Re: OpenOffice.org 2.0 works on OpenBSD

[Siju George]

On 6/7/06, Siju George <[EMAIL PROTECTED]> wrote:

On 6/7/06, Frank Denis <[EMAIL PROTECTED]> wrote:
>   Hello,
>
> Le Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum ecrivait :
> >In October of last year, Frank reported that he succeeded in installing 
OpenOffice 2.0 on
> >OpenBSD
>
>   Openoffice.org still works fine under OpenBSD.
>   I don't have any host with X11 right now, but the basic steps to install
> it were :
>
> - pkg_add redhat_base
> - get the Openoffice.org RPM
> - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm
> - /opt/openoffice.org2.2/program/soffice
>

Thankyou so much Frank for your reply.
Will the same steps work for an amd64 OpenbSD 3.9 ?



it seems no :-(

# cd /usr/ports//emulators/redhat/
# make install
===> emulators/redhat/base
===>  redhat_base-8.0p8 is only for i386, not amd64.
===> emulators/redhat/libc5
===>  redhat_libc5-6.2p0 is only for i386, not amd64.
===> emulators/redhat/motif
===>  redhat_motif-2.1.30p3 is only for i386, not amd64.

Hope 4.0 will have a port that doesnot require Linux Binary emulation :-)

Thankyou so much again.

Kind Regards

Siju

Re: OpenOffice.org 2.0 works on OpenBSD

[Siju George]

On 6/7/06, Frank Denis <[EMAIL PROTECTED]> wrote:

  Hello,

Le Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum ecrivait :
>In October of last year, Frank reported that he succeeded in installing 
OpenOffice 2.0 on
>OpenBSD

  Openoffice.org still works fine under OpenBSD.
  I don't have any host with X11 right now, but the basic steps to install
it were :

- pkg_add redhat_base
- get the Openoffice.org RPM
- /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm
- /opt/openoffice.org2.2/program/soffice



Thankyou so much Frank for your reply.
Will the same steps work for an amd64 OpenbSD 3.9 ?

Thankyou so much

KInd Regards

Siju

Re: OpenOffice.org 2.0 works on OpenBSD

[Johan SANCHEZ]

On Tue, 6 Jun 2006 20:51:28 +0200 (CEST)
Nikolaus Hiebaum <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> In October of last year, Frank reported that he succeeded in installing 
> OpenOffice 2.0 on
> OpenBSD (cf. 
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2).
> Unfortunately, his blog where the steps were listed is off-line
> (http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting 
> Frank via e-mail
> was unsuccesfull.
> 
> Hence, maybe he reads my message here or someone can still remember the 
> installation steps.
> Basically, I would like to have the instruction he outlined in his blog. ;-) 
> If someone could
> provide me with it, I'd be grateful.
> 
> (According to Google, there is an instruction on http://www.infobsd.org/, but 
> this server is
> unreachable at the moment and only referd to Frank's blog (if Google's Cache 
> is correct).)
> http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2
> http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3
> 
> 
> -- 
> Beste Gr|_e / Best regards ,
> Nikolaus Hiebaum
> 
> 

hi,
check you have the prereqs and the redhat base package then
download the linux rpm without jre.
Untar it cd it then rpm it
sudo rpm --ignoreos --ignorearch -ivh --nodeps  *.rpm 
Cheers

Re: system lock-up - RTFM?

[Shane J Pearson]

On 2006.06.07, at 2:42 PM, Breen Ouellette wrote:


Did you actually read and then understand my original post?


Yes. I replied because I just wanted to clarify that memtest86 can be  
used to identify bad memory down to a stick, through the use of it  
and a thorough testing process.


Telling someone new to memtest86 that it detects bad memory sticks  
is misleading and could give them a nice headache if their problem  
is not the stick.


If they read the "Troubleshooting Memory Errors" info for memtest86,  
linked to from the old site and the new site, they'll see that to  
isolate the defective stick, they can remove, rotate or replace  
modules to see what device the error follows.


Like anything, memtest86 is a tool which can be used well or misused.  
It is up to the user to put the required effort into getting the most  
of it. Memtest86 can be used to detect bad memory sticks. It just  
does not isolate to a stick on it's own. It should be obvious to  
anyone, that some sort of elimination process will be required, once  
they have run it once.


You seem to think that I disagree with you? I am merely clarifying my  
point of view which seems to be the same as yours.


I can think of a situation which could be quite interesting to  
isolate a stick. Old BX motherboards with 4 SDRAM slots. Many could  
not power all 4 modules if they were particularly power hungry  
modules. Those motherboards typically supported memory modules  
without built in buffering (buffering in the electronic sense to keep  
digital states within required tolerances) and if the chipset was  
close to the maximum power it could deliver to the RAM, then errors  
would be all over the place and mostly non-repeatable. Rotating or  
replacing modules would thus be pointless. Worse still, removing  
modules might give the incorrect impression of finding a faulty  
module, when in fact it was a power delivery problem and removing  
*any* of the modules would have the same effect.



Shane

OpenTV

[Julian Bolivar]

Hi everybody, I installed a Video Streaming server using OpenBSD 3.9 and 
VideoLAN, I invite to all to visit my test page at 
"http://jbolivar.sytes.net";. All comments are welcome.


Thanks and Regards.

Julian

Re: system lock-up - RTFM?

[Breen Ouellette]

Shane J Pearson wrote:
I have a faulty DDR2 SODIMM in my laptop which memtest86 shows to fail 
in the same place every single time. This machine has 2 SODIMMS. If I 
swap their positions in the memory slots in my laptop, memtest86 shows 
the errors follow the module to the other slot, while showing the 
original potentially faulty slot to be fine. Same deal if I swap the 
memory between my laptop and my girlfriends. Problem follows module.


Yeah, sure, in some cases when memtest86 reports a memory error it is an 
indication of faulty memory. But there are many situations where 
memtest86 detects a memory error which is related to a faulty CPU, 
mainboard, or power supply, or where a memory module is not compatible 
with the mainboard but is otherwise fine, or where there is an issue 
with heat buildup. An error in memtest86 does not specify which part is 
giving you problems, only that the problem is memory related!


At best, you can only expect memtest86 to identify a memory read or 
write error. It is up to the thinking being to eliminate the possible 
reasons for the memory error. If you blindly believe that your memory is 
bad when memtest86 detects an error then you are setting yourself up for 
a lot of pain and sorrow if in fact the problem is related to your 
northbridge overheating, as an example.


You've basically stated this above. You found an error with memtest86 
which alerted you to a problem (or more likely your laptop misbehaving 
alerted you to a problem and memtest86 narrowed the scope of the 
problem). You then took action and tested your memory in different 
configurations and then on a different machine, and by using your brain 
you were able to narrow down the problem to the memory stick itself. You 
identified the stick, memtest86 only started you on the right path by 
pointing out that there was a memory error. If it hadn't been the stick, 
then you would have had to consider something else.


Did you actually read and then understand my original post? The 
difference between a memory error and a faulty stick of RAM may be 
subtle, but there is a difference none the less. Telling someone new to 
memtest86 that it detects bad memory sticks is misleading and could give 
them a nice headache if their problem is not the stick.


Breeno

Re: system lock-up - RTFM?

[Shane J Pearson]

Hi Breen,

On 2006.06.07, at 4:39 AM, Breen Ouellette wrote:


Of course not. It doesn't even tell you if your memory is bad.


It can if you use it to identify a potentially faulty module and then  
move that module to another slot or machine and the problem follows  
the module (as reported by memtest86), instead of following the  
machine or original "problem" slot.


I have a faulty DDR2 SODIMM in my laptop which memtest86 shows to  
fail in the same place every single time. This machine has 2 SODIMMS.  
If I swap their positions in the memory slots in my laptop, memtest86  
shows the errors follow the module to the other slot, while showing  
the original potentially faulty slot to be fine. Same deal if I swap  
the memory between my laptop and my girlfriends. Problem follows module.


I take that as memtest86 being able to tell me that my memory is bad.  
It's the same as with many tools. As you already alluded to, you can  
get more accurate measurements with more thorough testing process.  
But as far as I am concerned, memtest86 can be used to identify bad  
memory.



Shane

Re: eWeek comment on OpenBSD

[Tony Abernethy]

Eliah Kagan wrote:
>
> On 6/6/06, Roger Neth Jr <[EMAIL PROTECTED]> wrote:
> > Even OpenBSDin my humble opinion, the safest operating system on the
> > planetis crackable, if you allow anyone to come and pound away at its
> > network interface.
> >
> > http://www.eweek.com/article2/0,1895,1972281,00.asp
>
> Construed literally, that would have to mean that all operating
> systems, including OpenBSD, have remote holes in their underlying
> TCP/IP stack implementations. (He's talking about pounding away at the
> **network interface** here!) This is manifestly unlikely. There are
> probably very few operating systems with remote holes in their TCP/IP
> stack implementations, and OpenBSD is probably not one of them.
>
> Steven J. Vaugh-Nichols probably doesn't mean this--he probably means
> something else. But it's not clear to me what he means, and I'm not
> sure it's clear to him, either.

Methinks you're right.

"Security is a process, not a product."
There is an ongoing process.
This ongoing process is supposed to be a cause.
Security is supposed to be the effect.

Security (to the extent that it exists) is built-in at a fundamental
level, not something bolted on later.
Security is also the non-existence of a number of stupidities.
Maybe chief among which is the tacit assumption that everything else
is perfect. (Error rate in gcc ... You're gonna do better?)

"Some systems are more secure than others."
No. Some systems are more insecure than others.
And there are degrees of insecurity.

