Re: [Love Letter] Functionnality vs State of mind
Bruno Carnazzi wrote: Hi misc, I'd just like to say that nowadays, in free software world (real free software, not open source), from my point of view, I feel you have to choose between featurefullness and state of mind. By state of mind, I mean project goals and moral values. From this point of view, I love OpenBSD operating system, they are the core of the free software ideas and values. I have a Linux background, and despite Linux featurefullness, I feel it's a technical mess (blobs, unstable api, desynched userland/kernel) and Linux is getting more and more money-driven by big companies such as IBM, HP friends... This is not free software values from my point of view. Free software is about code, knowledge and people. Linux is about functionnalities-through-blobs, NDA, and big companies. This is definitively not a good way. I don't mind if OpenBSD lacks some stuff right now. I can wait, and help. Thank you for your contribution for building a more human world in your technical area. OpenBSD guys, you rules ! :) Best regards, Bruno. PS: Excuse my approximative english (I try to improve !) Just for the record, FreeBSD isn't holy too.
ipsec vpn: freebsd and openbsd
kintaro oe writes: I'm setting up ipsec/vpn on freebsd and openbsd. I try to read this how to http://www.securityfocus.com/infocus/1859 but this applies to 2 openbsd systems. could anyone help me on how to setup between two systems? Type man vpn on your OpenBSD box and read the section on Configuring the Keying Daemon [automated keying]. That explains the gory details that ipsecctl and ipsec.conf deliberately hide from you. The reason for needing the gory details is that while FreeBSD has an /etc/ipsec.conf, its format is different from OpenBSD and it doesn't have helpful defaults so you need to specify everything exactly. The FreeBSD documentation makes a reasonable stab at explaining how to do this at :- http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html But ignore any mention of gif, and stick with a simple tunnel mode connection as described by the summary at the very end. You could also look at the following Linux documentation which explains how to configure Racoon, the same IKE daemon that is used on FreeBSD :- http://www.ipsec-howto.org/x299.html Finally the following show is an old document covering how to make OpenBSD and NetBSD IPsec interoperate and since NetBSD also uses Racoon you can use that as a template for the FreeBSD configuration ... http://www.rommelwood.de/~hshoexer/ipsec-howto/HOWTO.html
Re: 3.9: kernel panic when using disklabel on ramdisk
T. Valent wrote: I am still not sure if MFS helps me. My project is an embedded system that does not have a swap. I'm pretty sure the system will not run out of memory. So am I supposed to create the MFS on swap though I don't have any? From an embedded box running from CF and without swap: pengo$ cat /etc/fstab /dev/wd0a / ffs ro,noatime 1 1 swap/dev mfs rw,noatime,nosuid,-s=1024,-i=256,-P=/mfs/dev 0 0 swap/var mfs rw,noatime,nodev,nosuid,-s=16384,-P=/mfs/var 0 0 swap/tmp mfs rw,noatime,nodev,nosuid,-s=8192 0 0 --- Lars Hansson
Re: Packets/Bandwidth Monitoring
I wrote a stats script for PF that can show bandwidth per label. http://www.prefixmaster.com/eyeonpf.php If you can identify your user with rules that match a label it would work. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: ipsec vpn: freebsd and openbsd
On Wed, Oct 04, 2006 at 11:04:55PM -0700, Stephen J. Bevan wrote: Type man vpn on your OpenBSD box and read the section on Configuring the Keying Daemon [automated keying]. That explains the gory details that ipsecctl and ipsec.conf deliberately hide from you. (sorry for taking your post slightly out of context...) vpn.8 is no longer around...i urge people to read ipsec.conf(5) and isakmpd(8) for setting up their ipsec stuff. if there's problems in the docs, it's these pages that need feedback on, not vpn(8). jmc
Re: The new 4.0 song(s)
Enjoy at http://www.openbsd.org/lyrics.html Great stuff fellas. Thoroughly enjoyed the bonus track. Ty's ramblings reminded me of Ruby Rhod's in Luc Besson's The Fifth Element. -- ~michael
Re: ipsec vpn: freebsd and openbsd
As always, make sure to subscribe to the 'ports-security' mailing list, follow the stable ports tress, or at least visit http://www.openbsd.org/pkg-stable.html once in a while to make sure you've got the latest version (i.e. version with the most security issues fixed) of the OpenVPN package installed. For example, OpenBSD 3.9 shipped with OpenVPN 2.0.5, but later version 2.0.6 came out to address security issues, so a new OpenBSD package for OpenVPN was created and released. By the way, you may see on the OpenVPN website that version 2.0.8 is now out, but bear in mind that 2.0.7 and 2.0.8 only address Windows-centric security issues, so there was no need to release these versions as OpenBSD packages. -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
Re: What machine can I mirror OpenBSD's cvsup tree from
stan [EMAIL PROTECTED] wrote: I'd like to set up a local cvsup mirror for OpenBSD, as I have a very slow conection from work. What machine may I do this from? See the available mirrors listed at http://www.openbsd.org/cvsup.html -- Christian naddy Weisgerber [EMAIL PROTECTED]
make release DESTDIR question
Hello, To do a make release, you have to set a DESTDIR variable. Can the DESTDIR be in the /usr/obj directory, like: /usr/obj/DESTDIR or should this be avoided? thank you -- Didier Wiroth
Re: ipsec vpn: freebsd and openbsd
2006/10/4, Martin Gignac [EMAIL PROTECTED]: As always, make sure to subscribe to the 'ports-security' mailing list, follow the stable ports tress, or at least visit Should I take the silence of the list as evidence that all ports are secure or is the list simply ignored by the developers? Or is it only used in dire emergencies (like security-announce)? Best Martin
Re: ipsec vpn: freebsd and openbsd
On Thu, Oct 05, 2006 at 03:47:07PM +0200, Martin Schroder wrote:
Should I take the silence of the list as evidence that all ports
are secure or is the list simply ignored by the developers? Or is
it only used in dire emergencies (like security-announce)?
The list just hasn't been used in a while. It could be seen as
redundant effort, since ports-changes@ receives messages for each
commit to the ports tree (including security-related commits), and
pkg-stable.html is updated rather frequently.
This issue has come up on #OpenBSD on freenode a few times recently,
too. Would it be a good idea to update the FAQ to point to
pkg-stable.html and [EMAIL PROTECTED] Or would it be preferable to
make use of that list again (in conjunction, perhaps, with updates
to the VuXML)?
