Jeremy's PF book not listed in website
Hi, will Jeremy's book on PF http://www.reedmedia.net/books/pf-book/ be listed on http://www.openbsd.org/books.html any time soon ? Thankyou so much Kind Regards Siju
figures with magicpoint
Friends, I often find OpenBSD presentations made nicely with block diagrams and figures made with magicpoint. Apparently the figures are imported into magicpoint from an external source. What do I use? I need a spartan simple tool like magicpoint itself. Is xfig the right choice? What about inkscape? I am somewhat excited with SVG. Are ther other image manipulation tools out there? I guess gimp would be an overkill. And openoffice is not meant for UNIX geeks.:-) Thanks in advance for all the help. regards, Girish -- Whenever people agree with me I always feel I am wrong. - Oscar Wilde
Re: Jeremy's PF book not listed in website
On Mon, 11 Sep 2006, Siju George wrote: Hi, will Jeremy's book on PF http://www.reedmedia.net/books/pf-book/ be listed on http://www.openbsd.org/books.html any time soon ? It's already there... -Otto
Re: Jeremy's PF book not listed in website
On 9/11/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Mon, 11 Sep 2006, Siju George wrote: Hi, will Jeremy's book on PF http://www.reedmedia.net/books/pf-book/ be listed on http://www.openbsd.org/books.html any time soon ? It's already there... Oh yes! Thankyou I checked ony under the OpenBSD Specific books :-( sorry! kind regards Siju
openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 my h/w is: hp/comapq proliant 8000: - - 8x Xeon 550MHz - - 8GB ram - - compaq array controller 4250ES - - 1x intel 82558b lan - - 1x intel 82559 lan - - 8x 18GB scsi u160 according to harware support list for i386 found on BSD site, all of that h/w is supported in version 3.9. it should, but it does not. i tried 3.8, 3.9 and 4.0b - couldn't get it to run. i used boot floppy B - according to the manual this one contains proper stuff. at kernel start the hd0 device is shown properly, but afterwards kernel does not see the 4250es array controller nor intel lan cards. any ideas on how to run openBSD on this machine? i hope it can be done somehow, as i really do not want to switch to another OS, been using openBSD for years now... thanks in advance for a quick reply Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBTG03VOnD+tUq3sRAtFPAJ9eKfjZINazpLxDhALMRsGQZd/k3QCfcfSx t6096rCDhgUkA7tzETi//eY= =yKiH -END PGP SIGNATURE-
Re: openBSD 3.9 on hp/comapq proliant 8000
Czes3aw Liebert wrote: my h/w is: hp/comapq proliant 8000: - 8x Xeon 550MHz - 8GB ram - compaq array controller 4250ES - 1x intel 82558b lan - 1x intel 82559 lan - 8x 18GB scsi u160 Try to get at least a dmesg and post it here, see: http://www.openbsd.org/faq/faq4.html#getdmesg
Re: The future of NetBSD
Thorsten Glaser wrote: Marc G. Fournier dixit: And what I'm learning with bsdstats.org is that there are more then just those four ... GNU/kFreeBSD is reporting Now _that_'s funny ;) Yes, indeed. Some people are really wasting their time. are there any others? DragonFly Is already included on bsdstats.org. DesktopBSD PC-BSD Those two aren't separate operating systems, but rather FreeBSD with a custom GUI on top (live-FS / installer). They shouldn't be counted separately. [...] picoBSD nanoBSD The latter three are probably just stripped-down versions of the bigger ones. True. It could be argued whether they should be counted separately. Personally I don't think they should. The big ones are clearly DragonFly, Free-, Net- and OpenBSD. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. cat man du : where Unix geeks go when they die
Re: openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dimitry Andric napisa3(a): Try to get at least a dmesg and post it here, see: http://www.openbsd.org/faq/faq4.html#getdmesg i get the same result on every kernel i used: OpenBSD 3.9 (RAMDISK_CD) #1025: Thu Mar 2 02:43:29 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel Pentium III Xeon (GenuineIntel 686-class, 2048KB L2 cache) 550 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 4026081280 (3931720K) avail mem = 3669291008 (3583292K) using 4278 buffers containing 201408512 bytes (196688K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 14 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xcc000/0x800 0xe8000/0x6000! 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) ahc0 at pci0 dev 4 function 0 Adaptec AHA-2940U2 U2 rev 0x00: irq 5 scsibus0 at ahc0: 16 targets ahc0: target 6 using 8bit transfers ahc0: target 6 using asynchronous transfers st0 at scsibus0 targ 6 lun 0: QUANTUM, DLT7000, 2255 SCSI2 1/sequential removable st0: drive empty or not ready Compaq PCI Hotplug rev 0x11 at pci0 dev 11 function 0 not configured Compaq Netelligent ASMC rev 0x00 at pci0 dev 12 function 0 not configured vga1 at pci0 dev 13 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) pcib0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x4d pciide0 at pci0 dev 15 function 1 vendor ServerWorks, unknown product 0x0210 rev 0x4a: DMA (unsupported), channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-224E, 9.0B SCSI0 5/cdrom removable pciide0: channel 1 ignored (not responding; disabled or no drives?) vendor Corrollary, unknown product 0x1117 (class memory subclass RAM, rev 0x05) at pci0 dev 20 function 0 not configured vendor Corrollary, unknown product 0x1117 (class memory subclass RAM, rev 0x05) at pci0 dev 20 function 1 not configured pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffe5 netmask ffe5 ttymask ffe7 rd0: fixed, 3800 blocks root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 fd0: timeout (st0 20seek_cmplt cyl 0) fd0a: soft error reading fsbn 0 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBUhK3VOnD+tUq3sRAoLJAJ9igmnaCtlQgeRhaVo3isERGR8ovACfQ9nh YE8qhWyDxkwJ0TW3Q1gqSt4= =b/BN -END PGP SIGNATURE-
Re: figures with magicpoint
On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote: What do I use? I need a spartan simple tool like magicpoint itself. Is xfig the right choice? What about inkscape? I am somewhat excited with SVG. Are ther other image manipulation tools out there? I guess gimp would be an overkill. And openoffice is not meant for UNIX geeks.:-) metapost is great if you need figures with tex captions (though it's a programmer's tool). I'm also partial to kig, in kde-edu, which is great for geometric stuff. Gimp is a fine pixel drawing program. Depends a lot if you can live with pixel-art, or if you really need vectorial stuff. We don't have a working port of inkscape yet. This is a big issue with boehm-gc based software: this library tends to work rather badly on OpenBSD for now. There are also a few drawing programs in koffice, and they tend to get better from release to release...
