binutils buffer overflow

[Alexey E. Suslikov]

binutils < 2.16-r1 are vulnerable

http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Sean Knox]

Hey Bob,

Thanks for the info. I originally asked as I'm seeing between 80 and 90 
percent interrupts on a gigabit firewall with some em(4) cards. I think 
my issue may be expected given the scenario, so I'll pose that question 
to the group in a different thread.


thanks,
sk

Bob Beck wrote:

the idle loop problem will affect any driver that uses
tsleep where stuff might need to be serviced from the idle loop.

the bge booboo I found and fixed earlier with krw was
that of it not testing correctly if interrupts were for itself
in the shared interrupt case. totally different animal.

-bob


* Sean Knox <[EMAIL PROTECTED]> [2005-06-01 18:57]:


Marco Peereboom wrote:


I remember that there was a boo boo in the bge interrupt handler.   
beck@ found it and I believe krw@ fixed it.  If you can you should  try 
something newer, like -current or whenever brad@ the latest  releases 
3.7 errata that includes the "idle loop fix".


Does this affect other NIC chipsets as well? Bob's message on kerneltrap 
said the idle loop adjustment affects "everything on i386".


sk

What to do with zombie ssh connections...tarpit?

[Myk Taylor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

With OpenBSD 3.7 I can finally easily detect and block those annoying
ssh scanning zombies with the following pf rule:

pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
  flags S/SA keep state (max-src-conn-rate 5/60, \
  overload  flush global)

then I can block all IPs in the  table (I automatically phase
IPs out of the table after a couple days in daily.local).  This is all
fine and good for my server, but I'd rather tarpit the suckers instead
of blocking them outright after 5 connections.  It would be easy to rdr
them to a tarpit process, but I haven't seen any tarpits on the web that
simulate ssh servers.

I think ideally there could be a public honeypot server somewhere I
could redirect them to, where their IPs and activity could be centrally
logged and email could be automatically sent to the abuse@ address in
the whois(1) entry.  I'm doing this manually for the ~2 zombies daily I
discover, but it's a bit tedious.

So what's the best solution here?  Is there a better way than hacking
the sshd source to unconditionally sleep for 20s and return failure?

- --myk
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnpuXBOPsJyAQkeARAkEeAKDEJBfnnr/3DjCYo0SF5wdWW2430wCghEk+
xL7LiYzbnbr5xqkIK5+bCy8=
=3rIG
-END PGP SIGNATURE-

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Bob Beck]

the idle loop problem will affect any driver that uses
tsleep where stuff might need to be serviced from the idle loop.

the bge booboo I found and fixed earlier with krw was
that of it not testing correctly if interrupts were for itself
in the shared interrupt case. totally different animal.

-bob


* Sean Knox <[EMAIL PROTECTED]> [2005-06-01 18:57]:
> Marco Peereboom wrote:
> 
> >I remember that there was a boo boo in the bge interrupt handler.   
> >beck@ found it and I believe krw@ fixed it.  If you can you should  try 
> >something newer, like -current or whenever brad@ the latest  releases 
> >3.7 errata that includes the "idle loop fix".
> 
> Does this affect other NIC chipsets as well? Bob's message on kerneltrap 
>  said the idle loop adjustment affects "everything on i386".
> 
> sk
> 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

Re: authpf password changing

[Bob Beck]

You don't. it's that simple.

authpf is not a shell. It is designed to let the user do NOTHING.
I will not change it so users can do something with it.

users should not have a shell on the box authpf is running on.

Want them to change their passwords? give them a real
shell on a DIFFERENT MACHINE where they can change their passwords, or
make a web page that does it for them. Search the list archives, I've
posted previously the perl for one I use at the U of A. 

-Bob


* Alastair Johnson <[EMAIL PROTECTED]> [2005-06-01 20:31]:
> using authpf i cant see a way to allow users to
> change their passwords. i want ideally to set
> password ageing but more urgently how can a user
> with an authpf shell login to change a password?
> 
> its tiresome and not very scalable to have them
> troop into my office and in a root session type
> "passwd user"
> 
> have searched all over for the answer to this.
> appologies if its a FAQ but any help would be much
> appreciated
> 
> many thanks
> 
> sincerely,
> 
> alastair johnson
> 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

Re: howto clean disks ?

[Russell Fulton]

> > Once information on a digital media has been overwritten, it cannot be
> > recreated/restored in any lab. All this talk about electron microscopes
> > and overwriting in multiple passes is just a load of crap derived from
> > an old DoD standard. It has no practical meaning. One overwrite is
> > enough. Please let this ugly rumour die :)

Peter Gutman presented a paper on the technique of using electron
microscopes to recover data from overwritten disks nearly 10 years ago
at a USENIX Security Symposium.  Peter did the research on this while at
IBM's Watson Laboratory.   Yes, it's very expensive (in terms of time)
and you need sophisticated equipment but it is well within the reach of
any technical university or well financed organisation.

Like all security decisions how you wipe your data depends on how
valuable it is.  For most stuff one pass is probably enough but OTOH
doing a five or seven pass with random data is not a large incremental
cost so why not do it properly.  The biggest cost in the exercise is the
time it takes to boot the machine up on a CD with the right tools and
start them running.  Do you really care if it takes one or five hours to
do the wipe. (OK there will be times when you do care and in that case
you opt for speed unless there is something extraordinarily sensitive on
the disk...)

Russell

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: OpenNTPD on OBSD 3.4

[Daniel Ouellet]

Edy Purnomo wrote:

How to install OpenNTPD on OBSD 3.4 ?
I've read this from newsgroup but can't understand.
Please advice.


Much better, just pop in the CD and then install OBSD 3.7 and OpenNTPD 
comes pre install with it! (:>


Plus many other improvements as well...

Daniel

OpenNTPD on OBSD 3.4

[Edy Purnomo]

Hi,

How to install OpenNTPD on OBSD 3.4 ?
I've read this from newsgroup but can't understand.
Please advice.

the native OpenBSD version needs yo live in the src tree under
usr.sbin/ntpd/ for make install to work.
you can just manually copy binary and manpages into place tho.

Aironet pcmcia / 3.7 GENERIC kernel crash

[Andrew Dyer]

Hi, I recently installed 3.7 release on a Toshiba portege 610CT laptop
and the kernel panics while initializing my aironet wireless card.

If I do a 'boot -c' and 'disable an' from the UKC> prompt all works as
expected.  I tried booting with the card in both slots, and also without the
other pcmcia card (a xircom card) with the same results.  I was previously
running linux (2.4.27 kernel) on the machine and the card worked correctly
there.

dmesg and trace output from serial console on a failed run are below:

boot> boot
booting hd0a:/bsd: 4686240+945680 [52+241328+223324]=0x5d0864
entry point at 0x100120

[ using 465076 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium (P54C) ("GenuineIntel" 586-class) 90 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8
cpu0: F00F bug workaround installed
real mem  = 24944640 (24360K)
avail mem = 14766080 (14420K)
using 330 buffers containing 1351680 bytes (1320K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(06) BIOS, date 07/03/95
apm0 at bios0: Power Management spec V1.1
apm0: battery life expectancy 100%
apm0: AC on, battery charge high, charging, estimated 2:36 hours
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xe/0x1
cpu0 at mainbus0
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
vga0 at isa0 port 0x3b0/48 iomem 0xa/131072
wsdisplay0 at vga0: console (80x25, vt100 emulation), using wskbd0
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 2067MB, 4233600 sectors
wd0(wdc0:0:0): using BIOS timings
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
midi0 at sb0: 
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0: 
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0: 
pcppi0 at isa0 port 0x61
midi2 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536
pcic0 controller 0:  has sockets A and B
pcmcia0 at pcic0 controller 0 socket 0
an0 at pcmcia0 function 0 "Cisco Systems, 340 Series Wireless LAN Adapter", irq
3kernel: protection fault trap, code=0
Stopped at  Xprot:  pushl   $0x4
ddb> trace
Xprot(d015ebe0,8,10246,d0563264,d07b8014) at Xprot
curpcb(d07b8000,d07b8000,d06d36f0,0,0) at 0x703
config_attach(d07ac200,d055dc20,d06d36f0,d0472148) at config_attach+0xef
pcmcia_card_attach(d07ac200,d07ac200,0,d07b2480,0) at pcmcia_card_attach+0xf4
pcic_attach_card(d07b2480,1,0,d07b2480) at pcic_attach_card+0x1c
pcic_init_socket(d07b2480,d055ef40,d06d3770,d046b8a8) at pcic_init_socket+0x85
pcic_attach_socket(d07b2480,d07b2400,d06d37f8,d046c7c8) at pcic_attach_socket+0
x7d
pcic_attach_sockets(d07b2400,d07b2400,d06d37d8,d0214e71,d06d3850) at pcic_attac
h_sockets+0x3b
pcic_isa_attach(d078db00,d07b2400,d06d3850,0,100) at pcic_isa_attach+0xf1
config_attach(d078db00,d07b2400,d06d3850,d040af60,0) at config_attach+0xef
isascan(d078db00,d07b2400,4,1) at isascan+0x14e
config_scan(d040b068,d078db00,d06d3eb0,0,d056c4f8) at config_scan+0xaf
config_attach(d0794fc0,d055e034,d06d3eb0,d03537f4) at config_attach+0xef
mainbus_attach(0,d0794fc0,0,0,d06d3f10) at mainbus_attach+0xf5
config_attach(0,d055cf78,0,0,d05b2260) at config_attach+0xef
config_rootfound(d04fb4f4,0,d06d3f58,d032c068) at config_rootfound+0x27
cpu_configure(0,1,3,0,183) at cpu_configure+0x1f
main(0,0,0,0,0) at main+0x339
ddb> ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
*0 -1  0  0  7 0x80204 swapper
ddb> show registers
ds  0x10
es  0x10
fs  0x58
gs 0
edi   0xd07b8000end+0x158f30
esi   0xd07b8000end+0x158f30
ebp   0xd06d3688end+0x745b8
ebx0x400
edx0x434
ecx0
eax   0xAPTD+0xfff
eip   0xd0100da0Xprot
cs   0x8
eflags   0x10246
esp   0xd06d3660end+0x74590
ss0xd06d0010end+0x70f40
Xprot:  pushl   $0x4
ddb> boot dump
rebooting...



the dmesg from a sucessful boot is here:

boot> boot -c
booting hd0a:/bsd: 4686240+945680 [52+241328+223324]=0x5d0864
entry point at 0x100120

[ using 465076 bytes of bsd ELF symbol ta

Re: howto clean disks ?

[shanejp]

Hi Dennis,

Quoting Dennis Lindahl <[EMAIL PROTECTED]>:

> Once information on a digital media has been overwritten, it cannot be
> recreated/restored in any lab. All this talk about electron microscopes
> and overwriting in multiple passes is just a load of crap derived from
> an old DoD standard. It has no practical meaning. One overwrite is
> enough. Please let this ugly rumour die :)

You seem a little quick to discount something as impossible. Do you
think Military choose physical destruction for the heck of it?

IBAS can't do it on the cheap, so they claim it impossible? And you
take that as gospel?

The nature of digital signals comes down to thresholds. The actual
analog values are not absolutely digital and remnants often remain.
When you open up a storage device and circumvent the part which
enforces and interprets the thresholds which define what constitutes
a one or a zero, you then have the ability to see the remnants
without the masking effect of those digital parts. If only zeroes
where witten to the disk, these remnants stand out and make it easier
to reconstruct the original data. By overwritting with ones, zeroes
(or an alternating pattern of ones and zeroes) and then random data,
the remnants become lost in a sea of noise.

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

It comes down to cost/benefit. The fact that you don't hear about it
much is because it is costly and time consuming. Just because you
can't do it at home, does not mean it can't be done.


Shane J Pearson




This email was sent from Netspace Webmail: http://www.netspace.net.au

Re: howto clean disks ?

[Joe Snikeris]

On 6/1/05, Diana Eichert <[EMAIL PROTECTED]> wrote:
> On Thu, 2 Jun 2005, Dennis Lindahl wrote:
> SNIP
> > Like I said, once the information _has_ been overwritten, it cannot be
> > recovered in any lab. A fellow from IBAS said this during a seminar I
> > attended recently. He even said it was a fundamental principle for all
> > professional data recovery. If it had been possible to retrieve
> > overwritten data from harddisks, im pretty sure the technique would have
> > been used in some high profile criminal investigation. But it hasnt,
> > because it is a myth.
> >
> > And like you said, there are indeed issues to actually performing a
> > complete overwrite.
> >
> > / Dennis
> 
> 
> 
> Let me 'splain something to you in PLAIN English.  The US Gov't is WILLING
> to RELEASE and NOT PROSECUTE spies if it appears that CLASSIFIED
> information COULD be compromised in a court trial, NOT will be
> compromised, just the CHANCE of it occurring.  Therefore just because
> YOU haven't heard of a way to recover over written data doesn't mean it
> can't be done.
> 
> FWIW I don't personally know of a way to recover over written media, what
> I can say is that media is physically destroyed at various facilities I've
> worked at.
> 
> diana
> 
> 

>From my understanding of it, the values stored on your harddrive are
not exactly one's and zeros.  As long as the magnetic field is close
to zero, like .15 gauss (or whatever the unit would be), it is treated
like a zero.  If it is close to a one (like .83 gauss, again I'm not
sure what the value or unit would actually look like) it will be
regarded as a one.

By analyzing these true values of the magnetic field, professionals
can infer what that particular bit used to be.

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Kevin]

On 6/1/05, Marco Peereboom <[EMAIL PROTECTED]> wrote:
> I said "there was a boo boo in the bge interrupt handler"; this
> affects ALL bge.

