Re: soekris boot console

[Otto Moerbeek]

On Tue, 19 Sep 2006, Damian Wiest wrote:

> On Tue, Sep 19, 2006 at 02:17:35PM -0400, Michael Hernandez wrote:
> > On Sep 19, 2006, at 1:58 PM, Gustavo Rios wrote:
> > 
> > >My soekris is a net4801-60. I am trying to access it before i can see
> > >the speed !
> > >
> > 
> > 
> > You need a null modem cable.  Check this link out, I found it the  
> > other day
> > 
> > http://www.ultradesic.com/?section=34
> > 
> > Mike
> 
> A plain old serial cable should work fine assuming the line settings 
> are correct.  What are the specs for the serial port on the Soekris 

I'm pretty sure you what you need here is a null-modem cable, which is
not the same as a "plain" serial cable. That's a cable to attach a
modem to a serial port, which is wired straight. Null modem cables
have certain connections crossed. 

-Otto

> board?  Are you sure you have the flow control, data bits, stop bits, 
> parity and speed set properly?  Also, you may find that kermit is easier
> to use than tip.  I've been using it to interface with my Denon AVR2805
> receiver and it works great.
> 
> My guess is that you have the flow control set improperly.  Sometimes 
> the correct setting isn't documented, so you'll have to experiment.
> 
> -Damian

[correction] Re: boot: bad unit number

[Josh Grosse]

On Wed, Sep 20, 2006 at 01:06:23AM -0400, *I* wrote:
> Boot a cd image, enter shell.  Issue:
> 
>  # fdisk wd0
>  # disklabel wd0
> 
> if the output of both fdisk and disklabel appear fine, then and only then
> would I assume the problem is a relocated /boot file.  To fix:
> 
>  # /usr/mdec/installboot -n -v /boot /usr/mdec/biosboot wd0

That's incorrect, I copied and pasted from doc without double-checking.
Instead, you should:

 # mount /dev/wd0a /mnt
 # /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot wd0

The bsd.rd environment (boot floppy, boot cd, etc) will have a valid
biosboot and installboot in /usr/mdec.  You will need to mount your intended
root file system, shown here as wd0a, in order to pick up the proper inode
for the boot program. 

If the file system mounts, but the boot file is missing you can copy it 
from /usr/mdec, viz: 

 # cp /usr/mdec/boot /mnt/

Then run the installboot program.

Re: boot: bad unit number

[Josh Grosse]

On Tue, Sep 19, 2006 at 11:26:49PM -0500, Benjamin Collins wrote:
> When I boot one of my boxen up, it fails to boot.  As soon as it hits
> hd0, I see this:
> 
> Using drive 0, partition 3.
> Loading...
> ERR M

>From biosboot(8):

 ERR MBad magic.  The ELF ``magic number'' \7fELF in boot(8)'s header
  was not found.  This indicates that the first block of boot(8)
  was not read correctly.  This could be due to disk corruption,
  failing to run installboot(8), giving an invalid boot(8) program
  as the boot argument to installboot(8), or incorrect geometry
  translation.

To diagnose:

Boot a cd image, enter shell.  Issue:

 # fdisk wd0
 # disklabel wd0

if the output of both fdisk and disklabel appear fine, then and only then
would I assume the problem is a relocated /boot file.  To fix:

 # /usr/mdec/installboot -n -v /boot /usr/mdec/biosboot wd0

See installboot(8) for additional information.

boot: bad unit number

[Benjamin Collins]

When I boot one of my boxen up, it fails to boot.  As soon as it hits
hd0, I see this:

Using drive 0, partition 3.
Loading...
ERR M

A recent (2005) thread on marc suggested just doing another install
from CD to fix this (as well as installing on a new disk on a
different computer, and then swapping to see if it works, which I
haven't done yet).

Booting to a CD of the 9/1/2006 snapshot:

probing: pc0 com0 com1 apm mem[640K 766M a20=on]
disk: fd0 hd0+
Bad unit number
>> OpenBSD/i386 BOOT 2.10
Bad unit number
open (hd0a:/etc/boot.conf): bad drive number
boot>

Trying to manually boot to hd0a:/bsd causes the message to repeat.
Does "Bad unit number" mean anything specific, or is it a bail-out
message?

boot> machine diskinfo
DiskBIOS#   TypeCylsHeads   SecsFlags   Checksum
fd0 0x0 *none*  80  2   18  0x4 0x0
hd0 0x80label   1024255 63  0x2 0xd7789676

Since I didn't really know of a good way to debug this, I thought
booting to other OS install CDs might be informative.  FreeBSD 5.1
says this:

acpi0:  on motherboard
panic: AcpiOsDerivePciId unable to initialize pci bus

Linux:

ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
SiI3112 Serial ATA: IDE controller at PCI slot :02:06.0
SiI3112 Serial ATA: chipset revision 2
SiI3112 Serial ATA: 100% native mode on irq 18
ide2: MMIO-DMA , BIOS settings: hde:pio, hdb:DMA
ide3: MMIO-DMA , BIOS settings: hdg:pio, hdh:pio
hde: WDC WD1200JD-00HBB0, ATA DISK drive
ide2 at 0xf287a080-0xf287a087,0xf287a08a on irq 18
hdg: no response (status = 0xfe), resetting drive
hdg: no response (status = 0xfe)
hdg: no response (status = 0xfe), resetting drive
hdg: no response (status = 0xfe)
hde: max request size: 64KiB
hde: 234441648 sectors (120034 MB) w/8192KiB Cache, CHS=16383/255/63
  /dev/ide/host2/bus0/target0/lun0: p4
hdb: ATAPI 32X CD-ROM drive ...
...
...

and it goes on to boot to a gentoo livecd just fine (ok, it didn't
like my radeon card, but I don't care.).  After getting a shell
prompt, I looked at the dmesg (in Linux, remember), and in there it
had a couple lines about ACPI:

PCI: Using ACPI for IRQ routing
PCI: if you experience problems, try using option 'pci=noacpi' or even
'acpi=off'

Still later,

...
BIOS failed to enable PCI standards compliance, fixing this error
...

...

Between Linux and FreeBSD, it seems to be ACPI/PCI related, but I'm
not sure how.  The fact that the disk is found at hde in Linux above
seems odd to me, because it's the only disk other than the CD-ROM (not
to mention that it seems to really want to find an 'hdg').

Anyway, I hope the above information will help someone help me :-).

My hardware configuration hasn't changed in ages, and I've been
running -current on this box since MP rolled out.  My apologies for
not providing a dmesg.  I don't have one lying around and can't get a
fresh one.

--
Benjamin Collins

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Upgrading 3.7 -> 3.9

[steve szmidt]

On Tuesday 19 September 2006 21:08, ICMan wrote:
> Thank you for the advice, everyone.  I don't want to lose my current 
> configuration, so I think I will give the double upgrade a try.

Of course you'll back up your config files...
-- 

Steve Szmidt

"To enjoy the right of political self-government, men must be 
capable of personal self-government - the virtue of self-control. 
A people without decency cannot be secure in its liberty.
From the Declaration Principles

AUUG 2006 Conference Preview - Lars Rasmussen and Peter Gutmann

[David Purdue]

This is the first in a series of previews of AUUG 2006 - The Conference for 
Unix, Linux and Open Source Professionals. This week we are highlighting 
keynote speakers Lars Rasmussen of  Google and Peter Gutmann of the University 
of Auckland.

Lars Rasmussen is a member of Google's technical staff and the lead  engineer 
of the team that created Google Maps.  Lars will discuss the  many pieces of 
the puzzle comprising Google Maps - in particular, the pros and cons of AJAX, 
and delve into some particular technical challenges that had to be met. Lars 
will also give a high-level overview of the challenges involved in working with 
spatial data: making it searchable, routable, and browsable.

Peter Gutmann is a self-confessed professional paranoid, who helped  write the 
popular PGP encryption package, has authored a number of papers and RFC's on 
security and encryption, and is the author of the open source Cryptlib security 
toolkit.

Peter will talk on the convergence of Internet Security Threats.  Just as the 
Internet has subsumed all earlier networking technology (ARPAnet, ATM, BITnet, 
DECnet, Ethernet, ISDN, JANET, NSFNET, and many more), so an omnibus Internet 
security threat is gradually  subsuming all earlier discrete threats (ID theft, 
phishing, script kiddies, spam, spyware, trojan horses, viruses). Instead of 
being small-scale (if prolific) nuisances perpetrated mostly by script kiddies, 
these blended threats are increasingly being created by professional 
programmers and managed by international criminal organisations. The 
Convergence of Internet Security Threats looks at the methods and technology 
behind this blended virus/trojan/spam/phishing/ID theft/credit card fraud 
threat, various less-than-effective attempts to address it via legislation, 
technology, and  press releases, and some suggestions for potentially effective 
legislation and other protective measures.

For more details on AUUG 2006 visit 
http://new.auug.org.au/events_store/auug2006/

I look forward to seeing you at AUUG 2006!

DavidP

pp Adrian Close, President, AUUG Inc.

Alice Box : rien a payer avant 2007 grace aux 3 mois offerts

[Alice Adsl]

Si vous disirez visualiser ce mail au format html, recopiez l'adresse suivante 
dans votre navigateur: 
http://www.eml-srv.net/view.html?id=2317&ref=24729\n\n\n\nSi vous disirez vous 
disinscrire, il suffit de cliquer sur le lien privu ou de recopier l'adresse 
suivante dans votre navigateur: 
http://www.eml-srv.net/desabo.html?ope=2317&[EMAIL PROTECTED]

Re: ACPI support on 3.9 for Toshiba Satellite laptop

[Marco Peereboom]

No.  We are actively working on it though.

On Wed, Sep 20, 2006 at 12:02:33PM +1000, atstake atstake wrote:
> I'm trying to get ACPI support on my Toshiba Satellite laptop (Phoenix
> bios) which runs 3.9-release. I read the acpid(8) manpage; but doing a
> "acpid -d" gives an error - "acpid: open: Device not configured."
> Also, there's no such file as "/etc/acpi/suspend" and
> "/etc/acpi/powerdown"
> 
> Is there any patch etc. available for ACPI support on 3.9 at this stage?
> 
> Here's my dmesg -
> 
> OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Mobile Intel(R) Pentium(R) 4 CPU 3.20GHz ("GenuineIntel"
> 686-class) 3.20 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
> real mem  = 468688896 (457704K)
> avail mem = 420491264 (410636K)
> using 4278 buffers containing 23535616 bytes (22984K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(49) BIOS, date 04/07/05, BIOS32 rev. 0 @ 0xfd700
> pcibios0 at bios0: rev 2.1 @ 0xfd700/0x900
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/224 (12 entries)
> pcibios0: no compatible PCI ICU found: ICU vendor 0x1002 product 0x434c
> pcibios0: PCI bus #3 is the last bus
> bios0: ROM list: 0xc/0xf000 0xd/0x6000! 0xd6000/0x800! 
> 0xd8000/0x1000
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "ATI RS300 Host" rev 0x02
> ppb0 at pci0 dev 1 function 0 "ATI Radeon IGP 9100 AGP" rev 0x00
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 5 function 0 "ATI Radeon Mobility IGP 9100" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> ohci0 at pci0 dev 19 function 0 "ATI SB200 USB" rev 0x01: irq 11,
> version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0
> uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1
> uhub0: 3 ports with 3 removable, self powered
> ohci1 at pci0 dev 19 function 1 "ATI SB200 USB" rev 0x01: irq 11,
> version 1.0, legacy support
> usb1 at ohci1: USB revision 1.0
> uhub1 at usb1
> uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1
> uhub1: 3 ports with 3 removable, self powered
> ehci0 at pci0 dev 19 function 2 "ATI SB200 USB2" rev 0x01: irq 11
> usb2 at ehci0: USB revision 2.0
> uhub2 at usb2
> uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1
> uhub2: 6 ports with 6 removable, self powered
> piixpm0 at pci0 dev 20 function 0 "ATI SB200 SMBus" rev 0x17: SMI
> iic0 at piixpm0
> pciide0 at pci0 dev 20 function 1 "ATI IXP200 IDE" rev 0x00: DMA,
> channel 0 configured to compatibility, channel 1 configured to
> compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
> wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0:  SCSI0
> 5/cdrom removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
> pcib0 at pci0 dev 20 function 3 "ATI SB200 PCI-ISA" rev 0x00
> ppb1 at pci0 dev 20 function 4 "ATI SB200 PCI-PCI" rev 0x00
> pci2 at ppb1 bus 2
> "Texas Instruments TSB43AB21 FireWire" rev 0x00 at pci2 dev 0 function
> 0 not configured
> ath0 at pci2 dev 2 function 0 "Atheros AR5212" rev 0x01: irq 11
> ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR4W, address 
> 00:90:96:72:4d:f1
> rl0 at pci2 dev 3 function 0 "Realtek 8139" rev 0x10: irq 11, address
> 00:02:3f:d3:3a:7b
> rlphy0 at rl0 phy 0: RTL internal PHY
> cbb0 at pci2 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 11
> cardslot0 at cbb0 slot 0 flags 0
> cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
> pcmcia0 at cardslot0
> auixp0 at pci0 dev 20 function 5 "ATI IXP200 AC97" rev 0x00: irq 11
> auixp0: soft resetting aclink
> auixp0: not up; resetting aclink hardware
> auixp0: not up; resetting aclink hardware
> auixp0: aclink hardware reset successful
> "ATI IXP200 Modem" rev 0x01 at pci0 dev 20 function 6 not configured
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: 
> spkr0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> biomask ef75 netmask ef75 ttymask fff7
> pctr: user-level cycle counter enabled
> ath1 at cardbus0 dev 0 function 0 "Atheros Communications, Inc.,
> AR5001--, Wireless LAN Reference Card": irq 11
> ath1: AR5213 7.9 phy 4.5 rf2112a 5.6: RF radio not supported
> dkcsum: wd0 matches BIOS drive 0x80
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302
> ac97: codec id 0x414c47

Re: Help with chroot

[Will Maier]

On Tue, Sep 19, 2006 at 09:59:38PM -0400, Kim Mackey wrote:
> Anyway the symptom is that when I visit my wiki site I go there
> with  the url 192.168.1.106/wiki/  but as it starts to load the
> page it  changes my url to
> myhost.my.domain/wiki/index.php/Main_Page and then  fails to load.
> but if I type the url as 192.168.1.106/wiki/index.php/ Man_Page it
> will load the page just fine.  From there I can click on  the
> links and every thing continues to work fine.  (On some pages if
> I leave the page up for a little while it will automaticallyswithc
> the url to the myhostname.my.domain and fail to load.  I just
> retype  the url with my local IP and things load back up fine
> again, but I  have to leave that page or it will fail again.

