revision control system for system administration

[atstake atstake]

Not directly OpenBSD related but I thought I'd ask. I'd like to use
a revision control system to manage files on 25-30
servers but I'm not sure whether I'd use a centralized repository or
have a separate revision control system on each box. It would also be good
to know how much leverage can a revision control system can give
over a "make-backup-before-change" policy in the long run and also
what files and directories should I add to it. Anything else anyone
would like to add from experience would be much appreciated.

Thanks.

Re: LineWrap Failure in Text-Terminal

[Otto Moerbeek]

On Mon, 18 Dec 2006, Sebastian Neuper wrote:

> Hi. With OpenBSD 4.0, I encounter a wrong line wrapping
> in the text-terminals. If a line has 80 or more chars
> there will be extra blank lines. This problem occurs
> in ksh, more and less, but not in vi and lynx.
> 
> When I open a file in more, where line 28 has 85 or more 
> chars and I scroll down with the courser keys three lines, 
> I will get only the 80 chars followed by a blank line. When
> I scroll down another line, there will be the left chars after
> this blank line. With the repaint command CTRL-R in more, 
> the blank line disappears.
> When I scroll another 25 lines down, so that line 28 move off
> the screen, and then scroll back a few lines, there won't be
> a line 28 at all, until I put the repaint command.
> 
> This problem first occurred in OpenBSD 4.0 and I recognized it
> after a clean install. OpenBSD 3.9 on the same computer did
> a correct line wrapping.
> 
> So I looked through all the changes and noticed the new jump 
> scroll feature for vt220 introduced in OpenBSD 4.0 and corrected
> in OpenBSD Current. My computer is a 200MMX with a 2,5GB
> Harddrive and compiling the complete source will be heavy or
> impossible. So I cannot check, if this is the problem or if it
> is already solved, and didn't send a bug-report.

Try running a snapshot kernel. It's likely (but not guaranteed) a
snapshot bsd will work nicely with a 4.0 userland. Download bsd and
put it in your /, named bsd.snap and boot that on the boot prompt. 

-Otto

> 
> In ksh there is a similar wrong behavior. When I type
> $ ls 
> in a directory, containing following directories:
> $ mkdir aaa b ccc   fff ggg   jjj
> and my cursor is already at the bottom of the screen, the last
> 4 lines will be:
> BEGINN
> $ ls 
> aaa/   b/  ccc/  /  /  fff/   ggg/   /   /   jjj/
> $ ls
> 
> END
> containing also a blank line at the end, where there shouln't be one.
> Another  will print it correctly without the bottom blank line.
> Again a  will print it wrong with the blank line.
> 
> In the following directory it is even worse: 
> $ mkdir aaa cc ddd ff  jjj    ooo
> $ touch bbb. . g. . mm.mmm 
> ls  will print addional 3 blank lines at the bottom of the
> screen.
> 
> I thought it was a problem in the terminal and changed in /etc/ttys
> a virtual terminal from vt220 to vt100 and even dumb. This didn't
> solve the problem and with dumb, vi didn't work properly anymore.
> 
> Can anyone help me to make my text-terminal work correctly? And
> if this is already solved in OpenBSD Current, is there a workaround
> without recompiling the source? 
> 
> Thanks, 
> Sebastian.
> 
> I don't think this is a hardware problem, because 3.9 worked correctly.
> Anyway, here my dmesg output:
> 
> OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 200 MHz
> cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
> cpu0: F00F bug workaround installed
> real mem  = 66678784 (65116K)
> avail mem = 52559872 (51328K)
> using 839 buffers containing 3436544 bytes (3356K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(c6) BIOS, date 10/08/96, BIOS32 rev. 0 @ 0xf8080
> pcibios0 at bios0: rev 2.1 @ 0xf/0x67c
> pcibios0: PCI BIOS has 5 Interrupt Routing table entries
> pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB ISA" rev 0x00)
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xc/0x8000
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82439HX" rev 0x03
> pcib0 at pci0 dev 7 function 0 "Intel 82371SB ISA" rev 0x01
> pciide0 at pci0 dev 7 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
> wired to compatibility, channel 1 wired to compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA, 2446MB, 5009760 sectors
> atapiscsi0 at pciide0 channel 0 drive 1
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
> removable
> wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
> cd0(pciide0:0:1): using PIO mode 0, DMA mode 1
> pciide0: channel 1 disabled (no drives)
> ne3 at pci0 dev 9 function 0 "Realtek 8029" rev 0x00: irq 9, address 
> 00:e0:7d:98:4b:5e
> ne4 at pci0 dev 10 function 0 "Realtek 8029" rev 0x00: irq 9, address 
> 00:00:b4:9c:d6:c6
> "AVM Fritz ISDN" rev 0x02 at pci0 dev 11 function 0 not configured
> vga1 at pci0 dev 12 function 0 "S3 ViRGE" rev 0x06
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: 
> spkr0 at pcppi0
> lpt0 at isa0 port 0x378/4 i

Re: nagios check_carp for OpenBSD carp(4)

[Christopher Snell]

On 12/15/06, Brian A. Seklecki <[EMAIL PROTECTED]> wrote:

Thoughts? Strategies? Ideas?
---

Ask the machine directly? Ask an adjacent machine?


Joel Knight just released an updated OpenBSD SNMP MIB that supports
reading data from the sensors framework.  Perhaps he could be
persuaded to add support for CARP state detection?  :)

Chris

64-bit Linux Emulation on AMD64?

[alex]

Hello,

I've got a fresh new 4.0/AMD64 system installed, and after sitting down 
to add Linux binary compatibility, I see that it apparently doesn't 
exist on this platform. After some archive digging, it doesn't appear 
that the idea has been thoroughly discussed, especially since adding 
32-bit Linux binary support would be difficult at best 
(http://marc.theaimsgroup.com/?l=openbsd-misc&m=109036873227847&w=2).


Since I'm not exactly familiar with what exactly makes Linux 
compatibility work behind the scenes, I apologize if this is a dumb 
question...but would it be feasible to add support for Linux/AMD64 
binaries on OpenBSD/AMD64? It seems like this would eliminate the 
problem of 32-to-64 bit conversions/wackiness, though I wouldn't be 
surprised if other nasty problems were lurking under the hood.


If this is within the realm of possibility, I'd be interested in 
working to make it a reality. Given my lack of experience, I could 
probably be more helpful as a tester for someone else who was 
attempting to implement this...but if there's no one out there 
interested in working on a project like this, I'd be willing to take a 
stab at it myself, especially if whoever is responsible for i386 Linux 
compatibility was willing to speak with me regarding at least the 
basics of what would be necessary.