Good to hear.  I'll have to try a snapshot and see if it addresses
the bge issues I have (PE1750 silently dropping some TCP packets). Or
should I wait a few more weeks for the bleeding edge code to clot?


> bge0 at pci3 dev 0 function 0 "Broadcom BCM5704C" rev 0x02: 
> irq 15: address: 00:0f:1f:68:49:f0
> brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseTX PHY, rev. 0
> bge1 at pci3 dev 0 function 1 "Broadcom BCM5704C" rev 0x02: 
> irq 14: address: 00:0f:1f:68:49:f1
> brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseTX PHY, rev. 0

I read in an earlier thread there is a definite performance advantage to
setting all your GigE interfaces to the same interrupt?

Kevin

authpf password changing

[Alastair Johnson]

using authpf i cant see a way to allow users to
change their passwords. i want ideally to set
password ageing but more urgently how can a user
with an authpf shell login to change a password?

its tiresome and not very scalable to have them
troop into my office and in a root session type
"passwd user"

have searched all over for the answer to this.
appologies if its a FAQ but any help would be much
appreciated

many thanks

sincerely,

alastair johnson

Re: [A bit OT] KVM recommendation and information on "Compaq EO1004B 8 Port KVM Switch, Part No. 147094-001"

[Steve Shockley]

Adam Gleave wrote:

I've been looking at KVM's (on eBay mostly, for price reasons :)).



Anyone have experience with these / any other recommendations?


I've had problems switching back and forth between OpenBSD and Win2k 
using a Microsoft optical wheel mouse, especially if Win2k initialized 
the mouse.  This was a long time ago (before wsmouse), so I don't know 
if it's still the case.



Also, is there any major problem of connecting a KVM to another KVM.
That is, say connecting a Belkin omnicube to a variety of computers
and one other OmniCube KVM which is in turn connected to other
computers. That might fix my port problem, hmm.


Belkin's FAQ says no, assuming you're talking about F1D094.  If not, 
look on the back of the KVM, there should be a switch that switches 
between "top" and "not top".  Usually you can only go two layers deep.


I used to use some kind of Belkin KVM (it's not on their web site and I 
don't feel like digging it out), but I recently got a couple of HP 
rack-mount KVMs, they emulate keyboard, monitor, mouse even when it's 
not active.  They were "broken", two capacitors in the power supply had 
dried out.  About a half hour with the soldering iron (most of which was 
spent digging through old boards looking for capacitors) and they work 
great.

Re: Problems with CPU/ARCH specific compilation!?

[shanejp]

Quoting Markus Kolb <[EMAIL PROTECTED]>:
 
> You don't know after 2 mails that it will be only noise.

The noise starts when the person who brings up the FAQ, decides to
pursue an issue which developers have already decided on long ago.

This is OpenBSD. If you don't trust the developers but want to use
OpenBSD in a way which they are not willing to support, then take it,
make your own changes and support yourself.

This "most stable", "known quantity" policy is based on experience!

The experience is that gcc is most stable in the areas where it is most
often used. Step off the yellow brick road and things start getting
weird.


Shane J Pearson




This email was sent from Netspace Webmail: http://www.netspace.net.au

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Marco Peereboom]

I said "there was a boo boo in the bge interrupt handler"; this  
affects ALL bge.


The idle loop stuff affects all i386 boxes with a hlt'ing BIOS period.

On Jun 1, 2005, at 7:38 PM, Sean Knox wrote:


Marco Peereboom wrote:


I remember that there was a boo boo in the bge interrupt  
handler.   beck@ found it and I believe krw@ fixed it.  If you can  
you should  try something newer, like -current or whenever brad@  
the latest  releases 3.7 errata that includes the "idle loop fix".




Does this affect other NIC chipsets as well? Bob's message on  
kerneltrap  said the idle loop adjustment affects "everything on  
i386".


sk

Re: Gigabit Firewall NIC Interrupt Performance Problem

[Sean Knox]

Marco Peereboom wrote:

I remember that there was a boo boo in the bge interrupt handler.   
beck@ found it and I believe krw@ fixed it.  If you can you should  try 
something newer, like -current or whenever brad@ the latest  releases 
3.7 errata that includes the "idle loop fix".


Does this affect other NIC chipsets as well? Bob's message on kerneltrap 
 said the idle loop adjustment affects "everything on i386".


sk

Re: [A bit OT] KVM recommendation and information on "Compaq EO1004B 8 Port KVM Switch, Part No. 147094-001"

[Nick Holland]

Sascha Retzki wrote:
> On Wed, Jun 01, 2005 at 12:55:45PM +, Adam Gleave wrote:
>> I've been looking at KVM's (on eBay mostly, for price reasons :)).
>> What I really need is something that:
>> 
>> 1. Will work on a variety of OS's (Linux, OpenBSD, *BSD, ...anything).
> 
> Those thingies don't *really* need OS-support, tho the OS should be ok with
> the fact that those KVMs (or at least the two-three I used to see in action)
> switch the signals completely "away" from a computer, thus loosing voltage.
> This is my opinion what is happening there; however there is the effect
> that the mouse needs 1-2 seconds to react on user input after you switched
> back and stuff like that.

It is more complicated than that.

>> OpenBSD being most important :)
> 
> There used to be a remark about problems with KVMs on OpenBSD, I cannot find
> them anymore, tho. I don't even know if they were fixed, I know there were
> problems.

http://www.openbsd.org/faq/faq12.html#i386smouse
(Sometimes I look at an article, and wonder, "WHY did I put it THERE?"
That is one of those cases.  Ok, I know why I put it there, but not sure
why I expected you to find it)

It is still very true.  There are some KVM switches that work just fine
with OpenBSD, some that work horribly, and some that work fine while you
are testing things, then blow up spectacularly (i.e., past five screens
of text on to chat with Theo looking on) after you put it all back
together and started to trust the dang thing.

(btw: CTRL-ALT-BackSpace is your friend when that happens.  You still
look silly, but it minimizes how silly)

Some people have reported better results using switched USB cables, and
someone once suggested using a PS/2 -> USB adapter, so the computer
always sees its USB keyboard/mouse, and only the USB adapter has to
worry about the switching.

Experiment.  I picked up some cheap $20 (on sale) "home-grade" four-port
switches (with cables!) that seem to work PERFECTLY with OpenBSD (about
their only positive feature), and I've got a relatively expensive eight
port on my desk at work...which doesn't (so yes, I have a separate mouse
for the OpenBSD system).  Both made by the same manufacturer.  Go figure.

Nick.

Re: [A bit OT] KVM recommendation and information on "Compaq EO1004B 8 Port KVM Switch, Part No. 147094-001"

[mcb, inc.]

On Wed, 1 Jun 2005, Adam Gleave wrote:


I've been looking at KVM's (on eBay mostly, for price reasons :)).
What I really need is something that:

1. Will work on a variety of OS's (Linux, OpenBSD, *BSD, ...anything).
OpenBSD being most important :)
2. Will work both graphical and console
3. Ok signal
4. 8 ports

I'm looking at two KVM's in particuluar:

1. A Belkin OmniCube 4 port F1D024. Seems fine for my usage, except
for number of ports.
2. Compaq EO1004B 8 Port Part No. 147094-001

Anyone have experience with these / any other recommendations?


Suggestions:

1.  Look for full mouse/keyboard emulation on each port.  When
one OS (you know which one) wedges a device or decides to reboot
or insists on using a different mode, this gives you a chance
at not having the other ports screwed up.  But not a guarantee.

2.  Video bandwidth/impedance matching.  If you actually care
about graphics, KVM's can be very disappointing.  In particular,
Belkin gear has been uniformly piss-poor in this department.
Their basic cables ring like church bells when driven at even
moderate resolutions.  Alternate cables can be acquired which
clean this up (problem is generally with the cables/connectors,
less so with the box itself.  If you have this problem with a
KVM that uses special cables, fixing it gets hard.

3.  DDC2B compatibility.  None of the manufacturers seem to say
anything about this which bugs me.  It's an I2C bus so, in theory,
all the ports could be wired-or'd together.  But then each OS/
driver/card would have to do the right thing with regard to
collision detection which I wouldn't trust them to do.  If anyone
has anything to say on this, I'm interested.

'Professional' options:  Cybex, Rose, Raritan.


Also, is there any major problem of connecting a KVM to another KVM.
That is, say connecting a Belkin omnicube to a variety of computers
and one other OmniCube KVM which is in turn connected to other
computers. That might fix my port problem, hmm.


If you want to use keyboard sequences to control switching, then,
yeah, one KVM can block another.  Some work together such that
a single sequence will switch two boxes.

--
Monty Brandenberg

Re: Problems with CPU/ARCH specific compilation!?

[Markus Kolb]

Otto Moerbeek wrote on Wed, Jun 01, 2005 at 17:10:44 +0200:
> If we feel that certain posts just add noise and nothing else, we say so.

You don't know after 2 mails that it will be only noise. And with your
flaming you kill a thread before it starts to become interesting.

I have already written: Moderate your lists. Then only for you
interesting things are posted and only the OBSD.org guys quarrel. 
If a moderated list is interesting for other people is another point.

If you behave like you've done it is unacceptable and totalitarian.

Re: Problems with CPU/ARCH specific compilation!?

[Markus Kolb]

Brad wrote on Wed, Jun 01, 2005 at 09:18:54 -0400:
> 
> There are no "compilation limitations" of OBSD.

There are. Have a look at the net/ser port for example.
And I will show you in core after I've had a deeper look.

Re: howto clean disks ?

[Diana Eichert]

On Thu, 2 Jun 2005, Dennis Lindahl wrote:
SNIP
> Like I said, once the information _has_ been overwritten, it cannot be
> recovered in any lab. A fellow from IBAS said this during a seminar I
> attended recently. He even said it was a fundamental principle for all
> professional data recovery. If it had been possible to retrieve
> overwritten data from harddisks, im pretty sure the technique would have
> been used in some high profile criminal investigation. But it hasnt,
> because it is a myth.
> 
> And like you said, there are indeed issues to actually performing a
> complete overwrite.
> 
> / Dennis



Let me 'splain something to you in PLAIN English.  The US Gov't is WILLING
to RELEASE and NOT PROSECUTE spies if it appears that CLASSIFIED
information COULD be compromised in a court trial, NOT will be
compromised, just the CHANCE of it occurring.  Therefore just because
YOU haven't heard of a way to recover over written data doesn't mean it
can't be done.

FWIW I don't personally know of a way to recover over written media, what
I can say is that media is physically destroyed at various facilities I've
worked at.

diana

Re: Linuxtag June 22 - 25, 2005, Karlsruhe, Germany

[Ingo Schwarze]

Hi Wim, 

Wim Vandeputte wrote on Wed, Jun 01, 2005 at 06:21:05PM +0200:

> just a heads up that we'll be at LinuxTag later this month,
> http://www.linuxtag.org
> 
> June 22 - 25, 2005, Karlsruhe, Germany.

 ... and after the conference, don't miss our party:

Sat, June 25, 16:00 - 28:00 o'clock, University Campus, Adenauerring 7
Open Air: 7 live bands, free entrance for everybody
indoors: 3 live bands for 3 Euro:
 flexevil (hip hop) - bosse (rock) - ratwaste (french punk)

  http://www.usta.de/unifest/

Yeah, that web server has been running OpenBSD
since the 2.7 release.  =:c)

Yours,
  Ingo

-- 
Ingo Schwarze <[EMAIL PROTECTED]>
University of Karlsruhe student organisation
http://www.usta.de/   -*-   http://www.studis.de/

Re: howto clean disks ?

[Dennis Lindahl]

> That is not the case. On magnetic drives, the field can spread beyond
> the region
> written to by the drive heads, and can be read by a suitably equipped
> lab. Reports
> on how effective this is and what methods can be used to destroy the
data vary, 
> but it's safe (or rather, it's necessary) to assume intelligence
> agencies or big
> companies can do stuff we don't know about.
>
> Besides, drives can transparently reassign sectors that go bad, and no
mere dd 
> can get to those. If 'they' can take apart the drive or get suitable
> firmware for it,
> they can certainly read all the sectors. Even if you assume
> overwritten data can
> not be recovered, you would still need to wipe these sectors.

Like I said, once the information _has_ been overwritten, it cannot be
recovered in any lab. A fellow from IBAS said this during a seminar I
attended recently. He even said it was a fundamental principle for all
professional data recovery. If it had been possible to retrieve
overwritten data from harddisks, im pretty sure the technique would have
been used in some high profile criminal investigation. But it hasnt,
because it is a myth.

And like you said, there are indeed issues to actually performing a
complete overwrite.

/ Dennis

Re: howto clean disks ?

[Chris Zakelj]

Diana Eichert wrote:


On Wed, 1 Jun 2005, Anthony Roberts wrote:
 


The 'dd' way is good enough unless someone is willing to to tear the
drive apart in a lab.
   


Items required for "sure fire" disk cleaning methodology.

qty. 1 hard drive to clean
qty. 1 high velocity military rifle
I usually use a .223 round, but other parts of the world may prefer
.308(7.62x51) or 7.62x54.
qty. what number of rounds you feel like of previously described firearm

place drive in front of dirt embankment
position yourself ~100'/30M (you want to get some practice in don't
you?)from the target, hrrrm, drive.
begin target practice, hrrrm, drive cleaning, until drive is thoroughly
destroyed, hrrrm, cleaned.
retrieve spent brass ( you do reload don't you?), hrrrm, drive cleaning
materials

(this next step is optional depending on how environmentally conscious you
are)
pick up remains of target, hrrrm, cleaned hard drive and dispose of
properly.

remember, always thoroughly clean your firearm, hrrrm, drive cleaning tool
after use.

there, that should do it

diana


Nick, I'm beginning to think the addition to the FAQ archived at
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106302607626276&w=2
might be a good idea.  Though I have to admit, Diana has a very 
interesting (and probably very fun) alternative :)

humppa

[Stefan Olsson]

Umm... in the online manual pages there is an architecture "humppa" - is that
an alias for hppa or what is it?
http://www.openbsd.org/cgi-bin/man.cgi?query=all&sektion=1&manpath=OpenBSD+Cu
rrent&arch=humppa&apropos=1&format=html

-I do happen to know that Humppa the"music" is popular in these circles, but
why have it listed as an architecture?

