Re: syslogd udp port

[Shawn K. Quinn]

On Sat, 2005-08-06 at 03:00 +0100, poncenby wrote:
> Shawn K. Quinn wrote:
> > On Fri, 2005-08-05 at 07:33 +0100, poncenby wrote:
> > 
> >>May I suggest some tolerance(doesn't have to be sincere) for people
> >>who are simply either too busy or too lazy to read man pages in their 
> >>entirety. or just simply ignore the email. surely certain people on
> >>this list (theo - that's you!) don't actually enjoy patronising their
> >>loyal userbase?
> > 
> > 
> > You should be reading the man page first, then asking questions on list
> > (or elsewhere, e.g. IRC), not the other way around. And ignoring these
> > sorts of e-mails isn't an option, as people need to know the expected
> > protocol is to read the man page first.
> > 
> > Start out with the goal of making an operating system possible to use
> > without reading documentation, and you wind up with something like
> > Microsoft Windows (however, even Microsoft must document a lot of
> > things, even if it is only available in electronic form). I'm sure
> > you've either already been down that road, or have no desire to go down
> > it.
> > 
> > The people that WTFM intend for you to RTFM.
> > 
> 
> wow shawn, that's really clever. you have saved yourself thirty eight 
> key depressions and managed to convey no sense of authority.

Wow ponceby, that's really clever. You have shown the world your ability
to half-ass-type and not express one Goddamn coherent thought.

In the time it took you to write this, you could have read a man page,
possibly two or three if you're a fast reader.

> if only i could be as l33t

If you want to be understood, type English. I have no idea what the hell
an el-thirty-three-tee is.

You're obviously not averse to reading (and, rather unfortunately,
replying to) messages on the list. Why, then, are you averse to reading
man pages? (Don't answer this publicly, but reflect on the answer to
yourself.)

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: syslogd udp port

[Roger Neth Jr]

From: poncenby <[EMAIL PROTECTED]>
To: misc@openbsd.org
Subject: Re: syslogd udp port
Date: Sat, 06 Aug 2005 03:15:07 +0100

Abraham Al-Saleh wrote:

On 8/5/05, poncenby <[EMAIL PROTECTED]> wrote:


Firstly I never said mentioned the word security, so I don't know where
Tobias got that from.

I apologise once again for not searching the archives and reading the
man pages.

May I suggest some tolerance(doesn't have to be sincere) for people who
are simply either too busy or too lazy to read man pages in their
entirety. or just simply ignore the email. surely certain people on this
list (theo - that's you!) don't actually enjoy patronising their loyal
userbase?





In the long run, it's usually faster to do research than to send a
question to a mailing list and hope someone is going to hold your
hand. You waste your time and everyone elses. If you want to be lazy,
pay someone to do your administration, don't expect everyone else to
do it for free.


if you think about what you said...

"in the long run it's usually faster to do research"

just doesn't make sense. i wanted an answer within a day, didn't have time 
to read the man pages so posted a question to misc and got an answer 
(within a day). f*%k the long run, what exactly is "the long run" anyway.


(see, anyone can be pedantic if they can be arsed).

When i post to misc I hope some kind folk will receive it in the manner 
intended (i.e. a newbie attempting to grasp a solid foundation in BSD 
concepts). Yes I realise I could gain this from reading every single man 
page but that is not realistic (maybe it is for people with nothing better 
to do at that time).


the box is run in my own time and when I post a question (as stupid as it 
might seem) then go to work and come back with a maillist full of utter 
dribble like this, hoping there will be at least 1 constructive answer 
somewhere buried within it.
i run a box with openbsd in my spare time - i'm not going to pay for 
someone to do it for me. i'll learn the way i want to learn, which differs 
depending on how lazy/busy I am at that point in time.


it seems a lot of people assume that openbsd enthusiasts actually have an 
unlimited time to find the answers to every single question they will ever 
have.


it just isn't the case and tolerance is needed.

do you agree theo? :)

poncenby



Hello,

I have spent the last six months installing and uninstalling OpenBSD 
countless times on i386, Alpha, Sgi Mips, and Sparc to learn.


Tried Linux, NetBSD and FreeBSD and came to appreciate OpenBSD more and 
more.


The last month pretty much full time on learning OpenBSD.

I am sacrificing my consulting time $$ to do this and find it time well 
spent.


Still got a long ways to go but am learning all I can.

And am subscribed to the mailing lists and read in my spare time. : )

Best regards,

rogern

_
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Re: syslogd udp port

[Lars Hansson]

On Sat, 06 Aug 2005 03:15:07 +0100
poncenby <[EMAIL PROTECTED]> wrote:
> just doesn't make sense. i wanted an answer within a day, didn't have 
> time to read the man pages so posted a question to misc and got an 
> answer (within a day).

What *you* want is rather irrelevant.

> When i post to misc I hope some kind folk will receive it in the manner 
> intended (i.e. a newbie attempting to grasp a solid foundation in BSD 
> concepts). Yes I realise I could gain this from reading every single man 
> page but that is not realistic (maybe it is for people with nothing 
> better to do at that time).

Ever heard of "apropos" and "man -k"?
And really, it's not THAT difficult to find the man page for syslogd...

> i run a box with openbsd in my spare time - i'm not going to pay for 
> someone to do it for me.
If you dont want to pay I guess you'll just have to do your own homework, eh?

> it seems a lot of people assume that openbsd enthusiasts actually have 
> an unlimited time to find the answers to every single question they will 
> ever have.

It seems many people who post on misc@ seem to think the openbsd users exists 
solely
to answer their questions, no matter how many time's they'e been answered 
before.

---
Lars Hansson

Re: boot> set tty uplcom0 ... is this feasible?

[Nick Holland]

Ed Wandasiewicz wrote:
> I have noticed that some hardware do not have a serial port.  
> e.g. Thinkpad X40 and mac mini.
> 
> However, you can access a serial console through uplcom(8). 
> 
> As of OpenBSD 3.5, /etc/ttys
> 
> ttyU0   "/usr/libexec/getty std.9600"   vt100 on secure
> 
> If you can show boot messages through a serial console, is it feasible
> to do so through a USB-serial interface?
> 
> i.e.  boot> set tty uplcom0
> switching console to uplcom0

no.
There is *no* uplcom0 until the OS is loaded.  Up to that point, the
only HW that is accessable is HW that is supported by the BIOS.  The
BIOS barely supports the standard serial ports, there is no one standard
 "Serial port on a USB port" adapter, and even if there was, it is
unlikely anyone would have supported it in a standard,
cross-manufacturer way.

Of course, we could through all kinds of fancy stuff in the boot loader,
but then the boot loader becomes an OS...  That's not going to happen.

Nick.

Re: syslogd udp port

[ddp]

On 8/5/05, poncenby <[EMAIL PROTECTED]> wrote:

> if you think about what you said...
> 
> "in the long run it's usually faster to do research"
> 
> just doesn't make sense. i wanted an answer within a day, didn't have
> time to read the man pages so posted a question to misc and got an
> answer (within a day). f*%k the long run, what exactly is "the long run"
> anyway.
> 

It doesn't take a day to read the man pages, usualy just a couple of
minutes.  It's easier, and nicer to the people reading the list. :)

ddp

Re: syslogd udp port

[poncenby]

Abraham Al-Saleh wrote:

On 8/5/05, poncenby <[EMAIL PROTECTED]> wrote:


Firstly I never said mentioned the word security, so I don't know where
Tobias got that from.

I apologise once again for not searching the archives and reading the
man pages.

May I suggest some tolerance(doesn't have to be sincere) for people who
are simply either too busy or too lazy to read man pages in their
entirety. or just simply ignore the email. surely certain people on this
list (theo - that's you!) don't actually enjoy patronising their loyal
userbase?





In the long run, it's usually faster to do research than to send a
question to a mailing list and hope someone is going to hold your
hand. You waste your time and everyone elses. If you want to be lazy,
pay someone to do your administration, don't expect everyone else to
do it for free.


if you think about what you said...

"in the long run it's usually faster to do research"

just doesn't make sense. i wanted an answer within a day, didn't have 
time to read the man pages so posted a question to misc and got an 
answer (within a day). f*%k the long run, what exactly is "the long run" 
anyway.


(see, anyone can be pedantic if they can be arsed).

When i post to misc I hope some kind folk will receive it in the manner 
intended (i.e. a newbie attempting to grasp a solid foundation in BSD 
concepts). Yes I realise I could gain this from reading every single man 
page but that is not realistic (maybe it is for people with nothing 
better to do at that time).


the box is run in my own time and when I post a question (as stupid as 
it might seem) then go to work and come back with a maillist full of 
utter dribble like this, hoping there will be at least 1 constructive 
answer somewhere buried within it.
i run a box with openbsd in my spare time - i'm not going to pay for 
someone to do it for me. i'll learn the way i want to learn, which 
differs depending on how lazy/busy I am at that point in time.


it seems a lot of people assume that openbsd enthusiasts actually have 
an unlimited time to find the answers to every single question they will 
ever have.


it just isn't the case and tolerance is needed.

do you agree theo? :)

poncenby

Re: syslogd udp port

[poncenby]

Shawn K. Quinn wrote:

On Fri, 2005-08-05 at 07:33 +0100, poncenby wrote:


May I suggest some tolerance(doesn't have to be sincere) for people
who are simply either too busy or too lazy to read man pages in their 
entirety. or just simply ignore the email. surely certain people on

this list (theo - that's you!) don't actually enjoy patronising their
loyal userbase?



You should be reading the man page first, then asking questions on list
(or elsewhere, e.g. IRC), not the other way around. And ignoring these
sorts of e-mails isn't an option, as people need to know the expected
protocol is to read the man page first.

Start out with the goal of making an operating system possible to use
without reading documentation, and you wind up with something like
Microsoft Windows (however, even Microsoft must document a lot of
things, even if it is only available in electronic form). I'm sure
you've either already been down that road, or have no desire to go down
it.

The people that WTFM intend for you to RTFM.



wow shawn, that's really clever. you have saved yourself thirty eight 
key depressions and managed to convey no sense of authority.


if only i could be as l33t

poncenby

Re: Ext2fs mounting

[Niall O'Higgins]

On Fri, Aug 05, 2005 at 08:02:24PM -0400, Carl Schaaff wrote:
> I just noticed that
> mke2fs V1.35 sets feature: large_file
> 
> while
> 
> mke2fs V1.27 does not.
> 
> OpenBSD3.7 release will not / can not mount an ext2fs partition r/w if 
> large_file is set.

Support for this was committed to -current on 30th of April.

Re: ASUS S8K motherboard + TSSTcorp, CD/DVDW problem

[Jonathan Gray]

On Fri, Aug 05, 2005 at 08:33:11PM +0200, Adam Papai wrote:
> Hello misc@
> 
> Yesterday I tried to install an OpenBSD 3.7-RELEASE to an ASUS S8K 
> motherboard. The install cd failed to boot, because I get the following 
> error:
> 
>  wd0 (pciide0:0:0): timeout
> type: ata
> c_bcount: 512
> c_skip: 0
> pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21

You should no longer see this with your 661 board on -current.

boot> set tty uplcom0 ... is this feasible?