Either configure your wiki correctly or add a line to /etc/hosts.

hosts(5)

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

ACPI support on 3.9 for Toshiba Satellite laptop

[atstake atstake]

I'm trying to get ACPI support on my Toshiba Satellite laptop (Phoenix
bios) which runs 3.9-release. I read the acpid(8) manpage; but doing a
"acpid -d" gives an error - "acpid: open: Device not configured."
Also, there's no such file as "/etc/acpi/suspend" and
"/etc/acpi/powerdown"

Is there any patch etc. available for ACPI support on 3.9 at this stage?

Here's my dmesg -

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Mobile Intel(R) Pentium(R) 4 CPU 3.20GHz ("GenuineIntel"
686-class) 3.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 468688896 (457704K)
avail mem = 420491264 (410636K)
using 4278 buffers containing 23535616 bytes (22984K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(49) BIOS, date 04/07/05, BIOS32 rev. 0 @ 0xfd700
pcibios0 at bios0: rev 2.1 @ 0xfd700/0x900
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/224 (12 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1002 product 0x434c
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xf000 0xd/0x6000! 0xd6000/0x800! 0xd8000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ATI RS300 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "ATI Radeon IGP 9100 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon Mobility IGP 9100" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ohci0 at pci0 dev 19 function 0 "ATI SB200 USB" rev 0x01: irq 11,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 19 function 1 "ATI SB200 USB" rev 0x01: irq 11,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ehci0 at pci0 dev 19 function 2 "ATI SB200 USB2" rev 0x01: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 6 ports with 6 removable, self powered
piixpm0 at pci0 dev 20 function 0 "ATI SB200 SMBus" rev 0x17: SMI
iic0 at piixpm0
pciide0 at pci0 dev 20 function 1 "ATI IXP200 IDE" rev 0x00: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
pcib0 at pci0 dev 20 function 3 "ATI SB200 PCI-ISA" rev 0x00
ppb1 at pci0 dev 20 function 4 "ATI SB200 PCI-PCI" rev 0x00
pci2 at ppb1 bus 2
"Texas Instruments TSB43AB21 FireWire" rev 0x00 at pci2 dev 0 function
0 not configured
ath0 at pci2 dev 2 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR4W, address 00:90:96:72:4d:f1
rl0 at pci2 dev 3 function 0 "Realtek 8139" rev 0x10: irq 11, address
00:02:3f:d3:3a:7b
rlphy0 at rl0 phy 0: RTL internal PHY
cbb0 at pci2 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 11
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
auixp0 at pci0 dev 20 function 5 "ATI IXP200 AC97" rev 0x00: irq 11
auixp0: soft resetting aclink
auixp0: not up; resetting aclink hardware
auixp0: not up; resetting aclink hardware
auixp0: aclink hardware reset successful
"ATI IXP200 Modem" rev 0x01 at pci0 dev 20 function 6 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ef75 netmask ef75 ttymask fff7
pctr: user-level cycle counter enabled
ath1 at cardbus0 dev 0 function 0 "Atheros Communications, Inc.,
AR5001--, Wireless LAN Reference Card": irq 11
ath1: AR5213 7.9 phy 4.5 rf2112a 5.6: RF radio not supported
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
ac97: codec id 0x414c4740 (Avance Logic ALC202)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, Realtek 3D
audio0 at auixp0

Re: Help with chroot

[Kim Mackey]

OK,  I finally have it working at about 99%.  Maybe not quite that  
much depending on how you look at it.



the final problem I am having is probably related to how I set up my  
network when I installed OpenBSD 3.9  In previous installations of  
OpenBSD I just accepted the defaults during the network card setup  
and everything worked out ok.  this time I have been struggling with  
my host name and domain name.  The problem for me right now is I  
don't have a domain name for this network and before my domain was  
just defaulted to my.domain.  But now It seems to want to act like I  
am some how a DNS or something, I'm not sure.


Anyway the symptom is that when I visit my wiki site I go there with  
the url 192.168.1.106/wiki/  but as it starts to load the page it  
changes my url to myhost.my.domain/wiki/index.php/Main_Page and then  
fails to load.  but if I type the url as 192.168.1.106/wiki/index.php/ 
Man_Page it will load the page just fine.  From there I can click on  
the links and every thing continues to work fine.  (On some pages if  
I leave the page up for a little while it will automaticallyswithc  
the url to the myhostname.my.domain and fail to load.  I just retype  
the url with my local IP and things load back up fine again, but I  
have to leave that page or it will fail again.


I hope I can fix this problem without having to reinstall OpenBSD  
(and all) again.


K. Mackey

Re: playing flash videos

[riwanlky]

Got it compile, opera-flashplugins. Sorry for the noise.
It seem that I could connect to ~jolan/ today.

the opera-flashplugin is working today. =))

Thanks and best regards,
Riwan

At 09:55 PM 9/19/2006 +0700, riwanlky wrote:

Yes, it is in the FAQ 13

One candidate is the Opera web browser, available in the ports tree.
OpenBSD does not distribute packages for it, since Opera's license is not
clear about its redistribution. However, installation should not take long,
since it is distributed in binary form by Opera Software. After that you
can easily install the Flash plugin from the ports tree.
# cd /usr/ports/www/opera
# make install
# cd /usr/ports/www/opera-flashplugin
# make install

Try to make install in /usr/ports/www/opera-flashplugin and it will try to
fetch
flash-7.0r61.tar.gz, it wouldn't find it anywhere. Then go for ipv6,
getting no route and
exit.

Standard Flash plugin? Will it run on OpenBSD? You mean it will run
on the Opera in Red Hat emulation? It is what I am trying to do. Compile 
error.


=(

Thanks and Best regards,
Riwan

At 04:07 PM 9/19/2006 +0200, Joachim Schipper wrote:
>On Tue, Sep 19, 2006 at 05:05:50PM +0700, riwanlky wrote:
> > After looking for a while for multimedia firefox plugins, I am glad to
> > hear that there is flash plugins (well, after trying to compile, without
> > any luck to
> > get vlc plugin for mozilla from ports) from redhat emulation.
> >
> > However I tried to compile the opera-plugins, however I could not
> > get flash-7.0r61.tar.gz from http://mirrors.protection.cx/~jolan and
> > elsewhere.
> >
> > Would appreciate if anyone can share the clue.
> >
> > I will like to try Gnash, however I am very new, and what is CVS?
>
>Better wait for a port if you have to ask. ;-)
>
>Why not just install the standard Flash plugin? Sure, there are very
>real reasons to dislike it, but if you want Flash it's the way to go for
>now. And it's documented in the FAQ...
>
> Joachim

Re: Upgrading 3.7 -> 3.9

[ICMan]

Thank you for the advice, everyone.  I don't want to lose my current 
configuration, so I think I will give the double upgrade a try.


S

Jack J. Woehr wrote:



On Sep 19, 2006, at 1:02 PM, Patsy wrote:


so I think a reasonable pointer would be: upgrade to 3.8, then to 3.9,
or if that's too much hassle, reinstall, it's probably a lot simpler.



I went from 3.7 to 3.9 that way, two steps, with no problem.

*-- *
*Jack J. Woehr*
*Director of Development*
*Absolute Performance, Inc.*
[EMAIL PROTECTED] *
*303-443-7000 ext. 527*
*
*

Re: Cisco/Atheros G card

[Greg Thomas]

On 9/19/06, Nick Guenther <[EMAIL PROTECTED]> wrote:

On 9/18/06, Steve Shockley <[EMAIL PROTECTED]> wrote:
> I've got a "Cisco" Atheros card, it shows up in dmesg as:
>
> ath0 at cardbus1 dev 0 function 0 "Atheros Communications, Inc.,
> AR5001--, Wireless LAN Reference Card": irq 11
> ath0: AR5213 5.6 phy 4.1 rf5112 3.6, FCC1A, address 00:40:96:a1:49:3c
>

It seems no one has responded to you yet. I will. The AR5213 is not as
well supported as other models, and even the other models don't always
work.

It might be fixed in -CURRENT, or you could just wait for 4.0 to come out.



It looks like Reyk is currently working on ath, see the "ath(4)
testers needed: AR2413, AR5413, AR5424 and AR5212 11a mode" message.
He specifically mentions the status of AR5213 in his message.

Greg

Re: trying to build mod_python on OpenBSD

[Dimitry Andric]

edgar mortiz wrote:
> trying to build mod_python on OpenBSD 3.7 with the following configuration.
> 
> Python 2.4 (source build) --disabled-share
> Apache 2.0.59 --enable-so
> mod_python 3.2.10 --with-apxs

OpenBSD comes with Apache 1.3.29, so you should try mod_python 2.7.1
instead.  A quick test here shows that at least compiles and installs
without any problems, using the system Apache and the python 2.4 port.
Whether it actually works in the chroot, I haven't tried yet... :)

Re: soekris boot console

[Fred Crowson]

Gustavo Rios wrote:

I am trying to get soekris box boot with information to the console,
but no success so far.

I am doing this in my workstation and the only message i see is 
"connectec".


Does any body have any tips ?

# cu -l cua00 -s 19200
Connected


Are you sure cua00 is the correct calling unit?

You will always get a Connected message if the device exists even if 
it's not connected to anything.


The default install only has 4 calling units cua00 to cua03, thus I had 
to use /dev/MAKEDEV tty04 to create cua04 for my fourth serial console 
on one box:


nike:fred /home/fred> grep pccom /var/run/dmesg.boot
pccom3 at puc0 port 0 irq 11: ns16550a, 16 byte fifo
pccom4 at puc0 port 1 irq 11: ns16550a, 16 byte fifo
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo

HTH
Fred
PS a dmesg would be helpful...
--
OpenBSD on the Zaurus C3200
http://www.crowsons.net/puters/zaurus.php

Re: Cisco/Atheros G card

[Nick Guenther]

On 9/18/06, Steve Shockley <[EMAIL PROTECTED]> wrote:

I've got a "Cisco" Atheros card, it shows up in dmesg as:

ath0 at cardbus1 dev 0 function 0 "Atheros Communications, Inc.,
AR5001--, Wireless LAN Reference Card": irq 11
ath0: AR5213 5.6 phy 4.1 rf5112 3.6, FCC1A, address 00:40:96:a1:49:3c



It seems no one has responded to you yet. I will. The AR5213 is not as
well supported as other models, and even the other models don't always
work.

It might be fixed in -CURRENT, or you could just wait for 4.0 to come out.

-Nick

Re: USB hard drives

[Default User]

On 2006/09/16 23:49, Default User wrote:
Does OpenBSD 3.9 RELEASE support usb external hard drives?

On Sun, 2006-09-17 at 02:21 +0100, Stuart Henderson wrote:
Generally yes, this type of drive is supported by umass(4).


CONFIRMED.  

At least the Seagate 6Gb "pocket" USB external hard drive works fine
under OpenBSD i386 RELEASE.  It does indeed use the umass driver, which
is already installed by default.  It works on both a desktop workstation
and a laptop.  

Thanks for the replies.  

Re: Faster SBC

[Thomas Börnert]

i've ordered this one here and will test it next week ...

http://www.ipc2u.de/catalog/E/EL/33640.html

Thomas

On Tue, 2006-09-19 at 09:34 +0100, Stuart Henderson wrote:
> On 2006/09/19 08:34, Siegbert Marschall wrote:
> > > I thought these look interesting, has anyone tried them already?
> > > http://www.win-ent.com/MB-06047.htm
> > >
> > no and since it is nvidia based i think not many of us are interested.
> 
> ...and nobody's interested enough to write nfe(4) either, right?
> 
> Funnily enough, I've had a lot less trouble with nvidia-based boards
> on OpenBSD than the other amd64 chipsets which I've tried.
> 
> I'm thinking along the lines of a faster but still reasonably low-power
> alternative to soekris/WRAP-type systems. I know there are other people
> interested in that. Care to suggest any alternatives?

trying to build mod_python on OpenBSD

[edgar mortiz]

trying to build mod_python on OpenBSD 3.7 with the following configuration.

Python 2.4 (source build) --disabled-share
Apache 2.0.59 --enable-so
mod_python 3.2.10 --with-apxs

I was able to get as far as the make part on mod_python but whenver i
do make install mod_python breaks I've been looking at how the build
goes and the only think that looks like it's not cooperating is this
part



*** Warning: linker path does not have real file for library -lpython2.4.
*** I have the capability to make that library automatically link in when
*** you link to this library.  But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libpython2.4 and none of the candidates passed a file format test
*** using a regex pattern. Last file checked:
/usr/local/lib/python2.4/config/libpython2.4.a

*** Warning: libtool could not satisfy all declared inter-library
*** dependencies of module mod_python.  Therefore, libtool will create
*** a static module, that should work as long as the dlopening
*** application is linked with the -dlopen flag.



looks like libtool doesn't like my python source brewed.


any suggestions would be gladly appreciated.




thanks,
-eD

Re: soekris boot console

[Damian Wiest]

On Tue, Sep 19, 2006 at 02:17:35PM -0400, Michael Hernandez wrote:
> On Sep 19, 2006, at 1:58 PM, Gustavo Rios wrote:
> 
> >My soekris is a net4801-60. I am trying to access it before i can see
> >the speed !
> >
> 
> 
> You need a null modem cable.  Check this link out, I found it the  
> other day
> 
> http://www.ultradesic.com/?section=34
> 
> Mike

A plain old serial cable should work fine assuming the line settings 
are correct.  What are the specs for the serial port on the Soekris 
board?  Are you sure you have the flow control, data bits, stop bits, 
parity and speed set properly?  Also, you may find that kermit is easier
to use than tip.  I've been using it to interface with my Denon AVR2805
receiver and it works great.

