Re: verifying ntp via GPS configuration?

[Marc Balmer]

James Hartley wrote:

On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:

sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0
sabtty1 at sab0 port 1

man sab gives: /dev/ttyh[0-1]

No separate callout device, it looks like.



Thanks for getting back to me.  Specifying /dev/ttyh0 (or /dev/ttyh1) gives
the same results.  I still don't see any sensor when issuing:

# sysctl hw

...nor is anything showing up in /var/log/daemon except for the following
message:

Apr 11 19:16:43 shockley savecore: no core dump

Do you have any other ideas?  Thanks.


When you use cu or tip directly on the serial line, do you see any NMEA 
0183 sentences?


- Marc

Scrub options for bridge interfaces

[carlopmart]

Hi all,

 Somebody knows which scrub options do I need to put in pf.conf for bridge 
interfaces? I have an OpenBSD 4.0 fw with one bridge interface and when I try to 
launch cat command on a 18kb file, it stops.


Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Cannot upgrade from 3.8

[Antti Harri]

On Thu, 5 Apr 2007, Antti Harri wrote:


GENERIC (tried .MP too):

Last two lines of normal boot with just "verbose" set:

> > pciide probe won

pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80 DMA
(hangs)

Then "disable pciide*" in ukc makes it hang after uhci2 init.

Then "disable pciide*" and "disable uhci*" it finishes kernel
boot and panics because root cannot be mounted.

Then "disable uhci*" alone and it hangs at pciide.

Can I provide more information to help to solve the issue?


Anyone got any advice regarding the problem? I'm willing
to try the new SATA driver too when/if it becomes available
for my SATA chipset.

I'd really appreciate help, the installation (3.8) is already
unsupported and I'd like to upgrade it without changing any
parts.

PS. kind thanks to those already replied.

--
Antti Harri

Re: best userland visibility IDE/ATA hotswap-compatible controller

[jared r r spiegel]

On Fri, Apr 06, 2007 at 02:15:34AM -0400, jared r r spiegel wrote:
>   poking archives, i have the impression that ami(4) family has the best
>   chance of being the card with the greatest degree of userland
>   visibility, but wanted to check if that's the case.

  gonna try arc(4) arc-1110

-- 

  jared

Re: verifying ntp via GPS configuration?

[Otto Moerbeek]

On Wed, 11 Apr 2007, James Hartley wrote:

> On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
> > 
> > sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
> > sabtty0 at sab0 port 0
> > sabtty1 at sab0 port 1
> > 
> > man sab gives: /dev/ttyh[0-1]
> > 
> > No separate callout device, it looks like.
> 
> 
> Thanks for getting back to me.  Specifying /dev/ttyh0 (or /dev/ttyh1) gives
> the same results.  I still don't see any sensor when issuing:
> 
> # sysctl hw
> 
> ...nor is anything showing up in /var/log/daemon except for the following
> message:
> 
> Apr 11 19:16:43 shockley savecore: no core dump
> 
> Do you have any other ideas?  Thanks.

With cu -l /dev/ttyh? -s 4800 you should be able to see the output of
the GPS. If that doesn't happen, check your cabling and the settings
of your GPS. Until you see NMEA output lines, nmeaattach won't work either.

-Otto

Re: scp problem with remote filename escaping

[jared r r spiegel]

On Thu, Apr 12, 2007 at 04:05:36AM +0200, Karel Kulhavy wrote:

> scp needs one (1) \ for one space in case of remote file and zero (0) \ in 
> case
> of local one. The extra \'s are for bash but bash is irrelevant in this case.
> It's just one possible method of calling the process. Another method is
> writing a small C program and using exec.

  people aren't being specific enough when they're talking about this but
  it seems most people are trying to say the same thing.

  the moral of the story is that the shells in question have to not
  split on the space but treat it as a character of the filename.

  so you either quote it or escape it

  both shells need that.

  these all work:

$ scp "a b" remotehost:
$ scp a\ b remotehost:
$ scp remotehost:"a\ b" .
$ scp remotehost:\"a\ b\" .

  you can only say that 'zero (0) \ in case of local [file]' (per space)
  *if* you do use quotes locally.

  it is more specific to say you use one backslash or quotepair per space
  per shell.

  example 3 has the local shell eating the quotes and passing the backslash
  along so the remote shell escapes the space.

  example 4 has local shell eating the backslash escaping the space
  and the remote shell gets the quoted string. 

  just remember that and you don't have any problems any more.

-- 

  jared

Re: scp problem with remote filename escaping

[jared r r spiegel]

On Wed, Apr 11, 2007 at 05:01:40PM -0500, Matthew R. Dempsky wrote:
> On Wed, Apr 11, 2007 at 04:33:32PM -0400, Nick ! wrote:
> > Karel, single quotes cause backslashes to be backslashes, instead of
> > escape chars (*except* if it's a backslash in front of a single quote,
> > so that you can escape single quotes to include them).
> 
> No, backslashes have no special meaning inside single quotes.
> 
> $ echo '\'
> \

  indeed.  i'll add the verbose  :

  maybe nick ! just forgot to mention that that is only relevant in the
  situation where you're chuggin' along using single quotes and then want
  to escape one of them, so therefore have to close your currently-open
  single quote and then use the \' jobby out in the open, and then probably 
  start another singlequoted string :)

$ echo '$RANDOM'\'x"'$RANDOM"

  would yield:

$RANDOM'x'?

  where ? is some number; as one doesn't need to escape the single quote
  inside double quotes because everyone knows double quotes have TWICE THE 
POWER!

  back on topic; i had the impression that the filenames had to be relevant
  to whatever host they were supposed to be relevant to, and that there was a
  natural layer of escaping that would have to take place.

  file "a b" doesn't need to have its space escaped locally, it's just when it
  has to be referenced by name on the remote side; so maybe looking at it like
  that it is more sensible?

-- 

  jared

Re: undeadly.org down?

[jared r r spiegel]

On Wed, Apr 11, 2007 at 11:48:04PM -0400, Jason Dixon wrote:
>
> Unfortunately, it's the middle of the night  
> where he's at, probably dreaming of anything but missing NS records.  :)

  needs more benzedrine :(

-- 

  jared

Re: date -u gives wrong timezone output?

[Pierre Lamy]

UTC aka Coordinated Universal Time, is the "right now is right now for 
all of us" time, and is coordinated among several entities, irregardless 
of the timezone the parties are in. GMT is a timezone with an offset of 
zero. All timezones are differentials off of UTC; you couldn't just say 
that in parts of England, you don't have a timezone - everyone has a 
timezone. So GMT exists with an offset of zero.


To some people it's just semantics, to others it has great importance. I 
think it's only important to know the difference. But then, I work 
overnights and don't really care that the sun should come up "sooner" 
during summer months, or what day of the week it is.


I think the man page as it stands is fine if the quote below is accurate 
- display or set the time without a zone adjustment.


Pierre

Markus Bergkvist wrote:

So, the man page should say 'Display the UTC in GMT time'?

If I understand it correctly, UTC is the timezone
http://en.wikipedia.org/wiki/ISO_8601#UTC

/Markus

Pierre Lamy wrote:

GMT is the timezone, UTC is the time.

P

jared r r spiegel wrote:

On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote:
 

On 4/10/07, Markus Bergkvist <[EMAIL PROTECTED]> wrote:
   

Hi,

'date -u' on a 4.0 -stable will give something like
Tue Apr 10 22:03:24 GMT 2007
but shouldn't it be
Tue Apr 10 22:03:24 UTC 2007
  

UTC = GMT for all that we care about.
[[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]]


  i could be wrong here, but perhaps he is not suggesting
  that there is any wallclock difference between GMT and UTC,
  but rather that the manpage for date(1) says:

---
 -u  Display or set the date in UTC (Coordinated Universal) 
time.

---

  as opposed to "... date in GMT ...", also as implied by how it is
  '-u' and not '-g'

  least, that was my reaction to his post?

Re: undeadly.org down?

[elpinguim]

On 4/11/07, Jason Dixon <[EMAIL PROTECTED]> wrote:

On Apr 11, 2007, at 11:20 PM, elpinguim wrote:

> is undeadly down or do i need to smoke another blut?  dns not
> responding:
> http://dnsreport.com/tools/dnsreport.ch?domain=undeadly.org

I noticed this three hours ago and emailed Daniel.  The NS records
for undeadly.org have disappeared from all *ultradns* root
nameservers for .org.  Unfortunately, it's the middle of the night
where he's at, probably dreaming of anything but missing NS records.  :)

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net






bummer :(

elpinguim

Re: undeadly.org down?

[Jason Dixon]

On Apr 11, 2007, at 11:20 PM, elpinguim wrote:

is undeadly down or do i need to smoke another blut?  dns not  
responding:

http://dnsreport.com/tools/dnsreport.ch?domain=undeadly.org


I noticed this three hours ago and emailed Daniel.  The NS records  
for undeadly.org have disappeared from all *ultradns* root  
nameservers for .org.  Unfortunately, it's the middle of the night  
where he's at, probably dreaming of anything but missing NS records.  :)


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

undeadly.org down?

[elpinguim]

is undeadly down or do i need to smoke another blut?  dns not responding:
http://dnsreport.com/tools/dnsreport.ch?domain=undeadly.org

regards,
elpinguim

Re: scp problem with remote filename escaping

[Lars Hansson]

Karel Kulhavy wrote:
Security hole in scp. 


You're joking, right?


Send someone an e-mail attachment named
`rm -fr /`. If he uses multiple machines, it's possible he'll want to
copy it and writes a similar command to the above according to the
scp man page.


Funny, my scp man page doesnt mention anything about using backticks.
---
Lars Hansson

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[Lars Hansson]

chefren wrote:
Clearly not to death and people here are seriously interested in pro and 
contra arguments.


People are interested in discussing a lot things but that doesn't mean 
those discussions belong on [EMAIL PROTECTED]


---
Lars Hansson

Re: verifying ntp via GPS configuration?

[James Hartley]

On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
>
> sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
> sabtty0 at sab0 port 0
> sabtty1 at sab0 port 1
>
> man sab gives: /dev/ttyh[0-1]
>
> No separate callout device, it looks like.


Thanks for getting back to me.  Specifying /dev/ttyh0 (or /dev/ttyh1) gives
the same results.  I still don't see any sensor when issuing:

# sysctl hw

...nor is anything showing up in /var/log/daemon except for the following
message:

Apr 11 19:16:43 shockley savecore: no core dump

Do you have any other ideas?  Thanks.

Re: My hard-to-kill OpenBSD

[Douglas Allan Tutty]

On Thu, Apr 12, 2007 at 01:08:09AM +0200, Rico Secada wrote:
 
> Now, besides the work I do with BSD, sometimes I work with GNU/Linux
> as well. I had to mess a bit with a Debian box, and while it was open
> I noticed that I had switched the primary and secondary IDE cabels. It
> doesn't matter ofcourse, the machine boots anyway, buuut I like it to
> be where it should be, primary master on the primary cabel, so I
> switched the cabels. What happened? Well, the machine didn't want to
> boot - go figured!! ;-) Had that been my old OpenBSD installation I
> would exspect it to have booted off the floppy controller by mistake
> and I wouldn't even notice! ;-)))

I guess its because debian boot loader needs to be told where the root
fs is by controller/channel/partition, rather than BSD's 'this drive,
a'.

Doug.

Re: scp problem with remote filename escaping

[Karel Kulhavy]

On Thu, Apr 12, 2007 at 01:13:16AM +0300, [EMAIL PROTECTED] wrote:
> On Wed, Apr 11, 2007 at 04:41:41PM -0500, Matthew R. Dempsky wrote:
> > On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote:
> > > On 2007/04/11 13:41, Bryan Irvine wrote:
> > > > scp [EMAIL PROTECTED]:"a\ b" .
> > > 
> > > you have to escape to *both* your local shell, and the remote shell
> > 
> > This has always seemed silly to me.  Does anyone intentionally use
> > 
> >$ scp host:"a b" .
> > 
> > instead of
> > 
> >$ scp host:"{a,b}" .
> 
> Does anyone intentionally use
> 
> scp '[EMAIL PROTECTED]:`rm -fr /`' /dev/null ?

Security hole in scp. Send someone an e-mail attachment named
`rm -fr /`. If he uses multiple machines, it's possible he'll want to
copy it and writes a similar command to the above according to the
scp man page. Then he wonders why his files disappeared.

