Re: Preventing man-in-the-middle attack on authpf?

[Ted Unangst]

On 5/7/07, Darren Spruell <[EMAIL PROTECTED]> wrote:

On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote:
> An attacker sets up a system with two wireless NICs: one associated to
> my network and another configured as an access point pretending to be
> an access point for my network.  He runs a DHCP server on the AP
> interface and NATs traffic to my network.  (I can imagine a
> sufficiently clever bridge setup that would be even harder to detect,
> but I don't know for certain if it could work.)

SSH makes provisions for detection/prevention of MITM attacks by
cryptographically verifying host identities. Assuming you use SSHv2
and the client verifies the fingerprint of the server's public key is
accurate, identity of the destination system can be assured.


1.  where do you get the fingerprint for the first connection?

2.  that's not the problem described.  how does ssh know that its
connection is being NATed?

Softupdates question

[George C]

I've just stumbled across the SoftUpdates section in the FAQ, and was rather
surprised that I had never seen/heard of this feature before.  Before
I mount any
partition using softdep, I thought I'd google, browse the archives, etc. for any
information about when/where they should be used.

Although I've found a plethora of information about soft updates, much of it is
either contradictory or incomplete I thought I'd ask here for clarification.

Is it always best to mount /, /tmp, /usr, /var, /home with softdep?
Under what curcumstances would it not be appropriate?

I have a few machines running a busy website (mounted on /var/www) and two
fairly-busy databases (mysql mounted on /var/www and postgresql mounted on
/var/postgresql).
All these machines have a perc5 raid controller using mfi driver does that
make a difference?

Running 4.1 MP + patches on all machines (just got the CDs and it's
awesome!)...dmesg below.

-George

p.s. Thanks for the new release!  I'm already enjoying it! (and the poster!)


OpenBSD 4.1 (GENERIC.MP) #2: Sun May  6 18:14:39 EDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR
real mem  = 2146697216 (2096384K)
avail mem = 1951940608 (1906192K)
using 4278 buffers containing 107458560 bytes (104940K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 10/18/06, BIOS32 rev. 0 @
0xffe90, SMBIOS rev. 2.4 @ 0x7ffbc000 (62 entries)
bios0: Dell Inc. PowerEdge 2900
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfada0/432 (25 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 6321ESB LPC" rev 0x00)
pcibios0: PCI bus #16 is the last bus
bios0: ROM list: 0xc/0x9000! 0xc9000/0x1000 0xca000/0x1800
0xcb800/0x5200 0xec000/0x4000!
acpi at mainbus0 not configured
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 332 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR
cpu2 at mainbus0: apid 6 (application processor)
cpu2: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR
cpu3 at mainbus0: apid 7 (application processor)
cpu3: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type PCI
mainbus0: bus 4 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type PCI
mainbus0: bus 8 is type PCI
mainbus0: bus 9 is type PCI
mainbus0: bus 10 is type PCI
mainbus0: bus 11 is type PCI
mainbus0: bus 12 is type PCI
mainbus0: bus 13 is type PCI
mainbus0: bus 14 is type PCI
mainbus0: bus 15 is type PCI
mainbus0: bus 16 is type PCI
mainbus0: bus 17 is type ISA
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 9
ioapic2 at mainbus0: apid 10 pa 0xfec83000, version 20, 24 pins
ioapic2: misconfigured as apic 0, remapped to apid 10
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x12
ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x12
pci1 at ppb0 bus 6
ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
pci2 at ppb1 bus 7
ppb2 at pci2 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
pci3 at ppb2 bus 8
ppb3 at pci3 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xc2
pci4 at ppb3 bus 9
bnx0 at pci4 dev 0 function 0 "Broadcom BCM5708" rev 0x11: apic 8 int 16 (irq 5)
ppb4 at pci2 dev 1 function 0 "Intel 6321ESB PCIE" rev 0x01
pci5 at ppb4 bus 10
ppb5 at pci1 dev 0 function 3 "Intel 6321ESB PCIE-PCIX" rev 0x01
pci6 at ppb5 bus 11
ral0 at pci6 dev 2 function 0 "Ralink RT2561S" rev 0x00: apic 9 int 4
(irq 5), address 00:0e:2e:8d:26:66
ral0: MAC/BBP RT2561C, RF RT2527
ppb6 at pci0 dev 3 function 0 "Intel 5000 PCIE" rev 0x12
pci7 at ppb6 bus 12
ppb7 at pci0 dev 4 function 0 "Intel 5000 PCIE" rev 0x12
pci8 at ppb7 bus 13
ppb8 at pci0 dev 5 function 0 "Intel 5000 PCIE" rev 0x12
pci9 at ppb8 bus 1
ppb9 

Re: Preventing man-in-the-middle attack on authpf?

[Darren Spruell]

On 5/7/07, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote:

Suppose I setup a wireless network and use authpf to restrict access
to some resource (e.g., Internet access) to registered users.  It
seems there's a fairly simple man-in-the-middle attack:

An attacker sets up a system with two wireless NICs: one associated to
my network and another configured as an access point pretending to be
an access point for my network.  He runs a DHCP server on the AP
interface and NATs traffic to my network.  (I can imagine a
sufficiently clever bridge setup that would be even harder to detect,
but I don't know for certain if it could work.)

A legitimate user (e.g., a university student) sits down somewhere in
range of the fake AP but outside of range of any legit APs (in a part
of campus not yet with wifi access, or where the signal is low, or
where the attacker has unplugged the APs), and connects his laptop to
my network via the attacker's fake network.  The user ssh's to
authpf.mydomain.com, but his connection is NAT'd via the attacker's
system, and so my gateway now assumes all traffic from the attacker's
IP belongs to the duped user.

Is there anything I'm forgetting that makes this attack infeasible?


SSH makes provisions for detection/prevention of MITM attacks by
cryptographically verifying host identities. Assuming you use SSHv2
and the client verifies the fingerprint of the server's public key is
accurate, identity of the destination system can be assured.

DS

Preventing man-in-the-middle attack on authpf?

[Matthew R. Dempsky]

Suppose I setup a wireless network and use authpf to restrict access
to some resource (e.g., Internet access) to registered users.  It
seems there's a fairly simple man-in-the-middle attack:

An attacker sets up a system with two wireless NICs: one associated to
my network and another configured as an access point pretending to be
an access point for my network.  He runs a DHCP server on the AP
interface and NATs traffic to my network.  (I can imagine a
sufficiently clever bridge setup that would be even harder to detect,
but I don't know for certain if it could work.)

A legitimate user (e.g., a university student) sits down somewhere in
range of the fake AP but outside of range of any legit APs (in a part
of campus not yet with wifi access, or where the signal is low, or
where the attacker has unplugged the APs), and connects his laptop to
my network via the attacker's fake network.  The user ssh's to
authpf.mydomain.com, but his connection is NAT'd via the attacker's
system, and so my gateway now assumes all traffic from the attacker's
IP belongs to the duped user.

Is there anything I'm forgetting that makes this attack infeasible?
If not, is there anything that can be done to prevent it?

Re: Routing to host over IPsec

[RW]

On Mon, 7 May 2007 23:01:15 -0600, Joel Knight wrote:

>--- Quoting RW on 2007/04/30 at 16:52 +1000:
>
>> Existing setup:
>> 
>> Head Office: 
>> WAN IP=165.x.y.z
>> LAN = 172.22.22.0/24
>> Extranet gateway = 10.x.y.1
>> 
>> Branch Office:
>> WAN IP=150.x.y.z
>> LAN= 172.22.23.0/24
>> 
>> IPsec endpoints are OpenBSD firewalls and LAN to LAN connectivity is
>> fine.
>> 
>> My challenge is to get traffic to pass from a host on the Branch LAN
>> over the IPsec tunnel to a host on the Extranet via gateway 10.x.y.1.
>> 
>> If I could add a route entry that used  the LAN IP of the H/O firewall
>> life would be easy but of course addresses the are only visible through
>> IPsec don't appear in the routing table to be used as the next hop.
>> 
>> Is there a way to do this using either route or pf or ipsec itself?
>> Some other method?
>> 
>> I have to be able to get traffic to several hosts on the extranet (and
>> get the replies back!) and they are only reachable via the extranet
>> gateway on the head office firewall.
>> 
>> Cluestick, anybody?
>
>
>Setup your flows appropriately on the branch ipsec gateway to get
>traffic over the tunnel and to the head office. On the HO endpoint,
>setup a normal route to push the traffic to the extranet gateway.
>

Thanx for replying.

For the record:
All the flows needed to do FW<->FW + LAN<->FW + FW<->LAN + LAN<->LAN
were already setup and working just fine.

A route doesn't need to be added at HO to find the extranet as it
terminates on the firewall just as the tunnel did.

What solved it for me was to add a flow from the branch LAN to the
extranet IP on the f/wall and vice versa.

That is probably bleedin' obvious to IPsec gurus (which I ain't) but
intuition said that I should be able to do it with some routing entries
alone.

Not so, it seems.

Rod/
"Write a wise saying and your name will live on forever."  - Anonymous

Re: Routing to host over IPsec

[Joel Knight]

--- Quoting RW on 2007/04/30 at 16:52 +1000:

> Existing setup:
> 
> Head Office: 
> WAN IP=165.x.y.z
> LAN = 172.22.22.0/24
> Extranet gateway = 10.x.y.1
> 
> Branch Office:
> WAN IP=150.x.y.z
> LAN= 172.22.23.0/24
> 
> IPsec endpoints are OpenBSD firewalls and LAN to LAN connectivity is
> fine.
> 
> My challenge is to get traffic to pass from a host on the Branch LAN
> over the IPsec tunnel to a host on the Extranet via gateway 10.x.y.1.
> 
> If I could add a route entry that used  the LAN IP of the H/O firewall
> life would be easy but of course addresses the are only visible through
> IPsec don't appear in the routing table to be used as the next hop.
> 
> Is there a way to do this using either route or pf or ipsec itself?
> Some other method?
> 
> I have to be able to get traffic to several hosts on the extranet (and
> get the replies back!) and they are only reachable via the extranet
> gateway on the head office firewall.
> 
> Cluestick, anybody?


Setup your flows appropriately on the branch ipsec gateway to get
traffic over the tunnel and to the head office. On the HO endpoint,
setup a normal route to push the traffic to the extranet gateway.





.joel

Re: Thecus N2100 and RAID 1

[Bryan Vyhmeister]

On May 7, 2007, at 4:11 PM, Joachim Schipper wrote:


On Mon, May 07, 2007 at 02:02:19PM -0700, Bryan Vyhmeister wrote:

On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote:


I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but
with 512MB RAM it's acceptable.


Would ccd(4) be any faster? Also, what sort of RAM does it take?
Thanks for your response.


ccd is likely to be slightly faster, but it *will* eat your data. Just
stick with RAIDframe, or hardware RAID, or the upcoming softraid (like
RAIDframe, but newer and shinier; I presume it'll be announced on
undeadly.org one of these days). Worrying about ccd/RAIDframe memory
usage really isn't necessary; both don't use memory on a scale that  
you

will notice with that amount of memory in the box.


So you are saying that ccd(4) has reliability problems? I actually  
meant to ask what type of physical memory does the box take. Thanks  
for your response.


Bryan

Re: malo driver

[Default User]

On Sun, 2007-05-06 at 11:14 +0200, Henning Brauer wrote:
> * Default User <[EMAIL PROTECTED]> [2007-05-05 05:03]:
> > cbb0 at pci1 dev 4 function 0 "ENE CB-1410 CardBus" rev
> > 0x01pci_intr_map: no mapping for pin A
> > : couldn't map interrupt
> 
> there's your problem, your cardbus slot is not working
> 


Ouch! Bad news. 

Well, I guess that explains it.  It never occurred to me that there
would be a problem with the computer itself. Anyway, Thanks for the
info. 

Re: Prevent circumventing dansguardian with pf

[Open Phugu]

On 5/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

>From: Sebastian Benoit <[EMAIL PROTECTED]>
>
>If you want deny users the possiblility to smuggle data outside of
their
>workplace (or whatever) then don't connect them to the internet.