Problem installing jre-1.5.0p9 without X11
Hi all, I'd like to install jre-1.5.0p9 on my production server, which are installed without X11. jre-1.5.0p9 relies on openmotif, which relies on X11. This jre will run tomcat webapps, so openmotif will not be really used. I try to install openmotif to satisfy dependencies with some force option, but it fails... Here's the log : $ sudo pkg_add -v -F libdepends,scripts openmotif parsing openmotif-2.1.30.5p1 Can't install openmotif-2.1.30.5p1: lib not found ICE.8.1 Even by looking in the dependency tree: Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. Can't install openmotif-2.1.30.5p1: lib not found SM.8.0 Can't install openmotif-2.1.30.5p1: lib not found X11.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xext.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xp.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xt.9.0 Not an ustar archive header openmotif-2.1.30.5p1: complete Adjusting md5 for /usr/local/lib/libXm.a from 34083b72a78e25556586ba1599ea2cf1 t o 5744ecff6c897cc215b94f56ef3c3df3 --- openmotif-2.1.30.5p1 --- system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.rules ] (mv -f /usr/ X11R6/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config/Motif.rules.orig c p -p /usr/local/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config)) failed: 256 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.tmpl ] (mv -f /usr/X 11R6/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config/Motif.tmpl.orig cp - p /usr/local/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config)) failed: 256 /usr/sbin/pkg_add: Installation of openmotif-2.1.30.5p1 failed , partial install ation recorded as partial-openmotif-2.1.30.5p1 $ Am I doom to install xbase ? Best regards, Bruno.
Re: figures with magicpoint
On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote: What do I use? I need a spartan simple tool like magicpoint itself. Is xfig the right choice? I have used xfig for creating simple graphs and diagrams for homework assignments, and I think it does the job well. I found the user-interface a little counter-intuitive at first, but nothing reading the documentation can't fix.
Problem whit thunderbird and enigmail
hi, When using the enigmail extension for thunderbird, the following message shows up: Enigmail: Enigmime Service not available According to the Enigmail FAQ [1] this happens when using official Enigmail releases with custom Thunderbird releases.I'm using the mozilla-thunderbird-1.5.0.5 package together with the enigmailpackage for OpenBSD available here [2]. As there is neither an official Thunderbird package for OpenBSD on mozilla.com, nor an enigmail package in the ports tree, this seems to be the only combination possible (except compiling both from source, which I would rather like to avoid) so I wonder if there is anybody else having the same problem. Best regards, Thomas. [1] http://enigmail.mozdev.org/troubles.html#wrongversion1 [2] http://enigmail.mozdev.org/download.html
Re: openBSD 3.9 on hp/comapq proliant 8000
On 2006/09/11 13:28, Czes?aw Liebert wrote: pcibios0: PCI bus #0 is the last bus looks like you're missing some busses then, if you have other PCI slots, you might try swapping cards around because some might be attached to a working bus. If not or this is no help and you're up to some hacking the following might help. If not it might save someone else some time finding the information.. pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 0x6010 is a compaq hotplug pci bridge, the other busses must be behind this. FreeBSD sets it up something like the serverworks (rcc) pchb with busses attached (OpenBSD does this in /usr/src/sys/arch/i386/pci/pchb.c e.g. around case PCI_VENDOR_RCC) but bus number is on a different config register on the compaq, 0xc8 instead of 0x44 - http://fxr.watson.org/fxr/source/i386/pci/pci_bus.c#L280
Re: Problem installing jre-1.5.0p9 without X11
On Mon, Sep 11, 2006 at 04:26:23PM +0400, Bruno Carnazzi wrote: Hi all, I'd like to install jre-1.5.0p9 on my production server, which are installed without X11. jre-1.5.0p9 relies on openmotif, which relies on X11. This jre will run tomcat webapps, so openmotif will not be really used. I try to install openmotif to satisfy dependencies with some force option, but it fails... Here's the log : $ sudo pkg_add -v -F libdepends,scripts openmotif parsing openmotif-2.1.30.5p1 Can't install openmotif-2.1.30.5p1: lib not found ICE.8.1 Even by looking in the dependency tree: Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. Can't install openmotif-2.1.30.5p1: lib not found SM.8.0 Can't install openmotif-2.1.30.5p1: lib not found X11.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xext.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xp.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xt.9.0 Not an ustar archive header openmotif-2.1.30.5p1: complete Adjusting md5 for /usr/local/lib/libXm.a from 34083b72a78e25556586ba1599ea2cf1 t o 5744ecff6c897cc215b94f56ef3c3df3 --- openmotif-2.1.30.5p1 --- system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.rules ] (mv -f /usr/ X11R6/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config/Motif.rules.orig c p -p /usr/local/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config)) failed: 256 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.tmpl ] (mv -f /usr/X 11R6/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config/Motif.tmpl.orig cp - p /usr/local/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config)) failed: 256 /usr/sbin/pkg_add: Installation of openmotif-2.1.30.5p1 failed , partial install ation recorded as partial-openmotif-2.1.30.5p1 $ Am I doom to install xbase ? Best regards, Bruno. No, you can hack out all the GUI stuff in java easily. I did that on a rainy saturday afternoon. Tobias ps: sometimes... wow.
Re: Problem whit thunderbird and enigmail
Hello, so I wonder if there is anybody else having the same problem. Yes, having the same problem... I wonder if it's a thunderbird or enigmail issue. Maybe it gets fixed once the ports tree isn't locked anymore. Michael
Re: figures with magicpoint
On Mon, Sep 11, 2006 at 02:24:51PM +0200, Marc Espie wrote: |On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote: | What do I use? I need a spartan simple tool like magicpoint itself. Is xfig the right choice? What about inkscape? I am somewhat excited with SVG. Are ther other image manipulation tools out there? I guess gimp would be an overkill. And openoffice is not meant for UNIX geeks.:-) | |metapost is great if you need figures with tex captions (though it's a |programmer's tool). | First of all many thanks for responding. I dont know Tex and metapost is too complex for me. Sorry. |I'm also partial to kig, in kde-edu, which is great for geometric stuff. | |Gimp is a fine pixel drawing program. Depends a lot if you can live with |pixel-art, or if you really need vectorial stuff. | |We don't have a working port of inkscape yet. This is a big issue with |boehm-gc based software: this library tends to work rather badly on OpenBSD |for now. | |There are also a few drawing programs in koffice, and they tend to get better |from release to release... Hmm, no KDE please. I am fine with using inkscape on some other OS. I am interested in knowing how you folks have managed to make such sexy eye candy presentations. :-) I am really running out of time guys, at max I can spend three to four days learning a tool. Thanks again. regards, Girish -- Whenever people agree with me I always feel I am wrong. - Oscar Wilde
Re: openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Cosgrove napisa3(a): There are two things you could try: 1. Try a CD (that will have more drivers on it than any of the floppies); 2. Try a different floppy disk, as it looks like this one is having problems in your server (could even be the floppy disk drive). And I wouldn't bother with 3.9 or earlier at this stage in the release cycle: the current snapshot (I think it's September 1 or something like that) is effectively a release candidate - even if there are more bug fixes made before the release, it will be a very simple upgrade to the actual 4.0 release. Yes, I saw you said 4.0b but there is no such version :) I assume you mean the 9/1 snapshot, but I can't be certain. And as I say, really do try a CD boot. I have also tried the cd boot - wasn't much of a help. The floppy is ok, i needed to write dmesg to floppy and mounted the drive before inserting a blank diskette. and yes, by saying 4.0b i really meant the lates snapshot. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBV7j3VOnD+tUq3sRAhi1AJ4ovMw2Lv75z/lMlhdEKY4M5I2zCgCfZ4WX OG0u42Nszn6qUxihuNMIbxY= =tuPY -END PGP SIGNATURE-
Re: openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stuart Henderson napisaE(a): On 2006/09/11 13:28, Czes?aw Liebert wrote: pcibios0: PCI bus #0 is the last bus looks like you're missing some busses then, if you have other PCI slots, you might try swapping cards around because some might be attached to a working bus. If not or this is no help and you're up to some hacking the following might help. If not it might save someone else some time finding the information.. pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 0x6010 is a compaq hotplug pci bridge, the other busses must be behind this. FreeBSD sets it up something like the serverworks (rcc) pchb with busses attached (OpenBSD does this in /usr/src/sys/arch/i386/pci/pchb.c e.g. around case PCI_VENDOR_RCC) but bus number is on a different config register on the compaq, 0xc8 instead of 0x44 - http://fxr.watson.org/fxr/source/i386/pci/pci_bus.c#L280 i can't get to this point as i can't get openBSD installer to run. as for freeBSD i tried 6.0, 5.5, 6.1 and they all work just fine on this machine. but i am not rally into free, thus the question here on the list. any more ideas? Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBV943VOnD+tUq3sRAmtHAJ0dTDDu9ORkcixgHYMNcUwleRMWrACfR7im KLRsOJdS35+h6MGnBOD3mp4= =BU+u -END PGP SIGNATURE-
Re: Problem installing jre-1.5.0p9 without X11
2006/9/11, Tobias Ulmer [EMAIL PROTECTED]: On Mon, Sep 11, 2006 at 04:26:23PM +0400, Bruno Carnazzi wrote: Hi all, I'd like to install jre-1.5.0p9 on my production server, which are installed without X11. jre-1.5.0p9 relies on openmotif, which relies on X11. This jre will run tomcat webapps, so openmotif will not be really used. I try to install openmotif to satisfy dependencies with some force option, but it fails... Here's the log : $ sudo pkg_add -v -F libdepends,scripts openmotif parsing openmotif-2.1.30.5p1 Can't install openmotif-2.1.30.5p1: lib not found ICE.8.1 Even by looking in the dependency tree: Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. Can't install openmotif-2.1.30.5p1: lib not found SM.8.0 Can't install openmotif-2.1.30.5p1: lib not found X11.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xext.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xp.9.0 Can't install openmotif-2.1.30.5p1: lib not found Xt.9.0 Not an ustar archive header openmotif-2.1.30.5p1: complete Adjusting md5 for /usr/local/lib/libXm.a from 34083b72a78e25556586ba1599ea2cf1 t o 5744ecff6c897cc215b94f56ef3c3df3 --- openmotif-2.1.30.5p1 --- system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.rules ] (mv -f /usr/ X11R6/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config/Motif.rules.orig c p -p /usr/local/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config)) failed: 256 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.tmpl ] (mv -f /usr/X 11R6/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config/Motif.tmpl.orig cp - p /usr/local/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config)) failed: 256 /usr/sbin/pkg_add: Installation of openmotif-2.1.30.5p1 failed , partial install ation recorded as partial-openmotif-2.1.30.5p1 $ Am I doom to install xbase ? Best regards, Bruno. No, you can hack out all the GUI stuff in java easily. I did that on a rainy saturday afternoon. Is that possible to bypass X just with pkg_tools ? Bruno. Tobias ps: sometimes... wow.
Re: openBSD 3.9 on hp/comapq proliant 8000
On 2006/09/11 15:07, Czes??aw Liebert wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stuart Henderson napisaE(a): On 2006/09/11 13:28, Czes?aw Liebert wrote: pcibios0: PCI bus #0 is the last bus looks like you're missing some busses then, if you have other PCI slots, you might try swapping cards around because some might be attached to a working bus. If not or this is no help and you're up to some hacking the following might help. If not it might save someone else some time finding the information.. pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 rev 0x01 0x6010 is a compaq hotplug pci bridge, the other busses must be behind this. FreeBSD sets it up something like the serverworks (rcc) pchb with busses attached (OpenBSD does this in /usr/src/sys/arch/i386/pci/pchb.c e.g. around case PCI_VENDOR_RCC) but bus number is on a different config register on the compaq, 0xc8 instead of 0x44 - http://fxr.watson.org/fxr/source/i386/pci/pci_bus.c#L280 i can't get to this point as i can't get openBSD installer to run. as for freeBSD i tried 6.0, 5.5, 6.1 and they all work just fine on this machine. but i am not rally into free, thus the question here on the list. any more ideas? read my first paragraph where I mention swapping cards around.
Re: Building bsd.rd in cdrom39.fs with RAIDFrame
Proper src/etc/etc.i386/Makefile.inc patch: -- $ diff -u Makefile.inc Makefile.inc-patched --- Makefile.incSun Sep 10 15:46:33 2006 +++ Makefile.inc-patchedSun Sep 10 15:46:06 2006 @@ -2,11 +2,13 @@ # etc.i386/Makefile.inc -- i386-specific etc Makefile targets .ifdef DESTDIR -snap_md: bsd bsd.mp notes bootblocks distrib +snap_md: bsd bsd.mp bsd.mp+raidframe notes bootblocks distrib cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC/bsd \ ${DESTDIR}/snapshot/bsd cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP/bsd \ ${DESTDIR}/snapshot/bsd.mp + cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME/bsd \ + ${DESTDIR}/snapshot/bsd.mp+raidframe bsd: cd ${.CURDIR}/../sys/arch/i386/conf config GENERIC @@ -16,6 +18,11 @@ bsd.mp: cd ${.CURDIR}/../sys/arch/i386/conf config GENERIC.MP cd ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP \ + ${MAKE} clean ${MAKE} depend exec ${MAKE} + +bsd.mp+raidframe: + cd ${.CURDIR}/../sys/arch/i386/conf config GENERIC.MP+RAIDFRAME + cd ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME \ ${MAKE} clean ${MAKE} depend exec ${MAKE} notes: -- On Fri, 8 Sep 2006, Brian A. Seklecki wrote: One of the big problems with RAIDFrame support absence in GENERIC is that it's also lacking in RAMDISK and RAMDISK_CD. This prevents RAIDFrame users from doing binary updates off boot media. This can be fixed with a few tweaks in src/distrib/i386/: First, create a bsd.rd within cdrom39.fs (note, NOT cd39.iso!) with RAIDFrame support: Because src/distrib/i386/ramdisk_cd/Makefile simply includes ${.CURDIR}/../common/Makefile.inc, appends list.local with a couple hundred extra-Kb or utilities, sets the floppy imagage to 2.8mb size, then declares $RAMDISK. (Which is a *very* ambiguous name, mind you, a better name would be something like $KERNERLCONF, etc.), one can simply adjust RAMDISK= to point to a src/sys/arch/i386/conf/$foo kernel conf file which will get automatically build on 'make release' in src/etc/ as 'bsd.rd'. Simply copy src/sys/arch/i386/conf/RAMDISK_CD to conf/RAMDISK_CD+RAIDFrame append the following: pseudo-device raid 4 # RAIDframe disk driver options RAID_AUTOCONFIG Then set the following in distrib/i386/ramdisk_cd/Makefile: RAMDISK=RAMDISK_CD+RAIDFrame Next, make another kernel package available to the install script (GENERIC+RAIDFrame) as an option. Follow the same instructions for RAMDISK_CD for GENERIC. Add the following to src/etc/etc.i386/Makefile.inc: bsd.mp+raidframe: cd ${.CURDIR}/../sys/arch/i386/conf config GENERIC.MP+RAIDFRAME cd ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME \ ${MAKE} clean ${MAKE} depend exec ${MAKE} Then add the following to src/distrib/notes/m4.common: define({:-OpenBSDbsdmp+raidframe-:}, {:- bsd.mp+raidframe A stock GENERIC.MP MACHINE kernel, with support for multiprocessor machines, which can be used instead of the GENERIC kernel after the install. Also features CMU RAIDFrame support for upgrading exisint RAIDFrames.-:})dnl dnl Then clean out your obj and src and rebuild. Your $RELEASDIR/cdrom39.fs (2.88mb Floppy image for use with mkisofs(1)) will contain a gzip(1)'d bsd.rd with RAIDFrame support). Run mkisofs(8) on your $DESTIDR with cdrom39.fs as your '-B'. You may now safely burn a CD-R for binary upgrades of existing RAIDFrame enabled OpenBSD systems, or use your .ISO with your DRAC card via remote media. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing, diskquota meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing, diskquota meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were.
Re: openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stuart Henderson napisaE(a): read my first paragraph where I mention swapping cards around. i did read it :) swaping PCI slots didn't help (i have only one more such slot, as the scsi controller uses the pci 64bit scsi extended slot with only two possibilities). so hacking seems to be the only way out of this bush ? iD8DBQFFBWdY3VOnD+tUq3sRAq+qAJ9I4zEc90tq62tGbVVxBxGDE53H7wCeNGi0 R2WoOmpdejXP/e23c99gFFM= =bi4W -END PGP SIGNATURE-
Re: figures with magicpoint
There are also a few drawing programs in koffice, and they tend to get better from release to release... Actually, just from personal experience doing 4.0 ports testing and setting up my kids' machines (my kids become release install guinea pigs every release :), While I still have to struggle to maintain sphincter control while using anything other than twm or fvwm, I've taken to installing the full bloat kde stuff on my kid's machines for their everyday use, and frankly I'm amazed at how much better the port and the package in general has gotten in the past couple years. My kids are now regularly doing their schoolwork on it, and only boot windows to play games. (mind you, the fact that the house pf rules prohibit OS Windows from doing anything but web also has something to do with that) I just turn my kids loose on kde these days and they find ways to do what they need. I'm fairly impressed at how well OpenBSD with a full kde install and a few key ports dropped in works for this. -Bob
panics on amd64 snapshot
I have a dual core Opteron system that I'm trying to make into a mail server for my company to replace a 7 year old Linux box that's on its last leg. I started off using the 3.9 release of the amd64 system and ran into a few problems (keyboard and cdrom didn't work). It was suggested that I move to the latest snapshot, which I did about a week ago. That fixed the keyboard and cdrom problems, so I began configuring the box. I am only running a few packages on this machine: courier imap, postfix, fetchmail, procmail. In the past 2-3 days (which is how long the box has actually been active, i.e. running all the daemons and having mail clients connect to it) I have experienced two kernel panics. I thought that the info from the panic would show up in the dmesg after rebooting, but that data seems to have been corrupted. I could only see bits and pieces of the kernel debugger message from the first panic. This time around, I'm still sitting in the kernel debugger so I am able to run a few commands if anybody has any specific requests. Trace shows: panic() at panic+0x12a amap_wipeout() at amap_wipeout+0x71 uvm_unmap_detach() at uvm_unmap_detach+0x9b sys_munmap() at sys_munmap+0x145 syscall() at syscall+0x25c --- syscall (number 73) --- ps shows the active process was imapd. I am running the bsd.mp kernel from the amd64 snapshot. To ask a different question, for the hardware that I have, what would be the most stable port/version that I could run? Am I better off going with the 3.9 release of the i386 code vs. the current snapshot of the amd64 stuff? My top priorities for this box are stability first and then security second, performance is a distant third since it's just a mail server for a small company. Thanks, Jeff
Re: openBSD 3.9 on hp/comapq proliant 8000
Hi Czeslaw, Can you try the attached patch? You'll have to do a make in sys/dev/pci after you've applied the patch. Index: dev/pci/pcidevs === RCS file: /cvs/src/sys/dev/pci/pcidevs,v retrieving revision 1.1139 diff -u -p -r1.1139 pcidevs --- dev/pci/pcidevs 25 Aug 2006 04:26:29 - 1.1139 +++ dev/pci/pcidevs 11 Sep 2006 15:45:17 - @@ -1203,6 +1203,7 @@ product COMPAQ CSA64000x409c Smart Arr product COMPAQ CSA6400EM 0x409d Smart Array 6400 EM product COMPAQ CSA6422 0x409e Smart Array 6422 product COMPAQ CSA64XX 0x0046 Smart Array 64xx +product COMPAQ HOTPLUG_PCI 0x6010 Hotplug PCI product COMPAQ USB 0x7020 USB product COMPAQ FXP 0xa0f0 Netelligent ASMC product COMPAQ PCI_ISA_BRIDGE1 0xa0f3 ISA Index: arch/i386/pci/pchb.c === RCS file: /cvs/src/sys/arch/i386/pci/pchb.c,v retrieving revision 1.52 diff -u -p -r1.52 pchb.c --- arch/i386/pci/pchb.c13 Mar 2006 20:10:49 - 1.52 +++ arch/i386/pci/pchb.c11 Sep 2006 15:45:17 - @@ -220,6 +220,27 @@ pchbattach(parent, self, aux) break; } break; + case PCI_VENDOR_COMPAQ: + switch (PCI_PRODUCT(pa-pa_id)) { + case PCI_PRODUCT_COMPAQ_HOTPLUG_PCI: + pbnum = pci_conf_read(pa-pa_pc, pa-pa_tag, 0xc8); + + /* +* This host bridge has a second PCI bus. +* Configure it. +*/ + neednl = 0; + pba.pba_busname = pci; + pba.pba_iot = pa-pa_iot; + pba.pba_memt = pa-pa_memt; + pba.pba_dmat = pa-pa_dmat; + pba.pba_bus = pbnum; + pba.pba_bridgetag = NULL; + pba.pba_pc = pa-pa_pc; + printf(\n); + config_found(self, pba, pchb_print); + } + break; case PCI_VENDOR_RCC: bdnum = pci_conf_read(pa-pa_pc, pa-pa_tag, 0x44); if (bdnum = (sizeof(rcc_bus_visited) * 8) ||
feature req: vnconfig should work on readonly fs; round 3
Let's see if I can get this closer to right. The patch is against and tested on -current. Thank you, Pedro, for your help. --- sys/dev/vnd.c.orig Sun Sep 10 19:18:28 2006 +++ sys/dev/vnd.c Mon Sep 11 15:54:30 2006 @@ -142,7 +142,10 @@ #defineVNF_HAVELABEL 0x0400 #defineVNF_BUSY0x0800 #defineVNF_SIMPLE 0x1000 +#defineVNF_READONLY0x2000 +#define FLG(vnd) (vnd-sc_flags VNF_READONLY ? FREAD : FREAD|FWRITE) + struct vnd_softc *vnd_softc; int numvnd = 0; @@ -234,6 +237,11 @@ if ((error = vndlock(sc)) != 0) return (error); + if (flags FWRITE sc-sc_flags VNF_READONLY) { + error = EROFS; + goto bad; + } + if ((sc-sc_flags VNF_INITED) (sc-sc_flags VNF_HAVELABEL) == 0) { sc-sc_flags |= VNF_HAVELABEL; @@ -817,20 +825,25 @@ } /* -* Always open for read and write. -* This is probably bogus, but it lets vn_open() +* Open for read and write first. This lets vn_open() * weed out directories, sockets, etc. so we don't * have to worry about them. */ NDINIT(nd, LOOKUP, FOLLOW, UIO_USERSPACE, vio-vnd_file, p); - if ((error = vn_open(nd, FREAD|FWRITE, 0)) != 0) { + vnd-sc_flags = ~VNF_READONLY; + error = vn_open(nd, FREAD|FWRITE, 0); + if (EROFS == error) { + vnd-sc_flags |= VNF_READONLY; + error = vn_open(nd, FREAD, 0); + } + if (error) { vndunlock(vnd); return (error); } error = VOP_GETATTR(nd.ni_vp, vattr, p-p_ucred, p); if (error) { VOP_UNLOCK(nd.ni_vp, 0, p); - (void) vn_close(nd.ni_vp, FREAD|FWRITE, p-p_ucred, p); + (void) vn_close(nd.ni_vp, FLG(vnd), p-p_ucred, p); vndunlock(vnd); return (error); } @@ -838,7 +851,7 @@ vnd-sc_vp = nd.ni_vp; vnd-sc_size = btodb(vattr.va_size);/* note truncation */ if ((error = vndsetcred(vnd, p-p_ucred)) != 0) { - (void) vn_close(nd.ni_vp, FREAD|FWRITE, p-p_ucred, p); + (void) vn_close(nd.ni_vp, FLG(vnd), p-p_ucred, p); vndunlock(vnd); return (error); } @@ -851,7 +864,7 @@ if ((error = copyin(vio-vnd_key, key, vio-vnd_keylen)) != 0) { - (void) vn_close(nd.ni_vp, FREAD|FWRITE, + (void) vn_close(nd.ni_vp, FLG(vnd), p-p_ucred, p); vndunlock(vnd); return (error); @@ -1087,7 +1100,7 @@ vnd-sc_flags = ~VNF_INITED; if (vp == (struct vnode *)0) panic(vndioctl: null vp); - (void) vn_close(vp, FREAD|FWRITE, vnd-sc_cred, p); + (void) vn_close(vp, FLG(vnd), vnd-sc_cred, p); crfree(vnd-sc_cred); vnd-sc_vp = (struct vnode *)0; vnd-sc_cred = (struct ucred *)0; --- usr.sbin/vnconfig/vnconfig.c.orig Sun Sep 10 19:19:25 2006 +++ usr.sbin/vnconfig/vnconfig.cMon Sep 11 15:28:27 2006 @@ -226,7 +226,7 @@ char *rdev; int rv; - if (opendev(dev, O_RDWR, OPENDEV_PART, rdev) 0) + if (opendev(dev, O_RDONLY, OPENDEV_PART, rdev) 0) err(4, %s, rdev); f = fopen(rdev, rw); if (f == NULL) {
Re: broadcom
Yes... I agree with with you... not really my decision at the time, since I didn't work here... but I guess the thought was that RaidFrame would provide more uptime in case of multiple harddrive failures, and not really data protection. Thanks Daniel Daniel Ouellet wrote: Tom Bombadil wrote: One funny story about redundancy in general: we run raidframe to mirror the 2 disks in the system... And like I said both firewalls were crashing together... After the crash our allegedly redundant firewalls were both down for 20 minutes for parity rebuilding... simplicity is a beautiful thing ;) May be that's just me, but a very simple question for you. If you have redundant firewall and I guess you are running CARP on them right? Why would you even have raidframe setup on a firewall. Isn't it the KISS gold principal would dictate otherwise here. Specially for a firewall. A good firewall needs the minimum setup on it. Obviously I may be talking none sense here, but RaidFrame on a firewall is the last place I would put it. What kind of data do you want to protect on a RaidFrame. The list of bad ssh attackers for your PF configurations? Must be a HUGE list to needs RaidFrame for it! (; Just a thought, may be review your setup might be much better then trying to get new hardware, but that's just me. Best, Daniel
Re: Lockup problem with quad nic (dc driver)
Jason Dixon wrote: On Sep 10, 2006, at 12:36 PM, Joe wrote: Jason Dixon wrote: On Sep 10, 2006, at 4:31 AM, Joe wrote: Andreas Bihlmaier wrote: snip I have the same problem with this board: cpu0: VIA Esther processor 1500MHz (CentaurHauls 686-class) 1.50 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 The problem is not dc(4) specific, it seems the board can't handle pci bridges, so far I tested dual nics: fxp, tl, sf, none of them seems to work, they all lock up the box as soon as I up more than one of the interfaces. Thanks for the reply. This is disappointing. I really wanted to use this board as my new firewall/vpn. So, my advice for now is to stay away from the new VIA EN or CN series boards with the C7 processor for use as multihomed firewalls. I still don't understand why some folks avoid using VLANs in these circumstances. You can get very creative with physical interfaces, trunk(4), and vlan(4). It's pretty rare these days that you actually *need* dual/quad cards. I setup 3 vlans on fxp0 (replaced the quad nic with fxp0) and things seem to be working great. Thanks for the recommendation.
Re: can www execute sendmail -t?
if(pclose(mail)) err(2, NULL); that did it. I don't understand why though. Got a cluestick handy? --Bryan
Re: can www execute sendmail -t?
Easy enough to write one's own with a call to pipe(2) and some sleight-of-handle with dup2 and friends, depending on need. Stevens' Adv. Prog. in the Unix Env. has the canonical examples. Offhand, though, I can't think of an existing library routine. The OP is not so hot on C programming, he says. (I refer him to the book just mentioned, which is truly how to write real Unix programs, should he like to improve his skills at the feet of a master.) I actually *just* received that book a couple days ago from amazon. I've barely made it through the preface, but I can already tell that this book will enable me to be mediocre :-) --Bryan
Re: openBSD 3.9 on hp/comapq proliant 8000
Can you try the attached patch? You'll have to do a make in sys/dev/pci after you've applied the patch. It might be worth pointing out: it should be enough to determine if it works by building a normal kernel on another system and burning it to CD. You can boot with the boot loader from a normal OpenBSD CD (a proper one or a burned cd##.iso), swap CDs and boot the new kernel. It will panic when it tries to mount root but hopefully before then it will have already listed the missing devices. If the devices show up it's worth making a ramdisk kernel so you can install - the normal way is to follow release(8) but you may save a bit of time if you adapt the raidframe instructions posted here a couple of days ago. Yes, there's some work involved, but it's fairly straightforward and you're the one who wants the system to work :-)
Re: Feedback wanted on gethttpd graylisting ideas included
On Sat, Sep 09, 2006 at 08:03:18PM -0400, Daniel Ouellet wrote: I am working on this idea and put into place a series of defense that are proved effective so far, but obviously not as practical and speedy as spamd is at the moment. It's a variable of scripts here and there based on multiple aspect of the standard use for web access. Some of the ideas are not new and are based on spamd, just not all in place yet. 1. For Crawlers and Bot First is the proliferations of mom and pop pots and crawlers. After testing difference setup, I realize to my surprise, yes call me stupid, that a handful are actually good citizen! The use and standard of robots.txt is well known and all good citizen robots should respect that. Not a mean of protection for your site, but never the less they should respect that. So, what's inside it, if you forbid some directories, or files, they should respect that and any that do not, well I guess it's fine to kill them. Why should they be granted access if they do respect my wishes as the owner and/or operator of the site(s). 1.1 First defense. No crawling on forbidden preset robots.txt with incremental deny access to them. Many be not the best approach, but it is working as of all crawlers, this method in place catch 381 bad citizen crawlers in a week time. The idea is very simple. I preset my robots.txt file to include a file, or in this case a directory that if not to be crawler and in the directory I put a file that include a script that will block the source via PF and log the entry in a SQL database as well as it will be share between all servers later on. I also put on the front page of the site a very simple LINK to a 1 pixel image at the bottom of the page that is simply not visible to the users and that is not click able as well. So a regular user will never click and nor see it. But a crawler will follow all links obviously as the definition of a crawler. Now don't forget that the crawler is suppose to respect the robots.txt directives. So, this URL is in the forbidden directory and many crawlers do respect that very well. Live test proved this just to well. However, all the bad one, will not and as such, the URL trigger a script that will log their IP and add them to PF to block them right away! BYE BYE! Now you may asked why I do incremental deny here. To be nice I guess, but also because some connections are from PROXY and not all proxy also have the header identifier as such. So, as such, you don't want to loose traffic from legitimate users that are behind PROXY like AOL. This need a bit more work and so far the standard should help to make sure only proxy from the same remote users behind it would be block should all proxy respect the standard and add this part to their header as most do. You can call this the bypass of broken proxy for now. Should all proxy be right, then this could be permanent, may be. This also have the side benefit to stop some low life from stealing your content by trying to import all your site content at once. Not the goal here, but it's a side benefit to it should you want that. Your worries about losing proxies is correct; it looks like you have that problem mostly covered. I'm not sure it would help much about bandwidth hogs, though - I don't have any numbers on what programs are most often used, but something like wget certainly does respect robots.txt. 3. DDoS GET attacks Bandwidth suckers defense. Multiple approach. 3.1 Good users supply data check. So far most/all of the variations of attacks on web sites are with scripts trying to inject itself to your servers. Well, you need to do sanity checks on your code. Nothing can really protect you for that if you don't check what you expect to receive from users input. So, I have nothing for that. No idea anyway on how to, other then may be limiting the side of the argument a get can send, but even that is bad idea I think. This is not applicable to DDoS, really - though you are otherwise right, of course. 3.2 Gray listing idea via 302 temporary return code. Many scripts wants you to waist as much bandwidth as possible, if they can't inject itself into your servers, so they will in turn attack a specific page or section of your site and try to make you waist plenty of bandwidth, or even SQL back end power as well. One simple approach on this defense came to me from the idea of spamd. But to do this. You don't want the users to wait, or they will go else where and you just lots them. So, the idea is again simple. Just return the users a code to tell them to come back. Simply with a 302 temporary redirect code. You might say this will affect my search engine, well not really. There isn't any impact as any search engine will not save temporary content on redirect and if they do, then they are wrong. But should you be concern with this, then add as well
Re: openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Kettenis napisaE(a): Hi Czeslaw, Can you try the attached patch? You'll have to do a make in sys/dev/pci after you've applied the patch. Not really, because i cannot get on with the system as it does not see my hard disks. iD8DBQFFBcv8dj0NORdzQIoRAnfLAJ9fdjfER/q+0HtLsYvKRONJECcD2ACfXwtr wVRlJOIxJYwl0MDEXc12anE= =T4dV -END PGP SIGNATURE-
Re: openBSD 3.9 on hp/comapq proliant 8000
On Mon, Sep 11, 2006 at 10:50:04PM +0200, Czes??aw Liebert wrote: Mark Kettenis napisaE(a): Hi Czeslaw, Can you try the attached patch? You'll have to do a make in sys/dev/pci after you've applied the patch. Not really, because i cannot get on with the system as it does not see my hard disks. You can build on a different machine, as already posted here on [EMAIL PROTECTED] That is no different from building a kernel on the machine itself. If you have no sacrificial box handy, use qemu - the speed will suck, but compiling only the kernel should be very doable. Joachim
Re: openBSD 3.9 on hp/comapq proliant 8000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joachim Schipper napisaE(a): You can build on a different machine, as already posted here on [EMAIL PROTECTED] That is no different from building a kernel on the machine itself. If you have no sacrificial box handy, use qemu - the speed will suck, but compiling only the kernel should be very doable. this can be done; ill try tommorow morning as now i am at home and the proliant at work. let u know how it was. czeslaw iD8DBQFFBdJbdj0NORdzQIoRAjykAJ4tor1lJNDGLucK5FZAxSFG5DT2XwCgyUwC fuhGZIo8v2lQFL6KJyrsY8c= =dRAW -END PGP SIGNATURE-
Re: Feedback wanted on gethttpd graylisting ideas included
Joachim Schipper wrote: Your worries about losing proxies is correct; it looks like you have that problem mostly covered. I'm not sure it would help much about bandwidth hogs, though - I don't have any numbers on what programs are most often used, but something like wget certainly does respect robots.txt. Actually it does. There is many attacks going on right now as you know, but if you put them in category, you have the tones of variation of user pass value sanity check and you can now see that on Security focus. They release in the last three days, over a dozen so far. Even more now I am sure. I saw that started a few eeks ago if you look into the archive, but that's irrelevant anyway. The other is a virus that spread the same way, or similar. In that case they actually call big content page(s) on your site. When I mean big content, it's not with images, etc. But text stuff. The reason if their virus do not process the content and would need to be bigger to do so. This way, it still small and the web server see it as legit and will reply. But if you have pages that have .5MB of text on it as an example that comes from database back end, then they hope to bring your server down, your SQL back end down and if not make you waist as much bandwidth as possible. I notice it first on the HUGE increase on the GB of transfer each day. Just for you to get a picture of this effect. I have logged over 300,000 sources of virus doing this type of attack so far on my servers and they pull a series of pages that are pretty big in text content, between 150KB minimum to 750KB, or so excluding any other content. Each of the offending source will pull that content many times a day. I mean just think about it. So, if you go ONLY with an example of let say just for fun. One time an hour only from each one on and accessing an average page of 500KB. You get a waisted transfer for that day only of: 24 hours * 500,000 Bytes in size * from 300,000 source and you have: 3,600,000,000,000 Bytes of waisted bandwidth / day. Now if you assume that this is prefect and constant without peek for example, then you need to push this amount of data in 24 hours, so you would need: 3,600,000,000,000 * 8 bits/Byte = 28,800,000,000,000 / (60 seconds * 60 minutes * 24 hours) and get 333,333,333 bits/sec needed in capacity, just for this waisting stuff! And this is only based on one query per hours! Get the picture and the size of the problem. (: So, what I put into place to counter that doesn't stop it as you can stop the source from coming in, but you need to find the good out of the bad and my reply to bad one happen to be only 5 bytes instead in the log anyway. All this is with forgetting all the overhead, etc. So, yes it's a BIG help for bandwidth hogs! And don't forget that's per destination under attack! (: So, yes, it can be totally unmanageable if not stop from the start and on big scale. 3. DDoS GET attacks Bandwidth suckers defense. Multiple approach. 3.1 Good users supply data check. So far most/all of the variations of attacks on web sites are with scripts trying to inject itself to your servers. Well, you need to do sanity checks on your code. Nothing can really protect you for that if you don't check what you expect to receive from users input. So, I have nothing for that. No idea anyway on how to, other then may be limiting the side of the argument a get can send, but even that is bad idea I think. This is not applicable to DDoS, really - though you are otherwise right, of course. I provided a very simple way to not remove the problem, but to at a minimum stop it from getting infected based on all the latest series of security focus variations and it also have the benefit to point you to any possible source that your server might have install on them as well. Very simple really. 3.2 Gray listing idea via 302 temporary return code. This could be effective, indeed - though I am not sure it would block many attackers. Work like a charm in real life so far. See number above for results. It's been use successfully so far for a few weeks and no bad side effect still, just HUGE benefits! And the servers still don't break into sweat yet! 3.4 What about the compromise user computer itself, or proxy server. Faking those headers is easily done, though; ideally, you'd want to cross-check p0f and the headers. I'm not entirely sure it would hurt an attacker more than it hurt you, though, and priviliged code is always scary, and doubly so when close to essentially untrusted web apps. True for sure. But you still need a way to make the difference between good and bad passing through proxy, or you loose to much. Here obviously, I go with the fact that so far, yes these headers are fake and it's trivial to do as well, but none of the attack so far anyway generate random headers. In witch case it would be useless obviously. 4. What about more intelligent
Re: broadcom
RAIDFrame is disabled in GENERIC for a reason you know. On Mon, Sep 11, 2006 at 10:08:48AM -0700, Tom Bombadil wrote: Yes... I agree with with you... not really my decision at the time, since I didn't work here... but I guess the thought was that RaidFrame would provide more uptime in case of multiple harddrive failures, and not really data protection. Thanks Daniel Daniel Ouellet wrote: Tom Bombadil wrote: One funny story about redundancy in general: we run raidframe to mirror the 2 disks in the system... And like I said both firewalls were crashing together... After the crash our allegedly redundant firewalls were both down for 20 minutes for parity rebuilding... simplicity is a beautiful thing ;) May be that's just me, but a very simple question for you. If you have redundant firewall and I guess you are running CARP on them right? Why would you even have raidframe setup on a firewall. Isn't it the KISS gold principal would dictate otherwise here. Specially for a firewall. A good firewall needs the minimum setup on it. Obviously I may be talking none sense here, but RaidFrame on a firewall is the last place I would put it. What kind of data do you want to protect on a RaidFrame. The list of bad ssh attackers for your PF configurations? Must be a HUGE list to needs RaidFrame for it! (; Just a thought, may be review your setup might be much better then trying to get new hardware, but that's just me. Best, Daniel
Acer Laptop Soundcard problem
Hello, I have OpenBSD 3.9 installed in my Acer Aspire 3002LCi Laptop. The Soundcard is not working. This is the dmesg output: auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: irq 5, SiS7012 AC97 ac97: codec id 0x414c4770 (Avance Logic ALC203) ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auich0 So, aparently, OpenBSD detects the soundcard well. So, this is the mixerctl output: outputs.master=255,255 outputs.master.mute=off outputs.mono=255 outputs.mono.mute=on outputs.mono.source=mixerout outputs.headphones=255,255 outputs.headphones.mute=on outputs.bass=255 outputs.treble=255 inputs.speaker=255 inputs.speaker.mute=off inputs.phone=191 inputs.phone.mute=on inputs.mic=191 inputs.mic.mute=on inputs.mic.preamp=off inputs.mic.source=mic0 inputs.line=191,191 inputs.line.mute=on inputs.cd=191,191 inputs.cd.mute=on inputs.video=255,255 inputs.video.mute=off inputs.aux=191,191 inputs.aux.mute=on inputs.dac=191,191 inputs.dac.mute=off record.source=mic record.volume=255,255 record.volume.mute=off record.mic=0 record.mic.mute=on outputs.loudness=off outputs.spatial=off outputs.spatial.center=0 outputs.spatial.depth=0 outputs.surround=255,255 outputs.surround.mute=off outputs.center=255 outputs.center.mute=off outputs.lfe=255 outputs.lfe.mute=off outputs.extamp=off It seems the mute is disabled and the soundcard must play any sound file (au, wav, etc...) but...is not. Any idea? Thanks in advance and sorry about my ugly english Alvaro
Re: broadcom
mm... I thought it was to save ~500K in the kernel: http://openbsd.org/faq/faq14.html#Optraid Is there any other reason? Cheers Marco Peereboom wrote: RAIDFrame is disabled in GENERIC for a reason you know. On Mon, Sep 11, 2006 at 10:08:48AM -0700, Tom Bombadil wrote: Yes... I agree with with you... not really my decision at the time, since I didn't work here... but I guess the thought was that RaidFrame would provide more uptime in case of multiple harddrive failures, and not really data protection. Thanks Daniel Daniel Ouellet wrote: Tom Bombadil wrote: One funny story about redundancy in general: we run raidframe to mirror the 2 disks in the system... And like I said both firewalls were crashing together... After the crash our allegedly redundant firewalls were both down for 20 minutes for parity rebuilding... simplicity is a beautiful thing ;) May be that's just me, but a very simple question for you. If you have redundant firewall and I guess you are running CARP on them right? Why would you even have raidframe setup on a firewall. Isn't it the KISS gold principal would dictate otherwise here. Specially for a firewall. A good firewall needs the minimum setup on it. Obviously I may be talking none sense here, but RaidFrame on a firewall is the last place I would put it. What kind of data do you want to protect on a RaidFrame. The list of bad ssh attackers for your PF configurations? Must be a HUGE list to needs RaidFrame for it! (; Just a thought, may be review your setup might be much better then trying to get new hardware, but that's just me. Best, Daniel
Winery Web Site Special
Professional Web Designs (Cost Effective Solutions) WalkinWebStore is the first and only store front web design company in California with over eight years experience. We have helped thousands of Wineries throughout California and the U.S. with their Web Site Designs, Web Site Hosting, Online Dynamic Shopping Carts, Database Programming and Search Engine Ranking. * Custom Flash/Html Web Designs (Sample Web Site) * E-commerce Solutions (No Annual/Monthly Fee and No % From Each Sale) Web Store Demo * Online Wine Club Database * Customer HTML Newsletter Database * Search Engine Ranking * Interactive Flash Gallery (Showing the Winery) * Custom Online Calendar * Plus Much More Don't wait...your competition is passing you by each day your not selling or marketing online. (877) 232-4WEB Please contact our Store today and one of our friendly store managers will assist you in answering any questions that you may have. Please also contact us for a Quick Online Quote. To remove your company email name, please use the Link below. Click Here to receive text-based newsletter in the future. Your are currently subscribed as: [EMAIL PROTECTED] To unsubscribe, please click Here .
Re: broadcom
On 9/11/06, Tom Bombadil [EMAIL PROTECTED] wrote: mm... I thought it was to save ~500K in the kernel: http://openbsd.org/faq/faq14.html#Optraid Is there any other reason? Cheers (top posting is the suck) Marco Peereboom wrote: RAIDFrame is disabled in GENERIC for a reason you know. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/raidframe/ it hasn't been updated in 7 years? Bug fixes, reliability improvements, and features have not been ported from greg's -current implementation in netbsd since its initial merge into the tree 7 years ago. It apears as though just enough to get by since then... If its 500k to add to a binary kernel, sit back and think of how many lines of code that amounts to maintaining. Did someone mention the need of merging raidframe, bioctl and friends into one someday? What a beautiful friendship that would be, an all encompassing raidctl for all types of raid, software or hardware
/bsd asking for nonexistent nfs server?
I really doubt that this is a system problem; I just can't figure out what stupid thing I have done. Using: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 on a Dell 1850, RAID 1 (rest of dmesg below). One entry every day: Sep 10 02:16:58 tma0 /bsd: nfs server amd:16867: not responding As far as I know I don't have NFS running... I've ignored this for a while today I noticed about 100 instances of sh, /etc/security, mail find with the latter in state 'nfsrcv' This appeared to lead to too many files open and hung the impad (Dovecot). Killing the find, sh mail processes and restarting Dovecot; all appears OK now... Also, I notice that I can issue a sudo find / -name anything and it will hang in state 'nfsrcv' Any suggestion? Doug Carter ---dmesg OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 1073065984 (1047916K) avail mem = 972435456 (949644K) using 4278 buffers containing 53755904 bytes (52496K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/09/06, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb140/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #9 is the last bus bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x2200 0xec000/0x4000! ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x09 ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x09 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel IOP331 Channel 0 rev 0x06 pci2 at ppb1 bus 2 ami0 at pci2 dev 14 function 0 Dell PERC 4e/Di rev 0x06: irq 7 Dell 16c 32b ami0: FW 521X, BIOS vH430, 256MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 139900MB, 139900 cyl, 64 head, 32 sec, 512 bytes/sec, 286515200 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: PE/PV, 1x2 SCSI BP, 1.0 SCSI2 3/ processor fixed ppb2 at pci1 dev 0 function 2 Intel IOP331 Channel 1 rev 0x06 pci3 at ppb2 bus 3 ppb3 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x09 pci4 at ppb3 bus 4 ppb4 at pci0 dev 5 function 0 Intel MCH PCIE rev 0x09 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 6 em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 11, address 00:13:72:53:52:03 ppb6 at pci5 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci7 at ppb6 bus 7 em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 3, address 00:13:72:53:52:04 ppb7 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x09 pci8 at ppb7 bus 8 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 7 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci9 at ppb8 bus 9 vga1 at pci9 dev 13 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: TEAC, CD-ROM CD-224E-N, 3.AB SCSI0 5/ cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using
Re: broadcom
* Jeff Quast [EMAIL PROTECTED] [2006-09-12 00:54]: RAIDFrame is disabled in GENERIC for a reason you know. it hasn't been updated in 7 years? really cries for someone doing this work. Did someone mention the need of merging raidframe, bioctl and friends into one someday? that, too. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: ho hum
Another weekend at work: # uname -a SunOS X 5.10 Generic_XX sun4u sparc SUNW,Sun-Fire-15000 # uname -X System = SunOS Node = XX Release = 5.10 KernelID = Generic_XX Machine = sun4u BusType = unknown Serial = unknown Users = unknown OEM# = 0 Origin# = 1 NumCPU = 144 # id uid=0(root) gid=0(root) Maybe one day this could have a great dmesg.., not to mention the rest of the cluster. Back 2 weeks ago before Theo went hiking, he was fully prepared to bet at least one beer that the new sparc64 snapshot might even work in a container on a SunFire 15k. I say you boot a snapshot and get back to us!
Re: 10 Reasons Must Boycott the 2008 Olympic Games in Communist China
On 9/12/06, leshydonlop [EMAIL PROTECTED] wrote: Hi, this is Lesh Donlup, a human right volunteer in UK. I am writing to support Klitou by passing the message below. Attached is the article 9 Comments on CCP Part 9 as the reference. Please pass this message to people all around you to help. I apologize any inconvinience. snip This is the best spam we'd ever gotten here. -Nick