OpenBSD AJAX
Just a Quick Question, I have been searching for a direct answer to: is it possible to have a AJAX enabled Website hosted on OpenBSD? the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? *if* the answer in large part is no, maybe it should be considered a question for the OpenBSD FAQ? Sam Fourman Jr.
Re: NOD32 Antivirus and OpenBSD?
lol? On 10/24/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Hello everyone, I'm thinking on purchasing this NOD32 anti-virus solution from ESET.COM and use it here at work. I really want to use it with OpenBSD, since every other server machine runs OpenBSD as well. The problem is that eset.com claims that their product will run on Linux and FreeBSD, they say nothing about OpenBSD. I've heard rumors of NOD32 being also able to run on OpenBSD, but I *think* that was for earlier versions of NOD32. I'm not very fond of rumors, so I came here to ask your opinion about it. Does anyone here have any experience with NOD32 and OpenBSD? Or another really good antivirus that I may consider? Thanks in advance, Leonardo Rodrigues -- An OpenBSD user... and that's all you need to know =)
Huge PF/BGP setups with OpenBSD
Yo all, I'm finally starting a project where I need to build a front-end network that'll allow us to push up to (eventually) 10 gigabits of outbound internet traffic, made up of non-jumbo frame packets. Currently we push between 150,000 and 200,000pps. Our current firewalls running 3.8 i386 and em cards are maxing out now. I have gigabit fiber ethernet feeds, and can get 10 gigabit drops as well. I need redundancy, I'd like to run BGP. We use PF round-robin for high speed L4 LB, but nothing else too special. Everything else is open right now; I'll be buying multiple hardware platforms, CPUs, motherboards, network cards, and testing them all thoroughly for packet rates with/without PF rulesets. My question is; how the hell do I scale this? What good approaches are there to getting a front end network to scale, be redundant, maybe run BGP, and not be a huge pain in the ass to manage? I'd much rather continue sending resources to OpenBSD instead of shelling out for a pair of huge, expensive routers. Any good input is greatly appreciated; trolling not so much. Yes I've read all of the PF docs, the PF series on undeadly, the OpenBGP slides, etc. Thanks, -Dormando
Re: OpenBSD AJAX
I have never used AJAX, but I think you could use it with OpenBSD. AJAX stands for Asynchronous Javascript And XML. Javascript runs clientside and to serve the xml part you can use virtually any scripting language (php, python, perl, ruby.) and most of them run on OpenBSD. You should have no problems at al. Floor Terra On Oct 24, 2006, at 7:55 AM, Sam Fourman Jr. wrote: Just a Quick Question, I have been searching for a direct answer to: is it possible to have a AJAX enabled Website hosted on OpenBSD? the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? *if* the answer in large part is no, maybe it should be considered a question for the OpenBSD FAQ? Sam Fourman Jr.
Re: OpenBSD AJAX
On Tue, Oct 24, 2006 at 12:55:09AM -0500, Sam Fourman Jr. wrote: is it possible to have a AJAX enabled Website hosted on OpenBSD? Yes the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? AJAX not a particular server-side technology, but rather a set of techniques and tools for building interactive web applications. Most of the magic happens on the client side. Depending on what programming language you're using on the server side, there may be AJAX specific modules or frameworks. For example there appear to at least be some perl AJAX frameworks in our ports tree. Other languages may have similar tools.
Re: OpenBSD AJAX
Thanks for the Feedback everyone, my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? Sam Fourman Jr. On 10/24/06, Ryan McBride [EMAIL PROTECTED] wrote: On Tue, Oct 24, 2006 at 12:55:09AM -0500, Sam Fourman Jr. wrote: is it possible to have a AJAX enabled Website hosted on OpenBSD? Yes the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? AJAX not a particular server-side technology, but rather a set of techniques and tools for building interactive web applications. Most of the magic happens on the client side. Depending on what programming language you're using on the server side, there may be AJAX specific modules or frameworks. For example there appear to at least be some perl AJAX frameworks in our ports tree. Other languages may have similar tools.
Re: OpenBSD AJAX
Yes, It would be exactly the same as any other cgi. Floor Terra On Oct 24, 2006, at 8:30 AM, Sam Fourman Jr. wrote: Thanks for the Feedback everyone, my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? Sam Fourman Jr. On 10/24/06, Ryan McBride [EMAIL PROTECTED] wrote: On Tue, Oct 24, 2006 at 12:55:09AM -0500, Sam Fourman Jr. wrote: is it possible to have a AJAX enabled Website hosted on OpenBSD? Yes the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? AJAX not a particular server-side technology, but rather a set of techniques and tools for building interactive web applications. Most of the magic happens on the client side. Depending on what programming language you're using on the server side, there may be AJAX specific modules or frameworks. For example there appear to at least be some perl AJAX frameworks in our ports tree. Other languages may have similar tools.
Re: new LiveCD instructions for OpenBSD
On 10/23/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: Hello misc@, Quite a few people sent me emails about my earier instructions, I posted here some time ago: http://marc.theaimsgroup.com/?l=openbsd-miscm=1 Now I finally got around to update my instructions on how to create an OpenBSD-based LiveCD/DVD. They are far from perfect, but it works reasonably well (for me). With the instructions you can either create a CD or DVD. I'm too tired to test on amd64 at the moment, but it _should_ work exactly the same (that is one of the reasons I love OpenBSD, no as much pitfalls as in other OS). Also thanks to Stuart Henderson for his recent post about the new CD boot method: http://marc.theaimsgroup.com/?l=openbsd-miscm=115926553800205w=2 Regards, ahb Best viewed using vim: tw=80; syn on; filetype=conf #--- OpenBSD LiveCD ---# - word # are 'links' to my private documentation, just ignore [...] # Burn the image as usuall: cdrecord -speed=12 -overburn -data livecd.iso # CD growisofs -dvd-compat -Z /dev/rcd1c=/home/livecd.iso# DVD # - brennen - cdrecord - growisofs #--# Oh you win forever!! Thank you so much. In 9 days when 4.0 goes up for download this is the first thing I'm doing. Thank you! -Nick
Re: Intel Server Adapters (NICs) more questions, no answers
Dag Richards wrote: Makes possible? Erm by magic? Will running that kernel ... well Um I'd like to buy another clue please Vanna. Ok. There you go. src/sys/arch/i386/conf/GENERIC.MP # $OpenBSD: GENERIC.MP,v 1.5 2005/05/01 07:54:42 david Exp $ # # GENERIC.MP - sample multiprocessor kernel # include arch/i386/conf/GENERIC option MULTIPROCESSOR# Multiple processor support cpu*at mainbus? ioapic* at mainbus? ^^^ ^- Fantastic... Isn't it? Any hints on who to go to for the ultra secrets? That's what happens in Linux world, some developer creates a so-called magical patch but the dictator never let's it in kernel. The patch becomes a myth and circulates between communities. Generally this is not a case in OpenBSD world. It's irony man... Literature... Fine arts... I am currently trying to connect to DC's over a leased gigaMAN connection. I am getting only 41 MB/s on the bsd routers without ipsec running 7 Mbs with ipsec running. These are Sunfire x2100's running on 3.9 i386 kernels. I have so far just found Henning's paper on perf tunning, it seems to tell me that I am very CPU bound when running ipsec. I can buy accelerator cards for crypto, but the performance is nowhere near what I would expect just machine to machine on a x-over cable, or switch between the broadcom cards. Instead of an accelerator card, buying a cheap VIA C7 powered small box can be cost effective and painless. [EMAIL PROTECTED] or [EMAIL PROTECTED] will be sufficient for many routing, filtering, monitoring with crypto acceleration scenarios. You can achieve very high numbers with AES128 + SHA-1. BTW, AES-256 + SHA256 is also possible with nearly same performance timings. Good luck.
figuring out the local IP address of an interface
Dear friends, I know this question sounds basic but it is not. How to programmatically determine the IP address of an interface? (Programmatically means using C of course :-) getsockname(2) is supposed to work but it doesn't since it returns 0.0.0.0 for INADDR_ANY. getpeername(2) works, so am I supposed to send a packet, do a getpeername(2) at the other side and get back the result in the payload? Till now I have got away with a system(/sbin/ifconfig -a | grep hack. Am I missing something? I surely am since the very notion of IP address of an interface is silly since it could be bridged,carped, trunked etc. But say, I have obtained 192.168.1.2 thro' DHCP and this is what I want to figure out. That is the only IP that interface has. How to achieve that? Thanks. regards, Girish -- Great people are not defined by ability but by nobility
clearing ecn flag in outgoing packets?
Hi! Is it possible to clear the ECN bit in outgoing packings using pf? Something like a no-ecn option, similar to scrub's no-df option. Why? Well, using scrub reassemble tcp and having hosts set the ECN flag seems to cause some troubles. That is, in my post of July 2006, scrub reassemble tcp and nat causes problems with some sites (http://marc.theaimsgroup.com/?l=openbsd-miscm=115330518001669w=4), I had trouble connection to some sites (e.g. eBay) with scrub's reassemble tcp enabled from hosts behind the OpenBSD NAT gateway. Now I've found that I can connect from the nat'ted hosts if either: * reassemble tcp disabled and ecn flag set or * reassemble tcp enabled and ecn flag cleared. However, ecn flag set and reassemble tcp results in connection problems. Since ECN is useful with traffic shaping, I'd like to use it locally but have pf strip it for outbound packets. Regard, Walter
Re: OpenVPN server writes to /etc
Heinrich Rebehn wrote: Martin Gignac wrote: On 10/23/06, Heinrich Rebehn [EMAIL PROTECTED] wrote: Shouldn't openvpn write to /var/db or /var/log? I don't know if these locations can be hardcoded at compile time, but from the stock OpenBSD OpenVPN package that I use (2.0.6) it seems that files will be read/written relative to the CWD when the process was started. I usually specify an absolute path for the 'ifconfig-pool-persist' and 'status' parameters so that files are written to /var/db and /var/log. -Martin Thanks for your reply, Martin. Seems it is time to have a closer look at the 100 cmdline switches of openvpn ;-) Here's how I start it on my machine. From /etc/rc.local if [ -x /usr/local/sbin/openvpn ]; then echo -n ' openvpn' mkdir -p /var/run/openvpn chown nobody /var/run/openvpn /usr/local/sbin/openvpn --daemon \ --cd /etc/openvpn --config server.conf fi And excerpts from /etc/openvpn/server.conf ifconfig-pool-persist /var/run/openvpn/ip.pool status /var/run/openvpn/status.log writepid/var/run/openvpn/openvpn.pid As you know, /var/run gets cleaned at boot time by /etc/rc None of these files need to be persistent over reboots so /var/run/openvpn seems like a sensible path for them. If you want to keep ifconfig-pool-persist file. Then place it into /var/db/openvpn/ (don't forget to create the directory)
Re: OpenBSD AJAX
On Tue, Oct 24, 2006 at 01:30:02AM -0500, Sam Fourman Jr. wrote: my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? Yes. C, INTERCAL, ksh. Any application that follows the cgi protocol. Implementation language for the server part is not important for AJAX. -- magnus
Re: figuring out the local IP address of an interface
On Tuesday 24 October 2006 17:14, Girish Venkatachalam wrote: How to programmatically determine the IP address of an interface? ... Till now I have got away with a system(/sbin/ifconfig -a | grep hack. A quick browse through ifconfig.c lead to getifaddrs(3) which seems to do exactly what you want. -- Jason Stubbs
Re: figuring out the local IP address of an interface
man -s3 getifaddrs ? -- Pawel. Girish Venkatachalam wrote: Dear friends, I know this question sounds basic but it is not. How to programmatically determine the IP address of an interface? (Programmatically means using C of course :-) getsockname(2) is supposed to work but it doesn't since it returns 0.0.0.0 for INADDR_ANY. getpeername(2) works, so am I supposed to send a packet, do a getpeername(2) at the other side and get back the result in the payload? Till now I have got away with a system(/sbin/ifconfig -a | grep hack. Am I missing something? I surely am since the very notion of IP address of an interface is silly since it could be bridged,carped, trunked etc. But say, I have obtained 192.168.1.2 thro' DHCP and this is what I want to figure out. That is the only IP that interface has. How to achieve that? Thanks. regards, Girish
Re: figuring out the local IP address of an interface
On Tue, 24 Oct 2006, Girish Venkatachalam wrote: Dear friends, I know this question sounds basic but it is not. How to programmatically determine the IP address of an interface? (Programmatically means using C of course :-) getsockname(2) is supposed to work but it doesn't since it returns 0.0.0.0 for INADDR_ANY. getpeername(2) works, so am I supposed to send a packet, do a getpeername(2) at the other side and get back the result in the payload? Till now I have got away with a system(/sbin/ifconfig -a | grep hack. Am I missing something? I surely am since the very notion of IP address of an interface is silly since it could be bridged,carped, trunked etc. But say, I have obtained 192.168.1.2 thro' DHCP and this is what I want to figure out. That is the only IP that interface has. How to achieve that? You are looking for getifaddrs(3) -Otto
Re: figuring out the local IP address of an interface
networking(4) getifaddrs(3) -- Mathieu Sauve-Frankel
Re: figuring out the local IP address of an interface
On 10/24/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: Dear friends, I know this question sounds basic but it is not. How to programmatically determine the IP address of an interface? (Programmatically means using C of course :-) getsockname(2) is supposed to work but it doesn't since it returns 0.0.0.0 for INADDR_ANY. getpeername(2) works, so am I supposed to send a packet, do a getpeername(2) at the other side and get back the result in the payload? Till now I have got away with a system(/sbin/ifconfig -a | grep hack. Am I missing something? I surely am since the very notion of IP address of an interface is silly since it could be bridged,carped, trunked etc. But say, I have obtained 192.168.1.2 thro' DHCP and this is what I want to figure out. That is the only IP that interface has. How to achieve that? I have never done it myself, but some quick documentation-digging hints it should be possible. You can use ioctl-calls to access this information. Please see netintro(4) and good luck. -Nick
Re: NOD32 Antivirus and OpenBSD?