My guess is that you have the flow control set improperly.  Sometimes 
the correct setting isn't documented, so you'll have to experiment.

-Damian

Re: How is xlock authenticating?

[Ted Unangst]

On 9/19/06, Peter Philipp <[EMAIL PROTECTED]> wrote:

I had a look around the system today, actually I think I musta been high
these last few weeks/months because xlock ceased authenticating.  Now I
took a look at the /etc/spwd.db file and here are its permissions:

-rw-r-  1 root  _shadow  40960 Sep 19 17:15 /etc/spwd.db

Notice:  group _shadow

This is important.

-rwxr-sr-x  1 root  auth  2303706 Aug 18 06:49 /usr/X11R6/bin/xlock

That's the permissions of xlock, on OpenBSD/amd64 and OpenBSD/i386.

How exactly is OpenBSD's xlock communicating with the master password file?

Is there another program it exec's that is setgid to _shadow?  Just wondering,
seems kinda odd..


look at the /usr/libexec/auth directory.

Re: FTP-proxy

[Rod Dorman]

On Tuesday, September 19, 2006, 15:07:37, Alan Smith wrote:
> I am trying once again to set up ftp-proxy to use at work. My problem is
> that we have a Cisco PIX which I'm not allowed get rid of
>   ...
> or a machine with dual nics - one inside and one outside the firewall.

This is effectively getting rid of the PIX!

If  its got both an inside and outside interface it can be configured as
a gateway such that any inside host can get outside completely bypassing
the PIX.  Are you sure your network admins are OK with that?

-- 
[EMAIL PROTECTED] "The avalanche has already started, it is too
Rod Dorman  late for the pebbles to vote." - Ambassador Kosh

Re: OpenBSD dedicated hosting

[Marcos Laufer]

The company i work for offers OpenBSD webhosting.
You can check www.ipv4networks.com OpenBSD based hosting
solutions. All unix servers are running OpenBSD and all services
are distributed in different servers.
Don't get scared by the numbers , those prices are in argentinian pesos , 
so you should divide those numbers by three, 1 u$s = 3.00 pesos$
Let me know if i can help with someting

Regards,
Marcos Laufer

- Original Message - 
From: "Gilles Chehade" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, September 16, 2006 8:52 PM
Subject: OpenBSD dedicated hosting


Hi misc@,

I am looking for companies that provide OpenBSD-powered dedicated hosting.
Currently, I am being hosted by a french company which turned out to be as
incompetent as can be, and I am willing to switch as soon as possible
(preferably before the 25th of September).

I have google-d a bit and found out a few companies, but its hard to know
in advance which are competent and which will drive me into depression. So
I'm turning to you, if you know of companies that do good work, that aren't
too expensive and that provide OpenBSD based services, please mail me
off-list so I can start digging their offers.

Thanks a lot people ;)

Re: Upgrading 3.7 -> 3.9

[Jack J. Woehr]

On Sep 19, 2006, at 1:02 PM, Patsy wrote:

> so I think a reasonable pointer would be: upgrade to 3.8, then to 3.9,
> or if that's too much hassle, reinstall, it's probably a lot simpler.

I went from 3.7 to 3.9 that way, two steps, with no problem.

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Low priority or real coders

[Benjamin Collins]

On Fri, Sep 15, 2006 at 11:09:03AM -0700, Chris Cappuccio wrote:
> Highlighting makes source code impossible to read to someone who
> isn't used to it.  I'm really perplexed about how people think that
> having each line of source code in six different colors somehow
> makes things clearer.

That's a pretty broad generalization, and pretty hard to defend - as
others have pointed out, these things are all highly dependent on the
person and the environment.

Anyway, I did have something (small) to add to the thread: I sometimes
like to do

$ env TERM=vt220 emacs -nw somefile.c

so that the highlighting is done only with bold type and
background/foreground reversal.  It makes things easier for me to pick
out quickly, but it doesn't leave me feeling illiterate when I see
code that isn't highlighted.

Just my $0.02.

--
Benjamin Collins

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Upgrading 3.7 -> 3.9

[Patsy]

On Tue, 19 Sep 2006, ICMan wrote:
> I want to upgrade from 3.7 to 3.9.  Can someone give me some pointers?
http://www.openbsd.org/faq/upgrade39/html

Particularly the sentence:"Upgrades are only supported from one release to
the release immediately following it. Do not skip releases."

so I think a reasonable pointer would be: upgrade to 3.8, then to 3.9,
or if that's too much hassle, reinstall, it's probably a lot simpler.

Regards,
Patsy

FTP-proxy

[Alan Smith]

Folks,

I am trying once again to set up ftp-proxy to use at work. My problem is
that we have a Cisco PIX which I'm not allowed get rid of so I may be
trying a non-standard use of ftp-proxy. It may not even be designed to
work this way so a quick 'yes, it will work' or 'not a hope in hell!!'
would be great. Pointers in the right direction would also be nice ;-)

I'm trying to use 3.9  (rebuilt and made new release last week).

All users behind the firewall have web access through a proxy (squid)
which also allows them download ftp access only. Unfortunately some
users need upload access too and I'm hoping that ftp-proxy can do what I
need.

I can either use a machine with a single nic inside the firewall and
give that machine full access through the PIX, or a machine with dual
nics - one inside and one outside the firewall.

Will either of these configs work or will ftp-proxy only work when the
machine it is running on is the actual firewall? If it will run a
non-firewall machine, can you please point me in the right direction ; I
do not expect a complete pf.conf or anything like that. I'm happy to
spend time on this if I know a certain config will work - I just can't
afford to waste time on something that will never work!! I have played a
little with the dual nic config but not sure if it just will never work
or if I've buggered something in pf.conf.

Many, many thanks to any who reply.

Alan Smith.

Re: Upgrading 3.7 -> 3.9

[Will Maier]

On Tue, Sep 19, 2006 at 02:28:06PM -0400, ICMan wrote:
> I want to upgrade from 3.7 to 3.9.  Can someone give me some pointers?

http://www.openbsd.org/faq/

If you have specific problems, ask here again. You may find it
easier to simply reinstall.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*

Re: Upgrading 3.7 -> 3.9

[viq]

On Tuesday 19 September 2006 20:28, ICMan wrote:
> Hi all,
>
> I want to upgrade from 3.7 to 3.9.  Can someone give me some pointers?

http://openbsd.org/faq/upgrade38.html
http://openbsd.org/faq/upgrade39.html

You may also find mergemaster useful, available as package or as port in 
sysutils.

> Thanks

-- 
viq

ath(4) testers needed: AR2413, AR5413, AR5424 and AR5212 11a mode

[Reyk Floeter]

hi,

i recently enabled support for some newer wireless chipsets from
atheros, like the AR2413, AR5413, and AR5424 single chip solutions.

please also test it if you have an intel-based mac - the integrated
wireless NIC is based on the pci express AR5424 chipset.

it's not fully working, yet. my AR5413 works in 11a mode, 11b mode is
still broken. please send me some test reports, your dmesg output and
have a look at tcpdump.

- i have a AR5413 cardbus device (PHILIPS SNN6500):

ath1 at cardbus0 dev 0 function 0 "Atheros Communications, Inc., 
AR5001--, Wireless LAN Reference Card": irq 11
ath1: AR5413 10.5 phy 6.1 rf 6.3, WOR0W, address 00:12:bf:0e:7d:36

- the interface associates to the 11a ap:

# ifconfig ath1 up  
# ifconfig ath1  
ath1: flags=8863 mtu 1500
lladdr 00:12:bf:0e:7d:36
media: IEEE802.11 autoselect (OFDM54)
status: active
ieee80211: nwid "SSID 1" chan 48 bssid 00:14:c2:b3:b1:d0 34%
inet6 fe80::212:bfff:fe0e:7d36%ath1 prefixlen 64 scopeid 0x9

- i can see 11b frames, and the AR5213 gets replies to probe requests
(rx/tx). nevertheless, association doesn't work, yet.

# tcpdump -y ieee802_11_radio -eni ath1 
tcpdump: WARNING: ath1: no IPv4 address assigned
tcpdump: listening on ath1, link-type IEEE802_11_RADIO
20:13:53.753750 0:12:bf:e:7d:36 > ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff: 
802.11: probe request, 
20:13:53.756807 0:9:5b:ad:b:70 > 0:12:bf:e:7d:36, bssid 0:9:5b:ad:b:70: 802.11: 
probe response, ssid (WLAN), rates, ds, cf, erp, xrates, 
20:13:53.815919 0:9:5b:ad:b:70 > ff:ff:ff:ff:ff:ff, bssid 0:9:5b:ad:b:70: 
802.11: beacon, ssid (WLAN), rates, ds, cf, tim, erp, xrates, 

just test -current.

reyk

Upgrading 3.7 -> 3.9

[ICMan]

Hi all,

I want to upgrade from 3.7 to 3.9.  Can someone give me some pointers?

Thanks

Re: soekris boot console

[Michael Hernandez]

On Sep 19, 2006, at 1:58 PM, Gustavo Rios wrote:


My soekris is a net4801-60. I am trying to access it before i can see
the speed !




You need a null modem cable.  Check this link out, I found it the  
other day


http://www.ultradesic.com/?section=34

Mike

EuroOSCon Brussels 20 September

[Wim Vandeputte]

Hey,

just a quick heads up: OpenBSD will be present at EuroOSCon in Brussels
tomorrow, if somebody wants to give a helping hand, I have some extra
badges ;-)

http://conferences.oreillynet.com/euos2006/

Call me at +32 478 21 73 55 if you can't find me

Wim.

-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
https://kd85.com/notforsale.html
 --

Re: soekris boot console

[Stuart Henderson]

On 2006/09/19 10:27, Spruell, Darren-Perot wrote:
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> > I am trying to get soekris box boot with information to the 
> > console, but no success so far.

Primary suspect is the cable. If speeds were wrong, you'd see
something like random characters. You should be able to connect the
cable between two standard PCs and run terminal software on each,
type characters on one and see them come out of the other.

Be sure you're using a null modem adapter or cable ("laplink cable"
will often substitute), this is not the same thing as a "gender
changer". Specifically pins 2 and 3 must be crossed-over, pin 5
straight through.

> > I am doing this in my workstation and the only message i see 
> > is "connectec".
> >
> > Does any body have any tips ?
> > 
> > # cu -l cua00 -s 19200
> > Connected
> 
> Take a look at the comments in /etc/remote. You probably want tty instead of
> cua.

other way round; cua is callout, tty is for attaching terminals to.
See tty(4). It matters most when you share a device between tty and
callout.

Re: soekris boot console

[Gustavo Rios]

My soekris is a net4801-60. I am trying to access it before i can see
the speed !

On 9/19/06, Spruell, Darren-Perot <[EMAIL PROTECTED]> wrote:

From: Gustavo Rios [mailto:[EMAIL PROTECTED]
> > > I am trying to get soekris box boot with information to
> the console,
> > > but no success so far.
> > >
> > > I am doing this in my workstation and the only message i see is
> > > "connectec".
> > >
> > > Does any body have any tips ?
> > >
> > > # cu -l cua00 -s 19200
> > > Connected
> >
> > Take a look at the comments in /etc/remote. You probably want tty
> > instead of cua.
> >
> > I use:
> >
> > $ tip -19200 tty00
> Ok! The same again:
>
> # tip -19200 tty00
> connected
>
> Nothing is show.

Is your Soekris console set to 19200? Are you connecting with the right kind
of serial cable?

DS

Re: soekris boot console

[Gustavo Rios]

It sound very strange, i see no soekris output. I am using a
female-male cable connector with a gender changer adapter on one cable
end.

Could it be the problem ?

thanks in advance.

On 9/19/06, Gustavo Rios <[EMAIL PROTECTED]> wrote:

Ok! The same again:

# tip -19200 tty00
connected

Nothing is show.

On 9/19/06, Spruell, Darren-Perot <[EMAIL PROTECTED]> wrote:
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > I am trying to get soekris box boot with information to the
> > console, but no success so far.
> >
> > I am doing this in my workstation and the only message i see
> > is "connectec".
> >
> > Does any body have any tips ?
> >
> > # cu -l cua00 -s 19200
> > Connected
>
> Take a look at the comments in /etc/remote. You probably want tty instead of
> cua.
>
> I use:
>
> $ tip -19200 tty00
>
> DS

Re: soekris boot console

[Spruell, Darren-Perot]

From: Gustavo Rios [mailto:[EMAIL PROTECTED] 
> > > I am trying to get soekris box boot with information to 
> the console, 
> > > but no success so far.
> > >
> > > I am doing this in my workstation and the only message i see is 
> > > "connectec".
> > >
> > > Does any body have any tips ?
> > >
> > > # cu -l cua00 -s 19200
> > > Connected
> >
> > Take a look at the comments in /etc/remote. You probably want tty 
> > instead of cua.
> >
> > I use:
> >
> > $ tip -19200 tty00
> Ok! The same again:
> 
> # tip -19200 tty00
> connected
> 
> Nothing is show.

Is your Soekris console set to 19200? Are you connecting with the right kind
of serial cable?

DS

Re: soekris boot console

[Gustavo Rios]

Ok! The same again:

# tip -19200 tty00
connected

Nothing is show.

On 9/19/06, Spruell, Darren-Perot <[EMAIL PROTECTED]> wrote:

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> I am trying to get soekris box boot with information to the
> console, but no success so far.
>
> I am doing this in my workstation and the only message i see
> is "connectec".
>
> Does any body have any tips ?
>
> # cu -l cua00 -s 19200
> Connected

Take a look at the comments in /etc/remote. You probably want tty instead of
cua.

