Re: verifying ntp via GPS configuration?
James Hartley wrote: On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1 man sab gives: /dev/ttyh[0-1] No separate callout device, it looks like. Thanks for getting back to me. Specifying /dev/ttyh0 (or /dev/ttyh1) gives the same results. I still don't see any sensor when issuing: # sysctl hw ...nor is anything showing up in /var/log/daemon except for the following message: Apr 11 19:16:43 shockley savecore: no core dump Do you have any other ideas? Thanks. When you use cu or tip directly on the serial line, do you see any NMEA 0183 sentences? - Marc
Scrub options for bridge interfaces
Hi all, Somebody knows which scrub options do I need to put in pf.conf for bridge interfaces? I have an OpenBSD 4.0 fw with one bridge interface and when I try to launch cat command on a 18kb file, it stops. Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Cannot upgrade from 3.8
On Thu, 5 Apr 2007, Antti Harri wrote: GENERIC (tried .MP too): Last two lines of normal boot with just "verbose" set: > > pciide probe won pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80 DMA (hangs) Then "disable pciide*" in ukc makes it hang after uhci2 init. Then "disable pciide*" and "disable uhci*" it finishes kernel boot and panics because root cannot be mounted. Then "disable uhci*" alone and it hangs at pciide. Can I provide more information to help to solve the issue? Anyone got any advice regarding the problem? I'm willing to try the new SATA driver too when/if it becomes available for my SATA chipset. I'd really appreciate help, the installation (3.8) is already unsupported and I'd like to upgrade it without changing any parts. PS. kind thanks to those already replied. -- Antti Harri
Re: best userland visibility IDE/ATA hotswap-compatible controller
On Fri, Apr 06, 2007 at 02:15:34AM -0400, jared r r spiegel wrote: > poking archives, i have the impression that ami(4) family has the best > chance of being the card with the greatest degree of userland > visibility, but wanted to check if that's the case. gonna try arc(4) arc-1110 -- jared
Re: verifying ntp via GPS configuration?
On Wed, 11 Apr 2007, James Hartley wrote: > On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > > > sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 > > sabtty0 at sab0 port 0 > > sabtty1 at sab0 port 1 > > > > man sab gives: /dev/ttyh[0-1] > > > > No separate callout device, it looks like. > > > Thanks for getting back to me. Specifying /dev/ttyh0 (or /dev/ttyh1) gives > the same results. I still don't see any sensor when issuing: > > # sysctl hw > > ...nor is anything showing up in /var/log/daemon except for the following > message: > > Apr 11 19:16:43 shockley savecore: no core dump > > Do you have any other ideas? Thanks. With cu -l /dev/ttyh? -s 4800 you should be able to see the output of the GPS. If that doesn't happen, check your cabling and the settings of your GPS. Until you see NMEA output lines, nmeaattach won't work either. -Otto
Re: scp problem with remote filename escaping
On Thu, Apr 12, 2007 at 04:05:36AM +0200, Karel Kulhavy wrote: > scp needs one (1) \ for one space in case of remote file and zero (0) \ in > case > of local one. The extra \'s are for bash but bash is irrelevant in this case. > It's just one possible method of calling the process. Another method is > writing a small C program and using exec. people aren't being specific enough when they're talking about this but it seems most people are trying to say the same thing. the moral of the story is that the shells in question have to not split on the space but treat it as a character of the filename. so you either quote it or escape it both shells need that. these all work: $ scp "a b" remotehost: $ scp a\ b remotehost: $ scp remotehost:"a\ b" . $ scp remotehost:\"a\ b\" . you can only say that 'zero (0) \ in case of local [file]' (per space) *if* you do use quotes locally. it is more specific to say you use one backslash or quotepair per space per shell. example 3 has the local shell eating the quotes and passing the backslash along so the remote shell escapes the space. example 4 has local shell eating the backslash escaping the space and the remote shell gets the quoted string. just remember that and you don't have any problems any more. -- jared
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 05:01:40PM -0500, Matthew R. Dempsky wrote: > On Wed, Apr 11, 2007 at 04:33:32PM -0400, Nick ! wrote: > > Karel, single quotes cause backslashes to be backslashes, instead of > > escape chars (*except* if it's a backslash in front of a single quote, > > so that you can escape single quotes to include them). > > No, backslashes have no special meaning inside single quotes. > > $ echo '\' > \ indeed. i'll add the verbose : maybe nick ! just forgot to mention that that is only relevant in the situation where you're chuggin' along using single quotes and then want to escape one of them, so therefore have to close your currently-open single quote and then use the \' jobby out in the open, and then probably start another singlequoted string :) $ echo '$RANDOM'\'x"'$RANDOM" would yield: $RANDOM'x'? where ? is some number; as one doesn't need to escape the single quote inside double quotes because everyone knows double quotes have TWICE THE POWER! back on topic; i had the impression that the filenames had to be relevant to whatever host they were supposed to be relevant to, and that there was a natural layer of escaping that would have to take place. file "a b" doesn't need to have its space escaped locally, it's just when it has to be referenced by name on the remote side; so maybe looking at it like that it is more sensible? -- jared
Re: undeadly.org down?
On Wed, Apr 11, 2007 at 11:48:04PM -0400, Jason Dixon wrote: > > Unfortunately, it's the middle of the night > where he's at, probably dreaming of anything but missing NS records. :) needs more benzedrine :( -- jared
Re: date -u gives wrong timezone output?
UTC aka Coordinated Universal Time, is the "right now is right now for all of us" time, and is coordinated among several entities, irregardless of the timezone the parties are in. GMT is a timezone with an offset of zero. All timezones are differentials off of UTC; you couldn't just say that in parts of England, you don't have a timezone - everyone has a timezone. So GMT exists with an offset of zero. To some people it's just semantics, to others it has great importance. I think it's only important to know the difference. But then, I work overnights and don't really care that the sun should come up "sooner" during summer months, or what day of the week it is. I think the man page as it stands is fine if the quote below is accurate - display or set the time without a zone adjustment. Pierre Markus Bergkvist wrote: So, the man page should say 'Display the UTC in GMT time'? If I understand it correctly, UTC is the timezone http://en.wikipedia.org/wiki/ISO_8601#UTC /Markus Pierre Lamy wrote: GMT is the timezone, UTC is the time. P jared r r spiegel wrote: On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote: On 4/10/07, Markus Bergkvist <[EMAIL PROTECTED]> wrote: Hi, 'date -u' on a 4.0 -stable will give something like Tue Apr 10 22:03:24 GMT 2007 but shouldn't it be Tue Apr 10 22:03:24 UTC 2007 UTC = GMT for all that we care about. [[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]] i could be wrong here, but perhaps he is not suggesting that there is any wallclock difference between GMT and UTC, but rather that the manpage for date(1) says: --- -u Display or set the date in UTC (Coordinated Universal) time. --- as opposed to "... date in GMT ...", also as implied by how it is '-u' and not '-g' least, that was my reaction to his post?
Re: undeadly.org down?
On 4/11/07, Jason Dixon <[EMAIL PROTECTED]> wrote: On Apr 11, 2007, at 11:20 PM, elpinguim wrote: > is undeadly down or do i need to smoke another blut? dns not > responding: > http://dnsreport.com/tools/dnsreport.ch?domain=undeadly.org I noticed this three hours ago and emailed Daniel. The NS records for undeadly.org have disappeared from all *ultradns* root nameservers for .org. Unfortunately, it's the middle of the night where he's at, probably dreaming of anything but missing NS records. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net bummer :( elpinguim
Re: undeadly.org down?
On Apr 11, 2007, at 11:20 PM, elpinguim wrote: is undeadly down or do i need to smoke another blut? dns not responding: http://dnsreport.com/tools/dnsreport.ch?domain=undeadly.org I noticed this three hours ago and emailed Daniel. The NS records for undeadly.org have disappeared from all *ultradns* root nameservers for .org. Unfortunately, it's the middle of the night where he's at, probably dreaming of anything but missing NS records. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
undeadly.org down?
is undeadly down or do i need to smoke another blut? dns not responding: http://dnsreport.com/tools/dnsreport.ch?domain=undeadly.org regards, elpinguim
Re: scp problem with remote filename escaping
Karel Kulhavy wrote: Security hole in scp. You're joking, right? Send someone an e-mail attachment named `rm -fr /`. If he uses multiple machines, it's possible he'll want to copy it and writes a similar command to the above according to the scp man page. Funny, my scp man page doesnt mention anything about using backticks. --- Lars Hansson
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
chefren wrote: Clearly not to death and people here are seriously interested in pro and contra arguments. People are interested in discussing a lot things but that doesn't mean those discussions belong on [EMAIL PROTECTED] --- Lars Hansson
Re: verifying ntp via GPS configuration?
On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 > sabtty0 at sab0 port 0 > sabtty1 at sab0 port 1 > > man sab gives: /dev/ttyh[0-1] > > No separate callout device, it looks like. Thanks for getting back to me. Specifying /dev/ttyh0 (or /dev/ttyh1) gives the same results. I still don't see any sensor when issuing: # sysctl hw ...nor is anything showing up in /var/log/daemon except for the following message: Apr 11 19:16:43 shockley savecore: no core dump Do you have any other ideas? Thanks.
Re: My hard-to-kill OpenBSD
On Thu, Apr 12, 2007 at 01:08:09AM +0200, Rico Secada wrote: > Now, besides the work I do with BSD, sometimes I work with GNU/Linux > as well. I had to mess a bit with a Debian box, and while it was open > I noticed that I had switched the primary and secondary IDE cabels. It > doesn't matter ofcourse, the machine boots anyway, buuut I like it to > be where it should be, primary master on the primary cabel, so I > switched the cabels. What happened? Well, the machine didn't want to > boot - go figured!! ;-) Had that been my old OpenBSD installation I > would exspect it to have booted off the floppy controller by mistake > and I wouldn't even notice! ;-))) I guess its because debian boot loader needs to be told where the root fs is by controller/channel/partition, rather than BSD's 'this drive, a'. Doug.
