Problems with X11 traffic over ssh in pf.conf
Hi all,
I need to allow X11 services over ssh for my developers on one openbsd box.
Rule for ssh service works ok, but when I try to start a X11 app (like xterm for
example on destination host) doesn't works.
On openbsd side nothing is dropped. Somebody knows how can I debug this?? Do I
need to open additional ports or protocols??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Installing Skype
Hi there, On Mar 23, 2007, at 6:47 AM, Rafael Morales wrote: I have OpenBSD 4.0 on a HP laptop and I need to install Skype because is for the comunication in my job and I have the freedom for install my lovely OpenBSD. This what I have done: 1. I installed the redhat_base-8.0p8.tgz for the emulation. 2. Download the skype-0_90_0_1.rpm and installed it with the /emul/linux/bin/rpm, all seemed good. 3. If I try to run it, I just see a error message looking for the lib file libXss.so.1. If someone has installed the skype could help me please ???. Skype is a buggy piece of sh*t. If you have to use it, then wrap it in a solid systrace policy if that's possible at all. I don't know about systrace and Linux emulation on OpenBSD. I wouldn't use the rpm, I'd instead download the statically linked file that's available on the Skype site: http://www.skype.org/go/getskype-linux-static That should solve all library issues. kind regards, Tobias W.
Re: Problems with X11 traffic over ssh in pf.conf
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote: Do I need to open additional ports or protocols?? Not so much additional ports or protocols, but are you sure you enabled X11 forwarding? A few suggestions for things to check: + in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ? + for the ssh client(s), did you choose to enable X11 forwarding? In ssh, you can use either the -X command line option or use settings to that effect in your config file (see ssh_config(5) for more info). Hope this helps, Rogier -- If you don't know where you're going, any road will get you there.
Re: Problems with X11 traffic over ssh in pf.conf
Rogier Krieger wrote:
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote:
Do I need to open additional ports or protocols??
Not so much additional ports or protocols, but are you sure you
enabled X11 forwarding?
A few suggestions for things to check:
+ in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ?
Yes
+ for the ssh client(s), did you choose to enable X11 forwarding?
Yes
In ssh, you can use either the -X command line option or use settings
to that effect in your config file (see ssh_config(5) for more info).
Hope this helps,
Rogier
My problem is wih pf rules. If I put on pf.conf pass all, all works ok.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Saving memory on small machines
Douglas Allan Tutty [EMAIL PROTECTED] writes: I'm speechless. This is the low water mark on misc@ this week. How can you call it a low water mark art? I wasn't speechless, I laughed my ass off. I needed the humor this morning, I'm hung over and spent the morning in a stupid meeting. That message made my day. Definately not a low water mark ;) My applogies. I don't get the humour. [...] Could some kind soul gently explain the humour? I suggest you strip away all those heavy symbols from /usr/lib/libc.so.* that makes it really slim and not wasting a lot of memory: $ ls -l libc.so.40.3 -rw-r--r-- 1 art art 3969130 Mar 23 10:09 libc.so.40.3 $ strip -s libc.so.40.3 $ ls -l libc.so.40.3 -rw-r--r-- 1 art art 603504 Mar 23 10:10 libc.so.40.3 Then you might see the humor. //art
Re: Problems with X11 traffic over ssh in pf.conf
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote: My problem is wih pf rules. If I put on pf.conf pass all, all works ok. Then the easiest debugging feature is doing a tcpdump on pflog0 for blocked packets. Assuming (without your pf.conf, it's hard to guess) you use a default block, add a log clause to that line. Blocked packets will then show up on tcpdump. $ sudo tcpdump -n -e -vv -ttt -i pflog0 Hope this helps, Rogier -- If you don't know where you're going, any road will get you there.
Re: Microsoft gets the Most Secure Operating Systems award
On 3/23/07 2:53 AM, Theo de Raadt wrote: Symantec have been trying to demonise OS X for a long while. And it is going to work soon. Because OS X has no Propolice-like compiler stack protection, nor anything like W^X which makes parts of the address space non-executable, nor anything like address space randomization which makes certain attacks very difficult, especially with the previous two techniques. Who says they don't have that all in their sleeves? Like OpenBSD OS X has a pretty clean and well maintained setup. I believe they can copy most of the defences without any problem from well tested OpenBSD and they would be pretty stupid if they didn't have done so already for testing. I presume they haven't put on those defenses to avoid problems with third party applications while there aren't serious security problems yet. So when they have a bug, it is exploitable just like bugs are on any other powerpc or i386 machine running some other operating system. These days even operating systems like Vista have the above 3 security technologies. But can we get back to OpenBSD discussions? Although misc carried quite some fluff lately, the implementation of more OpenBSD features in OS X is an interesting thought. +++chefren p.s. Maybe I was too harsh against Karel?
Re: CARP flip flop problems
On 2007/03/23 12:38, Nigel Roberts wrote: We're running carp on two Openbsd 4.0 routers on vlan interfaces and we're observing a state change from backup to master to backup on the host that should stay as the backup. This happens periodically and adjusting the advbase and advskew seems to have no effect apart from adjusting the periodicity of the state change. it might be useful to look at ifconfig -A when it happens; the carp hash includes the interface addresses. The backup also issues a CARP IPv6 announcement, which is strange because we don't have IPv6 configured. you probably have inet6 link-local addresses configured, it happens by default.
Re: zaurus bootstrapping
On 2007/03/23 00:24, Nick ! wrote: Is there any way to control the backlight? I don't see in the manpages any reference to it, but maybe I'm looking in the wrong places. wsconsctl(8) What's the upgrading procedure? Is it something like: put bsd.rd on the / filesystem somewhere and the filesets somewhere (else), reboot, at boot type the path to the upgrade kernel? Yes, that or 'tar xzpf base41.tgz', etc (though, if you're moving an Arm architecture machine from a release or snapshot before 2006/12/27 to something newer, bsd.rd is the simpler way due to a flag day - newer kernels don't run old binaries).
Re: Saving memory on small machines
*snip* I'm speechless. This is the low water mark on misc@ this week. //art How can you call it a low water mark art? I wasn't speechless, I laughed my ass off. I needed the humor this morning, I'm hung over and spent the morning in a stupid meeting. That message made my day. Definately not a low water mark ;) -Bob I agree :) Glad to make laughing you. Example given with stripe shows how we can save disk space on good known OS and services running on it, but I'm sure it's not recommended way. I think that anybody who wants running up several services on machine with only 48M RAM have also a small disk, so stripped libraries can solve a problem of small disk, thats all. I don't thint this is a low water mark, but (as you can see) it may be funny. I've got libraries with complete symbols on my own. Kamil Monticolo aka birkoff
Re: Problems with X11 traffic over ssh in pf.conf
On Fri, Mar 23, 2007 at 08:35:19AM +0100, carlopmart wrote: My problem is wih pf rules. If I put on pf.conf pass all, all works ok. Did you remember to pass loopback connections?
Re: Saving memory on small machines
Kamil Monticolo [EMAIL PROTECTED] writes: Example given with stripe shows how we can save disk space on good known OS and services running on it, but I'm sure it's not recommended way. I think that anybody who wants running up several services on machine with only 48M RAM have also a small disk, so stripped libraries can solve a problem of small disk, thats all. I don't thint this is a low water mark, but (as you can see) it may be funny. I've got libraries with complete symbols on my own. Yeye, the joke was funny once. It's not fun to repeat the same joke twice. //art ps. And I'm really sorry for you if you're actually trying to be serious.
Re: Installing Skype
On Fri, Mar 23, 2007 at 09:26:53AM +0100, Tobias Weisserth wrote: I wouldn't use the rpm, I'd instead download the statically linked file that's available on the Skype site: http://www.skype.org/go/getskype-linux-static That should solve all library issues. I did look at this once before. IIRC, Skype requires ALSA sound libs, which are not part of Linux emulation. The static executable has qt statically linked, which solves only one piece of the puzzle.
Re: Is OpenBSD good/best for my 486?
On Wed, 2007-03-21 at 22:37 -0400, Douglas Allan Tutty wrote: Hello, I've got a 486DX4-100 with 32 MB ram, ISA bus, with two drives: 840 MB and 1280 MB IDE. Currently running Debian GNU/Linux Sarge. [...] Debian Etch will need more than 32 MB ram so am starting the planning. I've compared Open-, Net-, and Free-BSD (via google search and reading the three web-sites) and like the security-by-default nature of Open- and its reputation for solid documentation. I'm used to the command line (hate GUI) and vi. Is there any reason that OpenBSD wouldn't be my best choice for this box? Assuming you don't try to do more with it than you have CPU and RAM for, you should be fine. However, once you've tested that all your hardware works with the GENERIC kernel, I would strongly recommend you compile a custom kernel and run that (do a Web search for a Perl program called dmassage which will help immensely), but keep a copy of GENERIC around in case problems do creep in. The reason for compiling a custom kernel in this case is to save memory; I saved about 2.5M on a similar system, which is a lot when you only have 32M to begin with (with any system much newer it's usually not worth it). -- Shawn K. Quinn [EMAIL PROTECTED]
Re: zaurus bootstrapping
On 3/23/07, Theo de Raadt [EMAIL PROTECTED] wrote: zaurus is quite brittle and depends on some of the stuff on the disk. I really don't agree. That was mostly in the past. These days I always install a zaurus without any Linux on the drive. That linux stuff is not neccessary anymore. This is good to hear, with only a few gb, it'll be nice to take back the ~500mb the linux filesystem is holding on my device. Also, if I understand correctly, the HD can be blown away completely (or even removed), and we can still boot linux off the embedded flash?