Is OpenBSD secure?
Dunno, but look for cobwebs on the latest security updates.


>
> If he means that running OpenBSD doesn't guarantee that you'll never
> get hurt by a cracker, though, he's certainly right about that.
>
> -Eliah

Re: eWeek comment on OpenBSD

[Eliah Kagan]

On 6/6/06, Roger Neth Jr <[EMAIL PROTECTED]> wrote:

Even OpenBSDin my humble opinion, the safest operating system on the
planetis crackable, if you allow anyone to come and pound away at its
network interface.

http://www.eweek.com/article2/0,1895,1972281,00.asp


Construed literally, that would have to mean that all operating
systems, including OpenBSD, have remote holes in their underlying
TCP/IP stack implementations. (He's talking about pounding away at the
**network interface** here!) This is manifestly unlikely. There are
probably very few operating systems with remote holes in their TCP/IP
stack implementations, and OpenBSD is probably not one of them.

Steven J. Vaugh-Nichols probably doesn't mean this--he probably means
something else. But it's not clear to me what he means, and I'm not
sure it's clear to him, either.

If he means that running OpenBSD doesn't guarantee that you'll never
get hurt by a cracker, though, he's certainly right about that.

-Eliah

eWeek comment on OpenBSD

[Roger Neth Jr]

Even OpenBSDin my humble opinion, the safest operating system on the
planetis crackable, if you allow anyone to come and pound away at its
network interface.

http://www.eweek.com/article2/0,1895,1972281,00.asp
--
rogern

John 3:16

PF Rules blocking internal traffic. 2 Isp Links

[Marcos Marconcini]

Hi, 

 

I am using PF with two ISP links and doing load balancing.
Everything works fine, I copied the rules from the FAQ, except for one
issue. I am using samba, my problem appears when I have to Log to samba or
with RDR to my XP ip (192.168.3.22). PF is blocking internal traffic from my
PC to my OBSD 3.8 ( I am waiting for my 3.9 copy :-D ) machine ( with samba
server ). If I open the traffic on internal interface with a :

 

Pass in on $int_if from any to any 

 

Then samba works fine, but there's no load balancing. May be I am
misunderstanding something. Below are my rules. Any help to fix and improve
these rules would be appreciated. I have 2 Dsl links from the same provider
( there is only one provider where I am living ) and they don't want to
speed up my link. I have 2 links of  256 download and 128 upload working at
65% ( thanks to telefonica de argentina :-( )

 

Thanks

 

Marcos

 

 

#

# See pf.conf(5) and /usr/share/pf for syntax and examples.

# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1

# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 

ext_if1="tun0"

ext_gw1="200.51.241.211"

ext_if2="tun1"

ext_gw2="200.51.241.253"

int_if ="rl0"

lan_net="192.168.3.0/24"

gateway_addr="192.168.3.1"

 

# Options: tune the behavior of pf, default values are given.

set timeout { interval 30, frag 10 }

set timeout { tcp.first 120, tcp.opening 30, tcp.established 3600 }

set timeout { tcp.closing 120, tcp.finwait 45, tcp.closed 90 }

set timeout { udp.first 60, udp.single 30, udp.multiple 60 }

set timeout { icmp.first 20, icmp.error 10 }

set timeout { other.first 60, other.single 30, other.multiple 60 }

 

set limit { states 2, frags 5000 }

 

set optimization aggressive

 

scrub in on $ext_if1 all fragment reassemble random-id

scrub in on $ext_if2 all fragment reassemble random-id

 

altq on { $ext_if1, $ext_if2 }  priq bandwidth 100Kb queue { q_pri, q_def }

queue q_pri priority 7

queue q_def priority 1 priq(default)

 

 

# nat outgoing connections on each internet interface

nat on $ext_if1 from $lan_net to any -> ($ext_if1)  # sticky-address

nat on $ext_if2 from $lan_net to any -> ($ext_if2)  # sticky-address

 

# redirect local FTP

rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

 

# default deny

block in  from any to any

block out from any to any

block quick inet6

 

pass quick on lo all

 

# spoofing protection on  int_if

antispoof quick log for $int_if inet

 

# allow all outgoing traffic on IntIf

pass out on $int_if from any to $lan_net

 

# allow all incoming traffic on IntIf

pass in quick on $int_if from $lan_net to $int_if

 

# load balance tcp

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto tcp from $lan_net to any flags S/SA keep 

state

 

# load balance udp and icmp

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto { udp, icmp } from $lan_net to any keep s

tate

 

# ping to/from world

pass out log quick on { $ext_if1  $ext_if2 } inet proto icmp all icmp-type 8
code 0 keep state 

pass in  log quick on { $ext_if1  $ext_if2 } inet proto icmp all icmp-type 8
code 0 keep state 

 

# allow external access to SSH on both interfaces

pass in log quick on $ext_if1 inet proto tcp from !$lan_net to ($ext_if1)
port 22 flags S/SA keep state ( max-src-conn 5, max-src-co

nn-rate 3/30 ) queue (q_def, q_pri)

 

pass in log quick on $ext_if2 inet proto tcp from !$lan_net to ($ext_if2)
port 22 flags S/SA keep state ( max-src-conn 5, max-src-co

nn-rate 3/30 ) queue (q_def, q_pri)

 

pass in log on $ext_if1 proto tcp from any to ($ext_if1) port ftp flags S/SA
keep state queue (q_def, q_pri)

pass in log on $ext_if2 proto tcp from any to ($ext_if2) port ftp flags S/SA
keep state queue (q_def, q_pri)

 

# active FTP

pass in log quick on $ext_if1 inet proto tcp from any to $ext_if1 port >
49151 flags S/SA keep state queue (q_def, q_pri)

pass in log quick on $ext_if2 inet proto tcp from any to $ext_if2 port >
49151 flags S/SA keep state queue (q_def, q_pri)

 

# dns

# pass in log on { $ext_if1 $ext_if2 } proto tcp from any to any port domain
keep state

pass out on $ext_if1 proto tcp from $ext_if1 to any port domain keep state

pass out on $ext_if2 proto tcp from $ext_if2 to any port domain keep state

 

 

#  general "pass out" rules for external interfaces

pass out on $ext_if1 proto tcp from any to any flags S/SA keep state queue
(q_def, q_pri)

pass out on $ext_if1 proto udp from any to any keep state  

pass out on $ext_if2 proto tcp from any to any flags S/SA keep state queue
(q_def, q_pri) 

pass out on $ext_if2 proto udp from any to any keep state  

 

# route packets trough the appropiate gateways

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any

pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

Re: OpenOffice.org 2.0 works on OpenBSD

[Andrés Delfino]

Follow these steps, they worked just fine to me in OpenBSD 3.9:

http://www.xs4all.nl/~hanb/documents/openoffice_on_openbsd.html

Good luck

On 6/6/06, Nikolaus Hiebaum <[EMAIL PROTECTED]> wrote:

Hello,

In October of last year, Frank reported that he succeeded in installing 
OpenOffice 2.0 on
OpenBSD (cf. 
http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2).
Unfortunately, his blog where the steps were listed is off-line
(http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting 
Frank via e-mail
was unsuccesfull.

Hence, maybe he reads my message here or someone can still remember the 
installation steps.
Basically, I would like to have the instruction he outlined in his blog. ;-) If 
someone could
provide me with it, I'd be grateful.

(According to Google, there is an instruction on http://www.infobsd.org/, but 
this server is
unreachable at the moment and only referd to Frank's blog (if Google's Cache is 
correct).)
http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2
http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3


--
Beste Gr|_e / Best regards ,
Nikolaus Hiebaum





--
Andris Delfino

Re: OpenOffice.org 2.0 works on OpenBSD

[Josh Grosse]

On Tue, Jun 06, 2006 at 10:38:03PM +, [EMAIL PROTECTED] wrote:
> Original message from Frank Denis [EMAIL PROTECTED]:
> 
> > Openoffice.org still works fine under OpenBSD. 
> > I don't have any host with X11 right now, but the basic steps to install 
> > it were : 
> > 
> > - pkg_add redhat_base 
> > - get the Openoffice.org RPM 
> > - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm 
> > - /opt/openoffice.org2.2/program/soffice 
> > 
> > If java is installed and in your path, you may want to rename it before 
> > the first run of Openoffice or odd things can happen. 
> 
> Like?  And do you have an idea why?

Let's not get tangled up.  OpenOffice works fine under Linux emulation.  
It expects a linux Java; native Java does not interoperate.  (You can run
OO *without* java.)

To the best of my understanding, there is a native port IN DEVELOPMENT, 
but it is not yet ready.

Re: OpenOffice.org 2.0 works on OpenBSD

[jjhartley]

Original message from Frank Denis [EMAIL PROTECTED]:

> Openoffice.org still works fine under OpenBSD. 
> I don't have any host with X11 right now, but the basic steps to install 
> it were : 
> 
> - pkg_add redhat_base 
> - get the Openoffice.org RPM 
> - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm 
> - /opt/openoffice.org2.2/program/soffice 
> 
> If java is installed and in your path, you may want to rename it before 
> the first run of Openoffice or odd things can happen. 

Like?  And do you have an idea why?