No, no, no.  You must go one step beyond this if you want to
prevent employees from smuggling data.  To do this properly, copy
machines should be remove!  Pen, pencils and papers removed!
Employees should be searched for thumb drives, zip drive, floppy
drives, tape recorders, papers, cd's, dvd's, and burners.  It's
better to strip search them just to be sure.  As a matter of fact,
because humans are so innovative, all materials should be removed
from the office because I'm sure someone will come up with some way
to write something down.  Oh, don't forget to remove phones, faxes
and cell phones, and cameras.  You should only hire people who
don't know how to read or write to reduce the work load of
preventing others from smuggling data.  It's probably best that
they don't know how to receive or transmit any form of
language/communication either.

Also, make the whole building a large faraday cage to prevent them
from using radio communication. And have automatic direction-finding
recievers to triangulate the location of (l)users who attempt to use
radio. In fact, there is a much cheaper method: don't hire humans.
_Every_ compromise of security or instance of data exfiltration has
been traced back to a human action. If you don't have humans, you
don't have problems.

Re: booteasy fate?

[Nick Holland]

Michael Dexter wrote:
> Hello,
> 
> I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting that 
> it was part of the distribution but I do not see it listed for 3.7 and newer. 
> I do not see a 3.7 changelist entry for it and I the online man pages to not 
> seem to refer to it. From the looks however, it was an official OpenBSD boot 
> manager.
> 
> I fold! What was it and what happend to it?

wrap your lines...

It was a third-party boot manager, included for convenience
of the users.  It was most certainly not an "official OpenBSD
boot manager".  It was never in the CVS tree, it was never
maintained by OpenBSD developers, it was just slapped in for
people in case they needed it.  It seems they don't.

However, from memory and a little superficial checking,
  1) It wasn't LBA capable (OpenBSD newly was then)
  2) License was uncertain/non-existent
  3) It was relatively unmaintained
  4) there are lots of other boot managers out there

Since it was removed, I think you are the first person to notice
its absence.  Heck, it took you this long to notice!  If
developers had been testing or maintaining it, that would have
been wasted effort.  If developers hadn't been testing and
maintaining it, it would be unmaintained junk we were shipping.
Neither is good.

Haven't found much use for a "boot manager" myself.  But then,
there are over 20 computers in this room, and this isn't
the storage area...multibooting is a complete waste of time
for me. :)  (argh. just counted, without getting out of my
chair, more like 30 computers...probably more.  At least eight
different platforms.  I need help.)

Nick.

OpenBSD CD(4.1) & T-Shirts arrivaled at China(Shenzhen).

[Bibby]

Hi all,

OpenBSD CD(4.1 -release) and T-Shirts arrivaled at China(Shenzhen) this
morning,
It looks really nice.

Thanks to all OpenBSD developers for the hard work, thanks to Wim for the
patience.

^_^

MB
2007.05.08

-- 
OpenBSD Store in China Mainland: http://shop34421310.taobao.com/

Re: wi pcmcia card configuration Problem (added the errors)

[Bret]

Bret wrote:


Greetings All.
I will start with my dmesg: See below--->

I have tried many ways to get the 300mw Z-COM WLAN PC Card, RP-MMCX, 
802.11b Higher Power card to work with the system. I am trying to 
setup the first Wlan (wi0) as an access point and the second (wi1) as 
a bridge/link to a distant server that will also have the same setup 
but on the second (wi1) card it will be channel 11.


Also below you will find the configuration files for wi0 and wi1. In 
addition I will be  using dchpd on each of the wi(0) cards but for now 
am only using it on wi0. I am trying to get these to work before 
turning to the second box,


*DMESG:*

OpenBSD 4.0 (GENERIC) #0: Sat Apr 28 21:23:45 PDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 
2.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID 


real mem  = 1073246208 (1048092K)
avail mem = 971010048 (948252K)
using 4256 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c7) BIOS, date 12/17/03, BIOS32 rev. 0 @ 
0xfb0b0, SMBIOS rev. 2.2 @ 0xf0800 (37 entries)

bios0: TYAN Computer S2099
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! 0xd/0x1000 
0xd1000/0x1000

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x11
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x11
pci1 at ppb0 bus 1
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
pci2 at ppb1 bus 2
vga1 at pci2 dev 1 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
cbb0 at pci2 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 11
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x82, i82562: irq 
11, address 00:e0:81:65:f2:bd

inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0
cbb1 at pci2 dev 9 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 9
em0 at pci2 dev 10 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: 
irq 10, address 00:e0:81:65:f2:bc

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 11
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 secbiomask ef65 netmask 
ef65 ttymask ffe7

pctr: user-level cycle counter 

wi pcmcia card configuration Problem

[Bret]

Greetings All.
I will start with my dmesg: See below--->

I have tried many ways to get the 300mw Z-COM WLAN PC Card, RP-MMCX, 
802.11b Higher Power card to work with the system. I am trying to setup 
the first Wlan (wi0) as an access point and the second (wi1) as a 
bridge/link to a distant server that will also have the same setup but 
on the second (wi1) card it will be channel 11.


Also below you will find the configuration files for wi0 and wi1. In 
addition I will be  using dchpd on each of the wi(0) cards but for now 
am only using it on wi0. I am trying to get these to work before turning 
to the second box,


*DMESG:*

OpenBSD 4.0 (GENERIC) #0: Sat Apr 28 21:23:45 PDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID

real mem  = 1073246208 (1048092K)
avail mem = 971010048 (948252K)
using 4256 buffers containing 53764096 bytes (52504K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c7) BIOS, date 12/17/03, BIOS32 rev. 0 @ 
0xfb0b0, SMBIOS rev. 2.2 @ 0xf0800 (37 entries)

bios0: TYAN Computer S2099
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! 0xd/0x1000 
0xd1000/0x1000

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x11
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x11
pci1 at ppb0 bus 1
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 10
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
pci2 at ppb1 bus 2
vga1 at pci2 dev 1 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
cbb0 at pci2 dev 4 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 11
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x82, i82562: irq 
11, address 00:e0:81:65:f2:bd

inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0
cbb1 at pci2 dev 9 function 0 "ENE CB-1410 CardBus" rev 0x01: irq 9
em0 at pci2 dev 10 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq 
10, address 00:e0:81:65:f2:bc

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 11
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 secbiomask ef65 netmask 
ef65 ttymask ffe7

pctr: user-level cycle counter enabled
wi0 at pcm

Re: Prevent circumventing dansguardian with pf

[Bryan Irvine]

On 4/25/07, Allen Theobald <[EMAIL PROTECTED]> wrote:

Greetings!  Included below is my pf.conf set up to use
dansguardian (proxyport 3128, filterport 8080)
and tinyproxy (listen port 3128) as a transparent
proxy.

What changes do I need to make to keep someone on
int_if/int_net from circumventing dansguardian
by changing their browser to point to 3128?


By blocking all outbound ports, and redirecting those they need to the
firewall itself.  Ie. run a DNS server on the firewall so they can
resolve (alternatively only pass traffic to your ISP's DNS), use port
forwarding to redirect all www traffic to your filter etc...

Don't leave any port unblocked is the only way.  I remember I was once
dared to get on napster (yeah it was awhile ago :-) at an old job by
one of the admins.  They had recently gone through a whole
seminar-thing on how to block these kinds of things.  So I set up a
socks proxy on my home computer running on port 80, and proceeded to
fill up my work HD with mp3's.  They didn't filter web traffic so it
just looked like web traffic as far as the firewall was concerned.
Took me about 5 minutes to waste their thousands of dollars on
training.

I also used the same 'trick' to get around a filtering internet
provider.  I think that time was by using port 53.

Any open port would be subject to the same.  So close them.  All of them.

--Bryan

Re: booteasy fate?

[Aaron Hsu]

On Mon, 07 May 2007 16:51:32 -0500, Bruce Bauer <[EMAIL PROTECTED]>  
wrote:



Don't beat a dead horse.
 This should do whatever you need:
 http://gag.sourceforge.net/


Aaah, yes, I remember someone recommending this to me before. It does work  
well.


--
Aaron Hsu <[EMAIL PROTECTED]>
"No one could make a greater mistake than he who did nothing because he  
could do only a little." - Edmund Burke

Re: OpenBSD 4.1 Torrents

[Sebastian Rother]

Guys if you realy "care" about security why does nobody asks about
using gzsig. 
Even useable for the packages...

Kind regards,
Sebastian

Re: BGP + Multiple Providers + Redundant Firewalls

[askthelist]

yah theyre valid, there was a point when i first set this up i remember one
of the nexthops being invalid but this hasnt been the case for sometime.
cool, i think ill stick to the without ospf for now until it becomes a
necessity. thanks.

On 5/7/07, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2007/05/07 16:31, [EMAIL PROTECTED] wrote:
> > when i do a bgpctl show fib i see the two routes, 1 thru connected
> provider,
> > 1 to other router's crossover interface - which is connected then to 2nd
> > provider, so why would i need to redistribute my routes when its already
> in
> > the fib? maybe im confused but I dont think i necessarily need ospf in
> my
> > scenario. can anyone else clarify this?
>
> check 'bgpctl sh nex' to make sure your nexthops are valid.
> if they are, you have this working ok.
>
> there are various ways to do this, some with ospf, some without.

Re: Prevent circumventing dansguardian with pf

[a666]

>From: Sebastian Benoit <[EMAIL PROTECTED]>
>
>If you want deny users the possiblility to smuggle data outside of 
their
>workplace (or whatever) then don't connect them to the internet.

No, no, no.  You must go one step beyond this if you want to 
prevent employees from smuggling data.  To do this properly, copy 
machines should be remove!  Pen, pencils and papers removed!  
Employees should be searched for thumb drives, zip drive, floppy 
drives, tape recorders, papers, cd's, dvd's, and burners.  It's 
better to strip search them just to be sure.  As a matter of fact, 
because humans are so innovative, all materials should be removed 
from the office because I'm sure someone will come up with some way 
to write something down.  Oh, don't forget to remove phones, faxes 
and cell phones, and cameras.  You should only hire people who 
don't know how to read or write to reduce the work load of 
preventing others from smuggling data.  It's probably best that 
they don't know how to receive or transmit any form of 
language/communication either.

Re: BGP + Multiple Providers + Redundant Firewalls

[Stuart Henderson]

On 2007/05/07 16:31, [EMAIL PROTECTED] wrote:
> when i do a bgpctl show fib i see the two routes, 1 thru connected provider,
> 1 to other router's crossover interface - which is connected then to 2nd
> provider, so why would i need to redistribute my routes when its already in
> the fib? maybe im confused but I dont think i necessarily need ospf in my
> scenario. can anyone else clarify this?

check 'bgpctl sh nex' to make sure your nexthops are valid.
if they are, you have this working ok.

there are various ways to do this, some with ospf, some without.

Re: BGP + Multiple Providers + Redundant Firewalls

[askthelist]

when i do a bgpctl show fib i see the two routes, 1 thru connected provider,
1 to other router's crossover interface - which is connected then to 2nd
provider, so why would i need to redistribute my routes when its already in
the fib? maybe im confused but I dont think i necessarily need ospf in my
scenario. can anyone else clarify this?

if one provider fails, iBGP should update the fib and forward traffic across
the crossover link, so i dont see an issue there with using static routes.

 i did come across that paper and set up the 2 routers 2 firewalls with ospf
but the only advantage i seen in our scenario was having the firewalls
themselves make the routing decision instead of the routers and just sending
to the physical interface of the decided route instead of the carp interface
on the routers, which  we decided we dont want our firewalls to be involved
in the routing decision and opted to not use ospf.

im still learning this stuff myself. thanks for the input, it helps.