On Tue, Oct 24, 2006 at 02:41:11AM -0300, Leonardo Rodrigues wrote: Or another really good antivirus that I may consider? You could try to check out avira's server tools: http://www.avira.com/en/products/index.html most of which seem to support OpenBSD. The Windows personal edition is quite popular, since it's free. Or, while digging through bsdtalk, I came across: http://bsdtalk.blogspot.com/2006/09/bsdtalk071-interview-with-einar-th.html where f-prot.com's antivirus tools were presented. Also running on OpenBSD. I think both have free or free trial versions. Cheers, Andreas
Re: figuring out the local IP address of an interface
On 10/24/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: How to programmatically determine the IP address of an interface? Your question is unclear. Do you _really_ want to look up the list of IP addresses bound to a given interface, specified by name and/or index? That what your question asks for, but that information is usually only needed for some UDP servers and routing programs. Or do you just want to know the local IP of a connected socket? Note that the IP choosen may depend on the IP that you're sending/connecting to. getsockname(2) is supposed to work but it doesn't since it returns 0.0.0.0 for INADDR_ANY. Was that before or after you used connect(), sendto(), sendmsg(), or accept()? Till now I have got away with a system(/sbin/ifconfig -a | grep hack. If you *really* want to see how the interfaces are configured (I doubt it), you should take a look at getifaddrs() Btw, I strongly suggest you pick up a copy of UNIX Network Programming, volume 1 by Stevens. You should ignore the XTI stuff in the back, but the rest is Good Stuff. Philip Guenther
Re: new LiveCD instructions for OpenBSD
On Tue, Oct 24, 2006 at 08:25:52AM +0900, vladas wrote: On 10/24/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: Now I finally got around to update my instructions on how to create an OpenBSD-based LiveCD/DVD. Is this LiveCD/DVD reliable enough to send in dmesg's from it? Exuse me, but I don't see a point in posting a dmesg for a livecd, which by definition is portable. The dmesg depends on the machine I insert it into. If the question was: Does it really work? Yes, it does quite well, today I had the chance to test it with 10 different machines, all worked. Slowest was a pIII-500 with 128MB RAM, top showed 75MB mem usage after booting into X and with several apps started. One thing that bothers me is that I can only boot from the first CD drive, because cd0 is hardcoded in several places, but most of the time this doesn't matter. Regards, ahb
Re: new LiveCD instructions for OpenBSD
On Mon, Oct 23, 2006 at 06:39:35PM -0500, Sam Fourman Jr. wrote: I have been looking for a OpenBSD Kismet Live DVD with a X Front end, I wonder if a person could actually have Kismet and x on a Live DVD? or would it have to be able to write to a Disk? Sam Fourman Jr. You might be able to fit everything on a normal 700MB CD, I need a 800MB CD for all my important apps, btw. this is all in the instructions. You'll need something to save your kismet logs to before shutting down, of course. At runtime everything gets written to MFS partitions - kismet works. Regards, ahb
Re: figuring out the local IP address of an interface
On Tue, Oct 24, 2006 at 10:43:57AM +0200, Otto Moerbeek wrote: On Tue, 24 Oct 2006, Girish Venkatachalam wrote: Dear friends, I know this question sounds basic but it is not. How to programmatically determine the IP address of an interface? (Programmatically means using C of course :-) getsockname(2) is supposed to work but it doesn't since it returns 0.0.0.0 for INADDR_ANY. getpeername(2) works, so am I supposed to send a packet, do a getpeername(2) at the other side and get back the result in the payload? Till now I have got away with a system(/sbin/ifconfig -a | grep hack. Am I missing something? I surely am since the very notion of IP address of an interface is silly since it could be bridged,carped, trunked etc. But say, I have obtained 192.168.1.2 thro' DHCP and this is what I want to figure out. That is the only IP that interface has. How to achieve that? You are looking for getifaddrs(3) Thanks, but it just slipped my mind. I knew this but couldn't figure out what on earth the man page was trying to say. Is there a way to portably make this work across linux,FreeBSD,NetBSD and OpenBSD? Thanks to everyone who responded. This mailing list rocks! :-) As usual. :-) regards, Girish -- Having nothing nothing can he lose
Re: OpenBSD / NetBSD systrace kernel integer overflow
Nicolas Martzel wrote: http://scary.beasts.org/security/CESA-2006-003.html Feedback about that ? Corrected or always active ? http://www.openbsd.org/errata.html#systrace
Utility to view multiple log files in a Vim 7.0 tabbed view
Dearest friends, I believe this is the place where the smartest sys admins on earth hang around; what better place than this for me to advertise my little creation? :-) I know what I did was trivial; please be gentle. :-) I have written a vim plugin that opens multiple log files or any file you want to monitor that is constantly changing outside of the vim instance. And the fun is it is opened in multiple tabs and updated automagically once you go to that tab using the gt command in normal mode. The files opened using this plugin are opened in read only mode. And the file names given can be completed using the TAB key. I have tried to explain the usage. Should you have any doubts please let me know. http://www.vim.org/scripts/script.php?script_id=1692 And the rest of your vim editing goes on as usual. Only the files opened using the :TailView command are updated while you switch tabs. And you can update the file at any time by pressing Ctrl-K. This has the benefit that you can go back and forth the whole file inside the cool comfort of vim. Think of it as less on steroids but a tad slower to load since vim reads the whole file. Hope you find it useful. One idea that crossed my mind was somehow indicating that you opened the file in TailView mode, but then I thought that it might make the code bloated and not add any real value. I shall be more than willing to add any features you think will be useful to you in your day to day work. Enjoy! :-) regards, Girish Installation instructions:- Just download the file tailtab.vim and drop it into ~/.vim/plugin directory. Then start vim and type :TailView /var/log/maillog /var/log/messages -- Having nothing nothing can he lose
Re: OpenBSD / NetBSD systrace kernel integer overflow
On Tue, 24 Oct 2006, Nicolas Martzel wrote: http://scary.beasts.org/security/CESA-2006-003.html Feedback about that ? Corrected or always active ? Thanks, and hope that could help. Eh, why don't you look at http://www.openbsd.org/errata.html first? It's already fixed for more than two weeks. -Otto
Re: OpenBSD / NetBSD systrace kernel integer overflow
On 24/10/06, Nicolas Martzel [EMAIL PROTECTED] wrote: http://scary.beasts.org/security/CESA-2006-003.html Feedback about that ? Corrected or always active ? Thanks, and hope that could help. Ask question? Complete sentence? You talking to me? Thanks, and hope that could help.
Re: OpenBSD / NetBSD systrace kernel integer overflow
On Tue, Oct 24, 2006 at 03:09:12PM +0200, Nicolas Martzel wrote: http://scary.beasts.org/security/CESA-2006-003.html http://www.openbsd.org/errata.html#systrace
Re: OpenBSD AJAX
On Tue, Oct 24, 2006 at 10:42:25AM +0200, Magnus Bodin wrote: On Tue, Oct 24, 2006 at 01:30:02AM -0500, Sam Fourman Jr. wrote: my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? Yes. C, INTERCAL, ksh. Any application that follows the cgi protocol. But remember, PHP will corrupt your precious bodily fluids.
Re: OpenBSD / NetBSD systrace kernel integer overflow
I thank you all, but M ropers whom the reaction is displaced. At the begining of the project i manage i had an argue with the security expert of my company. He wanted MacOSX servers, and i wanted OpenBSD. I finally win and i am very happy of my choice. He just gives me the link i have sent you, and now tells me Wow they are quicker than apple. Lol. Again thanks, bye. Message du 24/10/06 15:25 De : Matthias Kilian [EMAIL PROTECTED] A : Nicolas Martzel [EMAIL PROTECTED] Copie C : misc@openbsd.org Objet : Re: OpenBSD / NetBSD systrace kernel integer overflow On Tue, Oct 24, 2006 at 03:09:12PM +0200, Nicolas Martzel wrote: http://scary.beasts.org/security/CESA-2006-003.html http://www.openbsd.org/errata.html#systrace --- Orange vous informe que cet e-mail a ete controle par l'anti-virus mail. Aucun virus connu a ce jour par nos services n'a ete detecte.
Re: OpenBSD AJAX
Sam, the easiest way for you would probably to use the stock Apache 1.3.x coming with OpenBSD and then the CGI::Ajax Perl module (just install it using perl -MCPAN -e shell; ): http://www.perl.com/lpt/a/977 On 10/24/06, Sam Fourman Jr. [EMAIL PROTECTED] wrote: my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? On 10/24/06, Ryan McBride [EMAIL PROTECTED] wrote: On Tue, Oct 24, 2006 at 12:55:09AM -0500, Sam Fourman Jr. wrote: is it possible to have a AJAX enabled Website hosted on OpenBSD? Yes the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? AJAX not a particular server-side technology, but rather a set of techniques and tools for building interactive web applications. Most of the magic happens on the client side. Depending on what programming language you're using on the server side, there may be AJAX specific modules or frameworks. For example there appear to at least be some perl AJAX frameworks in our ports tree. Other languages may have similar tools. -- http://preferans.de
Re: new LiveCD instructions for OpenBSD
On Tue, Oct 24, 2006 at 02:37:05PM +0200, Andreas Bihlmaier wrote: On Tue, Oct 24, 2006 at 08:25:52AM +0900, vladas wrote: On 10/24/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: Is this LiveCD/DVD reliable enough to send in dmesg's from it? Exuse me, but I don't see a point in posting a dmesg for a livecd, which by definition is portable. The dmesg depends on the machine I insert it into. I /believe/ the poster is asking whether it can be used to plug into $RANDOM_MACHINE and mail a dmesg from that machine. Nice for scoping out potential OpenBSD systems in a shop provided you can get the sales droids to look away long enough for the reboot.
