Jeremy's PF book not listed in website

[Siju George]

Hi,

will Jeremy's book on PF

http://www.reedmedia.net/books/pf-book/

be listed on

http://www.openbsd.org/books.html

any time soon ?

Thankyou so much

Kind Regards

Siju

figures with magicpoint

[Girish Venkatachalam]

Friends,

I often find OpenBSD presentations made nicely with block diagrams and 
figures made with magicpoint. Apparently the figures are imported into 
magicpoint from an external source.

What do I use? I need a spartan simple tool like magicpoint itself. Is 
xfig the right choice? What about inkscape? I am somewhat excited with SVG. Are 
ther other image manipulation tools out there? I guess gimp would be an 
overkill. And openoffice is not meant for UNIX geeks.:-)

Thanks in advance for all the help.

regards,
Girish

-- 
Whenever people agree with me I always feel I am wrong.

- Oscar Wilde

Re: Jeremy's PF book not listed in website

[Otto Moerbeek]

On Mon, 11 Sep 2006, Siju George wrote:

 Hi,
 
 will Jeremy's book on PF
 
 http://www.reedmedia.net/books/pf-book/
 
 be listed on
 
 http://www.openbsd.org/books.html
 
 any time soon ?

It's already there...

-Otto

Re: Jeremy's PF book not listed in website

[Siju George]

On 9/11/06, Otto Moerbeek [EMAIL PROTECTED] wrote:


On Mon, 11 Sep 2006, Siju George wrote:

 Hi,

 will Jeremy's book on PF

 http://www.reedmedia.net/books/pf-book/

 be listed on

 http://www.openbsd.org/books.html

 any time soon ?

It's already there...



Oh yes! Thankyou I checked ony under the OpenBSD Specific books :-( sorry!

kind regards

Siju

openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

my h/w is:
hp/comapq proliant 8000:
- - 8x Xeon 550MHz
- - 8GB ram
- - compaq array controller 4250ES
- - 1x intel 82558b lan
- - 1x intel 82559 lan
- - 8x 18GB scsi u160

according to harware support list for i386 found on BSD site, all of
that h/w is supported in version 3.9. it should, but it does not. i
tried 3.8, 3.9 and 4.0b - couldn't get it to run. i used boot floppy B -
according to the manual this one contains proper stuff.

at kernel start the hd0 device is shown properly, but afterwards kernel
does not see the 4250es array controller nor intel lan cards.

any ideas on how to run openBSD on this machine? i hope it can be done
somehow, as i really do not want to switch to another OS, been using
openBSD for years now...

thanks in advance for a quick reply
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFBTG03VOnD+tUq3sRAtFPAJ9eKfjZINazpLxDhALMRsGQZd/k3QCfcfSx
t6096rCDhgUkA7tzETi//eY=
=yKiH
-END PGP SIGNATURE-

Re: openBSD 3.9 on hp/comapq proliant 8000

[Dimitry Andric]

Czes3aw Liebert wrote:
 my h/w is:
 hp/comapq proliant 8000:
 - 8x Xeon 550MHz
 - 8GB ram
 - compaq array controller 4250ES
 - 1x intel 82558b lan
 - 1x intel 82559 lan
 - 8x 18GB scsi u160

Try to get at least a dmesg and post it here, see:
http://www.openbsd.org/faq/faq4.html#getdmesg

Re: The future of NetBSD

[Oliver Fromme]

Thorsten Glaser wrote:
  Marc G. Fournier dixit:
  
   And what I'm learning with bsdstats.org is that there are more then just 
   those
   four ... GNU/kFreeBSD is reporting
  
  Now _that_'s funny ;)

Yes, indeed.  Some people are really wasting their time.

   are there any others?
  
  DragonFly

Is already included on bsdstats.org.

  DesktopBSD
  PC-BSD

Those two aren't separate operating systems, but rather
FreeBSD with a custom GUI on top (live-FS / installer).
They shouldn't be counted separately.

  [...]
  picoBSD
  nanoBSD
  
  The latter three are probably just stripped-down versions of
  the bigger ones.

True.  It could be argued whether they should be counted
separately.  Personally I don't think they should.  The
big ones are clearly DragonFly, Free-, Net- and OpenBSD.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH  Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

cat man du : where Unix geeks go when they die

Re: openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dimitry Andric napisa3(a):
 Try to get at least a dmesg and post it here, see:
 http://www.openbsd.org/faq/faq4.html#getdmesg
 

i get the same result on every kernel i used:

OpenBSD 3.9 (RAMDISK_CD) #1025: Thu Mar  2 02:43:29 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel Pentium III Xeon (GenuineIntel 686-class, 2048KB L2 cache)
550 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 4026081280 (3931720K)
avail mem = 3669291008 (3583292K)
using 4278 buffers containing 201408512 bytes (196688K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf
pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
pcibios0: PCI BIOS has 14 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xcc000/0x800
0xe8000/0x6000! 0xee000/0x2000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
ahc0 at pci0 dev 4 function 0 Adaptec AHA-2940U2 U2 rev 0x00: irq 5
scsibus0 at ahc0: 16 targets
ahc0: target 6 using 8bit transfers
ahc0: target 6 using asynchronous transfers
st0 at scsibus0 targ 6 lun 0: QUANTUM, DLT7000, 2255 SCSI2
1/sequential removable
st0: drive empty or not ready
Compaq PCI Hotplug rev 0x11 at pci0 dev 11 function 0 not configured
Compaq Netelligent ASMC rev 0x00 at pci0 dev 12 function 0 not configured
vga1 at pci0 dev 13 function 0 ATI Mach64 GV rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x4d
pciide0 at pci0 dev 15 function 1 vendor ServerWorks, unknown product
0x0210 rev 0x4a: DMA (unsupported), channel 0 configured to
compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-224E, 9.0B SCSI0 5/cdrom
removable
pciide0: channel 1 ignored (not responding; disabled or no drives?)
vendor Corrollary, unknown product 0x1117 (class memory subclass RAM,
rev 0x05) at pci0 dev 20 function 0 not configured
vendor Corrollary, unknown product 0x1117 (class memory subclass RAM,
rev 0x05) at pci0 dev 20 function 1 not configured
pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010
rev 0x01
pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010
rev 0x01
pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010
rev 0x01
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ffe5 netmask ffe5 ttymask ffe7
rd0: fixed, 3800 blocks
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
fd0: timeout (st0 20seek_cmplt cyl 0)
fd0a: soft error reading fsbn 0
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFBUhK3VOnD+tUq3sRAoLJAJ9igmnaCtlQgeRhaVo3isERGR8ovACfQ9nh
YE8qhWyDxkwJ0TW3Q1gqSt4=
=b/BN
-END PGP SIGNATURE-

Re: figures with magicpoint

[Marc Espie]

On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote:
   What do I use? I need a spartan simple tool like magicpoint itself. Is 
 xfig the right choice? What about inkscape? I am somewhat excited with SVG. 
 Are ther other image manipulation tools out there? I guess gimp would be an 
 overkill. And openoffice is not meant for UNIX geeks.:-)

metapost is great if you need figures with tex captions (though it's a 
programmer's tool).

I'm also partial to kig, in kde-edu, which is great for geometric stuff.

Gimp is a fine pixel drawing program. Depends a lot if you can live with
pixel-art, or if you really need vectorial stuff.

We don't have a working port of inkscape yet. This is a big issue with
boehm-gc based software: this library tends to work rather badly on OpenBSD
for now.

There are also a few drawing programs in koffice, and they tend to get better
from release to release...

Problem installing jre-1.5.0p9 without X11

[Bruno Carnazzi]

Hi all,

I'd like to install jre-1.5.0p9 on my production server, which are
installed without X11. jre-1.5.0p9 relies on openmotif, which relies
on X11. This jre will run tomcat webapps, so openmotif will not be
really used.

