Re: blobs are bad

[Han Boetes]

Ingo Schwarze wrote:
> I just spent an hour ssh'ing from Linux box to Linux box,
> editing XF86Configs and restarting X servers.  That's hardly fun
> if the hardware configurations vary such that you must decide
> for each case whether Driver "nv" or Driver "vesa" is the way to
> go...

I hope you put a comment next to it which explains why people
should not put "nvidia" in there.

Because I bet there will be a lot of people who will miss features
and will look for the cause.

And then the module is still loaded and /dev/nvidia probably still
exists with permissions 666.



# Han

Re: Aironet MPI-350 Wireless Support?

[Sam Fourman Jr.]

Does anyone know if Ralink/ral has any mPCI cards with the tx/rx power
compareable to the ath(4) one in this link?

http://www.demarctech.com/products/reliawave-rwu/reliawave-rwu-400mw-atheros-802.11g-mini-pci-card.html


Sam Fourman Jr.

On 10/18/06, Jonathan Gray <[EMAIL PROTECTED]> wrote:

On Wed, Oct 18, 2006 at 12:18:17AM -0400, James Turner wrote:
> I've looked through the mailing list archives and haven't found any recent
> information about Aironet MPI-350 Wireless support.  I just did a fresh
> install of OpenBSD 3.9 on a ThinkPad T40 with this wireless card.  Dmesg
> outputs this information ""Aironet MPI-350 Wireless" rev 0x00 at pci2 dev
> 2 function 0 not configured".  I'm currently in the process of upgrading
> to -current in hopes that this card is now supported.  Can anyone provide
> anymore information about the support of this card in OpenBSD?  Thanks.

These devices aren't the same as the PCI Aironet cards which were PCMCIA
devices in a PLX bridge they behave quite differently.  There is currently
no support in OpenBSD for Mini-PCI Aironet and no documentation from Cisco
for any Aironet devices.

While FreeBSD apparently has some support for these devices, putting aside
time to work on old undocumented Cisco hardware instead of modern devices
isn't really most people's idea of fun or time well spent.

If you're looking for a replacement device, Ralink/ral based devices
work great.

Jonathan

Re: Aironet MPI-350 Wireless Support?

[Jonathan Gray]

On Wed, Oct 18, 2006 at 12:18:17AM -0400, James Turner wrote:
> I've looked through the mailing list archives and haven't found any recent
> information about Aironet MPI-350 Wireless support.  I just did a fresh
> install of OpenBSD 3.9 on a ThinkPad T40 with this wireless card.  Dmesg
> outputs this information ""Aironet MPI-350 Wireless" rev 0x00 at pci2 dev
> 2 function 0 not configured".  I'm currently in the process of upgrading
> to -current in hopes that this card is now supported.  Can anyone provide
> anymore information about the support of this card in OpenBSD?  Thanks.

These devices aren't the same as the PCI Aironet cards which were PCMCIA
devices in a PLX bridge they behave quite differently.  There is currently
no support in OpenBSD for Mini-PCI Aironet and no documentation from Cisco
for any Aironet devices.

While FreeBSD apparently has some support for these devices, putting aside
time to work on old undocumented Cisco hardware instead of modern devices
isn't really most people's idea of fun or time well spent.

If you're looking for a replacement device, Ralink/ral based devices
work great.

Jonathan

4.0 CDs arrived!

[Joe]

My CD's arrived yesterday. I tried an "upgrade" for the first time and 
it works GREAT.



# dmesg
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1300MHz ("CentaurHauls" 686-class) 1.30 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2

cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100d1308000d13
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1300 MHz (1004 mV): speeds: 1300, 800 MHz
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
real mem  = 469331968 (458332K)
avail mem = 420048896 (410204K)
using 4256 buffers containing 23568384 bytes (23016K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(cd) BIOS, date 05/16/06, BIOS32 rev. 0 @ 
0xfa950, SMBIOS rev. 2.3 @ 0xf0800 (39 entries)

apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdd04
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc50/176 (9 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 9 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xf200 0xd/0x8000! 0xd8000/0x1800 
0xda000/0x1800

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA CN700 Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA CN700 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA CN700 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA PT890 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA CN700 Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA CN700 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01: 
aperture at 0xf400, size 0x1000

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

pciide1: channel 0 disabled (no drives)
wd0 at pciide1 channel 1 drive 0: 
wd0: 16-sector PIO, LBA48, 38154MB, 78140160 sectors
wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
iic0 at viapm0
"unknown" at iic0 addr 0x18 not configured
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x78: irq 10, address 
00:40:63:e6:43:8e
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI 
0x004063, model 0x0032
fxp0 at pci0 dev 19 function 0 "Intel 8255x" rev 0x10, i82551: irq 10, 
address 00:0e:0c:a2:be:dd

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci0 dev 20 function 0 "Intel 8255x" rev 0x10, i82551: irq 11, 
address 00:0e:0c:a2:be:e1

inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
viasio0 at isa0 port 0x2e/2: VT1211 rev 0x02: HM WDG: not activated
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask efed netmask efed ttymask ffef
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
#

Re: OT - DVD case :-)

[Joe]

Terry wrote:

Got my 4.0 CDs in the mail yesterday. The DVD case is real nice, I
like it much better than the old case. Artwork is fantastic. My 6yo
daughter loved the stickers so I gave them to her but I kept the
wireframe puffy. ;-)

Nice work guys.


Yes, the DVD case rocks. I think it was worth the investment.

Re: blobs are bad

[Eliah Kagan]

On 10/18/06, Nico Meijer wrote:

Hi Girish,

> > If you keep saying something good won't happen -- well then you can
> > bet it won't happen.
>
> I don't get your point Theo.

Search the net for "karma" and the "law of attraction". Perhaps that will
give you some insight in what -I think- Theo means.

HTH... Nico


"Karma" and "the law of abstraction" are very abstract.

The more concrete analogy here is that confidence is an asset. In the
case of convincing vendors to support open source, the idea, I think,
is that if you proclaim that vendors who don't do so profit by failing
to do so, they will believe you.

On the other hand, suppose vendors who support open source only do so
because they believe that it profits them, and the only arguments they
take seriously are those involving their profit. This is at least
highly plausible. Should we then not say that because it's not
functionally useful to do so?

-Eliah

Re: Aironet MPI-350 Wireless Support?

[Sam Fourman Jr.]

I did a quick search on google and it turned up nothing, However
FreeBSD has a "an0" driver that may work for you

I have found ral(4) to be Very Good with OpenBSD

do a
$ man ral
at a OpenBSD shell prompt to see a list of supported cards

Sam Fourman Jr.



On 10/17/06, James Turner <[EMAIL PROTECTED]> wrote:

The output I provided was the only information dmesg provided me with.  I
believe the chipset is Cicso.

> well the only way I know is dmesg
>
> Sam Fourman Jr.
>
> On 10/17/06, James Turner <[EMAIL PROTECTED]> wrote:
>> Is there an easy way to check in openbsd?
>>
>> > James,
>> >
>> > in my experience when "not configured" means the device it is not
>> > supported.
>> >
>> > do you know exactly what chipset this device has?
>> >
>> >
>> > Sam Fourman Jr.
>> >
>> > On 10/17/06, James Turner <[EMAIL PROTECTED]> wrote:
>> >> I've looked through the mailing list archives and haven't found any
>> >> recent
>> >> information about Aironet MPI-350 Wireless support.  I just did a
>> fresh
>> >> install of OpenBSD 3.9 on a ThinkPad T40 with this wireless card.
>> Dmesg
>> >> outputs this information ""Aironet MPI-350 Wireless" rev 0x00 at pci2
>> >> dev
>> >> 2 function 0 not configured".  I'm currently in the process of
>> upgrading
>> >> to -current in hopes that this card is now supported.  Can anyone
>> >> provide
>> >> anymore information about the support of this card in OpenBSD?
>> Thanks.

Re: blobs are bad

[Nico Meijer]

Hi Girish,

> > If you keep saying something good won't happen -- well then you can
> > bet it won't happen.
> 
> I don't get your point Theo.

Search the net for "karma" and the "law of attraction". Perhaps that will
give you some insight in what -I think- Theo means.

HTH... Nico

Re: Aironet MPI-350 Wireless Support?

[Sam Fourman Jr.]

James,

in my experience when "not configured" means the device it is not supported.

do you know exactly what chipset this device has?


Sam Fourman Jr.

On 10/17/06, James Turner <[EMAIL PROTECTED]> wrote:

I've looked through the mailing list archives and haven't found any recent
information about Aironet MPI-350 Wireless support.  I just did a fresh
install of OpenBSD 3.9 on a ThinkPad T40 with this wireless card.  Dmesg
outputs this information ""Aironet MPI-350 Wireless" rev 0x00 at pci2 dev
2 function 0 not configured".  I'm currently in the process of upgrading
to -current in hopes that this card is now supported.  Can anyone provide
anymore information about the support of this card in OpenBSD?  Thanks.

looking for Wireless G

[Bryan]

I am trying to find someone willing to sell functional PCMCIA, and PCI
cards.  By functional, I want them with a ral chipset, or something
similiar that is "OpenBSD friendly".  No atheros unless specifically
supported, as I have been burned by them before.  No intel shit either.

If you have anything that works with OpenBSD, and have a Paypal account,
reply to me off-list and we can make a deal.  I need one PCI, and 2
PCMCIA cards.  I want to create an access point, and I can't use USB.

Any help is appreciated.

Bryan

Aironet MPI-350 Wireless Support?

[James Turner]

I've looked through the mailing list archives and haven't found any recent
information about Aironet MPI-350 Wireless support.  I just did a fresh
install of OpenBSD 3.9 on a ThinkPad T40 with this wireless card.  Dmesg
outputs this information ""Aironet MPI-350 Wireless" rev 0x00 at pci2 dev
2 function 0 not configured".  I'm currently in the process of upgrading
to -current in hopes that this card is now supported.  Can anyone provide
anymore information about the support of this card in OpenBSD?  Thanks.

Re: blobs are bad

[Sam Fourman Jr.]

Pardon me if my Knowledge is lacking, but is there actually *any*
video card vendor that would support Full 3D acceleration and *most*
of the stuff desktop users want?

Maybe the AMD / ATI merger will yield some results in the future, if i
am not mistaken AMD has been a *decent* company as far as docs go.


Sam Fourman Jr.


On 10/17/06, Henrik Enberg <[EMAIL PROTECTED]> wrote:

> Date: Tue, 17 Oct 2006 19:32:19 -0500
> From: "Sam Fourman Jr." <[EMAIL PROTECTED]>
>
>> [Nvida exploit]
>
> Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> get documentation from Nvidia?

Probably not, because a cursory glance at what the Linux community
thinks about this is that they feel it's a price worth paying for
oh-so-lickable dropshadows on your windows.  They won't be demanding
specs anytime soon.

Re: blobs are bad

[Henrik Enberg]

> Date: Tue, 17 Oct 2006 19:32:19 -0500
> From: "Sam Fourman Jr." <[EMAIL PROTECTED]>
> 
>> [Nvida exploit]
>
> Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> get documentation from Nvidia?

Probably not, because a cursory glance at what the Linux community
thinks about this is that they feel it's a price worth paying for
oh-so-lickable dropshadows on your windows.  They won't be demanding
specs anytime soon.

Re: Vulnerability and Patch Information

[Podo Carp]

Thanks Steve,

The scanner does indeed rely on banners (which can be completely unreliable
especially on OpenBSD).  However, I would like them to not knock over my
servers trying to confirm the problem if I can easily determine that the
patches are irrelevant.   Of course this is a greater problem for holes that
are not fixed but I can't tell which is the case without more information.

A centralized repository of vulnerability information would make my job
maintaining OpenBSD systems much simpler and would provide yet another
avenue to extoll the virtues of OpenBSD versus other operating systems (as
in this case where the patch was released a year before the vulnerability
was disclosed).