Alex Kirk

Re: CGI Scripts in OpenBSD

[David Bryan]

Once your scripts are working you could try to copy the files that are 
need for the CGI script into the chrooted directory.


If the cgi script is a pre-compiled binary that has been linked to other 
library's your can run the following to find out what it needs.


ldd /var/www/cgi-bin/your-prog

If it's just a cgi script with regular commands, you will have to copy 
each command into the /var/www directory. 

So lets say your script runs the banner command- so the following will 
show what could be done to run the command with-in a chrooted apache server.


$ ldd /usr/bin/banner
/usr/bin/banner:
   StartEnd  Type Open Ref GrpRef Name
     exe  10   0  /usr/bin/banner
   0c54d000 2c57e000 rlib 01   0  /usr/lib/libc.so.39.0
   0b67a000 0b67a000 rtld 01   0  /usr/libexec/ld.so

So we need libc and ld.so with the same paths in /var/www... so:

First- create some of the standard files that many binaries look for-
mkdir /var/www/etc
grep "www" /etc/passwd > /var/www/etc/passwd
grep "localhost" /etc/hosts > /var/www/etc/hosts
cp /etc/resolv.conf /var/www/etc

Next- we will copy the files in place.
mkdir /var/www/usr/bin
mkdir /var/www/usr/lib
mkdir /var/www/usr/libexec
# Do the following as root, or sudo
cp -p /usr/bin/banner /var/www/bin
cp -p /usr/lib/libc.so.39.0 /var/www/lib
cp -p /usr/libexec/ld.so /var/www/libexec
# you may or may not need this...
cp -p /bin/sh /var/www/bin

There are plenty of FAQs on setting up binaries and script to run in a 
chrooted environment, and I would highly recommend that people start 
making this stuff work, rather then going for a less secure web server 
and scripts.  It's just a matter of time before apache has a major flaw, 
or something in a script fails.


Have fun! 


Francisco Valladolid wrote:

hi, .. if you are new to OpenBSD, enabling chroot maybe difficult for you, i
recommended run apache without chroot.

disable it in /etc/rc.conf

httpd_flags="-u"  # the -u option disable chroot

then you can run your cgi scripts from /var/www/cgi-bin/  only doing chmod
755 

Re: Soekris box crashing... drops to ddb>

[David Bryan]

Thanks for looking at this, I think that you are correct... someone had 
plugged in the wrong power adapter into this box, and thusly ( 6-8 Volts 
@ 800ma ) goofed up the CF card... I think that the extra power of the 
CF disk IO from the find command caused this box to crash every day.  Oh 
well, live an learn, and smack those that plug in the wrong power cord!


I'm CCing misc for the archive so that if someone else runs into these 
issues they may also have a clue as to what may be going on.


Igor Sobrado wrote:

Hello.

It looks like a problem in the CF card.  Would it be possible reinstalling
the operating system on the Soekris?  Does this problem always happen in
the same inode?  Or, even better, would it be possible trying a new CF
card on the Soekris?  If you do not have a need for a specific CF card,
I would suggest trying a SanDISK CF.  These cards are not expensive at
all and work fine on the Soekris appliances.

Hopefully, it looks like a bad CF card, not a bad Soekris.

Cheers,
Igor.

Re: How can I view rule numbers under OpenBSD 4.0?

[Darren Spruell]

On 12/18/06, carlopmart <[EMAIL PROTECTED]> wrote:

Hi all,

 first of all, many to everybody helps me to block all ipv6 traffic (security
staff accept your option).

 And now my question: how can I view rule numbers assigned by pf?? Under OpenBSD
3.7 using pfctl -ws display this info ... How can I do with OpenBSD 4.0??


pfctl -vvsr

verbose, verbose, show, rules.  Refer to pfctl(8).

DS

How can I view rule numbers under OpenBSD 4.0?

[carlopmart]

Hi all,

 first of all, many to everybody helps me to block all ipv6 traffic (security
staff accept your option).

 And now my question: how can I view rule numbers assigned by pf?? Under OpenBSD
3.7 using pfctl -ws display this info ... How can I do with OpenBSD 4.0??

Many thanks.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Slightly OT: DNS force client to use authoritative

[Rod Dorman]

On Monday, December 18, 2006, 15:45:19, Karl R. Balsmeier wrote:
> Is there a specific way to set a name server so that clients are
> always *forced* to use an autoritative name server?

What  do  you mean by "an authoritative name server"? There is no single
name server which is authoritative for every host in existence.

Are you asking about BIND's delegation-only option?

-- 
[EMAIL PROTECTED] "The avalanche has already started, it is too
Rod Dorman  late for the pebbles to vote." - Ambassador Kosh

Re: ral0: device timeout

[Markus Bergkvist]

Some new findings. Hopefully these means something to someone because I
don't really know where to go from here.

I noticed that I can't reproduce the 'device timeout' if I turn off the 
device at the AP. Could the AP be responding with something fishy?


I also found out that if I change the ral-cards to
explicitly use 'media OFDM54' the 'device timeout' would occur less
often, and when they do, I can most often get it to work by bring it
down and then
#sh /etc/netstart ral0

When I get 'device timeout' I see the following at the AP
ral0: received auth from 00:13:f7:1e:a7:86 rssi 119
ral0: sending auth to 00:13:f7:1e:a7:86 on channel 11
ral0: station 00:13:f7:1e:a7:86 newly authenticated (open)

I have not yet been able to get a debug print from client ral when it is 
failing, is there a way to set that in hostname.if? If the device is not 
failing during boot, it is hard to get it to fail.


I have also seen the timeout on the AP once when I rebooted it while the 
client was up, but it didn't occur repeatedly as it does on the client.


== AP hostname.if ==
# cat /etc/hostname.ral0
inet 192.168.0.2 255.255.255.0 NONE media OFDM54 mode 11g mediaopt
hostap chan 11 nwid "himmet_wlan"


== Client hostname.if ==
# cat /etc/hostname.ral0
dhcp NONE NONE NONE media OFDM54 mode 11g chan 11 nwid "himmet_wlan"


/Markus



For some time now I've been trying to get my SMC wireless cardbus[1] with 
Ralink RT2600 chipset[2] to work on my laptop running OpenBSD 4.0 -stable but I 
keep getting 'ral0: device timeout'.
If I bring the device down and then up (sometimes I have to do this several 
times) I finally get it to work. After that I don't get any more 'device 
timeout' until next reboot.

This is what ral(4) has to say about that error:
ral%d: device timeout  A frame dispatched to the hardware for transmission 
did not complete in time.  The driver will reset the hardware.  This should not 
happen.