I use:

$ tip -19200 tty00

DS

Re: soekris boot console

[Spruell, Darren-Perot]

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> I am trying to get soekris box boot with information to the 
> console, but no success so far.
> 
> I am doing this in my workstation and the only message i see 
> is "connectec".
> 
> Does any body have any tips ?
> 
> # cu -l cua00 -s 19200
> Connected

Take a look at the comments in /etc/remote. You probably want tty instead of
cua.

I use:

$ tip -19200 tty00

DS

soekris boot console

[Gustavo Rios]

I am trying to get soekris box boot with information to the console,
but no success so far.

I am doing this in my workstation and the only message i see is "connectec".

Does any body have any tips ?

# cu -l cua00 -s 19200
Connected

Re: How is xlock authenticating?

[Stuart Henderson]

On 2006/09/19 18:23, Peter Philipp wrote:
> Is there another program it exec's that is setgid to _shadow?  Just wondering,
> seems kinda odd..

see the files in /usr/libexec/auth. btw, I don't think you need to
send the same message to both misc@ and tech@, it's probably better to
pick just one.

How is xlock authenticating?

[Peter Philipp]

Hello dear OpenBSD,

I had a look around the system today, actually I think I musta been high
these last few weeks/months because xlock ceased authenticating.  Now I
took a look at the /etc/spwd.db file and here are its permissions:

-rw-r-  1 root  _shadow  40960 Sep 19 17:15 /etc/spwd.db

Notice:  group _shadow

This is important.

-rwxr-sr-x  1 root  auth  2303706 Aug 18 06:49 /usr/X11R6/bin/xlock

That's the permissions of xlock, on OpenBSD/amd64 and OpenBSD/i386.

How exactly is OpenBSD's xlock communicating with the master password file?

Is there another program it exec's that is setgid to _shadow?  Just wondering,
seems kinda odd..

Please help me for I am a blind man, and the system is complex.  (plus I 
don't have the XF4 sources handy, to go through the xlock sources..)

Have a nice day,

-p

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
"http://en.wikipedia.org/w/index.php?title=Pufferfish&oldid=20768394"; | sed -n 
131,136p  http://centroid.eu  So long and thanks for all the fish!!!

Re: autoconf

[Deanna Phillips]

edgar mortiz writes:

> # autoconf --version
> Provide an AUTOCONF_VERSION environment variable, please
>
> I use to have like 3 different versions of autoconf I've removed the
> rest and kept the latest
>
> # pkg_info autoconf
> Information for autoconf-2.59
>
> using OpenBSD 3.7

try pkg_info metaauto.

This is an OpenBSD feature.  Just do what the error message
says, and put your autoconf version in the environment.

offerta speciale

[Novit]

Finalmente potrete illuminare posti non raggiungibili dalla corrente elettrica
evitando le bollette elettriche!!!



LAMPIONE SOLARE mod. GREEN








Prezzo 2.800,00+iva (1.540,00 + iva fino al 10 Novembre 2006)

DISPONIBILE(pochi pezzi disponibili).










Un lampione auto-alimentato installabile su incroci strade, parchi e zone
rurali per aumentare la sicurezza e la visibilit`.



Cosh
H un lampione che funziona senza lutilizzo alla rete elettrica

esso infatti utilizza il sistema fotovoltaico.

Benefici
- permette di risparmiare costi di allaccio elettrico

- costi per lestensione della linea elettrica esistente
- evita bollette di consumo elettrico
- posa in opera in qualsiasi luogo
- sistema ecologico

Come funziona
H una soluzione innovativa per lilluminazione di strade, piazzali, incroci
dislocati in aree non raggiunte dalla rete elettrica. il lampione non
necessita di alcun allaccio alla rete ma si alimenta mediante sfruttamento
dellenergia solare.

Una soluzione ecologica per diffondere luce nel corso della notte in ambienti
che altrimenti rimarrebbero oscuri, a danno della sicurezza di passanti e
degli automobilisti.

Installare un lampione tradizionale in zone non servite dalla rete elettrica
comporta alti costi per cavidotti scavi, riasfaltature e ripristini. Il
lampione solare invece h svincolato da questi problemi, in virty della sua
alternativa fonte energetica che ne impedisce i black out dalla rete.

 Ne conseguono semplicit` ed immediatezza di installazione, nessun costo di
manutenzione.

Il lampione si accende automaticamente al tramonto e si spegne allalba, e il
suo funzionamento si ispira alle logiche del risparmio energetico.  La
centralina di controllo infatti adegua la durata della lampada alla
disponibilit` di energia immagazzinata in batteria con un minimo di durata
programmata di 6 ore a partire dal tramonto.



Il kit h costituito dai seguenti componenti:

Modulo fotovoltaico con struttura di ancoraggio al palo e contenimento sistema
di accumulo e gestione

Regolatore di carica EVERLIGHT

Plafoniera Parabola completa di bulbo a led ad ottica bianca 3000 Lumen max

Braccetto di sostegno

Batteria semistazionaria



 P.S. Si tratta di un prodotto che potrebbe cambiare situazioni di pericolo in
modo molto positivo


P.P.S.: ora fatti un favore, REGALATI QUESTO PRODOTTO. Ha un enorme valore per
il tuo Ente! Anche tu sai quanto vale e cosa pur darti.



P.P.P.S.: giustamente vuoi essere sicuro che questo sia il prodotto piy
giusto. Bene, hai trovato l'azienda che fa per te, infatti i nostri esperti
sono a tua completa disposizione! Contattaci subito per trovare risposta ai
tuoi dubbi o per un semplice consiglio o anche per approfondire gli argomenti
che piy ti interessano! Senza alcun impegno e assolutamente gratis!














  Iscriviti per essere sempre aggiornato
  sulle nuove idee
  proposte da Everlight ...









VISITA IL NOSTRO SITO: www.everlight.it

SFOGLIA IL NOSTRO CATALOGO: www.everlight.net





Via Martiri della Libert`, 78

66054 Vasto (CH)

Tel 0873.69659 Fax 0873.753116

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
1.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
2.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
3.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
4.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
5.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
6.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
7.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
8.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
9.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
10.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
11.jpg]

Re: autoconf

[Stuart Henderson]

On 2006/09/19 09:19, edgar mortiz wrote:
> can you guys help me out on fixing this issue I'm having with autoconf

do exactly what it says:

> # autoconf --version
> Provide an AUTOCONF_VERSION environment variable, please

e.g. AUTOCONF_VERSION=2.59 autoconf

Re: feature req: vnconfig should work on readonly fs; round 3

[Pedro Martelletto]

On Mon, Sep 11, 2006 at 03:59:45PM +, Paul Stoeber wrote:
> Let's see if I can get this closer to right.
> The patch is against and tested on -current.
> Thank you, Pedro, for your help.

Paul,

Here's a slightly revised version of your patch. It would be nice to
have a couple of test reports on it (from people on misc@).

-p.

Index: sys/dev/vnd.c
===
RCS file: /cvs/src/sys/dev/vnd.c,v
retrieving revision 1.62
diff -u -p -r1.62 vnd.c
--- sys/dev/vnd.c   13 Aug 2006 17:55:07 -  1.62
+++ sys/dev/vnd.c   19 Sep 2006 15:40:17 -
@@ -142,6 +142,9 @@ struct vnd_softc {
 #defineVNF_HAVELABEL   0x0400
 #defineVNF_BUSY0x0800
 #defineVNF_SIMPLE  0x1000
+#defineVNF_READONLY0x2000
+
+#defineVNDRW(v)((v)->sc_flags & VNF_READONLY ? FREAD : 
FREAD|FWRITE)
 
 struct vnd_softc *vnd_softc;
 int numvnd = 0;
@@ -234,6 +237,11 @@ vndopen(dev, flags, mode, p)
if ((error = vndlock(sc)) != 0)
return (error);
 
+   if ((flags & FWRITE) && (sc->sc_flags & VNF_READONLY)) {
+   error = EROFS;
+   goto bad;
+   }
+
if ((sc->sc_flags & VNF_INITED) &&
(sc->sc_flags & VNF_HAVELABEL) == 0) {
sc->sc_flags |= VNF_HAVELABEL;
@@ -817,20 +825,26 @@ vndioctl(dev, cmd, addr, flag, p)
}
 
/*
-* Always open for read and write.
-* This is probably bogus, but it lets vn_open()
-* weed out directories, sockets, etc. so we don't
-* have to worry about them.
+* Open for read and write first. This lets vn_open() weed out
+* directories, sockets, etc. so we don't have to worry about
+* them.
 */
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, vio->vnd_file, p);
-   if ((error = vn_open(&nd, FREAD|FWRITE, 0)) != 0) {
+   vnd->sc_flags &= ~VNF_READONLY; 
+   error = vn_open(&nd, FREAD|FWRITE, 0);
+   if (error == EROFS) {
+   vnd->sc_flags |= VNF_READONLY;
+   error = vn_open(&nd, FREAD, 0);
+   }
+   if (error) {
vndunlock(vnd);
return (error);
}
+
error = VOP_GETATTR(nd.ni_vp, &vattr, p->p_ucred, p);
if (error) {
VOP_UNLOCK(nd.ni_vp, 0, p);
-   (void) vn_close(nd.ni_vp, FREAD|FWRITE, p->p_ucred, p);
+   (void) vn_close(nd.ni_vp, VNDRW(vnd), p->p_ucred, p);
vndunlock(vnd);
return (error);
}
@@ -838,7 +852,7 @@ vndioctl(dev, cmd, addr, flag, p)
vnd->sc_vp = nd.ni_vp;
vnd->sc_size = btodb(vattr.va_size);/* note truncation */
if ((error = vndsetcred(vnd, p->p_ucred)) != 0) {
-   (void) vn_close(nd.ni_vp, FREAD|FWRITE, p->p_ucred, p);
+   (void) vn_close(nd.ni_vp, VNDRW(vnd), p->p_ucred, p);
vndunlock(vnd);
return (error);
}
@@ -851,7 +865,7 @@ vndioctl(dev, cmd, addr, flag, p)
 
if ((error = copyin(vio->vnd_key, key,
vio->vnd_keylen)) != 0) {
-   (void) vn_close(nd.ni_vp, FREAD|FWRITE,
+   (void) vn_close(nd.ni_vp, VNDRW(vnd),
p->p_ucred, p);
vndunlock(vnd);
return (error);
@@ -1087,7 +1101,7 @@ vndclear(vnd)
vnd->sc_flags &= ~VNF_INITED;
if (vp == (struct vnode *)0)
panic("vndioctl: null vp");
-   (void) vn_close(vp, FREAD|FWRITE, vnd->sc_cred, p);
+   (void) vn_close(vp, VNDRW(vnd), vnd->sc_cred, p);
crfree(vnd->sc_cred);
vnd->sc_vp = (struct vnode *)0;
vnd->sc_cred = (struct ucred *)0;
Index: usr.sbin/vnconfig/vnconfig.c
===
RCS file: /cvs/src/usr.sbin/vnconfig/vnconfig.c,v
retrieving revision 1.18
diff -u -p -r1.18 vnconfig.c
--- usr.sbin/vnconfig/vnconfig.c1 Jul 2006 07:36:27 -   1.18
+++ usr.sbin/vnconfig/vnconfig.c19 Sep 2006 15:40:17 -
@@ -226,9 +226,9 @@ config(char *dev, char *file, int action
char *rdev;
int rv;
 
-   if (opendev(dev, O_RDWR, OPENDEV_PART, &rdev) < 0)
+   if (opendev(dev, O_RDONLY, OPENDEV_PART, &rdev) < 0)
err(4, "%s", rdev);
-   f = fopen(rdev, "rw");
+   f = fopen(rdev, "r");
if (f == NULL) {
warn("%s", rdev);
rv = -1;

autoconf

[edgar mortiz]

can you guys help me out on fixing this issue I'm having with autoconf

# autoconf --version
Provide an AUTOCONF_VERSION environment variable, please

I use to have like 3 different versions of autoconf I've removed the
rest and kept the latest

# pkg_info autoconf
Information for autoconf-2.59

using OpenBSD 3.7


It seems that this is the one that is causing issues on building
mod_python on OpenBSD

Apache 2.0
mod_python


any help  thank you

-eD

Re: playing flash videos

[riwanlky]

Yes, it is in the FAQ 13

One candidate is the Opera web browser, available in the ports tree. 
OpenBSD does not distribute packages for it, since Opera's license is not 
clear about its redistribution. However, installation should not take long, 
since it is distributed in binary form by Opera Software. After that you 
can easily install the Flash plugin from the ports tree.
# cd /usr/ports/www/opera
# make install
# cd /usr/ports/www/opera-flashplugin
# make install

Try to make install in /usr/ports/www/opera-flashplugin and it will try to 
fetch
flash-7.0r61.tar.gz, it wouldn't find it anywhere. Then go for ipv6, 
getting no route and
exit.

Standard Flash plugin? Will it run on OpenBSD? You mean it will run
on the Opera in Red Hat emulation? It is what I am trying to do. Compile error.

=(

Thanks and Best regards,
Riwan

At 04:07 PM 9/19/2006 +0200, Joachim Schipper wrote:
>On Tue, Sep 19, 2006 at 05:05:50PM +0700, riwanlky wrote:
> > After looking for a while for multimedia firefox plugins, I am glad to
> > hear that there is flash plugins (well, after trying to compile, without
> > any luck to
> > get vlc plugin for mozilla from ports) from redhat emulation.
> >
> > However I tried to compile the opera-plugins, however I could not
> > get flash-7.0r61.tar.gz from http://mirrors.protection.cx/~jolan and
> > elsewhere.
> >
> > Would appreciate if anyone can share the clue.
> >
> > I will like to try Gnash, however I am very new, and what is CVS?
>
>Better wait for a port if you have to ask. ;-)
>
>Why not just install the standard Flash plugin? Sure, there are very
>real reasons to dislike it, but if you want Flash it's the way to go for
>now. And it's documented in the FAQ...
>
> Joachim

Re: webbased authpf ?