CL<

Re: scp problem with remote filename escaping

[Karel Kulhavy]

On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote:
> On 2007/04/11 13:41, Bryan Irvine wrote:
> > 
> > >I agree, spaces in filenames should be avoided. But spaces in
> > >filenames are legal, so programs need to support that; this seems like
> > >a case scp was never tested against because no one uses files with
> > >those names.
> > 
> > I scp'd a file called 'a b' to an openbsd server here, then scp'd it
> > back a couple time in different ways.  It worked only when using the
> > quotes AND escaping, like so:
> > 
> > scp [EMAIL PROTECTED]:"a\ b" .
> 
> you have to escape to *both* your local shell, and the remote shell

You must not escape to your local shell in case the scp process is called
directly by e. g. exec() function in C.

If you have to escape to the remote shell, then it should be mentioned
in man scp. "escape" and "shell" don't occur in man scp and "remote" doesn't
occur in such a context there.

If I wrote it, I would do it in a way that scp performed the escaping
for the remote shell automatically. Having to supply a different filename
depending on where the file is goes against the local-remote transparency
that scp is attempting at.

CL<

Re: scp problem with remote filename escaping

[Karel Kulhavy]

On Wed, Apr 11, 2007 at 10:55:29PM +0200, Simon Effenberg wrote:
> On Wed, Apr 11, 2007 at 04:17:38PM -0400, Nick ! wrote:
> > On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote:
> > >
> > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> > >> Of Karel Kulhavy
> > >> Sent: Wednesday, April 11, 2007 3:47 PM
> > >> To: OpenBSD
> > >> Subject: scp problem with remote filename escaping
> > >> Sounds like a bug to me - the escaping for the remote shell is not being
> > >> done
> > >> correctly?
> > >
> > >Wow.
> > >
> > >Seriously, I think the real 'bug' is your file naming conventions.
> > >
> > >Who would anyone specifically want to name a file with a space in it...
> > >and if breaks on scp, where else will that screwy naming convention
> > >break as well?
> > >
> > >I'm sure you'll give some really good reason why the files have to be
> > >named that way...
> > 
> > I agree, spaces in filenames should be avoided. But spaces in
> > filenames are legal, so programs need to support that; this seems like
> > a case scp was never tested against because no one uses files with
> > those names.
> > 
> > -Nick
> > 
> 
> scp needs 3 * \ for one space..

scp needs one (1) \ for one space in case of remote file and zero (0) \ in case
of local one. The extra \'s are for bash but bash is irrelevant in this case.
It's just one possible method of calling the process. Another method is
writing a small C program and using exec.

CL<
> 
> scp [EMAIL PROTECTED]:/what/you/want/a\\\ b.txtlocalfile.txt
> 
> \s
> 
> -- 
> GnuPG: 5755FB64
> 
> Per aspera ad astra.

Re: scp problem with remote filename escaping

[Karel Kulhavy]

On Wed, Apr 11, 2007 at 04:17:38PM -0400, Nick ! wrote:
> On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote:
> >
> >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> >> Of Karel Kulhavy
> >> Sent: Wednesday, April 11, 2007 3:47 PM
> >> To: OpenBSD
> >> Subject: scp problem with remote filename escaping
> >> Sounds like a bug to me - the escaping for the remote shell is not being
> >> done
> >> correctly?
> >
> >Wow.
> >
> >Seriously, I think the real 'bug' is your file naming conventions.
> >
> >Who would anyone specifically want to name a file with a space in it...
> >and if breaks on scp, where else will that screwy naming convention
> >break as well?
> >
> >I'm sure you'll give some really good reason why the files have to be
> >named that way...
> 
> I agree, spaces in filenames should be avoided. But spaces in

Where is this documented, that "spaces in filenames should be avoided"?
man scp doesn't mention this.

CL<
> filenames are legal, so programs need to support that; this seems like
> a case scp was never tested against because no one uses files with
> those names.
> 
> -Nick

Re: wireless ethernet adapters (seeking recommendations)

[bofh]

- Original message -
Or acx(4), ath(4), rtw(4), rum(4), wi(4).

I thought we shouldn't support ath?

On 4/11/07, pedro la peu <[EMAIL PROTECTED]> wrote:

> The usual recommendation is ral(4)

Or acx(4), ath(4), rtw(4), rum(4), wi(4).

Re: wireless ethernet adapters (seeking recommendations)

[Sam Fourman Jr.]

My advice would be ral(4) I have also used ath(4) however the G  mode
does not  work real well, I would suspect that ral(4) would be one of
the first devices to support 80.211n. in OpenBSD (Someone correct me
if I am wrong on this)


Sam Fourman Jr.


On 4/11/07, Darrin Chandler <[EMAIL PROTECTED]> wrote:

On Thu, Apr 12, 2007 at 02:18:28AM +0200, Maxime DERCHE wrote:
> A recent thread (04/04/2007) on this list showed that the ralink
> chipsets are well supported by OpenBSD.

If I recall, there was also talk about lower signal strength with
ralink. For an access point this is important, but could be mitigated or
overcome by a high gain antenna.

FWIW, I haven't done any hard testing about signal strength, but I'm at
least 50 ft from my ral(4) openbsd access point, as is my daughter using
her ral(4) openbsd laptop. No problems here. Access point is a soekris
with a normal stubby antenna, and the laptops involved are minipci and
cardbus (no external antenna at all). :)

--
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

My hard-to-kill OpenBSD

[Rico Secada]

Hi all.

"Funny" story..

At home I installed OpenBSD on some old i386 hardware years ago. Since I do a 
lot of work at home I have a small homenetwork. From time to time I upgrade 
hardware, and sometimes I change the disks as well, when I get some bigger ones.

Anyway, my old OpenBSD installation has been upgraded twice, yes I neglected 
it. It has been moved physically from different machines, from Intel onto AMD, 
and the other way around. It has even been moved from disk to disk, using a 
homemade tar and gtar solution. It has been turned off regulary, without using 
halt or shutdown. It has been running without shutdown months at a time, and it 
has suffered different kinds of physically abuse when I moved from one house to 
another. It has suffered all kind of crack attempts - none succesfull. It has 
been used as a fileserver on nfs, as a dhcp server, as a firewall, as a 
database server, and a lot of other stuff. At last I could not remember 
anything about how it actually was running. Yesterday it suffered a powersupply 
failure, but it didn't even grunt.

In all that time, during all that suffering, it did no go down even once. It 
never ever suffered any dataloss from the many physically shutdowns. It was as 
stable as a solid rock. 

Well all things come to an end, so I finally decided to kill it slowly by 
night, removing all "important" files, doing a fresh install of 4.0 and 
exspecting the same rock solid performance.

Now, besides the work I do with BSD, sometimes I work with GNU/Linux as well. I 
had to mess a bit with a Debian box, and while it was open I noticed that I had 
switched the primary and secondary IDE cabels. It doesn't matter ofcourse, the 
machine boots anyway, buuut I like it to be where it should be, primary master 
on the primary cabel, so I switched the cabels. What happened? Well, the 
machine didn't want to boot - go figured!! ;-) Had that been my old OpenBSD 
installation I would exspect it to have booted off the floppy controller by 
mistake and I wouldn't even notice! ;-)))

Rico.

Re: scp problem with remote filename escaping

[Karel Kulhavy]

On Wed, Apr 11, 2007 at 04:11:48PM -0400, Dan Farrell wrote:
> Wow.
> 
> Seriously, I think the real 'bug' is your file naming conventions.

Bug is when behaviour is different from documentation. What is the behaviour
and what is the documentation in the case of "my file naming conventions"?

> Who would anyone specifically want to name a file with a space in it...

I think the question of motivation is irrelevant here. The scp does something
else than is written in the manpage.

> and if breaks on scp, where else will that screwy naming convention
> break as well? 
> 
> I'm sure you'll give some really good reason why the files have to be
> named that way... 

They don't have to be. It's actually completely irrelevant in this case whether
they have to be named with spaces or don't. scp does something else than is
written in the manpage regardless of the user's motivation.

CL<
> 
> 
> danno
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Karel Kulhavy
> Sent: Wednesday, April 11, 2007 3:47 PM
> To: OpenBSD
> Subject: scp problem with remote filename escaping
> Sounds like a bug to me - the escaping for the remote shell is not being
> done
> correctly?

Re: wireless ethernet adapters (seeking recommendations)

[pedro la peu]

> The usual recommendation is ral(4)

Or acx(4), ath(4), rtw(4), rum(4), wi(4).

Re: wireless ethernet adapters (seeking recommendations)

[Darrin Chandler]

On Thu, Apr 12, 2007 at 02:18:28AM +0200, Maxime DERCHE wrote:
> A recent thread (04/04/2007) on this list showed that the ralink
> chipsets are well supported by OpenBSD.

If I recall, there was also talk about lower signal strength with
ralink. For an access point this is important, but could be mitigated or
overcome by a high gain antenna.

FWIW, I haven't done any hard testing about signal strength, but I'm at
least 50 ft from my ral(4) openbsd access point, as is my daughter using
her ral(4) openbsd laptop. No problems here. Access point is a soekris
with a normal stubby antenna, and the laptops involved are minipci and
cardbus (no external antenna at all). :)

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: scp problem with remote filename escaping

[bofh]

On 4/11/07, Karel Kulhavy <[EMAIL PROTECTED]> wrote:
>
> For the same filename, sometimes you have to specify a different filename
> to
> scp, depending on whether the file is on remote system or local one.
>
> I have created a remote file whose filename "a b" is 3 chars long - ASCII
> codes
> 97, 32, 98


Standard shell behavior.  Check out the same command but with rcp.  You'll
see that you get the same results.  Read UnixHaters if you want to see some
interesting results of this.

Re: scp problem with remote filename escaping

[Adam Hawes]

> I scp'd a file called 'a b' to an openbsd server here, then scp'd it
> back a couple time in different ways.  It worked only when using the
> quotes AND escaping, like so:
>
> scp [EMAIL PROTECTED]:"a\ b" .

That's because of the shell.

The shell on the client sees the quotes and doesn't escape the space.
The space is escaped when it gets to the SFTP daemon at the other end.

Without both, the shell at the client does the escaping and sends a
single argument to the scp client.  This sends that argument to the
server, which presumably sees the space and assumes you're asking
for two files called A and B.  You need the \ character to arrive
unaltered at the scp server.

scp [EMAIL PROTECTED]:a\\\ b .

should work as well.

A

Re: scp problem with remote filename escaping

[Adam Hawes]

> I'm sure you'll give some really good reason why the files have to be
> named that way...

Try admining boxes which are used by EvilOS users - all of their
files will be called My\ blah.

Re: wireless ethernet adapters (seeking recommendations)

[Maxime DERCHE]

A recent thread (04/04/2007) on this list showed that the ralink
chipsets are well supported by OpenBSD.
I think any wireless card with a ralink chipset will do the job.

See http://openbsd.org/i386.html#hardware ("Wireless Ethernet Adapters")
if you need more information.

Maxime

Peter wrote:
> I'm looking to build on OpenBSD 4.0 (4.1?) a wireless access point for a 
> small 
> network.  I would like to hear what cards have proven to be the most 
> effective in this arena.  I am very interested in small form factor machines 
> with possible onboard wireless adapters.  The client systems will be running 
> Ubuntu Linux (Feisty).  Thank you very much.
>
> Pedro

Re: bcw(4) is gone

[Todd Alan Smith]

On 4/11/07, Shawn K. Quinn <[EMAIL PROTECTED]> wrote:

On Mon, 2007-04-09 at 22:34 -0400, Jason Dixon wrote:
> GPL advocates claim their license prevents commercial entities from
> stealing their freedom.  These are the same people who have no
> problem giving up their freedoms (in the form of NDA's, closed-source
> kernel modules, etc) to the companies they're trying to fight.

True free software movement supporters will not sign an agreement not to
help their neighbor such as an NDA. Some in the open source movement
have no trouble accepting a binary only driver, or specifications under
NDA, or what have you, for convenience. That's what open source is
about: convenience, not freedom for its own sake. This is exactly why it
is important to make a distinction between the free software movement
and the open source movement and not lump the two together.


Exactly. And it's a distinction that must be made again and again and again.

