Re: Trying to route through enc0

[Stephen Bosch]

My apologies to everyone. This is a pf problem -- I've sorted it out.

Thanks,

-Stephen-



Stephen Bosch wrote:
> jared r r spiegel wrote:
>> On Mon, Jul 17, 2006 at 05:25:38PM -0600, Stephen Bosch wrote:
>>> route add -host 192.168.0.57 -interface enc0
>>>
>>> I get this response:
>>>
>>> route: enc0: bad address
>>   -interface actually takes an address:
>>
>> ---
>>  If the destination is directly reachable via an interface requiring no
>>  intermediary system to act as a gateway, the -interface modifier should
>>  be specified; the gateway given is the address of this host on the 
>> common
>>  network, indicating the interface to be used for transmission.
>> ---
>>
>>   iow, it derives the iface based on what iface the addr you give it
>>   lives on.
>>
>>> Even though a security association for the target address exists on
>>> enc0. Unfortunately, the device is not passing traffic to 192.168.0.57.
>>>
>>> I assume I need to add a route -- but is this even necessary?
>>   you will need to add a route to the other end of the tunnel
>>   so that traffic that originates on the local endpoint destined
>>   for an addr matching the remote addrspec (Destination in netstat
>>   -rnf encap) goes over the tunnel.
>>
>>   if traffic originates on the local host and a matching route 
>>   is found in the inet (or inet6, i suppose) table, that route
>>   is taken.  if you have a default route, that will catch it
>>   (probably undesired), so you need an inet route to make it
>>   match something more specific than the default route in the
>>   inet table.
>>
>>   traffic traversing the host (forwarded datagrams) will match
>>   the ipsec flows before they get looked up against the encap
>>   table (if this is not literally correct, it is the behaviour
>>   i've observed) and thus do not need a route.
> 
> I am talking about forwarded datagrams in this case. That's been my
> experience in the past, but it's not working right now.
> 
> I'm using a device to NAT traffic from an internal host to the private
> IP address the remote IPsec peer expects on my end.
> 
> When I ping from the internal host and do a tcpdump on the internal
> interface of the IPsec device, I see that the packets have been NATted
> correctly and I would expect them to be matched to the appropriate flow
> and passed through to the remote internal network -- yet I get
> "Destination host unreachable" from the IPsec device. I note that that
> is not the same as "No route to host", but I remain suspicious. I don't
> see any of my pings go out on enc0.
> 
> Just to eliminate the obvious -- the IPsec device is forwarding other
> traffic just fine, and I have other working tunnels.
> 
> -Stephen-
> 
> 
> !DSPAM:44bc7cd3248752146810636!

Re: Which WLAN mini PCI card to use?

[marc]

On Mon, 17 Jul 2006 15:45:54 -0400
"Jeff Quast" <[EMAIL PROTECTED]> wrote:

> 
> ( on a side note, it apears the use of linux + windows driver wrappers
> (madwifi?) on WRAP and soekris is very popular -- the very thought
> makes me vomit a little bit in my mouth )

or with freebsd and pfsense (pfsense.com ) :-/
cause my atheros:
http://www.atheros.com/pt/AR5002XBulletin.htm (scroll to AR5212 for info)

don't work in 11a and 11g mode.
the man page was let me thinking it was working, and i bought the stuff.
i hope the real open driver will work soon.
don't forget that the " ral" radio chipset seems to have poor radio performance
(not really sensitive and a lot of power)

Re: Trying to route through enc0

[Stephen Bosch]

jared r r spiegel wrote:
> On Mon, Jul 17, 2006 at 05:25:38PM -0600, Stephen Bosch wrote:
>> route add -host 192.168.0.57 -interface enc0
>>
>> I get this response:
>>
>> route: enc0: bad address
> 
>   -interface actually takes an address:
> 
> ---
>  If the destination is directly reachable via an interface requiring no
>  intermediary system to act as a gateway, the -interface modifier should
>  be specified; the gateway given is the address of this host on the common
>  network, indicating the interface to be used for transmission.
> ---
> 
>   iow, it derives the iface based on what iface the addr you give it
>   lives on.
> 
>> Even though a security association for the target address exists on
>> enc0. Unfortunately, the device is not passing traffic to 192.168.0.57.
>>
>> I assume I need to add a route -- but is this even necessary?
> 
>   you will need to add a route to the other end of the tunnel
>   so that traffic that originates on the local endpoint destined
>   for an addr matching the remote addrspec (Destination in netstat
>   -rnf encap) goes over the tunnel.
> 
>   if traffic originates on the local host and a matching route 
>   is found in the inet (or inet6, i suppose) table, that route
>   is taken.  if you have a default route, that will catch it
>   (probably undesired), so you need an inet route to make it
>   match something more specific than the default route in the
>   inet table.
> 
>   traffic traversing the host (forwarded datagrams) will match
>   the ipsec flows before they get looked up against the encap
>   table (if this is not literally correct, it is the behaviour
>   i've observed) and thus do not need a route.

I am talking about forwarded datagrams in this case. That's been my
experience in the past, but it's not working right now.

I'm using a device to NAT traffic from an internal host to the private
IP address the remote IPsec peer expects on my end.

When I ping from the internal host and do a tcpdump on the internal
interface of the IPsec device, I see that the packets have been NATted
correctly and I would expect them to be matched to the appropriate flow
and passed through to the remote internal network -- yet I get
"Destination host unreachable" from the IPsec device. I note that that
is not the same as "No route to host", but I remain suspicious. I don't
see any of my pings go out on enc0.

Just to eliminate the obvious -- the IPsec device is forwarding other
traffic just fine, and I have other working tunnels.

-Stephen-

Re: Process dies when it reaches a size of 1GB.

[Janne Johansson]

Joe Gibbens wrote:

I'm running squid-transparent on 3.9, and the process dies every time
it reaches 1GB.
FATAL: xcalloc: Unable to allocate 1 blocks of 4108 bytes!
The system has 2GB ram

# ulimit -aH
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 1048576  <- (where is this limit configured?)


/sys/arch/i386/include/vmparam.h:#defineMAXDSIZ 
(1024*1024*1024)/* max data size */


Note though, I could not go to 2G on amd64, since the kernel elf-loader 
code would act up while compiling (and other parts later might aswell!), 
but I did try 1.5G with a complete make build going through.



stack(kbytes)32768
lockedmem(kbytes)1907008
memory(kbytes)   1907008
nofiles(descriptors) 1024
processes532

How do I change the 1GB maximum data segment size?  ulimit -d does not
seem to change anything.  Also, how do the limits in login.conf apply?
The _squid user is in the daemon class, and that class is set to a
data size of infinity?


The resource limits are inherited from the hard limit that vmparam.h 
sets of course, so if you manage to increase it, the the login.conf 
"infinity" should go up also. You wont reach 2G though, if I can make a 
guess.

Re: Audio device

[Alexandre Ratchov]

On Mon, Jul 17, 2006 at 04:42:15PM -0400, Steve Shockley wrote:
> Can anyone suggest a good USB audio device that's supported under 
> OpenBSD?  I'm looking for something that won't sound like crap when 
> played through a home stereo.  I tried an AOpen PCI card some time ago 
> thinking that having an optical output would make having a cheap card 
> irrelevant, boy was I wrong, it sounded terrible.
> 
> What I'd like:
> 
> USB preferred, PCI okay.
> SPDIF output, optical preferred.
> CD/DVD-quality sound
> Under US$100
> 

I'd suggest you to get any USB 1.1 class-compliant card with good
DAC/ADC. I've got a m-audio mobile-pre that sounds very good.

> I don't care about recording on the PC, just playback.
> 
> I did find http://www.behringer.com/UCA202/index.cfm, but I have no idea 
> what's inside, so I don't know if it'll work under OpenBSD.

i've never tested it, but from the manual it seems to be a good card;
my experience with other behriger gears is that they have good
quality/price ratio.

Since the card is "driverless" it's probably class compliant and should
work on OpenBSD. If you can test it, let me know how well it works.

cheers,

-- 
Alexandre

Re: OT: (don't open if you don't like) Kerberized FTP client/Server

[Janne Johansson]

Jan Johansson <[EMAIL PROTECTED]> wrote:

Gustavo Rios <[EMAIL PROTECTED]> wrote:

What kind of ftp client have you been using on windows
for such task? Is it possible to have such environment working with
standard openbsd ftp server ?


KTelnet does Kerberized FTP but I would suggest using SSH/SCP
because the clients are better.

http://www.stacken.kth.se/~thn/ktelnet/beta/



It's really weird to have someone with the same name as you, living 
close to you and in the same computer club as you posting the same 
answers you do.


We really need to synchronize whose turn it is to answer next time 
something obvious to us both comes up. ;)


/Janne - no, you're not getting duplicates on misc@ - Johansson

Re: OT: (don't open if you don't like) Kerberized FTP client/Server

[Janne Johansson]

Eric Pancer wrote:

On Mon, 2006-07-17 at 20:34:36 -0600, Bob Beck wrote...


Authenticating using kerberos and ftp is possible, but why
use clear text passwords. Set up ssh to use kerberos and use sftp/scp.
There are many windows things out there to provide a bozo front end to
sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc.


I think he meant a kerberized ftp client, which means the password should
never go across the wire. I know umich used to have one, and it had a
"private" directive, but I don't think it's around anymore.

- Eric



There is one here.
http://www.stacken.kth.se/~thn/ktelnet/

Process dies when it reaches a size of 1GB.

[Joe Gibbens]

I'm running squid-transparent on 3.9, and the process dies every time
it reaches 1GB.
FATAL: xcalloc: Unable to allocate 1 blocks of 4108 bytes!
The system has 2GB ram

# ulimit -aH
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 1048576  <- (where is this limit configured?)
stack(kbytes)32768
lockedmem(kbytes)1907008
memory(kbytes)   1907008
nofiles(descriptors) 1024
processes532

How do I change the 1GB maximum data segment size?  ulimit -d does not
seem to change anything.  Also, how do the limits in login.conf apply?
The _squid user is in the daemon class, and that class is set to a
data size of infinity?


# dmesg
OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID
real mem  = 2146807808 (2096492K)
avail mem = 1952808960 (1907040K)
using 4278 buffers containing 107442176 bytes (104924K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 03/24/06, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb900/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600 0xec000/0x4000!
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 MCH" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 3
em0 at pci3 dev 2 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03:
irq 3, address 00:04:23:cb:3a:0a
em1 at pci3 dev 2 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03:
irq 11, address 00:04:23:cb:3a:0b
ppb3 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01
pci4 at ppb3 bus 4
bge0 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): irq 10, address 00:15:c5:5e:61:9c
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb4 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01
pci5 at ppb4 bus 5
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb5 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
pci6 at ppb5 bus 6
vga1 at pci6 dev 5 function 0 "XGI Technology Volari Z7" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76293MB, 15625 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: irq 11
iic0 at ichiic0: disabled to avoid ipmi0 interactions
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ffe5 netmask ffed ttymask ffef
pctr: user-level cycle c

Re: OT: (don't open if you don't like) Kerberized FTP client/Server

[Jan Johansson]

Gustavo Rios <[EMAIL PROTECTED]> wrote:
> I am implementing an openbsd kerberos server and would like windows
> client to connect to another openbsd ftp server using kerberos. Is
> that possible? What kind of ftp client have you been using on windows
> for such task? Is it possible to have such environment working with
> standard openbsd ftp server ?