[chris barry]

On Tue, 2006-09-19 at 15:33 +0200, Frans Haarman wrote:
> On 9/19/06, chris barry <[EMAIL PROTECTED]> wrote:
> > Q: if the website gives away the password/key, how do you limit access?
> > Is there some generic login, published in the company (like on the
> > conference room wall), used first to get this session data? How would
> > this login data be secured wirelessly? ssl?
> 
> A: The idea is a https website which authenticates against a server
> inside the network.
> 

Can you diagram the flow, showing client, firewall and auth server? My
concern is the communication between the fw and the auth server. In my
scenario, I maintain two non-connecting parallel networks: one is the
wired production Lan, and other is a separate wireless network. For
in-house wireless users to access the production Lan, they must VPN in.
This allows guests access to the Internet, but keeps them off of my
production net. I want to lock down the wireless network too, but not
make it too cumbersome for clueless visitors to get at their email, web,
etc.

Your idea seems promising, but I would lean more toward a posted
password changed daily or weekly to get to the session login data.

-C

Re: playing flash videos

[Matthew R. Dempsky]

On Mon, Sep 18, 2006 at 07:53:00PM -0500, Jacob Yocom-Piatt wrote:
> what is the preferred method for playing flash videos on openbsd? i don't see
> anything definitive when googling and am aware that firefox doesn't have a
> plugin available since those are closed source.

There's gnash, the GNU Flash player.  However, I've not tried
compiling it on OpenBSD, and its website mentions rendering using
OpenGL (which OpenBSD does not accelerate).

Re: Faster SBC

[Siegbert Marschall]

Hi,

>> no and since it is nvidia based i think not many of us are interested.
>
> ...and nobody's interested enough to write nfe(4) either, right?
no. somebody was/is.

> Funnily enough, I've had a lot less trouble with nvidia-based boards
> on OpenBSD than the other amd64 chipsets which I've tried.
lucky you. however, obsd runs quite well even on nvidia hardware, but
that's only because of obsd's high standards and not due to the quality
of the nvidia stuff. they didn't help obsd in any way either.

life is also about choices, unless nvidia changes their attidude, not
talking about quality, i as a openbsd user will stay away from their
products, they are as nice as adaptec to deal with.

> I'm thinking along the lines of a faster but still reasonably low-power
> alternative to soekris/WRAP-type systems. I know there are other people
> interested in that. Care to suggest any alternatives?
55w is not low-power and 30w barely and that was only the cpu.even though
i prefer amd, the pentium m or core boards are better in this context and
of those you find many.

-sm

Re: QEMU networking - with host ONLY

[viq]

On 9/19/06, Andreas VC6gele <[EMAIL PROTECTED]> wrote:

viq writes:

> I am playing a bit with QEMU, and tried to set up network with it.
> [...]  I want the guest to be able to communicate ONLY with the
> host, I don't want any of the traffic from it to be able to pass to
> the outside world. To achieve that I thought the easiest way would
> be to bridge the connection to one of the 'virtual' interfaces -
> say, lo0 or a specially created for that occasion tun or gif. But, I
> didn't have much luck with that... So, does anyone have an idea how
> to achieve that - the traffic from the guest system not being able
> to even accidentaly leak out of the host system?

Hm, creating a tun device works for me.

$ cat /etc/hostname.tun0
inet 192.168.155.145 255.255.255.240 255.255.255.159 link0 description "QEMU 
interface"

The guest is started with the following options:

qemu -net nic -net tap,ifname=/dev/tun0,script=/usr/bin/true [...]


Oh, sweet! I was trying creating tun devics and then attaching to them
using the qemu-ifup script, which I can see you're not using. I'll try
this, thank you! :)


--
viq

Re: playing flash videos

[Joachim Schipper]

On Tue, Sep 19, 2006 at 05:05:50PM +0700, riwanlky wrote:
> After looking for a while for multimedia firefox plugins, I am glad to
> hear that there is flash plugins (well, after trying to compile, without 
> any luck to
> get vlc plugin for mozilla from ports) from redhat emulation.
> 
> However I tried to compile the opera-plugins, however I could not
> get flash-7.0r61.tar.gz from http://mirrors.protection.cx/~jolan and 
> elsewhere.
> 
> Would appreciate if anyone can share the clue.
> 
> I will like to try Gnash, however I am very new, and what is CVS?

Better wait for a port if you have to ask. ;-)

Why not just install the standard Flash plugin? Sure, there are very
real reasons to dislike it, but if you want Flash it's the way to go for
now. And it's documented in the FAQ...

Joachim

Re: playing flash videos

[Todd Alan Smith]

On 9/19/06, riwanlky <[EMAIL PROTECTED]> wrote:

After looking for a while for multimedia firefox plugins, I am glad to
hear that there is flash plugins (well, after trying to compile, without
any luck to
get vlc plugin for mozilla from ports) from redhat emulation.

However I tried to compile the opera-plugins, however I could not
get flash-7.0r61.tar.gz from http://mirrors.protection.cx/~jolan and elsewhere.

Would appreciate if anyone can share the clue.

I will like to try Gnash, however I am very new, and what is CVS?


http://www.nongnu.org/cvs/
http://en.wikipedia.org/wiki/Concurrent_Versions_System

-Todd


Thanks and best regards,
Riwan

At 06:19 AM 9/19/2006 +, Deanna Phillips wrote:
>Jacob Yocom-Piatt writes:
>
> > oops, it's 13.11 in the FAQ. sorry for tha noise
>
>Don't do that.  :)
>
>There are other options besides what's in the FAQ.
>
>,[ from an undeadly comment ]
>| There are free options for playing Flash on OpenBSD.
>|
>| Check out Gnash (http://www.gnu.org/software/gnash). The Firefox
>| plugin from CVS works with OpenBSD's Firefox port; I haven't
>| tried the kde one. Gnash is under heavy development, and can't
>| yet play flv, but for that you can use multimedia/xine-ui or
>| x11/mplayer.
>|
>| The two standalones can be combined with Firefox extensions such
>| as VideoDownloader, which extracts the links from places like
>| youtube and google video, and allows you to download the files
>| somewhat painlessly.
>`
>
>Gnash CVS was stable on OpenBSD as of yesterday, if you want to
>try that, or you could wait a few weeks for the next alpha
>release.
>
>
>Current Gnash CVS just needs one small patch :
>
>http://deanna.freeshell.org/patch-plugin_Makefile_am

Re: playing flash videos

[Patsy]

> I will like to try Gnash, however I am very new, and what is CVS?
>
> Thanks and best regards,
> Riwan
>
CVS = Concurrent Versions System
It's a method of source code management/distribution.
http://www.openbsd.org/anoncvs.html

If you're on i386, I'd recommend CVSup ( www.openbsd.org/cvsup.html)
though, it's more efficient and (IMO) easier.

Good luck,
Patsy

Re: webbased authpf ?

[Jacob Yocom-Piatt]

i haven't been following this thread very closely, but i do remember someone
mentioning using a java ssh client. this seems to be a good way to use authpf:

- have a webpage that has the java ssh client on it and instructions to ssh to
some.host to gain access, in case ppl don't want to use the java client for 
sshing 

- once the user has authenticated, the authpf ruleset gets loaded and all works
as desired

this way there is a web interface for dummies, instructions for smart ppl and it
uses the existing authpf facilities without hacking out something that is
possibly insecure.

cheers,
jake

Re: Getting the latest and greatest X running

[Stuart Henderson]

> Of the possibilities you offer, going to -current sounds the least
> painful. You could even try the OPENBSD_4_0 tag;

Snapshots are post-4.0 now, so mightn't the best thing to build
OPENBSD_4_0 under. Compiling OPENBSD_4_0 under 3.9-something is going
to mean extra trouble recompiling compilers and so on too, because
the source tree uses local extensions that aren't in 3.9 gcc.

If you want newest possible code, go ahead and run -current snapshots,
but n.b. if you do, moving from -current to 4.0-release or -stable is not
supported either, and this particular point in the release cycle is one
where a few new things hit the tree so might not be the best point to
pick up -current if you're new to it..

If you want 4.0 as soon as possible then the best way is to wait
until pre-orders start up and get your order in early.

Re: webbased authpf ?

[Frans Haarman]

On 9/19/06, chris barry <[EMAIL PROTECTED]> wrote:

Q: if the website gives away the password/key, how do you limit access?
Is there some generic login, published in the company (like on the
conference room wall), used first to get this session data? How would
this login data be secured wirelessly? ssl?


A: The idea is a https website which authenticates against a server
inside the network.

Re: Getting the latest and greatest X running

[viq]

On 9/19/06, Girish Venkatachalam <[EMAIL PROTECTED]> wrote:

Friends,



I am hoping that if I get a recent version of x.org running I can get these 
cards working. How to go about it? Last time around I had compiled XFree86 but 
recently I compiled x.org on linux but it was  PITA since it is maintained in 
git repositories in a non standard way. I dont want to torture myself. :-)


What is your advice? Shall I go by the book and get OpenBSD bundled X and try say by 
upgrading to -current? Or shud I "make world" with XFree86? Or go the x.org way 
which I want to avoid?

Please advise.


Uhm, OpenBSD switched to X.Org with release 3.7 ;) So, you're not
running XFree, unless you're really trying.


Thanks.

regards,
Girish


--
Whenever people agree with me I always feel I am wrong.

- Oscar Wilde





--
viq

Re: QEMU networking - with host ONLY

[Andreas Vögele]

viq writes:

> I am playing a bit with QEMU, and tried to set up network with it.
> [...]  I want the guest to be able to communicate ONLY with the
> host, I don't want any of the traffic from it to be able to pass to
> the outside world. To achieve that I thought the easiest way would
> be to bridge the connection to one of the 'virtual' interfaces -
> say, lo0 or a specially created for that occasion tun or gif. But, I
> didn't have much luck with that... So, does anyone have an idea how
> to achieve that - the traffic from the guest system not being able
> to even accidentaly leak out of the host system?

Hm, creating a tun device works for me.

$ cat /etc/hostname.tun0 
inet 192.168.155.145 255.255.255.240 255.255.255.159 link0 description "QEMU 
interface"

The guest is started with the following options:

qemu -net nic -net tap,ifname=/dev/tun0,script=/usr/bin/true [...]

Re: Getting the latest and greatest X running

[Joachim Schipper]

On Tue, Sep 19, 2006 at 10:27:59AM +0530, Girish Venkatachalam wrote:
> Friends,
> 
> I have connected two VGA cards and here is the scanpci -vv output.
> 
> I am running OpenBSD 3.9.
> 
> pci bus 0x cardnum 0x0e function 0x00: vendor 0x5333 device 0x8811
> S3 Inc. 86c764/765 [Trio32/64/64V+]
> STATUS0x0200  COMMAND 0x0003
> CLASS 0x03 0x00 0x00  REVISION 0x54
> BIST  0x00  HEADER 0x00  LATENCY 0x00  CACHE 0x00
> BASE0 0xd400  addr 0xd400  MEM
> BASEROM   0xe3fb  addr 0xe3fb  not-decode-enabled
> MAX_LAT   0x00  MIN_GNT 0x00  INT_PIN 0x01  INT_LINE 0x05
>  
> pci bus 0x cardnum 0x0c function 0x00: vendor 0x5333 device 0x8901
> S3 Inc. 86c775/86c785 [Trio 64V2/DX or /GX]
> STATUS0x0200  COMMAND 0x0003
> CLASS 0x03 0x00 0x00  REVISION 0x16
> BIST  0x00  HEADER 0x00  LATENCY 0x00  CACHE 0x00
> BASE0 0xdc00  addr 0xdc00  MEM
> BASEROM   0x000c  addr 0x000c  not-decode-enabled
> MAX_LAT   0x00  MIN_GNT 0x00  INT_PIN 0x01  INT_LINE 0x0b
> 
> I am hoping that if I get a recent version of x.org running I can get these 
> cards working. How to go about it? Last time around I had compiled XFree86 
> but recently I compiled x.org on linux but it was  PITA since it is 
> maintained in git repositories in a non standard way. I dont want to torture 
> myself. :-)
> 
> 
> What is your advice? Shall I go by the book and get OpenBSD bundled X and try 
> say by upgrading to -current? Or shud I "make world" with XFree86? Or go the 
> x.org way which I want to avoid?
> 
> Please advise.

Of the possibilities you offer, going to -current sounds the least
painful. You could even try the OPENBSD_4_0 tag; it's not currently
supported, but you'll end with a system that is very close to what will
be released as 4.0.

Joachim

Re: pf.conf question?

[Joachim Schipper]

On Tue, Sep 19, 2006 at 06:49:05PM +0800, Jay Jesus Amorin wrote:
> hi,
> 
> good day, how do i  do an alternate sets of route-to rules for the internal
> interface loaded in an anchor?
> 
> btw im doing a failover between two firewalls,
> 
> |--| |-|
> | internet  | | internet  |
> |--| |-|
>||
>||
> |--| |--|
> | firewall 1 || firewall 2 |
> |--| |--|
>| |
>| |
> |---|
> | manage switch (des-3326sr) |
> |---|
> 
> i've used ifstated to detect ( thanks a lot for those who help ).
> 
> any suggestions? help?

The canonical setup would go with carp(4), which would solve most
routing problems.

Exactly what is the problem, though?

Joachim

Re: PF Rule

[Joachim Schipper]

On Mon, Sep 18, 2006 at 09:05:53PM -0400, Monah Baki wrote:
> Hi all,
> 
> Is there a way to write a single rule to cover these 2 rules:
> 
> no nat on $ext_if inet proto tcp from 192.168.3.204 to any
> nat on $ext_if from 192.168.3.0/24 to any -> $ext_if
> 
> 
> Thanks

Use a table? http://www.openbsd.org/faq/pf/tables.html has an example of
exactly what you want to do (search for '').