I understand that correlating patches with as yet undisclosed or
unidentified flaws is not possible.  However, whenever a security
vulnerability is announced, every administrator should be asking themself if
their systems are vulnerable (even if they have tremendous confidence that
OpenBSD would normally handle such problems proactively).  Answering that
question (as you have kindly answered for me) would be a normal part of the
review process and documenting the result would be very beneficial to the
OpenBSD community.

Cheers,

Dan

On 10/18/06, Steve Shockley <[EMAIL PROTECTED]> wrote:
>
> Podo Carp wrote:
> > I recently underwent an audit of my OpenBSD 3.8 systems and the audit
> report
> > identified CVE-2004-0700 (mod-proxy/mod_ssl format string vulnerability)
> as
> > a potential risk.
>
> Perhaps your scanner relies on reported versions, rather than actual
> vulnerabilities?
>
> If I'm reading the vulnerability right, it was fixed here:
>
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c.diff?r1=1.9&r2=1.10&f=h
>
> The vuln was disclosed 7/27/2004, but was fixed 6/1/2003.

Re: blobs are bad

[Girish Venkatachalam]

On Tue, Oct 17, 2006 at 08:22:23PM -0600, Theo de Raadt wrote:
> > As I see it, the only way we are going to get documentation, is for it
> > to make economic sense for nVidia.
> > Cost of documentation / Perceived loss of IP ($) through documentation
> > (+ corporate inertia) must be less than the perceived damage to brand
> > through exploits, which must be less than the profit / brand recognition
> > / loyalty from sales into Linux/BSD market.
> > 
> > $Docs < $Damage < $Sales
> > 
> > If that equation doesn't work out, they won't do anything.
> 
> Thanks for the lesson!  I guess we were dreaming every time some other
> vendor was convinced to give us documentation!
> 
> But Craig, it's the same with women.  They'll only hang out with you
> if they feel there is enough positive vibe in you.  And since you so
> clearly show that you are a pessimist at heart, you're out of luck
> too!
> 
> If you keep saying something good won't happen -- well then you can
> bet it won't happen.

I don't get your point Theo.

One should be optimistic of course but also practical. Craig is both.

In fact most practical statements sound pessimistic, but not so in reality.

I am wondering if you agree with him or not!

Anyway I sincerely hope that hardware vendors start behaving sensibly...

Though I am also somewhat pessimistic about it. Unless forced to change these 
people simply won't understand what is good for them.

regards,
Girish

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Ingo Schwarze]

Michael Scheliga wrote on Tue, Oct 17, 2006 at 05:47:30PM -0700:

> You consistently prove the need to skip over your messages,
> it's not just the devs that are tired of reading your strange
> conclusions.

So just killfile him, for *s sake, as i did long ago.
Quite possibly, he is not trolling on purpose, but the
effect of responding is just the same as feeding a troll:
A lot of noise, and even developers being distracted and
getting angry.

Re: blobs are bad

[Ingo Schwarze]

Theo de Raadt wrote on Tue, Oct 17, 2006 at 05:30:53PM -0600:

> I just wanted to say... "Told you so".

After reading the Rapid7 exploit, i just wanted to make sure we
are not running this stuff.  Of course, none of our servers has
Nvidia graphics, but some of the workstations do.  And guess
what?  On about half of those, our Linux admins were running
Driver "nvidia" - obviouly, the long-standing unfixed bug didn't
really scare them enough.  

Of course, we do not expose Linux workstations directly to the
Internet, but have a firewall in between.  Yet, this will of
course offer little protection against bugs of this class.  :-(

> Quite amusing.

You must be joking!!  ;-)

I just spent an hour ssh'ing from Linux box to Linux box,
editing XF86Configs and restarting X servers.  That's hardly
fun if the hardware configurations vary such that you must
decide for each case whether Driver "nv" or Driver "vesa"
is the way to go...

> Of course we know this is not the last time this will happen.

If only people would realize!

I just dropped a note to our internal Linux admin@ mailing list,
explaining how i fixed those of our workstations being vulnerable -
only to be asked the following question: But we will certainly
return to Driver "nvidia" as soon as Nvidia releases a fix for
this bug?This question got asked even though
i forwarded Linus' quote on blobs there - thanks again to the
guy who reminded us by reposting it here.

On the other hand, at least one of our Linux admins suggested
to call a meeting in order to rethink our strategy for purchasing
graphics cards, and in order to consider alternatives to Nvidia -
in particular alternatives so well documented that they allow
fully functional and truely open kernel level drivers.

[...]
> I also hope that their embedded^Husers feel the pain, so that one
> day they will stand beside us when we ask for open documentation.

Thank you kindly for your compassion; i do feel the pain, but little
do i enjoy it.  :-/

Apart from that, obviously, you are just right.

Listar command results: -- Binary/unsupported file stripped by Listar --

[Listar]

Request received for list 'pikdev' via request address.

>> This message was not delivered due to the following reason:
Unknown command.

>> Your message could not be delivered because the destination server
>> was
Unknown command.

>> not reachable within the allowed queue period. The amount of time
Unknown command.

>> a message is queued before it is returned depends on local configura-
Unknown command.

>> tion parameters.
Unknown command.

>> Most likely there is a network problem that prevented delivery, but
Unknown command.

>> it is also possible that the computer is turned off, or does not
Unknown command.

>> have a mail system running right now.
Unknown command.

>> Your message was not delivered within 7 days:
Unknown command.

>> Host 210.102.121.115 is not responding.
Unknown command.

>> The following recipients did not receive this message:
Unknown command.

>> <[EMAIL PROTECTED]>
Unknown command.

>> Please reply to [EMAIL PROTECTED]
Unknown command.

>> if you feel this message to be in error.
Unknown command.

---
Gestionnaire de liste Listar/0.42 - fin de traitement/job execution complete.

Re: disks not detected during install

[Nick Holland]

I'm a little behind in my reading, obviously...

Patrick Cummings wrote:
>>On 11/10/06, Patrick Cummings <[EMAIL PROTECTED]> wrote:
>>>Hi misc,
>>>
>>>I'm trying to setup a new openbsd 3.9 install on i386. It worked before on
>>>that computer when I installed quickly to test for compatibility, but I
>>>needed to finish up some hardware stuff on it and then I wanted to install
>>>for real but it does not work anymore.
>>>
>>>It hangs at the disk: line
>>>
>>>"Loading /3.9/I386/CDBOOT
>>>probing: pc0 com0 apm mem[639K 382M a20=on]
>>>disk:"
>>>
>>>and then it stays there forever.
>>>
>>>The computer has two storage controllers. One is an ami-compatible raid
>>>controller. The other is the pciide-compatible sata sil3114 chip. Both
>>>appear to be working.
>>>
>>>If I unplug the scsi drives from the controller and leave the controller 
>>>in,
>>>it will work.
>>>Also if I unplug the sata drives and leave the controller in, it will 
>>>work.
>>>
>>>However all appears to be working quite well as I can install win2000 on 
>>>it
>>>and all drives work well. Also as I've said openbsd 3.9 worked on it just 
>>>a
>>>few days ago, but I can't find what I've changed. I thought it might be a
>>>bios settings problem so I played with the settings, but nothing seemed to
>>>help.
>>>
>>>Overall I think this makes no sense, what are some of the problems that
>>>might be happening?
>>
>>Can you boot from any of the install boot floppies?
>>If so, can you provide a dmesg?

Considering how it is hanging, I wouldn't expect booting from floppy if
the CDROM didn't work...

> 
> Sure, I can get a dmesg if I use it with the two sata drives unplugged:

ok, that sounds familiar...
...
> pciide1 at pci0 dev 13 function 0 "CMD Technology SiI3114 SATA" rev 0x02: DMA

that looks familiar...
(ick.)

I think what you have is BIOSs stomping on each other's feet in a way
that the OpenBSD boot loader isn't happy about.  You actually have (at
least) three boot ROMs on this thing -- the RAID card, the SATA card and
the motherboard's BIOS.  Unplug the drives, the BIOS turns itself off
after probing and finding no disks, which is probably why it boots.

Consider yourself lucky, I spent a lot of time just trying to get TO the
OpenBSD boot loader with those dang cards.  I picked up two different
cards that used that chip...  What a mess.  Both demonstrated a
different problem, they refused to work with a 1T SATA RAID box that
looked like a single SATA disk.  I'm not sure if it was the size or the
product, but they would hang in the BIOS probe of the SATA channels if
the drive was attached.

Flashing the BIOS on one card "fixed" the problem, but the card I could
flash had only one internal SATA port, I needed two.  The other card had
an OTP-EPROM (i.e., you ain't changing this).

After a lot of puzzlement (and buying a third card which had other
quirks I feared), I finally decided a good solution was to pop the EPROM
off the non-updatable card, as I didn't want to boot from it anyway.
No, it wasn't socketed, but a little gentle work with a screwdriver did
the job nicely.

So, what I would recommend would be:
  1) try to update the BIOS on your card.  The one that shipped on the
two I had sucked...the newer one worked much better.
  2) updating the other boot ROMs (mobo BIOS, RAID card BIOS) might
help, too.
  3) look for "boot order" options in your BIOS or the ami(4) card's
BIOS that let the boot process progress (or even the SATA card's BIOS)
  4) If you don't need to boot from this card, consider ripping the
ROM/flash/EPROM/whatever off the card.  IF you don't need it, of course.
  5) fiddle with the order of the cards in the slots.  It might help.

Nick.

How open is Intel?

[Matthew R. Dempsky]

Lately, I have been in several discussions regarding Intel's stance
towards the open source community, and the topic of providing hardware
documentation frequently arises.  However, since I am not much of a
kernel hacker, I do not have a good perspective on what documentation
is necessary.

For example, recently Intel was very boastful about demonstrating
their ``ongoing commitment to providing free software drivers for
Intel hardware''[1].  When I first read the announcement, I was
excited, but after re-reading it, I caught on that nowhere did they
mention providing documentation---just an open source driver.  I
emailed Keith Packard about this, but never got a reply. 

I also found some technical documentation on intel.com about the G965
chipset[2], but it does not appear complete.  It seems to explain how
to setup DMA to communicate with the card, but not what data should be
sent over DMA.  Of course, because of my lack of expertise in this
field, I may just be looking in the wrong places.

Another example appears to be the Intel PRO/1000 MT card.  Intel has
an open source driver for it, but when I search their web site the
most I find are product briefs and white papers[3].  (I know the link
is for their PRO/1000 XF card, but that is the page I was directed to
when I clicked on ``Technical Documents'' from the PRO/1000 GT page.)

On the other hand, there appears to perhaps be sufficient technical
documentation on their I/O Controller Hubs for OpenBSD to support them
soon after introduction... or maybe they are just easy to reverse
engineer?

So how open is Intel?  Which chipsets do they provide sufficient
documentation to fully support?  Which chipsets do they provide some
documentation, but omit important parts (and what are these parts)?
And which chipsets are they completely unproviding for?

Thanks.

[1] http://lists.freedesktop.org/archives/xorg/2006-August/017404.html
[2] http://www.intel.com/design/chipsets/datashts/313053.htm
[3] 
http://www.intel.com/network/connectivity/products/pro1000xf_server_adapter_docs.htm

Re: blobs are bad

[Theo de Raadt]

> > Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> > get documentation from Nvidia?
> > 
> 
> As I see it, the only way we are going to get documentation, is for it
> to make economic sense for nVidia.
> Cost of documentation / Perceived loss of IP ($) through documentation
> (+ corporate inertia) must be less than the perceived damage to brand
> through exploits, which must be less than the profit / brand recognition
> / loyalty from sales into Linux/BSD market.
> 
> $Docs < $Damage < $Sales
> 
> If that equation doesn't work out, they won't do anything.

Thanks for the lesson!  I guess we were dreaming every time some other
vendor was convinced to give us documentation!