Jim

Re: OpenOffice.org 2.0 works on OpenBSD

[Tobias Ulmer]

On Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum wrote:
> Hello,
> 
> In October of last year, Frank reported that he succeeded in installing 
> OpenOffice 2.0 on
> OpenBSD (cf. 
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2).
> Unfortunately, his blog where the steps were listed is off-line
> (http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting 
> Frank via e-mail
> was unsuccesfull.
> 
> Hence, maybe he reads my message here or someone can still remember the 
> installation steps.
> Basically, I would like to have the instruction he outlined in his blog. ;-) 
> If someone could
> provide me with it, I'd be grateful.
> 
> (According to Google, there is an instruction on http://www.infobsd.org/, but 
> this server is
> unreachable at the moment and only referd to Frank's blog (if Google's Cache 
> is correct).)
> http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2
> http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3
> 
> 
> -- 
> Beste Gr|_e / Best regards ,
> Nikolaus Hiebaum
> 
 

Search the ports@ mailing list, there's a port for it. If you want to
install by yourself, try
http://www.chruetertee.ch/blog/archive/2005/12/12/openoffice-org-2-0-auf-openbsd.html

You should be able to understand the instructions there

Tobias

Re: system lock-up - RTFM?

[Breen Ouellette]

Stuart Henderson wrote:

On 2006/06/06 13:11, Sam Chill wrote:
  

There is a very handy program called memtest86 which can test your
memory to see if it is bad.



It tells you if it's bad, but it doesn't tell you if it's good.

  
Of course not. It doesn't even tell you if your memory is bad. It merely 
tells you if there is a problem reading and writing test patterns to 
memory. An error detected by memtest86 could just as easily indicate a 
CPU, mainboard, or power supply problem. And there simply is no 
reasonable method in existence which can tell you if your memory is 
good. If there was, no bad memory would ever leave the factory. There 
are merely degrees of quality.


This doesn't diminish memtest86's usefulness as a tool for avoiding a 
part by part elimination rebuild.


As a former owner of two different custom PC shops, I would like to 
point out that memtest86 successfully located memory reads or writes as 
the problem on virtually all trouble PCs out of thousands of builds that 
I have performed over the years (most of the rest were hard drive 
errors, a few were related to faulty optical drives). The only systems 
which had memory problems that were not detected by memtest86 were 
systems in which low grade parts were used for the build. If you use 
second or third tier manufacturers for your mainboard, memory, and power 
supply then you deserve your memory errors as far as I'm concerned. 
Stick with parts that are high quality, follow the RAM compatibility 
list for you mainboard, and you will likely never experience any memory 
errors. And if you do, there is a very good chance that memtest86 will 
catch them. If you still fall into the minuscule percentage of memory 
errors that slip through these actions, then you will likely have to 
part out and test the machine piece by piece. Out of three thousand or 
so computer builds, I can count the number of machines that fall into 
this category on one hand.


Also, be sure to run memtest86 for at least a 12 hour period. I have 
seen machines which do not necessarily spit out a memory error on every 
pass of memtest86.


If memtest86 passes without error for twelve hours, then download and 
run the hard drive diagnostic software provided by the manufacturer.


After that, get ready for several stimulating hours of part by part 
elimination by exchanging each suspect part for another of similar type 
(not the same type) of equal or greater quality than the suspect part. 
After each part exchange you will have to reinstall the OS to ensure 
that you are not experiencing errors which were introduced into the OS 
during the last install. You will find the problem via this route.


FUN!!

Breeno

Re: AP Encryption

[pedro la peu]

On Tuesday 06 June 2006 22:00, Gaby vanhegan wrote:
> It's mainly to draw punters into the hotspot area, and have them feel
> a little more comfortable about using a public access point

Hotspot? Public access point?

Enforcing encryption will hurt you and your visitors.
If you must, read:

http://www.drizzle.com/~aboba/IEEE/

Re: Dell CERC SATA 1.5/6ch support?

[Stuart Henderson]

On 2006/06/06 17:48, Mike Spenard wrote:
> I have a Dell Poweredge 850 with the Dell CERC SATA 1.5/6ch controller.
> Is this controller supported under OpenBSD? During install I get "No 
> disks found."

It's probably an aac(4), for which you'll need a custom
kernel - it was taken out of GENERIC for a reason.

If you're unable to replace it with, e.g. some lsi megaraid
sata card, you'll have to install an old OS and transfer across
a newer release and suitable custom kernel from another box.

Don't be entirely surprised if it wedges occasionally, this is
not a recommended controller.

Re: OpenOffice.org 2.0 works on OpenBSD

[Frank Denis]

 Hello,

Le Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum ecrivait :

In October of last year, Frank reported that he succeeded in installing 
OpenOffice 2.0 on
OpenBSD


 Openoffice.org still works fine under OpenBSD.
 I don't have any host with X11 right now, but the basic steps to install
it were :

- pkg_add redhat_base
- get the Openoffice.org RPM
- /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm
- /opt/openoffice.org2.2/program/soffice

 If java is installed and in your path, you may want to rename it before
the first run of Openoffice or odd things can happen.

--
Frank Denis - frank [at] nailbox.fr - Young Nails / Akzentz nail tech
http://forum.manucure.info - http://www.manucure-pro.com

Dell CERC SATA 1.5/6ch support?

[Mike Spenard]

I have a Dell Poweredge 850 with the Dell CERC SATA 1.5/6ch controller.
Is this controller supported under OpenBSD? During install I get "No 
disks found."


Mike Spenard

Re: AP Encryption

[Gaby vanhegan]

On 6 Jun 2006, at 21:21, Spruell, Darren-Perot wrote:

> No. In the scenario Stuart was describing, there's no decryption to  
> occur.
> The originally encrypted traffic is still safe, but when you pop in  
> and say
> "hi, I'm such-and-such IP, honest", the WAP happily negotiates a  
> new session
> key with you and encrypts traffic to you (that everyone thinks is  
> going to
> the real such-and-such IP.) So confidentiality is still sort of in  
> place,
> but not truly authenticated.

Ah, I see.  That's OK for my needs.  Frankly, if that sort of thing  
is possible, then it renders the WPA protection somewhat pointless,  
if the password is freely available.  It's mainly to draw punters  
into the hotspot area, and have them feel a little more comfortable  
about using a public access point ("Hey, it's encrypted!").  Combine  
that with the multiple subnet approach and I think it's already a  
step above what most people would require for security.

The feeling I get from all this is that there's no way to properly  
secure the network, but there's only so far I can go before the onus  
is on the users to get off their asses and be a little more proactive.

It's not totally out of the question to extend the system such that  
every-day, non-faffing around users can just put the password in and  
go, albeit with the usual warnings about data security.  It's then  
reasonably easy to add a client download for a VPN of some sort, to  
properly encrypt the end-to-end traffic between client and the  
OpenBSD box.  IPSec support is native in MacOS X, I'm sure it's not  
enormously difficult to get it running on windows (hmm, how many  
times have I said that...)  Projects for another time I think.

> It's really just a LAN arp-spoofing attack with the same problems; the
> only good way to do what you would need for the security you're  
> thinking of
> is end to end encryption, not link encryption. SSL/TLS/etc. for the
> protocols in use over the WLAN, not cleartext stuff.

The more layers of security, the better.  Funny, how when the signal  
is contained in a little wire, we feel happier about it and more  
secure.  As soon as it's being broadcast over RF, you begin to  
realise that unencrypted data is no more secure in a CAT5 cable going  
over the intar-webs than it is coming out of an antenna.  The more  
layers of encryption, the harder it is for malicious users.  There's  
only so much us sysadmins can do...

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Re: Crypto Partition Problem

[Rott_En]

Hello again.
I am not able to fix the issue, but here is the disklabel, maiby it can help 
you figure out a solution.

# disklabel svnd0
# /dev/rsvnd0c:
type: SCSI
isk: vnd device
label: fictitious
flags:
bytes/sector: 512
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 1830146
total sectors: 183014656
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0
16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
c: 183014656 0  unused  0 0  # Cyl 0 -1830146*
#

If I change "unused" to 4.2BSD fsck reports serval errors like SuperBlocks are 
missing. Any advice is highly welcomed, as before.

Thank you.


Juha Erkkila <[EMAIL PROTECTED]> wrote: On Mon, Jun 05, 2006 at 01:01:34PM 
-0700, Rott_En wrote:
> I used "fsck -n" and then tried to mount the /crypto/home/cryptofile
> partition container with no luck, same results stating:
>
> # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c
> Encryption key:
> vnconfig: VNDIOCSET: Device busy
> mount_ffs: /dev/svnd0c on /home: specified device does not match mounted 
> device
> # mount -f /home
> mount: can't find fstab entry for /home.
> # mount -f /crypto/home/
> mount_ffs: /dev/wd0g on /crypto/home: Device busy
> # mount -r /crypto/home/
> mount_ffs: /dev/wd0g on /crypto/home: Device busy
> #

1. please don't top post, trim your lines under 80
2. RTFM.  in this case those are: vnconfig(8), fsck(8), mount(8)
3. AFTER figuring out what these will do, try these:

$ vnconfig -k svnd0 /crypto/home/cryptfile
 (type the correct key)
$ fsck /dev/rsvnd0c
$ mount /dev/svnd0c /home

don't blame me if it breaks.

4. consider not using a single, huge, encrypted vnd, for data that matters
5. toss away the cryptfs-script: it doesn't do fsck, if doesn't back out
   from errors, it forces mounts even when it should not

Juha
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: FIXED!!! :Re: qemu and "-net tap", how can I enable network?

[Stephen Takacs]

Didier Wiroth wrote:
> 1) Even if it was pretty obvious (yesterday I was bit lazy ... ;-))
> you have to replace the ETHER variable "trunk0" with your own
> network card in /etc/qemu-ifup, for me it was: ETHER=em0
>
> 2) Here is how I'm starting my qemu (with working network):
> sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic &
>
> 3) If you fail to start qemu for whatever reason, you can't reuse the
> /etc/qemu-ifup until you destroy the bridge0 interface it had
> previously created: "sudo ifconfig bridge0 destroy" and now retry:
> sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic

Didier, I tried using your /etc/qemu-ifup (after changing the ETHER to
sis0) but qemu doesn't seem to be invoking that script at all with your
command line.  I added the -x option to the #!/bin/sh line, but it
prints nothing.  Are you sure that you're not doing anything else?