KTelnet does Kerberized FTP but I would suggest using SSH/SCP
because the clients are better.

http://www.stacken.kth.se/~thn/ktelnet/beta/

breakage of umass between 3.8-3.9 on VIA VT83C572 USB

[Scott Vokes]

After updating one of my computers from OpenBSD 3.8 to 3.9, a umass
device (an mp3 player, detected as "COWON iAUDIO U2, rev 2.00/1.10")
stopped working. It worked flawlessly before (giving a similar message
to that in the second dmesg), but now when I plug in I get error
messages such as:
ehci_sync_hc: tsleep() = 35
ehci_idone: ex=0xd0f0e000 is done!
uhub3: device problem, disabling port 1
uhub3: port 1, set config at addr 2 failed

This may be related to the problems noted here:
http://article.gmane.org/gmane.os.openbsd.misc/72145/match=vt83c572+umass
http://article.gmane.org/gmane.os.openbsd.misc/106437/match=vt83c572+umass

Does anybody have any ideas? Is there a further step I should take to dig up
useful information? I do not know how to proceed. Two dmesgs and some
additional error messages follow.

Thanks,
Scott

First, the dmesg for my updated computer, where it no longer works.

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 1.70GHz ("GenuineIntel" 686-class) 1.70 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem  = 502833152 (491048K)
avail mem = 451727360 (441140K)
using 4278 buffers containing 25243648 bytes (24652K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 02/12/03, BIOS32 rev. 0 @ 0xfdad0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7720/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8235 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8751 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8633 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "S3 ProSavage DDR" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
eap0 at pci0 dev 11 function 0 "Ensoniq AudioPCI" rev 0x00: irq 11
audio0 at eap0
midi0 at eap0: 
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
iic0 at viapm0
"unknown" at iic0 addr 0x18 not configured
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 28629MB, 58633344 sectors
wd1 at pciide0 channel 0 drive 1: 
wd1: 16-sector PIO, LBA48, 157066MB, 321672960 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 6
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0:  SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x74: irq 11, address 
00:07:95:df:0c:b4
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 5: OUI 0x004063, 
model 0x0032
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ef6d netmask ef6d ttymask ffef
pctr: user-level cycle counter enabled
ehci_sync_hc: tsleep() = 35
uhub3: device problem, disabling port 2
dkcsum: wd0 mat

Re: OT: (don't open if you don't like) Kerberized FTP client/Server

[Eric Pancer]

On Mon, 2006-07-17 at 20:34:36 -0600, Bob Beck wrote...

>   Authenticating using kerberos and ftp is possible, but why
> use clear text passwords. Set up ssh to use kerberos and use sftp/scp.
> There are many windows things out there to provide a bozo front end to
> sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc.

I think he meant a kerberized ftp client, which means the password should
never go across the wire. I know umich used to have one, and it had a
"private" directive, but I don't think it's around anymore.

- Eric

sensorsd

[Gustavo Rios]

Hey folks,

I am running a Dell Precision Workstation, is it possible to have
sensors working with such hardware? Any special consideration?

Thanks in advance.

Re: OT: (don't open if you don't like) Kerberized FTP client/Server

[Bob Beck]

* Gustavo Rios <[EMAIL PROTECTED]> [2006-07-17 20:16]:
> Dear friends.
> 
> I am implementing an openbsd kerberos server and would like windows
> client to connect to another openbsd ftp server using kerberos. Is
> that possible? What kind of ftp client have you been using on windows
> for such task? Is it possible to have such environment working with
> standard openbsd ftp server ?

Authenticating using kerberos and ftp is possible, but why
use clear text passwords. Set up ssh to use kerberos and use sftp/scp.
There are many windows things out there to provide a bozo front end to
sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc.

-Bob

Re: Trying to route through enc0

[jared r r spiegel]

On Mon, Jul 17, 2006 at 05:25:38PM -0600, Stephen Bosch wrote:
> 
> route add -host 192.168.0.57 -interface enc0
> 
> I get this response:
> 
> route: enc0: bad address

  -interface actually takes an address:

---
 If the destination is directly reachable via an interface requiring no
 intermediary system to act as a gateway, the -interface modifier should
 be specified; the gateway given is the address of this host on the common
 network, indicating the interface to be used for transmission.
---

  iow, it derives the iface based on what iface the addr you give it
  lives on.

> Even though a security association for the target address exists on
> enc0. Unfortunately, the device is not passing traffic to 192.168.0.57.
> 
> I assume I need to add a route -- but is this even necessary?

  you will need to add a route to the other end of the tunnel
  so that traffic that originates on the local endpoint destined
  for an addr matching the remote addrspec (Destination in netstat
  -rnf encap) goes over the tunnel.

  if traffic originates on the local host and a matching route 
  is found in the inet (or inet6, i suppose) table, that route
  is taken.  if you have a default route, that will catch it
  (probably undesired), so you need an inet route to make it
  match something more specific than the default route in the
  inet table.

  traffic traversing the host (forwarded datagrams) will match
  the ipsec flows before they get looked up against the encap
  table (if this is not literally correct, it is the behaviour
  i've observed) and thus do not need a route.

  i think over time there have been a boatload of posts about
  this (probably even one by me) behaviour, but it might be
  a bit tricky to know what you're looking for.

-- 

  jared

[ openbsd 3.9-current GENERIC ( jun 22 ) // i386 ]

OT: (don't open if you don't like) Kerberized FTP client/Server

[Gustavo Rios]

Dear friends.

I am implementing an openbsd kerberos server and would like windows
client to connect to another openbsd ftp server using kerberos. Is
that possible? What kind of ftp client have you been using on windows
for such task? Is it possible to have such environment working with
standard openbsd ftp server ?

Thanks in advance.

Re: soekris and openbsd

[jared r r spiegel]

> Gustavo Rios <[EMAIL PROTECTED]> wrote:  
> May some one suggest a good quality HD drive for use with Openbsd 3.9
> and Soekris net4801-60 hardware ?

  in the 4801s i have:

wd1 at pciide0 channel 0 drive 1: 
wd1: 16-sector PIO, LBA, 38154MB, 78140160 sectors
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2

http://www.fujitsu.com/us/services/computing/storage/hdd/mobile/mhv2120at.html

  no complaints thus far (uh ~1.5y - 2y ).

  before i had an airconditioner for the closet, hw.sensors.2 would
  read up around 73C in the hottest day i looked at it; no problems
  with the HD.

  reminds me, high time i put smart tools on there

On Mon, Jul 17, 2006 at 12:31:44PM -0700, Chris Zakelj wrote:
> 
> Be aware that the little inch long ribbon cable has
> been suspected as the reason behind a number of
> supposed drive failures.

  one of my ribbon cables ( if you can call them that )
  was manufactured with physical errors, the soekris
  team was as accomodating with that as could be, and
  resolved the issue superquick.

-- 

  jared

[ openbsd 3.9-current GENERIC ( jun 22 ) // i386 ]

IBM 586V crashes during boot

[Shawn D'Alimonte]

I have recently obtained a PC that I want to run OpenBSD, but can't get 
it to boot.


When my 3.9 CD arrived I tried to boot it and got this before the boot 
prompt even showed up:

http://shawnd.dyndns.org/photos/OpenBSD_CDBoot.jpg

I then tried to boot from a floppy and got a little further but it hangs 
at pcibios0(Boot messages are below).  The display is somewhat garbled 
on the VGA display.  See 
http://shawnd.dyndns.org/photos/OpenBSD_FloppyBoot.jpg.  Disabling 
pcibios0 helped it get further (Again see below) but it hangs after 
detecting the VGA. 

I also tried a Linux boot disk which hangs after displaying a bunch of 
"PCI : Cannot allocate resource region" messages.  Memtest86+ and 
Windows NT 4.0 worked fine.  I found a copy of the Diagnostics disk on 
the Internet and it passed all tests.


The machine is an older industrial PC using an IBM 586VE CPU card 
(PICMIG form factor).  The CPU card is an AMD K6-4 400MHz with 64MB of 
RAM and an SiS chipset (including LAN and Video).  The only things on 
the motherboard are the slots(8 PCI, 7 ISA, 1 combined for CPU)  and a 
pair of Intel PCI bridges.  A 500MB Apple/IBM harddisk, a Sony CDROM and 
a floppy drive are the only things connected to the system. 


Anyone have any suggestions on what to try or is this machine  just too odd?

- Normal boot from floppy --

>> OpenBSD/i386 BOOT 2.10
boot> help
commands: # boot echo env help ls machine reboot set stty time
machine: boot diskinfo memory
boot> machine diskinfo
DiskBIOS#   TypeCylsHeads   SecsFlags   Checksum
fd0 0x0 label   80  2   18  0x2 0x0
hd0 0x80label   993 28  38  0x0 0x1c97cf7b
boot> machine memory
Region 0: type 1 at 0x0 for 637KB
Region 1: type 2 at 0x9f400 for 3KB
Region 2: type 2 at 0xe for 128KB
Region 3: type 1 at 0x10 for 60416KB
Region 4: type 2 at 0xfffe for 128KB
Low ram: 637KB  High ram: 60416KB
Total free memory: 61053KB
boot> boot
booting fd0a:/bsd: 3287028+195168=0x35239c
entry point at 0x100120

Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  
http://www.OpenBSD.org


OpenBSD 3.9 (RAMDISK) #1027: Thu Mar  2 02:47:13 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
cpu0: AMD-K6(tm)-III Processor ("AuthenticAMD" 586-class) 401 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX
real mem  = 62496768 (61032K)
avail mem = 52146176 (50924K)
using 788 buffers containing 3227648 bytes (3152K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/10/01, BIOS32 rev. 0 @ 0xfda11
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:01:0 ("SiS 85C503 System" rev 0x00)
pcibios0: PCI bus #2 is the last bus
---Machine hangs here.  If VGA is used the screen goes a little 
weird.---


-- boot with pcibios0 disabled --

boot> boot -c
booting fd0a:/bsd: 3287028+195168=0x35239c
entry point at 0x100120

Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  
http://www.OpenBSD.org


OpenBSD 3.9 (RAMDISK) #1027: Thu Mar  2 02:47:13 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK
cpu0: AMD-K6(tm)-III Processor ("AuthenticAMD" 586-class) 401 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX
real mem  = 62496768 (61032K)
avail mem = 52146176 (50924K)
using 788 buffers containing 3227648 bytes (3152K) of memory
User Kernel Config
UKC> disable pcibios0
104 pcibios0 disabled
UKC> quit
Continuing...
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/10/01, BIOS32 rev. 0 @ 0xfda11
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0xc000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "SiS 5597/5598 Host" rev 0x10
pcib0 at pci0 dev 1 function 0 "SiS 85C503 System" rev 0x01
pciide0 at pci0 dev 1 function 1 "SiS 5513 EIDE" rev 0xd0: 5597/5598: 
DMA, unused (couldn't map registers), channel 0 configured to 
compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable

cd0(pciide0:0:0): using PIO mode 4
wd0 at pciide0 channel 1 drive 0: 
wd0: 16-sector PIO, LBA, 516MB, 1057616 sectors
wd0(pciide0:1:0): using PIO mode 3
"SiS 5597/5598 USB" rev 0x10 at pci0 dev 1 function 2 not configured
sis0 at pci0 dev 2 function 0 "SiS 900 10/100BaseTX" rev 0x02: irq 11, 
address 00:06:29:f8:e6:e7
ukphy0 at sis0 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 
0x000760, model 0x

vga1 at pci0 dev 8 function 0 "SiS 5597/5598 VGA" rev 0x68
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
---Machine hangs here.  If VGA

Re: Do mp3 concatenation programs exist?

[Diana Eichert]

Okay, I can't believe I'm contributing to this noise, but ...