[Ed Wandasiewicz]

I have noticed that some hardware do not have a serial port.  
e.g. Thinkpad X40 and mac mini.

However, you can access a serial console through uplcom(8). 

As of OpenBSD 3.5, /etc/ttys

ttyU0   "/usr/libexec/getty std.9600"   vt100 on secure

If you can show boot messages through a serial console, is it feasible
to do so through a USB-serial interface?

i.e.  boot> set tty uplcom0
switching console to uplcom0

Ed.

Re: Ext2fs mounting

[Carl Schaaff]

I just noticed that
mke2fs V1.35 sets feature: large_file

while

mke2fs V1.27 does not.

OpenBSD3.7 release will not / can not mount an ext2fs partition r/w if 
large_file is set.




Carl Schaaff wrote:

Does anyone know what e2fsprog's (V1.27) mke2fs does differently than
mke2fs (V1.35)?



I have noticed that if I make a file system on a slice (partition) with 
V1.27, OpenBSD can mount it read/write;


but

make a file system with mke2fs V1.35, and OpenBSD can mount it read only.



The above findings are based on;
OpenBSD3.7 release (i386) installed on a TP T23.
Fedora 3 on the same machine.

(I was hoping that ext2 was ext2.  Naive of me, wasn't it.)

I have searched the archives and found nothing related.
To the best of my knowledge, I am using disklabel correctly and have
frequently mounted ext2fs partitions under my beloved OpenBSD in the past.

Carl Schaaff

noriilook.ca

Re: cpuburn: operation not permitted

[Marco Peereboom]

What is you goal?

On Fri, Aug 05, 2005 at 04:24:41PM -0500, Matt Garman wrote:
> Has anyone stress-tested their CPU under OpenBSD?  In particular,
> I'd like to run the cpuburn program:
> 
> http://pages.sbcglobal.net/redelm/
> 
> However, when I try to run any of the executables (even as root), it
> says "Operation not permitted".
> 
> Any hints?
> 
> Thank you,
> Matt
> 
> -- 
> Matt Garman
> email at: http://raw-sewage.net/index.php?file=email

cpuburn: operation not permitted

[Matt Garman]

Has anyone stress-tested their CPU under OpenBSD?  In particular,
I'd like to run the cpuburn program:

http://pages.sbcglobal.net/redelm/

However, when I try to run any of the executables (even as root), it
says "Operation not permitted".

Any hints?

Thank you,
Matt

-- 
Matt Garman
email at: http://raw-sewage.net/index.php?file=email

Re: Using state and routing inbound traffic

[Shawn K. Quinn]

Oops, sorry, wrong list. Meant this to go to the pf list.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: Requesting an change in the installer

[andrew fresh]

On Fri, Aug 05, 2005 at 01:48:13PM -0700, Tim Leslie wrote:
> After determining nomenclature, why not have a detect in the install,
> and then ask a question with the detected kernel as the default? ala
> 
> 
> Do you want to use the single (sp) or multiprocessor (mp) kernel? [detected]
> 

My thoughts would be more along the lines of keeping track of bsd* that are 
downloaded during install, then ask which of those you would like as default.  
That would reduce the magical CPU count code required.  The rest I would agree 
with.  This would allow you to NOT download the bsd.{mp|sp|up|??} and it would 
link the other.

> This would streamline things a bit, I think.

I agree.

l8rZ,
-- 
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
 Proud member: http://www.mad-techies.org

BOFH excuse of the day: Electrons on a bender

Re: Requesting an change in the installer

[Tim Leslie]

> On Fri, 2005-08-05 at 14:30 +0200, Bernd Schoeller wrote:
> My recommendation would be:
>
>   - call the single user kernel /bsd.sp
>   - add a hard link from /bsd.sp to /bsd
>   - add a description to 'man afterboot' for changing the default
> kernel by doing 'rm /bsd && ln /bsd.mp /bsd'

After determining nomenclature, why not have a detect in the install,
and then ask a question with the detected kernel as the default? ala


Do you want to use the single (sp) or multiprocessor (mp) kernel? [detected]


This would streamline things a bit, I think.

-- 
Tim Leslie
Dept. Of Geography
Arizona State University

Re: Using state and routing inbound traffic

[Shawn K. Quinn]

On Fri, 2005-08-05 at 20:44 +, Karl O. Pinc wrote:
> We've been talking TCP here, one can only hope that the applications
> using UDP have some sort of equivalent throttling mechanism.
> Even if not, most of my traffic is TCP.

It's up to each application using UDP whether or not they have a
throttling mechanism. As an example, I'm pretty sure Armagetron does not
have one as such, it just sends updates and the client handles any
significant amount of packet loss very ungracefully.

Other things like DNS resolution won't have a throttling mechanism
because they don't need one.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: Sun hme0 PCI on i386 supported?

[Laurens Vets]

I just installed a SUN PCI card, which combines SCSI and ethernet on 
one card, in a i386 machine.  The ethernet part shows up as a hme0 
interface.  After assigning an ip address to it, I can ping other 
machines on the network and other machines can ping back.  However, 
tcp and udp connections do not work at all...
If I for instance want to ssh into this machine from another host, I 
get no connection and a 'tcpdump -i hme0' show no packets.  There is 
also no firewall between these machines.  If I use another network 
card, everything works correctly.




That would be PR 4218 which is fixed by the following commit
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/hme.c.diff?r1=1.36&r2=1.37



So, the question is, will this Sun card work in my i386 machine?




Yes, you have to use -current to get your hme(4) working again.


Regards
Johan M:son
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (unknown [127.0.0.1])
by palanthas.solace.mh.se (Postfix) with ESMTP id 3561A300D6
for <[EMAIL PROTECTED]>; Fri,  5 Aug 2005 18:50:23 +0200 (MEST)
Received: from palanthas.solace.mh.se ([127.0.0.1])
by localhost (palanthas [127.0.0.1]) (amavisd-new, port 10024) with 
ESMTP id 26737-09
for <[EMAIL PROTECTED]>; Fri,  5 Aug 2005 18:49:55 +0200 (MEST)
Received: from mx2.miun.se (mail.mh.se [10.3.1.42])
by palanthas.solace.mh.se (Postfix) with ESMTP id A0715300B5
for <[EMAIL PROTECTED]>; Fri,  5 Aug 2005 18:49:54 +0200 (MEST)
Received: from shear.ucar.edu (shear.ucar.edu [192.43.244.163])
by mx2.miun.se (8.13.1/8.13.1) with ESMTP id j75Gnqbi020361
for <[EMAIL PROTECTED]>; Fri, 5 Aug 2005 18:49:53 +0200 (CEST)
Received: from openbsd.org (localhost.ucar.edu [127.0.0.1])
by shear.ucar.edu (8.13.4/8.13.4) with ESMTP id j75GaiKC030161; Fri, 5 
Aug 2005 10:36:44 -0600 (MDT)
Received: from g0ten.jgm.gov.ar (200-47-112-33.comsat.net.ar [200.47.112.33] 
(may be forged))
by shear.ucar.edu (8.13.4/8.13.3) with ESMTP id j75GWxcM026017 
(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
for ; Fri, 5 Aug 2005 10:33:01 -0600 (MDT)
Received: (qmail 27426 invoked
by uid 535); 5 Aug 2005 16:33:20 -
Received: from 172.26.216.11
by g0ten.jgm.gov.ar (envelope-from <[EMAIL PROTECTED]>, uid 1001) with 
qmail-scanner-1.25  (clamdscan: 0.86.2/994. spamassassin: 3.0.2.   
Clear:RC:1(172.26.216.11):SA:0(-2.8/5.0):.  Processed in 1.333189 secs); 05 Aug 2005 
16:33:20 -
X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via g0ten.jgm.gov.ar
X-Qmail-Scanner: 1.25 (Clear:RC:1(172.26.216.11):SA:0(-2.8/5.0):. Processed in 
1.333189 secs)
Received: from unknown (HELO CJ0068) (172.26.216.11)
by g0ten.jgm.gov.ar with (RC4-MD5 encrypted) SMTP; 5 Aug 2005 16:33:19 
-
Message-ID: <[EMAIL PROTECTED]>
From: "diego" <[EMAIL PROTECTED]>
To: 
Subject: problem with apache
Date: Fri, 5 Aug 2005 13:32:37 -0300
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; 
reply-type=original
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-Loop: misc@openbsd.org
Precedence: list
Sender: [EMAIL PROTECTED]
X-Virus-Scanned: by amavisd-new at solace.mh.se
X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 0.6789
X-DSPAM-Probability: 0.
X-DSPAM-Signature: 42f398d1276923050724818

Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram 
and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only 
apache for a intranet with 1k users.

I have error

"[Fri Aug  5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many open 
files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to check 
htaccess file, ensure it is readable"


I add "kern.maxfiles=5" to sysctl.conf and

# Setting used by httpd daemon
www:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=40960:\
:openfiles-max=40960:\
:openfiles=40960:\
:stacksize-cur=500M:\
:localcipher=blowfish,8:\
:tc=default:

to login.conf

but I got the same error.

thanks in advance.


diego.


!DSPAM:42f398d1276923050724818!


Ok, that explains it, thanks for the answer :)

Regards,
Laurens

Ext2fs mounting

[Carl Schaaff]

Does anyone know what e2fsprog's (V1.27) mke2fs does differently than
mke2fs (V1.35)?



I have noticed that if I make a file system on a slice (partition) with 
V1.27, OpenBSD can mount it read/write;


but

make a file system with mke2fs V1.35, and OpenBSD can mount it read only.



The above findings are based on;
OpenBSD3.7 release (i386) installed on a TP T23.
Fedora 3 on the same machine.

(I was hoping that ext2 was ext2.  Naive of me, wasn't it.)

I have searched the archives and found nothing related.
To the best of my knowledge, I am using disklabel correctly and have
frequently mounted ext2fs partitions under my beloved OpenBSD in the past.

Carl Schaaff

noriilook.ca

Re: Requesting an change in the installer

[Shawn K. Quinn]

On Fri, 2005-08-05 at 14:30 +0200, Bernd Schoeller wrote:
> My recommendation would be:
> 
>   - call the single user kernel /bsd.sp
>   - add a hard link from /bsd.sp to /bsd
>   - add a description to 'man afterboot' for changing the default
> kernel by doing 'rm /bsd && ln /bsd.mp /bsd'

You're a genius, Bernd! I really like this idea.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: Sun hme0 PCI on i386 supported?

