Visa security upgrade - Ajout de s�curit� pour votre Visa

2006-05-06 Thread Visa security department 
Verified by Visa

Welcome to Visa

Chhr Client de Visa.,
ZeLk23g0r11hNhw-z3Pb8bvWpyI6 -ZoBJzA
Avant d'activer votre carte bancaire, veuillez lire l'information jointe
ci-dessous!

Vous avez regu cette lettre car nos informations indique vous ditenez une
carte Visa ` votre disposition. Pour assurer la sicuriti de votre carte
Visa, il serait important que vous protiger celle-ci ` l'aide d'un mot de
passe. Veuillez prendre un instant pour vous enregistrez sur Virifii Par
Visa

Virifii Par Visa prothgera votre carte ` l'aide d'un mot de passe choisi,
ce qui vous assurera que seulement vous puisse utiliser votre carte sur
internet.

Vouz pourrez jtre confiant d'acheter en ligne et cela en toute sicuriti .

Activer l'option Virifii Par Visa

Merci de votre attention.Yza5t9ZpR0j6n0-QZdbE9mb-jUHdqBvZRQ9YCc0le
pcA--CSNFmC
Milanie, Dipartement de Sicuriti

Verified by Visa

Welcome to Visa

Dear Visa. customer,
ZeLk23g0r11hNhw-z3Pb8bvWpyI6 -ZoBJzA
Before activating your card, read this important information for
cardholders!

You have been sent this invitation because the records of Visa Corporate
indicate you are a current or former Visa card holder. To ensure your
Visa card's security, it is important that you protect your Visa card
online with a personal password. Please take a moment, and activate for
Verified by Visa now.

Verified by Visa protects your existing Visa card with a password you
create, giving you assurance that only you can use your Visa card online.

Simply activate your card and create your personal password. Youll get
the added confidence that your Visa card is safe when you shop at
participating online stores.

Activate now your Verified by Visa

Thank you for your time.Yza5t9ZpR0j6n0-QZdbE9mb-jUHdqBvZRQ9YCc0le
pcA--CSNFmC
Melanie, Visa Security Department

Re: block ip & MAC

2006-05-06 Thread Chris Kuethe 

On 5/6/06, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote:

I have looked into authpf(8) before and understand how it works, but the
following excerpt from the BUGS section of the man page puzzles me
somewhat:

The authenticating ssh(1) connection may be secured, but if the
network is not secured the user may expose insecure protocols to
attackers on the same network, or enable other attackers on the
network to pretend to be the user by spoofing their IP address.

If IP spoofing is still a concern with authpf(8), what makes it an
improvement over IP filtering?  I can believe it *is* an improvement,
I am just curious *how* in light of the above warning.


Authpf is a general mechanism for altering packet filter rules based
on a user login. There are obviously some more/less trustworthy
protocols. In the case of tcp sessions, you might have a better chance
of knowing who's on the other end. In some cases the only safe thing
to allow would be various SSL-ized protocols.


For example, a spoofer would have to fake the IP address of a current
legitimate user, and I expect this makes certain attacks more difficult,
but they could still easily send UDP datagrams (e.g. to poison a DNS
cache), right?


Well, one could certainly cook up properly forged UDP, but when
hijacking TCP there is a very real probability that the SSH session
will be torn down either because the spoofer's kernel isn't expecting
that session, or because the spoofer will be unable to generate the
proper ssh keepalive messages.

As Nick said you can't really trust the IP or the MAC. If you need to
be able to trust them, look at some kind of VPN.


A quick googling and mailing list search gave plenty of hits for
configuring authpf, but I did not find anything specifically related to
the above.


In sshd_config, investigate the ClientAlive{Interval,CountMax}
options. At the cost of a bit of network traffic and a bit of CPU, you
can make it difficult to hijack someone's address for any length of
time.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: Empty root password

2006-05-06 Thread Roger Neth Jr 

On 5/6/06, Eric Furman <[EMAIL PROTECTED]> wrote:

--- Peter Fraser <[EMAIL PROTECTED]> wrote:
> I was very surprised, that when I was installing
> a 3.9 system, that you can use an empty root
> password
>
> I accidentally entered a 'return' when it asked for
> the
> root password, so I entered a 'return" again when
> I was asked to repeat the password, thinking that
> a empty password would be denied, and I would be
> asked
> again.

This is a feature, not a bug.
And I'm not being sarcastic. :-)
What if you have a test machine not connected
to any network and is physically secure
and you need to log on as root alot. It would
be nice to not have to enter any password if
you didn't want to. This is normal UNIX
behaviour. The OpenBSD people aren't going
to 'force' you to do everything securely.
They just give you the means and tools
to be so. It's up to you to use them correctly.
(Not that the scenario above is a 'good' idea.
It's just that I 'should' be able to do it
if I so choose)
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com




I remember what a pain it was on a Microsoft SBS2003 with advanced
password protection activated that I had to have a minimum amount of
password and numeric alpha mandatory on Administrator account. I
actually set up the root for a newbie without a password so he can
play with OpenBSD for the first time. This does not have a network
card and just for a newbie to play with.

rogern

John 3:16

Re: block ip & MAC

2006-05-06 Thread Matthew R. Dempsky 
On Sun, May 07, 2006 at 12:39:44AM +0100, Stuart Henderson wrote:
> On 2006/05/06 11:49, S t i n g r a y wrote:
> > & as i am using a network in which i dont have control
> > over users PC & cannot use service authentication i am
> > stuck with ip & mac filtering.
>
> Look at authpf(8), it's much _much_ safer than what you suggest

I have looked into authpf(8) before and understand how it works, but the 
following excerpt from the BUGS section of the man page puzzles me 
somewhat:

The authenticating ssh(1) connection may be secured, but if the 
network is not secured the user may expose insecure protocols to 
attackers on the same network, or enable other attackers on the 
network to pretend to be the user by spoofing their IP address.

If IP spoofing is still a concern with authpf(8), what makes it an 
improvement over IP filtering?  I can believe it *is* an improvement, 
I am just curious *how* in light of the above warning.

For example, a spoofer would have to fake the IP address of a current 
legitimate user, and I expect this makes certain attacks more difficult, 
but they could still easily send UDP datagrams (e.g. to poison a DNS 
cache), right?

A quick googling and mailing list search gave plenty of hits for 
configuring authpf, but I did not find anything specifically related to 
the above.

ADSL PCI cards

2006-05-06 Thread Chris Zakelj 
About to build a Soekris box for my firewall, and in the interests of
getting everything as small and compact as possible, I'd like to replace
my current Speedstream 5260 ADSL modem with something along the lines of
Sangoma's S518 (http://www.sangoma.com/datasheets/p_s518adsl-specs). 
Nothing is said about it on the i386 hardware compatibility list, so
before I throw money at it, I'd like to know if anybody has used it (or
something similar) successfully.

Re: Empty root password

2006-05-06 Thread Eric Furman 
--- Peter Fraser <[EMAIL PROTECTED]> wrote:
> I was very surprised, that when I was installing
> a 3.9 system, that you can use an empty root
> password
> 
> I accidentally entered a 'return' when it asked for
> the
> root password, so I entered a 'return" again when
> I was asked to repeat the password, thinking that
> a empty password would be denied, and I would be
> asked
> again.

This is a feature, not a bug.
And I'm not being sarcastic. :-)
What if you have a test machine not connected
to any network and is physically secure
and you need to log on as root alot. It would
be nice to not have to enter any password if
you didn't want to. This is normal UNIX
behaviour. The OpenBSD people aren't going
to 'force' you to do everything securely.
They just give you the means and tools
to be so. It's up to you to use them correctly.
(Not that the scenario above is a 'good' idea.
It's just that I 'should' be able to do it
if I so choose)
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: [UPDATE] php5 to version 5.1.2 (IMPORTANT)

2006-05-06 Thread Maxim Bourmistrov 
PHP 5.1.2 compiles and works fine on i386.
Tested only with simple phpinfo().
Extensions not tested.

Thanks for updates Robert!