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
Re: ipsec vpn: freebsd and openbsd
2006/10/5, Will Maier [EMAIL PROTECTED]: This issue has come up on #OpenBSD on freenode a few times recently, too. Would it be a good idea to update the FAQ to point to pkg-stable.html and [EMAIL PROTECTED] Or would it be preferable to make use of that list again (in conjunction, perhaps, with updates to the VuXML)? Use the list. security fixes on ports-changes get lost in the noise. Otherwise remove the list. Best Martin
Re: ssh failure with Mac airport card
A multi-home firewall with 09/25/06, i386 snap-shot. WI_LAN interface is a dc0 connected to an Intel AP with cross-over cable. Use 'authpf' on WI_LAN interface. Laptop running Windows XP Pro with Intel PRO/Wireless 2011 LAN PC Card has no problem (using PuTTy). G4 Powerbook running 'OS X Tiger' with airport card (en1) fails. But has no problem when using ethernet port (en0) on internal LAN. = ssh using airport card (en1) == g4powerbook:~ alexlee$ ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 gif0: flags=8010POINTOPOINT,MULTICAST mtu 1280 stf0: flags=0 mtu 1280 en0: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 1500 ether 00:03:93:d1:3a:fc media: autoselect (none) status: inactive supported media: none autoselect 10baseT/UTP half-duplex 10baseT/UTP full-duplex 10baseT/UTP full-duplex,hw-loopback 100baseTX half-duplex 100baseTX full-duplex 100baseTX full-duplex,hw-loopback en1: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::20d:93ff:fe7d:6471%en1 prefixlen 64 scopeid 0x5 inet 10.1.1.11 netmask 0xff00 broadcast 10.1.1.255 ether 00:0d:93:7d:64:71 media: autoselect status: active supported media: autoselect fw0: flags=8863UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST mtu 2030 lladdr 00:03:93:ff:fe:d1:3a:fc media: autoselect full-duplex status: inactive supported media: autoselect full-duplex g4powerbook:~ alexlee$ ssh -v 10.1.1.1 OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to 10.1.1.1 [10.1.1.1] port 22. debug1: Connection established. debug1: identity file /Users/alexlee/.ssh/identity type -1 debug1: identity file /Users/alexlee/.ssh/id_rsa type -1 debug1: identity file /Users/alexlee/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.4 debug1: match: OpenSSH_4.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server-client aes128-cbc hmac-md5 none debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Write failed: Broken pipe g4powerbook:~ alexlee$ = ssh using ethernet port (en0) === g4powerbook:~ alexlee$ ssh -v 192.168.1.1 OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22. debug1: Connection established. debug1: identity file /Users/alexlee/.ssh/identity type -1 debug1: identity file /Users/alexlee/.ssh/id_rsa type -1 debug1: identity file /Users/alexlee/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.4 debug1: match: OpenSSH_4.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server-client aes128-cbc hmac-md5 none debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.1.1' is known and matches the RSA host key. debug1: Found key in /Users/alexlee/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /Users/alexlee/.ssh/identity debug1: Trying private key: /Users/alexlee/.ssh/id_rsa debug1: Trying private key: /Users/alexlee/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next
Re: Intel's Open Source Policy Doesn't Make Sense
On Wed, Oct 04, 2006 at 03:54:36PM -0600, Theo de Raadt wrote: Intel may just be worried that there _might_ be a problem they don't know about and are trying to protect themselves. may just be? I imagine that there are plenty of opportunities for someone to either willfully or accidentally introduce patented technologies, for which Intel does not hold a license, into their commercial products. imagine Rather than releasing information and potentially having to deal with an intellectual property issue, Intel just doesn't release the information. No facts? None at all? Just theories as to why they might have to not give things away? All phrased to let them get away with it? That's a lot of apologies you are making for a vendor who sells you broken hardware. Sorry, I didn't mean to apologize for them. Just making some guesses at how Intel is rationalizing the decision to not release information. Personally, I don't buy their products. -Damian
Re: The new 4.0 song(s)
Thoroughly enjoyed the bonus track. Ty's ramblings reminded me of Ruby Rhod's in Luc Besson's The Fifth Element. Ty as Ruby.. OMG, you just made me lose my coffee. can't wait to tell him that one although theo will beat me to it :) -Bob
Re: ipsec vpn: freebsd and openbsd
Jason McIntyre wrote: On Wed, Oct 04, 2006 at 11:04:55PM -0700, Stephen J. Bevan wrote: Type man vpn on your OpenBSD box and read the section on Configuring the Keying Daemon [automated keying]. That explains the gory details that ipsecctl and ipsec.conf deliberately hide from you. (sorry for taking your post slightly out of context...) vpn.8 is no longer around...i urge people to read ipsec.conf(5) and isakmpd(8) for setting up their ipsec stuff. if there's problems in the docs, it's these pages that need feedback on, not vpn(8). jmc Good to know. I too have been using vpn(8) for reference. It's still in my 3.9-STABLE.
Letter to OLPC
I have decided to make public this letter which I sent to the OLPC (One Laptop Per Child group, which is strongly associated with Red Hat. There have been replies to it by both Jim Gettys (argueing that their expediency is justified) and RMS (agreeing strongly with my point of view), but I will not disclose their letters. I am getting really tired of open source people who work against the open source community. Our little group can probably take credit for having opened up more wireless devices than the rest of the community, and therefore we feel we have a better grasp of the damage OLPC has done here. Our reverse engineering and documentation efforts will in time help all free software projects. Please take note, and publish if you wish. Thanks. --- To: Jonathan Gray [EMAIL PROTECTED] cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc: [EMAIL PROTECTED] cc: deraadt Subject: Re: Marvell 88W8388 documentation In-reply-to: Your message of Thu, 14 Sep 2006 22:47:00 +1000. [EMAIL PROTECTED] Date: Wed, 04 Oct 2006 12:38:34 -0600 From: Theo de Raadt [EMAIL PROTECTED] Please correct me if I am wrong but it seems that documentation for Marvell's 88W8388's is not publically available without signing an NDA? If this is the case why did a project that seems to pride itself of openess agree to deal with such a company? Drivers written under NDA tend to be full of magic numbers, near impossible for others to properly maintain and totally against the spirit of open projects. I really think you should push for Marvell to give out documentation without them forcing NDAs onto people. Failing that I'm sure there are other vendors who would be willing to be more helpful. Jonathan showed me this mail he sent you about your NDA cooperation with Marvell for the wireless chip that you want to use for the OLPC project, so that Marvell will write you special hacks to do low-power mesh networking while the main cpu is powered off. This does not gaurantee Marvell is going to be open and release documentation for their chips though. When large players like you make such private agreements with such secretive vendors, you work against our common goals of getting more open documentation for devices. It is only with open documentation that OS groups can increase device support, and later -- keep the device drivers reliable after the device is EOL'd by the vendor. I've heard claims that you (OLPC members, Red Hat employees) think this relationship with Marvell will eventually prompt/teach them to be more open in time. Do you not realize how much of a DELUSION the history of free/open operating systems shows that point of view to be? Very few chip vendors have ever opened up unless they were pushed, let alone Marvell (who I am led to believe also has NDA's with Red Hat employees for the Marvell Yukon/Yukon 2 gigabit ethernet chips -- again one of the few closed chips). It is clear that your choices are not about opening up Marvell, but simply commercially expedient and hurtful to our common cause. You came to Marvell with potential sales of millions of units, and then completely wimped out in demanding ideals that you say you share with the community. Now other companies like Intel, Broadcom, and TI can say to us Why should we open up, Marvell did not have to. So I must say I am extremely dissapointed you have chosen to work against the very obvious goals of open, and I hope that in time you are made to feel ashamed of the choice you have made.
Re: Looking for HowTo instructions ...
On 10/5/06, Greg Thomas [EMAIL PROTECTED] wrote: On 10/4/06, Marc G. Fournier [EMAIL PROTECTED] wrote: What the software is measuring, or is trying to measure, is the number of active *BSD installations there are ... So why doesn't it do only that? Just Systems This Month: 2938 and the numbers broken down by country or continent. Greg On Thu, Oct 05, 2006 at 02:38:49AM +, Sam Fourman Jr. wrote: I for one do not mind that, BSDstats breaks out the BSD operating systems. I only wish that someone with sufficient knowledge would put the BSDstats script in the OpenBSD ports tree. because if I could install it I could add 27 OpenBSD systems. Sam Fourman Jr. I just took a look at the script, all you have to do is schedule it to be run from cron and add a line to rc.conf. I'm not sure what you'd gain by having a port. -Damian
Re: [Love Letter] Functionnality vs State of mind
On 10/05/06 07:58, RedShift wrote: Just for the record, FreeBSD isn't holy too. Hm, yep, this is very important and we should get it straight, so I presume: OpenBSD is holy, Theo is the devil and together they span the universe? +++chefren
Re: Deploying isakmp/vpn with PKI
Hi,
On Tue, 03.10.2006 at 13:25:50 +0200, Joachim Schipper [EMAIL PROTECTED]
wrote:
If those are just standard OpenSSL-style x509 certificates, you can
generate them whereever you want, and they will work just fine.
I routinely generate such certificates on Linux with OpenSSL and deploy
on OpenBSD for use with isakmpd. Last I looked, the SubjectAltName
part was mandatory for this kind of usage.
4.0 has a lot of improvements, and ISTR that some of those are
necessary to use ipsec.conf with clients that change IP adresses.
Do you mind going into details? I'm so far using the classical
isakmpd.{conf,policy} thingy to authenticate eg. roaming users with
their certificates.
Best,
--Toni++
Re: Experience with isakmpd/ipsec in production?
Hi, On Mon, 21.08.2006 at 10:23:43 -0400, Melameth, Daniel D. [EMAIL PROTECTED] wrote: We have since changed how we're doing this, but we had a Cisco and OpenBSD VPN running for a few years. why, and how did you change? What's better now? Best, --Toni++
Re: Intel's Open Source Policy Doesn't Make Sense
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Thu, 5 Oct 2006 11:13:05 -0500 Damian Wiest [EMAIL PROTECTED] wrote: Sorry, I didn't mean to apologize for them. Just making some guesses at how Intel is rationalizing the decision to not release information. Personally, I don't buy their products. I'm speaking to everyone here. Rationalizing their decisions is probably a good thing. If you can put yourself in their shoes then you can probably devise some better reasons why they should help us. Bunk. Rationalizing their decisions openly does nothing more than reinforce that their decisions are right and logical. It does nothing to change behavior. It reinforces behavior. The best reason, which has been given, is that in not doing so, Intel will realize a financial impact for their decision. At their size, it is insignificant; but the great thing about a public corporation is that even insignificant financial losses are noticed by boards of directors and shareholders; if it's not maximizing profits, it's a bad thing, and loss of support from a formidable and growing open source sector is not maximizing profits. Especially when it is obvious that the small sector in question has further-reaching influence that you'd originally realized, it is in your best interest to cooperate and be open (remember? They said that's what they already said they were doing). Quit playing officer friendly for Intel; they don't need it, and it's not helping matters. DS
Re: Experience with isakmpd/ipsec in production?