[am|bem|conf]-used.

Re: Linuxtag June 22 - 25, 2005, Karlsruhe, Germany

[Matthias Kilian]

On Wed, Jun 01, 2005 at 06:21:05PM +0200, Wim Vandeputte wrote:
> By the way, there are a few movies online now of the Hackaton at
> 
> http://www.eurobsd.org/2005-hackaton/

I hope this "Theo reads mail at the rack" scene was only for TV.

Please don't hurt your ear.

Ciao,
Kili

Re: howto clean disks ?

[Antonios Anastasiadis]

why don't you try pissing on it. I can gurantee that everyone will
forget about reclaiming your super-secret data.Ever.
If you are overly-paranoid, as any OBSD user should be, you can try
the "heavier" solution which is definitely the(...)

Re: OpenBSD VPN

[Stuart Henderson]

--On 01 June 2005 11:30 -0500, Bruce Marriner wrote:

 Apparently I'm not quite as brilliant as everyone here and those 

resources

did not quite answer all my questions.


Say what you didn't understand and which questions you're left with, 
and you:-


1. may get a useful response, helping you, and
2. suggest areas where improvements can be made, which may help others 
later.


Also n.b. , since 
there are ca.800 lines of diffs since 3.7 which might clarify some 
points.



Thank you everyone for the wonders of information.  I have read the
vpn man page - along with all the other ipsec man pages.


That's not quite what you said: "It seems the OpenBSD documentation is 
blank". Besides being wrong, it's a pretty confrontational statement...

Re: howto clean disks ?

[Diana Eichert]

On Wed, 1 Jun 2005, Dennis Lindahl wrote:

> Once information on a digital media has been overwritten, it cannot be
> recreated/restored in any lab. All this talk about electron microscopes
> and overwriting in multiple passes is just a load of crap derived from
> an old DoD standard. It has no practical meaning. One overwrite is
> enough. Please let this ugly rumour die :)
> 
> / Dennis

I like my method better. ;-)

diana

Re: Slow Downloads with Userpace PPPoE and High Speed ADSL link

[Javier Villavicencio]

Mick escribis:
> On Tue, 2005-05-31 at 08:33 -0400, Melameth, Daniel D. wrote:
> 
>>Mick wrote:
>>
>>>I seem to be seeing somewhat odd behaviour with regards to the
>>>userpace PPPoE program and my high speed ADSL link. By "high speed" I
>>>mean 8Mbps down and 1Mbps up. Initially, I was on a 512/128 plan
>>>before I upgraded to a 1500/256 plan and then finally to a 8000/1000
>>>plan. Now, with the 512/128 and 1500/256 plans, download (as well as
>>>upload) speeds were fine as I could usually saturate my connection -
>>>especially with a 'test' file that was hosted on my ISP's FTP site
>>>(this test file was placed there by my ISP in order for their ADSL
>>>clients to test their connections). However, after I upgraded to the
>>>8000/1000 plan, while upload speeds were still fine (they now
>>>typically average at 800Kbps to FTP servers that I have write
>>>permissions to), download speeds average at around 256kbps (after a
>>>brief initial download spike of several million bps) - even from my
>>>ISP's FTP site. 
>>
>>Mick,
>>
>>Have you been able to determine what is causing the issue?  I'm having a
>>similar problem with the kernelized pppoe in 3.7 :/ .
>>
>>Danny 
>>
> 
> 
> Hi Danny.
[big snip]
> 
> So after much googling (and dicking) around, I decided to try the kernel
> mode pppoe client - and I'm happy to report that it works great.
> Downloads from my ISP's FTP site are once again transferring at speeds
> in execess of 800KB/s. I only have one desktop machine (which runs
> Debian GNU/Linux) hooked up to my OpenBSD box here and so it was trivial
> to set mtu's to 1492 on the desktop machine as well as on the internal
> interface on the OpenBSD machine. Once I did that then, the transfers,
> instead of briefly stopping once every 5 seconds or so, came down
> solidly. i.e without any breaks or pauses.
> 
> 

Hello Danny, Mick.

  I had a similiar issue with kernel mode pppoe in 3.7. I installed 3.7,
and using the kmode pppoe downloads were good (I have an ADSL line which
is uncapped, i'm only limited by the quality of the cable/modem). Until
I established my packet filter rules (which were -very- similar to ones
I used before, but not with pppoe) and NAT, then I couldn't browse
anything from the internal machines, couldn't even resolve from the bind
daemon on the OpenBSD.

  Then I switched back to userland pppoe, with the same packet filtering
rules, queues and NAT, (only changing the macro $ext_if from pppoe0 to
tun0, for an example) it is now working 'fine'.

  I was going to send an email like yours to the list after a little
more 'research' specially, enabling debug log in the packet filter to
guess which rule I mistyped that screws up kernel mode pppoe, but since
there is your mail, here are my thoughts too, to seek a little more help
about this.

Salu2,
Javier

Re: howto clean disks ?

[Anthony Roberts]

> Once information on a digital media has been overwritten, it cannot be
> recreated/restored in any lab. All this talk about electron microscopes
> and overwriting in multiple passes is just a load of crap derived from
> an old DoD standard. It has no practical meaning. One overwrite is
> enough. Please let this ugly rumour die :)

That is not the case. On magnetic drives, the field can spread beyond
the region
written to by the drive heads, and can be read by a suitably equipped
lab. Reports
on how effective this is and what methods can be used to destroy the data vary, 
but it's safe (or rather, it's necessary) to assume intelligence
agencies or big
companies can do stuff we don't know about.

Besides, drives can transparently reassign sectors that go bad, and no mere dd 
can get to those. If 'they' can take apart the drive or get suitable
firmware for it,
they can certainly read all the sectors. Even if you assume
overwritten data can
not be recovered, you would still need to wipe these sectors.

On 6/1/05, Diana Eichert <[EMAIL PROTECTED]> wrote:
> place drive in front of dirt embankment
> position yourself ~100'/30M (you want to get some practice in don't
> you?)from the target, hrrrm, drive.
> begin target practice, hrrrm, drive cleaning, until drive is thoroughly
> destroyed, hrrrm, cleaned.
> retrieve spent brass ( you do reload don't you?), hrrrm, drive cleaning
> materials

Rendering the drive media unreadable to a standard drive won't
necessarily render
it unreadable to determined forensic annalysis. It requires high
temperatures. If you have information valuable enough to spend that
kind of money to recover, then the cost of losing the use of a drive
is trivial.

I don't advocate thermite or an oxy torch to prevent 'them' from
getting their hands on my MP3 collection. I wouldn't take the trouble
to destroy any of my hard drives because I don't have anything worth
spending that kind of money to recover.

Re: Slow Downloads with Userpace PPPoE and High Speed ADSL link

[Mick]

On Tue, 2005-05-31 at 08:33 -0400, Melameth, Daniel D. wrote:
> Mick wrote:
> > I seem to be seeing somewhat odd behaviour with regards to the
> > userpace PPPoE program and my high speed ADSL link. By "high speed" I
> > mean 8Mbps down and 1Mbps up. Initially, I was on a 512/128 plan
> > before I upgraded to a 1500/256 plan and then finally to a 8000/1000
> > plan. Now, with the 512/128 and 1500/256 plans, download (as well as
> > upload) speeds were fine as I could usually saturate my connection -
> > especially with a 'test' file that was hosted on my ISP's FTP site
> > (this test file was placed there by my ISP in order for their ADSL
> > clients to test their connections). However, after I upgraded to the
> > 8000/1000 plan, while upload speeds were still fine (they now
> > typically average at 800Kbps to FTP servers that I have write
> > permissions to), download speeds average at around 256kbps (after a
> > brief initial download spike of several million bps) - even from my
> > ISP's FTP site. 
> 
> Mick,
> 
> Have you been able to determine what is causing the issue?  I'm having a
> similar problem with the kernelized pppoe in 3.7 :/ .
> 
> Danny 
> 

Hi Danny.

Based upon your assessment of the kernel moe pppoe implementation, I
skipped past using that and instead compiled the Roaring Penguin PPPoE
client on my OpenBSD (3.7) machine. It works fine as long as the
*initial* transfer speed is not too high (see below), but it generates
these (seemingly harmless) warning messages:

pppoe[13971]: Unexpected packet code 9
pppoe[13971]: Unexpected packet code 9

Now what I discovered a bit later was that if downloading a file from 

ftp://ftp3.usa.openbsd.org/pub/OpenBSD/3.7/packages/i386/

for example, then the download speed *starts* *at* and sits at around
77KB/s whether I use the OpenBSD or the Roaring Penguin PPPoE client.
Now, as I described in my first post, if I download the ADSL test file
from ftp://iinet.net, while using the OpenBSD pppoe client, after the
initial inrush of traffic at several million bps, the transfer speed
slows down and flattens out to around 27KB/s. However, if I try to
download the same file using the Roaring Penguin client, after the
initial inrush of high speed traffic, the RP pppoe client subsequently
chokes and dies with these error messages:

pppoe[13971]: syncReadFromEth: write: Session 22834: No buffer space
available
pppoe[13971]: syncReadFromEth: write: Session 22834: No buffer space
available

ppp detects that the link has died and seems to successfully
re-establish the connection, but the connection is 'toast' as it were
and ppp keeps on trying to re-establish the connection until I kill both
it and the pppoe process.

So after much googling (and dicking) around, I decided to try the kernel
mode pppoe client - and I'm happy to report that it works great.
Downloads from my ISP's FTP site are once again transferring at speeds
in execess of 800KB/s. I only have one desktop machine (which runs
Debian GNU/Linux) hooked up to my OpenBSD box here and so it was trivial
to set mtu's to 1492 on the desktop machine as well as on the internal
interface on the OpenBSD machine. Once I did that then, the transfers,
instead of briefly stopping once every 5 seconds or so, came down
solidly. i.e without any breaks or pauses.

Re: [slightly OT] Zaurus -- to buy or not to buy?

[Richard P. Koett]

Can anyone recommend a Zaurus vendor for Canadian buyers?

Thx,
RPK.

Re: [slightly OT] Zaurus -- to buy or not to buy?

[Marcos Latas]

On 6/1/05, Dave Feustel <[EMAIL PROTECTED]> wrote:
> On Wednesday 01 June 2005 12:06 pm, Matthias Kilian wrote:
> > On Wed, Jun 01, 2005 at 03:39:29PM +0200, Johan M:son Lindman wrote:
> > > Yes, it certainly is worth it.
> > > Also worth noting is the very fast delivery and excellent service you get 
> > > by
> > > Wim.
> >
> > That's true. After Marc's and Chris' allready convinced me, I ordered
> > it this morning, and Wim allready wrote that he'll ship it tomorrow.
> >
> > Thank you all for your quick answers.
> >
> > Ciao,
> >   Kili
> 
> Is there a wim webpage or other contact info?
> 
> Thanks,
> Dave Feustel
> 
> 

www.kd85.com

Re: [slightly OT] Zaurus -- to buy or not to buy?

[Matthias Kilian]

On Wed, Jun 01, 2005 at 02:34:32PM -0500, Dave Feustel wrote:
> Is there a wim webpage or other contact info?

www.kd85.com

EU orders (https://https.openbsd.org/cgi-bin/order.eu) are also
handled by Wim.

Ciao,
Kili

ps: https.openbsd.org seems to have some problems (Internal Server
Error) right now. Bob@, if you read this, please have a look at
your server..

Re: [slightly OT] Zaurus -- to buy or not to buy?

[Dave Feustel]

On Wednesday 01 June 2005 12:06 pm, Matthias Kilian wrote:
> On Wed, Jun 01, 2005 at 03:39:29PM +0200, Johan M:son Lindman wrote:
> > Yes, it certainly is worth it.
> > Also worth noting is the very fast delivery and excellent service you get 
> > by 
> > Wim.
> 
> That's true. After Marc's and Chris' allready convinced me, I ordered
> it this morning, and Wim allready wrote that he'll ship it tomorrow.
> 
> Thank you all for your quick answers.
> 
> Ciao,
>   Kili

Is there a wim webpage or other contact info?

Thanks,
Dave Feustel

Re: Serial console from sparc to i386?

[Sean Brown]

On June 1, 2005 9:58 am, Mike Sazhin wrote:
> Hello,
>
> I want to try sparc with OpenBSD and see if it is useful for what I do. I
> do not have a monitor or keyboard that can go with it so I hope to be able
> to install using a serial console. I have done this on i386 to i386. Now I
> want to
> know if (with the proper cable, and what kind might it be?) it is possible
> to run a serial console on the sparc and control it from an i386. Or are
> the two systems so different that that is impossible? Are there any other
> ways to install OpenBSD without monitor/keyboard?
>
> Thanks,
> Mike
>
> PS This is the system I have if it makes a difference:
>
> Sun ULTRA 1 Creator 3D UltraSPARC 167MHz 128MB RAM

You need a null modem cable and set your terminal emulator to 9600 8N1. Start 
the system without a keyboard attached and it will default to using Serial A 
as the console device. Be careful exiting whatever terminal emulator you 
decide to use as they may send a break to the system which would cause it to 
drop to the ok prompt.