//maxim

On Friday 28 April 2006 01:59, Robert Nagy wrote:
> Hi.
> 
> Finally after fighting with pear I've managed to create a working update
> for the php5 port.
> The PHP guys have changed the installation method of pear to use some crappy
> PHP_Archive. With this move they broke the installation of pear on serveral
> linux distros (e.g. Frugalware), OpenDarwin and on OpenBSD of course.
> Any other crappy package managements where they install files directly to 
> ${LOCALBASE}
> this was not an issue. When others reported this issue they just closed the 
> bugreport
> and did nothing. When I told them that it is fucked, they did nothing. This 
> is sad.
> A PHP guy told me that they will totally remove PEAR from the PHP tarball and
> people must install it sperately. (With go-pear or something.) They are just
> making the installation method worse every time.
> 
> How does it work now?
> Well I went back to the "old" installation method of pear. From now on pear 
> comes 
> with a separate distfile. This distfile contains the old install-pear.php, the
> needed tarballs (PEAR, Archive_Tar, Console_Getopt...) and a patch which is
> applied at pre-configure time. This patch is needed to use our special pear
> directories and stuff. (These patches were in the php port itself but I moved 
> them.)
> Everything seems backward compatible so you can upgarde safely.
> Please test this diff as much as you can (with different FLAVORS) because it 
> is important
> to get this php update in. Thank you.
> 
> P.S.: mbalmer and i want to rework the pear infrastructure and i hope we can 
> create
> some ideas together at c2k6. But for now, just test the diff please. :)
> And be sure to CC me if you report something because I am going to miss mails 
> on
> lists like [EMAIL PROTECTED]
> 
> Index: Makefile.inc
> ===
> RCS file: /cvs/ports/www/php5/Makefile.inc,v
> retrieving revision 1.7
> diff -u -r1.7 Makefile.inc
> --- Makefile.inc  29 Dec 2005 23:03:29 -  1.7
> +++ Makefile.inc  27 Apr 2006 23:54:31 -
> @@ -4,8 +4,8 @@
>  # and has Apache that supports DSO's.
>  NOT_FOR_ARCHS=   ${NO_SHARED_ARCHS}
>  
> -V=   5.0.5
> -DISTNAME=php-${V}
> +V=   5.1.2
> +DISTNAME?=   php-${V}
>  CATEGORIES=  www lang
>  
>  MAINTAINER=  Robert Nagy <[EMAIL PROTECTED]>
> @@ -15,6 +15,7 @@
>   http://se.php.net/distributions/ \
>   http://no.php.net/distributions/ \
>   http://uk.php.net/distributions/
> +MASTER_SITES0=   http://anoncvs.silihost.hu/
>  
>  # UPGRADERS: please read BOTH the PHP and Zend licenses
>  # and make sure they are safe before an upgrade
> Index: distinfo
> ===
> RCS file: /cvs/ports/www/php5/distinfo,v
> retrieving revision 1.7
> diff -u -r1.7 distinfo
> --- distinfo  29 Dec 2005 23:03:29 -  1.7
> +++ distinfo  27 Apr 2006 23:54:31 -
> @@ -1,4 +1,8 @@
> -MD5 (php-5.0.5.tar.gz) = ae36a2aa35cfaa58bdc5b9a525e6f451
> -RMD160 (php-5.0.5.tar.gz) = f94cd33d13a298b5b5d2389a2d2b2079fe231fce
> -SHA1 (php-5.0.5.tar.gz) = 031ac2b1f56f4f6b20b17206a52627790b51f3bb
> -SIZE (php-5.0.5.tar.gz) = 6082082
> +MD5 (pear-20060428.tar.gz) = 28ab6f44a90cbcb5dd9ed0aef32d2fa9
> +MD5 (php-5.1.2.tar.gz) = b5b6564e8c6a0d5bc1d2b4787480d792
> +RMD160 (pear-20060428.tar.gz) = 34bac3122dfc8218efdce0ea7df046da031e72e7
> +RMD160 (php-5.1.2.tar.gz) = 7cc4f943e9495d7a70304b1670aede00ea2a7af7
> +SHA1 (pear-20060428.tar.gz) = 09713b3052904c1c45acba015dc067ddad0136cb
> +SHA1 (php-5.1.2.tar.gz) = ff9d3ae3ccf6f1995f2b88f14703be7114b472bc
> +SIZE (pear-20060428.tar.gz) = 619353
> +SIZE (php-5.1.2.tar.gz) = 8064193
> Index: core/Makefile
> ===
> RCS file: /cvs/ports/www/php5/core/Makefile,v
> retrieving revision 1.13
> diff -u -r1.13 Makefile
> --- core/Makefile 8 Feb 2006 04:54:50 -   1.13
> +++ core/Makefile 27 Apr 2006 23:54:31 -
> @@ -1,4 +1,4 @@
> -# $OpenBSD: Makefile,v 1.13 2006/02/08 04:54:50 david Exp $
> +# $OpenBSD: Makefile,v 1.12 2005/12/29 23:03:29 sturm Exp $
>  
>  MULTI_PACKAGES=  -pear
>  SUBPACKAGE?=
> @@ -7,6 +7,8 @@
>  COMMENT-pear="base classes for common PHP tasks"
>  PKGNAME= php5-core-${V}
>  FULLPKGNAME-pear= php5-pear-${V}
> +DISTFILES=   php-${V}.tar.gz \
> + pear-20060428.tar.gz:0
>  
>  CONFIGURE_ARGS+= --with-apxs=/usr/sbin/apxs \
>   --without-mysql \
> @@ -42,7 +44,7 @@
>  PHPXS_SUBST+= -e 's,${i},${${i}},'
>  .endfor
>  
> -WANTLIB= c crypto des m ssl stdc++ z
> +WANTLIB= c crypto m ssl stdc++ z
>  
>  .if defined(PACKAGING) && !empty(SUBPACKAGE)
>  PREFIX=  ${CHROOT_DIR}
> @@ -55,19 +57,36 @@
>  
>  pre-fake:
>   ${INSTALL_DATA_DI

Re: block ip & MAC

2006-05-06 Thread Stuart Henderson 
On 2006/05/06 11:49, S t i n g r a y wrote:
> & as i am using a network in which i dont have control
> over users PC & cannot use service authentication i am
> stuck with ip & mac filtering.

Look at authpf(8), it's much _much_ safer than what you suggest
(unless you have enough control to lock switch ports down by MAC
address and you trust your switches). If users can run an ssh
client (including Mindterm, so all they need is a Java-capable
web browser, or PuTTY for a simple Windows-based option that
you can easily document) then you win...

invitation

2006-05-06 Thread pooja saxena 
we seen your matrimonial biodata at http://www.kayastha.in we liked your 
biodata 
see my biodata at http://www.kayastha.in



http://Game.37.com/  <--- Free Games
http://newJoke.com/   <---  J O K E S  ! ! !

Re: Partition not showing up in disklabel

2006-05-06 Thread Tony Abernethy 
Nick Guenther wrote:
>
> On 5/6/06, Tony Abernethy <[EMAIL PROTECTED]> wrote:
> > Me, I'd take a closer look at that j OpenBSD partition.
> > It does NOT look like it corresponds to anything in the DOS partitions.
> > Whether or not you redo the disklabel from scratch,
> > the critical operation is writing the disklabel back.
> > This is a place where any slipup, any typo, can do incredible damage.
> > (This is from somebody who LIKES to play with overlapping partitions;)
>
> $ sudo fdisk wd0
> Password:
> Disk: wd0   geometry: 4864/255/63 [78140160 Sectors]
> Offset: 0   Signature: 0xAA55
> Starting   Ending   LBA Info:
>  #: idC   H  S -C   H  S [   start:  size   ]
> 
>  0: 120   1  1 -  382 254 63 [  63: 6152832 ] Compaq Diag.
>  1: 0C  383   0  1 - 2597 254 63 [ 6152895:35583975 ] Win95 FAT32L
> *2: A6 2598   0  1 - 3930 254 63 [41736870:21414645 ] OpenBSD
>  3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L
>
> 16 partitions:
> # sizeoffset  fstype [fsize bsize  cpg]
>  a:  20761146  41736870  4.2BSD   2048 16384  328 # Cyl
> 41405*- 62001
>  b:653499  62498016swap   # Cyl
> 62002 - 62650*
>  c:  78140160 0  unused  0 0  # Cyl
>   0 - 77519
>  i:   615283263 unknown   # Cyl
>   0*-  6104*
>  j:  35583975   6152895   MSDOS   # Cyl
> 6104*- 41405*
>
>
>  j is the same as partition 1, the windows install.

You're right.
Getting cross-eyed in my old age.

> > >
> > >   Then create the mount point directory that you want this
> > > filesystem on,
> > > if you haven't already done so, then edit your fstab with
> your favorite
> > > editor.  Copy and put the mount line from the existing FAT filesystem,
> > > then edit the copy's mount directory and slice entries to match the
> > > slice you defined (in this example, "wd0k").
> > >
> > >   Then reboot to test your changes. Yeah, you could do a "mount
> > > /mount_point", but it's better to reboot to make sure you get your
> > > changes on the next reboot now than when it's really inconvenient
> > > to do so.
> > >
> > > > So long as you are only messing with the disklabel you shouldn't be
> > > > able to destroy your data (well, data on the windows drives
> at least)
> > >  >
> > >   This is misleading.  The OpenBSD disklabel is EVERYTHING to
> > > that OS,
> > > you screw it up, game over.  It is very possible to toast a FAT32 if
> > > you don't get the disklabel set up right.  Anytime you mod the i386
> > > partition table or the disklabel assume you might toast EVERYTHING on
> > > the drive.  That is, have backups, especially if you're learning
> > > this stuff.
>
> True, misleading. I was thinking "you shouldn't be able to actually
> destroy any data [so long as you realize your mistake in time]"
Critical words.
realize.
in time.

