Re: OpenOffice.org 2.0 works on OpenBSD
On 6/7/06, Siju George <[EMAIL PROTECTED]> wrote: On 6/7/06, Frank Denis <[EMAIL PROTECTED]> wrote: > Hello, > > Le Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum ecrivait : > >In October of last year, Frank reported that he succeeded in installing OpenOffice 2.0 on > >OpenBSD > > Openoffice.org still works fine under OpenBSD. > I don't have any host with X11 right now, but the basic steps to install > it were : > > - pkg_add redhat_base > - get the Openoffice.org RPM > - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm > - /opt/openoffice.org2.2/program/soffice > Thankyou so much Frank for your reply. Will the same steps work for an amd64 OpenbSD 3.9 ? it seems no :-( # cd /usr/ports//emulators/redhat/ # make install ===> emulators/redhat/base ===> redhat_base-8.0p8 is only for i386, not amd64. ===> emulators/redhat/libc5 ===> redhat_libc5-6.2p0 is only for i386, not amd64. ===> emulators/redhat/motif ===> redhat_motif-2.1.30p3 is only for i386, not amd64. Hope 4.0 will have a port that doesnot require Linux Binary emulation :-) Thankyou so much again. Kind Regards Siju
Re: OpenOffice.org 2.0 works on OpenBSD
On 6/7/06, Frank Denis <[EMAIL PROTECTED]> wrote: Hello, Le Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum ecrivait : >In October of last year, Frank reported that he succeeded in installing OpenOffice 2.0 on >OpenBSD Openoffice.org still works fine under OpenBSD. I don't have any host with X11 right now, but the basic steps to install it were : - pkg_add redhat_base - get the Openoffice.org RPM - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm - /opt/openoffice.org2.2/program/soffice Thankyou so much Frank for your reply. Will the same steps work for an amd64 OpenbSD 3.9 ? Thankyou so much KInd Regards Siju
Re: OpenOffice.org 2.0 works on OpenBSD
On Tue, 6 Jun 2006 20:51:28 +0200 (CEST) Nikolaus Hiebaum <[EMAIL PROTECTED]> wrote: > Hello, > > In October of last year, Frank reported that he succeeded in installing > OpenOffice 2.0 on > OpenBSD (cf. > http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2). > Unfortunately, his blog where the steps were listed is off-line > (http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting > Frank via e-mail > was unsuccesfull. > > Hence, maybe he reads my message here or someone can still remember the > installation steps. > Basically, I would like to have the instruction he outlined in his blog. ;-) > If someone could > provide me with it, I'd be grateful. > > (According to Google, there is an instruction on http://www.infobsd.org/, but > this server is > unreachable at the moment and only referd to Frank's blog (if Google's Cache > is correct).) > http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2 > http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3 > > > -- > Beste Gr|_e / Best regards , > Nikolaus Hiebaum > > hi, check you have the prereqs and the redhat base package then download the linux rpm without jre. Untar it cd it then rpm it sudo rpm --ignoreos --ignorearch -ivh --nodeps *.rpm Cheers
Re: system lock-up - RTFM?
On 2006.06.07, at 2:42 PM, Breen Ouellette wrote: Did you actually read and then understand my original post? Yes. I replied because I just wanted to clarify that memtest86 can be used to identify bad memory down to a stick, through the use of it and a thorough testing process. Telling someone new to memtest86 that it detects bad memory sticks is misleading and could give them a nice headache if their problem is not the stick. If they read the "Troubleshooting Memory Errors" info for memtest86, linked to from the old site and the new site, they'll see that to isolate the defective stick, they can remove, rotate or replace modules to see what device the error follows. Like anything, memtest86 is a tool which can be used well or misused. It is up to the user to put the required effort into getting the most of it. Memtest86 can be used to detect bad memory sticks. It just does not isolate to a stick on it's own. It should be obvious to anyone, that some sort of elimination process will be required, once they have run it once. You seem to think that I disagree with you? I am merely clarifying my point of view which seems to be the same as yours. I can think of a situation which could be quite interesting to isolate a stick. Old BX motherboards with 4 SDRAM slots. Many could not power all 4 modules if they were particularly power hungry modules. Those motherboards typically supported memory modules without built in buffering (buffering in the electronic sense to keep digital states within required tolerances) and if the chipset was close to the maximum power it could deliver to the RAM, then errors would be all over the place and mostly non-repeatable. Rotating or replacing modules would thus be pointless. Worse still, removing modules might give the incorrect impression of finding a faulty module, when in fact it was a power delivery problem and removing *any* of the modules would have the same effect. Shane
OpenTV
Hi everybody, I installed a Video Streaming server using OpenBSD 3.9 and VideoLAN, I invite to all to visit my test page at "http://jbolivar.sytes.net";. All comments are welcome. Thanks and Regards. Julian
Re: system lock-up - RTFM?
Shane J Pearson wrote: I have a faulty DDR2 SODIMM in my laptop which memtest86 shows to fail in the same place every single time. This machine has 2 SODIMMS. If I swap their positions in the memory slots in my laptop, memtest86 shows the errors follow the module to the other slot, while showing the original potentially faulty slot to be fine. Same deal if I swap the memory between my laptop and my girlfriends. Problem follows module. Yeah, sure, in some cases when memtest86 reports a memory error it is an indication of faulty memory. But there are many situations where memtest86 detects a memory error which is related to a faulty CPU, mainboard, or power supply, or where a memory module is not compatible with the mainboard but is otherwise fine, or where there is an issue with heat buildup. An error in memtest86 does not specify which part is giving you problems, only that the problem is memory related! At best, you can only expect memtest86 to identify a memory read or write error. It is up to the thinking being to eliminate the possible reasons for the memory error. If you blindly believe that your memory is bad when memtest86 detects an error then you are setting yourself up for a lot of pain and sorrow if in fact the problem is related to your northbridge overheating, as an example. You've basically stated this above. You found an error with memtest86 which alerted you to a problem (or more likely your laptop misbehaving alerted you to a problem and memtest86 narrowed the scope of the problem). You then took action and tested your memory in different configurations and then on a different machine, and by using your brain you were able to narrow down the problem to the memory stick itself. You identified the stick, memtest86 only started you on the right path by pointing out that there was a memory error. If it hadn't been the stick, then you would have had to consider something else. Did you actually read and then understand my original post? The difference between a memory error and a faulty stick of RAM may be subtle, but there is a difference none the less. Telling someone new to memtest86 that it detects bad memory sticks is misleading and could give them a nice headache if their problem is not the stick. Breeno
Re: system lock-up - RTFM?