Hi, On Mon, 21.08.2006 at 15:43:14 +0200, Sven Ingebrigt Ulland [EMAIL PROTECTED] wrote: How long have you been running openbsd isakmpd/ipsec (in production)? I think I run this stuff since around 2000, or 2001 at the latest. What problems, if any, have you had with the openbsd vpn implementations? Which of them are the most recurring? How do you usually fix them? There were some compatibility issues in earlier releases which were fixed quite fast (MANY thanks!). We had a few cases where isakmpd went down, but decided early to fix these by using process supervisors (also years ago, I don't know if these problems are still there). We use almost all easy features isakmpd has. Otherwise, I can't remember a problem. Have you experienced any interoperability problems when establishing tunnels with peers that run other implementations (cisco, checkpoint, etc)? And if so, how do you work around those? My experience is that most other devices I encountered so far are much less flexible and powerful than is OpenBSD. So, interoperating often means finding out what the other side can't, and then take the best out of what remains. I can only say that OpenBSD is very much recommended for serious IPSEC usage. Best, --Toni++
Re: Letter to OLPC
Good job Theo, now we as a community should start spread the word again. Thank you for being the leader of Openness! Wijnand
Re: Letter to OLPC
On 10/5/06, Wijnand Wiersma [EMAIL PROTECTED] wrote: Good job Theo, now we as a community should start spread the word again. Thank you for being the leader of Openness! Hear, hear, or here, here, or whatever it's supposed to be. For some reason hypocrisy is one thing that pisses me off more than anything and these other projects are just freakin' filled with hypocrisy. To them they'll attempt to be truly open until money, power, glory, or some other motivation enters the picture. Thankfully this project and its developers have integrity. Greg
Re: Intel's Open Source Policy Doesn't Make Sense
On Thu, 5 Oct 2006 11:18:49 -0700 Spruell, Darren-Perot [EMAIL PROTECTED] wrote: Bunk. Rationalizing their decisions openly does nothing more than reinforce that their decisions are right and logical. It does nothing to change behavior. It reinforces behavior. The best reason, which has been given, is that in not doing so, Intel will realize a financial impact for their decision. By rationalizing, I did not mean justifying. =) It's unjust to sell broken products under the guise of being open source friendly. By rationalizing, I meant understanding their reasons. But like you and Theo just pointed out is that intel only understands the language of money. Thats good to know. I won't waste my breath, nor my money. =) Travers Buda
Re: Intel's Open Source Policy Doesn't Make Sense
On Thu, 5 Oct 2006 14:51:30 -0500 Travers Buda [EMAIL PROTECTED] wrote: But like you and Theo just pointed out is that intel only understands the language of money. Thats good to know. I won't waste my breath, nor my money. =) Errr, I won't waste my breath _here_. Travers Buda
Re: Experience with isakmpd/ipsec in production?
Sven Ingebrigt Ulland wrote:
[...]
Thanks to all of you who have contributed with your
experiences with isakmpd/ipsec in OpenBSD. After some time
now, I've seen some more of the good and bad sides of our
VPN setup, and I'll share it with you.
How long have you been running openbsd isakmpd/ipsec (in production)?
It's been running for over a year now, and it's been very
stable.
What problems, if any, have you had with the openbsd vpn
implementations? Which of them are the most recurring? How do you
usually fix them?
There are a few issues that I've seen with the
implementation, or more aptly, my lack of detailed knowledge
of the IPSec specs:
1) isakmpd isn't easily debuggable. When some error occurs,
or when something expected does not occur, it is hard to
know what debug level to increase in isakmpd. Of course, it
would help a great deal to have detailed knowledge of the
IPSec specs here, but I haven't found the time to get to
know them very well. In that respect, I find the man page
for isakmpd to be somewhat lacking.
Not knowing how to debug properly leads to problems
determining on which side the error is located, or if the
fault is in an intermediate network. This can lead to a
blame game with the other side, which doesn't do anyone much
good. About that, I'm interested in hearing of good tips on
debugging stuff like this. I use the normal tools like ping,
{tcp,udp,icmp} traceroute, hping, tcpdump filtering on udp
port 500 || proto 50 and isakmpd logging, but still fall
short of determining the exact cause most of the time. Maybe
I'm using the tools the wrong way.
2) A common problem is that we simply stop seeing data from
one or more peers. (Our endpoint is set up as a slave for
all the connections, so it is our peers that initiate
connections.) What we usually do then, is to dump packets on
the network interface to determine whether the peer is
completely dead or if it's hung.
3) On some occations, the peer is hung up somehow, and keeps
trying to send us an invalid SPI. Our IPSec rejects those,
but it keeps sending them. What we then do is to stop
isakmpd and then start it again. For some reason, this fixes
the problem. We haven't dumped the traffic while restarting
isakmpd yet, but it probably sends some seize and desist
signal to all the peers. I'm wondering if it's possible to
send this signal to just one peer.. that would keep the
other tunnels alive.
Have you experienced any interoperability problems when establishing
tunnels with peers that run other implementations (cisco, checkpoint,
etc)? And if so, how do you work around those?
Our peers mostly run cisco or checkpoint equipment. In the
isakmpd logs we see a *lot* of the following messages:
dropped message from 172.29.9.43 port 500 due to notification type
PAYLOAD_MALFORMED
dropped message from 172.29.9.43 port 500 due to notification type
INVALID_PAYLOAD_TYPE
message_parse_payloads: invalid next payload type Unknown 111 in payload of type
8
(the number 111 varies from ~25 to ~125)
message_parse_payloads: reserved field non-zero: 17
(the number varies from 0x00 to 0xff).
Having a look through the IPSec specs (33 RFCs! Damn, where
to start?) would probably explain some of this behaviour.
I'm guessing the proprietary boxes use some in-house
extensions. Tips are greatly welcome!
regards,
Sven U
Re: Letter to OLPC
On Thu, 5 Oct 2006 12:36:26 -0700 Greg Thomas [EMAIL PROTECTED] wrote: Hear, hear, or here, here, or whatever it's supposed to be. For some reason hypocrisy is one thing that pisses me off more than anything and these other projects are just freakin' filled with hypocrisy. To them they'll attempt to be truly open until money, power, glory, or some other motivation enters the picture. Thankfully this project and its developers have integrity. It sure seems that OpenBSD and a few others with the FSF are the last bastions of freedom. I guess no one else understands how it serves their interests to demand openness. Was it always this way or have we somehow lost the picture? Travers Buda
Re: Experience with isakmpd/ipsec in production?
On Thu, Oct 05, 2006 at 09:59:27PM +0200, Sven Ulland wrote:
Sven Ingebrigt Ulland wrote:
[...]
Thanks to all of you who have contributed with your
experiences with isakmpd/ipsec in OpenBSD. After some time
now, I've seen some more of the good and bad sides of our
VPN setup, and I'll share it with you.
How long have you been running openbsd isakmpd/ipsec (in production)?
It's been running for over a year now, and it's been very
stable.
What problems, if any, have you had with the openbsd vpn
implementations? Which of them are the most recurring? How do you
usually fix them?
There are a few issues that I've seen with the
implementation, or more aptly, my lack of detailed knowledge
of the IPSec specs:
1) isakmpd isn't easily debuggable. When some error occurs,
or when something expected does not occur, it is hard to
know what debug level to increase in isakmpd. Of course, it
would help a great deal to have detailed knowledge of the
IPSec specs here, but I haven't found the time to get to
know them very well. In that respect, I find the man page
for isakmpd to be somewhat lacking.
Not knowing how to debug properly leads to problems
determining on which side the error is located, or if the
fault is in an intermediate network. This can lead to a
blame game with the other side, which doesn't do anyone much
good. About that, I'm interested in hearing of good tips on
debugging stuff like this. I use the normal tools like ping,
{tcp,udp,icmp} traceroute, hping, tcpdump filtering on udp
port 500 || proto 50 and isakmpd logging, but still fall
short of determining the exact cause most of the time. Maybe
I'm using the tools the wrong way.
2) A common problem is that we simply stop seeing data from
one or more peers. (Our endpoint is set up as a slave for
all the connections, so it is our peers that initiate
connections.) What we usually do then, is to dump packets on
the network interface to determine whether the peer is
completely dead or if it's hung.
3) On some occations, the peer is hung up somehow, and keeps
trying to send us an invalid SPI. Our IPSec rejects those,
but it keeps sending them. What we then do is to stop
isakmpd and then start it again. For some reason, this fixes
the problem. We haven't dumped the traffic while restarting
isakmpd yet, but it probably sends some seize and desist
signal to all the peers. I'm wondering if it's possible to
send this signal to just one peer.. that would keep the
other tunnels alive.
Have you experienced any interoperability problems when establishing
tunnels with peers that run other implementations (cisco, checkpoint,
etc)? And if so, how do you work around those?
