Re: libc and BitTorrent
hmm, on Thu, Jun 16, 2005 at 05:12:32PM +0200, Artur Grabowski said that -f [EMAIL PROTECTED] writes: hi there, i was looking at BitTorrent, and this caught my attention: --enable_bad_libc_workaround arg enable workaround for a bug in BSD libc that makes file reads very slow. (defaults to 1) anybody knows what does this mean, and is openbsd affected? It means The whole world is Linux, everything that is not linux is bad. We design our software so that it uses hidden features and bugs of glibc. If any other libc doesn't implement those bugs or unstandard features it's bad and needs to suffer. Noone has ever explained what the problem is. Just that somehow BSD libc is bad. i don't know python closely, but it never struck me as a linux only community, at least they are not GPL as far as i can tell. -- after two weeks of dieting, all i lost was two weeks.
Re: my may/june trip to canada
Hello! On Thu, Jun 16, 2005 at 08:57:31PM +0200, Henning Brauer wrote: [...] I have been flying to Montreal on May 7th, basically just after my return from RIPE-50 at Stockholm. Matt (msf) picked me up downtown, and Ryan arrived a few hours later, bringing Fernando Gont with him. We stayed at Matt's for a few days, doing some random hacking, and Ryan and me, siting in front of one screen, finally got started on the pf interface abstraction code cleanup, which was a prerequisite for making use of the interface groups stuff I hacked a year ago. I can't point out enough how important it was that we could sit down together, staring at one screen, to get started on that. Yeah, pair programming sometimes is *very* helpful. Experienced that with a friend of mine who happens to be a co-worker too. I continued to work on that for the following days. We didn't miss out the city of Montreal either of course - we did have a lot of fun, no doubt. Cool that there also was a good balance between work and fun. [...] There was a (not so surprising) surprise waiting for me - a shiny new laptop, an IBM X40. Many thanks again to those who made that possible (and yes, I will finally handle donations.html for the donors when I am back, promised). Heh. [...] could not see his. Bob and me had humppa as introduction to our talks tho, which the audience appreciated :) Humppa as intro for talks? I'm not sure how I should try to imagine how that works. [...] We did go for a dayhike during the hackathon of course, forming two groups of 5 people each for a hard hike and one big group for an easier one. Theo, Ryan, Reyk, Uwe and me went up Mount St. Piran, starting at Lake Louise, after going over some other Mountain (forgot the name), elevation delta about 900m. It was fun. So you have to love hiking if you're an OpenBSD hacker? But then I guess there's much really cool landscape, and less overcrowded comapred to Europe, over there in Canada. pval me escaped for a (fantastic) mountain bike ride on the last day before we started tearing things down. ... or sports in general... [...] There, at Ryan's place in Vancouver, I stayed until today. We enjoyed Vancouver, went for another 2.5-day hike to Emma Lake (and on), near Powell River, went up Grouse Grind near Vanouver (930m elevation delta on 3km :)) and used the time to talk about future openbsd work, designing cool stuff and of course hacking. Many Thanks to the people who made this trip possible, where Ryan is the first to name - we had a wonderful time. So now the airplane is about to reach Europe - I enjoyed this long trip very very much. I'll be back :) :-) Kind regards, Hannah.
Re: my may/june trip to canada
On Thu, Jun 16, 2005 at 08:57:31PM +0200, Henning Brauer wrote: So, I am in the airplane flying back from Vancouver. It has been a long journey, but let me start from the beginning. [...] eh, you didn't see me, henning? ;-) reyk --- h.txt 2005-06-17 11:32:20.0 +0200 +++ h1.txt 2005-06-17 11:32:45.0 +0200 @@ -60,7 +60,7 @@ elevation delta about 900m. It was fun. pval me escaped for a (fantastic) mountain bike ride on the last day before we started tearing things down. -Ryan, Uwe, Martin, jsg and claudio stayed to go on a hike with Theo, +Ryan, Uwe, Martin, jsg, claudio and reyk stayed to go on a hike with Theo, Peter, Ryan and me. We went to Turbine Canyon in Kananaskis (well, close to it), quite a bit of the way on snow shoes. Camping there a night, Ryan and me put our tent on top of a hill, with a fantastic view over the area,
Re: interface groups and pf
where do one get the the 1 litre stella bottle? /Isak tony sarendal wrote: pf is the best thing since the 1-litre stella bottle. It's good to see that it continues to improve. This is cool stuff. /Tony S
Re: GRUB's boot parameter -- I dit it!!!
On Thu, 16 Jun 2005 18:39:37 +0200 Matthias Kilian [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 01:12:59AM +0900, ikesan wrote: root (hd2,0,a) kernel --type=netbsd /bsd Use the chainloader. I dit it!! I changed grub's parameter as following. root (hd2,0,a)#- not hd0 chainloader +1 It works good. Thank you!
Re: interface groups and pf
Henning Brauer wrote: So, after cleaning up the interface abstraction code in pf with Ryan before the Hackathon, I worked on interface groups integration to pf. ... joining to others: great work. So for now isakmpd have not need to listen on the routing socket by itself to be truly dynamic with interfaces' changes. Instead of it, isakmpd should refer to interface groups just like refers to interface names and default route for now. It it correct understanding of the future of isakmpd in this area? Thanks.
Re: openbsd - opensource as free at all
People really interested in FREE software do their homework, they read mailing-lists archives, and they refer to the project website, which has a BIG page explaining in details what this is all about. Goodbye, come back when you have relevant new questions.
OBSD user groups in South Africa?
Hi all. I googled but found nothing, so now I'm hoping you good folks can help me. Does anyone know of an OpenBSD (or General BSD) users group in South Africa? Thanks. Marius.
Re: GRUB's boot parameter - don't do it!!!!
I think using grub is shameful and insecure enough :) I would not rely on boot loader that resides outside of MBR. The best thing for multi-os pc is distro-independent loader (e.g. GAG) + partion loaders for each specific OS. Don't want my OpenBSD to depend on Linux partitions :) My personal opinion PS: grub still can be second level boot loader, e.g. for Linux affiliates. Be careful with GRUB on Linux partition if you are not yet convinced :) --- ikesan [EMAIL PROTECTED] wrote: On Thu, 16 Jun 2005 18:39:37 +0200 Matthias Kilian [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 01:12:59AM +0900, ikesan wrote: root (hd2,0,a) kernel --type=netbsd /bsd Use the chainloader. I dit it!! I changed grub's parameter as following. root (hd2,0,a)#- not hd0 chainloader +1 It works good. Thank you! Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Snapshot from 03/June : spamd working ?
Hello all,
Not sure if I'm missing something here with spamd so I thought I'd ask
the experts. I have it setup with the default config file (snipped) ;
[fw1]# cat /etc/spamd.conf
all:\
:spamhaus:china:korea:
# Mirrored from http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2
spamhaus:\
:black:\
:msg=SPAM. Your address %A is in the Spamhaus Block List\n\
See http://www.spamhaus.org/sbl and\
http://www.abuse.net/sbl.phtml?IP=%A for more details:\
:method=http:\
:file=www.openbsd.org/spamd/SBL.cidr.gz:
# Mirrored from http://www.spews.org/spews_list_level1.txt
spews1:\
:black:\
:msg=SPAM. Your address %A is in the spews level 1 database\n\
See http://www.spews.org/ask.cgi?x=%A for more details:\
:method=http:\
:file=www.openbsd.org/spamd/spews_list_level1.txt.gz:
# Mirrored from http://www.spews.org/spews_list_level2.txt
spews2:\
:black:\
:msg=SPAM. Your address %A is in the spews level 2 database\n\
See http://www.spews.org/ask.cgi?x=%A for more details:\
:method=http:\
:file=www.openbsd.org/spamd/spews_list_level2.txt.gz:
and the relevant processes are running;
[firewall]# ps wax
PID TT STAT TIME COMMAND
26310 ?? Is 0:00.01 ntpd: [priv] (ntpd)
26951 ?? Is 0:00.01 inetd
19580 ?? Is 0:00.18 /usr/sbin/sshd
26828 ?? Is 0:00.08 /usr/libexec/spamd
16673 ?? Is 0:00.20 sendmail: accepting connections (sendmail)
I have the cron job enabled for root;
[fw1]# crontab -l | grep spam
0 * * * * /usr/libexec/spamd-setup
I also have the relevant pf rule in place;
[firewall]# pfctl -vsn
rdr inet proto tcp from spamd to any port = smtp - 127.0.0.1 port 8025
[ Evaluations: 104628Packets: 0 Bytes: 0 States:
0 ]
[ Inserted: uid 0 pid 25445 ]
and as you can see not one hit from a known spammer !