But Craig, it's the same with women.  They'll only hang out with you
if they feel there is enough positive vibe in you.  And since you so
clearly show that you are a pessimist at heart, you're out of luck
too!

If you keep saying something good won't happen -- well then you can
bet it won't happen.

Re: hostname.wi0 nwflag hidenwid oddity

[jared r r spiegel]

On Tue, Oct 17, 2006 at 09:38:48PM -0400, William Graeber wrote:
> I have managed to gain a bit more information regarding my problem - I
> added an echo statement in /etc/netstart to get a copy of the command
> which was being run.

  netstart, if has no args, runs thru the whole hostname/bridgename
  shebang.  you can also pass it a list of interfaces (might not have
  checked, but netstart(8) has a manpage).
  
  for debug stuffs, you could do, say:

$ sudo sh -v /etc/netstart wi0

  little easier to manage and no worries about having to edit
  /etc/netstart.  (sometimes -x is nice instead or addition to/of -v)

> >set automatically on boot such as:
> >
> >inet 10.90.1.1 255.255.255.0 NONE nwflag hidenwid nwid /dev/null nwkey
> >XxXx chan 1 mediaopt hostap
> >
> >it gives me the error: "ifconfig: SIOCS80211FLAGS: Invalid argument"
> >
> >I'm sure that there is something moronic that I have done incorrectly.

  probably not it, but does it matter if you do an 'up' on the first
  line of hostname.wi0 and then the inet line next?
   
  i don't have a candidate wireless system at hand to try the ifconfig
  commandline out on :(

-- 

  jared

Re: Vulnerability and Patch Information

[Steve Shockley]

Podo Carp wrote:

I recently underwent an audit of my OpenBSD 3.8 systems and the audit report
identified CVE-2004-0700 (mod-proxy/mod_ssl format string vulnerability) as
a potential risk.


Perhaps your scanner relies on reported versions, rather than actual 
vulnerabilities?


If I'm reading the vulnerability right, it was fixed here:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c.diff?r1=1.9&r2=1.10&f=h

The vuln was disclosed 7/27/2004, but was fixed 6/1/2003.

Re: blobs are bad

[Craig Barraclough]

> Would this in anyway help the OpenBSD devlopers  ongoing campaign to
> get documentation from Nvidia?
> 

As I see it, the only way we are going to get documentation, is for it
to make economic sense for nVidia.
Cost of documentation / Perceived loss of IP ($) through documentation
(+ corporate inertia) must be less than the perceived damage to brand
through exploits, which must be less than the profit / brand recognition
/ loyalty from sales into Linux/BSD market.

$Docs < $Damage < $Sales

If that equation doesn't work out, they won't do anything.
-- 
Craig

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[STeve Andre']

On Tuesday 17 October 2006 20:18, [EMAIL PROTECTED] wrote:
> >You keep using that word.  I do not think it means what you think it
> >means.
>
> In case some peoples may NOT understood what I`m talking about:
> DoS, Denial of Service. Mostly the word "DoS" is used for Software Bugs
> even the Denial of Service can appear even by other stuff.
>
> Exmaple: You`re at meeting and somebody unplugs your pgt-Card and voila
> your kernel crashs. I would call this a clearly DoS. Because after the
> "attack" your OS is kinda useless because of the kernel panic.
>
> Well but you can always enjoy playing hangman in the ddb-Console so DoS
> may not be the correct word at all. ;]

Sebastian, you are confusing DoS with bug.  What you describe is a bug.
Yes, it "denies" you the use of your system but that isn't an attack.  You're
really splitting hairs here and aren't doing anything useful.

--STeve Andre'

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Matthew R. Dempsky]

On Wed, Oct 18, 2006 at 02:18:03AM +0200, [EMAIL PROTECTED] wrote:
> Exmaple: You`re at meeting and somebody unplugs your pgt-Card and voila
> your kernel crashs. I would call this a clearly DoS. Because after the
> "attack" your OS is kinda useless because of the kernel panic.

Kernel panics suck, but they do not qualify as DoS attacks when
physical access is necessary to cause them.  That somebody in your
example could have just poured water onto your machine and rendered it
unusable for much longer than a kernel panic.

Re: hostname.wi0 nwflag hidenwid oddity

[Bryan Vyhmeister]

On Tue, Oct 17, 2006 at 08:53:27PM -0400, William Graeber wrote:
> inet 10.90.1.1 255.255.255.0 NONE nwflag hidenwid nwid /dev/null nwkey
> XxXx chan 1 mediaopt hostap
> 
> it gives me the error: "ifconfig: SIOCS80211FLAGS: Invalid argument"

I do not have a 4.0 system handy to try this on but I was just wondering 
if maybe you need "nwflag hidenwid" after "mediaopt hostap." I may be
way off but it is a possibility. Just a thought.

Bryan

Re: hostname.wi0 nwflag hidenwid oddity

[William Graeber]

I have managed to gain a bit more information regarding my problem - I
added an echo statement in /etc/netstart to get a copy of the command
which was being run. I then tried to run it manually to see what
happened and it received the same error (surprise).
"ifconfig wi0 inet  10.90.1.1 netmask 255.255.255.0 nwflag hidenwid
nwid /dev/null nwkey wasteoftime4u chan 1 mediaopt hostap"

Next I removed the nwflag hidenwid and ran the command - it worked
sucessfully. I checked ifconfig and wi0 was up and running normally.

I then ran the original command and it worked without a hitch. It
seems like everything else has to be set before the nwflag is able to
work.

On 10/17/06, William Graeber <[EMAIL PROTECTED]> wrote:

I'm just received my 4.0 cd package today and was going through
upgrading my system. I have a senao prism2 pcmcia card which is acting
up a bit when I try to set the "nwflag hidenwid" option. The card
allows me to set it manually by running "ifconfig wi0 nwflag
hidenwid", however if I try to add a line to hostname.wi0 to have it
set automatically on boot such as:

inet 10.90.1.1 255.255.255.0 NONE nwflag hidenwid nwid /dev/null nwkey
XxXx chan 1 mediaopt hostap

it gives me the error: "ifconfig: SIOCS80211FLAGS: Invalid argument"

I'm sure that there is something moronic that I have done incorrectly.

Thanks in advance,
William

hostname.wi0 nwflag hidenwid oddity

[William Graeber]

I'm just received my 4.0 cd package today and was going through
upgrading my system. I have a senao prism2 pcmcia card which is acting
up a bit when I try to set the "nwflag hidenwid" option. The card
allows me to set it manually by running "ifconfig wi0 nwflag
hidenwid", however if I try to add a line to hostname.wi0 to have it
set automatically on boot such as:

inet 10.90.1.1 255.255.255.0 NONE nwflag hidenwid nwid /dev/null nwkey
XxXx chan 1 mediaopt hostap

it gives me the error: "ifconfig: SIOCS80211FLAGS: Invalid argument"

I'm sure that there is something moronic that I have done incorrectly.

Thanks in advance,
William

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Michael Scheliga]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> [EMAIL PROTECTED]
> Sent: Tuesday, October 17, 2006 5:18 PM
> To: misc@openbsd.org
> Subject: Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?
> 
> >You keep using that word.  I do not think it means what you think it
> >means.
> 
> In case some peoples may NOT understood what I`m talking about:
> DoS, Denial of Service. Mostly the word "DoS" is used for Software
Bugs
> even the Denial of Service can appear even by other stuff.
> 
> Exmaple: You`re at meeting and somebody unplugs your pgt-Card and
voila
> your kernel crashs. I would call this a clearly DoS. Because after the
> "attack" your OS is kinda useless because of the kernel panic.
> 
> Well but you can always enjoy playing hangman in the ddb-Console so
DoS
> may not be the correct word at all. ;]
> 
> 
> Kind regard,
> Sebastian

This is the worst use of the term "DoS" that I have ever seen.  
You consistently prove the need to skip over your messages, it's not
just
the devs that are tried of reading your strange conclusions.
Do you really expect help when you exaggerate and incorrectly use terms
so often?  You might try going back and reading all of your messages
that 
you sent to this list, without reading the replies, and without thinking
about the issues you're trying to solve... just read the way you come 
across on this list for a year.  

Matthew's well selected quote hit it right on the head, and added a hint

of humor to this really sad thread you've started.

Re: blobs are bad

[Sam Fourman Jr.]

Would this in anyway help the OpenBSD devlopers  ongoing campaign to
get documentation from Nvidia?

Sam Fourman Jr.

On 10/17/06, Nick Price <[EMAIL PROTECTED]> wrote:

When I read that headline earlier today I thought to myself "I bet Theo will
be getting a chuckle from this when he reads it"

On 10/17/06, Theo de Raadt <[EMAIL PROTECTED]> wrote:
>
>
> 
http://news.com.com/Exploit+code+released+for+Nvidia+flaw/2100-1002_3-6126846.html
>
> I just wanted to say... "Told you so".
>
> Quite amusing.
>
> Of course we know this is not the last time this will happen.
>
> More problems like this will be exposed, and it is my hope that
> vendors who refuse to participate in the open communities will get
> punished more firmly than open vendors.  I also hope that their
> embedded^Husers feel the pain, so that one day they will stand beside
> us when we ask for open documentaion.

Re: blobs are bad

[Jacob Yocom-Piatt]

 Original message 
>Date: Tue, 17 Oct 2006 17:30:53 -0600
>From: Theo de Raadt <[EMAIL PROTECTED]>  
>Subject: blobs are bad  
>To: [EMAIL PROTECTED]
>
>More problems like this will be exposed, and it is my hope that
>vendors who refuse to participate in the open communities will get
>punished more firmly than open vendors.  I also hope that their
>embedded^Husers feel the pain, so that one day they will stand beside
>us when we ask for open documentaion.
>

feel the delightful pain!

popa3d: to compile from tree or not from tree?

[Jacob Yocom-Piatt]

that is the question. a quick answer would be appreciated since i have to stay
up all night and get a POP3 mailserver ready that supports the
virtual-domain-farm-style login without having system accounts.

i'll try recompiling popa3d from the source tree unless someone recommends
otherwise or i hit a snag.

cheers,
jake

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[sebastian . rother]

>You keep using that word.  I do not think it means what you think it
>means.

In case some peoples may NOT understood what I`m talking about:
DoS, Denial of Service. Mostly the word "DoS" is used for Software Bugs
even the Denial of Service can appear even by other stuff.

Exmaple: You`re at meeting and somebody unplugs your pgt-Card and voila
your kernel crashs. I would call this a clearly DoS. Because after the
"attack" your OS is kinda useless because of the kernel panic.

Well but you can always enjoy playing hangman in the ddb-Console so DoS
may not be the correct word at all. ;]


Kind regard,
Sebastian

Vulnerability and Patch Information

[Podo Carp]

Greetings,

I recently underwent an audit of my OpenBSD 3.8 systems and the audit report
identified CVE-2004-0700 (mod-proxy/mod_ssl format string vulnerability) as
a potential risk.  Given the age of the problem and the proactive patching
stance of OpenBSD, I suspect this has been fixed for some time.  However, I
can't find any reliable information correlating CVE or other general
vulnerability records with a specific OpenBSD patch or fix.  I have searched
the mailing list archives for both security announcements and code updates
but have not found any conclusive documentation indicating this
vulnerability is not relevant or was fixed.

Does OpenBSD provide any authoritative reference as to which vulnerabilities
are corrected by which patches?  What is the most effective way to find this
information if no such reference exists?

I apologize if this question has been answered elsewhere.  I have spent some
time searching with no success.