Re: scp problem with remote filename escaping
On Thu, Apr 12, 2007 at 01:13:16AM +0300, [EMAIL PROTECTED] wrote: > On Wed, Apr 11, 2007 at 04:41:41PM -0500, Matthew R. Dempsky wrote: > > On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote: > > > On 2007/04/11 13:41, Bryan Irvine wrote: > > > > scp [EMAIL PROTECTED]:"a\ b" . > > > > > > you have to escape to *both* your local shell, and the remote shell > > > > This has always seemed silly to me. Does anyone intentionally use > > > >$ scp host:"a b" . > > > > instead of > > > >$ scp host:"{a,b}" . > > Does anyone intentionally use > > scp '[EMAIL PROTECTED]:`rm -fr /`' /dev/null ? Security hole in scp. Send someone an e-mail attachment named `rm -fr /`. If he uses multiple machines, it's possible he'll want to copy it and writes a similar command to the above according to the scp man page. Then he wonders why his files disappeared. CL<
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote: > On 2007/04/11 13:41, Bryan Irvine wrote: > > > > >I agree, spaces in filenames should be avoided. But spaces in > > >filenames are legal, so programs need to support that; this seems like > > >a case scp was never tested against because no one uses files with > > >those names. > > > > I scp'd a file called 'a b' to an openbsd server here, then scp'd it > > back a couple time in different ways. It worked only when using the > > quotes AND escaping, like so: > > > > scp [EMAIL PROTECTED]:"a\ b" . > > you have to escape to *both* your local shell, and the remote shell You must not escape to your local shell in case the scp process is called directly by e. g. exec() function in C. If you have to escape to the remote shell, then it should be mentioned in man scp. "escape" and "shell" don't occur in man scp and "remote" doesn't occur in such a context there. If I wrote it, I would do it in a way that scp performed the escaping for the remote shell automatically. Having to supply a different filename depending on where the file is goes against the local-remote transparency that scp is attempting at. CL<
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 10:55:29PM +0200, Simon Effenberg wrote: > On Wed, Apr 11, 2007 at 04:17:38PM -0400, Nick ! wrote: > > On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote: > > > > > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > >> Of Karel Kulhavy > > >> Sent: Wednesday, April 11, 2007 3:47 PM > > >> To: OpenBSD > > >> Subject: scp problem with remote filename escaping > > >> Sounds like a bug to me - the escaping for the remote shell is not being > > >> done > > >> correctly? > > > > > >Wow. > > > > > >Seriously, I think the real 'bug' is your file naming conventions. > > > > > >Who would anyone specifically want to name a file with a space in it... > > >and if breaks on scp, where else will that screwy naming convention > > >break as well? > > > > > >I'm sure you'll give some really good reason why the files have to be > > >named that way... > > > > I agree, spaces in filenames should be avoided. But spaces in > > filenames are legal, so programs need to support that; this seems like > > a case scp was never tested against because no one uses files with > > those names. > > > > -Nick > > > > scp needs 3 * \ for one space.. scp needs one (1) \ for one space in case of remote file and zero (0) \ in case of local one. The extra \'s are for bash but bash is irrelevant in this case. It's just one possible method of calling the process. Another method is writing a small C program and using exec. CL< > > scp [EMAIL PROTECTED]:/what/you/want/a\\\ b.txtlocalfile.txt > > \s > > -- > GnuPG: 5755FB64 > > Per aspera ad astra.
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 04:17:38PM -0400, Nick ! wrote: > On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote: > > > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > >> Of Karel Kulhavy > >> Sent: Wednesday, April 11, 2007 3:47 PM > >> To: OpenBSD > >> Subject: scp problem with remote filename escaping > >> Sounds like a bug to me - the escaping for the remote shell is not being > >> done > >> correctly? > > > >Wow. > > > >Seriously, I think the real 'bug' is your file naming conventions. > > > >Who would anyone specifically want to name a file with a space in it... > >and if breaks on scp, where else will that screwy naming convention > >break as well? > > > >I'm sure you'll give some really good reason why the files have to be > >named that way... > > I agree, spaces in filenames should be avoided. But spaces in Where is this documented, that "spaces in filenames should be avoided"? man scp doesn't mention this. CL< > filenames are legal, so programs need to support that; this seems like > a case scp was never tested against because no one uses files with > those names. > > -Nick
Re: wireless ethernet adapters (seeking recommendations)
- Original message - Or acx(4), ath(4), rtw(4), rum(4), wi(4). I thought we shouldn't support ath? On 4/11/07, pedro la peu <[EMAIL PROTECTED]> wrote: > The usual recommendation is ral(4) Or acx(4), ath(4), rtw(4), rum(4), wi(4).
Re: wireless ethernet adapters (seeking recommendations)
My advice would be ral(4) I have also used ath(4) however the G mode does not work real well, I would suspect that ral(4) would be one of the first devices to support 80.211n. in OpenBSD (Someone correct me if I am wrong on this) Sam Fourman Jr. On 4/11/07, Darrin Chandler <[EMAIL PROTECTED]> wrote: On Thu, Apr 12, 2007 at 02:18:28AM +0200, Maxime DERCHE wrote: > A recent thread (04/04/2007) on this list showed that the ralink > chipsets are well supported by OpenBSD. If I recall, there was also talk about lower signal strength with ralink. For an access point this is important, but could be mitigated or overcome by a high gain antenna. FWIW, I haven't done any hard testing about signal strength, but I'm at least 50 ft from my ral(4) openbsd access point, as is my daughter using her ral(4) openbsd laptop. No problems here. Access point is a soekris with a normal stubby antenna, and the laptops involved are minipci and cardbus (no external antenna at all). :) -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
My hard-to-kill OpenBSD
Hi all. "Funny" story.. At home I installed OpenBSD on some old i386 hardware years ago. Since I do a lot of work at home I have a small homenetwork. From time to time I upgrade hardware, and sometimes I change the disks as well, when I get some bigger ones. Anyway, my old OpenBSD installation has been upgraded twice, yes I neglected it. It has been moved physically from different machines, from Intel onto AMD, and the other way around. It has even been moved from disk to disk, using a homemade tar and gtar solution. It has been turned off regulary, without using halt or shutdown. It has been running without shutdown months at a time, and it has suffered different kinds of physically abuse when I moved from one house to another. It has suffered all kind of crack attempts - none succesfull. It has been used as a fileserver on nfs, as a dhcp server, as a firewall, as a database server, and a lot of other stuff. At last I could not remember anything about how it actually was running. Yesterday it suffered a powersupply failure, but it didn't even grunt. In all that time, during all that suffering, it did no go down even once. It never ever suffered any dataloss from the many physically shutdowns. It was as stable as a solid rock. Well all things come to an end, so I finally decided to kill it slowly by night, removing all "important" files, doing a fresh install of 4.0 and exspecting the same rock solid performance. Now, besides the work I do with BSD, sometimes I work with GNU/Linux as well. I had to mess a bit with a Debian box, and while it was open I noticed that I had switched the primary and secondary IDE cabels. It doesn't matter ofcourse, the machine boots anyway, buuut I like it to be where it should be, primary master on the primary cabel, so I switched the cabels. What happened? Well, the machine didn't want to boot - go figured!! ;-) Had that been my old OpenBSD installation I would exspect it to have booted off the floppy controller by mistake and I wouldn't even notice! ;-))) Rico.
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 04:11:48PM -0400, Dan Farrell wrote: > Wow. > > Seriously, I think the real 'bug' is your file naming conventions. Bug is when behaviour is different from documentation. What is the behaviour and what is the documentation in the case of "my file naming conventions"? > Who would anyone specifically want to name a file with a space in it... I think the question of motivation is irrelevant here. The scp does something else than is written in the manpage. > and if breaks on scp, where else will that screwy naming convention > break as well? > > I'm sure you'll give some really good reason why the files have to be > named that way... They don't have to be. It's actually completely irrelevant in this case whether they have to be named with spaces or don't. scp does something else than is written in the manpage regardless of the user's motivation. CL< > > > danno > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Karel Kulhavy > Sent: Wednesday, April 11, 2007 3:47 PM > To: OpenBSD > Subject: scp problem with remote filename escaping > Sounds like a bug to me - the escaping for the remote shell is not being > done > correctly?
Re: wireless ethernet adapters (seeking recommendations)
> The usual recommendation is ral(4) Or acx(4), ath(4), rtw(4), rum(4), wi(4).
Re: wireless ethernet adapters (seeking recommendations)
On Thu, Apr 12, 2007 at 02:18:28AM +0200, Maxime DERCHE wrote: > A recent thread (04/04/2007) on this list showed that the ralink > chipsets are well supported by OpenBSD. If I recall, there was also talk about lower signal strength with ralink. For an access point this is important, but could be mitigated or overcome by a high gain antenna. FWIW, I haven't done any hard testing about signal strength, but I'm at least 50 ft from my ral(4) openbsd access point, as is my daughter using her ral(4) openbsd laptop. No problems here. Access point is a soekris with a normal stubby antenna, and the laptops involved are minipci and cardbus (no external antenna at all). :) -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: scp problem with remote filename escaping
On 4/11/07, Karel Kulhavy <[EMAIL PROTECTED]> wrote: > > For the same filename, sometimes you have to specify a different filename > to > scp, depending on whether the file is on remote system or local one. > > I have created a remote file whose filename "a b" is 3 chars long - ASCII > codes > 97, 32, 98 Standard shell behavior. Check out the same command but with rcp. You'll see that you get the same results. Read UnixHaters if you want to see some interesting results of this.
Re: scp problem with remote filename escaping
> I scp'd a file called 'a b' to an openbsd server here, then scp'd it > back a couple time in different ways. It worked only when using the > quotes AND escaping, like so: > > scp [EMAIL PROTECTED]:"a\ b" . That's because of the shell. The shell on the client sees the quotes and doesn't escape the space. The space is escaped when it gets to the SFTP daemon at the other end. Without both, the shell at the client does the escaping and sends a single argument to the scp client. This sends that argument to the server, which presumably sees the space and assumes you're asking for two files called A and B. You need the \ character to arrive unaltered at the scp server. scp [EMAIL PROTECTED]:a\\\ b . should work as well. A
Re: scp problem with remote filename escaping
> I'm sure you'll give some really good reason why the files have to be > named that way... Try admining boxes which are used by EvilOS users - all of their files will be called My\ blah.
Re: wireless ethernet adapters (seeking recommendations)
A recent thread (04/04/2007) on this list showed that the ralink chipsets are well supported by OpenBSD. I think any wireless card with a ralink chipset will do the job. See http://openbsd.org/i386.html#hardware ("Wireless Ethernet Adapters") if you need more information. Maxime Peter wrote: > I'm looking to build on OpenBSD 4.0 (4.1?) a wireless access point for a > small > network. I would like to hear what cards have proven to be the most > effective in this arena. I am very interested in small form factor machines > with possible onboard wireless adapters. The client systems will be running > Ubuntu Linux (Feisty). Thank you very much. > > Pedro
Re: bcw(4) is gone
On 4/11/07, Shawn K. Quinn <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 22:34 -0400, Jason Dixon wrote: > GPL advocates claim their license prevents commercial entities from > stealing their freedom. These are the same people who have no > problem giving up their freedoms (in the form of NDA's, closed-source > kernel modules, etc) to the companies they're trying to fight. True free software movement supporters will not sign an agreement not to help their neighbor such as an NDA. Some in the open source movement have no trouble accepting a binary only driver, or specifications under NDA, or what have you, for convenience. That's what open source is about: convenience, not freedom for its own sake. This is exactly why it is important to make a distinction between the free software movement and the open source movement and not lump the two together. Exactly. And it's a distinction that must be made again and again and again.