Unfortunately, it does happen. My question is, why? And what can i do to remedy 
this?

I have a SMC pci-card[3] in the AP but I have not seen that problem there.

I enclose dmesg and ifconfig ral0 from client and ap.

Re: Slightly OT: DNS force client to use authoritative

[Jon Simola]

On 12/18/06, Karl R. Balsmeier <[EMAIL PROTECTED]> wrote:

Is there a specific way to set a name server so that clients are always 
*forced* to use an autoritative name server?


Clients can not (or at least, should not) talk directly to
authoritative name servers. Clients make their DNS requests with the
"recursion desired" bit set, and should only speak to recursive
resolvers. Those recursive resolvers make their requests without the
recursion desired bit set and speak to authoritative servers, starting
with the root servers.

Some DNS servers, such as BIND, can run in both roles simultaneously
with a single daemon. Others, such as djbdns, run seperate servers for
each type of service (tinydns for authoritative,  dnscache for a
recursive resolver).

--
Jon

Slightly OT: DNS force client to use authoritative

[Karl R. Balsmeier]

Is there a specific way to set a name server so that clients are always 
*forced* to use an autoritative name server?

UltraDNS and some others have mentioned little features they have, but it hints 
at the possibility that somewhere in the DNS spec.

-krb

Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage

[Jon Radel]

Dag Richards wrote:

>  Such a user can use http or
>> better yet https as a transport as well or a floppy, usb hard drive,
>> usb tump
>> drive, and email (especially with an encrypted attachment so that your
>> filter
>> can see what it is).  Hell they can print it out and carry it in their
>> briefcase if they wanted.
> 
> Thats what I do ;)
> 

Dang, I just take the whole server.  Don't even have to reload the data
that way.

By the way, the only little quibble I've had with this discussion is
that some of the responses have been remarkably imprecise in the
distinction between "icmp" and "icmp echo-requests."  I find that such
imprecision causes no end of trouble when specifying security policies.
 I, for example, am not the biggest fan of random people sending me icmp
redirects, but don't block many other icmp packets.

I'll also point out that opinions differ.  For example, the official
recommendation of the U.S. NIST (National Institute of Standards and
Technology) is:

"block incoming echo request (ping and Windows traceroute)

block outgoing echo replies, time exceeded, and destination unreachable
messages except "packet too big" messages (type 3, code 4).
This item assumes that you are willing to forego the legitimate uses of
ICMP echo request to block some known malicious uses."

(Special Publication 800-41, p. 61.)

I suppose it all comes down to such unresolvable matters such as "is
making it harder for outsiders to map your network merely security
through obscurity, which is naturally below the dignity of any right
thinking network engineer, or does it have value in today's Internet?"

:-)

--Jon Radel

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: Home networking for an amateur

[Joe]

Take the time to upgrade. It's really easy and fast.

Don't skip releases though.

Upgrade like this: 3.7 -> 3.8 -> 3.9 -> 4.0

Then your box will rock.




Erik Wikstrvm wrote:
I've get an box laying in my basement running OpenBSD 3.7 (probably 
should upgrade that some time but I've never taken the time) acting as 

LineWrap Failure in Text-Terminal

[Sebastian Neuper]

Hi. With OpenBSD 4.0, I encounter a wrong line wrapping
in the text-terminals. If a line has 80 or more chars
there will be extra blank lines. This problem occurs
in ksh, more and less, but not in vi and lynx.

When I open a file in more, where line 28 has 85 or more 
chars and I scroll down with the courser keys three lines, 
I will get only the 80 chars followed by a blank line. When
I scroll down another line, there will be the left chars after
this blank line. With the repaint command CTRL-R in more, 
the blank line disappears.
When I scroll another 25 lines down, so that line 28 move off
the screen, and then scroll back a few lines, there won't be
a line 28 at all, until I put the repaint command.

This problem first occurred in OpenBSD 4.0 and I recognized it
after a clean install. OpenBSD 3.9 on the same computer did
a correct line wrapping.

So I looked through all the changes and noticed the new jump 
scroll feature for vt220 introduced in OpenBSD 4.0 and corrected
in OpenBSD Current. My computer is a 200MMX with a 2,5GB
Harddrive and compiling the complete source will be heavy or
impossible. So I cannot check, if this is the problem or if it
is already solved, and didn't send a bug-report.

In ksh there is a similar wrong behavior. When I type
$ ls 
in a directory, containing following directories:
$ mkdir aaa b ccc   fff ggg   jjj
and my cursor is already at the bottom of the screen, the last
4 lines will be:
BEGINN
$ ls 
aaa/   b/  ccc/  /  /  fff/   ggg/   /   /   jjj/
$ ls

END
containing also a blank line at the end, where there shouln't be one.
Another  will print it correctly without the bottom blank line.
Again a  will print it wrong with the blank line.

In the following directory it is even worse: 
$ mkdir aaa cc ddd ff  jjj    ooo
$ touch bbb. . g. . mm.mmm 
ls  will print addional 3 blank lines at the bottom of the
screen.

I thought it was a problem in the terminal and changed in /etc/ttys
a virtual terminal from vt220 to vt100 and even dumb. This didn't
solve the problem and with dumb, vi didn't work properly anymore.

Can anyone help me to make my text-terminal work correctly? And
if this is already solved in OpenBSD Current, is there a workaround
without recompiling the source? 

Thanks, 
Sebastian.

I don't think this is a hardware problem, because 3.9 worked correctly.
Anyway, here my dmesg output:

OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 200 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
cpu0: F00F bug workaround installed
real mem  = 66678784 (65116K)
avail mem = 52559872 (51328K)
using 839 buffers containing 3436544 bytes (3356K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c6) BIOS, date 10/08/96, BIOS32 rev. 0 @ 0xf8080
pcibios0 at bios0: rev 2.1 @ 0xf/0x67c
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82439HX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371SB ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 2446MB, 5009760 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
cd0(pciide0:0:1): using PIO mode 0, DMA mode 1
pciide0: channel 1 disabled (no drives)
ne3 at pci0 dev 9 function 0 "Realtek 8029" rev 0x00: irq 9, address 
00:e0:7d:98:4b:5e
ne4 at pci0 dev 10 function 0 "Realtek 8029" rev 0x00: irq 9, address 
00:00:b4:9c:d6:c6
"AVM Fritz ISDN" rev 0x02 at pci0 dev 11 function 0 not configured
vga1 at pci0 dev 12 function 0 "S3 ViRGE" rev 0x06
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
isapnp0 at isa0 port 0x279: read port 0x203
sb1 at isapnp0 "Creative SB16 PnP, CTL0031, , Audio" port 
0x220/16,0x330/2,0x388/4 irq 5 drq 1,5: dsp v4.13
midi1 at sb1: 
audio0 at sb1
opl0 at sb1: model OPL3
midi2 at opl0: 
wdc2 at 

Message ("Your message dated Mon, 18 Dec 2006 20:53:22...")