Hi Breen, On 2006.06.07, at 4:39 AM, Breen Ouellette wrote: Of course not. It doesn't even tell you if your memory is bad. It can if you use it to identify a potentially faulty module and then move that module to another slot or machine and the problem follows the module (as reported by memtest86), instead of following the machine or original "problem" slot. I have a faulty DDR2 SODIMM in my laptop which memtest86 shows to fail in the same place every single time. This machine has 2 SODIMMS. If I swap their positions in the memory slots in my laptop, memtest86 shows the errors follow the module to the other slot, while showing the original potentially faulty slot to be fine. Same deal if I swap the memory between my laptop and my girlfriends. Problem follows module. I take that as memtest86 being able to tell me that my memory is bad. It's the same as with many tools. As you already alluded to, you can get more accurate measurements with more thorough testing process. But as far as I am concerned, memtest86 can be used to identify bad memory. Shane
Re: eWeek comment on OpenBSD
Eliah Kagan wrote: > > On 6/6/06, Roger Neth Jr <[EMAIL PROTECTED]> wrote: > > Even OpenBSDin my humble opinion, the safest operating system on the > > planetis crackable, if you allow anyone to come and pound away at its > > network interface. > > > > http://www.eweek.com/article2/0,1895,1972281,00.asp > > Construed literally, that would have to mean that all operating > systems, including OpenBSD, have remote holes in their underlying > TCP/IP stack implementations. (He's talking about pounding away at the > **network interface** here!) This is manifestly unlikely. There are > probably very few operating systems with remote holes in their TCP/IP > stack implementations, and OpenBSD is probably not one of them. > > Steven J. Vaugh-Nichols probably doesn't mean this--he probably means > something else. But it's not clear to me what he means, and I'm not > sure it's clear to him, either. Methinks you're right. "Security is a process, not a product." There is an ongoing process. This ongoing process is supposed to be a cause. Security is supposed to be the effect. Security (to the extent that it exists) is built-in at a fundamental level, not something bolted on later. Security is also the non-existence of a number of stupidities. Maybe chief among which is the tacit assumption that everything else is perfect. (Error rate in gcc ... You're gonna do better?) "Some systems are more secure than others." No. Some systems are more insecure than others. And there are degrees of insecurity. Is OpenBSD secure? Dunno, but look for cobwebs on the latest security updates. > > If he means that running OpenBSD doesn't guarantee that you'll never > get hurt by a cracker, though, he's certainly right about that. > > -Eliah
Re: eWeek comment on OpenBSD
On 6/6/06, Roger Neth Jr <[EMAIL PROTECTED]> wrote: Even OpenBSDin my humble opinion, the safest operating system on the planetis crackable, if you allow anyone to come and pound away at its network interface. http://www.eweek.com/article2/0,1895,1972281,00.asp Construed literally, that would have to mean that all operating systems, including OpenBSD, have remote holes in their underlying TCP/IP stack implementations. (He's talking about pounding away at the **network interface** here!) This is manifestly unlikely. There are probably very few operating systems with remote holes in their TCP/IP stack implementations, and OpenBSD is probably not one of them. Steven J. Vaugh-Nichols probably doesn't mean this--he probably means something else. But it's not clear to me what he means, and I'm not sure it's clear to him, either. If he means that running OpenBSD doesn't guarantee that you'll never get hurt by a cracker, though, he's certainly right about that. -Eliah
eWeek comment on OpenBSD
Even OpenBSDin my humble opinion, the safest operating system on the planetis crackable, if you allow anyone to come and pound away at its network interface. http://www.eweek.com/article2/0,1895,1972281,00.asp -- rogern John 3:16
PF Rules blocking internal traffic. 2 Isp Links
Hi, I am using PF with two ISP links and doing load balancing. Everything works fine, I copied the rules from the FAQ, except for one issue. I am using samba, my problem appears when I have to Log to samba or with RDR to my XP ip (192.168.3.22). PF is blocking internal traffic from my PC to my OBSD 3.8 ( I am waiting for my 3.9 copy :-D ) machine ( with samba server ). If I open the traffic on internal interface with a : Pass in on $int_if from any to any Then samba works fine, but there's no load balancing. May be I am misunderstanding something. Below are my rules. Any help to fix and improve these rules would be appreciated. I have 2 Dsl links from the same provider ( there is only one provider where I am living ) and they don't want to speed up my link. I have 2 links of 256 download and 128 upload working at 65% ( thanks to telefonica de argentina :-( ) Thanks Marcos # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if1="tun0" ext_gw1="200.51.241.211" ext_if2="tun1" ext_gw2="200.51.241.253" int_if ="rl0" lan_net="192.168.3.0/24" gateway_addr="192.168.3.1" # Options: tune the behavior of pf, default values are given. set timeout { interval 30, frag 10 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 3600 } set timeout { tcp.closing 120, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set limit { states 2, frags 5000 } set optimization aggressive scrub in on $ext_if1 all fragment reassemble random-id scrub in on $ext_if2 all fragment reassemble random-id altq on { $ext_if1, $ext_if2 } priq bandwidth 100Kb queue { q_pri, q_def } queue q_pri priority 7 queue q_def priority 1 priq(default) # nat outgoing connections on each internet interface nat on $ext_if1 from $lan_net to any -> ($ext_if1) # sticky-address nat on $ext_if2 from $lan_net to any -> ($ext_if2) # sticky-address # redirect local FTP rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 # default deny block in from any to any block out from any to any block quick inet6 pass quick on lo all # spoofing protection on int_if antispoof quick log for $int_if inet # allow all outgoing traffic on IntIf pass out on $int_if from any to $lan_net # allow all incoming traffic on IntIf pass in quick on $int_if from $lan_net to $int_if # load balance tcp pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA keep state # load balance udp and icmp pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep s tate # ping to/from world pass out log quick on { $ext_if1 $ext_if2 } inet proto icmp all icmp-type 8 code 0 keep state pass in log quick on { $ext_if1 $ext_if2 } inet proto icmp all icmp-type 8 code 0 keep state # allow external access to SSH on both interfaces pass in log quick on $ext_if1 inet proto tcp from !$lan_net to ($ext_if1) port 22 flags S/SA keep state ( max-src-conn 5, max-src-co nn-rate 3/30 ) queue (q_def, q_pri) pass in log quick on $ext_if2 inet proto tcp from !$lan_net to ($ext_if2) port 22 flags S/SA keep state ( max-src-conn 5, max-src-co nn-rate 3/30 ) queue (q_def, q_pri) pass in log on $ext_if1 proto tcp from any to ($ext_if1) port ftp flags S/SA keep state queue (q_def, q_pri) pass in log on $ext_if2 proto tcp from any to ($ext_if2) port ftp flags S/SA keep state queue (q_def, q_pri) # active FTP pass in log quick on $ext_if1 inet proto tcp from any to $ext_if1 port > 49151 flags S/SA keep state queue (q_def, q_pri) pass in log quick on $ext_if2 inet proto tcp from any to $ext_if2 port > 49151 flags S/SA keep state queue (q_def, q_pri) # dns # pass in log on { $ext_if1 $ext_if2 } proto tcp from any to any port domain keep state pass out on $ext_if1 proto tcp from $ext_if1 to any port domain keep state pass out on $ext_if2 proto tcp from $ext_if2 to any port domain keep state # general "pass out" rules for external interfaces pass out on $ext_if1 proto tcp from any to any flags S/SA keep state queue (q_def, q_pri) pass out on $ext_if1 proto udp from any to any keep state pass out on $ext_if2 proto tcp from any to any flags S/SA keep state queue (q_def, q_pri) pass out on $ext_if2 proto udp from any to any keep state # route packets trough the appropiate gateways pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
Re: OpenOffice.org 2.0 works on OpenBSD
Follow these steps, they worked just fine to me in OpenBSD 3.9: http://www.xs4all.nl/~hanb/documents/openoffice_on_openbsd.html Good luck On 6/6/06, Nikolaus Hiebaum <[EMAIL PROTECTED]> wrote: Hello, In October of last year, Frank reported that he succeeded in installing OpenOffice 2.0 on OpenBSD (cf. http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2). Unfortunately, his blog where the steps were listed is off-line (http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting Frank via e-mail was unsuccesfull. Hence, maybe he reads my message here or someone can still remember the installation steps. Basically, I would like to have the instruction he outlined in his blog. ;-) If someone could provide me with it, I'd be grateful. (According to Google, there is an instruction on http://www.infobsd.org/, but this server is unreachable at the moment and only referd to Frank's blog (if Google's Cache is correct).) http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2 http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3 -- Beste Gr|_e / Best regards , Nikolaus Hiebaum -- Andris Delfino
Re: OpenOffice.org 2.0 works on OpenBSD
On Tue, Jun 06, 2006 at 10:38:03PM +, [EMAIL PROTECTED] wrote: > Original message from Frank Denis [EMAIL PROTECTED]: > > > Openoffice.org still works fine under OpenBSD. > > I don't have any host with X11 right now, but the basic steps to install > > it were : > > > > - pkg_add redhat_base > > - get the Openoffice.org RPM > > - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm > > - /opt/openoffice.org2.2/program/soffice > > > > If java is installed and in your path, you may want to rename it before > > the first run of Openoffice or odd things can happen. > > Like? And do you have an idea why? Let's not get tangled up. OpenOffice works fine under Linux emulation. It expects a linux Java; native Java does not interoperate. (You can run OO *without* java.) To the best of my understanding, there is a native port IN DEVELOPMENT, but it is not yet ready.
Re: OpenOffice.org 2.0 works on OpenBSD
Original message from Frank Denis [EMAIL PROTECTED]: > Openoffice.org still works fine under OpenBSD. > I don't have any host with X11 right now, but the basic steps to install > it were : > > - pkg_add redhat_base > - get the Openoffice.org RPM > - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm > - /opt/openoffice.org2.2/program/soffice > > If java is installed and in your path, you may want to rename it before > the first run of Openoffice or odd things can happen. Like? And do you have an idea why? Jim
Re: OpenOffice.org 2.0 works on OpenBSD
On Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum wrote: > Hello, > > In October of last year, Frank reported that he succeeded in installing > OpenOffice 2.0 on > OpenBSD (cf. > http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2). > Unfortunately, his blog where the steps were listed is off-line > (http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting > Frank via e-mail > was unsuccesfull. > > Hence, maybe he reads my message here or someone can still remember the > installation steps. > Basically, I would like to have the instruction he outlined in his blog. ;-) > If someone could > provide me with it, I'd be grateful. > > (According to Google, there is an instruction on http://www.infobsd.org/, but > this server is > unreachable at the moment and only referd to Frank's blog (if Google's Cache > is correct).) > http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2 > http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3 > > > -- > Beste Gr|_e / Best regards , > Nikolaus Hiebaum > Search the ports@ mailing list, there's a port for it. If you want to install by yourself, try http://www.chruetertee.ch/blog/archive/2005/12/12/openoffice-org-2-0-auf-openbsd.html You should be able to understand the instructions there Tobias
Re: system lock-up - RTFM?