Joachim

Re: ssh filesystem question

[Joachim Schipper]

On Tue, Sep 19, 2006 at 11:25:31AM +0200, Didier Wiroth wrote:
> Hello,
> 
> I came accross this recently (ssh filesystem):
> http://fuse.sourceforge.net/sshfs.html
> 
> I was wondering if there are any plans to implement this on openbsd in future 
> releases?

I don't think so, really.

Joachim

Carte Verte Oney : Votre cotisation Offerte

[Oney]

Si vous disirez visualiser ce mail au format html, recopiez l'adresse suivante 
dans votre navigateur: 
http://www.eml-srv.net/view.html?id=2313&ref=24729\n\n\n\nSi vous disirez vous 
disinscrire, il suffit de cliquer sur le lien privu ou de recopier l'adresse 
suivante dans votre navigateur: 
http://www.eml-srv.net/desabo.html?ope=2313&[EMAIL PROTECTED]

Re: spews1- i/o error

[Joachim Schipper]

On Mon, Sep 18, 2006 at 03:00:57PM -0700, Bryan Irvine wrote:
> On 9/18/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> >On Mon, Sep 18, 2006 at 10:20:55AM -0400, Frank Bax wrote:
> >> Since 4:00 am EST ...
> >>
> >> spamd-setup: Could not add blacklist spews1: Input/output error
> >
> >ISTR that spews1 is no longer freely available. See the commit logs
> >and/or the archives of this site; it has been removed from the -current
> >configuration for several months.
> 
> IIRC that was spamhaus, unless spews is going the same way.
> 
> It seems to work for me, maybe there was a network problem?
> 
> http://www.spews.org/spews_list_level1.txt

You are, of course, right.

See http://www.openbsd.org/cgi-bin/cvsweb/src/etc/spamd.conf - r1.19.

Joachim

Re: implementing an aggregating pseudo-device for virtual interfaces ?

[Stuart Henderson]

On 2006/09/19 14:04, Matthias Bertschy wrote:
>> Claudio Jeker wrote:
>> 
>> On Fri, Sep 15, 2006 at 06:22:05PM +0200, Matthias Bertschy wrote:
>>> Would it be possible to implement such a tool that works for tun, gif, 
>>> gre, pppoe, ...
>>> The features would be load balancing and fail over with virtual interfaces. 
>>>  
>> 
>> I see no need for this. We have multipath support that already does load 
>> balancing.
> 
> Well, I thought this feature was still unimplemented as of today...

http://archives.neohapsis.com/archives/openbsd/cvs/2006-06/0469.html

Re: implementing an aggregating pseudo-device for virtual interfaces ?

[Matthias Bertschy]

 Claudio Jeker wrote:

  On Fri, Sep 15, 2006 at 06:22:05PM +0200, Matthias Bertschy wrote:

Would it be possible to implement such a tool that works for tun, gif, 
gre, pppoe, ...
The features would be load balancing and fail over with virtual interfaces. 
 

  I see no need for this. We have multipath support that already does load 
balancing.

Well, I thought this feature was still unimplemented as of today...
(like in 3.6
http://archives.neohapsis.com/archives/openbsd/2004-11/0282.html)

Matthias

Re: webbased authpf ?

[chris barry]

On Tue, 2006-09-19 at 13:37 +0200, Frans Haarman wrote:
> On 9/18/06, Brian Shackelford <[EMAIL PROTECTED]> wrote:
> > While a web-based solution would be more than ideal - I think what I
> > have will work.  What our clients need is a piece of software that
> > doesn't require much user interaction - even Putty would be hard to
> > convince them to use.  So we hide everything behind a pretty GUI and do
> > the same things through a custom written app.
> >
> > Please feel free to tear my every simple plan to shredsI can take
> > it.
> 
> My current plan is to create some small wrapper for the plink.exe
> program. The website will publish an "temporary-session.ssh" file with
> an either OneTime password or an private key (which will be removed at
> some point).

Q: if the website gives away the password/key, how do you limit access?
Is there some generic login, published in the company (like on the
conference room wall), used first to get this session data? How would
this login data be secured wirelessly? ssl?

> 
> Its probably smartest to use one time passwords ?
> 
> The small wrapper tool will open the .ssh file, start plink with
> nessecary paramters, and logon to an authpf shell.
> 
> Maybe have the wrapper program detect some proxy settings and we'll
> have a nice web gateway!
> 

It sounds doable. I would be interested in seeing your solution.

-- 
Regards,
Christopher Barry
Manager of Information Systems
SilverStorm Technologies, Inc.
O: 610-233-4870
F: 610-233-4777
C: 267-242-9306

Re: webbased authpf ?

[Frans Haarman]

On 9/18/06, Brian Shackelford <[EMAIL PROTECTED]> wrote:

While a web-based solution would be more than ideal - I think what I
have will work.  What our clients need is a piece of software that
doesn't require much user interaction - even Putty would be hard to
convince them to use.  So we hide everything behind a pretty GUI and do
the same things through a custom written app.

Please feel free to tear my every simple plan to shredsI can take
it.


My current plan is to create some small wrapper for the plink.exe
program. The website will publish an "temporary-session.ssh" file with
an either OneTime password or an private key (which will be removed at
some point).

Its probably smartest to use one time passwords ?

The small wrapper tool will open the .ssh file, start plink with
nessecary paramters, and logon to an authpf shell.

Maybe have the wrapper program detect some proxy settings and we'll
have a nice web gateway!

pf.conf question?

[Jay Jesus Amorin]

hi,

good day, how do i  do an alternate sets of route-to rules for the internal
interface loaded in an anchor?

btw im doing a failover between two firewalls,

|--| |-|
| internet  | | internet  |
|--| |-|
   ||
   ||
|--| |--|
| firewall 1 || firewall 2 |
|--| |--|
   | |
   | |
|---|
| manage switch (des-3326sr) |
|---|

i've used ifstated to detect ( thanks a lot for those who help ).

any suggestions? help?

thanks more power to openbsd


--jay--

Re: OpenBSD dedicated hosting

[Adriaan]

On 9/17/06, Gilles Chehade <[EMAIL PROTECTED]> wrote:

Hi misc@,

I am looking for companies that provide OpenBSD-powered dedicated hosting.
Currently, I am being hosted by a french company which turned out to be as
incompetent as can be, and I am willing to switch as soon as possible
(preferably before the 25th of September).


[snip]

The search at http://calyx.com/about/  shows "powered by OpenBSD".
Their Dutch website
http://www.calyx.net/index.php?option=com_content&task=view&id=17&Itemid=46
shows OpenBSD sysjails as one ot their options for using a "virtual
server"

I never used calyx myself, just happen to use their OpenBSD ftp mirror
once in a while ;)

220 ftp.calyx.nl FTP server (Version 6.6/OpenBSD) ready.
Name (ftp.calyx.nl:adriaan):


Adriaan

ppp: random redial/reconnect pause?

[Martin Schröder]

Hi,
how can I get ppp(8) to insert a random delay while reconnecting?

Although I have
  set redial random 0
in my ppp.conf, it's not random, but 3:

Sep 19 02:00:06 gryphon ppp[18924]: tun0: Phase: deflink: HUPing 6448
Sep 19 02:00:06 gryphon ppp[18924]: tun0: Phase: deflink: hangup -> opening
Sep 19 02:00:06 gryphon ppp[18924]: tun0: Phase: deflink: Enter pause
(3) for redialing.
Sep 19 02:00:06 gryphon ppp[18924]: tun0: Chat: deflink: Reconnect try 190 of 0
Sep 19 02:00:09 gryphon ppp[18924]: tun0: Chat: deflink: Redial timer expired.
--
Sep 19 02:00:19 gryphon ppp[18924]: tun0: Phase: deflink: HUPing 1186
Sep 19 02:00:19 gryphon ppp[18924]: tun0: Phase: deflink: hangup -> opening
Sep 19 02:00:19 gryphon ppp[18924]: tun0: Phase: deflink: Enter pause
(3) for redialing.
Sep 19 02:00:19 gryphon ppp[18924]: tun0: Chat: deflink: Reconnect try 191 of 0
Sep 19 02:00:22 gryphon ppp[18924]: tun0: Chat: deflink: Redial timer expired.
--
Sep 19 02:00:32 gryphon ppp[18924]: tun0: Phase: deflink: HUPing 5742
Sep 19 02:00:32 gryphon ppp[18924]: tun0: Phase: deflink: hangup -> opening
Sep 19 02:00:32 gryphon ppp[18924]: tun0: Phase: deflink: Enter pause
(3) for redialing.
Sep 19 02:00:32 gryphon ppp[18924]: tun0: Chat: deflink: Reconnect try 192 of 0
Sep 19 02:00:35 gryphon ppp[18924]: tun0: Chat: deflink: Redial timer expired.

Best
  Martin

Re: playing flash videos

[riwanlky]

After looking for a while for multimedia firefox plugins, I am glad to
hear that there is flash plugins (well, after trying to compile, without 
any luck to

get vlc plugin for mozilla from ports) from redhat emulation.

However I tried to compile the opera-plugins, however I could not
get flash-7.0r61.tar.gz from http://mirrors.protection.cx/~jolan and elsewhere.

Would appreciate if anyone can share the clue.

I will like to try Gnash, however I am very new, and what is CVS?

Thanks and best regards,
Riwan

At 06:19 AM 9/19/2006 +, Deanna Phillips wrote:

Jacob Yocom-Piatt writes:

> oops, it's 13.11 in the FAQ. sorry for tha noise

Don't do that.  :)

There are other options besides what's in the FAQ.

,[ from an undeadly comment ]
| There are free options for playing Flash on OpenBSD.
|
| Check out Gnash (http://www.gnu.org/software/gnash). The Firefox
| plugin from CVS works with OpenBSD's Firefox port; I haven't
| tried the kde one. Gnash is under heavy development, and can't
| yet play flv, but for that you can use multimedia/xine-ui or
| x11/mplayer.
|
| The two standalones can be combined with Firefox extensions such
| as VideoDownloader, which extracts the links from places like
| youtube and google video, and allows you to download the files
| somewhat painlessly.
`

Gnash CVS was stable on OpenBSD as of yesterday, if you want to
try that, or you could wait a few weeks for the next alpha
release.


Current Gnash CVS just needs one small patch :

http://deanna.freeshell.org/patch-plugin_Makefile_am

Re: chrooted sftponly - how ?

[Bambero]

On 9/19/06, Francois Visconte <[EMAIL PROTECTED]> wrote:

Lukasz Sztachanski wrote:

>On Mon, Sep 18, 2006 at 03:23:37PM +0200, Bambero wrote:
>
>
>>Hello
>>
>>Is there any good way to setup chrooted sftp-server without shell access ?
>>
>>I tried scponly but it's not secure enough (I heard), there is no port
>>for openbsd,
>>and I had problems to set it up.
>>
>>Second way is rssh, but compilation fails becouse of worexp.
>>
>>Now I'm using ftpd but I want to change it becouse of text/plain passwords.
>>
>>Any suggestions ?
>>
>>
>>
>use stsh[1]; if you want to simplify rulesets, you can just change
>the code to inherit policy(-i). All my users have chrooted shell/sftp
>accounts - no problems so far :)
>
>
I think it's the best way too.
One detail : your users are chrooted AND systraced or they have just
filesystem access
limitation thanks to systrace ?



Now I'm using chrooted ftpd. I need to chroot users to
/var/www/users/user to have filesystem access. No systrace limitation.

Re: starting ifstated at boot

[viq]

On 9/19/06, Jay Jesus Amorin <[EMAIL PROTECTED]> wrote:

rc.conf.local

ifstated_enable="YES"

wont work for me.


has anyone got to run ifstated at boot on openbsd?

thanks,

--jay--


As previous poster said, ifstated is not handled by /etc/rc - and
that's what you're controlling via rc.conf and rc.conf.local. You need
to put commands starting it in /etc/rc.local

--
viq

Re: chrooted sftponly - how ?

[Lukasz Sztachanski]

On Tue, Sep 19, 2006 at 11:23:21AM +0200, Francois Visconte wrote:
> I think it's the best way too.
> One detail : your users are chrooted AND systraced or they have just 
> filesystem access
> limitation thanks to systrace ?
> 
users are `chrooted' because they're `systraced' ;) I just allow 
specific fsreads/fswrites/chdirs:
native-fsread: filename match "$HOME*" then permit
native-fsread: filename inpath "$HOME" then permit

of course, i allowed execves from /bin, /usr/bin, and so on, but with
logging( you want only sftp, so probably only few programs have to be
execved/fsreaded).

It isn't trivial to write good policy, but you could change stsh`s code
to use systrace with `-A' and policy dir in $HOME, and then try to
generate base ruleset with test user. As i already said, systrace`s `-i'
opt would help a lot.

best ruleset i could find right now:
http://entropy.pl/misc/systrace/bin_ksh
... but you probably won't need all this syscalls.


- Lukasz Sztachanski


-- 
0x01A3E654 // 7832 E59C B733 9E6F CB54  6327 DFC1 161E 01A3 E654
 *new keys*
http://entropy.pl
http://entropy.pl/?blog

Re: starting ifstated at boot

[Gilles Chehade]

Jay Jesus Amorin wrote:

rc.conf.local

ifstated_enable="YES"

wont work for me.


has anyone got to run ifstated at boot on openbsd?

thanks,

--jay--
  

Something like:

if [ -x /usr/sbin/ifstated ]; then
   /usr/sbin/ifstated && echo -n ' ifstated';
fi

would probably work better than assigning a variable in rc.conf.local 
which isn't recognized by rc ;-)

Re: starting ifstated at boot

[Jay Jesus Amorin]

rc.conf.local

ifstated_enable="YES"

wont work for me.


has anyone got to run ifstated at boot on openbsd?

thanks,

--jay--

On 9/18/06, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2006/09/18 03:23, Nick Guenther wrote:
> > On 9/18/06, Jay Jesus Amorin <[EMAIL PROTECTED]> wrote:
> > >hi,
> > >
> > >have gud day, how do i configure ifstated to automatically start at
> boot
> > >time?
> > >
> > >thanks and more power
> >
> > man rc.conf
>
> ifstated isn't handled by /etc/rc; try rc.local.

ssh filesystem question

[Didier Wiroth]

Hello,

I came accross this recently (ssh filesystem):
http://fuse.sourceforge.net/sshfs.html

I was wondering if there are any plans to implement this on openbsd in future 
releases?