Re: wireless ethernet adapters (seeking recommendations)

[Nick !]

On 4/11/07, Peter <[EMAIL PROTECTED]> wrote:

I'm looking to build on OpenBSD 4.0 (4.1?) a wireless access point for a small
network.  I would like to hear what cards have proven to be the most
effective in this arena.  I am very interested in small form factor machines
with possible onboard wireless adapters.  The client systems will be running
Ubuntu Linux (Feisty).  Thank you very much.

Pedro


The usual recommendation is ral(4) (that is, the chips that correspond
to the driver documented in `man 4 ral').

Have you seen https://kd85.com/soekris.html ?

-Nick

wireless ethernet adapters (seeking recommendations)

[Peter]

I'm looking to build on OpenBSD 4.0 (4.1?) a wireless access point for a small 
network.  I would like to hear what cards have proven to be the most 
effective in this arena.  I am very interested in small form factor machines 
with possible onboard wireless adapters.  The client systems will be running 
Ubuntu Linux (Feisty).  Thank you very much.

Pedro

Re: bcw(4) is gone

[Shawn K. Quinn]

On Mon, 2007-04-09 at 22:34 -0400, Jason Dixon wrote:
> GPL advocates claim their license prevents commercial entities from  
> stealing their freedom.  These are the same people who have no  
> problem giving up their freedoms (in the form of NDA's, closed-source
> kernel modules, etc) to the companies they're trying to fight.

True free software movement supporters will not sign an agreement not to
help their neighbor such as an NDA. Some in the open source movement
have no trouble accepting a binary only driver, or specifications under
NDA, or what have you, for convenience. That's what open source is
about: convenience, not freedom for its own sake. This is exactly why it
is important to make a distinction between the free software movement
and the open source movement and not lump the two together.

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

Re: Removing chmod world write support and sftp

[System Administrator]

On 11 Apr 2007 at 16:33, Joshua Gimer wrote:

> On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote:
> 
> > > you're not really
> > > planning on security by obscurity are you?
> >
> 
> The wrapper will work because the users that are doing this are doing it
> out of ignorance and not with malicious intentions. If the only thing
> that can be done is to change the sftp code, then I think that I will
> just write a script that will go through and remove o+w from directories
> every hour or so. There are going to only be about 50 users accessing

You'll be amazed how much warez and porn can get uploaded in less than 
an hour ...

> this system and I do not think that putting forth the effort is worth
> it, especially when I still have 11 other systems to setup and configure
> by May 13th. :)
> 
> -- 
> Thx
> Joshua Gimer
> 
> 

-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210  fax: (617) 439-4941

Re: OpenBGPd + pf + pf tables.

[Xavier Beaudouin]

Hello,

Le 11 avr. 07 ` 00:10, jared r r spiegel a icrit :

> On Tue, Apr 10, 2007 at 06:33:12PM +0200, Xavier Beaudouin wrote:
>>
>> The problem I have is if I have a subnet removed from bgp (eg my
>> AS35189
>> neighbor) it is not removed from pf table bgp.
>>
>> Do you have an little idea to do this automaticaly ?
>
>   does it work how you want to if you change from using tables
>   to route labels?
>
>   http://marc.info/?l=openbsd-pf&m=113646508819716&w=2

Hum I didn't try, in fact I use some bgp routes (subnets) as
shapping / non shapping table from the cost of the origin from my bgp
peers.

So the rib is not coupled so rtl label may not work 

I just need feature to remove the route from pftable  or this is
a bug of openbgpd / pf under freebsd 6.2 ?

/Xavier

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Removing chmod world write support and sftp

[Joshua Gimer]

On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote:

> > you're not really
> > planning on security by obscurity are you?
>

The wrapper will work because the users that are doing this are doing it out
of ignorance and not with malicious intentions. If the only thing that can
be done is to change the sftp code, then I think that I will just write a
script that will go through and remove o+w from directories every hour or
so. There are going to only be about 50 users accessing this system and I do
not think that putting forth the effort is worth it, especially when I still
have 11 other systems to setup and configure by May 13th. :)

-- 
Thx
Joshua Gimer

Re: Removing chmod world write support and sftp

[Nick !]

On 4/11/07, Joshua Gimer <[EMAIL PROTECTED]> wrote:

On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote:

> > you're not really
> > planning on security by obscurity are you?
>

The wrapper will work because the users that are doing this are doing it out
of ignorance and not with malicious intentions.


This is a dangerous assumption.


If the only thing that can
be done is to change the sftp code,


Not the sftp code, the chmod code. It should be a one or two line change.

-Nick

Re: date -u gives wrong timezone output?

[Markus Bergkvist]

So, the man page should say 'Display the UTC in GMT time'?

If I understand it correctly, UTC is the timezone
http://en.wikipedia.org/wiki/ISO_8601#UTC

/Markus

Pierre Lamy wrote:

GMT is the timezone, UTC is the time.

P

jared r r spiegel wrote:

On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote:
  

On 4/10/07, Markus Bergkvist <[EMAIL PROTECTED]> wrote:


Hi,

'date -u' on a 4.0 -stable will give something like
Tue Apr 10 22:03:24 GMT 2007
but shouldn't it be
Tue Apr 10 22:03:24 UTC 2007
  

UTC = GMT for all that we care about.
[[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]]


  i could be wrong here, but perhaps he is not suggesting
  that there is any wallclock difference between GMT and UTC,
  but rather that the manpage for date(1) says:

---
 -u  Display or set the date in UTC (Coordinated Universal) time.
---

  as opposed to "... date in GMT ...", also as implied by how it is
  '-u' and not '-g'

  least, that was my reaction to his post?

Re: scp problem with remote filename escaping

[a . velichinsky]

On Wed, Apr 11, 2007 at 04:41:41PM -0500, Matthew R. Dempsky wrote:
> On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote:
> > On 2007/04/11 13:41, Bryan Irvine wrote:
> > > scp [EMAIL PROTECTED]:"a\ b" .
> > 
> > you have to escape to *both* your local shell, and the remote shell
> 
> This has always seemed silly to me.  Does anyone intentionally use
> 
>$ scp host:"a b" .
> 
> instead of
> 
>$ scp host:"{a,b}" .

Does anyone intentionally use

scp '[EMAIL PROTECTED]:`rm -fr /`' /dev/null ?

> 
> or
> 
>$ scp host:a host:b .
> 
> or is just that having whatever does the globbing on the host not
> split at white space too difficult?

That 'whatever' is the login shell of the user on the remote host.
(which may or may not do splitting with IFS, globbing, variable expansion -
the usual stuff).

scp is fine. some people are confused.

Re: scp problem with remote filename escaping

[Matthew R. Dempsky]

On Wed, Apr 11, 2007 at 04:33:32PM -0400, Nick ! wrote:
> Karel, single quotes cause backslashes to be backslashes, instead of
> escape chars (*except* if it's a backslash in front of a single quote,
> so that you can escape single quotes to include them).

No, backslashes have no special meaning inside single quotes.

$ echo '\'
\

Re: scp problem with remote filename escaping

[Matthew R. Dempsky]

On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote:
> On 2007/04/11 13:41, Bryan Irvine wrote:
> > scp [EMAIL PROTECTED]:"a\ b" .
> 
> you have to escape to *both* your local shell, and the remote shell

This has always seemed silly to me.  Does anyone intentionally use

   $ scp host:"a b" .

instead of

   $ scp host:"{a,b}" .

or

   $ scp host:a host:b .

or is just that having whatever does the globbing on the host not
split at white space too difficult?

Re: IPSec help..

[Roy Kim]

Window's firewall is off. Dump is as follows:

# tcpdump -i sis0 'esp or (udp and (port 500 or port 4500))'
tcpdump: listening on sis0, link-type EN10MB
21:06:26.205252 work.isakmp > home.isakmp: isakmp v1.0 exchange ID_PROT
   cookie: 1a0f8d5bb2637ce2-> msgid: 
len: 3632 (frag 51066:[EMAIL PROTECTED])
21:06:26.735801 home.isakmp > work.isakmp: isakmp v1.0 exchange ID_PROT
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 188
21:06:26.745392 work.isakmp > home.isakmp: isakmp v1.0 exchange ID_PROT
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 184
21:06:27.103644 home.isakmp > work.isakmp: isakmp v1.0 exchange ID_PROT
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 232
21:06:27.138275 work.ipsec-nat-t > home.ipsec-nat-t:udpencap: isakmp
v1.0 exchange ID_PROT encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 860
21:06:27.575196 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
ID_PROT encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 892
21:06:32.575767 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
INFO encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: dbc958f1 len: 92
21:06:37.235054 work.ipsec-nat-t > home.ipsec-nat-t:udpencap: isakmp
v1.0 exchange ID_PROT encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 860
21:06:37.248721 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
ID_PROT encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 892
21:06:37.619710 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
INFO encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: 4c3bb90c len: 92
21:06:42.647504 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
INFO encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: 88ad6544 len: 92
21:06:47.244914 work.ipsec-nat-t > home.ipsec-nat-t:udpencap: isakmp
v1.0 exchange ID_PROT encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 860
21:06:47.263416 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
ID_PROT encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid:  len: 892
21:06:47.684881 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
INFO encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: 5337bf54 len: 92
21:06:52.715304 home.isakmp > work.ipsec-nat-t: isakmp v1.0 exchange
INFO encrypted
   cookie: 1a0f8d5bb2637ce2->d37038c8086c3c7a msgid: eaeb08da len: 92

On 4/11/07, Dag Richards <[EMAIL PROTECTED]> wrote:

Roy Kim wrote:
> I'm trying to setup an ipsec tunnel between an openbsd and a windows
> box using X.509 certificates. Phase 1 gets successfully negotiated but
> then things crap out at step 1 of phase 2 and I don't have a clue
> what's wrong. Any thoughts?
>
> Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf
> are as follows:
>
> ipsec.conf:
> ike dynamic esp tunnel from 192.168.0/8 to any \
>  srcid home dstid work
> ike dynamic esp tunnel from any to 192.168.0/8 \
>  srcid work dstid home
>
> isakmpd output using 'isakmpd -KvdD A=50'
> 191751.046228 Timr 10 timer_add_event: event
> exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200),
> expiration in 120s
> 191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500   policy> policy initiator phase 2 doi 1 exchange 5 step 0
> 191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3
> rcookie 8e784c12cb6b04bd
> 191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list
> 191751.052677 Cryp 50 crypto_init_iv: initialized IV:
> 191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567
> 191751.055068 Cryp 30 crypto_encrypt: before encryption:
> 191751.057166 Cryp 30 0b18 68790ed1 9f0d6417 66838f05 de3393d7
> 9ec6dcb3 0020 0001
> 191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd
> 3340  
> 191751.060004 Cryp 30 crypto_encrypt: after encryption:
> 191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3
> 9f0d19e6 624ee717 c65f1486
> 191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea
> 0bf57a7f d8c817ce 070b8719
> 191751.064686 Cryp 50 crypto_update_iv: updated IV:
> 191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719
> 191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step
> 0, advancing...
> 191751.069968 Timr 10 timer_add_event: event
> dpd_check_event(0x85229200) added before
> connection_checker(0x8522a060), expiration in 5s
> 191751.07 Exch 10 exchange_finalize: 0x7df9b500   policy> policy initiator phase 2 doi 1 exchange 5 step 1
> 191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3
> rcookie 8e784c12cb6b04bd
> 191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list
> 191751.076166 Timr 10 timer_remove_event: removing event
> exchange_free_aux(0x7df9b500)
> 191751.077610 Mesg 20 message_free: fre

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[Jack J. Woehr]

On Apr 11, 2007, at 2:25 PM, chefren wrote:

> Clearly not to death and people here are seriously interested in  
> pro and contra arguments.

Hey, if you young folks still have all that typing power in your  
fingers, please bang on the
code for BSD some more!