Re: Microsoft gets the Most Secure Operating Systems award
On 3/23/07, chefren [EMAIL PROTECTED] wrote: p.s. Maybe I was too harsh against Karel? Survey says: No. DS
Re: Request for links to BSD adminstration docs
On Thursday 22 March 2007 22:08, Darrin Chandler wrote: On Fri, Mar 23, 2007 at 12:40:48AM -0400, Douglas Allan Tutty wrote: Sounds similar to debian which also has to reboot a new kernel. Do you run the rebuild niced? I don't. I want it to be done as soon as possible. If you want your build done as soon as possible, then you would use nice(1) as root to have the build process run at a higher priority and hence receive more processing time. # nice -n -20 make build Is building at maximum priority, or even higher priority, a smart thing to do? -I don't know. But I can say the examples in the release(8) man page suggest *lowering* the priority and hence receive less processing time -- the default operation of nice(1) is to lower priority. # nice make build which is equivalent to # nice -n 10 make build The range of numbers used with nice(1), from 20 to -20, are somewhat counter intuitive since (positive) 20 is the lowest priority and (negative) -20 is the highest priority. If you're using csh(1), the syntax for nice(1) is different because it's built into the shell -- see the BUGS section of the nice(1) man page. But of course, building the system with anything other than the default shell, ksh(1), is unsupported. As for the wisdom and/or reasoning of lowering the priority of the build as suggested in release(8), I would guess it has something to do with the pain the developers endure when building releases on very slow archs where the source tree is mounted read only via nfs over very slow network connections (i.e vax). -It's just a guess and may be wrong. Kind Regards, JCR
Re: Microsoft gets the Most Secure Operating Systems award
On 3/23/07, Darren Spruell [EMAIL PROTECTED] wrote: On 3/23/07, chefren [EMAIL PROTECTED] wrote: p.s. Maybe I was too harsh against Karel? Survey says: No. DS I agree :) Marius
Re: Request for links to BSD adminstration docs
On 3/23/07, Douglas Allan Tutty [EMAIL PROTECTED] wrote: Thanks for your suggestions re used books. I'll try some of Kingston's used book stores and see what I can get at the Queen's book store. You can also check Amazon.com. For example used copy of Absolute OpenBSD costs less than 15 bucks there. Andrey
Re: Request for links to BSD adminstration docs
J.C. Roberts [EMAIL PROTECTED] writes: as suggested in release(8), I would guess it has something to do with the pain the developers endure when building releases on very slow archs It's always better to run batch processing with nice. The only reason is not to affect normal work on the machine. This of course implies that it doesn't make sense to use nice when the machine is only doing this one lengthy job. Darrin Chandler [EMAIL PROTECTED] writes: run the rebuild niced? I don't. I want it to be done as soon as possible. This doesn't give you much. But it may hurt responsiveness of your system as a whole. Regards, Frank
Re: Request for links to BSD adminstration docs
On Fri, Mar 23, 2007 at 12:07:54AM -0500, Marco Peereboom wrote: However, is it correct that when a new release comes out every six months, you have to reboot into that? How long does an upgrade from one release to the next take? Minutes on a fast machine. I have seen a HPPA B180 take like 25 minutes but that is the exception and not the norm. The OpenBSD man pages are outstanding. Start with the FAQ and then move on to the man pages and life will be good. How does an HPPA B180 compare with a 486? I think I'll see if I can download the manpages separatly and view them with debian's groff (or more simply, with Midnight Commander). Thanks, Doug.
Re: Request for links to BSD adminstration docs
On Thu, Mar 22, 2007 at 10:08:02PM -0700, Darrin Chandler wrote: On Fri, Mar 23, 2007 at 12:40:48AM -0400, Douglas Allan Tutty wrote: However, is it correct that when a new release comes out every six months, you have to reboot into that? How long does an upgrade from one release to the next take? Yes, you must reboot and perform the upgrade. If you read the upgrade guide and get your ducks in a row you can be all done *easily* in 30 minutes. If there were some kind of contest with cash prizes it could probably be done much quicker. However, it's much more important to get the steps right than to do it quickly, IMHO. So on a production machine, it has to be off-line for 30 minutes every six months (not complaining, just clarifying). history you can pick up some interesting bits around the net. The Wikipedia pages on this aren't as bad as they could be. http://en.wikipedia.org/wiki/OpenBSD http://en.wikipedia.org/wiki/Berkeley_Software_Distribution I've read them and they seem like a good introduction. I'd like to track down the origional BSD SMM (assuming that it was released under a BSD licence), from before it was printed by O'Reily and hense copywritten. Thanks Doug.
Re: Is OpenBSD good/best for my 486?
Shawn K. Quinn wrote: Assuming you don't try to do more with it than you have CPU and RAM for, you should be fine. However, once you've tested that all your hardware works with the GENERIC kernel, I would strongly recommend you compile a custom kernel and run that (do a Web search for a Perl program called dmassage which will help immensely), but keep a copy of GENERIC around in case problems do creep in. The reason for compiling a custom kernel in this case is to save memory; I saved about 2.5M on a similar system, which is a lot when you only have 32M to begin with (with any system much newer it's usually not worth it). If he's not using all 32mb (command-line, no X) then what's that gain?
Re: Request for links to BSD adminstration docs
Hi Douglas, Just bumping into this thread. So on a production machine, it has to be off-line for 30 minutes every six months (not complaining, just clarifying). Basically, yes. But, that would mean no patches applied to your production system during those six months. If you were to build a new release(8) any time -stable changes (and you should), then it'd be more. Any update between upgrades takes significantly less time than an upgrade. HTH... Nico
Re: Is OpenBSD good/best for my 486?
On Fri, Mar 23, 2007 at 06:56:32AM -0500, Shawn K. Quinn wrote: On Wed, 2007-03-21 at 22:37 -0400, Douglas Allan Tutty wrote: Hello, I've got a 486DX4-100 with 32 MB ram, ISA bus, with two drives: 840 MB and 1280 MB IDE. Currently running Debian GNU/Linux Sarge. Assuming you don't try to do more with it than you have CPU and RAM for, you should be fine. However, once you've tested that all your hardware works with the GENERIC kernel, I would strongly recommend you compile a custom kernel and run that (do a Web search for a Perl program called dmassage which will help immensely), but keep a copy of GENERIC around in case problems do creep in. The reason for compiling a custom kernel in this case is to save memory; I saved about 2.5M on a similar system, which is a lot when you only have 32M to begin with (with any system much newer it's usually not worth it). I thought compiling a custom kernel was _discouraged_? I just loaded the 486 to the most I ever do: ssh to the big box (titan) to pon courer (the modem) and run bwm ssh to titan for mutt run aptitude, update the package list run top to watch everything run X with icewm: rxvt ssh titan, to run conquorer go to theweathernetwork.com I'm using 6 MB swap, but the system is not spending any time waiting for I/O. Aptitude is taking 75% of the CPU, top on a 2 second delay is taking 10%. I can still browse the net; the wait is a slow dial-up connection. I don't know how to tell how big the kernel in memory is since its modular. So I'll have to see how the generic kernel does. Doug.
Re: Request for links to BSD adminstration docs
On Friday 23 March 2007 8:30 am, Douglas Allan Tutty wrote: On Thu, Mar 22, 2007 at 10:08:02PM -0700, Darrin Chandler wrote: On Fri, Mar 23, 2007 at 12:40:48AM -0400, Douglas Allan Tutty wrote: However, is it correct that when a new release comes out every six months, you have to reboot into that? How long does an upgrade from one release to the next take? Yes, you must reboot and perform the upgrade. If you read the upgrade guide and get your ducks in a row you can be all done *easily* in 30 minutes. If there were some kind of contest with cash prizes it could probably be done much quicker. However, it's much more important to get the steps right than to do it quickly, IMHO. So on a production machine, it has to be off-line for 30 minutes every six months (not complaining, just clarifying). Or every year since the previous release version is also supported. For example, if you installed 3.9 last year you don't have to worry about upgrading until 4.1 comes out. -- Tim Kuhlman Network Administrator ColoradoVnet.com
Re: Installing Skype
I have downloaded, but where I put the uncompressed folder ??. I put it under /emul/linux, but how do I execute it ?? --- Tobias Weisserth [EMAIL PROTECTED] escribis: Hi there, On Mar 23, 2007, at 6:47 AM, Rafael Morales wrote: I have OpenBSD 4.0 on a HP laptop and I need to install Skype because is for the comunication in my job and I have the freedom for install my lovely OpenBSD. This what I have done: 1. I installed the redhat_base-8.0p8.tgz for the emulation. 2. Download the skype-0_90_0_1.rpm and installed it with the /emul/linux/bin/rpm, all seemed good. 3. If I try to run it, I just see a error message looking for the lib file libXss.so.1. If someone has installed the skype could help me please ???. Skype is a buggy piece of sh*t. If you have to use it, then wrap it in a solid systrace policy if that's possible at all. I don't know about systrace and Linux emulation on OpenBSD. I wouldn't use the rpm, I'd instead download the statically linked file that's available on the Skype site: http://www.skype.org/go/getskype-linux-static That should solve all library issues. kind regards, Tobias W.
Re: Is OpenBSD good/best for my 486?
* Douglas Allan Tutty [EMAIL PROTECTED] [2007-03-23 16:12]: I thought compiling a custom kernel was _discouraged_? so is giving bad advice on mailing lists. yet, people keep doing both. I see no reason not to use GENERIC on a 32MB system. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: isakmpd gateway-to-gateway VPN woes...
Hello Jack, Thursday, March 22, 2007, 6:49:14 PM, you wrote: JB ... having some trouble getting a LAN-to-LAN VPN working ... JB10.0.0.2/24 --- 10.0.0.1/24 JB L1 F1 F2 L2 JB 10.4.14.1 --- 10.4.12.1/22 10.2.12.1/22 --- 10.2.14.1 JB L1,L2 - laptops JB F1,F2 - Soekris net4801 firewalls JB What works: JB L1-F1 lan communication JB L2-F2 lan communication JB F1-F2 lan communication JB F1-F2 IPSec communication (evidenced by F1 running ping 10.0.0.1 and JB seeing only esp packets in tcpdump) JB What doesn't work: JB F1-L2 gateway'd VPN JB F2-L1 gateway'd VPN JB L1-L2 gateway-to-gateway'd VPN Sorry if I miss something, but I don't see you trying to test Network-to-Network VPN you are talking about. Does it work from an internal computer in one network to an internal computer in another? Gateway-to-Gateway doesn't (and shouldn't, I think) work out of the box with the Network-to-Network VPN. Adding manual routs helped me to solve it. Something like route add 10.2.12.0/22 10.4.14.1 on the F1 and route add 10.4.12.0/22 10.2.14.1 on the F2. Your numbers a bit confusing, but it's a route add network_on_the_other_side gateways_internal_interface. -- Best regards, Borismailto:[EMAIL PROTECTED]
Convergence time with carp(4)
Hi list, Please Cc: me in your reply, I'm not subscribed. I'm setting up a redundant router using OpenBSD and carp(4), as you surely have already deduced :). The configuration is pretty simple: +-+ bnx0| |bnx1 +--| A |--+ | .251| |.251 | | . +-+ . | | .. | 192.168.0.0/24| carp0 carp1 |10.0.0.0/24 ---+ .254 .254 + | carp0 carp1 | | .. | | . +-+ . | | .252| |.252 | +--| B |--+ bnx0| |bnx1 +-+ A# ifconfig em0 inet 192.168.0.251 0xff00 A# ifconfig carp0 inet 192.168.0.254 0xff00 vhid 1 advskew 0 A# ifconfig em1 inet 10.0.0.251 0xff00 A# ifconfig carp1 inet 10.0.0.254 0xff00 vhid 2 advskew 0 A# sysctl net.inet.carp.preempt=1 B# ifconfig em0 inet 192.168.0.252 0xff00 B# ifconfig carp0 inet 192.168.0.254 0xff00 vhid 1 advskew 100 B# ifconfig em1 inet 10.0.0.252 0xff00 B# ifconfig carp1 inet 10.0.0.254 0xff00 vhid 2 advskew 100 B# sysctl net.inet.carp.preempt=1 - We are using stock OpenBSD 4.0 for our test. - pf(4) is disabled. - The network adapters are: Broadcom BCM5708 - The firewalls themselves are Dell PowerEdge 1950(!). This works quite well but sometimes we're experiencing some delay when we plug out or in one of the master's cable, seemlingly when we are running ifconfig(8) very oftern to check the carp(4) interface's state. Without running ifconfig(8) too often, the convergence time is a few seconds but we managed to increase the delay up to 2 minutes with this trick. Does anyone have any idea about what's the problem here ? Thank you. Best regards, -- Jeremie Le Hen jeremie at le-hen dot org ttz at chchile dot org
Re: zaurus bootstrapping
Also, if I understand correctly, the HD can be blown away completely (or even removed), and we can still boot linux off the embedded flash? It can still boot linux off the embedded flash effectively in single user mode. That's all that they fit up there. And that is where we place our boot program, which then boots openbsd off the drive.