[Johan M : son Lindman]

Laurens Vets wrote:

> Hi list,
>
> I just installed a SUN PCI card, which combines SCSI and ethernet on 
> one card, in a i386 machine.  The ethernet part shows up as a hme0 
> interface.  After assigning an ip address to it, I can ping other 
> machines on the network and other machines can ping back.  However, 
> tcp and udp connections do not work at all...
> If I for instance want to ssh into this machine from another host, I 
> get no connection and a 'tcpdump -i hme0' show no packets.  There is 
> also no firewall between these machines.  If I use another network 
> card, everything works correctly.
>
That would be PR 4218 which is fixed by the following commit
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/hme.c.diff?r1=1.36&r2=1.37

> So, the question is, will this Sun card work in my i386 machine?


Yes, you have to use -current to get your hme(4) working again.


Regards
Johan M:son
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (unknown [127.0.0.1])
by palanthas.solace.mh.se (Postfix) with ESMTP id 3561A300D6
for <[EMAIL PROTECTED]>; Fri,  5 Aug 2005 18:50:23 +0200 (MEST)
Received: from palanthas.solace.mh.se ([127.0.0.1])
by localhost (palanthas [127.0.0.1]) (amavisd-new, port 10024) with 
ESMTP id 26737-09
for <[EMAIL PROTECTED]>; Fri,  5 Aug 2005 18:49:55 +0200 (MEST)
Received: from mx2.miun.se (mail.mh.se [10.3.1.42])
by palanthas.solace.mh.se (Postfix) with ESMTP id A0715300B5
for <[EMAIL PROTECTED]>; Fri,  5 Aug 2005 18:49:54 +0200 (MEST)
Received: from shear.ucar.edu (shear.ucar.edu [192.43.244.163])
by mx2.miun.se (8.13.1/8.13.1) with ESMTP id j75Gnqbi020361
for <[EMAIL PROTECTED]>; Fri, 5 Aug 2005 18:49:53 +0200 (CEST)
Received: from openbsd.org (localhost.ucar.edu [127.0.0.1])
by shear.ucar.edu (8.13.4/8.13.4) with ESMTP id j75GaiKC030161; Fri, 5 
Aug 2005 10:36:44 -0600 (MDT)
Received: from g0ten.jgm.gov.ar (200-47-112-33.comsat.net.ar [200.47.112.33] 
(may be forged))
by shear.ucar.edu (8.13.4/8.13.3) with ESMTP id j75GWxcM026017 
(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
for ; Fri, 5 Aug 2005 10:33:01 -0600 (MDT)
Received: (qmail 27426 invoked
by uid 535); 5 Aug 2005 16:33:20 -
Received: from 172.26.216.11
by g0ten.jgm.gov.ar (envelope-from <[EMAIL PROTECTED]>, uid 1001) with 
qmail-scanner-1.25  (clamdscan: 0.86.2/994. spamassassin: 3.0.2.   
Clear:RC:1(172.26.216.11):SA:0(-2.8/5.0):.  Processed in 1.333189 secs); 05 Aug 
2005 16:33:20 -
X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via g0ten.jgm.gov.ar
X-Qmail-Scanner: 1.25 (Clear:RC:1(172.26.216.11):SA:0(-2.8/5.0):. Processed in 
1.333189 secs)
Received: from unknown (HELO CJ0068) (172.26.216.11)
by g0ten.jgm.gov.ar with (RC4-MD5 encrypted) SMTP; 5 Aug 2005 16:33:19 
-
Message-ID: <[EMAIL PROTECTED]>
From: "diego" <[EMAIL PROTECTED]>
To: 
Subject: problem with apache
Date: Fri, 5 Aug 2005 13:32:37 -0300
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; 
reply-type=original
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-Loop: misc@openbsd.org
Precedence: list
Sender: [EMAIL PROTECTED]
X-Virus-Scanned: by amavisd-new at solace.mh.se
X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 0.6789
X-DSPAM-Probability: 0.
X-DSPAM-Signature: 42f398d1276923050724818

Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram 
and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only 
apache for a intranet with 1k users.
I have error

"[Fri Aug  5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many open 
files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to check 
htaccess file, ensure it is readable"

I add "kern.maxfiles=5" to sysctl.conf and

# Setting used by httpd daemon
www:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=40960:\
:openfiles-max=40960:\
:openfiles=40960:\
:stacksize-cur=500M:\
:localcipher=blowfish,8:\
:tc=default:

to login.conf

but I got the same error.

thanks in advance.


diego.


!DSPAM:42f398d1276923050724818!

Re: login group for users should be?

[Shawn K. Quinn]

On Fri, 2005-08-05 at 13:21 +0200, Tim wrote:
> When creating a user I am wondering what is
> recommended when assigning a login group to the user.
> 
> There are to alternatives, giving the user unique
> login group (same as his name) or giving the user a
> general login group such as users.
> 
> What do you recommend?

I, personally, always use a unique login group, and add the group
"users" as a secondary group. But, like a lot of other things, it really
depends on what you need, and what your users need.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: software testing

[knitti]

On 8/5/05, Gustavo Rios <[EMAIL PROTECTED]> wrote:
> Here you have it: http://www.cyberspace.org/~grios/project.html
> 
> Since, i would really appreciate your comments.

you should include in this website a short description of what this 
software is supposed to do. most people won't download a thing
of which they don't know anything about.

--knitti

Re: Sun hme0 PCI on i386 supported?

[Shawn K. Quinn]

On Fri, 2005-08-05 at 19:34 +0200, Laurens Vets wrote:
> So, the question is, will this Sun card work in my i386 machine?

I personally only use i386 myself, but my understanding is that any PCI
driver in OpenBSD is supposed to work on any architecture that has a PCI
bus.

If ping works, chances are the card is working. I'd look elsewhere for
the problems with TCP and UDP.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: software testing

[Gustavo Rios]

Ok, sure!

The url is: http://www.cyberspace.org/~grios.

I believe, now people will something about.

On 8/5/05, knitti <[EMAIL PROTECTED]> wrote:
> On 8/5/05, Gustavo Rios <[EMAIL PROTECTED]> wrote:
> > Here you have it: http://www.cyberspace.org/~grios/project.html
> >
> > Since, i would really appreciate your comments.
> 
> you should include in this website a short description of what this
> software is supposed to do. most people won't download a thing
> of which they don't know anything about.
> 
> --knitti

Re: ath0: unable to gain access to wireless unencrypted network

[Bryan]

On 8/5/05, Erik Wikstrvm <[EMAIL PROTECTED]> wrote:

> Have you tried to get it working using static IP-addresses? When you
> have that working switch to DHCP and try to get that working.
> 



I've shut off the WEP at home, so I will try that later today...  I
was hoping to get it to work with DHCP, because it would be nice to
use my laptop at other places.

 Thank you to the 2 people who have helped out.

Re: OSCON - OpenBSD/CARP slides

[C. Bensend]

> If you're having problems opening the PDF version, please try another
> PDF viewer.  It was exported using the Export to PDF feature in OOo
> Impress.  It opens fine on my Mac, haven't tried anything else.

Hmmm, yeah, I was wondering about that.  Both Firefox and IE were
giving an error about the file not being a valid PDF, but a little
wget action and I can open it natively.  Odd.

Benny


-- 
"I'd rather staple a skunk to my forehead and go to a trade show
for banjo makers."-- PHB's secretary,
 Dilbert, 07-2002

Re: OSCON - OpenBSD/CARP slides

[Andrew Swisher]

On Fri, Aug 05, 2005 at 01:31:10PM -0400, Michael C. Ibarra wrote:
> It didn't open in within firefox but I was able to save the page and 
> open it with my pdf viewer.
> 



Hmmmworked like a champ here (using 3.6-STABLE, firefox and xpdf
from ports).  You need to tools-options-downloads, and tell firefox to
open files with .pdf extension with xpdf (or whatever viewer you
prefer).

Thanks again Jason!


A

ASUS S8K motherboard + TSSTcorp, CD/DVDW problem

[Adam Papai]

Hello misc@

Yesterday I tried to install an OpenBSD 3.7-RELEASE to an ASUS S8K 
motherboard. The install cd failed to boot, because I get the following 
error:


 wd0 (pciide0:0:0): timeout
type: ata
c_bcount: 512
c_skip: 0
pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21

But it's okey.

I did this:

boot> boot -c
UKC> change wd
change (y/n) ? y
channel [-1] ? -1
flags [0] ? 0xff0
UKC> quit

Then I could finished the install. Later I fetched the latest 
-rOPENBSD_3_7 src and compiled a new GENERIC kernel and I fixed the 
security alerts.


I used
config -e -u -o /bsd.new /bsd
UKC> change wd
change (y/n) ? y
channel [-1] ? -1
flags [0] ? 0xff0
UKC> quit

To boot.

But now, I cannot see cd0.
it's a TSSTcorp, CD/DVDW.

What should be the problem?

dmesg:
OpenBSD 3.7-stable (GENERIC) #0: Fri Aug  5 10:36:42 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.41 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,

TM,SBF,PNI,MWAIT,CNXT-ID
real mem  = 200843264 (196136K)
avail mem = 176504832 (172368K)
using 2477 buffers containing 10145792 bytes (9908K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/29/04, BIOS32 rev. 0 @ 0xfdb10
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7760/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:02:0 ("SIS 85C503 System" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor "SIS", unknown product 0x0661 rev 0x11
ppb0 at pci0 dev 1 function 0 "SIS 648FX AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "SIS 6330 VGA" rev 0x00: aperture at 
0xc000, size 0x40

wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 "SIS 85C503 System" rev 0x25
pciide0 at pci0 dev 2 function 5 "SIS 5513 EIDE" rev 0x00: 5597/5598: 
DMA, channel 0 wired to compatibility, channe

l 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 156334MB, 320173056 sectors
wd0(pciide0:0:0): using PIO mode 4
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 2 function 7 "SIS 7012 AC97" rev 0xa0: irq 10, 
SiS7012 AC97

ac97: codec id 0x434d4983 (C-Media Electronics CMI9761A+)
audio0 at auich0
ohci0 at pci0 dev 3 function 0 "SIS 5597/5598 USB" rev 0x0f: irq 3, 
version 1.0, legacy support

usb0 at ohci0: USB revision 1.0
uhub1 at usb1
uhub1: SIS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ehci0 at pci0 dev 3 function 2 "SIS 7002 USB" rev 0x00: irq 12
ehci0: EHCI version 1.0
ehci0: companion controllers, 3 ports each: ohci0 ohci1
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: SIS EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub2: single transaction translator
uhub2: 6 ports with 6 removable, self powered
sis0 at pci0 dev 4 function 0 "SIS 900 10/100BaseTX" rev 0x90: irq 11, 
address 00:0b:6a:b5:b7:a3

rlphy0 at sis0 phy 1: RTL8201L 10/100 PHY, rev. 1
dc0 at pci0 dev 10 function 0 "Accton EN2242" rev 0x11: irq 10, address 
00:04:e2:33:91:d0

ukphy0 at dc0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x000749, model 0x0001, rev. 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using 
wsdisplay0

pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83697HF
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask f36d netmask ff6d ttymask ffef
pctr: user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302



--
Adam PAPAI
D i g i t a l Influence
E-mail: [EMAIL PROTECTED]
Phone: +36 30 33-55-735

Re: Will read/write eventually block on POLLIN/POLLOUT?