Its really quite simple.

trouble installing evolution-1.2

[Michael + Marilynn Endsley]

Hi all.
I just installed 3.7 on this machine and all went well. 
I have been having trouble installing evolution either as package or port. 
The port wouldn't build and I have used pkg_add, pkg_delete, and then pkg_add 
again. 
The program starts, but on the second screen (Evolution Setup Assistant), the 
only button available to click is "None". When I click on it to change to 
pop, the program crashes. 
I have evolution on another openbsd system (3.5) and it runs fine. 
btw- after doing a pkg_delete of evolution and the data-server, I do delete 
all the gconf/evolution/etc files/directories in my home directory. 
I have used 2 different sites (rt.fm and openbsd.org) to install from and I 
get the same problem.
I have searched google, marc, monkeys, etc but no help :( 
I run evolution on my linux boxes, freebsd, and as stated my other openbsd 
systems with no problems at all so I am assuming it is something related to 
3.7?
What can I try next?
Thanks.Mike

ps- thanks to all you openbsd developers. I am enjoying 3.7!  :)

Re: OpenBSD VPN

[MikeM]

On 6/1/2005 at 11:30 AM Bruce Marriner wrote:

|Thank you everyone for the wonders of information.  I have read the
|vpn man page - along with all the other ipsec man pages.   Apparently I'm
|not quite as brilliant as everyone here and those resources did not quite
|answer all my questions.  Sorry for disturbing you all in hopes there was
a
|good sound how-to out there somewhere - thinking someone here might know
of
|it's where abouts.
|
|   The OpenBSD documentation I was talking about - and saying there was
"no
|support" for - At one point the openbsd website had a faq on VPN's which
is
|no longer maintained because they did not have anyone to keep it up to
|date.
|
|The link - used to be http://www.openbsd.org/faq/faq13.html but that's now
|something totally different.  Anyhow - thanks a ton.
|
 =


Maybe this may help
http://www.drijf.net/vpn/

Re: OpenBSD VPN

[Brandon Mercer]

Bruce Marriner wrote:

>   Thank you everyone for the wonders of information.  I have read the
>vpn man page - along with all the other ipsec man pages.   Apparently I'm
>not quite as brilliant as everyone here and those resources did not quite
>answer all my questions.  Sorry for disturbing you all in hopes there was a
>good sound how-to out there somewhere - thinking someone here might know of
>it's where abouts.
>
>  
>
Dude, come on, there are samples in /usr/share/ipsec/isakmpd for setting
up a simple endpoint to endpoint VPN... you only have to change two
lines and copy the files into the proper directory. 
Brandon

Re: OpenBSD VPN

[Tony Sarendal]

On Wednesday 01 June 2005 17:30, Bruce Marriner wrote:
>   Thank you everyone for the wonders of information.  I have read the
> vpn man page - along with all the other ipsec man pages.   Apparently I'm
> not quite as brilliant as everyone here and those resources did not quite
> answer all my questions.  Sorry for disturbing you all in hopes there was a
> good sound how-to out there somewhere - thinking someone here might know of
> it's where abouts.
>

What questions were not answered ?

-- 
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-

Re: FW: Attachment restriction

[Bryan Irvine]

A postfix issue is offtopic and you probably want to post this on a
postfix mailing list.  But I'd check the config files for attachment
limitations.  (main.cf IIRC).


--Bryan


On 6/1/05, John Marten <[EMAIL PROTECTED]> wrote:
> After rebooting our 3.6 OBSD server my users started complaining about
> restrictions in mail attachments.
> Appearantly anything over 15mg gets (timed out?) or otherwise does not
> go out. We use Postfix and pop3d.
> If you have heard of this happening before, or it has happened to you
> let me know. I've included my dmesg
> if that helps. Thanks.
> _
> John F. Marten III
> Information Technology Specialist
> Balzhiser & Hubbard Engineers
> CI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub2: 2 ports with 2 removable,
> self powered
> auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x30: irq
> 12
> ac97: codec id 0x56494161 (VIA Technologies VT1612A)
> ac97: codec features
> headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
> audio0 at auvia0
> vr0 at pci0
> dev 18 function 0 "VIA RhineII-2" rev 0x70: irq 5 address 00:07:95:fd:da:05
> ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface
> ukphy0: OUI 0x004063,
> model 0x0032, rev. 0
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0:
> console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0:
> 
> sysbeep0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> it0 at isa0
> port 0x290/8: IT87
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at
> isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq
> 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask ef4d
> netmask ef6d ttymask efef
> pctr: user-level cycle counter enabled
> dkcsum: wd0
> matched BIOS disk 80
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302
> syncing disks... done
> rebooting...
> OpenBSD 3.6 (GENERIC) #59: Fri Sep 17
> 12:32:57 MDT 2004
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R)
> Pentium(R) 4 CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACP
> I,MMX,FXSR,SSE,SSE2,SS,HTT,TM
> real mem  = 234397696 (228904K)
> avail mem =
> 207007744 (202156K)
> using 2886 buffers containing 11821056 bytes (11544K) of
> memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 01/21/02,
> BIOS32 rev. 0 @ 0xfdad0
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on,
> battery charge unknown
> pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> pcibios0:
> PCI IRQ Routing Table rev 1.0 @ 0xf7c10/112 (5 entries)
> pcibios0: PCI
> Interrupt Router at 000:17:0 ("VIA VT8366 ISA" rev 0x00)
> pcibios0: PCI bus #1
> is the last bus
> bios0: ROM list: 0xc/0xc000 0xcc000/0x1800 0xcd800/0x4000!
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0
> at pci0 dev 0 function 0 "VIA VT8751 PCI" rev 0x00
> ppb0 at pci0 dev 1 function
> 0 "VIA VT8633 AGP" rev 0x00
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0
> "S3 ProSavage DDR" rev 0x00
> wsdisplay0 at vga1: console (80x25, vt100
> emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> fxp0 at pci0
> dev 11 function 0 "Intel 82557" rev 0x0c: irq 11, address 00:02:b3:a8:3d:48
> inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
> pcib0 at pci0 dev
> 17 function 0 "VIA VT8366 ISA" rev 0x00
> pciide0 at pci0 dev 17 function 1 "VIA
> VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility, channel
> 1 configured to compatibility
> wd0 at pciide0 channel 0 drive 0:  WD200BB-00CFC0>
> wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
> atapiscsi0 at pciide0
> channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun
> 0:  SCSI0 5/cdrom removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> uhci0 at pci0 dev 17 function 2
> "VIA VT83C572 USB" rev 0x1b: irq 11
> usb0 at uhci0: USB revision 1.0
> uhub0 at
> usb0
> uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub0: 2 ports
> with 2 removable, self powered
> uhci1 at pci0 dev 17 function 3 "VIA VT83C572
> USB" rev 0x1b: irq 11
> usb1 at uhci1: USB revision 1.0
> uhub1 at usb1
> uhub1: VIA
> UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub1: 2 ports with 2
> removable, self powered
> uhci2 at pci0 dev 17 function 4 "VIA VT83C572 USB" rev
> 0x1b: irq 11
> usb2 at uhci2: USB revision 1.0
> uhub2 at usb2
> uhub2: VIA UHCI
> root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub2: 2 ports with 2 removable,
> self powered
> auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x30: irq
> 12
> ac97: codec id 0x56494161 (VIA Technologies VT1612A)
> ac97: codec features
> headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
> audio0 at auvia0
> vr0 at pci0
> dev 18 function 0 "VIA RhineII-2" rev 0x70: irq

Re: Serial console from sparc to i386?

[Janne Johansson]

Mike Sazhin wrote:


Hello,

I want to try sparc with OpenBSD and see if it is useful for what I 
do. I do
not have a monitor or keyboard that can go with it so I hope to be 
able to
install using a serial console. I have done this on i386 to i386. Now 
I want to
know if (with the proper cable, and what kind might it be?) it is 
possible

to run a serial console on the sparc and control it from an i386. Or are
the two systems so different that that is impossible? Are there any other
ways to install OpenBSD without monitor/keyboard?

Thanks,
Mike

PS This is the system I have if it makes a difference:

Sun ULTRA 1 Creator 3D UltraSPARC 167MHz 128MB RAM

I've done that, installed an sparc5 with no keyboard, no monitor and 
only a serial null cable to a i386 obsd that handled both netbooting the 
sparc and talking console with it. No problems.

Re: howto clean disks ?

[Dennis Lindahl]

Once information on a digital media has been overwritten, it cannot be
recreated/restored in any lab. All this talk about electron microscopes
and overwriting in multiple passes is just a load of crap derived from
an old DoD standard. It has no practical meaning. One overwrite is
enough. Please let this ugly rumour die :)

/ Dennis

FW: Attachment restriction

[John Marten]

After rebooting our 3.6 OBSD server my users started complaining about
restrictions in mail attachments.
Appearantly anything over 15mg gets (timed out?) or otherwise does not
go out. We use Postfix and pop3d.
If you have heard of this happening before, or it has happened to you
let me know. I've included my dmesg
if that helps. Thanks.
_
John F. Marten III
Information Technology Specialist
Balzhiser & Hubbard Engineers
CI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable,
self powered
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x30: irq
12
ac97: codec id 0x56494161 (VIA Technologies VT1612A)
ac97: codec features
headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
audio0 at auvia0
vr0 at pci0
dev 18 function 0 "VIA RhineII-2" rev 0x70: irq 5 address 00:07:95:fd:da:05
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x004063,
model 0x0032, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0:
console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:

sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0
port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at
isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq
6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ef4d
netmask ef6d ttymask efef
pctr: user-level cycle counter enabled
dkcsum: wd0
matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
syncing disks... done
rebooting...
OpenBSD 3.6 (GENERIC) #59: Fri Sep 17
12:32:57 MDT 2004
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R)
Pentium(R) 4 CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACP
I,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem  = 234397696 (228904K)
avail mem =
207007744 (202156K)
using 2886 buffers containing 11821056 bytes (11544K) of
memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/21/02,
BIOS32 rev. 0 @ 0xfdad0
apm0 at bios0: Power Management spec V1.2
apm0: AC on,
battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0:
PCI IRQ Routing Table rev 1.0 @ 0xf7c10/112 (5 entries)
pcibios0: PCI
Interrupt Router at 000:17:0 ("VIA VT8366 ISA" rev 0x00)
pcibios0: PCI bus #1
is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x1800 0xcd800/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0
at pci0 dev 0 function 0 "VIA VT8751 PCI" rev 0x00
ppb0 at pci0 dev 1 function
0 "VIA VT8633 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0
"S3 ProSavage DDR" rev 0x00
wsdisplay0 at vga1: console (80x25, vt100
emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0
dev 11 function 0 "Intel 82557" rev 0x0c: irq 11, address 00:02:b3:a8:3d:48
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
pcib0 at pci0 dev
17 function 0 "VIA VT8366 ISA" rev 0x00
pciide0 at pci0 dev 17 function 1 "VIA
VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility, channel
1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0
channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun
0:  SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 17 function 2
"VIA VT83C572 USB" rev 0x1b: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at
usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports
with 2 removable, self powered
uhci1 at pci0 dev 17 function 3 "VIA VT83C572
USB" rev 0x1b: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA
UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2
removable, self powered
uhci2 at pci0 dev 17 function 4 "VIA VT83C572 USB" rev
0x1b: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI
root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable,
self powered
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x30: irq
12
ac97: codec id 0x56494161 (VIA Technologies VT1612A)
ac97: codec features
headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
audio0 at auvia0
vr0 at pci0
dev 18 function 0 "VIA RhineII-2" rev 0x70: irq 5 address 00:07:95:fd:da:05
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x004063,
model 0x0032, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0:
console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:

sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0
port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at
isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo

Re: Problems with CPU/ARCH specific compilation!?

[Miod Vallat]

> I don't want to ask OpenBSD.org-developers because they always think
> they are right. I want to have a talk with developing users which have
> experience with compiling to subarchitectures.

As one of the aforementioned developers, who makes mistakes and often
acknowledges them (but not all the time. come on. I am a sick bastard,
right?), I consider this insulting.

Mind you, your problem might simply be that an embedded assembly
construct does not compile correctly if -march=i386 because some 486+
specific code is not wrapped with proper ``#if CPU_486''-like defines.

I don't know if idea is correct, as you did not paste any error
messages. I had added this on my list of ``things to check on a rainy
day''.

But suddenly I don't see the need to research this problem further.

Have a nice day,
Miod

Re: [slightly OT] Zaurus -- to buy or not to buy?

[Matthias Kilian]

On Wed, Jun 01, 2005 at 03:39:29PM +0200, Johan M:son Lindman wrote:
> Yes, it certainly is worth it.
> Also worth noting is the very fast delivery and excellent service you get by 
> Wim.

That's true. After Marc's and Chris' allready convinced me, I ordered
it this morning, and Wim allready wrote that he'll ship it tomorrow.

Thank you all for your quick answers.

Ciao,
Kili

Re: Serial console from sparc to i386?

[Jason Crawford]

As long as you have a null-modem serial cable, SPARC to i386 serial
should work perfectly fine. The Ultra1 (at least the one I have)
defaults to booting to serial console if the monitor is not plugged
in, so I just plug a null-modem serial cable into the serial port on
the back of my U1 into a serial port on the back of an i386 machine
(running OpenBSD), open up tip and then boot the U1. Works better than
booting serial console only on i386 in my opinion.