Many thanks!
Didier

Re: chrooted sftponly - how ?

[Francois Visconte]

Lukasz Sztachanski wrote:


On Mon, Sep 18, 2006 at 03:23:37PM +0200, Bambero wrote:
 


Hello

Is there any good way to setup chrooted sftp-server without shell access ?

I tried scponly but it's not secure enough (I heard), there is no port
for openbsd,
and I had problems to set it up.

Second way is rssh, but compilation fails becouse of worexp.

Now I'm using ftpd but I want to change it becouse of text/plain passwords.

Any suggestions ?

   

use stsh[1]; if you want to simplify rulesets, you can just change 
the code to inherit policy(-i). All my users have chrooted shell/sftp

accounts - no problems so far :)
 


I think it's the best way too.
One detail : your users are chrooted AND systraced or they have just 
filesystem access

limitation thanks to systrace ?





   - Lukasz Sztachanski

[1] http://monkey.org/~dugsong/openbsd/stsh-1.1.tar.gz
 


Frangois Visconte

Re: Mysql in replication setup

[Daniel Ouellet]

Marian Hettwer wrote:

Starting by looking at errors and then making sure a replication setup
doesn't have any errors is always a good thing before saying it doesn't
work. So, when no errors happen, may be many things will work just fine.

I haven't said that it doesn't work. I said its bloody slow. Thats a
huge difference...


Well, may be some errors fix might take care of some speed issues. But I 
can tell you that it is not slow. But sorry if I miss understood you 
from the start. Look to me that you considered it unusable. If not, then 
I stand corrected.



060915 17:33:29 [Warning] Could not increase number of max_open_files to
more than 8096 (request: 8192)

- --> You mentioned something about that later in your mail. Could be a
problem, eh?


Go read it again. I think I pointed it many times so far. 
If you still have issue with this, I will be glad to point you in the

right direction, but do your homework first and try it out. The answer
was provided very clearly and repeated as well and IS in the document
about it as well.

Hold your breath. I read it, I changed the parameter down to 4096 and
should be fine now.


Good thing.


060915 17:33:29 [Warning] mysql.user table is not updated to new
password format; Disabling new password usage until
mysql_fix_privilege_tables is run

- --> Yeah well, I could run mysql_fix_privilege_tables, however, I
bet it
has nothing todo with my problem.


That's not fix privilege. Men, go read please. Look for old_password.

And again, this has most likely nothing to do with performance, so I
stick with the old password scheme and nevermind (for now).


I only pointed out the problem and assumptions done along the way and 
why. Up to you do take action or not on it. Your systems, your choices. (;>


Like it's been said before.

"You are the master of your domain!"

I don't take credit for that. (:>


060915 17:33:29 [Warning] Can't open and lock time zone table: Table
'mysql.time_zone_leap_second' doesn't exist trying to live without them
060915 17:33:29 [Warning] Neither --relay-log nor --relay-log-index were
used; so replication may break when this MySQL server acts as a slave
and has his hostname changed!! Please use
'--relay-log=babelfish45-relay-bin' to avoid this problem.

- --> As I'm not about to change the hostname, I'll fix that problem
later.


That is not the host name here. Go read the manual. They tell you to
configure the my.cnf to use a log file reflecting your host name, not to
change your host name. I think spending some time reading will help you
work on the software you want to use. This is well explain in the log as
well as in the manual.

They even tell you what to use:

--relay-log=babelfish45-relay-bin

Where does it say hostname needs to be changed?

It said, if I don't configure the my.cnf accordingly, and then change my
hostname, I'll be screwed.


May be.

"so replication may break when this MySQL server acts as a slave and has 
his hostname changed!!"


Just pointed it out as you said you needed to change your host name 
instead of starting from the beginning with the proper configuration 
inside my.cnf. That's all I said.


Sorry if I miss understood the meaning of that part as well that you wrote.


One way to fix, is using relay-log in my.cnf, but again, I can skip this
as the whole setup is a Proof of Concept, nothing more. It's not in
production so stay cool.


I am.


Again, this has nothing to do with the performance issue encountered.
Yes, I do know that it's not a clean setup and I should do it right.


If it deserved to be setup, then it deserver to be done right. Even for 
testing, if not, then what are you testing really?


OK, may be that's just me, sorry!


Look lie at a minimum this works.


I haven't said that it doesn't work... I said it's working, but its slow.


Sorry again. I miss understood the meaning of:

"As soon as replication starts, mysql gets very unresponsive:"

Plus it was a comparaison between how well it work on Linux and how 
"unresponsive:" it is on OpenBSD.


I really need to improve my understanding of the English language 
obviously. Sorry again for not understanding it the first time! (;>


I stand corrected!


I have no clue how big your database might be or not. Nor how many
tables, etc.


all in all it's 175 MyISAM files, but only a small part of them are
actually open and in use.
As you see above, only 11 tables are open. But some of them are rather
large (400 - 600 MB).


But look like form previous errors that it try to use table that are not
available. So, if you really want a good mirror, you need to make sure
it will replicate all the tables it needs, or are link together, or the
replication process will stop, only the bin log files will keep growing.


Whut? It doesn't say that it can't replicate, because a table is
missing. I think you're mixing something up. More over, I would see this
error in "show slave status\G".


OK. Simply test for you. Try to update a table on the master, like 

Re: chrooted sftponly - how ?

[Lukasz Sztachanski]

On Mon, Sep 18, 2006 at 03:23:37PM +0200, Bambero wrote:
> Hello
> 
> Is there any good way to setup chrooted sftp-server without shell access ?
> 
> I tried scponly but it's not secure enough (I heard), there is no port
> for openbsd,
> and I had problems to set it up.
> 
> Second way is rssh, but compilation fails becouse of worexp.
> 
> Now I'm using ftpd but I want to change it becouse of text/plain passwords.
> 
> Any suggestions ?
> 
use stsh[1]; if you want to simplify rulesets, you can just change 
the code to inherit policy(-i). All my users have chrooted shell/sftp
accounts - no problems so far :)




- Lukasz Sztachanski

[1] http://monkey.org/~dugsong/openbsd/stsh-1.1.tar.gz
-- 
0x01A3E654 // 7832 E59C B733 9E6F CB54  6327 DFC1 161E 01A3 E654
 *new keys*
http://entropy.pl
http://entropy.pl/?blog

Re: Mysql in replication setup

[Daniel Ouellet]

Marian Hettwer wrote:

Q: How can I use replication to improve performance of my system?

A: You should set up one server as the master and direct all writes to
it. Then configure as many slaves as you have the budget and rackspace
for, and distribute the reads among the master and the slaves. You can
also start the slaves with the --skip-innodb, --skip-bdb,
--low-priority-updates, and --delay-key-write=ALL options to get speed
improvements on the slave end. In this case, the slave uses
non-transactional MyISAM tables instead of InnoDB and BDB tables to get
more speed by eliminating transactional overhead.


This is indeed basically what we do here... Standard replication setup.


So, if so, why didn't I see it in your my.cnf file? Or did I miss it.
--low-priority-updates
--delay-key-write=ALL

I remember very well these two:
--skip-innodb
--skip-bdb

But not the above two...


I wouldn't say it's the same setup.


Umm... yes, okay, it's not the same.


Thank you!


One use 4.1 and one use 5.0 and I can't speak to this as I haven't check
in a very long time, but does Woody and OpenBSd do use the same file
systems and that may be there isn't something else slowing you down
here. I only asked as I do not know the answer, but this is a
possibility. I know just to well that many on Linux use a different file
system for speed at the price of data integrity. Does this have any to
do with the speed difference you try to isolate. May be, then may be
not. I can't answer this with knowledge as I do not know for sure and I
wouldn't want to say something wrong either. But food for thought however.

Yes indeed. Our Linux boxes are using ext3 and OpenBSD is using what?
FFS? I don't know all the differences between those two, but I guess
there are more than enough.


Well one is safe and does protect your data at the price of speed yes. 
So, what do you put value on? A choice to make. I did mine.



mysql> select count(*) from foo;


I wouldn't expect to see that big of a difference, but any of the points
above apply to this setup here? To see .8 seconds and then almost 8
seconds later, but with just may be 100 records more might point you
else where, or some suggestion above might help as well. Some might
query from cache, or not written to disk yet and other might query from
real disk access after the lock is release...


First I thought my index is broken, so I did a repair table foo, but
that has no effect at all (as in, my index was all right).
I wouldn't expect to see such a big difference either...


Except for io access on FFS vs Ext3. I am sure there is a good 
difference here. But as I said, I am not qualify to answer that with 
knowledge however. I know just what I need to know that FFS will help me 
and be safe for me, even in crash oppose to others and that's all I need 
to know. I pay a small price in performance a bit yes, but not like this 
for sure. So something else play here. Still need to be isolated.



I sure don't see this in any of my slave, but again all my volume insert
on the master are with delay insert. And if I do need, fast read access,
I can always use SELECT HIGH_PRIORITY as well. But never needed so far.


I can't change how the data is stored within the master, just can't do.
My boss would probably kill me ;-))


Understood and granted. (:> Might be some flexibility in the server 
configuration itself as pointed above however. You to decide what works 
for you.



Anyway, we need the data inserted at the master as fast as possible
available at the slaves.
Insert foo; select foo;
And of course we don't want to have those selects on our master.
Think of a web platform, users clicking around all the time, some
inserts are generated and of course changes must be displayable...


I only pointed out choices and reasons. The choice is obviously yours.


The Linux box is running the same hardware like the OpenBSD box. Only
difference is that the Linux box is running MySQL 4.1.14 whereas OpenBSD
runs 5.0.22


Might be a good amount of difference.


True, but not as big as 0,03 seconds for a query vs. 8 seconds. Never
ever...


Until the reason is discover, we don't know do we?


Granted, you can't compare those two systems.
On the other hand, the Linux box is in production, taking the 50 queries
 / second from replication while handling another 50 queries / second
due to being in production. Counts up to 100 queries per second avg.


Are you sure the configuration is the same for both.


the my.cnf is basicly the same. I only changed the max-open-files
parameter for OpenBSD. Actually i added this parameter. It wasn't in use
on our MySQL 4.1 boxes.


May comparing the results of:

/usr/local/libexec/mysqld --verbose --help
 (skip the top long part about the description of the variable, but
still good readin) then compare from both your linux and OpenBSD, you
might find interesting things. (:>

And also:

mysqladmin -p variable

and

mysqladmin extended-status

And by doing a real comparison betw

Re: Faster SBC

[Stuart Henderson]

On 2006/09/19 08:34, Siegbert Marschall wrote:
> > I thought these look interesting, has anyone tried them already?
> > http://www.win-ent.com/MB-06047.htm
> >
> no and since it is nvidia based i think not many of us are interested.

...and nobody's interested enough to write nfe(4) either, right?

Funnily enough, I've had a lot less trouble with nvidia-based boards
on OpenBSD than the other amd64 chipsets which I've tried.

I'm thinking along the lines of a faster but still reasonably low-power
alternative to soekris/WRAP-type systems. I know there are other people
interested in that. Care to suggest any alternatives?

Re: chrooted sftponly - how ?

[Aiko Barz]

On Mon, Sep 18, 2006 at 03:23:37PM +0200, Bambero wrote:
> Hello
> 
> Is there any good way to setup chrooted sftp-server without shell access ?

I wrote a shell script for this kind of stuff. Maybe you can use it
for yourself. I keep my users within an OpenLDAP database and want to
enable some users to access the www directory on my OpenBSD webserver
by scponly. Maybe you can use some parts of it.