[Henning Brauer]

* Alexander Farber <[EMAIL PROTECTED]> [2005-08-05 19:36]:
> I'm trying to move an iterative server (a small multiplayer card game)
> from using select() to poll()  (BTW is it a good idea at all?)

yes, it is a good idea. poll is easier to use and as a bonus a bit more 
efficient.

> So it is important for me that none of the reads/writes/accepts block.

so use nonblocking sockets...

int flags;

if ((flags = fcntl(fd, F_GETFL, 0)) == -1)
fatal("fnctl F_GETFL");

flags |= O_NONBLOCK;

if ((flags = fcntl(fd, F_SETFL, flags)) == -1)
fatal("fnctl F_SETFL");


> My question is, what events should I poll() ? With select() it is easy -

> 1) read/write returns > 0 means ok
> 2) read/write returns = 0 means connection closed
> 3) read/write returns < 0 means connection interrupted

that is true no matter what.
actually your case #3 is not completely - on error they return -1 and 
only -1, with errno set.

> If I poll() for POLLIN/POLLOUT, will the read/write ever block?

could, unless you use nonblocking sockets.

> Do I need to poll() for POLLHUP and/or POLLERR to detect
> closed or interrupted connections or is POLLIN enough and it
> is same as 2) and 3) above?

the latter.
bgpd's session.c session_main() and dispatch_msg might be worth a read.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: just a 'thank you' ;)

[Henning Brauer]

* Timothy Donahue <[EMAIL PROTECTED]> [2005-08-05 19:21]:
> On Friday 05 August 2005 12:09 pm, Henning Brauer wrote:
> > * Timothy Donahue <[EMAIL PROTECTED]> [2005-08-05 18:06]:
> > > Replacing the NIC's with em or some other well designed gigabit card
> > em is not a well designed gigabit card.
> > > might help if his interrupt count are high
> > not at all, there is no int mitigation on em.
> > well, the hardware supports it, but there's so many bugs that it is
> > turned off - at least here, not sure what linux does.
> Henning, I'm sure this is a stupid question but are the int mitigation 
> problems generic or specific to the em line?

hardware bugs in em

> Would a sk based card work better?

yes, they have pretty much perfect int mitigation

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Sun hme0 PCI on i386 supported?

[Laurens Vets]

Hi list,

I just installed a SUN PCI card, which combines SCSI and ethernet on one 
card, in a i386 machine.  The ethernet part shows up as a hme0 
interface.  After assigning an ip address to it, I can ping other 
machines on the network and other machines can ping back.  However, tcp 
and udp connections do not work at all...
If I for instance want to ssh into this machine from another host, I get 
no connection and a 'tcpdump -i hme0' show no packets.  There is also no 
firewall between these machines.  If I use another network card, 
everything works correctly.


So, the question is, will this Sun card work in my i386 machine?

Full dmesg:
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 499 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MM

X,FXSR,SSE
real mem  = 268013568 (261732K)
avail mem = 237789184 (232216K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/13/03, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc7c0/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0xc00 0xc9000/0x800 0xc9800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82440BX AGP" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel 82440BX AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64 GD" rev 0x5c
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 2 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci2 at ppb1 bus 2
ahc1 at pci2 dev 4 function 0 "Adaptec AIC-7890/1 U2" rev 0x00: irq 11
scsibus0 at ahc1: 16 targets
ahc2 at pci2 dev 6 function 0 "Adaptec AIC-7860" rev 0x03: irq 11
scsibus1 at ahc2: 8 targets
cd0 at scsibus1 targ 5 lun 0:  SCSI2 
5/cdrom remova

ble
st0 at scsibus1 targ 6 lun 0:  SCSI2 
1/sequenti

al removable
st0: drive empty or not ready
ppb2 at pci2 dev 10 function 0 "Intel i960 RP PCI-PCI" rev 0x05
pci3 at ppb2 bus 3
ami0 at pci2 dev 10 function 1 "Intel 80960RP ATU" rev 0x05: irq 10 Dell 
466v2/3

2b
ami0: FW 3.00, BIOS v1.36, 16MB RAM
ami0: 1 channels, 16 targets, 1 logical drives
scsibus2 at ami0: 1 targets
sd0 at scsibus2 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 42840MB, 5461 cyl, 255 head, 63 sec, 512 bytes/sec, 87736320 sec total
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, 
channel 0 wi

red to compatibility, channel 1 wired to compatibility
pciide0: channel 0 ignored (disabled)
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82371AB Power Mgmt" rev 0x02 at pci0 dev 7 function 3 not configured
xl0 at pci0 dev 12 function 0 "3Com 3c905 100Base-TX" rev 0x00: irq 14, 
address

00:60:08:78:35:0c
nsphy0 at xl0 phy 24: DP83840 10/100 PHY, rev. 1
ppb3 at pci0 dev 14 function 0 "DEC 21152 PCI-PCI" rev 0x03
pci4 at ppb3 bus 4
"Sun PCIO Ebus2" rev 0x01 at pci4 dev 0 function 0 not configured
hme0 at pci4 dev 0 function 1 "Sun HME" rev 0x01: address 08:00:20:e4:22:53
ukphy0 at hme0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x00601d, model 0x000c, rev. 1
hme0: using irq 14 for interrupt
isp0 at pci4 dev 4 function 0 "QLogic ISP1020" rev 0x05: irq 5
isp0: Polled Mailbox Command (0x2) Timeout
isp0: Polled Mailbox Command (0x34) Timeout
isp0: Polled Mailbox Command (0x8) Timeout
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using 
wsdisplay0

pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask bf6d netmask ff6d ttymask ffef
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: sd0 matched BIOS disk 80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

Best regards

Re: ath0: unable to gain access to wireless unencrypted network

[Erik Wikström]

On 2005-08-05 18:38, Bryan wrote:

I just need to know what necessary fields have to be filled in to
allow access to an unencrypted network.  I setup the hostname.ath0
file and did everything the ath man file specified, but I am still
unable to get on the network


Have you tried to get it working using static IP-addresses? When you
have that working switch to DHCP and try to get that working.

--
Erik Wikstrvm

Re: OSCON - OpenBSD/CARP slides

[Michael C. Ibarra]

It didn't open in within firefox but I was able to save the page and 
open it with my pdf viewer.


-mike

Quoting Jason Dixon <[EMAIL PROTECTED]>:


On Aug 5, 2005, at 6:35 AM, Jason Dixon wrote:

Here are the slides that I presented at this week's OSCON in  
Portland, OR.  They are available in pdf and sxi (OOo Impress)  
formats.


http://www.dixongroup.net/OSCON/


If you're having problems opening the PDF version, please try another 
 PDF viewer.  It was exported using the Export to PDF feature in OOo  
Impress.  It opens fine on my Mac, haven't tried anything else.


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Will read/write eventually block on POLLIN/POLLOUT?

[Alexander Farber]

Hi,

I'm trying to move an iterative server (a small multiplayer card game)
from using select() to poll()  (BTW is it a good idea at all?)

I have to use iterative design instead of a forking one, because it is 
easier to move players between tables and the chatroom this way.

So it is important for me that none of the reads/writes/accepts block.

My question is, what events should I poll() ? With select() it is easy -

read/write won't block if FD_ISSET is set for that socket and:
1) read/write returns > 0 means ok
2) read/write returns = 0 means connection closed
3) read/write returns < 0 means connection interrupted

But with poll() it is unclear. The Stevens' book says it is implementation-
specific, but the OpenBSD manpage doesn't describe, what is considered 
high-priority data (for example, I listen on a non-blocking socket. If a new 
client connects, is it high-priority or not? Will POLLIN suffice here?)

If I poll() for POLLIN/POLLOUT, will the read/write ever block?

Do I need to poll() for POLLHUP and/or POLLERR to detect
closed or interrupted connections or is POLLIN enough and it
is same as 2) and 3) above?

Regards
Alex

Re: just a 'thank you' ;)

[Timothy Donahue]

On Friday 05 August 2005 12:09 pm, Henning Brauer wrote:
> * Timothy Donahue <[EMAIL PROTECTED]> [2005-08-05 18:06]:
> > Replacing the NIC's with em or some other well designed gigabit card
>
> em is not a well designed gigabit card.
>
> > might help if his interrupt count are high
>
> not at all, there is no int mitigation on em.
> well, the hardware supports it, but there's so many bugs that it is
> turned off - at least here, not sure what linux does.

Henning, I'm sure this is a stupid question but are the int mitigation 
problems generic or specific to the em line?  Would a sk based card work 
better?

Tim Donahue

Re: ath0: unable to gain access to wireless unencrypted network

[Bryan]

According to www.dlink.com, a DWL-G650 that has a hardware version of
"B5" is a "G650B".  I went to their site, and looked up the G650 for a
firmware upgrade, and I found that there is a G650A, G650B, and even
G650C.

man 4 ath states:

HARDWARE
 Devices supported by the ath driver come in either CardBus or Mini PCI
 packages.  Wireless cards in CardBus slots may be inserted and ejected on
 the fly.

 The following cards are among those supported by the ath driver:

   Card Chip  BusStandard

   D-Link DWL-G520  AR5212PCIb/g
   D-Link DWL-G650B AR5212CardBusb/g



The DWL-G520 that I bought for my workstation is also on this list... 
Did I just waste money buying it expecting it to work? or will there
be support in the future?

I'm the first person to admit when I'm wrong, but I didn't buy the
wrong card.  I didn't setup the card correctly to allow access to the
network.

I just need to know what necessary fields have to be filled in to
allow access to an unencrypted network.  I setup the hostname.ath0
file and did everything the ath man file specified, but I am still
unable to get on the network





On 8/5/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> - Original Message -
> From: Bryan <[EMAIL PROTECTED]>
> Subject: ath0: unable to gain access to wireless unencrypted network
> > ath0 at cardbus0 dev 0 function 0 "Atheros Communications, Inc.,
> > AR5001--, Wireless LAN Reference Card": irq 11
> > ath0: AR5212 7.9 phy 4.5 rf2112 5.6 rf2112 5.6, FCC1A, address
> 
> 
> Unfortunately, this version was specified as currently unsupported.
> 
> "currently unsupported:
> 
> ath0: AR5212 7.9 phy 4.5 rf2112 5.6 rf2112 5.6"

Re: Requesting an change in the installer

[Tony]

Alexey E. Suslikov wrote:

Nick Holland wrote:
> PERSONALLY, I prefer to call the single processor kernel "bsd.sp",

bsd.sp is not correct if you crazy about correct terminology :)
bsd.up ("uniprocessor") is correct one.
Alexey.