Re: Request for links to BSD adminstration docs
On Fri, Mar 23, 2007 at 06:36:34AM -0700, J.C. Roberts wrote: I don't. I want it to be done as soon as possible. If you want your build done as soon as possible, then you would use nice(1) as root to have the build process run at a higher priority and hence receive more processing time. # nice -n -20 make build I shouldn't EVER use absolute terms ;) On the boxes I deal with (from old slooow, to pretty darned fast) I'm happy to let the build process run as is. None of my production machines are close to the edge on performance, and continue to be responsive enough during builds. Having watched top friends during builds I don't think I'd get much out of nicing -20 except for worse performance on the production services. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Request for links to BSD adminstration docs
On Fri, Mar 23, 2007 at 10:30:43AM -0400, Douglas Allan Tutty wrote: Yes, you must reboot and perform the upgrade. If you read the upgrade guide and get your ducks in a row you can be all done *easily* in 30 minutes. If there were some kind of contest with cash prizes it could probably be done much quicker. However, it's much more important to get the steps right than to do it quickly, IMHO. So on a production machine, it has to be off-line for 30 minutes every six months (not complaining, just clarifying). In practice it should be less than that. But yes, following the normal process you will have downtime/reboots every six months for upgrading. If you search the archives for this list, you'll find WAY TOO MUCH discussion about uptime and rebooting. I'll condense it for you: it's OK to reboot and 'ruin' your uptime for scheduled maintenance. Bragging about uptime means your system is unpatched. If you have critical systems that can't be down for upgrades, then you need redundant servers anyway. In which case you upgrade one at a time. ;) -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: HP SA P400/P800 ciss support and caveats
--- Quoting Boris Golberg on 2007/03/22 at 19:12 -0500: Hello guys, We are looking to buy an HP ProLiant DL320s server with about 5-8 terabyte of storage and Smart Array P400 or P800 for a backup purposes. According to www.openbsd.org/cgi-bin/man.cgi?query=cissarch=i386sektion=4 it should be supported in -current, but the current code only supports one logical volume per controller. This scared me because according to the FAQ there is a 1T limit on the size of the physical disk, but I need to utilize much more. What does logical volume mean here - RAID set or LUN ? In the other words, is there any way to use that storage with OBSD ? The FAQ is referring to a RAID volume. You should search the archives for discussion of the 1TB limit. .joel
Re: use OpenBSD to blacklist phone calls?
SUCCESS the package mgetty+sendfax can be used to intercept phone calls by callerID using fax answer after modification to port mgetty+sendfax --- notes --- I had ordered a generic modem for asterisk usage, but was warned that it may need Zaptel support by a subscriber, so that was a wasted $6 + $9 shipping, so I went back to the scrounge pile and found in an old external USR modem that supported callerID, AT#CID=1 After a modem relearning curve I got mgetty+sendfax running Some tips: # grep cua /etc/ttys cua00 /usr/local/sbin/mgettyvt100 on insecure #to pickup changes to /etc/ttys kill -1 1 #And you make config changes and want to make #sure mgetty picks them up you can kill the mgetty PID #and /sbin/init will restart it. HOWever... mgetty from the port package would ignore the configuration file /etc/mgetty+sendfax/dialin.config I discovered the port package needs to also uncomment a line in the default policy.h file the line to use dialin.config. If you look at the used policy.h files you will see /* #define CNDFILE dialin.config */ I found the existing patch that already touches the file, /usr/ports/comms/mgetty+sendfax/patches/patch-policy_h_dist And I edited out the comment on that line and remade the patch, diff -u and saved result over patch-polich_h_dist (also attached to this email) Then I removed the package, and port working directory and make package. IT WORKS now. I'll send an email to port maintainer about it. If someone see how this becomes a security issue to enable, please inform. ... So in conclusion I implemented this on OPENBSD 4.0, and if you want to use the callerID feature mgetty+sendfax... http://home.leo.org/~doering/mgetty/mgetty_15.html#SEC15 You will have to recompile after modifying policy.h I added none for UNKNOWN callerids and some recent pesty callerIDs and the !all at end of the dialin.config file and its so sweet to have the fax answer the telemarketers. It looks like mgetty.config has hooks and could use external resources to phonenumbers to block, so some of the jokes about using something like spamd-setup may be feasible :) but for now I can edit /etc/mgetty+sendfax/dialin.config and mgetty reads the text file changes w/o hangup signal or restarting the process. Enjoy. ps., be sure to verigy your modem has support for callerID, http://ftp.mtnsys.com/pages/howto/htmdmtst.htm --- policy.h-dist.orig Wed Feb 22 13:56:31 2006 +++ policy.h-dist Fri Mar 23 15:10:41 2007 @@ -48,7 +48,7 @@ * Normally, this is /bin/login, just a few systems put login * elsewhere (e.g. Free/NetBSD in /usr/bin/login). */ -#define DEFAULT_LOGIN_PROGRAM /bin/login +#define DEFAULT_LOGIN_PROGRAM /usr/bin/login /* FidoNet mailer support * @@ -85,7 +85,7 @@ * ZyXELs use S40.2=1. * If the path doesn't start with /, it's relative to CONFDIR. */ -/* #define CNDFILE dialin.config */ +#define CNDFILE dialin.config /* If you want to use /etc/gettydefs to set tty flags, define this @@ -114,7 +114,7 @@ /* group id that the device is chown()ed to. If not defined, the * primary group of DEVICE_OWNER is used. */ -#define DEVICE_GROUP modem +#define DEVICE_GROUP dialer /* access mode for the line while getty has it - it should be accessible * by uucp / uucp, but not by others (imagine someone dialing into your @@ -249,7 +249,7 @@ # ifdef linux # define LOCK /var/lock/LCK..%s # endif -# if defined(__FreeBSD__) || defined(__NetBSD__) +# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) # define LOCK /var/spool/lock/LCK..%s # endif #endif @@ -564,7 +564,7 @@ #endif #ifndef MAILER -# define MAILER/usr/lib/sendmail +# define MAILER/usr/sbin/sendmail # define NEED_MAIL_HEADERS #endif
Re: Saving memory on small machines
On Thursday 22 March 2007 05:54, Kamil Monticolo wrote: You may also stripe nearly all of your libraries, for example: # ls -lhS /usr/lib/libcrypto*a -r--r--r-- 1 root bin 11.7M Mar 22 13:53 /usr/lib/libcrypto_pic.a -r--r--r-- 1 root bin 11.6M Mar 22 13:53 /usr/lib/libcrypto_p.a -r--r--r-- 1 root bin 11.5M Mar 22 13:53 /usr/lib/libcrypto.a # strip -s /usr/lib/libcrypto*a # ls -lhS /usr/lib/libcrypto*a -r--r--r-- 1 root bin 909K Mar 22 13:53 /usr/lib/libcrypto_pic.a -r--r--r-- 1 root bin 865K Mar 22 13:53 /usr/lib/libcrypto_p.a -r--r--r-- 1 root bin 835K Mar 22 13:53 /usr/lib/libcrypto.a looks fine? No. You've just destroyed your libraries in a way that's worse than just deleting them since now you will need to wade through strange error messages which are trying to tell you why your stripped libraries no longer work. The most common way for software to call library functions is by symbolic function name, rather than by ordinal or by location. When you remove all of the symbolic function names in a library, you can no longer call a function by its name and all software that calls by name will break. The above is only the start of your problems. When a library is loaded, it is seldom loaded at a pre-known exact address, instead, the operating system will take the suggested load address (nearly always occupied by another library), find some available free space in memory at a different address, load the library into the available free space, and then adjust the library code for the relocation. Without the symbols necessary for relocation, the library can not be relocated and loading the library will fail because the suggested address is most likely already in use by another library. Your problems are even worse than the above (over) simplification when you realize OpenBSD uses Address Space Layout Randomization (ASLR) to intentionally prevent executable code from being located at addresses known by an attacker. If saving disk space is absolutely critical to your application (usually some kind of embedded system without a disk and highly limited flash storage) and you are *forced* by your constraints to remove symbols to save space, then use the --strip-debug option. $ mkdir ~/test $ cd ~/test $ cp /usr/lib/libcrypto*.a . $ sudo strip --strip-debug ./libcrypto* Password: $ ls -1 | xargs -I % mv % %.stripped $ cp /usr/lib/libcrypto*.a . $ ll total 80172 drwxr-xr-x 2 jcr jcr 512 Mar 23 09:30 ./ drwxr-xr-x 59 jcr jcr 4096 Mar 23 09:29 ../ -r--r--r-- 1 jcr jcr 12038344 Mar 23 09:30 libcrypto.a -r--r--r-- 1 jcr jcr 1454880 Mar 23 09:30 libcrypto.a.stripped -r--r--r-- 1 jcr jcr 12104302 Mar 23 09:30 libcrypto_p.a -r--r--r-- 1 jcr jcr 1520552 Mar 23 09:30 libcrypto_p.a.stripped -r--r--r-- 1 jcr jcr 12195228 Mar 23 09:30 libcrypto_pic.a -r--r--r-- 1 jcr jcr 1600072 Mar 23 09:30 libcrypto_pic.a.stripped $ Sure, you've may have saved 30MiB of disk (and still have working libraries) but it comes at the price of making debugging far more difficult, time consuming and costly. Outside of your suggested destruction of the libraries, even when correctly removing only debug symbols, every single sane, volunteer, open source developer with very limited time, would rightfully refuse to help a person with a problem when the person has *intentionally* made their problem more difficult to debug. kind regards, jcr
OpenNTPD reliability
Hello, I've set up OpenNTPD 3.9p1 on Linux with a couple of servers to sync to and listen on to sync my machines to OpenNTPD. Clients (some openntpds, some ntpds, some Cisco routers) refuse to sync to my server. OpenNTPD on a client reports my OpenNTPD server is not synced. This is not documented in the manuals, but googling a bit I found out that OpenNTPD takes quite a lot of time to sync its clock to the servers. Is there a way to obtain a reliable and fast syncing? I heard about timedelta sensors. Are these devices supported by openntpd when running on linux? thanks Luca
Re: Microsoft gets the Most Secure Operating Systems award
On 3/23/07, Jeff Rollin [EMAIL PROTECTED] wrote: On 22/03/07, Greg Thomas [EMAIL PROTECTED] wrote: On 3/22/07, Jeff Rollin [EMAIL PROTECTED] wrote: On 22/03/07, Marc Espie [EMAIL PROTECTED] wrote: On Thu, Mar 22, 2007 at 03:28:29PM -0400, Douglas Allan Tutty wrote: Their challenge is that they need to provide choice so they have what they call reasonable defaults. No, they don't need to provide choice. At least not that many. They decide to do so. That's most of what's wrong with OS stuff these days. Too many choices. Too many knobs. Every day, I see people shoot themselves in the foot, not managing to administer boxes and networks in a simple way, making stupid decisions that don't serve any purpose. ACL, enforced security policies, reverse proxy setups, user accounts, network user groups, PAM, openldap, reiserfs, ext3fs, ext2fs... so many choices. So many wrong choices. Multiple user accounts and a journalling facility on a filesystem == wrong: Interesting perspective. At some point, the people who package the software need to make editorial decisions. Remove knobs. Provide people with stuff that just works. Remove options. Or definitely give them the means to do the trade-off correctly. Okay, it's a losing battle. I'm an old grumpy fart. Okay, a lot of IT people are just earning their wages by managing the incredibly too complex setups we face nowadays (and not screwing too badly in front of a multitude of stupide innane choices). Linux is the `culture of choice'. Provide ten MTA, ten MUA. Twenty window managers. Never decide which one you want to install, never give you a default installation that just works. Cater to the techy, nerdy culture of people who want to spend *days* just making choices. Wrong. Unix is the culture of choice, and that includes Linux and OpenBSD. How many MTAs, MUAs, http servers, text editors, DNS servers, FTP servers, etc. are included with OpenBSD? Never counted 'em, but that's not the point. Well, that was Marc's point. I choose OpenBSD because there isn't alot of extra crap. The point is that OpenBSD is a Unix-like operating system, and that therefore if you don't like the way OpenBSD does things you can move relatively easily to NetBSD, FreeBSD, DragonFlyBSD, Solaris, AIX, Linux... any or all of which may, and any and all of which are free to, include more or less choices in MTAs, MUAs and the rest than OpenBSD. Whether I can choose other OSes is completely irrelevant to the above point. The point was why I choose OpenBSD over the others. Greg
Strange locate behavior
I'm running OpenBSD -current from 3-10-07. I just ran /usr/libexec/locate.updatedb as root on my system. When I run locate mutt I get this error locate database header corrupt, bigram char outside 0, 32-127: 14. I've tried to run locate.updatedb again but the following locate yields the same result. Any ideas?
Re: Request for links to BSD adminstration docs
On 3/23/07, Douglas Allan Tutty [EMAIL PROTECTED] wrote: On Fri, Mar 23, 2007 at 12:07:54AM -0500, Marco Peereboom wrote: However, is it correct that when a new release comes out every six months, you have to reboot into that? How long does an upgrade from one release to the next take? Minutes on a fast machine. I have seen a HPPA B180 take like 25 minutes but that is the exception and not the norm. The OpenBSD man pages are outstanding. Start with the FAQ and then move on to the man pages and life will be good. How does an HPPA B180 compare with a 486? I think I'll see if I can download the manpages separatly and view them with debian's groff (or more simply, with Midnight Commander). Or http://www.openbsd.org/cgi-bin/man.cgi Greg
Help with dmesg GENERIC i386 won't boot in -current
hello misc@ I have the results of a dmesg below on -current I could boot GENERIC i386 from a snapshot build that was dated 3-10-2007 however when I did a fresh install of -current based on the snapshot I just downloaded from ftp.openbsd.org, I can not boot GENERIC i386, however GENERIC.MP w/ acpi enabled works Maybe there are bigger changes at work here and this is supposed to be broken. Thank you OpenBSD developers for all your great work. Sam Fourman Jr. 8 ports with 8 removable, self powered ppb4 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd4 pci5 at ppb4 bus 1 malo0 at pci5 dev 0 function 0 Marvell Libertas 88W8310 rev 0x07: irq 6, address 00:00:00:00:00:00 vendor TI, unknown product 0x8025 (class serial bus subclass Firewire, rev 0x01) at pci5 dev 3 function 0 not configured pciide0 at pci5 dev 4 function 0 ITExpress IT8212F rev 0x13: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using irq 11 for native-PCI interrupt pciide1 at pci5 dev 5 function 0 CMD Technology SiI3114 SATA rev 0x02: DMA pciide1: using irq 11 for native-PCI interrupt ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x04: PM disabled pciide2 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x04: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide2 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, DVD RW DW-D22A, BYS2 SCSI0 5/cdrom removable atapiscsi1 at pciide2 channel 0 drive 1 scsibus1 at atapiscsi1: 2 targets cd1 at scsibus1 targ 0 lun 0: SONY, CD-RW CRX320E, NYK5 SCSI0 5/cdrom removable cd0(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 4 cd1(pciide2:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide2: channel 1 disabled (no drives) pciide3 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x04: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide3: using irq 3 for native-PCI interrupt wd0 at pciide3 channel 0 drive 0: HDS722580VLSA80 wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors wd0(pciide3:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide3 channel 1 drive 0: HDS722580VLSA80 wd1: 16-sector PIO, LBA48, 78533MB, 160836480 sectors wd1(pciide3:1:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x04: irq 3 iic0 at ichiic0 lm1 at iic0 addr 0x2f: W83791SD iic0: addr 0x4e 05=80 06=0f 0a=ff usb1 at uhci0: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered usb2 at uhci1: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered usb3 at uhci2: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered OpenBSD 4.1-current (GENERIC.MP) #1238: Wed Mar 21 17:32:34 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.22 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR real mem = 2146725888 (2096412K) avail mem = 1951940608 (1906192K) using 4278 buffers containing 107458560 bytes (104940K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 03/23/05, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xf04d0 (79 entries) bios0: ASUSTeK Computer INC. P5AD2-E-Premium apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8160/352 (20 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xee00! 0xcf000/0x4800 acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82925X MCH Host rev 0x0e ppb0 at pci0 dev 1 function 0 Intel 82925X PCIE rev 0x0e pci1 at ppb0 bus 5 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 6800 GT rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04: apic 2 int 16 (irq 10) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: CMedia CMI9880 (rev. 0.2), HDA version 0.9 azalia0: /usr/src/sys/dev/pci/azalia.c/1159 invalid PCM format: 0x delete_encodings... ppb1 at pci0 dev
Re: named stopped with error
On Thursday 22 March 2007 23:32, RW wrote: On a firewall that is not mine but where the admins run to me for help 8-) somebody noticed that name resolution was not working. rc.conf.local says: named_flags= named.conf is the default (caching with recursion only for local clients) uname says: OpenBSD fw.example.com.au 3.9 GENERIC#617 i386 /var/log/daemon says: Mar 23 00:13:03 fw named[13888]: /usr/src/usr.sbin/bind/lib/isc/mem.c:628 : INSIST(((unsigned char *)mem)[size] == 0xbe) failed Mar 23 00:13:03 fw named[13888]: exiting (due to assertion failure) It started up manually and ran as it has for the past (nearly) year, so it looks like a one-off but I'd love to hear of possible causes. Thanks, Rod/ From the land down under: Australia. Do we look umop apisdn from up over? Rod, No dmesg? 3.9 GENERIC#617 seems to be an unpached 3.9-RELEASE It may not be the cause but at least it is relevant: http://www.openbsd.org/errata39.html 010: SECURITY FIX: September 8, 2006 All architectures Two Denial of Service issues have been found with BIND. HTH, JCR
Re: named stopped with error
On Thursday 22 March 2007 23:32, RW wrote:
It started up manually and ran as it has for the past (nearly) year,
so it looks like a one-off but I'd love to hear of possible causes.
Thanks,
Rod/
from: src/usr.sbin/bind/lib/isc/mem.c
/*
* Perform a free, doing memory filling and overrun detection as
necessary.
*/
static inline void
mem_put(isc_mem_t *ctx, void *mem, size_t size) {
#if ISC_MEM_CHECKOVERRUN
INSIST(((unsigned char *)mem)[size] == 0xbe);
#endif
#if ISC_MEM_FILL
memset(mem, 0xde, size); /* Mnemonic for dead. */
#else
UNUSED(size);
#endif
(ctx-memfree)(ctx-arg, mem);
}
The error you hit was in a free function, line 628. Listed in the CVE is
a Use-after-free vulnerability (CVE-2007-0493) which may or may not
be related (OpenBSD is not listed as vulnerable).
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bind
jcr
Re: Installing Skype
I need the shared library libasound.so.2, anybody could send to me ???, I don't have a linux box here. Regards --- Nick ! [EMAIL PROTECTED] escribis: The large file called 'skype' is the binary. Just execute it (go to a command line, cd to that directory, chmod +x it if necessary, and then just type ./skype). If linux emulation is set up properly OpenBSD should figure out that it's a linux program and hook it correctly. On 3/23/07, Rafael Morales [EMAIL PROTECTED] wrote: I have downloaded, but where I put the uncompressed folder ??. I put it under /emul/linux, but how do I execute it ?? --- Tobias Weisserth [EMAIL PROTECTED] escribis: Hi there, On Mar 23, 2007, at 6:47 AM, Rafael Morales wrote: I have OpenBSD 4.0 on a HP laptop and I need to install Skype because is for the comunication in my job and I have the freedom for install my lovely OpenBSD. This what I have done: 1. I installed the redhat_base-8.0p8.tgz for the emulation. 2. Download the skype-0_90_0_1.rpm and installed it with the /emul/linux/bin/rpm, all seemed good. 3. If I try to run it, I just see a error message looking for the lib file libXss.so.1. If someone has installed the skype could help me please ???. Skype is a buggy piece of sh*t. If you have to use it, then wrap it in a solid systrace policy if that's possible at all. I don't know about systrace and Linux emulation on OpenBSD. I wouldn't use the rpm, I'd instead download the statically linked file that's available on the Skype site: http://www.skype.org/go/getskype-linux-static That should solve all library issues. kind regards, Tobias W.
Re: Installing Skype
Hi, On Mar 23, 2007, at 6:24 PM, Rafael Morales wrote: I need the shared library libasound.so.2, anybody could send to me ???, I don't have a linux box here. I need my box rooted, can anybody please send me a trojaned binary library I have to trust blindly? If you really need binary libraries at least try to get them from a trustworthy source. Use any of the RPM search engines and search for an RPM package that contains that library. Use a RPM package from any of the official mirrors of major distributions. Download the RPM, verify its signature with GnuPG and extract its contents. The GnuPG key to verify against should be on the installation CDs of the distribution. Maybe packages even have MD5 sums, I don't know... Good luck! Tobias W.
Re: Saving memory on small machines
On Fri, Mar 23, 2007 at 10:27:45AM -0700, J.C. Roberts wrote: No. You've just destroyed your libraries in a way that's worse than just deleting them since now you will need to wade through strange error messages which are trying to tell you why your stripped libraries no longer work. Stripping symbols from a .a archive does render it useless, but I suspect otherwise you're thinking about .so libraries. Archives are only used at link-time. ld.so(1) deals with shared objects files (i.e., .so files).
maxcluster errors
I've looked over this mailing list and noticed some questions about maxclusters I'm running a wireless ap and for some reason the wireless link seems to die on me intermittently Looking at /var/log/messages I notice errors referring to maxclusters. I then increased my maxclusters to 65000 and haven't had it going out yet (I'm running very aggressive ping tests from a host connected to a local WIRED network) However, when I do a netstat -m I notice mbuf clusters goes up and up and never comes back down. Is this what's supposed to happen? What happens when it maxes out again - I imagine I lose my wireless link? I'm running openbsd 4.0 Sorry about the lack of detail in this post - unfortunately (much to my emberassment) this is running in production and I need to babysit this thing. Any suggestions would be appreciated Thanks!
Re: Installing Skype
On Friday 23 March 2007 11:35, Tobias Weisserth wrote: On Mar 23, 2007, at 6:24 PM, Rafael Morales wrote: I need the shared library libasound.so.2, anybody could send to me ???, I don't have a linux box here. I need my box rooted, can anybody please send me a trojaned binary library I have to trust blindly? Tobias, You telling the above good advice to someone, Rafael, who is *already* trying to install a trojaned binary (skype) on their OpenBSD system. Skype is dangerous. Periord. End of discussion. If anyone doesn't believe the above statement of fact, they have only two possible ways to prove or disprove it: 1.) Have the many months of time and highly advanced reverse engineering skills necessary to fully audit the skype binaries including getting around their executable packing, morphing, validation, anti-debugging and other nasty ways of preventing much needed auditing and analysis. __OR__ 2.) Just read the damn skype licnese which requires you to agree to let your system and bandwidth be used for any known or unknown purposes that eBay/Skype wants. jcr
Re: Installing Skype
I need the shared library libasound.so.2, anybody could send to me ???, I donde have a linux box here Regards and thanks --- Nick ! [EMAIL PROTECTED] escribis: The large file called 'skype' is the binary. Just execute it (go to a command line, cd to that directory, chmod +x it if necessary, and then just type ./skype). If linux emulation is set up properly OpenBSD should figure out that it's a linux program and hook it correctly. On 3/23/07, Rafael Morales [EMAIL PROTECTED] wrote: I have downloaded, but where I put the uncompressed folder ??. I put it under /emul/linux, but how do I execute it ?? --- Tobias Weisserth [EMAIL PROTECTED] escribis: Hi there, On Mar 23, 2007, at 6:47 AM, Rafael Morales wrote: I have OpenBSD 4.0 on a HP laptop and I need to install Skype because is for the comunication in my job and I have the freedom for install my lovely OpenBSD. This what I have done: 1. I installed the redhat_base-8.0p8.tgz for the emulation. 2. Download the skype-0_90_0_1.rpm and installed it with the /emul/linux/bin/rpm, all seemed good. 3. If I try to run it, I just see a error message looking for the lib file libXss.so.1. If someone has installed the skype could help me please ???. Skype is a buggy piece of sh*t. If you have to use it, then wrap it in a solid systrace policy if that's possible at all. I don't know about systrace and Linux emulation on OpenBSD. I wouldn't use the rpm, I'd instead download the statically linked file that's available on the Skype site: http://www.skype.org/go/getskype-linux-static That should solve all library issues. kind regards, Tobias W.
Re: maxcluster errors
mail-lists wrote: I've looked over this mailing list and noticed some questions about maxclusters I'm running a wireless ap and for some reason the wireless link seems to die on me intermittently Looking at /var/log/messages I notice errors referring to maxclusters. I then increased my maxclusters to 65000 and haven't had it going out yet (I'm running very aggressive ping tests from a host connected to a local WIRED network) However, when I do a netstat -m I notice mbuf clusters goes up and up and never comes back down. Is this what's supposed to happen? What happens when it maxes out again - I imagine I lose my wireless link? I'm running openbsd 4.0 Sorry about the lack of detail in this post - unfortunately (much to my emberassment) this is running in production and I need to babysit this thing. Any suggestions would be appreciated Thanks! Sorry - I should have mentioned I'm using the ral driver on my wireless interface.
Re: Strange locate behavior
Please disregard my last question. A simple search of the archive whould have told me all I wanted to know. This is what I get for typing first and reading second.
fdisk with fat32 / external disk error
Hi i'm currently tring to add an external disk (thecus n2050 in raid1; fat32+ffs partitions) to my openbsd (4.0-stable/i386) box on usb2 problem * partitionning on openbsd works on openbsd, but seems not recognized by macosx (10.3) and win (2k) * partitionning and formating on osx is not recognized by openbsd :( i also fail to repartition on openbsd after osx partitionning: after creating partition, fdisk:*1 quit Writing current MBR to disk. fdisk: error writing MBR: Input/output error fdisk:*1 = can't quit fdisk, only ^C (and nothing is written, even with 'w' only) $ sudo fdisk -i sd1 fdisk: sysctl(machdep.bios.diskinfo): Device not configured - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] y fdisk: error initializing MBR: Input/output error during these two steps, i get this in dmesg: sd1(umass0:1:1): Check Condition (error 0x70) on opcode 0x2a SENSE KEY: Aborted Command ASC/ASCQ: No Additional Sense Information sd1(umass0:1:1): Check Condition (error 0x70) on opcode 0x2a SENSE KEY: Aborted Command ASC/ASCQ: No Additional Sense Information = problem with new disk ? or with n2050 ? dmesg joined thanks a lot Regards Julien OpenBSD 4.0-stable (GENERIC) #2: Fri Mar 16 20:51:07 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 351 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 435761152 (425548K) avail mem = 389361664 (380236K) using 4256 buffers containing 21889024 bytes (21376K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(06) BIOS, date 03/03/00, BIOS32 rev. 0 @ 0xf0520 apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled) apm0: APM power management enable: unrecognized device ID (9) apm0: APM engage (device 1): power management disabled (1) apm0: AC on, battery charge unknown apm0: flags b0102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xd92 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0d10/128 (6 entries) pcibios0: PCI Interrupt Router at 000:04:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x800 0xcc000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 SiS 6326 VGA rev 0x0b: aperture at 0xe380, size 0x40 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 4 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 4 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: QUANTUM FIREBALL EX6.4A wd0: 16-sector PIO, LBA, 6149MB, 12594960 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 4 function 2 Intel 82371AB USB rev 0x01: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered piixpm0 at pci0 dev 4 function 3 Intel 82371AB Power rev 0x02: SMI iic0 at piixpm0 unknown at iic0 addr 0x18 not configured lm1 at iic0 addr 0x2d: W83781D emu0 at pci0 dev 9 function 0 Creative Labs SoundBlaster Live rev 0x07: irq 5 ac97: codec id 0x83847608 (SigmaTel STAC9708/11) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at emu0 Creative Labs PCI Gameport Joystick rev 0x07 at pci0 dev 9 function 1 not configured xl0 at pci0 dev 10 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 12, address 00:04:76:24:cd:fa exphy0 at xl0 phy 24: 3Com internal media interface uhci1 at pci0 dev 11 function 0 VIA VT83C572 USB rev 0x61: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 11 function 1 VIA VT83C572 USB rev 0x61: irq 12 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 11 function 2 VIA VT6202 USB rev 0x63: irq 5 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 4 ports with 4 removable, self powered VIA VT6306 FireWire rev 0x46 at pci0 dev 11 function 3 not configured pciide1 at pci0 dev 12 function 0 Promise PDC20262 rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 11 for native-PCI interrupt wd1 at pciide1 channel 0 drive 0: ST3120026A wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors
Re: Problems with X11 traffic over ssh in pf.conf
Are you using antispoof in your pf.conf? if so, X11 forwarding will not work. carlopmart wrote: Hi all, I need to allow X11 services over ssh for my developers on one openbsd box. Rule for ssh service works ok, but when I try to start a X11 app (like xterm for example on destination host) doesn't works. On openbsd side nothing is dropped. Somebody knows how can I debug this?? Do I need to open additional ports or protocols?? Many thanks.
Re: Dell Latitude D520
You really need to run 4.1 on that machine; probably even with ACPI enabled. On Fri, Mar 23, 2007 at 01:32:33PM -0400, Frank Bax wrote: I installed 4.0 release on Dell Latitude D520 and found these issues: 1) Reboot will display messages about disk resync; monitor goes blank and then hangs until I press power off twice to reboot. 2) Laptop has a Core2Duo T5500 but only one processor is detected with MP kernel. 3) dmesg indicates Intel PRO/Wireless 3945ABG rev 0x02 I downloaded wpi-firmware-1.13 and installed the package; but when I try to bring up the device: $ sudo ifconfig wpi0 up $ dmesg | tail wpi0: timeout waiting for thermal sensors calibration wpi0: timeout waiting for thermal sensors calibration wpi0: fatal firmware error I'm in the process of downloading current snapshot to see what happens. OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2506000a25 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1667 MHz (1292 mV): speeds: 1667, 1000 MHz real mem = 1063690240 (1038760K) avail mem = 962273280 (939720K) using 4256 buffers containing 53288960 bytes (52040K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/18/06, BIOS32 rev. 0 @ 0xffa10, SMBIOS rev. 2.4 @ 0xf70c0 (61 entries) bios0: Dell Inc. Latitude D520 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfaae0/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev 0x00) pcibios0: PCI bus #12 is the last bus bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03: aperture at 0xeff0, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: irq 10 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Sigmatel STAC9220 (rev. 34.1), HDA version 1.0 azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci1 at ppb0 bus 11 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 12 wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: irq 11, address 00:19:d2:6a:e0:f3 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: irq 3 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: irq 9 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe1 pci3 at ppb2 bus 2 bce0 at pci3 dev 0 function 0 Broadcom BCM4401B0 rev 0x02: irq 11, address 00:19:b9:53:ab:18 bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0 cbb0 at pci3 dev 1 function 0 vendor O2 Micro, unknown product 0x7135 rev 0x21: irq 5 vendor O2 Micro, unknown product 0x00f7 (class serial bus subclass Firewire, rev 0x02) at pci3 dev 1 function 4 not configured cbb0: bad Vcc request. sock_ctrl 0x501aa88, sock_status 0x50123e9 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x01: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: WDC
Re: Microsoft gets the Most Secure Operating Systems award
On 3/23/07, Darren Spruell [EMAIL PROTECTED] wrote: On 3/23/07, chefren [EMAIL PROTECTED] wrote: p.s. Maybe I was too harsh against Karel? Survey says: No. DS I agree :) Marius I'll bottom post just this once to add to this list of agreement. danno
Re: Dell Latitude D520
On Fri, Mar 23, 2007 at 01:32:33PM -0400, Frank Bax wrote: 3) dmesg indicates Intel PRO/Wireless 3945ABG rev 0x02 I downloaded wpi-firmware-1.13 and installed the package; but when I try to bring up the device: $ sudo ifconfig wpi0 up $ dmesg | tail wpi0: timeout waiting for thermal sensors calibration wpi0: timeout waiting for thermal sensors calibration wpi0: fatal firmware error I have the same Intel card and when I am near an weird access point i get the same error messages but at home it works. Could be the AP what makes your card crazy. s -- GnuPG: 5755FB64 Per aspera ad astra. [demime 1.01d removed an attachment of type application/pgp-signature]
Text about openbsd's security technology
I'm aware that OpenBSD's developers create new technology for making the exploiter's life harder. On the OpenBSD site I could find a list of some of those kinda features (following this paragraph). Yet, I could not find any article describing all those ideas. Does anyone know what would be considered a good source for learning them? * strlcpy() and strlcat() * Memory protection purify o W^X o .rodata segment o Guard pages o Randomized malloc() o Randomized mmap() o atexit() and stdio protection * Privilege separation * Privilege revocation * Chroot jailing * New uids * ProPolice * ... and others
ThinkPad X31, ACPI, suspend/hibernate buttons
I have a TP X31 on which I just compiled ACPI-enabled kernel, so I finally can get access to the thermal sensors. But, at the same time, the shortcuts to suspend (Fn+F4), hibernate (Fn+F12) or even turn off the screen (Fn+F3) stopped working. Is that a known behaviour? Is there a way to make those work again? Kernel config I used: =config include arch/i386/conf/GENERIC option ACPIVERBOSE option ACPI_ENABLE acpi0 at mainbus? acpitimer* at acpi? acpihpet* at acpi? acpiac* at acpi? acpibat*at acpi? acpibtn*at acpi? acpicpu*at acpi? acpidock* at acpi? acpiec* at acpi? acpiprt*at acpi? acpitz* at acpi? ===/config Just in case, dmesg below: OpenBSD 4.1-current (ACPI) #1: Thu Mar 22 11:59:36 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI cpu0: Intel(R) Pentium(R) M processor 1600MHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 804155392 (785308K) avail mem = 725643264 (708636K) using 4278 buffers containing 4012 bytes (39388K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 09/22/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (57 entries) bios0: IBM 2885PWU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA BOOT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table TCPA not configured acpi device at acpi0 from table BOOT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCI1) acpiprt3 at acpi0: bus 0 (DOCK) acpiec0 at acpi0: EC__ acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0: model: IBM-08K8039 serial: 1202 type: LION oem: Panasonic acpibat1 at acpi0: BAT1: not present acpibat2 at acpi0: BAT2: not present acpiac0 at acpi0: AC unit online acpicpu0 at acpi0: CPU_: 1600, 1400, 1200, 1000, 800, 600 MHz acpitz0 at acpi0, critical temperature: 91 degC cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M6 LY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 Ricoh 5C476 CardBus rev 0xaa: irq 11 cbb1 at pci2 dev 0 function 1 Ricoh 5C476 CardBus rev 0xaa: irq 5 Ricoh 5C552 Firewire rev 0x02 at pci2 dev 0 function 2 not configured em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82540EP) rev 0x03: irq 11, address 00:09:6b:bf:79:b0 ipw0 at pci2 dev 2 function 0 Intel PRO/Wireless 2100 rev 0x04: irq 11, address 00:04:23:78:c1:da cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x0, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST9120821A wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, RW/DVD GCC-4240N, 0213 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 5 iic0 at ichiic0 auich0 at pci0 dev 31 function
Re: Text about openbsd's security technology
On 2007/03/23 17:36, Rafael Almeida wrote: I'm aware that OpenBSD's developers create new technology for making the exploiter's life harder. On the OpenBSD site I could find a list of some of those kinda features (following this paragraph). Yet, I could not find any article describing all those ideas. Does anyone know what would be considered a good source for learning them? You could start with this: http://www.openbsd.org/papers/ven05-deraadt/
Re: Text about openbsd's security technology
* Rafael Almeida [EMAIL PROTECTED] [2007-03-23 14:52]: I'm aware that OpenBSD's developers create new technology for making the exploiter's life harder. On the OpenBSD site I could find a list of some of those kinda features (following this paragraph). Yet, I could not find any article describing all those ideas. Does anyone know what would be considered a good source for learning them? Look for theo's talk on http://www.openbsd.org/papers for a very good introduction. and beyond that, RTFS -Bob
Re: OpenNTPD reliability
man ntpd Look at the -S option and see if that's what you want. Luca Corti wrote: Hello, I've set up OpenNTPD 3.9p1 on Linux with a couple of servers to sync to and listen on to sync my machines to OpenNTPD. Clients (some openntpds, some ntpds, some Cisco routers) refuse to sync to my server. OpenNTPD on a client reports my OpenNTPD server is not synced. This is not documented in the manuals, but googling a bit I found out that OpenNTPD takes quite a lot of time to sync its clock to the servers. Is there a way to obtain a reliable and fast syncing? I heard about timedelta sensors. Are these devices supported by openntpd when running on linux? thanks Luca
Plextor PX-EH40L (landisk) power-off button?
Has anyone using the Plextor PX-EHxxL landisk hardware gotten the power toggle switch to fulfill its intended purpose? Under the original Linux-based OS, the switch would send a signal to the OS to start a shutdown procedure and once properly shutdown, the OS would then power off the device. Under OpenBSD, this switch does nothing. Cheers, /Jason
Re: Plextor PX-EH40L (landisk) power-off button?
Has anyone using the Plextor PX-EHxxL landisk hardware gotten the power toggle switch to fulfill its intended purpose? Under the original Linux-based OS, the switch would send a signal to the OS to start a shutdown procedure and once properly shutdown, the OS would then power off the device. Under OpenBSD, this switch does nothing. You need to sysctl machdep.kbdreset=1, for example by uncommenting the entry in /etc/sysctl.conf. See power(4) for details. Miod
Re: maxcluster errors
Well, I think I might have discovered the cause of this. I noticed that when I disabled pf that all the mbufs were released immediately. I then configured my pf rules from the wireless network with the 'quick' keyword and the current buffer count doesn't seem to be rising very much any more - 3 or 4 over the course of a minute while sending 2 simultaneous ping floods to hosts on the wireless network. Before I would see the count go up by about 200 every minute. Is this just an inability of my hardware (soekris net4801) to handle pf? or is it in any way connected to the fact that it's going out over a wireless link? Thanks!
Re: Saving memory on small machines
On Friday 23 March 2007 11:48, Matthew R. Dempsky wrote: On Fri, Mar 23, 2007 at 10:27:45AM -0700, J.C. Roberts wrote: No. You've just destroyed your libraries in a way that's worse than just deleting them since now you will need to wade through strange error messages which are trying to tell you why your stripped libraries no longer work. Stripping symbols from a .a archive does render it useless, but I suspect otherwise you're thinking about .so libraries. Archives are only used at link-time. ld.so(1) deals with shared objects files (i.e., .so files). Yep, I was less than perfectly clear. The result of removing all symbols from static, link-time libaries (archives) will trash them but since he had said, You may also stripe (SIC) nearly all of your libraries, I tried to cover what happens when you remove all symbols from shared libraries. Unfortunately, it actually is possible to remove the typically used function name symbols from dynamically loaded libraries (shared objects). Stripping the function name symbols (along with debug symbols) from shared libraries is often used in copyright protection schemes as a way to thwart auditing and analysis. The resoning is because some feel that the function names help with understanding the code. -BUT important thing to remember is the protected programs using these libraries _only_ work because they are not calling the shared library functions by name. Though this kind of nonsense can be made to work in UNIX, the approach is more typically seen in Microsoft Windows applications. In contrast to protected programs where the shared library functions are called by ordinal or some other convoluted method, most normal programs will call by name. On an open source unix system where the shared libraries are actually used by many different programs written by many different people, removing all the symbols will generally break any program that tires to call by name. -The only possible exception I can dream up is if strip(1) with --strip-all is smart enough to not remove the needed relocation symbols, the shared library has DT_FLAGS set with DF_SYMBOLIC, and strip(1) is also smart enough to notice DF_SYMBOLIC and not remove symbolic function names but that's a whole lot of if's and I think it would only save you on elf? JCR
Re: ThinkPad X31, ACPI, suspend/hibernate buttons