I run Mailscanner on my mailserver behind the openbsd box and he is
still constantly rejecting mail from known spammers - this is part of my
sendmail.mc file;
FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`Rejected - see
http://spamhaus.org/')dnl
FEATURE(`dnsbl',`list.dsbl.org',`554 Rejected - see http://dsbl.org/')dnl
FEATURE(`dnsbl',`smtp.dnsbl.sorbs.net',`554 Rejected ${client_addr}
found in smtp.dnsbl.sorbs.net')dnl
FEATURE(`dnsbl',`opm.blitzed.org',`554 Rejected ${client_addr}
found in opm.blitzed.org')dnl
FEATURE(`dnsbl',`dul.dnsbl.sorbs.net',`554 Rejected ${client_addr}
found in dul.dnsbl.sorbs.net')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`554 Rejected ${client_addr}
found in cbl.abuseat.org')dnl
and, finally, some log entries;
Jun 17 19:49:29 inetmail sendmail[13126]: ruleset=check_relay,
arg1=[210.213.176.247], arg2=127.0.0.4, relay=210.213.176.247.pldt.net
[210.213.176.247] (may be forged), reject=
553 5.3.0 Rejected - see http://spamhaus.org/
Jun 17 20:41:26 inetmail sendmail[13390]: ruleset=check_relay,
arg1=[61.96.162.88], arg2=127.0.0.4, relay=[61.96.162.88], reject=553
5.3.0 Rejected - see http://spamhaus.org/
So given that both spamd and sendmail are configured to talk to
spamhaus, why is openbsd 3.7 spamd not blocking connections from these
guys ?
Thanks for reading this
Oh, here's my dmesg..
OpenBSD 3.7-current (GENERIC) #175: Fri Jun 3 18:00:08 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 702 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 65576960 (64040K)
avail mem = 38232064 (37336K)
using 4130 buffers containing 16916480 bytes (16520K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(01) BIOS, date 04/07/00, BIOS32 rev. 0 @ 0xfb0c0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xb540
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/96 (4 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 4 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 11 12
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801AA LPC rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82810 rev 0x03: rng active, 9Kb/sec
vga1 at pci0 dev 1 function 0 Intel 82810 Graphics rev 0x03: aperture
at 0xd800, size 0x400
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 Intel 82801AA Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 DEC 21154 PCI-PCI rev 0x05
pci2 at ppb1 bus 2
fxp0 at pci2 dev 4 function 0 Intel 82557 rev 0x05, i82558: irq 5,
address
Re: GRUB's boot parameter - don't do it!!!!
On Fri, Jun 17, 2005 at 04:40:03AM -0700, Vladislav Belogrudov wrote: I think using grub is shameful and insecure enough :) I would not rely on boot loader that resides outside of MBR. The best thing for multi-os pc is distro-independent loader (e.g. GAG) + partion loaders for each specific OS. Don't want my OpenBSD to depend on Linux partitions :) My personal opinion PS: grub still can be second level boot loader, e.g. for Linux affiliates. Be careful with GRUB on Linux partition if you are not yet convinced :) grub is bad, ugly, GNUish and it's a dead project since a while GRUB Legacy is no longer being developed. For the differences between GRUB Legacy and GRUB 2, please visit their respective pages. and there doesn't seem to be any progress in the grub 2 development... besides all the uglyness, i do like the flexibility and the network-booting capability of grub. i didn't find any similar replacement so i still use it in some scenarios. btw.: there are some patches for using grub with OpenBSD http://www.berger.to/openbsd/pxegrub.html. nevertheless, use the openbsd (pxe) bootloader or grub chainloading ;) reyk
Re: Snapshot from 03/June : spamd working ?
On Fri, 17 Jun 2005, Brian McKerr wrote: I also have the relevant pf rule in place; [firewall]# pfctl -vsn rdr inet proto tcp from spamd to any port = smtp - 127.0.0.1 port 8025 [ Evaluations: 104628Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 25445 ] i'm missing a pass here. -Otto
Re: Snapshot from 03/June : spamd working ?
Otto Moerbeek wrote: On Fri, 17 Jun 2005, Brian McKerr wrote: I also have the relevant pf rule in place; [firewall]# pfctl -vsn rdr inet proto tcp from spamd to any port = smtp - 127.0.0.1 port 8025 [ Evaluations: 104628Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 25445 ] i'm missing a pass here. -Otto You mean a basic SMTP pass in ? This has been allowing mail to the mailserver for years, its only this week that I tried the Spamd thingo pfctl -sr | grep -i smtp pass in log quick on fxp0 proto tcp from any to any port = smtp flags S/SA modulate state queue(q_def, q_pri) cheers, Brian.
Re: Snapshot from 03/June : spamd working ?
FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl Jun 17 19:49:29 inetmail sendmail[13126]: ruleset=check_relay, arg1=[210.213.176.247], arg2=127.0.0.4, relay=210.213.176.247.pldt.net [210.213.176.247] (may be forged), reject= 553 5.3.0 Rejected - see http://spamhaus.org/ Jun 17 20:41:26 inetmail sendmail[13390]: ruleset=check_relay, arg1=[61.96.162.88], arg2=127.0.0.4, relay=[61.96.162.88], reject=553 5.3.0 Rejected - see http://spamhaus.org/ So given that both spamd and sendmail are configured to talk to spamhaus, why is openbsd 3.7 spamd not blocking connections from these guys ? Because those addresses are in the XBL, not the SBL. The XBL is populated by entries from the CBL, which are added when virus-like or worm-like behavior is detected, and entries are removed at the first request. Doesn't really make a whole lot of sense to try to create a static list for it, when the SBL list is only updated twice a day anyway. Of course, you could just go to www.spamhaus.org and read up on how it works. Steve
Re: Snapshot from 03/June : spamd working ?
On Fri, 17 Jun 2005, Brian McKerr wrote: You mean a basic SMTP pass in ? This has been allowing mail to the mailserver for years, its only this week that I tried the Spamd thingo pfctl -sr | grep -i smtp pass in log quick on fxp0 proto tcp from any to any port = smtp flags S/SA modulate state queue(q_def, q_pri) that seems to be OK. What does pfctl -t spamd -T show show? -Otto
Re: Snapshot from 03/June : spamd working ?
Otto Moerbeek wrote: On Fri, 17 Jun 2005, Brian McKerr wrote: You mean a basic SMTP pass in ? This has been allowing mail to the mailserver for years, its only this week that I tried the Spamd thingo pfctl -sr | grep -i smtp pass in log quick on fxp0 proto tcp from any to any port = smtp flags S/SA modulate state queue(q_def, q_pri) that seems to be OK. What does pfctl -t spamd -T show show? -Otto Here is the tail of it; 219.149.10.91 219.149.64.0/24 219.150.112.0/20 219.150.128.0/17 219.151.40.59 219.153.13.240/29 219.160.130.0/24 219.162.168.0/24 219.163.88.0/29 219.163.170.112/29 219.166.26.98 219.166.172.64/29 219.166.175.232/29 219.216.0.0/13 219.224.0.0/12 219.232.178.109 219.232.183.47 219.232.184.0/24 219.232.188.153 219.234.22.0/24 219.234.192.0/19 219.235.0.9 219.235.232.0/24 219.237.49.145 219.238.146.119 219.240.0.0/15 219.240.39.225 219.242.0.0/15 219.244.0.0/14 219.248.0.0/13 219.254.32.64/26 220.19.108.0/22 220.64.0.0/11 220.64.98.0/23 220.66.8.120 220.73.160.0/24 220.73.173.96/27 220.80.104.0/22 220.85.13.90/31 220.85.13.92 220.97.18.0/24 220.97.40.0/24 220.99.71.48/29 220.103.0.0/16 220.105.107.145 220.106.2.0/24 220.110.185.176 220.111.133.95 220.112.0.0/14 220.112.123.54 220.112.152.112 220.112.152.136 220.112.157.55 220.113.183.169 220.114.69.147 220.116.0.0/14 220.117.234.0/23 220.117.244.0/22 220.120.0.0/13 220.130.208.19 220.135.232.187 220.135.233.115 220.149.0.0/16 220.150.34.0/24 220.150.253.125 220.160.0.0/11 220.163.21.18 220.163.58.143 220.163.74.45 220.163.176.208 220.163.176.211 220.164.144.0/24 220.191.30.0/23 220.192.0.0/12 220.192.157.7 220.194.60.242 220.196.248.142 220.201.194.241 220.202.18.0/24 220.202.133.36 220.202.248.48/28 220.215.44.164 220.220.71.73 220.230.0.0/16 220.231.0.0/18 220.231.128.0/17 220.234.0.0/16 220.246.67.87 220.247.245.180 220.248.0.0/14 220.248.65.150 220.255.94.113 220.255.136.240 220.255.172.125 220.255.248.5 221.0.0.0/13 221.0.118.253 221.0.126.15 221.2.55.0/24 221.3.132.0/26 221.4.154.63 221.4.199.234 221.7.209.0/24 221.8.0.0/15 221.10.0.0/16 221.10.71.248/29 221.10.201.0/24 221.10.224.162 221.10.226.48/28 221.10.254.0/24 221.11.0.0/17 221.11.128.0/18 221.11.192.0/19 221.12.0.0/17 221.12.128.0/18 221.13.0.0/16 221.14.0.0/15 221.117.247.131 221.119.23.0/24 221.122.0.0/15 221.124.87.254 221.126.149.24 221.127.55.0/24 221.129.0.0/16 221.130.0.0/15 221.132.30.203 221.132.48.0/22 221.132.56.175 221.132.64.0/19 221.133.128.0/18 221.136.0.0/15 221.136.65.105 221.136.68.186 221.136.88.49 221.136.100.36/31 221.137.242.189 221.138.0.0/15 221.139.14.110 221.139.14.112/28 