Re: pppoe goes to sleep
here is a ppp-logfile attached. at 19:23:09 I tried to kill and restart ppp, if I remember correctly. What am I supposed to read from the man page for ppp to help me in this case, please? Thanks for the help, Tim -- Tim Gruene Institut fuer anorganische Chemie Tammannstr. 4 D-37077 Goettingen GPG Key ID = A46BEE1A On Sun, 22 Oct 2006, ramrunner wrote: Can you send your ppp logs? man 8 ppp Thanks :) DsP On 10/21/06, Tim Gruene [EMAIL PROTECTED] wrote: Hi, I recently installed OpenBSD 3.9 on a PC(dmesg.log attached) which should act as gateway for a small home network. The setup of pf, the config-file for ppp to connect to our ISP, and the system setup (rc.conf.local) were copied from a different machine running OpenBSD 3.6 which currently acts as gateway but should be replaced by the other machine. After booting, the machine works fine for about 15min. Thereafter the connection through the DLS-modem to the internet is down. According to 'top', ppp and pppoe are in sleep state, but I do not know whether this is the reason. Killing ppp and restarting it does not help. The phenomenon occurs with apm enabled and disabled. It is not due to the network card for I had also installed a different network card (a 3Com 3c905b instead of the VIA VT8233). Would anyone have an idea how to fix the problem? Tim -- Tim Gruene Institut fuer anorganische Chemie Tammannstr. 4 D-37077 Goettingen GPG Key ID = A46BEE1A OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.20GHz (GenuineIntel 686-class) 2.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 259567616 (253484K) avail mem = 229863424 (224476K) using 3194 buffers containing 13082624 bytes (12776K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(3c) BIOS, date 10/01/03, BIOS32 rev. 0 @ 0xfb4c0 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf44 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdec0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 3 5 11 12 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8751 PCI rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8633 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 S3 ProSavage DDR rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) sis0 at pci0 dev 8 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 11, address 00:14:6c:30:8b:1c nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 3 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x80: irq 12 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 5 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00 iic0 at viapm0 unknown at iic0 addr 0x18 not configured pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340015A wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SAMSUNG, CDRW/DVD SM-352B, T806 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 12 ac97: codec id 0x434d4961 (C-Media Electronics CMI9739) audio0 at auvia0 VIA VT82C686 Modem rev 0x80 at pci0 dev 17 function 6 not configured vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x74: irq 11, address 00:e0:4c:b7:dd:45 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 8: OUI 0x004063, model 0x0032 isa0 at mainbus0
Re: OpenBSD AJAX
On Tue, Oct 24, 2006 at 01:35:38PM +, Ryan McBride wrote: On Tue, Oct 24, 2006 at 10:42:25AM +0200, Magnus Bodin wrote: On Tue, Oct 24, 2006 at 01:30:02AM -0500, Sam Fourman Jr. wrote: my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? Yes. C, INTERCAL, ksh. Any application that follows the cgi protocol. But remember, PHP will corrupt your precious bodily fluids. Gentelmen, you can't fight in here! This is the WAR room! -- Mathieu Sauve-Frankel
Zabbix package or port
I was wondering if anyone has worked on creating a Zabbix package or port for OpenBSD. Phusion
Re: figuring out the local IP address of an interface
Is there a way to portably make this work across linux,FreeBSD,NetBSD and OpenBSD? If I remember correctly you can possibly do it with libdnet http://libdnet.sourceforge.net/ Cheers Ste
Re: new LiveCD instructions for OpenBSD
On Tue, Oct 24, 2006 at 04:12:00AM -0400, Nick Guenther wrote: On 10/23/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: Hello misc@, Quite a few people sent me emails about my earier instructions, I posted here some time ago: http://marc.theaimsgroup.com/?l=openbsd-miscm=1 Now I finally got around to update my instructions on how to create an OpenBSD-based LiveCD/DVD. They are far from perfect, but it works reasonably well (for me). With the instructions you can either create a CD or DVD. I'm too tired to test on amd64 at the moment, but it _should_ work exactly the same (that is one of the reasons I love OpenBSD, no as much pitfalls as in other OS). Also thanks to Stuart Henderson for his recent post about the new CD boot method: http://marc.theaimsgroup.com/?l=openbsd-miscm=115926553800205w=2 useful part snipped Nick, I run out of words to thank you. :-) You probably have no idea how much this is going to help me. Thanks a million dear friend. regards, Girish
Re: Sun Niagara supported?
On Mon, Oct 23, 2006 at 06:14:30PM -0400, Jean-Daniel Beaubien wrote: I see I see, thanks for the explanation. I hope I didn't get your hopes up for financing...I am only a poor student finishing his Bachelor's... Jd Don't give it a thought Jean. In Sanskrit there is a saying which goes to say If the intention is noble and efforts intense over time the goal will be fulfilled. I am sorry I don't recollect the exact Sanskrit wordings. So don't worry about money. :-) It comes today, goes tomorrow. :-) love, Girish -- Having nothing nothing can he lose
Re: new LiveCD instructions for OpenBSD
On Tue, Oct 24, 2006 at 01:51:45PM +, Ryan McBride wrote: On Tue, Oct 24, 2006 at 02:37:05PM +0200, Andreas Bihlmaier wrote: On Tue, Oct 24, 2006 at 08:25:52AM +0900, vladas wrote: On 10/24/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: Is this LiveCD/DVD reliable enough to send in dmesg's from it? Exuse me, but I don't see a point in posting a dmesg for a livecd, which by definition is portable. The dmesg depends on the machine I insert it into. I /believe/ the poster is asking whether it can be used to plug into $RANDOM_MACHINE and mail a dmesg from that machine. Nice for scoping out potential OpenBSD systems in a shop provided you can get the sales droids to look away long enough for the reboot. Of course! Actually that was my very first motivation to even build an OpenBSD livecd. Wherever I encounter an 'interesting' machine (i386/amd64) I put the livecd in to see how good this machine would be supported. One thing I noted since my first livecd with 3.7: much more machines just work PERFECT (at least by dmesg output), even the weird P4s we have at school. The problem is that the boot sequence seems to scare some windows users: What are all those messages, you didn't you wrack my PC, did you? ;) Regards, ahb
Re: OpenBSD AJAX
On Tue, Oct 24, 2006 at 12:55:09AM -0500, Sam Fourman Jr. wrote: Just a Quick Question, I have been searching for a direct answer to: is it possible to have a AJAX enabled Website hosted on OpenBSD? Yes. I have one. the reason why I am asking is because Apache is version 1.3.x (due to licencing issues). if not Maybe there is another http server that would support it? Not related. Most of the AJAX technology is *client-side*. All it does is callbacks to the server, which serves normal requests. There are some AJAX frameworks already in OpenBSD. There are two perl frameworks, for instance. And ruby-on-rail is known to rely on java. As far as responsiveness goes, Apache 1.3 has enough server-side module supports for the application to (more or less) live within the server.
Re: Dell 2650 with unsupported Adaptec PERC 3/Di RAID controller?
This might make it yet into some FAQ... :-/ K Kadow wrote on Mon, Oct 23, 2006 at 08:47:06PM -0500: I've inherited a half dozen Dell PowerEdge 2650s with the PERC 3/Di Adaptec RAID controllers, mostly running old OpenBSD with the 'aac' RAID controller enabled. I'd like to put as little money (and time) into these as possible while still bringing them up to the latest supported OpenBSD release, and keeping the Dell support contracts in place. I'm willing to consider trading these in, but I don't see affordable rackmount servers from Dell or Sun with redundant power and hardware RAID. These servers have been up and running for years (as in 1000 day uptimes) without major issues, and with no complaints about performance or corruption. How big a risk am I taking by reinstalling these machines with 4.0 and a custom 'aac' kernel? If something works for you that doesn't work for others and cannot even be expected to work due to known bugs, chances are you use it in some special way that exposes problems less than they use to be exposed in more usual contexts. Such things can depend on gory details. You *know* bugs are there, you *know* they will not go away with OpenBSD 4.0, but you do *not* know why they do not bite you, or why you did not yet realize being bitten. If you change any detail of the (apparently) working system, i suspect nobody can tell you for sure whether that will improve or break things in that particular situation, even if the changes you apply are usually an excellent idea and make every typical system better. I do not say your system will break if you upgrade to 4.0. But who knows? Things have been changed (i.e. improved, of course) during the last few years, also in aac(4), but all we know for sure is that both the firmware and the driver for this cards is still buggy. What if by some ill chance any of the improvements change the special conditions that caused you not be hurt so far? If those servers are in any way mission-critical for you (i.e. if sudden failure would cause you relevant inconvenience) you should seriously consider getting better hardware, even if you have to pay for it. If those servers need to be exposed to the internet, i would also strongly suggest getting better hardware. Internet servers need to be kept up to date, and you never know how long your luck with works for me will last. Any update will make you hold your breath. For example, with an Adaptec 2410SA it once happened to me that a newer firmware gave me *much* more failures than an older one, see the archives. If those servers are neither mission-critical nor exposed to the internet, maybe you can just isolate them in a dedicated network segment, protect them by a firwall and make sure nobody comes near who could attack them, even if the OS and applications are not up to date and contain well-known flaws. This is one of the rare situations where the (with respect to operating system updates almost always bad) attitude never change a running system might actually make some sense - yet it depends on what you are using this stuff for... Sorry, i cannot comment on your remaining questions, i only suffered from Adaptec RAID, but do not know DELL server hardware.
AF_ISO, SOCK_RAW - mysterious phenomena in OpenBSD
How do I do this C call taken from a Linux program on OpenBSD? socket(PF_PACKET, SOCK_RAW, htons(0x4254)) man socket on OpenBSD offers AF_ISO (ISO protocols) which sounds like it could be access to individual ISO stack layers including layer 2? However the string ISO is not mentioned anywhere else in the manual page so the documentation on this seems to be missing (completeness of manual pages, hee, OpenBSD?) The types SOCK_RAW, which is available only to the superuser, and SOCK_RDM, which is planned, but not yet implemented, are not described here. Is SOCK_RAW described anywhere else in the OpenBSD manpages? If yes, where? The SEE ALSO section doesn't also contain any entries which would evoke relation to AF_ISO or SOCK_RAW. I basically need to fill in my own Ethernet frame, including DST and SRC MAC, with 3 possible patterns - random data, all zeroes, or alternating 01010101, and send lots of packets of this type. Then calculate from ifconfig how many were received on loopback and calculate bit error rate of the link for different electrical frequencies occuring in the data stream. CL
Re: new LiveCD instructions for OpenBSD
Andreas Bihlmaier wrote: On Tue, Oct 24, 2006 at 01:51:45PM +, Ryan McBride wrote: On Tue, Oct 24, 2006 at 02:37:05PM +0200, Andreas Bihlmaier wrote: On Tue, Oct 24, 2006 at 08:25:52AM +0900, vladas wrote: On 10/24/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: Is this LiveCD/DVD reliable enough to send in dmesg's from it? Exuse me, but I don't see a point in posting a dmesg for a livecd, which by definition is portable. The dmesg depends on the machine I insert it into. I /believe/ the poster is asking whether it can be used to plug into $RANDOM_MACHINE and mail a dmesg from that machine. Nice for scoping out potential OpenBSD systems in a shop provided you can get the sales droids to look away long enough for the reboot. Of course! Actually that was my very first motivation to even build an OpenBSD livecd. Wherever I encounter an 'interesting' machine (i386/amd64) I put the livecd in to see how good this machine would be supported. One thing I noted since my first livecd with 3.7: much more machines just work PERFECT (at least by dmesg output), even the weird P4s we have at school. The problem is that the boot sequence seems to scare some windows users: What are all those messages, you didn't you wrack my PC, did you? ;) Regards, ahb So true, I once used a floppy based linux (I'm sorry posting this on a OpenBSD mailing list) distribution in media lab at school with the lynx browser on it. The librarian kicked me out almost immediately because I was hacking the network... I was only using a text based browser because of the slow network.. Frank
Setting 10Mbps full duplex
I am used from Linux that setting a network card to 10Mbps full duplex for an optical data link was a problem almost insolvable by mankind. Both finding the documentation and performing the magic trick. I am impressed by OpenBSD. ifconfig tells me the type of the card - fxp. man fxp and search for duplex leads directly to the necessary command. The command is executed without an error message and subsequent ifconfig really shows 10Mbps full duplex. CL
Thank you OpenBSD, the sensors framework ROX!