Jason

On 6/1/05, Mike Sazhin <[EMAIL PROTECTED]> wrote:
> Hello,
> 
> I want to try sparc with OpenBSD and see if it is useful for what I do. I do
> not have a monitor or keyboard that can go with it so I hope to be able to
> install using a serial console. I have done this on i386 to i386. Now I
> want to
> know if (with the proper cable, and what kind might it be?) it is possible
> to run a serial console on the sparc and control it from an i386. Or are
> the two systems so different that that is impossible? Are there any other
> ways to install OpenBSD without monitor/keyboard?
> 
> Thanks,
> Mike
> 
> PS This is the system I have if it makes a difference:
> 
> Sun ULTRA 1 Creator 3D UltraSPARC 167MHz 128MB RAM

Re: OpenBSD VPN

[Bruce Marriner]

Thank you everyone for the wonders of information.  I have read the
vpn man page - along with all the other ipsec man pages.   Apparently I'm
not quite as brilliant as everyone here and those resources did not quite
answer all my questions.  Sorry for disturbing you all in hopes there was a
good sound how-to out there somewhere - thinking someone here might know of
it's where abouts.

   The OpenBSD documentation I was talking about - and saying there was "no
support" for - At one point the openbsd website had a faq on VPN's which is
no longer maintained because they did not have anyone to keep it up to date.

The link - used to be http://www.openbsd.org/faq/faq13.html but that's now
something totally different.  Anyhow - thanks a ton.


-Original Message-
From: Stuart Henderson [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 01, 2005 10:40 AM
To: Bruce Marriner; misc@openbsd.org
Subject: Re: OpenBSD VPN

--On 01 June 2005 08:22 -0500, Bruce Marriner wrote:

> It seems the OpenBSD documentation is blank (due
> to no support).

Oh, c'mon, really... "man vpn".

Re: Problems with CPU/ARCH specific compilation!?

[Anil Madhavapeddy]

On 31 May 2005, at 16:17, Markus Kolb wrote:


[EMAIL PROTECTED] wrote on Tue, May 31, 2005 at 15:13:50 +0200:


Markus Kolb <[EMAIL PROTECTED]> writes:

The OpenBSD mailing lists are for dicussing OpenBSD issues. It has
been repeatedly stated that fiddling with compiler flags is something
that is not done in OpenBSD. Hence, this is not an OpenBSD issue and
should not be dicussed on OpenBSD mailing lists.



Well, if OBSD would done the compiler flagging right then I wouldn't
have to do it myself.
Next I am pretty sure that it is not the fault of GCC but of the  
code in

OBSD. It is quite simple to say it is the fault of someoneelse if you
have no idea what is wrong.


Err, aren't you blaming OpenBSD when you have no idea what is wrong?

Let me get this straight: there's some C code compiled with different  
compiler optimisation options, the resultant code doesn't work, and  
the first thing you do is blame the C code?


You're welcome to track down the bug and submit a PR with a patch.

Re: OpenBSD VPN

[Chris Cameron]

http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/www/faq/faq13.html?rev=1.79&content-type=text/html

Keep in mind it was removed for a reason (I used it successfully though).


Bruce Marriner wrote:

I am trying to setup an OpenBSD <> OpenBSD VPN Tunnel to connect two
remote offices together.   I looked around on Google for a how-to or some
documentation.  It seems the OpenBSD documentation is blank (due to no
support).  And all the how-to's on the Internet seem to reference very old
versions of OpenBSD and none of them that I tried seem to work.   If someone
knows of an up to date how to or some good documentation on how to get this
working I would really appreciate it.  


I want to set up the VPN using manual keying, as from what I have
read it is easier to configure and seems to be just fine for my application.

Re: [A bit OT] KVM recommendation and information on "Compaq EO1004B 8 Port KVM Switch, Part No. 147094-001"

[Stuart Henderson]

--On 01 June 2005 17:08 +0200, Sascha Retzki wrote:


Those thingies don't *really* need OS-support, tho the OS should be
ok with the fact that those KVMs (or at least the two-three I used to
see in action) switch the signals completely "away" from a computer,
thus loosing voltage.


The keyboard and mouse are only attached to one PC at a time, the KVM 
often generates signals to the others.


I don't know if it's a common problem, but I have seen seen FreeBSD on 
an old Belkin OmniView SE where this emulated signal isn't good enough 
for the boot blocks to detect the keyboard (switching to serial 
console, unless configured otherwise).


I haven't tried it with OpenBSD, but it's something to test and be 
aware of (especially if it's in a box which might need to restart 
unattended). If an OS can have problems detecting a KVM-emulated 
keyboard, there's also a chance some obscure BIOS might also have 
problems.


With a mouse there can be some other problems (presumably more likely 
on an older KVM): they don't always work for wheels, and there might 
not be sufficient power for an optical mouse.

Serial console from sparc to i386?

[Mike Sazhin]

Hello,

I want to try sparc with OpenBSD and see if it is useful for what I do. I do
not have a monitor or keyboard that can go with it so I hope to be able to
install using a serial console. I have done this on i386 to i386. Now I 
want to

know if (with the proper cable, and what kind might it be?) it is possible
to run a serial console on the sparc and control it from an i386. Or are
the two systems so different that that is impossible? Are there any other
ways to install OpenBSD without monitor/keyboard?

Thanks,
Mike

PS This is the system I have if it makes a difference:

Sun ULTRA 1 Creator 3D UltraSPARC 167MHz 128MB RAM

Linuxtag June 22 - 25, 2005, Karlsruhe, Germany

[Wim Vandeputte]

Hey,

just a heads up that we'll be at LinuxTag later this month,
http://www.linuxtag.org

June 22 - 25, 2005, Karlsruhe, Germany.

Booth slaves, volunteer at the usual address

By the way, there are a few movies online now of the Hackaton at

http://www.eurobsd.org/2005-hackaton/

Wim.

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: OpenBSD VPN

[Rogier Krieger]

On 6/1/05, Bruce Marriner <[EMAIL PROTECTED]> wrote:
> It seems the OpenBSD documentation is blank
> (due to no support).

There's plenty of documentation available: vpn(8). The man pages are
quite worthwhile. If you really want to see the old FAQ on IPsec, try
Antioffline [1].

What makes you say VPN connections are not supported?

Cheers,

Rogier


References:
1. Antioffline - "13.0 - Using IPsec"
http://www.antioffline.com/ipsec/openbsdipsec.html

-- 
If you don't know where you're going, any road will get you there.

Re: OpenBSD VPN

[MikeM]

On 6/1/2005 at 8:22 AM Bruce Marriner wrote:

|I am trying to setup an OpenBSD <> OpenBSD VPN Tunnel to connect two
|remote offices together.   I looked around on Google for a how-to or some
|documentation.  It seems the OpenBSD documentation is blank (due to no
|support).  And all the how-to's on the Internet seem to reference very old
|versions of OpenBSD and none of them that I tried seem to work.   If
|someone
|knows of an up to date how to or some good documentation on how to get
this
|working I would really appreciate it.  
|
|   I want to set up the VPN using manual keying, as from what I have
|read it is easier to configure and seems to be just fine for my
|application.
 =


(shot in the dark...)

man vpn

Re: OpenBSD VPN

[Sean Knox]

Bruce Marriner wrote:

I am trying to setup an OpenBSD <> OpenBSD VPN Tunnel to connect two
remote offices together.   I looked around on Google for a how-to or some
documentation.  It seems the OpenBSD documentation is blank (due to no
support).  And all the how-to's on the Internet seem to reference very old
versions of OpenBSD and none of them that I tried seem to work.   If someone
knows of an up to date how to or some good documentation on how to get this
working I would really appreciate it.  


blank documentation? hmm, take a look at:

vpn (8)
isakmpd (8)
ipsecadm (8)

Re: OpenBSD VPN

[Stuart Henderson]

--On 01 June 2005 08:22 -0500, Bruce Marriner wrote:


It seems the OpenBSD documentation is blank (due
to no support).


Oh, c'mon, really... "man vpn".

Re: OpenBSD VPN

[eric]

On Wed, 2005-06-01 at 08:22:41 -0500, Bruce Marriner proclaimed...

>   I am trying to setup an OpenBSD <> OpenBSD VPN Tunnel to connect two
> remote offices together.   I looked around on Google for a how-to or some
> documentation.  It seems the OpenBSD documentation is blank (due to no
> support).  And all the how-to's on the Internet seem to reference very old
> versions of OpenBSD and none of them that I tried seem to work.   If someone
> knows of an up to date how to or some good documentation on how to get this
> working I would really appreciate it.  

Amazing: you have it all, right there on your shiny OpenBSD machine.

man 8 vpn
man 4 ipsec
man 8 isakmpd

Re: OpenBSD VPN

[Jason Crawford]

man 8 ipsecadm
man 8 vpn
man 1 openssl (and related man pages in SEE ALSO section)
view /usr/share/ipsec/rc.vpn

Those are the ONLY docs I ever used when I created a big, high-traffic
mesh VPN (7 Firewalls, each had a VPN to the other 6 Firewalls) that
could handle quite a few pps. That's just the docs for manual keying,
there's quite a bit more docs for automatic keying (if that's the
proper term) as well.

The OpenBSD documentation is not blank, and is so good you don't even
need to go online to look at some crappy howto, and this VPN setup is
quite supported.

On 6/1/05, Bruce Marriner <[EMAIL PROTECTED]> wrote:
> I am trying to setup an OpenBSD <> OpenBSD VPN Tunnel to connect two
> remote offices together.   I looked around on Google for a how-to or some
> documentation.  It seems the OpenBSD documentation is blank (due to no
> support).  And all the how-to's on the Internet seem to reference very old
> versions of OpenBSD and none of them that I tried seem to work.   If someone
> knows of an up to date how to or some good documentation on how to get this
> working I would really appreciate it.
> 
> I want to set up the VPN using manual keying, as from what I have
> read it is easier to configure and seems to be just fine for my application.

Re: [A bit OT] KVM recommendation and information on "Compaq EO1004B 8 Port KVM Switch, Part No. 147094-001"

[Sascha Retzki]

On Wed, Jun 01, 2005 at 12:55:45PM +, Adam Gleave wrote:
> I've been looking at KVM's (on eBay mostly, for price reasons :)).
> What I really need is something that:
> 
> 1. Will work on a variety of OS's (Linux, OpenBSD, *BSD, ...anything).

Those thingies don't *really* need OS-support, tho the OS should be ok with
the fact that those KVMs (or at least the two-three I used to see in action)
switch the signals completely "away" from a computer, thus loosing voltage.
This is my opinion what is happening there; however there is the effect
that the mouse needs 1-2 seconds to react on user input after you switched
back and stuff like that.

> OpenBSD being most important :)

There used to be a remark about problems with KVMs on OpenBSD, I cannot find
them anymore, tho. I don't even know if they were fixed, I know there were
problems.

> 2. Will work both graphical and console

They simply switch the cables, they should work with every "layer" on top
of the hardware-layer. However, graphical meaning x11r6, I sometimes had to
switch to a VT and back to X on some unices to make the mouse behave sane
again.

> Also, is there any major problem of connecting a KVM to another KVM.
> That is, say connecting a Belkin omnicube to a variety of computers
> and one other OmniCube KVM which is in turn connected to other
> computers. That might fix my port problem, hmm.

>From my (limited) technical understanding of KVMs, it should work. There
could be of course something I forgot and did not even know. I *think* a
friend of mine drives that setup.. did not meet him in ages, tho, so I can't
really tell ;)

> 
> Thanks!
> 
> -- 
> Adam Gleave
> [ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]

Re: Problems with CPU/ARCH specific compilation!?

[Otto Moerbeek]

On Wed, 1 Jun 2005, Markus Kolb wrote:

> Otto Moerbeek wrote on Wed, Jun 01, 2005 at 08:10:42 +0200:
> > 
> > On Tue, 31 May 2005, Markus Kolb wrote:
> > 
> > > And maybe you should return from anarchy to democracy a little bit.
> > 
> > If have no idea what political term fits best, but OpenBSD is not a
> > democracy. We value some people's opinions more than other people's. 
> 
> I don't belong to OpenBSD as a simple OpenBSD mailing list user. I have
> the right of free speech and it doesn't matter if my speech is valued
> bad or good but there is no basis to request me to stop writing about
> OBSD related which doesn't offend against others rights.

If we feel that certain posts just add noise and nothing else, we say so.

We are developers creating OpenBSD. We offer mailing lists to discuss
OpenBSD related things. You can come and play, but we set the rules.

> If OpenBSD.org guys think it is "bad behavior" to talk about compilation
> limitations of OBSD then it is as oldfashioned as to forbid women to go
> to work.

This is not a moral issue. We just do not want to waste our time on
useless things.

-Otto

OpenBSD VPN

[Bruce Marriner]

I am trying to setup an OpenBSD <> OpenBSD VPN Tunnel to connect two
remote offices together.   I looked around on Google for a how-to or some
documentation.  It seems the OpenBSD documentation is blank (due to no
support).  And all the how-to's on the Internet seem to reference very old
versions of OpenBSD and none of them that I tried seem to work.   If someone
knows of an up to date how to or some good documentation on how to get this
working I would really appreciate it.  

I want to set up the VPN using manual keying, as from what I have
read it is easier to configure and seems to be just fine for my application.

Guidelines for kern.maxfiles and kern.maxvnodes...

[Jeff Ross]

Hi all,

This morning httpd was failing to deliver files because of a "too many open
files" error.  I'd previously bumped kern.maxfiles from the default 1772 to
2048 and kern.maxvnodes from its default 1310 to 2048, so this morning I
doubled them both to 4096.

But I'm just plucking these numbers from air.  Can someone point me in the
general vicinity of a procedure to correctly size these and other
parameters?This is a moderately busy web server, but its load is
increasing.