221.140.0.0/14 221.143.21.236/30 221.144.0.0/12 221.160.0.0/13 221.164.141.44 221.168.0.0/16 221.168.182.0/23 221.169.54.0/24 221.169.236.120 221.172.0.0/14 221.176.0.0/13 221.185.74.76 221.186.27.172 221.186.72.122 221.186.80.16/29 221.186.106.64/29 221.186.117.94 221.186.144.168/29 221.192.0.0/14 221.196.0.0/15 221.196.19.0/24 221.196.115.0/24 221.198.0.0/16 221.199.0.0/19 221.199.32.0/20 221.199.128.0/18 221.199.192.0/20 221.200.0.0/13 221.208.0.0/12 221.224.0.0/12 221.250.86.245 221.251.7.24/29 222.1.219.130 222.16.0.0/12 222.32.0.0/11 222.36.42.120/29 222.36.42.182 222.47.76.251 222.64.0.0/15 222.64.0.0/11 222.67.160.0/22 222.76.158.0/23 222.76.196.0/24 222.80.184.0/24 222.82.1.233 222.84.222.17 222.89.98.0/24 222.90.44.225 222.90.66.53 222.90.74.0/24 222.96.0.0/12 222.96.156.0/25 222.98.237.251 222.101.7.192/26 222.101.168.0/25 222.112.0.0/13 222.112.67.86 222.120.0.0/15 222.121.206.0/24 222.121.213.0/25 222.122.0.0/16 222.122.12.0/24 222.122.39.0/24 222.122.56.35 222.122.60.61 222.122.65.0/24 222.124.21.21 222.124.44.8 222.125.0.0/16 222.128.0.0/12 222.134.66.0/24 222.146.162.0/24 222.147.181.49 222.148.108.0/24 222.149.144.27 222.150.167.55 222.151.231.58/31 222.153.70.113 222.156.15.0/24 222.160.0.0/15 222.162.0.0/16 222.163.0.0/19 222.166.48.0/24 222.168.0.0/13 222.169.80.0/20 222.170.7.0/24 222.170.97.22 222.174.34.151 222.176.0.0/12 222.192.0.0/11 222.208.168.0/24 222.208.183.0/24 222.222.48.0/24 222.231.0.0/18 222.232.0.0/13 222.234.48.0/24 222.240.0.0/13 222.248.0.0/16 222.248.6.13 222.248.21.47 222.248.48.178 222.248.148.76 222.249.0.0/17 222.249.128.0/18 222.249.192.0/19 222.249.224.0/20
Re: Snapshot from 03/June : spamd working ?
Steve Tornio wrote: FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl Jun 17 19:49:29 inetmail sendmail[13126]: ruleset=check_relay, arg1=[210.213.176.247], arg2=127.0.0.4, relay=210.213.176.247.pldt.net [210.213.176.247] (may be forged), reject= 553 5.3.0 Rejected - see http://spamhaus.org/ Jun 17 20:41:26 inetmail sendmail[13390]: ruleset=check_relay, arg1=[61.96.162.88], arg2=127.0.0.4, relay=[61.96.162.88], reject=553 5.3.0 Rejected - see http://spamhaus.org/ So given that both spamd and sendmail are configured to talk to spamhaus, why is openbsd 3.7 spamd not blocking connections from these guys ? Because those addresses are in the XBL, not the SBL. The XBL is populated by entries from the CBL, which are added when virus-like or worm-like behavior is detected, and entries are removed at the first request. Doesn't really make a whole lot of sense to try to create a static list for it, when the SBL list is only updated twice a day anyway. Of course, you could just go to www.spamhaus.org and read up on how it works. Steve Thanks for the tip Steve, I've just read up on it.. and it seems to suggest that using sbl+xbl is a good thing. What exactly is spamd going to catch then ?
Suspending on Zaurus
Hi, Suspending the Zaurus seems to freeze the screen (typed text doesn't show up, but oddly switching consoles works) until I suspend and resume the Zaurus a second time, at which point the typed text mysteriously appears. I have also tried the close cover, open cover trick to see if it's because the keyboard hasn't woken up, but as I said, the typed text appears after the second suspend resume. Am I the only one who has this problem? -Ray-
the pf-based dynamic firewall daemon dfd_keeper now available
Hi, I've spent a fair amount of time minimizing open ports and I have a cool new program for other people allergic to unnecessary open ports. The basic idea is called a dynamic firewall daemon, that provides a command-line like interface which can execute carefully controlled modification to your firewall rules on the fly. It has boatloads of applications, like creating firewall rules that expire after a certain period of time, creating fixed-length queues of shunned IP addresses, automatic blocking of IPs that are the source of NIDS alerts, a way to implement port-knocking, temporary enabling of bittorrent ports, extreme islanding in case of a severe intrusion, and lots of other applications. This specific implementation is called dfd_keeper, named after the bridge keeper in The Holy Grail. As the origin of the name might suggest, it is written in python and making use of the twisted asynchronous I/O library. I have put a lot of effort into making it elegant and readable. This is not a one-trick pony. It is a programmatic interface and control of the packet filter from userland. Just for a quick demonstration of how to use dfd_keeper, I have created a script called keeper_example. This sets up a fully functional but somewhat minimal firewall that performs NAT. You will notice that all of the PF-related rules are written in pf.conf syntax - nothing new to learn! I think that anyone of moderate intelligence can use/modify it, even if they are completely ignorant of python. It also defines a few commands, like being able to block a specific IP address. It has an online help command that makes extensive use of python introspection, keeping the documentation with the implementation. You can command dfd_keeper merely using netcat or telnet. There may be cause for a twisted-based web front end as well. Just to anticipate a complaint, there is no authentication in this server beyond what you configure with the pf rules themselves. For me, this is good enough, but I may implement some kind of auth layer above it at a later time. I want to solve the problems correctly. For example, I don't want reusable passwords that will have to be embedded in any other program that wants to make use of dfd commands. For now, if you want authentication, use ssh tunnelling or IPSec. Comments, suggestions, volunteers, code submissions welcome. Justification, explanation, example, browsable code and tarballs here: http://www.lightconsulting.com/~travis/dfd/
Re: speed of mac mini
Hello list, i will only do normal thinks:- some coding -- emacs/terminals/ddd - read www.openbsd.org -- firefox/dillo -read mails of misc@openbsd.org -- thunderbird - write some letters, do some calculations -- abiword/gnumeric - some statistik -- gnuplot - audio/video playing -- xmms/mplayer all with gnome or windowmaker. That's all. Bye Thorsten LiteStar numnums wrote: G'day, A friend of mine uses the mini for all of his foto processing with Photoshop and the like, whilst Illustrator and Safari are running. It seems fast enough. I've no idea what you want to really do with it (if it has a hard time with gnome/kde, that would be really bad, eh?), but for his needs it's fine. Cheers! On 6/16/05, Thorsten Johannvorderbrueggen [EMAIL PROTECTED] wrote: Hello list, i think of buying a mac mini, but i don't know if a mac mini is fast enough. So i ask you: does anyone use an mac mini with gnome/kde or so? At the moment i have an dual-P3 and he's fast enough. Any coments, suggestions? Bye Thorsten
Re: Snapshot from 03/June : spamd working ?
Steve Tornio wrote: Because those addresses are in the XBL, not the SBL. The XBL is populated by entries from the CBL, which are added when virus-like or worm-like behavior is detected, and entries are removed at the first request. Doesn't really make a whole lot of sense to try to create a static list for it, when the SBL list is only updated twice a day anyway. Of course, you could just go to www.spamhaus.org and read up on how it works. Steve Thanks for the tip Steve, I've just read up on it.. and it seems to suggest that using sbl+xbl is a good thing. What exactly is spamd going to catch then ? spamd will tarpit entries in the SBL, which are (supposed to be) actual spamming operations. The idea behind spamd is to waste the time and resources of spam operations, not simply to reject their mail. If you're only looking to reject mail, then don't use spamd. I do understand what spamd is trying to achieve. I want both .. to waste their time and resources and block their email as I'm sure everyone does !. Which is what should happen according to my interpretation of spamd and its standard implementation. To my knowledge, there does not appear to be anywhere in the spamd documentation that says something like (sarcastic voice) after delaying the spammer and using up their time and resources, allow their connection through to your mailserver so they can deliver their spam ! Thanks for your help Steve, I think Otto is looking at the *real* problem. Brian.
Re: ftp server down?
Hi gang, major outage here that is affecting ftp.openbsd.org I love embedded disk products with firmware that crashes. Thank you adaptec. We'll be back when we are back, sorry for the inconvenience. -Bob
Re: Snapshot from 03/June : spamd working ?