#!/bin/sh
#
# Written by Aiko Barz
#


altroot="/var/www"
USERSHELL="/opt/sbin/scponlyc"


function checkChroot
{
##
#  Hierachy
##
if [ ! -d "$altroot" ]; then
mkdir -p $altroot
chown root:daemon $altroot
fi
if [ ! -d "$altroot/bin" ]; then
mkdir -p $altroot/bin
chown root:daemon $altroot/bin
fi
if [ ! -d "$altroot/etc" ]; then
mkdir -p $altroot/etc
chown root:daemon $altroot/etc
fi
if [ ! -d "$altroot/lib" ]; then
mkdir -p $altroot/lib
chown root:daemon $altroot/lib
fi
if [ ! -d "$altroot/usr" ]; then
mkdir -p $altroot/usr
chown root:daemon $altroot/usr
fi
if [ ! -d "$altroot/usr/bin" ]; then
mkdir -p $altroot/usr/bin
chown root:daemon $altroot/usr/bin
fi
if [ ! -d "$altroot/usr/sbin" ]; then
mkdir -p $altroot/usr/sbin
chown root:daemon $altroot/usr/sbin
fi
if [ ! -d "$altroot/usr/lib" ]; then
mkdir -p $altroot/usr/lib
chown root:daemon $altroot/usr/lib
fi
if [ ! -d "$altroot/usr/libexec" ]; then
mkdir -p $altroot/usr/libexec
chown root:daemon $altroot/usr/libexec
fi
if [ ! -d "$altroot/usr/libexec/openssh" ]; then
mkdir -p $altroot/usr/libexec/openssh
chown root:daemon $altroot/usr/libexec/openssh
fi


##
#  Static commands
##
CHGRP=$(which chgrp)
if [ -x "$CHGRP" ]; then
cp $CHGRP $altroot/usr/sbin
fi
CHMOD=$(which chmod)
if [ -x "$CHMOD" ]; then
cp $CHMOD $altroot/$CHMOD
fi
CHOWN=$(which chown)
if [ -x "$CHOWN" ]; then
cp $CHOWN $altroot/usr/sbin
fi
LN=$(which ln)
if [ -x "$LN" ]; then
cp $LN $altroot/$LN
fi
LS=$(which ls)
if [ -x "$LS" ]; then
cp $LS $altroot/$LS
fi
MKDIR=$(which mkdir)
if [ -x "$MKDIR" ]; then
cp $MKDIR $altroot/$MKDIR
fi
MV=$(which mv)
if [ -x "$MV" ]; then
cp $MV $altroot/$MV
fi
RM=$(which rm)
if [ -x "$RM" ]; then
cp $RM $altroot/$RM
fi
RMDIR=$(which rmdir)
if [ -x "$RMDIR" ]; then
cp $RMDIR $altroot/$RMDIR
fi
ECHO=$(which echo)
if [ -x "$ECHO" ]; then
cp $ECHO $altroot/$ECHO
fi
PWD=$(which pwd)
if [ -x "$PWD" ]; then
cp $PWD $altroot/$PWD
fi
GROUPS=$(which groups)
if [ -x "$GROUPS" ]; then
cp $GROUPS $altroot/$GROUPS
fi


##
#  Dynamic commands
##
ID=$(which id)
if [ -x "$ID" ]; then
cp $ID $altroot/$ID
for lib in $(ldd $ID | awk '{if ($3 == "rlib"){print $5}}'); do
if [ -f "$lib" ]; then
cp -f $lib $altroot/$lib
fi
done
fi
PASSWD=$(which passwd)
if [ -x "$PASSWD" ]; then
cp $PASSWD $altroot/$PASSWD
for lib in $(ldd $PASSWD | awk '{if ($3 == "rlib"){print $5}}'); do
if [ -f "$lib" ]; then
cp -f $lib $altroot/$lib
fi
done
fi
QUOTA=$(which quota)
if [ -x "$QUOTA" ]; then
cp $QUOTA $altroot/$QUOTA
for lib in $(ldd $QUOTA | awk '{if ($3 == "rlib"){print $5}}'); do
if [ -f "$lib" ]; then
cp -f $lib $altroot/$lib
fi
done
fi
SCP=$(which scp)
if [ -x "$SCP" ]; then
cp $SCP $altroot/$SCP
for lib in $(ldd $SCP | awk '{if ($3 == "rlib"){print $5}}'); do
if [ -f "$lib" ]; then
cp -f $lib $altroot/$lib
fi
done
fi
RSYNC=$(which rsync)
if [ -x "$RSYNC" ]; then
cp $RSYNC $altroot/$RSYNC
for lib in $(ldd $RSYNC | awk '{if ($3 == "rlib"){print $5}}'); do
if [ -f "$lib" ]; then
cp -f $lib $altroot/$lib
fi
done
fi
SFTP="/usr/libexec/sftp-server"
if [ -x "$SFTP" ]; then
cp $SFTP $altroot/$SFTP
for lib in $(ldd $SFTP | awk '{if ($3 == "rlib"){print $5}}'); do
if [ -f "$lib" ]; then
cp -f $lib $altroot/$lib
fi
done
fi


##
#  ld.so
##
LD_SO="/usr/libexec/ld.so"
if [ -f $LD_SO ]; then
cp -f $LD_SO $altroot/$LD_SO
fi
LD_SO_HINTS="/var/run/ld.so.hints"
if [ -f $LD_SO_HINTS ]; then
cp -f $LD_SO_HINTS $altroot/$LD_SO_HINTS
fi


##
#  passwd
##
FILE="/etc/master.passwd"
if [ ! -f "$altroot/$FILE" ]; then
touch $altroot/$FILE
fi
}


function addUser
{
if [ ! -z "$1" ]; the

Re: Faster SBC

[Siegbert Marschall]

> I thought these look interesting, has anyone tried them already?
> http://www.win-ent.com/MB-06047.htm
>
no and since it is nvidia based i think not many of us are interested.

-sm

Re: Mysql in replication setup

[Marian Hettwer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Daniel Ouellet wrote:
> Marian Hettwer wrote:

>>
>> 060915 17:33:29 [Warning] /usr/local/libexec/mysqld: ignoring option
>> '--low-priority-updates' due to invalid value 'ON'
>>
>> - --> Seems like that parameter doesn't exist anymore in MySQL 5.0 ...
>> I'll look into it...
> 
> 
> Starting by looking at errors and then making sure a replication setup
> doesn't have any errors is always a good thing before saying it doesn't
> work. So, when no errors happen, may be many things will work just fine.
I haven't said that it doesn't work. I said its bloody slow. Thats a
huge difference...

> 
>> 060915 17:33:29 [Warning] Could not increase number of max_open_files to
>> more than 8096 (request: 8192)
>>
>> - --> You mentioned something about that later in your mail. Could be a
>> problem, eh?
> 
> 
> Go read it again. I think I pointed it many times so far. 
> If you still have issue with this, I will be glad to point you in the
> right direction, but do your homework first and try it out. The answer
> was provided very clearly and repeated as well and IS in the document
> about it as well.
Hold your breath. I read it, I changed the parameter down to 4096 and
should be fine now.

> 
>> 060915 17:33:29 [Warning] mysql.user table is not updated to new
>> password format; Disabling new password usage until
>> mysql_fix_privilege_tables is run
>>
>> - --> Yeah well, I could run mysql_fix_privilege_tables, however, I
>> bet it
>> has nothing todo with my problem.
> 
> 
> That's not fix privilege. Men, go read please. Look for old_password.
And again, this has most likely nothing to do with performance, so I
stick with the old password scheme and nevermind (for now).

> 
>> 060915 17:33:29 [Warning] Can't open and lock time zone table: Table
>> 'mysql.time_zone_leap_second' doesn't exist trying to live without them
>> 060915 17:33:29 [Warning] Neither --relay-log nor --relay-log-index were
>> used; so replication may break when this MySQL server acts as a slave
>> and has his hostname changed!! Please use
>> '--relay-log=babelfish45-relay-bin' to avoid this problem.
>>
>> - --> As I'm not about to change the hostname, I'll fix that problem
>> later.
> 
> 
> That is not the host name here. Go read the manual. They tell you to
> configure the my.cnf to use a log file reflecting your host name, not to
> change your host name. I think spending some time reading will help you
> work on the software you want to use. This is well explain in the log as
> well as in the manual.
> 
> They even tell you what to use:
> 
> --relay-log=babelfish45-relay-bin
> 
> Where does it say hostname needs to be changed?
It said, if I don't configure the my.cnf accordingly, and then change my
hostname, I'll be screwed.
One way to fix, is using relay-log in my.cnf, but again, I can skip this
as the whole setup is a Proof of Concept, nothing more. It's not in
production so stay cool.
Again, this has nothing to do with the performance issue encountered.
Yes, I do know that it's not a clean setup and I should do it right.

> 
>> 060915 17:33:29 [Note] /usr/local/libexec/mysqld: ready for connections.
>> Version: '5.0.22-log'  socket: '/tmp/mysql.sock'  port: 3306  OpenBSD
>> port: mysql-server-5.0.22
>> 060915 17:33:29 [Note] Slave SQL thread initialized, starting
>> replication in log 'foo-bin.40' at position 358083515, relay log
>> './babelfish45-relay-bin.04' position: 37101832
>> 060915 17:33:29 [Note] Slave I/O thread: connected to master
>> '[EMAIL PROTECTED]:3306',  replication started in log 'foo-bin.40' at
>> position 358083543
> 
> 
> Look lie at a minimum this works.
> 
I haven't said that it doesn't work... I said it's working, but its slow.

> 
>>> I have no clue how big your database might be or not. Nor how many
>>> tables, etc.
>>>
>> all in all it's 175 MyISAM files, but only a small part of them are
>> actually open and in use.
>> As you see above, only 11 tables are open. But some of them are rather
>> large (400 - 600 MB).
> 
> 
> But look like form previous errors that it try to use table that are not
> available. So, if you really want a good mirror, you need to make sure
> it will replicate all the tables it needs, or are link together, or the
> replication process will stop, only the bin log files will keep growing.
> 
Whut? It doesn't say that it can't replicate, because a table is
missing. I think you're mixing something up. More over, I would see this
error in "show slave status\G".

> Clue on that is if you have more then one relay-bin file on the slave,
> then it is safe to assume the replications stop. Not the copy over of
> the data, but the update of the tables.
> 
the tables are updating, the replication is running.

>> And as I said, access to MySQL itself is pretty slow.
>> As in: getting a "show slave status\G" needs between 4 and 14 seconds,
>> or a "mysqladmin proc stat" needs up to 16 seconds.
>> And this has really nothing to do with "how big is

Re: chrooted sftponly - how ?

[Bambero]

On 9/18/06, Simon Slaytor <[EMAIL PROTECTED]> wrote:

I'm sure the people behind

http://chrootssh.sourceforge.net/index.php

would argue about it being impossible.

Before I saw the light and went OpenBSD I used these patches on an FC1
box and it worked like a charm, doing exactly what your after.

I've not tried to replace the OpenSSH install on OpenBSD with a patched
version always assuming it would break horribly.


Ofcourse patching is not right solution.



If you get it working let me know as I'd love to be able to chroot
SSH/SFTP again.



In my opinion the best and the most secure way is setup rssh. But
there are two problems. BSD systems are not supported and program wont
compile becouse of missing wordexp() function. Secondly sftp-server
requires /dev/null device in chrooted environment so you cannot mount
/home partition as nodev.



Bambero wrote:
>> You can create a systrace policy for a sshd instance dedicated to sftp
>> service
>>
> This sems to be better way.
> Whatever, it will be nice to have builtin chroot in sftp-sever. Such
> in ftpd. But I suppose it's technicaly impossible.
>
> Thanks for help
> Bambero

Re: Mysql in replication setup

[Marian Hettwer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Daniel,

Daniel Ouellet wrote:
>> Okay... but by looking in iostat, it looks like pretty low traffic. 1 to
>> 2 MB/sec. A higher number of transfers per second, though.
> 
> 
> You are right! Yes But the question is also, is there something else
> then...
> 
> A few ideas below. Sure not all apply for sure, but just to show you
> that assuming it's the same setup and from 4.1 to 5.0 makes no
> difference, or have no impact might not always be true.
> 
Well lets see...

>> Well... it's getting data from the master all the time, so I guess, it
>> will be in waiting for i/o all the time.
>> However, this is by "design" (if you like to speak of design in regards
>> to MySQL).
>> And still I should be able to connect to mysql and do a show slave
>> status\G quite fast (not waiting 6 seconds to complete that task...).
>>
>> It gets even worse, if I try to do a select on some database. Yeah, the
>> database could be locked while I do that, but since there are 50 queries
>> / second coming in, the database still should have enough time to answer
>> (in between being locked).
> 
> 
> May be. But it may depend on many things including file system use too.
> Does you Linux version actually writes the data to the drive, or to
> cache and flush time to time. Meaning faster to process locks if you do
> use any? If it crash, do you actually lost some data that were not
> written to disk in that case? If it crash on OpenBSD, the data
> will/should be there. I am not saying this is THE reason, but consider
> it however.
> 
This could be a likely course. I'm not that familiar with the internals
of Linux's VM. All I know is, we're using ext3 on those Linux boxes and
yes, a hard crash will most likely render at least some tables (those
who were opened? *g*) unuseable...
Granted, it is an advantage if OpenBSD doesn't destroy the MyISAM files,
however, this is a MySQL replication setup with backups and everything.
The client replicants are available in quite a large number. You could
speak of a read-only load balance cluster of MySQL machines.
If one dies? Who cares, reinstall the machine, get your backup and back
to work :)

> Also some design in MySQL might affect you too if you do use locks and
> you might here, I don't know the data you use: "WRITE locks normally
> have higher priority than READ locks to ensure that updates are
> processed as soon as possible. This means that if one thread obtains a
> READ lock and then another thread requests a WRITE lock, subsequent READ
> lock requests wait until the WRITE thread has gotten the lock and
> released it. You can use LOW_PRIORITY WRITE locks to allow other threads
> to obtain READ locks while the thread is waiting for the WRITE  lock.
> You should use LOW_PRIORITY WRITE locks only if you are sure that
> eventually there will be a time when no threads have a READ lock."
> 
I'll keep that in mind, thanks.

> Also something that may well apply to you as you refer to timezone table
> that you do not replicate over. Did you consider this when mixing 4.1 to
> 5.0:
> 
> #If the master uses MySQL 4.1, the same system time zone should be set
> for both master and slave. Otherwise some statements will not be
> replicated properly, such as statements that use the NOW() or
> FROM_UNIXTIME() functions. You can set the time zone in which MySQL
> server runs by using the --timezone=timezone_name option of the
> mysqld_safe script or by setting the TZ environment variable. Both
> master and slave should also have the same default connection time zone
> setting; that is, the --default-time-zone parameter should have the same
> value for both master and slave. Note that this is not necessary when
> the master is MySQL 5.0 or later.
This is some new info to me, and it looks like I really should fix this
timezone issue. Thanks for pointing out.

> 
> Anyways, many others issues you should/need to consider when mixing, or
> trying to mix version of master/slave 4.1 to 5.0:
> 
> http://mysql.speedbone.de/doc/refman/5.0/en/replication-features.html
> 
> Then do you use trigger as well? I am almost sure this doesn't apply to
> you, but needs to be consider when mixing version for replications setup.
Nope, no triggers.

> Some more issues with mixing 4/1 version as master to 5.0 as slave:
> 
> If the master uses MySQL 4.1, you must always use the same global
> character set and collation on the master and the slave, regardless of
> the MySQL version running on the slave. (These are controlled by the
> --character-set-server and --collation-server options.) Otherwise, you
> may get duplicate-key errors on the slave, because a key that is unique
> in the master character set might not be unique in the slave character
> set. Note that this is not a cause for concern when master and slave are
> both MySQL 5.0 or later.
I did this. if using the wrong collation / character set, the MySQL 5.0
replicant won't even start to replicate...

> 
> 
> Also for spee