ehci1: USB revision 2

Scanning detection, Single Packet Authorization

[Cezary Cieplinski]

Dear All,
I am new member here, also noob in OpenBSD.
And have some simple question.
Can you please tell me if there any technique to detect port scanning.
Is there any PF feature which I can use? Or any independent package similar to 
linux psad?
I am also interested in port knocking is there any support for it in OpenBSD.
I am looking for similar functionality like fwknop - Single Packet 
Authorization.
Best regards.

Re: Help setting up a PF NAT gateway

[Stefan Midjich]

It works now that I started over from scratch, I have a block in all
and a pass out all by default and NAT is working. I can see packets on
both in and out-interfaces with tcpdump. Of course ICMP response is
not being sent back since I have a block in all but at least NAT is
working and it is forwarding packets.

I think what I was missing, a crucial step and basic knowledge to any
networking tech, was the ins and the outs of gateways. I didn't
understand what Out or In was in the eyes of the gateway. I now
understand that Out is where the default gateway points, /etc/mygate,
in other words egress group in ifconfig. And In is of course the
opposite.

This is a very subtle detail but it made a WORLD of difference.

Thank you all for your support. :)

Re: CVS

[James A. Peltier]

- Original Message -
| Why does it say on http://www.openbsd.org/anoncvs.html
| 
| a.. NOTE: If you are updating a source tree that you initially fetched
| from
| a different server, or from a CD, you must add the -d
| anon...@anoncvs.ca.openbsd.org:/cvs options to cvs.
| # cd /usr/src
| # cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd
| Why But this is not mentioned on
| http://www.openbsd.org/faq/faq5.html#BldGetSrc in the section on
| Pre-loading
| the tree ?

Because the tarball does not contain CVS server information, just a clean tree 
which then you can use a CVS server to update from.  Once you've ran the cvs up 
the local tree keeps track of the current cvs server you are fetching from.

-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 778-782-6573
Fax : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices
  http://blogs.sfu.ca/people/jpeltier
I will do the best I can with the talent I have

Re: Can I use carp with just one public IP?

[David Newman]

On 10/9/11 11:08 AM, rik wrote:
> i'm not doing load balance, just active/passive router/firewall
> configuration, but we're using only one ip on carp, with no ip address on
> the phisical interfaces.

+1

We set up CARP on unnumbered interfaces all the time. Works fine.

This is useful if, for example, a pair of routers running CARP sits on a
/30 network, where there's not enough address space to define virtual
and physical addresses.

This also works with VLANs; in that case, leave the physical and VLAN
addresses unnumbered if necessary.

dn