Hi, I,m a newbie for using openbsd But why not use spamd for the tarpitting and use a mail proxy for the blacklisting feature works fine for me. Spam dropped from 30 a day to 1 or 2 a day Andre -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Tornio Sent: vrijdag 17 juni 2005 15:36 To: Brian McKerr Cc: misc@openbsd.org Subject: Re: Snapshot from 03/June : spamd working ? Because those addresses are in the XBL, not the SBL. The XBL is populated by entries from the CBL, which are added when virus-like or worm-like behavior is detected, and entries are removed at the first request. Doesn't really make a whole lot of sense to try to create a static list for it, when the SBL list is only updated twice a day anyway. Of course, you could just go to www.spamhaus.org and read up on how it works. Steve Thanks for the tip Steve, I've just read up on it.. and it seems to suggest that using sbl+xbl is a good thing. What exactly is spamd going to catch then ? spamd will tarpit entries in the SBL, which are (supposed to be) actual spamming operations. The idea behind spamd is to waste the time and resources of spam operations, not simply to reject their mail. If you're only looking to reject mail, then don't use spamd.
Re: SATA
On Thu, Jun 16, 2005 at 10:10:18AM -0500, L. V. Lammert wrote: [ASUS boards with VIA chipsets] The only problem I have found is the sk0 driver appears to be unstable in some installations, requiring a separate NIC (could have be related to GB on 100BaseT, but it wasn't worth the time to troubleshoot). I've had this with OpenBSD 3.6 on an K8V-X. After upgrading to 3.7, sk0 works great. In 3.6, the PHY wasn't detected. On the few occasions that it was detected, the interface worked but it would lock up under moderate traffic requiring an ifconfig down/up (or detach, don't remember). But, with 3.7 it works great. (This all on a 100 Mbps switched LAN) -- Jurjen Oskam
Re: Theo gave an interview to Forbes Mag. about Linux
Darnforget the link (again): http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz_dl_0616theo.html -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script.
Re: SATA
On Fri, Jun 17, 2005 at 04:33:45PM +0200, Jurjen Oskam wrote: On Thu, Jun 16, 2005 at 10:10:18AM -0500, L. V. Lammert wrote: [ASUS boards with VIA chipsets] The only problem I have found is the sk0 driver appears to be unstable in some installations, requiring a separate NIC (could have be related to GB on 100BaseT, but it wasn't worth the time to troubleshoot). I've had this with OpenBSD 3.6 on an K8V-X. After upgrading to 3.7, sk0 works great. In 3.6, the PHY wasn't detected. On the few occasions that it was detected, the interface worked but it would lock up under moderate traffic requiring an ifconfig down/up (or detach, don't remember). But, with 3.7 it works great. (This all on a 100 Mbps switched LAN) -- Jurjen Oskam Can you send me a dmesg from this system? The issue with the PHY probably only works out of pure fluke, I commited a fix for certain revs of sk which exist on-board motherboards, typically AMD64-based motherboards but that was after 3.7. Anyway, a number of fixes went into the sk driver between 3.6 and 3.7 which results in much smoother and more reliable operation.
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) -- stephen
Effectiveness of pf against port scans
Kudos to the PF developers. Here is an interesting metric from a production /16 network, running OpenBSD 3.6: 96% of blatant TCP port-scan related traffic stopped by pf's max-src-state feature. After tuning pf's max-src-states for our environment and normal traffic loads, we measured how many TCP ports were scanned from off-site. During a one day period, we had 483,474 TCP ports that were attempted to be scanned by Internet-based hosts, only 19,911 made it through, which amounts to a 96% reduction in the number of ports, while at the same time not having any negative effects on normal traffic. Here is an excerpt from our pf rules: pass in on $ext_if from ! $int_net to $int_net label Incoming on external iface keep state block in on $ext_if proto tcp from any to any pass in on $ext_if proto tcp from ! $int_net to $int_net flags S/SA keep state (max-src-states 200, tcp.first 300, t cp.opening 300)
Re: OSPFd over IPSEC (enc)?
On Thu, Jun 16, 2005 at 12:51:53PM -0700, Michael Favinsky wrote: Can two 3.7 servers running OSPFd talk OSPF to each other over an IPSEC tunnel, or worded in another way, an enc interface? I have two sites with a WAN link and I want to use the Internet (VPN) as a backup route. The concept is that under normal circumstances, the OSPF routing table would have valid routes between the two sites over both the VPN and WAN links. If the WAN link failed, there'd still be a valid route between the two sites over VPN. I have exactly this situation working with a gre tunnel over ipsec (using isakmpd). I'm not sure if it will work with enc as ospf needs multicast ability, which I don't believe is supported by straight ipsec. (I could well be wrong here). Openbsd's ospfd (beautiful work from Esben Norby and Claudio Jeker) is ideal for this, although it is still work in progress. Zebra (quagga from packages or ports) also works well, but its configuration and operation is ugly in comparison to the native daemon. Let me know if you want any help with the configs. -- stephen
Re: Carp and Single ADSL
On Fri, Jun 17, 2005 at 10:13:21PM +1000, Brian McKerr wrote:
Hello,
I've just purchased 2 shiny new firewall boxes that I plan to have
running with CARP. I've read the man pages and Ryan McBrides
documentation and it all seems fairly straightforward, the hard part for
me seems to be the physical network side of things. I've searched the
archives and google and couldn't find anything specifically dealing with
my scenario (with the possible exception of Stephen Marley - who I think
does something similar to what I want to do).
Yes, just for the hell of it, my home firewall runs carp on a couple of
old dell pcs. (Although, seeing my latest leccy bill I should invest in
something low powered!)
I have a /29 for my PPPoA asdl so I route, and I'm not familiar with how
a bridged set up like yours all hangs together. Nevertheless, I guess
you should be able to get things working with just 1 IP thanks to 3.7's
addressless carpdev feature. (Don't these dev guys think of everything?
Thanks Ryan!). Your MAC address isn't checked by your ISP is it? That
could be a problem. Anyway, I'll describe my set up so you have
something to refer to.
My adsl router is of the cheap and nasty 1 port type, so I blagged a
little 5 port switch from work for the perimeter network. I guess you'll
need to plug your modem into a switch too. It all looks like this:
+ FW1 ---+
ASDL---Switchx Switch --- lan
+ FW2 ---+
(x is a crossover cable for pfsync).
So you need 3 nics on your firewalls at the least. 1 for outside, 1 for
inside, and 1 for pfsync. You don't assign an IP to your outside
physical interfaces (unless you have spare); the CARP outside interface
gets the (shared) external IP address.
Since you'll be doing nat, you can assign addresses to the inside
physical addresses. (You'll need these addresses for administration, but
it is the CARP inside address which is used by the lan for its default
route).
Here are some configs from my actual firewalls. Note that I have some
servers so I use binat instead of rdr to access them because I have
spare IPs. The aliases on the outside carp interface are so the firewall
answers arp requests for the servers. I have a wireless network and
other stuff behind the lan so there are some extra routes defined.
# cat /etc/hostname.carp0 (the inside i/f)
inet 192.168.67.1 255.255.255.0 NONE vhid 1 pass snorky
!route add -net 192.168.68.0/24 192.168.67.3 (other networks)
!route add -net 192.168.69.0/24 192.168.67.3
# cat /etc/hostname.carp1 (the outside i/f)
inet xxx.xxx.xx.101 255.255.255.248 NONE vhid 2 carpdev xl1 pass snorky
inet alias xxx.xxx.xx.97 255.255.255.255 NONE (for proxy arp)
inet alias xxx.xxx.xx.98 255.255.255.255 NONE
# cat /etc/hostname.pfsync0
up syncdev vr0
# cat /etc/hostname.vr0 (pfsync crossover cable)
inet 10.0.0.254 255.255.255.0 NONE
/etc/hostname.xl0 (inside physical)
inet 192.168.67.254 255.255.255.0 NONE
# cat /etc/hostname.xl1 (outside physical)
up
The other firewall is identical except it uses .253 for pfsync and
inside physical i/fs.
My asdl router is xxx.xxx.xx.102 so I have /etc/mygate containing this
address for the firewall's default route. I guess you don't need this
since you're bridging.
Pf uses the physical i/f, so my config refers to xl1 for filtering the
outside i/f. Here's a snippet of my pf.conf (I need to upgrade and start
using the cool new i/f groups stuff).
int = xl0
ext = xl1
loop = lo0
pfsync = vr0
despina = 192.168.67.2 # A couple of servers
nereid = 192.168.67.3
..
set loginterface $ext
set block-policy drop # I know return is better netizenship
set skip on $loop
scrub out on $ext no-df max-mss 1452# pmtu disc problem avoidance
scrub on $ext reassemble tcp random-id
binat on $ext from $despina to any - xxx.xxx.xx.97
binat on $ext from $nereid to any - xxx.xxx.xx.98
nat on $ext from $int/16 to any - xxx.xxx.xx.101 # All 192.168 nat'd
block log
antispoof log quick for {$ext $int}
pass quick on $int
pass quick on $pfsync proto pfsync
pass quick on $ext proto carp keep state
..