I try to install openmotif to satisfy dependencies with some force
option, but it fails... Here's the log :

$ sudo pkg_add -v -F libdepends,scripts openmotif
parsing openmotif-2.1.30.5p1
Can't install openmotif-2.1.30.5p1: lib not found ICE.8.1
Even by looking in the dependency tree:

Maybe it's in a dependent package, but not tagged with @lib ?
(check with pkg_info -K -L)
If you are still running 3.6 packages, update them.
Can't install openmotif-2.1.30.5p1: lib not found SM.8.0
Can't install openmotif-2.1.30.5p1: lib not found X11.9.0
Can't install openmotif-2.1.30.5p1: lib not found Xext.9.0
Can't install openmotif-2.1.30.5p1: lib not found Xp.9.0
Can't install openmotif-2.1.30.5p1: lib not found Xt.9.0
Not an ustar archive header

   openmotif-2.1.30.5p1: complete
Adjusting md5 for /usr/local/lib/libXm.a from
34083b72a78e25556586ba1599ea2cf1 t
o
5744ecff6c897cc215b94f56ef3c3df3
--- openmotif-2.1.30.5p1 ---
system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.rules ] 
(mv -f /usr/
  X11R6/lib/X11/config/Motif.rules
/usr/X11R6/lib/X11/config/Motif.rules.orig  c
 p -p
/usr/local/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config))
failed:
   256
system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.tmpl ]  (mv
-f /usr/X
   11R6/lib/X11/config/Motif.tmpl
/usr/X11R6/lib/X11/config/Motif.tmpl.orig  cp -
   p
/usr/local/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config))
failed:  256
/usr/sbin/pkg_add: Installation of openmotif-2.1.30.5p1 failed ,
partial install
 ation recorded as partial-openmotif-2.1.30.5p1
$

Am I doom to install xbase ?

Best regards,

Bruno.

Re: figures with magicpoint

[Matthew R. Dempsky]

On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote:
 What do I use? I need a spartan simple tool like magicpoint itself.
 Is xfig the right choice?

I have used xfig for creating simple graphs and diagrams for homework
assignments, and I think it does the job well.  I found the
user-interface a little counter-intuitive at first, but nothing
reading the documentation can't fix.

Problem whit thunderbird and enigmail

[Thomas Haider]

hi,

When using the enigmail extension for thunderbird, the following message
shows up:

Enigmail: Enigmime Service not available

According to the Enigmail FAQ [1] this happens when using official
Enigmail releases with custom Thunderbird releases.I'm using the
mozilla-thunderbird-1.5.0.5 package together with the enigmailpackage
for OpenBSD available here [2]. As there is neither an official
Thunderbird package for OpenBSD on mozilla.com, nor an enigmail package
in the ports tree, this seems to be the only combination possible
(except compiling both from source, which I would rather like to avoid)
so I wonder if there is anybody else having the same problem.

Best regards,

Thomas.

[1] http://enigmail.mozdev.org/troubles.html#wrongversion1
[2] http://enigmail.mozdev.org/download.html

Re: openBSD 3.9 on hp/comapq proliant 8000

[Stuart Henderson]

On 2006/09/11 13:28, Czes?aw Liebert wrote:
 pcibios0: PCI bus #0 is the last bus

looks like you're missing some busses then, if you have other
PCI slots, you might try swapping cards around because some might
be attached to a working bus. If not or this is no help and you're
up to some hacking the following might help. If not it might save
someone else some time finding the information..

 pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 rev 
 0x01
 pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 rev 
 0x01
 pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 rev 
 0x01

0x6010 is a compaq hotplug pci bridge, the other busses must be
behind this.

FreeBSD sets it up something like the serverworks (rcc) pchb with
busses attached (OpenBSD does this in /usr/src/sys/arch/i386/pci/pchb.c
e.g. around case PCI_VENDOR_RCC) but bus number is on a different
config register on the compaq, 0xc8 instead of 0x44 -
http://fxr.watson.org/fxr/source/i386/pci/pci_bus.c#L280

Re: Problem installing jre-1.5.0p9 without X11

[Tobias Ulmer]

On Mon, Sep 11, 2006 at 04:26:23PM +0400, Bruno Carnazzi wrote:
 Hi all,
 
 I'd like to install jre-1.5.0p9 on my production server, which are
 installed without X11. jre-1.5.0p9 relies on openmotif, which relies
 on X11. This jre will run tomcat webapps, so openmotif will not be
 really used.
 
 I try to install openmotif to satisfy dependencies with some force
 option, but it fails... Here's the log :
 
 $ sudo pkg_add -v -F libdepends,scripts openmotif
 parsing openmotif-2.1.30.5p1
 Can't install openmotif-2.1.30.5p1: lib not found ICE.8.1
 Even by looking in the dependency tree:
 
 Maybe it's in a dependent package, but not tagged with @lib ?
 (check with pkg_info -K -L)
 If you are still running 3.6 packages, update them.
 Can't install openmotif-2.1.30.5p1: lib not found SM.8.0
 Can't install openmotif-2.1.30.5p1: lib not found X11.9.0
 Can't install openmotif-2.1.30.5p1: lib not found Xext.9.0
 Can't install openmotif-2.1.30.5p1: lib not found Xp.9.0
 Can't install openmotif-2.1.30.5p1: lib not found Xt.9.0
 Not an ustar archive header
 
openmotif-2.1.30.5p1: complete
 Adjusting md5 for /usr/local/lib/libXm.a from
 34083b72a78e25556586ba1599ea2cf1 t
 o
 5744ecff6c897cc215b94f56ef3c3df3
 --- openmotif-2.1.30.5p1 ---
 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.rules ] 
 (mv -f /usr/
   X11R6/lib/X11/config/Motif.rules
 /usr/X11R6/lib/X11/config/Motif.rules.orig  c
  p -p
 /usr/local/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config))
 failed:
256
 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.tmpl ]  (mv
 -f /usr/X
11R6/lib/X11/config/Motif.tmpl
 /usr/X11R6/lib/X11/config/Motif.tmpl.orig  cp -
p
 /usr/local/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config))
 failed:  256
 /usr/sbin/pkg_add: Installation of openmotif-2.1.30.5p1 failed ,
 partial install
  ation recorded as partial-openmotif-2.1.30.5p1
 $
 
 Am I doom to install xbase ?
 
 Best regards,
 
 Bruno.
 


No, you can hack out all the GUI stuff in java easily. I did that on a
rainy saturday afternoon.

Tobias

ps: sometimes... wow. 

Re: Problem whit thunderbird and enigmail

[Michael]

Hello,

 so I wonder if there is anybody else having the same problem.
Yes, having the same problem...

I wonder if it's a thunderbird or enigmail issue. Maybe it gets fixed 
once the ports tree isn't locked anymore.


Michael

Re: figures with magicpoint

[Girish Venkatachalam]

On Mon, Sep 11, 2006 at 02:24:51PM +0200, Marc Espie wrote:
|On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote:
|  What do I use? I need a spartan simple tool like magicpoint itself. Is 
xfig the right choice? What about inkscape? I am somewhat excited with SVG. Are 
ther other image manipulation tools out there? I guess gimp would be an 
overkill. And openoffice is not meant for UNIX geeks.:-)
|
|metapost is great if you need figures with tex captions (though it's a 
|programmer's tool).
|
First of all many thanks for responding. 

I dont know Tex and metapost is too complex for me. Sorry.
|I'm also partial to kig, in kde-edu, which is great for geometric stuff.
|
|Gimp is a fine pixel drawing program. Depends a lot if you can live with
|pixel-art, or if you really need vectorial stuff.
|
|We don't have a working port of inkscape yet. This is a big issue with
|boehm-gc based software: this library tends to work rather badly on OpenBSD
|for now.
|
|There are also a few drawing programs in koffice, and they tend to get better
|from release to release...
Hmm, no KDE please. I am fine with using inkscape on some other OS. I am 
interested in knowing how you folks have managed to make such sexy eye candy 
presentations. :-)

I am really running out of time guys, at max I can spend three to four days 
learning a tool.