I just want to say thank you to the OpenBSD team. Over the weekend, one of our OpenBSD servers[1] had a fan die. Thanks to the sensors framework, and the Nagios[2] plugin I wrote[3], I found out it was broken, and I could also tell that the rest of the fans in the server were doing a fine job keeping it cool. That means I was able to replace the fan at my convienience. Without the sensors framework, I would probably not have noticed the fan being out until more fans died and the server overheated. [1] It one of our Internet routers, running OpenBGPd[4] [2] http://www.nagios.org [3] I swear this isn't an advertisement, but here's the link[5] [4] Thanks for OpenBGPd too! [5] http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Stale file handle (next time use Tupperware(tm)!)
Re: AF_ISO, SOCK_RAW - mysterious phenomena in OpenBSD
On Tue, Oct 24, 2006 at 06:34:55PM +0200, Karel Kulhavy wrote: How do I do this C call taken from a Linux program on OpenBSD? socket(PF_PACKET, SOCK_RAW, htons(0x4254)) man socket on OpenBSD offers AF_ISO (ISO protocols) which sounds like it could be access to individual ISO stack layers including layer 2? However the string ISO is not mentioned anywhere else in the manual page so the documentation on this seems to be missing (completeness of manual pages, hee, OpenBSD?) AF_ISO is no longer. Somebody forgot to clean the man pages after sending the netiso stack to the attic. Btw. AF_ISO was an implementation of the OSI/ISO network stack and has nothing to do with layer 2. The types SOCK_RAW, which is available only to the superuser, and SOCK_RDM, which is planned, but not yet implemented, are not described here. Is SOCK_RAW described anywhere else in the OpenBSD manpages? If yes, where? ip(4) and ip6(4). The SEE ALSO section doesn't also contain any entries which would evoke relation to AF_ISO or SOCK_RAW. I basically need to fill in my own Ethernet frame, including DST and SRC MAC, with 3 possible patterns - random data, all zeroes, or alternating 01010101, and send lots of packets of this type. Then calculate from ifconfig how many were received on loopback and calculate bit error rate of the link for different electrical frequencies occuring in the data stream. Sounds like you are implementing a BER tester. You should use bpf(4) for this as it gives you direct access to the device. -- :wq Claudio PS: I could use a BER tester from time to time as well :)
Re: Dell 2650 with unsupported Adaptec PERC 3/Di RAID controller?
On Tuesday 24 October 2006 03:47, K Kadow wrote: I've inherited a half dozen Dell PowerEdge 2650s with the PERC 3/Di Adaptec RAID controllers, mostly running old OpenBSD with the 'aac' RAID controller enabled. I'd like to put as little money (and time) into these as possible while still bringing them up to the latest supported OpenBSD release, and keeping the Dell support contracts in place. I'm willing to consider trading these in, but I don't see affordable rackmount servers from Dell or Sun with redundant power and hardware RAID. These servers have been up and running for years (as in 1000 day uptimes) without major issues, and with no complaints about performance or corruption. How big a risk am I taking by reinstalling these machines with 4.0 and a custom 'aac' kernel? Has anybody successfully paid or pressured Dell to swap the PE2650 'aac' motherboards for a revision with the AMI MegaRAID embedded RAID chipset? Or added a PCI card for RAID using the split backplane feature of the PE2650? If the latter is the best option, any recommendation for an OpenBSD-friendly maker of standalone U160/U320 hardware RAID controllers for PCI? Something orderable from CDW or another major retailer would be a plus. Thanks, Kevin (P.S. One reason for specifying hardware RAID is to have a system with a strong chance of surviving (and/or rebooting after) a single failed drive. Other reasons are primarily political, same reasons we have only Sun and Dell hardware, and Dell Gold service contracts.) As you have built in PERC 3/Di controllers.. use it! Otherwise buy anything else but adaptec (like LSI Megaraid).. The big aac update 1.16 of aac_pci.c just before OpenBSD 3.9 actually made aac usable. I have an old Dell 2450 with a built in PERC 3/Di running perfect since 3.9 release. I haven't read Ingo:s post reply yet that I have seen on the list. But I think we share the same opinion about adaptec as we are two out of many with earlier adaptec problems. Regards /Per-Olov
Re: Thank you OpenBSD, the sensors framework ROX!
Original message Date: Tue, 24 Oct 2006 10:08:51 -0700 From: andrew fresh [EMAIL PROTECTED] Subject: Thank you OpenBSD, the sensors framework ROX! To: misc@openbsd.org I just want to say thank you to the OpenBSD team. Over the weekend, one of our OpenBSD servers[1] had a fan die. Thanks to the sensors framework, and the Nagios[2] plugin I wrote[3], I found out it was broken, and I could also tell that the rest of the fans in the server were doing a fine job keeping it cool. That means I was able to replace the fan at my convienience. Without the sensors framework, I would probably not have noticed the fan being out until more fans died and the server overheated. [1] It one of our Internet routers, running OpenBGPd[4] [2] http://www.nagios.org [3] I swear this isn't an advertisement, but here's the link[5] [4] Thanks for OpenBGPd too! [5] http://openbsd.somedomain.net/nagios/ i like your domain name :). i was planning on writing a plugin myself but my work queue is hella deep right now. thanks so much for making the plugin available!
Re: AF_ISO, SOCK_RAW - mysterious phenomena in OpenBSD
On Tue, 24 Oct 2006, Karel Kulhavy wrote: How do I do this C call taken from a Linux program on OpenBSD? socket(PF_PACKET, SOCK_RAW, htons(0x4254)) man socket on OpenBSD offers AF_ISO (ISO protocols) which sounds like it could be access to individual ISO stack layers including layer 2? However the string ISO is not mentioned anywhere else in the manual page so the documentation on this seems to be missing (completeness of manual pages, hee, OpenBSD?) AF_ISO refers to the ISO protocol that was supposed to be a replacement for TCP/IP, but which never took off. A few releases ago it was removed from the src tree. Any remaining ref to AF_ISO should be removed. The types SOCK_RAW, which is available only to the superuser, and SOCK_RDM, which is planned, but not yet implemented, are not described here. Is SOCK_RAW described anywhere else in the OpenBSD manpages? If yes, where? man 4 ip has some more details for using raw sockets, which can be sued to send raw IP packets. Raw ethernet data is something different, though. You can use bpf(4) to send raw ethernet packets. The SEE ALSO section doesn't also contain any entries which would evoke relation to AF_ISO or SOCK_RAW. I basically need to fill in my own Ethernet frame, including DST and SRC MAC, with 3 possible patterns - random data, all zeroes, or alternating 01010101, and send lots of packets of this type. Then calculate from ifconfig how many were received on loopback and calculate bit error rate of the link for different electrical frequencies occuring in the data stream. -Otto
USR GigE adapter: USR997902A
can anyone confirm that the USR997902A gigabit ethernet card is supported for i386? the device is listed as supported using the re driver, but it lists the model number without the A at the end. here is a link to the adapter http://www.cdw.com/shop/products/default.aspx?EDC=996808 i want to make certain the chipset has not changed in the A version. if there are adapters of comparable price that are better, please make a suggestion. i am constrained to purchasing from CDW for the time being, as this is for work. cheers, jake
Newbie login.conf and xdm question
Ok, I'm trying to get my user account setup so the Java plugin works with Friefox, it's currently working fine for root. From Kurt's suggestion I changed staff's section of login.conf to: staff:\ :datasize-cur=infinity:\ :datasize-max=infinity:\ :stacksize-cur=8M:\ :openfiles-cur=1024:\ :maxproc-max=infinity:\ :maxproc-cur=1024:\ :ignorenologin:\ :requirehome@:\ :tc=default: I added staff to my user class: ethant:passwordhash:1000:10:staff:0:0:Greg Thomas:/home/ethant:/bin/sh In an xterm under xdm I get: [EMAIL PROTECTED] ulimit -a time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 262144 stack(kbytes)8192 lockedmem(kbytes)156489 memory(kbytes) 467896 nofiles(descriptors) 1024 processes532 Logging into the console I get: [EMAIL PROTECTED] ulimit -a time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes)1048576 stack(kbytes)8192 lockedmem(kbytes)156489 memory(kbytes) 467896 nofiles(descriptors) 1024 processes532 How do I get the data size bumped up when logged into xdm? Running ulimit -d gives me sh: ulimit: exceeds allowable limit. Thanks, Greg
Re: Dell 2650 with unsupported Adaptec PERC 3/Di RAID controller?
On 10/24/06, Ingo Schwarze [EMAIL PROTECTED] wrote: If those servers are in any way mission-critical for you (i.e. if sudden failure would cause you relevant inconvenience) you should seriously consider getting better hardware, even if you have to pay for it. IMHO, overall these servers are better hardware already; not perfect, but when corporate politics dictate buying only Dell and Sun, these are a good choice (and already paid for). The one bad part in the 2650 chassis is the Adaptec controller, which is why I'm asking about routing around that one faulty chipset by installing a third-party RAID controller, from a manufacturer more friendly to OpenBSD (suggestions welcome). These are not ancient servers, they are relatively new, very reliable, and highly redundant -- except one key piece of their redundancy, the disk array, is unsupported by OpenBSD, (though it was supported when these were originally purchased). On 10/24/06, Per-Olov Sjvholm [EMAIL PROTECTED] wrote: As you have built in PERC 3/Di controllers.. use it! Otherwise buy anything else but adaptec (like LSI Megaraid).. I'm leaning towards the LSI solution. Assuming 'aac' is a problem for OpenBSD, we can spend $350+ per server for LSI cards to mitigate this risk, or just give the old hardware to a team which uses RHEL, where they don't worry about PERC3/Di controller bugs. KK
Re: NOD32 Antivirus and OpenBSD?