I'm not sure I ever read where the OP said anything about going through an
ISP.  What happens if they're shuffling through a plethora of open
wireless access points?  The DHCP requests are going to get various
private IP's that the AP's provide to the internal NAT'd boxes.  If I put
a biquad antenna at the focal point of an 18" DBS/DSS satellite dish the
available AP's can greatly increase.

just a thought ...

Trying to route through enc0

[Stephen Bosch]

Hi:

When I do this --

route add -host 192.168.0.57 -interface enc0

I get this response:

route: enc0: bad address

Even though a security association for the target address exists on
enc0. Unfortunately, the device is not passing traffic to 192.168.0.57.

I assume I need to add a route -- but is this even necessary?

-Stephen-

Re: Which WLAN mini PCI card to use?

[Rod.. Whitworth]

On Mon, 17 Jul 2006 15:45:54 -0400, Jeff Quast wrote:

>On 7/17/06, Melameth, Daniel D. <[EMAIL PROTECTED]> wrote:
>> Heinrich Rebehn wrote:
>> > I want to build a WLAN router using a WRAP board running OpenBSD.
>> > I am still unsure which wlan interface to use. I considered the CM9
>> > (ath(4)).
>> >
>> > Or are there better choices?
>>
>> It appears, at this time, ral is the best choice on OpenBSD.  However,
>
>Do you know any miniPCI wireless card models that use a ral chipset? I
>beleive also have some restrictive power requirements as well, from
>their documentation:
>
>"J5, J6 miniPCI sockets These sockets implement the miniPCI interface.
>Please note that the current available from the +5V supply is very
>limited, and generated very inefficiently (linear regulator from input
>supply). +5V should be used as a bias voltage only, not to power a
>wireless radio !"
>
>I am not sure exactly what to read from that, I am not an electrical engineer.
>
>I have been holding back on purchasing a wifi card for WRAP for a long
>time. I do not wish to financially support vendors who choose to use
>the atheros chipset. I would be happy to hear of any non-atheros
>experiences on WRAP.
>
>( on a side note, it apears the use of linux + windows driver wrappers
>(madwifi?) on WRAP and soekris is very popular -- the very thought
>makes me vomit a little bit in my mouth )
>
>

I use a ral PCI card in a Soekris. It is an MSI PC54G2. They make the
same thing in miniPCI. See the hardware list in man 4 ral. DON'T choose
a USB if you want hostap.

The MSI is universal PCI i.e. works in a 5v or 3.3v slot.

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.
Your IP address will also be greytrapped for 24 hours after any attempt. 
I am continually amazed by the people who run OpenBSD who don't take this 
advice. I always expected a smarter class. I guess not.

Re: Recompiling Perl 5.8.6

[Marc Espie]

On Sat, Jul 15, 2006 at 12:42:25PM +0200, Karel Kulhavy wrote:
> Is it OK to download perl 5.8.6 (the same that is in OpenBSD 3.9)
> then compile it using supplied hints/openbsd.sh and install over the
> existing perl? I want GDBM_File and GDBM_File is in perl 5.8.6.
> 
No, you don't know that it is the same. You'd better start off running
a diff to make sure...

Anyways, I can build a GDBM port, it's no hardship, and probably trivial
to do...

Re: Do mp3 concatenation programs exist?

[Nick Guenther]

On 7/17/06, Pawel S. Veselov <[EMAIL PROTECTED]> wrote:

[ skipped ]

On Sun, Jul 16, 2006 at 01:22:51AM +0200, Peter Philipp wrote:
>> Just from the fact that you make all those request for new leases makes you
>> stand out.
>And?  The ISP cannot do anything.  They can write a new clause to their EULA
>that re-connecting within X amount of time is excessive and forbidden, and
>notify the customer on that, so that they may adjust their settings.

Comcast, cable service. Request new IP as much as you want, you gonna
get the same one. May be the xDSL people need to patch their software to
cache MAC addresses or physical connection identifier.


What does this mean? What good would 'caching MAC addresses' any more
than is currently done (since it is already done by dhcpd) do?


If I were an ISP admin, and I found out there is somone requesting a new
IP every minute (or every hour for that matter), the first thing I'd do is
I'd start looking how to prevent it.


Why? There's no way to stop people sending out random IP packets
without you imposing some sort of dictatorial tax, and that would not
go over well with the customers. It's not that much traffic in the
grand scheme of the intarwebz, is it? Why would you go to that
trouble?


--
 Pawel S. Veselov [vps], Sun Microsystems, Inc.
 Staff Engineer, Java Mobile Systems and Services Engineering __ __(O) _ __
e-mail: [EMAIL PROTECTED] \ V /| || '  \
  HomePage: http://manticore.2y.net\_/ |_||_|_|_|


Oh. ^

Re: Kerberos

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] 
> you may have to fish online for some of the option 
> descriptions since stuff like
> correct_des3_mic aren't in the manpage for krb5.conf. is 
> there any plan to
> update the manpage with these missing options?

Nope. gssapi(3) has that and more.

DS

Re: soekris and openbsd

[Chris Zakelj]

Gustavo Rios <[EMAIL PROTECTED]> wrote:  May some one suggest a good quality HD 
drive for use with Openbsd 3.9
and Soekris net4801-60 hardware ?

Thanks in advance.


I would suggest just going through the reviews of notebook drives on 
www.storagereview.com.  Be aware that the little inch long ribbon cable has 
been suspected as the reason behind a number of supposed drive failures.

Audio device

[Steve Shockley]

Can anyone suggest a good USB audio device that's supported under 
OpenBSD?  I'm looking for something that won't sound like crap when 
played through a home stereo.  I tried an AOpen PCI card some time ago 
thinking that having an optical output would make having a cheap card 
irrelevant, boy was I wrong, it sounded terrible.


What I'd like:

USB preferred, PCI okay.
SPDIF output, optical preferred.
CD/DVD-quality sound
Under US$100

I don't care about recording on the PC, just playback.

I did find http://www.behringer.com/UCA202/index.cfm, but I have no idea 
what's inside, so I don't know if it'll work under OpenBSD.

Re: Do mp3 concatenation programs exist?

[Pawel S. Veselov]

[ skipped ]

On Sun, Jul 16, 2006 at 01:22:51AM +0200, Peter Philipp wrote:
>> Just from the fact that you make all those request for new leases makes you
>> stand out. 
>And?  The ISP cannot do anything.  They can write a new clause to their EULA
>that re-connecting within X amount of time is excessive and forbidden, and
>notify the customer on that, so that they may adjust their settings.

Comcast, cable service. Request new IP as much as you want, you gonna
get the same one. May be the xDSL people need to patch their software to
cache MAC addresses or physical connection identifier.

If I were an ISP admin, and I found out there is somone requesting a new
IP every minute (or every hour for that matter), the first thing I'd do is
I'd start looking how to prevent it.

[ skipped ]

Thanks,
Pawel.

Bye.
--
 Pawel S. Veselov [vps], Sun Microsystems, Inc.
 Staff Engineer, Java Mobile Systems and Services Engineering __ __(O) _ __
e-mail: [EMAIL PROTECTED] \ V /| || '  \
  HomePage: http://manticore.2y.net\_/ |_||_|_|_|

Re: BOB is dying.

[Eric Pancer]

On Mon, 2006-07-17 at 17:55:14 +0200, Han Boetes wrote...

> I know a very peculiar fellow named Bob, his health is failing,
> but I don't think it's that bad.

Give him beer.

Re: Which WLAN mini PCI card to use?

[Jeff Quast]

On 7/17/06, Melameth, Daniel D. <[EMAIL PROTECTED]> wrote:

Heinrich Rebehn wrote:
> I want to build a WLAN router using a WRAP board running OpenBSD.
> I am still unsure which wlan interface to use. I considered the CM9
> (ath(4)).
>
> Or are there better choices?

It appears, at this time, ral is the best choice on OpenBSD.  However,


Do you know any miniPCI wireless card models that use a ral chipset? I
beleive also have some restrictive power requirements as well, from
their documentation:

"J5, J6 miniPCI sockets These sockets implement the miniPCI interface.
Please note that the current available from the +5V supply is very
limited, and generated very inefficiently (linear regulator from input
supply). +5V should be used as a bias voltage only, not to power a
wireless radio !"

I am not sure exactly what to read from that, I am not an electrical engineer.

I have been holding back on purchasing a wifi card for WRAP for a long
time. I do not wish to financially support vendors who choose to use
the atheros chipset. I would be happy to hear of any non-atheros
experiences on WRAP.

( on a side note, it apears the use of linux + windows driver wrappers
(madwifi?) on WRAP and soekris is very popular -- the very thought
makes me vomit a little bit in my mouth )

soekris and openbsd

[Gustavo Rios]

May some one suggest a good quality HD drive for use with Openbsd 3.9
and Soekris net4801-60 hardware ?

Thanks in advance.

Re: Dhcpd Bizarre!!!!!!!!!!!!!!!!

[Nick Guenther]

On 7/17/06, Rahul Sharma <[EMAIL PROTECTED]> wrote:


On 7/17/06, turcu septimiu <[EMAIL PROTECTED]> wrote:
>
>
> --- Rahul Sharma <[EMAIL PROTECTED]> wrote:
>
> > Hi Nick,
> > Thank for your replies.
> > But in that case I have to search the dhcpd enteries
> > and then parse the
> > /var/log/ daemon.
> > But  I Just want to create another file with the
> > format i like.
> > Plz anybody help!!!
> > Thanks in advance
> > Rahul
> >
> > On 7/14/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
> > >
> > > On 7/13/06, Rahul Sharma
> > <[EMAIL PROTECTED]> wrote:
> > > > /*$OpenBSD: db.c,v 1.10 2004/09/16 18:35:42
> > deraadt Exp $*/
> > > >
> > > > /*
> > > >  * Persistent database management routines for
> > DHCPD.
> > > >  */
> > > >
> > > > /*
> > > >  * Copyright (c) 1995, 1996 The Internet
> > Software Consortium.
> > > >  * All rights reserved.
> > > >  *
> > > >  * Redistribution and use in source and binary
> > forms, with or without
> > > >  * modification, are permitted provided that the
> > following conditions
> > > >  * are met:
> > > >  *
> > > >  * 1. Redistributions of source code must retain
> > the above copyright
> > > >  *notice, this list of conditions and the
> > following disclaimer.
> > > >  * 2. Redistributions in binary form must
> > reproduce the above copyright
> > > >  *notice, this list of conditions and the
> > following disclaimer in
> > > the
> > > >  *documentation and/or other materials
> > provided with the
> > > distribution.
> > > >  * 3. Neither the name of The Internet Software
> > Consortium nor the names
> > > >  *of its contributors may be used to endorse
> > or promote products
> > > derived
> > > >  *from this software without specific prior
> > written permission.
> > > >  *
> > > >  * THIS SOFTWARE IS PROVIDED BY THE INTERNET
> > SOFTWARE CONSORTIUM AND
> > > >  * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR
> > IMPLIED WARRANTIES,
> > > >  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
> > WARRANTIES OF
> > > >  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> > PURPOSE ARE
> > > >  * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET
> > SOFTWARE CONSORTIUM OR
> > > >  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> > INDIRECT, INCIDENTAL,
> > > >  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
> > (INCLUDING, BUT NOT
> > > >  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> > OR SERVICES; LOSS OF
> > > >  * USE, DATA, OR PROFITS; OR BUSINESS
> > INTERRUPTION) HOWEVER CAUSED AND
> > > >  * ON ANY THEORY OF LIABILITY, WHETHER IN
> > CONTRACT, STRICT LIABILITY,
> > > >  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> > ARISING IN ANY WAY OUT
> > > >  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> > OF THE POSSIBILITY OF
> > > >  * SUCH DAMAGE.
> > > >  *
> > > >  * This software has been written for the
> > Internet Software Consortium
> > > >  * by Ted Lemon <[EMAIL PROTECTED]> in
> > cooperation with Vixie
> > > >  * Enterprises.  To learn more about the
> > Internet Software Consortium,
> > > >  * see ``http://www.vix.com/isc''.  To learn
> > more about Vixie
> > > >  * Enterprises, see ``http://www.vix.com''.
> > > >  */
> > > >
> > > > #include "dhcpd.h"
> > > >
> > > > FILE *db_file;
> > > > FILE *abc;
> > > > static int counting = 0;
> > > > static int count = 0;
> > > > time_t write_time;
> > > >
> > > > /*
> > > >  * Write the specified lease to the current
> > lease database file.
> > > >  */
> > > > int
> > > > write_lease(struct lease *lease)
> > > > {
> > > > struct tm *t;
> > > > char tbuf[64];
> > > > int errors = 0;
> > > > int i;
> > > >
> > > > if (counting)
> > > > ++count;
> > > > errno = 0;
> > > > fprintf(db_file, "lease %s {\n",
> > piaddr(lease->ip_addr));
> > > > fprintf(abc,"%s\t",piaddr(lease->ip_addr));
> > > > if (errno)
> > > > ++errors;
> > > >
> > > > t = gmtime(&lease->starts);
> > > > snprintf(tbuf, sizeof(tbuf), "%d
> > %d/%02d/%02d %02d:%02d:%02d;",
> > > > t->tm_wday, t->tm_year + 1900, t->tm_mon
> > + 1, t->tm_mday,
> > > > t->tm_hour, t->tm_min, t->tm_sec);
> > > >
> > > > errno = 0;
> > > > fprintf(db_file, "\tstarts %s\n", tbuf);
> > > > fprintf(abc, "%s\t", tbuf);
> > > > if (errno)
> > > > ++errors;
> > > >
> > > > t = gmtime(&lease->ends);
> > > > snprintf(tbuf, sizeof(tbuf), "%d
> > %d/%02d/%02d %02d:%02d:%02d;",
> > > > t->tm_wday, t->tm_year + 1900, t->tm_mon
> > + 1, t->tm_mday,
> > > > t->tm_hour, t->tm_min, t->tm_sec);
> > > >
> > > > errno = 0;
> > > > fprintf(db_file, "\tends %s", tbuf);
> > > > fprintf(abc, "%s\t", tbuf);
> > > > if (errno)
> > > > ++errors;
> > > >
> > > > if (lease->hardware_addr.hlen) {
> > > > errno = 0;
> > > > fprintf(db_file, "\n\thardware %s %s;",
> > > >
> > hardware_types[lease->hardware_addr.htype],
> > > >
> > print_hw_addr(lease->hardware_addr.htype,
> > > > lease->hardware_addr.hlen,
> > > >  

Re: Boot panic with bsd.mp on a Compaq ProLiant 2500

[François Chambaud]

Nick Shank <[EMAIL PROTECTED]> writes:

> I happened to read this as I was on my way out of the office for the
> week (yay for vacation, and a paid one at that) I don't recall the
> exact error, but on 3 different SMP slot 1 machines, bsd.mp under 3.9
> complains about apic, and dies. PS shows swapper as the only thing
> active. Will look more into it on Friday when I get back, and post
> what I find. Although, the thought of going back a version or two
> seems like it might work, as I know I've had 3.7 or 3.8 working on at
> least one of my dual slot 1 machines...
>  Hope that helps at least a little bit,
> Nick
> 
> 

My Compaq ProLiant 2500 server has two Pentium Pro on socket 8, not on
slot 1.

$ dmesg | egrep "GENERIC|cpu"   
OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium Pro ("GenuineIntel" 686-class, 256KB L2 cache) 199 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV
cpu0 at mainbus0

I don't know if it makes a difference for this kernel panic:

[...]
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 28 pins
ioapic0: misconfigured as apic 0, remapped to apic 2
panic: can't deal with not-all-lapics interrupt yet!
[...]

Unfortunately, this server is in production now and I can't go back in
3.7 or 3.8 to see if it works.

Thanks again Nick.

Francois
-- 
http://www.chambaud.org

Re: Which WLAN mini PCI card to use?

[Melameth, Daniel D.]

Heinrich Rebehn wrote:
> I want to build a WLAN router using a WRAP board running OpenBSD.
> I am still unsure which wlan interface to use. I considered the CM9
> (ath(4)).
> 
> My question: are there still problems with the 802.11g (54 Mbit) mode?
> http://archives.neohapsis.com/archives/openbsd/2005-12/0192.html
> 
> Also, the CM9 seems to use the 5213 chipset, which the manpage does
> not mention. Is it also supported?
> 
> Or are there better choices?

It appears, at this time, ral is the best choice on OpenBSD.  However,
you might run into ral driver issues, noted at
http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=1&s=problem+sis+timeo
ut+openbsd+3.9&q=b, until a fix is committed.

Re: raidctl on a live raid array, and the kernel debugger

[Greg Oster]

Jason Murray writes:
> I've tried, again, to fix my raid array with raidctl -R. I did it on the 
> console port this time so I could capture the output from ddb>
> 
> Here is some output:
> 
> # raidctl -s raid0
> raid0 Components:
> /dev/wd0d: failed
> /dev/wd1d: optimal
> No spares.
> Parity status: DIRTY
> Reconstruction is 100% complete.
> Parity Re-write is 100% complete.
> Copyback is 100% complete.
> 
> So I attempt an inplace  reconstruction of wd0d.
> 
> #
> # raidctl -R /dev/wd0d raid0
> Closing the opened device: /dev/wd0d
> About to (re-)open the device for rebuilding: /dev/wd0d
> RECON: Initiating in-place reconstruction on
> row 0 col 0 -> spare at row 0 col 0.
> Quiescence reached...
> 
> I then use raidctl -S to monitor the reconstruction. Things go well 
> until the 48% mark. Then I get:
> 
> wd1d:  uncorrectable data error reading fsbn 111722176 of 
> 11722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying
> /wd1: transfer error, downgrading to Ultra-DMA mode 4
> wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
> wd1d:  uncorrectable data error reading fsbn 111722176 of 
> 111722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying
> wd1d:  uncorrectable data error reading fsbn 111722248 of 
> 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1), retrying
> wd1d:  uncorrectable data error reading fsbn 111722248 of 
> 111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1)
> raid0: IO Error.  Marking /dev/wd1d as failed.
> Recon read failed !
> panic: RAIDframe error at line 1518 file 
> /usr/src/sys/dev/raidframe/rf_reconstruct.c
> Stopped at  Debugger+0x4:   leave
> RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
> 
> DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
> 
> This concerns me because I need wd1d to rebuild my failed wd0d. Any 
> ideas? Drive cables maybe? Any help is greatly appreciated.

You have recent backups, right?  wd1 is failing/dying.  At this point 
you're probably better off in attempting to use 'dd' to recover as 
many bits as you can... (if you do a 'dump' of the filesystem you can 
probably tell from that whether or not there is any 'live data' in 
the portion that is unreadable  if there isn't any live data, 
then you can use 'dd' to make as much of a copy as possible of wd1, 
and use that as the base for reconstructing the RAID set.)

Later...

Greg Oster

Re: BOB is dying.

[Kenny Mann]

Stephen Bosch wrote:

Tim Donahue wrote:
  

I swear, spam keeps getting wierder and wierder



My own theory is that these are messages designed (by the spammers) to
test spam filters.

  
I think they are banking on the idea that users will flag it as spam and 
thusly add legit words to the "potentially bad words" list. I think this 
because every time I get an email like this, all the words are spelled 
correctly.


Kenny

Re: Do mp3 concatenation programs exist?

[Timo Schoeler]

thus Pawel S. Veselov spake:

On Sun, Jul 16, 2006 at 04:26:55PM +0200, Jonathan Schleifer wrote:

[ skipped ]


All you achieve with this idiotic idea is that you get the providers
attention because you spam their logs and they'll propably cancel the
contract because of abuse.


Heh, have you ever tried calling an ISP ? I mean big ISP, and you calling with
a technical question ?


depends on who's calling, a guy with a 56k dialup or 25Mbps DSLame or 
someone with a bunch of E3/T3s...



Gives you perspective on what kinda staff runs the ISPs
these days. Also, how many new leases are requested from this provider every
minute ? Would another one count ? Don't think so.


that's one side of the coin. the other one is that surely monitoring of 
these services takes place and one can clearly see his line at the DSLAM 
causing requests for a new lease on a per-minute basis. that's not a 
'resource problem' at that moment, but should cause the raise of 
attention. (a single virus is no problem for your body and immune 
system; however, it will immediately start its defense. same should 
apply to the ISP.)



Having service terminated because of an illegal client behavior is the least
likely thing to happen nowadays.


err, you read those news on the net? why do ISPs block port 25? why do 
they implement traffic shaping? why do they force customers to use 
transparent proxies? etc.



Hey, they don't care if your compulter is
loaded with viruses that redistribute themselves like crazy.


why should they? that'd mean surveillance at L6/7 which is nonsense (at 
least, you're not the NSA etc.). they can max out their line, that's all.



Or if you are
sending spam.


not causing waste of resources beyond the line.


No one is watching your connection, unless someone comes to your
ISP with a warrant of sorts. ISP needs your 30 bucks a month more than they
need anything else.


nah, that's a bad argument. abuse is abuse, no matter what the customer 
pays -- if he violates what's part of the contract, the ISP can do what 
it wants to stop it.



[ skipped ]

Thanks,
Pawel.

P.S. This thread needs a new name


dying threads don't need new subjects ;)


P.P.S. lol, no one from this list works for an ISP ? :)


i think there indeed are people working for ISPs. :)

PF rules not working (traffic blocked on way back out)

[Ashley Moran]

Hi people...

I wonder if anyone can see what is up with these firewall rules.

We have two external IP ranges from our ISP.  We're trying to migrate from 
IPCop to OpenBSD so we can use the extra range, using a CARPed cluster of two 
3.8 machines.  Initially we just want to get a single Windows web server 
running behind it.