Stuart Henderson wrote: On 2006/06/06 13:11, Sam Chill wrote: There is a very handy program called memtest86 which can test your memory to see if it is bad. It tells you if it's bad, but it doesn't tell you if it's good. Of course not. It doesn't even tell you if your memory is bad. It merely tells you if there is a problem reading and writing test patterns to memory. An error detected by memtest86 could just as easily indicate a CPU, mainboard, or power supply problem. And there simply is no reasonable method in existence which can tell you if your memory is good. If there was, no bad memory would ever leave the factory. There are merely degrees of quality. This doesn't diminish memtest86's usefulness as a tool for avoiding a part by part elimination rebuild. As a former owner of two different custom PC shops, I would like to point out that memtest86 successfully located memory reads or writes as the problem on virtually all trouble PCs out of thousands of builds that I have performed over the years (most of the rest were hard drive errors, a few were related to faulty optical drives). The only systems which had memory problems that were not detected by memtest86 were systems in which low grade parts were used for the build. If you use second or third tier manufacturers for your mainboard, memory, and power supply then you deserve your memory errors as far as I'm concerned. Stick with parts that are high quality, follow the RAM compatibility list for you mainboard, and you will likely never experience any memory errors. And if you do, there is a very good chance that memtest86 will catch them. If you still fall into the minuscule percentage of memory errors that slip through these actions, then you will likely have to part out and test the machine piece by piece. Out of three thousand or so computer builds, I can count the number of machines that fall into this category on one hand. Also, be sure to run memtest86 for at least a 12 hour period. I have seen machines which do not necessarily spit out a memory error on every pass of memtest86. If memtest86 passes without error for twelve hours, then download and run the hard drive diagnostic software provided by the manufacturer. After that, get ready for several stimulating hours of part by part elimination by exchanging each suspect part for another of similar type (not the same type) of equal or greater quality than the suspect part. After each part exchange you will have to reinstall the OS to ensure that you are not experiencing errors which were introduced into the OS during the last install. You will find the problem via this route. FUN!! Breeno
Re: AP Encryption
On Tuesday 06 June 2006 22:00, Gaby vanhegan wrote: > It's mainly to draw punters into the hotspot area, and have them feel > a little more comfortable about using a public access point Hotspot? Public access point? Enforcing encryption will hurt you and your visitors. If you must, read: http://www.drizzle.com/~aboba/IEEE/
Re: Dell CERC SATA 1.5/6ch support?
On 2006/06/06 17:48, Mike Spenard wrote: > I have a Dell Poweredge 850 with the Dell CERC SATA 1.5/6ch controller. > Is this controller supported under OpenBSD? During install I get "No > disks found." It's probably an aac(4), for which you'll need a custom kernel - it was taken out of GENERIC for a reason. If you're unable to replace it with, e.g. some lsi megaraid sata card, you'll have to install an old OS and transfer across a newer release and suitable custom kernel from another box. Don't be entirely surprised if it wedges occasionally, this is not a recommended controller.
Re: OpenOffice.org 2.0 works on OpenBSD
Hello, Le Tue, Jun 06, 2006 at 08:51:28PM +0200, Nikolaus Hiebaum ecrivait : In October of last year, Frank reported that he succeeded in installing OpenOffice 2.0 on OpenBSD Openoffice.org still works fine under OpenBSD. I don't have any host with X11 right now, but the basic steps to install it were : - pkg_add redhat_base - get the Openoffice.org RPM - /emul/linux/bin/rpm --ignoreos --ignorearch -ivh *.rpm - /opt/openoffice.org2.2/program/soffice If java is installed and in your path, you may want to rename it before the first run of Openoffice or odd things can happen. -- Frank Denis - frank [at] nailbox.fr - Young Nails / Akzentz nail tech http://forum.manucure.info - http://www.manucure-pro.com
Dell CERC SATA 1.5/6ch support?
I have a Dell Poweredge 850 with the Dell CERC SATA 1.5/6ch controller. Is this controller supported under OpenBSD? During install I get "No disks found." Mike Spenard
Re: AP Encryption
On 6 Jun 2006, at 21:21, Spruell, Darren-Perot wrote: > No. In the scenario Stuart was describing, there's no decryption to > occur. > The originally encrypted traffic is still safe, but when you pop in > and say > "hi, I'm such-and-such IP, honest", the WAP happily negotiates a > new session > key with you and encrypts traffic to you (that everyone thinks is > going to > the real such-and-such IP.) So confidentiality is still sort of in > place, > but not truly authenticated. Ah, I see. That's OK for my needs. Frankly, if that sort of thing is possible, then it renders the WPA protection somewhat pointless, if the password is freely available. It's mainly to draw punters into the hotspot area, and have them feel a little more comfortable about using a public access point ("Hey, it's encrypted!"). Combine that with the multiple subnet approach and I think it's already a step above what most people would require for security. The feeling I get from all this is that there's no way to properly secure the network, but there's only so far I can go before the onus is on the users to get off their asses and be a little more proactive. It's not totally out of the question to extend the system such that every-day, non-faffing around users can just put the password in and go, albeit with the usual warnings about data security. It's then reasonably easy to add a client download for a VPN of some sort, to properly encrypt the end-to-end traffic between client and the OpenBSD box. IPSec support is native in MacOS X, I'm sure it's not enormously difficult to get it running on windows (hmm, how many times have I said that...) Projects for another time I think. > It's really just a LAN arp-spoofing attack with the same problems; the > only good way to do what you would need for the security you're > thinking of > is end to end encryption, not link encryption. SSL/TLS/etc. for the > protocols in use over the WLAN, not cleartext stuff. The more layers of security, the better. Funny, how when the signal is contained in a little wire, we feel happier about it and more secure. As soon as it's being broadcast over RF, you begin to realise that unencrypted data is no more secure in a CAT5 cable going over the intar-webs than it is coming out of an antenna. The more layers of encryption, the harder it is for malicious users. There's only so much us sysadmins can do... Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: Crypto Partition Problem
Hello again. I am not able to fix the issue, but here is the disklabel, maiby it can help you figure out a solution. # disklabel svnd0 # /dev/rsvnd0c: type: SCSI isk: vnd device label: fictitious flags: bytes/sector: 512 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 1830146 total sectors: 183014656 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] c: 183014656 0 unused 0 0 # Cyl 0 -1830146* # If I change "unused" to 4.2BSD fsck reports serval errors like SuperBlocks are missing. Any advice is highly welcomed, as before. Thank you. Juha Erkkila <[EMAIL PROTECTED]> wrote: On Mon, Jun 05, 2006 at 01:01:34PM -0700, Rott_En wrote: > I used "fsck -n" and then tried to mount the /crypto/home/cryptofile > partition container with no luck, same results stating: > > # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c > Encryption key: > vnconfig: VNDIOCSET: Device busy > mount_ffs: /dev/svnd0c on /home: specified device does not match mounted > device > # mount -f /home > mount: can't find fstab entry for /home. > # mount -f /crypto/home/ > mount_ffs: /dev/wd0g on /crypto/home: Device busy > # mount -r /crypto/home/ > mount_ffs: /dev/wd0g on /crypto/home: Device busy > # 1. please don't top post, trim your lines under 80 2. RTFM. in this case those are: vnconfig(8), fsck(8), mount(8) 3. AFTER figuring out what these will do, try these: $ vnconfig -k svnd0 /crypto/home/cryptfile (type the correct key) $ fsck /dev/rsvnd0c $ mount /dev/svnd0c /home don't blame me if it breaks. 4. consider not using a single, huge, encrypted vnd, for data that matters 5. toss away the cryptfs-script: it doesn't do fsck, if doesn't back out from errors, it forces mounts even when it should not Juha Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: FIXED!!! :Re: qemu and "-net tap", how can I enable network?