On 5/5/07, Ivo Chutkin <[EMAIL PROTECTED]> wrote:
>
> Hi,
> As far as I know you need OSPF to redistribute routes when you run IBGP
> between your border routers inside your AS. I do not have sophisticated
> explanation why but IBGP do not work without OSPF. I am still learning.
> And in your case with tow upstream providers you definitely need IBGP
> between routers connected to upstreams. I do not know what will happen
> if you do not run IBGP between the border routers. I guess, if one
> provider fails, whit static routes you will continue to send traffic to
> it, not knowing that it is dead.
> This is a good paper:
> http://www.openbsd.org/papers/linuxtag06-network/index.html
> also in pdf:
> http://www.openbsd.org/papers/linuxtag06-network.pdf
>
> I hope it help you somehow.
> Best regarsd,
> Ivo
>
> [EMAIL PROTECTED] wrote:
> > This may be a naive question but why the need for ospf? Couldnt you just
> > use carp and static routes? I had configured the ospfd but didnt see the
> > need for it in my enviornment. If someone can point out the benefits of
> > using openbgp + ospf instead of just openbgpd + static routes -> carp0.
> > What am I missing? We do not have any downstream customers so maybe it
> > is just an architecture thing?
> >
> > On 5/4/07, *Ivo Chutkin* <[EMAIL PROTECTED] >
> > wrote:
> >
> > Hello,
> > I am also trying to achieve maximum redundancy.
> > I am trying the following configuration in my test lab:
> >
> > http://tania.be.linux.org/zebra/msg00338.html
> > 
> >
> > I translated it to OpenBGP/OpenOSPF language ant it seems to work
> fine,
> > though it is only test lab, I did not try it in production
> > environment yet.
> > I hope it will give you some idea and we could share some
> experience.
> > I am beginner with OpenBSD so my opinion may be incorrect.
> > Best regards,
> > Ivo
> >
> > [EMAIL PROTECTED]  wrote:
> >  > Any recommendations on running BGP on redundant firewalls to
> > multiple
> >  > providers advertising the same network thru both links, and
> > talking iBGP
> >  > with the other firewall? Just asking because I ran into a problem
> > with this
> >  > scenario when traffic would enter 1 host, traverse the iBGP
> > crossover link
> >  > and then exit the 2nd host, and  return traffic would come back
> > in thru the
> >  > 1st host. There was a mismatch of the states that seemed to cause
> my
> >  > problems. Heres how i was set up.
> >  >
> >  > Problem Scenario:
> >  >
> >  >   box-a ---> Provider-A
> >  >/ |
> >  > carp0 |
> >  >\  box-b->Provider-B
> >  >
> >  >
> >  > Solution:
> >  >Box-A & Box-B are my redundant firewalls running pfsync
> > between the
> >  > dedicated link. Box-C & Box-D are just T1 routers running BGP.
> > The routers
> >  > route to carp1 on the firewalls and the firewalls route to carp0
> > on the
> >  > routers. Box-C and Box-D run iBGP between there dedicated link to
> > share
> >  > routes to external networks. The multiple providers are for both
> > redundancy
> >  > and aggregate bandwidth. Running BGP in an active/backup
> > scenarios based on
> >  > who has the carp0 interface isnt an option because of the
> > necessity of the
> >  > aggregate bandwidth.This solution works fine for us but we really
> > wanted to
> >  > run on two boxes. I believe the only problem we have now is with
> BGP
> >  > Convergence. If anyone has any tips on how to minimize this when
> > I reboot
> >  > box-c or box-d I that would be great. If anyone has comments,
> >  > recommendations, adjustments, tips on our setup please do share.
> >  >
> >  >   box-a  switchbox-c-> Provider-A
>

Re: BGP + Multiple Providers + Redundant Firewalls

[askthelist]

On 5/5/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-05-03 20:58]:
> > Any recommendations on running BGP on redundant firewalls to multiple
> > providers advertising the same network thru both links, and talking iBGP
> > with the other firewall?
>
> that is what I am doing here as well as at multiple customer sites.
>
> > Just asking because I ran into a problem with this
> > scenario when traffic would enter 1 host, traverse the iBGP crossover
> link
> > and then exit the 2nd host, and  return traffic would come back in thru
> the
> > 1st host. There was a mismatch of the states that seemed to cause my
> > problems.
>
> not seen that.
> you could suffer from the carp route screwup issue I just committed a
> fix for in -current. I'll attach it, it'llapply for 4.1 too.
> in general, "bgpctl sh nexthop" is your friend to debug this.


  can you elaborate a little more on the "carp route" issue. i had been
working with the 2 firewall/2 provider/ibgp/pf/pfsync setup about 3 months
ago and hit a wall when traffic flowed a certain direction - so  i moved to
the 2 router + 2 firewall setup that cleared it up, so my memories a little
foggy about the exact issue. but I'm willing to try the 2 firewall setup
again as this will cost us so much less when we clone this configuration
from our office to our data center. thanks.

--
> Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
>
>
> Index: ip_carp.c
> ===
> RCS file: /cvs/src/sys/netinet/ip_carp.c,v
> retrieving revision 1.135
> diff -u -p -r1.135 ip_carp.c
> --- ip_carp.c   27 Mar 2007 21:58:16 -  1.135
> +++ ip_carp.c   28 Mar 2007 23:18:51 -
> @@ -368,15 +368,18 @@ carp_setroute(struct carp_softc *sc, int
> struct ifaddr *ifa;
> int s;
>
> +   /* XXX this mess needs fixing */
> +
> s = splsoftnet();
> TAILQ_FOREACH(ifa, &sc->sc_if.if_addrlist, ifa_list) {
> switch (ifa->ifa_addr->sa_family) {
> case AF_INET: {
> -   int count = 0;
> +   int count = 0, error;
> struct sockaddr sa;
> struct rtentry *rt;
> struct radix_node_head *rnh;
> struct radix_node *rn;
> +   struct rt_addrinfo info;
> int hr_otherif, nr_ourif;
>
> /*
> @@ -395,9 +398,15 @@ carp_setroute(struct carp_softc *sc, int
> }
>
> /* Remove the existing host route, if any */
> -   rtrequest(RTM_DELETE, ifa->ifa_addr,
> -   ifa->ifa_addr, ifa->ifa_netmask,
> -   RTF_HOST, NULL, 0);
> +   bzero(&info, sizeof(info));
> +   info.rti_info[RTAX_DST] = ifa->ifa_addr;
> +   info.rti_info[RTAX_GATEWAY] = ifa->ifa_addr;
> +   info.rti_info[RTAX_NETMASK] = ifa->ifa_netmask;
> +   info.rti_flags = RTF_HOST;
> +   error = rtrequest1(RTM_DELETE, &info, NULL, 0);
> +   rt_missmsg(RTM_DELETE, &info, info.rti_flags,
> NULL,
> +   error, 0);
> +
>
> /* Check for our address on another interface */
> /* XXX cries for proper API */
> @@ -420,26 +429,39 @@ carp_setroute(struct carp_softc *sc, int
> if (hr_otherif) {
> ifa->ifa_rtrequest = NULL;
> ifa->ifa_flags &= ~RTF_CLONING;
> -
> -   rtrequest(RTM_ADD, ifa->ifa_addr,
> -   ifa->ifa_addr,
> ifa->ifa_netmask,
> -   RTF_UP | RTF_HOST, NULL, 0);
> +   bzero(&info, sizeof(info));
> +   info.rti_info[RTAX_DST] =
> ifa->ifa_addr;
> +   info.rti_info[RTAX_GATEWAY] =
> ifa->ifa_addr;
> +   info.rti_info[RTAX_NETMASK] =
> ifa->ifa_netmask;
> +   info.rti_flags = RTF_UP |
> RTF_HOST;
> +   error = rtrequest1(RTM_ADD, &info,
> NULL, 0);
> +   rt_missmsg(RTM_ADD, &info,
> info.rti_flags, NULL,
> +   error, 0);
> }
> if (!hr_otherif || nr_ourif || !rt) {
> if (nr_ourif && !(rt->rt_flags &

Re: Dual-port Gigabit SX NICs?

[Joachim Schipper]

On Mon, May 07, 2007 at 04:23:00PM -0500, K K wrote:
> Am I the only one having a difficult time keeping track of which cards
> on the "Supported hardware" list are merely tolerated, and which
> vendors/chipsets are truly "supported" and cooperative?

No, that's why http://www.vendorwatch.org exists. Or rather, used to: it
doesn't seem to resolve right now... I CC'ed the maintainer.

Joachim

-- 
TFMotD: sv (4) - S3 SonicVibes audio device

Re: Thecus N2100 and RAID 1

[Joachim Schipper]

On Mon, May 07, 2007 at 02:02:19PM -0700, Bryan Vyhmeister wrote:
> On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote:
> 
> >I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but
> >with 512MB RAM it's acceptable.
> 
> Would ccd(4) be any faster? Also, what sort of RAM does it take?  
> Thanks for your response.

ccd is likely to be slightly faster, but it *will* eat your data. Just
stick with RAIDframe, or hardware RAID, or the upcoming softraid (like
RAIDframe, but newer and shinier; I presume it'll be announced on
undeadly.org one of these days). Worrying about ccd/RAIDframe memory
usage really isn't necessary; both don't use memory on a scale that you
will notice with that amount of memory in the box.

Joachim

-- 
TFMotD: named.conf (5) - configuration file for named

Re: 4.0 locked up over the weekend

[Joachim Schipper]

On Mon, May 07, 2007 at 12:42:55PM -0700, Bruce Bauer wrote:
> On 5/7/07, Jack J. Woehr <[EMAIL PROTECTED]> wrote:
> >On May 7, 2007, at 12:20 PM, Bruce Bauer wrote:
> > >This system has been running flawlessly since mid-March with GENERIC
> > >plus the 010 patch. dmesg below
> > >This morning I found it totally unresponsive both through network and
> > >at the console.  Had to use the power switch to recover.
> > >
> > >Where do I start trying to track this down?
> >
> >Open the box and check your power supply and blow it out with air if it's
> >full of dust.
> >Number one cause of mysterious lockups in my personal experience. Next, run
> >a memory
> >test.
> >
> >Only then start trying to debug software, e.g., OpenBSD.
>
> Thanks for the response.
> 
> OK, maybe a little less basic than that.  The system is sitting in a
> restricted access server room.  Not a clean room, but very little
> dust.  Nice and cool..  The system still looks brand new, inside and
> out.
> 
> The purpose of this system is to receive streaming video data over the
> VPN from IP webcams.  It doesn't do anything with the data except pass
> it on to a DVR system over the local network.  Plans are to add
> another network card so the VPN and the local network will be on
> separate channels.  But, for now, it all goes through one card.
> 
> It has worked in this configuration for over a month with video from 2
> cameras coming in.
> 
> Oops! Message from Joachim Schipper  just came in:
> 
> There were no console messages
> The authlog does show that someone is trying to brute force an ssh
> login. I think I'll turn off sshd for now...

Nah, script kiddies trying to bruteforce SSH logins are so common that I
just tuned them out of the log parser altogether. Just use public keys,
or good passwords.

That said, Jack might be right to suspect some random hardware failure.
If this is the case, how about some proper stress testing (compiling the
whole system is fairly good in exercising CPU and memory, something like
bonnie++ might help you to test the disk?).

If that doesn't work, the software might be problematic...

Joachim

-- 
TFMotD: piconv (1) - iconv(1), reinvented in perl

Re: Dual-port Gigabit SX NICs?

[Henning Brauer]

* K K <[EMAIL PROTECTED]> [2007-05-07 23:52]:
> Am I the only one having a difficult time keeping track of which cards
> on the "Supported hardware" list are merely tolerated, and which
> vendors/chipsets are truly "supported" and cooperative?
> 
> On 5/5/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> >On 5/4/07, K K <[EMAIL PROTECTED]> wrote:
> >> This would be our first foray into Fiber NICs on OpenBSD,
> >> looking for recommendations for on affordable, reliable dual
> >> 1000baseSX NICs with good OpenBSD support.
> >. . .
> >the intels are not a bad choice; also there are bges I think.
> >you can find hp branded dual-port em well as bge, and intel-branded em,
> >on ebay at reasonable rates.
> 
> Thanks -- We'll probably end up paying street price for new Intel SX
> fiber gigabit NICs.
> 
> Is there a reason I should avoid the very cheap SK-9844 refurbs I see
> at various sites, these are a fraction of the eBay price for the dual
> port Intel (PWLA8492MF)?.

not at all. they are a good choice, pbly even better than the others.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

question about delayed ACKs on OpenBSD

[Michal Soltys]

Hello

I've noticed a bit different behaviour with regard to delayed acks on OBSD.

Some other systems (2 linux distros, win2k/xp) I tested, pretty much acted 
as I've always seen it - 1 ack per max. 2 segments, but no bigger delay than 
some arbitrary value (looking at rfc, no more than 500ms, but usually less), 
thus in reality - 1 ack every 2 segments assuming latency is low enough.