I also have these in sysctl.conf:
net.inet.ip.forwarding=1
net.inet.carp.allow=1 # enable CARP (default is on)
net.inet.carp.preempt=1 # failover all interfaces together
net.inet.carp.log=1 # log carp errors
I think that's about it. I hope it works out for you. Have fun!
--
stephen
Re: Theo gave an interview to Forbes Mag. about Linux
100% right words! --- Dissapointed Linux user/admin/developer since 1998 --- J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Nice to read though as an ex-Linsux'er :) Jasper -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) If the Linux people actually cared about Quality, as we do, they would not have had as many localhost kernel security holes in the last year. How many is it... 20 so far?
apm problems on dell inspiron 8000
I just loaded a recent 3.7 snapshot and now I seem to be having APM issues. Not long ago I was running a 3.6 snapshot and didn't have problems with a sudo reboot or a sudo shutdown -h -p now. I was also able to unplug A/C power without locking up the machine. Now, when I perform a sudo reboot or a sudo shutdown -h -p now I see the message indicating syncing completed and that the machine is rebooting or shutting down but then it just stops and I have to manually reset. When I unplug A/C power the machine locks up and the fan spins like mad. Here are the current sysctl settings relevant to apm: [EMAIL PROTECTED] /home/rpettit $ sysctl -a | grep apm machdep.apmwarn=5 machdep.apmhalt=1 Last but not least, here is the dmesg: OpenBSD 3.7-current (GENERIC) #189: Fri Jun 10 14:44:35 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 848 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267927552 (261648K) avail mem = 237666304 (232096K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/02/02, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 98% apm0: AC on, battery charge high, charging, estimated 9:25 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbc20/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 7Kb/sec ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage 128 Mobility MF rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x02 pci2 at ppb1 bus 2 esa0 at pci2 dev 3 function 0 ESS Maestro 3 rev 0x10: irq 5 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at esa0 ppb2 at pci2 dev 6 function 0 unknown vendor 0x1668 product 0x0100 rev 0x11 pci3 at ppb2 bus 3 fxp0 at pci3 dev 4 function 0 Intel 82557 rev 0x08, i82559: irq 10, address 00:20:e0:64:07:72 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ATT/Lucent LTMODEM rev 0x01 at pci3 dev 8 function 0 not configured cbb0 at pci2 dev 15 function 0 Texas Instruments PCI4451 CardBus rev 0x00: irq 10 cbb1 at pci2 dev 15 function 1 Texas Instruments PCI4451 CardBus rev 0x00: irq 10 Texas Instruments PCI4451 FireWire rev 0x00 at pci2 dev 15 function 2 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801BAM LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801BAM IDE rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: HITACHI_DK23EA-40 wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, DVD-ROM DRN8080B, 1.11 SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef4d netmask ef4d ttymask ffcf pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech USB Receiver, rev 1.10/9.10, addr 2, iclass 3/1 ums0 at uhidev0: 5 buttons and Z dir. wsmouse1 at ums0 mux 0 dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 WARNING: / was not properly unmounted ^ This is the result of a manual reset when removing
Re: Theo gave an interview to Forbes Mag. about Linux
Not everybody there is happy about Theo's words...oh well, what gives ;-) Jasper On Fri, 17 Jun 2005 16:25:56 +0100 Stephen Marley [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) -- stephen -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script.
VPN Remote Services Connetivity
I have just configured a VPN tunnel between two OpenBSD firewalls / gateways following the VPN man page nearly word-for-word. All is working well... mostly: On either end, on machines behind the firewall, I can connect to any service on any machine on the remote end. However, if I am on the the firewall machines themselves, I can ping machines on the remote end, but service connection fails. for instance, I can ssh to a box on the remote end from a machine behind the firewall, but if i attempt to ssh to the same remote box from the firewall itself, i get a connection refused. This is true on both ends. Are there additional rules I need to put into pf for this type of connectivity? What am I missing?
Re: perl -MCPAN checksum mismatch on anything
On Thu, 16 Jun 2005 21:42:39 +0200, Cudeso MailList wrote:
I noticed that CPAN used lynx to download the sources. This seemed weird to
me so I've reconfigured CPAN so that it no longer uses 'lynx' (entered NONE
when asked for 'where is lynx').
Why should lynx not download properly ?
CPAN now uses ftp or ncftp to download the files and all packages get
installed perfectly!
Tried the same; but gets worse:
...
Use of uninitialized value in pattern match (m//) at /usr/libdata/perl5/CPAN.pm
line 3195, GEN39 line 1456.
Use of uninitialized value in string ne at /usr/libdata/perl5/CPAN.pm line
3329, GEN39 line 1456.
Use of uninitialized value in pattern match (m//) at /usr/libdata/perl5/CPAN.pm
line 3195, GEN39 line 1456.
Use of uninitialized value in string ne at /usr/libdata/perl5/CPAN.pm line
3329, GEN39 line 1456.
Use of uninitialized value in pattern match (m//) at /usr/libdata/perl5/CPAN.pm
line 3195, GEN39 line 1456.
Use of uninitialized value in string ne at /usr/libdata/perl5/CPAN.pm line
3329, GEN39 line 1456.
Use of uninitialized value in pattern match (m//) at /usr/libdata/perl5/CPAN.pm
line 3195, GEN39 line 1456.
Going to read /root/.cpan/sources/modules/03modlist.data.gz
Can't locate object method data via package CPAN::Modulelist (perhaps you
forgot to load CPAN::Modulelist?) at (eval 29) line 1.
at /usr/libdata/perl5/CPAN.pm line 3406
CPAN::Index::rd_modlist('CPAN::Index',
'/root/.cpan/sources/modules/03modlist.data.gz') called at
/usr/libdata/perl5/CPAN.pm line 3129
CPAN::Index::reload('CPAN::Index') called at /usr/libdata/perl5/CPAN.pm
line 675
CPAN::exists('CPAN=HASH(0x3c4e5204)', 'CPAN::Module',
'CPAN::Modulelist') called at /usr/libdata/perl5/CPAN.pm line 1842
CPAN::Shell::expandany('CPAN::Shell', 'CPAN::Modulelist') called at
/usr/libdata/perl5/CPAN.pm line 2078
CPAN::Shell::rematein('CPAN::Shell', 'install', 'CPAN::Modulelist')
called at /usr/libdata/perl5/CPAN.pm line 2165
CPAN::Shell::install('CPAN::Shell', 'CPAN::Modulelist') called at
/usr/libdata/perl5/CPAN.pm line 201
eval {...} called at /usr/libdata/perl5/CPAN.pm line 201
CPAN::shell() called at /usr/bin/cpan line 193
cpan
So, YMMV. Mine did. Thanks for the tip, nevertheless,
Uwe
Re: S-Video TV Hookup
Jacob == Jacob Meuser [EMAIL PROTECTED] writes: Jacob I would say check out gatos.sourceforge.net, but it looks Jacob like you need a Linux kernel module :( Jacob this is interesting to me though, and it would be a fun Jacob challenge to bring this functionality to OpenBSD. I even Jacob have a Radeon 9000 series card with TV-out ... You do not really need to have a kernel module for tv-out to work. I did make tv-out work with the card identified below and XFree from around 3.5 release time. (--) PCI:*(1:0:0) ATI Technologies Inc Rage Mobility P/M AGP 2x rev 100, Mem @ 0x4000/24, 0x4100/12, I/O @ 0x2000/8 (II) ATI: Shared PCI/AGP Mach64 in slot 1:0:0 detected. I switched the output devices using notebook keyboard shortcuts. I just found compiling this module too much trouble and I did not really try to use this port, which might work for you: Port: ATI-4.3.0.9 Path: x11/gatos-bin Info: ATI drivers with full xvideo support Maint: The OpenBSD ports mailing-list ports@openbsd.org Thanks Greg
Re: Theo gave an interview to Forbes Mag. about Linux
I love this part You know what I found? Right in the kernel, in the heart of the operating system, I found a developer's comment that said, 'Does this belong here?' Lok says. What kind of confidence does that inspire? Right then I knew it was time to switch. On 6/17/05, J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Not everybody there is happy about Theo's words...oh well, what gives ;-) Jasper On Fri, 17 Jun 2005 16:25:56 +0100 Stephen Marley [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) -- stephen -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script.
Re: Theo gave an interview to Forbes Mag. about Linux
I'm actually curious as to the apparent change of stance between interviews. In the last two interviews I've read, you've made it clear that you've never used it, and had no comment. Am I missing something? Just curious. On 6/17/05, Theo de Raadt [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) If the Linux people actually cared about Quality, as we do, they would not have had as many localhost kernel security holes in the last year. How many is it... 20 so far? -- Abe Al-Saleh And then came the Apocolypse. It actually wasn't that bad, everyone got the day off and there were barbeques all around.