Didier Wiroth wrote: > 1) Even if it was pretty obvious (yesterday I was bit lazy ... ;-)) > you have to replace the ETHER variable "trunk0" with your own > network card in /etc/qemu-ifup, for me it was: ETHER=em0 > > 2) Here is how I'm starting my qemu (with working network): > sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic & > > 3) If you fail to start qemu for whatever reason, you can't reuse the > /etc/qemu-ifup until you destroy the bridge0 interface it had > previously created: "sudo ifconfig bridge0 destroy" and now retry: > sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic Didier, I tried using your /etc/qemu-ifup (after changing the ETHER to sis0) but qemu doesn't seem to be invoking that script at all with your command line. I added the -x option to the #!/bin/sh line, but it prints nothing. Are you sure that you're not doing anything else? Here's what happens on my machine (obsd39 GENERIC, qemu-0.8.0p3), after always making sure that bridge0 and tun0 are destroyed: $ sudo qemu -m 64 /home/qemu/debian-31r1a-i386.img -net tap -net nic warning: could not open v ,^@ : no virtual network emulation Could not initialize device 'tap' And so qemu exits immediately... The /etc/qemu-ifup script is invoked only if I give qemu more options: $ sudo qemu -m 64 -net tap,vlan=0,ifname=/dev/tun0 -net nic,vlan=0 \ /home/qemu/debian-31r1a-i386.img + ETHER=sis0 + BRIDGE=bridge0 + id -u + test 0 -ne 0 + echo Initializing tun0.. Initializing tun0.. + ifconfig tun0 link0 up + ifconfig bridge0 create + brconfig bridge0 add sis0 up + brconfig bridge0 add tun0 up But this still doesn't work correctly, because the guest OS gets the IP 172.20.0.2 and can't reach any other hosts on the LAN (including the obsd box that's running qemu). And if I give qemu even more options, then it no longer tries to execute /etc/qemu-ifup. But manually setting up the bridge beforehand doesn't help either: $ sudo ifconfig tun0 link0 up $ sudo ifconfig bridge0 create $ sudo brconfig bridge0 add sis0 up $ sudo brconfig bridge0 add tun0 up $ ifconfig tun0 tun0: flags=9943 mtu 1500 lladdr 00:bd:0f:df:e9:01 inet6 fe80::2bd:fff:fedf:e901%tun0 prefixlen 64 scopeid 0x45 $ brconfig bridge0 bridge0: flags=41 Configuration: priority 32768 hellotime 2 fwddelay 15 maxage 20 Interfaces: tun0 flags=3 port 69 ifpriority 128 ifcost 55 sis0 flags=3 port 1 ifpriority 128 ifcost 55 Addresses (max cache: 100, timeout: 240): 00:0f:db:9b:ce:c9 sis0 1 flags=0<> $ sudo sh -c "qemu -m 64 -net tap,vlan=0,fd=3,ifname=/dev/tun0 \ 3<>/dev/tun0 -net nic,vlan=0,macaddr=de:ad:be:ef:00:00 \ /home/qemu/debian-31r1a-i386.img" This gives the exact same result as my previous attempt, except that now the guest's eth0 has hw addr deadbeef00. BTW, pf is disabled and net.inet.ip.forwarding=1 Adding 172.20.0.1 as an alias of sis0 makes it possible for the guest to connect to the host, but no further. And without that alias, it can't even connect to the host (neither at 172.20.0.1 or the real IP for sis0). Got any more bright ideas Spiderman? :-) -- Stephen Takacs <[EMAIL PROTECTED]> http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: build samba with kerberos support
please try the version from ftp.sernet.de there is also heimdal for krb support with samba. Thomas Am Dienstag, den 06.06.2006, 17:06 +0200 schrieb Thomas Schoeller: > hi list, > i try to build the samba ldap port with kerberos support. i have added > the --with-ads --with-krb5 options to the Makefile. but the configure > script reported: > checking whether LDAP support is used... yes > checking for Active Directory and krb5 support... no > > maybe the missing krb5-config program is the problem. but i do not know > how to build the krb5-config binary which is not in the source tree. > > i like to build a samba member server so i could use the ntlm helper > script from squid to auth my users. has somebody got this working? > any comments on this? > > regards > thomas
Re: build samba with kerberos support
i got it :) i build a patch based on this post: http://marc.theaimsgroup.com/?l=openbsd-ports&m=110659454524366&w=2 if somebody is interested. it is here: https://tiifp.org/samba_with_ads.patch maybe it got into the tree. regards thomas On Tue, Jun 06, 2006 at 05:06:54PM +0200, Thomas Schoeller wrote: > hi list, > i try to build the samba ldap port with kerberos support. i have added > the --with-ads --with-krb5 options to the Makefile. but the configure > script reported: > checking whether LDAP support is used... yes > checking for Active Directory and krb5 support... no > > maybe the missing krb5-config program is the problem. but i do not know > how to build the krb5-config binary which is not in the source tree. > > i like to build a samba member server so i could use the ntlm helper > script from squid to auth my users. has somebody got this working? > any comments on this? > > regards > thomas
Re: AP Encryption
From: [EMAIL PROTECTED] > > I understand. You're not saying anything regarding intercepting an > > existing > > session and accessing the data; it's akin to getting an Ethernet > > cable on a > > LAN (since you have the PSK for authentication) and > negotiating a new > > communication session (key, etc.) with the AP. > > So at that point, you're effectively on the LAN, so have access to > the traffic that runs across it anyway. However, if the > sessions are > individually keyed for each user, with a time-dependant > rotating key, > the person spoofing the MAC won't have the corresponding key, so > won't be able to decode the traffic properly? No. In the scenario Stuart was describing, there's no decryption to occur. The originally encrypted traffic is still safe, but when you pop in and say "hi, I'm such-and-such IP, honest", the WAP happily negotiates a new session key with you and encrypts traffic to you (that everyone thinks is going to the real such-and-such IP.) So confidentiality is still sort of in place, but not truly authenticated. In other words, by virtue of the attacker knowing the PSK, he's just as authenticated to the WLAN as the real client is. It's really just a LAN arp-spoofing attack with the same problems; the only good way to do what you would need for the security you're thinking of is end to end encryption, not link encryption. SSL/TLS/etc. for the protocols in use over the WLAN, not cleartext stuff. > Yes, it requires a RADIUS client to connect. I have read a little > more about RADIUS (specifically FreeRADIUS) and I like the features > it has to offer, especially the accounting parts. It's a shame it's > not suitable, it takes care of a lot of the problems I have yet to > work out. Unfortunately, even WPA-enterprise doesn't cover this kind of issue. The same "problems" are prevalent (LAN technology can't ensure this kind of security.) DS
Re: AP Encryption
On 6 Jun 2006, at 19:37, Spruell, Darren-Perot wrote: > I understand. You're not saying anything regarding intercepting an > existing > session and accessing the data; it's akin to getting an Ethernet > cable on a > LAN (since you have the PSK for authentication) and negotiating a new > communication session (key, etc.) with the AP. So at that point, you're effectively on the LAN, so have access to the traffic that runs across it anyway. However, if the sessions are individually keyed for each user, with a time-dependant rotating key, the person spoofing the MAC won't have the corresponding key, so won't be able to decode the traffic properly? It's similar to being on the same switch, but the radio traffic that is visible is WPA encrypted, again with the time dependant keys. So even if the PSK is freely available, the initial session negotiation means it's still hard to steal another person's traffic? Or am I getting my layers mixed up here? > A problem which WPA Enterprise (w/RADIUS and individual per-user > authentication, not per-computer authentication) would protect > against. > > Unfortunately, something that wouldn't suit the OP's situation > either... Yes, it requires a RADIUS client to connect. I have read a little more about RADIUS (specifically FreeRADIUS) and I like the features it has to offer, especially the accounting parts. It's a shame it's not suitable, it takes care of a lot of the problems I have yet to work out. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: OpenOffice.org 2.0 works on OpenBSD
Hello, In October of last year, Frank reported that he succeeded in installing OpenOffice 2.0 on OpenBSD (cf. http://marc.theaimsgroup.com/?l=openbsd-misc&m=112984281031654&w=2). Unfortunately, his blog where the steps were listed is off-line (http://www.00f.net/php/show-article.php/openoffice_on_openbsd). Contacting Frank via e-mail was unsuccesfull. Hence, maybe he reads my message here or someone can still remember the installation steps. Basically, I would like to have the instruction he outlined in his blog. ;-) If someone could provide me with it, I'd be grateful. (According to Google, there is an instruction on http://www.infobsd.org/, but this server is unreachable at the moment and only referd to Frank's blog (if Google's Cache is correct).) http://66.249.93.104/search?q=cache:H-OhhgjaNhcJ:www.infobsd.org/+openoffice+openbsd&hl=de&gl=at&ct=clnk&cd=2 http://66.249.93.104/search?q=cache:w3wfpQ3su5QJ:www.infobsd.org/index.php%3Fmore%3D73+openoffice+openbsd+site:infobsd.org&hl=de&gl=at&ct=clnk&cd=3 -- Beste Gr|_e / Best regards , Nikolaus Hiebaum
Re: OBSD 3.9 freezes during install from cd39.iso (2 different medias) on Supermicro PDSMI MB Dual Core Intel 2.8G