For my ridiculously asymmetric line - 24:1 (6144/256) - at single full 
download, that's roughly 2/3+ upload used for acks only, partially due to 
hefty adsl overhead (and after looking at pppoa rfc, 2 atm cells used for 
just 1 ack).


On OpenBSD though, the result was generally perfect 66% segments acked. 
Looking at tcpdump output, the acks on receiving side were sent precisely 
after receiving : 1,2,1,2,1,2... segments. The test was made on lan between 
two obsd 4.0 boxes (generic kernel), limiting the speed with one queue (and 
none as well) on sending host, as needed. Speed didn't seem to matter though 
- behaviour was the same with 256kbit as it was with 100mbit.


Assuming it's intended behaviour - what are the reasons for implementing it 
in this way ?

Re: booteasy fate?

[Bruce Bauer]

Don't beat a dead horse.

This should do whatever you need:

http://gag.sourceforge.net/

On 5/7/07, Aaron Hsu <[EMAIL PROTECTED]> wrote:

On Mon, 07 May 2007 15:09:34 -0500, Michael Dexter <[EMAIL PROTECTED]>
wrote:

> I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting
> that it was part of the distribution but I do not see it listed for 3.7
> and newer. I do not see a 3.7 changelist entry for it and I the online
> man pages to not seem to refer to it. From the looks however, it was an
> official OpenBSD boot manager.
>I fold! What was it and what happend to it?

It is a boot manager. :-) I used to use it around the 3.6 era. However, I
haven't used it for some time, and I'm not sure if it is still around. I
haven't searched for it. Hrm, a quick search reveals that it, at least, is
not in the tools directory anymore, though os-bs still is. os-bs is a boot
manager that I have been using when necessary since 3.8 I think.

--
Aaron Hsu <[EMAIL PROTECTED]>
"No one could make a greater mistake than he who did nothing because he
could do only a little." - Edmund Burke

Re: Dual-port Gigabit SX NICs?

[K K]

Am I the only one having a difficult time keeping track of which cards
on the "Supported hardware" list are merely tolerated, and which
vendors/chipsets are truly "supported" and cooperative?

On 5/5/07, Henning Brauer <[EMAIL PROTECTED]> wrote:

On 5/4/07, K K <[EMAIL PROTECTED]> wrote:
> This would be our first foray into Fiber NICs on OpenBSD,
> looking for recommendations for on affordable, reliable dual
> 1000baseSX NICs with good OpenBSD support.
. . .
the intels are not a bad choice; also there are bges I think.
you can find hp branded dual-port em well as bge, and intel-branded em,
on ebay at reasonable rates.


Thanks -- We'll probably end up paying street price for new Intel SX
fiber gigabit NICs.

Is there a reason I should avoid the very cheap SK-9844 refurbs I see
at various sites, these are a fraction of the eBay price for the dual
port Intel (PWLA8492MF)?.

Kevin

Re: booteasy fate?

[Aaron Hsu]

On Mon, 07 May 2007 15:09:34 -0500, Michael Dexter <[EMAIL PROTECTED]>  
wrote:


I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting  
that it was part of the distribution but I do not see it listed for 3.7  
and newer. I do not see a 3.7 changelist entry for it and I the online  
man pages to not seem to refer to it. From the looks however, it was an  
official OpenBSD boot manager.

I fold! What was it and what happend to it?


It is a boot manager. :-) I used to use it around the 3.6 era. However, I  
haven't used it for some time, and I'm not sure if it is still around. I  
haven't searched for it. Hrm, a quick search reveals that it, at least, is  
not in the tools directory anymore, though os-bs still is. os-bs is a boot  
manager that I have been using when necessary since 3.8 I think.


--
Aaron Hsu <[EMAIL PROTECTED]>
"No one could make a greater mistake than he who did nothing because he  
could do only a little." - Edmund Burke

Re: Thecus N2100 and RAID 1

[Bryan Vyhmeister]

On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote:


I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but
with 512MB RAM it's acceptable.


Would ccd(4) be any faster? Also, what sort of RAM does it take?  
Thanks for your response.


Bryan

booteasy fate?

[Michael Dexter]

Hello,

I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting that it 
was part of the distribution but I do not see it listed for 3.7 and newer. I do 
not see a 3.7 changelist entry for it and I the online man pages to not seem to 
refer to it. From the looks however, it was an official OpenBSD boot manager.

I fold! What was it and what happend to it?

Thanks,

Michael.

Re: OT: GUI programming languages

[Marc Balmer]

* Jacob Yocom-Piatt wrote:
> have been coding touchscreen-driven applications using visual basic 
> lately and am sick of VB. i would much rather be using openbsd with 
> another programming language that allows me to accomplish the same sort 
> of stuff.
> 
> i have no "formal" CS background so am at a loss for good candidates. 
> the applications in question are "click here, prints something in a text 
> box, etc" ones that are not very complex. a language that allows me to 
> generate GUIs quickly and securely would be nice.
> 
> if you feel the reply is not relevant to the list, please respond to me 
> directly.

I recommend to use python and wxPython.  Both are in ports and you find
more information at www.python.org and www.wxpython.org.

Problem with lockups after upgrade from 3.8

[Bill]

* * A recent post and a router blowout 
today has sparked me to report this * *


Hey all,

We've had a router running openbsd for a while now.  A few months ago
we upgraded from 3.8 to 4.0  (upgrade technically was 3.8 -> 3.9 ->
4.0) and it seemed to go as smooth as possible.

Then we started having bi-weekly crashes.  The system will just simply
freeze.  The first happened within a day of the upgrade.

There is nothing in the logs prior to the crash of note...  the only
thing for hours previous to that is stuff like:

May  7 11:46:28 core /bsd: arplookup: unable to enter address for
0.0.0.0

and the occasional syslogd restart.

When the fixes for the mbuf stuff came out for 4.0 I was hopeful that
may have been the issue... we have been running 4.0 with all the
patches up through 010 through two lockups.  There is no
pattern I can detect to the lockups - only once has it happened during
heavy traffic hours.

I am also in the process of building a 4.1 box and compiling it to
stable.  Once the packages page is up I can try that on the router also
if someone would think it would help.

This thing was running fine till we went up to 4.0.  If anyone thinks
it is worth it, we can drop back to 3.8 or 3.9 to get the stability
back...   Problem is that this router is serving about 5 segments, so
it going down is immediately noticeable.

The other OpenBSD boxes are running perfectly (but they handle a
fraction of the traffic these do).  I noticed another post about 4.0
and a suggestion to blow out the P/S which I will do also.



This is the item in question:

OpenBSD 4.0-stable (GENERIC) #3: Thu Mar 22 07:49:14 EDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.81
GHz cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID
real mem  = 536375296 (523804K) avail mem = 481329152 (470048K)
using 4256 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/21/04, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.3 @ 0xf96b0 (58 entries) bios0: Quanta Computer
Inc. S20A apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4630/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 6300ESB LPC" rev
0x00) pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
0xca000/0x1000 cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02
ppb0 at pci0 dev 3 function 0 "Intel 82875P PCI-CSA" rev 0x02
pci1 at ppb0 bus 1
em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00: irq
5, address 00:c0:9f:41:a2:14 ppb1 at pci0 dev 28 function 0 "Intel
6300ESB PCIX" rev 0x02 pci2 at ppb1 bus 2
ppb2 at pci2 dev 1 function 0 "IBM 133 PCIX-PCIX" rev 0x02
pci3 at ppb2 bus 3
em1 at pci3 dev 4 function 0 "Intel PRO/1000MT QP (82546EB)" rev 0x01:
irq 9, address 00:04:23:bc:1c:4c em2 at pci3 dev 4 function 1 "Intel
PRO/1000MT QP (82546EB)" rev 0x01: irq 9, address 00:04:23:bc:1c:4d em3
at pci3 dev 6 function 0 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq
9, address 00:04:23:bc:1c:4e em4 at pci3 dev 6 function 1 "Intel
PRO/1000MT QP (82546EB)" rev 0x01: irq 9, address 00:04:23:bc:1c:4f
uhci0 at pci0 dev 29 function 0 "Intel 6300ESB USB" rev 0x02: irq 9
usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root
hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 6300ESB USB" rev 0x02: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
"Intel 6300ESB WDT" rev 0x02 at pci0 dev 29 function 4 not configured
"Intel 6300ESB APIC" rev 0x02 at pci0 dev 29 function 5 not configured
ehci0 at pci0 dev 29 function 7 "Intel 6300ESB USB" rev 0x02: irq 10
ehci0: timed out waiting for BIOS
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x0a
pci4 at ppb3 bus 4
em5 at pci4 dev 2 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00: irq
3, address 00:c0:9f:41:a2:15 em6 at pci4 dev 3 function 0 "Intel
PRO/1000MT (82546GB)" rev 0x03: irq 7, address 00:04:23:bd:97:18 em7 at
pci4 dev 3 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq 3,
address 00:04:23:bd:97:19 vga1 at pci4 dev 14 function 0 "ATI Rage XL"
rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0
dev 31 function 0 "Intel 6300ESB LPC" rev 0x02 pciide0 at pci0 dev 31
function 2 "Intel 6300ESB SATA" re

Re: 4.0 locked up over the weekend

[Bruce Bauer]

On 5/7/07, Jack J. Woehr <[EMAIL PROTECTED]> wrote:



On May 7, 2007, at 12:20 PM, Bruce Bauer wrote:

This system has been running flawlessly since mid-March with GENERIC
plus the 010 patch. dmesg below
This morning I found it totally unresponsive both through network and
at the console.  Had to use the power switch to recover.

Where do I start trying to track this down?

Open the box and check your power supply and blow it out with air if it's
full of dust.
Number one cause of mysterious lockups in my personal experience. Next, run
a memory
test.

Only then start trying to debug software, e.g., OpenBSD.


--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527



Thanks for the response.

OK, maybe a little less basic than that.  The system is sitting in a
restricted access server room.  Not a clean room, but very little
dust.  Nice and cool..  The system still looks brand new, inside and
out.

The purpose of this system is to receive streaming video data over the
VPN from IP webcams.  It doesn't do anything with the data except pass
it on to a DVR system over the local network.  Plans are to add
another network card so the VPN and the local network will be on
separate channels.  But, for now, it all goes through one card.

It has worked in this configuration for over a month with video from 2
cameras coming in.

Oops! Message from Joachim Schipper  just came in:

There were no console messages
The authlog does show that someone is trying to brute force an ssh
login. I think I'll turn off sshd for now...

Re: 4.0 locked up over the weekend

[Joachim Schipper]

On Mon, May 07, 2007 at 11:20:00AM -0700, Bruce Bauer wrote:
> This system has been running flawlessly since mid-March with GENERIC
> plus the 010 patch. dmesg below
> This morning I found it totally unresponsive both through network and
> at the console.  Had to use the power switch to recover.
> 
> Where do I start trying to track this down?

If it happens again, try to see if there are any messages on the
console.

Otherwise, look at what was last written to the log files; that might or
might not contain a clue. (The kernel screaming at you about something
or other would be a solid clue, for instance.)

Joachim

Re: 4.0 locked up over the weekend

[Jack J. Woehr]

On May 7, 2007, at 12:20 PM, Bruce Bauer wrote:

> This system has been running flawlessly since mid-March with GENERIC
> plus the 010 patch. dmesg below
> This morning I found it totally unresponsive both through network and
> at the console.  Had to use the power switch to recover.
>
> Where do I start trying to track this down?

Open the box and check your power supply and blow it out with air if  
it's full of dust.
Number one cause of mysterious lockups in my personal experience.  
Next, run a memory
test.

Only then start trying to debug software, e.g., OpenBSD.

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Thecus N2100 and RAID 1

[Matthieu Herrb]

On 5/7/07, Bryan Vyhmeister <[EMAIL PROTECTED]> wrote:

I was just wondering about whether the Thecus N2100 running OpenBSD/
armish can operate in RAID 1 mode. Maybe this is a stupid question
but I couldn't find anything about it and I am interested to know.
Obviously I would not be running the firmware from Thecus and I am
guessing that this precludes having any RAID functionality. If RAID 1
is not possible with hardware (or firmware or whatever) is using ccd
(4) for RAID 1 possible?