>
> > > Then again, if the OP only adds one line, rather than rekey the WHOLE
> > > DISKLABEL as you are suggesting, this shouldn't be a problem
> to OpenBSD.
> > >
>
> Right, that was stupid of me.

However, even if the edit is done with just a single line,
there is something to be said for relaying out the label from scratch.

You get a lot of real problems from "But I didn't change anything"
Best advice on this kind of stuff probably from Nick Holland.
Treat filesystem layout etc stuff with a lot of respect.
There are ways it can bite you in places you never knew you had places.
Operating Systems tend to have error-recovery mechanisms.
Probably fairly easy to set up something that will work perfectly
until the error-recover mechanisms come into play. And then the
code that is supposed to correct stuff actually wrecks the joint.
This kind of code is diabolically hard to test.

Re: www.openbsd.org defaults to Japanese

2006-05-06 Thread Tony Abernethy 
Jacques wrote:
> 
> Florin Iamandi wrote:
> > Jacques dixit (2006-05-05, 12:58:02):
> > 
> >> May we know, what kind of 'incident'?
> >> Sounds like a security issue.
At this point nobody with a clue will take this or any of its
descendents seriously. Think.
Imagine I've just managed to crack the OpenBSD front page.
To announce to the world my great whatever, I put up a
Japanese translation of the OpenBSD front page. 

The OpenBSD people actually do understand security.
That statement, "Sounds like a security issue", indicates both that you 
have no concept of what security is and that you are presumptious enough 
to tell those who do understand it better than anone else, what is
a security issue. This is expected behavior from children, not adults.

> > 
> > Yeah, rght... 
> > SECURITY!! OMG someone call the security
> > 
> http://www.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.521
> &r2=1.522&f=h
> > 
> 
> Thanks for your response (except for the childish condescension),
Why is it that the only people who use that phrase actually have
some psychological compulsion to be treated like children but
given some kind of assurance that they are "grown-up" now?

> but it 
> only points to the cause, not the reason, 
Is there some vast difference between cause and reason of which I
am not aware?

> and doesn't answer my question.
You don't have a wuestion, at least one warranting any more
than a silly remark.

> If the answer is that the 'incident' vaguely referred to by 
> Nick Holland was just a dumb mistake which was quickly corrected, that 
> shouldn't really be so tough to admit.
Why should he have to "admit" anything?

> But Mr. Holland responded with something weird and off-topic, 
I lurk on this list a lot. To my knowledge, Nick Holland has
NEVER been weird or off-topic. There are plenty of cases where I do
not fully understand him, but that is something entirely different.

> so I guess he's not going to answer my question, either.
He did. Your competence in understanding his answer is a different matter.

> - Jacques

Re: block ip & MAC

2006-05-06 Thread Nick Guenther 

On 5/6/06, S t i n g r a y <[EMAIL PROTECTED]> wrote:

Hello there

i am looking for a solution that lets me have some
sort of allow mac address & ipaddress that will be
able to access my server or servers & use what ever
service they are offering.
& as i am using a network in which i dont have control
over users PC & cannot use service authentication i am
stuck with ip & mac filtering.
what do you recommend, at this time all my network is
on a single subnet.


Don't filter on IP or MAC. It is trivial for an attacker to set their
own IP or MAC to whatever it needs to be. Use SSH or IPSEC for the
things you must protect, and for the rest just make sure there aren't
any exploits open.

-Nick

Re: Partition not showing up in disklabel

2006-05-06 Thread Nick Guenther 

On 5/6/06, Tony Abernethy <[EMAIL PROTECTED]> wrote:

Me, I'd take a closer look at that j OpenBSD partition.
It does NOT look like it corresponds to anything in the DOS partitions.
Whether or not you redo the disklabel from scratch,
the critical operation is writing the disklabel back.
This is a place where any slipup, any typo, can do incredible damage.
(This is from somebody who LIKES to play with overlapping partitions;)


$ sudo fdisk wd0
Password:
Disk: wd0   geometry: 4864/255/63 [78140160 Sectors]
Offset: 0   Signature: 0xAA55
   Starting   Ending   LBA Info:
#: idC   H  S -C   H  S [   start:  size   ]

0: 120   1  1 -  382 254 63 [  63: 6152832 ] Compaq Diag.
1: 0C  383   0  1 - 2597 254 63 [ 6152895:35583975 ] Win95 FAT32L
*2: A6 2598   0  1 - 3930 254 63 [41736870:21414645 ] OpenBSD
3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
a:  20761146  41736870  4.2BSD   2048 16384  328 # Cyl 41405*- 62001
b:653499  62498016swap   # Cyl 62002 - 62650*
c:  78140160 0  unused  0 0  # Cyl 0 - 77519
i:   615283263 unknown   # Cyl 0*-  6104*
j:  35583975   6152895   MSDOS   # Cyl  6104*- 41405*


j is the same as partition 1, the windows install.

>
>   Then create the mount point directory that you want this
> filesystem on,
> if you haven't already done so, then edit your fstab with your favorite
> editor.  Copy and put the mount line from the existing FAT filesystem,
> then edit the copy's mount directory and slice entries to match the
> slice you defined (in this example, "wd0k").
>
>   Then reboot to test your changes. Yeah, you could do a "mount
> /mount_point", but it's better to reboot to make sure you get your
> changes on the next reboot now than when it's really inconvenient
> to do so.
>
> > So long as you are only messing with the disklabel you shouldn't be
> > able to destroy your data (well, data on the windows drives at least)
>  >
>   This is misleading.  The OpenBSD disklabel is EVERYTHING to
> that OS,
> you screw it up, game over.  It is very possible to toast a FAT32 if
> you don't get the disklabel set up right.  Anytime you mod the i386
> partition table or the disklabel assume you might toast EVERYTHING on
> the drive.  That is, have backups, especially if you're learning
> this stuff.


True, misleading. I was thinking "you shouldn't be able to actually
destroy any data [so long as you realize your mistake in time]"


> Then again, if the OP only adds one line, rather than rekey the WHOLE
> DISKLABEL as you are suggesting, this shouldn't be a problem to OpenBSD.
>


Right, that was stupid of me.

Re: Double entries from syslog in 3.9?

2006-05-06 Thread Philip Guenther 

On 5/6/06, Ventz Petkov <[EMAIL PROTECTED]> wrote:

Has anyone noticed double entries (in the authlog for example) from
syslog?

...

May  6 17:41:31 name sshd[19987]: Failed password for root from
10.0.0.X port 49670 ssh2
May  6 17:41:31 name sshd[3448]: Failed password for root from
10.0.0.X port 49670 ssh2


One is from the sshd process that chrooted to /var/empty and setuid to
the sshd user, the other is from the one that remained root.  It would
be preferable if only one log statement was generated, of course, but
that would be a matter for someone you knows that code.



The funny thing is that if I kill syslog and start it myself
everything is fine.


When you started syslogd yourself, did you remember to pass it all the
arguments that /etc/rc does?  In particular, did you pass it
"-a/var/empty/dev/log" and "-a /var/named/dev/log"?  If not, the
privilege-separated processes running in /var/empty won't be able to
log.


Philip Guenther

Binary-Update for Software (Ports/Packages) aka Building up an own Update-Service

2006-05-06 Thread sebastian . rother 
The new Update-function in pkg_add allows to build up f.e. an own private
Update-Server (a simple ftpD) to keep machines in the LAN up to date.

The Problem is: Even if you mirror all packages you wont get all Updates
because updated packages are just provided for i386.

I would like to build up such a Server but for this I would need to
compile everything from Ports.

Has anybody maybe a Script to compile the whole Ports-Tree (e.g. the
script the developers may use to build the packages for a release? I don`t
think they4ll do "make install" (or familiar) in /usr/ports).
And does somebody own maybe also a Script wich compiles just the
"updated"-Ports?!

So it would be possible to build up a binary-update-Server (packages+ftpD)
and it would be easy to update e.g. a LAN because the clients would have
to check for updates e.g. once a day and they would not need to compile
the port.

I could place updated packages by hand at the Server or build them by
hand, yes.. but I`m looking for e.g. a Script. I`m sure somebody has
already thought about the same solution.

Kind regards,
Sebastian

3.9 Install Problem ahc driver issue?

2006-05-06 Thread Rodney Hopkins 
I have a box, happily running OpenBSD 3.8-stable.  I'm trying to 
move it to 3.9.  I downloaded bsd.rd to /, and rebooted the box.
I typed boot bsd.rd and the box boots, to a point.  This box has 
an Adaptec 2940UW Pro.  The boot sort of hangs when it reaches 
the initialization for this device.  It prints:

ahc0 at pci0 dev 10 function 0 "Adaptec AHA-2940UWPro" rev 0x01: irq 11
scsibus0 at ahc0: 16 targets
ahc0: board is not responding
ahc0: board is not responding
ahc0: board is not responding

And then continues on with the boot.  When I try to install, no disk is 
found and therefore, I can't install.