Here's what happens on my machine (obsd39 GENERIC, qemu-0.8.0p3), after
always making sure that bridge0 and tun0 are destroyed:

$ sudo qemu -m 64 /home/qemu/debian-31r1a-i386.img -net tap -net nic
warning: could not open v
,^@
: no virtual network emulation
Could not initialize device 'tap'

And so qemu exits immediately...

The /etc/qemu-ifup script is invoked only if I give qemu more options:

$ sudo qemu -m 64 -net tap,vlan=0,ifname=/dev/tun0 -net nic,vlan=0 \
/home/qemu/debian-31r1a-i386.img
+ ETHER=sis0
+ BRIDGE=bridge0
+ id -u
+ test 0 -ne 0
+ echo Initializing tun0..
Initializing tun0..
+ ifconfig tun0 link0 up
+ ifconfig bridge0 create
+ brconfig bridge0 add sis0 up
+ brconfig bridge0 add tun0 up

But this still doesn't work correctly, because the guest OS gets the IP
172.20.0.2 and can't reach any other hosts on the LAN (including the
obsd box that's running qemu).

And if I give qemu even more options, then it no longer tries to execute
/etc/qemu-ifup.  But manually setting up the bridge beforehand doesn't
help either:

$ sudo ifconfig tun0 link0 up
$ sudo ifconfig bridge0 create
$ sudo brconfig bridge0 add sis0 up
$ sudo brconfig bridge0 add tun0 up
$ ifconfig tun0
tun0: flags=9943 mtu 1500
lladdr 00:bd:0f:df:e9:01
inet6 fe80::2bd:fff:fedf:e901%tun0 prefixlen 64 scopeid 0x45
$ brconfig bridge0
bridge0: flags=41
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
Interfaces:
tun0 flags=3
port 69 ifpriority 128 ifcost 55
sis0 flags=3
port 1 ifpriority 128 ifcost 55
Addresses (max cache: 100, timeout: 240):
00:0f:db:9b:ce:c9 sis0 1 flags=0<>
$ sudo sh -c "qemu -m 64 -net tap,vlan=0,fd=3,ifname=/dev/tun0 \
3<>/dev/tun0 -net nic,vlan=0,macaddr=de:ad:be:ef:00:00 \
/home/qemu/debian-31r1a-i386.img"

This gives the exact same result as my previous attempt, except that
now the guest's eth0 has hw addr deadbeef00.

BTW, pf is disabled and net.inet.ip.forwarding=1

Adding 172.20.0.1 as an alias of sis0 makes it possible for the guest to
connect to the host, but no further.  And without that alias, it can't
even connect to the host (neither at 172.20.0.1 or the real IP for
sis0).

Got any more bright ideas Spiderman? :-)

-- 
Stephen Takacs   <[EMAIL PROTECTED]>   http://perlguru.net/
4149 FD56 D078 C988 9027  1EB4 04CC F80F 72CB 09DA

Re: build samba with kerberos support

[Thomas Börnert]

please try the version from ftp.sernet.de there is also heimdal
for krb support with samba.

Thomas

Am Dienstag, den 06.06.2006, 17:06 +0200 schrieb Thomas Schoeller:
> hi list,
> i try to build the samba ldap port with kerberos support. i have added
> the --with-ads --with-krb5 options to the Makefile. but the configure
> script reported:
> checking whether LDAP support is used... yes
> checking for Active Directory and krb5 support... no
> 
> maybe the missing krb5-config program is the problem. but i do not know
> how to build the krb5-config binary which is not in the source tree.
> 
> i like to build a samba member server so i could use the ntlm helper
> script from squid to auth my users. has somebody got this working?
> any comments on this?
> 
> regards
> thomas

Re: build samba with kerberos support

[Thomas Schoeller]

i got it :)
i build a patch based on this post:
http://marc.theaimsgroup.com/?l=openbsd-ports&m=110659454524366&w=2
if somebody is interested. it is here:
https://tiifp.org/samba_with_ads.patch
maybe it got into the tree.

regards
thomas


On Tue, Jun 06, 2006 at 05:06:54PM +0200, Thomas Schoeller wrote:
> hi list,
> i try to build the samba ldap port with kerberos support. i have added
> the --with-ads --with-krb5 options to the Makefile. but the configure
> script reported:
> checking whether LDAP support is used... yes
> checking for Active Directory and krb5 support... no
> 
> maybe the missing krb5-config program is the problem. but i do not know
> how to build the krb5-config binary which is not in the source tree.
> 
> i like to build a samba member server so i could use the ntlm helper
> script from squid to auth my users. has somebody got this working?
> any comments on this?
> 
> regards
> thomas

Re: AP Encryption

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
> > I understand. You're not saying anything regarding intercepting an  
> > existing
> > session and accessing the data; it's akin to getting an Ethernet  
> > cable on a
> > LAN (since you have the PSK for authentication) and 
> negotiating a new
> > communication session (key, etc.) with the AP.
> 
> So at that point, you're effectively on the LAN, so have access to  
> the traffic that runs across it anyway.  However, if the 
> sessions are  
> individually keyed for each user, with a time-dependant 
> rotating key,  
> the person spoofing the MAC won't have the corresponding key, so  
> won't be able to decode the traffic properly?

No. In the scenario Stuart was describing, there's no decryption to occur.
The originally encrypted traffic is still safe, but when you pop in and say
"hi, I'm such-and-such IP, honest", the WAP happily negotiates a new session
key with you and encrypts traffic to you (that everyone thinks is going to
the real such-and-such IP.) So confidentiality is still sort of in place,
but not truly authenticated. In other words, by virtue of the attacker
knowing the PSK, he's just as authenticated to the WLAN as the real client
is. It's really just a LAN arp-spoofing attack with the same problems; the
only good way to do what you would need for the security you're thinking of
is end to end encryption, not link encryption. SSL/TLS/etc. for the
protocols in use over the WLAN, not cleartext stuff.
 
> Yes, it requires a RADIUS client to connect.  I have read a little  
> more about RADIUS (specifically FreeRADIUS) and I like the features  
> it has to offer, especially the accounting parts.  It's a shame it's  
> not suitable, it takes care of a lot of the problems I have yet to  
> work out.

Unfortunately, even WPA-enterprise doesn't cover this kind of issue. The
same "problems" are prevalent (LAN technology can't ensure this kind of
security.)

DS

Re: AP Encryption

[Gaby vanhegan]

On 6 Jun 2006, at 19:37, Spruell, Darren-Perot wrote:

> I understand. You're not saying anything regarding intercepting an  
> existing
> session and accessing the data; it's akin to getting an Ethernet  
> cable on a
> LAN (since you have the PSK for authentication) and negotiating a new
> communication session (key, etc.) with the AP.

So at that point, you're effectively on the LAN, so have access to  
the traffic that runs across it anyway.  However, if the sessions are  
individually keyed for each user, with a time-dependant rotating key,  
the person spoofing the MAC won't have the corresponding key, so  
won't be able to decode the traffic properly?

It's similar to being on the same switch, but the radio traffic that  
is visible is WPA encrypted, again with the time dependant keys.  So  
even if the PSK is freely available, the initial session negotiation  
means it's still hard to steal another person's traffic?  Or am I  
getting my layers mixed up here?

> A problem which WPA Enterprise (w/RADIUS and individual per-user
> authentication, not per-computer authentication) would protect  
> against.
>
> Unfortunately, something that wouldn't suit the OP's situation  
> either...

Yes, it requires a RADIUS client to connect.  I have read a little  
more about RADIUS (specifically FreeRADIUS) and I like the features  
it has to offer, especially the accounting parts.  It's a shame it's  
not suitable, it takes care of a lot of the problems I have yet to  
work out.

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Re: OpenOffice.org 2.0 works on OpenBSD

[Nikolaus Hiebaum]

Hello,

In October of last year, Frank reported that he succeeded in installing 
OpenOffice 2.0 on
OpenBSD (cf. 
http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2).
Unfortunately, his blog where the steps were listed is off-line
(http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting 
Frank via e-mail
was unsuccesfull.

Hence, maybe he reads my message here or someone can still remember the 
installation steps.
Basically, I would like to have the instruction he outlined in his blog. ;-) If 
someone could
provide me with it, I'd be grateful.

(According to Google, there is an instruction on http://www.infobsd.org/, but 
this server is
unreachable at the moment and only referd to Frank's blog (if Google's Cache is 
correct).)
http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2
http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3


-- 
Beste Gr|_e / Best regards ,
Nikolaus Hiebaum

Re: OBSD 3.9 freezes during install from cd39.iso (2 different medias) on Supermicro PDSMI MB Dual Core Intel 2.8G

[Jon Holderith]

Thede, Bennett wrote:

Hey all, really odd problem:   booting from cd39.iso (to install over
wire,  has worked on a generic dell from the same media, but I tried
another blank CD as well.) is freezing on boot on my 1U system
(Supermicro PDSMI MB, http://tinyurl.com/ol4nu , P4 2.8Ghz CPU (dual
core), 1gig memory, sata HD.  