I am interesting in using this box for a light duty mail server for a
test but it is important that I can have a RAID 1 setup. Any other
comments about this are appreciated as well. Thank you.


I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but
with 512MB RAM it's acceptable.

Re: Error building 4.1-stable kernel from source on sparc64

[Luca Corti]

On Mon, 2007-05-07 at 14:42 +0200, Michael wrote:
> I got a sparc64 (Sun Ultra 5) running here which I upgraded from
> 4.0-stable to 4.1-stable. Just recompiled the kernel without any problems.

I've got an Ultra 5 too. I'll retry a fresh source checkout from CVS.

thanks

Luca

4.0 locked up over the weekend

[Bruce Bauer]

This system has been running flawlessly since mid-March with GENERIC
plus the 010 patch. dmesg below
This morning I found it totally unresponsive both through network and
at the console.  Had to use the power switch to recover.

Where do I start trying to track this down?

The system is running sshd and openvpn only

DMESG:
OpenBSD 4.0 (GENERICp) #0: Fri Mar 16 19:07:33 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERICp
cpu0: AMD Sempron(tm) Processor 3000+ ("AuthenticAMD" 686-class, 256KB
L2 cache) 1.61 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16
real mem  = 501706752 (489948K)
avail mem = 449642496 (439104K)
using 4256 buffers containing 25186304 bytes (24596K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(f0) BIOS, date 02/27/07, BIOS32 rev. 0 @
0xfa820, SMBIOS rev. 2.4 @ 0xf (41 entries)
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xcfd4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcee0/240 (13 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 13 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xde00 0xd/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA C51 Host" rev 0xa2 at pci0 dev 0 function 0 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 1 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 2 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 3 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 4 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 5 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 6 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 7 not configured
ppb0 at pci0 dev 3 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci1 at ppb0 bus 1
ppb1 at pci0 dev 4 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci2 at ppb1 bus 2
vga1 at pci0 dev 5 function 0 "NVIDIA GeForce 6100" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"NVIDIA MCP51 Host" rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 vendor "NVIDIA", unknown product 0x0261 rev 0xa3
nviic0 at pci0 dev 10 function 1 "NVIDIA MCP51 SMBus" rev 0xa3
iic0 at nviic0
iic1 at nviic0
"NVIDIA MCP51 Memory" rev 0xa3 at pci0 dev 10 function 2 not configured
ohci0 at pci0 dev 11 function 0 "NVIDIA MCP51 USB" rev 0xa3: irq 10,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ehci0 at pci0 dev 11 function 1 "NVIDIA MCP51 USB" rev 0xa3: irq 11
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 8 ports with 8 removable, self powered
pciide0 at pci0 dev 13 function 0 "NVIDIA MCP51 IDE" rev 0xa1: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 14 function 0 "NVIDIA MCP51 SATA" rev 0xa1: DMA
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
ppb2 at pci0 dev 16 function 0 "NVIDIA MCP51 PCI-PCI" rev 0xa2
pci3 at ppb2 bus 3
auich0 at pci0 dev 16 function 2 "NVIDIA MCP51 AC97" rev 0xa2: irq 11,
MCP51 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0)
audio0 at auich0
nfe0 at pci0 dev 20 function 0 "NVIDIA MCP51 LAN" rev 0xa3: irq 10,
address 00:19:21:33:1d:93
ukphy0 at nfe0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI
0x0050ef, model 0x0007
pchb0 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb3 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ef6d netmask 

Re: Really stuck and help needed of resources depletions on web servers.

[Daniel Ouellet]

Maurice Janssen wrote:
Now, why PERL would do this, I have no clue, but it does anyway in the 
usage done by awstats.


So far I reproduce this 5 times, so it's pretty consistent.

What may cause this, I do not know more, but look like when PERL needs 
to process huge amount of data, it end up affecting the server in ways 
to make it crash/freeze.

I don't think that Perl is the problem.  Other programs would probably
also be able to crash the machine, if the load is high enough.

So far 5x it's always happen with PERL kicking in and starting the load.


Does it survive 'make build' or orther disk/cpu/mem intensive task?


Yes no problem there. I did that test, rebuilt kernel and full userland.

No problem. I also have the same problem with the same version on an IBM 
e326 as well that run PERL a lots and the box freeze and need hard 
reset. That IBM only run MySQL and nothing else as a cnam server ofr 
VoIP, but PERL is use for the handling of the connection for VoIP SIP 
from the outside. Crash three time so far. Different boxes, different 
applications, but common point is PERL so far.


That's really all I have, but both will be wiped out soon and 4.1 put in 
place and will see.


Just find it weird that PREL is the only common point on AMD64 and both 
are running OpenBSD 3.9 (GENERIC.MP) if that have anything to do with it.

Re: acpi vaio lcd brightness driver

[Ted Unangst]

On 5/7/07, Marco Peereboom <[EMAIL PROTECTED]> wrote:

Cool.  What I am not sure about is if we want to have a bunch of little
vendor drivers or a big driver that does all the vendor stuff.  I need
to think this through.  Any comments?


this could all be taken care of by button, no?  even if they are not
buttons?  there's not much advantage to adding 99 differenent devices
for every laptop made.

original file needs a license too, btw.

Re: Really stuck and help needed of resources depletions on web servers.

[Maurice Janssen]

On Monday, May  7, 2007 at 11:27:50 -0400, Daniel Ouellet wrote:
>Maurice Janssen wrote:
>>On Monday, May  7, 2007 at 03:11:41 -0400, Daniel Ouellet wrote:
>>>Every time, I process the logs with webalizer, no problem what so ever. 
>>>Then a few customers wants the awstats version. So, I process that as 
>>>well, however it's also processing multiple logs, but when the awstats 
>>>PERL stuff kicks in, it does get the resources to the roof and badly so, 
>>>that so far it had the impact of freezing the server as a results of this.
>>>
>>>Now, why PERL would do this, I have no clue, but it does anyway in the 
>>>usage done by awstats.
>>>
>>>So far I reproduce this 5 times, so it's pretty consistent.
>>>
>>>What may cause this, I do not know more, but look like when PERL needs 
>>>to process huge amount of data, it end up affecting the server in ways 
>>>to make it crash/freeze.
>>
>>I don't think that Perl is the problem.  Other programs would probably
>>also be able to crash the machine, if the load is high enough.
>
>So far 5x it's always happen with PERL kicking in and starting the load.

Does it survive 'make build' or orther disk/cpu/mem intensive task?

>>It could be a bug in the sparc64 port or bad RAM or some other hardware
>>related problem.  I've seen some strange behaviour [1] with sparc64 as
>>well, but I'm not sure wether this is due to a bug.
>
>This is AMD64

Sorry, for some reason sparc64 was in my mind.

Maurice

Re: new openbsd 4.0 server, panic on ufsdirhash

[John Mendenhall]

Artur,

> Have you done forced fsck of the partitions? This sounds like a
> problem with the data you have on disk. It would be even nicer if you
> could update to a newer fsck because it has been updated to deal with
> many new strange corner cases we've been seeing. Although, that might
> or might not require a fully -current system, I'm not fully aware of
> everything that has been going in fsck, but some of the ffs2 support
> might have messed things up.
> 
> We've seen one of those panics recently on an important OpenBSD
> infrastructure machine and that led to a lot of fsck work (since
> fsck didn't catch the particular problem). But on production
> machines we deal with filesystem corruption by simply dumping the
> filesystem and restoring it from scratch. You might want to try
> that as well.

We have done a forced fsck on the partition with the
error.  The problem is, there is no data other than
the openbsd install.  All I was trying to do was load
the source from the openbsd cd into /usr/src.

I don't need to restore since this is a new machine.
I have not done anything to it.

I'll just reinstall the entire thing.  Unless someone
wants me to try something else.

Thanks!

JohnM

-- 
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services

question about multiple pflog interfaces on openbsd 4.1

[carlopmart]

Hi all,

 I have tried to setup a new pflog interface to monitor ipsec traffic and it 
works ok. Afterwards I have setup another pflogd daemon to store logs on another 
pcap file under /var/log. But I have one question: how do i to configure 
newsyslog.conf entry for this new pflogd daemon? If I put /var/run/pflogd.pid 
under newsyslog.conf configuration, this only affects to primary pflogd daemon 
and I need to rotate this new log file avery midnight. I have search under man 
pages but i don't see any param to assign another pid file ...


Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: new openbsd 4.0 server, panic on ufsdirhash

[John Mendenhall]

I have yet to receive any response to the panics I have
been experiencing.  Is there something else I need to provide
that will get me pointed in the right direction?

Are there tools available to test the connection to the 
hard drive, or to test the hard drive itself?  I used format
when administering a sun box, which did a halfway decent
job of running through the whole disk in analysis mode, which
could test without destrying data, and could test while destroying
data.

What is available for openbsd?  Or, can I just use something like
the ultimate boot cd and run tests on the hard disks?

Thanks in advance!

JohnM

On Fri, 04 May 2007, John Mendenhall wrote:

> > Does this indicate I have a bad drive?  Or, does it
> > just need fsck run on it?  I just installed openbsd 4.0
> > on this box a few days ago.  It rebuilt the file systems
> > from scratch.  Do I need to redo everything?
> > 
> > Or, do I need to start looking at hardware problems with
> > the drive or the motherboard?
> > 
> > Please let me know the next step to run that will help
> > me get to a stable system.
> 
> I tried viewing the file in error.  I could run ls, but
> not ls -l.
> I went into single user mode and fscked the file system.
> I removed the file.  I did not get the inode or anything else
> before removing it.
> 
> I tried running the copy source command.
>   cd /usr/src; tar xzf /mnt/src.tar.gz
> Another panic.
> 
> panic #3:
> -
> mode = 0100644, inum = 106368, fs = /usr
> panic: ffs_valloc: dup alloc
> Stopped at  Debugger+0x4:   leave   
> RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
> DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
> ddb>
> Debugger(d0716864,5080,e9e21b40,d6bb671c,d1265000) at Debugger+0x4
> panic(d06736fc,81a4,19f80,d12650d4,d1267e00) at panic+0x63
> ffs_inode_alloc(d6ab69dc,81a4,d6c141e0,e9e21b94) at ffs_inode_alloc+0x11b
> ufs_makeinode(81a4,d6ab8ea0,e9e21e28,e9e21e3c) at ufs_makeinode+0x78
> ufs_create(e9e21d08,d6ab8ea0,d6b33710,d6c141e0,d07171c0) at ufs_create+0x26
> VOP_CREATE(d6ab8ea0,e9e21e28,e9e21e3c,e9e21d58) at VOP_CREATE+0x34
> vn_open(e9e21e18,e02,1a4,d6b33710) at vn_open+0xdf
> sys_open(d6b33710,e9e21f68,e9e21f58,0,0) at sys_open+0xdb
> syscall() at syscall+0x2ea
> --- syscall (number 5) ---
> 0x1c00e3e1:
> ddb>
>PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND 
>  15475  20392  20392  0  3  0x4086  pipewr gzip
> *20392   2075  20392  0  7  0x4006 tar 
>  20997  15943  20997   1000  3  0x4086  ttyin  csh 
>  15943   9609   9609   1000  3   0x184  select sshd
>   9609  14206   9609  0  3  0x4084  netio  sshd
>  14658  1  14658  0  3  0x4086  ttyin  getty   
>   4737  1   4737  0  3  0x4086  ttyin  getty   
>  13556  1  13556  0  3  0x4086  ttyin  getty   
>  30631  1  30631  0  3  0x4086  ttyin  getty   
>   2075  1   2075   1000  3  0x4086  pause  csh 
>   6223  1   6223  0  30x84  select cron
>  14206  1  14206  0  30x84  select sshd
>  14369  24346  24346 83  3   0x184  poll   ntpd
>  24346  1  24346  0  30x84  poll   ntpd
>   1115   7685   7685 73  2   0x184 syslogd 
>   7685  1   7685  0  30x8c  netio  syslogd 
> 13  0  0  0  30x100204  crypto_wa  crypto  
> 12  0  0  0  30x100204  aiodoned   aiodoned
> 11  0  0  0  30x100204  syncer update  
> 10  0  0  0  30x100204  cleanercleaner 
>  9  0  0  0  30x100204  reaper reaper  
>  8  0  0  0  30x100204  pgdaemon   pagedaemon  
>  7  0  0  0  30x100204  pftm   pfpurge 
>  6  0  0  0  30x100204  wait   wskbd_hotkey
>  5  0  0  0  30x100204  usbtsk usbtask 
>  4  0  0  0  30x100204  usbevt usb0
>  3  0  0  0  30x100204  apmev  apm0
>  2  0  0  0  30x100204  kmallockmthread
>  1  0  1  0  3  0x4084  wait   init
>  0 -1  0  0  3 0x80204  scheduler  swapper 
> ddb>
> -
> 
> So, back to my real question.
> Does this indicate a bad drive?
> Does this indicate a bad cable?
> Do I need to start swapping out parts to see where the problem is?
> Or, is there somewhere else I should be looking?
> 
> Thanks in advance for any pointers.
> 
> JohnM
> 
> 
> 
> 
> 
> > panic #1:
> > -
> > panic: kernel diagnostic assertion "(dirblo

OT: GUI programming languages

[Jacob Yocom-Piatt]

have been coding touchscreen-driven applications using visual basic 
lately and am sick of VB. i would much rather be using openbsd with 
another programming language that allows me to accomplish the same sort 
of stuff.


i have no "formal" CS background so am at a loss for good candidates. 
the applications in question are "click here, prints something in a text 
box, etc" ones that are not very complex. a language that allows me to 
generate GUIs quickly and securely would be nice.


if you feel the reply is not relevant to the list, please respond to me 
directly.


cheers,
jake

Re: FREEZE UPS! (I'M STILL HERE WOLF!)