Maybe it's just me, but everytime I see up I see down as its implicit
alternate.

problem with apache

[diego]

Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram 
and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only 
apache for a intranet with 1k users.

I have error

"[Fri Aug  5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many open 
files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to check 
htaccess file, ensure it is readable"


I add "kern.maxfiles=5" to sysctl.conf and

# Setting used by httpd daemon
www:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=40960:\
:openfiles-max=40960:\
:openfiles=40960:\
:stacksize-cur=500M:\
:localcipher=blowfish,8:\
:tc=default:

to login.conf

but I got the same error.

thanks in advance.


diego.

Re: OSCON - OpenBSD/CARP slides

[Jason Dixon]

On Aug 5, 2005, at 6:35 AM, Jason Dixon wrote:

Here are the slides that I presented at this week's OSCON in  
Portland, OR.  They are available in pdf and sxi (OOo Impress)  
formats.


http://www.dixongroup.net/OSCON/


If you're having problems opening the PDF version, please try another  
PDF viewer.  It was exported using the Export to PDF feature in OOo  
Impress.  It opens fine on my Mac, haven't tried anything else.


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: just a 'thank you' ;)

[Henning Brauer]

* Timothy Donahue <[EMAIL PROTECTED]> [2005-08-05 18:06]:
> Replacing the NIC's with em or some other well designed gigabit card

em is not a well designed gigabit card.

> might help if his interrupt count are high

not at all, there is no int mitigation on em.
well, the hardware supports it, but there's so many bugs that it is 
turned off - at least here, not sure what linux does.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: OSCON - OpenBSD/CARP slides

[J.C. Roberts]

On Fri, 5 Aug 2005 05:35:39 -0700, Jason Dixon <[EMAIL PROTECTED]>
wrote:

>Here are the slides that I presented at this week's OSCON in  
>Portland, OR.  They are available in pdf and sxi (OOo Impress) formats.
>
>http://www.dixongroup.net/OSCON/
>
>--
>Jason Dixon

Slide #6: "Chicks dig redundancy"

(;

Very nicely done Jason!

Kind Regards,
JCR

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Soekris & OBSD as servers

[Bob Beck]

I have used machines of the category of a pentium 100 before
for such tasks, so there is no reason why a soekris would not
work for that. (NIS and kerberos)

However, given the cost difference between the soekris hardware
and something slithgly more beefy, like a comell or nexcomm box, or, for
that matter, a decent little 1U like a dell 750, why are you so 
insistant on throwing everything on a little soekris box? Is it 
that important to you to save 300 dollars on the machine? the soekris
is slow, and designed as a small router. 

It's kind of like saying "will sphagnum moss make acceptable
toilet paper" from experience, yes it will, however, you will frequently
be more comfortable going slightly less minimalist.

-Bob


* Gustavo Rios <[EMAIL PROTECTED]> [2005-08-04 22:15]:
> On 8/5/05, Scott Francis <[EMAIL PROTECTED]> wrote:
> > On 8/4/05, Gustavo Rios <[EMAIL PROTECTED]> wrote:
> > > I would like to set a obsd and soekris boxes as a server for about 100 
> > > users.
> > > This box is supposed to handle NIS + Kerberos.
> > >
> > > Does such configuration can handle the task ? I mean on a performance 
> > > matter.
> > > Does anybody have such configuration?
> 
> I am not asking jus ton OpenBSD, but a combination of OBSD and
> Soekris. I am considering using OpenBSD+soekris for this task: (NIS
> and Kerberos) because i believe this type of service to be light for
> the amount of users i have to handle.
> 
> Any other services will be handle by other hardware, like the NFS, web
> and the like. For now, let's just consider NIS and Kerberos on OBSD
> 3.7 and soekris.
> 
> My concern is whether i could use OBSD with soekris. I could for
> instance use QNX with an embed NIS and kerberos to achieve paramount
> performance even on such a modest hardware and no other OS i known
> could beat. But, again, i would like to stay with OBSD.
> 
> > the default config on OpenBSD can easily handle 100 users. Whether or
> > not a Soekris is the right _hardware_ platform is another matter
> > altogether. If you're handling users, as opposed to just packets, you
> > will probably want some kind of disk-based storage for their home
> > directories, NIS+ databases, etc. But then, you could do this with a
> > Soekris too with the right adapter, but you might as well use a
> > generic x86 machine at that point.
> > 
> > Remember: OpenBSD is software, and runs on many platforms. Soekris is
> > x86 hardware, geared towards specific tasks (typically networking, not
> > user management, databases, web serving, etc. etc.), and can run
> > OpenBSD or other operating systems.
> > 
> > If you have this firmly in mind already and I'm just misparsing your
> > English, my apologies.
> > --
> > [EMAIL PROTECTED],darkuncle.net} || 0x5537F527
> > encrypted email to the latter address please
> > http://darkuncle.net/pubkey.asc for public key
> 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

Re: login group for users should be?

[Christian Jones]

Tim, are you referring to user groups (i.e., group(5)), or to login
classes (i.e., login.conf(5))?  If the former, the link Will pointed
out is a reasonable one, but note that it *is* in fact the default on
OpenBSD (at least, using adduser).  If you're talking about login
classes, I wouldn't think there's any benefit---have you heard there
might be?

CDJ

-- 
Christian Jones
[EMAIL PROTECTED]
http://www.aleph0.com/~chjones

Re: just a 'thank you' ;)

[Timothy Donahue]

On Friday 05 August 2005 09:01 am, Peter Huncar wrote:
> Hi
>

[snip comparison of 2 different systems with different hardware and different 
services that result in a different load]

Replacing the NIC's with em or some other well designed gigabit card might 
help if his interrupt count are high, but I would personally start by 
offloading squid onto a separate server.  (You didn't list squid as running 
on your server and squid can eat up a lot of resources.)  

Tim Donahue

Re: Via C3 IPSec test result

[Massimo]

On Fri, 2005-08-05 at 09:30 -0600, Bob Beck wrote:
> 
>   Yes, that's the hlt-hlt apm bug.   
> 
>   -Bob

So it seems to me it's already committed to 3_7 stable branch, right ?
If so, how it could be related to this topic ? (APM calls during
interrupt ?)

Thanks Bob and sorry for the double mails...

-- 
Massimo.run();

Re: Via C3 IPSec test result

[Bob Beck]

Yes, that's the hlt-hlt apm bug.   

-Bob

* Massimo <[EMAIL PROTECTED]> [2005-08-05 09:00]:
> On Thu, 2005-08-04 at 18:37 -0400, Mike wrote:
> 
> 
> > I got a suggestion off-list to try a current release because this could
> > be related to the hlt hlt bug.  I installed a snapshot from 31 July but
> > it didn't improve things.  I changed my quick mode transforms from AES
> > SHA to BLF MD5 and improved IPSec performance to about 35Mbps.
> 
> I've a seen commit from Brad to OPENBSD_3_7 about hlt hlt:
> http://marc.theaimsgroup.com/?l=openbsd-cvs&m=111859519015510&w=2
> 
> Is actually that one hlt hlt bug ?
> 
> -- 
> Massimo.run();
> 

-- 
Bob Beck   Computing and Network Services
[EMAIL PROTECTED]   University of Alberta
True Evil hides its real intentions in its street address.

just a 'thank you' ;)

[Peter Huncar]

Hi

Last month I installed OpenBSD 3.7 on an Intel P4 2.8GHz, 512MB RAM, Intel
server board (E7221) and four intel NICs (two fxp and two em)

It's used as an intranet router for a campus (PIM TV multicast with xorp,
squid and sometimes snort) routing between different parts of the campus and
preventing unwanted traffic to pass between them. (and routing outgoing
traffic to another obenbsd router connected to internet)

There are approx. 600 users (student WIN boxes and some servers (game/samba)
)on the LAN and the load on the machine is 20% max. (with snort running)



A friend of mine maintains similar LAN with similar HW. (but has a desktop
MSI board (intel 865 chipset) with realtek and 3com NICs, the same processor
etc...) with Debian

His machine (with cca the same throughput) running squid and xorp has 70%
load, forget about snort.



I'm wondering why there's so big difference. Maybe NIC or chipset together
with OS ;)

Anyway, I'm absolutely satisfied with all my OBSD machines. Great work.



Peter Huncar
IT manager
GTS Slovakia s.r.o.
Liscie udolie 5
841 02 Bratislava
*
tel: (+421) (2) 57781 101
fax: (+421) (2) 57781 117
cell: (+421) 905  580 724

Re: Via C3 IPSec test result

[Massimo]

On Thu, 2005-08-04 at 18:37 -0400, Mike wrote:


> I got a suggestion off-list to try a current release because this could
> be related to the hlt hlt bug.  I installed a snapshot from 31 July but
> it didn't improve things.  I changed my quick mode transforms from AES
> SHA to BLF MD5 and improved IPSec performance to about 35Mbps.

I've a seen commit from Brad to OPENBSD_3_7 about hlt hlt:
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=111859519015510&w=2

Is actually that one hlt hlt bug ?

-- 
Massimo.run();

fabrics for men's

[Avrasya Textile]

Dear Ladies and Gentlemen,





As a fabric manufacturer and trade company AVRASYA TEKSTIL offers
you a wide assortment of Turkish-made high-quality fabrics for men's suits,
trousers and domestic textiles. High professionalism of our workers and
financial stability of the company help to constantly develop the enterprise,
introduce new technologies, expand product range, and perfect quality. The
company can produce over 200 thousand meters of fabrics a month.



In addition to fabrics we produce Lining, Glue lining,
Pocket-type, Coarse calico, Kapitone, Teri cotton, Corsage band, and Trousers
corsage.



Since 1994 our company has been working with many firms from
Greece, Yugoslavia, Poland, Russia, Ukraine, and other CIS countries. All our
activities are based on the principle of 100% client satisfaction. Prices and
terms of payment depend on the volume of purchase as well as your desire to
become our long-term and reliable partner.



The fabrics are %40 Viscose + %60 Polyester, %100 Polyester and
%100 Cotton, weight ranges from 300gr to 500gr per meter. We usually keep %80
of fabrics in reserve. At the special request from our clients we perform
individual orders through customized fabric coloring; professional assistance
with selection of colors, type and thickness of materials; informational
support and advisory services. Special requests and individual orders will be
performed within 15 days.



We invite you to mutually beneficial cooperation.



For additional information please check out website at www.avrasyatekstil.com
or contact us by phone or e-mail.





Sincerely yours,



Kadirbek Darbanov

(sales manager)

Re: x86 rings?

[Alexander Bochmann]

...on Thu, Aug 04, 2005 at 08:18:40PM -0500, Dave Feustel wrote:

 > some very specialized applications. Intel had a chip (the 960mp?) used in 
 > the military
 > that used segmented addressing, but I don't think it has been used anywhere 
 > else
 > but possibly in HP printers years ago, and (I think) without the 
 > segmentation).