Thede, Bennett wrote: Hey all, really odd problem: booting from cd39.iso (to install over wire, has worked on a generic dell from the same media, but I tried another blank CD as well.) is freezing on boot on my 1U system (Supermicro PDSMI MB, http://tinyurl.com/ol4nu , P4 2.8Ghz CPU (dual core), 1gig memory, sata HD. During boot it gets as far as: bios0 at mainbus0: AT/286+(2c) BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd470 pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00) pcibios0: PCI bus #6 is the last bus And then bam, it stops, no error, no beep, nothing. It just sits there. I just noticed that my cd39.iso file is a little older then the one currently at ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386 so I've tried again with the new file, this time it gives a bit more information (and IDs the motherboard) bios0 at mainbus0: AT/286+(2c) BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd470, SMBIOS rev. 2.51 @ 0x3feea000 (33 entries) bios: Supermicro PDSMI pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00) pcibios0: PCI bus #6 is the last bus And then it freezes at the exact same spot I'm going to try to load from one of the official CDs I have (3.7 I think is the latest) on Monday in case I need some sort of driver that's not in the cd39.iso build, but I have a feeling because of where it's freezing that won't help, so if anyone has any ideas please let me know. This 1U had an intended purpose of being a firewall, and I was hoping to run OBSD/PF but know that redhat runs on this equipment, so I can switch to a linux based firewall if I have to. (I much prefer PF...) Thanks for any pointers, Ben I had the same problem with a Supermicro SuperServer 5015M-MR (which uses the PDSMi motherboard). I used UKC to start in verbose mode and set the pcibios0 flag to 1, which got me a bit further. Now it hangs when it probes ppb. So I set the pcibios0 flag to 1 and disabled ppb* and it finished booting. All of the PCIE Buses remain not configured (which makes sense after disabling ppb) so none of the devices connected to PCIE are available. (like network adapters) Hope this helps. - Jon Here's the dmesg: OpenBSD 3.9-current (RAMDISK_CD) #1160: Mon Jun 5 00:49:42 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Pentium(R) D CPU 2.80GHz ("GenuineIntel" 686-class) 2.78 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,CNXT-ID,CX16 real mem = 1072128000 (1047000K) avail mem = 971591680 (948820K) using 4256 buffers containing 53710848 bytes (52452K) of memory User Kernel Config UKC> change pcibios 178 pcibios0 at bios0 flags 0x0 change (y/n) ? flags [0] ? 1 178 pcibios0 changed 178 pcibios0 at bios0 flags 0x1 UKC> disable ppb 60 ppb* disabled UKC> quit Continuing... mainbus0 (root) bios0 at mainbus0: AT/286+(67) BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd470, SMBIOS rev. 2.51 @ 0x3feea000 (33 entries) bios0: Supermicro PDSMi pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x81 "Intel E7230 PCIE" rev 0x81 at pci0 dev 1 function 0 not configured "Intel 82801GB PCIE" rev 0x01 at pci0 dev 28 function 0 not configured "Intel 82801G PCIE" rev 0x01 at pci0 dev 28 function 4 not configured "Intel 82801G PCIE" rev 0x01 at pci0 dev 28 function 5 not configured uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8
Re: popular mail & squid virus scanning technique for openbsd
Take a look at the following links - I use something based on thisthis for spam filtering and it works better than any other free or commercial product I've tried. I don't use the antivirus portion (I have a separate system for that). Like others have said, this mail scanning should probably be done on some host other than your firewall. It would ideally be done by whatever host your MX record is set to. Think of it as a separate email firewall. This sort of stuff is fairly CPU intensive, especially if it's for a large group of users. http://www.flakshack.com/anti-spam/wiki/index.php http://flakshack.com/anti-spam/wiki/index.php?page=FairlySecureAntiVirusWiki -Original Message- From: Siju George [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 06, 2006 2:05 AM To: Smith Cc: misc@openbsd.org Subject: Re: popular mail & squid virus scanning technique for openbsd On 6/6/06, Smith <[EMAIL PROTECTED]> wrote: > I once posted that all the anti-virus checking should be done on the > Windows boxes only. Let the mail server deliver mail, let the > firewall block bad packets, and let Windows find the viruses. Why? > Re-read what Chad stated in the last sentence below. Some people > replied that that was ridiculous because the viruses should be blocked > from the mail server with clamd. One person said that clamd can't be > exploited remotely. Since then many vulnerabilities have been found > in clamd and some of them remotely. Pity. > Thankyou so much Christian, Bill, Chad & Smith for your answers :-) Kind Regards Siju This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient of this message you may not store, disclose, copy, forward, distribute or use this message or its contents for any purpose. If you have received this communication in error, please notify us immediately by return e-mail and delete the original message and any attachments from your e-mail system. Thank you.
Re: system lock-up - RTFM?
On Tue, 6 Jun 2006, Stuart Henderson wrote: On 6/6/06, Ian Watts <[EMAIL PROTECTED]> wrote: Other than swapping out various bits of hardware, which would involve buying new bits, are there any other man pages or useful documents that might help me figure out what the problem is? Try running GENERIC.MP kernel, on the box I had with a hardware failure (bad cpu) MP usually panicked where GENERIC usually froze. Thanks for the suggestion. I rebooted with /bsd.mp and so far have not been able to lock up the system, despite taxing it as much as possible for an extended period of time. I'll continue running MP for the time being and see if the problem does in fact return. There is a very handy program called memtest86 which can test your memory to see if it is bad. It tells you if it's bad, but it doesn't tell you if it's good. Time permitting, I'll give that go, too. I know the extended test takes quite some time (512MB RAM on my box). Maybe tonight. -- Ian
Re: Does Lenovo suck ?
On 06/06/06, Lars Hansson <[EMAIL PROTECTED]> wrote: On Tuesday 06 June 2006 08:13, Ioan Nemes wrote: > The above article is a PR exercise, just testing the waters! No, it's not just a PR exercise. The reason for the sudden retreat is that they still want to be able to sell to the Taiwanese government. Your argument is invalid: your conclusion has nothing to do with the premise. http://www.ya.ru/yandsearch?text=valid+argument+premise+conclusion
Re: AP Encryption
From: Stuart Henderson [mailto:[EMAIL PROTECTED] > > I would challenge that by intercepting WPA-protected traffic > > you can obtain cleartext so simply. > > This is no WPA crack. > > A wireless LAN is still susceptible to normal attacks which > can be mounted from one node on a LAN to another. > > In the situation described, the attacker has already been > given the WPA key, so they are on the LAN. I understand. You're not saying anything regarding intercepting an existing session and accessing the data; it's akin to getting an Ethernet cable on a LAN (since you have the PSK for authentication) and negotiating a new communication session (key, etc.) with the AP. A problem which WPA Enterprise (w/RADIUS and individual per-user authentication, not per-computer authentication) would protect against. Unfortunately, something that wouldn't suit the OP's situation either... DS
Re: How to enable hw crypto?
openssl speed -evp works like a charm. Thanks for the info. Though the manpage on the speed test is a bit misleading: SPEED openssl speed [aes] [aes-128-cbc] [aes-192-cbc] [aes-256-cbc] [blowfish] [bf-cbc] [cast] [cast-cbc] [des] [des-cbc] [des-ede3] [dsa] [dsa512] [dsa1024] [dsa2048] [hmac] [md2] [md4] [md5] [rc2] [rc2-cbc] [rc4] [rmd160] [rsa] [rsa512] [rsa1024] [rsa2048] [rsa4096] [sha1] [-decrypt] [-elapsed] [-mr] [-engine id] [-evp e] [-multi number] On FreeBSD, I was able to get the hw crypto to work with: openssl speed -evp -engine cryptodev Apparently on OpenBSD, I really don't need to specify the -engine but I do need to insert -evp between "speed" and . Odd. But I am happy to get it finally talk to the hw crypto. Winston On 6/2/06, jared r r spiegel <[EMAIL PROTECTED]> wrote: On Fri, Jun 02, 2006 at 05:23:40PM -0700, Winston wrote: > I have tried the following command to get the hw crypto to work: > openssl speed des-cbc -engine cryptodev > But the result I got is pretty much the same if I don't specify the > cryptodev engine. > The crypto card I have is hifn7956. > I tried to compile hifn7751.c by commenting out #undef HIFN_DEBUG, > hoping to get some debug msgs, but I got none. So the hifn driver is > not really called. > On FreeBSD I need to specify a -evp flag, However, if I specify -evp, > it say "no EVP given". So it looks like that I need to provide a > parameter to -evp. But I have no idea what are valid parms. On > FreeBSD, -evp with no parm is OK. > > Environ: > OpenBSD ver: 3.8 > Processor: Intel Xeon 2.8G. > > Winston http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=1&s=openssl+speed+evp&q=b i believe usercrypto is 1 by default now -- jared [ openbsd 3.9-current GENERIC ( may 1 ) // i386 ]
Re: AP Encryption
On 2006/06/06 09:12, Spruell, Darren-Perot wrote: > > WEP can be sniffed passively, but from what I understand with > > WPA there are different keys per client (I don't have anything > > running WPA here to check). > > My understanding is that the key shared by the WLAN nodes in WPA-PSK is used > to generate session keys, which are then cycled on a frequent basis (by > TKIP, if configured on WPA1) or another method that escapes me on WPA2 > (802.11i). You arp spoof and you can have traffic directed to you, but it's > encrypted using a symmetric session key which you don't have. AP receives ethernet frames, decrypts, looks at the destination MAC and decides whether to bridge to wired, or transmit to another wireless node. If they're going to another wireless node, the frames are re-encrypted with a key suitable for the receiving node and retransmitted. (N.B. client-to-client comms on BSS are all repeated by the AP). > I would challenge that by intercepting WPA-protected traffic > you can obtain cleartext so simply. This is no WPA crack. A wireless LAN is still susceptible to normal attacks which can be mounted from one node on a LAN to another. In the situation described, the attacker has already been given the WPA key, so they are on the LAN.