Our peers mostly run cisco or checkpoint equipment. In the
isakmpd logs we see a *lot* of the following messages:
dropped message from 172.29.9.43 port 500 due to notification type
PAYLOAD_MALFORMED
dropped message from 172.29.9.43 port 500 due to notification type
INVALID_PAYLOAD_TYPE
message_parse_payloads: invalid next payload type Unknown 111 in payload
of type 8
(the number 111 varies from ~25 to ~125)
message_parse_payloads: reserved field non-zero: 17
(the number varies from 0x00 to 0xff).
Having a look through the IPSec specs (33 RFCs! Damn, where
to start?) would probably explain some of this behaviour.
I'm guessing the proprietary boxes use some in-house
extensions. Tips are greatly welcome!
I found the references to the isakmpd.fifo mentioned in
/usr/src/sbin/isakmpd/DESIGN-NOTES useful for tearing down
specific tunnels. The part I found useful was about 57% through
the file under User control.
Hope this helps with your situation.
Re: make release DESTDIR question
Didier Wiroth wrote on Thu, Oct 05, 2006 at 03:22:32PM +0200: To do a make release, you have to set a DESTDIR variable. Can the DESTDIR be in the /usr/obj directory, like: /usr/obj/DESTDIR or should this be avoided? This will be OK (though it doesn't look like a natural choice). The only reason i can imagine why you might want to put it there is that you made /usr/obj a seperate partition, screwing up the partition layout such that /usr/obj is now the last file system which has sufficient free space. The main reason why i would suggest not to choose /usr/obj/DESTDIR is that putting random stuff in places intended for very special purposes (like /usr/obj) is likely to confuse your co-admins - or even yourself. For example, somewhere below /usr/local would seem more natural to me. If you insist, you can put it anywhere, as long as you avoid the following: - don't clobber the OS itself (thus, DESTDIR=/usr/local is very bad) - make sure nothing else will write there (DESTDIR=/usr/obj is bad) - it must not use /mnt or svnd0, see release(8) - avoid places where stuff might get lost if you need to reboot (DESTDIR=/tmp/fakeroot might work, but is not a good choice) - avoid remote NFS volumes - in particular those that use nice stuff like -maproot, see exports(5). The release process needs to `chown root` and `chmod u+s` various files in DESTDIR. Good luck, Ingo
Re: Letter to OLPC
* Travers Buda [EMAIL PROTECTED] [2006-10-05 14:56]:
It sure seems that OpenBSD and a few others with the FSF are
the last bastions of freedom. I guess no one else understands how it
serves their interests to demand openness. Was it always this way or
have we somehow lost the picture?
No, it's real simple.
Red Hat (and a number of other linux distros) are morally bankrupt.
By that I mean the sit under the linux banner touting the GPL, and
yet this is not how they act. They act in a way that helps to ensure that
GPL'ed software can not continue to be written.
I am not a GPL fan, but I'll defend someone's ability to write
such software agressively. I consider it the same thing as defending freedom
of speech - it's defending your ability to buy something and use it in the
way you see fit, as opposed to buy something and use it only where and
when the manufacturer tells you you can.
The only reason you see only OpenBSD doing this is because the mass
market and media out there is too busy being a linux fanboys to notice
and ask the questions they should. All the media is seeing is we can
use this cool new thing in linux and they are missing the point of
you have just been sold out. That's not a diss of Linux in general,
it's a diss of a number of short sigheted developers who support that,
and a diss of the techincal media who ignores the fact that your
freedoms go down the tank by making these compromises. The attitude
that the end (hardware support) justifies the means (complete
sacrifice of the principles the thing was written under in the first
place) has to stop. The fact that Theo can end up being a
professional shit-disturber and find these things so easily is a huge
inditement of the community and the media reporting on it that we
read.
Allowing developers to sign NDA's with companies to add support to an
OS that purports to be free is letting them have a Munich conference
with your freedoms. You aren't invited - and they're carving you up
while doing a Chamberlain and saying look - device support in our
time - they'll be much better behaved now. We all know how well that
worked out, and this is no different.
-Bob
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
Re: Letter to OLPC
The attitude that the end (hardware support) justifies the means (complete sacrifice of the principles the thing was written under in the first place) has to stop. I will quote one little sentence from a private mail with the OLPC team. I feel tiny bit uncomfortable doing so, but feel that it is an excerpt that stands on it's own and it needs to be aired. It shows what they are thinking. In a private reply to my initial mail Jim Gettys (OLPC / Red Hat) said: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on.
Re: Letter to OLPC
In a private reply to my initial mail Jim Gettys (OLPC / Red Hat) said: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. I believe it says exactly what is going on with Red Hat - they wish to bring the community on with the belief that this is a free software project and it is not. The fact that it may in fact run a linux kernel has no bearing on it. They might as well be running windows. It is completely shameful. One Laptop Per Citizen - controlled by the cabal. -Bob
Re: Letter to OLPC
Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. I don't wish to argue that point, but it is certainly a point that could be debated. Why *would* the OLPC people wish to get their dicks caught in the struggle between the free-and-open software community and the greedheads? -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
* Jack J. Woehr [EMAIL PROTECTED] [2006-10-05 16:03]: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. I don't wish to argue that point, but it is certainly a point that could be debated. Why *would* the OLPC people wish to get their dicks caught in the struggle between the free-and-open software community and the greedheads? Expediency of the Sudentenland variety. And the fact that the chinese and brazillians are already doing it. they'd perfer to offer the disadvantaged a solution controlled by the good old USA who is after all only interested in Oil^H^H^HTheir welfare. -Bob
Re: Letter to OLPC
Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. Wait a second. I think you should go do some reseach and go read a study that has been done as to the potential financial damage this could do to the economies of some of these 3rd world countries, where the projected cost of these laptops is 80% of their GDP. There was a specific study done for Argentina. Please read it carefully. Please don't automatically suggest that people who try to do good, end up doing good. Let alone people who say they are going to do good, but show that their moral compass is off-kilter even during the development stage. don't wish to argue that point, but it is certainly a point that could be debated. Why *would* the OLPC people wish to get their dicks caught in the struggle between the free-and-open software community and the greedheads? Yes, and of course there is huge money to be made out of the OLPC. OLPC is the american challenger in the race to beat the Chinese to this particular market. And it is about money, from all sides. The children are just mentioned to make everone feel good.
Re: Letter to OLPC
On 10/5/06, Bob Beck [EMAIL PROTECTED] wrote: It is completely shameful. One Laptop Per Citizen - controlled by the cabal. indeed. If you (misc@) haven't already, send an email, post the outrage somewhere, voice your concern. Marvell would open in a second if it meant they were going to lose the the contract with OLPC. I only hope that OLPC makes the right choice --- that they grasp that the fight for freedom requires their action _now_.