Cheers,

Dan

Re: blobs are bad

[Nick Price]

When I read that headline earlier today I thought to myself "I bet Theo will
be getting a chuckle from this when he reads it"

On 10/17/06, Theo de Raadt <[EMAIL PROTECTED]> wrote:
>
>
> http://news.com.com/Exploit+code+released+for+Nvidia+flaw/2100-1002_3-6126846.html
>
> I just wanted to say... "Told you so".
>
> Quite amusing.
>
> Of course we know this is not the last time this will happen.
>
> More problems like this will be exposed, and it is my hope that
> vendors who refuse to participate in the open communities will get
> punished more firmly than open vendors.  I also hope that their
> embedded^Husers feel the pain, so that one day they will stand beside
> us when we ask for open documentaion.

blobs are bad

[Theo de Raadt]

http://news.com.com/Exploit+code+released+for+Nvidia+flaw/2100-1002_3-6126846.html

I just wanted to say... "Told you so".

Quite amusing.

Of course we know this is not the last time this will happen.

More problems like this will be exposed, and it is my hope that
vendors who refuse to participate in the open communities will get
punished more firmly than open vendors.  I also hope that their
embedded^Husers feel the pain, so that one day they will stand beside
us when we ask for open documentaion.

Re: Fast Xorg Performance

[Matthew R. Dempsky]

On Tue, Oct 17, 2006 at 02:37:32PM -0700, Karsten McMinn wrote:
> OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
>[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Celeron(R) CPU 2.00GHz ("GenuineIntel" 686-class) 2 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
> real mem  = 527495168 (515132K)
> vga1 at pci0 dev 2 function 0 "Intel 82845G/GL Video" rev 0x01:
> aperture at 0xe800, size 0x800
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)

My laptop:

OpenBSD 4.0 (GENERIC) #2: Sat Sep  2 09:49:35 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.10GHz ("GenuineIntel" 686-class) 599 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 600 MHz (812 mV): speeds: 1100, 1000, 900, 800, 600 MHz
real mem  = 258437120 (252380K)
vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02: aperture at 
0xe000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)

X runs fine with the X i810 driver.  I can watch movies with mplayer,
and my window manager switches between windows just fine.

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Matthew R. Dempsky]

On Tue, Oct 17, 2006 at 11:36:53PM +0200, [EMAIL PROTECTED] wrote:
> Well the discussion tiself is useless because the developers have to
> decide if they wanna fix the DoS or not.
   ^^^

You keep using that word.  I do not think it means what you think it
means.

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[sebastian . rother]

> [EMAIL PROTECTED] wrote:
>
>> Your comment is pointless.
>> I don4t see a fix for 4.0 STABLE but for current.
>>
>> I`m interested to know if I would be able to use my card with 4.0 and
>> not
>> if I can use my card with 4.0-current. (may sounds rude but I don4t mean
>> it that rude, realy).
>
> Check www.openbsd.org/40.html and ftp://ftp.openbsd.org/pub/OpenBSD/4.0
>
> 4.0 is not released yet, so 4.0-stable does not exist at the moment.
>
>
> Cheers,
>
> Dries

CDs are alreasy shipped. So the bug is in the wild I guess. ;]
Well the discussion tiself is useless because the developers have to
decide if they wanna fix the DoS or not.
And I realy just wanna point out the kernel-panic during unplugging the
Card (if MY card works is another topic and not relate dto the kernel
crash).

Kind regards,
Sebastian

p.s.
To Didier Wiroth:
Propably right (I just checked the date not the files itself) but I don4t
think so (because Cds where created a while ago as this Bug wasn`t known).
Anyway this is realy OT here. :)

Re: Fast Xorg Performance

[Karsten McMinn]

On 10/17/06, Ted Unangst <[EMAIL PROTECTED]> wrote:

do you mean if anyone experiences anything that bad?  i've never had a
window operation take as long as 100ms even using the vesa driver.


the example closest to me at the moment is a desktop I work
on:

OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.00GHz ("GenuineIntel" 686-class) 2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 527495168 (515132K)
vga1 at pci0 dev 2 function 0 "Intel 82845G/GL Video" rev 0x01:
aperture at 0xe800, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)

running xfce, opening the file manger takes about 1500ms, dragging
windows is choppyish. Display is set to [EMAIL PROTECTED] I get
similar performance in kde as well, but this seems to be the norm
on most machina that I work on, typically running on the i810 xorg
driver on different platforms.

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Didier Wiroth]

- Original Message -
From: [EMAIL PROTECTED]
Date: Tuesday, October 17, 2006 23:19
Subject: Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?
To: Theo de Raadt
Cc: misc@openbsd.org

> p.s.
> Am I wrong or is the CVS missing the latest OpenSSH-Fixes for 4.0?

Hello,
Openbsd_4 has Openssh_4.4. 
I think the security problem is for pre 4.4 versions.
See:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051

Regards
Didier

Re: Fast Xorg Performance

[Ted Unangst]

On 10/17/06, Karsten McMinn <[EMAIL PROTECTED]> wrote:

I'm trying to figure out what needs to be done in order to
get fast 2d xorg (and friends) performance. I term
fast as not having to wait for window operations, with
most every application and xorg opertation taking no longer
than 100ms. if anyone experiences this kind of
performance in any xorg environment, please share your
hardware/app/config setup and any non-standard xorg config
options, thanks ladies and gents.


do you mean if anyone experiences anything that bad?  i've never had a
window operation take as long as 100ms even using the vesa driver.

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Stuart Henderson]

On 2006/10/17 22:34, [EMAIL PROTECTED] wrote:
> On 2006/10/17 02:54, [EMAIL PROTECTED] wrote:
> >> I just like to know (some have already 4.0 stable and propably also a
> >> pgt-Card) if that Bug was already fixed in 4.0-Stable (because I4ve
> >
> >learn your way around the tree and save yourself some time...
> >http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/pgt.c
> 
> Your comment is pointless.

Not at all. The answer to the question you asked is right there.

If you meant "_will_ the fix be going into 4.0-stable", that's a
different question which you should have asked instead.

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[sebastian . rother]

>> On 2006/10/17 02:54, [EMAIL PROTECTED] wrote:
>> >> I just like to know (some have already 4.0 stable and propably also a
>> >> pgt-Card) if that Bug was already fixed in 4.0-Stable (because I4ve
>> >
>> >learn your way around the tree and save yourself some time...
>> >http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/pgt.c
>>
>> Your comment is pointless.
>> I don4t see a fix for 4.0 STABLE but for current.
>
> Look, you are being an asshole.
>
> We only put into stable *WHAT WE CHOOSE TO PUT THERE*
>
> This will not go there.  Period.
>
> And you KNOW that.  Yet you keep coming here like a little child
> who never learns.

Theo...
Some peoples will propably OWN such cards and you can`t know if a card
needs softmac or hardmac by starring at the CARD itself (at least I
can4t..).
So propably a lot peoples will SIMPLY try out the card and see "aha they
don`t work (yet)". And propably a lot peoples will get a neat crash if
they do try to remove the card.

So YES it`s your decission but fixing a kernel-crash so that propably not
all data is lost because of a crash could maybe soemthign wrong.
Other peoples may would call this a DoS...

The decission is yours, I`ll provide a Bug-Report anyway if it still
happens for 4.0. I4ve also 3 other little Bugs in the Backhand wich I`ll
report then (even it`s pure pain to write all the ddb-Output by hand into
a textfile because of no serial console).

Kind regards,
Sebastian

p.s.
Am I wrong or is the CVS missing the latest OpenSSH-Fixes for 4.0?

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/?only_with_tag=OPENBSD_4_0

Patches provided by the errata tell me some files should have this date:
--- usr.bin/ssh/auth.h  6 Jun 2005 11:20:36 -   1.51
+++ usr.bin/ssh/auth.h  10 Oct 2006 00:44:23 -

But I4m sure this will get fixed if 4.0 gets released.

Just for Theo:
But you4re right.. put in 4.0-Tree what you think is right

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Theo de Raadt]

> Some peoples will propably OWN such cards and you can`t know if a card
> needs softmac or hardmac by starring at the CARD itself (at least I
> can4t..).

Bummer.

> So propably a lot peoples will SIMPLY try out the card and see "aha they
> don`t work (yet)". And propably a lot peoples will get a neat crash if
> they do try to remove the card.

Bummer.

> So YES it`s your decission but fixing a kernel-crash so that propably not
> all data is lost because of a crash could maybe soemthign wrong.
> Other peoples may would call this a DoS...

No, other people would not.  Only you will jump up and down and say so.

> The decission is yours, I`ll provide a Bug-Report anyway if it still
> happens for 4.0. I4ve also 3 other little Bugs in the Backhand wich I`ll
> report then (even it`s pure pain to write all the ddb-Output by hand into
> a textfile because of no serial console).

And we will close it and go back to doing things which matter.

Fast Xorg Performance

[Karsten McMinn]

I'm trying to figure out what needs to be done in order to
get fast 2d xorg (and friends) performance. I term
fast as not having to wait for window operations, with
most every application and xorg opertation taking no longer
than 100ms. if anyone experiences this kind of
performance in any xorg environment, please share your
hardware/app/config setup and any non-standard xorg config
options, thanks ladies and gents.

_Karsten

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Theo de Raadt]

> On 2006/10/17 02:54, [EMAIL PROTECTED] wrote:
> >> I just like to know (some have already 4.0 stable and propably also a
> >> pgt-Card) if that Bug was already fixed in 4.0-Stable (because I4ve
> >
> >learn your way around the tree and save yourself some time...
> >http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/pgt.c
> 
> Your comment is pointless.
> I don4t see a fix for 4.0 STABLE but for current.

Look, you are being an asshole.

We only put into stable *WHAT WE CHOOSE TO PUT THERE*

This will not go there.  Period.

And you KNOW that.  Yet you keep coming here like a little child
who never learns.

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[sebastian . rother]

On 2006/10/17 02:54, [EMAIL PROTECTED] wrote:
>> I just like to know (some have already 4.0 stable and propably also a
>> pgt-Card) if that Bug was already fixed in 4.0-Stable (because I4ve
>
>learn your way around the tree and save yourself some time...
>http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/pgt.c

Your comment is pointless.
I don4t see a fix for 4.0 STABLE but for current.

I`m interested to know if I would be able to use my card with 4.0 and not
if I can use my card with 4.0-current. (may sounds rude but I don4t mean
it that rude, realy).

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic/pgt.c?only_with_tag=OPENBSD_4_0

No patch nor a comment for the stuff I`ve noticed (but the 4.0 branch is
the branch I`m looking at if I propably find somethign suspicious). That`s
why I wrote the mail. Propably the patch for pgt gets added to 4.0
*hopes*.

But thanks for your suggestiion. I saw it was noticed 3 days ago by the
developers and a patch was submitted to current.


Kind regards,
Sebastian

p.s.
After I recompiled (-r OPENBSD_4_0) the OS I noticed that loading the
firmware works fine. But the OS crashs still if I rmeove the card.
I`ll retry if I get the "official" 4.0 and then I`ll propably mail my
experience to the developers (yeah include hopelly every info they`ll
need) to help them to trace the Bug (if it still exists, who knows).

Re: spamdb man page - greytrap address

[Bob Beck]

> Should the man page be updated, or am I doing something wrong?

Both. Know what shell you are running and know if it eats "<" and ">"
in a string. Having said that it's nicer if the man page makes you not have
to think. I've changed it to single quotes in the example.

-Bob

Re: what is openripd?

[Karsten McMinn]

On 10/16/06, Bryan Irvine <[EMAIL PROTECTED]> wrote:

I'm in an entirely rip v2 environment and have long
coveted the bgp/ospf folks. :-)


*cringe*  this post made me dream of rip atrocities last night.
just let rip (v1/v2) die already. go burn your legacy rip routers.

Re: max filesize split(1)

[Otto Moerbeek]

On Tue, 17 Oct 2006, Ted Unangst wrote:

> On 10/17/06, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
> > There is no uniform way to ask the max file size of a given
> > file system. ffs filestems do have that info in therir superblock,
> > though, you can see it with dumpfs(8).
> 
> it hardly matters.  if the file is on the filesystem, the filesystem
> supports files of that size.

yes, that's why i said being able to handle files up to the max of
off_t should cover all cases.