During boot it gets as far as:

bios0 at mainbus0: AT/286+(2c) BIOS, date 04/17/06, BIOS32 rev. 0 @
0xfd470
pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
pcibios0: PCI BIOS has 20 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev
0x00)
pcibios0: PCI bus #6 is the last bus

And then bam,   it stops, no error,  no beep,  nothing.  It just sits
there.  



I just noticed that my cd39.iso file is a little older then the one
currently at ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386  so I've
tried again with the new file,  this time it gives a bit more
information (and IDs the motherboard)  


bios0 at mainbus0: AT/286+(2c)  BIOS, date 04/17/06, BIOS32 rev. 0 @
0xfd470, SMBIOS rev. 2.51 @ 0x3feea000 (33 entries)
bios: Supermicro PDSMI
pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
pcibios0: PCI BIOS has 20 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev
0x00)
pcibios0: PCI bus #6 is the last bus

And then it freezes at the exact same spot

I'm going to try to load from one of the official CDs I have (3.7 I
think is the latest) on Monday in case I need some sort of driver that's
not in the cd39.iso build, but I have a feeling because of where it's
freezing that won't help, so if anyone has any ideas please let me know.
This 1U had an intended purpose of being a firewall, and I was hoping to
run OBSD/PF but know that redhat runs on this equipment, so I can switch
to a linux based firewall if I have to.  (I much prefer PF...)


Thanks for any pointers,

Ben



I had the same problem with a Supermicro SuperServer 5015M-MR (which uses the 
PDSMi motherboard).


I used UKC to start in verbose mode and set the pcibios0 flag to 1, which got me 
a bit further.  Now it hangs when it probes ppb.  So I set the pcibios0 flag to 
1 and disabled ppb* and it finished booting.  All of the PCIE Buses remain not 
configured (which makes sense after disabling ppb) so none of the devices 
connected to PCIE are available. (like network adapters)


Hope this helps.

- Jon

Here's the dmesg:

OpenBSD 3.9-current (RAMDISK_CD) #1160: Mon Jun  5 00:49:42 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Pentium(R) D CPU 2.80GHz ("GenuineIntel" 686-class) 2.78 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,CNXT-ID,CX16

real mem  = 1072128000 (1047000K)
avail mem = 971591680 (948820K)
using 4256 buffers containing 53710848 bytes (52452K) of memory
User Kernel Config
UKC> change pcibios
178 pcibios0 at bios0 flags 0x0
change (y/n) ?
flags [0] ? 1
178 pcibios0 changed
178 pcibios0 at bios0 flags 0x1
UKC> disable ppb
 60 ppb* disabled
UKC> quit
Continuing...
mainbus0 (root)
bios0 at mainbus0: AT/286+(67) BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd470, 
SMBIOS rev. 2.51 @ 0x3feea000 (33 entries)

bios0: Supermicro PDSMi
pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90
pcibios0: PCI BIOS has 20 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x81
"Intel E7230 PCIE" rev 0x81 at pci0 dev 1 function 0 not configured
"Intel 82801GB PCIE" rev 0x01 at pci0 dev 28 function 0 not configured
"Intel 82801G PCIE" rev 0x01 at pci0 dev 28 function 4 not configured
"Intel 82801G PCIE" rev 0x01 at pci0 dev 28 function 5 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 

Re: popular mail & squid virus scanning technique for openbsd

[Michael Favinsky]

Take a look at the following links - I use something based on thisthis for
spam filtering and it works better than any other free or commercial product
I've tried. I don't use the antivirus portion (I have a separate system for
that).

Like others have said, this mail scanning should probably be done on some
host other than your firewall. It would ideally be done by whatever host
your MX record is set to. Think of it as a separate email firewall. This
sort of stuff is fairly CPU intensive, especially if it's for a large group
of users.

http://www.flakshack.com/anti-spam/wiki/index.php

http://flakshack.com/anti-spam/wiki/index.php?page=FairlySecureAntiVirusWiki

-Original Message-
From: Siju George [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 06, 2006 2:05 AM
To: Smith
Cc: misc@openbsd.org
Subject: Re: popular mail & squid virus scanning technique for openbsd

On 6/6/06, Smith <[EMAIL PROTECTED]> wrote:
> I once posted that all the anti-virus checking should be done on the 
> Windows boxes only.  Let the mail server deliver mail, let the 
> firewall block bad packets, and let Windows find the viruses.  Why? 
> Re-read what Chad stated in the last sentence below.  Some people 
> replied that that was ridiculous because the viruses should be blocked 
> from the mail server with clamd.  One person said that clamd can't be 
> exploited remotely.  Since then many vulnerabilities have been found 
> in clamd and some of them remotely.  Pity.
>

Thankyou so much Christian, Bill, Chad & Smith for your answers :-)

Kind Regards

Siju



This message may contain information that is privileged, confidential and
exempt from disclosure under applicable law. If you are not the intended
recipient of this message you may not store, disclose, copy, forward,
distribute or use this message or its contents for any purpose. If you have
received this communication in error, please notify us immediately by return
e-mail and delete the original message and any attachments from your e-mail
system. Thank you.

Re: system lock-up - RTFM?

[Ian Watts]

On Tue, 6 Jun 2006, Stuart Henderson wrote:


On 6/6/06, Ian Watts <[EMAIL PROTECTED]> wrote:

Other than swapping out various bits
of hardware, which would involve buying new bits, are there any other
man pages or useful documents that might help me figure out what the
problem is?


Try running GENERIC.MP kernel, on the box I had with a hardware
failure (bad cpu) MP usually panicked where GENERIC usually froze.


Thanks for the suggestion.  I rebooted with /bsd.mp and so far have not 
been able to lock up the system, despite taxing it as much as possible 
for an extended period of time.  I'll continue running MP for the time 
being and see if the problem does in fact return.




There is a very handy program called memtest86 which can test your
memory to see if it is bad.


It tells you if it's bad, but it doesn't tell you if it's good.


Time permitting, I'll give that go, too.  I know the extended test takes 
quite some time (512MB RAM on my box).  Maybe tonight.



-- Ian

Re: Does Lenovo suck ?

[Constantine A. Murenin]

On 06/06/06, Lars Hansson <[EMAIL PROTECTED]> wrote:

On Tuesday 06 June 2006 08:13, Ioan Nemes wrote:

> The above article is a PR exercise, just testing the waters!

No, it's not just a PR exercise. The reason for the sudden retreat is that
they still want to be able to sell to the Taiwanese government.


Your argument is invalid: your conclusion has nothing to do with the premise.

http://www.ya.ru/yandsearch?text=valid+argument+premise+conclusion

Re: AP Encryption

[Spruell, Darren-Perot]

From: Stuart Henderson [mailto:[EMAIL PROTECTED]
> > I would challenge that by intercepting WPA-protected traffic
> > you can obtain cleartext so simply.
> 
> This is no WPA crack.
> 
> A wireless LAN is still susceptible to normal attacks which
> can be mounted from one node on a LAN to another.
> 
> In the situation described, the attacker has already been
> given the WPA key, so they are on the LAN.

I understand. You're not saying anything regarding intercepting an existing
session and accessing the data; it's akin to getting an Ethernet cable on a
LAN (since you have the PSK for authentication) and negotiating a new
communication session (key, etc.) with the AP.

A problem which WPA Enterprise (w/RADIUS and individual per-user
authentication, not per-computer authentication) would protect against.

Unfortunately, something that wouldn't suit the OP's situation either...

DS

Re: How to enable hw crypto?

[Winston]

openssl speed -evp  works like a charm. Thanks for the info.
Though the manpage on the speed test is a bit misleading:
SPEED
openssl speed [aes] [aes-128-cbc] [aes-192-cbc] [aes-256-cbc] [blowfish]
[bf-cbc] [cast] [cast-cbc] [des] [des-cbc] [des-ede3] [dsa] [dsa512]
[dsa1024] [dsa2048] [hmac] [md2] [md4] [md5] [rc2] [rc2-cbc] [rc4]
[rmd160] [rsa] [rsa512] [rsa1024] [rsa2048] [rsa4096] [sha1] [-decrypt]
[-elapsed] [-mr] [-engine id] [-evp e] [-multi number]

On FreeBSD, I was able to get the hw crypto to work with:
openssl speed  -evp -engine cryptodev

Apparently on OpenBSD, I really don't need to specify the -engine but
I do need to insert -evp between "speed" and . Odd. But I am
happy to get it finally talk to the hw crypto.

Winston

On 6/2/06, jared r r spiegel <[EMAIL PROTECTED]> wrote:

On Fri, Jun 02, 2006 at 05:23:40PM -0700, Winston wrote:
> I have tried the following command to get the hw crypto to work:
> openssl speed des-cbc -engine cryptodev
> But the result I got is pretty much the same if I don't specify the
> cryptodev engine.
> The crypto card I have is hifn7956.
> I tried to compile hifn7751.c by commenting out #undef HIFN_DEBUG,
> hoping to get some debug msgs, but I got none. So the hifn driver is
> not really called.
> On FreeBSD I need to specify a -evp flag, However, if I specify -evp,
> it say "no EVP given". So it looks like that I need to provide a
> parameter to -evp. But I have no idea what are valid parms. On
> FreeBSD, -evp with no parm is OK.
>
> Environ:
> OpenBSD ver: 3.8
> Processor: Intel Xeon 2.8G.
>
> Winston

http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=1&s=openssl+speed+evp&q=b

  i believe usercrypto is 1 by default now

--

  jared

[ openbsd 3.9-current GENERIC ( may  1 ) // i386 ]

Re: AP Encryption

[Stuart Henderson]

On 2006/06/06 09:12, Spruell, Darren-Perot wrote:
> > WEP can be sniffed passively, but from what I understand with
> > WPA there are different keys per client (I don't have anything
> > running WPA here to check).
> 
> My understanding is that the key shared by the WLAN nodes in WPA-PSK is used
> to generate session keys, which are then cycled on a frequent basis (by
> TKIP, if configured on WPA1) or another method that escapes me on WPA2
> (802.11i). You arp spoof and you can have traffic directed to you, but it's
> encrypted using a symmetric session key which you don't have.

AP receives ethernet frames, decrypts, looks at the destination
MAC and decides whether to bridge to wired, or transmit to another
wireless node. If they're going to another wireless node, the
frames are re-encrypted with a key suitable for the receiving
node and retransmitted. (N.B. client-to-client comms on BSS are
all repeated by the AP).

> I would challenge that by intercepting WPA-protected traffic
> you can obtain cleartext so simply.

This is no WPA crack.

A wireless LAN is still susceptible to normal attacks which
can be mounted from one node on a LAN to another.

In the situation described, the attacker has already been
given the WPA key, so they are on the LAN.

Re: system lock-up - RTFM?

[Federico Giannici]

Ian Watts wrote:
My 3.9 workstation has started locking up on me several times a day. The 
box itself has been in use for months.  It may be a coincidence that the 
problem started shortly after upgrading from 3.8.


I've set ddb.panic=1 and ddb.log=1, but each lock-up just freezes the 
system and leaves no clues in dmesg or /var/crash.  It almost always 
happens under somewhat heavy load.  Other than swapping out various bits 
of hardware, which would involve buying new bits, are there any other 
man pages or useful documents that might help me figure out what the 
problem is?  Is this a typical bad RAM scenario?  I don't expect someone 
to solve this problem for me, but any pointers to useful information 
would be appreciated.


We have exactly the same problem with an OpenBSD 3.9-stable AMD64. But 
the problem occurred even with 3.8.


The PC freezes (with no error message) usually (but not always and not 
only) during a large dump.


We changed the CPU, the RAM and the RAID controller (an Intel SRCU42L, 
gdt driver) and upgraded the BIOS and the operating system, but the 
problem remains.


The dmesg is at the end of this email.

Bye.



OpenBSD 3.9-stable (GENERIC) #0: Mon Jun  5 12:29:16 CEST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 2146758656 (2096444K)
avail mem = 1835651072 (1792628K)
using 22937 buffers containing 214884352 bytes (209848K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Athlon(tm) 64 Processor 3500+, 2203.23 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon VE QY" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 10 function 0 "Marvell Yukon 88E8001/8003/8010" rev 
0x13, Marvell Yukon Lite (0x9): irq 10

sk0 at skc0 port A, address 00:11:d8:8d:8b:cd
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
gdt0 at pci0 dev 13 function 0 "Intel GDT RAID" rev 0x00: irq 5 dpmem 
eff0 2-bus 1 cache device

gdt0: ver 222, cache on, strategy 2, writeback on, blksz 32
gdt0: raw feat 1 cache feat 101
scsibus0 at gdt0: 35 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 105661MB, 105661 cyl, 64 head, 32 sec, 512 bytes/sec, 216395550 sec 
total

scsibus1 at gdt0: 16 targets
scsibus2 at gdt0: 16 targets
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

pciide1: channel 0 disabled (no drives)
atapiscsi0 at pciide1 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide1:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
iic0 at viapm0
"unknown" at iic0 addr 0x18 not configured
lm1 at iic0 addr 0x2f: W83791SD
pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb8 at pci0 dev 24 functio

Re: system lock-up - RTFM?

[Stuart Henderson]

> On 6/6/06, Ian Watts <[EMAIL PROTECTED]> wrote:
> >Other than swapping out various bits
> >of hardware, which would involve buying new bits, are there any other
> >man pages or useful documents that might help me figure out what the
> >problem is?

Try running GENERIC.MP kernel, on the box I had with a hardware
failure (bad cpu) MP usually panicked where GENERIC usually froze.

On 2006/06/06 13:11, Sam Chill wrote:
> There is a very handy program called memtest86 which can test your
> memory to see if it is bad.

It tells you if it's bad, but it doesn't tell you if it's good.

Re: system lock-up - RTFM?

[Sam Chill]

On 6/6/06, Ian Watts <[EMAIL PROTECTED]> wrote:

Other than swapping out various bits
of hardware, which would involve buying new bits, are there any other
man pages or useful documents that might help me figure out what the
problem is?


There is a very handy program called memtest86 which can test your
memory to see if it is bad.

http://www.memtest86.com/

Re: AP Encryption

[Gaby vanhegan]

On 6 Jun 2006, at 17:12, Spruell, Darren-Perot wrote:

> My understanding is that the key shared by the WLAN nodes in WPA- 
> PSK is used
> to generate session keys, which are then cycled on a frequent basis  
> (by
> TKIP, if configured on WPA1) or another method that escapes me on WPA2
> (802.11i). You arp spoof and you can have traffic directed to you,  
> but it's
> encrypted using a symmetric session key which you don't have.

This was my understanding of the situation.  The traffic comes to you  
in encrypted form (you get it anyway as wireless is a broadcast  
media) but the rotating keys make it hard to crack the encryption  
before the key changes.  I suppose you could steal a connection if  
you sniffed the initial handshake from the client.

However, the initial password will be readily available.  I'm not  
totally up to speed on WPA but does this make the connection more  
easily crackable?

> The biggest weakness pointed out thusfar in WPA to my knowledge has  
> been in response to weak passphrases used for PSKs and dictionary  
> attacks against them.

No fear, a "strong" password would be used, along the lines of random  
numbers and letters, upper and lowercase.

> I would challenge that by intercepting WPA-protected traffic you  
> can obtain cleartext so simply.

Based on what I've read, I would agree with this.  I would also argue  
that most casual wifi crackers are lazy, and will be more likely to  
go for the unsecured AP down the road, rather than the guy who's  
using WPA/TKIP, even if it is technically crackable.

This does mean that I'll need to use FreeBSD if I want to do it all  
in one box.

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

system lock-up - RTFM?

[Ian Watts]

My 3.9 workstation has started locking up on me several times a day. 
The box itself has been in use for months.  It may be a coincidence that 
the problem started shortly after upgrading from 3.8.


I've set ddb.panic=1 and ddb.log=1, but each lock-up just freezes the 
system and leaves no clues in dmesg or /var/crash.  It almost always 
happens under somewhat heavy load.  Other than swapping out various bits 
of hardware, which would involve buying new bits, are there any other 
man pages or useful documents that might help me figure out what the 
problem is?  Is this a typical bad RAM scenario?  I don't expect someone 
to solve this problem for me, but any pointers to useful information 
would be appreciated.


Thanks,

-- Ian

Re: AP Encryption

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
> On 2006/06/06 10:40, Gaby vanhegan wrote:
> > Isn't there a pre-shared key used as an IV of some sort in 
> WEP (and  
> > therefore WPA)?  Yes, the traffic will be coming to you, 
> but it's on  
> > a wireless network, so you can sniff if passively if you want, you  
> > don't need an IP address for that.
> 
> WEP can be sniffed passively, but from what I understand with
> WPA there are different keys per client (I don't have anything
> running WPA here to check).

My understanding is that the key shared by the WLAN nodes in WPA-PSK is used
to generate session keys, which are then cycled on a frequent basis (by
TKIP, if configured on WPA1) or another method that escapes me on WPA2
(802.11i). You arp spoof and you can have traffic directed to you, but it's
encrypted using a symmetric session key which you don't have. You can try to
break the key, but by the time you brute force it, the key has already been
cycled and a new key is being used to encrypt new frames. Unlike WEP, a
shared passphrase on the AP and each client doesn't mean common keying
material used by everyone because of the key rotation. The biggest weakness
pointed out thusfar in WPA to my knowledge has been in response to weak
passphrases used for PSKs and dictionary attacks against them. I would
challenge that by intercepting WPA-protected traffic you can obtain
cleartext so simply.

DS

Re: OT: quiet fans and heatsinks

[Christian Pedaschus]

tony sarendal wrote:

>New ear phones and "vulgar display of power" with Pantera also does
>the trick. My old ultra10's seemed really quiet, and as a bonus my
>manager stopped asking questions across the office.
>
>/Tony
>  
>
ROTFL :)

Re: OT: quiet fans and heatsinks

[tony sarendal]

On 06/06/06, Daniel A. Ramaley <[EMAIL PROTECTED]> wrote:
>
> On Sunday 04 June 2006 21:43, Jacob Yocom-Piatt wrote:
> >these machines need Socket A and Socket 370 heatsinks. it's a plus if
> > they're low profile for 1U and 2U rackmount units. all suggestions
> > appreciated.
>
> What i've found works well is to buy a fan adapter that will allow you
> to use a larger fan (such as a 60mm fan on a 40mm heatsink, 80mm fan on
> a 60mm heatsink, or a 120mm fan on an 80mm heatsink). Then get a fan of
> the larger size that uses magnetic levitation bearings (they tend to be
> considerably quieter than ball bearing fans, though slightly more
> expensive). Then get an adapter for the fan that will run it at either
> 7 or 5 volts (Zalman sells some of these for roughly $3 US). So then
> you use a larger fan, but run it at a slower speed. It will end up
> pushing about as much air as a small fan at high speed, but make a lot
> less noise doing it. I recently managed to make a system almost silent
> this way; i can still hear it (mostly the hard drive noise) if my head
> is within a foot of the case but otherwise cannot.