On 10/24/06, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Hello everyone, I'm thinking on purchasing this NOD32 anti-virus solution from ESET.COM and use it here at work. I really want to use it with OpenBSD, since every other server machine runs OpenBSD as well. The problem is that eset.com claims that their product will run on Linux and FreeBSD, they say nothing about OpenBSD. I've heard rumors of NOD32 being also able to run on OpenBSD, but I *think* that was for earlier versions of NOD32. I'm not very fond of rumors, so I came here to ask your opinion about it. Does anyone here have any experience with NOD32 and OpenBSD? Or another really good antivirus that I may consider? Thanks in advance, Leonardo Rodrigues -- An OpenBSD user... and that's all you need to know =) On Tue, Oct 24, 2006 at 01:07:36AM -0500, Der Engel wrote: lol? Some people like to run antivirus software on UNIX boxes to ensure they're not carriers for Windows viruses, etc. Personally, I think it should be the responsibility of the Windows users to secure their own machines rather than relying on the kindness of others. -Damian
Re: Thank you OpenBSD, the sensors framework ROX!
On 10/24/06, andrew fresh [EMAIL PROTECTED] wrote: I just want to say thank you to the OpenBSD team. Over the weekend, one of our OpenBSD servers[1] had a fan die. Thanks to the sensors framework, and the Nagios[2] plugin I wrote[3], I found out it was broken, and I could also tell that the rest of the fans in the server were doing a fine job keeping it cool. That means I was able to replace the fan at my convienience. Without the sensors framework, I would probably not have noticed the fan being out until more fans died and the server overheated. [1] It one of our Internet routers, running OpenBGPd[4] [2] http://www.nagios.org [3] I swear this isn't an advertisement, but here's the link[5] [4] Thanks for OpenBGPd too! [5] http://openbsd.somedomain.net/nagios/ l8rZ, -- andrew - ICQ# 253198 - JID: [EMAIL PROTECTED] BOFH excuse of the day: Stale file handle (next time use Tupperware(tm)!) Very nice plugin i hoped someone will write something like that (way too much work now to touch oBSD). Cool domain name BTW. Best Laurent.
krb5 login help
I've been searching mailing lists, man pages, and google with no good results, so I'm here to ask for a little nudge in the right direction. I'm trying to configure 3.9 to authenticate against a Kerberos 5 realm. Kerberos is correctly configured (I can get a ticket via kinit). I've created a new user class and assigned krb5-or-pwd authentication (relevant portion of login.conf is below). I assigned a user to the class and attempted to login as that user. It would accept neither the kerberos nor local password (tried both through ssh and the local console). My next thought was that krb5 will allow authentication via a ticket only (and not interactive login), so I grabbed a ticket (kinit -f) on another system and tried to ssh in with the same results -- it prompted for a password and accepted neither the kerberos nor local passwords. I assume I'm missing a step here, but can't find any documentation or hints as to what that might be. I'd appreciate any links or suggestions on man pages that I should read. Thanks in advance. -- Don login.conf excerpt: - netid:\ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/ local/bin:\ :umask=022:\ :datasize-max=512M:\ :datasize-cur=512M:\ :maxproc-max=128:\ :maxproc-cur=64:\ :openfiles-cur=64:\ :stacksize-cur=4M:\ :localcipher=blowfish,6:\ :ypcipher=old:\ :auth=krb5-or-pwd:
Re: Oct 08 snapshot bad bug - AMD64
This machine experienced lockup on bge0 interface yesterday, the same interface which failed two weeks ago with earlier snapshot. Yesterday's failure was different in that the link status was stable (active), and it was possible to capture packets. However interface became unbound to its static address (although the address still appeared in ifconfig output) and was therefore unable to transmit packets. Additionally, the Oct 14 snapshot has caused regular bdwrite output in system log some of which is sampled below. Thanks OpenBSD 4.0-current (GENERIC) #716: Sat Oct 14 10:16:37 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073278976 (1048124K) avail mem = 907730944 (886456K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc0a0 (64 entries) bios0: Supermicro H8DA8/H8DAR ipmi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 246, 1994.64 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 4 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: irq 9, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: irq 9, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI iic0 at amdiic0 lm1 at iic0 addr 0x2d: W83627HF lm2 at iic0 addr 0x2f: W83792D rev D amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic1 at amdpm0 ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13 pci2 at ppb1 bus 3 bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:30:48:77:01:fc brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 9, address 00:30:48:77:01:fd brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 10 function 1 not configured ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13 pci3 at ppb2 bus 1 ppb3 at pci3 dev 1 function 0 Intel IOP331 PCIX-PCIX rev 0x07 pci4 at ppb3 bus 2 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: irq 10 ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 75340MB, 75340 cyl, 64 head, 32 sec, 512 bytes/sec, 154296320 sec total scsibus1 at ami0: 16 targets AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 11 function 1 not configured pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83627HF lm1 detached fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02 Oct 24 13:17:12 lead /bsd: bdwrite: force async write on the buffer 0x8b874378 Oct 24 13:19:09 lead /bsd: bdwrite: force async write on the buffer 0x8b874378 Oct 24 13:37:57 lead /bsd: bdwrite: force async write on the buffer 0x8b7fe838 Oct 24 13:38:32 lead /bsd: bdwrite: force async write on the buffer 0x8b874378 Oct 24 13:41:19 lead /bsd: bdwrite: force async write on the buffer
Re: OpenBSD AJAX
On Tue, Oct 24, 2006 at 01:30:02AM -0500, Sam Fourman Jr. wrote: Thanks for the Feedback everyone, my next question is Would it be Possible to use AJAX from a CGI made with C running from Apache that Ships w/ OpenBSD? Yes, although you'll be much happier with FastCGI. Also, consider Perl or PHP. This is not to say that C cannot do well at such tasks, but it is hardly typical [1]. Joachim [1] Then again, PHP is, and my opininion of PHP is, as some might know by now, not very high.
Re: krb5 login help
On 10/24/06, Donald J. Ankney [EMAIL PROTECTED] wrote: I've been searching mailing lists, man pages, and google with no good results, so I'm here to ask for a little nudge in the right direction. Did you turn on kerberos in sshd_config? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: krb5 login help
On Tue, 2006-10-24 at 09:22 -0700, Donald J. Ankney wrote: I assume I'm missing a step here, but can't find any documentation or hints as to what that might be. I'd appreciate any links or suggestions on man pages that I should read. what does your logs say? is your Kerberos server in DNS? is your time synced (within 5 min.) with the Kerberos server? -- Ryan Corder [EMAIL PROTECTED] Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: krb5 login help
I'm trying to configure 3.9 to authenticate against a Kerberos 5 realm. Kerberos is correctly configured (I can get a ticket via kinit). I've created a new user class and assigned krb5-or-pwd authentication (relevant portion of login.conf is below). I assigned a user to the class and attempted to login as that user. It would accept neither the kerberos nor local password (tried both through ssh and the local console). Did you give the wee beastie a host key on your kerberos server? both ssh and /bin/login will attempt to verify a host key against the server so that your kerberos server isn't getting spoofed. For example, one of mine looks like: # ktutil list FILE:/etc/kerberosV/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/[EMAIL PROTECTED] so you need to (on your kerb server) ensure you have a host/[EMAIL PROTECTED] key with the corresponding key in the keytab entry on your client machine -Bob
Re: Dell 2650 with unsupported Adaptec PERC 3/Di RAID controller?
Ingo Schwarze wrote: This might make it yet into some FAQ... :-/ been there for quite some time, actually: http://www.openbsd.org/faq/faq12.html#aac :) Nick. K Kadow wrote on Mon, Oct 23, 2006 at 08:47:06PM -0500: I've inherited a half dozen Dell PowerEdge 2650s with the PERC 3/Di Adaptec RAID controllers, mostly running old OpenBSD with the 'aac' RAID controller enabled. I'd like to put as little money (and time) into these as possible while still bringing them up to the latest supported OpenBSD release, and keeping the Dell support contracts in place. I'm willing to consider trading these in, but I don't see affordable rackmount servers from Dell or Sun with redundant power and hardware RAID. These servers have been up and running for years (as in 1000 day uptimes) without major issues, and with no complaints about performance or corruption. How big a risk am I taking by reinstalling these machines with 4.0 and a custom 'aac' kernel? ...
Re: Dell 2650 with unsupported Adaptec PERC 3/Di RAID controller?
Nick Holland wrote on Tue, Oct 24, 2006 at 04:05:20PM -0400: Ingo Schwarze wrote: This might make it yet into some FAQ... :-/ been there for quite some time, actually: http://www.openbsd.org/faq/faq12.html#aac Oooops. Put my foot in it. Even though the quality of the FAQ is well-known, *sometimes* it happens to come as a surprise. =:c) :)
Re: krb5 login help
On Oct 24, 2006, at 12:29 PM, Bob Beck wrote: Did you give the wee beastie a host key on your kerberos server? both ssh and /bin/login will attempt to verify a host key against the server so that your kerberos server isn't getting spoofed. I think this is the place where I'm running into problems. Checking my authlog, I find: krb5-or-pwd: verify: Server not found in Kerberos database The next problem is that I don't control the server (I'm trying to authenticate my departmental server against the university-wide kerberos server). I'll dig into google on that one, but on a conceptual note, don't I just need to have their key stored on my client and not vice versa? This should be a one-way trust (me trusting them, not vice-versa), right? Or are there security implications that I'm not understanding with Kerberos?
Current AMD64 DMESG on Sun X2100 M2
Hi all, Just for the records and for the interested in case you were looking at the new Sun X2100 M2. Here is the DMESG for it as of Sun Oct 22 22:42:18 MDT 2006. A few more devices are present in the current version oppose to the 4.0 release version. Very short differences: -mainbus0: Intel MP Specification (Version 1.4) (nVidia MCP55 ) +mainbus0: Intel MP Specification (Version 1.4) -pcib0 at pci0 dev 1 function 0 vendor NVIDIA, unknown product 0x0364 rev 0xa3 +pcib0 at pci0 dev 1 function 0 NVIDIA MCP55 ISA rev 0xa3 -vga1 at pci1 dev 5 function 0 unknown vendor 0x1a03 product 0x2000 rev 0x00 +vga1 at pci1 dev 5 function 0 ASPEED Technology AST2000 rev 0x00 -ukphy0 at nfe0 phy 2: Generic IEEE 802.3u media interface, rev. 1: OUI 0x005043, model 0x000b +eephy0 at nfe0 phy 2: Marvell 88E1149 Gigabit PHY, rev. 1 -ukphy1 at nfe1 phy 3: Generic IEEE 802.3u media interface, rev. 1: OUI 0x005043, model 0x000b +eephy1 at nfe1 phy 3: Marvell 88E1149 Gigabit PHY, rev. 1 -bge0 at pci6 dev 4 function 0 Broadcom BCM5715 rev 0xa3, unknown BCM5714 (0x9003): apic 2 int 15 (irq 15), address 00:16:36:76:0e:25 +bge0 at pci6 dev 4 function 0 Broadcom BCM5715 rev 0xa3, BCM5715 A3 (0x9003): apic 2 int 15 (irq 15), address 00:16:36:76:0e:25 -bge1 at pci6 dev 4 function 1 Broadcom BCM5715 rev 0xa3, unknown BCM5714 (0x9003): apic 2 int 10 (irq 10), address 00:16:36:76:0e:26 +bge1 at pci6 dev 4 function 1 Broadcom BCM5715 rev 0xa3, BCM5715 A3 (0x9003): apic 2 int 10 (irq 10), address 00:16:36:76:0e:26 All else stay the same. Full dmesg below if interested. Best, Daniel OpenBSD 4.0-current (GENERIC.MP) #999: Sun Oct 22 22:42:18 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 536408064 (523836K) avail mem = 447303680 (436820K) using 13147 buffers containing 53850112 bytes (52588K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbdc0 (36 entries) bios0: Sun Microsystems X2100 M2 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual-Core AMD Opteron(tm) Processor 1210, 1809.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 201MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual-Core AMD Opteron(tm) Processor 1210, 1809.27 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type PCI mpbios: bus 7 is type PCI mpbios: bus 8 is type PCI mpbios: bus 9 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 NVIDIA MCP55 Memory rev 0xa2 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA MCP55 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 NVIDIA MCP55 SMBus rev 0xa3 iic0 at nviic0: disabled to avoid ipmi0 interactions iic1 at nviic0: disabled to avoid ipmi0 interactions ohci0 at pci0 dev 2 function 0 NVIDIA MCP55 USB rev 0xa1: apic 2 int 15 (irq 15), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered ehci0 at pci0 dev 2 function 1 NVIDIA MCP55 USB rev 0xa2: apic 2 int 7 (irq 7) usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 8 ports with 8 removable, self powered pciide0 at pci0 dev 4 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-ROM SR-8178, PZ16 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 5 function 0 NVIDIA MCP55 SATA rev 0xa3: DMA pciide1: using apic 2 int 10 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: HITACHI HDS7225SBSUN250G 0634NRTRTJ wd0: 16-sector PIO, LBA48, 238471MB, 488390625 sectors wd0(pciide1:0:0):
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
On Mon, Oct 23, 2006 at 01:24:11PM -0400, Daniel Ouellet wrote: Stuart Henderson wrote: On 2006/10/22 17:29, Daniel Ouellet wrote: It work,s but as soon as the setup for OpenBSD start to boot the bsd.rd, the access to both the ethernet management port as well as the serial console is lost and the only way is to use local keyboard and monitor. Usually BIOS serial redirection stops after the bootloader, so you have to 'set tty com0' (either typed or, if you're booting from PXE you can place it in $TFTPROOT/etc/boot.conf) But you can't do that if you boot from CD for example to do a fresh install. I was trying to see if I could do that for future needs before installing it in the field. But no success. (: As for regular operation, I will try this and see if that does any difference. The ethernet management is probably asf/ipmi and I guess it would be on one of the broadcom nics, bge(4) doesn't support this at present (was added for a short while but removed again, if_bge.c 1.104-1.106) It is the bge1 interface actually on this box. 4 ethernet, 2 card slots, LOM improvements... sounds like it's a lot more useful machine. So far looks like a very nice server. Front loaded SAS drives, could do RAID as well, (don't know if that works well or not, didn't try yet), dual core CPU and a bunch more of nice features. I wasn't sure OpenBSD was going to work, so I took a chance, got one for testing and see. So, far, pretty nice! A few things don't look right in DMESG, but nothing that is a show stopper yet anyway. Just this management interface, either serial, or Ethernet that doesn't work. Would be nice, but I can live without. It's not to much of a drive, about 40 minutes at worst. But I have to say that I much prefer that box to my IBM 326e or HP 145 G2 or G1 so far. I have nothing bad to say about it yet anyway. Minor things, that's all. Besides the Broadcom, what other nic is on the system board? ISTR newer x2100's shipping with Nvidia ck8-04 Gigabit Ethernet for the primary interface which may not be supported. I believe all of our x2100's are running Solaris 10; I can check to see if we have one available for testing with OpenBSD. I know for a fact that we have the BIOS and console writing to serial port A under Solaris 10. -Damian
Re: krb5 login help
Original message Date: Tue, 24 Oct 2006 13:28:20 -0700 From: Donald J. Ankney [EMAIL PROTECTED] Subject: Re: krb5 login help To: Bob Beck [EMAIL PROTECTED] Cc: misc@openbsd.org On Oct 24, 2006, at 12:29 PM, Bob Beck wrote: Did you give the wee beastie a host key on your kerberos server? both ssh and /bin/login will attempt to verify a host key against the server so that your kerberos server isn't getting spoofed. I think this is the place where I'm running into problems. Checking my authlog, I find: krb5-or-pwd: verify: Server not found in Kerberos database The next problem is that I don't control the server (I'm trying to authenticate my departmental server against the university-wide kerberos server). I'll dig into google on that one, but on a conceptual note, don't I just need to have their key stored on my client and not vice versa? This should be a one-way trust (me trusting them, not vice-versa), right? Or are there security implications that I'm not understanding with Kerberos? you need to extract the keytab for the host you want to allow kerberosV authentication on from the kerberosV server against which you want to authenticate. if you are authenticating against the university-wide server, you need to have keytabs generated by the university-wide server and then put those on your machine. if you are administrating the whole realm, this is easy enough to via kadmin. do info heimdal and read the part about keytabs. otherwise you will need to have someone generate host keys for each of your hosts and get those keys to you.
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
Damian Wiest wrote: Besides the Broadcom, what other nic is on the system board? ISTR newer x2100's shipping with Nvidia ck8-04 Gigabit Ethernet for the primary interface which may not be supported. It's in the dmesg in archive: Two Broadcom bge Broadcom BCM5715 and two NVIDIA nfe NVIDIA MCP55 LAN I believe all of our x2100's are running Solaris 10; I can check to see if we have one available for testing with OpenBSD. I know for a fact that we have the BIOS and console writing to serial port A under Solaris 10. It must be as Sun needs to support it's own stuff right? (: But so far it's not in OpenBSD. (:
Re: krb5 login help
Original message Date: Tue, 24 Oct 2006 15:50:58 -0500 (CDT) From: Jacob Yocom-Piatt [EMAIL PROTECTED] Subject: Re: krb5 login help To: misc@openbsd.org The next problem is that I don't control the server (I'm trying to authenticate my departmental server against the university-wide kerberos server). I'll dig into google on that one, but on a conceptual note, don't I just need to have their key stored on my client and not vice versa? This should be a one-way trust (me trusting them, not vice-versa), right? Or are there security implications that I'm not understanding with Kerberos? oops, i may have misunderstood your post in my first response. from the sound of it, you want to do cross realm authentication. i am guessing that your setup is as below DEPT.WASHINGTON.EDU = your realm, WASHINGTON.EDU = whole university realm you control the DEPT.WASHINGTON.EDU kdc and want users with DEPT.WASHINGTON.EDU tickets to be able to authenticate against WASHINGTON.EDU. add a principal krbtgt/[EMAIL PROTECTED] to both the DEPT.WASHINGTON.EDU kdc and the WASHINGTON.EDU kdc. the key for this principal needs to be identical on both hosts. this should give one way trust and not allow WASHINGTON.EDU ticket holders to get into the DEPT.WASHINGTON.EDU show. you will certainly need to work with the admin for the WASHINGTON.EDU realm to get this working. google for cross realm authentication heimdal to dig up more info. cheers, jake
Re: krb5 login help
The kerberos server admins have to add you a host key, they then give
you that key and you put it in a keytab file on your client. I.e. they
a kadmin addprinc -pw somepassword host/[EMAIL PROTECTED]
and give you the result to put in a keytab file.
Doing this ensures you can ask the server to send you something
encrypted with your key. If you don't do this, your kerberos
authentication is spoofable by anyone who can intercept traffic
between you and the kerb server.
So actually, you have to ask them for the host key :) Ask
them - they should give you one.
No there isn't a nob to turn it off, that would be insecure.
Personally, how we do it here on this campus is we have an https
secured web page (https://password.srv.ualberta.ca/krb/) that we allow
any campus LAN admin types to log into and get a principal created or
modified that is of the form
host/[EMAIL PROTECTED] How your campus
kerberos admins choose to do this I wouldn't know, sorry, you'll have
to break down and ask them.
-Bob
* Donald J. Ankney [EMAIL PROTECTED] [2006-10-24 14:27]:
On Oct 24, 2006, at 12:29 PM, Bob Beck wrote:
Did you give the wee beastie a host key on your kerberos server?
both ssh and /bin/login will attempt to verify a host key against
the server so that your kerberos server isn't getting spoofed.
I think this is the place where I'm running into problems. Checking
my authlog, I find:
krb5-or-pwd: verify: Server not found in Kerberos database
The next problem is that I don't control the server (I'm trying to
authenticate my departmental server against the university-wide
kerberos server). I'll dig into google on that one, but on a
conceptual note, don't I just need to have their key stored on my
client and not vice versa? This should be a one-way trust (me
trusting them, not vice-versa), right? Or are there security
implications that I'm not understanding with Kerberos?
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
Re: AF_ISO, SOCK_RAW - mysterious phenomena in OpenBSD
Karel Kulhavy [EMAIL PROTECTED] writes: How do I do this C call taken from a Linux program on OpenBSD? socket(PF_PACKET, SOCK_RAW, htons(0x4254)) man socket on OpenBSD offers AF_ISO (ISO protocols) which sounds like it could be access to individual ISO stack layers including layer 2? However ... When I wrote something using SOCK_RAW, some time back, I ended up digging through kernel sources and experimenting to figure out how it worked. There were some non-obvious features like setting the address family, using setsockopt(,IPPROTO_IP,IP_HDRINCL, and etc. that were good to know. You might also want to check out tcpdump and libpcap - either the source for coding examples, or the tool or library for a higher level interface to generate packet traffic. AF_ISO is obselete - it got removed in openbsd some time ago. 4.4bsd had an arpa funded implementation of all of the iso networking standards, but somehow these just never did displace TCP/IP. For a dated but entertaining perspective on the ISO networking reference model vs. ietf, check out: RFC 871 A Perspective On The Arpanet Reference Model M.A. Padlipsky It's fashionable today to map TCP/IP layers into the iso networking reference model, but this is merely for human convenience, it's not something you'd code into a program. -Marcus Watts
I need help in interpreting some Docs
Hi, I'm posting this to both OpenBSD and Snort mailing lists. In reading through the snort documentation, in section 1.5 (Inline mode), they state the following... In order for Snort Inline to work properly, Download and compile the iptables code to include make install-devel. (http://www,iptables.org) Would I do the make install-devel from within the Snort's Source build system, or the iptables build system?. This will install the libipq library that allows snort Inline to interface with iptables. Also, you must build and install LibNet, which is available from www.packetfactory.net. Ok, all fine and well, but I'm using snort on an OpenBSD platform, which uses PF instead of iptables... I'm assuming that iptables is only for Linux, or does OpenBSD also use iptables? I didn't see any mention of it in either OpenBSD docs or Snort docs other then this, and as far as I can remember, iptables is used primarily with Linux, is that right? Would I follow the same installation procedures? or would I ditch this effort alltogether and write it off as something OpenBSD is not setup to do, or is there an alternative I can use with Snort? I haven't looked at Snort since 2003, and from reading the new docs, a lot of new features have been added, some of which I haven't come across yet. I'm basically setting up snort that if it sees a Priority one attack it executes a script or Binary file, well, actually it will instantiate a thread that does this in whatever scripting language I choose (Python) in my case. I Haven't read ALL the new stuff yet, but am ready to install any additional utilities, like Barnyard. Which I already have running. Is it possible to use Snort in normal NIDS mode, then when I get a higher priority attach, to switch to Inline mode? How fast can Snort switch from one mode to another? Also, is it possible to use Snort to look at a binary file and display contents via the ./snort -dvr option while snort is running? Thanx John
Re: OpenBSD AJAX
2006/10/24, Marc Espie [EMAIL PROTECTED]: There are two perl frameworks, for instance. And ruby-on-rail is known to rely on java. Ruby on Rails has AJAX features, it includes some javascript libraries (if desired). It does not rely on java.. Wijnand
Re: Modemsupport?
No, winmodes are not supported. Only actual modems are supported. On Wed, Oct 25, 2006 at 01:18:39AM +0200, [EMAIL PROTECTED] wrote: Well I just asked myself if OpenBSD does support any build in modem found on any Laptop? I had a old Laptop and in my Dmesg was a Modemchip from VIA wich wasn`t supported. Now I do own a Thinkpad and I`ve a INTEL Modem-Chip wich isn`t supported either. It`s no request to add such support (even it would be great) but man -k modem doesn`t provide a neat list either. chat (8) - automated conversational script with a modem ueagle (4) - Analog Devices Eagle ADSL modems umodem (4) - USB modem support umsm (4) - Qualcomm MSM EVDO modem driver So does OpenBSD support any Modems except some via USB? Kind regards, Sebastian
Simple through put quick tests
Hi, Any better way or suggestion to test through put on various network cards and architecture to find one somewhat meaning full numbers for kpps other then doing timed flooding pings? I am trying to tests a bunch of different network cards, on different architecture with different loads for I386 and AMD64 on AMD servers to get something not that scientific, but somewhat meaning full and valid to compare things. Any suggestion on how to proceed to get more valuable numbers and that can be somewhat more comparable between different servers type. Also, looking at ping to the loop back interface and comparing to the network one gateway and remote, etc. Just trying to find a somewhat valid way to do it and compare it and isolated if possible what's the architecture limitation of the processor, etc compare to the network card and driver itself only. Many not be possible, but getting close to somewhat comparable number is fine. Input very much appreciated? Daniel
Re: Modemsupport?
On 2006/10/25 01:18, [EMAIL PROTECTED] wrote: I had a old Laptop and in my Dmesg was a Modemchip from VIA wich wasn`t supported. Now I do own a Thinkpad and I`ve a INTEL Modem-Chip wich isn`t supported either. Often they're no modem chip, just a telephone line interface to the sound codec, and the modulation/demodulation is done on the cpu. So does OpenBSD support any Modems except some via USB? Anything with a standard RS232 interface - puc(4), com(4) - and some USB (though other USB will not work).
Re: Modemsupport?
On 10/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well I just asked myself if OpenBSD does support any build in modem found on any Laptop? I had a old Laptop and in my Dmesg was a Modemchip from VIA wich wasn`t supported. Now I do own a Thinkpad and I`ve a INTEL Modem-Chip wich isn`t supported either. It`s no request to add such support (even it would be great) but man -k modem doesn`t provide a neat list either. chat (8) - automated conversational script with a modem ueagle (4) - Analog Devices Eagle ADSL modems umodem (4) - USB modem support umsm (4) - Qualcomm MSM EVDO modem driver So does OpenBSD support any Modems except some via USB? Yes. Supported: Serial ports, including: * Most modems, digital cellular modems, and serial cards should work. * AudioVOX GSM/GPRS modems * Novatel Wireless Merlin U530 and U630 GSM/GPRS/UMTS modems * Siemens Connect2AIR GSM/GPRS modems * Sierra Wireless A550, A555 CDMA 1x, and A710, A750 GSM/GPRS modems * Sony Ericsson GC75 GSM/GPRS modems * Sony Ericsson GC89 GSM/GPRS/EGDE modems Not supported: * Winmodems Pretty simple, huh? Greg
Problem when mount USB to OpenBSD
Hi Can you please tell me how to fix this problem? Thanks a lot I am trying to mount a USB pen drive to OpenBSD. When i connect the usb to the computer there is no notice or lines appear. I run usbdevs and it return addr 1: UHCI root, hub ,Intel addr 2: USB MP3, vendor 0x0d7d addr 3: UHCI root, hub ,Intel addr 4: UHCI root, hub ,Intel So there is my usb pen i have tried mount -t msdos /dev/usb0 /mnt/usb and it return that block device required i tried disklabel usb0 it return back that there are 2 partition c and i and the i is the same size as c i is ms-dos type so i tried to mount -t msdos /dev/usb0i /mnt/usb and got the message No such file and directory -- View this message in context: http://www.nabble.com/Problem-when-mount-USB-to-OpenBSD-tf2504877.html#a6983796 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Modemsupport?
On 10/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well I just asked myself if OpenBSD does support any build in modem found on any Laptop? I had a old Laptop and in my Dmesg was a Modemchip from VIA wich wasn`t supported. Now I do own a Thinkpad and I`ve a INTEL Modem-Chip wich isn`t supported either. It`s no request to add such support (even it would be great) but man -k modem doesn`t provide a neat list either. I had a cardbus modem that was supported. I don't remember which now. Good luck finding a built-in 'modem' that works.
Re: OpenBSD AJAX
Ryan, Joachim (, others): You mentioned that you dislike PHP. I would be curious to learn your reasons for this. I'm not trying to instigate religious wars or the like, it's just that my programming skills are mostly nonexistant coughGW BASIC shell scripts/cough and I'm thinking of properly learning PHP, kind of as an evolutionary step, up from XHTML. Should a coding n00b like myself avoid PHP like the plague, or do your reasons only come into play once a certain level of programming proficiency is attained? Thanks and regards, --ropers PS: I probably could see that the mere fact that PHP does server-side processing could be seen as a huge downside as opposed to ECMAscript / AJAX, where processing occurs on the client side. OTOH, you're not supposed to trust the client -- and I know that pretty friggin large PHP-script deployments do exist, eg. MediaWiki/Wikipedia. (Then again, WP uses a slew of Squid proxies...)
Re: Problem when mount USB to OpenBSD
Run dmesg and you'll see it's /dev/sd0 that is connected After that disklabel sd0 shows you the label, most likely the only partition is sd0a. # Han
Re: Problem when mount USB to OpenBSD
On 10/24/06, Maverick [EMAIL PROTECTED] wrote: Hi Can you please tell me how to fix this problem? Thanks a lot I am trying to mount a USB pen drive to OpenBSD. When i connect the usb to the computer there is no notice or lines appear. I run usbdevs and it return addr 1: UHCI root, hub ,Intel addr 2: USB MP3, vendor 0x0d7d addr 3: UHCI root, hub ,Intel addr 4: UHCI root, hub ,Intel So there is my usb pen i have tried mount -t msdos /dev/usb0 /mnt/usb and it return that block device required i tried disklabel usb0 it return back that there are 2 partition c and i and the i is the same size as c i is ms-dos type so i tried to mount -t msdos /dev/usb0i /mnt/usb and got the message No such file and directory Hmmm, I thought USB drives showed up as SCSI? Isn't /dev/usb0 just the bus? At least I'm still doing the following: mount_msdos /dev/sd0i /mnt Also, in addition to usbdevs you should be providing a dmesg. Greg
Re: Problem when mount USB to OpenBSD
On 2006/10/24 16:49, Maverick wrote: Can you please tell me how to fix this problem? Thanks a lot I am trying to mount a USB pen drive to OpenBSD. When i connect the usb to the computer there is no notice or lines appear. send a full dmesg... see http://www.openbsd.org/mail.html Sent from the openbsd user - misc mailing list archive at Nabble.com. even they say Please, read the FAQ and the installation documents, and see How to report a Problem before posting.
Re: Modemsupport?
No, winmodes are not supported. Only actual modems are supported. Well I`m no expert marco but is every Modemchip found on a Motherboard or included into a Laptop a Winmodem? As far as I know Winmodem is a company and I always thought if I`ve read about this Winmodems are no supported-stuff that it`s related to Modems of this company. Kind regards, Sebastian p.s. Is the INTEL82801DB Modem not acutal naymore? It`s build in into my IBM R51 Thinkpad. (Just in Case you need a example Modem-Chip) :)
Re: OpenBSD / NetBSD systrace kernel integer overflow
On 24/10/06, Nicolas Martzel [EMAIL PROTECTED] wrote: I thank you all, but M ropers whom the reaction is displaced. :D Thank you. :-) That's almost the only time I've laughed today. (Hey, no hard feelings, right?) --ropers
Re: Problem when mount USB to OpenBSD
Oh, yeah, don't forget that OpenBSD has an excellent FAQ: http://www.openbsd.org/faq/faq14.html#flashmem On 10/24/06, Maverick [EMAIL PROTECTED] wrote: Hi Can you please tell me how to fix this problem? Thanks a lot I am trying to mount a USB pen drive to OpenBSD. When i connect the usb to the computer there is no notice or lines appear. I run usbdevs and it return addr 1: UHCI root, hub ,Intel addr 2: USB MP3, vendor 0x0d7d addr 3: UHCI root, hub ,Intel addr 4: UHCI root, hub ,Intel So there is my usb pen i have tried mount -t msdos /dev/usb0 /mnt/usb and it return that block device required i tried disklabel usb0 it return back that there are 2 partition c and i and the i is the same size as c i is ms-dos type so i tried to mount -t msdos /dev/usb0i /mnt/usb and got the message No such file and directory -- View this message in context: http://www.nabble.com/Problem-when-mount-USB-to-OpenBSD-tf2504877.html#a6983796 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: I need help in interpreting some Docs
I'll top-post because there's a lot of info there that I just don't know the answers to. I think you have to use regular snort + snortsam. --Bryan ps. is the snort-user list a gmail address now? On 10/24/06, John Draper [EMAIL PROTECTED] wrote: Hi, I'm posting this to both OpenBSD and Snort mailing lists. In reading through the snort documentation, in section 1.5 (Inline mode), they state the following... In order for Snort Inline to work properly, Download and compile the iptables code to include make install-devel. (http://www,iptables.org) Would I do the make install-devel from within the Snort's Source build system, or the iptables build system?. This will install the libipq library that allows snort Inline to interface with iptables. Also, you must build and install LibNet, which is available from www.packetfactory.net. Ok, all fine and well, but I'm using snort on an OpenBSD platform, which uses PF instead of iptables... I'm assuming that iptables is only for Linux, or does OpenBSD also use iptables? I didn't see any mention of it in either OpenBSD docs or Snort docs other then this, and as far as I can remember, iptables is used primarily with Linux, is that right? Would I follow the same installation procedures? or would I ditch this effort alltogether and write it off as something OpenBSD is not setup to do, or is there an alternative I can use with Snort? I haven't looked at Snort since 2003, and from reading the new docs, a lot of new features have been added, some of which I haven't come across yet. I'm basically setting up snort that if it sees a Priority one attack it executes a script or Binary file, well, actually it will instantiate a thread that does this in whatever scripting language I choose (Python) in my case. I Haven't read ALL the new stuff yet, but am ready to install any additional utilities, like Barnyard. Which I already have running. Is it possible to use Snort in normal NIDS mode, then when I get a higher priority attach, to switch to Inline mode? How fast can Snort switch from one mode to another? Also, is it possible to use Snort to look at a binary file and display contents via the ./snort -dvr option while snort is running? Thanx John
Re: Problem when mount USB to OpenBSD
Greg Thomas-3 wrote: On 10/24/06, Maverick [EMAIL PROTECTED] wrote: Hi Can you please tell me how to fix this problem? Thanks a lot I am trying to mount a USB pen drive to OpenBSD. When i connect the usb to the computer there is no notice or lines appear. I run usbdevs and it return addr 1: UHCI root, hub ,Intel addr 2: USB MP3, vendor 0x0d7d addr 3: UHCI root, hub ,Intel addr 4: UHCI root, hub ,Intel So there is my usb pen i have tried mount -t msdos /dev/usb0 /mnt/usb and it return that block device required i tried disklabel usb0 it return back that there are 2 partition c and i and the i is the same size as c i is ms-dos type so i tried to mount -t msdos /dev/usb0i /mnt/usb and got the message No such file and directory Hmmm, I thought USB drives showed up as SCSI? Isn't /dev/usb0 just the bus? At least I'm still doing the following: mount_msdos /dev/sd0i /mnt Also, in addition to usbdevs you should be providing a dmesg. Greg hi yeahhh it working Sorry i am a new bee to Unix in general. I having another question. Can we intall firefox in openbsd? -- View this message in context: http://www.nabble.com/Problem-when-mount-USB-to-OpenBSD-tf2504877.html#a6984204 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Modemsupport?