I've tried, bsd.rd, floppy39.fs and floppyb39.fs.  bsd.rd and floppy39.fs 
react identically.  Floppyb39.fs doesn't have a driver for ahc, but I 
thought it might be worth a try.  I don't have a CD drive in this machine.

I notice in the 3.8 machine, the controller is recognized as ahc1 while
3.9 recognizes it as ahc0 and it doesn't work.  Is there something that I 
need to change on my end, or is this just a change in the way the driver 
numbers the controllers?

Also, for what it's worth, bsd.rd from 3.9-current does the same thing as 
the bsd.rd from 3.9.

For reference I've included the 3.8-stable dmesg, as I don't have 
serial console set up on this box to capture the 3.9-bsd.rd dmesg.

Suggestions welcome.

Thanks,

Rodney Hopkins
[EMAIL PROTECTED]


OpenBSD 3.8-stable (GENERIC) #6: Sun Mar 19 19:45:58 CST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1.01 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
real mem  = 536453120 (523880K)
avail mem = 482594816 (471284K)
using 4278 buffers containing 26927104 bytes (26296K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/14/01, BIOS32 rev. 0 @ 0xfdb50
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7d50/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C686 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x5800 0xcd800/0x800 0xce000/0x2000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT82C691 PCI" rev 0xc4
ppb0 at pci0 dev 1 function 0 "VIA VT82C598 AGP" rev 0x00
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "VIA VT82C686 ISA" rev 0x40
pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
viaenv0 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40
vga1 at pci0 dev 9 function 0 "S3 86C968-0" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ahc1 at pci0 dev 10 function 0 "Adaptec AHA-2940UWPro" rev 0x01: irq 11
scsibus0 at ahc1: 16 targets
ahc1: target 0 using 8bit transfers
ahc1: target 0 using asynchronous transfers
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 8678MB, 6082 cyl, 18 head, 162 sec, 512 bytes/sec, 17774160 sec total
xl0 at pci0 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 12, 
address 00:01:03:df:0a:5f
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 7
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ef65 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
ahc1: target 0 using 16bit transfers
ahc1: target 0 synchronous at 20.0MHz, offset = 0x8
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02


_
Free E-mail by CamaroZ28.Com - FULL THROTTLE INTERNET

Double entries from syslog in 3.9?

2006-05-06 Thread Ventz Petkov 

Hi,

Has anyone noticed double entries (in the authlog for example) from  
syslog?
The funny thing is that if I kill syslog and start it myself  
everything is fine.


ex:

May  6 17:41:31 name sshd[19987]: Failed password for root from  
10.0.0.X port 49670 ssh2
May  6 17:41:31 name sshd[3448]: Failed password for root from  
10.0.0.X port 49670 ssh2


the same happens for correct authentications.

I am running Open BSD 3.9 (patch branch) on a sparc64.

-Ventz

Re: Empty root password

2006-05-06 Thread Damian Gerow 
Thus spake Jonathan Glaschke ([EMAIL PROTECTED]) [06/05/06 16:58]:
: Think of somebody who burgles your house to steal your privat data.  When
: your computer asks him to enter the password he sure will try the well
: known standard passwords like "god", "secret" and "sex".  Or maybe
: "swordfish".  But have you ever seen a film where someone was "hacked" by
: just typing nothing but enter?

I've done it many times.  Most persons I know of give it a shot.  In fact,
there was an interview just posted with the guy who wormed his way into
various Military computers, and he used blank passwords to do so.

Movies != Real Life

: He will try "Marie5", then "marie5", "Marie_five" and probably "5Mary"
: or "Password Marie5" but he sure won't try "".
: 
: Try it, it works.

*gak*

I'll refrain from entering the typical debate and leave it at this:

Whether or not it works depends *entirely* on your threat model.  It sure as
heck wouldn't work in mine.

Re: multiple publicIPs

2006-05-06 Thread JR Dalrymple 

Darrin Chandler wrote:


On Sat, May 06, 2006 at 09:41:10PM +0200, Falk Husemann wrote:
 


On 06.05.2006, at 15:25, Peter Blair wrote:

   


Perhaps I'm confused, but it doesn't look (from your diagram) that
your pf machine is acting as a firewall for anything but itself.
 


I'd bet 4 ClubMate that he'd drawn the diagram wrogn
   



Bad bet, since in the original message he stated that the pf box is
*not* the default gateway for the "protected" boxes...

 


Furthermore, if the diagram is right it would explain the problem in whole.

-JR

Re: Empty root password

2006-05-06 Thread Christian Pedaschus 
lesson today:
if you don't want the first entered pwd, enter something different on
the second pass, and it WILL ask you again ;)



Peter Fraser wrote:

>I was very surprised, that when I was installing
>a 3.9 system, that you can use an empty root password
>
>I accidentally entered a 'return' when it asked for the
>root password, so I entered a 'return" again when
>I was asked to repeat the password, thinking that
>a empty password would be denied, and I would be asked
>again.

Re: Partition not showing up in disklabel

2006-05-06 Thread Tony Abernethy 
Joseph C. Bender wrote:
>
> Nick Guenther wrote:
> > On 5/6/06, Henrik Borgh <[EMAIL PROTECTED]> wrote:
> >> $ sudo fdisk wd0
> >> Password:
> >> Disk: wd0   geometry: 4864/255/63 [78140160 Sectors]
> >> Offset: 0   Signature: 0xAA55
> >>  Starting   Ending   LBA Info:
> >>  #: idC   H  S -C   H  S [   start:  size   ]
> >>
> 
> >>  0: 120   1  1 -  382 254 63 [  63: 6152832 ] Compaq
> >> Diag.
> >>  1: 0C  383   0  1 - 2597 254 63 [ 6152895:35583975 ] Win95
> >> FAT32L
> >> *2: A6 2598   0  1 - 3930 254 63 [41736870:21414645 ] OpenBSD
> >>  3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95
> >> FAT32L
> >>
> >> $ sudo disklabel wd0
> [Snip disklabel intro]
> >>
> >> 16 partitions:
> >> # sizeoffset  fstype [fsize bsize  cpg]
> >>   a:  20761146  41736870  4.2BSD   2048 16384  328 # Cyl
> >> 41405*- 62001
> >>   b:653499  62498016swap   # Cyl 62002
> >> - 62650*
> >>   c:  78140160 0  unused  0 0  # Cyl 0
> >> - 77519
> >>   i:   615283263 unknown   # Cyl
> >> 0*-  6104*
> >>   j:  35583975   6152895   MSDOS   # Cyl
> >> 6104*- 41405*
> >>
> >
> > You'll have to redo the disklabel but it's not such a horrible
> > experience as you might think. Just do "disklabel -e wd0", clear it,
> > and start putting in new lines. Make sure to keep this output so you
> > can put the old partitions back.
> >
>   I'm sorry, do what, exactly?  Clear it?  Why would you want to do
> something like that when the OP would just need to add ONE line.
>
> This is what I'd do:
>
>   "sudo disklabel -e wd0", yes, but you just need to copy and
> change the
> copied line to meet the parameters of the new partition.
>
>   Specifically, once in the editor:
>
>   Find the "j:" entry from the above disklabel.  Copy and put
> it right
> below it "yyp" if you're not very familar with vi.
>
> Then change "j:" to "k:", change the size column's value to the size
> value reported in fdisk, change the offset column's value to the "start"
> value as reported by fdisk for that partition.  Save and quit.
> Disklabel will then update the label to make this happen.
Me, I'd take a closer look at that j OpenBSD partition.
It does NOT look like it corresponds to anything in the DOS partitions.
Whether or not you redo the disklabel from scratch,
the critical operation is writing the disklabel back.
This is a place where any slipup, any typo, can do incredible damage.
(This is from somebody who LIKES to play with overlapping partitions;)
>
>   Then create the mount point directory that you want this
> filesystem on,
> if you haven't already done so, then edit your fstab with your favorite
> editor.  Copy and put the mount line from the existing FAT filesystem,
> then edit the copy's mount directory and slice entries to match the
> slice you defined (in this example, "wd0k").
>
>   Then reboot to test your changes. Yeah, you could do a "mount
> /mount_point", but it's better to reboot to make sure you get your
> changes on the next reboot now than when it's really inconvenient
> to do so.
>
> > So long as you are only messing with the disklabel you shouldn't be
> > able to destroy your data (well, data on the windows drives at least)
>  >
>   This is misleading.  The OpenBSD disklabel is EVERYTHING to
> that OS,
> you screw it up, game over.  It is very possible to toast a FAT32 if
> you don't get the disklabel set up right.  Anytime you mod the i386
> partition table or the disklabel assume you might toast EVERYTHING on
> the drive.  That is, have backups, especially if you're learning
> this stuff.
>
> Then again, if the OP only adds one line, rather than rekey the WHOLE
> DISKLABEL as you are suggesting, this shouldn't be a problem to OpenBSD.
>
>
> > but as always, be careful.
> >
>   Indeed.
>
> --
> Joseph C. Bender
> jcbender on domain benderhome dot net

Re: Empty root password

2006-05-06 Thread Jonathan Glaschke 
On Sat, May 06, 2006 at 03:14:56PM -0400, Peter Fraser wrote:
> I was very surprised, that when I was installing
> a 3.9 system, that you can use an empty root password
>
> I accidentally entered a 'return' when it asked for the
> root password, so I entered a 'return" again when
> I was asked to repeat the password, thinking that
> a empty password would be denied, and I would be asked
> again.
>
Well, I actually think an empty password is a very good idea.