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: scp problem with remote filename escaping

[Stuart Henderson]

On 2007/04/11 13:41, Bryan Irvine wrote:
> 
> >I agree, spaces in filenames should be avoided. But spaces in
> >filenames are legal, so programs need to support that; this seems like
> >a case scp was never tested against because no one uses files with
> >those names.
> 
> I scp'd a file called 'a b' to an openbsd server here, then scp'd it
> back a couple time in different ways.  It worked only when using the
> quotes AND escaping, like so:
> 
> scp [EMAIL PROTECTED]:"a\ b" .

you have to escape to *both* your local shell, and the remote shell

Re: scp problem with remote filename escaping

[Simon Effenberg]

On Wed, Apr 11, 2007 at 04:17:38PM -0400, Nick ! wrote:
> On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote:
> >
> >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> >> Of Karel Kulhavy
> >> Sent: Wednesday, April 11, 2007 3:47 PM
> >> To: OpenBSD
> >> Subject: scp problem with remote filename escaping
> >> Sounds like a bug to me - the escaping for the remote shell is not being
> >> done
> >> correctly?
> >
> >Wow.
> >
> >Seriously, I think the real 'bug' is your file naming conventions.
> >
> >Who would anyone specifically want to name a file with a space in it...
> >and if breaks on scp, where else will that screwy naming convention
> >break as well?
> >
> >I'm sure you'll give some really good reason why the files have to be
> >named that way...
> 
> I agree, spaces in filenames should be avoided. But spaces in
> filenames are legal, so programs need to support that; this seems like
> a case scp was never tested against because no one uses files with
> those names.
> 
> -Nick
> 

scp needs 3 * \ for one space..

scp [EMAIL PROTECTED]:/what/you/want/a\\\ b.txtlocalfile.txt

\s

-- 
GnuPG: 5755FB64

Per aspera ad astra.

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[Darrin Chandler]

On Wed, Apr 11, 2007 at 10:25:03PM +0200, chefren wrote:
> On 4/11/07 5:45 PM, Darrin Chandler wrote:
> >Now that the subject is accurate, it's more obvious than ever that this
> >discussion doesn't belong here. Not only is it not relevant, but it's
> >been discussed to death many times, in many places.
> 
> Clearly not to death and people here are seriously interested in pro 
> and contra arguments.

Just because you're still flogging a horse doesn't mean it's not dead.

BSD v. GPL is easy to understand:

If you want to give your code away for whatever purpose, use BSD.

If you want to enforce your view of "correct" on anyone using your code,
use GPL.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: scp problem with remote filename escaping

[Bryan Irvine]

I agree, spaces in filenames should be avoided. But spaces in
filenames are legal, so programs need to support that; this seems like
a case scp was never tested against because no one uses files with
those names.


I scp'd a file called 'a b' to an openbsd server here, then scp'd it
back a couple time in different ways.  It worked only when using the
quotes AND escaping, like so:

scp [EMAIL PROTECTED]:"a\ b" .


--Bryan

Re: scp problem with remote filename escaping

[Nick !]

On 4/11/07, Nick ! <[EMAIL PROTECTED]> wrote:

On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote:
>
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> > Of Karel Kulhavy
> > Sent: Wednesday, April 11, 2007 3:47 PM
> > To: OpenBSD
> > Subject: scp problem with remote filename escaping
> > Sounds like a bug to me - the escaping for the remote shell is not being
> > done
> > correctly?
>
> Wow.
>
> Seriously, I think the real 'bug' is your file naming conventions.
>

But spaces in filenames are legal, so programs need to support that;


Er, nevermind. I didn't read closely enough.
Karel, single quotes cause backslashes to be backslashes, instead of
escape chars (*except* if it's a backslash in front of a single quote,
so that you can escape single quotes to include them). The behaviour
you're seeing is entirely correct.

I still stand by my abstract philosophical standpoint, that forcing
certain conventions is not a substitute for bugfixing, but it turns
out it doesn't apply here.

-Nick

Re: IPSec help..

[Hans-Joerg Hoexer]

On Wed, Apr 11, 2007 at 01:28:28PM -0600, Roy Kim wrote:
> I'm trying to setup an ipsec tunnel between an openbsd and a windows
> box using X.509 certificates. Phase 1 gets successfully negotiated but
> then things crap out at step 1 of phase 2 and I don't have a clue
> what's wrong. Any thoughts?
> 
> Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf
> are as follows:
> 
> ipsec.conf:
> ike dynamic esp tunnel from 192.168.0/8 to any \
>  srcid home dstid work
> ike dynamic esp tunnel from any to 192.168.0/8 \
>  srcid work dstid home

you only need one of these two rules as ipsecctl will create
automatically the correct pairs of SAs and flows.  See ipsec.conf(5) for
details.


> 
> isakmpd output using 'isakmpd -KvdD A=50'
> 191751.046228 Timr 10 timer_add_event: event
> exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200),
> expiration in 120s
> 191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500   policy> policy initiator phase 2 doi 1 exchange 5 step 0
> 191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3
> rcookie 8e784c12cb6b04bd
> 191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list
> 191751.052677 Cryp 50 crypto_init_iv: initialized IV:
> 191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567
> 191751.055068 Cryp 30 crypto_encrypt: before encryption:
> 191751.057166 Cryp 30 0b18 68790ed1 9f0d6417 66838f05 de3393d7
> 9ec6dcb3 0020 0001
> 191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd
> 3340  
> 191751.060004 Cryp 30 crypto_encrypt: after encryption:
> 191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3
> 9f0d19e6 624ee717 c65f1486
> 191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea
> 0bf57a7f d8c817ce 070b8719
> 191751.064686 Cryp 50 crypto_update_iv: updated IV:
> 191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719
> 191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step
> 0, advancing...
> 191751.069968 Timr 10 timer_add_event: event
> dpd_check_event(0x85229200) added before
> connection_checker(0x8522a060), expiration in 5s
> 191751.07 Exch 10 exchange_finalize: 0x7df9b500   policy> policy initiator phase 2 doi 1 exchange 5 step 1
> 191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3
> rcookie 8e784c12cb6b04bd
> 191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list
> 191751.076166 Timr 10 timer_remove_event: removing event
> exchange_free_aux(0x7df9b500)
> 191751.077610 Mesg 20 message_free: freeing 0x7df9e000
> 191756.083274 Timr 10 timer_handle_expirations: event
> dpd_check_event(0x85229200)
> 191756.084314 Mesg 10 dpd_check_event: peer not responding, retry 2 of 5

Re: scp problem with remote filename escaping

[Nick !]

On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote:


> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Karel Kulhavy
> Sent: Wednesday, April 11, 2007 3:47 PM
> To: OpenBSD
> Subject: scp problem with remote filename escaping
> Sounds like a bug to me - the escaping for the remote shell is not being
> done
> correctly?

Wow.

Seriously, I think the real 'bug' is your file naming conventions.

Who would anyone specifically want to name a file with a space in it...
and if breaks on scp, where else will that screwy naming convention
break as well?

I'm sure you'll give some really good reason why the files have to be
named that way...


I agree, spaces in filenames should be avoided. But spaces in
filenames are legal, so programs need to support that; this seems like
a case scp was never tested against because no one uses files with
those names.

-Nick

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[chefren]

On 4/11/07 5:45 PM, Darrin Chandler wrote:

Now that the subject is accurate, it's more obvious than ever that this
discussion doesn't belong here. Not only is it not relevant, but it's
been discussed to death many times, in many places.


Clearly not to death and people here are seriously interested in pro 
and contra arguments.


+++chefren

p.s. GPLvX is BSD with DRM, GPLvX people try to rule after "giving" it 
away, new GPL versions are "needed" because the idea behind it is 
flawed, GPLvX people believe it can be fixed, BSD people know it's 
technically beyond repair since the first version.

Re: scp problem with remote filename escaping

[Dan Farrell]

Wow.

Seriously, I think the real 'bug' is your file naming conventions.

Who would anyone specifically want to name a file with a space in it...
and if breaks on scp, where else will that screwy naming convention
break as well?

I'm sure you'll give some really good reason why the files have to be
named that way...


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Karel Kulhavy
Sent: Wednesday, April 11, 2007 3:47 PM
To: OpenBSD
Subject: scp problem with remote filename escaping
Sounds like a bug to me - the escaping for the remote shell is not being
done
correctly?

scp problem with remote filename escaping

[Karel Kulhavy]

For the same filename, sometimes you have to specify a different filename to
scp, depending on whether the file is on remote system or local one.

I have created a remote file whose filename "a b" is 3 chars long - ASCII codes
97, 32, 98

scp '[EMAIL PROTECTED]:a b' .
doesn't work - prints:
scp: a: No such file or directory
scp: b: No such file or directory

I have to type
scp '[EMAIL PROTECTED]:a\ b' .

which propagates to the scp process as a single argument containing a
backslash, as can be seen with
touch a\ b (creates a file named "a b")
scp a\ b  d - works
scp 'a\ b' d - cp: a\ b: No such file or directory

The manual page says I should specify "file1" and "file2", which (lacking
further details) implies the filename is supplied without any further encoding.
All the more without an encoding which depends on where the file actually lies.
Sounds like a bug to me - the escaping for the remote shell is not being done
correctly?

Is this the intended behaviour of scp from OpenBSD 4.0?  I would tell the
version of the scp but scp -version, --version, -V and -v doesn't work and man
scp doesn't contain the word "version".

CL<

IPSec help..

[Roy Kim]

I'm trying to setup an ipsec tunnel between an openbsd and a windows
box using X.509 certificates. Phase 1 gets successfully negotiated but
then things crap out at step 1 of phase 2 and I don't have a clue
what's wrong. Any thoughts?

Isakmpd debug messages just after phase 1 is negotiated and ipsec.conf
are as follows:

ipsec.conf:
ike dynamic esp tunnel from 192.168.0/8 to any \
 srcid home dstid work
ike dynamic esp tunnel from any to 192.168.0/8 \
 srcid work dstid home

isakmpd output using 'isakmpd -KvdD A=50'
191751.046228 Timr 10 timer_add_event: event
exchange_free_aux(0x7df9b500) added before sa_soft_expire(0x85229200),
expiration in 120s
191751.047319 Exch 10 exchange_establish_p2: 0x7df9b500   policy initiator phase 2 doi 1 exchange 5 step 0
191751.049266 Exch 10 exchange_establish_p2: icookie 395faa725fd4c3b3
rcookie 8e784c12cb6b04bd
191751.050294 Exch 10 exchange_establish_p2: msgid 47ef99ad sa_list
191751.052677 Cryp 50 crypto_init_iv: initialized IV:
191751.054075 Cryp 50 033b6e99 5e66c7ba 8efd5d22 8ffe8567
191751.055068 Cryp 30 crypto_encrypt: before encryption:
191751.057166 Cryp 30 0b18 68790ed1 9f0d6417 66838f05 de3393d7
9ec6dcb3 0020 0001
191751.058368 Cryp 30 01108d28 395faa72 5fd4c3b3 8e784c12 cb6b04bd
3340  
191751.060004 Cryp 30 crypto_encrypt: after encryption:
191751.061996 Cryp 30 bb6cda82 ec0c809f eac5e496 3102dffb 726b62a3
9f0d19e6 624ee717 c65f1486
191751.063409 Cryp 30 a35e8fb2 c9a6b8c8 2d03723f 7d6d0c68 909c42ea
0bf57a7f d8c817ce 070b8719
191751.064686 Cryp 50 crypto_update_iv: updated IV:
191751.066224 Cryp 50 909c42ea 0bf57a7f d8c817ce 070b8719
191751.068932 Exch 40 exchange_run: exchange 0x7df9b500 finished step
0, advancing...
191751.069968 Timr 10 timer_add_event: event
dpd_check_event(0x85229200) added before
connection_checker(0x8522a060), expiration in 5s
191751.07 Exch 10 exchange_finalize: 0x7df9b500   policy initiator phase 2 doi 1 exchange 5 step 1
191751.073402 Exch 10 exchange_finalize: icookie 395faa725fd4c3b3
rcookie 8e784c12cb6b04bd
191751.074675 Exch 10 exchange_finalize: msgid 47ef99ad sa_list
191751.076166 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x7df9b500)
191751.077610 Mesg 20 message_free: freeing 0x7df9e000
191756.083274 Timr 10 timer_handle_expirations: event
dpd_check_event(0x85229200)
191756.084314 Mesg 10 dpd_check_event: peer not responding, retry 2 of 5

Re: safe PF start / restart

[Mike Erdely]

On Wed, Apr 11, 2007 at 02:44:10PM -0400, Jeff Quast wrote:
> On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote:
> >feature in shorewall - safe restart.
> >
> >Is there a ready made script accomplishing this for openbsd / pf?  Or any
> >plans of building such functionality?
> 
> I've done this with pf. I used at(1) like anybody would. You can load
> a new rule using pfctl -f /etc/pf.conf/new,  with an at(1) job to load
> /etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it
> with /bin/sh.
> 
> Personaly I'd hate to see this as an actual 'feature' anywhere. If
> everything this trivial was implemented into pfctl I would stop
> reading manuals top to bottom. You should look at the command prompt
> like a live programming enviroment. I recommend reading "The UNIX
> Programming Environment" by Brian W. Kernighan and Rob Pike.

Once you have a working ruleset, most changes shouldn't be enough to
effect YOUR connectivity to the firewall.  After running $EDITOR to
change your ruleset, run 'pfctl -nvf /etc/pf.conf' to make sure the
output matches your expectations before running 'pfctl -f /etc/pf.conf'.

-ME

Re: bcw(4) is gone

[Mike Erdely]

On Wed, Apr 11, 2007 at 08:20:51PM +0200, Timo Schoeler wrote:
> On Wed, 11 Apr 2007 20:08:44 +0200 Marc Balmer wrote:
> > > [X] -- communism isn't as bad as the GPL ;)
> > [X] marco is a communist
> no; if so, he's as good as communist as George W. Bush as president.

WTF!  What the hell does GPL, communism or GWB have to do with OpenBSD?
Let this thread die.

-ME

Re: safe PF start / restart

[Jeff Quast]

On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote:

I had to set up a linux firewall the other day, and I used the iptables
script generating program shorewall.
While pulling my hair over how ugly the iptables stuff (even via shorewall)
is compared to OpenBSDs nice clean PF syntax, I did find one very nice
feature in shorewall - safe restart.

When safe restarting, shorewall will implement all rules in the iptables
config files, then give the user a prompt: keep rules y/n?

If 'yes' the rules are kept and everyone is happy. If 'no', iptables are
disabled and all traffic let in. If no answer then default to answer 'no'
after 60 seconds.
Very useful, even if just for the added peace of mind when applying new
changes.

Is there a ready made script accomplishing this for openbsd / pf?  Or any
plans of building such functionality?

Christian




I think I get what you're asking here... like switching monitor
resolutions and asking you to confirm that it worked by clicking a
button? If you can't see the button, you don't click it, and the old
resolution is reverted after 15 seconds. Right?

I've done this with pf. I used at(1) like anybody would. You can load
a new rule using pfctl -f /etc/pf.conf/new,  with an at(1) job to load
/etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it
with /bin/sh.

Personaly I'd hate to see this as an actual 'feature' anywhere. If
everything this trivial was implemented into pfctl I would stop
reading manuals top to bottom. You should look at the command prompt
like a live programming enviroment. I recommend reading "The UNIX
Programming Environment" by Brian W. Kernighan and Rob Pike.

Building boot

[Jon Steel]

Hi

Im trying to build boot for OpenBSD 4.0. Ive pasted the output below
from what I get if I do a make clean in /sys/arch/i386/stand/boot and
then do a make in /sys.

The problem is that the boot file that is being created in
/sys/arch/i386/stand/boot is 322K, whereas the original boot was only
38.6K. When I installboot this larger file, the system fails to load
boot upon restarting. So how do I actually make boot? Is it related to
the ": relocation truncated to fit: R_386_16 .text" messages below?

Thank You

Jonathan Steel

bash-3.1# make
===> dev/microcode
===> dev/microcode/atmel
===> dev/microcode/cirruslogic
===> dev/microcode/fxp
===> dev/microcode/kue
===> dev/microcode/neomagic
===> dev/microcode/ral
===> dev/microcode/rum
===> dev/microcode/symbol
===> dev/microcode/typhoon
===> dev/microcode/uyap
===> dev/microcode/yds
===> dev/microcode/zydas
===> arch/alpha
===> arch/alpha/stand
===> arch/alpha/stand/setnetbootinfo
===> arch/alpha/stand/installboot
===> arch/amd64
===> arch/amd64/stand
===> arch/amd64/stand/biosboot
===> arch/amd64/stand/installboot
===> arch/amd64/stand/boot
===> arch/amd64/stand/pxeboot
===> arch/amd64/stand/cdboot
===> arch/armish
===> arch/armish/stand
===> arch/armish/stand/boot
===> arch/aviion
===> arch/aviion/stand
===> arch/aviion/stand/a2coff
===> arch/cats
===> arch/hp300
===> arch/hp300/stand
===> arch/hp300/../m68k
===> arch/hppa
===> arch/hppa/stand
===> arch/hppa/stand/mkboot
===> arch/hppa/stand/boot
===> arch/hppa64
===> arch/hppa64/stand
===> arch/hppa64/stand/mkboot
===> arch/hppa64/stand/boot
===> arch/i386
===> arch/i386/stand
===> arch/i386/stand/etc
===> arch/i386/stand/libsa
===> arch/i386/stand/libkern
===> arch/i386/stand/libz
===> arch/i386/stand/mbr
===> arch/i386/stand/cdbr
===> arch/i386/stand/biosboot
===> arch/i386/stand/installboot
===> arch/i386/stand/boot
cc   -I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc/obj
-I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d 
-DLINKADDR=0x40120 -c srt0.S
cc   -Os -Wall -Werror -fno-stack-protector  -D_STANDALONE -nostdinc
-fno-builtin -fpack-struct  -I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc/obj
-I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d 
-DLINKADDR=0x40120 -c
/sys/arch/i386/stand/boot/../../../../stand/boot/boot.c
cc   -Os -Wall -Werror -fno-stack-protector  -D_STANDALONE -nostdinc
-fno-builtin -fpack-struct  -I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc/obj
-I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d 
-DLINKADDR=0x40120 -c /sys/arch/i386/stand/boot/../../../../stand/boot/cmd.c
cc   -Os -Wall -Werror -fno-stack-protector  -D_STANDALONE -nostdinc
-fno-builtin -fpack-struct  -I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc/obj
-I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d 
-DLINKADDR=0x40120 -c
/sys/arch/i386/stand/boot/../../../../stand/boot/vars.c
cc   -Os -Wall -Werror -fno-stack-protector  -D_STANDALONE -nostdinc
-fno-builtin -fpack-struct  -I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc/obj
-I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d 
-DLINKADDR=0x40120 -c
/sys/arch/i386/stand/boot/../../../../stand/boot/bootarg.c
cc   -Os -Wall -Werror -fno-stack-protector  -D_STANDALONE -nostdinc
-fno-builtin -fpack-struct  -I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc/obj
-I/sys/arch/i386/stand/boot/../../../..
-I/sys/arch/i386/stand/boot/../libsa -I. -I/sys/arch/i386/stand/boot
-I/sys/arch/i386/stand/boot/../etc -DBOOTMAGIC=0xc001d00d 
-DLINKADDR=0x40120 -c conf.c
ld  -nostdlib -Bstatic -Ttext 0x40120 -N -x -noinhibit-exec -o boot
srt0.o boot.o cmd.o vars.o bootarg.o conf.o
/sys/arch/i386/stand/boot/../libsa/libsa.a
/sys/arch/i386/stand/boot/../libz/libz.a
/sys/arch/i386/stand/boot/../libkern/libkern.a
/sys/arch/i386/stand/boot/../libsa/libsa.a(gidt.o)(.text+0x38): In
function `idt':
: relocation truncated to fit: R_386_16 .text
/sys/arch/i386/st

OpeBSD on Acer Travelmate

[Timo Myyrä]

Hi,

I recently installed OpenBSD-current from the latest snapshot on my Acer 
Travelmate 4202WLMI laptop and I'm having few issues with it. 

First is the USB -performance. I have USB-drive and when moving data between 
it and my laptop I get around 5-7MB/sec although in Linux I get 17-20MB/sec. 
Is this just that the USB-support is still at 1.1 and all I can do is wait 
for it to be updated or is there something to be done to increase it's 
performance? 

Second is that I recently read that ACPI support should start to be working 
but that isn't the case with my laptop as shown below. It just states that 
ACPI not configured. [attached acpidump]

And lastly and mainly my IPW3945 wireless adapter won't work. I installed the 
firmware as instructed by manual page and it gives the "fatal firmware error" 
when booting. 

Is there anything to be done to above cases except to wait? I'm relatively new 
to OpenBSD so solution for these could be some error I made somewhere.

My dmesg:
OpenBSD 4.1-current (GENERIC.MP) #1260: Fri Apr  6 01:51:07 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Genuine Intel(R) CPU T2300 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 534867968 (522332K)
avail mem = 480264192 (469008K)
using 4278 buffers containing 26865664 bytes (26236K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 03/09/06, BIOS32 rev. 0 @ 0xfd400, 
SMBIOS rev. 2.31 @ 0xe3810 (26 entries)
bios0: Acer Grapevine
pcibios0 at bios0: rev 2.1 @ 0xfd400/0xc00
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/320 (18 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xf200 0xe/0x1800! 0xe3800/0x800!
acpi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2300 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type ISA
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVIDIA GeForce 7300 Go" rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 2 
int 22 (irq 10)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: 0x04x/0x10ec (rev. 0.2), HDA version 1.0
azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02
pci5 at ppb4 bus 5
wpi0 at pci5 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 2 
int 19 (irq 10), address 00:13:02:03:7e:68
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 2 int 23 
(irq 5)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 2 int 19 
(irq 10)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 2 int 18 
(irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 2 int 16 
(irq 6)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 2 int 23 
(irq 5)
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0
uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci6 at ppb5 bus 6
bce0 at pci6 dev 1 function 0 "Broadcom BCM4401B0" rev 0x02: apic 2 int 21 
(irq 10), address 00:0f:b0:f0:eb:93
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
cbb0 at pci6 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: apic 2 int 16 
(irq 6)
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 7 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA, channel 
0 wired to compatibility, channel 1 wired 

Re: bcw(4) is gone

[Timo Schoeler]

On Wed, 11 Apr 2007 20:08:44 +0200
Marc Balmer <[EMAIL PROTECTED]> wrote:

> Timo Schoeler wrote:
> > On Wed, 11 Apr 2007 16:25:14 +0200
> > Massimo Lusetti <[EMAIL PROTECTED]> wrote:
> > 
> >> On Mon, 9 Apr 2007 20:20:33 -0500
> >> Marco Peereboom <[EMAIL PROTECTED]> wrote:
> >>
> >>> GPL is as free as communism.
> >> Please add this to fortune!
> >>
> >> -- 
> >> Massimo.run();
> >> She's the kind of girl who climbed the ladder of success wrong by
> >> wrong. -- Mae West
> > 
> > [ ] -- you read about and understood what communism is (both of you)
> > 
> > [X] -- I replied that late because I was busy laughing after Marco's
> > post
> > 
> > [X] -- communism isn't as bad as the GPL ;)
> > 
> 
> [X] marco is a communist

no; if so, he's as good as communist as George W. Bush as president.

Re: safe PF start / restart

[Marco Peereboom]

Did you read pfctl(8) ?

On Wed, Apr 11, 2007 at 10:44:44AM -0700, christian johansson wrote:
> I had to set up a linux firewall the other day, and I used the iptables
> script generating program shorewall.
> While pulling my hair over how ugly the iptables stuff (even via shorewall)
> is compared to OpenBSDs nice clean PF syntax, I did find one very nice
> feature in shorewall - safe restart.
> 
> When safe restarting, shorewall will implement all rules in the iptables
> config files, then give the user a prompt: keep rules y/n?
> 
> If 'yes' the rules are kept and everyone is happy. If 'no', iptables are
> disabled and all traffic let in. If no answer then default to answer 'no'
> after 60 seconds.
> Very useful, even if just for the added peace of mind when applying new
> changes.
> 
> Is there a ready made script accomplishing this for openbsd / pf?  Or any
> plans of building such functionality?
> 
> Christian

Re: Routerboard 532 Bounty

[Chris Kuethe]

On 4/11/07, Bret Lambert <[EMAIL PROTECTED]> wrote:

On Wed, 2007-04-11 at 12:05 -0500, Sam Fourman Jr. wrote:
> Well, I would like to see the router board simply because, I would
> like to make a router / switch device to replace a Linksys 54G Router,
> maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto
> and the other for a wireless device.
>
> if anyone has any ideas or links that would be great.

The propietor of magicbox.pl, which offers powerpc-based boards, had
offered to ship hardware to any and all interested OpenBSD devs; a few
confused me as the contact point, so it looks like there was some
developer interest in that hardware, but I haven't heard anything since.

This was something like a month, month and a half ago; if any dev who
contacted that vendor could give a quick "it worked/he was jerking us
around" response, I'd love to get an update.


I sent a couple of emails - "hey, this sounds like a nice plan, tell
me more" - and never heard back one way or the other. *shrug* I have a
huge pile of things to work on so I'm not going to get bent out of
shape if nothing materializes, but they do look like they could be
useful for some applications.


Those boards are (unless I'm forgetting) based in the IBM405 chipset;
I'd like to see router boards based on the IBM440EBx (again, I may be
misremembering), which is supposed to have on-proc crypto support. The
only board based on that that I've been able to find in an admittedly
short and half-hearted googling was a 5-port w/linux on flash from AMCC.


The routerboards look to be AMCC clones of the 405EP

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: bcw(4) is gone

[Marc Balmer]

Timo Schoeler wrote:

On Wed, 11 Apr 2007 16:25:14 +0200
Massimo Lusetti <[EMAIL PROTECTED]> wrote:


On Mon, 9 Apr 2007 20:20:33 -0500
Marco Peereboom <[EMAIL PROTECTED]> wrote:


GPL is as free as communism.

Please add this to fortune!

--
Massimo.run();
She's the kind of girl who climbed the ladder of success wrong by
wrong. -- Mae West


[ ] -- you read about and understood what communism is (both of you)

[X] -- I replied that late because I was busy laughing after Marco's
post

[X] -- communism isn't as bad as the GPL ;)



[X] marco is a communist

safe PF start / restart

[christian johansson]

I had to set up a linux firewall the other day, and I used the iptables
script generating program shorewall.
While pulling my hair over how ugly the iptables stuff (even via shorewall)
is compared to OpenBSDs nice clean PF syntax, I did find one very nice
feature in shorewall - safe restart.

When safe restarting, shorewall will implement all rules in the iptables
config files, then give the user a prompt: keep rules y/n?

If 'yes' the rules are kept and everyone is happy. If 'no', iptables are
disabled and all traffic let in. If no answer then default to answer 'no'
after 60 seconds.
Very useful, even if just for the added peace of mind when applying new
changes.

Is there a ready made script accomplishing this for openbsd / pf?  Or any
plans of building such functionality?

Christian

Re: Routerboard 532 Bounty

[Bret Lambert]

On Wed, 2007-04-11 at 12:05 -0500, Sam Fourman Jr. wrote:
> Well, I would like to see the router board simply because, I would
> like to make a router / switch device to replace a Linksys 54G Router,
> maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto
> and the other for a wireless device.
> 
> if anyone has any ideas or links that would be great.

The propietor of magicbox.pl, which offers powerpc-based boards, had
offered to ship hardware to any and all interested OpenBSD devs; a few
confused me as the contact point, so it looks like there was some
developer interest in that hardware, but I haven't heard anything since.

This was something like a month, month and a half ago; if any dev who
contacted that vendor could give a quick "it worked/he was jerking us
around" response, I'd love to get an update.

Those boards are (unless I'm forgetting) based in the IBM405 chipset;
I'd like to see router boards based on the IBM440EBx (again, I may be
misremembering), which is supposed to have on-proc crypto support. The
only board based on that that I've been able to find in an admittedly
short and half-hearted googling was a 5-port w/linux on flash from AMCC.

- Bert

Re: bcw(4) is gone

[Timo Schoeler]

On Wed, 11 Apr 2007 16:25:14 +0200
Massimo Lusetti <[EMAIL PROTECTED]> wrote:

> On Mon, 9 Apr 2007 20:20:33 -0500
> Marco Peereboom <[EMAIL PROTECTED]> wrote:
> 
> > GPL is as free as communism.
> 
> Please add this to fortune!
> 
> -- 
> Massimo.run();
> She's the kind of girl who climbed the ladder of success wrong by
> wrong. -- Mae West

[ ] -- you read about and understood what communism is (both of you)

[X] -- I replied that late because I was busy laughing after Marco's
post

[X] -- communism isn't as bad as the GPL ;)

Re: Why Linus Torvalds won't donate to OpenSSH

[Jack J. Woehr]

On Apr 11, 2007, at 10:26 AM, Dan Farrell wrote:

> Seriously... this is a troll.
>
> This is like electronic insurgency designed to get OBSD supporters in
> another huff with the Linux world... hasn't bcw(4) provided enough for
> that purpose?
>

Bless you , Danno. When you're right, you're right.

Further, if anyone on this list is of the nature to care what celebrity
programmers do or do not do, I suggest they go to http://www.cnn.com
and follow the adventures of Nicole Smith's baby and its putative  
fathers.
That is much meatier celebrity-fu than the rather dry and orderly life
of the justly esteemed Mr. Torvalds.

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Routerboard 532 Bounty

[Timo Schoeler]

On Wed, 11 Apr 2007 12:57:45 -0400
bofh <[EMAIL PROTECTED]> wrote:

> Out of curiousity, why do a routerboard, when you can use something
> like the following:
> 
> http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094

maybe some are not that convinced using x86? ;)

Re: Removing chmod world write support and sftp

[Nick !]

On 4/11/07, Joshua Gimer <[EMAIL PROTECTED]> wrote:

We have several production web servers and I am trying to figure out a way
to removing world write support from chmod. I have already written a wrapper
for the chmod command, but it does not seem to work within sftp; has anyone
encountered anything that could help in implementing this, or have any
suggestions


You mean, make it so that
chmod o+w
doesn't work?

Intuition from hanging around misc@ long enough tells me that there is
a good reason to keep this support, and that you're trying to solve
the wrong problem. But if you really want this you should edit chmod's
source code directly; it's simpler, and any wrapper would have to have
access to the original, and any user would have to have access to the
wrapper, and so because of the way unix permissions work any user
would still have access to chmod (I think, right?); you're not really
planning on security by obscurity are you?

-Nick

Removing chmod world write support and sftp

[Joshua Gimer]

We have several production web servers and I am trying to figure out a way
to removing world write support from chmod. I have already written a wrapper
for the chmod command, but it does not seem to work within sftp; has anyone
encountered anything that could help in implementing this, or have any
suggestions.

-- 
Thx
Joshua Gimer

Re: Routerboard 532 Bounty

[Greg Thomas]

On 4/11/07, bofh <[EMAIL PROTECTED]> wrote:

Out of curiousity, why do a routerboard, when you can use something like the
following:

http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094



Power consumption, heat, noise, unnecessary parts...

Greg

Re: Why Linus Torvalds won't donate to OpenSSH

[Nick !]

The great thing about it is that people perusing the archives will see
the trollfest and probably not get this far to see us cluing in and
being calm and civil.

-Nick

On 4/11/07, Dan Farrell <[EMAIL PROTECTED]> wrote:

Seriously... this is a troll.

This is like electronic insurgency designed to get OBSD supporters in
another huff with the Linux world... hasn't bcw(4) provided enough for
that purpose?

danno

Re: Routerboard 532 Bounty

[Sam Fourman Jr.]

On 4/11/07, bofh <[EMAIL PROTECTED]> wrote:

Out of curiousity, why do a routerboard, when you can use something like the
following:

http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094



Well, I would like to see the router board simply because, I would
like to make a router / switch device to replace a Linksys 54G Router,
maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto
and the other for a wireless device.

if anyone has any ideas or links that would be great.

Sam Fourman Jr.

Re: Routerboard 532 Bounty

[bofh]

Out of curiousity, why do a routerboard, when you can use something like the
following:

http://www.newegg.com/Product/Product.aspx?Item=N82E16813185094

Re: Why Linus Torvalds won't donate to OpenSSH

[Dan Farrell]

Seriously... this is a troll.

This is like electronic insurgency designed to get OBSD supporters in
another huff with the Linux world... hasn't bcw(4) provided enough for
that purpose?

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Martin
Sent: Wednesday, April 11, 2007 8:44 AM
To: Kernel Monkey
Cc: Damien Miller; misc@openbsd.org
Subject: Re: Why Linus Torvalds won't donate to OpenSSH

On Wednesday 11 April 2007 03:06, Kernel Monkey wrote:
> On 4/10/07, Damien Miller  wrote:
> > Two points:
> >
> > 1. Please don't post private email. (Apologies if you obtained his
> >   permission to post).
> >
> > 2. Who really cares? I'd much rather see contibutions from companies
who
> >   ship OpenSSH in their products and list "SSH support" as a feature
on
> >   their glossy brochures than shaking down other free software
> > developers.
> >
> > -d
>
> No, not my email. I saw it posted on another site. Sorry.


Well stop lying (and trolling) then !!!

You said:-

I recently wrote Linus Torvalds asking why I don't see his name listed
on the OpenBSD donations page (http://www.openbsd.org/donations.html),
since I figured he uses OpenSSH.

This was the reply I got back:

> From: Linus Torvalds <[EMAIL PROTECTED]>
> Tue, 10 Apr 2007 14:29:56 -0700 (PDT)
>
> I suspect that OpenSSH would get more funding if it was directed
directly
> to OpenSSH, and not OpenBSD, which almost nobody is interested in.
>
> As it is, how much of any money actually goes to OpenSSH development,
> rather than everything else?
>
>Linus


I thought the reply was funny.

Re: bcw(4) is gone

[Massimo Lusetti]

On Mon, 9 Apr 2007 20:20:33 -0500
Marco Peereboom <[EMAIL PROTECTED]> wrote:

> GPL is as free as communism.

Please add this to fortune!

-- 
Massimo.run();
She's the kind of girl who climbed the ladder of success wrong by
wrong. -- Mae West

Re: GPL is [blah blah blah ...]

[Matthew R. Dempsky]

On Wed, Apr 11, 2007 at 04:18:41PM +0100, Jeroen Massar wrote:
> Good that I PGP sign my messages [...]

And the mailing list strips your signatures:

> [demime 1.01d removed an attachment of type application/pgp-signature which 
> had a name of signature.asc]

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[Darrin Chandler]

Now that the subject is accurate, it's more obvious than ever that this
discussion doesn't belong here. Not only is it not relevant, but it's
been discussed to death many times, in many places.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[Jeroen Massar]

Rui Miguel Silva Seabra wrote:
> [correct the subject] ;)
>
> Qua, 2007-04-11 C s 14:26 +0100, Jeroen Massar escreveu:
>> [set the topic to make it nice and clear, this has nothing to do with
>> bcw(4) for a long time now, actually the whole thread avoided it]
>>
>> Rui Miguel Silva Seabra wrote:
>>> Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu:
 GPL is good though if you want to force people to give back the code to
 you so that you can use it in your own dual-licensed projects.
>>> This shows a fundamental lack of understanding of the way both the GPL
>>> and generic copyright work.
>>>
>>> * Nobody is forced to publish derivative works (as long as they
>>>   keep them inside doors, eg. internal usage in a company)
>>>
>>> * Dual licensing in the way you suggest would be a copyright
>>>   violation.
>> Did you actually read what I wrote, as the above two points where in my
>> text, but you deleted that from your reply. You might want to read the
>> snipped text too :) I actually made a difference between the original
>> copyright owner (who is allowed to do anything they like with the code)
>> and somebody adding their stuff, who can't relicense it. As for the
>> first 'point' you are trying to make, also covered in my text...
>
> What you also said is actually fully irrelevant, since I'm correcting
> one phrase which has TWO incorrect things, one of them a copyright
> violation. You can't dual-license other people's GPL'ed contributions.

Again, re-read what I wrote. Don't try to mingle my words as I never
wrote that, it was in one sentence yes, but the rest of the sentences
told a completely different story.

Good that I PGP sign my messages so that it is clear that I didn't write
what you think I wrote by stripping out the portions that also matter
and that without those portions the message is not mine.

Greets,
 Jeroen

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: GPL is free for forcing people to free code when they publish, not free as in free to do what you want, which is actually what free as in BSD, and real freedom ends at the tip of my nose

[Rui Miguel Silva Seabra]

[correct the subject] ;)

Qua, 2007-04-11 C s 14:26 +0100, Jeroen Massar escreveu:
> [set the topic to make it nice and clear, this has nothing to do with
> bcw(4) for a long time now, actually the whole thread avoided it]
>
> Rui Miguel Silva Seabra wrote:
> > Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu:
> >> GPL is good though if you want to force people to give back the code to
> >> you so that you can use it in your own dual-licensed projects.
> >
> > This shows a fundamental lack of understanding of the way both the GPL
> > and generic copyright work.
> >
> > * Nobody is forced to publish derivative works (as long as they
> >   keep them inside doors, eg. internal usage in a company)
> >
> > * Dual licensing in the way you suggest would be a copyright
> >   violation.
>
> Did you actually read what I wrote, as the above two points where in my
> text, but you deleted that from your reply. You might want to read the
> snipped text too :) I actually made a difference between the original
> copyright owner (who is allowed to do anything they like with the code)
> and somebody adding their stuff, who can't relicense it. As for the
> first 'point' you are trying to make, also covered in my text...

What you also said is actually fully irrelevant, since I'm correcting
one phrase which has TWO incorrect things, one of them a copyright
violation. You can't dual-license other people's GPL'ed contributions.

> PS: Please realize that some people want a different kind of freedom
> than that other people want, respect that: take your pick, go GPL or
> BSD, but don't try to force your religion on other people. You might end
> up getting Jehova's witnesses on your neck ;)

Please realize that I didn't raise that issue, *you* did.

I merely focused on two quite simple technical details which you failed
to understand: one of the GPL and another of copyright law.

Rui

--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

OpenBSD Firewall and ddb{1}

[Neil Joseph Schelly]

I've got two OpenBSD 3.9 firewall/router in a CARP configuration.  They are 
both IBM NetFinity 40004 servers with dual P3 650MHz chips and 512MB of 
memory each.  Twice now, the backup firewall has disappeared from my Nagios 
monitoring and I've found (through remote serial console) only a ddb{1}> 
prompt.

According to man ddb, this can happen when the kernel panics or when a break 
signal is sent from the console (and ddb.console is set to 1).  In my case, 
no one is using the console at these times and ddb.console is set to 0 
anyway.  However, "show panic" seems to indicate it wasn't a kernel panic 
either:

ddb{1}> show panic
the kernel did not panic

I feel like I'm missing something obvious here.  Is there some undocumented 
condition that can cause a system to crash to ddb or am I investigating the 
panic wrong? I tried using trace and hangman to gather more information, but 
hangman just confused the hell out of me and the trace command gave me: 
apm_cpu_idle(0,0,0,0,0) at apm_cpu_idle+0x4a

After a little more investigative commands, I started only to get "Faulted in 
DDB; continuing..." and tried rebooting.  "boot dump" yielded a nonresponsive 
system and a trip to the datacenter to cold boot the machine.

Anyone have any ideas?  Perhaps I can disable part of APM and avoid this 
problem in the future?  What other techniques can I use to debug this if it 
happens again - is there a good doc out there that is a little more 
descriptive than man ddb?

-- 
Regards,
Neil Schelly
Senior Systems Administrator

W: 978-667-5115 x213
M: 508-410-4776

OASIS Open http://www.oasis-open.org
"Advancing E-Business Standards Since 1993"

Re: Why Linus Torvalds won't donate to OpenSSH

[Martin]

Nice bounce...

Hi. This is the qmail-send program at chaossolutions.org.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
64.233.167.27 does not like recipient.
Remote host said: 550 5.1.1 No such user f77si15306557pyh
Giving up on 64.233.167.27.

I suppose that says it all.

GPL is free for forcing people to free code, not free as in free to do what you want, which is actually what free as in BSD and real freedom is (Was: bcw(4) is gone)

[Jeroen Massar]

[set the topic to make it nice and clear, this has nothing to do with
bcw(4) for a long time now, actually the whole thread avoided it]

Rui Miguel Silva Seabra wrote:
> Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu:
>> GPL is good though if you want to force people to give back the code to
>> you so that you can use it in your own dual-licensed projects.
>
> This shows a fundamental lack of understanding of the way both the GPL
> and generic copyright work.
>
>   * Nobody is forced to publish derivative works (as long as they
> keep them inside doors, eg. internal usage in a company)
>
>   * Dual licensing in the way you suggest would be a copyright
> violation.

Did you actually read what I wrote, as the above two points where in my
text, but you deleted that from your reply. You might want to read the
snipped text too :) I actually made a difference between the original
copyright owner (who is allowed to do anything they like with the code)
and somebody adding their stuff, who can't relicense it. As for the
first 'point' you are trying to make, also covered in my text...

PS: Please realize that some people want a different kind of freedom
than that other people want, respect that: take your pick, go GPL or
BSD, but don't try to force your religion on other people. You might end
up getting Jehova's witnesses on your neck ;)

Greets,
 Jeroen

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

request for new [nl] translators of OpenBSD's web pages

[Steven Mestdagh]

hi,

As you might know, the OpenBSD web pages are translated in a number of
different languages as explained on
http://www.openbsd.org/translation.html

Currently, the [nl] translation team, consisting of Jasper and myself,
is looking for new contributors who can maintain the existing translation
or even add new translated pages.

To get an idea of what this work involves, please read
http://www.openbsd.org/translation-explained.html

If you are interested in contributing to OpenBSD this way, please
contact me by private mail.

steven

Re: bcw(4) is gone

[Rui Miguel Silva Seabra]

Seg, 2007-04-09 C s 18:29 +0100, Jeroen Massar escreveu:
> GPL is good though if you want to force people to give back the code to
> you so that you can use it in your own dual-licensed projects.

This shows a fundamental lack of understanding of the way both the GPL
and generic copyright work.

* Nobody is forced to publish derivative works (as long as they
  keep them inside doors, eg. internal usage in a company)

* Dual licensing in the way you suggest would be a copyright
  violation.

Rui

--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: date -u gives wrong timezone output?

[Pierre Lamy]

GMT is the timezone, UTC is the time.

P

jared r r spiegel wrote:
> On Tue, Apr 10, 2007 at 06:17:58PM -0400, Nick ! wrote:
>   
>> On 4/10/07, Markus Bergkvist <[EMAIL PROTECTED]> wrote:
>> 
>>> Hi,
>>>
>>> 'date -u' on a 4.0 -stable will give something like
>>> Tue Apr 10 22:03:24 GMT 2007
>>> but shouldn't it be
>>> Tue Apr 10 22:03:24 UTC 2007
>>>   
>> UTC = GMT for all that we care about.
>> [[http://en.wikipedia.org/wiki/Coordinated_Universal_Time]]
>> 
>
>   i could be wrong here, but perhaps he is not suggesting
>   that there is any wallclock difference between GMT and UTC,
>   but rather that the manpage for date(1) says:
>
> ---
>  -u  Display or set the date in UTC (Coordinated Universal) time.
> ---
>
>   as opposed to "... date in GMT ...", also as implied by how it is
>   '-u' and not '-g'
>
>   least, that was my reaction to his post?

Re: Why Linus Torvalds won't donate to OpenSSH

[Martin]

On Wednesday 11 April 2007 03:06, Kernel Monkey wrote:
> On 4/10/07, Damien Miller  wrote:
> > Two points:
> >
> > 1. Please don't post private email. (Apologies if you obtained his
> >   permission to post).
> >
> > 2. Who really cares? I'd much rather see contibutions from companies who
> >   ship OpenSSH in their products and list "SSH support" as a feature on
> >   their glossy brochures than shaking down other free software
> > developers.
> >
> > -d
>
> No, not my email. I saw it posted on another site. Sorry.


Well stop lying (and trolling) then !!!

You said:-

I recently wrote Linus Torvalds asking why I don't see his name listed
on the OpenBSD donations page (http://www.openbsd.org/donations.html),
since I figured he uses OpenSSH.

This was the reply I got back:

> From: Linus Torvalds <[EMAIL PROTECTED]>
> Tue, 10 Apr 2007 14:29:56 -0700 (PDT)
>
> I suspect that OpenSSH would get more funding if it was directed directly
> to OpenSSH, and not OpenBSD, which almost nobody is interested in.
>
> As it is, how much of any money actually goes to OpenSSH development,
> rather than everything else?
>
>Linus


I thought the reply was funny.

Veja as novas imagens publicadas do Tsunami

[Globo Videos]

[IMAGE]

[IMAGE]

10/04/2007 - 08h14 - Atualizado em 10/04/2007
Nzmero de mortos apss o tsunami e terremoto que atingiram as Ilhas
Salomco, no Oceano Pacmfico, no zltimo dia 2, aumentou para 43. E ha
ainda cerca de 60 pessoas desaparecidas. A informagco foi publicada na
edigco desta terga-feira. do pams Solomon Star. Antes, o nzmero de
mortes era de 34.

2000-2007 Globo.com. Todos os direitos reservados.

Re: verifying ntp via GPS configuration?

[James Hartley]

On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
>
> Very likely you Sun uses different serial ports than cua00. Check your
> dmesg to see which driver is uses, then use the driver man page to
> determine the /dev node to use.
>

I'm must be blind for I'm not seeing anything.  dmesg below:

console is keyboard/display
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 4.0 (GENERIC) #953: Sun Sep 17 00:56:22 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 536870912
avail memory = 479698944
using 3276 buffers containing 26836992 bytes of memory
bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL 
PROTECTED],0
mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU
cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external
(64 b/l)
psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0
psycho0: bus range 0-2, PCI bus 0
psycho0: dvma map c000-dfff, iotdb 26a8000-2728000
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
pci1 at ppb0 bus 1
ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
72c000-72c003, 72f000-72f003
power0 at ebus0 addr 724000-724003 ipl 37
"SUNW,pll" at ebus0 addr 504000-504002 not configured
sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0
sabtty1 at sab0 port 1
comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 33
wskbd0 at comkbd0: console keyboard
com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo
lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34:
polled
"fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39
not configured
clock1 at ebus0 addr 0-1fff: mk48t59
"flashprom" at ebus0 addr 0-f not configured
audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f,
722000-722003 ipl 35 ipl 36: nva
ddrs 0
audio0 at audioce0
hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address
08:00:20:c1:66:b7
nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1
vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c
wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0
pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA,
channel 0 configured to nat
ive-PCI, channel 1 configured to native-PCI
pciide0: using ivec 0x7e0 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
pci2 at ppb1 bus 2
ohci0 at pci2 dev 1 function 0 "NEC USB" rev 0x43: ivec 0x7d0, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci2 dev 1 function 1 "NEC USB" rev 0x43: ivec 0x7d1, version 1.0
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci2 dev 1 function 2 "NEC USB" rev 0x04: ivec 0x7d2
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 5 ports with 5 removable, self powered
pcons at mainbus0 not configured
No counter-timer -- using %tick at 440MHz as system clock.
root on wd0a
rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02
syncing disks...

Re: verifying ntp via GPS configuration?

[Otto Moerbeek]

On Wed, 11 Apr 2007, James Hartley wrote:

> On 4/11/07, Otto Moerbeek <[EMAIL PROTECTED]> wrote:
> > 
> > Very likely you Sun uses different serial ports than cua00. Check your
> > dmesg to see which driver is uses, then use the driver man page to
> > determine the /dev node to use.
> > 
> 
> I'm must be blind for I'm not seeing anything.  dmesg below:

sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0
sabtty1 at sab0 port 1

man sab gives: /dev/ttyh[0-1] 

No separate callout device, it looks like.