Thanks again.

regards,
Girish

-- 
Whenever people agree with me I always feel I am wrong.

- Oscar Wilde

Re: openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom Cosgrove napisa3(a):
 There are two things you could try:
 
 1. Try a CD (that will have more drivers on it than any of the floppies);
 
 2. Try a different floppy disk, as it looks like this one is having
problems in your server (could even be the floppy disk drive).
 
 
 And I wouldn't bother with 3.9 or earlier at this stage in the release
 cycle: the current snapshot (I think it's September 1 or something
 like that) is effectively a release candidate - even if there are
 more bug fixes made before the release, it will be a very simple
 upgrade to the actual 4.0 release.
 
 Yes, I saw you said 4.0b but there is no such version :)  I assume
 you mean the 9/1 snapshot, but I can't be certain.
 
 And as I say, really do try a CD boot.

I have also tried the cd boot - wasn't much of a help. The floppy is ok,
i needed to write dmesg to floppy and mounted the drive before inserting
a blank diskette. and yes, by saying 4.0b i really meant the lates
snapshot.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFBV7j3VOnD+tUq3sRAhi1AJ4ovMw2Lv75z/lMlhdEKY4M5I2zCgCfZ4WX
OG0u42Nszn6qUxihuNMIbxY=
=tuPY
-END PGP SIGNATURE-

Re: openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Stuart Henderson napisaE(a):
 On 2006/09/11 13:28, Czes?aw Liebert wrote:
 pcibios0: PCI bus #0 is the last bus
 
 looks like you're missing some busses then, if you have other
 PCI slots, you might try swapping cards around because some might
 be attached to a working bus. If not or this is no help and you're
 up to some hacking the following might help. If not it might save
 someone else some time finding the information..
 
 pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 rev 
 0x01
 pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 rev 
 0x01
 pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 rev 
 0x01
 
 0x6010 is a compaq hotplug pci bridge, the other busses must be
 behind this.
 
 FreeBSD sets it up something like the serverworks (rcc) pchb with
 busses attached (OpenBSD does this in /usr/src/sys/arch/i386/pci/pchb.c
 e.g. around case PCI_VENDOR_RCC) but bus number is on a different
 config register on the compaq, 0xc8 instead of 0x44 -
 http://fxr.watson.org/fxr/source/i386/pci/pci_bus.c#L280

i can't get to this point as i can't get openBSD installer to run. as
for freeBSD i tried 6.0, 5.5, 6.1 and they all work just fine on this
machine. but i am not rally into free, thus the question here on the list.

any more ideas?
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFBV943VOnD+tUq3sRAmtHAJ0dTDDu9ORkcixgHYMNcUwleRMWrACfR7im
KLRsOJdS35+h6MGnBOD3mp4=
=BU+u
-END PGP SIGNATURE-

Re: Problem installing jre-1.5.0p9 without X11

[Bruno Carnazzi]

2006/9/11, Tobias Ulmer [EMAIL PROTECTED]:

On Mon, Sep 11, 2006 at 04:26:23PM +0400, Bruno Carnazzi wrote:
 Hi all,

 I'd like to install jre-1.5.0p9 on my production server, which are
 installed without X11. jre-1.5.0p9 relies on openmotif, which relies
 on X11. This jre will run tomcat webapps, so openmotif will not be
 really used.

 I try to install openmotif to satisfy dependencies with some force
 option, but it fails... Here's the log :

 $ sudo pkg_add -v -F libdepends,scripts openmotif
 parsing openmotif-2.1.30.5p1
 Can't install openmotif-2.1.30.5p1: lib not found ICE.8.1
 Even by looking in the dependency tree:

 Maybe it's in a dependent package, but not tagged with @lib ?
 (check with pkg_info -K -L)
 If you are still running 3.6 packages, update them.
 Can't install openmotif-2.1.30.5p1: lib not found SM.8.0
 Can't install openmotif-2.1.30.5p1: lib not found X11.9.0
 Can't install openmotif-2.1.30.5p1: lib not found Xext.9.0
 Can't install openmotif-2.1.30.5p1: lib not found Xp.9.0
 Can't install openmotif-2.1.30.5p1: lib not found Xt.9.0
 Not an ustar archive header

openmotif-2.1.30.5p1: complete
 Adjusting md5 for /usr/local/lib/libXm.a from
 34083b72a78e25556586ba1599ea2cf1 t
 o
 5744ecff6c897cc215b94f56ef3c3df3
 --- openmotif-2.1.30.5p1 ---
 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.rules ] 
 (mv -f /usr/
   X11R6/lib/X11/config/Motif.rules
 /usr/X11R6/lib/X11/config/Motif.rules.orig  c
  p -p
 /usr/local/lib/X11/config/Motif.rules /usr/X11R6/lib/X11/config))
 failed:
256
 system(/bin/sh, -c, [ -f /usr/X11R6/lib/X11/config/Motif.tmpl ]  (mv
 -f /usr/X
11R6/lib/X11/config/Motif.tmpl
 /usr/X11R6/lib/X11/config/Motif.tmpl.orig  cp -
p
 /usr/local/lib/X11/config/Motif.tmpl /usr/X11R6/lib/X11/config))
 failed:  256
 /usr/sbin/pkg_add: Installation of openmotif-2.1.30.5p1 failed ,
 partial install
  ation recorded as partial-openmotif-2.1.30.5p1
 $

 Am I doom to install xbase ?

 Best regards,

 Bruno.



No, you can hack out all the GUI stuff in java easily. I did that on a
rainy saturday afternoon.


Is that possible to bypass X just with pkg_tools ?

Bruno.



Tobias

ps: sometimes... wow.

Re: openBSD 3.9 on hp/comapq proliant 8000

[Stuart Henderson]

On 2006/09/11 15:07, Czes??aw Liebert wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Stuart Henderson napisaE(a):
  On 2006/09/11 13:28, Czes?aw Liebert wrote:
  pcibios0: PCI bus #0 is the last bus
  
  looks like you're missing some busses then, if you have other
  PCI slots, you might try swapping cards around because some might
  be attached to a working bus. If not or this is no help and you're
  up to some hacking the following might help. If not it might save
  someone else some time finding the information..
  
  pchb0 at pci0 dev 25 function 0 vendor Compaq, unknown product 0x6010 
  rev 0x01
  pchb1 at pci0 dev 26 function 0 vendor Compaq, unknown product 0x6010 
  rev 0x01
  pchb2 at pci0 dev 27 function 0 vendor Compaq, unknown product 0x6010 
  rev 0x01
  
  0x6010 is a compaq hotplug pci bridge, the other busses must be
  behind this.
  
  FreeBSD sets it up something like the serverworks (rcc) pchb with
  busses attached (OpenBSD does this in /usr/src/sys/arch/i386/pci/pchb.c
  e.g. around case PCI_VENDOR_RCC) but bus number is on a different
  config register on the compaq, 0xc8 instead of 0x44 -
  http://fxr.watson.org/fxr/source/i386/pci/pci_bus.c#L280
 
 i can't get to this point as i can't get openBSD installer to run. as
 for freeBSD i tried 6.0, 5.5, 6.1 and they all work just fine on this
 machine. but i am not rally into free, thus the question here on the list.
 
 any more ideas?

read my first paragraph where I mention swapping cards around.