Re: Letter to OLPC
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack J. Woehr Sent: Thursday, October 05, 2006 2:55 PM To: OpenBSD Subject: Re: Letter to OLPC Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. snip Why can't they try to do both, simultaneously? The fact that they won't, isn't the same as saying they can't. Do we really think this product couldn't be built within budget with full BSD license compatibility? Once they signed up corporate sponsors, I doubt they fought very hard or looked to competitive suppliers for more open solutions/licensing. Why must they give up the openness of the project so eagerly? I don't recall reading anything about how the OLPC project would have shipped already, except that they wanted more open drivers that they couldn't get Mike
Re: Letter to OLPC
On Thu, Oct 05, 2006 at 03:54:47PM -0600, Jack J. Woehr wrote: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. I don't wish to argue that point, but it is certainly a point that could be debated. I think the major issue is they're claiming to be so open source to get this feel-good feeling, when really they don't care about open source ideals. Look at what Mike Evans, Red Hat representative on OLPC board, says: We are a key part of the software team because of our experience and leadership in the open source development model and community dynamics. [ http://www.redhat.com/magazine/014dec05/features/olpc/ ] Does Red Hat making under-the-table deals with closed-source vendors to give them special access to hardware docs - which gives the open source community in general nothing - make them leaders in open source development and community dynamics? I don't think so. Why *would* the OLPC people wish to get their dicks caught in the struggle between the free-and-open software community and the greedheads? -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
On Oct 5, 2006, at 4:06 PM, Theo de Raadt wrote: Please don't automatically suggest that people who try to do good, end up doing good. Oh, I would not at all suggest such a thing. I run for office, and know that in public policy, intent is meaningless, it's only effect that counts. Let alone people who say they are going to do good, but show that their moral compass is off-kilter even during the development stage. Maybe morals are more like social heuristics than compasses. Compasses point to an identifiable source, whereas morality is pretty relative. So let's say it might be possible for Mr. X to have a functional moral heuristic that is not rigidly conforming to Ms. Y's moral heuristic. Being in politics, I've learned that you are morally wrong is one of the weakest arguments one can use to convince another human being to alter their course of action. I confess I resort to that argument from time to time, e.g., when the local pols (here in Colorado) are oppressing the Mexican guest workers, but it's a pretty useless argument for getting any personal change out of the malefactor. It's just a dunking chair, so to speak. Yes, and of course there is huge money to be made out of the OLPC. OLPC is the american challenger in the race to beat the Chinese to this particular market. And it is about money, from all sides. The children are just mentioned to make everone feel good. Oh, I thought they were non-profit humanitarian foundation. Ah, well, there's lots of money to be made even in non-profits. In any case, the syllogism: 1. Free software is the Highest Moral Good. 2. OLPC won't promise to use only free software. 3. OLPC is evil. was all I could deduce from the previous correspondence, and it sounded puerile. Now you induce further information into the argument, i.e., that this is for-profit and therefore their business conduct can be judged on the same basis as any other technical organization. In that case, I'd tend to agree with you. I just didn't get that from the original posting. Maybe I should make it a practice of re-reading entire threads before I put my oar in :-) -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
The attitude that the end (hardware support) justifies the means (complete sacrifice of the principles the thing was written under in the first place) has to stop. In a private reply to my initial mail Jim Gettys (OLPC / Red Hat) said: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. I believe it says exactly what is going on with Red Hat - they wish to bring the community on with the belief that this is a free software project and it is not. The fact that it may in fact run a linux kernel has no bearing on it. They might as well be running windows. It is completely shameful. One Laptop Per Citizen - controlled by the cabal. In the end, all this only make me fell even stronger about my choice of OpenBSD and what it's stand for! Even when I see emails crying to the dying of NetBSD, or fake fight by Linux and variations of that all pretend to be your friends and provide good software and be the defender of Freedom! Look to me that none really remember where they started from and what they are suppose to stand for! Isn't is a say in English that say,If you can't beat them joint them! Look to me that many big company got involved in the open source as it couldn't be stop a the time it happen and some may be wanted to do good, although I have to question for sure! Other clearly took it as a mean to the end and a way to kill it somehow! Or diminished it's freedom! An utopia would be to see all the *BSD talks with one voice and all the GPL Linux various do the same as well and required simply free documentation, not drivers, just documentations to hardware that users are paying for in the first place. How cares what's inside, tell the in and out and how to operate the dam things, that all is required. Keep your secrets as to how you did it. No one wants to know! And allow Firmware to be distribute freely as well. I bought the hardware, why would I need to sign an agreement to use it! If that's how they want it, then be upfront and force me to sign it before I buy it, then I will buy something else. Same on Intel to be stubborn like that, May their market share shrink under the Sun! I for one haven't got an Intel processor in a long time as AMD provided documentations, my OS of choice works better on it anyway! Shame on Adaptec not to provide SCSI documentations, my LSI works better anyway! Even my wireless works better now! When will the open source community understand where they have been and where they comes from! Great things have been accomplish in the pass because of a united voice fro the community and the various projects working together! Let it be known that it's not with NDA that this happened before and sure will not continue in the future either. Doing it as it is now simply play directly in the hands of the same corporations that wish and dream of killing the open source so that they can once more charge unreal prices for buggy software and provide you bug fix for them that they call upgrades! Or improve OS version that you needs to buy again over and over again and where you need to replace your hardware each time as your new improve OS doesn't work on your old hardware! If the various *BSD and Linux are dying because they can't remove their heads from the sand, let them die! Very sad and I sure don't wish that at all, but may as well see it gone as it doesn't help to be in play with the others as it hurt every players! Isn't it just a few weeks ago that I read to my astonishment Bush saying that even freedom have to have limits! I guess there is no surprise that big company see that as normal to them too! Freedom is a journey, not a destination! Unless all the open source projects learn this and can joint to speak with one voice, they simply lie to them self and all their users and in the end deal their own dead cards! Lets take it as a regrouping movement and spread the words as it should and how it's always been done in the pass for leap forward! I for one never been so proud to be called a stubborn OpenBSD sanababish for forcing the use of OpenBSD in my business to my staff and if they don't like it, the door is wide open! Yes call that dictator if you like! It's pretty clear before you enter the office that OpenBSD is what's we run. You don't like it, then don't apply for a job, there isn't one for you! My greatest respect goes to ALL OpenBSD developers and what they stands for and for the users that follow into the foots step and see it as well as a value to them and to their peers and defend the goal as well in the process! This only make me wants to support the project even more! Now go to make a donations as I know it is really use for the good cause! Do the right things too! Support the last bastion of Freedom! Hopefully
Re: Letter to OLPC
On Oct 5, 2006, at 4:20 PM, Niall O'Higgins wrote: Does Red Hat making under-the-table deals with closed-source vendors to give them special access to hardware docs If this is in fact what the sum of the matter is, that is indeed quite naughty. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
Paul de Weerd wrote: On Thu, Oct 05, 2006 at 03:54:47PM -0600, Jack J. Woehr wrote: | Free and open software is a means to an end, rather than the | sole end unto itself for OLPC. | | I was totally stunned by this admission. morally bankrupt, as Bob | says, is exactly what is going on. | | Hmm, sounds like you are saying that abstract goal of unlimited | software freedom is | a higher goal than providing access to modern technology to | disadvantaged children in | 3rd-world countries. I don't wish to argue that point, but it is | certainly a point | that could be debated. Why *would* the OLPC people wish to get their | dicks caught | in the struggle between the free-and-open software community and the | greedheads? This is a perfect opportunity to stand up, speak up about this issue. Why would the Intels and Marvells of this world withhold developers the documentation they need if they are unwilling to sign an NDA ? They are writing software that provides 'disadvantaged children in 3rd-world countries' access to modern technology. Reverse your argument and bring it to Marvell. Imagine the bad press Marvell would have gotten had they declined OLPC/Red Hat access to the documentation without NDA when asked. This company will not allow 'disadvantaged children in 3rd-world countries' to gain access to modern technology, because they feel the documentation to their hardware is to secret. (or whatever their false reasoning is) What these companies need is bad press. Bad press is bad for their business and shareholders will start to complain. It seems that this is the only way to make changes in big corporations, and changes are exactly what we need. Amen!!! Well said!
GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On 10/5/06 5:05 AM, Travers Buda wrote: Thats not very smart of intel, considering that OpenBSD is writing the best drivers for them with a BSD liscense for FREE! In general Intel is definitely one of the smartest companies in this world, I don't like them that much personally but highly respect them for almost all their work. You can scream in this small church about license details but at this moment the world sees no difference between varieties of open source. Even basic open source is a very big step for companies and it's very hard to explain differences between GPL and BSD and the clue behind the enormous success of OpenSSH. Most GPL fans think they understand the philosophies and differences between GPL and BSD and strongly tend to ignore the basic results of the licenses, they think Linux is bigger than FreeBSD so GPL is better than BSD). If I try to explain that only BSD is no strings attached they say but the BSD license requires you to copy the name of the authoring person only copy left is without any strings. And there I have to explain that in most civil countries =everything is copyrighted= even for many years after the passing away of the authoring person so its basically the law that requires some sign that proves it's copy-left and only the author can claim. If the claim is left, even after years someone might rightfully claim and ask for real money if you use unsigned code. This is all far to complicated for 99% of the people in this world. The argument against GPL that works best for me during discussions about it is that GPL is BSD with Digital Rights Management. Even GPL zealots have an extremely bad feeling while hearing DRM, again and again funny to see their faces while it sinks in. +++chefren
Re: Letter to OLPC
Does Red Hat making under-the-table deals with closed-source vendors to give them special access to hardware docs If this is in fact what the sum of the matter is, that is indeed quite naughty. Oh come on. Everyone knows that Red Hat makes deals with closed vendors. They have SINCE DAY ONE helped negotiate NDA's for Red Hat associated developers. The result is that some drivers can only be fixed by a few very special people who have those documents under NDA, and that everyone else can only report bugs. The result is also that anyone else who tries to get documentation now are told you have to sign an NDA, everyone else has been OK with that. Get out from under the rock!