I've seen a lot of i960s as embedded CPUs on RAID 
controllers and the like in the 1990s, but obviously 
they were stripped down from the military i960MX version
(see Wikipedia, http://en.wikipedia.org/wiki/Intel_i960).

Alex.

Re: Requesting an change in the installer

[Alexey E. Suslikov]

Nick Holland wrote:


PERSONALLY, I prefer to call the single processor kernel "bsd.sp",


bsd.sp is not correct if you crazy about correct terminology :)

bsd.up ("uniprocessor") is correct one.

Alexey.

Re: OpenBSD website vintage looks

[Nick Holmes]

"OpenBSD's best friend"

Now where can I too get an OpenBSD doggy-T for my Dobermann?!



Jan 18, 2001

http://web.archive.org/web/20010118233800/http://www.openbsd.org/


_
Use MSN Messenger to send music and pics to your friends 
http://messenger.msn.co.uk

Re: Requesting an change in the installer

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Bernd Schoeller
> Sent: Friday, August 05, 2005 9:15 AM
> To: misc@openbsd.org
> Subject: Re: Requesting an change in the installer
> 
> On Fri, Aug 05, 2005 at 03:00:25PM +0200, [EMAIL PROTECTED]
wrote:
> > [...]
> > Quoting Bernd Schoeller <[EMAIL PROTECTED]>:
> > >   - call the single user kernel /bsd.sp
> > >   - add a hard link from /bsd.sp to /bsd
> > >   - add a description to 'man afterboot' for changing the default
> > > kernel by doing 'rm /bsd && ln /bsd.mp /bsd'
> > [...]
> >
> > I disagree the hardlink, since it would change bsd.* after using
> 'config'.
> 
> Different opinions here: I my view 'config -ef /bsd' should change the
> configuration of the current kernel, which is /bsd.sp on a single
> processor machine and /bsd.mp on a multi processor machine. Switch
> back and forth between the two kernels should not delete your
> configuration for the kernel.
> 
> Bernd

If some consensus is reached on this, perhaps it is time to update the
FAQs to reflect best practices in the MP world.

Re: login group for users should be?

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Tim
> Sent: Friday, August 05, 2005 7:22 AM
> To: misc@openbsd.org
> Subject: login group for users should be?
> 
> When creating a user I am wondering what is
> recommended when assigning a login group to the user.
> 
> There are to alternatives, giving the user unique
> login group (same as his name) or giving the user a
> general login group such as users.
> 
> What do you recommend?
> 
> Thanks.

Not to support one or the other, but some discussion of the user private
group:
http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-use
rs-groups-private-groups.html

This is not the traditional default in BSD systems.

Re: Requesting an change in the installer

[Bernd Schoeller]

On Fri, Aug 05, 2005 at 03:00:25PM +0200, [EMAIL PROTECTED] wrote:
> [...]
> Quoting Bernd Schoeller <[EMAIL PROTECTED]>:
> >   - call the single user kernel /bsd.sp
> >   - add a hard link from /bsd.sp to /bsd
> >   - add a description to 'man afterboot' for changing the default
> > kernel by doing 'rm /bsd && ln /bsd.mp /bsd'
> [...]
> 
> I disagree the hardlink, since it would change bsd.* after using 'config'.

Different opinions here: I my view 'config -ef /bsd' should change the
configuration of the current kernel, which is /bsd.sp on a single
processor machine and /bsd.mp on a multi processor machine. Switch
back and forth between the two kernels should not delete your
configuration for the kernel.

Bernd

Re: Requesting an change in the installer

[C. Bensend]

> PERSONALLY, I prefer to call the single processor kernel "bsd.sp",
> rather than "bsd.old".  "bsd.old" is most commonly the "previous kernel
> before I tried to build my own and hosed the heck out of everything". :)

Heh.

I have gotten myself in the habit of making a copy of the kernel
after first boot, calling it 'bsd.INSTALL'.  Each time I build a
new one (-STABLE or -CURRENT), I copy the previous one to
bsd.PREV.  That way, I have the last "known good" kernel, and a
copy of the kernel it installed with, just in case.


-- 
"I'd rather staple a skunk to my forehead and go to a trade show
for banjo makers."-- PHB's secretary,
 Dilbert, 07-2002

Re: Requesting an change in the installer

[jimmy]

Quoting Bernd Schoeller <[EMAIL PROTECTED]>:

> On Fri, Aug 05, 2005 at 01:24:41PM +0200, Artur Grabowski wrote:
> > Nick Holland <[EMAIL PROTECTED]> writes:
> >
> > > Roger Neth Jr wrote:
> > > ...
> > > > Did this newbie (me) do this wrong?
> > > >
> > > > cd /
> > > > cp bsd bsd.old
> > > > cp bsd.mp bsd
> > > > #reboot
> > >
> > > PERSONALLY, I prefer to call the single processor kernel "bsd.sp",
> > > rather than "bsd.old".  "bsd.old" is most commonly the "previous kernel
> > > before I tried to build my own and hosed the heck out of everything". :)
> > >  But yes, other than the one small detail, this is my prefered way.
> > > Altering boot.conf is dangerous.  Art's story isn't the only one I've
> > > heard along those lines from developers.
> >
> > [a story about some Linux admin deleting /etc/*]
>
> Everybody knows that there are tons of ways to shoot yourself into the
> foot. But at least OpenBSD should not help you in doing it.
>
> More and more machines require the bsd.mp kernel, and I think there
> should be a hint of how to do the switch. This would prevent
> home-brewed solutions and keep the installations consistent.
>
> My recommendation would be:
>
>   - call the single user kernel /bsd.sp
>   - add a hard link from /bsd.sp to /bsd
>   - add a description to 'man afterboot' for changing the default
> kernel by doing 'rm /bsd && ln /bsd.mp /bsd'
>
> This would give a clean setup for switching the kernel. Also it is
> clear that by booting /bsd.sp, you always boot the single processor
> kernel, by booting /bsd.mp, you always boot the multi processor
> kernel. By booting /bsd you boot the configured kernel.
>
> Bernd
>
> [demime 1.01d removed an attachment of type application/pgp-signature which
> had a name of signature.asc]
>
>

I disagree the hardlink, since it would change bsd.* after using 'config'.

Kind regards,
Jimmy Scott


This message has been sent through ihosting.be
To report spamming or other unaccepted behavior
by a iHosting customer, please send a message 
to [EMAIL PROTECTED]

Re: syslogd udp port

[imEnsion]

haha, henning.. i love your technical responses to problems. they're
always very short, sweet and to the point (and you're 99.999% of the
time right).

if i could make it to a hackathon (or even get invited, heh) i'd buy a
round of beer for everyone to calm the *&%# down :P



On 8/5/05, Henning Brauer <[EMAIL PROTECTED]> wrote:
> syslog shutdown()s  the port for reading. there is no real difference
> to not opening it at all.
> 
> * mdff <[EMAIL PROTECTED]> [2005-08-05 13:13]:
> > blah blah...
> > he'd better do man syslogd... but assume this:
> > - no pf for udp/514.
> > - a DOS or DDOS to this OPEN port.
> > - syslogd running just in "send mode".
> > - and finally: no remote syslogging configured because of only 1 box here.
> >
> > will it take more ressources to handle this with an open port
> > compared to a closed one or not? i guess yes. and for security,
> > i guess a closed port is still better, than an application reading
> > all packets and discarding them...
> >
> > question: what about 1 more argv to have syslogd not to bind udp/514 at all?
> >
> > br, mdff...
> >
> 
> --
> BS Web Services, http://www.bsws.de/
> OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)

OSCON - OpenBSD/CARP slides

[Jason Dixon]

Here are the slides that I presented at this week's OSCON in  
Portland, OR.  They are available in pdf and sxi (OOo Impress) formats.


http://www.dixongroup.net/OSCON/

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: Requesting an change in the installer

[Bernd Schoeller]

On Fri, Aug 05, 2005 at 01:24:41PM +0200, Artur Grabowski wrote:
> Nick Holland <[EMAIL PROTECTED]> writes:
>
> > Roger Neth Jr wrote:
> > ...
> > > Did this newbie (me) do this wrong?
> > >
> > > cd /
> > > cp bsd bsd.old
> > > cp bsd.mp bsd
> > > #reboot
> >
> > PERSONALLY, I prefer to call the single processor kernel "bsd.sp",
> > rather than "bsd.old".  "bsd.old" is most commonly the "previous kernel
> > before I tried to build my own and hosed the heck out of everything". :)
> >  But yes, other than the one small detail, this is my prefered way.
> > Altering boot.conf is dangerous.  Art's story isn't the only one I've
> > heard along those lines from developers.
>
> [a story about some Linux admin deleting /etc/*]

Everybody knows that there are tons of ways to shoot yourself into the
foot. But at least OpenBSD should not help you in doing it.

More and more machines require the bsd.mp kernel, and I think there
should be a hint of how to do the switch. This would prevent
home-brewed solutions and keep the installations consistent.

My recommendation would be:

  - call the single user kernel /bsd.sp
  - add a hard link from /bsd.sp to /bsd
  - add a description to 'man afterboot' for changing the default
kernel by doing 'rm /bsd && ln /bsd.mp /bsd'

This would give a clean setup for switching the kernel. Also it is
clear that by booting /bsd.sp, you always boot the single processor
kernel, by booting /bsd.mp, you always boot the multi processor
kernel. By booting /bsd you boot the configured kernel.

Bernd

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: packet loss over nat

[Håkan Olsson]

Try increasing PF max number of states.

It is currently limited to 1, so when you reach this no new  
traffic (that would create a state) is permitted until some of the  
old ones expire. The 1 limit is ok for most machines, but  
definitely not for a busy server / firewall. (Same goes for the  
default httpd.conf, btw, which also requires tweaking for higher  
performance.)


Use "pfctl -s info" and check the "memory" counter, it indicates the  
number of states that could not be created due to the limit  
(presumably other mem failures too). You want to see "0" (zero) here.


See pf.conf(5), try "set limit states 5" or so.

/H

On 2 aug 2005, at 00.07, Bc. Radek Krejca wrote:


Hi,

  thank you for response. It was my idea too but pfctl -ss shows about
  1 lines. Where I got better information about ports over nat?

  Thank you
  Radek

1. srpna 2005, 23:02:15, jste napsal(a):
SKQ> On Mon, 2005-08-01 at 21:21 +0200, Bc. Radek Krejca wrote:

  I have problem with packet loss over nat. I dont know where  
could be
  mistake. If i try stop half IPs I have no problem. What can I  
change

  to resolving problem? Over this nat runs about 1300 IPs.



SKQ> My gut instinct says that you're simply running out of ports  
on the one
SKQ> external address. That is definitely something you want to  
look into at

SKQ> some point.