[Peter Philipp]

On Sat, May 05, 2007 at 09:38:02AM +0200, Little Red Riding Hood marching 
through the forest wrote:
> Not sent to bugs@ because I'm not sure it could do much there.  I'm hoping 
> someone may be able to give hints on what to check, so I can resolve this 
> small issue.

Why would you wanna do that?!!!  can't you follow the precedure?

WHY DO YOU THINK YOU'RE SPECIAL!???


> I have a directory with 8000 .jpg's.  I run ImageMagick over these to cut out
> a certain section in order to later make an .avi out of them.  Yet my kernel
> freezes up.  Observed in X and in console.  [1]No drop to DDB because the USB
> keyboard is disabled from dropping into DDB (I do not have a serial console 
> device).  Here is the script:
> 
> ---
> #!/bin/sh
> 
> for i in 1*jpg; do 
> 
>   convert -resize 1024x768 -extract 1200x1000+300+0 $i AA$i
> done
> --

You're a loser!

> I've not experienced any freezeups on the previous kernel from a month ago,
> so it may (or not) be from something that's changed since.  Here is what
> I've done to cross-check what the problem may be:
> 
> * I checked source trees for anything that went in the last 5 weeks but did 
> not
> find anything that may be the culprit at first glance.
> * I've booted the kernel with boot -d in order to set break points (mainly wd 
> and ata stuff) because on my USB keyboard I cannot enter into DDB from 
> console.  This is to debug.  It didn't show anything when I stabbed into it.
> * I've disabled nviic and other i2c stuff and that wasn't it.  
> * I've removed the only hardware card in the system in order to make sure 
> it's not the ahc driver.
> * disabling apmd because of changes to hw_setperf code still froze the kernel.
> 
> All finger pointings and penetrations into finding the problem have resulted
> in a NO-GO and I still get Kernel FREEZE UPS!  (Infinite loops?) see 
> reference [1] (can't drop to DDB).  There are no messages in the logs about
> any bad hardware.

You know.. no matter what you say, you make no sense!  I've been watching
you, loser!  And what I saw was that you restored the kernel and userland
from last month!  Ah yeah!  And you were mumbling to yourself saying the
deraadt(!) doesn't want you to go back (revert).  Yet you broke that rule
as well!  DO YOU NEVER LEARN!?!

Anyhow!  watching you for a day now.. and your computer hasn't frozen up 
yet meaning perhaps that there is any new code for the last 30 days that
causes the freeze ups!!!

GET A LIFE PETER!  SERIOUSLY!  US SNOOPING DOGS DON'T HAVE TIME TO WATCH
YOU LIKE THIS!

-p


> dmesg of current kernel
> 
> OpenBSD 4.1-current (GENERIC) #970: Thu May  3 02:01:25 MDT 2007
> [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
> real mem = 1073278976 (1048124K)
> avail mem = 907788288 (886512K)
> using 22937 buffers containing 107536384 bytes (105016K) of memory
> mainbus0 (root)
> bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (39 entries)
> bios0: MICRO-STAR INTERNATIONAL CO., LTD MS-7125
> acpi at mainbus0 not configured
> cpu0 at mainbus0: (uniprocessor)
> cpu0: AMD Athlon(tm) 64 Processor 3500+, 2211.57 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
> 64b/line 16-way L2 cache
> cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
> cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
> cpu0: Cool'n'Quiet K8 2211 MHz: speeds: 2200 2000 1800 1000 MHz
> cpu0: AMD errata 86, 89, 97, 104 present, BIOS upgrade may be required
> pci0 at mainbus0 bus 0: configuration mode 1
> "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured
> pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3
> nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2
> iic0 at nviic0
> iic1 at nviic0
> iic1: addr 0x2f 00=84 01=0f 02=10 03=00 04=07 05=20 06=18 07=00 08=00 14=14 
> 15=62 16=02 17=05
> ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 10, version 
> 1.0, legacy support
> ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 11
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0
> uhub0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
> uhub0: 10 ports with 10 removable, self powered
> auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 5, 
> nForce4 AC97
> ac97: codec id 0x414c4790 (Avance Logic ALC850 rev 0)
> audio0 at auich0
> pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xa2: DMA, channel 
> 0 configured to compatibility, channel 1 configured to compatibility
> pciide0: channel 0 disabled (no drives)
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
> removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xa3: DMA
> pciide1: using irq 10 for nat

Re: Really stuck and help needed of resources depletions on web servers.

[Daniel Ouellet]

Maurice Janssen wrote:

On Monday, May  7, 2007 at 03:11:41 -0400, Daniel Ouellet wrote:
Every time, I process the logs with webalizer, no problem what so ever. 
Then a few customers wants the awstats version. So, I process that as 
well, however it's also processing multiple logs, but when the awstats 
PERL stuff kicks in, it does get the resources to the roof and badly so, 
that so far it had the impact of freezing the server as a results of this.


Now, why PERL would do this, I have no clue, but it does anyway in the 
usage done by awstats.


So far I reproduce this 5 times, so it's pretty consistent.

What may cause this, I do not know more, but look like when PERL needs 
to process huge amount of data, it end up affecting the server in ways 
to make it crash/freeze.


I don't think that Perl is the problem.  Other programs would probably
also be able to crash the machine, if the load is high enough.


So far 5x it's always happen with PERL kicking in and starting the load.


It could be a bug in the sparc64 port or bad RAM or some other hardware
related problem.  I've seen some strange behaviour [1] with sparc64 as
well, but I'm not sure wether this is due to a bug.


This is AMD64 and the RAM, I already replaced it 4 days ago to be sure 
with brand new one out of the box that I order last week.

Re: master volume problem

[Deanna Phillips]

bdz writes:

> I have an ASUS notebook that uses the azalia driver for the
> sound. The problem is that I can not adjust the volume with
> applicaions' volume control. That includes xfce and xmms
> too. In xfce's Sound setting panel there is only one mixer
> (mixer0) that is set, in xmms there is no mixer in the
> dropdown list. The only way I can do that is mixerctl
> outputs.mix0c=x,x which is not the most comfortable way. What
> I noticed is that there is no outputs.master that I think all
> the applications want to control. What should I do to fix that
> problem?

The support for your codec is incomplete.  You could build a
kernel with option AZALIA_DEBUG and send a dmesg to
[EMAIL PROTECTED]  That might speed up the process.

Your GIS subscription

[gisadmin]

A subscription change or cancellation request for your email address
misc@openbsd.org was just received on GISCafe. This message is to inform
you of this action and to provide you with a personalized URL that you
can use to make such modifications now or at any time in the future.

If you did not request a change or cancellation of your subscription to
any of our GIS publications or you have changed your mind, you don't need
to take any further action.

We hope you continue to take advantage of our service, providing you with
pertinent, up-to-date information about the GIS industry delivered right
to your desktop.

Please note that if you ever want to change or cancel your subscription,
you can do this any time by following the link at the bottom of each
issue.

But, for your convenience you may follow this link to edit your profile ,
or we are now providing you a personalized URL which may be used to
change or cancel your subscription as requested:
http://www10.giscafe.com/nl/newsletter_subscribe.php?enc_email=bWlzY0BvcGVuYnNkLm9yZw==&action=Edit&subscriber_key=34ace50c249e603a5fdeedba398efad9

You may want to retain this email for your records or even add a bookmark
for the personalized URL if you have exclusive access to your PC.
Remember that if you have subscribed through more than one of our
industry-focussed portals, this URL only pertains to a single site
(GISCafe).

If the URL provided above does not work, please cut and paste into your
browser.

GISCafe Administration
IBSystems, Inc.

GIS Weekly Review : May 07, 2007

[GISCafe Newsletter]

GIS Weekly Review

May 07, 2007
From: GISCafe

Previous Issues



NAVTEQ



Review Article eMail Article Print Article

Susan Smith - Managing Editor

Google My Maps for the Non-Technical User
April 30 - May 4, 2007 by Susan Smith
A weekly summary of recently published GIS product and company news,
featured downloads, customer wins, and coming events. Brought to you by
GISCafi.

Each week GISWeekly Review delivers to its readers news concerning the
latest developments in the GIS industry, along with a selection of other
articles that we feel you might find interesting. If we missed a story
that you feel deserved to be included, please contact us! Questions?
Feedback? Click here. Thank-you!



ADVERTISEMENT

ESRI

Welcome to GISWeekly!

GISWeekly examines select top news each week, picks out worthwhile
reading from around the web, and special interest items you might not
find elsewhere. This issue will feature Industry News, Top News of the
Week, Acquisitions/Alliances/Agreements, Announcements, Training, People,
New Products, Around the Web and Events Calendar.

GISWeekly welcomes letters and feedback from readers, so let us know what
you think. Send your comments to me at [EMAIL PROTECTED]

Best wishes,
Susan Smith, Managing Editor

Industry News
Google My Maps for the Non-Technical User
by Susan Smith

Although Google My Maps is aimed at the non-technical user, the
announcement made significant waves in the GIS press in early April.

On April 2, Google announced their new initiative of Google Maps, justly
named Google My Maps. With My Maps average users with no technical skills
can create their own custom maps and include text or photos or even
embedded videos.

Users will be able to directly contribute to Google Maps’ search results
with their custom maps, which is probably a large part of why Google has
created this feature.

Available for GIS users and IT professionals, are KML for developers and
also Google Maps API. For Maps API, a user definitely must be a
developer, and must know JavaScript and some programming. There is a
Google Maps for the Enterprise that allows big companies to use Maps API.
In contrast, the My Maps feature provides “a simple drag and drop
interface that lets the non technical user create maps that are just as
cool and interesting as those created by developers,” explained My Maps
product manager, Jessica Lee.

If this is the case, My Maps may ultimately make some software services
unnecessary.

With My Maps, you can choose to make your map public or unlisted. if you
choose public, then it will be included in Google search results and
anyone can search and find them, so millions of Google users will be able
to look at your map and see the content you’ve created . If you choose to
make it unlisted, it’s like an unlisted phone number, the url is still
public so all the maps automatically have a public url and it won’t be
included in search. The only people who will know about your map are the
people you tell about it. There is not yet a way to embed My Maps into
your website.

Currently there’s no way to do a bulk import of data, that’s something to
which KML is more suited, said Lee. “If you have a large amount of data,
you could turn that into a KML file, which you can also display on Google
Maps.” Users have asked for this feature.