Re: Letter to OLPC
On Oct 5, 2006, at 4:53 PM, Theo de Raadt wrote: Get out from under the rock! Well, see, I was an early Cygnus employee so I still find it hard to think ill of RedHat. Even though dealing with them at all these days gives me gas :-) -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
On Oct 5, 2006, at 4:41 PM, Daniel Ouellet wrote: In the end, all this only make me fell even stronger about my choice of OpenBSD and what it's stand for! What makes me feel strong about my choice of OpenBSD is that, whatever moral suasions operate in Theo and the gang, these suasions are expressed in keeping the OS Lean, Free, Correct, Open Secure. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
Bob Beck wrote on Thu, Oct 05, 2006 at 03:47:14PM -0600: Theo de Raadt wrote: In a private reply to my initial mail Jim Gettys (OLPC / Red Hat) said: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. I believe it says exactly what is going on with Red Hat - they wish to bring the community on with the belief that this is a free software project and it is not. The fact that it may in fact run a linux kernel has no bearing on it. They might as well be running windows. There is a good deal of bitter irony in it. When the GPL was written, the author(s) were wise enough not trust themselves. So they wrote stuff like we may not sell ourselves out into the license. They were right. When people act inside social contexts involving large amounts of economical or political power, it is very hard for those people to remain true, even if they started out in search of freedom and equality. Even if they were never naive and knew their danger and the strength of their opponents. But they were wrong. To guard your Self against corruption, legal means are ineffective. Which means, then, might be effective? That is one of the most difficult questions i heard of. I cannot yet come any closer than this: Don't let people put you into social or political contexts that could pressure you to change your goals and your personality in any way you resent. Above all, do not trust your own morality or strength or whatever to remain true when tempted. Hardly anybody can resist any serious temptation for long. Do what you really want, and stay away from temptation. However, that's much easier said than done. After all, you need some cash to live on... The structure of the OpenBSD project suggests that this project might be able to resist better than others. It is no company. It is no charity. It is not so small that it needs to grasp at every straw to survive. It is not so large that any of the big players will put any real effort into trying to corrupt it. As long as it has a few people who know what they want, it might stand unconquered for a while. Not because those people are morally better than or in any way stronger than others, but because they wisely choose a context for living and working that lets them grow rather than corrupting them.
Re: Letter to OLPC
On 10/5/06, Jack J. Woehr [EMAIL PROTECTED] wrote: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. I don't wish to argue that point, but it is certainly a point that could be debated. Why *would* the OLPC people wish to get their dicks caught in the struggle between the free-and-open software community and the greedheads? BECAUSE WE ARE NOT THE ONES SAYING IT. THEY ARE THE ONES SAYING IT! Remember, Apple approached them and offered OSX for OLPC. What was their reason for rejecting it? It's not open source enough. So WHAT THE HELL are they saying now? This is being two faced and hypocritical.
Re: Letter to OLPC
On Oct 5, 2006, at 5:05 PM, Ingo Schwarze wrote: It is not so small that it needs to grasp at every straw to survive. It is not so large that any of the big players will put any real effort into trying to corrupt it. My man, I think you just discovered the secret of a happy life. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Letter to OLPC
On 10/5/06, Ingo Schwarze [EMAIL PROTECTED] wrote: The structure of the OpenBSD project suggests that this project might be able to resist better than others. It is no company. It is no charity. It is not so small that it needs to grasp at every straw to survive. It is not so large that any of the big players will put any real effort into trying to corrupt it. As long as it has a few people who know what they want, it might stand unconquered for a while. Not because those people are morally better than or in any way stronger than others, but because they wisely choose a context for living and working that lets them grow rather than corrupting them. The success of OpenBSD (with regard to keeping its original ideals in mind) has less to do with the size or structure and more to do with the overall goals and strength of the people involved. Writing off their ability to remain true to themselves and the community as a sort of accident or one of many equally probable outcomes is completely wrong. If it was not for Theo and the rest of the developers, and the community, standing up for themselves, it would have been dissolved into something different long ago despite the structure, popularity, size, whatever. They actively work AGAINST corruption -- they don't simply avoid, ignore, or resist it.
Re: Letter to OLPC
On 10/6/06 1:05 AM, Ingo Schwarze wrote: The structure of the OpenBSD project suggests that this project might be able to resist better than others. It is no company. It is no charity. It is not so small that it needs to grasp at every straw to survive. It is not so large that any of the big players will put any real effort into trying to corrupt it. As long as it has a few people who know what they want, it might stand unconquered for a while. Not because those people are morally better than or in any way stronger than others, but because they wisely choose a context for living and working that lets them grow rather than corrupting them. The structure is nothing more or less than the BSD license that's the only license that has no strings attached (without DRM) and a community with enough people that understand it's civil and polite. +++chefren
Re: Letter to OLPC
On 10/5/06, Aaron Hsu [EMAIL PROTECTED] wrote: snip So in the end, we can't expect anything to happen if a people don't really care. People can't put in external protections to assure the safety of their ideas, it is the responsibility of people to ensure that such things are protected, and right now, there aren't many people concerned with that relative to the opposition or the complacents. You are absolutely in the wrong. We can expect action and should as such demand it. If people don't really care then that is their fault, as they will inevitably fall to the desires of people who do care. We are the ones who care about the freedom of our software. We who have our heads screwed on tightly, will move to action for what we believe in. How big of a group we are has nothing to do with whats going on here.
Re: Letter to OLPC
On Oct 5, 2006, at 7:17 PM, Karsten McMinn wrote: On 10/5/06, Aaron Hsu [EMAIL PROTECTED] wrote: snip So in the end, we can't expect anything to happen if a people don't really care. People can't put in external protections to assure the safety of their ideas, it is the responsibility of people to ensure that such things are protected, and right now, there aren't many people concerned with that relative to the opposition or the complacents. You are absolutely in the wrong. We can expect action and should as such demand it. If people don't really care then that is their fault, as they will inevitably fall to the desires of people who do care. We are the ones who care about the freedom of our software. We who have our heads screwed on tightly, will move to action for what we believe in. How big of a group we are has nothing to do with whats going on here. Actually, maybe I mistated myself, but I agree with you here. -- Aaron Hsu ~ [EMAIL PROTECTED] XMPP/Gtalk/Jabber: [EMAIL PROTECTED] AIM/Yahoo: NoorahAbeer ~ ICQ: 153114301 MSN: [EMAIL PROTECTED] ~ http://www.aaronhsu.com
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
When you say that the GPL is related to DRM, what do you mean? I mean how is GPL related to DRM? Generally I try to avoid licensing discussions and what not and just focus on the technology, but I'm just curious in this regard. I know GPL3 has a lot dealing with DRM (or so I've heard) but GPL2 doesn't (supposedly, I really don't know).
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
When you say that the GPL is related to DRM, what do you mean? I mean how is GPL related to DRM? Generally I try to avoid licensing discussions and what not and just focus on the technology, but I'm just curious in this regard. I know GPL3 has a lot dealing with DRM (or so I've heard) but GPL2 doesn't (supposedly, I really don't know). Please -- let's not do that discussion here.
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On Oct 5, 2006, at 4:39 PM, David T Harris wrote: When you say that the GPL is related to DRM, The point is that like DRM the GPL restricts what you can do and how you can use the code. The BSD license doesn't. what do you mean? I mean how is GPL related to DRM? Generally I try to avoid licensing discussions and what not and just focus on the technology, but I'm just curious in this regard. I know GPL3 has a lot dealing with DRM (or so I've heard) but GPL2 doesn't (supposedly, I really don't know). They do not preach that their God will rouse them a little before the nuts work loose.