--
Regards,
 Bc. Radek Krejca
 [EMAIL PROTECTED]
 http://www.ceskedomeny.cz
 http://www.skdomeny.com
 http://www.starnet.cz

Re: HP thin Client

[Brandon Mercer]

Gustavo Rios wrote:

>Anyone running HP thin client with OPENBSD (netbooting from a openbsd server)?
>What is your experience with them?
>
>thanks.
>
Yes, they work great.  I really like the combination of this thin
station with openbsd as the boot server :-)
Brandon

login group for users should be?

[Tim]

When creating a user I am wondering what is
recommended when assigning a login group to the user.

There are to alternatives, giving the user unique
login group (same as his name) or giving the user a
general login group such as users.

What do you recommend?

Thanks.

Re: syslogd udp port

[Claudio Jeker]

On Fri, Aug 05, 2005 at 12:58:04PM +0200, mdff wrote:
> blah blah...
> he'd better do man syslogd... but assume this:
> - no pf for udp/514.
> - a DOS or DDOS to this OPEN port.

To DOS or DDOS a udp port it does not need to be open.

> - syslogd running just in "send mode".
> - and finally: no remote syslogging configured because of only 1 box here.
> 
> will it take more ressources to handle this with an open port
> compared to a closed one or not? i guess yes. and for security,
> i guess a closed port is still better, than an application reading
> all packets and discarding them...

The additional resource usage of this additional port is not measurable
and a socket that was shutdown(fd, SHUT_RD); is mostly a closed port (in
the read direction). syslogd does not read all packtes and discards them,
the kernel discards them.

-- 
:wq Claudio

Re: generel software RAID-Question (IBMx330, raid failed, where to look for errors? )

[Richard Welty]

On Fri, 5 Aug 2005 12:43:10 +0200 Johan P. Lindstrvm <[EMAIL PROTECTED]> wrote:

> The IBM e-server x330 usually sports a branded Adaptec SCSI RAID card
> (IBM ServeRAID) and... well google the archives if you haven't been
> following thie list.

um, the onboard controller is an adaptec, but the rebranded scsi raid
card is generally a mylex in these beasts, not an adaptec.

richard
-- 
Richard Welty [EMAIL PROTECTED]
Averill Park Networking
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
  "Well, if you're not going to expect unexpected flames,
 what's the point of going anywhere?" -- Truckle the Uncivil

Re: OpenBSD website vintage looks

[Johan P . Lindström]

On 8/5/05, J. Lievisse Adriaanse <[EMAIL PROTECTED]> wrote:
> On Fri, 5 Aug 2005 15:52:11 +0530
> Siju George <[EMAIL PROTECTED]> wrote:
> 
> > Hi,
> >
> > Just happened to get a glimpse of how the OpenBSD website looked some
> > while back when I had never heard about and is a bit thrilled about it
> > :-)
> >
> > Dec 24, 1996
> >
> > http://web.archive.org/web/1996122431/http://openbsd.org/
> >
> > Mar 27, 1997
> >
> > http://web.archive.org/web/19970327004719/http://www.openbsd.org/
> >
> > Feb 12, 1998
> >
> > http://web.archive.org/web/19980212062954/http://www.openbsd.org/
> >
> > Jan 17, 1999
> >
> > http://web.archive.org/web/19990117075126/http://openbsd.org/
> >
> > Mar 02, 2000
> >
> > http://web.archive.org/web/2302133316/http://www.openbsd.org/
> >
> > Jan 18, 2001
> >
> > http://web.archive.org/web/20010118233800/http://www.openbsd.org/
> >
> >
> > and for those interested on the whole list
> >
> > http://web.archive.org/web/*/http://www.openbsd.org
> >
> > enjoy!
> >
> > kind regards
> >
> > Siju
> >
> 
> So? Have you never heard of OpenBSD's CVSweb 
> (http://www.openbsd.org/cgi-bin/cvsweb/www/) ?
> 
> Jasper
> 
> 
> --
> "Security is decided by quality" -- Theo de Raadt
> 
> 

Sure I have, that's common, mail delivery of cvs updates is not as
common anymore, or is it?, no it can't be... can it?

Re: syslogd udp port

[Henning Brauer]

syslog shutdown()s  the port for reading. there is no real difference 
to not opening it at all.

* mdff <[EMAIL PROTECTED]> [2005-08-05 13:13]:
> blah blah...
> he'd better do man syslogd... but assume this:
> - no pf for udp/514.
> - a DOS or DDOS to this OPEN port.
> - syslogd running just in "send mode".
> - and finally: no remote syslogging configured because of only 1 box here.
> 
> will it take more ressources to handle this with an open port
> compared to a closed one or not? i guess yes. and for security,
> i guess a closed port is still better, than an application reading
> all packets and discarding them...
> 
> question: what about 1 more argv to have syslogd not to bind udp/514 at all?
> 
> br, mdff...
> 

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: Requesting an change in the installer

[Artur Grabowski]

Nick Holland <[EMAIL PROTECTED]> writes:

> Roger Neth Jr wrote:
> ...
> > Did this newbie (me) do this wrong?
> > 
> > cd /
> > cp bsd bsd.old
> > cp bsd.mp bsd
> > #reboot
> 
> PERSONALLY, I prefer to call the single processor kernel "bsd.sp",
> rather than "bsd.old".  "bsd.old" is most commonly the "previous kernel
> before I tried to build my own and hosed the heck out of everything". :)
>  But yes, other than the one small detail, this is my prefered way.
> Altering boot.conf is dangerous.  Art's story isn't the only one I've
> heard along those lines from developers.

The best one I've heard was about a "unix" consultant that was trained
on RedHat. He was hired to do some job at a customer on a real system
and as part of that job he decided to clean up /etc. Since rm is alias
to "rm -i" on RedHat, he typed "rm /etc/*"

//art

Re: OpenBSD website vintage looks

[Johan P . Lindström]

I must admitt I havent been around as long as most of the others here...

But how spiff is that? getting your cvs diffs by email? how cool is
that, this is something for pimp-my-CVS-server!

On 8/5/05, Siju George <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> Just happened to get a glimpse of how the OpenBSD website looked some
> while back when I had never heard about and is a bit thrilled about it
> :-)
> 
> Dec 24, 1996
> 
> http://web.archive.org/web/1996122431/http://openbsd.org/
> 
> Mar 27, 1997
> 
> http://web.archive.org/web/19970327004719/http://www.openbsd.org/
> 
> Feb 12, 1998
> 
> http://web.archive.org/web/19980212062954/http://www.openbsd.org/
> 
> Jan 17, 1999
> 
> http://web.archive.org/web/19990117075126/http://openbsd.org/
> 
> Mar 02, 2000
> 
> http://web.archive.org/web/2302133316/http://www.openbsd.org/
> 
> Jan 18, 2001
> 
> http://web.archive.org/web/20010118233800/http://www.openbsd.org/
> 
> 
> and for those interested on the whole list
> 
> http://web.archive.org/web/*/http://www.openbsd.org
> 
> enjoy!
> 
> kind regards
> 
> Siju

Re: network adapter order

[Johan P . Lindström]

Or you just take out your magic marker and print fxp on the card(s)
and print numbers next to the PCI slots.

hint
ifconfig inet fxp0 192.168.1.1 netmask 255.255.255.0 arp description
"--==[OnBoard]==--"


On 8/1/05, Michiel van der Kraats <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> Is it possible to change the order in which the kernel detects and
> names network interfaces? I have a system which has one fxp onboard
> and one fxp as a PCI card. With the PCI card, the onboard NIC is
> named fxp1 and the PCI card fxp0. Can something be done to change the
> ordering? It's conceptually easier to tell people the onboard NIC is
> their internal network.
> 
> Thanks,
> 
> --
> Michiel van der Kraats

Re: syslogd udp port

[mdff]

blah blah...
he'd better do man syslogd... but assume this:
- no pf for udp/514.
- a DOS or DDOS to this OPEN port.
- syslogd running just in "send mode".
- and finally: no remote syslogging configured because of only 1 box here.

will it take more ressources to handle this with an open port
compared to a closed one or not? i guess yes. and for security,
i guess a closed port is still better, than an application reading
all packets and discarding them...

question: what about 1 more argv to have syslogd not to bind udp/514 at all?

br, mdff...

Re: Requesting an change in the installer

[Nick Holland]

Roger Neth Jr wrote:
...
> Did this newbie (me) do this wrong?
> 
> cd /
> cp bsd bsd.old
> cp bsd.mp bsd
> #reboot

PERSONALLY, I prefer to call the single processor kernel "bsd.sp",
rather than "bsd.old".  "bsd.old" is most commonly the "previous kernel
before I tried to build my own and hosed the heck out of everything". :)
 But yes, other than the one small detail, this is my prefered way.
Altering boot.conf is dangerous.  Art's story isn't the only one I've
heard along those lines from developers.

If I'm working on an SMP machine, I'll do it before first boot by
adjusting things in /mnt after install.  I often also chroot to /mnt,
and do some other "before first boot" housekeeping, such as adding
"softdep" to all mount points in /etc/fstab.

Nick.

Re: generel software RAID-Question (IBMx330, raid failed, where to look for errors? )

[Johan P . Lindström]

The IBM e-server x330 usually sports a branded Adaptec SCSI RAID card
(IBM ServeRAID) and... well google the archives if you haven't been
following thie list.

Anywho, IBM servers have plenty of HW failure checks, it's a 1U case
we are talking about no? just look on the inside of the lid panel and
you should have a big nice blueprint of the layout.

Last week there was a qusetion about raidframe and it appears there
are no known issues with raidframe and the src has not needed a polish
for two or three years, so you are probably looking at a hw or config
failure.