  -- isp router  --
| |
| |
  ipcop  -
| |
 openbsd1 openbsd2
| |
 -
  |
  |
 webserv1 webserv2


This morning we set the default route of the web server to send traffic 
through the new firewalls, and I a



##
#   INTERFACES   #
##

ext_if   = "vr0"
dmz_if   = "em0"
int_if   = "em1"
pfsync_phys_if   = "em1"
pfsync_secure_if = "enc0"
all_if   = "{ vr0, em0, em1 }"
# can't antispoof on em1 because enc0 (created by ipsec) shares an IP range
# not critical as this is on the internal interface anyway
antispoof_if = "{ vr0, em0 }"


##
# ADDRESSES AND SERVICES #
##

### External

table  persist { a.b.c.d/28, e.f.g.h/28 }

### DMZ

dmz_ad="10.0.0.0/16"
dmz_tcp_services_out = "{ http, https, ftp, ntp, domain, 5999 }" 
  # 5999 is cvsup (FreeBSD)
dmz_udp_services_out = "{ ntp, domain }"

## webserv1
webserv1_ext_ad = "x.x.x.x"
webserv1_dmz_ad = "10.0.0.12"

gr8_ext_ad = "x.x.x.x"
gr8_dmz_ad = "10.0.0.13"

codeweavers_secure_ext_ad = "x.x.x.x"
codeweavers_secure_dmz_ad = "10.0.0.14"

dealersystem_ext_ad = "x.x.x.x"
dealersystem_dmz_ad = "10.0.0.15"

easidrive_ext_ad = "x.x.x.x"
easidrive_dmz_ad = "10.0.0.21"

## webserv2 (cluster)
# primary dmz address is "physical address", others are CARPED
webserv2_ext_ad = "x.x.x.x"
webserv2_dmz_primary_ad = "{ 10.0.1.1, 10.0.1.2 }"
webserv2_dmz_ad = "{ 10.0.100.1, 10.0.101.1 }"

# applies to all webservers
webserver_tcp_services = "{ http, https, ssh }"
webserv1_extra_tcp_services = "{ smtp, 3389 }"

## database servers
magneto_dmz_ad = "10.0.2.1"
mystique_dmz_ad = "10.0.2.2"
dbserv_ext_ad = "x.x.x.x"
dbserv_tcp_services = "{ , 2223 }"


# Internal

table  persist { 192.168.136.0/24, 192.168.0.0/24 }

intranet_ext_ad = "x.x.x.x"

jigsawfirewall_ad = "192.168.136.251"
jigsawfirewall_tcp_services_in = "{ smtp }"

# include both firewalls here to save maintaining separate
# scripts for each server
# note: these are the IPs used over the internal interface
firewall_ad = "{ 192.168.136.253, 192.168.136.252,
 192.168.254.254, 192.168.254.253 }"

# Spam

table  persist



# DEFAULTS #


# dont filter on loopback:
set skip on lo0 


#
# SCRUBBING #
#

# clean all packets:
#   - random-id: helps prevent OS identification and NAT host counting
#   - reassemble tcp: used with fragment reassemble for NAT
#   - fragment reassemble: makes sure packet fragments are reassembled before 
# sending through the network
scrub all reassemble tcp
scrub in all fragment reassemble
scrub out all random-id



###
# NAT/REDIRECTION #
###

### DMZ

nat on $ext_if inet proto { tcp, udp, icmp } \
  from $webserv1_dmz_ad -> $webserv1_ext_ad

nat on $ext_if inet proto { tcp, udp, icmp } \
  from $webserv2_dmz_primary_ad -> $webserv2_ext_ad

nat on $ext_if inet proto { tcp, udp, icmp } \
  from { $magneto_dmz_ad, $mystique_dmz_ad } -> $dbserv_ext_ad

## webserv1

rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $webserv1_ext_ad port { http, https, ssh, smtp, 3389 } \
   -> $webserv1_dmz_ad

rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $codeweavers_secure_ext_ad port { http, https } \
   -> $codeweavers_secure_dmz_ad 

rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $dealersystem_ext_ad port { http, https } \
   -> $dealersystem_dmz_ad

rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $gr8_ext_ad port { http, https } \
   -> $gr8_dmz_ad 

rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $easidrive_ext_ad port { http, https } \
   -> $easidrive_dmz_ad 

## webserv2 (load balancing)

rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $webserv2_ext_ad port http -> $webserv2_dmz_ad port http \
  round-robin sticky-address
rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $webserv2_ext_ad port https -> $webserv2_dmz_ad port https \
  round-robin sticky-address
rdr on { $ext_if, $int_if } inet proto tcp \
  from any to $webserv2_ext_ad port ssh -> $webserv2_dmz_ad port ssh \
 

Re: Do mp3 concatenation programs exist?

[Pawel S. Veselov]

On Sun, Jul 16, 2006 at 04:26:55PM +0200, Jonathan Schleifer wrote:

[ skipped ]

>All you achieve with this idiotic idea is that you get the providers
>attention because you spam their logs and they'll propably cancel the
>contract because of abuse.

Heh, have you ever tried calling an ISP ? I mean big ISP, and you calling with
a technical question ? Gives you perspective on what kinda staff runs the ISPs
these days. Also, how many new leases are requested from this provider every
minute ? Would another one count ? Don't think so.

Having service terminated because of an illegal client behavior is the least
likely thing to happen nowadays. Hey, they don't care if your compulter is
loaded with viruses that redistribute themselves like crazy. Or if you are
sending spam. No one is watching your connection, unless someone comes to your
ISP with a warrant of sorts. ISP needs your 30 bucks a month more than they
need anything else.

[ skipped ]

Thanks,
Pawel.

P.S. This thread needs a new name

P.P.S. lol, no one from this list works for an ISP ? :)

Re: raidctl on a live raid array, and the kernel debugger

[Jeff Quast]

On 7/17/06, Jason Murray <[EMAIL PROTECTED]> wrote:

I've tried, again, to fix my raid array with raidctl -R. I did it on the
console port this time so I could capture the output from ddb>

Here is some output:


yay!


I then use raidctl -S to monitor the reconstruction. Things go well
until the 48% mark. Then I get:

wd1d:  uncorrectable data error reading fsbn 111722176 of
11722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying
/wd1: transfer error, downgrading to Ultra-DMA mode 4
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
wd1d:  uncorrectable data error reading fsbn 111722176 of
111722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying
wd1d:  uncorrectable data error reading fsbn 111722248 of
111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1), retrying
wd1d:  uncorrectable data error reading fsbn 111722248 of
111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1)
raid0: IO Error.  Marking /dev/wd1d as failed.
Recon read failed !
panic: RAIDframe error at line 1518 file
/usr/src/sys/dev/raidframe/rf_reconstruct.c
Stopped at  Debugger+0x4:   leave


In case the output is not clear enough, there is an error reading
block numbers 11722176 through 111722303 on wd1.  This is not an issue
with raidframe. This is an issue with your IDE disk. (or ide
controller, etc...)

Test the disk thoroughly using badblocks from the e2fstools port and I
am sure it will reproduce the exact same console output. and panic,
though a different backtrace.

That OpenbSD crashes when an ide disk fails to communicate properly is
not the fault of OpenBSD, and definitly not raidframe. OpenBSD actualy
tried to do you a favor and step down the communication speed ( /wd1:
transfer error, downgrading to Ultra-DMA mode 4 ), in case it were the
fault of the ide controller or what have you.

I think I can easily guess that this is why raidframe marked the disk
bad in the first place. You need to replace the disk with a fresh disk
of similar or greater geometry size, copy the disklabel onto the new
disk, and reconstruct. This is what raid is for. Unfortunatly for you,
your raid is both software and ide. This is why the kernel panics.

Re: BOB is dying.

[Han Boetes]

Tim Donahue wrote:
> I swear, spam keeps getting wierder and wierder

I know a very peculiar fellow named Bob, his health is failing,
but I don't think it's that bad.


# Han

come aumentare la sicurezza negli incroci

[Newsletter - Everlight]

STOP VELOX







Cosh

E' un sistema segnaletico dotato di sensore che permette la segnalazione della
presenza dello stop ai veicoli che arrivano presso lo stop a velocit` troppo
elevata.
Il sistema h completamente autonomo dalla rete elettrica in quanto dotato di
alimentazione fotovoltaica

Benefici
Riduzione della velocit` nei pressi degli incroci
Aumento della sicurezza con riduzione sinistri
Installazione semplice ed immediata
Zero costi di allaccio elettrico alla rete, per passaggio dei cavi, per gli
scavi, per il ripristino.
Zero costi di consumo elettrico e quindi niente BOLLETTE!
Sistema non soggetto a Black-out

Applicazioni tipiche
Incroci pericolosi su strade a media ed alta velocit`.





VISITA IL NOSTRO SITO: www.everlight.it

SFOGLIA IL NOSTRO CAYALOGO: www.everlight.net





Via Martiri della Libert`, 78

66054 Vasto (CH)

Tel 0873.69659 Fax 0873.753116

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
1.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
2.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
3.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
4.jpg]

Re: BOB is dying.

[Stephen Bosch]

Tim Donahue wrote:
> I swear, spam keeps getting wierder and wierder

My own theory is that these are messages designed (by the spammers) to
test spam filters.


> 
> 
> On Fri, 14 Jul 2006 20:43:50 -0700 (PDT)
> "Anon Y. Mous" <[EMAIL PROTECTED]> wrote:
> 
>> BOB is dying.
>> Right turn on RED.
>> Tired of spam?  Yahoo! Mail has the best spam protection around 
>> http://mail.yahoo.com 

Re: Icecast manual page

[steven mestdagh]

Karel Kulhavy [2006-07-17, 16:53:40]:
> Hello
> 
> After pkg_add icecast 2.3.1 into OpenBSD 3.9 I realized there is no manual
> page. No man icecast, although there is an executable called icecast.
> Also no info icecast.
> 
> I suggest that this manpage is added if one exists, or at least a dummy one
> which points to the URL and says that the original project doesn't have one.

Next to man pages, other forms of ports documentation are installed into
/usr/local/share/doc/.  You will find icecast documentation there.
If you want a man page, I suggest you contact the icecast authors...

-- 
steven

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

Icecast manual page

[Karel Kulhavy]

Hello

After pkg_add icecast 2.3.1 into OpenBSD 3.9 I realized there is no manual
page. No man icecast, although there is an executable called icecast.
Also no info icecast.

I suggest that this manpage is added if one exists, or at least a dummy one
which points to the URL and says that the original project doesn't have one.

CL<

Which WLAN mini PCI card to use?

[Heinrich Rebehn]

Hi list,

I want to build a WLAN router using a WRAP board running OpenBSD.
I am still unsure which wlan interface to use. I considered the CM9 
(ath(4)).


My question: are there still problems with the 802.11g (54 Mbit) mode?
http://archives.neohapsis.com/archives/openbsd/2005-12/0192.html

Also, the CM9 seems to use the 5213 chipset, which the manpage does not 
mention. Is it also supported?


Or are there better choices?

Thanks for any info,


Heinrich Rebehn

University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -

Phone : +49/421/218-4664
Fax   :-3341

Re: BOB is dying.

[Bruce Bauer]

I actually ran across one of those shady web sites selling commercial
software at rediculous prices last year.  The interesting part was that they
were offering Microsoft BOB 1.0 for $30.00

On 7/16/06, Chris Zakelj <[EMAIL PROTECTED]> wrote:
>
> Matthias Kilian wrote:
> > On Sun, Jul 16, 2006 at 02:54:35PM -0400, Tim Donahue wrote:
> >
> >> I swear, spam keeps getting wierder and wierder
> >>
> > It's not spam, it's modern art. You can use it for poetry.
> I thought it might have been one of those "BSD is dying!" trolls on
> slashdot, except they were referring to Microsoft BOB.  Ten years late,
> but at least they'd have gotten one right for a change :)

Re: Do mp3 concatenation programs exist?

[Bruce Bauer]

Very enteraining.