Intel Firmware and Open Source
Intel should provide documentation to the open source community. Documentation will allow developers to write reliable drivers. Intel should have an open license for its firmware, so that the firmware can be freely distributed. Earlier this week, a co-worker told me that his Intel wifi card would not stay connected to the network. My co-worker runs Windows, which is far from open. I suggested he talk to IT to obtain a non-Intel wifi card. I have also suggested to a friend that buys IT products for a bank to switch to AMD. I also suggested he switch to other vendors for his wifi cards. I cannot convince you to open up your documentation. I can tell everyone to avoid Intel products. I will suggest alternatives to Intel to those that run Windows. No longer is Intel a choice. However, if you embrace the open source community, then Intel becomes a choice. I would rather spend extra on an open source friendly company than a non-open source company. Cheers, Brian Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. Instead of your rant which contains insults and lies. And no, I'm not a GPL fanboy, I license most of my stuff under the BSD license, but I do have respect for the work and opinions of others. chefren wrote: On 10/5/06 5:05 AM, Travers Buda wrote: Thats not very smart of intel, considering that OpenBSD is writing the best drivers for them with a BSD liscense for FREE! In general Intel is definitely one of the smartest companies in this world, I don't like them that much personally but highly respect them for almost all their work. You can scream in this small church about license details but at this moment the world sees no difference between varieties of open source. Even basic open source is a very big step for companies and it's very hard to explain differences between GPL and BSD and the clue behind the enormous success of OpenSSH. Most GPL fans think they understand the philosophies and differences between GPL and BSD and strongly tend to ignore the basic results of the licenses, they think Linux is bigger than FreeBSD so GPL is better than BSD). If I try to explain that only BSD is no strings attached they say but the BSD license requires you to copy the name of the authoring person only copy left is without any strings. And there I have to explain that in most civil countries =everything is copyrighted= even for many years after the passing away of the authoring person so its basically the law that requires some sign that proves it's copy-left and only the author can claim. If the claim is left, even after years someone might rightfully claim and ask for real money if you use unsigned code. This is all far to complicated for 99% of the people in this world. The argument against GPL that works best for me during discussions about it is that GPL is BSD with Digital Rights Management. Even GPL zealots have an extremely bad feeling while hearing DRM, again and again funny to see their faces while it sinks in. # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Han Boetes [EMAIL PROTECTED] wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Wow, I feel dumber for having read that. Since it's polite, to point and factual. Its complete and utter nonsense actually. The linux kernel is used in closed source products all the time, it has no effect there just like it has no effect for BSDs. Linux got marketshare from a particlarly well known lawsuit that made many people avoid the BSDs, and a big group of people interested in nothing but gaining marketshare, which is not a typical BSD concern. The licenses have nothing to do with it. Adam
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On Fri, 6 Oct 2006 03:00:52 +0159, Han Boetes wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. Instead of your rant which contains insults and lies. It says Yes, companies could voluntarily cooperate without a license forcing them to. The *BSDs try to depend on this. But it today's cutthroat market, that's more like the Prisoner's Dilemma. In the dilemma, it's better to cooperate; but since the other guy might choose to not cooperate, and exploit your naivete, you may choose to not cooperate. A way out of this dilemma is to create a situation where you must cooperate, and the GPL does that. Look at the last line. MUST. Must != Freedom. Ve haff vays off making you co-operate R/ From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
Re: Letter to OLPC
Kian Mohageri wrote on Thu, Oct 05, 2006 at 04:46:41PM -0700: On 10/5/06, Ingo Schwarze [EMAIL PROTECTED] wrote: The structure of the OpenBSD project suggests that this project might be able to resist better than others. It is no company. It is no charity. It is not so small that it needs to grasp at every straw to survive. It is not so large that any of the big players will put any real effort into trying to corrupt it. As long as it has a few people who know what they want, it might stand unconquered for a while. Not because those people are morally better than or in any way stronger than others, but because they wisely choose a context for living and working that lets them grow rather than corrupting them. The success of OpenBSD (with regard to keeping its original ideals in mind) has less to do with the size or structure and more to do with the overall goals and strength of the people involved. Writing off their ability to remain true to themselves and the community as a sort of accident or one of many equally probable outcomes is completely wrong. If it was not for Theo and the rest of the developers, and the community, standing up for themselves, it would have been dissolved into something different long ago despite the structure, popularity, size, whatever. These two views are not as far apart as they might seem. Indeed, BOTH are needed: 1) The resolution to pursue freedom, well thought-out goals and a lot of strength to stick with them. 2) Care not to put oneself under conditions which will make oneself lose point 1. Becoming the boss of a corporation or the leader of a large party or charity are dangerous in this respect, and, alas, fatal even to most people who were once strong. I stressed point 2 not because i doubt that Theo and Mickey and Ted and Henning and... lack point 1 or because I deem point 1 unimportant (beware!). I stressed point 2 because Theo and Bob just ranted away about moral bankruptcy of others - and i think it *is* important not to trust blindly on one's own strenght, but to also find out what caused others to fail, even though those others were also strong and had valid goals to begin with. In fact, i think Theo is well aware how important one's working and living conditions are. He is quite careful not to depend on any corporation or government or pressure group or whatever, even if that means to get on with less money and to face additional trouble from time to time. They actively work AGAINST corruption -- they don't simply avoid, ignore, or resist it. That's clearly a very important point indeed. Anyway, the OpenBSD project is not bound to lose its focus any time soon. Perhaps i will now once more leave more space on the list to posts that actually deal with code. =;-)
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Rod.. Whitworth wrote: It says Yes, companies could voluntarily cooperate without a license forcing them to. The *BSDs try to depend on this. But it today's cutthroat market, that's more like the Prisoner's Dilemma. In the dilemma, it's better to cooperate; but since the other guy might choose to not cooperate, and exploit your naivete, you may choose to not cooperate. A way out of this dilemma is to create a situation where you must cooperate, and the GPL does that. Look at the last line. MUST. Must != Freedom. In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. For example freedom is most defined as `the freedom to do whatever you wish as long as it does not hurt somebody else,' well that last part `as long as it does not hurt anybody else' is what the GPL is about. In your definition of freedom you'd have the freedom to hurt somebody else. # Han
Re: Letter to OLPC
Jack J. Woehr wrote: Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. No, all he wants is to make sure those disadvantaged children don't get a vendor lock in _together_ with their hardware. With this deal it would mean they are _forced_ to use Redhat instead of being able to do with their hardware as they please. That's something that should be prevented. # Han PS: Yes I know, this happens all of the time in the real world.
Google 'Intel Open Source' or 'Open Source Fraud'
Dear Anand Chandraseker and David Perlmutter, As I see KernelTrap.org, NewsForge.com and Slashdot feature an article named 'Intel Accused Of Being An Open Source Fraud', I decided to take the time to see how likely someone who uses google is to find the articles. 1. http://www.google.com/search?q=open+source+fraud returns all Intel Open Source Fraud results on the very first page in the very first six positions, although Intel is not one of the keywords 2. http://www.google.com/search?q=intel+open+source returns Intel Open Source Fraud newsforge article as the 13th result, although Fraud is not one of the keywords. If you think 13 is far enough, think again, as it'll climb to the top ten shortly. Possible conclusions: 1. 'Open Source Fraud' is a synonym for 'Intel'. :( 2. 'Intel Open Source' means fraud. :( I truly wish and hope that Intel will step up to change the situation. Sincerely, Constantine A. Murenin, B.Sc. (Hons).
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Your freedom is forced. Companies and individuals have no choice in the matter, because it's required by the license. We have the freedom to vote, but we aren't forced to do so. You don't seem to realize that it's not freedom if it's forced at the end of a proverbial GPL gun. On 10/5/06, Han Boetes [EMAIL PROTECTED] wrote: Rod.. Whitworth wrote: It says Yes, companies could voluntarily cooperate without a license forcing them to. The *BSDs try to depend on this. But it today's cutthroat market, that's more like the Prisoner's Dilemma. In the dilemma, it's better to cooperate; but since the other guy might choose to not cooperate, and exploit your naivete, you may choose to not cooperate. A way out of this dilemma is to create a situation where you must cooperate, and the GPL does that. Look at the last line. MUST. Must != Freedom. In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. For example freedom is most defined as `the freedom to do whatever you wish as long as it does not hurt somebody else,' well that last part `as long as it does not hurt anybody else' is what the GPL is about. In your definition of freedom you'd have the freedom to hurt somebody else. # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On 10/5/06, Han Boetes [EMAIL PROTECTED] wrote: In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. For example freedom is most defined as `the freedom to do whatever you wish as long as it does not hurt somebody else,' well that last part `as long as it does not hurt anybody else' is what the GPL is about. as rational human beings, i'm sure the openbsd developers knew what they were doing when they decided they wanted to write bsd code. coughing up the same old gpl bullshit isn't going to change anything. In your definition of freedom you'd have the freedom to hurt somebody else. what else is a baby-mulching machine good for?
Can't start symux -- symux: could not get a semaphore
I have a problem starting symux on OpenBSD 3.7, it was working
fine untill today that the machine crashed leaving no log at all, and
when i went up again something went wrong with symux,
maybe someone knows what's going on.
I run the following command to start it:
/usr/local/libexec/symon
su -m nobody -c /usr/local/libexec/symux
and i get this in /var/log/messages:
Oct 5 23:29:01 srv1 symux: symux version 2.67
Oct 5 23:29:01 srv1 symux: could not get a semaphore
symon starts properly, i get no error or problem, but symux shows that
message and doesn't start.
Here i paste my symon config:
cat /etc/symon.conf
#
# $Id: symon.conf,v 1.12 2004/02/26 22:48:08 dijkstra Exp $
#
# Demo configuration for symon. See symon(8) for BNF.
monitor { cpu(0), mem,
if(lo0),
mbuf,
proc(httpd),
if(sk0), if(xl0), if(xl1), if(fxp0),
io(wd0), io(wd1)
} stream to 10.10.10.101 2100
Here is my symux config:
cat /etc/symux.conf
#
# $Id: symux.conf,v 1.22 2004/02/26 22:48:08 dijkstra Exp $
#
# Demo symux configuration. See symux(8) for BNF.
mux 10.10.10.101 2100
source 10.10.10.101 {
accept { cpu(0), mem,
if(lo0),
mbuf,
proc(httpd),
if(sk0), if(xl0), if(xl1), if(fxp0),
io(wd0), io(wd1)
}
datadir /var/www/symon/rrds/srv1
}
source 10.10.10.102 {
accept { cpu(0), mem,
if(lo0),
mbuf,
sensor(9),
proc(httpd),
proc(smtpd),
if(rl0),
io1(wd0)
}
datadir /var/www/symon/rrds/srv2
}
source 10.10.10.103 {
accept { cpu(0), mem,
if(lo0),
mbuf,
sensor(9),
proc(httpd),
proc(smtpd),
if(xl0),
io1(wd0)
}
datadir /var/www/symon/rrds/srv3
}
Best Regards,
Marcos Laufer
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Ted Unangst wrote: On 10/5/06, Han Boetes [EMAIL PROTECTED] wrote: In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. For example freedom is most defined as `the freedom to do whatever you wish as long as it does not hurt somebody else,' well that last part `as long as it does not hurt anybody else' is what the GPL is about. as rational human beings, i'm sure the openbsd developers knew what they were doing when they decided they wanted to write bsd code. coughing up the same old gpl bullshit isn't going to change anything. I don't care what license _you_ choose, I never said anything that. All I said is what the GPL license is about. Oh, it's tedu misunderstanding people on purpose again. I'll never learn. In your definition of freedom you'd have the freedom to hurt somebody else. what else is a baby-mulching machine good for? # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Harpalus a Como wrote: On 10/5/06, Han Boetes [EMAIL PROTECTED] wrote: Rod.. Whitworth wrote: It says Yes, companies could voluntarily cooperate without a license forcing them to. The *BSDs try to depend on this. But it today's cutthroat market, that's more like the Prisoner's Dilemma. In the dilemma, it's better to cooperate; but since the other guy might choose to not cooperate, and exploit your naivete, you may choose to not cooperate. A way out of this dilemma is to create a situation where you must cooperate, and the GPL does that. Look at the last line. MUST. Must != Freedom. In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. For example freedom is most defined as `the freedom to do whatever you wish as long as it does not hurt somebody else,' well that last part `as long as it does not hurt anybody else' is what the GPL is about. In your definition of freedom you'd have the freedom to hurt somebody else. Your freedom is forced. Companies and individuals have no choice in the matter, because it's required by the license. We have the freedom to vote, but we aren't forced to do so. You don't seem to realize that it's not freedom if it's forced at the end of a proverbial GPL gun. Exactly! It's forced! # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Han Boetes wrote: In your definition of freedom you'd have the freedom to hurt somebody else. Good thing the GPL prohibits that kind of stuff, right? So that no-one can use Linux to spy on the populace or use Linux to track down dissidents. Oh wait, it doesn't prevent that. --- Lars Hansson
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Han Boetes wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. Yes, it's so factual that he fail to mention/understand that the BSD license *is* GPL compatible. The reasoning pretty much goes: * Linux rocketed to fame because of the GPL (a statement that is in itself highly questionable) * It's an important advantage to use GPL-compatible licences (an opinion, not a fact) * The BSD license has hurt the BSD projects because its not GPL-compatible (which it IS) Congratulations, your reasoning is self-contradicting. --- Lars Hansson
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Lars Hansson wrote: Han Boetes wrote: In your definition of freedom you'd have the freedom to hurt somebody else. Good thing the GPL prohibits that kind of stuff, right? So that no-one can use Linux to spy on the populace or use Linux to track down dissidents. Oh wait, it doesn't prevent that. Quote out of context. # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Lars Hansson wrote: Han Boetes wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. Yes, it's so factual that he fail to mention/understand that the BSD license *is* GPL compatible. So? The reasoning pretty much goes: * Linux rocketed to fame because of the GPL (a statement that is in itself highly questionable) * It's an important advantage to use GPL-compatible licences (an opinion, not a fact) * The BSD license has hurt the BSD projects because its not GPL- compatible (which it IS) Congratulations, your reasoning is self-contradicting. You really should read it again, you really misread it. # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Please SHUT THE F*** UP and go away, Han. The GPL is a total fraud. And as Theo has already pointed out, this is not the place to debate it. All you are doing is pissing people off. On Fri, 6 Oct 2006 05:53:13 +0200, Han Boetes [EMAIL PROTECTED] said: Lars Hansson wrote: Han Boetes wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. Yes, it's so factual that he fail to mention/understand that the BSD license *is* GPL compatible. So? The reasoning pretty much goes: * Linux rocketed to fame because of the GPL (a statement that is in itself highly questionable) * It's an important advantage to use GPL-compatible licences (an opinion, not a fact) * The BSD license has hurt the BSD projects because its not GPL- compatible (which it IS) Congratulations, your reasoning is self-contradicting. You really should read it again, you really misread it. # Han
AirCard 860 Lockups
I am attempting to get my Sierra Wireless AirCard 860 working properly under OpenBSD. I have been corresponding with jolan@ regarding the issue but we haven't been able to figure anything out. The details are as follows: I finally figured out the syntax of the ppp.conf file for my Cingular 3G connection. There may still be some problems in it though: default: set log Phase Chat LCP IPCP CCP tun command cingular: set device /dev/cua03 set speed 115200 set dial \\ ATF OK AT+CGDCONT=1,\\\IP\\\,\\\isp.cingular\\\ OK ATD*99***1# CONNECT set timeout 0 set ctsrts off enable dns add default HISADDR set authname [EMAIL PROTECTED] set authkey CINGULAR1 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 I have attempted to run this on 4.0-current from 20060930 as well as 3.9-stable with similar results on a Toshiba Libretto L1, Thinkpad X31, and the goal of the whole project, a Soekris net4511 (and also net4521). I have had this same problem using GENERIC on the laptops and the custom kernel that is required for the net4511 and net4521. I have been running ppp using: ppp -ddial cingular The majority of the time, I get a lockup. I enabled watchdogd on the Soekris net4521 and it would reboot the box after the specified time. The AirCard 860 shows up on the net4521 with PCMCIADEBUG and PCCOM_DEBUG enabled at the end of the dmesg attached below. Any ideas what could be causing this issue? I will gladly provide any other info. Thanks. Bryan OpenBSD 3.9-stable (NET45xx-GPRS) #0: Thu Oct 5 18:56:38 PDT 2006 [EMAIL PROTECTED]:/export/local/src/sys/arch/i386/compile/NET45xx-GPRS cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class) cpu0: FPU real mem = 66691072 (65128K) avail mem = 57356288 (56012K) using 839 buffers containing 3436544 bytes (3356K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 20/40/19, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0 stepping 1.1, CPU clock 133MHz, reset 8WDT elansc0: WARNING: LAST RESET DUE TO WATCHDOG EXPIRATION! gpio0 at elansc0: 32 pins cbb0 at pci0 dev 17 function 0 Texas Instruments PCI1420 CardBus rev 0x00: irq 10 cbb1 at pci0 dev 17 function 1 Texas Instruments PCI1420 CardBus rev 0x00: irq 10 sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 11, address 00:00:24:c3:07:d4 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 5, address 00:00:24:c3:07:d5 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 1 device 0 cacheline 0x10, lattimer 0x3f pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 2 device 0 cacheline 0x10, lattimer 0x3f pcmcia1 at cardslot1 isa0 at mainbus0 isadma0 at isa0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: SanDisk SDCFB-512 wd0: 1-sector PIO, LBA, 488MB, 1000944 sectors wd0(wdc0:0:0): using BIOS timings npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask f7c7 netmask ffe7 ttymask ffe7 wi0 at pcmcia0 function 0 INTERSIL, HFA384x/IEEE, Version 01.02pcmcia0: ++enabled_count = 1 pcmcia0: function 0 CCR at 0 offset 3e0: 41 80 22 ff, ff ff ff ff, ff port 0xa000/64 wi0: PRISM2.5 ISL3873 (0x800c), Firmware 1.1.1 (primary), 1.7.4 (station), address 00:02:6f:04:78:dd pcmcia0: function 0 CCR at 0 offset 3e0: 41 80 22 ff, ff ff ff ff, ff ?V card, 0x3116 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 WARNING: clock time much less than file system time WARNING: using file system time WARNING: CHECK AND RESET THE DATE! pccom2 at pcmcia1 function 1 Sierra Wireless, AC860, 3G Network Adapterpcmcia1: ++enabled_count = 1 pcmcia1: function 1 CCR at 0 offset 700: 60
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Now that is a very good way to show the world how good the BSD license is. :-) Eric Furman wrote: Please SHUT THE F*** UP and go away, Han. The GPL is a total fraud. And as Theo has already pointed out, this is not the place to debate it. All you are doing is pissing people off. On Fri, 6 Oct 2006 05:53:13 +0200, Han Boetes [EMAIL PROTECTED] said: Lars Hansson wrote: Han Boetes wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. Yes, it's so factual that he fail to mention/understand that the BSD license *is* GPL compatible. So? The reasoning pretty much goes: * Linux rocketed to fame because of the GPL (a statement that is in itself highly questionable) * It's an important advantage to use GPL-compatible licences (an opinion, not a fact) * The BSD license has hurt the BSD projects because its not GPL- compatible (which it IS) Congratulations, your reasoning is self-contradicting. You really should read it again, you really misread it. # Han # Han
Slogan for OpenBSD goodies
Hi misc, I was thinking to a slogan that could be printed on some openbsd goodies : Free software can't exist without Free hardware. I think this is really the core of the current free software problem. Best regards, Bruno.