Re: Building bsd.rd in cdrom39.fs with RAIDFrame

[Brian A. Seklecki]

Proper src/etc/etc.i386/Makefile.inc patch:

--

$ diff -u Makefile.inc Makefile.inc-patched
--- Makefile.incSun Sep 10 15:46:33 2006
+++ Makefile.inc-patchedSun Sep 10 15:46:06 2006
@@ -2,11 +2,13 @@
 #  etc.i386/Makefile.inc -- i386-specific etc Makefile targets

 .ifdef DESTDIR
-snap_md: bsd bsd.mp notes bootblocks distrib
+snap_md: bsd bsd.mp bsd.mp+raidframe notes bootblocks distrib
cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC/bsd \
${DESTDIR}/snapshot/bsd
cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP/bsd \
${DESTDIR}/snapshot/bsd.mp
+   cp ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME/bsd \
+   ${DESTDIR}/snapshot/bsd.mp+raidframe

 bsd:
cd ${.CURDIR}/../sys/arch/i386/conf  config GENERIC
@@ -16,6 +18,11 @@
 bsd.mp:
cd ${.CURDIR}/../sys/arch/i386/conf  config GENERIC.MP
cd ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP  \
+   ${MAKE} clean  ${MAKE} depend  exec ${MAKE}
+
+bsd.mp+raidframe:
+   cd ${.CURDIR}/../sys/arch/i386/conf  config GENERIC.MP+RAIDFRAME
+   cd ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME  \
${MAKE} clean  ${MAKE} depend  exec ${MAKE}

 notes:

--

On Fri, 8 Sep 2006, Brian A. Seklecki wrote:



One of the big problems with RAIDFrame support absence in GENERIC is that 
it's also lacking in RAMDISK and RAMDISK_CD.  This prevents RAIDFrame users 
from doing binary updates off boot media.


This can be fixed with a few tweaks in src/distrib/i386/:

First, create a bsd.rd within cdrom39.fs (note, NOT cd39.iso!) with RAIDFrame 
support:


Because src/distrib/i386/ramdisk_cd/Makefile simply includes 
${.CURDIR}/../common/Makefile.inc, appends list.local with a couple hundred 
extra-Kb or utilities, sets the floppy imagage to 2.8mb size, then declares 
$RAMDISK. (Which is a *very* ambiguous name, mind you, a better name would be 
something like $KERNERLCONF, etc.), one can simply adjust RAMDISK= to point 
to a src/sys/arch/i386/conf/$foo kernel conf file which will get 
automatically build on 'make release' in src/etc/ as 'bsd.rd'.


Simply copy src/sys/arch/i386/conf/RAMDISK_CD to conf/RAMDISK_CD+RAIDFrame 
append the following:


pseudo-device   raid 4   # RAIDframe disk driver
options RAID_AUTOCONFIG

Then set the following in distrib/i386/ramdisk_cd/Makefile:

RAMDISK=RAMDISK_CD+RAIDFrame

Next, make another kernel package available to the install script 
(GENERIC+RAIDFrame) as an option.  Follow the same instructions for 
RAMDISK_CD for GENERIC.


Add the following to src/etc/etc.i386/Makefile.inc:

bsd.mp+raidframe:
 cd ${.CURDIR}/../sys/arch/i386/conf  config GENERIC.MP+RAIDFRAME
 cd ${.CURDIR}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME  \
   ${MAKE} clean  ${MAKE} depend  exec ${MAKE}

Then add the following to src/distrib/notes/m4.common:

define({:-OpenBSDbsdmp+raidframe-:},
	{:- bsd.mp+raidframe A stock GENERIC.MP MACHINE kernel, with 
support
			 	 for multiprocessor machines, which can be 
used
 instead of the GENERIC kernel after the 
install.

 Also features CMU RAIDFrame support for
 upgrading exisint RAIDFrames.-:})dnl dnl

Then clean out your obj and src and rebuild.  Your $RELEASDIR/cdrom39.fs
(2.88mb Floppy image for use with mkisofs(1)) will contain a gzip(1)'d
bsd.rd with RAIDFrame support).

Run mkisofs(8) on your $DESTIDR with cdrom39.fs as your '-B'. You may now 
safely burn a CD-R for binary upgrades of existing RAIDFrame enabled OpenBSD 
systems, or use your .ISO with your DRAC card via remote media.


l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

...from back in the heady days when helpdesk meant nothing, diskquota
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were.



l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

...from back in the heady days when helpdesk meant nothing, diskquota
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were.

Re: openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Stuart Henderson napisaE(a):
 
 read my first paragraph where I mention swapping cards around.
 

i did read it :) swaping PCI slots didn't help (i have only one more
such slot, as the scsi controller uses the pci 64bit scsi extended
slot with only two possibilities).

so hacking seems to be the only way out of this bush ?
iD8DBQFFBWdY3VOnD+tUq3sRAq+qAJ9I4zEc90tq62tGbVVxBxGDE53H7wCeNGi0
R2WoOmpdejXP/e23c99gFFM=
=bi4W
-END PGP SIGNATURE-

Re: figures with magicpoint

[Bob Beck]

 There are also a few drawing programs in koffice, and they tend to get better
 from release to release...
 

Actually, just from personal experience doing 4.0 ports testing and
setting up my kids' machines (my kids become release install guinea
pigs every release :), While I still have to struggle to maintain
sphincter control while using anything other than twm or fvwm, I've
taken to installing the full bloat kde stuff on my kid's machines for
their everyday use, and frankly I'm amazed at how much better the port
and the package in general has gotten in the past couple years. My
kids are now regularly doing their schoolwork on it, and only boot
windows to play games. (mind you, the fact that the house pf rules
prohibit OS Windows from doing anything but web also has something to
do with that)

I just turn my kids loose on kde these days and they find
ways to do what they need.  I'm fairly impressed at how well OpenBSD
with a full kde install and a few key ports dropped in works for this. 

-Bob

panics on amd64 snapshot

[Jeff Bromberger]

I have a dual core Opteron system that I'm trying to make into a mail server 
for my company to replace a 7 year old Linux box that's on its last leg.  I 
started off using the 3.9 release of the amd64 system and ran into a few 
problems (keyboard and cdrom didn't work).  It was suggested that I move to 
the latest snapshot, which I did about a week ago.  That fixed the keyboard 
and cdrom problems, so I began configuring the box.  I am only running a few 
packages on this machine:  courier imap, postfix, fetchmail, procmail.  In 
the past 2-3 days (which is how long the box has actually been active, i.e. 
running all the daemons and having mail clients connect to it) I have 
experienced two kernel panics.  I thought that the info from the panic would 
show up in the dmesg after rebooting, but that data seems to have been 
corrupted.  I could only see bits and pieces of the kernel debugger message 
from the first panic.  This time around, I'm still sitting in the kernel 
debugger so I am able to run a few commands if anybody has any specific 
requests.


Trace shows:

panic() at panic+0x12a
amap_wipeout() at amap_wipeout+0x71
uvm_unmap_detach() at uvm_unmap_detach+0x9b
sys_munmap() at sys_munmap+0x145
syscall() at syscall+0x25c
--- syscall (number 73) ---

ps shows the active process was imapd.

I am running the bsd.mp kernel from the amd64 snapshot.

To ask a different question, for the hardware that I have, what would be the 
most stable port/version that I could run?  Am I better off going with the 
3.9 release of the i386 code vs. the current snapshot of the amd64 stuff? 
My top priorities for this box are stability first and then security second, 
performance is a distant third since it's just a mail server for a small 
company.


Thanks,
Jeff

Re: openBSD 3.9 on hp/comapq proliant 8000

[Mark Kettenis]

Hi Czeslaw,

Can you try the attached patch?  You'll have to do a make in
sys/dev/pci after you've applied the patch.