[LISTSERV]

Your message dated Mon, 18 Dec 2006 20:53:22 +0200 with no subject has been
submitted  to  the  moderator  of  the  CSICOP-ANNOUNCE  list:  Barry  Karr
<[EMAIL PROTECTED]>.

Re: dspam on OpenBSD 4.0

[Vijay Sankar]

I am going to try and stop top posting -- my replies are embedded below.

On Mon, 2006-18-12 at 18:29 +0100, Joachim Schipper wrote:
> On Sun, Dec 17, 2006 at 09:18:45PM -0600, Vijay Sankar wrote:
> > Yes, /var/dspam/data was already there after I installed the package (I
> > am not using -current, just OpenBSD 4.0 from the CD and packages from
> > mirror.arcticnet.ca.
> 
> > In case there is a better way than doing chmod 2771, please do let me
> > know. Here is the output from ls -laR /var/dspam. The reason
> > why /var/spam/data/vsankar and /var/dspam/system.log has 2777 is because
> > I couldn't get the system statistics and quarantine information from the
> > dspam.cgi program without opening that up.
> 
> Having permissions 2771 on /var/dspam/ is fine; I was
> referring to having 2755 on /usr/bin/dspam, as you posted before
> (http://marc.theaimsgroup.com/?l=openbsd-misc&m=116632875008340&w=2).
> However, this seems to be by design; while I'd still argue it is a bad
> idea, I thought you had tried to do that just to get stuff working, and
> that's not a very good idea.
> 
> (In other words, time for me to do some actual research before replying.
> Sorry!)

Thanks very much for that clarification. I am still trying to reduce the
permissions and tried making /var/dspam and subdirectories 755 as you
suggested but it did not work. Without at least 775 on /var/dspam/data,
the stats file and log file don't get updated. So I am going back to
2771 for the data directories. 
> 
> > Also, there is still one final problem. If user vsankar (unprivileged
> > account) uses the dspam.cgi program and decides to reclassify a message
> > already classified as spam by dspam, I get the following error
> > in /var/log/maillog
> > 
> > Dec 17 09:38:37 mx1 dspam[8781]: Delivery agent returned exit code
> > 1: /usr/libexec/mail.local -d vsankar
> > Dec 17 09:38:38 mx1 mail.local: may only be run by the superuser
> 
> Ah, sendmail. I'm afraid I can't help you there; I've been using postfix
> for as long as I know what a MTA is.
> 
> You could try using something like plain sendmail, or procmail, or
> maildrop, although I don't know what would be considered the proper way
> to do this.

I tried procmail but that introduces other problems as far as dpsam.cgi
is concerned. So I went back to mail.local as the LDA. 

> 
> > For now, I am thinking of avoiding using the dspam.cgi altogether and
> > just moving the vsankar.mbox quarantine file into /home/vsankar/mail and
> > accessing it through my webmail client if I ever want to reclassify
> > email. But it would be nice to be able to do a "Deliver Checked" from
> > the dspam.cgi interface.
> 
> I'll admit to being out of my depth here; I've looked at the dspam
> documentation, but I've never actually installed it, and my e-mail
> architecture is quite a little different from yours anyway (for one,
> dspam should reinject mail into postfix... so I never get to mess with
> local delivery agents, and it's far more likely I can get away with
> non-suid dspam).
> 
> > mx1# ls -laR /var/dspam
> > total 104
> >  4 drwxrws--x   3 _dspam  _dspam512 Dec 16 19:18 .
> >  4 drwxr-xr-x  27 rootwheel 512 Dec 16 14:33 ..
> >  4 drwxrws--x   7 _dspam  _dspam512 Dec 16 16:49 data
> > 88 -rwxrwxrwx   1 _dspam  _dspam  43199 Dec 17 20:45 system.log
> > 
> > /var/dspam/data:
> > total 28
> > 4 drwxrws--x  7 _dspam  _dspam  512 Dec 16 16:49 .
> > 4 drwxrws--x  3 _dspam  _dspam  512 Dec 16 19:18 ..
> > 4 drwxrws--x  2 _dspam  _dspam  512 Dec 16 16:06 root
> > 4 drwxrwsrwx  2 _dspam  _dspam  512 Dec 17 09:55 vsankar
> > 
> > /var/dspam/data/root:
> > total 60
> >  4 drwxrws--x  2 _dspam  _dspam512 Dec 16 16:06 .
> >  4 drwxrws--x  7 _dspam  _dspam512 Dec 16 16:49 ..
> > 36 -rwxrws--x  1 _dspam  _dspam  17276 Dec 17 01:30 root.log
> > 12 -rwxrws--x  1 _dspam  _dspam   4130 Dec 16 16:22 root.mbox
> >  4 -rwxrws--x  1 _dspam  _dspam 13 Dec 17 01:30 root.stats
> 
> Why the 'x' permission?

I am really not sure. If I don't do a chmod -R 2771 on /var/dspam a
variety of things break. I tried 660 and got the permissions problem
when retraining, with 770 dspam.cgi did not provide stats and history
information, with 771 email doesn't get quarantined in vsankar.mbox.
chmod -R 2771 solves all these problems, possibly by introducing new
problems that I am not aware of :( Anyways, can't figure out why x is
needed. I even tried mounting /var/dspam with no nosuid in /etc/fstab.
It did not make a difference.

> 
> > /var/dspam/data/vsankar:
> > total 208
> >   4 drwxrwsrwx  2 _dspam  _dspam512 Dec 17 09:55 .
> >   4 drwxrws--x  7 _dspam  _dspam512 Dec 16 16:49 ..
> >  24 -rwxrwxrwx  1 _dspam  _dspam  11881 Dec 17 20:45 vsankar.log
> > 160 -rwxrwxrwx  1 _dspam  _dspam  81766 Dec 17 20:45 vsankar.mbox
> >   4 -rw-r--r--  1 www _dspam  5 Dec 17 09:54 vsankar.mbox.size
> >   0 -rw-rw  1 www _dspam  0 Dec 17 09:54 vsankar.mbox.stamp
> >   4 -rw-r--r--  1 www _dspam  

Re: IPSec trouble

[viq]

On 17/12/06, viq <[EMAIL PROTECTED]> wrote:

On 17/12/06, Mathieu Sauve-Frankel <[EMAIL PROTECTED]> wrote:
> On Sun, Dec 17, 2006 at 02:16:48PM +0100, viq wrote:
> > Yes, again... I am trying to set up VPN using IPSec, right now very
> > basic setup, and it doesn't work as expected.
> > Hosts being involved are keibi that acts as server, and trying to
> > connect to it laptop sentan.
>
> there's an error in ipsecctl in -current which breaks ipsecctl unless you are
> loading your rules with the verbose flag ( ie. ipsecctl -vf ipsec.conf )
>
> I found it today and am just waiting for an okay to commit the fix,
> could you try out this diff in the meantime ?