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, 17 Jun 2005 10:13:37 -0600 Theo de Raadt [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) If the Linux people actually cared about Quality, as we do, they would not have had as many localhost kernel security holes in the last year. How many is it... 20 so far? Yes indeed, or at least something very close to the 20 ;) -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script.
Re: apm problems on dell inspiron 8000
Hi! I4m with the same problem.. but in a cel2.7+asus mainboard (cheap desktop used as gateway server) If you corrected this.. could you tell me how? :-) On 6/17/05, Rick Pettit [EMAIL PROTECTED] wrote: I just loaded a recent 3.7 snapshot and now I seem to be having APM issues. Not long ago I was running a 3.6 snapshot and didn't have problems with a sudo reboot or a sudo shutdown -h -p now. I was also able to unplug A/C power without locking up the machine. Now, when I perform a sudo reboot or a sudo shutdown -h -p now I see the message indicating syncing completed and that the machine is rebooting or shutting down but then it just stops and I have to manually reset. When I unplug A/C power the machine locks up and the fan spins like mad. Here are the current sysctl settings relevant to apm: [EMAIL PROTECTED] /home/rpettit $ sysctl -a | grep apm machdep.apmwarn=5 machdep.apmhalt=1 Last but not least, here is the dmesg: OpenBSD 3.7-current (GENERIC) #189: Fri Jun 10 14:44:35 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 848 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267927552 (261648K) avail mem = 237666304 (232096K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/02/02, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 98% apm0: AC on, battery charge high, charging, estimated 9:25 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbc20/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 7Kb/sec ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage 128 Mobility MF rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x02 pci2 at ppb1 bus 2 esa0 at pci2 dev 3 function 0 ESS Maestro 3 rev 0x10: irq 5 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at esa0 ppb2 at pci2 dev 6 function 0 unknown vendor 0x1668 product 0x0100 rev 0x11 pci3 at ppb2 bus 3 fxp0 at pci3 dev 4 function 0 Intel 82557 rev 0x08, i82559: irq 10, address 00:20:e0:64:07:72 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ATT/Lucent LTMODEM rev 0x01 at pci3 dev 8 function 0 not configured cbb0 at pci2 dev 15 function 0 Texas Instruments PCI4451 CardBus rev 0x00: irq 10 cbb1 at pci2 dev 15 function 1 Texas Instruments PCI4451 CardBus rev 0x00: irq 10 Texas Instruments PCI4451 FireWire rev 0x00 at pci2 dev 15 function 2 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801BAM LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801BAM IDE rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: HITACHI_DK23EA-40 wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, DVD-ROM DRN8080B, 1.11 SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef4d netmask ef4d ttymask ffcf pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech USB
ami(4) in .au
We need an ami(4) board + drives in Australia for a developer. He needs something along the PERC 3/4 lines or a SATA/PATA board. If you are interested in donating please let me know and we'll work out the details. If you want to order something of ebay let me know so that people are not bidding against each other. Thanks :-) /marco
Re: Theo gave an interview to Forbes Mag. about Linux
Just to guess. In most of the article Linux was being criticized from a code standpoint, both in the design and the system they use to develop. On 6/17/05, Abraham Al-Saleh [EMAIL PROTECTED] wrote: I'm actually curious as to the apparent change of stance between interviews. In the last two interviews I've read, you've made it clear that you've never used it, and had no comment. Am I missing something? Just curious. On 6/17/05, Theo de Raadt [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) If the Linux people actually cared about Quality, as we do, they would not have had as many localhost kernel security holes in the last year. How many is it... 20 so far? -- Abe Al-Saleh And then came the Apocolypse. It actually wasn't that bad, everyone got the day off and there were barbeques all around.
Re: apm problems on dell inspiron 8000
On Fri, Jun 17, 2005 at 11:15:28AM -0500, Rick Pettit wrote: I just loaded a recent 3.7 snapshot and now I seem to be having APM issues. please try -current. Not long ago I was running a 3.6 snapshot and didn't have problems with a sudo reboot or a sudo shutdown -h -p now. I was also able to unplug A/C power without locking up the machine. Now, when I perform a sudo reboot or a sudo shutdown -h -p now I see the message indicating syncing completed and that the machine is rebooting or shutting down but then it just stops and I have to manually reset. When I unplug A/C power the machine locks up and the fan spins like mad. Here are the current sysctl settings relevant to apm: [EMAIL PROTECTED] /home/rpettit $ sysctl -a | grep apm machdep.apmwarn=5 machdep.apmhalt=1 Last but not least, here is the dmesg: OpenBSD 3.7-current (GENERIC) #189: Fri Jun 10 14:44:35 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 848 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267927552 (261648K) avail mem = 237666304 (232096K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/02/02, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 98% apm0: AC on, battery charge high, charging, estimated 9:25 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbc20/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 7Kb/sec ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage 128 Mobility MF rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x02 pci2 at ppb1 bus 2 esa0 at pci2 dev 3 function 0 ESS Maestro 3 rev 0x10: irq 5 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at esa0 ppb2 at pci2 dev 6 function 0 unknown vendor 0x1668 product 0x0100 rev 0x11 pci3 at ppb2 bus 3 fxp0 at pci3 dev 4 function 0 Intel 82557 rev 0x08, i82559: irq 10, address 00:20:e0:64:07:72 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ATT/Lucent LTMODEM rev 0x01 at pci3 dev 8 function 0 not configured cbb0 at pci2 dev 15 function 0 Texas Instruments PCI4451 CardBus rev 0x00: irq 10 cbb1 at pci2 dev 15 function 1 Texas Instruments PCI4451 CardBus rev 0x00: irq 10 Texas Instruments PCI4451 FireWire rev 0x00 at pci2 dev 15 function 2 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801BAM LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801BAM IDE rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: HITACHI_DK23EA-40 wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, DVD-ROM DRN8080B, 1.11 SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef4d netmask ef4d ttymask ffcf pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support uhidev0 at uhub0 port 1 configuration 1 interface 0 uhidev0: Logitech USB Receiver, rev 1.10/9.10, addr 2, iclass 3/1 ums0 at uhidev0: 5 buttons and Z dir. wsmouse1 at ums0 mux 0 dkcsum: wd0
Re: VPN Remote Services Connetivity
On Fri, Jun 17, 2005 at 11:29:03AM -0500, dontek wrote: I have just configured a VPN tunnel between two OpenBSD firewalls / gateways following the VPN man page nearly word-for-word. All is working well... mostly: On either end, on machines behind the firewall, I can connect to any service on any machine on the remote end. However, if I am on the the firewall machines themselves, I can ping machines on the remote end, but service connection fails. for instance, I can ssh to a box on the remote end from a machine behind the firewall, but if i attempt to ssh to the same remote box from the firewall itself, i get a connection refused. This is true on both ends. Are there additional rules I need to put into pf for this type of connectivity? What am I missing? I'll guess that the ping works because you're using ping -I to specify the source address as an internal lan address. However your ssh will have the firewall's external address as its source address and it will not get encapsulated since there are no flows defined for gateway to network, only network to network. You could define additional SAs for the gateway to network connections, but I think just adding a route pointing to your inside interface will work. For example, if your gateway's internal address is 192.168.1.1 and the remote network is 10.10.10.0/24, on the gateway run: route add 10.10.10/24 192.168.1.1 -- stephen
Re: perl -MCPAN checksum mismatch on anything
Checksum mismatch for distribution file. Please investigate. I had a similar problem on a fresh 3.7 I noticed that CPAN used lynx to download the sources. This seemed weird to me so I've reconfigured CPAN so that it no longer uses 'lynx' (entered NONE when asked for 'where is lynx'). CPAN now uses ftp or ncftp to download the files and all packages get installed perfectly! Noticed the same problem. Seem that lynx is un-gz'ing the files inline and not removing the .gz, so CPAN tries to do a checksum and un-gz them and errors out. -steve
phpbb
Anybody successfully using phpbb with php, and mysql installed from packages, and using the default chroot mode of apache? I don't want to break the chroot but that's the only way phpbb can see the db. I'm running 3.7. --Bryan
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, Jun 17, 2005 at 10:42:36AM -0600, Abraham Al-Saleh wrote: I'm actually curious as to the apparent change of stance between interviews. In the last two interviews I've read, you've made it clear that you've never used it, and had no comment. Am I missing something? Just curious. You can read about all the security holes and bugs on various websites without ever having used the system. Knowing of bugs and holes is not enough to comment on comparative functionality: you'd really need to use both OSes; however, it is sufficient for recognizing 'garbage'. -- stephen
Re: VPN Remote Services Connetivity
On 17/06/05, Stephen Marley [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 11:29:03AM -0500, dontek wrote: I have just configured a VPN tunnel between two OpenBSD firewalls / gateways following the VPN man page nearly word-for-word. All is working well... mostly: On either end, on machines behind the firewall, I can connect to any service on any machine on the remote end. However, if I am on the the firewall machines themselves, I can ping machines on the remote end, but service connection fails. for instance, I can ssh to a box on the remote end from a machine behind the firewall, but if i attempt to ssh to the same remote box from the firewall itself, i get a connection refused. This is true on both ends. Are there additional rules I need to put into pf for this type of connectivity? What am I missing? I'll guess that the ping works because you're using ping -I to specify the source address as an internal lan address. However your ssh will have the firewall's external address as its source address and it will not get encapsulated since there are no flows defined for gateway to network, only network to network. You could define additional SAs for the gateway to network connections, but I think just adding a route pointing to your inside interface will work. For example, if your gateway's internal address is 192.168.1.1 and the remote network is 10.10.10.0/24, on the gateway run: route add 10.10.10/24 192.168.1.1 If you use ping -I, how about ssh -b also ? /Tony
Re: Snapshot from 03/June : spamd working ?