In order to use My Maps, go to Maps.Google.com, where you’ll need to set
up a Google account. You can drop a placemark on the map, draw a line,
draw shapes, just like in regular Google Maps. When you click on one of
these markers, or lines or shapes and it pops open a little balloon with
more information inside it, and inside the balloon you could put any sort
of text, add photos or embed YouTube/Google videos. If you’re a power
user and know how to use html, you can use the full power of html to
customize that balloon to whatever you want.

Can you link to the balloons people have already put up there? “All maps
have a public url, so if you find a map you want to send to someone you
can send them the link,” replied Lee.

Can you copy a map that someone else started and add your own text and
photos, etc. and create your own thing? “Currently there is no easy way
to do that although people have requested it.” Lee did add that you can
copy things from Google search results pretty easily. If you do search
for a business, or come across someone else’s content in search results,
there’s a link that says “save to my Maps” and that will let you save it
to your own maps.

1 | 2 | 3 | 4 Next Page ;

You can find the full GISCafe event calendar here.

To read more news, click here.

-- Susan Smith, GISCafe.com Managing Editor.



Revie

Re: OpenBSD 4.1 Torrents

[Darren Spruell]

On 5/7/07, Tobias Ulmer <[EMAIL PROTECTED]> wrote:

Btw, pgp requires a working web of trust, it's not secure just because
you can sign something.
Joe Cracker can easily generate a key with "Theo de Raadt <[EMAIL PROTECTED]>"
and provides you with "signed" filesets. Who steps up to organise key
signing parties, worldwide?


Easy enough, distributed on the CDROM you buy at release time. :)

DS

Re: acpi vaio lcd brightness driver

[Marco Peereboom]

Cool.  What I am not sure about is if we want to have a bunch of little 
vendor drivers or a big driver that does all the vendor stuff.  I need 
to think this through.  Any comments?


giovanni wrote:

hello,

because I could not change the excessive lcd brightness of my laptop 
under openbsd I started searching for... this article

http://www.linux.it/~malattia/wiki/index.php/Sony-laptop
was the inspiration and I wrote this humble basic driver.
here it works well and I think it should also work for others
vaio laptops (or at least for vaios that have SBRT/GBRT acpi methods.

...
acpidock at acpi0 not configured
acpisnc0 at acpi0: SNC_
...

usage:
sysctl -w hw.brightness=0..8

giovanni

diff -ruN sys.orig/arch/i386/conf/GENERIC sys/arch/i386/conf/GENERIC
--- sys.orig/arch/i386/conf/GENERICFri Apr 27 11:03:35 2007
+++ sys/arch/i386/conf/GENERICSat Apr 28 09:22:37 2007
@@ -59,7 +59,7 @@
 pci*at mainbus0

 #optionACPIVERBOSE
-#optionACPI_ENABLE
+optionACPI_ENABLE

 acpi0at mainbus?disable
 #acpitimer*at acpi?
@@ -72,6 +72,7 @@
 acpiec*at acpi?disable
 acpiprt*at acpi?
 #acpitz*at acpi?
+acpisnc* at acpi?# sony notebook controller

 optionPCIVERBOSE
 optionEISAVERBOSE
diff -ruN sys.orig/dev/acpi/acpi.c sys/dev/acpi/acpi.c
--- sys.orig/dev/acpi/acpi.cFri Apr 27 10:46:22 2007
+++ sys/dev/acpi/acpi.cSat Apr 28 08:57:53 2007
@@ -65,6 +65,7 @@
 voidacpi_foundec(struct aml_node *, void *);
 voidacpi_foundtmp(struct aml_node *, void *);
 voidacpi_inidev(struct aml_node *, void *);
+void  acpi_foundsnc(struct aml_node *, void *);

 intacpi_loadtables(struct acpi_softc *, struct acpi_rsdp *);
 voidacpi_load_table(paddr_t, size_t, acpi_qhead_t *);
@@ -573,6 +574,9 @@
 /* attach docks */
 aml_find_node(aml_root.child, "_DCK", acpi_founddock, sc);

+  /* attach sony notebook control */
+  aml_find_node(aml_root.child, "GBRT", acpi_foundsnc, sc);
+
 /* create list of devices we want to query when APM come in */
 SLIST_INIT(&sc->sc_ac);
 SLIST_INIT(&sc->sc_bat);
@@ -1718,4 +1722,24 @@

 config_found(self, &aaa, acpi_print);
 }
+
+void
+acpi_foundsnc(struct aml_node *node, void *arg)
+{
+struct acpi_softc *sc = (struct acpi_softc *)arg;
+struct device   *self = (struct device *)arg;
+const char*dev;
+struct acpi_attach_args aaa;
+
+dnprintf(10, "found snc entry: %s\n", node->parent->name);
+memset(&aaa, 0, sizeof(aaa));
+aaa.aaa_iot = sc->sc_iot;
+aaa.aaa_memt = sc->sc_memt;
+aaa.aaa_node = node->parent;
+aaa.aaa_dev = dev;
+aaa.aaa_name = "acpisnc";
+   
+config_found(self, &aaa, acpi_print);

+}
+
 #endif /* SMALL_KERNEL */
diff -ruN sys.orig/dev/acpi/acpidev.h sys/dev/acpi/acpidev.h
--- sys.orig/dev/acpi/acpidev.hFri Apr 27 10:46:22 2007
+++ sys/dev/acpi/acpidev.hSat Apr 28 07:33:48 2007
@@ -311,5 +311,14 @@
 #define ACPIDOCK_EVENT_INSERT0
 #defineACPIDOCK_EVENT_EJECT3

+struct acpisnc_softc {
+struct device sc_dev;
+
+bus_space_tag_t sc_iot;
+bus_space_handle_tsc_ioh;
+
+struct acpi_softc *sc_acpi;
+struct aml_node *sc_devnode;
+};

 #endif /* __DEV_ACPI_ACPIDEV_H__ */
diff -ruN sys.orig/dev/acpi/acpisnc.c sys/dev/acpi/acpisnc.c
--- sys.orig/dev/acpi/acpisnc.cThu Jan  1 01:00:00 1970
+++ sys/dev/acpi/acpisnc.cSat Apr 28 15:14:59 2007
@@ -0,0 +1,89 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+extern int brtlevel;
+
+intacpisnc_match(struct device *, void *, void *);
+void acpisnc_attach(struct device *, struct device *, void *);
+void brightness(int*);
+
+static struct acpisnc_softc*sc;
+
+struct cfattach acpisnc_ca = {
+sizeof(struct acpisnc_softc), acpisnc_match, acpisnc_attach
+};
+
+struct cfdriver acpisnc_cd = {
+NULL, "acpisnc", DV_DULL
+};
+
+int
+acpisnc_match(struct device *parent, void *match, void *aux)
+{
+struct acpi_attach_args *aaa = aux;
+struct cfdata *cf = match;
+
+/* sanity */
+if (aaa->aaa_name == NULL ||
+strcmp(aaa->aaa_name, cf->cf_driver->cd_name) != 0 ||
+aaa->aaa_table != NULL)
+return (0);
+
+return (1);
+}
+
+void
+acpisnc_attach(struct device *parent, struct device *self, void *aux)
+{
+sc = (struct acpisnc_softc *)self;
+struct acpi_attach_args *aa = aux;
+struct aml_valueres;
+
+sc->sc_acpi = (struct acpi_softc *)parent;
+sc->sc_devnode = aa->aaa_node->child;
+
+printf(": %s\n", sc->sc_devnode->parent->name);
+   
+/* read GBRT i.e default stored brighteness level */
+if (aml_evalname(sc->sc_acpi, sc->sc_devnode, "GBRT", 0, NULL, 
&res)) {

+dnprintf(10, "%s: error reading current brightness", DEVNAME(sc));
+goto err;
+}
+   
+brtlevel = aml_val2int(&res);   
+  

Re: Error building 4.1-stable kernel from source on sparc64

[Michael]

Hi,

Luca Corti schrieb:
> No. I've just reextracted it just to be sure, but I still get the same
> error.
I got a sparc64 (Sun Ultra 5) running here which I upgraded from
4.0-stable to 4.1-stable. Just recompiled the kernel without any problems.


Michael


OpenBSD 4.1-stable (GENERIC) #1: Mon May  7 14:19:21 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 268435456
avail memory = 234446848
using 1638 buffers containing 13418496 bytes of memory
bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL 
PROTECTED],0
mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 400MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi (rev 9.1) @ 400 MHz, version 0 FPU
cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 2048K
external (64 b/l)
psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0
psycho0: bus range 0-2, PCI bus 0
psycho0: dvma map c000-dfff, iotdb 11364000-113e4000
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
pci1 at ppb0 bus 1
ebus0 at pci1 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
72c000-72c003, 72f000-72f003
power0 at ebus0 addr 724000-724003 ipl 37
"SUNW,pll" at ebus0 addr 504000-504002 not configured
sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0
sabtty1 at sab0 port 1
comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 37
wskbd0 at comkbd0: console keyboard
com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo
lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34:
polled
"fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl
39 not configured
clock1 at ebus0 addr 0-1fff: mk48t59
"flashprom" at ebus0 addr 0-f not configured
audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f,
722000-722003 ipl 35 ipl 36: nvaddrs 0
audio0 at audioce0
hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address
08:00:20:f9:10:f6
nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1
vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c
wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0
pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 0x7e0 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 19458MB, 39851760 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
pci2 at ppb1 bus 2
pcons at mainbus0 not configured
No counter-timer -- using %tick at 400MHz as system clock.
root on wd0a
rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02

Re: Really stuck and help needed of resources depletions on web servers.

[Maurice Janssen]

On Monday, May  7, 2007 at 03:11:41 -0400, Daniel Ouellet wrote:
>Every time, I process the logs with webalizer, no problem what so ever. 
>Then a few customers wants the awstats version. So, I process that as 
>well, however it's also processing multiple logs, but when the awstats 
>PERL stuff kicks in, it does get the resources to the roof and badly so, 
>that so far it had the impact of freezing the server as a results of this.
>
>Now, why PERL would do this, I have no clue, but it does anyway in the 
>usage done by awstats.
>
>So far I reproduce this 5 times, so it's pretty consistent.
>
>What may cause this, I do not know more, but look like when PERL needs 
>to process huge amount of data, it end up affecting the server in ways 
>to make it crash/freeze.

I don't think that Perl is the problem.  Other programs would probably
also be able to crash the machine, if the load is high enough.

It could be a bug in the sparc64 port or bad RAM or some other hardware
related problem.  I've seen some strange behaviour [1] with sparc64 as
well, but I'm not sure wether this is due to a bug.

>No,w that I was able to isolate the cause I will proceed the upgrades to 
>4.0 as I still don't have my CD for 4.1 yet, so I can't do that. It was 

You can use the 4.1-release from the FTP-servers (or even 4.1-stable
from ftp://ftp.su.se/pub/mirrors/openbsd_stable/ ).

Maurice


[1] 'make build' fails somewhere in gnu/usr.bin/binutils/ with missing
header files when /usr/obj is NFS-mounted.  It works fine when /usr/obj
is on a local FS.

Re: OpenBSD 4.1 Torrents

[Tobias Ulmer]

On Mon, May 07, 2007 at 11:57:50AM +0200, Martin Schr?der wrote:
> 2007/5/7, Adam Hawes <[EMAIL PROTECTED]>:
> >MD5 is proven weak.  It's possible to take almost any file and its
> >MD5 then create an identically sized file with the same hash in a
> >reasonable time.  This can be used to pass out an arbitrary CD
> >image that completely trashes the contents of your hard disk.  It
> >doesn't even need to be OpenBSD on the CD.
> 
> Your mixing collision and preimage attacks. The former are possible,
> the latter not.
> 
> Still, it's certainly time to switch to something better. PGP comes to 
> mind...
> 
> Best
>   Martin
> 
> 

Not specifically to you, Martin..

-

Instead of writing silly emails about theoretical md5 attacks and
wasting everyones time, how about sending a damn patch to tech@ that
'fixes' it?

MD5 sums are meant to be used for verification of a downloaded file in
case of transmit errors. If you own ftp.openbsd.org and upload trojaned
binaries, how hard is it to update the damn checksums file? It's like
rocket sience, yes!! Really hard! "But, but, but, i'm clever, i will use
checksums from another server!!1!" Yes, of course, the only problem is
that these other servers rsync in 2-8 hour intervals, which is a very tiny
window to detect anything. Even if you do, it's highly questionable that
you will be clever enough to ask yourself why they updated the filesets
and run a bindiff on them to check if it is trojaned or a legitimate
update.


When was the last commit to any of these projects from you guys:
http://netbsd-soc.sourceforge.net/projects/bpg/TODO
http://openpgp.nominet.org.uk/cgi-bin/trac.cgi

hmm?

Btw, pgp requires a working web of trust, it's not secure just because
you can sign something.
Joe Cracker can easily generate a key with "Theo de Raadt <[EMAIL PROTECTED]>"
and provides you with "signed" filesets. Who steps up to organise key
signing parties, worldwide?


SCNR, Tobias

master volume problem

[bdz]

I have an ASUS notebook that uses the azalia driver for the sound. The 
problem is that I can not adjust the volume with applicaions' volume 
control. That includes xfce and xmms too. In xfce's Sound setting panel 
there is only one mixer (mixer0) that is set, in xmms there is no mixer 
in the dropdown list. The only way I can do that is mixerctl 
outputs.mix0c=x,x which is not the most comfortable way. What I noticed 
is that there is no outputs.master that I think all the applications 
want to control. What should I do to fix that problem?


thank you
bdz

flea$ mixerctl -a
outputs.adc07.source=unknown18
record.adc07.mute=off
record.adc07=123,123
outputs.adc08.source=unknown1a
record.adc08.mute=off
record.adc08=123,123
outputs.adc09.source=unknown1c
record.adc09.mute=off
record.adc09=123,123
inputs.mix0b.unknown18=off
inputs.mix0b.unknown19=off
inputs.mix0b.unknown1a=off
inputs.mix0b.unknown1b=off
inputs.mix0b.unknown1c=off
inputs.mix0b.unknown1d=off
inputs.mix0b.unknown14=off
inputs.mix0b.unknown15=off
inputs.mix0b.unknown18=125,125
inputs.mix0b.unknown19=125,125
inputs.mix0b.unknown1a=125,125
inputs.mix0b.unknown1b=125,125
inputs.mix0b.unknown1c=125,125
inputs.mix0b.unknown1d=125
inputs.mix0b.unknown14=125,125
inputs.mix0b.unknown15=125,125
outputs.mix0c=123,123
inputs.mix0c.dac02.mut=off
inputs.mix0c.mix0b.mut=off
outputs.mix0d=123,123
inputs.mix0d.dac03.mut=off
inputs.mix0d.mix0b.mut=off
outputs.mix0e=123,123
inputs.mix0e.dac04.mut=off
inputs.mix0e.mix0b.mut=off
outputs.mix0f=123,123
inputs.mix0f.dac05.mut=off
inputs.mix0f.mix0b.mut=off
inputs.sel10.source=mix0c
inputs.sel11.source=mix0c
inputs.sel12.source=mix0c
inputs.sel13.source=mix0c
outputs.unknown14.mute=off
outputs.unknown14.dir=output
outputs.unknown14.boost=off
outputs.unknown15.mute=off
outputs.unknown15.dir=output
outputs.unknown15.boost=off
outputs.unknown16.mute=off
outputs.unknown16.dir=output
outputs.unknown16.boost=off
outputs.unknown17.mute=off
outputs.unknown17.dir=output
outputs.unknown17.boost=off
outputs.unknown18.mute=off
outputs.unknown18.dir=output
outputs.unknown18.boost=off
outputs.unknown19.mute=off
outputs.unknown19.dir=output
outputs.unknown19.boost=off
outputs.unknown1a.mute=off
outputs.unknown1a.dir=output
outputs.unknown1a.boost=off
outputs.unknown1b.mute=off
outputs.unknown1b.dir=output
outputs.unknown1b.boost=off
inputs.usingdac=02030405
record.usingadc=0809

flea$ dmesg
OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.73GHz ("GenuineIntel" 686-class) 
1.73 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2

real mem  = 1073049600 (1047900K)
avail mem = 971714560 (948940K)
using 4278 buffers containing 53776384 bytes (52516K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 06/08/05, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.3 @ 0xf8dd0 (36 entries)

bios0: ASUSTeK Computer Inc. M6V
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4750/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FB LPC" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x1
acpi at mainbus0 not configured
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06120d2606000d26
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1733 MHz (1308 mV): speeds: 1733, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM/PM/GMS Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82915PM/GM PCIE" rev 0x03
pci1 at ppb0 bus 3
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X600" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04: irq 5
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Realtek ALC880 (rev. 5.0), HDA version 0.9
azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: irq 4
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: irq 6
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x04: irq 5
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Inte

Re: ACPI question and status request

[Alexander Hall]

Gordon Willem Klok wrote:

On Sat, May 05, 2007 at 02:32:17AM +0200, Alexander Hall wrote:

acpicpu0 at acpi0: CPU0: 866, 667 MHz

apmd -C is your friend, without acpi this is done in SMM by
the bios at least it was on my lattitude before it kicked the
bucket.


$ pgrep -fl apmd
214 /usr/sbin/apmd -C

Thanks, but that was not really the issue. I was rather worried about 
fscking up the cooling of the machine or risking to damage something 
else by disabling the built-in routines and instead using something that 
might not fully handle everything.


However, if I do not get any more answers, I will assume that things 
more or less "just works", as I am used to with this OS. :-)


/Alexander

Re: OpenBSD 4.1 Torrents

[Martin Schröder]

2007/5/7, Adam Hawes <[EMAIL PROTECTED]>:

MD5 is proven weak.  It's possible to take almost any file and its
MD5 then create an identically sized file with the same hash in a
reasonable time.  This can be used to pass out an arbitrary CD
image that completely trashes the contents of your hard disk.  It
doesn't even need to be OpenBSD on the CD.


Your mixing collision and preimage attacks. The former are possible,
the latter not.

Still, it's certainly time to switch to something better. PGP comes to mind...

Best
  Martin

Re: : : : Serial console on OpenBSD 4.1 on HP ProLiant DL145 G3

[Raimo Niskanen]

On Thu, May 03, 2007 at 03:52:11PM +0200, Raimo Niskanen wrote:
> Beautiful! Thanks a lot!
> 
> But, which FM should I R? I have searched high and low
> alas apparently not right.
> 

Found it! Not a very illogical place, just one of many possible.

The "HP ProLiant Lights-Out 100 Remote Management User Guide" is
what I needed. How to find it follows.

>From the product page of the server;
"HP ProLiant DL145 G3 Server series - overview":
->  "Support & Drivers"
->  Resources for HP ProLiant DL145 G3 Server series:
"Manuals (guides, supplements, addendums, etc)"
->  User guide:
"HP ProLiant Lights-Out 100 Remote Management User Guide 
 (covers HP LO 100 features on HP Proliant ML110 G4 and later,
  DLl40 G3 and later, DL145 G3 and later,
  ML150 G3 and later servers)

In that User Guide:
Using LO100
Using CLP
CLP Syntax
Base commands
Specific commands
Accessing the remote console through telnet
BIOS console text redirection through telnet
Linux console redirection

> 
> 
> On Thu, May 03, 2007 at 03:25:20PM +0200, Reyk Floeter wrote:
> > hi!
> > 
> > On Thu, May 03, 2007 at 12:19:01PM +0200, Raimo Niskanen wrote:
> > > Aah, here we go again.
> > > 
> > > I still haven't figured out how to use the iLO remote console.
> > > 
> > > I have tried ssh towards the iLO IP address and get no connection.
> > > 
> > > I have tried telnet towards the iLO IP address and get a weird
> > > /./-> prompt. Can I do anything useful with it?
> > > 
> > 
> > RTFM ;)
> > 
> > /./-> cd system1
> > 
> > /./system1/-> show
> > /./system1
> > Targets
> > log1
> > 
> > Properties
> > name=Hewlett-Packard
> > enabledstate=enabled
> > 
> > Verbs
> > cd
> > version
> > exit
> > show
> > reset
> > start
> > stop
> > help
> > 
> > 
> > /./system1/-> stop
> > System1 stopped.
> > 
> > /./system1/-> start
> > System1 started.
> > 
> > 
> > > I have tried http towards the iLO IP address and get the
> > > server virtual power controls, etc, rather flashy, can remote
> > > power on, watch temperature sensors. Cool. But no console.
> > > 
> > > You (or someone) just briefly mentioned Esc-Q. Where is it used?
> > > 
> > 
> > just press ESC-q anywhere at the prompt
> > 
> > /./-> 
> > 
> > and you'll get the system console. leave it with ESC-(
> > 
> > > 
> > > 
> > > On Thu, May 03, 2007 at 01:41:32AM +0200, Reyk Floeter wrote:
> > > > On Wed, May 02, 2007 at 05:41:49PM +0200, Raimo Niskanen wrote:
> > > > > I have now spent the entre afternoon on it, but I can not get
> > > > > the serial console to work.
> > > > > 
> > > > >   boot> set tty com0
> > > > > gives no prompt anywhere. I have tried many BIOS settings
> > > > > (but probably not all).
> > > > > 
> > > > > Has anyone got it to work?
> > > > > 
> > > > 
> > > > yes, but i'm using it for the iLO remote console, not for the physical
> > > > serial interface. it might conflict with the iLO interface, i think
> > > > there are some related buttons in the BIOS IPMI/BCM section. 
> > > > 
> > > > # sysctl hw.product 
> > > > hw.product=ProLiant DL145 G3
> > > > # grep tty /etc/boot.conf 
> > > > set tty com0
> > > > # uname -m  
> > > >
> > > > amd64
> > > > 
> > > > reyk
> > > 
> > > -- 
> > > 
> > > / Raimo Niskanen, Erlang/OTP, Ericsson AB
> 
> -- 
> 
> / Raimo Niskanen, Erlang/OTP, Ericsson AB

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Error building 4.1-stable kernel from source on sparc64

[Luca Corti]

On Wed, 2007-05-02 at 14:11 -0400, Josh Grosse wrote:
> Just a wild guess, but did you forget to include comp41.tgz in your 
> install/upgrade?

No. I've just reextracted it just to be sure, but I still get the same
error.

ciao

Luca

Re: Really stuck and help needed of resources depletions on web servers.

[Daniel Ouellet]

OK,

I have some update on this one. It's not fix, but I was finally able to 
isolate how that problem is trigger. May be fix now, I don't know, but I 
 am passing the informations in case it's useful and also if someone 
could tell me if there was a logic behind it and if yes it would not 
happen in newer release.


What happen is so far 5 times I have the server crash, or I should say, 
freeze and sometime with the display showing


> extend_alloc_supregion: can't allocated region

Spelling may be wrong a bit as it was from a voice mail I give myself as 
I didn't have a pen to right down with and there wasn't anyway to access 
the keyboard, or console. All was frozen and no key was doing anyway.


This is on 3.9 and the dmesg was send before on this thread.

Now what's going on is the server stop responding, no access, no 
console, no keyboard, only reset will bring it back. But the broadcom 
network cards still answer to ping, so it didn't allow my CARP setup to 
kick in sadly here.


Now I did put in place a few trap and logs to try to see what's causing 
this as I had some ideas before, but wasn't sure to pass that along. 
However now I am.


Each time, all 5, it was cause when I have a script that run well for 4 
years, but as traffic grow on this web server so does the logs as well.


Every time, I process the logs with webalizer, no problem what so ever. 
Then a few customers wants the awstats version. So, I process that as 
well, however it's also processing multiple logs, but when the awstats 
PERL stuff kicks in, it does get the resources to the roof and badly so, 
that so far it had the impact of freezing the server as a results of this.


Now, why PERL would do this, I have no clue, but it does anyway in the 
usage done by awstats.


So far I reproduce this 5 times, so it's pretty consistent.

What may cause this, I do not know more, but look like when PERL needs 
to process huge amount of data, it end up affecting the server in ways 
to make it crash/freeze.


No,w that I was able to isolate the cause I will proceed the upgrades to 
4.0 as I still don't have my CD for 4.1 yet, so I can't do that. It was 
order a long time ago, but with a book as well that was taken out now. 
So, I expect that to be the cause of the delay.


Anyway, any feedback as to how PERL may cause this and what may be done 
to avoid this?


Hope this is useful to some and if not, then sorry for the noise.

Best,

Daniel