I didn't try the diff yet, only loading with -v flag... And something
funny happens. I have IPv6 working as well in my network, and with
those very basic rules I have posted, esp traffic travels over IPv4,
yet only IPv6 traffic gets encapsulated...




Fun. Both boxes now are:
OpenBSD 4.0-current (GENERIC) #1278: Sun Dec 17 19:52:22 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

And esp runs around on IPv4, and IPv4 traffic gets nicely
encapsulated, but IPv6 doesn't get encapsulated, with the exact same
rules as posted before.

(No, I don't remember whether with that patch v6 worked)


> --
> Mathieu Sauve-Frankel
>


--
viq




--
viq

Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage

[Dag Richards]

> smith wrote:



Blocking icmp violates RFC rules which means in a nutshell weird things will
happen on your network.  


Buda says :
"Amen... obey RFC 1122. "

RFC compliance is almost always a good reason to do something.
So I have learned something I apparently should already have known.



i.e. icmp helps negotiate traffic throughput when two

nodes are communication over networks with various amounts of bandwidth.  If
you have firewall rules that allowed udp/tcp 53 and icmp to your dns server,
you would not violate RFC rules.  For someone to transport traffic through
icmp with these rules means that they would have to root your dns server.  At
that point, icmp isn't your problem.  Let me restate by saying if anyone on
your network tries to send traffic out via icmp, icmp isn't the problem, it's
the security of that computer that's the problem. 


We let users send out pretty much any traffic they want from their 
network, this "debate" was for me about what to allow _in_ to the dmz.


 Oh and if you're trying to

prevent your users from sending out confidential information to an external
source, let's face it, that's almost impossible. 


Yup, too true. Not trying to stop confidential info flow. Just trying to 
make illicit shell shipping harder.


 Such a user can use http or

better yet https as a transport as well or a floppy, usb hard drive, usb tump
drive, and email (especially with an encrypted attachment so that your filter
can see what it is).  Hell they can print it out and carry it in their
briefcase if they wanted.


Thats what I do ;)

Re: vim Easy Mode Broken?

[Chris Kuethe]

On 12/17/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:

But maybe there's a good reason why this was done the way it is? I CC'ed
the maintainer, maybe he'll find the time to respond...

If this works for you, and Chris (= the maintainer) doesn't respond
soonish telling us why this was done in this way, please let us know.


Because that's what "make update-plist" did? If "vim -y" is useful
behaviour in non-x11 mode then it should probably be made available in
the no_x11 package.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

mapping promise product name to chip-id

[llx]

hi

i just spend quite some time looking around to determin which disc-controller 
from promise is using which chipset. depending on the model your looking for
you'll find someting on a mailing list. it's then up to you to believe the 
information found.

1. does anyone know where to find a reliable mapping table?

2. how do i have to interpret the following: in the FAQ: Supported hardware
   i don't see support for PDC40718. grepping the source let me assume there
   is.


cheers 
llx

Re: dspam on OpenBSD 4.0

[Joachim Schipper]

On Sun, Dec 17, 2006 at 09:18:45PM -0600, Vijay Sankar wrote:
> Yes, /var/dspam/data was already there after I installed the package (I
> am not using -current, just OpenBSD 4.0 from the CD and packages from
> mirror.arcticnet.ca.

> In case there is a better way than doing chmod 2771, please do let me
> know. Here is the output from ls -laR /var/dspam. The reason
> why /var/spam/data/vsankar and /var/dspam/system.log has 2777 is because
> I couldn't get the system statistics and quarantine information from the
> dspam.cgi program without opening that up.

Having permissions 2771 on /var/dspam/ is fine; I was
referring to having 2755 on /usr/bin/dspam, as you posted before
(http://marc.theaimsgroup.com/?l=openbsd-misc&m=116632875008340&w=2).
However, this seems to be by design; while I'd still argue it is a bad
idea, I thought you had tried to do that just to get stuff working, and
that's not a very good idea.

(In other words, time for me to do some actual research before replying.
Sorry!)

> Also, there is still one final problem. If user vsankar (unprivileged
> account) uses the dspam.cgi program and decides to reclassify a message
> already classified as spam by dspam, I get the following error
> in /var/log/maillog
> 
> Dec 17 09:38:37 mx1 dspam[8781]: Delivery agent returned exit code
> 1: /usr/libexec/mail.local -d vsankar
> Dec 17 09:38:38 mx1 mail.local: may only be run by the superuser

Ah, sendmail. I'm afraid I can't help you there; I've been using postfix
for as long as I know what a MTA is.

You could try using something like plain sendmail, or procmail, or
maildrop, although I don't know what would be considered the proper way
to do this.

> For now, I am thinking of avoiding using the dspam.cgi altogether and
> just moving the vsankar.mbox quarantine file into /home/vsankar/mail and
> accessing it through my webmail client if I ever want to reclassify
> email. But it would be nice to be able to do a "Deliver Checked" from
> the dspam.cgi interface.

I'll admit to being out of my depth here; I've looked at the dspam
documentation, but I've never actually installed it, and my e-mail
architecture is quite a little different from yours anyway (for one,
dspam should reinject mail into postfix... so I never get to mess with
local delivery agents, and it's far more likely I can get away with
non-suid dspam).

> mx1# ls -laR /var/dspam
> total 104
>  4 drwxrws--x   3 _dspam  _dspam512 Dec 16 19:18 .
>  4 drwxr-xr-x  27 rootwheel 512 Dec 16 14:33 ..
>  4 drwxrws--x   7 _dspam  _dspam512 Dec 16 16:49 data
> 88 -rwxrwxrwx   1 _dspam  _dspam  43199 Dec 17 20:45 system.log
> 
> /var/dspam/data:
> total 28
> 4 drwxrws--x  7 _dspam  _dspam  512 Dec 16 16:49 .
> 4 drwxrws--x  3 _dspam  _dspam  512 Dec 16 19:18 ..
> 4 drwxrws--x  2 _dspam  _dspam  512 Dec 16 16:06 root
> 4 drwxrwsrwx  2 _dspam  _dspam  512 Dec 17 09:55 vsankar
> 
> /var/dspam/data/root:
> total 60
>  4 drwxrws--x  2 _dspam  _dspam512 Dec 16 16:06 .
>  4 drwxrws--x  7 _dspam  _dspam512 Dec 16 16:49 ..
> 36 -rwxrws--x  1 _dspam  _dspam  17276 Dec 17 01:30 root.log
> 12 -rwxrws--x  1 _dspam  _dspam   4130 Dec 16 16:22 root.mbox
>  4 -rwxrws--x  1 _dspam  _dspam 13 Dec 17 01:30 root.stats

Why the 'x' permission?

> /var/dspam/data/vsankar:
> total 208
>   4 drwxrwsrwx  2 _dspam  _dspam512 Dec 17 09:55 .
>   4 drwxrws--x  7 _dspam  _dspam512 Dec 16 16:49 ..
>  24 -rwxrwxrwx  1 _dspam  _dspam  11881 Dec 17 20:45 vsankar.log
> 160 -rwxrwxrwx  1 _dspam  _dspam  81766 Dec 17 20:45 vsankar.mbox
>   4 -rw-r--r--  1 www _dspam  5 Dec 17 09:54 vsankar.mbox.size
>   0 -rw-rw  1 www _dspam  0 Dec 17 09:54 vsankar.mbox.stamp
>   4 -rw-r--r--  1 www _dspam228 Dec 17 09:38 vsankar.retrain.log
>   4 -rw-r--r--  1 www _dspam 10 Dec 17 09:38 vsankar.rstats
>   4 -rwxrwxrwx  1 _dspam  _dspam 14 Dec 17 20:45 vsankar.stats

Again, no need for execute permission. 

> Also, just as an FYI, this is what I get with dspam_stats
> 
> vsankar:
> TP True Positives: 47
> TN True Negatives:  2
> FP False Positives: 5
> FN False Negatives:16
> SC Spam Corpusfed:  0
> NC Nonspam Corpusfed:   0
> TL Training Left:2493
> SHR Spam Hit Rate  74.60%
> HSR Ham Strike Rate:   71.43%
> OCA Overall Accuracy:  70.00%
> 
> The 5 false positives were due to me not feeding dspam any notspam
> messages. What happened was I forwarded (as root) the "Welcome to
> OpenBSD 4.0" message to vsankar five times and they all got classified
> as spam. After retraining, I am able to send that message through from
> root to vsankar. Since this is a test machine (MX preference 30 compared
> to 10 on the real mail servers) I only get spam on this machine, so I
> still have some

Re: OpenBSD -Current and WINE

[Joachim Schipper]

On Sun, Dec 17, 2006 at 10:09:15PM -0600, Sam Fourman Jr. wrote:
> Would you happen to have a link where the WINEdevlopers state that? it
> would be a interesting read.There is still much more I must learn
> about the differences between FreeBSD and OpenBSD.

I'd suggest
http://www.winehq.org/site/docs/wine-faq/index#UNDER-WHAT-PLATFORMS-WILL-WINE-RUN.
 Their mailing lists are likely to contain some more information.

qemu provides an alternative, albeit a very slow one.

Joachim

Re: 4.0 frozen

[Federico Giannici]

diego wrote:

Federico, I have the same problem on 3.9
http://marc.theaimsgroup.com/?l=openbsd-misc&m=115192952225331&w=2
My server still running 3.9.
You have the same problem with 4.0?
You modify the kernel with NKMEMPAGES_MAX and still freeze?


After the NKMEMPAGES_MAX change, the problems became much more rare, but 
now after the 4.0 upgrade they started again to be much more frequent.


Bye.



Federico Giannici escribis:

Stephen Schaff wrote:
I've got 4.0 running nicely on a server sitting in a data centre, 
thanks to the help of the members of this list.

It's been up since Nov. 22nd and in production.

Yesterday it inexplicably went dark. I went down to check it out, and 
hooked up the monitor and keyboard. I could see the welcoming login 
prompt, but it wouldn't accept any input. It wasn't accepting any 
pings from a remote system on the network either. The only word I 
have for that is frozen - if there's better terminology out there - 
please let me know.


Welcome to the club!  :-(

A couple of minutes ago I restarted a frozen PC of mine.
This happens to different PCs, and I replaced ALL the hardware, but 
nothing changed.
It seems to happen usually during high disk/network activity, but I'm 
not sure.
For sure they became much more frequent after the upgrade from 3.9 to 
4.0.

I sent several emails here, but nobody seemed to have any real clue...


Bye.




--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it

   Presidente del CDA - Neomedia S.r.l.
___

CRC Value Mismatch sd0(ahc0:0:0): parity error deteched in Dtata-in phase

[klemen]

On a fresh new scsi disk (Fujitsu), adaptec on board scsi adapter 
(Compaq server) when boot to install os (OpenBSD) I got an error:



CRC Value Mismatch sd0(ahc0:0:0): parity error deteched in Dtata-in 
phase. SEQUADDR (0X73) SCDIRATE (0xc2)
CRC Value Mismatch sd0(ahc0:0:0): parity error deteched in Dtata-in 
phase. SEQUADDR (0X73) SCDIRATE (0xc2)
CRC Value Mismatch sd0(ahc0:0:0): parity error deteched in Dtata-in 
phase. SEQUADDR (0X73) SCDIRATE (0xc2)

..

Disk have and ID:0

What is wrong?

thanks

Re: 4.0 frozen

[diego]

Federico, I have the same problem on 3.9
http://marc.theaimsgroup.com/?l=openbsd-misc&m=115192952225331&w=2
My server still running 3.9.
You have the same problem with 4.0?
You modify the kernel with NKMEMPAGES_MAX and still freeze?

Regards,.

Federico Giannici escribis:

Stephen Schaff wrote:
I've got 4.0 running nicely on a server sitting in a data centre, 
thanks to the help of the members of this list.

It's been up since Nov. 22nd and in production.

Yesterday it inexplicably went dark. I went down to check it out, and 
hooked up the monitor and keyboard. I could see the welcoming login 
prompt, but it wouldn't accept any input. It wasn't accepting any 
pings from a remote system on the network either. The only word I have 
for that is frozen - if there's better terminology out there - please 
let me know.


Welcome to the club!  :-(

A couple of minutes ago I restarted a frozen PC of mine.
This happens to different PCs, and I replaced ALL the hardware, but 
nothing changed.
It seems to happen usually during high disk/network activity, but I'm 
not sure.

For sure they became much more frequent after the upgrade from 3.9 to 4.0.
I sent several emails here, but nobody seemed to have any real clue...


Bye.

Re: package update trouble

[Darren Spruell]

On 12/16/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


> > Fair enough.  I tried it and I got a list of available
> packages.  It is a little confusing because the output is
> carping about the candidate being ambiguous -not what version
> the candidate should be updated to.  Anyways, it still
> gives me:
> >
> > Cannot find updates for unarj-2.43 unrar-3.54p0
> Quote:
>
> "Both unarj and unrar are dependencies of ClamAV, but they are
> not licensed
> for binary download. They must be built from ports.
>
> See FAQ 15.4.3."
>
> So, build it, then install it.


I updated my ports but unarj and unrar have not changed.  I guess I cannot
update clamav until that happens.


pkg_add(1) describes some options for forcing installations using '-F'. Read.

You're assuming here that the ports tree / package system has left you
crippled, but unlike other OSes' package systems, OpenBSD doesn't.
Unless you hit big problems tracking -current, I doubt anyone will
ever see that happen.

--
Darren Spruell
[EMAIL PROTECTED]

Re: Problems in my wireless card

[Andreas Maus]

On 12/18/06, Eduardo Jorge <[EMAIL PROTECTED]> wrote:
Hi.


This is my dmesg

OpenBSD 4.0 (NEIN) #0: Sun Dec 17 05:20:14 BRST 2006

^
At first. Before you post make sure you use a GENERIC kernel
(because we can only guess what option your kernel uses).


vendor "Atheros", unknown product 0x001a (class network subclass ethernet, rev 
0x01) at pci1 dev 5 function 0 not configured

As you can see your card vendor is recognized but not the card itself.
It is not supported by OpenBSD.

Andreas.

--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?

Protection NDD

[Marie-Thé]

Bonjour,

Ce courrier dinformation vous est envoyi devant labus et le trop grand
nombre dentreprises, qui sont victimes du diptt de leurs raisons
sociales par des tiers sur Internet.

Vous avez probablement riservi votre nom de domaine en .FR,

Mais lavez-vous igalement protigi dans les autres extensions, avec ou
sans tiret ?

Tous les jours, nous conseillons sur la protection des noms de domaine
aussi bien les administrations, les commergants que des grands comptes
nationaux.

Dun simple clic, virifiez la disponibiliti et protigez-vous en .COM .EU
auprhs de notre iquipe de spicialistes.

Dans lattente dun prochain contact, veuillez accepter nos sinchres
salutations.

Marie-thi Robin
Responsable Diveloppement

http://www.nom-domaine.fr

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, Cliquez ici

Re: Problems in my wireless card

[Eduardo Jorge]

Hello folks,

Anyone help me?

This is my dmesg

OpenBSD 4.0 (NEIN) #0: Sun Dec 17 05:20:14 BRST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/NEIN
cpu0: Intel(R) Celeron(R) M processor 1.60GHz ("GenuineIntel"
686-class) 1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
real mem  = 258437120 (252380K)
avail mem = 227995648 (222652K)
using 3180 buffers containing 13025280 bytes (12720K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(b1) BIOS, date 02/24/06, BIOS32 rev. 0 @
0xfd4b0, SMBIOS rev. 2.31 @ 0xdc010 (32 entries)
bios0: Acer TravelMate 2420
pcibios0 at bios0: rev 2.1 @ 0xfd4b0/0xb50
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FBM LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xf200! 0xdc000/0x4000! 0xe/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM/PM/GMS Host" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82915GM/GMS Video" rev 0x03:
aperture at 0xb008, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82915GM/GMS Video" rev 0x03 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: irq 11
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd3
pci1 at ppb0 bus 1
vendor "Atheros", unknown product 0x001a (class network subclass
ethernet, rev 0x01) at pci1 dev 5 function 0 not configured
rl0 at pci1 dev 7 function 0 "Realtek 8139" rev 0x10: irq 10, address
00:0a:e4:fa:82:2b
rlphy0 at rl0 phy 0: RTL internal PHY
cbb0 at pci1 dev 9 function 0 "ENE CB-1410 CardBus" rev
0x01pci_intr_map: no mapping for pin A
: couldn't map interrupt
auich0 at pci0 dev 30 function 2 "Intel 82801FB AC97" rev 0x03: irq
10, ICH6 AC97
ac97: codec id 0x414c4761 (Avance Logic ALC655 rev 1)
audio0 at auich0
"Intel 82801FB Modem" rev 0x03 at pci0 dev 30 function 3 not configured
ichpcib0 at pci0 dev 31 function 0 "Intel 82801FBM LPC" rev 0x03: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE" rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 38154MB, 78140160 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ichiic0 at pci0 dev 31 function 3 "Intel 82801FB SMBus" rev 0x03: irq 11
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384
pcic0 controller 0:  has socket A only
pcmcia0 at pcic0 controller 0 socket 0
pcic0: irq 3, polling enabled
biomask ebf5 netmask eff5 ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0
   SENSE KEY: Not Ready
ASC/ASCQ: Medium Not Present
auich0: measured ac97 link rate at 48011 Hz, will use 48000 Hz

2006/12/17, Eduardo Jorge <[EMAIL PROTECTED]>:

Hi,

I have a Atheros AR5BMB5, and I run openbsd 4.0, and atheros don`t work.


Can anyone help me?

--
Serrano Neves - a.k.a eth0 / www.eth0.eti.br
Realmente Seguro? http://secure.eth0.eti.br
"Talk is cheap. Show me the code." - Linus Torvalds




--
Serrano Nev

Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage

[Henning Brauer]

* Dag Richards <[EMAIL PROTECTED]> [2006-12-18 06:10]:
> I block all inbound traffic to my networks not required for operations.

(most of) icmp qualifies as required for operations. especially 
including echo-request and -reply.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: wifi signal triangulation

[Reyk Floeter]

On Mon, Dec 18, 2006 at 05:15:08AM -0600, Sam Fourman Jr. wrote:
> I would be interested in trying the hostapdsql diff
> 

ok, i need to clean it up and bring it in sync with the current
hostapd first.

reyk

Re: OpenBSD and antispam - question

[Nico Meijer]

Hi smonek,

> a need antispam gateway for my lan but i dont know who i can use with
> pf ( spamassisin / spamd  pop3 proxy ? ) 

http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+4.0&arch=i386&format=html

HTH... Nico

Re: wifi signal triangulation

[Mitja Muženič]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> On Behalf Of Reyk Floeter
> Sent: Monday, December 18, 2006 11:22 AM
> To: Jacob Yocom-Piatt
> Cc: misc@openbsd.org
> Subject: Re: wifi signal triangulation
> 
> On Sun, Dec 17, 2006 at 12:09:12PM -0600, Jacob Yocom-Piatt wrote:
> > only today have i tried out hostapd, it is quite neat. 
> while adding a 2nd AP to
> > my network a thought occurred to me: if you had >3 APs that 
> were sufficiently
> > spread out and had tightly synced clocks you could likely 
> triangulate the source
> > of a wifi signal with a fair deal of accuracy.
> > 
> > is this doable?
> > 
> 
> yes
> 
> but it needs some heavy math ;). you can get some results by using the
> signal strength, but it is probably better if you also use the round
> trip time and some low level information.

I'm curious about this, especially about the final triangulation resolution.
The wifi signal propagates at the speed of light, 300k km/s, so to get a
(relatively poor) distance resolution of 1 km, one would need to be able to
reliably clock times smaller than (1 km) / (300k km/s) = 3 * 10^-6 s, or in
other words, less than three microseconds. 

GSM does something similar - since GSM is using TDMA, the signal from a
mobile terminal have to reach the base station during a specific timeframe
slot. On the mobile terminal there is a parameter called TA (for Timing
Advance) that shows the timing correction factor because of the distance to
the BTS, and if I recall correctly, it is possible to get a 250m resolution
out of TA. But GSM hardware is probably more suitable for this than regular
PC hardware.


> 
> once we implemented it with hostapd, a sql patch (to allow the central
> hostapd sensor to log into a postgresql database), some gps
> coordinates, and a hacked psql script to directly query the
> triangulated results from the database. a guy from the ccc implemented
> a php frontend to draw the station coodinates on an area map, but i
> would prefer an implementation using svg and firefox without the need
> of a server-side scripting language now ;).

Do you happen to have a screen capture of the result?

> 
> unfortunately, our code got lost after the experiment, but i may still
> find the hostapdsql diff.
> 
> reyk
> 

Mitja

Re: wifi signal triangulation

[Sam Fourman Jr.]

I would be interested in trying the hostapdsql diff

Sam Fourman Jr.

On 12/18/06, Reyk Floeter <[EMAIL PROTECTED]> wrote:

On Sun, Dec 17, 2006 at 12:09:12PM -0600, Jacob Yocom-Piatt wrote:
> only today have i tried out hostapd, it is quite neat. while adding a 2nd AP 
to
> my network a thought occurred to me: if you had >3 APs that were sufficiently
> spread out and had tightly synced clocks you could likely triangulate the 
source
> of a wifi signal with a fair deal of accuracy.
>
> is this doable?
>

yes

but it needs some heavy math ;). you can get some results by using the
signal strength, but it is probably better if you also use the round
trip time and some low level information.

once we implemented it with hostapd, a sql patch (to allow the central
hostapd sensor to log into a postgresql database), some gps
coordinates, and a hacked psql script to directly query the
triangulated results from the database. a guy from the ccc implemented
a php frontend to draw the station coodinates on an area map, but i
would prefer an implementation using svg and firefox without the need
of a server-side scripting language now ;).

unfortunately, our code got lost after the experiment, but i may still
find the hostapdsql diff.

reyk

OpenBSD and antispam - question

[smonek]

I have lan ( 50 computers ) and router OpenBSD 4.0 / Pf 
I also have mail server ( external isp )

mailserver -internet-router-lan

a need antispam gateway for my lan but i dont know who i can use with pf ( 
spamassisin / spamd  pop3 proxy ? ) 

Journal des cadeaux d'entreprise : Editorial Décembre

[Michelle Walter]

 Newsletter n012 Editorial Dicembre 2006 Cette fois nous y sommes, au
coeur de la remise des cadeaux de fin d'annie. Pour les retardataires,
nous avons silectionni quelques cadeaux d'affaires tout ` fait siduisants,
mais dij` les collections 2007 pointent le bout de leur nez et nous
n'avons pas pu nous empjcher d'y piocher quelques trisors.

Pour tout savoir sur un cadeau d'affaire qui vous siduit, cliquez sur le
visuel correspondant. Bonne lecture ` vous, Michelle Walter
Ridaction du Journal des Cadeaux d'Entreprise Actualiti produit [IMAGE]
Tourne-disque, le retour... (lundi 11 dicembre 2006)

Un profil ritro pour ce magnifique tourne-disque Hifi avec radio et
lecteur CD semi-automatique.

Lire la suite...[IMAGE] Ecriture et visibiliti... (lundi 11 dicembre
2006)

Exceptionnel, ce set de 3 marqueurs a l'immense avantage de prisenter une
grande surface de marquage sur son socle : 60 x 25 mm.

Lire la suite...[IMAGE] Textile iquitable et incontournable (lundi 11
dicembre 2006)

Issue du commerce iquitable, une toute jeune marque de polos et t-shirts
en coton 100% biologique se fait remarquer.

Lire la suite...[IMAGE] L'actualiti du cadeau d'entreprise
[IMAGE]

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, Cliq uez ici

Re: wifi signal triangulation

[Reyk Floeter]

On Sun, Dec 17, 2006 at 12:09:12PM -0600, Jacob Yocom-Piatt wrote:
> only today have i tried out hostapd, it is quite neat. while adding a 2nd AP 
> to
> my network a thought occurred to me: if you had >3 APs that were sufficiently
> spread out and had tightly synced clocks you could likely triangulate the 
> source
> of a wifi signal with a fair deal of accuracy.
> 
> is this doable?
> 

yes

but it needs some heavy math ;). you can get some results by using the
signal strength, but it is probably better if you also use the round
trip time and some low level information.

once we implemented it with hostapd, a sql patch (to allow the central
hostapd sensor to log into a postgresql database), some gps
coordinates, and a hacked psql script to directly query the
triangulated results from the database. a guy from the ccc implemented
a php frontend to draw the station coodinates on an area map, but i
would prefer an implementation using svg and firefox without the need
of a server-side scripting language now ;).

unfortunately, our code got lost after the experiment, but i may still
find the hostapdsql diff.

reyk

Re: dhcpd question

[Paul de Weerd]

On Sat, Dec 16, 2006 at 04:55:45PM +0800, Lars Hansson wrote:
| On Saturday 16 December 2006 06:47, Craig Skinner wrote:
| > Don't do that. DJB junk is not in ports for good reasons.
| 
| And the reason has nothing to do with the quality of DJB's stuff.

Even though many would argue that it sucks.

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/