On Fri, 17 Jun 2005, Otto Moerbeek wrote:
This looks ok. I suggest you setup a local blacklist with an IP you
can use to connect to the mail machine. After that, use nc mailserver
25 from that IP to connect to the machine and you'll see what is
going on.
While playing with this myself, I found that spamd has an off-by one:
the last entry in a blacklist does not get handled properly. This is
supposed to fix it, diff against -current.
-Otto
Index: sdl.c
===
RCS file: /cvs/src/libexec/spamd/sdl.c,v
retrieving revision 1.12
diff -u -r1.12 sdl.c
--- sdl.c 26 Feb 2004 08:18:56 - 1.12
+++ sdl.c 17 Jun 2005 18:54:51 -
@@ -75,11 +75,12 @@
}
if (index != -1) {
if (debug 0)
- printf(replacing list %s\n, blacklists[index].tag);
+ printf(replacing list %s; %d new entries\n,
+ blacklists[index].tag, addrc);
sdl_free(blacklists[index]);
} else {
if (debug 0)
- printf(adding list %s\n, sdname);
+ printf(adding list %s; %d entries\n, sdname, addrc);
index = blu;
}
if (index == blu blu == blc) {
Index: spamd.c
===
RCS file: /cvs/src/libexec/spamd/spamd.c,v
retrieving revision 1.78
diff -u -r1.78 spamd.c
--- spamd.c 23 May 2005 21:08:43 - 1.78
+++ spamd.c 17 Jun 2005 18:54:51 -
@@ -231,13 +231,10 @@
} while ((av[au++] = strsep(cp, ;)) != NULL);
/* toss empty last entry to allow for trailing ; */
- if (av[au - 1][0] == '\0');
+ while (au 0 (av[au - 1] == NULL || av[au - 1][0] == '\0'))
au--;
- if (au 1)
- goto parse_error;
- else
- sdl_add(name, msg, av, au - 1);
+ sdl_add(name, msg, av, au);
return (0);
parse_error:
Re: phpbb
This question has been beaten to death. (I was the one of the ones doing the beating). Search the archives. It involves putting the mysql socket inside the chroot or forcing whatever software you are using to connect over the TCP socket. (Hint: You need a file /etc/my.cnf) Bryan Irvine wrote: Anybody successfully using phpbb with php, and mysql installed from packages, and using the default chroot mode of apache? I don't want to break the chroot but that's the only way phpbb can see the db. I'm running 3.7. --Bryan
Re: Theo gave an interview to Forbes Mag. about Linux
I thought the interview was good. It just didn't read like an interview like the one linked to from undeadly. I used linux a year before moving over to openBSD, and the two are night and day. openBSD is well organized with very good code. linux is a disaster to navigate (horrible man pages and docs), install (it's pretty looking, but you have no clue what is going on behind the scenes), too many distros (which one is good?), and work with (do you YUM, RPMs, etc to upgrade?). And I like the fact that Theo will tell you straight out if you are doing something stupid. The developers here are honest and will tell you when something isn't worth your time. Anyway, cheers for being honest and straight forward. Brian --- J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Nice to read though as an ex-Linsux'er :) Jasper -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Theo gave an interview to Forbes Mag. about Linux
Right, since there is still a big difference between reading the source code and actually using the system. Jasper On Fri, Jun 17, 2005 at 10:42:36AM -0600, Abraham Al-Saleh wrote: I'm actually curious as to the apparent change of stance between interviews. In the last two interviews I've read, you've made it clear that you've never used it, and had no comment. Am I missing something? Just curious. You can read about all the security holes and bugs on various websites without ever having used the system. Knowing of bugs and holes is not enough to comment on comparative functionality: you'd really need to use both OSes; however, it is sufficient for recognizing 'garbage'. -- stephen -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script.
Re: speed of mac mini
I haven't set X up yet, but I finally got 3.7 installed on the Mac mini without issue. I was using MBR for the disk instead of HFS, and there's an issue with the disklabel initial setup. The fix is outlined in this message: http://www.monkey.org/openbsd/archive/misc/0309/msg01319.html and I'll submit a more thorough bug report when I get a chance to write it. So far the mini seems quite fast to me, I doubt you'll have any issues. - brian Hello list, i will only do normal thinks:- some coding -- emacs/terminals/ddd - read www.openbsd.org -- firefox/dillo -read mails of misc@openbsd.org -- thunderbird - write some letters, do some calculations -- abiword/gnumeric - some statistik -- gnuplot - audio/video playing -- xmms/mplayer all with gnome or windowmaker. That's all. Bye Thorsten LiteStar numnums wrote: G'day, A friend of mine uses the mini for all of his foto processing with Photoshop and the like, whilst Illustrator and Safari are running. It seems fast enough. I've no idea what you want to really do with it (if it has a hard time with gnome/kde, that would be really bad, eh?), but for his needs it's fine. Cheers! On 6/16/05, Thorsten Johannvorderbrueggen [EMAIL PROTECTED] wrote: Hello list, i think of buying a mac mini, but i don't know if a mac mini is fast enough. So i ask you: does anyone use an mac mini with gnome/kde or so? At the moment i have an dual-P3 and he's fast enough. Any coments, suggestions? Bye Thorsten
Re: VPN Remote Services Connetivity
On Fri, Jun 17, 2005 at 02:17:08PM -0500, dontek wrote: Actually, I am just doing a vanilla ping, no source address option. When you say flows, do you mean pf flows (rules)? IPSec flows. Sort of like routes. Read vpn(8) again and see netstat -rnfencap for flows and netstat -rnfinet for normal IP (v4) routes. I tried adding pass rules from gateway(s) to network(s) and back, similar to the network to network passes on enc0, but this did not solve the problem. There is nothing in your ipsec config that says encrypt gateway to network, only network to network. I don't think you understand this part. Adding rules to pf won't suddenly make the kernel encrypt this traffic. Adding the static routes indeed worked, however, I would still like to understand this better and get it working via pf and not have to add the routes. Pf is the wrong tool to fix this. There is nothing wrong with static routes. Add them to /etc/hostname.if to make them persist over a reboot. See hostname.if(5). Adding the route works because it means the internal interface's IP address is used as the source address, and the kernel knows to encrypt this traffic. Without it, you'll have the default route interface's IP as source (the external IP), and because there is no ipsec flow defined for this case, the kernel will not encrypt this traffic. It's good that you want to understand this. Use tcpdump(8) to see the traffic passing through each interface (including enc0). Log all your pf blocked traffic and use tcpdump to look at the pf logs. That the ping worked without specifying a source address is puzzling, but tcpdump might reveal what's actually happening. -- stephen
Re: Theo gave an interview to Forbes Mag. about Linux
On Fri, 17 Jun 2005 18:23:51 +0200 J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Not everybody there is happy about Theo's words...oh well, what gives ;-) well, on the one hand, i largely agree with Theo, but on the other hand, Dan Lyons of Forbes has been on an anti-open source kick for some time. me, i'd be very wary of becoming a tool in someone else's agenda. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security Well, if you're not going to expect unexpected flames, what's the point of going anywhere? -- Truckle the Uncivil
Re: Problems with wi0 as hostap
[EMAIL PROTECTED] wrote: I'm running a Netgear MA311 in hostap-mode on OpenBSD 3.7. wi0 at pci0 dev 10 function 0 Intersil PRISM2.5 rev 0x01: irq 12 wi0: PRISM2.5 ISL3874A(Mini-PCI), Firmware 1.1.1 (primary), 1.8.2 (station) wi0: init failed wi0: failed to allocate 1594 bytes on NIC wi0: tx buffer allocation failed wi0: failed to allocate 1594 bytes on NIC wi0: mgmt. buffer allocation failed wi0: wi_mgmt_xmit: xmit failed wi0: wi_start: xmit failed wi0: device timeout wi0: wi_mgmt_xmit: xmit failed have you tried software-based WEP? $ man 8 wicontrol -x 0|1 [Prism2/Symbol only] Select between firmware-based (0) and soft- ware-based (1) WEP. Firmware-based WEP is the default. if it works better, add to /etc/hostname.wi0 something like: !/sbin/wicontrol \$if -x1 this fixed my very similar problem with a NetGear MA401 doing hostap . .