Think of somebody who burgles your house to steal your privat data.  When
your computer asks him to enter the password he sure will try the well
known standard passwords like "god", "secret" and "sex".  Or maybe
"swordfish".  But have you ever seen a film where someone was "hacked" by
just typing nothing but enter?

Let's play safe.  Take a post-it and label it with the name of a woman
you know.  Then add a number at the and prepend it with "password:",
like this: Password Marie5.

He will try "Marie5", then "marie5", "Marie_five" and probably "5Mary"
or "Password Marie5" but he sure won't try "".

Try it, it works.

--
 | /"\   ASCII Ribbon   | Jonathan Glaschke - Lorenz-Goertz-Stra_e 71,
 | \ / Campaign Against | 41238 Moenchengladbach, Germany;
 |  XHTML In Mail   | jabber: [EMAIL PROTECTED]
 | / \ And News | http://jonathan-glaschke.de/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Empty root password

2006-05-06 Thread Tony Abernethy 
Peter Fraser wrote:
> 
> I was very surprised, that when I was installing
> a 3.9 system, that you can use an empty root password
> 
> I accidentally entered a 'return' when it asked for the
> root password, so I entered a 'return" again when
> I was asked to repeat the password, thinking that
> a empty password would be denied, and I would be asked
> again.

The folks at OpenBSD understand security.
A password is only one way of securing root access.
(I'd guess it to be one of the poorer methods available)

Assuming that root is secured, physically,
I suspect that a root password is actually more of a 
security threat (what else has that password?)
If the password is blank, you know it's blank,
and you take appropriate measures.

Re: multiple publicIPs

2006-05-06 Thread Darrin Chandler 
On Sat, May 06, 2006 at 09:41:10PM +0200, Falk Husemann wrote:
> On 06.05.2006, at 15:25, Peter Blair wrote:
> 
> >Perhaps I'm confused, but it doesn't look (from your diagram) that
> >your pf machine is acting as a firewall for anything but itself.
> 
> I'd bet 4 ClubMate that he'd drawn the diagram wrogn

Bad bet, since in the original message he stated that the pf box is
*not* the default gateway for the "protected" boxes...

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

block ip & MAC

2006-05-06 Thread S t i n g r a y 
Hello there

i am looking for a solution that lets me have some
sort of allow mac address & ipaddress that will be
able to access my server or servers & use what ever
service they are offering.
& as i am using a network in which i dont have control
over users PC & cannot use service authentication i am
stuck with ip & mac filtering.
what do you recommend, at this time all my network is
on a single subnet.


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: Mouse problem

2006-05-06 Thread Roger Neth Jr 

On 5/6/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote:

Have you tried xorgconfig?

rogern

John 3:16

Re: multiple publicIPs

2006-05-06 Thread Falk Husemann 

On 06.05.2006, at 15:25, Peter Blair wrote:


Perhaps I'm confused, but it doesn't look (from your diagram) that
your pf machine is acting as a firewall for anything but itself.


I'd bet 4 ClubMate that he'd drawn the diagram wrogn

Re: Partition not showing up in disklabel

2006-05-06 Thread Joseph C. Bender 

Nick Guenther wrote:

On 5/6/06, Henrik Borgh <[EMAIL PROTECTED]> wrote:

$ sudo fdisk wd0
Password:
Disk: wd0   geometry: 4864/255/63 [78140160 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

 0: 120   1  1 -  382 254 63 [  63: 6152832 ] Compaq 
Diag.
 1: 0C  383   0  1 - 2597 254 63 [ 6152895:35583975 ] Win95 
FAT32L

*2: A6 2598   0  1 - 3930 254 63 [41736870:21414645 ] OpenBSD
 3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 
FAT32L


$ sudo disklabel wd0

[Snip disklabel intro]


16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a:  20761146  41736870  4.2BSD   2048 16384  328 # Cyl 
41405*- 62001
  b:653499  62498016swap   # Cyl 62002 
- 62650*
  c:  78140160 0  unused  0 0  # Cyl 0 
- 77519
  i:   615283263 unknown   # Cyl 
0*-  6104*
  j:  35583975   6152895   MSDOS   # Cyl  
6104*- 41405*




You'll have to redo the disklabel but it's not such a horrible
experience as you might think. Just do "disklabel -e wd0", clear it,
and start putting in new lines. Make sure to keep this output so you
can put the old partitions back.

	I'm sorry, do what, exactly?  Clear it?  Why would you want to do 
something like that when the OP would just need to add ONE line.


This is what I'd do:

	"sudo disklabel -e wd0", yes, but you just need to copy and change the 
copied line to meet the parameters of the new partition.


Specifically, once in the editor:

	Find the "j:" entry from the above disklabel.  Copy and put it right 
below it "yyp" if you're not very familar with vi.


Then change "j:" to "k:", change the size column's value to the size 
value reported in fdisk, change the offset column's value to the "start" 
value as reported by fdisk for that partition.  Save and quit. 
Disklabel will then update the label to make this happen.


	Then create the mount point directory that you want this filesystem on, 
if you haven't already done so, then edit your fstab with your favorite 
editor.  Copy and put the mount line from the existing FAT filesystem, 
then edit the copy's mount directory and slice entries to match the 
slice you defined (in this example, "wd0k").


	Then reboot to test your changes. Yeah, you could do a "mount 
/mount_point", but it's better to reboot to make sure you get your 
changes on the next reboot now than when it's really inconvenient to do so.



So long as you are only messing with the disklabel you shouldn't be
able to destroy your data (well, data on the windows drives at least)

>
	This is misleading.  The OpenBSD disklabel is EVERYTHING to that OS, 
you screw it up, game over.  It is very possible to toast a FAT32 if 
you don't get the disklabel set up right.  Anytime you mod the i386 
partition table or the disklabel assume you might toast EVERYTHING on 
the drive.  That is, have backups, especially if you're learning this stuff.


Then again, if the OP only adds one line, rather than rekey the WHOLE 
DISKLABEL as you are suggesting, this shouldn't be a problem to OpenBSD.




but as always, be careful.


Indeed.

--
Joseph C. Bender
jcbender on domain benderhome dot net

Re: Partition not showing up in disklabel

2006-05-06 Thread Nick Holland 

Henrik Borgh wrote:

Hello there.

I have a laptop which dualboots Windows XP and OpenBSD. For each of
these i have a partition. Further more i have a partition, which
contains somekind of restore-information and at last another
partition.
The Windows XP-partition is FAT32, the restore-partition is some
Compaq-thingie and the last partition is also FAT32.
Unfortinately i apparently can not access the second FAT32-partition
from OpenBSD, and even after reading the manpages for fdisk(8) and
disklabel(8), i haven't found my solution. I fear that i may have
missed something very basical somewhere and would really like a hint,
for where to go.
The FAT32-partition is
3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L
which was created _after_ the OpenBSD installation. My poroblem now
is, that i haven't been able to find a way to include this to the
existing disklabel, without clearing the entire disklabel and manually
create it again?



Don't clear anything!

Just add it.  That is something you have to do, however.  Nothing does it
automatically for you after the initial install.

http://www.openbsd.org/faq/faq14.html#foreignfs
Read the whole thing.  Carefully.
If you don't understand, start at the top of FAQ 14, and work back through
it.  When you understand what is going on (usually indicated by saying to
yourself, "Oh, I get it! That's cool!"), you are ready to do it.

As always, have a backup of important data before starting, though if you
understand what you are doing, recovery from most errors is pretty easy.
You win no points for finding the edge cases, however.

Nick.

Empty root password

2006-05-06 Thread Peter Fraser 
I was very surprised, that when I was installing
a 3.9 system, that you can use an empty root password

I accidentally entered a 'return' when it asked for the
root password, so I entered a 'return" again when
I was asked to repeat the password, thinking that
a empty password would be denied, and I would be asked
again.

Re: Partition not showing up in disklabel

2006-05-06 Thread Nick Guenther 

On 5/6/06, Henrik Borgh <[EMAIL PROTECTED]> wrote:

Hello there.