Index: dev/pci/pcidevs
===
RCS file: /cvs/src/sys/dev/pci/pcidevs,v
retrieving revision 1.1139
diff -u -p -r1.1139 pcidevs
--- dev/pci/pcidevs 25 Aug 2006 04:26:29 -  1.1139
+++ dev/pci/pcidevs 11 Sep 2006 15:45:17 -
@@ -1203,6 +1203,7 @@ product COMPAQ CSA64000x409c  Smart Arr
 product COMPAQ CSA6400EM   0x409d  Smart Array 6400 EM
 product COMPAQ CSA6422 0x409e  Smart Array 6422
 product COMPAQ CSA64XX 0x0046  Smart Array 64xx
+product COMPAQ HOTPLUG_PCI 0x6010  Hotplug PCI
 product COMPAQ USB 0x7020  USB
 product COMPAQ FXP 0xa0f0  Netelligent ASMC
 product COMPAQ PCI_ISA_BRIDGE1 0xa0f3  ISA
Index: arch/i386/pci/pchb.c
===
RCS file: /cvs/src/sys/arch/i386/pci/pchb.c,v
retrieving revision 1.52
diff -u -p -r1.52 pchb.c
--- arch/i386/pci/pchb.c13 Mar 2006 20:10:49 -  1.52
+++ arch/i386/pci/pchb.c11 Sep 2006 15:45:17 -
@@ -220,6 +220,27 @@ pchbattach(parent, self, aux)
break;
}
break;
+   case PCI_VENDOR_COMPAQ:
+   switch (PCI_PRODUCT(pa-pa_id)) {
+   case PCI_PRODUCT_COMPAQ_HOTPLUG_PCI:
+   pbnum = pci_conf_read(pa-pa_pc, pa-pa_tag, 0xc8);
+
+   /*
+* This host bridge has a second PCI bus.
+* Configure it.
+*/
+   neednl = 0;
+   pba.pba_busname = pci;
+   pba.pba_iot = pa-pa_iot;
+   pba.pba_memt = pa-pa_memt;
+   pba.pba_dmat = pa-pa_dmat;
+   pba.pba_bus = pbnum;
+   pba.pba_bridgetag = NULL;
+   pba.pba_pc = pa-pa_pc;
+   printf(\n);
+   config_found(self, pba, pchb_print);
+   }
+   break;
case PCI_VENDOR_RCC:
bdnum = pci_conf_read(pa-pa_pc, pa-pa_tag, 0x44);
if (bdnum = (sizeof(rcc_bus_visited) * 8) ||

feature req: vnconfig should work on readonly fs; round 3

[Paul Stoeber]

Let's see if I can get this closer to right.
The patch is against and tested on -current.
Thank you, Pedro, for your help.

--- sys/dev/vnd.c.orig  Sun Sep 10 19:18:28 2006
+++ sys/dev/vnd.c   Mon Sep 11 15:54:30 2006
@@ -142,7 +142,10 @@
 #defineVNF_HAVELABEL   0x0400
 #defineVNF_BUSY0x0800
 #defineVNF_SIMPLE  0x1000
+#defineVNF_READONLY0x2000
 
+#define FLG(vnd) (vnd-sc_flags  VNF_READONLY ? FREAD : FREAD|FWRITE)
+
 struct vnd_softc *vnd_softc;
 int numvnd = 0;
 
@@ -234,6 +237,11 @@
if ((error = vndlock(sc)) != 0)
return (error);
 
+   if (flags  FWRITE  sc-sc_flags  VNF_READONLY) {
+   error = EROFS;
+   goto bad;
+   }
+
if ((sc-sc_flags  VNF_INITED) 
(sc-sc_flags  VNF_HAVELABEL) == 0) {
sc-sc_flags |= VNF_HAVELABEL;
@@ -817,20 +825,25 @@
}
 
/*
-* Always open for read and write.
-* This is probably bogus, but it lets vn_open()
+* Open for read and write first.  This lets vn_open()
 * weed out directories, sockets, etc. so we don't
 * have to worry about them.
 */
NDINIT(nd, LOOKUP, FOLLOW, UIO_USERSPACE, vio-vnd_file, p);
-   if ((error = vn_open(nd, FREAD|FWRITE, 0)) != 0) {
+   vnd-sc_flags = ~VNF_READONLY;
+   error = vn_open(nd, FREAD|FWRITE, 0);
+   if (EROFS == error) {
+   vnd-sc_flags |= VNF_READONLY;
+   error = vn_open(nd, FREAD, 0);
+   }
+   if (error) {
vndunlock(vnd);
return (error);
}
error = VOP_GETATTR(nd.ni_vp, vattr, p-p_ucred, p);
if (error) {
VOP_UNLOCK(nd.ni_vp, 0, p);
-   (void) vn_close(nd.ni_vp, FREAD|FWRITE, p-p_ucred, p);
+   (void) vn_close(nd.ni_vp, FLG(vnd), p-p_ucred, p);
vndunlock(vnd);
return (error);
}
@@ -838,7 +851,7 @@
vnd-sc_vp = nd.ni_vp;
vnd-sc_size = btodb(vattr.va_size);/* note truncation */
if ((error = vndsetcred(vnd, p-p_ucred)) != 0) {
-   (void) vn_close(nd.ni_vp, FREAD|FWRITE, p-p_ucred, p);
+   (void) vn_close(nd.ni_vp, FLG(vnd), p-p_ucred, p);
vndunlock(vnd);
return (error);
}
@@ -851,7 +864,7 @@
 
if ((error = copyin(vio-vnd_key, key,
vio-vnd_keylen)) != 0) {
-   (void) vn_close(nd.ni_vp, FREAD|FWRITE,
+   (void) vn_close(nd.ni_vp, FLG(vnd),
p-p_ucred, p);
vndunlock(vnd);
return (error);
@@ -1087,7 +1100,7 @@
vnd-sc_flags = ~VNF_INITED;
if (vp == (struct vnode *)0)
panic(vndioctl: null vp);
-   (void) vn_close(vp, FREAD|FWRITE, vnd-sc_cred, p);
+   (void) vn_close(vp, FLG(vnd), vnd-sc_cred, p);
crfree(vnd-sc_cred);
vnd-sc_vp = (struct vnode *)0;
vnd-sc_cred = (struct ucred *)0;
--- usr.sbin/vnconfig/vnconfig.c.orig   Sun Sep 10 19:19:25 2006
+++ usr.sbin/vnconfig/vnconfig.cMon Sep 11 15:28:27 2006
@@ -226,7 +226,7 @@
char *rdev;
int rv;
 
-   if (opendev(dev, O_RDWR, OPENDEV_PART, rdev)  0)
+   if (opendev(dev, O_RDONLY, OPENDEV_PART, rdev)  0)
err(4, %s, rdev);
f = fopen(rdev, rw);
if (f == NULL) {

Re: broadcom

[Tom Bombadil]

Yes... I agree with with you... not really my decision at the time,
since I didn't work here... but I guess the thought was that RaidFrame
would provide more uptime in case of multiple harddrive failures, and
not really data protection.

Thanks Daniel

Daniel Ouellet wrote:
 Tom Bombadil wrote:
 One funny story about redundancy in general: we run raidframe to mirror
 the 2 disks in the system... And like I said both firewalls were
 crashing together... After the crash our allegedly redundant firewalls
 were both down for 20 minutes for parity rebuilding... simplicity is a
 beautiful thing ;)
 
 May be that's just me, but a very simple question for you. If you have
 redundant firewall and I guess you are running CARP on them right? Why
 would you even have raidframe setup on a firewall.
 
 Isn't it the KISS gold principal would dictate otherwise here. Specially
 for a firewall. A good firewall needs the minimum setup on it.
 
 Obviously I may be talking none sense here, but RaidFrame on a firewall
 is the last place I would put it.
 
 What kind of data do you want to protect on a RaidFrame. The list of bad
 ssh attackers for your PF configurations? Must be a HUGE list to needs
 RaidFrame for it! (;
 
 Just a thought, may be review your setup might be much better then
 trying to get new hardware, but that's just me.
 
 Best,
 
 Daniel

Re: Lockup problem with quad nic (dc driver)

[Joe]

Jason Dixon wrote:

On Sep 10, 2006, at 12:36 PM, Joe wrote:


Jason Dixon wrote:

On Sep 10, 2006, at 4:31 AM, Joe wrote:

Andreas Bihlmaier wrote:

snip
I have the same problem with this board:
cpu0: VIA Esther processor 1500MHz (CentaurHauls 686-class) 1.50 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 


The problem is not dc(4) specific, it seems the board can't handle pci
bridges, so far I tested dual nics: fxp, tl, sf, none of them seems to
work, they all lock up the box as soon as I up more than one of the
interfaces.


Thanks for the reply. This is disappointing. I really wanted to use 
this board as my new firewall/vpn.


So, my advice for now is to stay away from the new VIA EN or CN 
series boards with the C7 processor for use as multihomed firewalls.
I still don't understand why some folks avoid using VLANs in these 
circumstances.  You can get very creative with physical interfaces, 
trunk(4), and vlan(4).  It's pretty rare these days that you actually 
*need* dual/quad cards.




I setup 3 vlans on fxp0 (replaced the quad nic with fxp0) and things 
seem to be working great.

Thanks for the recommendation.

Re: can www execute sendmail -t?

[Bryan Irvine]

if(pclose(mail))
err(2, NULL);


that did it.  I don't understand why though.  Got a cluestick handy?

--Bryan

Re: can www execute sendmail -t?

[Bryan Irvine]

Easy enough to write one's own with a call to pipe(2) and some
sleight-of-handle with dup2 and friends, depending on need.  Stevens'
Adv. Prog.  in the Unix Env. has the canonical examples.  Offhand,
though, I can't think of an existing library routine.  The OP is not
so hot on C programming, he says.  (I refer him to the book just
mentioned, which is truly how to write real Unix programs, should
he like to improve his skills at the feet of a master.)


I actually *just* received that book a couple days ago from amazon.
I've barely made it through the preface, but I can already tell that
this book will enable me to be mediocre :-)

--Bryan

Re: openBSD 3.9 on hp/comapq proliant 8000

[Stuart Henderson]

 Can you try the attached patch?  You'll have to do a make in
 sys/dev/pci after you've applied the patch.

It might be worth pointing out: it should be enough to determine
if it works by building a normal kernel on another system and burning
it to CD. You can boot with the boot loader from a normal OpenBSD CD
(a proper one or a burned cd##.iso), swap CDs and boot the new kernel.
It will panic when it tries to mount root but hopefully before then
it will have already listed the missing devices.

If the devices show up it's worth making a ramdisk kernel so you
can install - the normal way is to follow release(8) but you may save
a bit of time if you adapt the raidframe instructions posted here a
couple of days ago.

Yes, there's some work involved, but it's fairly straightforward
and you're the one who wants the system to work :-)

Re: Feedback wanted on gethttpd graylisting ideas included

[Joachim Schipper]

On Sat, Sep 09, 2006 at 08:03:18PM -0400, Daniel Ouellet wrote:
 I am working on this idea and put into place a series of defense that 
 are proved effective so far, but obviously not as practical and speedy 
 as spamd is at the moment. It's a variable of scripts here and there 
 based on multiple aspect of the standard use for web access.

 Some of the ideas are not new and are based on spamd, just not all in 
 place yet.
 
 1. For Crawlers and Bot
 
 First is the proliferations of mom and pop pots and crawlers. After 
 testing difference setup, I realize to my surprise, yes call me stupid, 
 that a handful are actually good citizen! The use and standard of 
 robots.txt is well known and all good citizen robots should respect 
 that. Not a mean of protection for your site, but never the less they 
 should respect that. So, what's inside it, if you forbid some 
 directories, or files, they should respect that and any that do not, 
 well I guess it's fine to kill them. Why should they be granted access 
 if they do respect my wishes as the owner and/or operator of the site(s).
 
 1.1 First defense. No crawling on forbidden preset robots.txt with 
 incremental deny access to them.
 
 Many be not the best approach, but it is working as of all crawlers, 
 this method in place catch 381 bad citizen crawlers in a week time. The 
 idea is very simple. I preset my robots.txt file to include a file, or 
 in this case a directory that if not to be crawler and in the directory 
 I put a file that include a script that will block the source via PF and 
 log the entry in a SQL database as well as it will be share between all 
 servers later on. I also put on the front page of the site a very simple 
 LINK to a 1 pixel image at the bottom of the page that is simply not 
 visible to the users and that is not click able as well. So a regular 
 user will never click and nor see it. But a crawler will follow all 
 links obviously as the definition of a crawler. Now don't forget that 
 the crawler is suppose to respect the robots.txt directives. So, this 
 URL is in the forbidden directory and many crawlers do respect that very 
 well. Live test proved this just to well. However, all the bad one, will 
 not and as such, the URL trigger a script that will log their IP and add 
 them to PF to block them right away! BYE BYE!
 
 Now you may asked why I do incremental deny here. To be nice I guess, 
 but also because some connections are from PROXY and not all proxy also 
 have the header identifier as such. So, as such, you don't want to loose 
 traffic from legitimate users that are behind PROXY like AOL. This need 
 a bit more work and so far the standard should help to make sure only 
 proxy from the same remote users behind it would be block should all 
 proxy respect the standard and add this part to their header as most do. 
 You can call this the bypass of broken proxy for now. Should all proxy 
 be right, then this could be permanent, may be. This also have the side 
 benefit to stop some low life from stealing your content by trying to 
 import all your site content at once. Not the goal here, but it's a side 
 benefit to it should you want that.

Your worries about losing proxies is correct; it looks like you have
that problem mostly covered. I'm not sure it would help much about
bandwidth hogs, though - I don't have any numbers on what programs are
most often used, but something like wget certainly does respect
robots.txt.

 3. DDoS GET attacks  Bandwidth suckers defense. Multiple approach.
 
 3.1 Good users supply data check.
 
 So far most/all of the variations of attacks on web sites are with 
 scripts trying to inject itself to your servers. Well, you need to do 
 sanity checks on your code. Nothing can really protect you for that if 
 you don't check what you expect to receive from users input. So, I have 
 nothing for that. No idea anyway on how to, other then may be limiting 
 the side of the argument a get can send, but even that is bad idea I think.

This is not applicable to DDoS, really - though you are otherwise right,
of course.

 3.2 Gray listing idea via 302 temporary return code.
 
 Many scripts wants you to waist as much bandwidth as possible, if they 
 can't inject itself into your servers, so they will in turn attack a 
 specific page or section of your site and try to make you waist plenty 
 of bandwidth, or even SQL back end power as well.
 
 One simple approach on this defense came to me from the idea of spamd. 
 But to do this. You don't want the users to wait, or they will go else 
 where and you just lots them. So, the idea is again simple. Just return 
 the users a code to tell them to come back. Simply with a 302 temporary 
 redirect code.
 
 You might say this will affect my search engine, well not really. There 
 isn't any impact as any search engine will not save temporary content on 
 redirect and if they do, then they are wrong. But should you be concern 
 with this, then add as well 

Re: openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark Kettenis napisaE(a):
 Hi Czeslaw,
 
 Can you try the attached patch?  You'll have to do a make in
 sys/dev/pci after you've applied the patch.


Not really, because i cannot get on with the system as it does not see
my hard disks.
iD8DBQFFBcv8dj0NORdzQIoRAnfLAJ9fdjfER/q+0HtLsYvKRONJECcD2ACfXwtr
wVRlJOIxJYwl0MDEXc12anE=
=T4dV
-END PGP SIGNATURE-

Re: openBSD 3.9 on hp/comapq proliant 8000

[Joachim Schipper]

On Mon, Sep 11, 2006 at 10:50:04PM +0200, Czes??aw Liebert wrote:
 Mark Kettenis napisaE(a):
  Hi Czeslaw,
  
  Can you try the attached patch?  You'll have to do a make in
  sys/dev/pci after you've applied the patch.
 
 Not really, because i cannot get on with the system as it does not see
 my hard disks.

You can build on a different machine, as already posted here on [EMAIL 
PROTECTED]
That is no different from building a kernel on the machine itself. If
you have no sacrificial box handy, use qemu - the speed will suck, but
compiling only the kernel should be very doable.

Joachim

Re: openBSD 3.9 on hp/comapq proliant 8000

[Czesław Liebert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joachim Schipper napisaE(a):
  You can build on a different machine, as already posted here on [EMAIL 
  PROTECTED]
 That is no different from building a kernel on the machine itself. If
 you have no sacrificial box handy, use qemu - the speed will suck, but
 compiling only the kernel should be very doable.

this can be done; ill try tommorow morning as now i am at home and the
proliant at work. let u know how it was.

czeslaw
iD8DBQFFBdJbdj0NORdzQIoRAjykAJ4tor1lJNDGLucK5FZAxSFG5DT2XwCgyUwC
fuhGZIo8v2lQFL6KJyrsY8c=
=dRAW
-END PGP SIGNATURE-

Re: Feedback wanted on gethttpd graylisting ideas included

[Daniel Ouellet]

Joachim Schipper wrote:

Your worries about losing proxies is correct; it looks like you have
that problem mostly covered. I'm not sure it would help much about
bandwidth hogs, though - I don't have any numbers on what programs are
most often used, but something like wget certainly does respect
robots.txt.


Actually it does. There is many attacks going on right now as you know, 
but if you put them in category, you have the tones of variation of user 
pass value sanity check and you can now see that on Security focus. They 
release in the last three days, over a dozen so far. Even more now I am 
sure. I saw that started a few eeks ago if you look into the archive, 
but that's irrelevant anyway. The other is a virus that spread the same 
way, or similar. In that case they actually call big content page(s) on 
your site. When I mean big content, it's not with images, etc. But text 
stuff. The reason if their virus do not process the content and would 
need to be bigger to do so. This way, it still small and the web server 
see it as legit and will reply. But if you have pages that have .5MB of 
text on it as an example that comes from database back end, then they 
hope to bring your server down, your SQL back end down and if not make 
you waist as much bandwidth as possible. I notice it first on the HUGE 
increase on the GB of transfer each day. Just for you to get a picture 
of this effect. I have logged over 300,000 sources of virus doing this 
type of attack so far on my servers and they pull a series of pages that 
are pretty big in text content, between 150KB minimum to 750KB, or so 
excluding any other content. Each of the offending source will pull that 
content many times a day. I mean just think about it.


So, if you go ONLY with an example of let say just for fun. One time an 
hour only from each one on and accessing an average page of 500KB. You 
get a waisted transfer for that day only of:


24 hours * 500,000 Bytes in size * from 300,000 source and you have:

3,600,000,000,000 Bytes of waisted bandwidth / day.

Now if you assume that this is prefect and constant without peek for 
example, then you need to push this amount of data in 24 hours, so you 
would need:


3,600,000,000,000 * 8 bits/Byte = 28,800,000,000,000 / (60 seconds * 60 
minutes * 24 hours) and get 333,333,333 bits/sec needed in capacity, 
just for this waisting stuff!


And this is only based on one query per hours! Get the picture and the 
size of the problem. (:


So, what I put into place to counter that doesn't stop it as you can 
stop the source from coming in, but you need to find the good out of the 
bad and my reply to bad one happen to be only 5 bytes instead in the log 
anyway.


All this is with forgetting all the overhead, etc.

So, yes it's a BIG help for bandwidth hogs!

And don't forget that's per destination under attack! (:

So, yes, it can be totally unmanageable if not stop from the start and 
on big scale.



3. DDoS GET attacks  Bandwidth suckers defense. Multiple approach.

3.1 Good users supply data check.

So far most/all of the variations of attacks on web sites are with 
scripts trying to inject itself to your servers. Well, you need to do 
sanity checks on your code. Nothing can really protect you for that if 
you don't check what you expect to receive from users input. So, I have 
nothing for that. No idea anyway on how to, other then may be limiting 
the side of the argument a get can send, but even that is bad idea I think.


This is not applicable to DDoS, really - though you are otherwise right,
of course.


I provided a very simple way to not remove the problem, but to at a 
minimum stop it from getting infected based on all the latest series of 
security focus variations and it also have the benefit to point you to 
any possible source that your server might have install on them as well.


Very simple really.


3.2 Gray listing idea via 302 temporary return code.



This could be effective, indeed - though I am not sure it would block
many attackers.


Work like a charm in real life so far. See number above for results.
It's been use successfully so far for a few weeks and no bad side effect 
still, just HUGE benefits! And the servers still don't break into sweat yet!



3.4 What about the compromise user computer itself, or proxy server.



Faking those headers is easily done, though; ideally, you'd want to
cross-check p0f and the headers. I'm not entirely sure it would hurt an
attacker more than it hurt you, though, and priviliged code is always
scary, and doubly so when close to essentially untrusted web apps.


True for sure. But you still need a way to make the difference between 
good and bad passing through proxy, or you loose to much. Here 
obviously, I go with the fact that so far, yes these headers are fake 
and it's trivial to do as well, but none of the attack so far anyway 
generate random headers. In witch case it would be useless obviously.



4. What about more intelligent 

Re: broadcom

[Marco Peereboom]

RAIDFrame is disabled in GENERIC for a reason you know.

On Mon, Sep 11, 2006 at 10:08:48AM -0700, Tom Bombadil wrote:
 Yes... I agree with with you... not really my decision at the time,
 since I didn't work here... but I guess the thought was that RaidFrame
 would provide more uptime in case of multiple harddrive failures, and
 not really data protection.
 
 Thanks Daniel
 
 Daniel Ouellet wrote:
  Tom Bombadil wrote:
  One funny story about redundancy in general: we run raidframe to mirror
  the 2 disks in the system... And like I said both firewalls were
  crashing together... After the crash our allegedly redundant firewalls
  were both down for 20 minutes for parity rebuilding... simplicity is a
  beautiful thing ;)
  
  May be that's just me, but a very simple question for you. If you have
  redundant firewall and I guess you are running CARP on them right? Why
  would you even have raidframe setup on a firewall.
  
  Isn't it the KISS gold principal would dictate otherwise here. Specially
  for a firewall. A good firewall needs the minimum setup on it.
  
  Obviously I may be talking none sense here, but RaidFrame on a firewall
  is the last place I would put it.
  
  What kind of data do you want to protect on a RaidFrame. The list of bad
  ssh attackers for your PF configurations? Must be a HUGE list to needs
  RaidFrame for it! (;
  
  Just a thought, may be review your setup might be much better then
  trying to get new hardware, but that's just me.
  
  Best,
  
  Daniel

Acer Laptop Soundcard problem

[Alvaro Mantilla Gimenez]

Hello,

   I have OpenBSD 3.9 installed in my Acer Aspire 3002LCi Laptop. The 
Soundcard is not working. This is the dmesg output:


auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: irq 5, SiS7012 
AC97

ac97: codec id 0x414c4770 (Avance Logic ALC203)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0

So, aparently, OpenBSD detects the soundcard well. So, this is the 
mixerctl output:


outputs.master=255,255
outputs.master.mute=off
outputs.mono=255
outputs.mono.mute=on
outputs.mono.source=mixerout
outputs.headphones=255,255
outputs.headphones.mute=on
outputs.bass=255
outputs.treble=255
inputs.speaker=255
inputs.speaker.mute=off
inputs.phone=191
inputs.phone.mute=on
inputs.mic=191
inputs.mic.mute=on
inputs.mic.preamp=off
inputs.mic.source=mic0
inputs.line=191,191
inputs.line.mute=on
inputs.cd=191,191
inputs.cd.mute=on
inputs.video=255,255
inputs.video.mute=off
inputs.aux=191,191
inputs.aux.mute=on
inputs.dac=191,191
inputs.dac.mute=off
record.source=mic
record.volume=255,255
record.volume.mute=off
record.mic=0
record.mic.mute=on
outputs.loudness=off
outputs.spatial=off
outputs.spatial.center=0
outputs.spatial.depth=0
outputs.surround=255,255
outputs.surround.mute=off
outputs.center=255
outputs.center.mute=off
outputs.lfe=255
outputs.lfe.mute=off
outputs.extamp=off

It seems the mute is disabled and the soundcard must play any sound 
file (au, wav, etc...) but...is not.


Any idea?

 Thanks in advance and sorry about my ugly english

   Alvaro

Re: broadcom

[Tom Bombadil]

mm... I thought it was to save ~500K in the kernel:
http://openbsd.org/faq/faq14.html#Optraid

Is there any other reason?