-Otto

> 
> console is keyboard/display
> Copyright (c) 1982, 1986, 1989, 1991, 1993
>The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2006 OpenBSD. All rights reserved.
> http://www.OpenBSD.org
> 
> OpenBSD 4.0 (GENERIC) #953: Sun Sep 17 00:56:22 MDT 2006
>[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
> total memory = 536870912
> avail memory = 479698944
> using 3276 buffers containing 26836992 bytes of memory
> bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL 
> PROTECTED],0
> mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 440MHz)
> cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU
> cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K external
> (64 b/l)
> psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0
> psycho0: bus range 0-2, PCI bus 0
> psycho0: dvma map c000-dfff, iotdb 26a8000-2728000
> pci0 at psycho0
> ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
> pci1 at ppb0 bus 1
> ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01
> auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
> 72c000-72c003, 72f000-72f003
> power0 at ebus0 addr 724000-724003 ipl 37
> "SUNW,pll" at ebus0 addr 504000-504002 not configured
> sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
> sabtty0 at sab0 port 0
> sabtty1 at sab0 port 1
> comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 33
> wskbd0 at comkbd0: console keyboard
> com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo
> lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34:
> polled
> "fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39
> not configured
> clock1 at ebus0 addr 0-1fff: mk48t59
> "flashprom" at ebus0 addr 0-f not configured
> audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f,
> 722000-722003 ipl 35 ipl 36: nva
> ddrs 0
> audio0 at audioce0
> hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address
> 08:00:20:c1:66:b7
> nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1
> vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c
> wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0
> pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA,
> channel 0 configured to nat
> ive-PCI, channel 1 configured to native-PCI
> pciide0: using ivec 0x7e0 for native-PCI interrupt
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
> wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
> removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
> pci2 at ppb1 bus 2
> ohci0 at pci2 dev 1 function 0 "NEC USB" rev 0x43: ivec 0x7d0, version 1.0
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0
> uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1
> uhub0: 3 ports with 3 removable, self powered
> ohci1 at pci2 dev 1 function 1 "NEC USB" rev 0x43: ivec 0x7d1, version 1.0
> usb1 at ohci1: USB revision 1.0
> uhub1 at usb1
> uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1
> uhub1: 2 ports with 2 removable, self powered
> ehci0 at pci2 dev 1 function 2 "NEC USB" rev 0x04: ivec 0x7d2
> usb2 at ehci0: USB revision 2.0
> uhub2 at usb2
> uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1
> uhub2: 5 ports with 5 removable, self powered
> pcons at mainbus0 not configured
> No counter-timer -- using %tick at 440MHz as system clock.
> root on wd0a
> rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02
> syncing disks...

Flusing rules for specific interface

[carlopmart]

Hi all,

 Is it possible to flush rules for a specific interface under OpenBSD 4.0? For 
example, I have two dsl lines and i would use only one pf.conf file with 
ifstated. When one link comes down I would like to do something like this:


 "pfctl -i ext2_if -F rules" (only flush actually rules for ext2_if).

 I have tried but doesn't works ... Somebody knows if I could do it??

many thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re:

[Ivan Birin]

Hi there!


I need to know if Atheros AR5005G Wifi Network Adapter and Marvell
Yukon 88E8038 PCI-E Fast Ethernet Controller are already supported in
OBSD 4.0 or will be in the next release. I bought me a laptop built-in
with these and I'd love to have OpenBSD on it rather than any other OS.


I have the same hardware in my notebook.
AR5005G doesn't work in 4.0, but work in current.
And in my configuration, both cards (AR5005G and Marvell) works only
if "enable acpi" in boot UKC with GENERIC kernel.

Re: verifying ntp via GPS configuration?

[Otto Moerbeek]

On Wed, 11 Apr 2007, James Hartley wrote:

> I have questionable ntp foo, & searching through the misc@ archives along
> with reading the FAQ has only gotten me so far.  I have a Garmin 18 GPS:
> 
> http://www.amazon.com/gp/product/B000196BW6/104-8542380-5084714
> 
> ...which is connected to the serial port of a Sun Ultra 10.  I am unable to
> determine whether I'm stylin' or out in the weeds when it comes to
> configuring ntp via GPS:
> 
> # nmeaattach cua00
> # ntpd -ds &
> [1] 30616
> # ntp engine ready
> sensor nmea0 added

Very likely you Sun uses different serial ports than cua00. Check your
dmesg to see which driver is uses, then use the driver man page to
determine the /dev node to use.

-Otto

> 
> ...which appears fine as does ps' output:
> 
> USER   PID %CPU %MEM   VSZ   RSS TT   STAT STARTED   TIME COMMAND
> ...
> root 16741  0.0  0.0   32080 ??  Is11:50PM0:00.00 nmeaattach
> cua00
> root 30616  0.0  0.2   536  1240 p0  I 11:50PM0:00.06 ntpd:
> [priv] (ntpd)
> _ntp 12162  0.0  0.2   536  1136 p0  I 11:50PM0:00.03 ntpd: ntp
> engine (ntpd)
> ...
> 
> However, searching for the associated sensor didn't generate any warm &
> fuzzies:
> 
> # sysctl hw
> hw.machine=sparc64
> hw.model=SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU
> hw.ncpu=1
> hw.byteorder=4321
> hw.physmem=536870912
> hw.usermem=536403968
> hw.pagesize=8192
> hw.disknames=wd0,cd0
> hw.diskcount=2
> hw.vendor=Sun
> hw.product=Ultra 5/10 UPA/PCI
> #
> 
> ...and the only message emitted to stdout/stderr is:
> 
> # no reply received in time, skipping initial time setting
> 
> Looking at /var/log/daemon only shows:
> 
> Apr 10 22:36:42 shockley ntpd[21535]: ntp engine ready
> Apr 10 22:36:43 shockley savecore: no core dump
> 
> Can anyone help educate an ntp neophyte?
> 
> Thanks.

verifying ntp via GPS configuration?

[James Hartley]

I have questionable ntp foo, & searching through the misc@ archives along
with reading the FAQ has only gotten me so far.  I have a Garmin 18 GPS:

http://www.amazon.com/gp/product/B000196BW6/104-8542380-5084714

...which is connected to the serial port of a Sun Ultra 10.  I am unable to
determine whether I'm stylin' or out in the weeds when it comes to
configuring ntp via GPS:

# nmeaattach cua00
# ntpd -ds &
[1] 30616
# ntp engine ready
sensor nmea0 added

...which appears fine as does ps' output:

USER   PID %CPU %MEM   VSZ   RSS TT   STAT STARTED   TIME COMMAND
...
root 16741  0.0  0.0   32080 ??  Is11:50PM0:00.00 nmeaattach
cua00
root 30616  0.0  0.2   536  1240 p0  I 11:50PM0:00.06 ntpd:
[priv] (ntpd)
_ntp 12162  0.0  0.2   536  1136 p0  I 11:50PM0:00.03 ntpd: ntp
engine (ntpd)
...

However, searching for the associated sensor didn't generate any warm &
fuzzies:

# sysctl hw
hw.machine=sparc64
hw.model=SUNW,UltraSPARC-IIi @ 440 MHz, version 0 FPU
hw.ncpu=1
hw.byteorder=4321
hw.physmem=536870912
hw.usermem=536403968
hw.pagesize=8192
hw.disknames=wd0,cd0
hw.diskcount=2
hw.vendor=Sun
hw.product=Ultra 5/10 UPA/PCI
#

...and the only message emitted to stdout/stderr is:

# no reply received in time, skipping initial time setting

Looking at /var/log/daemon only shows:

Apr 10 22:36:42 shockley ntpd[21535]: ntp engine ready
Apr 10 22:36:43 shockley savecore: no core dump

Can anyone help educate an ntp neophyte?

Thanks.

Re: Why Linus Torvalds won't donate to OpenSSH

[Timo Schoeler]

On Wed, 11 Apr 2007 17:27:48 +1000 (EST)
Damien Miller <[EMAIL PROTECTED]> wrote:

> On Wed, 11 Apr 2007, Timo Schoeler wrote:
> 
> > Which commercial *NIX that's still alive is more of a security
> > thread and covered with the same level of stability problems as
> > GNU/Linux? One really stops counting remote exploits for GNU/Linux
> > very soon, otherwise one would have to dedicate one's whole life to
> > do so, it's that time consuming.
> 
> That's nice, but what does bashing other operating systems have to do
> with OpenBSD?

bashing? me? never! just facing the truth.

timo :)

[now let's stop abusing electrons for discussing the totally
meaningless opinion of a selfish loser -- linus']

Re: Why Linus Torvalds won't donate to OpenSSH

[Damien Miller]

On Wed, 11 Apr 2007, Timo Schoeler wrote:

> Which commercial *NIX that's still alive is more of a security thread
> and covered with the same level of stability problems as GNU/Linux? One
> really stops counting remote exploits for GNU/Linux very soon,
> otherwise one would have to dedicate one's whole life to do so, it's
> that time consuming.

That's nice, but what does bashing other operating systems have to do
with OpenBSD?

-d

Re: Why Linus Torvalds won't donate to OpenSSH

[Timo Schoeler]

On Wed, 11 Apr 2007 16:27:55 +0930
"Adam Hawes" <[EMAIL PROTECTED]> wrote:

> > I recently wrote Linus Torvalds asking why I don't see his name
> > listed on the OpenBSD donations page
> > (http://www.openbsd.org/donations.html), since I figured he uses
> > OpenSSH.
> 
> Apart from the fact that was a private email from Linus to you and you
> broadcast it publically (if you really did email him and he really did
> reply) who cares what Linus thinks?
> 
> He is over there with his little chubby baby called Linux.  He's like
> any other parent.  He thinks his chubby wrinkly bubby is the best one.
> Let him have that - his chubby baby is a damned sight better behaved
> than the babies of a certain ugly commercial parent.

Which commercial *NIX that's still alive is more of a security thread
and covered with the same level of stability problems as GNU/Linux? One
really stops counting remote exploits for GNU/Linux very soon,
otherwise one would have to dedicate one's whole life to do so, it's
that time consuming.

> If Linus comes in here and starts demanding features be added to
> OpenSSH then you can pull him up on whether he donates or not.  Until
> then live and let live.
> 
> (and what Damian said)
> 
> A

Re: Routerboard 532 Bounty

[Karl Sjödahl - dunceor]

On 4/10/07, anon trol <[EMAIL PROTECTED]> wrote:

I'm not sure where to ask this; so, I thought I'd start here in "misc"
first.

I think I have convinced myself that I want to sponsor an architecture port
effort.  Specifically, I would like to see OpenBSD ported to the Routerboard
532 (IDT MIPS32 4Kc processor).  After STFW, I see that a few other people
have posted questions about this in the past without a lot of positive
response (it seems that there might have been a port that would have been
suitable at one point in time, but is no longer part of the current
distribution).  I'm curious what the non-technical (finical) stewardship
requirements might be for bringing back a dropped architecture and making
sure that it works on a very specific set of target boards (starting with
the 532).

I don't think this is too much of a technical undertaking (but at the moment
it's beyond my ability and time constraints)... the routerboard 532 boots
off of compaq flash (no need to muck about with the on-board flash).  The
only things that worry me are the slim resources (64MB  of memory max) and
support for the first NIC (IDT Korina 10/100 Mbit/s Fast Ethernet port).  I
would be willing to forgo support for the IDT NIC just to get things started
quickly (the other NICs are VIA VT6105).   I would want support for at least
one commodity 802.11(series) wireless NIC in both the 2.4ghz and 5ghz
ranges.  Other potential issue include the funky bootstrap code (which looks
for ELF), custom BIOS and MIPS endedness.

I don't want this to be a goatrope where I send off a bunch a Routerboard
hardware and nobody even tries to collect the bounty, but I know the OpenBSD
project has a pretty good reputation for getting things done when equipment
and funds are provided (if I'm off mark with that semi-acquired assumption,
please someone fill me in off-line).

Where do I start and who do I need to talk to?




I have been interested in this before and I'm thinkin of ordering a
routerboard just because I need a new router.

This task is rather big though. Sure one could start with the
evmips-port from NetBSD (there was a mail about supporting MIPS 4kc
would probobly only be to add some strings for it) but it still needs
to be ported to OpenBSD which is probobly a rather big task.

The 32mb RAM (Routerboard 532 has 32 mb RAM and Routerboard 532A has
64 MB) is not a problem, I have run OpenBSD on x86 with 16mb RAM
without problems.

The problem I see is to get it to boot of good, and to port the flash.
When those two task are done the rest of the drivers will probobly not
be that much of a problem. I think there is a Realtek ethernet on it
which is already supported by OpenBSD.

This is for sure an interesting board and there are turning up more
and more MIPS based router that would be great to be able to run
OpenBSD at.

Is there anybody already working on this?

BR
dunceor

Re: Why Linus Torvalds won't donate to OpenSSH

[Kernel Monkey]

On 4/10/07, Damien Miller  wrote:

Two points:

1. Please don't post private email. (Apologies if you obtained his
  permission to post).

2. Who really cares? I'd much rather see contibutions from companies who
  ship OpenSSH in their products and list "SSH support" as a feature on
  their glossy brochures than shaking down other free software developers.

-d



No, not my email. I saw it posted on another site. Sorry.