I have a laptop which dualboots Windows XP and OpenBSD. For each of
these i have a partition. Further more i have a partition, which
contains somekind of restore-information and at last another
partition.
The Windows XP-partition is FAT32, the restore-partition is some
Compaq-thingie and the last partition is also FAT32.
Unfortinately i apparently can not access the second FAT32-partition
from OpenBSD, and even after reading the manpages for fdisk(8) and
disklabel(8), i haven't found my solution. I fear that i may have
missed something very basical somewhere and would really like a hint,
for where to go.
The FAT32-partition is
3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L
which was created _after_ the OpenBSD installation. My poroblem now
is, that i haven't been able to find a way to include this to the
existing disklabel, without clearing the entire disklabel and manually
create it again?
Any hint is very welcomming :)

$ uname -a
OpenBSD compaq.open.bsd 3.9 GENERIC#617 i386

$ sudo fdisk wd0
Password:
Disk: wd0   geometry: 4864/255/63 [78140160 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

 0: 120   1  1 -  382 254 63 [  63: 6152832 ] Compaq Diag.
 1: 0C  383   0  1 - 2597 254 63 [ 6152895:35583975 ] Win95 FAT32L
*2: A6 2598   0  1 - 3930 254 63 [41736870:21414645 ] OpenBSD
 3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L

$ sudo disklabel wd0
# Inside MBR partition 2: type A6 start 41736870 size 21414645
# /dev/rwd0c:
type: ESDI
disk: ESDI/IDE disk
label: TOSHIBA MK4025GA
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 78140160
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a:  20761146  41736870  4.2BSD   2048 16384  328 # Cyl 41405*- 62001
  b:653499  62498016swap   # Cyl 62002 - 62650*
  c:  78140160 0  unused  0 0  # Cyl 0 - 77519
  i:   615283263 unknown   # Cyl 0*-  6104*
  j:  35583975   6152895   MSDOS   # Cyl  6104*- 41405*



You'll have to redo the disklabel but it's not such a horrible
experience as you might think. Just do "disklabel -e wd0", clear it,
and start putting in new lines. Make sure to keep this output so you
can put the old partitions back.

So long as you are only messing with the disklabel you shouldn't be
able to destroy your data (well, data on the windows drives at least)
but as always, be careful.

-Nick

Re: Mouse problem

2006-05-06 Thread Gabriel George POPA 
No, the faq#12 on this matter solves nothing. I'm not using such kind of 
switching.

Re: Mouse problem

2006-05-06 Thread Gabriel George POPA 
The dmesg is the same as before.

Vladas Urbonas wrote:

> give the dmesg at least.
> for example two dmesg's with different mouses pluged in.
>  
> otherwise your question if very abstract.
>
>  
> On 04/05/06, *Gabriel George POPA* <[EMAIL PROTECTED] 
> > wrote:
>
> Hello all,
>
> I have the following problem: I installed OpenBSD 3.8 a long time
> ago and
> I have used it since november as a production system. Everything
> worked OK.
> I like very much OpenBSD because I managed to configure a lot of
> things quickly
> (faster than on FreeBSD for example, but this is another story). I
> configured very well the mouse too (since installation). It worked
> OK in
> console and in X11R6. Unfortunately, one day when I came to work the
> mouse pointer started to behave in a chaotic manner on the screen
> when I
> moved the mouse. Both in console and in X. Very nasty. I know it
> is a stupid
> problem and a stupid question, but that's it. I changed the mouse,
> the same thing. I tried this mouse on another computer and it
> worked fine. So now I have
> two options: I have a SW problem and a HW problem (the HW is new,
> bought in
> november...). My question would be: having given the fact that I
> modified
> nothing in the system configuration and that no one else used this
> computer
> for other purposes while I was missing, it is possible to have a
> HW problem
> or a misconfigured SW? Have you encountered this before?
> Any suggestions?
>
>  Yours in BSDness,
>  Gabriel
> George POPA

Partition not showing up in disklabel

2006-05-06 Thread Henrik Borgh 

Hello there.

I have a laptop which dualboots Windows XP and OpenBSD. For each of
these i have a partition. Further more i have a partition, which
contains somekind of restore-information and at last another
partition.
The Windows XP-partition is FAT32, the restore-partition is some
Compaq-thingie and the last partition is also FAT32.
Unfortinately i apparently can not access the second FAT32-partition
from OpenBSD, and even after reading the manpages for fdisk(8) and
disklabel(8), i haven't found my solution. I fear that i may have
missed something very basical somewhere and would really like a hint,
for where to go.
The FAT32-partition is
3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L
which was created _after_ the OpenBSD installation. My poroblem now
is, that i haven't been able to find a way to include this to the
existing disklabel, without clearing the entire disklabel and manually
create it again?
Any hint is very welcomming :)

$ uname -a
OpenBSD compaq.open.bsd 3.9 GENERIC#617 i386

$ sudo fdisk wd0
Password:
Disk: wd0   geometry: 4864/255/63 [78140160 Sectors]
Offset: 0   Signature: 0xAA55
Starting   Ending   LBA Info:
#: idC   H  S -C   H  S [   start:  size   ]

0: 120   1  1 -  382 254 63 [  63: 6152832 ] Compaq Diag.
1: 0C  383   0  1 - 2597 254 63 [ 6152895:35583975 ] Win95 FAT32L
*2: A6 2598   0  1 - 3930 254 63 [41736870:21414645 ] OpenBSD
3: 0C 3931   0  1 - 4862 254 63 [63151515:14972580 ] Win95 FAT32L

$ sudo disklabel wd0
# Inside MBR partition 2: type A6 start 41736870 size 21414645
# /dev/rwd0c:
type: ESDI
disk: ESDI/IDE disk
label: TOSHIBA MK4025GA
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 78140160
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
 a:  20761146  41736870  4.2BSD   2048 16384  328 # Cyl 41405*- 62001
 b:653499  62498016swap   # Cyl 62002 - 62650*
 c:  78140160 0  unused  0 0  # Cyl 0 - 77519
 i:   615283263 unknown   # Cyl 0*-  6104*
 j:  35583975   6152895   MSDOS   # Cyl  6104*- 41405*



--
Regards
Henrik

gnome-session apears to be unistallable on amd64

2006-05-06 Thread stan 
I tried to install gnome-session from 3.9 on amd64. In ports
it fails to comile, and when I try to add it using packages,
I get an unresolved dependency on gnome-applets2-2.10.1p3

Is there a way to work around this?

-- 
U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong 
Terror 
- New York Times 9/3/1967

Re: parallel port application

2006-05-06 Thread Tihomir Koychev 
Hi
 Thanks for all answers.I write a sample programe that do the job i
want.The program is test on OpenBSD 3.9 .The source can be doanload
from
http://www.betstrikes.com/OpenBSD/outb.c

/*
 * You need to have the machdep.allowaperture sysctl set to >=1 if
running at securelevel 1 or above.
 * syscrl -w machdep.allowaperture=2
 * thanks to
http://marc.theaimsgroup.com/?l=openbsd-tech&m=101984806101040&w=2
 *
 * To compile use:
 * gcc -O -li386 outb.c -o outb
 *
*/


#include 
#include 

#include 
#include 
#include 
#include 

#define base 0x378   /* printer port base address */

int
main(int argc, char *argv[]) {
int value;
int port;
u_long iomap[32];
extern char *__progname;

if (argc!=3) {
fprintf(stderr, "Usage: %s [value]\n", __progname);
exit(1);
}

if (sscanf(argv[1],"%i",&value)!=1)
fprintf(stderr, "Error: Parameter is not a number.\n"),
exit(1);

if ((value<0) || (value>255))
fprintf(stderr, "Error: Invalid numeric value. Enter
value between 0 and 255\n"), exit(1);


/* Enable access to the port */
port = base;

struct i386_set_ioperm_args ioperm;

ioperm.iomap = iomap;
syscall(SYS_sysarch, I386_GET_IOPERM, (char *) &ioperm);
iomap[port >> 5] &= ~(1 << (port & 0x1f));
syscall(SYS_sysarch, I386_SET_IOPERM, (char *) &ioperm);

outb(port, value); /* Set the output register   */

return 0;
}

Any suggestions and comments are wellcome.

Best regards
Tihomir 

--- Nick Guenther <[EMAIL PROTECTED]> wrote:

> On 5/5/06, Tihomir Koychev <[EMAIL PROTECTED]> wrote:
> > Hi
> >  Can someone suggest simple application which can send data to
> parallel
> > port.I want to send 0,1 on pin2 to control relay.
> >
> > best regards
> > Tihomir
> >
> 
> Start here:
> http://marc.theaimsgroup.com/?l=openbsd-tech&m=101984806101040&w=2
> 


www.BetStrikes.com - futbolni prognozi Tsrankmh opncmngh

Re: multiple publicIPs

2006-05-06 Thread Peter Blair 

Perhaps I'm confused, but it doesn't look (from your diagram) that
your pf machine is acting as a firewall for anything but itself.

If you want to filter traffic to your public machines, then you'll
have to either:

1) Use the pf-machine as a bridge between the "internet" ethernet
segment, and the ethernet segment with your publicly available
machines
2) Place your public machines into a DMZ, and filter/NAT/rdr traffic
to/from them via the pf machine.