New ear phones and "vulgar display of power" with Pantera also does
the trick. My old ultra10's seemed really quiet, and as a bonus my
manager stopped asking questions across the office.

/Tony

Blade 1000 or 2000 wanted

[Theo de Raadt]

We are looking for one Sun Blade 1000/2000 in the Washington DC area
for Jason Wright.  If anyone can help, please contact [EMAIL PROTECTED]

If another can be easily gotten to Mark Kettenis in Assen, the Netherlands,
that would be great.  Please cc me on mail to [EMAIL PROTECTED],
since he is still travelling.

We have a handfull of these machines in Calgary, which the recent
developments were done on at the Hackathon, but it would cost a great
deal of money to ship these machines that far since they are built
like tanks.  It is likely better if these machines stay near Calgary
for the next hackathon.

Thanks a lot.  If these two get these machines, we can get US III
support advanced even further.

Re: OT: quiet fans and heatsinks

[Daniel A. Ramaley]

On Sunday 04 June 2006 21:43, Jacob Yocom-Piatt wrote:
>these machines need Socket A and Socket 370 heatsinks. it's a plus if
> they're low profile for 1U and 2U rackmount units. all suggestions
> appreciated.

What i've found works well is to buy a fan adapter that will allow you 
to use a larger fan (such as a 60mm fan on a 40mm heatsink, 80mm fan on 
a 60mm heatsink, or a 120mm fan on an 80mm heatsink). Then get a fan of 
the larger size that uses magnetic levitation bearings (they tend to be 
considerably quieter than ball bearing fans, though slightly more 
expensive). Then get an adapter for the fan that will run it at either 
7 or 5 volts (Zalman sells some of these for roughly $3 US). So then 
you use a larger fan, but run it at a slower speed. It will end up 
pushing about as much air as a small fan at high speed, but make a lot 
less noise doing it. I recently managed to make a system almost silent 
this way; i can still hear it (mostly the hard drive noise) if my head 
is within a foot of the case but otherwise cannot.
-- 

Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

build samba with kerberos support

[Thomas Schoeller]

hi list,
i try to build the samba ldap port with kerberos support. i have added
the --with-ads --with-krb5 options to the Makefile. but the configure
script reported:
checking whether LDAP support is used... yes
checking for Active Directory and krb5 support... no

maybe the missing krb5-config program is the problem. but i do not know
how to build the krb5-config binary which is not in the source tree.

i like to build a samba member server so i could use the ntlm helper
script from squid to auth my users. has somebody got this working?
any comments on this?

regards
thomas

Re: No-name NICs

[Nick Holland]

Lars Hansson wrote:

On Tuesday 06 June 2006 17:42, Martin Schrvder wrote:

Hi,
how likely is a no-name 100MBit NIC to just work with 3.9 stable?
In my experience, very. Most are using the same chipsets (ie rl) as the 
"brand"  NICs anyway.

I cant recall ever having a NIC, brand or non-brand, that didnt work.


Agreed.
Whatever chip they use, the manufacturer is usually more interested in 
selling product than keeping you from using it outside of the Windows 
environment.  Thus, we probably have docs, and the driver probably works 
pretty well (even if the chip itself is often resoundingly criticized).


Kinda silly how much effort some big-name companies put into making sure 
you CAN'T use their product anywhere and everywhere...


Nick.

Re: AP Encryption

[Stuart Henderson]

On 2006/06/06 10:40, Gaby vanhegan wrote:
> Isn't there a pre-shared key used as an IV of some sort in WEP (and  
> therefore WPA)?  Yes, the traffic will be coming to you, but it's on  
> a wireless network, so you can sniff if passively if you want, you  
> don't need an IP address for that.

WEP can be sniffed passively, but from what I understand with
WPA there are different keys per client (I don't have anything
running WPA here to check).

> Is there no way to defend against ARP poisoning?

- putting each client in their own subnet
- static arp ('arp -s' on clients at least for things like
the address of the router): realistically, public users
won't do this.
- pppoe?
- does anyone else have ideas?

Some APs can be set to disable client-to-client comms,
I'm not sure if this can be done with hostap on OpenBSD
yet (if so I didn't spot it in the docs).

> If not, then this a good argument for encrypting the data at
> higher layers, rather than relying on link layer security.

Exactly. Trouble is, if you ever need a great example of
how much simpler OpenBSD can be than Windows, look no further
than configuring the built-in IPsec.

I don't know about you but I wouldn't want to run a third-
party binary (i.e. a point-and-drool openvpn installer) just
to access a wireless network (at least unless the network
admin was trusted), and given the type of target user you've
outlined I'm not sure anything more complicated than this
would be suitable.

> Is there video/audio of that presentation?  I would be interested to  
> hear the whole thing.

Audio - I haven't listened to it yet though - link on undeadly
(bsdcan article). The slide I pointed out describes a way to scale
inter-ap roaming using dynamic routing protocols, it doesn't 
mention the ARP tricks. It just so happens that using a subnet
per client helps with both.

Re: No-name NICs

[Stuart Henderson]

On 2006/06/06 11:42, Martin Schrvder wrote:
> how likely is a no-name 100MBit NIC to just work with 3.9 stable?

Very - same for no-name 1GBit. The only NIC I've seen 
recently that didn't work was ULi M5261/M5263 (a dc-like
10/100 device) mostly (only?) used on motherboards with
a ULi chipset (formerly ALi and now owned by Nvidia).

Re: Realtek 8100?

[Stuart Henderson]

On 2006/06/06 22:13, Rod.. Whitworth wrote:
> I'm looking at a mobo spec that would suit a POS app a friend needs
> except for one thing (maybe):
> The NIC is described as "an intergrated Realtek (8100) NIC"

8100 is a lan-on-motherboard (LOM) chip, basically the same
as 8139. It should work with rl(4), or I guess maybe re(4) on
-current if it's a newer chip (so, if sticking to releases
or stable, a preemptive `ln hostname.rl0 hostname.re0' might
save trouble later).

Re: error php session in openbsd 3.9

[sonjaya]

ok thx working now

On 6/6/06, Nico Meijer <[EMAIL PROTECTED]> wrote:

Hi sonjaya,

>  this my php.ini conf = session.save_path /tmp

Read the FAQ:
http://www.openbsd.org/faq/faq10.html#httpdchroot

(If you run apache in its default chroot setting, you need to make
sure /var/www/tmp exists and is writable to the apache user (www).)

HTH... Nico





--
-sonjaya-

Realtek 8100?

[Rod.. Whitworth]

I'm looking at a mobo spec that would suit a POS app a friend needs
except for one thing (maybe):
The NIC is described as "an intergrated Realtek (8100) NIC"

Googling for openbsd realtek 8100 finds mostly stuff in foreign
languages but there is a suggestion that it uses the 8139 driver in one
of the hits.

Does anybody have a clue on this beastie please? I don't see it in the
i386 hardware list.

Thanx,
Rod.
In the beginning was The Word
and The Word was Content-type: text/plain
The Word of Rod.

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: error php session in openbsd 3.9

[Lars Hansson]

On Tuesday 06 June 2006 19:38, sonjaya wrote:
> [Wed Jun  7 01:35:14 2006] [error] PHP Warning:  Unknown: Failed to
> write session data (files). Please verify that the current setting of
> session.save_path is correct (/tmp) in Unknown on line 0

Did you create /var/www/tmp with the right permissions?

---
Lars

Re: error php session in openbsd 3.9

[Nico Meijer]

Hi sonjaya,

>  this my php.ini conf = session.save_path /tmp

Read the FAQ:
http://www.openbsd.org/faq/faq10.html#httpdchroot

(If you run apache in its default chroot setting, you need to make
sure /var/www/tmp exists and is writable to the apache user (www).)

HTH... Nico

error php session in openbsd 3.9

[sonjaya]

dear all

this my php.ini conf = session.save_path /tmp
and i get error =
"
[Wed Jun  7 01:35:14 2006] [error] PHP Warning:  Unknown: Failed to
write session data (files). Please verify that the current setting of
session.save_path is correct (/tmp) in Unknown on line 0
"

i'm install apache using package n php5

how to solved that problem session

-sonjaya-

Re: No-name NICs

[Andy Hayward]

On 6/6/06, Lars Hansson <[EMAIL PROTECTED]> wrote:

On Tuesday 06 June 2006 17:42, Martin Schrvder wrote:
> Hi,
> how likely is a no-name 100MBit NIC to just work with 3.9 stable?


Very, in my experience, They almost always use a Realtek 8139 chipset - rl(4).

-- ach

Re: No-name NICs

[Lars Hansson]

On Tuesday 06 June 2006 17:42, Martin Schrvder wrote:
> Hi,
> how likely is a no-name 100MBit NIC to just work with 3.9 stable?
In my experience, very. Most are using the same chipsets (ie rl) as the 
"brand"  NICs anyway.
I cant recall ever having a NIC, brand or non-brand, that didnt work.

---
Lars

No-name NICs

[Martin Schröder]

Hi,
how likely is a no-name 100MBit NIC to just work with 3.9 stable?

Background: When I recently tried to get a replacement for a
swapped-out FA311v1, I noticed that I can get very cheap (5) no-name
NICs (one even claimed to be NE2000 compatible), but getting brand
cards which OpenBSD supports was difficult (I ended up with a FA311v2
which luckily is supported). Now my other sis seems to be slowly dying
(spurious watchdog timeouts), so I'm looking for a replacement.

Best
   Martin

Re: AP Encryption

[Gaby vanhegan]

On 6 Jun 2006, at 09:40, Stuart Henderson wrote:

>> You'd be sniffing encrypted traffic at that point, right?
>
> Not if you poison ARP, since the traffic will be directed
> to your MAC address and the AP will send it encrypted with
> your key. It's just an ethernet-type network, remember.
> (You can do the same thing with bridged VPNs, too).