-Otto

Re: max filesize split(1)

[Ted Unangst]

On 10/17/06, Otto Moerbeek <[EMAIL PROTECTED]> wrote:

There is no uniform way to ask the max file size of a given
file system. ffs filestems do have that info in therir superblock,
though, you can see it with dumpfs(8).


it hardly matters.  if the file is on the filesystem, the filesystem
supports files of that size.

Re: Soekris net4801, OpenBSD 3.8, and manual disklabel

[joerch]

On Tue, Oct 17, 2006 at 10:04:28AM -0600, Stephen Bosch wrote:
> 
> > Maybe the cf card had some problems from the beginning
> > or maybe it happened at the copy process.
> 
> Is it a random thing, or can I reliably expect this to happen every time?

I saw this thing happen only 2 times, at the first boot and
at the second boot process, only to prove it is really 
happening. In my case i took out the card and format it and
installed openbsd again. Just because i am a little paranoid
and i do not think starting with errors and problems is a good
way for a fresh love between you and your computer ;)

I tried it several times with different devices, all i can
say is, it happens not everytime i installed it.
I tried it often, because i wanted to know why it happend,
all i found out was, that this usb device are not very 
stable.

> I should point out that I've been generating the disklabels manually
> from text. Could that be the problem?

I doubt it, i think if you generating the disklabel and did not
show up with any errors, so why should that happen at boottime.
But if someone knows more about it please tell me, i am always
happy to learn more!

I think we had this type of thread some months before and
not only me called this usb devices crappy shit.

-- 
gruesse 
joerg "joerch" buechner
--

Re: Soekris net4801, OpenBSD 3.8, and manual disklabel

[joerch]

sorry but please do not cc, i am on the list.

-- 
gruesse 
joerg "joerch" buechner
--

Re: Soekris net4801, OpenBSD 3.8, and manual disklabel

[Stephen Bosch]

joerch wrote:
> On Mon, Oct 16, 2006 at 02:13:53PM -0600, Stephen Bosch wrote:
>> I recently switched to 1.0 GB SanDisk CF. I can generate images no
>> problem, but at boot time, we see this warning:
>>
>>> Automatic boot in progress: starting file system checks.
>>> /dev/rwd0a: file system is clean; not checking
>>> /dev/rwd0d: file system is clean; not checking
>>> Warning: inode blocks/cyl group (16) >= data blocks (12) in last
>>> cylinder group. This implies 384 sector(s) cannot be allocated.
>>> Warning: inode blocks/cyl group (16) >= data blocks (12) in last
>>> cylinder group. This implies 384 sector(s) cannot be allocated.
>> I don't know what this means.
> 
> Most of the time it is bad hardware.
> 
> How did you get the image on the cf card ?
> Did you use an external usb to cf device ?

I used a usb card reader, yes.

I've done it before, using a different reader; I don't recall having
this problem -- but it's true that this reader is new and I haven't used
it much. Anything's possible.

> I did that more than one time, only to find out
> that most of these devices are crap.
> 
> Maybe the cf card had some problems from the beginning
> or maybe it happened at the copy process.

Is it a random thing, or can I reliably expect this to happen every time?

> Format the cf card and get an ide to cf adapter,
> plug it in an ide slot and copy it again.

I'll try that.

> With the adapter it worked fine everytime i installed 
> openbsd on a cf card. That is the fastest and secure
> way to get your data on the cf.

I should point out that I've been generating the disklabels manually
from text. Could that be the problem?

> I will not tell you how bad it worked with the usb device,
> too much 4 letter words will be in that mail.

Ha!

-Stephen-

Re: More ammunition for the Blob fight

[marrandy]

On Tuesday 17 October 2006 09:49, bofh wrote:

> > Here's the link
> >
> > http://lwn.net/1999/0211/a/lt-binary.html
>
> Hmm...  The only thing I saw was that he expects to get to kernel version
> 5.6.71 in two years?  8-)

What are you expecting... a word for word quote of the OpenBSD point of view.

This is back in 1999 and although Linus allowed them, it is obvious he didn't 
like them and didn't support them for the obvious reasons and stated some 
issues in no uncertain terms.   The sooner all the open source people get on 
the same page, instead of pulling in different directions over the blob/api 
documentatiion issue, the better.

You didn't see:-

"I _refuse_ to even consider tying my hands over some binary-only module"

"extra layers decrease readability, and sometimes make for performance
   problems.  The readability thing is actually the larger beef I had
   with this: I just don't want to see drivers start using some strange
   wrapper format that has absolutely nothing to do with how they work"

"I _want_ people to expect that interfaces change. I _want_ people to
   know that binary-only modules cannot be used from release to release.
   I want people to be really really REALLY aware of the fact that when
   they use a binary-only module, they tie their hands"

"Basically, I want people to know that when they use binary-only modules,
it's THEIR problem.  I want people to know that in their bones, and I
want it shouted out from the rooftops.  I want people to wake up in a
cold sweat every once in a while if they use binary-only modules"

"I refuse to be at the mercy of any binary-only module"

Basically, blobs (binaries) are bad.  They go against the whole  'open source'  
philosophy (being binaries) there is no open source.  They may be a necessary 
evil until the API docs are opened up, but they are still evil.

-- 
Regards...Martin

Re: Soekris net4801, OpenBSD 3.8, and manual disklabel

[joerch]

On Mon, Oct 16, 2006 at 02:13:53PM -0600, Stephen Bosch wrote:
> I recently switched to 1.0 GB SanDisk CF. I can generate images no
> problem, but at boot time, we see this warning:
> 
> > Automatic boot in progress: starting file system checks.
> > /dev/rwd0a: file system is clean; not checking
> > /dev/rwd0d: file system is clean; not checking
> > Warning: inode blocks/cyl group (16) >= data blocks (12) in last
> > cylinder group. This implies 384 sector(s) cannot be allocated.
> > Warning: inode blocks/cyl group (16) >= data blocks (12) in last
> > cylinder group. This implies 384 sector(s) cannot be allocated.
> 
> I don't know what this means.

Most of the time it is bad hardware.

How did you get the image on the cf card ?
Did you use an external usb to cf device ?

I did that more than one time, only to find out
that most of these devices are crap.

Maybe the cf card had some problems from the beginning
or maybe it happened at the copy process.

Format the cf card and get an ide to cf adapter,
plug it in an ide slot and copy it again.

With the adapter it worked fine everytime i installed 
openbsd on a cf card. That is the fastest and secure
way to get your data on the cf.

I will not tell you how bad it worked with the usb device,
too much 4 letter words will be in that mail.

-- 
gruesse 
joerg "joerch" buechner
--

Re: tar question

[Andy Hayward]

On 10/17/06, Didier Wiroth <[EMAIL PROTECTED]> wrote:

Hello,

How can I exclude files or directories when using tar?

I found that gnu tar uses --exclude, but
how can I do this in openbsd?!


Use find (/usr/bin/find) to select the files you require, and pipe the
output to tar.

-- ach

Re: no login prompt on tty00

[Ryan Corder]

On Tue, 2006-10-17 at 02:28 +0800, Lars Hansson wrote:
> Not necessarily, it might work if you dont configure a serial console in
> OpenBSD.

that's just the thing...I don't have, nor want a serial console.  I just
need an additional TTY up and running with a login so that I can manage
all my machines instead of via SSH.  The console is still the default,
as in keyboard/monitor setup.

thanks.
ryanc

--
Ryan Corder <[EMAIL PROTECTED]>
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: tar question

[Didier Wiroth]

sorry forget it guys ;-/
installing gtar is the issue ...

Re: OpenBSD 3.8, Soekris net4801 - console boot hangs when keys pressed

[joerch]

On Tue, Oct 17, 2006 at 08:38:06AM +0200, marc wrote:
> same problem
> but chris tell me that and it works
> 
> "
> Your /etc/ttys file probably doesn't have anything in it for:
> 
> tty00   "/usr/libexec/getty std.19200"  vt100   on  secure"

the soekris always boots with 19200 by default.
you can change that in the comBIOS or at the os.

if you need more docu, go to http://www.soekris.com/downloads.htm
and grep net4801_manual.pdf.

-- 
gruesse 
joerg "joerch" buechner
--

[feature request] Re: Oldest Server you run

[Nico Meijer]

Hi list,

Since we're apparently talking 'old': when will you guys support the
Sinclair ZX81?

The 'keyboard' on mine is busted so I can't use it, but when I could run
OpenSSH on it... that would be so w00t!

Buhbye... Nico

P.S. Is it me or is it synchronicity that Annihilator's "Lunatic Asylum"
is blasting through my headphones right now?

tar question

[Didier Wiroth]

Hello,

How can I exclude files or directories when using tar?

I found that gnu tar uses --exclude, but
how can I do this in openbsd?!

How can I do this for example under openbsd:
tar czf x.tar.gz /usr/src --exclude CVS/

Thank you very much!
Regards
Didier

OT - DVD case :-)

[Terry]

Got my 4.0 CDs in the mail yesterday. The DVD case is real nice, I
like it much better than the old case. Artwork is fantastic. My 6yo
daughter loved the stickers so I gave them to her but I kept the
wireframe puffy. ;-)

Nice work guys.

-- 
Terry
http://tyson.homeunix.org

Re: Oldest Server you run

[Shawn K. Quinn]

On Thu, 2006-10-12 at 20:54 +0200, Falk Husemann wrote:
> Hello List!
> We're trying to put an old server to good use again and would like to  
> know what's exactly the oldest machine running OpenBSD?

Until recently, a Pentium 100 MHz with 32M RAM and approx. 3G hard
drive. The last of these components finally reached end-of-life a few
months ago.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: More ammunition for the Blob fight

[bofh]

On 10/17/06, marrandy <[EMAIL PROTECTED]> wrote:
>
> On Monday 16 October 2006 18:48, you wrote:
> > None of this is new; here's what(apprently)  Linus Torvalds said back in
> > 1999:
> >
> > Basically, I want people to know that when they use binary-only modules,
> > it's THEIR problem. I want people to know that in their bones, and I
> want
> > it shouted out from the rooftops. I want people to wake up in a cold
> sweat
> > every once in a while if they use binary-only modules.
>
> Here's the link
>
> http://lwn.net/1999/0211/a/lt-binary.html


Hmm...  The only thing I saw was that he expects to get to kernel version
5.6.71 in two years?  8-)

Re: max filesize split(1)

[Daniel A. Ramaley]

On Tuesday 17 October 2006 03:06, you wrote:
>There is no uniform way to ask the max file size of a given
>file system. ffs filestems do have that info in therir superblock,
>though, you can see it with dumpfs(8).

split also supports reading from standard input. Figuring out the 
maximum size of standard input would be non-trivial.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: cisco 831 & cisco 7960 behind openbsd nat/firewal

[Martin Gignac]

I've just noticed that Daniel and Bryan have been discussing the
subject at some length in more detail than I have. I guess you can
forget about my post. :-)

-Martin

--
"Suburbia is where the developer bulldozes out the trees, then names
the streets after them."

  --Bill Vaughan

Re: cisco 831 & cisco 7960 behind openbsd nat/firewal

[Martin Gignac]

Note: I have never used a Cisco 831. All I know about it is what I
just read off of the Internet a few minutes ago.

On 10/17/06, Bob Dobb <[EMAIL PROTECTED]> wrote:


Currently, my network just has a cheap intel box with OpenBSD doing
nat/firewall.  My question is how do I make the openbsd nat/firewall box
disappear in front of the 831, so that her 7960 can configure appropriately
and her work doesn't get all uptight that she is not connecting it the way
they suggest.


How is her work suggesting she connect?

Is the 831 supposed to establish a VPN back towards her office? If
yes, will *all* traffic be routed back to the office (i.e. will the
gateway of the default route become the VPN GW at the other end of the
tunnel) or will traffic *not* in the IP ranges used by her office be
routed normaly to the Internet? If there will be *no* VPN towards her
office, is the 7960 phone using SIP or SCCP for signalling?