Cheers

Marco Peereboom wrote:
 RAIDFrame is disabled in GENERIC for a reason you know.
 
 On Mon, Sep 11, 2006 at 10:08:48AM -0700, Tom Bombadil wrote:
 Yes... I agree with with you... not really my decision at the time,
 since I didn't work here... but I guess the thought was that RaidFrame
 would provide more uptime in case of multiple harddrive failures, and
 not really data protection.

 Thanks Daniel

 Daniel Ouellet wrote:
 Tom Bombadil wrote:
 One funny story about redundancy in general: we run raidframe to mirror
 the 2 disks in the system... And like I said both firewalls were
 crashing together... After the crash our allegedly redundant firewalls
 were both down for 20 minutes for parity rebuilding... simplicity is a
 beautiful thing ;)
 May be that's just me, but a very simple question for you. If you have
 redundant firewall and I guess you are running CARP on them right? Why
 would you even have raidframe setup on a firewall.

 Isn't it the KISS gold principal would dictate otherwise here. Specially
 for a firewall. A good firewall needs the minimum setup on it.

 Obviously I may be talking none sense here, but RaidFrame on a firewall
 is the last place I would put it.

 What kind of data do you want to protect on a RaidFrame. The list of bad
 ssh attackers for your PF configurations? Must be a HUGE list to needs
 RaidFrame for it! (;

 Just a thought, may be review your setup might be much better then
 trying to get new hardware, but that's just me.

 Best,

 Daniel

Winery Web Site Special

[businesswow]

Professional Web Designs
(Cost Effective Solutions)

WalkinWebStore is the first and only store front web design company in
California with over eight years experience. We have helped thousands of
Wineries throughout California and the U.S. with their Web Site Designs,
Web Site Hosting, Online Dynamic Shopping Carts, Database Programming and
Search Engine Ranking.

  * Custom Flash/Html Web Designs (Sample Web Site)

  * E-commerce Solutions (No Annual/Monthly Fee and No % From Each Sale)
Web Store Demo

  * Online Wine Club Database

  * Customer HTML Newsletter Database

  * Search Engine Ranking

  * Interactive Flash Gallery (Showing the Winery)

  * Custom Online Calendar

  * Plus Much More

Don't wait...your competition is passing you by each day your not selling
or marketing online.

(877) 232-4WEB

Please contact our Store today and one of our friendly store managers
will assist you in answering any questions that you may have. Please also
contact us for a Quick Online Quote.

To remove your company email name, please use the Link below.

Click Here to receive text-based newsletter in the future. Your are
currently subscribed as: [EMAIL PROTECTED] To unsubscribe, please click
Here .

Re: broadcom

[Jeff Quast]

On 9/11/06, Tom Bombadil [EMAIL PROTECTED] wrote:

mm... I thought it was to save ~500K in the kernel:
http://openbsd.org/faq/faq14.html#Optraid

Is there any other reason?

Cheers


(top posting is the suck)


Marco Peereboom wrote:
 RAIDFrame is disabled in GENERIC for a reason you know.



http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/raidframe/

it hasn't been updated in 7 years?

Bug fixes, reliability improvements, and features have not been ported
from greg's -current implementation in netbsd since its initial merge
into the tree 7 years ago. It apears as though just enough to get by
since then...

If its 500k to add to a binary kernel, sit back and think of how many
lines of code that amounts to maintaining.

Did someone mention the need of merging raidframe, bioctl and friends
into one someday? What a beautiful friendship that would be, an all
encompassing raidctl for all types of raid, software or hardware

/bsd asking for nonexistent nfs server?

[Doug Carter]

I really doubt that this is a system problem; I just can't figure out  
what stupid thing I have done.


Using: OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006 on a  
Dell 1850, RAID 1 (rest of dmesg below).


One entry every day:
   Sep 10 02:16:58 tma0 /bsd: nfs server amd:16867: not responding

As far as I know I don't have NFS running...

I've ignored this for a while today I noticed about 100 instances of  
sh, /etc/security, mail  find with the latter in state 'nfsrcv'   
This appeared to lead to too many files open and hung the impad  
(Dovecot).  Killing the find, sh  mail processes and restarting  
Dovecot; all appears OK now...


Also, I notice that I can issue a sudo find / -name anything and it  
will hang in state 'nfsrcv'


Any suggestion?
Doug Carter


---dmesg
OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID

real mem  = 1073065984 (1047916K)
avail mem = 972435456 (949644K)
using 4278 buffers containing 53755904 bytes (52496K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/09/06, BIOS32 rev. 0 @  
0xffe90

pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb140/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC  
rev 0x00)

pcibios0: PCI bus #9 is the last bus
bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x1000  
0xcd000/0x2200 0xec000/0x4000!

ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x09
ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x09
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 Intel IOP331 Channel 0 rev 0x06
pci2 at ppb1 bus 2
ami0 at pci2 dev 14 function 0 Dell PERC 4e/Di rev 0x06: irq 7 Dell  
16c 32b

ami0: FW 521X, BIOS vH430, 256MB RAM
ami0: 1 channels, 0 FC loops, 1 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct  
fixed
sd0: 139900MB, 139900 cyl, 64 head, 32 sec, 512 bytes/sec, 286515200  
sec total

scsibus1 at ami0: 16 targets
safte0 at scsibus1 targ 6 lun 0: PE/PV, 1x2 SCSI BP, 1.0 SCSI2 3/ 
processor fixed

ppb2 at pci1 dev 0 function 2 Intel IOP331 Channel 1 rev 0x06
pci3 at ppb2 bus 3
ppb3 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x09
pci4 at ppb3 bus 4
ppb4 at pci0 dev 5 function 0 Intel MCH PCIE rev 0x09
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci6 at ppb5 bus 6
em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05:  
irq 11, address 00:13:72:53:52:03

ppb6 at pci5 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci7 at ppb6 bus 7
em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05:  
irq 3, address 00:13:72:53:52:04

ppb7 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x09
pci8 at ppb7 bus 8
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 7
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2
pci9 at ppb8 bus 9
vga1 at pci9 dev 13 function 0 ATI Radeon VE QY rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02:  
DMA, channel 0 configured to compatibility, channel 1 configured to  
compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: TEAC, CD-ROM CD-224E-N, 3.AB SCSI0 5/ 
cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using 

Re: broadcom

[Henning Brauer]

* Jeff Quast [EMAIL PROTECTED] [2006-09-12 00:54]:
  RAIDFrame is disabled in GENERIC for a reason you know.
 it hasn't been updated in 7 years?

really cries for someone doing this work.

 Did someone mention the need of merging raidframe, bioctl and friends
 into one someday?

that, too.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: ho hum

[Jason George]

Another weekend at work:

# uname -a
SunOS X 5.10 Generic_XX sun4u sparc SUNW,Sun-Fire-15000
# uname -X
System = SunOS
Node = XX
Release = 5.10
KernelID = Generic_XX
Machine = sun4u
BusType = unknown
Serial = unknown
Users = unknown
OEM# = 0
Origin# = 1
NumCPU = 144

# id
uid=0(root) gid=0(root)



Maybe one day this could have a great dmesg.., not to mention the
rest of the cluster.


Back 2 weeks ago before Theo went hiking, he was fully prepared to bet at 
least one beer that the new sparc64 snapshot might even work in a container on 
a SunFire 15k.

I say you boot a snapshot and get back to us!

Re: 10 Reasons Must Boycott the 2008 Olympic Games in Communist China

[Nick Guenther]

On 9/12/06, leshydonlop [EMAIL PROTECTED] wrote:

Hi, this is Lesh Donlup, a human right volunteer in UK.
I am writing to support Klitou by passing the message below.
Attached is the article 9 Comments on CCP Part 9 as the reference.
Please pass this message to people all around you to help.

I apologize any inconvinience.
snip



This is the best spam we'd ever gotten here.

-Nick