Thanks all for brightening my morning


On 7/17/06, Rod.. Whitworth <[EMAIL PROTECTED]> wrote:
>
> On Mon, 17 Jul 2006 05:53:04 -0400, Marcus Watts wrote:
>
> >Randomness leading up to
> >> > There are no useful answers for idiots.
> >>
> >> I like that phrase, I'll have to remember that one.
> >
> >Just for the hell of it, I'll try offering a few
> >useless answers.
> >
> >   { it's clear the originator isn't worried about secrecy
> >   or anonymity, given he's using a remote radius server
> >   and asked for help in a public forum. }
> >
> >   { if he *was* interested in privacy & anonymity, surely he'd
> >   be exploring broadcast or unidirectional protocols such as
> >   digital radio mondiale and not asking us questions. }
> >
> >1. I'm pretty sure Vincent Cerf didn't intend for any tcp protocols to
> >survive changing the IP address every minute.  Although a lot of his
> >work seems to have involved machines that were too heavy to carry and
> >too expensive to re-address every minute, he appears to have
> >nevertheless been keenly interested in mobile computing & radio use
> >before either were common.  I've no doubt he'd be amused by the
> >originator's attempt, though I doubt he'd be supportive.  The problem
> >does sound remarkably like a "worst case" roaming scenario with
> >wireless IP.  Maybe something involving a revolving restaurant?
> >
> >   { Since the originator of this thread appears to have been
> >   relying on what are presumably non-dedicated data circuits &
> >   shared servers, his connections are subject to random delay
> >   depending on competition from other user(s) of those services.
> >   Excessive delay will surely lead to lost data, and snippets
> >   that cannot be pasted together without weirdness.
> >   Presumably those delays will get worse with time... }
> >
> >2. If you *were* trying to piece together a reliable data feed
> >out of very short snippets, you'd probably have much better luck
> >if you managed up to *two* separate overlapping connections --
> >dropping one once you've sync'd up with the other.  Dropping
> >duplicated data is easier than recreating lost data.
> >
> >3. If you wanted to use internet protocols to give you a reliable
> >feed (instead of making one yourself as in 2), you'll want to run
> >a vpn on top of your physical connection, so that you can then
> >use tcp to manage packet drops due to the underlying connection
> >randomly disappearing.
> >
> >4. "sox" will concatenate mp3 input's together.  You'd then need to
> >re-encode the output stream using some mp3 encoder.  sox won't
> >be capable of recovering data lost due to network drops,
> >and it's not going to help you with pasting snippets together either.
> >There is tons of other audio software that can do the same thing,
> >with variable amounts of fluff and bother.
> >
> >5. There are a bunch of people who are very keen on matching audio
> >fragments up.  Some phrases they like to use are "audio finger-printing",
> >or "automatic music identification".  Unfortunately these are also the
> >very same people who tend to be real keen on proprietary data &
> >software techniques.  Fortunately for you, the patent process is
> >"supposed" to encourage people to provide sufficient information to
> >make it possible to make experimental use of patented technology.
> >Unfortunately for you, "supposed to" to a lawyer is rather like what
> >"possible" means to a mathematician who is asked if the product
> >of large primes can be factored.
> >
> >   -Marcus Watts
>
> What a beautiful piece of writing.
>
> There are chunks that I cannot claim expertise on. Even they sound
> plausible (in the non-derogatory sense) and the bits that I do know
> about seem consistant with reality.
>
> Marcus, it was a joy to read a well constructed essay with no ad
> hominem bits that should, but I would not bet my lefty on it, be the
> end of this tiresome thread. Or at least the end of the discursive
> part, you may see other compliments. ;-)
>
>
>
> From the land "down under": Australia.
> Do we look  from up over?
>
> Do NOT CC me - I am subscribed to the list.
> Replies to the sender address will fail except from the list-server.
> Your IP address will also be greytrapped for 24 hours after any attempt.
> I am continually amazed by the people who run OpenBSD who don't take this
> advice. I always expected a smarter class. I guess not.

Re: raidctl on a live raid array, and the kernel debugger

[Jason Murray]

I've tried, again, to fix my raid array with raidctl -R. I did it on the 
console port this time so I could capture the output from ddb>


Here is some output:

# raidctl -s raid0
raid0 Components:
   /dev/wd0d: failed
   /dev/wd1d: optimal
No spares.
Parity status: DIRTY
Reconstruction is 100% complete.
Parity Re-write is 100% complete.
Copyback is 100% complete.

So I attempt an inplace  reconstruction of wd0d.

#
# raidctl -R /dev/wd0d raid0
Closing the opened device: /dev/wd0d
About to (re-)open the device for rebuilding: /dev/wd0d
RECON: Initiating in-place reconstruction on
   row 0 col 0 -> spare at row 0 col 0.
Quiescence reached...

I then use raidctl -S to monitor the reconstruction. Things go well 
until the 48% mark. Then I get:


wd1d:  uncorrectable data error reading fsbn 111722176 of 
11722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying

/wd1: transfer error, downgrading to Ultra-DMA mode 4
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
wd1d:  uncorrectable data error reading fsbn 111722176 of 
111722176-111722303 (wd1 bn 114343984; cn 113436 tn 7 sn 55), retrying
wd1d:  uncorrectable data error reading fsbn 111722248 of 
111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1), retrying
wd1d:  uncorrectable data error reading fsbn 111722248 of 
111722176-111722303 (wd1 bn 114344056; cn 113436 tn 9 sn 1)

raid0: IO Error.  Marking /dev/wd1d as failed.
Recon read failed !
panic: RAIDframe error at line 1518 file 
/usr/src/sys/dev/raidframe/rf_reconstruct.c

Stopped at  Debugger+0x4:   leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!

DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!

This concerns me because I need wd1d to rebuild my failed wd0d. Any 
ideas? Drive cables maybe? Any help is greatly appreciated.


Anyway below is the trace and ps from the ddb.


ddb> trace

Debugger(d0642f0d,d0ba1000,d0774c0c,d0ba1000,d0cb4d2c) at Debugger+0x4
panic(d0642ec0,40,d0774c0c,d026e457,d05fde44) at panic+0x63
rf_ReconReadDoneProc(d0cb4d2c,1,1,0,44ba5557) at rf_ReconReadDoneProc+0x1b6
rf_KernelWakeupFunc(d57e8200,ad6ea,787,6befb) at rf_KernelWakeupFunc+0xe2
biodone(d57e8200,9000,10,d05fde44,636e7520) at biodone+0x88
wddone(d0b82000,d5808000,d0774ddc,d03ed2e0) at wddone+0x7e
wdc_ata_bio_done(d0b7c5a4,d5808000,0,0,a0) at wdc_ata_bio_done+0x5e
wdc_ata_bio_intr(d0b7c5a4,d5808000,1,1) at wdc_ata_bio_intr+0x1a9
wdcintr(d0b7c5a4) at wdcintr+0x8b
Xrecurse_legacy15() at Xrecurse_legacy15+0xb6
apm_cpu_idle(b0,d0644240,d06440a0,7fff,d02692e7) at apm_cpu_idle+0x80
idle_loop(d06f28c0,28,0,0,8000) at idle_loop+0x5
bpendtsleep(d06440a0,4,d0587231,0,0,,d05337d7,0) at bpendtsleep
uvm_scheduler(d064409c,3,0,d05337d7,dff) at uvm_scheduler+0x6b
check_console(0,0,0,0,0) at check_console

ddb> ps

   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
 29631   9527   9527  0  3 0x44184  select sendmail
  9527  30988   9527  0  3  0x4084  pause  sh
 30988   2589   2589  0  30x84  piperd cron
  5360  19845   5360  0  3  0x4086  nanosleep  raidctl
 13182  0  0  0  30x100204  RAIDframe  raid_reconip
 19845  1  19845  0  3  0x4086  pause  ksh
  6511  1   6511  0  3  0x4086  ttyin  getty
 31213  1  31213  0  3  0x4086  ttyin  getty
 18636  1  18636  0  3  0x4086  ttyin  getty
 16125  1  16125  0  3  0x4086  ttyin  getty
  5862  1   5862  0  3  0x4086  ttyin  getty
  2589  1   2589  0  30x84  select cron
 19058  1  19058  0  30x84  select sshd
  7847  1   7847 77  3   0x184  poll   dhcpd
  3822  19592  19592 83  3   0x184  poll   ntpd
 19592  1  19592  0  30x84  select ntpd
  9741   1703   1703 74  3   0x184  bpfpflogd
  1703  1   1703  0  30x84  netio  pflogd
  8078   6713   6713 73  2   0x184 syslogd
  6713  1   6713  0  30x84  netio  syslogd
  4673  1   4673  0  30x84  mfsidl mount_mfs
 28531  0  0  0  30x100204  rfwcondraid0
15  0  0  0  30x100204  crypto_wa  crypto
14  0  0  0  30x100204  aiodoned   aiodoned
13  0  0  0  30x100204  syncer update
12  0  0  0  30x100204  cleanercleaner
11  0  0  0  30x100204  reaper reaper
10  0  0  0  30x100204  pgdaemon   pagedaemon
 9  0  0  0  30x100204  pftm   pfpurge
 8  0  0  0  30x100204  usbevt usb3
 7  0  0  0  30x100204  usbevt usb2
 6  0  0  0  30x100204  usbevt usb1
 5  0  0  0  30x100204  usbtsk usbtask
 4  0  0  0  30x1002

Re: auto-update named via dhcpd?

[Salvador Sabaini]

[EMAIL PROTECTED] escribis:

I've got the (ubiquitous?) home LAN setup, with OpenBSD 3.7 as my
firewall/gateway/router.  (I know, need to upgrade.)

Previously, my LAN was setup as follows: all machines had static IP
addresses, and had the same /etc/hosts file.  All machines also had
the same /etc/resolv.conf file.

I got a laptop, and decided that I'd like to run a dhcp server on
the OpenBSD box (didn't want to update a bunch of /etc/hosts files).
Also, my ISP kept changing their DNS servers, so I had to update
/etc/resolv.conf on every box several times.

Now I'm thinking that the "least maintenance" approach is to have
the OpenBSD box run named and dhcpd, and have all the other boxes be
dynamically configured.

I've got dhcpd and named working, but they are not talking to each
other.  In other words, I don't know how to have named updated by
dhcpd.

There's a handful of howto-type documents on the net for this, but
the dhcpd shipped with OpenBSD 3.7 doesn't seem to support the
needed features.  For example, if I put this line in
/etc/dhcpd.conf:

ddns-update-style interim;

I get this in /var/log/daemon when starting dhcpd:

Jul 14 09:06:53 excrement dhcpd: /etc/dhcpd.conf line 13: expecting a parameter 
or declaration.
Jul 14 09:06:53 excrement dhcpd: ddns-update-style 
Jul 14 09:06:53 excrement dhcpd: ^


My assumption is that the dhcpd that ships with OpenBSD 3.7 doesn't
support the ddns-update-style option.  Some of the 'howto' documents
I found on the net suggest installing ISC DHCP version 3.

So my questions are:

- Is installing isc-dhcp-3 the right path to take for OpenBSD
  3.7?
- In there some way to use the default dhcpd in 3.7 to get
  dynamic dns updates?
- Does the dhcpd in OpenBSD 3.9 make this process any "easier"?

Thank you for any suggestions!
Matt



  

Mathew
Yes, you will have to install isc-dhcp-server in order to do the setup 
you want.


cheers,
-ssf.

Re: How to make fsck run faster?

[Nick Holland]

Antti Harri wrote:

On Sun, 16 Jul 2006, Nick Holland wrote:

nope, you can still likely use multiple partitions.  Break your backup 
job into smaller chunks, put each chunk on its own partition.  Or put 
each machine on its own partition.  Or ...


Interesting ideas. I didn't think that having the same amount of files
in many partitions will reduce the total time to fsck, does it really 
work that way although it goes through the same amount of files?


I haven't fully benchmarked it, but my inclination is that several small 
is faster than one big.  If scattered across multiple disks, definitely 
(they can be done in parallel...assuming you have the RAM!), for one 
disk, the partitions are done sequentially, not concurrently.


Further, if you keep only the partitions mounted that you are using AT 
THAT MOMENT, only those partitions will need an fsck should an event happen.


BTW: Yes, the dmesg could very well have helped.  If your disks were 
not being handled properly or you had insufficient RAM, you can have 
HORRIBLE problems with fsck performance, adding to your fsck time by a 
non-trivial multiple.  Your times sound excessive to me, but then, I 
don't think I have that many files on a single partition.