I saw in the archives that this wpould be a temporary fix unless I brought
the file usage pigs under control.  In our case this morning, the pig was
httpd with over 1200 open files.  Stopping and restarting apache dropped
that down to 168, but in the last hour that number had already grown to
324.  I'm headed to the apache docs to see if I can figure out how to keep
apache under control, but any pointers there would be greatly appreciated,
too.

Thanks,

Jeff Ross


dmesg:

OpenBSD 3.7-current (GENERIC) #34: Sat May  7 19:59:47 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 2.66GHz ("GenuineIntel" 686-class) 2.67 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 2147000320 (2096680K)
avail mem = 1953169408 (1907392K)
using 4278 buffers containing 107454464 bytes (104936K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/04/03, BIOS32 rev. 0 @ 0xf0010
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2fb0/256 (14 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2480
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9800/0x800 0xca000/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7501 MCH Host" rev 0x01
ppb0 at pci0 dev 2 function 0 "Intel E7500 MCH" rev 0x01
pci1 at ppb0 bus 1
"Intel 82870P2 IOxAPIC" rev 0x04 at pci1 dev 28 function 0 not configured
ppb1 at pci1 dev 29 function 0 "Intel 82870P2 PCI-PCI" rev 0x04
pci2 at ppb1 bus 2
em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82545EM)" rev 0x01: irq 10,
address: 00:e0:81:28:e9:71
"Intel 82870P2 IOxAPIC" rev 0x04 at pci1 dev 30 function 0 not configured
ppb2 at pci1 dev 31 function 0 "Intel 82870P2 PCI-PCI" rev 0x04
pci3 at ppb2 bus 3
ahc1 at pci3 dev 3 function 0 "Adaptec AHA-29160 U160" rev 0x02: irq 10
scsibus0 at ahc1: 16 targets
st0 at scsibus0 targ 6 lun 0:  SCSI3
1/sequential removable
st0: drive empty or not ready
twe0 at pci3 dev 6 function 0 "3ware Escalade IDE RAID" rev 0x01: irq 10
twe0: Escalade V1.3
scsibus1 at twe0: 16 targets
sd0 at scsibus1 targ 0 lun 0: <3WARE, Host drive #00, > SCSI2 0/direct fixed
sd0: 117799MB, 15017 cyl, 255 head, 63 sec, 512 bytes/sec, 241252672 sec
total
sd1 at scsibus1 targ 2 lun 0: <3WARE, Host drive #02, > SCSI2 0/direct fixed
sd1: 117799MB, 15017 cyl, 255 head, 63 sec, 512 bytes/sec, 241252672 sec
total
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801CA/CAM USB" rev 0x02: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801CA/CAM USB" rev 0x02: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x42
pci4 at ppb3 bus 4
fxp0 at pci4 dev 1 function 0 "Intel 82557" rev 0x10, i82550: irq 5,
address 00:e0:81:28:e9:70
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci4 dev 2 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp1 at pci4 dev 3 function 0 "Intel 82557" rev 0x05, i82558: irq 11,
address 00:90:27:2a:33:a6
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CA LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801CA IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 1
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: <_NEC, DVD+RW ND-1100A, 1.A0> SCSI0 5/cdrom
removable
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
"Intel 82801CA/CAM SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at p

Re: Problems with CPU/ARCH specific compilation!?

[Marco Peereboom]

On Jun 1, 2005, at 1:10 AM, Otto Moerbeek wrote:


On Tue, 31 May 2005, Markus Kolb wrote:



And maybe you should return from anarchy to democracy a little bit.





Maybe a Theocracy, ask bob :-)


If have no idea what political term fits best, but OpenBSD is not a
democracy.


It's mostly a meritocracy.


We value some people's opinions more than other people's.


All men are created equal, some are just more equal than others.

Markus Kolb is not very equal even though he really thinks he is  
entitled to.

Re: howto clean disks ?

[Johan P . Lindström]

Thanks Tim!, that was the link I was grepping for at wikipedia, my
memory seems to be good but short... =)


On 6/1/05, Timothy Donahue <[EMAIL PROTECTED]> wrote:
> On Wednesday 01 June 2005 08:06 am, Johan P. Lindstrvm wrote:
> > The military (at least in Sweden) bakes a Trotyl / Pentyl cake with
> > the drives as stuffing, don't know if that would change the magnetic
> > properties but most likely make the process of collecting/organizing
> > the pieces of the same drive quite labourious.
> >
> > I read an article on encasing your drives with Magnesium and
> > Aluminium-Oxide and hook it up to the power supply through some
> > programmable circut to remotely melt your drives, this would create a
> > plasma at some 3000+ Celcius. Cant seem to find it again though...
> >
> > http://en.wikipedia.org/wiki/Plasma
> > http://en.wikipedia.org/wiki/Exothermic_reaction
> >
> 
> You are might be thinking about using something like thermite.  (Please note
> that thermite is dangerous stuff to play with because it does reach around
> 3000 C.)  An oxy-acetyleme torch would be just as effective and a whole lot
> safer.
> 
> http://en.wikipedia.org/wiki/Thermite
> 
> Tim Donahue

Re: ifconfig not showing ipv6 peer addr on 3.7

[Eric Faurot]

On 6/1/05, Brad <[EMAIL PROTECTED]> wrote:

> IPv6 with ppp does not work at the moment.

Just in case that "breakage" was not intentional, but a side-effect of other
changes in ppp, I can report that it used to work on 3.6. I had to
apply this diff
http://archives.neohapsis.com/archives/openbsd/2004-11/2880.html
to actually get packets from the interface, but it IPV6CP worked and
ifconfig showed the peer address correctly even without the patch.

Eric.

Root on RAID and kernel dumps

[John Wright]

If you've configured a root on raid system where will the kernel try to dump
to if it panics?

I have followed the raidctl root on raid sample setup which means I have a
number of raid?a partitions and hence do not have a raid0b to match my
raid0a root device.

Is it possible to find out the dumpdev is set to for a running kernel and
is there an interface to SWAP_DUMPDEV yet? -- I imagine I will have to
compile with a specific config... dumps on x configuration otherwise.

Re: [slightly OT] Zaurus -- to buy or not to buy?

[Johan M:son Lindman]

On Tuesday 31 May 2005 23.11, Matthias Kilian wrote:
> Hi,
>
> reading the OpenBSD mailinglists, undeadly.org and several stories
> and interviews on kerneltrap.org, I'm increasingly tempted to order
> a Zaurus C3000 from Wim. It's really difficult to resist ;-)
>
> However, I wonder wether this device *really* worth 800 bucks.

Yes, it certainly is worth it.
Also worth noting is the very fast delivery and excellent service you get by 
Wim.

> So, here are some questions (all with running OpenBSD on it in mind):
>
> - Power consumption: how long last the batteries on "normal" use
>   (editing with vi(1) here, ssh'ing there, read/write some mails,
>   ksh'ing around)? What about compiling and testing?
>
> - Performance: how does it "feel"? Again, "normal" use -- I don't have to
>   compile kernels in my pocket ;-)

Feels very good, I used to have a Psion 5 MX and this device has the same kind 
of solid and thorough sense of quality to it.

> - What about console and/or xterm(1) output speed? In case console
>   output is slow, would X11 be a *serious* option (wrt memory/cpu
>   usage)?

I've had some problems, Fvwm2 works just dandy, however trying to run IceWM it 
core:s on me. That may be because I've a bit out of synch -current right now 
though. While in X things may get a bit 'slow' at times (with dillo and say 
six or seven xterms  and a port or two compiling in the background) but it's 
certainly nothing that bothers me .

> - Keyboard: it's a little bit small (of course). What's your experience
>   using it?

The keyboard has a very good feel to it, the best part is it works well both 
as a thumb keyboard when you're actually walking around and as a (well...) 
touch type keyboard when you're sitting down.

> - If on allready has a notebook, would it be silly to order a C3000?

I work as a NOC monkey so this is the best device I could ever get.

It's such a relief not having to bring a big beefy laptop everytime shit hits 
the fan and you need to get on the console of that cisco or server which you 
haven't yet strapped on a console server, I just plug in my uplcom(4) and 
have console access right there.


Regards
Johan M:son

Re: Problems with CPU/ARCH specific compilation!?

[Joel Dinel]

On 6/1/05, Markus Kolb <[EMAIL PROTECTED]> wrote:
> I don't belong to OpenBSD as a simple OpenBSD mailing list user. I have
> the right of free speech and it doesn't matter if my speech is valued
> bad or good but there is no basis to request me to stop writing about
> OBSD related which doesn't offend against others rights.
> 
> If OpenBSD.org guys think it is "bad behavior" to talk about compilation
> limitations of OBSD then it is as oldfashioned as to forbid women to go
> to work.

Except that the misc@ mailing list is hosted on hardware that
*belongs* to the OpenBSD project (mostly). Using bandwidth that
belongs to ... Yep, the OpenBSD project. You're using the OpenBSD
project's time, bandwidth, and hard disk space. You have no rights
here. It's a privilege to be able to post here. If a staff member
tells you that you're wasting both your time and theirs, then that's
the end of it. The misc@ operators are within their rights to ban you
from this list. Just consider yourself lucky that it hasn't occured
yet.

Re: howto clean disks ?

[Timothy Donahue]

On Wednesday 01 June 2005 08:06 am, Johan P. Lindstrvm wrote:
> The military (at least in Sweden) bakes a Trotyl / Pentyl cake with
> the drives as stuffing, don't know if that would change the magnetic
> properties but most likely make the process of collecting/organizing
> the pieces of the same drive quite labourious.
>
> I read an article on encasing your drives with Magnesium and
> Aluminium-Oxide and hook it up to the power supply through some
> programmable circut to remotely melt your drives, this would create a
> plasma at some 3000+ Celcius. Cant seem to find it again though...
>
> http://en.wikipedia.org/wiki/Plasma
> http://en.wikipedia.org/wiki/Exothermic_reaction
>

You are might be thinking about using something like thermite.  (Please note 
that thermite is dangerous stuff to play with because it does reach around 
3000 C.)  An oxy-acetyleme torch would be just as effective and a whole lot 
safer.

http://en.wikipedia.org/wiki/Thermite

Tim Donahue

Re: Problems with CPU/ARCH specific compilation!?

[Stuart Henderson]

--On 01 June 2005 14:30 +0200, Markus Kolb wrote:


If OpenBSD.org guys think it is "bad behavior" to talk about
compilation limitations of OBSD then it is as oldfashioned as to
forbid women to go to work.


Like every project there are limited resources. There are some shared 
goals listed on , none of which seem 
to really apply here.


OpenBSD works pretty well on 486-class systems without compiler flags, 
and if you need a system that's a bit faster, well, you can probably 
get one for the asking ... so what's the point in spending days, weeks, 
or months of work to gain a little more performance out of an old CPU? 
Especially when there's so much more interesting and useful work that 
could be done?


Of course, if you were to track down the problem, I'm sure you'd get a 
better reception...


, hit #1

Re: Problems with CPU/ARCH specific compilation!?

[Brad]

On Wed, Jun 01, 2005 at 02:30:17PM +0200, Markus Kolb wrote:
> Otto Moerbeek wrote on Wed, Jun 01, 2005 at 08:10:42 +0200:
> > 
> > On Tue, 31 May 2005, Markus Kolb wrote:
> > 
> > > And maybe you should return from anarchy to democracy a little bit.
> > 
> > If have no idea what political term fits best, but OpenBSD is not a
> > democracy. We value some people's opinions more than other people's. 
> 
> I don't belong to OpenBSD as a simple OpenBSD mailing list user. I have
> the right of free speech and it doesn't matter if my speech is valued
> bad or good but there is no basis to request me to stop writing about
> OBSD related which doesn't offend against others rights.
> 
> If OpenBSD.org guys think it is "bad behavior" to talk about compilation
> limitations of OBSD then it is as oldfashioned as to forbid women to go
> to work.

There are no "compilation limitations" of OBSD. There are GCC bugs though.
If all you want to do is whine like some clueless asshole who thinks he
knows what he's talking about but in reality doesn't, then just please go
away.

Re: ifconfig not showing ipv6 peer addr on 3.7

[Brad]

On Wed, Jun 01, 2005 at 11:20:31AM +0200, Eric Faurot wrote:
> When using ppp on 3.7 with IPV6CP, ifconfig does not show the peer
> ipv6 address on the local link, although it should be there.
> 
>   $ ifconfig tun0 inet6 
>   tun0: flags=8010 mtu 1500
>   inet6 fe80::502a:8671%tun0 ->  prefixlen 64 scopeid 0x6
> 
> whereas in ppp, after dial:
> 
>   ppp ON myhost> show iface
>   tun0 (idx 6)  mtu 1500 has 2 addresses:
>   inet  -->  netmask 0x
>   inet6 fe80::502a:8671 --> fe80::203:feff
> 
> I looked a bit into ifconfig.c and I noted that on line 2234, the
> ioctl call does not fail, but the resulting ifr_addr is empty (len=0,
> family=0). It definitely worked on 3.6.
> 
> Eric.

IPv6 with ppp does not work at the moment.

Re: Problems with CPU/ARCH specific compilation!?

[Markus Kolb]

Shane J Pearson wrote on Wed, Jun 01, 2005 at 15:49:55 +1000:
> Markus,
> 
> On 01/06/2005, at 1:17 AM, Markus Kolb wrote:
> >
> >Well, if OBSD would done the compiler flagging right then I wouldn't
> >have to do it myself.
> 
> I believe OpenBSD has done it right. The official stance is that they
> won't support many different custom systems, just to let people blindly
> tinker with options which have shown to get little performance boost.

At least not in the ports. And although the reponsibility is something
else, the conclusion that there might be problems in core is fair.

> You have come in here, asked a FAQ, received the standard answer and
> think you know better than the developers? If you want to push buttons,

I don't want to ask OpenBSD.org-developers because they always think
they are right. I want to have a talk with developing users which have
experience with compiling to subarchitectures.

Next I have asked a FAQ because the answer is nearly as old as OBSD and
an unobjective evasion.

Re: howto clean disks ?

[Diana Eichert]

On Wed, 1 Jun 2005, Anthony Roberts wrote:

> The 'dd' way is good enough unless someone is willing to to tear the
> drive apart in a lab.

Items required for "sure fire" disk cleaning methodology.

qty. 1 hard drive to clean
qty. 1 high velocity military rifle
I usually use a .223 round, but other parts of the world may prefer
.308(7.62x51) or 7.62x54.
qty. what number of rounds you feel like of previously described firearm

place drive in front of dirt embankment
position yourself ~100'/30M (you want to get some practice in don't
you?)from the target, hrrrm, drive.
begin target practice, hrrrm, drive cleaning, until drive is thoroughly
destroyed, hrrrm, cleaned.
retrieve spent brass ( you do reload don't you?), hrrrm, drive cleaning
materials

(this next step is optional depending on how environmentally conscious you
are)
pick up remains of target, hrrrm, cleaned hard drive and dispose of
properly.

remember, always thoroughly clean your firearm, hrrrm, drive cleaning tool
after use.

there, that should do it

diana

Re: howto clean disks ?

[Timothy Donahue]

On Wednesday 01 June 2005 03:28 am, Matt Phillips wrote:
> If you are truly paranoid use DBAN,  which is short for Darin's Boot and
> Nuke.  IMO it is the best disk wiping tool out there.  It gives you a
> couple different wiping methods to choose from, including the one used
> by the US DoD.  You can also specify how many passes it makes.

I'm sick of people passing on this US DoD standard as a fact.  The true US DoD 
standard states that it DOES NOT make the drive safe for reuse unless it will 
be used to store data of equal or greater security rating.  If the drive is 
no longer useful, after running this "wipe" the drive platters are destroyed.   

> According to the website, DBAN is used by the US Dept of Energy and the
> National Nuclear Security Administration, which ain't bad. 

It may be, before the drives are reused internally for an equally or more 
secure project.  Or just before the get thrown into the incinerator.

Tim Donahue

[A bit OT] KVM recommendation and information on "Compaq EO1004B 8 Port KVM Switch, Part No. 147094-001"

[Adam Gleave]

I've been looking at KVM's (on eBay mostly, for price reasons :)).
What I really need is something that:

1. Will work on a variety of OS's (Linux, OpenBSD, *BSD, ...anything).
OpenBSD being most important :)
2. Will work both graphical and console
3. Ok signal
4. 8 ports

I'm looking at two KVM's in particuluar:

1. A Belkin OmniCube 4 port F1D024. Seems fine for my usage, except
for number of ports.
2. Compaq EO1004B 8 Port Part No. 147094-001

Anyone have experience with these / any other recommendations?

Also, is there any major problem of connecting a KVM to another KVM.
That is, say connecting a Belkin omnicube to a variety of computers
and one other OmniCube KVM which is in turn connected to other
computers. That might fix my port problem, hmm.

Thanks!

-- 
Adam Gleave
[ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]

Re: Problems with CPU/ARCH specific compilation!?

[Diana Eichert]

On Wed, 1 Jun 2005, Markus Kolb wrote:
SNIP
> If OpenBSD.org guys think it is "bad behavior" to talk about compilation
> limitations of OBSD then it is as oldfashioned as to forbid women to go
> to work.

women work?

damn, and I thought all I was good for was cleaning house, making babies
oh yeah and sexual satisfaction for the lessor of the species.

where are my priorities?

go back to being a Gentoo "ricer"

diana

Re: SGI hardware options for OpenBSD 3.7

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Miod Vallat
> Sent: Wednesday, June 01, 2005 6:28 AM
> To: Dustin Lundquist
> Cc: misc
> Subject: Re: SGI hardware options for OpenBSD 3.7
> 
> > assume the sgi port for OpenBSD is build for MIPS IV (R5000+), this
> > would prevent it from running on R4000/R4400 Ind(y|igo[2])s. IIR the
> > R4000 and higher (MIPS III) are 64bit capable CPUs and could
probably be
> > supported with relative ease. I have an older Indy (R4x00) I will
donate
> > if someone wants to add support for the Ind(y|ingo2).
> 
> I have plans to work on 64-bit support for R4k Indy & Indigo2 sometime
> in the future, but I have more important real-life issues to solve
> first.
> 
> Miod

I have an Indigo Elan if anyone wants it.  It needs a new hardware clock
battery.

Re: Getting Yesterday's Date (Repost due to error)

[March, Harold W.]

I use GNU gdate myself. Look for sh-utils in packages.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
MikeM
Sent: Tuesday, May 31, 2005 8:54 AM
To: Timothy A. Napthali; misc@openbsd.org
Subject: Re: Getting Yesterday's Date (Repost due to error)
Importance: Low


On 5/31/2005 at 8:22 AM Timothy A. Napthali wrote:

|Sorry for previous version of this post. I sent it accidentally before I
|was finished.
| 
|In Linux I was able to do this:
| 
|date +%Y%m%d -d "-1 day
|
|Which would give yesterdays date as 20050530
|
|How can I do this in OpenBSD? I've mucked about with date -r $(expr
|$(date +%d) - 86400) but I can't get it to work properly.
 =

This may help

http://www.unixreview.com/documents/s=9020/ur0401d/ur0401d_script.htm

Re: wsconsctl stops mouse

[Miod Vallat]

> When I run 'wsconsctl -a' the mouse stops to work
> both under console and X.
> I receive this message:
>  wsmouse_input: evar->q=NULL
> When I kill wsmouse or X, I receive:
>  wsevent_fini: already invoked

This should fix it.

Miod

Index: wsmouse.c
===
RCS file: /cvs/src/sys/dev/wscons/wsmouse.c,v
retrieving revision 1.15
diff -u -p -r1.15 wsmouse.c
--- wsmouse.c   2005/05/18 21:31:27 1.15
+++ wsmouse.c   2005/06/01 12:31:27
@@ -506,6 +506,9 @@ wsmouseclose(dev_t dev, int flags, int m
(struct wsmouse_softc *)wsmouse_cd.cd_devs[minor(dev)];
struct wseventvar *evar = sc->sc_base.me_evp;
 
+   if ((flags & (FREAD | FWRITE)) == FWRITE)
+   return (0); /* see wsmouseopen() */
+
if (evar == NULL)
/* not open for read */
return (0);

Re: Problems with CPU/ARCH specific compilation!?

[Markus Kolb]

Otto Moerbeek wrote on Wed, Jun 01, 2005 at 08:10:42 +0200:
> 
> On Tue, 31 May 2005, Markus Kolb wrote:
> 
> > And maybe you should return from anarchy to democracy a little bit.
> 
> If have no idea what political term fits best, but OpenBSD is not a
> democracy. We value some people's opinions more than other people's. 

I don't belong to OpenBSD as a simple OpenBSD mailing list user. I have
the right of free speech and it doesn't matter if my speech is valued
bad or good but there is no basis to request me to stop writing about
OBSD related which doesn't offend against others rights.

If OpenBSD.org guys think it is "bad behavior" to talk about compilation
limitations of OBSD then it is as oldfashioned as to forbid women to go
to work.

Re: Minor patch to afterboot manpage

[Walter Goulet]

On Tue, May 31, 2005 at 10:41:38PM -0500, Walter Goulet wrote:
 >> Hi,
 >>
 >> I've recenly installed OpenBSD 3.7 on my Zaurus C3000. While perusing
 >> the afterboot manpage to figure out how to configure my system, I
 >> noticed that the manpage indicated that the /etc/rc.conf.local file was
 >> referred to before the manpage stated that the user had to create 
this file.
 >>
 >> So this patch adds a small paragraph instructing the user to create 
this
 >> file immediately after the root password and system date are set. I
 >> think this makes the page read better and avoids the user referring to
 >> this file before it is created.
 >>

 > hi, i did not take the patch, but decided to put the sections of
 > afterboot(8) into a more logical order (i hope).

 > thanks for the report though. please use unified diffs (diff -u) next
 > time.

 > jmc

Hi,

I took a look at the updated manpage; I agree that it now reads more 
logically and avoids the issue I noticed.

Thanks for the quick update!

Walter

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: howto clean disks ?

[Johan P. Lindström]

The military (at least in Sweden) bakes a Trotyl / Pentyl cake with
the drives as stuffing, don't know if that would change the magnetic
properties but most likely make the process of collecting/organizing
the pieces of the same drive quite labourious.

I read an article on encasing your drives with Magnesium and
Aluminium-Oxide and hook it up to the power supply through some
programmable circut to remotely melt your drives, this would create a
plasma at some 3000+ Celcius. Cant seem to find it again though...

http://en.wikipedia.org/wiki/Plasma
http://en.wikipedia.org/wiki/Exothermic_reaction

- yo-han

On 6/1/05, Nick Holland <[EMAIL PROTECTED]> wrote:
> Shane J Pearson wrote:
> > Hi Anthony,
> >
> > On 01/06/2005, at 4:01 PM, Anthony Roberts wrote:
> >
> >> The 'dd' way is good enough unless someone is willing to to tear the
> >> drive apart in a lab.
> >
> > I think this depends on how you use dd though. If you just do a single
> > pass of zeroes, but fear someone will mount a multi million dollar
> > electron microscope forensic analysis, then yeah, that might not be
> > enough. But write from /dev/urandom with dd multiple times to the disk
> > and you should be okay even with that extreme case.
> >
> > If I were worried about open-drive analysis of the drive I want to
> > clean, then I'd be physically destroying the drive also. Put it in a
> > kiln, get the oxy torch into it, etc.
> 
> If loading the drives with a single pass of zeros isn't good enough for
> your application, forget /dev/urandom or multiple passes or any other
> technique, and just physically destroy the drive.  If you are really
> concerned someone might extract data after a zeroing of the drive,
> handing the drive over to anyone else in usable form is just silly.
> 
> 
> A while back, I modified an OpenBSD boot CD so it would do exactly this
> -- upon boot, it would dd /dev/zero over the first two wd devices, and
> the first two sd devices.  No prompt, no warning, nothing.  Boot the
> disk, kiss your data goodbye.  It was designed to quickly and reasonably
> securely render the data on a bunch of old computers inaccessable with
> minimal intervention, before removing them from the donator's office.
> All the tools are on the boot CDs (and floppies) already.
> 
> It turned out that when doing 4G IDE drives, I could have about four
> machines wiping at the same time in a non-ideal setting, by the time the
> fourth one was started, the first one was done.
> 
> I labeled it in big, scary print, and try to keep track of where it is.
>  So far, it has only claimed one innocent system by accident ("Hey, why
> is this machine booting OpenBSD...Oh sh*t..dang, too late")
> 
> Nick.

Re: wsconsctl stops mouse

[Miod Vallat]

> When I run 'wsconsctl -a' the mouse stops to work
> both under console and X.
> I receive this message:
>  wsmouse_input: evar->q=NULL
> When I kill wsmouse or X, I receive:
>  wsevent_fini: already invoked

I confirm the problem, I'll try to fix it ASAP when I am back home this
week-end. Sorry for the inconvenience.

Miod

Re: Minor patch to afterboot manpage

[Uwe Dippel]

On Tue, 31 May 2005 22:41:38 -0500, Walter Goulet wrote:


> I've recenly installed OpenBSD 3.7 on my Zaurus C3000. While perusing 
> the afterboot manpage to figure out how to configure my system, I 
> noticed that the manpage indicated that the /etc/rc.conf.local file was 
> referred to before the manpage stated that the user had to create this file.

This is a good idea.
IMHO there could be more like that; but now people will jump at me;
because they rather stay off mainstream ... ?

I'd personally even have /etc/rc.conf.local in /etc/ at install, with a
small comment on top and an upgrade script just ignoring it when it exists
in the earlier version. If I was in beauty, I made something similar for
rc.local; because I always have to scroll down (had, that is) fearing to
touch something, so I also start by copying the files to files.orig. I
prefer those rc.* compared to SysV !

Another, minor, item: Not doing this each day, I always need to look up
the syntax: YES compared to "". And the new ntpd - setup at install - does
ntpd_flags= 
Some 'standard' would be fine for non-professionals like myself.

One day after retirement, I'd even write an 'afterboot' script; asking
about ssh protocol version and RootLogin; as well as the three aliases,
etc. 
I also have to look up the fstab entry for ALTROOT regularly; adduser.conf;
 and so on and so forth.
I am sure that would make it easier for everyone newbie including myself
to get started.

2 Sen,

Uwe

Re: howto clean disks ?

[Nick Holland]

Shane J Pearson wrote:
> Hi Anthony,
> 
> On 01/06/2005, at 4:01 PM, Anthony Roberts wrote:
> 
>> The 'dd' way is good enough unless someone is willing to to tear the
>> drive apart in a lab.
> 
> I think this depends on how you use dd though. If you just do a single
> pass of zeroes, but fear someone will mount a multi million dollar
> electron microscope forensic analysis, then yeah, that might not be
> enough. But write from /dev/urandom with dd multiple times to the disk
> and you should be okay even with that extreme case.
> 
> If I were worried about open-drive analysis of the drive I want to
> clean, then I'd be physically destroying the drive also. Put it in a
> kiln, get the oxy torch into it, etc.

If loading the drives with a single pass of zeros isn't good enough for
your application, forget /dev/urandom or multiple passes or any other
technique, and just physically destroy the drive.  If you are really
concerned someone might extract data after a zeroing of the drive,
handing the drive over to anyone else in usable form is just silly.


A while back, I modified an OpenBSD boot CD so it would do exactly this
-- upon boot, it would dd /dev/zero over the first two wd devices, and
the first two sd devices.  No prompt, no warning, nothing.  Boot the
disk, kiss your data goodbye.  It was designed to quickly and reasonably
securely render the data on a bunch of old computers inaccessable with
minimal intervention, before removing them from the donator's office.
All the tools are on the boot CDs (and floppies) already.

It turned out that when doing 4G IDE drives, I could have about four
machines wiping at the same time in a non-ideal setting, by the time the
fourth one was started, the first one was done.

I labeled it in big, scary print, and try to keep track of where it is.
 So far, it has only claimed one innocent system by accident ("Hey, why
is this machine booting OpenBSD...Oh sh*t..dang, too late")

Nick.

Re: Minor patch to afterboot manpage

[jmc]

On Tue, May 31, 2005 at 10:41:38PM -0500, Walter Goulet wrote:
> Hi,
> 
> I've recenly installed OpenBSD 3.7 on my Zaurus C3000. While perusing 
> the afterboot manpage to figure out how to configure my system, I 
> noticed that the manpage indicated that the /etc/rc.conf.local file was 
> referred to before the manpage stated that the user had to create this file.
> 
> So this patch adds a small paragraph instructing the user to create this 
> file immediately after the root password and system date are set. I 
> think this makes the page read better and avoids the user referring to 
> this file before it is created.
> 

hi, i did not take the patch, but decided to put the sections of
afterboot(8) into a more logical order (i hope).

thanks for the report though. please use unified diffs (diff -u) next
time.

jmc

Re: SGI hardware options for OpenBSD 3.7

[Miod Vallat]

> assume the sgi port for OpenBSD is build for MIPS IV (R5000+), this 
> would prevent it from running on R4000/R4400 Ind(y|igo[2])s. IIR the 
> R4000 and higher (MIPS III) are 64bit capable CPUs and could probably be 
> supported with relative ease. I have an older Indy (R4x00) I will donate 
> if someone wants to add support for the Ind(y|ingo2).

I have plans to work on 64-bit support for R4k Indy & Indigo2 sometime
in the future, but I have more important real-life issues to solve
first.

Miod

Re: Problems with CPU/ARCH specific compilation!?

[Phillip Eviston]

Dammit! Do you mean that if I get a majority of people on this list
(say, by stacking anonymous names) to request Theo to approve opening a
remote hole in the base install, there's a chance he won't do it?

How unreasonable can the development team be?

That's it for me, I'm afraid. I cannot condone the use of this software
anymore. Good bye!!!


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Otto Moerbeek
Sent: Wednesday, 1 June 2005 4:11 PM
To: Markus Kolb
Cc: misc@openbsd.org
Subject: Re: Problems with CPU/ARCH specific compilation!?

On Tue, 31 May 2005, Markus Kolb wrote:

> And maybe you should return from anarchy to democracy a little bit.

If have no idea what political term fits best, but OpenBSD is not a
democracy. We value some people's opinions more than other people's. 

It's neither an anarchy, we certainly have rules.

-Otto

ifconfig not showing ipv6 peer addr on 3.7

[Eric Faurot]

When using ppp on 3.7 with IPV6CP, ifconfig does not show the peer
ipv6 address on the local link, although it should be there.

  $ ifconfig tun0 inet6 
  tun0: flags=8010 mtu 1500
  inet6 fe80::502a:8671%tun0 ->  prefixlen 64 scopeid 0x6

whereas in ppp, after dial:

  ppp ON myhost> show iface
  tun0 (idx 6)  mtu 1500 has 2 addresses:
  inet  -->  netmask 0x
  inet6 fe80::502a:8671 --> fe80::203:feff

I looked a bit into ifconfig.c and I noted that on line 2234, the
ioctl call does not fail, but the resulting ifr_addr is empty (len=0,
family=0). It definitely worked on 3.6.

Eric.

Re: make release problem with 3.7 stable

[Miod Vallat]

> I think he means the blowup when it tries to make floppyC

I think he means the error he pasted, which aren't related in any way to
the building of floppyC.

More coffee?

Miod

Re: make release problem with 3.7 stable

[Geoff White]

Miod Vallat wrote:

I can't imagine that make release is not working anymore so I'm probably 
overlooking something.
I'm doing everything as per release(8) and 
http://www.openbsd.org/faq/faq5.html#Release but errors about missing 
files show up.


Any ideas?
   



These errors are harmless. Depending upon the architecture you are
building for, not all file specifications will be matched at the end,
that's why these error are ignored and don't cause "make release" to
abort.

Miod

 



I think he means the blowup when it tries to make floppyC

Re: make release problem with 3.7 stable

[Miod Vallat]

> I can't imagine that make release is not working anymore so I'm probably 
> overlooking something.
> I'm doing everything as per release(8) and 
> http://www.openbsd.org/faq/faq5.html#Release but errors about missing 
> files show up.
> 
> Any ideas?

These errors are harmless. Depending upon the architecture you are
building for, not all file specifications will be matched at the end,
that's why these error are ignored and don't cause "make release" to
abort.

Miod

ANNOUNCE: MailDroid Spam Fighting MFG/MTA alpha release 0.01

[Geoff White]

The MailDroid iso image is ready for download at http://www.maildroid.org.
(at 130 MB, we'll try it for a few days to see if we can afford the traffic)



MailDroid is a special "distro" of the popular OpenBSD** operating 
system that is optimized to provide a secure, spam fighting, virus 
killing, Mail Filtering Gateway, "right out of the box". System 
Administrators need only place the MailDroid distro CD into any modern 
x86 box (Pentium III class or above) and load the system as you would 
any OpenBSD install except you select the additional maildroid.tgz 
package. Once all the packages are installed, reboot and the system 
will come up swinging! MailDroid comes equipped and configured with:



 sendmail 8.13.8 - standard OpenBSD 3.7 release
 smtp-vilter 1.1.9- connect several milter back-ends to filter your 
incoming mail

 spamassassin 3.0.2- what more do we need to say?
 cyrus-sasl 2.1.20 - SASL2 authentication daemon to use with sendmail
 clamav 0.85.1- The open source anti virus milter
 squirrelmail 1.4.4 SSL web mail front-end using an internal IMAP server
 spamd - The OpenBSD offensive spam deferral daemon
 pop3s - TLS based POP access (via stunnel 4.08 )
 OpenBSD firewall based on pf
 Chrooted sendmail, apache, clamav, smtp-vilter, named, PHP4.3.10 and more
 Secure Web-based management console


We put all the work into building, integrating and debugging these tools 
so you can spend your time, not building packages, but fighting SPAM! 
While the system comes up, secure and ready to filter, reject, or label 
spam, we refrain from making any major policy decisions. The system is 
tunable, in a large-scale sense through the web interface, however you 
can edit the actual configuration files yourself without worrying that 
your changes will be lost... all config files changes are placed under 
version control so if you make a mistake, you can recover easily.



MailDroid is Open Source, you are free to modify it, recompile it, use 
parts of it, even repackage and sell it ( see individual component 
licenses). If you choose to purchase a CD, you get one year of on-line 
automatic updates for the host that you decide to register. What this 
means is that if there are security vulnerabilities, or cool feature 
improvements available, you don't have to wait, re-compile or 
re-install, you just have to download the package, install, possibly 
reboot and your done. Even if you choose not to purchase a CD, you can 
still have read access to the MailDroid CVS tree, that will contain up 
to the minute security patches and many feature enhancements.


MailDroid is a community effort, it is a effort of System and Network 
Administrators like yourselves, and we value your suggestions, patches 
and feature additions, should you choose to contribute them. We are here 
to make all of our lives a little nicer and to optimize the fun!


MailDroid... Now there's a New Hope.

Host requirements:
 I32 (x86) machine 300MHz (Pentium III) or better (sorry no 64 bit 
support yet, dual CPU is OK!)

 128MB of memory (512 preferred)
 20 Gigabyte hard drive
 CDrom (to load software)
 keyboard, VGA monitor (serial support for the console in the BIOS)
 10/100 base-T Ethernet port


We can also build custom MailDroids to your specifications and deliver 
them fully burnt-in, loaded and debugged. From super-fast, 1U, dual 
processor, bastion servers to small-office, paperback book size, low 
power units. E-mail us for details and price quotes.






Info at maildroid.org



* MFG = Mail Filtering Gateway which also doubles as an MTA (Mail 
Transporting Agent)
** OpenBSD and the Mean Puffy logo are copyrighted 1997-2005 by Theo de 
Raadt

make release problem with 3.7 stable

[Daniel Polak]

I can't imagine that make release is not working anymore so I'm probably 
overlooking something.
I'm doing everything as per release(8) and 
http://www.openbsd.org/faq/faq5.html#Release but errors about missing 
files show up.


Any ideas?

Daniel


base: done.
comp: done.
etc: done.
game: done.
man: done.
misc: done.
cp /root/reldest/snapshot/bsd* /root/relout
cp /root/reldest/snapshot/*boot* /root/relout
cp /root/reldest/snapshot/cdbr /root/relout
cp /root/reldest/snapshot/*BOOT* /root/relout
cp: /root/reldest/snapshot/*BOOT*: No such file or directory
*** Error code 1 (ignored)
cp /root/reldest/snapshot/cd*.iso /root/relout
cp /root/reldest/snapshot/*.ipk /root/relout
cp: /root/reldest/snapshot/*.ipk: No such file or directory
*** Error code 1 (ignored)
cp /root/reldest/snapshot/Packages /root/relout
cp: /root/reldest/snapshot/Packages: No such file or directory
*** Error code 1 (ignored)
cp /root/reldest/snapshot/INSTALL.* /root/relout
cp /root/reldest/snapshot/*.fs /root/reldest/snapshot/*.fs.gz /root/relout
cp: /root/reldest/snapshot/*.fs.gz: No such file or directory
*** Error code 1 (ignored)
cd /root/relout;  md5 bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* *.fs *.iso 
*.gz *.

tgz  > MD5
md5: cannot open *BOOT*: No such file or directory
md5: cannot open *.gz: No such file or directory
cd /root/relout;  cksum bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* *.fs 
*.iso *.gz

*.tgz  > CKSUM
cksum: cannot open *BOOT*: No such file or directory
cksum: cannot open *.gz: No such file or directory
cd /root/relout && sort -o MD5 MD5
cd /root/relout && sort -o CKSUM -k 3 CKSUM

Re: howto clean disks ?

[Matt Phillips]

If you are truly paranoid use DBAN,  which is short for Darin's Boot and 
Nuke.  IMO it is the best disk wiping tool out there.  It gives you a 
couple different wiping methods to choose from, including the one used 
by the US DoD.  You can also specify how many passes it makes.  
According to the website, DBAN is used by the US Dept of Energy and the 
National Nuclear Security Administration, which ain't bad.  Be aware 
that it may take an entire day to run depending on which wipe method you 
choose.  I called it good after around 8 hours, and I was only on pass 
5/7 on an 80GB disk!  It has a quick wipe option if you don't want to 
wait forever or aren't insanely paranoid.


http://dban.sourceforge.net/

- Matt

Shane J Pearson wrote:


Hi Anthony,

On 01/06/2005, at 4:01 PM, Anthony Roberts wrote:


The 'dd' way is good enough unless someone is willing to to tear the
drive apart in a lab.



I think this depends on how you use dd though. If you just do a single
pass of zeroes, but fear someone will mount a multi million dollar
electron microscope forensic analysis, then yeah, that might not be
enough. But write from /dev/urandom with dd multiple times to the disk
and you should be okay even with that extreme case.

If I were worried about open-drive analysis of the drive I want to
clean, then I'd be physically destroying the drive also. Put it in a
kiln, get the oxy torch into it, etc.

Re: howto clean disks ?

[Kevin]

On 6/1/05, Shane J Pearson <[EMAIL PROTECTED]> wrote:
> On 01/06/2005, at 4:01 PM, Anthony Roberts wrote:
>>On 6/1/05, Ed White <[EMAIL PROTECTED]> wrote:
>>> I'm going to give away some old hard disks and I'm planning to
>>> delete/overwrite all the data on them. Is there any tool to make this
>>> automagically ?

If these are SCSI drives, you should additionally consider doing a
low-level format.  Many SCSI controller BIOS interface menus offer
a format option, this will do a true low-level drive format.


> > The 'dd' way is good enough unless someone is willing to to tear the
> > drive apart in a lab.
> 
> I think this depends on how you use dd though. If you just do a single
> pass of zeroes, but fear someone will mount a multi million dollar
> electron microscope forensic analysis, then yeah, that might not be
> enough. 

Back to OpenBSD, if you never let sensitive data hit the disk in the
clear (through the use of cfs and encrypted swap), the question of
how best to wipe the disks no longer needs to be asked.


> But write from /dev/urandom with dd multiple times to the disk
> and you should be okay even with that extreme case.
> If I were worried about open-drive analysis of the drive I want to
> clean, then I'd be physically destroying the drive also. Put it in a
> kiln, get the oxy torch into it, etc.

I read the Ed's question as implying that he wanted the
recipient to be able to get some use out of the drives,
as something more than a paperweight.

Kevin Kadow

(P.S. Before anybody else learns this the hard way, *successfully*
degaussing a hard drive, while not physically destructive, also
renders the drive useless for all but paperweight duty.)