I guess the alternative is that I move the openbsd box and all of my
computers behind the 831


It depends on if and how the 831 establishes a VPN back to her office.

-Martin

--
"Suburbia is where the developer bulldozes out the trees, then names
the streets after them."

  --Bill Vaughan

Re: More ammunition for the Blob fight

[marrandy]

On Monday 16 October 2006 18:48, you wrote:
> On Monday 16 October 2006 17:13, you wrote:
> > Linux: NVIDIA Binary Graphics Driver Exploit
> >
> > http://kerneltrap.org/node/7228
> > http://www.rapid7.com/advisories/R7-0025.jsp
>
> None of this is new; here's what(apprently)  Linus Torvalds said back in
> 1999:
>
> Basically, I want people to know that when they use binary-only modules,
> it's THEIR problem. I want people to know that in their bones, and I want
> it shouted out from the rooftops. I want people to wake up in a cold sweat
> every once in a while if they use binary-only modules.

Here's the link

http://lwn.net/1999/0211/a/lt-binary.html

-- 
Regards...Martin

Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?

[Claudio Jeker]

On Tue, Oct 17, 2006 at 02:54:50AM +0200, [EMAIL PROTECTED] wrote:
> Hello everybody,
> 
> I`ve a CardBus from Netgear wich uses a PrismGT Chipset.
> As I checked the "news" for OpenBSD 4.0 again I noticed the pgt-Driver.
> I fetched the firmware by hand (fucking Vendor!) and gave it a try.
> 
> If I plug in the CardBus Card (Netgear WG511) the driver claims it can`t
> load the Firmware. If I unplug the Card from the Cardbus the OS crashs and
> drops me into the gdb.
> 
> I just like to know (some have already 4.0 stable and propably also a
> pgt-Card) if that Bug was already fixed in 4.0-Stable (because I4ve
> installed a snapshot 2 weeks ago) or if it`s a Bug (if so the developer
> should have noticed it too...).
> 
> If Marcus or Claudio (who rewrote the driver) are interested into more
> Informations please write me personaly and tell me everythign you do need
> (in case it`s a unfixed Bug).
> 

The panic on unload was fixed some weeks ago. The problem only occured if
the firmware was not correctly loaded.
Currently the pgt(4) driver only supports full-mac versions of the PrismGT
and I think that your card needs a soft-mac capable driver.

mglocker@ has a SMC cardbus card with the same problem.
-- 
:wq Claudio

Sun Blade 1000 in Europe

[tbert]

Good morning misc@

There is a Blade 1k in the UK[1] which I would like to see
make its way to kettenis@ in the Netherlands.
I cannot, however, make this happen myself. I have mailed
Wim, and he says that he can do the ordering if the money were to
make it to the European donation account.
We have until Friday before this beast gets taken offline.
Please let me know if you're interested in contributing.

- Bert

[1] 
http://cgi.ebay.co.uk/Sun-Blade-1000-with-750MHz-1Gb-warranty_W0QQitemZ140041047740QQihZ004QQcategoryZ1486QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Otto Moerbeek]

On Tue, 17 Oct 2006, Per-Olov SjC6holm wrote:

> On Tuesdayen den 17 October 2006 11:17, you wrote:
> > On Tue, 17 Oct 2006, Per-Olov SjCB6holm wrote:
> > > What should I clean when I totaly wiped out /usr/src and /usr/obj
before
> > > the cvs update.
> > >
> > > The build is done as follows...
> > > --snip--
> > > cd /usr
> > > export CVSROOT="[EMAIL PROTECTED]:/cvs"
> > > cvs -z5 -q get -rOPENBSD_3_9 -P src
> > > cd /usr/src/sys/arch/i386/conf
> > > config GENERIC
> > > cd ../compile/GENERIC
> > > make clean && make depend && make
> > > mv /bsd /bsd.old
> > > cp bsd /
> > > reboot
> > > cd /usr/src
> > > rm -r /usr/obj/*
> > > make obj && make build
> > > reboot
> >
> > Hmm, that looks allright. One possibility might be that anoncvs1 was
> > not up-to-date, but that's unlikely, since the stable update was some
> > time ago. If updating doesn't show any new files, try to run the sshd
> > in debug mode (on another port), that might give a clue.
> >
> > -Otto
>
> I just run a debug "/usr/sbin/sshd -ddde -p 2022" as  Darren Tucker asked me
> for it.  And I just sent the debug output to him
>
> A key login works from a patched (now ssh 4.4) to a non patched (ssh 4.3)
> system. but it wont work between two ssh 4.4 updated systems. Between these
> only password login works.

OK, you're in good hands now, thanks for the report,

-Otto

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Per-Olov Sjöholm]

On Tuesdayen den 17 October 2006 11:17, you wrote:
> On Tue, 17 Oct 2006, Per-Olov SjCB6holm wrote:
> > What should I clean when I totaly wiped out /usr/src and /usr/obj before
> > the cvs update.
> >
> > The build is done as follows...
> > --snip--
> > cd /usr
> > export CVSROOT="[EMAIL PROTECTED]:/cvs"
> > cvs -z5 -q get -rOPENBSD_3_9 -P src
> > cd /usr/src/sys/arch/i386/conf
> > config GENERIC
> > cd ../compile/GENERIC
> > make clean && make depend && make
> > mv /bsd /bsd.old
> > cp bsd /
> > reboot
> > cd /usr/src
> > rm -r /usr/obj/*
> > make obj && make build
> > reboot
>
> Hmm, that looks allright. One possibility might be that anoncvs1 was
> not up-to-date, but that's unlikely, since the stable update was some
> time ago. If updating doesn't show any new files, try to run the sshd
> in debug mode (on another port), that might give a clue.
>
>   -Otto

I just run a debug "/usr/sbin/sshd -ddde -p 2022" as  Darren Tucker asked me 
for it.  And I just sent the debug output to him

A key login works from a patched (now ssh 4.4) to a non patched (ssh 4.3) 
system. but it wont work between two ssh 4.4 updated systems. Between these 
only password login works.



Regards
Per-Olov

-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Otto Moerbeek]

On Tue, 17 Oct 2006, Per-Olov SjC6holm wrote:

> What should I clean when I totaly wiped out /usr/src and /usr/obj before the
> cvs update.
>
> The build is done as follows...
> --snip--
> cd /usr
> export CVSROOT="[EMAIL PROTECTED]:/cvs"
> cvs -z5 -q get -rOPENBSD_3_9 -P src
> cd /usr/src/sys/arch/i386/conf
> config GENERIC
> cd ../compile/GENERIC
> make clean && make depend && make
> mv /bsd /bsd.old
> cp bsd /
> reboot
> cd /usr/src
> rm -r /usr/obj/*
> make obj && make build
> reboot

Hmm, that looks allright. One possibility might be that anoncvs1 was
not up-to-date, but that's unlikely, since the stable update was some
time ago. If updating doesn't show any new files, try to run the sshd
in debug mode (on another port), that might give a clue.

-Otto

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Per-Olov Sjoholm]

Don't really like top posts... 

You did not do any manual patching, but compile openssl separatley?? ;-)


Well. Why should I compile and install openssl first when I do a total cvs 
stable update. And we use STABLE for production. And I expect stable to 
work... ;-)

Wouldn't the following be sufficient? It should be... Don't you think? It 
usually is

--snip--
cd /usr
export CVSROOT="[EMAIL PROTECTED]:/cvs"
cvs -z5 -q get -rOPENBSD_3_9 -P src
cd /usr/src/sys/arch/i386/conf
config GENERIC
cd ../compile/GENERIC
make clean && make depend && make
mv /bsd /bsd.old
cp bsd /
reboot
cd /usr/src
rm -r /usr/obj/*
make obj && make build
reboot
--snip--


-current is not an option on the production servers. We update OpenBSD servers 
once every year (i.e not every new release) with a new release and do the 
above updates in between if needed



Inte schysst att jdmfvra -current med -stable de kanske inte ens versionerna 
av ingeende komponenter dr samma!

Regards
/Per-Olov

On Tuesday 17 October 2006 09:44, Maxim Bourmistrov wrote:
> Well, I did a cvsup (no manual patching). With cvsup came openssl patches
> too. So I, personly , compiled/installed openssl first, then continued with
> openssh. I do setup extra instance of sshd/telnet before any major upgrade.
> I did the same with openssh as you - make clean obj depend , etc.
> Works well here with keys from -current boxes.
>
> On Tuesday 17 October 2006 01:07, Per-Olov Sjvholm wrote:
> > After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work.
> >
> > All my servers stopped working with SSH key logins with the result that
> > all my rsync automated backups gave up. This happened after my last
> > upgrade October 10, where I did a full source update of my 3.9 stable. I
> > could however still login with any account where I use passwords. Both
> > source and target SSH was OpenBSD and 3.9 from October 10. And as said it
> > happened on six server at the same time. The only thing that could have
> > caused this is that this update contained the new OpenSSH 4.4.
> >
> > I think the thread "
> > Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD
> > 3.8 stable" is not the same problem. Or is it? Well... the fix for that
> > thread problem was "cd /usr/src/usr.bin/ssh && make obj depend && make &&
> > make install". And that does not help here Apart from that, the
> > result is EXACTLY the same as the referenced thread.
> >
> > Login with keys from a patched 3.9 system to a non patched system (ssh
> > 4.4 against 4.3) still works...
> >
> > Any clues?
> >
> > Thanks in advance
> > Per-Olov

Re: Oldest Server you run

[Henning Brauer]

still using this puppy for running ntpd, and pretty much all machines 
in our network sync against it ;(

OpenBSD 4.0-current (GENERIC) #0: Fri Sep 29 10:20:06 CEST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/vax/compile/GENERIC
VAXstation 3100/m{30,40} [0A04 04010002]
cpu: KA41/42
cpu: Enabling primary cache, secondary cache
total memory = 16650240
avail memory = 11964416
using 228 buffers containing 933888 bytes of memory
mainbus0 (root)
vsbus0 at mainbus0
vsbus0: interrupt mask 8
dz0 at vsbus0 csr 0x200a vec 196 ipl 14 maskbit 6: 4 lines
lkkbd0 at dz0 line 0
wskbd0 at lkkbd0
lkms0 at dz0 line 1
wsmouse0 at lkms0
ncr0 at vsbus0 csr 0x200c0080 vec 504 ipl 14 maskbit 1: SCSI ID 6
scsibus0 at ncr0: 8 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
sd0: 1001MB, 3992 cyl, 5 head, 102 sec, 512 bytes/sec, 2051460 sec total
ncr1 at vsbus0 csr 0x200c0180 vec 508 ipl 14 maskbit 0: SCSI ID 6
scsibus1 at ncr1: 8 targets
le0 at vsbus0 csr 0x200e vec 80 ipl 14 maskbit 5 buf 0x48b000-0x49afff
le0: address 08:00:2b:13:25:16
le0: 32 receive buffers, 8 transmit buffers
smg0 at vsbus0 csr 0x200f vec 68 ipl 14 maskbit 3
smg0: 1024x864 on-board monochrome framebuffer
wsdisplay0 at smg0
wsdisplay0: screen 0 added (std, vt100 emulation)
wskbd0: connecting to wsdisplay0
booted from device: sd0
root on sd0a
lkkbd0: no keyboard
rootdev=0x1400 rrootdev=0x3b00 rawdev=0x3b02


-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: cisco 831 & cisco 7960 behind openbsd nat/firewall

[Daniel Ouellet]

Bryan Vyhmeister wrote:

As far as I know, Cisco has typically used SCCP which is their own
proprietary protocol. It uses port 2000. Cisco is now switching to SIP
and this could be the case for this phone.