On 5/5/06, Sparc <[EMAIL PROTECTED]> wrote:

Hello everyone,

  INTERNET
 ^
 |
 x - - - - - [SWITCH] - - - - - - - - - - x
  [PF firewall][Several publicIPs]

I am running a network with several public IP addresses that are used for 
different services and I used PF with a dedicated box (see illustrated) to 
control incoming and outgoing packets onto and from these public IPs. I have 
not been able to notice until such time that they were exposed to a different 
types of probes such as ping, use of port scanner, etc from the Internet. Below 
are the rules I used to supposedly block incoming packets to my public IPs.

Just for info, I used the gateway address provided by my ISP not the IP on my 
PF box. I havent tried using the PF as a gateway. I dont think its going to 
work.


# M A C R O S
ext_if="sis0"
int_if="xl0"
serversPUB="{ my.pub.lic.1, my.pub.lic.2, my.pub.lic.3, etc... }"
www_virt="my.pub.lic.1"

# O P T I O N S
set optimization normal
set block-policy drop
set loginterface $ext_if
set skip on lo0

# N O R M A L I Z A T I O N
scrub in all

# N A T  /  R D R
#xlation gateway

# F I L T E R
#protect public and local address [ incoming, outgoing ]
block all
pass quick on lo0 all
antispoof log quick for { $ext_if, $int_if } inet

block drop in on $ext_if inet from any to $serversPUB  # I tried to tweak 
with different scenario,
   # doesnt work
pass in on $ext_if proto tcp from any to $www_virt port { www, https } \
  flags S/SA synproxy state
--

As you can see only a few rules are put here above just to give you an
idea how I did the blocking. The other rules with my services so far
are continuously going well. I just don't want to permit incoming
packets directly to my publicIPs that is why I have the PF as my
firewall to centrally manage incoming and outgoing.

On the above BLOCK rule, i supposed it blocks all incoming packets on
$ext_if through $serversPUB. Unfortunately it doesn't. I have bought
openbsd books including the Building firewall with OpenBSD pf by Jacek
and read lots of articles about rules in pf but haven't find one that
is similar to my setup, everything uses NAT / RDR to access services
(e.g. webserver, etc). Here, I didn't use rdr because it uses a public
IP as stated in MACROS.

I appreciate your help so much.

Thanks,
-Sparc

Re: wmoused sensitivty?

2006-05-06 Thread Rogier Krieger 

On 5/6/06, stan <[EMAIL PROTECTED]> wrote:

Is there a way that I can adjust the sensitivty of wmoused?


Although I work mostly with a CLI, I suppose the following sounds
promising, citing from wsmouse(4):

"The wsmouse driver provides a number of ioctl functions to control
various parameters (see /usr/include/dev/wscons/wsconsio.h).  The
wsconsctl(8) utility gives access to these variables."

Hope that helps,

Rogier

--
If you don't know where you're going, any road will get you there.

wmoused sensitivty?

2006-05-06 Thread stan 
Is there a way that I can adjust the sensitivty of wmoused?

I'm using a USB moused on a Sun X2100, and it's way too fast, I need to
slow it down a bit.


-- 
U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong 
Terror 
- New York Times 9/3/1967

Re: OpenBSD alternative for Bruce Schneier's "password safe"

2006-05-06 Thread Marcus Popp 
On 2006-05-06T14:32, Siju George wrote:
> Hi Tanvir,
> 
> Thankyou so much for the info and offer :-)
> 
> On 5/6/06, Tanvir Ahmed <[EMAIL PROTECTED]> wrote:
> >On 5/5/06, Siju George <[EMAIL PROTECTED]> wrote:
> >> It would be really great if some on can give advice on this topic :-)
> >
> >You can keep your passwords in plain-text grepable file format and
> >encrypt the file using GnuPG. I have written a small shell script
> >which takes a server name as a command-line argument, then decrypts
> >the password file, shows you the normal user's and root's password
> >
> 
> actually I donot want the password to be displayed on the console.

maybe xclip (port|package) is the right tool for you.
"echo foo | xclip" (replace 'echo foo with your favourite tool)

hth,

Marcus.

I can't make iwi(4) driver work in 3.9

2006-05-06 Thread Ramiro Aceves 

Hello dear OpenBSD friends.

I have an Intel 2200 Wireless card on my laptop. It was working on 
OpenBSD 3.8. I have just installed a fresh OpenBSD 3.9. I also have 
installed the 3.0 firmware.



# pkg_info
iwi-firmware-3.0Firmware binary image for iwi driver


# ls -l /etc/firmware/iwi*
-rwxr-xr-x  1 root  wheel  191142 Mar 26 17:29 /etc/firmware/iwi-bss
-rwxr-xr-x  1 root  wheel  185660 Mar 26 17:29 /etc/firmware/iwi-ibss
-rwxr-xr-x  1 root  wheel   12007 Mar 26 17:29 /etc/firmware/iwi-license
-rwxr-xr-x  1 root  wheel  187836 Mar 26 17:29 /etc/firmware/iwi-monitor

I get his error whe using the command:

#ifconfig -M iwi0



# dmesg | grep iwi
iwi0 at pci1 dev 2 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: irq 
11, address 00:13:ce:6b:7d:01

iwi0: could not read firmware iwi-boot, error 2
iwi0: could not load boot firmware
iwi0: could not read firmware iwi-boot, error 2
iwi0: could not load boot firmware
iwi0 at pci1 dev 2 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: irq 
11, address 00:13:ce:6b:7d:01
iwi0 at pci1 dev 2 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: irq 
11, address 00:13:ce:6b:7d:01

iwi0: could not read firmware iwi-boot, error 2
iwi0: could not load boot firmware
iwi0: could not read firmware iwi-boot, error 2
iwi0: could not load boot firmware
iwi0: could not read firmware iwi-boot, error 2
iwi0: could not load boot firmware
iwi0: could not read firmware iwi-boot, error 2
iwi0: could not load boot firmware


I have tried also 2.3 firmware with the same result. Attached below is 
the dmesg.



Thank you very much in advance.

Ramiro.



#dmesg

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.86GHz ("GenuineIntel" 686-class) 
1.87 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1400 MHz (1356 mV): unknown EST cpu, no changes 
possible

real mem  = 1064800256 (1039844K)
avail mem = 964870144 (942256K)
using 4278 buffers containing 53342208 bytes (52092K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(e0) BIOS, date 07/12/04, BIOS32 rev. 0 @ 0xea510
pcibios0 at bios0: rev 2.1 @ 0xe6000/0x6b1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfe840/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801AA LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xf400! 0xe/0x2000! 0xe5000/0x1000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM/PM/GMS Host" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82915GM/GMS Video" rev 0x04: 
aperture at 0xd000, size 0x1000

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82915GM/GMS Video" rev 0x04 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: irq 7
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: irq 3
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x04: irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x04: irq 7
ehci0: reset timeout
ehci0: init failed, error=13
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4
pci1 at ppb0 bus 1
"VIA VT6306 FireWire" rev 0x80 at pci1 dev 0 function 0 not configured
re0 at pci1 dev 1 function 0 "Realtek 8169" rev 0x10: irq 11, address 
00:0f:b0:93:6f:e1

rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
iwi0 at pci1 dev 2 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: irq 
11, address 00:13:ce:6b:7d:01
cbb0 at pci1 dev 4 function 0 "ENE CB-710 CardBus" rev 0x00pci_intr_map: 
no mapping for pin A

: couldn't map interrupt
vendor "ENE", unknown product 0x0530 (class memory subclass flash, rev 
0x00) at pci1 dev 4 function 1 not configured
vendor "ENE", unknown product 0x0550 (class system unknown subclass 
0x05, rev 0x00) at pci1 dev 4 function 2 not configured
auich0 at pci0 dev 30 function 2 "Intel 82801FB AC97" rev 0x04: irq 5, 
ICH6 AC97

ac97: codec id 0x414c4752 (Avance Logic ALC250A?)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0
"Intel 82801FB Modem" rev 0x04 at pci0 dev 30 function 3 not configured
ichpcib0 at pci0 dev 31

Re: 3.9: Two em's and dual fxp not working

2006-05-06 Thread josh 
If it helps, here is the dmesg of netbsd 3.0 running on the same machine
( which detects all the cards properly )