Re: Theo gave an interview to Forbes Mag. about Linux
Correctness is difficult. Actually, security is the easier part. (and it's easier to keep score;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of chefren Sent: Friday, June 17, 2005 6:17 PM To: misc@openbsd.org Subject: Re: Theo gave an interview to Forbes Mag. about Linux http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz _dl_0616theo.html Torvalds, via e-mail, says De Raadt is difficult and declined to comment further. ROFL... +++chefren
Re: Theo gave an interview to Forbes Mag. about Linux
based on my experience, Linux is not a good start for the beginners. for tough systems/network admins its bad. learning unix shall always start with OpenBSD as they can see the difference when try using Linux as their alternative OS. that was a very nice interview. Theo might encourage some other Linux guys to start spending with OpenBSD for life ;-). Sparc Computer Security Professional (CSP) has no reason to lie... to cheat... to steal... nor tolerate among those who do. On 6/18/05, Richard Welty [EMAIL PROTECTED] wrote: On Fri, 17 Jun 2005 18:23:51 +0200 J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Not everybody there is happy about Theo's words...oh well, what gives ;-) well, on the one hand, i largely agree with Theo, but on the other hand, Dan Lyons of Forbes has been on an anti-open source kick for some time. me, i'd be very wary of becoming a tool in someone else's agenda. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security Well, if you're not going to expect unexpected flames, what's the point of going anywhere? -- Truckle the Uncivil
echi after suspend on IBM X40
On my IBM x40 when I connect a usb2 (hi-speed) device (umass(4)) after a clean boot it attaches to ehci(4) and operates at usb2 hi-speed's. But after the first suspend-to-disk (Fn+F12) (and all subsequent suspends/suspend to disk's) it attaches to uhci(4) and operates at usb 1 speeds. This can be seen in the included dmesg where I booted up, connected the external usb2 hard drive, disconnected it, suspended to disk, resumed, and reconnected the drive (The laptop was ac powered the whole time). Just wondering if anyone else has seen this behavior or can replicate it. I'm using a June 10th snap. David Cathcart OpenBSD 3.7-current (GENERIC) #189: Fri Jun 10 14:44:35 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.40GHz (GenuineIntel 686-class) 1.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 cpu0: Enhanced SpeedStep 1400 MHz (1116 mV): speeds: 1400, 1300, 1200, 1100, 1000, 900, 800, 600 MHz real mem = 526884864 (514536K) avail mem = 473911296 (462804K) using 4278 buffers containing 26447872 bytes (25828K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(c2) BIOS, date 01/07/05, BIOS32 rev. 0 @ 0xfd740 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 0xe/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02 Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xe000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci1 at ppb0 bus 1 cbb0 at pci1 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11 vendor Ricoh, unknown product 0x0822 (class system unknown subclass 0x05, rev 0x13) at pci1 dev 0 function 1 not configured em0 at pci1 dev 1 function 0 Intel PRO/1000MT Mobile (82541GI) rev 0x00: irq 11, address: 00:0a:e4:2d:de:97 iwi0 at pci1 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00:0e:35:a5:82:e8 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HITACHI_DK13FA-40B wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) Intel 82801DB SMBus rev 0x01 at pci0 dev 31 function 3 not configured auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 Intel 82801DB Modem rev 0x01 at pci0 dev 31 function 6 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 biomask effd netmask effd ttymask pctr: 686-class user-level performance counters enabled
Re: PPPoE Download Performance Woes
I think I'm going to leave this as an unresolved case--shame though. I also performed the following: * Replaced my ActionTec gt701 modem with a Cisco 678 (was going to do this anyway) and the same issue--Windows is fast, OpenBSD is not * Replaced xl with fxp and the same issue--however, OpenBSD clearly likes fxp better as I was able to get over 90Mb/s (under 10 percent interrupt usage) doing a crossover ftp transfer (compared to the 40Mb/s on xl) * Took Kevin's suggestion and played with tcpdump -tt, but I wasn't sure what to look for and it seems fine. Here's a snippet: $ sudo tcpdump -ntti fxp0 tcpdump: listening on fxp0, link-type EN10MB 1119059986.989027 PPPoE-Session code Session, version 1, type 1, id 0xb394, length 78 IP: 216.x.x.x.2853 200.144.121.33.123: v4 client strat 0 poll 0 prec 0 [tos 0x10] 1119059987.190136 PPPoE-Session code Session, version 1, type 1, id 0xb394, length 78 IP: 200.144.121.33.123 216.x.x.x.2853: v4 server strat 2 poll 0 prec 0 $ sudo tcpdump -ntti pppoe0 tcpdump: listening on pppoe0, link-type PPP_ETHER 1119059986.989021 216.x.x.x.2853 200.144.121.33.123: v4 client strat 0 poll 0 prec 0 [tos 0x10] 1119059987.190145 200.144.121.33.123 216.x.x.x.2853: v4 server strat 2 poll 0 prec I don't get it. I'm not sure what else to try or look at. Regards, D Melameth, Daniel D. wrote: Kevin wrote: On 6/7/05, Can Erkin Acar [EMAIL PROTECTED] wrote: Melameth, Daniel D. wrote: Prior to migrating to DSL, this same card was used for a cable connection and doing more than 1.5Mb/s. This really does not mean much. It could be a negotiation problem. Was your old cable modem ethernet connection 10BaseT ? 100baseTX full-duplex from a previous post ... xl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 address: 00:04:75:ac:05:48 media: Ethernet autoselect (100baseTX full-duplex) Perhaps your ADSL modem/switch has problems negotiating with your card, or your cable might have problems. The same cable was used with the Windows box. It'd help if the OP can provide the output of 'netstat -in' after the PPPoE has been up for a while. Here is the output from the time I rebooted the OpenBSD box this morning till the time I got home from work (which means it didn't get used much): $ netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 33224 Link 0 00 0 0 lo0 33224 127/8 127.0.0.10 00 0 0 lo0 33224 ::1/128 ::1 0 00 0 0 lo0 33224 fe80::%lo0/ fe80::1%lo0 0 00 0 0 pflog0 33224 Link 0 00 0 0 pfsync0 2020 Link 0 00 0 0 enc0* 1536 Link 0 00 0 0 wi0 1500 Link 00:02:6f:09:58:b210227 011042 0 519 wi0 1500 192.168.255 192.168.255.254 10227 011042 0 519 wi0 1500 fe80::%wi0/ fe80::202:6fff:fe10227 011042 0 519 xl0 1500 Link 00:04:75:ac:05:4865278 048429 0 0 xl0 1500 192.168.255 192.168.255.221 65278 048429 0 0 xl0 1500 fe80::%xl0/ fe80::204:75ff:fe65278 048429 0 0 pppoe0 1492 Link 65275 048425 3 0 pppoe0 1492 0.0.0.0/32 70.x.x.x 65275 048425 3 0 pppoe0 1492 fe80::%pppo fe80::202:6fff:fe65275 048425 3 0 Full-duplex does not detect transmission errors, so you would not see them on netstat -i output. You could try setting media to 10BaseT half-duplex this usually helps you notice if there is a problem, and can sometimes solve it. ifconfig takes xl0 media 10baseT, but adding half-duplex yields: $ sudo ifconfig xl0 media 10baseT half-duplex ifconfig: half-duplex: bad value Regardless, with ifconfig xl0 media 10baseT, both the modem and OpenBSD box show the connection at 10Mb/s, but the issue persists. And do try another ethernet card if possible. Seconded on both points. This is a CardBus card and I only have other 3Coms--I tried another identical 3Com card with the same poor results. One thing I've found very helpful in debugging PPPoE has been to use either the - (time between packets) or -tt (absolute epoch time) options on tpcdump, watching the packets on both the real Ethernet interface and the tunnel (pppoe0) interface, in two side-by-side windows. I was about to give this tcpdump timing a shot, but decided to spend a few more hours trying some other tests. Here is the results of my findings (all devices connected to the DSL modem were directly connected): * Reconfiguring the modem to handle the PPPoE
Re: Theo gave an interview to Forbes Mag. about Linux
The best part for me: I think our code quality is higher, just because that's really a big focus for us _Quality_ is the point. On 6/17/05, Steven Day [EMAIL PROTECTED] wrote: I love this part You know what I found? Right in the kernel, in the heart of the operating system, I found a developer's comment that said, 'Does this belong here?' Lok says. What kind of confidence does that inspire? Right then I knew it was time to switch. On 6/17/05, J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Not everybody there is happy about Theo's words...oh well, what gives ;-) Jasper On Fri, 17 Jun 2005 16:25:56 +0100 Stephen Marley [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 04:48:31PM +0200, J. Lievisse Adriaanse wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Heh. Theo never did pull his punches. I suppose there's now a war going on in /. ? :) -- stephen -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script. -- Gerardo Santana Gsmez Garrido http://www.openbsd.org.mx/santana/ Entre los individuos, como entre las naciones, el respeto al derecho ajeno es la paz -Don Benito Juarez