Nothing stopped working. It has never been implemented in ACPI. On Fri, Mar 23, 2007 at 09:25:29PM +0100, viq wrote: I have a TP X31 on which I just compiled ACPI-enabled kernel, so I finally can get access to the thermal sensors. But, at the same time, the shortcuts to suspend (Fn+F4), hibernate (Fn+F12) or even turn off the screen (Fn+F3) stopped working. Is that a known behaviour? Is there a way to make those work again? Kernel config I used: =config include arch/i386/conf/GENERIC option ACPIVERBOSE option ACPI_ENABLE acpi0 at mainbus? acpitimer* at acpi? acpihpet* at acpi? acpiac* at acpi? acpibat*at acpi? acpibtn*at acpi? acpicpu*at acpi? acpidock* at acpi? acpiec* at acpi? acpiprt*at acpi? acpitz* at acpi? ===/config Just in case, dmesg below: OpenBSD 4.1-current (ACPI) #1: Thu Mar 22 11:59:36 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI cpu0: Intel(R) Pentium(R) M processor 1600MHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 804155392 (785308K) avail mem = 725643264 (708636K) using 4278 buffers containing 4012 bytes (39388K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 09/22/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (57 entries) bios0: IBM 2885PWU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA BOOT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table TCPA not configured acpi device at acpi0 from table BOOT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCI1) acpiprt3 at acpi0: bus 0 (DOCK) acpiec0 at acpi0: EC__ acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0: model: IBM-08K8039 serial: 1202 type: LION oem: Panasonic acpibat1 at acpi0: BAT1: not present acpibat2 at acpi0: BAT2: not present acpiac0 at acpi0: AC unit online acpicpu0 at acpi0: CPU_: 1600, 1400, 1200, 1000, 800, 600 MHz acpitz0 at acpi0, critical temperature: 91 degC cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M6 LY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 Ricoh 5C476 CardBus rev 0xaa: irq 11 cbb1 at pci2 dev 0 function 1 Ricoh 5C476 CardBus rev 0xaa: irq 5 Ricoh 5C552 Firewire rev 0x02 at pci2 dev 0 function 2 not configured em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82540EP) rev 0x03: irq 11, address 00:09:6b:bf:79:b0 ipw0 at pci2 dev 2 function 0 Intel PRO/Wireless 2100 rev 0x04: irq 11, address 00:04:23:78:c1:da cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x0, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST9120821A wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0
Re: ThinkPad X31, ACPI, suspend/hibernate buttons
NO. Its use APM instead of ACPI. The Phoenix BIOS in the X31 uses APM instead of ACPI. On 3/23/07, viq [EMAIL PROTECTED] wrote: On 23/03/07, Marco Peereboom [EMAIL PROTECTED] wrote: Nothing stopped working. It has never been implemented in ACPI. Ah, ok, so it's have thermal sensors or have suspend keys work, as I suspected. Thank you for clarification. On Fri, Mar 23, 2007 at 09:25:29PM +0100, viq wrote: I have a TP X31 on which I just compiled ACPI-enabled kernel, so I finally can get access to the thermal sensors. But, at the same time, the shortcuts to suspend (Fn+F4), hibernate (Fn+F12) or even turn off the screen (Fn+F3) stopped working. Is that a known behaviour? Is there a way to make those work again? Kernel config I used: =config include arch/i386/conf/GENERIC option ACPIVERBOSE option ACPI_ENABLE acpi0 at mainbus? acpitimer* at acpi? acpihpet* at acpi? acpiac* at acpi? acpibat*at acpi? acpibtn*at acpi? acpicpu*at acpi? acpidock* at acpi? acpiec* at acpi? acpiprt*at acpi? acpitz* at acpi? ===/config Just in case, dmesg below: OpenBSD 4.1-current (ACPI) #1: Thu Mar 22 11:59:36 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI cpu0: Intel(R) Pentium(R) M processor 1600MHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 804155392 (785308K) avail mem = 725643264 (708636K) using 4278 buffers containing 4012 bytes (39388K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 09/22/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (57 entries) bios0: IBM 2885PWU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA BOOT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table TCPA not configured acpi device at acpi0 from table BOOT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCI1) acpiprt3 at acpi0: bus 0 (DOCK) acpiec0 at acpi0: EC__ acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0: model: IBM-08K8039 serial: 1202 type: LION oem: Panasonic acpibat1 at acpi0: BAT1: not present acpibat2 at acpi0: BAT2: not present acpiac0 at acpi0: AC unit online acpicpu0 at acpi0: CPU_: 1600, 1400, 1200, 1000, 800, 600 MHz acpitz0 at acpi0, critical temperature: 91 degC cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M6 LY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 Ricoh 5C476 CardBus rev 0xaa: irq 11 cbb1 at pci2 dev 0 function 1 Ricoh 5C476 CardBus rev 0xaa: irq 5 Ricoh 5C552 Firewire rev 0x02 at pci2 dev 0 function 2 not configured em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82540EP) rev 0x03: irq 11, address 00:09:6b:bf:79:b0 ipw0 at pci2 dev 2 function 0 Intel PRO/Wireless 2100 rev 0x04: irq 11, address 00:04:23:78:c1:da cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x0,
Re: ThinkPad X31, ACPI, suspend/hibernate buttons
On 23/03/07, Marco Peereboom [EMAIL PROTECTED] wrote: Nothing stopped working. It has never been implemented in ACPI. Ah, ok, so it's have thermal sensors or have suspend keys work, as I suspected. Thank you for clarification. On Fri, Mar 23, 2007 at 09:25:29PM +0100, viq wrote: I have a TP X31 on which I just compiled ACPI-enabled kernel, so I finally can get access to the thermal sensors. But, at the same time, the shortcuts to suspend (Fn+F4), hibernate (Fn+F12) or even turn off the screen (Fn+F3) stopped working. Is that a known behaviour? Is there a way to make those work again? Kernel config I used: =config include arch/i386/conf/GENERIC option ACPIVERBOSE option ACPI_ENABLE acpi0 at mainbus? acpitimer* at acpi? acpihpet* at acpi? acpiac* at acpi? acpibat*at acpi? acpibtn*at acpi? acpicpu*at acpi? acpidock* at acpi? acpiec* at acpi? acpiprt*at acpi? acpitz* at acpi? ===/config Just in case, dmesg below: OpenBSD 4.1-current (ACPI) #1: Thu Mar 22 11:59:36 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ACPI cpu0: Intel(R) Pentium(R) M processor 1600MHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 804155392 (785308K) avail mem = 725643264 (708636K) using 4278 buffers containing 4012 bytes (39388K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 09/22/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (57 entries) bios0: IBM 2885PWU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA BOOT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table TCPA not configured acpi device at acpi0 from table BOOT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCI1) acpiprt3 at acpi0: bus 0 (DOCK) acpiec0 at acpi0: EC__ acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0: model: IBM-08K8039 serial: 1202 type: LION oem: Panasonic acpibat1 at acpi0: BAT1: not present acpibat2 at acpi0: BAT2: not present acpiac0 at acpi0: AC unit online acpicpu0 at acpi0: CPU_: 1600, 1400, 1200, 1000, 800, 600 MHz acpitz0 at acpi0, critical temperature: 91 degC cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M6 LY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 Ricoh 5C476 CardBus rev 0xaa: irq 11 cbb1 at pci2 dev 0 function 1 Ricoh 5C476 CardBus rev 0xaa: irq 5 Ricoh 5C552 Firewire rev 0x02 at pci2 dev 0 function 2 not configured em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82540EP) rev 0x03: irq 11, address 00:09:6b:bf:79:b0 ipw0 at pci2 dev 2 function 0 Intel PRO/Wireless 2100 rev 0x04: irq 11, address 00:04:23:78:c1:da cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x0, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST9120821A wd0: 16-sector PIO, LBA48, 114473MB, 234441648
Re: Dell Latitude D520
Thanks! 4.1 didn't initially change anything; but ACPI enabled fixed both #1 and #2. At 04:03 PM 3/23/07, Marco Peereboom wrote: You really need to run 4.1 on that machine; probably even with ACPI enabled. On Fri, Mar 23, 2007 at 01:32:33PM -0400, Frank Bax wrote: I installed 4.0 release on Dell Latitude D520 and found these issues: 1) Reboot will display messages about disk resync; monitor goes blank and then hangs until I press power off twice to reboot. 2) Laptop has a Core2Duo T5500 but only one processor is detected with MP kernel. 3) dmesg indicates Intel PRO/Wireless 3945ABG rev 0x02 I downloaded wpi-firmware-1.13 and installed the package; but when I try to bring up the device: $ sudo ifconfig wpi0 up $ dmesg | tail wpi0: timeout waiting for thermal sensors calibration wpi0: timeout waiting for thermal sensors calibration wpi0: fatal firmware error I'm in the process of downloading current snapshot to see what happens.
Re: Text about openbsd's security technology
On 3/23/07, Bob Beck [EMAIL PROTECTED] wrote: Look for theo's talk on http://www.openbsd.org/papers for a very good introduction. and beyond that, RTFS Yes, I've looked those, but most of them were slideshows, not real articles. I was looking for something more like this: http://www.openbsd.org/papers/crypt-paper.ps but for other features as well. Isn't there a proposal for those techniques before they made it to the kernel? Something explaining the other developers the new technique.
Re: Installing Skype
On Friday 23 March 2007 12:13, Tobias Weisserth wrote: From the emails in this thread we know he needs it for work, so he hasn't really got a choice. There's no other client to the Skype network. Maybe there's a way to lockin Skype in systrace. On openSUSE I locked Skype in with AppArmor for my parents. If you need to talk to people on Skype you don't really have a choice. Well, it might not work for everyone but I took a different approach to solving the skype problem. I decided to be a prick and require people using Skype to have a standard phone number via SkypeIn. Being locked into the insecure, proprietary skype world is really their problem and I refuse to join them. Once you have a standard way to contact the skype user via a normal phone number, then you are free to deploy and use whatever you want on your end to reduce your costs... -http://www.asterisk.org/ -http://www.openwengo.com/ -http://www.gizmoproject.com/ -http://www.google.com/talk/ (supposedly SIP soon -see link below) -http://code.google.com/apis/talk/open_communications.html -whatever -long distance plan on your cell phone -and surprisingly enough, even your PTSN land line The above should be enough to make anyone wonder if they actually *need* skype at all but if someone decides to use and pay for skype, then it's their responisibility to become compatible with the rest of the world. jcr
Re: Saving memory on small machines
On 3/23/07, J.C. Roberts [EMAIL PROTECTED] wrote: ... Unfortunately, it actually is possible to remove the typically used function name symbols from dynamically loaded libraries (shared objects). Stripping the function name symbols (along with debug symbols) from shared libraries is often used in copyright protection schemes as a way to thwart auditing and analysis. The resoning is because some feel that the function names help with understanding the code. -BUT important thing to remember is the protected programs using these libraries _only_ work because they are not calling the shared library functions by name. Bzzt. Symbols in shared libraries *are* referenced by name. There's a completely separate symbol table used (the .dynsym section) by the dynamic linker that has the information it needs. It should be obvious that the calling of shared library functions *is* by name, as you can dynamically override the functions by loading other shared libraries with the same name. Indeed, LD_PRELOAD would be almost useless if that wasn't true. *Please* go read up on (at least!) the ELF standard before making authoritative sounding statements about how shared libraries and symbol tables work. Philip Guenther
Re: HP SA P400/P800 ciss support and caveats