On 8/3/05, Stephan Tesch <[EMAIL PROTECTED]> wrote:
> Am Mittwoch, 3. August 2005 02:11 schrieben Sie:
> 
> Hi Sebastian,
> 
> > Are there any problems known with the raidframe-device?
> 
> Not that I know of.
> 
> > In my case: I've a IBM X330 with dual P3 800Mhz and 2 SCSI-HDDs.
> > One is about 160Gb and the other is smaler. I created a raid for the /home
> > but today the server stoped working. I've just remote acces so the
> > tecnican (a guy I know) told me the server wont boot up and stops during
> > raid-initialisation.
> 
> Did it really stop, or was it just rebuilding the array after an unclean
> shutdown? Did he try abort that operation (ctrl-c)?
> 
> > I ask because RAIDframe isn't in the default-Kernel so I'm not sure if
> > it's a good choice for productiv servers. I would be happy if somebody
> > with much more experience would give me some hints where to look for
> > potential errors.
> 
> I've got RAIDframe running for a couple of months now on my web/mailserver on
> sparc64, and it is rock solid. Never had a problem with it so far.
> 
> A better description what really happens when you boot the server would be
> nice. E.g. what messages do you see on the console, is there any activity on
> the hdd's, does the server pass the BIOS tests, etc.
> 
> Regards,
> Stephan

Re: OpenBSD website vintage looks

[J. Lievisse Adriaanse]

On Fri, 5 Aug 2005 15:52:11 +0530
Siju George <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> Just happened to get a glimpse of how the OpenBSD website looked some
> while back when I had never heard about and is a bit thrilled about it
> :-)
> 
> Dec 24, 1996
> 
> http://web.archive.org/web/1996122431/http://openbsd.org/
> 
> Mar 27, 1997
> 
> http://web.archive.org/web/19970327004719/http://www.openbsd.org/
> 
> Feb 12, 1998
> 
> http://web.archive.org/web/19980212062954/http://www.openbsd.org/
> 
> Jan 17, 1999
> 
> http://web.archive.org/web/19990117075126/http://openbsd.org/
> 
> Mar 02, 2000
> 
> http://web.archive.org/web/2302133316/http://www.openbsd.org/
> 
> Jan 18, 2001
> 
> http://web.archive.org/web/20010118233800/http://www.openbsd.org/
> 
> 
> and for those interested on the whole list
> 
> http://web.archive.org/web/*/http://www.openbsd.org
> 
> enjoy!
> 
> kind regards
> 
> Siju
> 

So? Have you never heard of OpenBSD's CVSweb 
(http://www.openbsd.org/cgi-bin/cvsweb/www/) ?

Jasper


-- 
"Security is decided by quality" -- Theo de Raadt

OpenBSD website vintage looks

[Siju George]

Hi,

Just happened to get a glimpse of how the OpenBSD website looked some
while back when I had never heard about and is a bit thrilled about it
:-)

Dec 24, 1996

http://web.archive.org/web/1996122431/http://openbsd.org/

Mar 27, 1997

http://web.archive.org/web/19970327004719/http://www.openbsd.org/

Feb 12, 1998

http://web.archive.org/web/19980212062954/http://www.openbsd.org/

Jan 17, 1999

http://web.archive.org/web/19990117075126/http://openbsd.org/

Mar 02, 2000

http://web.archive.org/web/2302133316/http://www.openbsd.org/

Jan 18, 2001

http://web.archive.org/web/20010118233800/http://www.openbsd.org/


and for those interested on the whole list

http://web.archive.org/web/*/http://www.openbsd.org

enjoy!

kind regards

Siju

Re: non-prased headers in openbsd apache

[Simon Dassow]

On Thu, Aug 04, 2005 at 11:31:23PM +0200, Ami Emanuel Bizamcher wrote:
> On 8/4/05, Ami Emanuel Bizamcher <[EMAIL PROTECTED]> wrote:
> > i have tryed what you said but i get nothing...
> > i just waits for the loop to finish then sends the data.
> > 
> > i also checked the output directly
> > echo "GET /cgi-bin/somefile.pl" | nc 127.0.0.1 80
> > 
> > but no output came out
> > 
> > (also plz direct me to the supplied documentation)
[snip]
> > On 8/4/05, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > > * Ami Emanuel Bizamcher <[EMAIL PROTECTED]> [2005-08-04 17:58]:
> > > > how i can use non-prased headers in apache ?!?
> > >
> > > maybe by reading the supplied documentation...
> > >
> > > > i have mod_perl installed!
> > > > im using CGI written in perl.
> > >
> > > 
> > >   
> > > SetHandler  perl-script
> > > PerlHandler Apache::Registry
> > > PerlSendHeader Off
> > > Options +ExecCGI
> > >   
> > > 
> > >
[snip]
> Anyone on this list can help ?!?

Hm... sounds like stdout is buffered, so turn it off:
$| = 1;

Regards,
Simon

Re: pf overload - Banning hosts for n Minutes?

[Johan Torin]

On Friday 05 August 2005 04:50, [EMAIL PROTECTED] wrote:
> Hello again everybody,
>
> With the overload-option in PF it's possible to block connections from
> hosts wich break my FW-Rules like e.g. too many connection in n Minutes.
> 'overload' will include the IP into a table and flush every connection
> created by this IP.
[...]
> The CronJob itself is just a workaround for me so like to ask if it's
> possible to enable a timer-like mechanism for such IPs so that every IP
> will be blocked for at least e.g. 1 hour or n Minutes?

I think this is more or less what you want:
  http://expiretable.fnord.se/

Johan Fredin has a port on:
  http://legonet.org/~griffin/openbsd/ports/

/Johan

Re: Requesting an change in the installer

[Ray Percival]

On Fri, Aug 05, 2005 at 09:37:52AM +0200, Artur Grabowski wrote:
> Lars Hansson <[EMAIL PROTECTED]> writes:
> 
 
> Don't change settings and options unless you really have to. Because
> when you get used to the changes and for some reason need to change
> environment you'll get surprised and will make mistakes. The whole
> "don't fiddle with options" concept is not just to make people run
> GENERIC. It's everything between not compiling your own kernel to not
> change the color settings in your window manager (of course, I find
> the default fvwm settings awful and change them <- hypocrite).
So I should be shot in the face for this, 
http://www.scarynetworkguy.net/screen.html  For the record I agree 
with your point. 
> 
> //art
> 

-- 
BOFH excuse #188:

..disk or the processor is on fire.

Re: ath0: unable to gain access to wireless unencrypted network

[mattvaldes]

- Original Message -
From: Bryan <[EMAIL PROTECTED]>
Subject: ath0: unable to gain access to wireless unencrypted network
> ath0 at cardbus0 dev 0 function 0 "Atheros Communications, Inc.,
> AR5001--, Wireless LAN Reference Card": irq 11
> ath0: AR5212 7.9 phy 4.5 rf2112 5.6 rf2112 5.6, FCC1A, address 


Unfortunately, this version was specified as currently unsupported.

"currently unsupported:

ath0: AR5212 7.9 phy 4.5 rf2112 5.6 rf2112 5.6"

Re: Soekris & OBSD as servers

[Abraham Al-Saleh]

On 8/4/05, Gustavo Rios <[EMAIL PROTECTED]> wrote:
> On 8/5/05, Scott Francis <[EMAIL PROTECTED]> wrote:
> > On 8/4/05, Gustavo Rios <[EMAIL PROTECTED]> wrote:
> > > I would like to set a obsd and soekris boxes as a server for about 100 
> > > users.
> > > This box is supposed to handle NIS + Kerberos.
> > >
> > > Does such configuration can handle the task ? I mean on a performance 
> > > matter.
> > > Does anybody have such configuration?
> 
> I am not asking jus ton OpenBSD, but a combination of OBSD and
> Soekris. I am considering using OpenBSD+soekris for this task: (NIS
> and Kerberos) because i believe this type of service to be light for
> the amount of users i have to handle.
> 
> Any other services will be handle by other hardware, like the NFS, web
> and the like. For now, let's just consider NIS and Kerberos on OBSD
> 3.7 and soekris.
> 
> My concern is whether i could use OBSD with soekris. I could for
> instance use QNX with an embed NIS and kerberos to achieve paramount
> performance even on such a modest hardware and no other OS i known
> could beat. But, again, i would like to stay with OBSD.
> 



Soekris are small x86 machines. There is no reason it shouldn't work,
openbsd doesn't need graphics or sounds. If you look on the soekris
site, they list openbsd as one of the OSes that their hardware is
designed for. You'll need a null modem cable, tip (or minicom,
hyperterminal, whatever your flavor is), bootp, etc. But I can confirm
it works fine, I have a couple of them.

Re: syslogd udp port

[Abraham Al-Saleh]

On 8/5/05, poncenby <[EMAIL PROTECTED]> wrote:
> Firstly I never said mentioned the word security, so I don't know where
> Tobias got that from.
> 
> I apologise once again for not searching the archives and reading the
> man pages.
> 
> May I suggest some tolerance(doesn't have to be sincere) for people who
> are simply either too busy or too lazy to read man pages in their
> entirety. or just simply ignore the email. surely certain people on this
> list (theo - that's you!) don't actually enjoy patronising their loyal
> userbase?



In the long run, it's usually faster to do research than to send a
question to a mailing list and hope someone is going to hold your
hand. You waste your time and everyone elses. If you want to be lazy,
pay someone to do your administration, don't expect everyone else to
do it for free.

Re: Requesting an change in the installer

[Artur Grabowski]

Lars Hansson <[EMAIL PROTECTED]> writes:

> On Thu, 04 Aug 2005 20:06:55 -0600
> Theo de Raadt <[EMAIL PROTECTED]> wrote:
> 
> > > Or you could just set the kernel image to bsd.mp.
> > > man boot.conf.
> > 
> > No.  That is not the same.  Bad advice.
> 
> My bad then. You learn sometihng new every day.

Last hackathon someone changed the kernel to /bsd.my_very_special_kernel
in boot.conf. I spent a few hours testing my kernels on that machine and
not understanding why the hell my changes didn't do anything.

Don't change settings and options unless you really have to. Because
when you get used to the changes and for some reason need to change
environment you'll get surprised and will make mistakes. The whole
"don't fiddle with options" concept is not just to make people run
GENERIC. It's everything between not compiling your own kernel to not
change the color settings in your window manager (of course, I find
the default fvwm settings awful and change them <- hypocrite).

//art

Re: hardware monitoring

[Alexander Yurchenko]

On Thu, Aug 04, 2005 at 02:14:38AM -0500, Shawn K. Quinn wrote:
> I'm able to get sensor data from the BIOS; is there something I'm
> missing to be able to get them from within OpenBSD on this system? dmesg
> follows...

sorry, your dmesg says nothing. if you want your sensor to be supported you
should start from finding out which sensor (exact chip name) your
motherboard has. try to look at its spec.


-- 
   Alexander Yurchenko (aka grange)

Re: syslogd udp port

[Karsten McMinn]

On 8/4/05, poncenby <[EMAIL PROTECTED]> wrote:
> I remember asking how to stop syslogd opening udp port 514 a while ago
> and never doing anything about it, here goes again...

better yet just compile your own version of nmap that
doesnt scan udp 514.

Re: syslogd udp port

[Shawn K. Quinn]

On Fri, 2005-08-05 at 07:33 +0100, poncenby wrote:
> 
> May I suggest some tolerance(doesn't have to be sincere) for people
> who are simply either too busy or too lazy to read man pages in their 
> entirety. or just simply ignore the email. surely certain people on
> this list (theo - that's you!) don't actually enjoy patronising their
> loyal userbase?

You should be reading the man page first, then asking questions on list
(or elsewhere, e.g. IRC), not the other way around. And ignoring these
sorts of e-mails isn't an option, as people need to know the expected
protocol is to read the man page first.

Start out with the goal of making an operating system possible to use
without reading documentation, and you wind up with something like
Microsoft Windows (however, even Microsoft must document a lot of
things, even if it is only available in electronic form). I'm sure
you've either already been down that road, or have no desire to go down
it.

The people that WTFM intend for you to RTFM.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>