NetBSD 3.0 (GENERIC) #0: Mon Dec 19 01:04:02 UTC 2005
   
[EMAIL 
PROTECTED]:/home/builds/ab/netbsd-3-0-RELEASE/i386/200512182024Z-obj/home/builds/ab/netbsd-3-0-RELEASE/src/sys/arch/i386/compile/GENERIC
total memory = 503 MB
avail memory = 484 MB
BIOS32 rev. 0 found at 0xf0010
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel (686-class), 2992.83 MHz, id 0xf43
cpu0: features
bfebfbff
cpu0: features bfebfbff
cpu0: features bfebfbff
cpu0: features2 649d
cpu0: features3 2000
cpu0: "Intel(R) Pentium(R) 4 CPU 3.00GHz"
cpu0: I-cache 12K uOp cache 8-way
cpu0: ITLB 4K/4M: 128 entries
cpu0: DTLB 4K/4M: 64 entries
cpu0: using thermal monitor 1
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0
pchb0: Intel product 0x2588 (rev. 0x05)
vga1 at pci0 dev 2 function 0: Intel product 0x258a (rev. 0x05)
wsdisplay0 at vga1 kbdmux 1: console (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
ppb0 at pci0 dev 28 function 0: Intel 82801FB/FR PCI Express Port #0
(rev. 0x03)
pci1 at ppb0 bus 2
pci1: i/o space, memory space enabled, rd/line, wr/inv ok
ppb1 at pci1 dev 0 function 0: Intel product 0x0329 (rev. 0x09)
pci2 at ppb1 bus 5
pci2: i/o space, memory space enabled, rd/line, wr/inv ok
wm0 at pci2 dev 3 function 0: Intel i82541GI 1000BASE-T Ethernet, rev. 5
wm0: interrupting at irq 11
wm0: 32-bit 66MHz PCI bus
wm0: 256 word (8 address bits) MicroWire EEPROM
wm0: Ethernet address 00:0e:0c:4b:44:93
igphy0 at wm0 phy 1: Intel IGP01E1000 Gigabit PHY, rev. 0
igphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT,
1000baseT-FDX, auto
ppb2 at pci1 dev 0 function 2: Intel product 0x032a (rev. 0x09)
pci3 at ppb2 bus 3
pci3: i/o space, memory space enabled, rd/line, wr/inv ok
ppb3 at pci3 dev 1 function 0: Digital Equipment DC21152 PCI-PCI Bridge
(rev. 0x03)
pci4 at ppb3 bus 4
pci4: i/o space, memory space enabled, rd/line, wr/inv ok
fxp0 at pci4 dev 4 function 0: i82558 Ethernet, rev 5
fxp0: interrupting at irq 10
fxp0: May need receiver lock-up workaround
fxp0: Ethernet address 00:50:8b:68:62:62
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1 at pci4 dev 5 function 0: i82558 Ethernet, rev 5
fxp1: interrupting at irq 7
fxp1: May need receiver lock-up workaround
fxp1: Ethernet address 00:50:8b:68:62:63
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 0
inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ppb4 at pci0 dev 30 function 0: Intel 82801BA Hub-PCI Bridge (rev. 0xd3)
pci5 at ppb4 bus 1
pci5: i/o space, memory space enabled
wm1 at pci5 dev 3 function 0: Intel i82541GI 1000BASE-T Ethernet, rev. 5
wm1: interrupting at irq 5
wm1: 32-bit 33MHz PCI bus
wm1: 256 word (8 address bits) MicroWire EEPROM
wm1: Ethernet address 00:0e:0c:4b:44:92
igphy1 at wm1 phy 1: Intel IGP01E1000 Gigabit PHY, rev. 0
igphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT,
1000baseT-FDX, auto
pcib0 at pci0 dev 31 function 0
pcib0: Intel 82801FB LPC Interface Bridge (rev. 0x03)
piixide0 at pci0 dev 31 function 1
piixide0: Intel 82801FB IDE Controller (ICH6) (rev. 0x03)
piixide0: bus-master DMA support present
piixide0: primary channel configured to compatibility mode
piixide0: primary channel interrupting at irq 14
atabus0 at piixide0 channel 0
piixide0: secondary channel configured to compatibility mode
piixide0: secondary channel interrupting at irq 15
atabus1 at piixide0 channel 1
piixide1 at pci0 dev 31 function 2
piixide1: Intel 82801FR Serial ATA/Raid Controller (rev. 0x03)
piixide1: bus-master DMA support present
piixide1: primary channel wired to native-PCI mode
piixide1: using irq 11 for native-PCI interrupt
atabus2 at piixide1 channel 0
piixide1: secondary channel wired to compatibility mode
piixide1: couldn't map secondary channel cmd regs
Intel 82801FB/FR SMBus Controller (SMBus serial bus, revision 0x03) at
pci0 dev 31 function 3 not configured
isa0 at pcib0
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
isapnp0: no ISA Plug 'n Play devices found
Kernelized RAIDframe activated
atapibus0 at atabus0: 2 targets
cd0 at atapibus0 drive 0:  cdrom removable
cd0: 32-bit data port
cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
cd0(piixide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using
DMA)
wd0 at atabus2 drive 0: 
wd0: drive supports 16-secto

3.9: Two em's and dual fxp not working

2006-05-06 Thread josh 
Hello...

Just bought an Intel Buckner 1U server, which has a SR1425BK1NA type
motherboard on it.

It has two 1000Mbit intel nics on-board, and I put in a dual port fxp
card ( which has worked before on other machines ). 

Using OpenBSD 3.9, Only em0 shows up, and nothing else... any ideas?

Here is the dmesg:

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,CNXT-ID
cpu0: Enhanced SpeedStep disabled by BIOS
real mem  = 527953920 (515580K)
avail mem = 474710016 (463584K)
using 4278 buffers containing 26501120 bytes (25880K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/24/05, BIOS32 rev. 0 @
0xf0010
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf54a0/240 (13 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FB LPC" rev
0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x9400!
ipmi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7221 MCH Host" rev 0x05
vga1 at pci0 dev 2 function 0 "Intel E7221 Video" rev 0x05: aperture at
0xdf90, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x03
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci2 at ppb1 bus 5
ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 3
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xd3
pci4 at ppb3 bus 2
em0 at pci4 dev 3 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq
5, address 00:0e:0c:4b:44:92
ichpcib0 at pci0 dev 31 function 0 "Intel 82801FB LPC" rev 0x03: PM
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE" rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 "Intel 82801FR SATA" rev 0x03: DMA,
channel 0 wired to native-PCI, channel 1 wired to compatibility
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide1: couldn't map channel 1 cmd regs
ichiic0 at pci0 dev 31 function 3 "Intel 82801FB SMBus" rev 0x03: irq 11
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ffc5 netmask ffe5 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302


Thanks, 
Josh

Re: OpenBSD alternative for Bruce Schneier's "password safe"

2006-05-06 Thread Siju George 

Hi Tanvir,

Thankyou so much for the info and offer :-)

On 5/6/06, Tanvir Ahmed <[EMAIL PROTECTED]> wrote:

On 5/5/06, Siju George <[EMAIL PROTECTED]> wrote:
> It would be really great if some on can give advice on this topic :-)

You can keep your passwords in plain-text grepable file format and
encrypt the file using GnuPG. I have written a small shell script
which takes a server name as a command-line argument, then decrypts
the password file, shows you the normal user's and root's password



actually I donot want the password to be displayed on the console.


for
that particular server and then ssh you to the server using SSH key.
The password file gets deleted every 10 minutes by crontab.

Let me know if you need the script. YMMV.



Please send it Tanvir :-)

Thankyou so much once again

Kind Regards

Siju

Re: OpenBSD alternative for Bruce Schneier's "password safe"

2006-05-06 Thread Siju George 

On 5/6/06, Michael Frost <[EMAIL PROTECTED]> wrote:

Siju George wrote:
> Hi,
>
> What can I use in OpenBSD instead of.
>
> http://passwordsafe.sourceforge.net

Look here: http://www.fpx.de/fp/Software/Gorilla/

It can be compiled to run under OpenBSD as well.




Thanks a million Michael :-)
This is exactly what I was looking for. "pwsafe" from ports is fine.
But I am glad about this that has a GUI :-)

But there is one problem.

http://www.equi4.com/pub/tk/downloads.html

lists only "alpha" and "x86" binaries. Unfortunately I am on an amd64 ( 3.9) :-(

and it gives this error posted below :-(

Could Someone please help me trouble shoot it?

Thankyou so much

Kind Regards

Siju

-
# tclkit-openbsd-x86 gorilla-1.3.kit
/usr/local/bin/tclkit-openbsd-x86[1]:
: not found   p
/usr/local/bin/tclkit-openbsd-x86[2]: Failure: not found
/usr/local/bin/tclkit-openbsd-x86[3]: Bad: not found
/usr/local/bin/tclkit-openbsd-x86[4]: Cannot: not found
/usr/local/bin/tclkit-openbsd-x86[5]:
/usr/local/bin/tclkit-openbsd-x86[6]: ld.so: not found
/usr/local/bin/tclkit-openbsd-x86[7]: el,[EMAIL PROTECTED]/ic
/usr/local/bin/tclkit-openbsd-x86[8]: hxjjh: not found
/usr/local/bin/tclkit-openbsd-x86[9]: Dxjjh~~D: not found
/usr/local/bin/tclkit-openbsd-x86[9]: =Ltjhjjhg~Dxjjh[~D: not found
=usr/local/bin/tclkit-openbsd-x86[9]:
[EMAIL PROTECTED](c)tfAAHfA%=ukM
=   tk
8k

/usr/local/bin/tclkit-openbsd-x86[10]: z
   t,wBtPfAAHfAf=LtiHzL