Re: system lock-up - RTFM?
Ian Watts wrote: My 3.9 workstation has started locking up on me several times a day. The box itself has been in use for months. It may be a coincidence that the problem started shortly after upgrading from 3.8. I've set ddb.panic=1 and ddb.log=1, but each lock-up just freezes the system and leaves no clues in dmesg or /var/crash. It almost always happens under somewhat heavy load. Other than swapping out various bits of hardware, which would involve buying new bits, are there any other man pages or useful documents that might help me figure out what the problem is? Is this a typical bad RAM scenario? I don't expect someone to solve this problem for me, but any pointers to useful information would be appreciated. We have exactly the same problem with an OpenBSD 3.9-stable AMD64. But the problem occurred even with 3.8. The PC freezes (with no error message) usually (but not always and not only) during a large dump. We changed the CPU, the RAM and the RAID controller (an Intel SRCU42L, gdt driver) and upgraded the BIOS and the operating system, but the problem remains. The dmesg is at the end of this email. Bye. OpenBSD 3.9-stable (GENERIC) #0: Mon Jun 5 12:29:16 CEST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2146758656 (2096444K) avail mem = 1835651072 (1792628K) using 22937 buffers containing 214884352 bytes (209848K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3500+, 2203.23 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00 pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00 pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00 pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00 pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00 pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon VE QY" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) skc0 at pci0 dev 10 function 0 "Marvell Yukon 88E8001/8003/8010" rev 0x13, Marvell Yukon Lite (0x9): irq 10 sk0 at skc0 port A, address 00:11:d8:8d:8b:cd eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 gdt0 at pci0 dev 13 function 0 "Intel GDT RAID" rev 0x00: irq 5 dpmem eff0 2-bus 1 cache device gdt0: ver 222, cache on, strategy 2, writeback on, blksz 32 gdt0: raw feat 1 cache feat 101 scsibus0 at gdt0: 35 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 105661MB, 105661 cyl, 64 head, 32 sec, 512 bytes/sec, 216395550 sec total scsibus1 at gdt0: 16 targets scsibus2 at gdt0: 16 targets pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: channel 0 disabled (no drives) atapiscsi0 at pciide1 channel 1 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 at scsibus3 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00 iic0 at viapm0 "unknown" at iic0 addr 0x18 not configured lm1 at iic0 addr 0x2f: W83791SD pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb8 at pci0 dev 24 functio
Re: system lock-up - RTFM?
> On 6/6/06, Ian Watts <[EMAIL PROTECTED]> wrote: > >Other than swapping out various bits > >of hardware, which would involve buying new bits, are there any other > >man pages or useful documents that might help me figure out what the > >problem is? Try running GENERIC.MP kernel, on the box I had with a hardware failure (bad cpu) MP usually panicked where GENERIC usually froze. On 2006/06/06 13:11, Sam Chill wrote: > There is a very handy program called memtest86 which can test your > memory to see if it is bad. It tells you if it's bad, but it doesn't tell you if it's good.
Re: system lock-up - RTFM?
On 6/6/06, Ian Watts <[EMAIL PROTECTED]> wrote: Other than swapping out various bits of hardware, which would involve buying new bits, are there any other man pages or useful documents that might help me figure out what the problem is? There is a very handy program called memtest86 which can test your memory to see if it is bad. http://www.memtest86.com/
Re: AP Encryption
On 6 Jun 2006, at 17:12, Spruell, Darren-Perot wrote: > My understanding is that the key shared by the WLAN nodes in WPA- > PSK is used > to generate session keys, which are then cycled on a frequent basis > (by > TKIP, if configured on WPA1) or another method that escapes me on WPA2 > (802.11i). You arp spoof and you can have traffic directed to you, > but it's > encrypted using a symmetric session key which you don't have. This was my understanding of the situation. The traffic comes to you in encrypted form (you get it anyway as wireless is a broadcast media) but the rotating keys make it hard to crack the encryption before the key changes. I suppose you could steal a connection if you sniffed the initial handshake from the client. However, the initial password will be readily available. I'm not totally up to speed on WPA but does this make the connection more easily crackable? > The biggest weakness pointed out thusfar in WPA to my knowledge has > been in response to weak passphrases used for PSKs and dictionary > attacks against them. No fear, a "strong" password would be used, along the lines of random numbers and letters, upper and lowercase. > I would challenge that by intercepting WPA-protected traffic you > can obtain cleartext so simply. Based on what I've read, I would agree with this. I would also argue that most casual wifi crackers are lazy, and will be more likely to go for the unsecured AP down the road, rather than the guy who's using WPA/TKIP, even if it is technically crackable. This does mean that I'll need to use FreeBSD if I want to do it all in one box. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
system lock-up - RTFM?
My 3.9 workstation has started locking up on me several times a day. The box itself has been in use for months. It may be a coincidence that the problem started shortly after upgrading from 3.8. I've set ddb.panic=1 and ddb.log=1, but each lock-up just freezes the system and leaves no clues in dmesg or /var/crash. It almost always happens under somewhat heavy load. Other than swapping out various bits of hardware, which would involve buying new bits, are there any other man pages or useful documents that might help me figure out what the problem is? Is this a typical bad RAM scenario? I don't expect someone to solve this problem for me, but any pointers to useful information would be appreciated. Thanks, -- Ian
Re: AP Encryption
From: [EMAIL PROTECTED] > On 2006/06/06 10:40, Gaby vanhegan wrote: > > Isn't there a pre-shared key used as an IV of some sort in > WEP (and > > therefore WPA)? Yes, the traffic will be coming to you, > but it's on > > a wireless network, so you can sniff if passively if you want, you > > don't need an IP address for that. > > WEP can be sniffed passively, but from what I understand with > WPA there are different keys per client (I don't have anything > running WPA here to check). My understanding is that the key shared by the WLAN nodes in WPA-PSK is used to generate session keys, which are then cycled on a frequent basis (by TKIP, if configured on WPA1) or another method that escapes me on WPA2 (802.11i). You arp spoof and you can have traffic directed to you, but it's encrypted using a symmetric session key which you don't have. You can try to break the key, but by the time you brute force it, the key has already been cycled and a new key is being used to encrypt new frames. Unlike WEP, a shared passphrase on the AP and each client doesn't mean common keying material used by everyone because of the key rotation. The biggest weakness pointed out thusfar in WPA to my knowledge has been in response to weak passphrases used for PSKs and dictionary attacks against them. I would challenge that by intercepting WPA-protected traffic you can obtain cleartext so simply. DS
Re: OT: quiet fans and heatsinks
tony sarendal wrote: >New ear phones and "vulgar display of power" with Pantera also does >the trick. My old ultra10's seemed really quiet, and as a bonus my >manager stopped asking questions across the office. > >/Tony > > ROTFL :)
Re: OT: quiet fans and heatsinks
On 06/06/06, Daniel A. Ramaley <[EMAIL PROTECTED]> wrote: > > On Sunday 04 June 2006 21:43, Jacob Yocom-Piatt wrote: > >these machines need Socket A and Socket 370 heatsinks. it's a plus if > > they're low profile for 1U and 2U rackmount units. all suggestions > > appreciated. > > What i've found works well is to buy a fan adapter that will allow you > to use a larger fan (such as a 60mm fan on a 40mm heatsink, 80mm fan on > a 60mm heatsink, or a 120mm fan on an 80mm heatsink). Then get a fan of > the larger size that uses magnetic levitation bearings (they tend to be > considerably quieter than ball bearing fans, though slightly more > expensive). Then get an adapter for the fan that will run it at either > 7 or 5 volts (Zalman sells some of these for roughly $3 US). So then > you use a larger fan, but run it at a slower speed. It will end up > pushing about as much air as a small fan at high speed, but make a lot > less noise doing it. I recently managed to make a system almost silent > this way; i can still hear it (mostly the hard drive noise) if my head > is within a foot of the case but otherwise cannot. New ear phones and "vulgar display of power" with Pantera also does the trick. My old ultra10's seemed really quiet, and as a bonus my manager stopped asking questions across the office. /Tony
Blade 1000 or 2000 wanted
We are looking for one Sun Blade 1000/2000 in the Washington DC area for Jason Wright. If anyone can help, please contact [EMAIL PROTECTED] If another can be easily gotten to Mark Kettenis in Assen, the Netherlands, that would be great. Please cc me on mail to [EMAIL PROTECTED], since he is still travelling. We have a handfull of these machines in Calgary, which the recent developments were done on at the Hackathon, but it would cost a great deal of money to ship these machines that far since they are built like tanks. It is likely better if these machines stay near Calgary for the next hackathon. Thanks a lot. If these two get these machines, we can get US III support advanced even further.