Re: wireless ethernet adapters (seeking recommendations)
On 4/11/07, Peter <[EMAIL PROTECTED]> wrote: I'm looking to build on OpenBSD 4.0 (4.1?) a wireless access point for a small network. I would like to hear what cards have proven to be the most effective in this arena. I am very interested in small form factor machines with possible onboard wireless adapters. The client systems will be running Ubuntu Linux (Feisty). Thank you very much. Pedro The usual recommendation is ral(4) (that is, the chips that correspond to the driver documented in `man 4 ral'). Have you seen https://kd85.com/soekris.html ? -Nick
wireless ethernet adapters (seeking recommendations)
I'm looking to build on OpenBSD 4.0 (4.1?) a wireless access point for a small network. I would like to hear what cards have proven to be the most effective in this arena. I am very interested in small form factor machines with possible onboard wireless adapters. The client systems will be running Ubuntu Linux (Feisty). Thank you very much. Pedro
Re: bcw(4) is gone
On Mon, 2007-04-09 at 22:34 -0400, Jason Dixon wrote: > GPL advocates claim their license prevents commercial entities from > stealing their freedom. These are the same people who have no > problem giving up their freedoms (in the form of NDA's, closed-source > kernel modules, etc) to the companies they're trying to fight. True free software movement supporters will not sign an agreement not to help their neighbor such as an NDA. Some in the open source movement have no trouble accepting a binary only driver, or specifications under NDA, or what have you, for convenience. That's what open source is about: convenience, not freedom for its own sake. This is exactly why it is important to make a distinction between the free software movement and the open source movement and not lump the two together. -- Shawn K. Quinn <[EMAIL PROTECTED]>
Re: Removing chmod world write support and sftp
On 11 Apr 2007 at 16:33, Joshua Gimer wrote: > On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote: > > > > you're not really > > > planning on security by obscurity are you? > > > > The wrapper will work because the users that are doing this are doing it > out of ignorance and not with malicious intentions. If the only thing > that can be done is to change the sftp code, then I think that I will > just write a script that will go through and remove o+w from directories > every hour or so. There are going to only be about 50 users accessing You'll be amazed how much warez and porn can get uploaded in less than an hour ... > this system and I do not think that putting forth the effort is worth > it, especially when I still have 11 other systems to setup and configure > by May 13th. :) > > -- > Thx > Joshua Gimer > > - System Administrator[EMAIL PROTECTED] Bitwise Internet Technologies, Inc. 22 Drydock Avenue tel: (617) 737-1837 Boston, MA 02210 fax: (617) 439-4941
Re: OpenBGPd + pf + pf tables.
Hello, Le 11 avr. 07 ` 00:10, jared r r spiegel a icrit : > On Tue, Apr 10, 2007 at 06:33:12PM +0200, Xavier Beaudouin wrote: >> >> The problem I have is if I have a subnet removed from bgp (eg my >> AS35189 >> neighbor) it is not removed from pf table bgp. >> >> Do you have an little idea to do this automaticaly ? > > does it work how you want to if you change from using tables > to route labels? > > http://marc.info/?l=openbsd-pf&m=113646508819716&w=2 Hum I didn't try, in fact I use some bgp routes (subnets) as shapping / non shapping table from the cost of the origin from my bgp peers. So the rib is not coupled so rtl label may not work I just need feature to remove the route from pftable or this is a bug of openbgpd / pf under freebsd 6.2 ? /Xavier [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Removing chmod world write support and sftp
On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote: > > you're not really > > planning on security by obscurity are you? > The wrapper will work because the users that are doing this are doing it out of ignorance and not with malicious intentions. If the only thing that can be done is to change the sftp code, then I think that I will just write a script that will go through and remove o+w from directories every hour or so. There are going to only be about 50 users accessing this system and I do not think that putting forth the effort is worth it, especially when I still have 11 other systems to setup and configure by May 13th. :) -- Thx Joshua Gimer
Re: Removing chmod world write support and sftp
On 4/11/07, Joshua Gimer <[EMAIL PROTECTED]> wrote: On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote: > > you're not really > > planning on security by obscurity are you? > The wrapper will work because the users that are doing this are doing it out of ignorance and not with malicious intentions. This is a dangerous assumption. If the only thing that can be done is to change the sftp code, Not the sftp code, the chmod code. It should be a one or two line change. -Nick
Re: date -u gives wrong timezone output?
So, the man page should say 'Display the UTC in GMT time'? If I understand it correctly, UTC is the timezone http://en.wikipedia.org/wiki/ISO_8601#UTC /Markus Pierre Lamy wrote: GMT is the timezone, UTC is the time. P jared r r spiegel wrote: On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote: On 4/10/07, Markus Bergkvist <[EMAIL PROTECTED]> wrote: Hi, 'date -u' on a 4.0 -stable will give something like Tue Apr 10 22:03:24 GMT 2007 but shouldn't it be Tue Apr 10 22:03:24 UTC 2007 UTC = GMT for all that we care about. [[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]] i could be wrong here, but perhaps he is not suggesting that there is any wallclock difference between GMT and UTC, but rather that the manpage for date(1) says: --- -u Display or set the date in UTC (Coordinated Universal) time. --- as opposed to "... date in GMT ...", also as implied by how it is '-u' and not '-g' least, that was my reaction to his post?
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 04:41:41PM -0500, Matthew R. Dempsky wrote: > On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote: > > On 2007/04/11 13:41, Bryan Irvine wrote: > > > scp [EMAIL PROTECTED]:"a\ b" . > > > > you have to escape to *both* your local shell, and the remote shell > > This has always seemed silly to me. Does anyone intentionally use > >$ scp host:"a b" . > > instead of > >$ scp host:"{a,b}" . Does anyone intentionally use scp '[EMAIL PROTECTED]:`rm -fr /`' /dev/null ? > > or > >$ scp host:a host:b . > > or is just that having whatever does the globbing on the host not > split at white space too difficult? That 'whatever' is the login shell of the user on the remote host. (which may or may not do splitting with IFS, globbing, variable expansion - the usual stuff). scp is fine. some people are confused.
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 04:33:32PM -0400, Nick ! wrote: > Karel, single quotes cause backslashes to be backslashes, instead of > escape chars (*except* if it's a backslash in front of a single quote, > so that you can escape single quotes to include them). No, backslashes have no special meaning inside single quotes. $ echo '\' \
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote: > On 2007/04/11 13:41, Bryan Irvine wrote: > > scp [EMAIL PROTECTED]:"a\ b" . > > you have to escape to *both* your local shell, and the remote shell This has always seemed silly to me. Does anyone intentionally use $ scp host:"a b" . instead of $ scp host:"{a,b}" . or $ scp host:a host:b . or is just that having whatever does the globbing on the host not split at white space too difficult?
Re: IPSec help..
Window's firewall is off. Dump is as follows: # tcpdump -i sis0 'esp or (udp and (port 500 or port 4500))' tcpdump: listening on sis0, link-type EN10MB 21:06:26.205252 work.isakmp > home.isakmp: isakmp v1.0 exchange ID_PROT cookie: 1a0f8d5bb2637ce2-> msgid: len: 3632 (frag 51066:[EMAIL PROTECTED]) 21:06:26.735801 home.isakmp > work.isakmp: isakmp v1.0 exchange ID_PROT cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 188 21:06:26.745392 work.isakmp > home.isakmp: isakmp v1.0 exchange ID_PROT cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 184 21:06:27.103644 home.isakmp > work.isakmp: isakmp v1.0 exchange ID_PROT cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 232 21:06:27.138275 work.ipsec-nat-t > home.ipsec-nat-t:udpencap: isakmp v1.0 exchange ID_PROT encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 860 21:06:27.575196 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange ID_PROT encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 892 21:06:32.575767 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange INFO encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: dbc958f1 len: 92 21:06:37.235054 work.ipsec-nat-t > home.ipsec-nat-t:udpencap: isakmp v1.0 exchange ID_PROT encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 860 21:06:37.248721 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange ID_PROT encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 892 21:06:37.619710 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange INFO encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: 4c3bb90c len: 92 21:06:42.647504 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange INFO encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: 88ad6544 len: 92 21:06:47.244914 work.ipsec-nat-t > home.ipsec-nat-t:udpencap: isakmp v1.0 exchange ID_PROT encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 860 21:06:47.263416 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange ID_PROT encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: len: 892 21:06:47.684881 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange INFO encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: 5337bf54 len: 92 21:06:52.715304 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange INFO encrypted cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: eaeb08da len: 92 On 4/11/07, Dag Richards <[EMAIL PROTECTED]> wrote: Roy Kim wrote: > I'm trying to setup an ipsec tunnel between an openbsd and a windows > box using X.509 certificates. Phase 1 gets successfully negotiated but > then things crap out at step 1 of phase 2 and I don't have a clue > what's wrong. Any thoughts? > > Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf > are as follows: > > ipsec.conf: > ike dynamic esp tunnel from 192.168.0/8 to any \ > srcid home dstid work > ike dynamic esp tunnel from any to 192.168.0/8 \ > srcid work dstid home > > isakmpd output using 'isakmpd -KvdD A=50' > 191751.046228 Timr 10 timer_add_event: event > exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200), > expiration in 120s > 191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500 policy> policy initiator phase 2 doi 1 exchange 5 step 0 > 191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3 > rcookie 8e784c12cb6b04bd > 191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list > 191751.052677 Cryp 50 crypto_init_iv: initialized IV: > 191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567 > 191751.055068 Cryp 30 crypto_encrypt: before encryption: > 191751.057166 Cryp 30 0b18 68790ed1 9f0d6417 66838f05 de3393d7 > 9ec6dcb3 0020 0001 > 191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd > 3340 > 191751.060004 Cryp 30 crypto_encrypt: after encryption: > 191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3 > 9f0d19e6 624ee717 c65f1486 > 191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea > 0bf57a7f d8c817ce 070b8719 > 191751.064686 Cryp 50 crypto_update_iv: updated IV: > 191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719 > 191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step > 0, advancing... > 191751.069968 Timr 10 timer_add_event: event > dpd_check_event(0x85229200) added before > connection_checker(0x8522a060), expiration in 5s > 191751.07 Exch 10 exchange_finalize: 0x7df9b500 policy> policy initiator phase 2 doi 1 exchange 5 step 1 > 191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3 > rcookie 8e784c12cb6b04bd > 191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list > 191751.076166 Timr 10 timer_remove_event: removing event > exchange_free_aux(0x7df9b500) > 191751.077610 Mesg 20 message_free: fre
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
On Apr 11, 2007, at 2:25 PM, chefren wrote: > Clearly not to death and people here are seriously interested in > pro and contra arguments. Hey, if you young folks still have all that typing power in your fingers, please bang on the code for BSD some more! -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: scp problem with remote filename escaping
On 2007/04/11 13:41, Bryan Irvine wrote: > > >I agree, spaces in filenames should be avoided. But spaces in > >filenames are legal, so programs need to support that; this seems like > >a case scp was never tested against because no one uses files with > >those names. > > I scp'd a file called 'a b' to an openbsd server here, then scp'd it > back a couple time in different ways. It worked only when using the > quotes AND escaping, like so: > > scp [EMAIL PROTECTED]:"a\ b" . you have to escape to *both* your local shell, and the remote shell
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 04:17:38PM -0400, Nick ! wrote: > On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote: > > > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > >> Of Karel Kulhavy > >> Sent: Wednesday, April 11, 2007 3:47 PM > >> To: OpenBSD > >> Subject: scp problem with remote filename escaping > >> Sounds like a bug to me - the escaping for the remote shell is not being > >> done > >> correctly? > > > >Wow. > > > >Seriously, I think the real 'bug' is your file naming conventions. > > > >Who would anyone specifically want to name a file with a space in it... > >and if breaks on scp, where else will that screwy naming convention > >break as well? > > > >I'm sure you'll give some really good reason why the files have to be > >named that way... > > I agree, spaces in filenames should be avoided. But spaces in > filenames are legal, so programs need to support that; this seems like > a case scp was never tested against because no one uses files with > those names. > > -Nick > scp needs 3 * \ for one space.. scp [EMAIL PROTECTED]:/what/you/want/a\\\ b.txtlocalfile.txt \s -- GnuPG: 5755FB64 Per aspera ad astra.