On 10/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: No, winmodes are not supported. Only actual modems are supported. Well I`m no expert marco but is every Modemchip found on a Motherboard or included into a Laptop a Winmodem? As far as I know Winmodem is a company and I always thought if I`ve read about this Winmodems are no supported-stuff that it`s related to Modems of this company. p.s. Is the INTEL82801DB Modem not acutal naymore? It`s build in into my IBM R51 Thinkpad. (Just in Case you need a example Modem-Chip) :) I believe the INTEL82801DB is the audio controller so like Stuart said, you just have a phone line input to the sound chip. Greg
Re: OpenBSD AJAX
On Wed, Oct 25, 2006 at 01:56:32AM +0200, ropers wrote: Ryan, Joachim (, others): You mentioned that you dislike PHP. I would be curious to learn your reasons for this. I'm not trying to instigate religious wars or the like, it's just that my programming skills are mostly nonexistant coughGW BASIC shell scripts/cough and I'm thinking of properly learning PHP, kind of as an evolutionary step, up from XHTML. Should a coding n00b like myself avoid PHP like the plague, or do your reasons only come into play once a certain level of programming proficiency is attained? Thanks and regards, --ropers PS: I probably could see that the mere fact that PHP does server-side processing could be seen as a huge downside as opposed to ECMAscript / AJAX, where processing occurs on the client side. OTOH, you're not supposed to trust the client -- and I know that pretty friggin large PHP-script deployments do exist, eg. MediaWiki/Wikipedia. (Then again, WP uses a slew of Squid proxies...) Since you included others above... To your post script, there's not all that much interesting you can do with client side scripts without backend support on the server. As for PHP vs. the rest, it depends on what your goals are. If you just want to learn something then try Ruby instead. It's cleaner, it's cooler. If you want to learn potential web development job skills then PHP ain't a bad thing to know. If you're looking to find canned scripts then PHP has an edge. If you're looking to develop web stuff for yourself then Ruby/Rails, Python/Zope, Perl/Catalyst are all, IMHO, better than PHP/Cake. Lots of people *love* PHP, but the common sentiment on this list doesn't seem to be love. I can work in PHP, but given the choice I'll pick something else. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
On Tue, Oct 24, 2006 at 05:24:43PM -0400, Daniel Ouellet wrote: Damian Wiest wrote: Besides the Broadcom, what other nic is on the system board? ISTR newer x2100's shipping with Nvidia ck8-04 Gigabit Ethernet for the primary interface which may not be supported. It's in the dmesg in archive: Two Broadcom bge Broadcom BCM5715 and two NVIDIA nfe NVIDIA MCP55 LAN I believe all of our x2100's are running Solaris 10; I can check to see if we have one available for testing with OpenBSD. I know for a fact that we have the BIOS and console writing to serial port A under Solaris 10. It must be as Sun needs to support it's own stuff right? (: That's actually not a given IFIRK Sun says the RAID on the 2100's is Windows only. -- Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Problem when mount USB to OpenBSD
http://openbsd.org/faq/index.html hi yeahhh it working Sorry i am a new bee to Unix in general. I having another question. Can we intall firefox in openbsd?
Automating updates question
While I fully realize that installing from ports is not the accepted process for anyone except for developers, I wish to start helping out in any way I can; though, being a low-skilled OpenBSD programmer tends to hurt more then help. I started looking at using my spare machine (it only plays music to the stereo and has a lot of unused cycles) to help test snapshots and new ports. After bringing the base system to current, I found it a major headache to update the ports from the initial 3.9 stable branch to current. The problem stemmed from trying to build updated ports and having to manually pkg_delete all of my previously installed software and rebuild from scratch. It seemed rather silly to me to manually tear my entire system down for updates when I could be better using the system to test the installed applications. Thinking about how a lot of developers use OpenBSD as their main system (and presuming that they are not mixing stable with current) I feel there must be a more efficient way of updating the installed packages/ports. It seems that this type of updating would be a tremendous time sink for those actually doing the hard work. Would anyone care to share their tips on keeping their own machines current without having to uninstall/reinstall every time they update?
Re: OpenBSD AJAX
On 10/24/06, ropers [EMAIL PROTECTED] wrote: You mentioned that you dislike PHP. I would be curious to learn your reasons for this. If you look back at the history of PHP, it was created so that non-programmers can easily program. Well, if you want to see the results of a non-programmer writing scripts, go google Not Matt's Scripts and read the reason it was created. Then look again at the library of PHP scripts out there, and consider them in light of Not Matt's Scripts. Then, go look in bugtraq and see what's the most common package/backend that gets reported. Then do a quick google using terms PHP, security and issues. It is not impossible to write secure software with PHP, from what I understand, but the previous versions actively do not help you that way. The claim I've heard is that PHP5 tries to address some of these issue. How successful, I have no idea. Now consider OpenBSD's developers and userbase - what is the most important thing to us? Correctness. How does it fit with PHP's mindset? Or vice versa? The recommendation is python (or at least, if I ever want to pick up programming, it'll be python).
Re: OpenBSD AJAX
On Wed, 25 Oct 2006, ropers wrote: Ryan, Joachim (, others): Should a coding n00b like myself avoid PHP like the plague, or do your reasons only come into play once a certain level of programming proficiency is attained? If you want to learn a web-oriented programming, go with Ruby. Best of all possible web environments. Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
Re: Modemsupport?
[EMAIL PROTECTED] wrote: No, winmodes are not supported. Only actual modems are supported. Well I`m no expert marco but is every Modemchip found on a Motherboard or included into a Laptop a Winmodem? I have not seen a single exception to that in a very long time. If you didn't pay extra money for it, it's a winmodem. If you DID pay extra for it, it probably is a winmodem, too, but there are exceptions there, at least... There have even been a few laptops marketed as Open source friendly, which had...you guessed it!...winmodems which were unsupported on the OS they shipped with. Oops. That gives you some idea how hard the dang things are to avoid. As far as I know Winmodem is a company and I always thought if I`ve read about this Winmodems are no supported-stuff that it`s related to Modems of this company. There may be a company that used the term winmodem, but it has mostly been used to indicate any of a very large number of diverse and incompatible mostly-software modems from many manufacturers. Long before most people had heard of Linux or OpenBSD, the term winmodem was a non-complementary term...even in the days when people were just trying to get the dang things working in Windows. Nick.
Re: OpenBSD AJAX
Thank you all for the input this is GREAT I have always liked Procedural languages as well as compiled languages, I tend not to like runtimes. One of the Major reasons for FINALLY ditching Windows, cold turkey and switching to OpenBSD, was I felt that Windows in general made it hard to code in C, and i didn't see that changing, with the new whizzbang WinFX .NET mess. that said, is it not a wise decision to develop a large AJAX / PostgreSQL application (For a government client), where the code base will be around for a certain 15 years(the current application is FoxPro 2.6 1991 Runtime) Security is Paramount(hence the OpenBSD over Rhat Choice for the Operating System, and PostgreSQL over MySQL for the database) it would seem to me that C is PostgreSQL's Native language and OpenBSD developers prefer C the uphill battle may be worth it. I am Searching the Internet for a Basic Hello World Ajax sample written in C if anyone has one laying around please reply to this post Sam Fourman Jr. On 10/24/06, L. V. Lammert [EMAIL PROTECTED] wrote: On Wed, 25 Oct 2006, ropers wrote: Ryan, Joachim (, others): Should a coding n00b like myself avoid PHP like the plague, or do your reasons only come into play once a certain level of programming proficiency is attained? If you want to learn a web-oriented programming, go with Ruby. Best of all possible web environments. Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
Re: Ierrs on dual firewalls
Interesting... net.ip.ifq.drops was indeed showing quite a bit of activity. I ratcheted up the net.ip.ifq.maxlen a bit based on the recommendations I've seen (up to 250-300), and the general performance improved quite a bit. The 'drops' stabilized pretty cleanly for a while, and video stuff seemed much cleaner, even during our inbound peak hours of over 100Mbps / 14k pps. However, I'm seeing right now (which is REALLY weird) way more incrementing counters on 'drops' (when our inbound bandwidth/pps is around 80 Mbps / 8.5k pps) than I was seeing earlier today when we were running around 110 Mbps / 13k pps. MRTG also shows lots of 'Errors In' on the OpenBSD firewall interfaces, though nothing on the Cisco switch it's hooked to. Doing a 'netstat -idq' and checking the 'Ierrs' field show a lot of increasing input errors which correlate to the 'Errors In' field in MRTG. # netstat -idq NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls Drop em2 1500 Link 00:04:23:c2:4c:2a 4111541158 9735 3500050722 0 00 Very odd indeed. I don't think we're pushing THAT much traffic. It seems like we're now getting more errors with less traffic. I like using MP for the IOAPIC to reduce interrupts, but I'll try uni-processor mode just to see what happens. Other ideas? On 10/23/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/10/23 15:08, Gunga Din wrote: We have two OpenBSD firewalls running in CARP redundant mode, one active, one standby. The problem we've been seeing for a while appears to be packet loss at our firewall once we reach or surpass around 100Mbps / 12k pps. I've seen this show up on both 3.9 stock and the download of 4.0. It is replicable on both boxes. how's net.ip.ifq.drops? if it's showing many drops then bump net.inet.ifq.maxlen (maybe in the 100-300 range but you'll need to test to find what works best). maybe worth trying a uniprocessor kernel too. OpenBSD 4.0 (GENERIC.MP) #933: Fri Sep 1 12:06:05 MDT 2006 not quite 4.0 :-) (#936: Sat Sep 16)
Re: Modemsupport?
On Tuesday 24 October 2006 19:47, Stuart Henderson wrote: On 2006/10/25 01:18, [EMAIL PROTECTED] wrote: I had a old Laptop and in my Dmesg was a Modemchip from VIA wich wasn`t supported. Now I do own a Thinkpad and I`ve a INTEL Modem-Chip wich isn`t supported either. Often they're no modem chip, just a telephone line interface to the sound codec, and the modulation/demodulation is done on the cpu. So does OpenBSD support any Modems except some via USB? Anything with a standard RS232 interface - puc(4), com(4) - and some USB (though other USB will not work). I have a cardbus modem that I've used for years. The relevant line in the dmesg data is pccom3 at pcmcia1 function 0 U.S. Robotics, XJ/CC1560, Megahertz 56kbps \ Modem port 0xa3f8/8: ns16550a, 16 byte fifo --STeve Andre'
Re: OpenBSD AJAX
On 10/24/06, Sam Fourman Jr. [EMAIL PROTECTED] wrote: I am Searching the Internet for a Basic Hello World Ajax sample written in C if anyone has one laying around please reply to this post AJAX is a concept, not a language. Read up on XMLRPC and take it from there (-:
Re: Sun x2100 M2 DMESG weirdenn and remote access. OpenBSD 4.0
stan wrote: That's actually not a given IFIRK Sun says the RAID on the 2100's is Windows only. Interesting! I didn't read that. Must have skip my reading then somehow. The choice are in the BIOS to enable it. I didn't buy two drives as it was for testing only, so I can't say if it would work or not for sure, or if it would be supported in OpenBSD or not. No clue. If there is feedback as to it should be supported, not only in Windows, and some are interested to know if it does or not, I could buy an other drive and try it. Not that I will need two drives for what this baby will be use in. Best, Daniel