Unfortunately the computer isn't at hand right now. I'll check the 
amount of RAM and add some more if there isn't much. Would changing 
BUFCACHEPCT

help too? Because the computer is dedicated backup server so it can
take up all the memory as far as I'm concerned.


BUFCACHEPCT may help...assuming you don't force the machine to start 
swapping!  Easy thing to benchmark...


Guideline is 1M RAM for 1G of disk to keep fsck from swapping.  This 
seems to be a decent rule.  On the other hand, IF you have huge 
quantities of tiny files, this may skew things in worse directions...or 
may not.  I'm not a file system person, so everything I say could be 
wrong. :)




One idea which has been suggested is to use softupdates, and simply 
"force" mounting of the volume at boot, and periodically, fsck the 
thing on your schedule, to reclaim lost disk space.  Yes, when you do 
run the fsck, you will spend a lot of time waiting for it, but you 
will be able to schedule it.


Hmm, actually I am using softupdates. Doesn't it *ever* get corrupted with
softupdates even though there is a crash?


Theory or reality?? :)

Supposedly, "... the disk image is always kept consistent."
http://www.mckusick.com/softdep/

Reality: as your disk probably has some write cache, don't bet on 
that... things wont be written to the disk in the order expected. On the 
other hand...look at what fsck does: it just goes through the disk and 
tries to make sense of the file system...it does NOT magically fix all 
your data that was being written to disk when the power went out. 
So...if you trip over the power cord or have a not-so-bright squirrel 
take out your power mid-write, data will be corrupted, and all fsck will 
do is make sure totally unrecognizable data is not taking up space on 
the disk.


So...does it get corrupted?  Yes.  Does running fsck fix that?  Not 
really.  fsck just hides some of the evidence. :)


Keep in mind, partitions need not all be mounted in /etc/fstab, they 
can be manually mounted "later" in rc.local.  Why does your backup 
machine have to boot "fast"?  (I got one with way too little RAM, it 
needs to use swap to fsck, but that's ok...I'm not in a hurry for this 
machine to come up). Doing something else with it?  Ok, just put the 
backup partition as noauto in /etc/fstab, and fsck and mount (or just 
force-mount) the partition in /etc/rc.local.  Now, whatever it was 
that was bothering you about booting so slowly is up quickly, and the 
backup partition will get mounted in due time.


Well, I have it set up so that it comes up once a day and after it 
finishes doing backups it shuts down itself. So if it crashes and starting

up takes too much time the backup job won't fit the window it's supposed
to. I'm still working on the server and trying to find the best
solution for my needs. Luckily there hasn't been much use for the
backups since there hasn't been any real accidents or failures either ;-)


I presume you are turning the machine off for reducing power 
consumption?  How about this: turn off at end of job, turn on at 
beginning of job, and set to auto-power-on at application of power? 
That way, if the power is interrupted, it will come up and fsck as soon 
as the power comes back on, so it will be ready for the backup window. 
If the machine crashes (which it really shouldn't, of course), you are 
SOL, but that might motivate you to fix whatever caused the crash (and 
you are in the same position with the crash, regardless, as it won't 
power itself down, unless you are killing the power externally).


Nick.

Re: wireless network

[ivorob]

Clint Pachl wrote:


On Friday 14 July 2006 15:09, pk.ra wrote:


Does OpenBSD support registering to a safe wireless network
using certificates? 




Use IPSec: ipsecctl & isakmpd & RSA pubkeys.

1. Setup flows and SAs in ipsec.conf on both ends
2. Copy public RSA keys to each endpoint in /etc/isakmpd/pubkeys/...
3. Start the key management daemon: isakmpd -K
4. Setup the flows and SAs: ipsecctl -f /etc/ipsec.conf
5. Verify flows and SAs: ipsecctl -sa
6. Config pf to block all but encrypted traffic

For a simpler setup, you could use pre-shared keys, specified in 
ipsec.conf, instead of RSA pubkeys.


-pachl



Thanks, I'll try.

Re: Dhcpd Bizarre!!!!!!!!!!!!!!!!

[Rahul Sharma]

Hi trucu,
ya that is the main problem. Now finally i got it what i want.
Thanks to all
Rahul

On 7/17/06, turcu septimiu <[EMAIL PROTECTED]> wrote:
>
> It seems to me that you don't flush the file, nor you
> close it.
> This might be causing loss of data.
>
>
> --- Rahul Sharma <[EMAIL PROTECTED]> wrote:
>
> > Hi Nick,
> > Thank for your replies.
> > But in that case I have to search the dhcpd enteries
> > and then parse the
> > /var/log/ daemon.
> > But  I Just want to create another file with the
> > format i like.
> > Plz anybody help!!!
> > Thanks in advance
> > Rahul
> >
> > On 7/14/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
> > >
> > > On 7/13/06, Rahul Sharma
> > <[EMAIL PROTECTED]> wrote:
> > > > /*$OpenBSD: db.c,v 1.10 2004/09/16 18:35:42
> > deraadt Exp $*/
> > > >
> > > > /*
> > > >  * Persistent database management routines for
> > DHCPD.
> > > >  */
> > > >
> > > > /*
> > > >  * Copyright (c) 1995, 1996 The Internet
> > Software Consortium.
> > > >  * All rights reserved.
> > > >  *
> > > >  * Redistribution and use in source and binary
> > forms, with or without
> > > >  * modification, are permitted provided that the
> > following conditions
> > > >  * are met:
> > > >  *
> > > >  * 1. Redistributions of source code must retain
> > the above copyright
> > > >  *notice, this list of conditions and the
> > following disclaimer.
> > > >  * 2. Redistributions in binary form must
> > reproduce the above copyright
> > > >  *notice, this list of conditions and the
> > following disclaimer in
> > > the
> > > >  *documentation and/or other materials
> > provided with the
> > > distribution.
> > > >  * 3. Neither the name of The Internet Software
> > Consortium nor the names
> > > >  *of its contributors may be used to endorse
> > or promote products
> > > derived
> > > >  *from this software without specific prior
> > written permission.
> > > >  *
> > > >  * THIS SOFTWARE IS PROVIDED BY THE INTERNET
> > SOFTWARE CONSORTIUM AND
> > > >  * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR
> > IMPLIED WARRANTIES,
> > > >  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
> > WARRANTIES OF
> > > >  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> > PURPOSE ARE
> > > >  * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET
> > SOFTWARE CONSORTIUM OR
> > > >  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
> > INDIRECT, INCIDENTAL,
> > > >  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
> > (INCLUDING, BUT NOT
> > > >  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> > OR SERVICES; LOSS OF
> > > >  * USE, DATA, OR PROFITS; OR BUSINESS
> > INTERRUPTION) HOWEVER CAUSED AND
> > > >  * ON ANY THEORY OF LIABILITY, WHETHER IN
> > CONTRACT, STRICT LIABILITY,
> > > >  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> > ARISING IN ANY WAY OUT
> > > >  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> > OF THE POSSIBILITY OF
> > > >  * SUCH DAMAGE.
> > > >  *
> > > >  * This software has been written for the
> > Internet Software Consortium
> > > >  * by Ted Lemon <[EMAIL PROTECTED]> in
> > cooperation with Vixie
> > > >  * Enterprises.  To learn more about the
> > Internet Software Consortium,
> > > >  * see ``http://www.vix.com/isc''.  To learn
> > more about Vixie
> > > >  * Enterprises, see ``http://www.vix.com''.
> > > >  */
> > > >
> > > > #include "dhcpd.h"
> > > >
> > > > FILE *db_file;
> > > > FILE *abc;
> > > > static int counting = 0;
> > > > static int count = 0;
> > > > time_t write_time;
> > > >
> > > > /*
> > > >  * Write the specified lease to the current
> > lease database file.
> > > >  */
> > > > int
> > > > write_lease(struct lease *lease)
> > > > {
> > > > struct tm *t;
> > > > char tbuf[64];
> > > > int errors = 0;
> > > > int i;
> > > >
> > > > if (counting)
> > > > ++count;
> > > > errno = 0;
> > > > fprintf(db_file, "lease %s {\n",
> > piaddr(lease->ip_addr));
> > > > fprintf(abc,"%s\t",piaddr(lease->ip_addr));
> > > > if (errno)
> > > > ++errors;
> > > >
> > > > t = gmtime(&lease->starts);
> > > > snprintf(tbuf, sizeof(tbuf), "%d
> > %d/%02d/%02d %02d:%02d:%02d;",
> > > > t->tm_wday, t->tm_year + 1900, t->tm_mon
> > + 1, t->tm_mday,
> > > > t->tm_hour, t->tm_min, t->tm_sec);
> > > >
> > > > errno = 0;
> > > > fprintf(db_file, "\tstarts %s\n", tbuf);
> > > > fprintf(abc, "%s\t", tbuf);
> > > > if (errno)
> > > > ++errors;
> > > >
> > > > t = gmtime(&lease->ends);
> > > > snprintf(tbuf, sizeof(tbuf), "%d
> > %d/%02d/%02d %02d:%02d:%02d;",
> > > > t->tm_wday, t->tm_year + 1900, t->tm_mon
> > + 1, t->tm_mday,
> > > > t->tm_hour, t->tm_min, t->tm_sec);
> > > >
> > > > errno = 0;
> > > > fprintf(db_file, "\tends %s", tbuf);
> > > > fprintf(abc, "%s\t", tbuf);
> > > > if (errno)
> > > > ++errors;
> > > >
> > > > if (lease->hardware_addr.hlen) {
> > > > errno = 0;
> > > > fprintf(db_file, "\n\thardware %s %s;",
> > > >
> > hardwar

Re: auto-update named via dhcpd?

[Alexander Belikov]

mggc> I've got the (ubiquitous?) home LAN setup, with OpenBSD 3.7 as my
mggc> firewall/gateway/router.  (I know, need to upgrade.)

mggc> I got a laptop, and decided that I'd like to run a dhcp server on
mggc> the OpenBSD box (didn't want to update a bunch of /etc/hosts files).
mggc> Also, my ISP kept changing their DNS servers, so I had to update
mggc> /etc/resolv.conf on every box several times.

mggc> Now I'm thinking that the "least maintenance" approach is to have
mggc> the OpenBSD box run named and dhcpd, and have all the other boxes be
mggc> dynamically configured.

mggc> I've got dhcpd and named working, but they are not talking to each
mggc> other.  In other words, I don't know how to have named updated by
mggc> dhcpd.

You can setup dhcpd thus it would assign fixed ip address to each
machine by it's mac. Than create static zone for bind on your router.
All other machines would be it's clients.

There's a huge field what can be done else. Some time ago I had the
same network. I had "core" file, which contained an information of all
my hosts (hostname,ip,mac). My scripts generate dhcpd.conf and a zone for
bind.

Now I have an other network in other place. First I assigned static
IPs to all hosts, then a zone for bind. Then i wrote a short script,
which created a dynamic part of dhcpd.conf:

[EMAIL PROTECTED] scripts]# cat arp2dhcp.pl
#!/usr/bin/perl

@hosts = `arp -a`;
$int_if = "rl0";

foreach $host (@hosts) {
chomp($host);
$host =~ s/\(//g;
$host =~ s/\)//g;
@words = split(/ /,$host);
if($words[5] eq $int_if) {
if($words[0] ne "?") {
if($words[3] ne "incomplete") {
$hostname = $words[0];
$ip = $words[1];
$mac = $words[3];
@hn = split(/\./,$hostname);
$shortname = $hn[0];
print "host $shortname\t{hardware ethernet $mac;fixed-address 
$ip;}\n";
}
}
}
}

There are a lot of ways to go, please chose your one

Re: Do mp3 concatenation programs exist?