Re: OT: quiet fans and heatsinks
On Sunday 04 June 2006 21:43, Jacob Yocom-Piatt wrote: >these machines need Socket A and Socket 370 heatsinks. it's a plus if > they're low profile for 1U and 2U rackmount units. all suggestions > appreciated. What i've found works well is to buy a fan adapter that will allow you to use a larger fan (such as a 60mm fan on a 40mm heatsink, 80mm fan on a 60mm heatsink, or a 120mm fan on an 80mm heatsink). Then get a fan of the larger size that uses magnetic levitation bearings (they tend to be considerably quieter than ball bearing fans, though slightly more expensive). Then get an adapter for the fan that will run it at either 7 or 5 volts (Zalman sells some of these for roughly $3 US). So then you use a larger fan, but run it at a slower speed. It will end up pushing about as much air as a small fan at high speed, but make a lot less noise doing it. I recently managed to make a system almost silent this way; i can still hear it (mostly the hard drive noise) if my head is within a foot of the case but otherwise cannot. -- Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
build samba with kerberos support
hi list, i try to build the samba ldap port with kerberos support. i have added the --with-ads --with-krb5 options to the Makefile. but the configure script reported: checking whether LDAP support is used... yes checking for Active Directory and krb5 support... no maybe the missing krb5-config program is the problem. but i do not know how to build the krb5-config binary which is not in the source tree. i like to build a samba member server so i could use the ntlm helper script from squid to auth my users. has somebody got this working? any comments on this? regards thomas
Re: No-name NICs
Lars Hansson wrote: On Tuesday 06 June 2006 17:42, Martin Schrvder wrote: Hi, how likely is a no-name 100MBit NIC to just work with 3.9 stable? In my experience, very. Most are using the same chipsets (ie rl) as the "brand" NICs anyway. I cant recall ever having a NIC, brand or non-brand, that didnt work. Agreed. Whatever chip they use, the manufacturer is usually more interested in selling product than keeping you from using it outside of the Windows environment. Thus, we probably have docs, and the driver probably works pretty well (even if the chip itself is often resoundingly criticized). Kinda silly how much effort some big-name companies put into making sure you CAN'T use their product anywhere and everywhere... Nick.
Re: AP Encryption
On 2006/06/06 10:40, Gaby vanhegan wrote: > Isn't there a pre-shared key used as an IV of some sort in WEP (and > therefore WPA)? Yes, the traffic will be coming to you, but it's on > a wireless network, so you can sniff if passively if you want, you > don't need an IP address for that. WEP can be sniffed passively, but from what I understand with WPA there are different keys per client (I don't have anything running WPA here to check). > Is there no way to defend against ARP poisoning? - putting each client in their own subnet - static arp ('arp -s' on clients at least for things like the address of the router): realistically, public users won't do this. - pppoe? - does anyone else have ideas? Some APs can be set to disable client-to-client comms, I'm not sure if this can be done with hostap on OpenBSD yet (if so I didn't spot it in the docs). > If not, then this a good argument for encrypting the data at > higher layers, rather than relying on link layer security. Exactly. Trouble is, if you ever need a great example of how much simpler OpenBSD can be than Windows, look no further than configuring the built-in IPsec. I don't know about you but I wouldn't want to run a third- party binary (i.e. a point-and-drool openvpn installer) just to access a wireless network (at least unless the network admin was trusted), and given the type of target user you've outlined I'm not sure anything more complicated than this would be suitable. > Is there video/audio of that presentation? I would be interested to > hear the whole thing. Audio - I haven't listened to it yet though - link on undeadly (bsdcan article). The slide I pointed out describes a way to scale inter-ap roaming using dynamic routing protocols, it doesn't mention the ARP tricks. It just so happens that using a subnet per client helps with both.
Re: No-name NICs
On 2006/06/06 11:42, Martin Schrvder wrote: > how likely is a no-name 100MBit NIC to just work with 3.9 stable? Very - same for no-name 1GBit. The only NIC I've seen recently that didn't work was ULi M5261/M5263 (a dc-like 10/100 device) mostly (only?) used on motherboards with a ULi chipset (formerly ALi and now owned by Nvidia).
Re: Realtek 8100?
On 2006/06/06 22:13, Rod.. Whitworth wrote: > I'm looking at a mobo spec that would suit a POS app a friend needs > except for one thing (maybe): > The NIC is described as "an intergrated Realtek (8100) NIC" 8100 is a lan-on-motherboard (LOM) chip, basically the same as 8139. It should work with rl(4), or I guess maybe re(4) on -current if it's a newer chip (so, if sticking to releases or stable, a preemptive `ln hostname.rl0 hostname.re0' might save trouble later).
Re: error php session in openbsd 3.9
ok thx working now On 6/6/06, Nico Meijer <[EMAIL PROTECTED]> wrote: Hi sonjaya, > this my php.ini conf = session.save_path /tmp Read the FAQ: http://www.openbsd.org/faq/faq10.html#httpdchroot (If you run apache in its default chroot setting, you need to make sure /var/www/tmp exists and is writable to the apache user (www).) HTH... Nico -- -sonjaya-
Realtek 8100?
I'm looking at a mobo spec that would suit a POS app a friend needs except for one thing (maybe): The NIC is described as "an intergrated Realtek (8100) NIC" Googling for openbsd realtek 8100 finds mostly stuff in foreign languages but there is a suggestion that it uses the 8139 driver in one of the hits. Does anybody have a clue on this beastie please? I don't see it in the i386 hardware list. Thanx, Rod. In the beginning was The Word and The Word was Content-type: text/plain The Word of Rod. Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: error php session in openbsd 3.9
On Tuesday 06 June 2006 19:38, sonjaya wrote: > [Wed Jun 7 01:35:14 2006] [error] PHP Warning: Unknown: Failed to > write session data (files). Please verify that the current setting of > session.save_path is correct (/tmp) in Unknown on line 0 Did you create /var/www/tmp with the right permissions? --- Lars
Re: error php session in openbsd 3.9
Hi sonjaya, > this my php.ini conf = session.save_path /tmp Read the FAQ: http://www.openbsd.org/faq/faq10.html#httpdchroot (If you run apache in its default chroot setting, you need to make sure /var/www/tmp exists and is writable to the apache user (www).) HTH... Nico
error php session in openbsd 3.9
dear all this my php.ini conf = session.save_path /tmp and i get error = " [Wed Jun 7 01:35:14 2006] [error] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 " i'm install apache using package n php5 how to solved that problem session -sonjaya-
Re: No-name NICs
On 6/6/06, Lars Hansson <[EMAIL PROTECTED]> wrote: On Tuesday 06 June 2006 17:42, Martin Schrvder wrote: > Hi, > how likely is a no-name 100MBit NIC to just work with 3.9 stable? Very, in my experience, They almost always use a Realtek 8139 chipset - rl(4). -- ach
Re: No-name NICs
On Tuesday 06 June 2006 17:42, Martin Schrvder wrote: > Hi, > how likely is a no-name 100MBit NIC to just work with 3.9 stable? In my experience, very. Most are using the same chipsets (ie rl) as the "brand" NICs anyway. I cant recall ever having a NIC, brand or non-brand, that didnt work. --- Lars
No-name NICs
Hi, how likely is a no-name 100MBit NIC to just work with 3.9 stable? Background: When I recently tried to get a replacement for a swapped-out FA311v1, I noticed that I can get very cheap (5) no-name NICs (one even claimed to be NE2000 compatible), but getting brand cards which OpenBSD supports was difficult (I ended up with a FA311v2 which luckily is supported). Now my other sis seems to be slowly dying (spurious watchdog timeouts), so I'm looking for a replacement. Best Martin
Re: AP Encryption
On 6 Jun 2006, at 09:40, Stuart Henderson wrote: >> You'd be sniffing encrypted traffic at that point, right? > > Not if you poison ARP, since the traffic will be directed > to your MAC address and the AP will send it encrypted with > your key. It's just an ethernet-type network, remember. > (You can do the same thing with bridged VPNs, too). Isn't there a pre-shared key used as an IV of some sort in WEP (and therefore WPA)? Yes, the traffic will be coming to you, but it's on a wireless network, so you can sniff if passively if you want, you don't need an IP address for that. Is there no way to defend against ARP poisoning? If not, then this a good argument for encrypting the data at higher layers, rather than relying on link layer security. > If you've been keeping an eye on what Reyk's been doing > you might have noticed his description of scalable networks > (http://www.openbsd.org/papers/bsdcan06-wlan/slide_12.html) > with each client in its own /30 - this is not only useful > for dynamic routing, it also ensures no free IP address > for the ARP tricks involved. Is there video/audio of that presentation? I would be interested to hear the whole thing. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: popular mail & squid virus scanning technique for openbsd
On 6/6/06, Smith <[EMAIL PROTECTED]> wrote: I once posted that all the anti-virus checking should be done on the Windows boxes only. Let the mail server deliver mail, let the firewall block bad packets, and let Windows find the viruses. Why? Re-read what Chad stated in the last sentence below. Some people replied that that was ridiculous because the viruses should be blocked from the mail server with clamd. One person said that clamd can't be exploited remotely. Since then many vulnerabilities have been found in clamd and some of them remotely. Pity. Thankyou so much Christian, Bill, Chad & Smith for your answers :-) Kind Regards Siju
Re: AP Encryption
On 2006/06/05 18:47, Darrin Chandler wrote: > On Tue, Jun 06, 2006 at 01:31:38AM +0100, Stuart Henderson wrote: > > If it's some hotspot-like setup, you don't need to circumvent > > anything since you already have access to the network. > > You'd be sniffing encrypted traffic at that point, right? Not if you poison ARP, since the traffic will be directed to your MAC address and the AP will send it encrypted with your key. It's just an ethernet-type network, remember. (You can do the same thing with bridged VPNs, too). It's not as straightforward as just running `tcpdump' but it's not hugely difficult, and uses well-known tools. If you've been keeping an eye on what Reyk's been doing you might have noticed his description of scalable networks (http://www.openbsd.org/papers/bsdcan06-wlan/slide_12.html) with each client in its own /30 - this is not only useful for dynamic routing, it also ensures no free IP address for the ARP tricks involved.