Hello Joel, Friday, March 23, 2007, 11:16:20 AM, you wrote: We are looking to buy an HP ProLiant DL320s server with about 5-8 terabyte of storage and Smart Array P400 or P800 for a backup purposes. According to www.openbsd.org/cgi-bin/man.cgi?query=cissarch=i386sektion=4 it should be supported in -current, but the current code only supports one logical volume per controller. This scared me because according to the FAQ there is a 1T limit on the size of the physical disk, but I need to utilize much more. What does logical volume mean here - RAID set or LUN ? In the other words, is there any way to use that storage with OBSD ? JK The FAQ is referring to a RAID volume. JK You should search the archives for discussion of the 1TB limit. Again, what is RAID volume - RAID set or LUN ? Can I have 10 LANs (for example) and see them as separate devices (like sd0, sd1, sd2, etc) ? Then I wont need to worry about a terabyte limit. -- Best regards, Borismailto:[EMAIL PROTECTED]
ntpd can no longer cope with the clock drift
I have a rather old x86 box, running a 600 MHz Duron. It does have problems keeping the clock in sync, so one of the first things I ran on it was OpenNTPd, and it was sometimes spamming the logs with the sync messages, but keeping the time beautifully. That is, untill yesterday, when I updated from 7th Match snapshots to 22nd March snapshots. Right now the clock difference increases few seconds every hour, which is less than what it would be if left alone, but apparently more than ntpd can deal with. So... How can I deal with that? What more info is needed to help diagnose this? -- viq
Re: ThinkPad X31, ACPI, suspend/hibernate buttons
On 23/03/07, openbsd fan [EMAIL PROTECTED] wrote: NO. Its use APM instead of ACPI. The Phoenix BIOS in the X31 uses APM instead of ACPI. Gotcha, thanks. -- viq
Re: Saving memory on small machines
On Friday 23 March 2007 15:27, Philip Guenther wrote: On 3/23/07, J.C. Roberts [EMAIL PROTECTED] wrote: ... Unfortunately, it actually is possible to remove the typically used function name symbols from dynamically loaded libraries (shared objects). Stripping the function name symbols (along with debug symbols) from shared libraries is often used in copyright protection schemes as a way to thwart auditing and analysis. The resoning is because some feel that the function names help with understanding the code. -BUT important thing to remember is the protected programs using these libraries _only_ work because they are not calling the shared library functions by name. Bzzt. Symbols in shared libraries *are* referenced by name. There's a completely separate symbol table used (the .dynsym section) by the dynamic linker that has the information it needs. It should be obvious that the calling of shared library functions *is* by name, as you can dynamically override the functions by loading other shared libraries with the same name. Indeed, LD_PRELOAD would be almost useless if that wasn't true. *Please* go read up on (at least!) the ELF standard before making authoritative sounding statements about how shared libraries and symbol tables work. Philip Guenther I don't mind being beaten with a clue stick when I'm wrong, heck I even appreciated it, but in this case what I said was entirely accurate. You assumed everything is elf but your assumption is wrong. There are many different types of shared libraries, many operating systems which use them and many ways in which their functions can be called. You should also note at the end of my previous post I even stated the possible exception with elf shared libraries due to DF_SYMBOLIC being set in DT_FLAGS. You are correct that calling shared library functions is normally done by their name, and I stated as much, but nomrally is not the same as always and there is certainly more than one way to call a function from a shared library. -Before making authoritative sounding statements about how shared libraries and symbol tables work, please go read *more* than just the standard for ELF executable format. ;-) OK, turning your words on you was probably a bit too pointed but I really meant it in good humor. Unfortunately, there are tons of executable format standards and I seriously doubt anyone will completely learn, understand and memorize all of the details in all of the standards in one lifetime. Sometimes knowing the basics of a handful of the executable format standards is better than knowing only one really well. As for doing more reading (besides the standards :-), I do need to read up on strip(1) since a quick test shows it does seem to be smart enough to leave function names alone in elf shared objects even when using --strip-all. How various implementations of strip(1) work with other executable/library formats is still a big mystery and worth investigating. If you want to see an example of a shared library protected by removing function names, I think some the redistibutable FlexLM stuff does it (globetrotter.com) and they support a wide variety archs, os's and formats. It's worth a peek if you've never seen one before. jcr
Re: Saving memory on small machines
On 3/22/07, Woodchuck [EMAIL PROTECTED] wrote: The Golden Age of cheap servers (and laptops and ...) is almost upon us, just as soon as the lemmings start going to Vista. Oh crap, I *will* use this in my sig file. 8-)
Re: Dell Latitude D520
At 04:16 PM 3/23/07, Simon Effenberg wrote: On Fri, Mar 23, 2007 at 01:32:33PM -0400, Frank Bax wrote: 3) dmesg indicates Intel PRO/Wireless 3945ABG rev 0x02 I downloaded wpi-firmware-1.13 and installed the package; but when I try to bring up the device: $ sudo ifconfig wpi0 up $ dmesg | tail wpi0: timeout waiting for thermal sensors calibration wpi0: timeout waiting for thermal sensors calibration wpi0: fatal firmware error I have the same Intel card and when I am near an weird access point i get the same error messages but at home it works. Could be the AP what makes your card crazy. This is not good news. The router at home is running OpenBSD 4.0! OpenBSD 4.0 router (P2-400): $ dmesg | grep ral ral0 at pci0 dev 20 function 0 Ralink RT2560 rev 0x01: irq 10, address 00:12:17:99:70:2d ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 $ cat /etc/hostname.ral0 inet 10.0.0.2 255.255.255.0 10.0.0.255 media DS2 mediaopt hostap mode 11b nwid XX1XX nwkey XX2XX $ ifconfig ral0 ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:12:17:99:70:2d media: IEEE802.11 DS2 mode 11b hostap (autoselect mode 11b hostap) status: active ieee80211: nwid XX1XX chan 2 bssid 00:12:17:99:70:2d nwkey not displayed 100dBm inet 10.0.0.2 netmask 0xff00 broadcast 10.0.0.255 inet6 fe80::212:17ff:fe99:702d%ral0 prefixlen 64 scopeid 0x3 We have a WinXP laptop already working through this interface. On the Dell laptop running 4.1 snapshot: $ dmesg | grep wpi wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: apic 2 int 17 (irq 11), address 00:19:d2:6a:e0:f3 $ sudo ifconfig wpi0 nwid XX1XX nwkey XX2XX chan 2 up $ ifconfig wpi0 wpi0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:19:d2:6a:e0:f3 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid XX1XX chan 2 nwkey not displayed 100dBm inet6 fe80::219:d2ff:fe6a:e0f3%wpi0 prefixlen 64 scopeid 0x1 $ dmesg | tail wpi0: timeout waiting for thermal sensors calibration wpi0: fatal firmware error
Postfix flavour for PostgreSQL ?
I see there is a postfix flavour for mysql but not for postgresql. Is this combination used much? I already have a PGSQL server and I want to plug postfix into it for virtual mailbox domains. Thanks for any advice. Peter
Re: Postfix flavour for PostgreSQL ?
On 3/23/07, Peter [EMAIL PROTECTED] wrote: I see there is a postfix flavour for mysql but not for postgresql. Is this combination used much? I already have a PGSQL server and I want to plug postfix into it for virtual mailbox domains. I can't say if it's used often, but I do see a page on Postfix's site illustrating how to use Postgres for the backend. It may be that no one has added submitted a patch to the port yet. You could be the lucky guy to make it happen... :) DS
Re: Postfix flavour for PostgreSQL ?
On 3/23/07, Peter [EMAIL PROTECTED] wrote: I see there is a postfix flavour for mysql but not for postgresql. Is this combination used much? I already have a PGSQL server and I want to plug postfix into it for virtual mailbox domains. uh, what do you think the pgsql flavor is?
Re: Postfix flavour for PostgreSQL ?
Le Samedi 24 Mars 2007 01:13, Ted Unangst a icrit : On 3/23/07, Peter [EMAIL PROTECTED] wrote: I see there is a postfix flavour for mysql but not for postgresql. Is this combination used much? I already have a PGSQL server and I want to plug postfix into it for virtual mailbox domains. uh, what do you think the pgsql flavor is? And where do you find that?
Re: Dell Latitude D520
My old Intel ipw2100 worked with openbsd 4.0/4.1 and this access point. My new Intel card doesn't. I don't know what it is because scanning is possible. I also see the SSID of my network but ifconfig up doesn't work. Could it be the firmware? s -- GnuPG: 5755FB64 Per aspera ad astra.
acpi is working but halt -p is now working, why?
im running openbsd 4.1-current on my laptop, acpi is working but halt -p is not working, it will just reboot instead of halt, WHY? here's my additional info: # sysctl -aA | grep acpi kern.timecounter.hardware=acpitimer0 kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) dummy(-100) hw.sensors.acpiac0.indicator0=On (power supply) hw.sensors.acpibat0.volt0=14.80 VDC (voltage) hw.sensors.acpibat0.volt1=12.54 VDC (current voltage) hw.sensors.acpibat0.amphour0=3.81 Ah (last full capacity) hw.sensors.acpibat0.amphour1=0.21 Ah (warning capacity) hw.sensors.acpibat0.amphour2=0.13 Ah (low capacity) hw.sensors.acpibat0.amphour3=3.42 Ah (remaining capacity), OK hw.sensors.acpibat0.raw0=2 (battery charging), OK hw.sensors.acpibat0.raw1=unknown (rate), UNKNOWN hw.sensors.acpitz0.temp0=51.05 degC (zone temperature) # dmesg OpenBSD 4.1-current (GENERIC) #7: Sat Mar 24 03:37:46 PHT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 1.50GHz (GenuineIntel 686-class) 1.50 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 795308032 (776668K) avail mem = 717516800 (700700K) using 4278 buffers containing 39890944 bytes (38956K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 07/08/05, BIOS32 rev. 0 @ 0xfd710, SMBIOS rev. 2.31 @ 0xdf010 (19 entries) bios0: Hewlett-Packard Presario M2000 (PV328PA#UUF) pcibios0 at bios0: rev 2.1 @ 0xfd710/0x8f0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf20/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xf200! 0xcf800/0x1000 0xdf000/0x800! 0xe/0x4000! acpi0 at mainbus0: rev 0 acpi0: tables DSDT APIC FACP HPET MCFG BOOT SSDT SSDT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpi device at acpi0 from table APIC not configured acpi device at acpi0 from table FACP not configured acpihpet0 at acpi0 table HPET: 248348 Hz acpi device at acpi0 from table MCFG not configured acpi device at acpi0 from table BOOT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpiprt at acpi0 not configured acpiprt at acpi0 not configured acpiec0 at acpi0: EC0_ acpibtn0 at acpi0: PRWB acpibtn1 at acpi0: SLPB acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0: model: JM-6 serial: 0095813029 type: LION oem: Hewlett-Packard acpibtn2 at acpi0: LID_ acpitz0 at acpi0, critical temperature: 98 degC cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM/PM/GMS Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82915GM/GMS Video rev 0x03: aperture at 0xb008, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82915GM/GMS Video rev 0x03 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 3 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 3 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 4 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 10 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3 pci1 at ppb0 bus 1 rl0 at pci1 dev 0 function 0 Realtek 8139 rev 0x10: irq 10, address 00:c0:9f:90:0f:6f rlphy0 at rl0 phy 0: RTL internal PHY iwi0 at pci1 dev 6 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 4, address 00:12:f0:c7:30:a9 cbb0 at pci1 dev 9 function 0 TI PCI7XX1 CardBus rev 0x00pci_intr_map: no mapping for pin A : couldn't map interrupt TI PCI7XX1 FireWire rev 0x00 at pci1 dev 9 function 2 not configured TI PCI7XX1 Flash rev 0x00 at pci1 dev 9 function 3 not configured sdhc0 at pci1 dev 9 function 4 TI PCI7XX1 Secure Data rev 0x00: irq 11 sdmmc0 at sdhc0 sdmmc1 at sdhc0 sdmmc2 at sdhc0 auich0 at pci0 dev 30 function 2 Intel 82801FB AC97 rev 0x03: irq 5, ICH6 AC97 ac97: codec id 0x43585430 (Conexant CX?) ac97: codec features reserved, headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auich0 Intel 82801FB Modem rev 0x03 at pci0 dev 30 function 3 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MHV2080AT wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, RW/DVD GCC-4244N, 1.01 SCSI0 5/cdrom removable wd0(pciide0:0:0):