You are 100% right. The Skinny client from Cisco does use the SCCP. Why 
in hell did I put MCGP. Hmmm... Must need to go to sleep soon.


Sorry to provide the wrong protocol here, but you got the picture 
anyway. MGCP is also use in VoIP, but wasn't the one I was referring at.


Glad it was corrected.

Thanks

Daniel

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Per-Olov Sjöholm]

On Tuesdayen den 17 October 2006 09:19, you wrote:
> On Tue, 17 Oct 2006, Per-Olov SjC6holm wrote:
> > On Tuesday 17 October 2006 01:07, you wrote:
> > > After I upgraded to 3.9 stable from Oct 10 SSH key login no longer
> > > work.
> > >
> > > All my servers stopped working with SSH key logins with the result that
> > > all my rsync automated backups gave up. This happened after my last
> > > upgrade October 10, where I did a full source update of my 3.9 stable.
> > > I could however still login with any account where I use passwords.
> > > Both source and target SSH was OpenBSD and 3.9 from October 10. And as
> > > said it happened on six server at the same time. The only thing that
> > > could have caused this is that this update contained the new OpenSSH
> > > 4.4.
> > >
> > > I think the thread "
> > > Cannot login into OpenSSH after applying patch 020_ssh2.patch to
> > > OpenBSD 3.8 stable" is not the same problem. Or is it? Well... the fix
> > > for that thread problem was "cd /usr/src/usr.bin/ssh && make obj depend
> > > && make && make install". And that does not help here Apart from
> > > that, the result is EXACTLY the same as the referenced thread.
> > >
> > > Login with keys from a patched 3.9 system to a non patched system (ssh
> > > 4.4 against 4.3) still works...
> > >
> > > Any clues?
> > >
> > > Thanks in advance
> > > Per-Olov
> >
> > Will add some output of a verbose login as well.
> > (name and IP changed)
> >
> > This worked on all six servers before the 3.9 STABLE update that changed
> > OpenSSH to 4.4. And after the stable update all key logins are broken and
> > only password login works.
>
> It could be you forgat the make depend.
> To rule out bad dependencies. run make cleandir first and then try again.
>
>   -Otto

What should I clean when I totaly wiped out /usr/src and /usr/obj before the 
cvs update.

The build is done as follows...
--snip--
cd /usr
export CVSROOT="[EMAIL PROTECTED]:/cvs"
cvs -z5 -q get -rOPENBSD_3_9 -P src
cd /usr/src/sys/arch/i386/conf
config GENERIC
cd ../compile/GENERIC
make clean && make depend && make
mv /bsd /bsd.old
cp bsd /
reboot
cd /usr/src
rm -r /usr/obj/*
make obj && make build
reboot
--snip--


Am I missing something? If so. What? 
The above has worked every time on every release for many years

Regards and thanks in advance
/Per-Olov

>
> > [EMAIL PROTECTED]:~#ssh -v [EMAIL PROTECTED]
> >
> > OpenSSH_4.4, OpenSSL 0.9.7g 11 Apr 2005
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Connecting to MYSERVER.MYDOMAIN.COM [1.1.1.1] port 22.
> > debug1: Connection established.
> > debug1: permanently_set_uid: 0/0
> > debug1: identity file /root/.ssh/identity type -1
> > debug1: identity file /root/.ssh/id_rsa type -1
> > debug1: identity file /root/.ssh/id_dsa type 2
> > debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4
> > debug1: match: OpenSSH_4.4 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.4
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host 'MYSERVER.MYDOMAIN.COM' is known and matches the RSA host
> > key. debug1: Found key in /root/.ssh/known_hosts:3
> > debug1: ssh_rsa_verify: signature correct
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug1: Next authentication method: publickey
> > debug1: Trying private key: /root/.ssh/identity
> > debug1: Trying private key: /root/.ssh/id_rsa
> > debug1: Offering public key: /root/.ssh/id_dsa
> > debug1: Server accepts key: pkalg ssh-dss blen 1585
> > debug1: read PEM private key done: type DSA
> > debug1: Authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug1: Next authentication method: keyboard-interactive
> > Connection closed by 1.1.1.1
> >
> >
> > /Per-Olov

Re: cisco 831 & cisco 7960 behind openbsd nat/firewall

[Daniel Ouellet]

Bob Dobb wrote:
My home office is growing as my wife moves from the office to the home.  
Her work requires her to have an 831 to which is attached a 7960 IP phone.


Currently, my network just has a cheap intel box with OpenBSD doing 
nat/firewall.  My question is how do I make the openbsd nat/firewall box 
disappear in front of the 831, so that her 7960 can configure 
appropriately and her work doesn't get all uptight that she is not 
connecting it the way they suggest.


I guess the alternative is that I move the openbsd box and all of my 
computers behind the 831, but I have been running OpenBSD for 5-6 years 
with no problems (for her or me).


I currently have the 831 plugged into a switch via a regular port on the 
831 (port 1-4) rather than the ethernet/internet(e1) port which may be 
my biggest problem.  Of course I can plug other boxes into the 831 in 
this configuration and connect to the internet through the OpenBSD nat 
box no problems.  Since I am not familiar with the Cisco hardware, maybe 
someone who has done the same thing can point me in the correct 
direction (i.e. do i have to drill holes through my firewall for the 
7960 to work).


Thanks.



Just a bit more to help you out as I left out the possible music on hold 
for example that your wife company may also provide.


This is usually also a different port range at the source, but it is 
also dictate by the configuration and the destination to your phone will 
be the same range as the voice RTP stream, and it also comes from a 
different server usually for the music stream. So, you can make a 
special rule for that if you wish. So, you may also need to identify 
this if you want to get it. That would only affect you as the incoming 
as if you put someone on hold, the stream is not coming from your side 
obviously and your phone doesn't interact with this in anyway.


So, you may simply not do it if you want, or fully implement it, your 
choice.


Anyway a simplistic configuration would be like this for SIP if:
- UDP range in use is 32000 to 32031 as an example.
- SBC master 1.2.3.4
- SBC backup if any 1.2.3.5
- SBC third part if any w.x.y.z ( then add it below)
- TFTP in use 1.2.3.10 (here I assume it's with HI port starting at 
45000, but most likely it will not be, so adjust for the proper range 
you see fit)

- phone 2.3.4.5

permit udp any host 2.3.4.5 range 32000 32031
permit udp host 1.2.3.4 host 2.3.4.5 eq 5060
permit udp host 1.2.3.5 host 2.3.4.5 eq 5060
permit udp host 1.2.3.10 gt 45000 host 2.3.4.5 range 32000 32031 (not 
really needed, but in case you want to be more restrictive)


Now here the range for the host if from any source, that's only in case 
you have multiple source and as you might imagine, if your company 
provide you this IP phone, then most likely they do the same for others.


So, you can't block that port range to specific source as if you do, 
then you will have one way conversation if you connect to an other 
person from the office working form home as well that you do not know 
the IP. So obviously, you need to allow for that.


In short, you want the UDP RTP stream to be as small as you need it and 
the important part is to protect the control port UDP/5060 and the TFTP 
as well for the configuration of the phone. These two should only come 
from fix source ONLY and ALWAYS!


Best,

Daniel

Re: max filesize split(1)

[Otto Moerbeek]

On Tue, 17 Oct 2006, Sebastian Dehne wrote:

> Otto,
> 
> Thanks for considering it. Here is the patch which worked for me:

This is not enough at least the call to strtol() in the -b case
and the limit check needs to be fixed as well. ckuethe@ is working on
something. 

-Otto

> 
> #
> # BEGIN PATCH SPLIT(1)
> #
> --- split.c Tue Oct 17 09:19:24 2006
> +++ split_new.c Tue Oct 17 09:20:15 2006
> @@ -59,7 +59,7 @@
> 
>  #define DEFLINE1000/* Default num lines per
> file. */
> 
> -longbytecnt;   /* Byte count to split on. */
> +long long   bytecnt;   /* Byte count to split
> on. */
>  longnumlines;  /* Line count to split on. */
>  int file_open; /* If a file open. */
>  int ifd = -1, ofd = -1;/* Input/output file
> descriptors. */
> @@ -105,7 +105,7 @@
> ifd = 0;
> break;
> case 'b':   /* Byte count. */
> -   if ((bytecnt = strtol(optarg, &ep, 10)) <= 0 ||
> +   if ((bytecnt = strtoll(optarg, &ep, 10)) <= 0 ||
> (*ep != '\0' && *ep != 'k' && *ep != 'm'))
> errx(EX_USAGE,
> "%s: illegal byte count", optarg);
> @@ -171,7 +171,7 @@
>  void
>  split1(void)
>  {
> -   long bcnt;
> +   long long bcnt;
> int dist, len;
> char *C;
> #
> # END PATCH SPLIT(1)
> #
> 
> 
> 
> Otto Moerbeek ([EMAIL PROTECTED]) wrote:
> > 
> > send a diff and we will consider it.
> > 
> > -Otto

Re: max filesize split(1)

[Otto Moerbeek]

On Mon, 16 Oct 2006, ICMan wrote:

> My $0.02:
> 
> Is there a way to query the file system to find out what the max-file-size is?
> If there is, I don't know how to do it, but it could be added to split(1) so
> that split(1) will handle the largest file allowed by whichever file system is
> holding the file it is pointing to.

I think it is enough to make split handle file sizes up to the max of
off_t. Any actual maximum file size will be smaller of equal to that.

There is no uniform way to ask the max file size of a given
file system. ffs filestems do have that info in therir superblock,
though, you can see it with dumpfs(8).

nfsv3 also use this info, it is exchanged when a mount is done.
tcpdump is able to show it. 

-Otto

> 
> ICMan
> 
> Sebastian Dehne wrote:
> 
> > Hi,
> > 
> > I noticed that split(1) can only handle files which's size <= 2GB. I
> > adjusted my version so that it support larger files.
> > 
> > Why is this limit never increased. I mean, the fs supports much bigger
> > files. Are there any plans to increased this limit in the future so I don't
> > need to patch again when installing a new release?
> > 
> > regards,
> > 
> > Sebastian

Re: cisco 831 & cisco 7960 behind openbsd nat/firewall

[Bryan Vyhmeister]

On Tue, Oct 17, 2006 at 03:44:04AM -0400, Daniel Ouellet wrote:
> That would depend if here office support NAT traversal, or if they 
> expect the Cisco phone to use fix IP's and also if the phone is using 
> SIP, or MGCP as the protocol of choice. MGCP is the proprietary call 
> manager for Cisco and SIP would be everyone else, and now Cisco start to 
> support that as well on their cal manager.

As far as I know, Cisco has typically used SCCP which is their own
proprietary protocol. It uses port 2000. Cisco is now switching to SIP
and this could be the case for this phone.

You may be able to find some helpful information at:

http://www.voip-info.org/

The information there will not be helpful as far as PF goes but you may
be able to find some of the details you need. The suggestions regarding
tftp config and so forth are very good though.

Bryan

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Maxim Bourmistrov]

Well, I did a cvsup (no manual patching). With cvsup came openssl patches too.
So I, personly , compiled/installed openssl first, then continued with openssh.
I do setup extra instance of sshd/telnet before any major upgrade.
I did the same with openssh as you - make clean obj depend , etc.
Works well here with keys from -current boxes.

On Tuesday 17 October 2006 01:07, Per-Olov Sjvholm wrote:
> After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work.
> 
> All my servers stopped working with SSH key logins with the result that all 
> my 
> rsync automated backups gave up. This happened after my last upgrade October 
> 10, where I did a full source update of my 3.9 stable. I could however still 
> login with any account where I use passwords. Both source and target SSH was 
> OpenBSD and 3.9 from October 10. And as said it happened on six server at the 
> same time. The only thing that could have caused this is that this update 
> contained the new OpenSSH 4.4.
> 
> I think the thread "
> Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD 3.8 
> stable" is not the same problem. Or is it? Well... the fix for that thread 
> problem was "cd /usr/src/usr.bin/ssh && make obj depend && make && make 
> install". And that does not help here Apart from that, the result is 
> EXACTLY the same as the referenced thread.
> 
> Login with keys from a patched 3.9 system to a non patched system (ssh 4.4 
> against 4.3) still works...
> 
> Any clues?
> 
> Thanks in advance
> Per-Olov

Re: cisco 831 & cisco 7960 behind openbsd nat/firewall

[Daniel Ouellet]

Bob Dobb wrote:
My home office is growing as my wife moves from the office to the home.  
Her work requires her to have an 831 to which is attached a 7960 IP phone.