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
On Wed, Apr 11, 2007 at 10:25:03PM +0200, chefren wrote: > On 4/11/07 5:45 PM, Darrin Chandler wrote: > >Now that the subject is accurate, it's more obvious than ever that this > >discussion doesn't belong here. Not only is it not relevant, but it's > >been discussed to death many times, in many places. > > Clearly not to death and people here are seriously interested in pro > and contra arguments. Just because you're still flogging a horse doesn't mean it's not dead. BSD v. GPL is easy to understand: If you want to give your code away for whatever purpose, use BSD. If you want to enforce your view of "correct" on anyone using your code, use GPL. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: scp problem with remote filename escaping
I agree, spaces in filenames should be avoided. But spaces in filenames are legal, so programs need to support that; this seems like a case scp was never tested against because no one uses files with those names. I scp'd a file called 'a b' to an openbsd server here, then scp'd it back a couple time in different ways. It worked only when using the quotes AND escaping, like so: scp [EMAIL PROTECTED]:"a\ b" . --Bryan
Re: scp problem with remote filename escaping
On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote: On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote: > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > Of Karel Kulhavy > > Sent: Wednesday, April 11, 2007 3:47 PM > > To: OpenBSD > > Subject: scp problem with remote filename escaping > > Sounds like a bug to me - the escaping for the remote shell is not being > > done > > correctly? > > Wow. > > Seriously, I think the real 'bug' is your file naming conventions. > But spaces in filenames are legal, so programs need to support that; Er, nevermind. I didn't read closely enough. Karel, single quotes cause backslashes to be backslashes, instead of escape chars (*except* if it's a backslash in front of a single quote, so that you can escape single quotes to include them). The behaviour you're seeing is entirely correct. I still stand by my abstract philosophical standpoint, that forcing certain conventions is not a substitute for bugfixing, but it turns out it doesn't apply here. -Nick
Re: IPSec help..
On Wed, Apr 11, 2007 at 01:28:28PM -0600, Roy Kim wrote: > I'm trying to setup an ipsec tunnel between an openbsd and a windows > box using X.509 certificates. Phase 1 gets successfully negotiated but > then things crap out at step 1 of phase 2 and I don't have a clue > what's wrong. Any thoughts? > > Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf > are as follows: > > ipsec.conf: > ike dynamic esp tunnel from 192.168.0/8 to any \ > srcid home dstid work > ike dynamic esp tunnel from any to 192.168.0/8 \ > srcid work dstid home you only need one of these two rules as ipsecctl will create automatically the correct pairs of SAs and flows. See ipsec.conf(5) for details. > > isakmpd output using 'isakmpd -KvdD A=50' > 191751.046228 Timr 10 timer_add_event: event > exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200), > expiration in 120s > 191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500 policy> policy initiator phase 2 doi 1 exchange 5 step 0 > 191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3 > rcookie 8e784c12cb6b04bd > 191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list > 191751.052677 Cryp 50 crypto_init_iv: initialized IV: > 191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567 > 191751.055068 Cryp 30 crypto_encrypt: before encryption: > 191751.057166 Cryp 30 0b18 68790ed1 9f0d6417 66838f05 de3393d7 > 9ec6dcb3 0020 0001 > 191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd > 3340 > 191751.060004 Cryp 30 crypto_encrypt: after encryption: > 191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3 > 9f0d19e6 624ee717 c65f1486 > 191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea > 0bf57a7f d8c817ce 070b8719 > 191751.064686 Cryp 50 crypto_update_iv: updated IV: > 191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719 > 191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step > 0, advancing... > 191751.069968 Timr 10 timer_add_event: event > dpd_check_event(0x85229200) added before > connection_checker(0x8522a060), expiration in 5s > 191751.07 Exch 10 exchange_finalize: 0x7df9b500 policy> policy initiator phase 2 doi 1 exchange 5 step 1 > 191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3 > rcookie 8e784c12cb6b04bd > 191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list > 191751.076166 Timr 10 timer_remove_event: removing event > exchange_free_aux(0x7df9b500) > 191751.077610 Mesg 20 message_free: freeing 0x7df9e000 > 191756.083274 Timr 10 timer_handle_expirations: event > dpd_check_event(0x85229200) > 191756.084314 Mesg 10 dpd_check_event: peer not responding, retry 2 of 5
Re: scp problem with remote filename escaping
On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote: > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Karel Kulhavy > Sent: Wednesday, April 11, 2007 3:47 PM > To: OpenBSD > Subject: scp problem with remote filename escaping > Sounds like a bug to me - the escaping for the remote shell is not being > done > correctly? Wow. Seriously, I think the real 'bug' is your file naming conventions. Who would anyone specifically want to name a file with a space in it... and if breaks on scp, where else will that screwy naming convention break as well? I'm sure you'll give some really good reason why the files have to be named that way... I agree, spaces in filenames should be avoided. But spaces in filenames are legal, so programs need to support that; this seems like a case scp was never tested against because no one uses files with those names. -Nick
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
On 4/11/07 5:45 PM, Darrin Chandler wrote: Now that the subject is accurate, it's more obvious than ever that this discussion doesn't belong here. Not only is it not relevant, but it's been discussed to death many times, in many places. Clearly not to death and people here are seriously interested in pro and contra arguments. +++chefren p.s. GPLvX is BSD with DRM, GPLvX people try to rule after "giving" it away, new GPL versions are "needed" because the idea behind it is flawed, GPLvX people believe it can be fixed, BSD people know it's technically beyond repair since the first version.
Re: scp problem with remote filename escaping
Wow. Seriously, I think the real 'bug' is your file naming conventions. Who would anyone specifically want to name a file with a space in it... and if breaks on scp, where else will that screwy naming convention break as well? I'm sure you'll give some really good reason why the files have to be named that way... danno -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karel Kulhavy Sent: Wednesday, April 11, 2007 3:47 PM To: OpenBSD Subject: scp problem with remote filename escaping Sounds like a bug to me - the escaping for the remote shell is not being done correctly?
scp problem with remote filename escaping
For the same filename, sometimes you have to specify a different filename to scp, depending on whether the file is on remote system or local one. I have created a remote file whose filename "a b" is 3 chars long - ASCII codes 97, 32, 98 scp '[EMAIL PROTECTED]:a b' . doesn't work - prints: scp: a: No such file or directory scp: b: No such file or directory I have to type scp '[EMAIL PROTECTED]:a\ b' . which propagates to the scp process as a single argument containing a backslash, as can be seen with touch a\ b (creates a file named "a b") scp a\ b d - works scp 'a\ b' d - cp: a\ b: No such file or directory The manual page says I should specify "file1" and "file2", which (lacking further details) implies the filename is supplied without any further encoding. All the more without an encoding which depends on where the file actually lies. Sounds like a bug to me - the escaping for the remote shell is not being done correctly? Is this the intended behaviour of scp from OpenBSD 4.0? I would tell the version of the scp but scp -version, --version, -V and -v doesn't work and man scp doesn't contain the word "version". CL<
IPSec help..
I'm trying to setup an ipsec tunnel between an openbsd and a windows box using X.509 certificates. Phase 1 gets successfully negotiated but then things crap out at step 1 of phase 2 and I don't have a clue what's wrong. Any thoughts? Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf are as follows: ipsec.conf: ike dynamic esp tunnel from 192.168.0/8 to any \ srcid home dstid work ike dynamic esp tunnel from any to 192.168.0/8 \ srcid work dstid home isakmpd output using 'isakmpd -KvdD A=50' 191751.046228 Timr 10 timer_add_event: event exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200), expiration in 120s 191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500 policy initiator phase 2 doi 1 exchange 5 step 0 191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3 rcookie 8e784c12cb6b04bd 191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list 191751.052677 Cryp 50 crypto_init_iv: initialized IV: 191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567 191751.055068 Cryp 30 crypto_encrypt: before encryption: 191751.057166 Cryp 30 0b18 68790ed1 9f0d6417 66838f05 de3393d7 9ec6dcb3 0020 0001 191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd 3340 191751.060004 Cryp 30 crypto_encrypt: after encryption: 191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3 9f0d19e6 624ee717 c65f1486 191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea 0bf57a7f d8c817ce 070b8719 191751.064686 Cryp 50 crypto_update_iv: updated IV: 191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719 191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step 0, advancing... 191751.069968 Timr 10 timer_add_event: event dpd_check_event(0x85229200) added before connection_checker(0x8522a060), expiration in 5s 191751.07 Exch 10 exchange_finalize: 0x7df9b500 policy initiator phase 2 doi 1 exchange 5 step 1 191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3 rcookie 8e784c12cb6b04bd 191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list 191751.076166 Timr 10 timer_remove_event: removing event exchange_free_aux(0x7df9b500) 191751.077610 Mesg 20 message_free: freeing 0x7df9e000 191756.083274 Timr 10 timer_handle_expirations: event dpd_check_event(0x85229200) 191756.084314 Mesg 10 dpd_check_event: peer not responding, retry 2 of 5
Re: safe PF start / restart
On Wed, Apr 11, 2007 at 02:44:10PM -0400, Jeff Quast wrote: > On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote: > >feature in shorewall - safe restart. > > > >Is there a ready made script accomplishing this for openbsd / pf? Or any > >plans of building such functionality? > > I've done this with pf. I used at(1) like anybody would. You can load > a new rule using pfctl -f /etc/pf.conf/new, with an at(1) job to load > /etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it > with /bin/sh. > > Personaly I'd hate to see this as an actual 'feature' anywhere. If > everything this trivial was implemented into pfctl I would stop > reading manuals top to bottom. You should look at the command prompt > like a live programming enviroment. I recommend reading "The UNIX > Programming Environment" by Brian W. Kernighan and Rob Pike. Once you have a working ruleset, most changes shouldn't be enough to effect YOUR connectivity to the firewall. After running $EDITOR to change your ruleset, run 'pfctl -nvf /etc/pf.conf' to make sure the output matches your expectations before running 'pfctl -f /etc/pf.conf'. -ME
Re: bcw(4) is gone
On Wed, Apr 11, 2007 at 08:20:51PM +0200, Timo Schoeler wrote: > On Wed, 11 Apr 2007 20:08:44 +0200 Marc Balmer wrote: > > > [X] -- communism isn't as bad as the GPL ;) > > [X] marco is a communist > no; if so, he's as good as communist as George W. Bush as president. WTF! What the hell does GPL, communism or GWB have to do with OpenBSD? Let this thread die. -ME
Re: safe PF start / restart
On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote: I had to set up a linux firewall the other day, and I used the iptables script generating program shorewall. While pulling my hair over how ugly the iptables stuff (even via shorewall) is compared to OpenBSDs nice clean PF syntax, I did find one very nice feature in shorewall - safe restart. When safe restarting, shorewall will implement all rules in the iptables config files, then give the user a prompt: keep rules y/n? If 'yes' the rules are kept and everyone is happy. If 'no', iptables are disabled and all traffic let in. If no answer then default to answer 'no' after 60 seconds. Very useful, even if just for the added peace of mind when applying new changes. Is there a ready made script accomplishing this for openbsd / pf? Or any plans of building such functionality? Christian I think I get what you're asking here... like switching monitor resolutions and asking you to confirm that it worked by clicking a button? If you can't see the button, you don't click it, and the old resolution is reverted after 15 seconds. Right? I've done this with pf. I used at(1) like anybody would. You can load a new rule using pfctl -f /etc/pf.conf/new, with an at(1) job to load /etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it with /bin/sh. Personaly I'd hate to see this as an actual 'feature' anywhere. If everything this trivial was implemented into pfctl I would stop reading manuals top to bottom. You should look at the command prompt like a live programming enviroment. I recommend reading "The UNIX Programming Environment" by Brian W. Kernighan and Rob Pike.
Building boot
Hi Im trying to build boot for OpenBSD 4.0. Ive pasted the output below from what I get if I do a make clean in /sys/arch/i386/stand/boot and then do a make in /sys. The problem is that the boot file that is being created in /sys/arch/i386/stand/boot is 322K, whereas the original boot was only 38.6K. When I installboot this larger file, the system fails to load boot upon restarting. So how do I actually make boot? Is it related to the ": relocation truncated to fit: R_386_16 .text" messages below? Thank You Jonathan Steel bash-3.1# make ===> dev/microcode ===> dev/microcode/atmel ===> dev/microcode/cirruslogic ===> dev/microcode/fxp ===> dev/microcode/kue ===> dev/microcode/neomagic ===> dev/microcode/ral ===> dev/microcode/rum ===> dev/microcode/symbol ===> dev/microcode/typhoon ===> dev/microcode/uyap ===> dev/microcode/yds ===> dev/microcode/zydas ===> arch/alpha ===> arch/alpha/stand ===> arch/alpha/stand/setnetbootinfo ===> arch/alpha/stand/installboot ===> arch/amd64 ===> arch/amd64/stand ===> arch/amd64/stand/biosboot ===> arch/amd64/stand/installboot ===> arch/amd64/stand/boot ===> arch/amd64/stand/pxeboot ===> arch/amd64/stand/cdboot ===> arch/armish ===> arch/armish/stand ===> arch/armish/stand/boot ===> arch/aviion ===> arch/aviion/stand ===> arch/aviion/stand/a2coff ===> arch/cats ===> arch/hp300 ===> arch/hp300/stand ===> arch/hp300/../m68k ===> arch/hppa ===> arch/hppa/stand ===> arch/hppa/stand/mkboot ===> arch/hppa/stand/boot ===> arch/hppa64 ===> arch/hppa64/stand ===> arch/hppa64/stand/mkboot ===> arch/hppa64/stand/boot ===> arch/i386 ===> arch/i386/stand ===> arch/i386/stand/etc ===> arch/i386/stand/libsa ===> arch/i386/stand/libkern ===> arch/i386/stand/libz ===> arch/i386/stand/mbr ===> arch/i386/stand/cdbr ===> arch/i386/stand/biosboot ===> arch/i386/stand/installboot ===> arch/i386/stand/boot cc -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc/obj -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d -DLINKADDR=0x40120 -c srt0.S cc -Os -Wall -Werror -fno-stack-protector -D_STANDALONE -nostdinc -fno-builtin -fpack-struct -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc/obj -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d -DLINKADDR=0x40120 -c /sys/arch/i386/stand/boot/../../../../stand/boot/boot.c cc -Os -Wall -Werror -fno-stack-protector -D_STANDALONE -nostdinc -fno-builtin -fpack-struct -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc/obj -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d -DLINKADDR=0x40120 -c /sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c cc -Os -Wall -Werror -fno-stack-protector -D_STANDALONE -nostdinc -fno-builtin -fpack-struct -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc/obj -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d -DLINKADDR=0x40120 -c /sys/arch/i386/stand/boot/../../../../stand/boot/vars.c cc -Os -Wall -Werror -fno-stack-protector -D_STANDALONE -nostdinc -fno-builtin -fpack-struct -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc/obj -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d -DLINKADDR=0x40120 -c /sys/arch/i386/stand/boot/../../../../stand/boot/bootarg.c cc -Os -Wall -Werror -fno-stack-protector -D_STANDALONE -nostdinc -fno-builtin -fpack-struct -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc/obj -I/sys/arch/i386/stand/boot/../../../.. -I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot -I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d -DLINKADDR=0x40120 -c conf.c ld -nostdlib -Bstatic -Ttext 0x40120 -N -x -noinhibit-exec -o boot srt0.o boot.o cmd.o vars.o bootarg.o conf.o /sys/arch/i386/stand/boot/../libsa/libsa.a /sys/arch/i386/stand/boot/../libz/libz.a /sys/arch/i386/stand/boot/../libkern/libkern.a /sys/arch/i386/stand/boot/../libsa/libsa.a(gidt.o)(.text+0x38): In function `idt': : relocation truncated to fit: R_386_16 .text /sys/arch/i386/st
OpeBSD on Acer Travelmate
Hi, I recently installed OpenBSD-current from the latest snapshot on my Acer Travelmate 4202WLMI laptop and I'm having few issues with it. First is the USB -performance. I have USB-drive and when moving data between it and my laptop I get around 5-7MB/sec although in Linux I get 17-20MB/sec. Is this just that the USB-support is still at 1.1 and all I can do is wait for it to be updated or is there something to be done to increase it's performance? Second is that I recently read that ACPI support should start to be working but that isn't the case with my laptop as shown below. It just states that ACPI not configured. [attached acpidump] And lastly and mainly my IPW3945 wireless adapter won't work. I installed the firmware as instructed by manual page and it gives the "fatal firmware error" when booting. Is there anything to be done to above cases except to wait? I'm relatively new to OpenBSD so solution for these could be some error I made somewhere. My dmesg: OpenBSD 4.1-current (GENERIC.MP) #1260: Fri Apr 6 01:51:07 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2300 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR real mem = 534867968 (522332K) avail mem = 480264192 (469008K) using 4278 buffers containing 26865664 bytes (26236K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 03/09/06, BIOS32 rev. 0 @ 0xfd400, SMBIOS rev. 2.31 @ 0xe3810 (26 entries) bios0: Acer Grapevine pcibios0 at bios0: rev 2.1 @ 0xfd400/0xc00 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/320 (18 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xf200 0xe/0x1800! 0xe3800/0x800! acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2300 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type PCI mainbus0: bus 7 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "NVIDIA GeForce 7300 Go" rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 int 22 (irq 10) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x10ec (rev. 0.2), HDA version 1.0 azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02 pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02 pci5 at ppb4 bus 5 wpi0 at pci5 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 int 19 (irq 10), address 00:13:02:03:7e:68 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 23 (irq 5) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 19 (irq 10) uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 16 (irq 6) ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 23 (irq 5) ehci0: timed out waiting for BIOS usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 pci6 at ppb5 bus 6 bce0 at pci6 dev 1 function 0 "Broadcom BCM4401B0" rev 0x02: apic 2 int 21 (irq 10), address 00:0f:b0:f0:eb:93 bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0 cbb0 at pci6 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: apic 2 int 16 (irq 6) cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 7 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired
Re: bcw(4) is gone
On Wed, 11 Apr 2007 20:08:44 +0200 Marc Balmer <[EMAIL PROTECTED]> wrote: > Timo Schoeler wrote: > > On Wed, 11 Apr 2007 16:25:14 +0200 > > Massimo Lusetti <[EMAIL PROTECTED]> wrote: > > > >> On Mon, 9 Apr 2007 20:20:33 -0500 > >> Marco Peereboom <[EMAIL PROTECTED]> wrote: > >> > >>> GPL is as free as communism. > >> Please add this to fortune! > >> > >> -- > >> Massimo.run(); > >> She's the kind of girl who climbed the ladder of success wrong by > >> wrong. -- Mae West > > > > [ ] -- you read about and understood what communism is (both of you) > > > > [X] -- I replied that late because I was busy laughing after Marco's > > post > > > > [X] -- communism isn't as bad as the GPL ;) > > > > [X] marco is a communist no; if so, he's as good as communist as George W. Bush as president.
Re: safe PF start / restart
Did you read pfctl(8) ? On Wed, Apr 11, 2007 at 10:44:44AM -0700, christian johansson wrote: > I had to set up a linux firewall the other day, and I used the iptables > script generating program shorewall. > While pulling my hair over how ugly the iptables stuff (even via shorewall) > is compared to OpenBSDs nice clean PF syntax, I did find one very nice > feature in shorewall - safe restart. > > When safe restarting, shorewall will implement all rules in the iptables > config files, then give the user a prompt: keep rules y/n? > > If 'yes' the rules are kept and everyone is happy. If 'no', iptables are > disabled and all traffic let in. If no answer then default to answer 'no' > after 60 seconds. > Very useful, even if just for the added peace of mind when applying new > changes. > > Is there a ready made script accomplishing this for openbsd / pf? Or any > plans of building such functionality? > > Christian
Re: Routerboard 532 Bounty
On 4/11/07, Bret Lambert <[EMAIL PROTECTED]> wrote: On Wed, 2007-04-11 at 12:05 -0500, Sam Fourman Jr. wrote: > Well, I would like to see the router board simply because, I would > like to make a router / switch device to replace a Linksys 54G Router, > maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto > and the other for a wireless device. > > if anyone has any ideas or links that would be great. The propietor of magicbox.pl, which offers powerpc-based boards, had offered to ship hardware to any and all interested OpenBSD devs; a few confused me as the contact point, so it looks like there was some developer interest in that hardware, but I haven't heard anything since. This was something like a month, month and a half ago; if any dev who contacted that vendor could give a quick "it worked/he was jerking us around" response, I'd love to get an update. I sent a couple of emails - "hey, this sounds like a nice plan, tell me more" - and never heard back one way or the other. *shrug* I have a huge pile of things to work on so I'm not going to get bent out of shape if nothing materializes, but they do look like they could be useful for some applications. Those boards are (unless I'm forgetting) based in the IBM405 chipset; I'd like to see router boards based on the IBM440EBx (again, I may be misremembering), which is supposed to have on-proc crypto support. The only board based on that that I've been able to find in an admittedly short and half-hearted googling was a 5-port w/linux on flash from AMCC. The routerboards look to be AMCC clones of the 405EP -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: bcw(4) is gone
Timo Schoeler wrote: On Wed, 11 Apr 2007 16:25:14 +0200 Massimo Lusetti <[EMAIL PROTECTED]> wrote: On Mon, 9 Apr 2007 20:20:33 -0500 Marco Peereboom <[EMAIL PROTECTED]> wrote: GPL is as free as communism. Please add this to fortune! -- Massimo.run(); She's the kind of girl who climbed the ladder of success wrong by wrong. -- Mae West [ ] -- you read about and understood what communism is (both of you) [X] -- I replied that late because I was busy laughing after Marco's post [X] -- communism isn't as bad as the GPL ;) [X] marco is a communist
safe PF start / restart
I had to set up a linux firewall the other day, and I used the iptables script generating program shorewall. While pulling my hair over how ugly the iptables stuff (even via shorewall) is compared to OpenBSDs nice clean PF syntax, I did find one very nice feature in shorewall - safe restart. When safe restarting, shorewall will implement all rules in the iptables config files, then give the user a prompt: keep rules y/n? If 'yes' the rules are kept and everyone is happy. If 'no', iptables are disabled and all traffic let in. If no answer then default to answer 'no' after 60 seconds. Very useful, even if just for the added peace of mind when applying new changes. Is there a ready made script accomplishing this for openbsd / pf? Or any plans of building such functionality? Christian
Re: Routerboard 532 Bounty
On Wed, 2007-04-11 at 12:05 -0500, Sam Fourman Jr. wrote: > Well, I would like to see the router board simply because, I would > like to make a router / switch device to replace a Linksys 54G Router, > maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto > and the other for a wireless device. > > if anyone has any ideas or links that would be great. The propietor of magicbox.pl, which offers powerpc-based boards, had offered to ship hardware to any and all interested OpenBSD devs; a few confused me as the contact point, so it looks like there was some developer interest in that hardware, but I haven't heard anything since. This was something like a month, month and a half ago; if any dev who contacted that vendor could give a quick "it worked/he was jerking us around" response, I'd love to get an update. Those boards are (unless I'm forgetting) based in the IBM405 chipset; I'd like to see router boards based on the IBM440EBx (again, I may be misremembering), which is supposed to have on-proc crypto support. The only board based on that that I've been able to find in an admittedly short and half-hearted googling was a 5-port w/linux on flash from AMCC. - Bert
Re: bcw(4) is gone
On Wed, 11 Apr 2007 16:25:14 +0200 Massimo Lusetti <[EMAIL PROTECTED]> wrote: > On Mon, 9 Apr 2007 20:20:33 -0500 > Marco Peereboom <[EMAIL PROTECTED]> wrote: > > > GPL is as free as communism. > > Please add this to fortune! > > -- > Massimo.run(); > She's the kind of girl who climbed the ladder of success wrong by > wrong. -- Mae West [ ] -- you read about and understood what communism is (both of you) [X] -- I replied that late because I was busy laughing after Marco's post [X] -- communism isn't as bad as the GPL ;)
Re: Why Linus Torvalds won't donate to OpenSSH
On Apr 11, 2007, at 10:26 AM, Dan Farrell wrote: > Seriously... this is a troll. > > This is like electronic insurgency designed to get OBSD supporters in > another huff with the Linux world... hasn't bcw(4) provided enough for > that purpose? > Bless you , Danno. When you're right, you're right. Further, if anyone on this list is of the nature to care what celebrity programmers do or do not do, I suggest they go to http://www.cnn.com and follow the adventures of Nicole Smith's baby and its putative fathers. That is much meatier celebrity-fu than the rather dry and orderly life of the justly esteemed Mr. Torvalds. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Routerboard 532 Bounty
On Wed, 11 Apr 2007 12:57:45 -0400 bofh <[EMAIL PROTECTED]> wrote: > Out of curiousity, why do a routerboard, when you can use something > like the following: > > http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094 maybe some are not that convinced using x86? ;)
Re: Removing chmod world write support and sftp
On 4/11/07, Joshua Gimer <[EMAIL PROTECTED]> wrote: We have several production web servers and I am trying to figure out a way to removing world write support from chmod. I have already written a wrapper for the chmod command, but it does not seem to work within sftp; has anyone encountered anything that could help in implementing this, or have any suggestions You mean, make it so that chmod o+w doesn't work? Intuition from hanging around misc@ long enough tells me that there is a good reason to keep this support, and that you're trying to solve the wrong problem. But if you really want this you should edit chmod's source code directly; it's simpler, and any wrapper would have to have access to the original, and any user would have to have access to the wrapper, and so because of the way unix permissions work any user would still have access to chmod (I think, right?); you're not really planning on security by obscurity are you? -Nick
Removing chmod world write support and sftp
We have several production web servers and I am trying to figure out a way to removing world write support from chmod. I have already written a wrapper for the chmod command, but it does not seem to work within sftp; has anyone encountered anything that could help in implementing this, or have any suggestions. -- Thx Joshua Gimer
Re: Routerboard 532 Bounty
On 4/11/07, bofh <[EMAIL PROTECTED]> wrote: Out of curiousity, why do a routerboard, when you can use something like the following: http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094 Power consumption, heat, noise, unnecessary parts... Greg
Re: Why Linus Torvalds won't donate to OpenSSH
The great thing about it is that people perusing the archives will see the trollfest and probably not get this far to see us cluing in and being calm and civil. -Nick On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote: Seriously... this is a troll. This is like electronic insurgency designed to get OBSD supporters in another huff with the Linux world... hasn't bcw(4) provided enough for that purpose? danno
Re: Routerboard 532 Bounty
On 4/11/07, bofh <[EMAIL PROTECTED]> wrote: Out of curiousity, why do a routerboard, when you can use something like the following: http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094 Well, I would like to see the router board simply because, I would like to make a router / switch device to replace a Linksys 54G Router, maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto and the other for a wireless device. if anyone has any ideas or links that would be great. Sam Fourman Jr.
Re: Routerboard 532 Bounty
Out of curiousity, why do a routerboard, when you can use something like the following: http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094
Re: Why Linus Torvalds won't donate to OpenSSH
Seriously... this is a troll. This is like electronic insurgency designed to get OBSD supporters in another huff with the Linux world... hasn't bcw(4) provided enough for that purpose? danno -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Sent: Wednesday, April 11, 2007 8:44 AM To: Kernel Monkey Cc: Damien Miller; misc@openbsd.org Subject: Re: Why Linus Torvalds won't donate to OpenSSH On Wednesday 11 April 2007 03:06, Kernel Monkey wrote: > On 4/10/07, Damien Miller wrote: > > Two points: > > > > 1. Please don't post private email. (Apologies if you obtained his > > permission to post). > > > > 2. Who really cares? I'd much rather see contibutions from companies who > > ship OpenSSH in their products and list "SSH support" as a feature on > > their glossy brochures than shaking down other free software > > developers. > > > > -d > > No, not my email. I saw it posted on another site. Sorry. Well stop lying (and trolling) then !!! You said:- I recently wrote Linus Torvalds asking why I don't see his name listed on the OpenBSD donations page (http://www.openbsd.org/donations.html), since I figured he uses OpenSSH. This was the reply I got back: > From: Linus Torvalds <[EMAIL PROTECTED]> > Tue, 10 Apr 2007 14:29:56 -0700 (PDT) > > I suspect that OpenSSH would get more funding if it was directed directly > to OpenSSH, and not OpenBSD, which almost nobody is interested in. > > As it is, how much of any money actually goes to OpenSSH development, > rather than everything else? > >Linus I thought the reply was funny.
Re: bcw(4) is gone
On Mon, 9 Apr 2007 20:20:33 -0500 Marco Peereboom <[EMAIL PROTECTED]> wrote: > GPL is as free as communism. Please add this to fortune! -- Massimo.run(); She's the kind of girl who climbed the ladder of success wrong by wrong. -- Mae West
Re: GPL is [blah blah blah ...]
On Wed, Apr 11, 2007 at 04:18:41PM +0100, Jeroen Massar wrote: > Good that I PGP sign my messages [...] And the mailing list strips your signatures: > [demime 1.01d removed an attachment of type application/pgp-signature which > had a name of signature.asc]
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
Now that the subject is accurate, it's more obvious than ever that this discussion doesn't belong here. Not only is it not relevant, but it's been discussed to death many times, in many places. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
Rui Miguel Silva Seabra wrote: > [correct the subject] ;) > > Qua, 2007-04-11 C s 14:26 +0100, Jeroen Massar escreveu: >> [set the topic to make it nice and clear, this has nothing to do with >> bcw(4) for a long time now, actually the whole thread avoided it] >> >> Rui Miguel Silva Seabra wrote: >>> Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu: GPL is good though if you want to force people to give back the code to you so that you can use it in your own dual-licensed projects. >>> This shows a fundamental lack of understanding of the way both the GPL >>> and generic copyright work. >>> >>> * Nobody is forced to publish derivative works (as long as they >>> keep them inside doors, eg. internal usage in a company) >>> >>> * Dual licensing in the way you suggest would be a copyright >>> violation. >> Did you actually read what I wrote, as the above two points where in my >> text, but you deleted that from your reply. You might want to read the >> snipped text too :) I actually made a difference between the original >> copyright owner (who is allowed to do anything they like with the code) >> and somebody adding their stuff, who can't relicense it. As for the >> first 'point' you are trying to make, also covered in my text... > > What you also said is actually fully irrelevant, since I'm correcting > one phrase which has TWO incorrect things, one of them a copyright > violation. You can't dual-license other people's GPL'ed contributions. Again, re-read what I wrote. Don't try to mingle my words as I never wrote that, it was in one sentence yes, but the rest of the sentences told a completely different story. Good that I PGP sign my messages so that it is clear that I didn't write what you think I wrote by stripping out the portions that also matter and that without those portions the message is not mine. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose
[correct the subject] ;) Qua, 2007-04-11 C s 14:26 +0100, Jeroen Massar escreveu: > [set the topic to make it nice and clear, this has nothing to do with > bcw(4) for a long time now, actually the whole thread avoided it] > > Rui Miguel Silva Seabra wrote: > > Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu: > >> GPL is good though if you want to force people to give back the code to > >> you so that you can use it in your own dual-licensed projects. > > > > This shows a fundamental lack of understanding of the way both the GPL > > and generic copyright work. > > > > * Nobody is forced to publish derivative works (as long as they > > keep them inside doors, eg. internal usage in a company) > > > > * Dual licensing in the way you suggest would be a copyright > > violation. > > Did you actually read what I wrote, as the above two points where in my > text, but you deleted that from your reply. You might want to read the > snipped text too :) I actually made a difference between the original > copyright owner (who is allowed to do anything they like with the code) > and somebody adding their stuff, who can't relicense it. As for the > first 'point' you are trying to make, also covered in my text... What you also said is actually fully irrelevant, since I'm correcting one phrase which has TWO incorrect things, one of them a copyright violation. You can't dual-license other people's GPL'ed contributions. > PS: Please realize that some people want a different kind of freedom > than that other people want, respect that: take your pick, go GPL or > BSD, but don't try to force your religion on other people. You might end > up getting Jehova's witnesses on your neck ;) Please realize that I didn't raise that issue, *you* did. I merely focused on two quite simple technical details which you failed to understand: one of the GPL and another of copyright law. Rui -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
OpenBSD Firewall and ddb{1}
I've got two OpenBSD 3.9 firewall/router in a CARP configuration. They are both IBM NetFinity 40004 servers with dual P3 650MHz chips and 512MB of memory each. Twice now, the backup firewall has disappeared from my Nagios monitoring and I've found (through remote serial console) only a ddb{1}> prompt. According to man ddb, this can happen when the kernel panics or when a break signal is sent from the console (and ddb.console is set to 1). In my case, no one is using the console at these times and ddb.console is set to 0 anyway. However, "show panic" seems to indicate it wasn't a kernel panic either: ddb{1}> show panic the kernel did not panic I feel like I'm missing something obvious here. Is there some undocumented condition that can cause a system to crash to ddb or am I investigating the panic wrong? I tried using trace and hangman to gather more information, but hangman just confused the hell out of me and the trace command gave me: apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a After a little more investigative commands, I started only to get "Faulted in DDB; continuing..." and tried rebooting. "boot dump" yielded a nonresponsive system and a trip to the datacenter to cold boot the machine. Anyone have any ideas? Perhaps I can disable part of APM and avoid this problem in the future? What other techniques can I use to debug this if it happens again - is there a good doc out there that is a little more descriptive than man ddb? -- Regards, Neil Schelly Senior Systems Administrator W: 978-667-5115 x213 M: 508-410-4776 OASIS Open http://www.oasis-open.org "Advancing E-Business Standards Since 1993"
Re: Why Linus Torvalds won't donate to OpenSSH
Nice bounce... Hi. This is the qmail-send program at chaossolutions.org. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>: 64.233.167.27 does not like recipient. Remote host said: 550 5.1.1 No such user f77si15306557pyh Giving up on 64.233.167.27. I suppose that says it all.
GPL is free for forcing people to free code, not free as in free to do what you want, which is actually what free as in BSD and real freedom is (Was: bcw(4) is gone)
[set the topic to make it nice and clear, this has nothing to do with bcw(4) for a long time now, actually the whole thread avoided it] Rui Miguel Silva Seabra wrote: > Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu: >> GPL is good though if you want to force people to give back the code to >> you so that you can use it in your own dual-licensed projects. > > This shows a fundamental lack of understanding of the way both the GPL > and generic copyright work. > > * Nobody is forced to publish derivative works (as long as they > keep them inside doors, eg. internal usage in a company) > > * Dual licensing in the way you suggest would be a copyright > violation. Did you actually read what I wrote, as the above two points where in my text, but you deleted that from your reply. You might want to read the snipped text too :) I actually made a difference between the original copyright owner (who is allowed to do anything they like with the code) and somebody adding their stuff, who can't relicense it. As for the first 'point' you are trying to make, also covered in my text... PS: Please realize that some people want a different kind of freedom than that other people want, respect that: take your pick, go GPL or BSD, but don't try to force your religion on other people. You might end up getting Jehova's witnesses on your neck ;) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
request for new [nl] translators of OpenBSD's web pages
hi, As you might know, the OpenBSD web pages are translated in a number of different languages as explained on http://www.openbsd.org/translation.html Currently, the [nl] translation team, consisting of Jasper and myself, is looking for new contributors who can maintain the existing translation or even add new translated pages. To get an idea of what this work involves, please read http://www.openbsd.org/translation-explained.html If you are interested in contributing to OpenBSD this way, please contact me by private mail. steven
Re: bcw(4) is gone
Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu: > GPL is good though if you want to force people to give back the code to > you so that you can use it in your own dual-licensed projects. This shows a fundamental lack of understanding of the way both the GPL and generic copyright work. * Nobody is forced to publish derivative works (as long as they keep them inside doors, eg. internal usage in a company) * Dual licensing in the way you suggest would be a copyright violation. Rui -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: date -u gives wrong timezone output?
GMT is the timezone, UTC is the time. P jared r r spiegel wrote: > On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote: > >> On 4/10/07, Markus Bergkvist <[EMAIL PROTECTED]> wrote: >> >>> Hi, >>> >>> 'date -u' on a 4.0 -stable will give something like >>> Tue Apr 10 22:03:24 GMT 2007 >>> but shouldn't it be >>> Tue Apr 10 22:03:24 UTC 2007 >>> >> UTC = GMT for all that we care about. >> [[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]] >> > > i could be wrong here, but perhaps he is not suggesting > that there is any wallclock difference between GMT and UTC, > but rather that the manpage for date(1) says: > > --- > -u Display or set the date in UTC (Coordinated Universal) time. > --- > > as opposed to "... date in GMT ...", also as implied by how it is > '-u' and not '-g' > > least, that was my reaction to his post?
Re: Why Linus Torvalds won't donate to OpenSSH
On Wednesday 11 April 2007 03:06, Kernel Monkey wrote: > On 4/10/07, Damien Miller wrote: > > Two points: > > > > 1. Please don't post private email. (Apologies if you obtained his > > permission to post). > > > > 2. Who really cares? I'd much rather see contibutions from companies who > > ship OpenSSH in their products and list "SSH support" as a feature on > > their glossy brochures than shaking down other free software > > developers. > > > > -d > > No, not my email. I saw it posted on another site. Sorry. Well stop lying (and trolling) then !!! You said:- I recently wrote Linus Torvalds asking why I don't see his name listed on the OpenBSD donations page (http://www.openbsd.org/donations.html), since I figured he uses OpenSSH. This was the reply I got back: > From: Linus Torvalds <[EMAIL PROTECTED]> > Tue, 10 Apr 2007 14:29:56 -0700 (PDT) > > I suspect that OpenSSH would get more funding if it was directed directly > to OpenSSH, and not OpenBSD, which almost nobody is interested in. > > As it is, how much of any money actually goes to OpenSSH development, > rather than everything else? > >Linus I thought the reply was funny.
Veja as novas imagens publicadas do Tsunami
[IMAGE] [IMAGE] 10/04/2007 - 08h14 - Atualizado em 10/04/2007 Nzmero de mortos apss o tsunami e terremoto que atingiram as Ilhas Salomco, no Oceano Pacmfico, no zltimo dia 2, aumentou para 43. E ha ainda cerca de 60 pessoas desaparecidas. A informagco foi publicada na edigco desta terga-feira. do pams Solomon Star. Antes, o nzmero de mortes era de 34. 2000-2007 Globo.com. Todos os direitos reservados.
Re: verifying ntp via GPS configuration?
On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > Very likely you Sun uses different serial ports than cua00. Check your > dmesg to see which driver is uses, then use the driver man page to > determine the /dev node to use. > I'm must be blind for I'm not seeing anything. dmesg below: console is keyboard/display Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.0 (GENERIC) #953: Sun Sep 17 00:56:22 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 536870912 avail memory = 479698944 using 3276 buffers containing 26836992 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external (64 b/l) psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0 psycho0: bus range 0-2, PCI bus 0 psycho0: dvma map c000-dfff, iotdb 26a8000-2728000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power0 at ebus0 addr 724000-724003 ipl 37 "SUNW,pll" at ebus0 addr 504000-504002 not configured sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1 comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 33 wskbd0 at comkbd0: console keyboard com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34: polled "fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59 "flashprom" at ebus0 addr 0-f not configured audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl 35 ipl 36: nva ddrs 0 audio0 at audioce0 hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address 08:00:20:c1:66:b7 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0 pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA, channel 0 configured to nat ive-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x7e0 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13 pci2 at ppb1 bus 2 ohci0 at pci2 dev 1 function 0 "NEC USB" rev 0x43: ivec 0x7d0, version 1.0 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci2 dev 1 function 1 "NEC USB" rev 0x43: ivec 0x7d1, version 1.0 usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci2 dev 1 function 2 "NEC USB" rev 0x04: ivec 0x7d2 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 5 ports with 5 removable, self powered pcons at mainbus0 not configured No counter-timer -- using %tick at 440MHz as system clock. root on wd0a rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02 syncing disks...
Re: verifying ntp via GPS configuration?
On Wed, 11 Apr 2007, James Hartley wrote: > On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > > > Very likely you Sun uses different serial ports than cua00. Check your > > dmesg to see which driver is uses, then use the driver man page to > > determine the /dev node to use. > > > > I'm must be blind for I'm not seeing anything. dmesg below: sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1 man sab gives: /dev/ttyh[0-1] No separate callout device, it looks like. -Otto > > console is keyboard/display > Copyright (c) 1982, 1986, 1989, 1991, 1993 >The Regents of the University of California. All rights reserved. > Copyright (c) 1995-2006 OpenBSD. All rights reserved. > http://www.OpenBSD.org > > OpenBSD 4.0 (GENERIC) #953: Sun Sep 17 00:56:22 MDT 2006 >[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC > total memory = 536870912 > avail memory = 479698944 > using 3276 buffers containing 26836992 bytes of memory > bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL > PROTECTED],0 > mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz) > cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU > cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external > (64 b/l) > psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0 > psycho0: bus range 0-2, PCI bus 0 > psycho0: dvma map c000-dfff, iotdb 26a8000-2728000 > pci0 at psycho0 > ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13 > pci1 at ppb0 bus 1 > ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01 > auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, > 72c000-72c003, 72f000-72f003 > power0 at ebus0 addr 724000-724003 ipl 37 > "SUNW,pll" at ebus0 addr 504000-504002 not configured > sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 > sabtty0 at sab0 port 0 > sabtty1 at sab0 port 1 > comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 33 > wskbd0 at comkbd0: console keyboard > com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo > lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34: > polled > "fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39 > not configured > clock1 at ebus0 addr 0-1fff: mk48t59 > "flashprom" at ebus0 addr 0-f not configured > audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, > 722000-722003 ipl 35 ipl 36: nva > ddrs 0 > audio0 at audioce0 > hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address > 08:00:20:c1:66:b7 > nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 > vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c > wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0 > pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA, > channel 0 configured to nat > ive-PCI, channel 1 configured to native-PCI > pciide0: using ivec 0x7e0 for native-PCI interrupt > wd0 at pciide0 channel 0 drive 0: > wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors > wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus0 at atapiscsi0: 2 targets > cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom > removable > cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 > ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13 > pci2 at ppb1 bus 2 > ohci0 at pci2 dev 1 function 0 "NEC USB" rev 0x43: ivec 0x7d0, version 1.0 > usb0 at ohci0: USB revision 1.0 > uhub0 at usb0 > uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1 > uhub0: 3 ports with 3 removable, self powered > ohci1 at pci2 dev 1 function 1 "NEC USB" rev 0x43: ivec 0x7d1, version 1.0 > usb1 at ohci1: USB revision 1.0 > uhub1 at usb1 > uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1 > uhub1: 2 ports with 2 removable, self powered > ehci0 at pci2 dev 1 function 2 "NEC USB" rev 0x04: ivec 0x7d2 > usb2 at ehci0: USB revision 2.0 > uhub2 at usb2 > uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1 > uhub2: 5 ports with 5 removable, self powered > pcons at mainbus0 not configured > No counter-timer -- using %tick at 440MHz as system clock. > root on wd0a > rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02 > syncing disks...
Flusing rules for specific interface
Hi all, Is it possible to flush rules for a specific interface under OpenBSD 4.0? For example, I have two dsl lines and i would use only one pf.conf file with ifstated. When one link comes down I would like to do something like this: "pfctl -i ext2_if -F rules" (only flush actually rules for ext2_if). I have tried but doesn't works ... Somebody knows if I could do it?? many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com
Re:
Hi there! I need to know if Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller are already supported in OBSD 4.0 or will be in the next release. I bought me a laptop built-in with these and I'd love to have OpenBSD on it rather than any other OS. I have the same hardware in my notebook. AR5005G doesn't work in 4.0, but work in current. And in my configuration, both cards (AR5005G and Marvell) works only if "enable acpi" in boot UKC with GENERIC kernel.
Re: verifying ntp via GPS configuration?
On Wed, 11 Apr 2007, James Hartley wrote: > I have questionable ntp foo, & searching through the misc@ archives along > with reading the FAQ has only gotten me so far. I have a Garmin 18 GPS: > > http://www.amazon.com/gp/product/B000196BW6/104-8542380-5084714 > > ...which is connected to the serial port of a Sun Ultra 10. I am unable to > determine whether I'm stylin' or out in the weeds when it comes to > configuring ntp via GPS: > > # nmeaattach cua00 > # ntpd -ds & > [1] 30616 > # ntp engine ready > sensor nmea0 added Very likely you Sun uses different serial ports than cua00. Check your dmesg to see which driver is uses, then use the driver man page to determine the /dev node to use. -Otto > > ...which appears fine as does ps' output: > > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > ... > root 16741 0.0 0.0 32080 ?? Is11:50PM0:00.00 nmeaattach > cua00 > root 30616 0.0 0.2 536 1240 p0 I 11:50PM0:00.06 ntpd: > [priv] (ntpd) > _ntp 12162 0.0 0.2 536 1136 p0 I 11:50PM0:00.03 ntpd: ntp > engine (ntpd) > ... > > However, searching for the associated sensor didn't generate any warm & > fuzzies: > > # sysctl hw > hw.machine=sparc64 > hw.model=SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU > hw.ncpu=1 > hw.byteorder=4321 > hw.physmem=536870912 > hw.usermem=536403968 > hw.pagesize=8192 > hw.disknames=wd0,cd0 > hw.diskcount=2 > hw.vendor=Sun > hw.product=Ultra 5/10 UPA/PCI > # > > ...and the only message emitted to stdout/stderr is: > > # no reply received in time, skipping initial time setting > > Looking at /var/log/daemon only shows: > > Apr 10 22:36:42 shockley ntpd[21535]: ntp engine ready > Apr 10 22:36:43 shockley savecore: no core dump > > Can anyone help educate an ntp neophyte? > > Thanks.
verifying ntp via GPS configuration?
I have questionable ntp foo, & searching through the misc@ archives along with reading the FAQ has only gotten me so far. I have a Garmin 18 GPS: http://www.amazon.com/gp/product/B000196BW6/104-8542380-5084714 ...which is connected to the serial port of a Sun Ultra 10. I am unable to determine whether I'm stylin' or out in the weeds when it comes to configuring ntp via GPS: # nmeaattach cua00 # ntpd -ds & [1] 30616 # ntp engine ready sensor nmea0 added ...which appears fine as does ps' output: USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND ... root 16741 0.0 0.0 32080 ?? Is11:50PM0:00.00 nmeaattach cua00 root 30616 0.0 0.2 536 1240 p0 I 11:50PM0:00.06 ntpd: [priv] (ntpd) _ntp 12162 0.0 0.2 536 1136 p0 I 11:50PM0:00.03 ntpd: ntp engine (ntpd) ... However, searching for the associated sensor didn't generate any warm & fuzzies: # sysctl hw hw.machine=sparc64 hw.model=SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU hw.ncpu=1 hw.byteorder=4321 hw.physmem=536870912 hw.usermem=536403968 hw.pagesize=8192 hw.disknames=wd0,cd0 hw.diskcount=2 hw.vendor=Sun hw.product=Ultra 5/10 UPA/PCI # ...and the only message emitted to stdout/stderr is: # no reply received in time, skipping initial time setting Looking at /var/log/daemon only shows: Apr 10 22:36:42 shockley ntpd[21535]: ntp engine ready Apr 10 22:36:43 shockley savecore: no core dump Can anyone help educate an ntp neophyte? Thanks.
Re: Why Linus Torvalds won't donate to OpenSSH
On Wed, 11 Apr 2007 17:27:48 +1000 (EST) Damien Miller <[EMAIL PROTECTED]> wrote: > On Wed, 11 Apr 2007, Timo Schoeler wrote: > > > Which commercial *NIX that's still alive is more of a security > > thread and covered with the same level of stability problems as > > GNU/Linux? One really stops counting remote exploits for GNU/Linux > > very soon, otherwise one would have to dedicate one's whole life to > > do so, it's that time consuming. > > That's nice, but what does bashing other operating systems have to do > with OpenBSD? bashing? me? never! just facing the truth. timo :) [now let's stop abusing electrons for discussing the totally meaningless opinion of a selfish loser -- linus']
Re: Why Linus Torvalds won't donate to OpenSSH
On Wed, 11 Apr 2007, Timo Schoeler wrote: > Which commercial *NIX that's still alive is more of a security thread > and covered with the same level of stability problems as GNU/Linux? One > really stops counting remote exploits for GNU/Linux very soon, > otherwise one would have to dedicate one's whole life to do so, it's > that time consuming. That's nice, but what does bashing other operating systems have to do with OpenBSD? -d
Re: Why Linus Torvalds won't donate to OpenSSH
On Wed, 11 Apr 2007 16:27:55 +0930 "Adam Hawes" <[EMAIL PROTECTED]> wrote: > > I recently wrote Linus Torvalds asking why I don't see his name > > listed on the OpenBSD donations page > > (http://www.openbsd.org/donations.html), since I figured he uses > > OpenSSH. > > Apart from the fact that was a private email from Linus to you and you > broadcast it publically (if you really did email him and he really did > reply) who cares what Linus thinks? > > He is over there with his little chubby baby called Linux. He's like > any other parent. He thinks his chubby wrinkly bubby is the best one. > Let him have that - his chubby baby is a damned sight better behaved > than the babies of a certain ugly commercial parent. Which commercial *NIX that's still alive is more of a security thread and covered with the same level of stability problems as GNU/Linux? One really stops counting remote exploits for GNU/Linux very soon, otherwise one would have to dedicate one's whole life to do so, it's that time consuming. > If Linus comes in here and starts demanding features be added to > OpenSSH then you can pull him up on whether he donates or not. Until > then live and let live. > > (and what Damian said) > > A
Re: Routerboard 532 Bounty
On 4/10/07, anon trol <[EMAIL PROTECTED]> wrote: I'm not sure where to ask this; so, I thought I'd start here in "misc" first. I think I have convinced myself that I want to sponsor an architecture port effort. Specifically, I would like to see OpenBSD ported to the Routerboard 532 (IDT MIPS32 4Kc processor). After STFW, I see that a few other people have posted questions about this in the past without a lot of positive response (it seems that there might have been a port that would have been suitable at one point in time, but is no longer part of the current distribution). I'm curious what the non-technical (finical) stewardship requirements might be for bringing back a dropped architecture and making sure that it works on a very specific set of target boards (starting with the 532). I don't think this is too much of a technical undertaking (but at the moment it's beyond my ability and time constraints)... the routerboard 532 boots off of compaq flash (no need to muck about with the on-board flash). The only things that worry me are the slim resources (64MB of memory max) and support for the first NIC (IDT Korina 10/100 Mbit/s Fast Ethernet port). I would be willing to forgo support for the IDT NIC just to get things started quickly (the other NICs are VIA VT6105). I would want support for at least one commodity 802.11(series) wireless NIC in both the 2.4ghz and 5ghz ranges. Other potential issue include the funky bootstrap code (which looks for ELF), custom BIOS and MIPS endedness. I don't want this to be a goatrope where I send off a bunch a Routerboard hardware and nobody even tries to collect the bounty, but I know the OpenBSD project has a pretty good reputation for getting things done when equipment and funds are provided (if I'm off mark with that semi-acquired assumption, please someone fill me in off-line). Where do I start and who do I need to talk to? I have been interested in this before and I'm thinkin of ordering a routerboard just because I need a new router. This task is rather big though. Sure one could start with the evmips-port from NetBSD (there was a mail about supporting MIPS 4kc would probobly only be to add some strings for it) but it still needs to be ported to OpenBSD which is probobly a rather big task. The 32mb RAM (Routerboard 532 has 32 mb RAM and Routerboard 532A has 64 MB) is not a problem, I have run OpenBSD on x86 with 16mb RAM without problems. The problem I see is to get it to boot of good, and to port the flash. When those two task are done the rest of the drivers will probobly not be that much of a problem. I think there is a Realtek ethernet on it which is already supported by OpenBSD. This is for sure an interesting board and there are turning up more and more MIPS based router that would be great to be able to run OpenBSD at. Is there anybody already working on this? BR dunceor
Re: Why Linus Torvalds won't donate to OpenSSH
On 4/10/07, Damien Miller wrote: Two points: 1. Please don't post private email. (Apologies if you obtained his permission to post). 2. Who really cares? I'd much rather see contibutions from companies who ship OpenSSH in their products and list "SSH support" as a feature on their glossy brochures than shaking down other free software developers. -d No, not my email. I saw it posted on another site. Sorry.