Isn't there a pre-shared key used as an IV of some sort in WEP (and  
therefore WPA)?  Yes, the traffic will be coming to you, but it's on  
a wireless network, so you can sniff if passively if you want, you  
don't need an IP address for that.

Is there no way to defend against ARP poisoning?  If not, then this a  
good argument for encrypting the data at higher layers, rather than  
relying on link layer security.

> If you've been keeping an eye on what Reyk's been doing
> you might have noticed his description of scalable networks
> (http://www.openbsd.org/papers/bsdcan06-wlan/slide_12.html)
> with each client in its own /30 - this is not only useful
> for dynamic routing, it also ensures no free IP address
> for the ARP tricks involved.

Is there video/audio of that presentation?  I would be interested to  
hear the whole thing.

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

Re: popular mail & squid virus scanning technique for openbsd

[Siju George]

On 6/6/06, Smith <[EMAIL PROTECTED]> wrote:

I once posted that all the anti-virus checking should be done on the
Windows boxes only.  Let the mail server deliver mail, let the firewall
block bad packets, and let Windows find the viruses.  Why? Re-read what
Chad stated in the last sentence below.  Some people replied that that
was ridiculous because the viruses should be blocked from the mail
server with clamd.  One person said that clamd can't be exploited
remotely.  Since then many vulnerabilities have been found in clamd and
some of them remotely.  Pity.



Thankyou so much Christian, Bill, Chad & Smith for your answers :-)

Kind Regards

Siju

Re: AP Encryption

[Stuart Henderson]

On 2006/06/05 18:47, Darrin Chandler wrote:
> On Tue, Jun 06, 2006 at 01:31:38AM +0100, Stuart Henderson wrote:
> > If it's some hotspot-like setup, you don't need to circumvent
> > anything since you already have access to the network.
> 
> You'd be sniffing encrypted traffic at that point, right?

Not if you poison ARP, since the traffic will be directed
to your MAC address and the AP will send it encrypted with
your key. It's just an ethernet-type network, remember.
(You can do the same thing with bridged VPNs, too).

It's not as straightforward as just running `tcpdump' but
it's not hugely difficult, and uses well-known tools.

If you've been keeping an eye on what Reyk's been doing
you might have noticed his description of scalable networks
(http://www.openbsd.org/papers/bsdcan06-wlan/slide_12.html)
with each client in its own /30 - this is not only useful
for dynamic routing, it also ensures no free IP address
for the ARP tricks involved.

Re: Crypto Partition Problem

[Otto Moerbeek]

On Sun, 4 Jun 2006, Rott_En wrote:

>Hello
> 
> I had a power failure yesterday morning and because of that my server went 
> down because of no battery present.
> When trying to mount the crypto partitions, I have figured out its not 
> possible anymore because a set of 2 errors, as follows:
> 
> # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c
> Encryption key:
> mount_ffs: /dev/svnd0c on /home: specified device does not match mounted 
> device
> #
> 
> and then, when trying again :
> 
> # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c
> Encryption key:
> vnconfig: VNDIOCSET: Device busy
> mount_ffs: /dev/svnd0c on /home: specified device does not match mounted 
> device
> #
> 
> 
> For further reference , cryptfs script is the following:
> 
> #!/bin/sh
> #
> # cryptfs
> #
> # mount/unmount blowfish encrypted filesystem
> #
> # Important Note:  Under OpenBSD's current encrypted vnd filesystem
> # implementation, when a system with a mounted, encrypted  vnd filesystem
> # is shutdown uncleanly, the encrypted vnd filesystem's structures get
> # damaged and, since OpenBSD's fsck will not acknowledge vnd filesystems,
> # these damaged structures can not reasonably be repaired.

Sigh...

I asked the author of these script repeatedly to shut his site down or
update his stuff, but he did not do that and this keeps coming back on
[EMAIL PROTECTED] 

Let me repeat this ex cathedra as an OpenBSD developer: there's no
fundamental reason fsck does not work on svnd devices. There are also
no known bugs. This means that you can run fsck on them like on any
block devcie containing a file system. 

-Otto

Re: OpenBSD 3.9 on a Sun Fire x4100

[David Gwynne]

On 06/06/2006, at 2:51 PM, [EMAIL PROTECTED] wrote:


 Hi all,
 I have been looking high and low for instructions on how to get 3.9
running on an x4100. Not finding any, I decided to play w/ it  
myself. I
was able to make it work. While I have included the entire dmesg,  
here is

the interesting (for the SAS controller, anyway) bit:


mpi0 at pci2 dev 3 function 0 "Symbios Logic SAS1064" rev 0x02:  
apic 6 int

0 (irq 11)
scsibus0 at mpi0: 63 targets
sd0 at scsibus0 targ 2 lun 0:  SCSI2
0/direct fixed
sd0: 69618MB, 69618 cyl, 16 head, 128 sec, 512 bytes/sec, 142577664  
sec total


ooh, so pretty. how well does it perform?



The kernel is the bsd.mp from the amd64 snapshots section, and the  
rest of

the system is amd64 3.9


dont mix current and stable.

Here are the things I don't understand, and would like some insight  
into:


1. I'm getting all kinds of fan failure warnings, system and cpu  
overheat
warnings, etc. This only happens under OpenBSD. The machine is cold  
to the

touch.


where are these warnings being presented? ipmi was disabled in  
current toward the end of last week.


these machines also have a problem where they report bogus cutoffs  
for some of the values, im not sure how we're supposed to address  
that problem.


2. I can't seem to get sensorsd working. I get an error about  
allocating

memory. Thoughts?


don't mix a stable userland with a current kernel. there have been  
changes to sensors since 3.9 that could cause issues like this.


3. I get the following when connecting to the remote console via  
the iLOM:

uhidev0: bad input length 8 != 0
I get it once per keystroke, and have no idea how to fix it...


interesting. i'd have to play on one of these boxes to see whats  
going on.


care to ship me one? ;)

dlg

Re: OpenBSD 3.9 on a Sun Fire x4100

[Nick Shank]

Paul,
 Actually, all I wanted to do was see if it worked. I'm loading current atm,
and will post a dmesg when I get done...
 Nick


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Paul de Weerd
Sent: Monday, June 05, 2006 10:30 PM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: OpenBSD 3.9 on a Sun Fire x4100

Hi Nick,

On Mon, Jun 05, 2006 at 09:51:13PM -0700, [EMAIL PROTECTED] wrote:
|  I have been looking high and low for instructions on how to get 3.9
| running on an x4100. Not finding any, I decided to play w/ it myself. I
| was able to make it work. While I have included the entire dmesg, here is
| the interesting (for the SAS controller, anyway) bit:
|
| mpi0 at pci2 dev 3 function 0 "Symbios Logic SAS1064" rev 0x02: apic 6 int
| 0 (irq 11)
| scsibus0 at mpi0: 63 targets
| sd0 at scsibus0 targ 2 lun 0:  SCSI2
| 0/direct fixed
| sd0: 69618MB, 69618 cyl, 16 head, 128 sec, 512 bytes/sec, 142577664 sec
total

Good to see your mpi-controller is working as it should ;)

| The kernel is the bsd.mp from the amd64 snapshots section, and the rest of
| the system is amd64 3.9

That's not good. You're mixing -current kernel with -stable userland.
Don't do that. You'll get all sorts of strange things, the longer
after -stable became stable you take -current, the more weird things
will happen until at some point your system may not make it past
loading the kernel anymore.

It's OK to play around with stuff like this (to see if your SAS
controller is supported by a newer kernel), but don't run anything
important in such a configuration. See that the new kernel supports
your hardware and then *UPGRADE*. Not just the kernel, your entire
system.

If running -current is not for you then you have a limited set of
options :

o Wait for 4.0 which should be released in November (only 5
  months from now ;)
o Backport the mpi(4) driver to 3.9 (good luck, you're on your
  own)
o Bite the bullet, run -current.

If any of the issues you mention below reappear with a complete
snapshot or a complete -RELEASE system, feel free to try again ;)

Cheers,

Paul 'WEiRD' de Weerd

PS: Thanks for including a dmesg.

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: FIXED!!! :Re: qemu and "-net tap", how can I enable network?

[Didier Wiroth]

 Hello,
1) Even if it was pretty obvious (yesterday I was bit lazy ... ;-)) you have to 
replace the ETHER variable "trunk0" with your own network card in 
/etc/qemu-ifup, for me it was:
ETHER=em0

2) Here is how I'm starting my qemu (with working network):
sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic &

3) If you fail to start qemu for whatever reason, you can't reuse the 
/etc/qemu-ifup until you destroy the bridge0 interface it had previously 
created:
"sudo ifconfig bridge0 destroy" and now retry:
sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic &

I hope this helps!
Kind regards
Didier

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Takacs
Sent: 05 June 2006 23:35
To: misc@openbsd.org
Subject: Re: FIXED!!! :Re: qemu and "-net tap", how can I enable network?

Didier Wiroth wrote:
>Ok, "SORRY"  fixed now!

What did you do to fix it?  I'm asking because I tried this morning to use the 
new qemu v0.8 package, but it no longer works with my previous config and 
scripts.  It looks like they changed the interface in the latest version and 
removed the -tun-fd option.

-- 
Stephen Takacs   <[EMAIL PROTECTED]>   http://perlguru.net/
4149 FD56 D078 C988 9027  1EB4 04CC F80F 72CB 09DA