Currently, my network just has a cheap intel box with OpenBSD doing 
nat/firewall.  My question is how do I make the openbsd nat/firewall box 
disappear in front of the 831, so that her 7960 can configure 
appropriately and her work doesn't get all uptight that she is not 
connecting it the way they suggest.


I guess the alternative is that I move the openbsd box and all of my 
computers behind the 831, but I have been running OpenBSD for 5-6 years 
with no problems (for her or me).


I currently have the 831 plugged into a switch via a regular port on the 
831 (port 1-4) rather than the ethernet/internet(e1) port which may be 
my biggest problem.  Of course I can plug other boxes into the 831 in 
this configuration and connect to the internet through the OpenBSD nat 
box no problems.  Since I am not familiar with the Cisco hardware, maybe 
someone who has done the same thing can point me in the correct 
direction (i.e. do i have to drill holes through my firewall for the 
7960 to work).


Thanks.



That would depend if here office support NAT traversal, or if they 
expect the Cisco phone to use fix IP's and also if the phone is using 
SIP, or MGCP as the protocol of choice. MGCP is the proprietary call 
manager for Cisco and SIP would be everyone else, and now Cisco start to 
support that as well on their cal manager.


If SIP, then they would connect and control the phone via the UDP/5060 
and also they would use a UDP port range for the RTP stream. If they 
haven't restricted it, the default Cisco use is 16384 to 32767, 
obviously way to wide. However, they need only two ports be stream of 
voice and have the 7960 can support as much as 6 lines, they twelve 
ports would/could be use. Also, if they allow conference on that phone, 
it also add more ports. However, it always start at 16384 by default, 
but again is dictate by their configuration. You can always poke around 
and found out. The voice however, only use UDP.


Also, the Cisco phone also expect to get the configuration via tftp as 
well, so that will need to be allow in form their tftp server, again, 
you need to know what it would be.


Last thing it is possible to setup the Cisco phone to work with NAT as 
well, inside the Cisco phone, you can preset the NAT IP to use as long 
as they let you access the configuration of the phone witch they may not.


Did they provide you with the requirements for the phone, or configure a 
router for and tell you to plus it in and be done with it assume you 
would accept to do as they wish and protect their phone, but not your stuff?


It is sure possible to make it work behind NAT no problem as long as you 
really know their requirements. It become a problem if you need to 
connect more then one phone behind NAT at witch point NAT traversal is 
required to be configure at both end.


To start with, you need to allow if SIP, UDP/5060 from their SBC as you 
want to protect your phone obviously, then the range of UDP ports they 
use from their VoIP Gateways as well and the tftp port from their tftp 
server for the configuration file to be download as well as the IOS for 
the phone when they upgrade it, or patch it.


After that, you are pretty much home free.

When testing, if you don't map the port properly, the phone will ring 
and you will pick it up and only have a one way conversation, so easy to 
see the problem.


If they do not give you any configuration, or access to the phone 
itself, then you can also figure out the setting of their TFTP server as 
when you boot the phone, the first thig it does is access the TFTP 
server to get the file. So, looking at the log in PF, you can see that 
easy, the program that.


They when that's done, you can call the phone from your one land line 
phone and then you will see the RTP stream coming to your phone when you 
pick it up and look at the IP address as well as the port use. You will 
notice that two ports are always use, one for incoming and one for 
outgoing. If the default is 16384 on their system for example, you will 
see 16384 and 16385 in use. Again easy to see in logs from PF.


So, allow that IP gateways with that range and you will be fine. Also, 
it's possible that they use other gateways from third party, so a bit 
more tests might be required and you would know that for example by 
doing a LD calls as they may have their own gateway for local calls and 
use third party for LD, however the source for the SIP 5060 will always 
be the same, only the TRP stream will/might be different if more then 
one gateways is in use.


So, one way to find that out as well is after you know the port range 
they use, you could for a few days allow that port range from any where 
and log the different source IP's at with point you would know what 
source they would be and then only allow them. If y

Re: max filesize split(1)

[Sebastian Dehne]

Otto,

Thanks for considering it. Here is the patch which worked for me:

#
# BEGIN PATCH SPLIT(1)
#
--- split.c Tue Oct 17 09:19:24 2006
+++ split_new.c Tue Oct 17 09:20:15 2006
@@ -59,7 +59,7 @@

 #define DEFLINE1000/* Default num lines per
file. */

-longbytecnt;   /* Byte count to split on. */
+long long   bytecnt;   /* Byte count to split
on. */
 longnumlines;  /* Line count to split on. */
 int file_open; /* If a file open. */
 int ifd = -1, ofd = -1;/* Input/output file
descriptors. */
@@ -105,7 +105,7 @@
ifd = 0;
break;
case 'b':   /* Byte count. */
-   if ((bytecnt = strtol(optarg, &ep, 10)) <= 0 ||
+   if ((bytecnt = strtoll(optarg, &ep, 10)) <= 0 ||
(*ep != '\0' && *ep != 'k' && *ep != 'm'))
errx(EX_USAGE,
"%s: illegal byte count", optarg);
@@ -171,7 +171,7 @@
 void
 split1(void)
 {
-   long bcnt;
+   long long bcnt;
int dist, len;
char *C;
#
# END PATCH SPLIT(1)
#



Otto Moerbeek ([EMAIL PROTECTED]) wrote:
> 
> send a diff and we will consider it.
> 
>   -Otto

Re: NIC intel pro 10/100 ethernet not recognized on new motherboard

[Thomas Schoeller]

On Mon, Oct 16, 2006 at 05:37:22PM -0300, Marcos Laufer wrote:
> Hi,
> 

> 
> I know that if i upgrade to 3.9, or make a 3.9 fresh install that would
> solve the issue.
> But i would really hate doing that just because of this hardware change, as
> i said before, this 3.4 has been running perfectly, never had a single crash
> or problem, so i would really like to find a way to recognize this ethernet
> on
> this 3.4,and other important devices i might need.

maybe you should do it because 3.4 is EOLed long ago. there are no
updates for the ports and base system. and mission critical server
should run patched os and software imho.

ethernet chips are updated from time to time, too.

Re: max filesize split(1)

[Chris Kuethe]

The following diff works on my amd64. I split an 8GB file into two
chunks: 5GB and 3GB

Index: split.c
===
RCS file: /cvs/src/usr.bin/split/split.c,v
retrieving revision 1.13
diff -u -r1.13 split.c
--- split.c 2006/08/10 22:44:17 1.13
+++ split.c 2006/10/17 07:23:15
@@ -60,7 +60,7 @@

#define DEFLINE 1000/* Default num lines per file. */

-ssize_t bytecnt;   /* Byte count to split on. */
+off_t   bytecnt;   /* Byte count to split on. */
long numlines;  /* Line count to split on. */
int  file_open; /* If a file open. */
int  ifd = -1, ofd = -1;/* Input/output file descriptors. */

On 10/17/06, Otto Moerbeek <[EMAIL PROTECTED]> wrote:

On Mon, 16 Oct 2006, Sebastian Dehne wrote:

> Hi,
>
> I noticed that split(1) can only handle files which's size <= 2GB. I
> adjusted my version so that it support larger files.
>
> Why is this limit never increased. I mean, the fs supports much bigger
> files. Are there any plans to increased this limit in the future so I
> don't need to patch again when installing a new release?

send a diff and we will consider it.

-Otto





--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

[Otto Moerbeek]

On Tue, 17 Oct 2006, Per-Olov Sjvholm wrote:

> On Tuesday 17 October 2006 01:07, you wrote:
> > After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work.
> >
> > All my servers stopped working with SSH key logins with the result that
all
> > my rsync automated backups gave up. This happened after my last upgrade
> > October 10, where I did a full source update of my 3.9 stable. I could
> > however still login with any account where I use passwords. Both source
and
> > target SSH was OpenBSD and 3.9 from October 10. And as said it happened
on
> > six server at the same time. The only thing that could have caused this
is
> > that this update contained the new OpenSSH 4.4.
> >
> > I think the thread "
> > Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD
> > 3.8 stable" is not the same problem. Or is it? Well... the fix for that
> > thread problem was "cd /usr/src/usr.bin/ssh && make obj depend && make &&
> > make install". And that does not help here Apart from that, the
result
> > is EXACTLY the same as the referenced thread.
> >
> > Login with keys from a patched 3.9 system to a non patched system (ssh
4.4
> > against 4.3) still works...
> >
> > Any clues?
> >
> > Thanks in advance
> > Per-Olov
>
> Will add some output of a verbose login as well.
> (name and IP changed)
>
> This worked on all six servers before the 3.9 STABLE update that changed
> OpenSSH to 4.4. And after the stable update all key logins are broken and
> only password login works.

It could be you forgat the make depend.
To rule out bad dependencies. run make cleandir first and then try again.

-Otto

>
>
> [EMAIL PROTECTED]:~#ssh -v [EMAIL PROTECTED]
>
> OpenSSH_4.4, OpenSSL 0.9.7g 11 Apr 2005
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to MYSERVER.MYDOMAIN.COM [1.1.1.1] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4
> debug1: match: OpenSSH_4.4 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.4
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'MYSERVER.MYDOMAIN.COM' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:3
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug1: Offering public key: /root/.ssh/id_dsa
> debug1: Server accepts key: pkalg ssh-dss blen 1585
> debug1: read PEM private key done: type DSA
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> Connection closed by 1.1.1.1
>
>
> /Per-Olov

Re: max filesize split(1)

[Otto Moerbeek]

On Mon, 16 Oct 2006, Sebastian Dehne wrote:

> Hi,
> 
> I noticed that split(1) can only handle files which's size <= 2GB. I
> adjusted my version so that it support larger files.
> 
> Why is this limit never increased. I mean, the fs supports much bigger
> files. Are there any plans to increased this limit in the future so I 
> don't need to patch again when installing a new release?

send a diff and we will consider it.

-Otto

Re: max filesize split(1)

[Otto Moerbeek]

On Mon, 16 Oct 2006, Sebastian Dehne wrote:

> Replacing the long data type with a bigger type, so that split(1)
> supports bigger splits, works good enough for me.

Don't make it harder that needed. If you have a tested diff, send it in.

-Otto

cisco 831 & cisco 7960 behind openbsd nat/firewall

[Bob Dobb]

My home office is growing as my wife moves from the office to the home.  Her 
work requires her to have an 831 to which is attached a 7960 IP phone.


Currently, my network just has a cheap intel box with OpenBSD doing 
nat/firewall.  My question is how do I make the openbsd nat/firewall box 
disappear in front of the 831, so that her 7960 can configure appropriately 
and her work doesn't get all uptight that she is not connecting it the way 
they suggest.


I guess the alternative is that I move the openbsd box and all of my 
computers behind the 831, but I have been running OpenBSD for 5-6 years with 
no problems (for her or me).


I currently have the 831 plugged into a switch via a regular port on the 831 
(port 1-4) rather than the ethernet/internet(e1) port which may be my 
biggest problem.  Of course I can plug other boxes into the 831 in this 
configuration and connect to the internet through the OpenBSD nat box no 
problems.  Since I am not familiar with the Cisco hardware, maybe someone 
who has done the same thing can point me in the correct direction (i.e. do i 
have to drill holes through my firewall for the 7960 to work).


Thanks.