[Rod.. Whitworth]

On Mon, 17 Jul 2006 05:53:04 -0400, Marcus Watts wrote:

>Randomness leading up to
>> > There are no useful answers for idiots.
>> 
>> I like that phrase, I'll have to remember that one.
>
>Just for the hell of it, I'll try offering a few
>useless answers.
>
>   { it's clear the originator isn't worried about secrecy
>   or anonymity, given he's using a remote radius server
>   and asked for help in a public forum. }
>
>   { if he *was* interested in privacy & anonymity, surely he'd
>   be exploring broadcast or unidirectional protocols such as
>   digital radio mondiale and not asking us questions. }
>
>1. I'm pretty sure Vincent Cerf didn't intend for any tcp protocols to
>survive changing the IP address every minute.  Although a lot of his
>work seems to have involved machines that were too heavy to carry and
>too expensive to re-address every minute, he appears to have
>nevertheless been keenly interested in mobile computing & radio use
>before either were common.  I've no doubt he'd be amused by the
>originator's attempt, though I doubt he'd be supportive.  The problem
>does sound remarkably like a "worst case" roaming scenario with
>wireless IP.  Maybe something involving a revolving restaurant?
>
>   { Since the originator of this thread appears to have been
>   relying on what are presumably non-dedicated data circuits &
>   shared servers, his connections are subject to random delay
>   depending on competition from other user(s) of those services.
>   Excessive delay will surely lead to lost data, and snippets
>   that cannot be pasted together without weirdness.
>   Presumably those delays will get worse with time... }
>
>2. If you *were* trying to piece together a reliable data feed
>out of very short snippets, you'd probably have much better luck
>if you managed up to *two* separate overlapping connections --
>dropping one once you've sync'd up with the other.  Dropping
>duplicated data is easier than recreating lost data.
>
>3. If you wanted to use internet protocols to give you a reliable
>feed (instead of making one yourself as in 2), you'll want to run
>a vpn on top of your physical connection, so that you can then
>use tcp to manage packet drops due to the underlying connection
>randomly disappearing.
>
>4. "sox" will concatenate mp3 input's together.  You'd then need to
>re-encode the output stream using some mp3 encoder.  sox won't
>be capable of recovering data lost due to network drops,
>and it's not going to help you with pasting snippets together either.
>There is tons of other audio software that can do the same thing,
>with variable amounts of fluff and bother.
>
>5. There are a bunch of people who are very keen on matching audio
>fragments up.  Some phrases they like to use are "audio finger-printing",
>or "automatic music identification".  Unfortunately these are also the
>very same people who tend to be real keen on proprietary data &
>software techniques.  Fortunately for you, the patent process is
>"supposed" to encourage people to provide sufficient information to
>make it possible to make experimental use of patented technology.
>Unfortunately for you, "supposed to" to a lawyer is rather like what
>"possible" means to a mathematician who is asked if the product
>of large primes can be factored.
>
>   -Marcus Watts

What a beautiful piece of writing. 

There are chunks that I cannot claim expertise on. Even they sound
plausible (in the non-derogatory sense) and the bits that I do know
about seem consistant with reality.

Marcus, it was a joy to read a well constructed essay with no ad
hominem bits that should, but I would not bet my lefty on it, be the
end of this tiresome thread. Or at least the end of the discursive
part, you may see other compliments. ;-)



>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.
Your IP address will also be greytrapped for 24 hours after any attempt. 
I am continually amazed by the people who run OpenBSD who don't take this 
advice. I always expected a smarter class. I guess not.

Re: Do mp3 concatenation programs exist?

[Marcus Watts]

Randomness leading up to
> > There are no useful answers for idiots.
> 
> I like that phrase, I'll have to remember that one.

Just for the hell of it, I'll try offering a few
useless answers.

{ it's clear the originator isn't worried about secrecy
or anonymity, given he's using a remote radius server
and asked for help in a public forum. }

{ if he *was* interested in privacy & anonymity, surely he'd
be exploring broadcast or unidirectional protocols such as
digital radio mondiale and not asking us questions. }

1. I'm pretty sure Vincent Cerf didn't intend for any tcp protocols to
survive changing the IP address every minute.  Although a lot of his
work seems to have involved machines that were too heavy to carry and
too expensive to re-address every minute, he appears to have
nevertheless been keenly interested in mobile computing & radio use
before either were common.  I've no doubt he'd be amused by the
originator's attempt, though I doubt he'd be supportive.  The problem
does sound remarkably like a "worst case" roaming scenario with
wireless IP.  Maybe something involving a revolving restaurant?

{ Since the originator of this thread appears to have been
relying on what are presumably non-dedicated data circuits &
shared servers, his connections are subject to random delay
depending on competition from other user(s) of those services.
Excessive delay will surely lead to lost data, and snippets
that cannot be pasted together without weirdness.
Presumably those delays will get worse with time... }

2. If you *were* trying to piece together a reliable data feed
out of very short snippets, you'd probably have much better luck
if you managed up to *two* separate overlapping connections --
dropping one once you've sync'd up with the other.  Dropping
duplicated data is easier than recreating lost data.

3. If you wanted to use internet protocols to give you a reliable
feed (instead of making one yourself as in 2), you'll want to run
a vpn on top of your physical connection, so that you can then
use tcp to manage packet drops due to the underlying connection
randomly disappearing.

4. "sox" will concatenate mp3 input's together.  You'd then need to
re-encode the output stream using some mp3 encoder.  sox won't
be capable of recovering data lost due to network drops,
and it's not going to help you with pasting snippets together either.
There is tons of other audio software that can do the same thing,
with variable amounts of fluff and bother.

5. There are a bunch of people who are very keen on matching audio
fragments up.  Some phrases they like to use are "audio finger-printing",
or "automatic music identification".  Unfortunately these are also the
very same people who tend to be real keen on proprietary data &
software techniques.  Fortunately for you, the patent process is
"supposed" to encourage people to provide sufficient information to
make it possible to make experimental use of patented technology.
Unfortunately for you, "supposed to" to a lawyer is rather like what
"possible" means to a mathematician who is asked if the product
of large primes can be factored.

-Marcus Watts

Re: auto-update named via dhcpd?

[viq]

On Saturday 15 July 2006 13:11, Rogier Krieger wrote:
> On 7/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Does the dhcpd that is shipped with OpenBSD 3.7 support the ability
> > to update bind?
>
> No, it does not.
>
> > Does the dhcpd that is shipped with OpenBSD 3.9 support this?
>
> IIRC, it does not support it either.

Does not, and from what I heard from one of the committers the support is not 
planned.
On a side note, there were some patches on ports@ I bielieve, that made 
isc-dhcp run with privilege separation - but I didn't get to try them yet... 
And yes, i have the setup you mention running at home.

> > If not, is the recommended approach to install ISC DHCP 3.x,
>
> It worked for me. See threads on MARC for a little more information.
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=110353569711035&w=2
>
> After installing ISC dhcpd, just follow the documentation to get DDNS
> updates working. E.g. by using the various README files included in
> the port.
>
> Cheers,
>
> Rogier

-- 
viq

Re: Ambiguous man memcmp

[Alexander Hall]

Karel Kulhavy wrote:

"otherwise returns the difference between the first two differing bytes"

Let's say already bytes b1[0] and b2[0] differ.

The manpage doesn't say in which order the difference is calculated.
Whether b1[0]-b2[0] or b2[0]-b1[0].


I could live with more specific documentation. Test it (I guess you have 
already), and post a diff to the man file to bugs@ or by sendbug. Not 
much work, and it just might make it into the tree.


/Alexander

PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30)

[Dragos Ruiu]

url: http://pacsec.jp

PacSec 2006 CALL FOR PAPERS

World Security Pros To Converge on Japan

   TOKYO, Japan -- To address the increasing importance of information
   security in Japan, the best known figures in the international security
   industry will get together with leading Japanese researchers to share
   best practices and technology. The most significant new discoveries
   about computer network hack attacks will be presented at the third
   annual PacSec conference to be discussed.
   
   The PacSec meeting provides an opportunity for foreign specialists to
   be exposed to Japanese innovation and markets and collaborate on
   practical solutions to computer security issues. In a relaxed setting
   with a mixture of material bilingually translated in both English and
   Japanese the eminent technologists can socialize and attend training
   sessions.
   
   Announcing the opportunity to submit papers for the PacSec 2006 applied
   security training conference. The conference will be held November
   27-30th in Tokyo. The conference focuses on emerging information
   security tutorials - it will be a bridge between the international and
   Japanese information security technology communities..
   
   Please make your paper proposal submissions before August 4 2006. Slides
   for the papers must be submitted by October 1st 2006. The conference is
   November 29th and 30th 2006, presenters need to be available in the
   days before to meet with interpreters. The Security Masters Dojo, Tokyo,
   is November 27 -28, 2006. Both events will be held at Aoyama Diamond 
   Hall.
   
   Some invited papers have been confirmed, but a limited number of
   speaking slots are still available. The conference is responsible for
   travel and acommodations for the speakers. If you have a proposal for a
   tutorial session then please email a synopsis of the material and your
   biography, papers and, speaking background to secwest06 [at] pacsec.jp.
   Tutorials are one hour in length, but with simultaneous translation
   should be approximately 45 minutes in English, or Japanese. Only slides
   will be needed for the October paper deadline, full text does not have
   to be submitted.
   
   The PacSec conference consists of tutorials on technical details about
   current issues, innovative techniques and best practices in the
   information security realm. The audiences are a multi-national mix of
   professionals involved on a daily basis with security work: security
   product vendors, programmers, security officers, and network
   administrators. We give preference to technical details and education
   for a technical audience.
   
   The conference itself is a single track series of presentations in a
   lecture theater environment. The presentations offer speakers the
   opportunity to showcase on-going research and collaborate with peers
   while educating and highlighting advancements in security products and
   techniques. The focus is on innovation, tutorials, and education
   instead of product pitches. Some commercial content is tolerated, but
   it needs to be backed up by a technical presenter - either giving a
   valuable tutorial and best practices instruction or detailing
   significant new technology in the products.
   
   Paper proposals should consist of the following information:
   
   1) Presenter, and geographical location (country of origin/passport)
   and contact info (e-mail, postal address, phone, fax).
   2) Employer and/or affiliations.
   3) Brief biography, list of publications and papers.
   4) Any significant presentation and educational experience/background.
   5) Topic synopsis, Proposed paper title, and a one paragraph
   description.
   6) Reason why this material is innovative or significant or an
   important tutorial.
   7) Optionally, any samples of prepared material or outlines ready.
   
   Please forward the above information to secwest06 [at] pacsec.jp to be
   considered for placement on the speaker roster. Please include a plain 
   text version of all the above informaiton along with any other submission
   data/information.

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, JapanNovember 26-30 2006http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[jared r r spiegel]

On Sun, Jul 16, 2006 at 02:40:04AM +0300, Soner Tari wrote:
> Thanks jared and others for your replies. I'll try all of your
> suggestions.
> 

> However, if you agree with me, I get the feeling that all of these are
> inelegant workarounds compared to the ideal solution: time support in pf
> (similar to perhaps iptables).

  no, actually, i disagree.

  i do not find anything missing in my life because pf doesn't have
  time support.

-- 

  jared

[ openbsd 3.9-current GENERIC ( jun 22 ) // i386 ]

Re: Do mp3 concatenation programs exist?

[smith]

> There are no useful answers for idiots.

I like that phrase, I'll have to remember that one.