Re: Crypto Partition Problem
On Sun, 4 Jun 2006, Rott_En wrote: >Hello > > I had a power failure yesterday morning and because of that my server went > down because of no battery present. > When trying to mount the crypto partitions, I have figured out its not > possible anymore because a set of 2 errors, as follows: > > # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c > Encryption key: > mount_ffs: /dev/svnd0c on /home: specified device does not match mounted > device > # > > and then, when trying again : > > # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c > Encryption key: > vnconfig: VNDIOCSET: Device busy > mount_ffs: /dev/svnd0c on /home: specified device does not match mounted > device > # > > > For further reference , cryptfs script is the following: > > #!/bin/sh > # > # cryptfs > # > # mount/unmount blowfish encrypted filesystem > # > # Important Note: Under OpenBSD's current encrypted vnd filesystem > # implementation, when a system with a mounted, encrypted vnd filesystem > # is shutdown uncleanly, the encrypted vnd filesystem's structures get > # damaged and, since OpenBSD's fsck will not acknowledge vnd filesystems, > # these damaged structures can not reasonably be repaired. Sigh... I asked the author of these script repeatedly to shut his site down or update his stuff, but he did not do that and this keeps coming back on [EMAIL PROTECTED] Let me repeat this ex cathedra as an OpenBSD developer: there's no fundamental reason fsck does not work on svnd devices. There are also no known bugs. This means that you can run fsck on them like on any block devcie containing a file system. -Otto
Re: OpenBSD 3.9 on a Sun Fire x4100
On 06/06/2006, at 2:51 PM, [EMAIL PROTECTED] wrote: Hi all, I have been looking high and low for instructions on how to get 3.9 running on an x4100. Not finding any, I decided to play w/ it myself. I was able to make it work. While I have included the entire dmesg, here is the interesting (for the SAS controller, anyway) bit: mpi0 at pci2 dev 3 function 0 "Symbios Logic SAS1064" rev 0x02: apic 6 int 0 (irq 11) scsibus0 at mpi0: 63 targets sd0 at scsibus0 targ 2 lun 0: SCSI2 0/direct fixed sd0: 69618MB, 69618 cyl, 16 head, 128 sec, 512 bytes/sec, 142577664 sec total ooh, so pretty. how well does it perform? The kernel is the bsd.mp from the amd64 snapshots section, and the rest of the system is amd64 3.9 dont mix current and stable. Here are the things I don't understand, and would like some insight into: 1. I'm getting all kinds of fan failure warnings, system and cpu overheat warnings, etc. This only happens under OpenBSD. The machine is cold to the touch. where are these warnings being presented? ipmi was disabled in current toward the end of last week. these machines also have a problem where they report bogus cutoffs for some of the values, im not sure how we're supposed to address that problem. 2. I can't seem to get sensorsd working. I get an error about allocating memory. Thoughts? don't mix a stable userland with a current kernel. there have been changes to sensors since 3.9 that could cause issues like this. 3. I get the following when connecting to the remote console via the iLOM: uhidev0: bad input length 8 != 0 I get it once per keystroke, and have no idea how to fix it... interesting. i'd have to play on one of these boxes to see whats going on. care to ship me one? ;) dlg
Re: OpenBSD 3.9 on a Sun Fire x4100
Paul, Actually, all I wanted to do was see if it worked. I'm loading current atm, and will post a dmesg when I get done... Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul de Weerd Sent: Monday, June 05, 2006 10:30 PM To: [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: OpenBSD 3.9 on a Sun Fire x4100 Hi Nick, On Mon, Jun 05, 2006 at 09:51:13PM -0700, [EMAIL PROTECTED] wrote: | I have been looking high and low for instructions on how to get 3.9 | running on an x4100. Not finding any, I decided to play w/ it myself. I | was able to make it work. While I have included the entire dmesg, here is | the interesting (for the SAS controller, anyway) bit: | | mpi0 at pci2 dev 3 function 0 "Symbios Logic SAS1064" rev 0x02: apic 6 int | 0 (irq 11) | scsibus0 at mpi0: 63 targets | sd0 at scsibus0 targ 2 lun 0: SCSI2 | 0/direct fixed | sd0: 69618MB, 69618 cyl, 16 head, 128 sec, 512 bytes/sec, 142577664 sec total Good to see your mpi-controller is working as it should ;) | The kernel is the bsd.mp from the amd64 snapshots section, and the rest of | the system is amd64 3.9 That's not good. You're mixing -current kernel with -stable userland. Don't do that. You'll get all sorts of strange things, the longer after -stable became stable you take -current, the more weird things will happen until at some point your system may not make it past loading the kernel anymore. It's OK to play around with stuff like this (to see if your SAS controller is supported by a newer kernel), but don't run anything important in such a configuration. See that the new kernel supports your hardware and then *UPGRADE*. Not just the kernel, your entire system. If running -current is not for you then you have a limited set of options : o Wait for 4.0 which should be released in November (only 5 months from now ;) o Backport the mpi(4) driver to 3.9 (good luck, you're on your own) o Bite the bullet, run -current. If any of the issues you mention below reappear with a complete snapshot or a complete -RELEASE system, feel free to try again ;) Cheers, Paul 'WEiRD' de Weerd PS: Thanks for including a dmesg. -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: FIXED!!! :Re: qemu and "-net tap", how can I enable network?
Hello, 1) Even if it was pretty obvious (yesterday I was bit lazy ... ;-)) you have to replace the ETHER variable "trunk0" with your own network card in /etc/qemu-ifup, for me it was: ETHER=em0 2) Here is how I'm starting my qemu (with working network): sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic & 3) If you fail to start qemu for whatever reason, you can't reuse the /etc/qemu-ifup until you destroy the bridge0 interface it had previously created: "sudo ifconfig bridge0 destroy" and now retry: sudo qemu -m 1000 qemu-files/xp.hd -net tap -net nic & I hope this helps! Kind regards Didier -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Takacs Sent: 05 June 2006 23:35 To: misc@openbsd.org Subject: Re: FIXED!!! :Re: qemu and "-net tap", how can I enable network? Didier Wiroth wrote: >Ok, "SORRY" fixed now! What did you do to fix it? I'm asking because I tried this morning to use the new qemu v0.8 package, but it no longer works with my previous config and scripts. It looks like they changed the interface in the latest version and removed the -tun-fd option. -- Stephen Takacs <[EMAIL PROTECTED]> http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA