Re: OpenCVS
On 9/19/07, Adrian Fisher <[EMAIL PROTECTED]> wrote: >1. Who here knows about OpenCVS? >2. How is it used? >3. When will it be released? Will it be released at the same time as >4.2? > > > Regards, > > A. > > 1. OpenCVS is developed by several of the OpenBSD developers, those I see commit most is xsa@, niallo@, ray@ and lateley a lot by [EMAIL PROTECTED] 2. It's a replacement for GNU CVS so it's compatiable with it. Their goal is first to make sure everything supported in GNU CVS should be supported in OpenCVS. 3. Do not know about release, probobly not ready for prime time yet. But I'm sure it needs testers, that will speed up the development. Ps. I'm not a developer. ds. br Dunceor
carp ip balancing (-current)
Hi, I'm trying CARP ip balancing on openbsd 4.2 (-current). I have 3 boxes (host A, host B and host C) so I started configuring carp interfaces according manual: A# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid 7 link0 link1 A# ifconfig carp1 10.10.10.100 netmask 255.255.248.0 vhid 8 advskew 100 B# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid 7 advskew 100 link0 link1 B# ifconfig carp1 10.10.10.100 netmask 255.255.248.0 vhid At this point everything works but there is no IP load balancing, because on host B both interfaces are in backup mode. So I've enabled carp preempt on both hosts: A# sysctl net.inet.carp.preempt=1 B# sysctl net.inet.carp.preempt=1 Now carp1 is master on host B, and it's doing load balancing, so i decided to add host C (maybe we need to add this to example section in the manual, like it's done for arp load balancing? Or is it just coincidence and you don't really need carp preemtp?): C# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid 7 advskew 200 link0 link1 As soon as I wrote this command I lost connection to host C (did that remotely), so I guess tomorrow I'll have to check what happened, but maybe someone knows what did I do wrong (maybe advskew should equal for all backup hosts in the pool? but I assumed that you have to manage priorities that's why I've set it to 200, or maybe the fact that I've set carp.preempt is messing around something?) Dane
Re: ifconfig output for nfe
Daniel Ouellet wrote: Jonathan Gray wrote: SX looks plain wrong anyway. Can you provide a dmesg? This is perhaps related to the phy that attaches to nfe rather than nfe itself. A bit more. Looking in logs, etc. I found this: nfe0: tx v2 error 0x6004 Searching on google didn't bring much other then a problem that was visible in 3.9 and that was fixed then based on the archive content: http://archives.neohapsis.com/archives/openbsd/2006-04/1326.html http://archives.neohapsis.com/archives/openbsd/2006-04/1308.html That's all I have so far. Also this error too: nfe0: tx v2 error 0x6204
Re: ifconfig output for nfe
Jonathan Gray wrote: SX looks plain wrong anyway. Can you provide a dmesg? This is perhaps related to the phy that attaches to nfe rather than nfe itself. A bit more. Looking in logs, etc. I found this: nfe0: tx v2 error 0x6004 Searching on google didn't bring much other then a problem that was visible in 3.9 and that was fixed then based on the archive content: http://archives.neohapsis.com/archives/openbsd/2006-04/1326.html http://archives.neohapsis.com/archives/openbsd/2006-04/1308.html That's all I have so far.
Crash on X4100 M2 with more details
OK, To follow on this and to try to isolate more problem, I did the following tests. - Setup two boxes, both Sun X4100 M2. - The source box is using i386.mp version 4.2 - The destination box is using amd64.mp version 4.2 (same with current) - Configure public IP's on the em0 interface of both. - Configure RFC1918 Ip's on the nfe0 of both of them. - Created a dummy big file to transfer between them like below dd if=/dev/zero of=/tmp/bigdummy bs=1m count=1000 - Then initiate the transfer using the nfe0 cards. So, server 1 to server 2 like this: scp /tmp/bigdummy [EMAIL PROTECTED]:/tmp/ The transfer was successful no problem, but slow as I couldn't force the usage of the network card properly. No matter what I do, it does use 10mb hald-duplex. I sent a previous email on that to misc@ title "ifconfig output for nfe" with the issue for that specific network card. Now did the exact same thing, everything else stay equal, but this time using the em0 card on both servers like this: scp /tmp/bigdummy [EMAIL PROTECTED]:/tmp/ Note the IP above, I use a block of 66.63.19.64/27 for this test, so both server would use that em0 interface instead and then very shortly after the start of the transfer, the destination server crash and reset itself, every time. Now is that exclusively a problem with em, I can't say for sure as I can start to transfer the file between then and full saturate the 100Mb port and then crash, but I can't saturate the port with the nfe, as I can't configure it to use 100Mb and the auto negotiation do not work on it wither. So, would it crash if the same transfer speed would be equal, that I wish I could answer, but I can't right now, until I find a way to push the traffic at the same level using the two different network card. Daniel
Re: ifconfig output for nfe
SX looks plain wrong anyway. Can you provide a dmesg? This is perhaps related to the phy that attaches to nfe rather than nfe itself. Sure, here is one of them. OpenBSD 4.2 (GENERIC.MP) #1378: Tue Aug 28 10:48:58 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3757625344 (3583MB) avail mem = 3635965952 (3467MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfbd50 (70 entries) bios0: vendor American Megatrends Inc. version "0ABJX039" date 04/11/2007 bios0: Sun Microsystems Sun Fire X4100 M2 acpi at mainbus0 not configured ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca4/2 spacing 1 mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual-Core AMD Opteron(tm) Processor 2216, 2393.96 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu2 at mainbus0: apid 2 (application processor) cpu2: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu2: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu3 at mainbus0: apid 3 (application processor) cpu3: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu3: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 128 is type PCI mpbios: bus 129 is type PCI mpbios: bus 130 is type PCI mpbios: bus 131 is type PCI mpbios: bus 132 is type PCI mpbios: bus 133 is type PCI mpbios: bus 134 is type PCI mpbios: bus 135 is type ISA ioapic0 at mainbus0 apid 15 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 16 pa 0xfeafd000, version 11, 7 pins ioapic1: misconfigured as apic 0, can't remap to apid 16 ioapic2 at mainbus0 apid 17 pa 0xfeafc000, version 11, 7 pins ioapic2: misconfigured as apic 1, can't remap to apid 17 ioapic3 at mainbus0 apid 14 pa 0xfeaff000, version 11, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3 nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2 iic0 at nviic0: disabled to avoid ipmi0 interactions iic1 at nviic0: disabled to avoid ipmi0 interactions ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: apic 15 int 11 (irq 11), version 1.0, legacy support ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: apic 15 int 5 (irq 5) usb0 at ehci0: USB revision 2.0 uhub0 at usb0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 3 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: apic 15 int 15 (irq 15), address 00:14:4f:7d:91:ea eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 2 ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci2
Re: ifconfig output for nfe
Here is more. May be I do not understand the reading, I understand it to mean for example: >> media: Ethernet 10baseT (1000baseSX half-duplex) Would be hard configuration to be 10mb half-duplex and then the (xx) would show what is actually in use. Isn't this correct? I may be confuse, but that's what I understand. Now if so, here below some of the various display and changes to see the results. # ifconfig -m nfe0 nfe0: flags=8843 mtu 1500 lladdr 00:14:4f:7d:a6:de media: Ethernet 100baseTX full-duplex (1000baseSX full-duplex) status: active supported media: media none media 10baseT media 10baseT mediaopt full-duplex media 100baseTX media 100baseTX mediaopt full-duplex media 1000baseSX media 1000baseSX mediaopt full-duplex media 1000baseT media 1000baseT mediaopt full-duplex media autoselect inet 192.168.100.75 netmask 0xff00 broadcast 192.168.100.255 inet6 fe80::214:4fff:fe7d:a6de%nfe0 prefixlen 64 scopeid 0x1 # ifconfig nfe0 media 10baseT # ifconfig nfe0 nfe0: flags=8843 mtu 1500 lladdr 00:14:4f:7d:a6:de media: Ethernet 10baseT (1000baseSX half-duplex) status: active inet 192.168.100.75 netmask 0xff00 broadcast 192.168.100.255 inet6 fe80::214:4fff:fe7d:a6de%nfe0 prefixlen 64 scopeid 0x1 # ifconfig nfe0 media 10baseT mediaopt full-duplex # ifconfig nfe0 nfe0: flags=8843 mtu 1500 lladdr 00:14:4f:7d:a6:de media: Ethernet 10baseT full-duplex (1000baseSX full-duplex) status: active inet 192.168.100.75 netmask 0xff00 broadcast 192.168.100.255 inet6 fe80::214:4fff:fe7d:a6de%nfe0 prefixlen 64 scopeid 0x1 # ifconfig nfe0 media 100baseTX # ifconfig nfe0 nfe0: flags=8843 mtu 1500 lladdr 00:14:4f:7d:a6:de media: Ethernet 100baseTX (1000baseSX half-duplex) status: no carrier inet 192.168.100.75 netmask 0xff00 broadcast 192.168.100.255 inet6 fe80::214:4fff:fe7d:a6de%nfe0 prefixlen 64 scopeid 0x1 # ifconfig nfe0 media 100baseTX mediaopt full-duplex # ifconfig nfe0 nfe0: flags=8843 mtu 1500 lladdr 00:14:4f:7d:a6:de media: Ethernet 100baseTX full-duplex (1000baseSX full-duplex) status: active inet 192.168.100.75 netmask 0xff00 broadcast 192.168.100.255 inet6 fe80::214:4fff:fe7d:a6de%nfe0 prefixlen 64 scopeid 0x1 # ifconfig nfe0 media 1000baseSX
Re: ifconfig output for nfe
On Wed, Sep 19, 2007 at 10:05:35PM -0400, Daniel Ouellet wrote: > Hi, > > Looking on the man page, the ifconfig is suppose to show the stage of the > network cards, and it can't show the proper configuration on the nfe cards, > even if I force the configuration to fix value, I always get the same > results: > > nfe0: flags=8843 mtu 1500 > lladdr 00:14:4f:7d:91:ea > media: Ethernet autoselect (1000baseSX full-duplex) > status: active > inet 192.168.100.77 netmask 0xff00 broadcast 192.168.100.255 > inet6 fe80::214:4fff:fe7d:91ea%nfe0 prefixlen 64 scopeid 0x1 > > Plus I know for sure here it can't be Gb as the switch it is connected to > is not a Gb. > > This is the same results with 4.1, 4.2 and current. Same box Sun X4100 M2. > > Any clue on this? SX looks plain wrong anyway. Can you provide a dmesg? This is perhaps related to the phy that attaches to nfe rather than nfe itself.
ifconfig output for nfe
Hi, Looking on the man page, the ifconfig is suppose to show the stage of the network cards, and it can't show the proper configuration on the nfe cards, even if I force the configuration to fix value, I always get the same results: nfe0: flags=8843 mtu 1500 lladdr 00:14:4f:7d:91:ea media: Ethernet autoselect (1000baseSX full-duplex) status: active inet 192.168.100.77 netmask 0xff00 broadcast 192.168.100.255 inet6 fe80::214:4fff:fe7d:91ea%nfe0 prefixlen 64 scopeid 0x1 Plus I know for sure here it can't be Gb as the switch it is connected to is not a Gb. This is the same results with 4.1, 4.2 and current. Same box Sun X4100 M2. Any clue on this?
Re: another spamd-setup question
--- Mike Erdely <[EMAIL PROTECTED]> wrote: > On Wed, Sep 19, 2007 at 06:16:32PM -0400, Juan Miscaro wrote: > > I tried it but whenever I include the larger 'uatraps' I get: > > > > pfctl: Cannot allocate memory. > > > > I have plenty of free memory and cpu. Not sure why it's breaking > up. > > man pf.conf(5). look for table-entries Thank you. // juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
Re: operator permissions: a wish-list
On Wed, Sep 19, 2007 at 11:12:33PM +0100, Stuart Henderson wrote: > On 2007/09/19 17:46, Matthew Szudzik wrote: > > I was wondering if the participants in misc@openbsd.org would help me > > brainstorm. I want to give the operator group greater permissions than it > > currently has, so that any member of the group can perform most of the > > basic actions of a system administrator or desktop/laptop owner, without > > resorting to sudo. > > "resorting to"? but that's good, since then it gets logged... I agree, except that there's the warning that you don't put anyone in sudo that you wouldn't trust with root access. Lets take a typical family setup. Mom is the SA who knows the root password. Dad can be operator and do stuff with sudo. However, the kids may just want to listen to CDs, watch DVDs, access their homework on a USB stick, rip a CD to MP3 and transfer it to their player or move MP3s from their player and burn them to a CD. Is it appropriate for the kids to use sudo or is there a security risk since you do not want the kids to get root. They may also need to have the modem access the internet. I don't know the details of this on OBSD yet since I use dialup via my Debian box. > > > The first thing on my wish-list is greater device access. The operator > > should have read/write access to many of the devices in /dev, especially > > USB drives, tape drives, and CD drives. > Just not e.g. hard drives. > USB, CD drives -> sounds like a job that could be done with amd(8). However, suppose you want to mount a USB/CD, check something, unmount it, and mount another? I don't see a way to tell amd to unmount before it timesout. Your suggest is similar to the way devices are handled in Debian. On my Debian box, I'm in the following groups for the following reasons: dtutty: standard default login group adm: so I can read logs dialout: so I can use minicom to access the modem directly cdrom: so I can mount the cdrom, burn CDs, etc floppy: ditto for floppies audio: so I can adjust the mixer settings and hear music and movies dip: so I can pon the internet video: so I can watch movies plugdev: so I can mount and access USB sticks, Palm, etc staff: similar to OBSD's operator group. ssh: So I can limit who can run ssh. The definitive info on groups in Debian comes from the documentation with the base-passwd package in the users-and-groups.html file which I can email to you if you like: 19 KB in html, 5.3 KB in text. The document itself is under the GPLv2 but you will only be reading it not modifying it to include in OBSD :)) -- If it weren't for the warnings about sudo and people you don't trust with root, I think that using sudo with groups is the best approach. Then you don't have to change bits of the system all over the place. It _may_ (I don't know) be easier or better to close any security concerns in the commands that would be run under sudo (such as mount). Then there could just be provided a default sudoers file that gave abilities to groups, with no default members in those groups. Just my random thoughts. I'm very new to OBSD and have been using Debian since before it trended towards clicky-pointy Lindows. :) Doug.
Skype on OpenBSD 4.1 using Fedora RPM
Hi, Is there anybody successfully using skype on OpenBSD 4.1 using Linux emulation? If so which RPM are you using? Thank you so much Kind Regards Siju
Re: another spamd-setup question
On 2007/09/19 18:16, Juan Miscaro wrote: > I tried it but whenever I include the larger 'uatraps' I get: > pfctl: Cannot allocate memory. use 4.1 or newer spamd, don't use "blacklist only" mode.
Re: SMP Support?
Stuart Henderson wrote: On 2007/09/19 19:00, Daniel Ouellet wrote: Le me know how it goes with current, I am curious as so far all feedback I got is no one yet can get an AMD64.mp stable at this time this must be hardware-dependent, my main desktop is amd64 MP (opteron 175 i.e. dual-core) and gives no trouble on -current. And that's what I am trying to find out as to where the problem possibly might be. There was feedback as to not having any problem with the Sun X4100 on the list before. May be they were not multi core, and/or multi processor, I can't say as it wasn't said, but I have 4 of them and all 4 can't be stable by any mean with amd64. Very obvious with the mp and less sensitive with the single processor kernel, but still crash. All four of them, so that's not a single hardware box problem. I tried current, some special patches, stable, went back to 4.1 and none are stable by any mean. I have been doing research for many weeks so far and try to isolate the problem the best way I can and still no success yet. I haven't give up yet, but I am honestly starting to run out of ideas however. Try different BIOS version, RAID no RAID, custom kernel, acpi on/off. Disable component in BIOS, etc. Still same results, not to the same extend every time, but no stable box yet that I could beat up and fell confident in it. I have one more stupid idea I will try tonight, but for this I need to drive to the site these boxes are install and that's about 2 hours drive back and forth. However, it is worth the trip to me as I think it might be something that may help isolate part of the problem anyway. But that's where I am now.
Re: another spamd-setup question
On Wed, Sep 19, 2007 at 06:16:32PM -0400, Juan Miscaro wrote: > I tried it but whenever I include the larger 'uatraps' I get: > > pfctl: Cannot allocate memory. > > I have plenty of free memory and cpu. Not sure why it's breaking up. man pf.conf(5). look for table-entries -ME
Re: another spamd-setup question
Juan Miscaro wrote: I tried it but whenever I include the larger 'uatraps' I get: Look at set limit table-entries. man pf
Re: SMP Support?
On 2007/09/19 19:00, Daniel Ouellet wrote: > > Le me know how it goes with current, I am curious as so far all feedback I > got is no one yet can get an AMD64.mp stable at this time this must be hardware-dependent, my main desktop is amd64 MP (opteron 175 i.e. dual-core) and gives no trouble on -current.
Re: another spamd-setup question
--- Bob Beck <[EMAIL PROTECTED]> wrote: > spews has been dead for a while. this is why with > recent releases of openbsd, we don't include it in the example > files anymore - spews started taking a tack of basically > including every ISP on the planet, since only big companies > should be able to send mail. which, of course, is bullshit. > > I use uatraps and nixspam. I tried it but whenever I include the larger 'uatraps' I get: pfctl: Cannot allocate memory. I have plenty of free memory and cpu. Not sure why it's breaking up. // juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: SMP Support?
Boris Goldberg wrote: I have pretty much the same picture with HP ProLiant 320 G5 (Dual Core Pentium-D 925). The server is new and passes all tests from the HP maintenance CD. I couldn't make what BIOS version you were actually running there, but you did check to make sure you have the latest one right? http://h18023.www1.hp.com/support/files/server/us/revision/9753.html Le me know how it goes with current, I am curious as so far all feedback I got is no one yet can get an AMD64.mp stable at this time, witch is pretty unusual for a release to come to not be stable in regular operation. Looks like will have to use i386.mp instead, witch so far, looks ok for me anyway, but I can't run the amd64 version, single or multi processor in a stable way, so no way this can go into production. Kind of a bummer.
Re: [MVLUG] Sun Systems
If you don't get takers, Bring them by the store/warehouse. Roger Jones WWW.EdgarDigital.com , LLC WWW.Cyberquipment.com Cyberquipment on eBay In ALL replies, please include ALL previous E.MAIL messages -- if these are not included we will not be able to properly help you. Alternate email [EMAIL PROTECTED] Jonathan Lindsey wrote: > I have several old sun workstations that I'm going to get rid of. > These include many sparc classics, a sparc 4, 5, 10, and 20. Nothing > over 60Mhz I don't think. Before I just get rid of them does anyone > want them? I have a sun monitor too. And several external drives, > including some tape drives. I just don't have time/space to deal with > them anymore. > > -Jonathan > > Las Cruces, NM > > > >___ >MVLUG-list mailing list >[EMAIL PROTECTED] >http://lists.fastwave.biz/mailman/listinfo/mvlug-list
operator permissions: a wish-list
Inspired by a recent post http://marc.info/?l=openbsd-misc&m=118999679514195 I was wondering if the participants in misc@openbsd.org would help me brainstorm. I want to give the operator group greater permissions than it currently has, so that any member of the group can perform most of the basic actions of a system administrator or desktop/laptop owner, without resorting to sudo. Of course, this is not without some risk, but the acid test I will use is: (1) Is permission to perform the action required by most desktop/laptop owners and low-level system administrators during routine or everyday work? (2) If "yes", then does permitting the operator group to perform this action expose the system to no more risk than permitting the individual to perform the action with sudo? The idea is that if almost everybody is giving themselves these permissions with sudo, then we might as well automatically grant these permissions to members of the operator group. The first thing on my wish-list is greater device access. The operator should have read/write access to many of the devices in /dev, especially USB drives, tape drives, and CD drives. This could be accomplished by giving the devices operator ownership. But which devices shouldn't the operator have read/write access to? And then there is CD/DVD burning. What permissions does an operator need to burn a CD or DVD (with cdrecord or growisofs) without logging in as root?
Re: operator permissions: a wish-list
On 2007/09/19 17:46, Matthew Szudzik wrote: > I was wondering if the participants in misc@openbsd.org would help me > brainstorm. I want to give the operator group greater permissions than it > currently has, so that any member of the group can perform most of the > basic actions of a system administrator or desktop/laptop owner, without > resorting to sudo. "resorting to"? but that's good, since then it gets logged... > The first thing on my wish-list is greater device access. The operator > should have read/write access to many of the devices in /dev, especially > USB drives, tape drives, and CD drives. USB, CD drives -> sounds like a job that could be done with amd(8). tape drives -> operator already has rw.
Re: Define hosts lookup for pf.conf
> fresh pom blood perchance? > Fresh luser blood. Non Ex Transverso Sed Deorsum... Now, please return to discussing openbsd... -Bob
Re: ACPI Security
Nick Guenther wrote: > > I just came across these notes on ACPI: > http://lwn.net/2001/0704/kernel.php3 (search down for "acpi") and got > wondering what OpenBSD's take on securing ACPI is. Can AML code > actually be an attack vector, or are there safeguards in place in > OpenBSD against that? Well, if you have access to a machine before the OS loads, all bets are off. I can load up a different BIOS that gives me a backdoor, or load up a bunch of AML that does funky stuff. Really nothing you can do to prevent that. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: another spamd-setup question
Bob Beck <[EMAIL PROTECTED]> writes: > spews has been dead for a while. this is why with > recent releases of openbsd, we don't include it in the example > files anymore - spews started taking a tack of basically > including every ISP on the planet, since only big companies > should be able to send mail. which, of course, is bullshit. Now you mention it, I think I heard some months back that it was no longer maintained. I used it for a while back in 2004, but there were just too many false positives (including the entire range for an ISP where the owner of a house I was considering buying at the time was a customer), so we ditched it after a few weeks. Looking at the data (the netmasks! the netmasks!) I would say they won't be missed. Anyway, good to see that the sample spamd.conf is actively maintained. Not that I would expect otherwise, of course. > I use uatraps and nixspam. Nixspam, from descriptions they put on their web seems to be run according to sound principles at least (hm. footnote material possibly). And as you are probably aware, I like uatraps a lot (even if in my spamd.confs it has a different name, I was an early tester who never stopped - better change my examples), and greytrapping is still just too much fun (see .signature for blog ref) to quit doing. > China and korea are still relatively accurate, but > for my mind, of dubious value - I do not use them myself, > perfering to rely on *actual* spam sources rather than just > countries that are unresponsive to spam complaints. That > may have been valid 5 years ago, but IMO, now most of the > world is numb to them, not just China and Korea. My sentiments exactly. Plus, if I blacklisted all of China, I wouldn't be able to communicate with the people who built my laptop! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
OpenCVS
1. Who here knows about OpenCVS? 2. How is it used? 3. When will it be released? Will it be released at the same time as 4.2? Regards, A.
Re: SMP Support?
Hello Daniel, Monday, September 17, 2007, 3:14:05 PM, you wrote: DO> Now that is working do me a favor and try to compile the userland and DO> kernel with that bsd.mp acpi enable kernel. DO> Also, try if possible to make transfer of huge files between two boxes DO> well connected to try to at a minimum get close to 100Mb/sec of DO> transfer, or more if you have Gb access. DO> In my case, it will crash every time still. DO> Then the compile is ok with bsd, but still crash with bsd.mp in some cases. DO> I am curious to know if that specific to my hardware, or if others have DO> the same problem. I have pretty much the same picture with HP ProLiant 320 G5 (Dual Core Pentium-D 925). The server is new and passes all tests from the HP maintenance CD. If we enable APIC in the BIOS it's very slow, reboots itself, crashes with random error or hangs with bsd.mp, and not really stable even with bsd. If disable APIC - than sees only one CPU with bsd.mp. If enable ACPI in the bsd.mp (using config -ef) having APIC disabled - crashes during boot (with that path you where talking about or without it): OpenBSD 4.1 (GENERIC.MP) #1225: Sat Mar 10 19:23:18 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR real mem = 1071640576 (1046524K) avail mem = 970375168 (947632K) using 4278 buffers containing 53706752 bytes (52448K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xee000 (47 entries) bios0: HP ProLiant DL320 G5 pcibios0 at bios0: rev 3.0 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801GB LPC" rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcc400/0x1000 0xcd400/0x1000 0xce400/0x3400! 0xe6000/0x2000! acpi0 at mainbus0: rev 2panic: malloc: allocation too large Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb{0}> trace Debugger(191f9000,0,d08bbca8,2,7) at Debugger+0x4 panic(d068111a,d08bbcc4,1000,d0760520,) at panic+0x63 malloc(f0009bd8,2,1,d064d1a8) at malloc+0x7a acpi_load_table(0,f0009bd0,d1a33c3c,0,0) at acpi_load_table+0x19 acpi_loadtables(d1a33c00,e91f7f00,1,11) at acpi_loadtables+0x14d acpi_attach(d1a31fc0,d1a33c00,d08bbe80,0,e91f7000) at acpi_attach+0xc6 config_attach(d1a31fc0,d073d550,d08bbe80,d048faf4) at config_attach+0xef mainbus_attach(0,d1a31fc0,0,0,d08ba330) at mainbus_attach+0x2e5 config_attach(0,d073a4cc,0,0,d077fe80) at config_attach+0xef config_rootfound(d06a1b18,0,d08bbf38,d0463166) at config_rootfound+0x27 cpu_configure(0,1,3,0,2) at cpu_configure+0x29 main(0,0,0,0,0) at main+0x368 ddb{0}> c The operating system has halted. Please press any key to reboot. Played with 4.1 -stable so far. Didn't consider beta for production, but will try -current. I'm going to combine and post detailed report later. -- Best regards, Borismailto:[EMAIL PROTECTED]
Re: another spamd-setup question
spews has been dead for a while. this is why with recent releases of openbsd, we don't include it in the example files anymore - spews started taking a tack of basically including every ISP on the planet, since only big companies should be able to send mail. which, of course, is bullshit. I use uatraps and nixspam. China and korea are still relatively accurate, but for my mind, of dubious value - I do not use them myself, perfering to rely on *actual* spam sources rather than just countries that are unresponsive to spam complaints. That may have been valid 5 years ago, but IMO, now most of the world is numb to them, not just China and Korea. -Bob * Peter N. M. Hansteen <[EMAIL PROTECTED]> [2007-09-19 11:53]: > Juan Miscaro <[EMAIL PROTECTED]> writes: > > > http://www.openbsd.org/spamd/spews_list_level1.txt.gz > > Fetching that one with wget gets me a file with its timestamp in > February, which probably means that it's no longer maintained and by > now it's useless: > > $ ls -l *txt.gz > -rw-r--r-- 1 peter peter 104231 Feb 22 2007 spews_list_level1.txt.gz > > That is, to the degree that it was ever useful. If you look at the > data, it contains entire /16s. Your choice, of course, but I would > personally not recommend any blacklists other than beck@'s freshly > trapped and agressively maintained list (uatraps in recent spamd.conf > files). > > The other ones are more recent, but I am less than convinced it is > actually smart to block address space supposedly representing entire > countries. Maybe it's because part of what makes my living is > localization, with the occasional customer in one of those (to me) > faraway countries. > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > -- #!/usr/bin/perl if ((not 0 && not 1) != (! 0 && ! 1)) { print "Larry and Tom must smoke some really primo stuff...\n"; }
Re: problems with ral0 and OBSD 4.0
On Wed, Sep 19, 2007 at 08:13:10PM +0200, Alessandro Roncari wrote: > can I ask you, what mode are you using, 11b or 11g? and which channel? ral0: flags=8843 mtu 1500 lladdr 00:0c:f6:26:0d:b2 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid stupendous chan 1 bssid 00:0c:f6:26:0d:b2 100dBm inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::20c:f6ff:fe26:db2%ral0 prefixlen 64 scopeid 0x2 > did you try different channels? I have a slightly different chipset, > 2561s > will try a different antenna though mine is a 9dBi and I thought it was > enough That should be enough, since mine is 8dBi. :) If it's an omnidirectional anntenna: I understand that you don't get good reception when the antenna is placed on the third floor, and you're on the first floor directly underneath the antenna. Since my antenna is located at the top floor of my house, I just attached it horizontally to the ceiling. I don't know if my understanding is correct, but hey, it works. :) > I think there is also like you say a problem of packet loss, because > even when the signal is good, the internet connection is weak or drops. This is easily shown using ping, especially with the "-f" option. -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
aes 256 in ipsec.conf ?
Hi, is AES 256 cipher supported in OBSD 4.1 ipsec implementation? If it is, how can I specify this as input to ipsecctl ( ipsec.conf )? regards Christoph
����� ������� �������� ��� ��� ����� ������� ��������� ������ �������; ���� ���� ����� ���� �� ����� ����� 110 ������ ����
[IMAGE]Having trouble reading this email? See it in your browser ArabianBusiness.com Daily News Alert GHMK ]m Gacf^Z: GaCMO ,19 SHJcHQ 2007 [IMAGE] GaCNHGQ GaQFmSmI JcGS_ GaZcaGJ GaNamLmI HZO N]V CSZGQ Ga]GFOI GaCcQm_mI fJQGLZ GaOfaGQ GaOfaGQ mSLa COdl cSJfl ae ]m 15 ZGcG HZO N]V Ga]GFOI fJCKmQ cMOfO Zal GaZcaGJ ]m GaNamL CcmQ ^XQm mTJQm ^UQG ]m HGQmS c^GHa 110 caGmmd OfaGQ ^UQ ]dO^ aGcHQJ mZO cd GaZaGcGJ GaHGQRI ]m HGQmS fGSJVG] GaZOmO cd GaM]aGJ GaUGNHI NaGa GaSHmZdGJ fGaKcGdmdGJ ArabianBusiness.com JobsBrowse all jobs ; Business Operations Manager Dubai, UAE Head of Risk - Banking Doha, Qatar Head of Proprietary Trading Doha, Qatar [IMAGE] JSfm^ fEZaGc GaNamLmfd mJUOQfd ^GFcI "]fQHS" aaZGFaGJ Gaca_mI GaC_KQ KQGA Ga^GFcI JVcdJ SJI CScGA aC]QGO cd GaZGFaGJ GaMG_cI aOfa GaNamL cd ELcGam NcSI ZTQ GScGp JVcdJeG GaaGFMI J_dfafLmG "GJUGaGJ" JOQS NXI aaJ^GZO GacH_Q ]m GaGJUGaGJ GaHG_SJGdmI GaHQdGcL m^Oc acfY]m GaTQ_I JSfmI cGamI fc_G]BJ adeGmI GaNOcI ]m EXGQ LefOeG aJZRmR _]GAI cfY]meG fZcamGJeG ^XGZ ZGc GacQCI GaZQHmI JJMOl ]_QI Ga[QH ZdeG cdl GacQm QFmS cLaS EOGQI cDSSI OHm aJdcmI GacQCI JD_O NaGa cdJOl SmOGJ GaZGac CecmI OfQ GacQCI GaEcGQGJmI ]m O]Z ZLaI GaJdcmI GaG^JUGOmI ]m GaOfaI 15% RmGOI ]m QfGJH cfY]m Ga^XGZ GaZGc ]m GaHMQmd cfG]^I GaM_fcI LGAJ HZO cXGaHI caMI cd CZVGA GaHQacGd fGMJLGLGJ ^Gc HeG cfY]fd SGNXfd QmGVI fJQ]me "Qmdf" JZRR MVfQeG Zal GaSGMI GaNamLmI "Qmdf" JVZ acSGJeG GaCNmQI aaONfa GaCfa ]m cLGa SmGQGJ GaO]Z GaQHGZm " SUV " JLGQI cUGOQI cZLfd CSdGd SGc ]m GaSZfOmI GaSaXGJ GaSZfOmI JUGOQ 1800 CdHfHGp cd cZLfd aaCSdGd Umdm GacdTC HZO dTfA cNGf] cd GMJfGFe Zal c_fdGJ ^O JSHH GaEUGHI HGaSQXGd UMI ^XQ JZRR LefOeG ]m c_G]MI cQV GaS_Qm GaemFI GafXdmI aaUMI ]m ^XQ JZJRc EdTGA cQ_R cJNUU ]m ZaGL GaS_Qm fGaHOGdI Gac^GaGJ GaC_KQ ^QGAI 1. GaSZfOmI JHdm SfQGp HcamGQ OfaGQ Zal GaMOfO GaZQG^mI 2. GaNa mSGZO ]m Ga_T] GacH_Q Zd SQXGd Zd^ GaQMc 3. "EZcGQ" JOMV GOZGAGJ TQ_I SZfOmI 4. GaSZfOmI JTJQm XGFQGJ MQHmI HQmXGdmI 5. OHm JSJKcQ 70 camfd OfaGQ ]m LRQ Ga^cQ To Advertise in this newsletter please contact : Richard O'Sullivan Tel: +971 50 651 4745 a^O Ja^mJ ePe GaQSGaI cd TQ_I Bm Jm Hm! GaTQ_I GaQGFOI ]m GadTQ ]m cLGa GaGJUGaGJ fJ^dmI GacZafcGJ fGaCZcGa ]m GaTQ^ GaCfSX! f^O Jc JSLma HQmO_ GaEa_JQfdm HZO Cd GTJQ_J ]m GadSNI GaEa_JQfdmI adTQI Arabianbusiness.com/arabic! fPa_ CKdGA GTJQG__ HcSGH^I Cf JU]M_ aCMO cfG^ZdG (ITP.net; GitexTimes.com; ArabianBusiness.com; TimeOutDubai.com; TimeOutAbuDhabi.com and Ahlan.ae ). EPG Q[HJ ]m MP] ZdfGd HQmO_ GaEa_JQfdm cd ^GFcI cQGSaGJdG ]Gd^Q edG Ja^m ePe GadTQI
Re: problems with ral0 and OBSD 4.0
can I ask you, what mode are you using, 11b or 11g? and which channel? did you try different channels? I have a slightly different chipset, 2561s will try a different antenna though mine is a 9dBi and I thought it was enough I think there is also like you say a problem of packet loss, because even when the signal is good, the internet connection is weak or drops. Regards Il giorno 19/set/07, alle 19:22, Jurjen Oskam ha scritto: On Wed, Sep 19, 2007 at 01:10:59PM +0200, Alessandro Roncari wrote: is there anybody who feels like giving a good advice regarding a wireless chipset to be used in hostap mode, well supported by obsd and spreading a good signal? I wouldn't want to make a 2nd mistake, so I think best thing is to trust somebody who's using himself the same hardware. I use a Ralink-based card with an external antenna, and it works absolutely great. I did experience problems with that card with a (probably) low quality antenna on a suboptimal location though, I got 30 pct packetloss and many duplicates. Using a high-quality, well-placed antenna I get a great signal using the exact same card. The only thing I do experience from time to time is a ral0: device timeout when sending lots of data to a client. I even got some sort of division by zero in the kernel once, halting the entire machine. This is on 4.1-STABLE. However, I saw that lots and lots of work was done on 802.11 code in 4.2, so I'll upgrade to that once my CD arrives and really stresstest it. Should I find anything, I'll try to properly diagnose it. Anyhow, this happens very rarely, and I'm quite happy with my ral card in hostap mode! ral0 at pci0 dev 11 function 0 "Ralink RT2560" rev 0x01: irq 11, address 00:0c:f6:26:0d:b2 ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
Re: Sun Systems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, i'm interested in that monitor. From where are you (country) and how much money would you want? Jonathan Lindsey wrote: > I have several old sun workstations that I'm going to get rid of. These > include many sparc classics, a sparc 4, 5, 10, and 20. Nothing over 60Mhz I > don't think. Before I just get rid of them does anyone want them? I have a > sun monitor too. And several external drives, including some tape drives. > I just don't have time/space to deal with them anymore. > > -Jonathan > > Las Cruces, NM > > [demime 1.01d removed an attachment of type application/x-pkcs7-signature > which had a name of smime.p7s] Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8V9SAWDp9gAwWZcRAsvpAJ49NWI026Bhx/JQ//zG5M1Shgc6owCeLdaf W1dwYSmzQ8X3yVNk25HfVdU= =ABSh -END PGP SIGNATURE-
Re: another spamd-setup question
Juan Miscaro <[EMAIL PROTECTED]> writes: > http://www.openbsd.org/spamd/spews_list_level1.txt.gz Fetching that one with wget gets me a file with its timestamp in February, which probably means that it's no longer maintained and by now it's useless: $ ls -l *txt.gz -rw-r--r-- 1 peter peter 104231 Feb 22 2007 spews_list_level1.txt.gz That is, to the degree that it was ever useful. If you look at the data, it contains entire /16s. Your choice, of course, but I would personally not recommend any blacklists other than beck@'s freshly trapped and agressively maintained list (uatraps in recent spamd.conf files). The other ones are more recent, but I am less than convinced it is actually smart to block address space supposedly representing entire countries. Maybe it's because part of what makes my living is localization, with the occasional customer in one of those (to me) faraway countries. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Slow ral(4) 802.11b in hostap mode?
On Thu, Sep 20, 2007 at 12:07:02AM +0930, Damon McMahon wrote: > I'm not sure how to troubleshoot this further, but any advice would > be appreciated. As I've just mentioned, I experienced poor performance on a ral-based card in hostap mode, until I connected a high-quality antenna on a proper location. After that, it worked great. -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
Re: problems with ral0 and OBSD 4.0
On Wed, Sep 19, 2007 at 01:10:59PM +0200, Alessandro Roncari wrote: > is there anybody who feels like giving a good advice regarding a wireless > chipset to be used in hostap mode, well supported by obsd and spreading a > good signal? I wouldn't want to make a 2nd mistake, so I think best thing is > to trust somebody who's using himself the same hardware. I use a Ralink-based card with an external antenna, and it works absolutely great. I did experience problems with that card with a (probably) low quality antenna on a suboptimal location though, I got 30 pct packetloss and many duplicates. Using a high-quality, well-placed antenna I get a great signal using the exact same card. The only thing I do experience from time to time is a ral0: device timeout when sending lots of data to a client. I even got some sort of division by zero in the kernel once, halting the entire machine. This is on 4.1-STABLE. However, I saw that lots and lots of work was done on 802.11 code in 4.2, so I'll upgrade to that once my CD arrives and really stresstest it. Should I find anything, I'll try to properly diagnose it. Anyhow, this happens very rarely, and I'm quite happy with my ral card in hostap mode! ral0 at pci0 dev 11 function 0 "Ralink RT2560" rev 0x01: irq 11, address 00:0c:f6:26:0d:b2 ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
Re: Sun Systems
* Jonathan Lindsey <[EMAIL PROTECTED]> [2007-09-19 11:35:29]: > I have several old sun workstations that I'm going to get rid of. These > include many sparc classics, a sparc 4, 5, 10, and 20. Nothing over 60Mhz I > don't think. Before I just get rid of them does anyone want them? I have a > sun monitor too. And several external drives, including some tape drives. > I just don't have time/space to deal with them anymore. > > -Jonathan > > Las Cruces, NM > I think Miod Vallet could use these best. He will likely want just the power supplies from the 5 and 20's. These have a propensity to kick the bucket. He's in France. -- Travers Buda
Re: another spamd-setup question
--- Darrin Chandler <[EMAIL PROTECTED]> wrote: > On Wed, Sep 19, 2007 at 10:50:17AM -0400, Juan Miscaro wrote: > > I'm running OpenBSD 4.0 and I'm having trouble loading my spamd > > blacklist table with spamd-setup: > > > > $ sudo pfctl -t spamd -T show | wc -l > > 7070 > > > $ sudo /usr/libexec/spamd-setup -d > > Getting http://www.openbsd.org/spamd/spews_list_level1.txt.gz > > blacklist spews1 14482 entries > > Getting http://www.openbsd.org/spamd/chinacidr.txt.gz > > blacklist china 431 entries > > Getting http://www.openbsd.org/spamd/koreacidr.txt.gz > > blacklist korea 270 entries > > > > $ sudo pfctl -t spamd -T show | wc -l > > 7070 > > The china and korea lists contain *large* CIDR blocks. My guess is > that > much of spews1 duplicates individual IPs or smaller blocks contained > *within* the china and korea lists. > > This is just my guess, and I haven't tested. Remember the "-T test" > for > pfctl? If you desire, you could write a script to verify that > everything > in spews1, china, and korea lists are covered by the spamd table, or > report which are missing. That's a good guess but not likely since I *always* get the same number (7070). Can someone else try these 3 lists and see what ends up in their table? // juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: Define hosts lookup for pf.conf
Diana Eichert wrote: Geez, what planet rock did you crawl out from underneath? I think I've been the out lesbian on misc@ for years. Actually I was thinking about your poor wife when I wrote that. Don't bother, none of my current wives are lesbians, they'll not return the favor. ;-)
Sun Systems
I have several old sun workstations that I'm going to get rid of. These include many sparc classics, a sparc 4, 5, 10, and 20. Nothing over 60Mhz I don't think. Before I just get rid of them does anyone want them? I have a sun monitor too. And several external drives, including some tape drives. I just don't have time/space to deal with them anymore. -Jonathan Las Cruces, NM [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: : : OpenBSD Install Goal
On Wed, Sep 19, 2007 at 03:42:22PM +0200, Raimo Niskanen wrote: > On Wed, Sep 19, 2007 at 07:18:05AM -0400, Nick Holland wrote: > > Raimo Niskanen wrote: > > > A lot of people has praised the current OpenBSD installer. > > > I too. I think it is at the right level and does the right > > > things, without unneccesary hazzle. > > > > > > But... > > > > > > There are a few things that I remember really missing when I was > > > a beginner, and being nice to beginners is a good thing: > > > > > > 1) Not every time did I have another machine to go to the > > >OpenBSD web site and read the install guide and related docs > > >online. It is almost necessary in order to succeed as a beginner, > > >and it could be improved upon. > > > > > >Why not put the install guide and disk partitioning guide on > > >the CD (maybe it is), and give very visible hints on how to > > >mount and read them during the installation from a parallel > > >console (i386) or how to exit to a shell to read during > > >installation. > > > > 1) there are no multiple consoles on the install kernel. > > Ouch! How big a deal would it be to do that? > > > 2) I really think it would be excessively awkward to be trying > > to read docs on the same machine you are installing to. > > Yes. But not impossible :-) > > > 3) the CD set provides much of this in printed form. > > But not any good disk partitioning examples. > > > > > Granted, I may be an extreme case, but I really can't imagine > > there are a lot of people installing OpenBSD on their one-and- > > only computer who couldn't have at least printed out some docs > > before hand. > > > > Well, it is hard to know beforehand for the beginner which > documents are worth printing, and for a long while I did not > have a printer. To print the installation guide is unfortunately > not enough. Selected parts of the FAQ or some of the documents > the installation guide points to is also necessary. > > > > 1b)Having the partitioning guide available while installing > > >is maybe good enough, but it would also be nice if there > > >was a disklabel template for large enough disks that > > >created / swap /var /tmp /usr sufficient for a potent > > >desktop install capable of kernel and ports tree compilation, > > >and the rest on /home. And one for really small disks where there is no hope of being able to compile anything; like my current 850 MB drive. According to the docs, that's not enough room. So I have everything in a (/) and b (swap). Once I get the box set up, I'll be able to see what sizes are needed and can reinstall with proper partitioning. /home is quite small. > > > > actually, the FAQ provides a pretty good example for this (if I > > do say so myself! :) I've actually been wanting to add some > > other partitioning examples (for 1G, 4G, 20G hds with some > > specific apps), but obviously it isn't there yet. :-/ > > > > Yes, it is excellent. But the whole FAQ is too much to print. > Especially on my slow dot-matrix printer with a broken ribbon advance. That's a lot of knob-twiddling. :) > > I guess many new users have very good reasons to why they want > to test OpenBSD on a certain machine, and to why it must have > other OSes too. If you have a spare machine you can take to > install an unknown OS (OpenBSD) just for fun, it is probably > because the machine is too old or to broken to be usable. > My 486 now will only run OpenBSD or NetBSD (or old versions of Debian, dos, whatever). Would it be difficult to provide on the CD and perhaps a tarball on FTP a directory structure that would allow an option from the installer (either on the same screen or a separate terminal if that was possible) to run lynx to read the FAQ directly off the CD? Doug.
Re: another spamd-setup question
On Wed, Sep 19, 2007 at 10:50:17AM -0400, Juan Miscaro wrote: > I'm running OpenBSD 4.0 and I'm having trouble loading my spamd > blacklist table with spamd-setup: > > $ sudo pfctl -t spamd -T show | wc -l > 7070 > $ sudo /usr/libexec/spamd-setup -d > Getting http://www.openbsd.org/spamd/spews_list_level1.txt.gz > blacklist spews1 14482 entries > Getting http://www.openbsd.org/spamd/chinacidr.txt.gz > blacklist china 431 entries > Getting http://www.openbsd.org/spamd/koreacidr.txt.gz > blacklist korea 270 entries > > $ sudo pfctl -t spamd -T show | wc -l > 7070 The china and korea lists contain *large* CIDR blocks. My guess is that much of spews1 duplicates individual IPs or smaller blocks contained *within* the china and korea lists. This is just my guess, and I haven't tested. Remember the "-T test" for pfctl? If you desire, you could write a script to verify that everything in spews1, china, and korea lists are covered by the spamd table, or report which are missing. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Stuart Henderson wrote: > > On 2007/09/19 16:28, Tomas wrote: > > That's an excelent idea. I will use 'pkill mysqld'. But instead > > of 'sleep 10' myabe it's better to check every second if mysqld.sock > > exists? > > I would choose to limit the maximum time, in case mysqld deadlocks. > > I think "pgrep mysqld" is a safer test than mysqld.sock (unless > you've read mysql code and determined that the control socket is > only removed after the tables have been flushed). > Something you should be aware of: If there is insufficient space, MySQL will wait patiently for the space to become available at which point it picks up like there never was a problem. Current behavior may be different. YMMV etc. Surprising, but it can allow manipulation in low-disk situations. I've no idea what happens to pending transactions (non-MyISAM databases)
Re: Slow ral(4) 802.11b in hostap mode?
Damon McMahon <[EMAIL PROTECTED]> writes: > Also, while top(1) shows that the CPU is 95% idle the ssh terminal > seems very sluggish when the ral(4) connection is maxed out, even > when it's another host that's maxing it out (i.e. not the host on > which the ssh client is operating). It's sort of a known problem I'm afraid. it sounds like you're stuck on a suboptimal mode, and ral doesn't really know how to fix that. It's under CAVEATS at the end of the ral(4) man page. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Define hosts lookup for pf.conf
On Wed, 19 Sep 2007, Miod Vallat wrote: wait that is no better! how about: "unshaved bloody communist!" This statement is offensive to creatures like me, whose main food source is fresh blood. Miod fresh pom blood perchance?
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Lars Hansson wrote: > On 9/19/07, Lars Noodin <[EMAIL PROTECTED]> wrote: >> By what method is shutdown then forced to wait until said processes have >> cleaned up? > > None. rc.shutdown is for those processes with slow/important shutdown > that needs waiting for. Ok. So then rc.shutdown should be sure to poll the processes until they are dead.
Slow ral(4) 802.11b in hostap mode?
Greetings, My 4.1/i386 box is a wireless access point using ral(4) in 802.11b hostap mode and secured by IPsec. On both MacOS X and WinXP clients I have noted consistent wifi speeds maxing out in the low 70+ KBps range whereas on the OpenBSD box itself a download speed over its pppoe(4) connection in the low 150+ KBps is achieved - hence it appears ral(4) is where the bottleneck is. Also, while top(1) shows that the CPU is 95% idle the ssh terminal seems very sluggish when the ral(4) connection is maxed out, even when it's another host that's maxing it out (i.e. not the host on which the ssh client is operating). I'm not sure how to troubleshoot this further, but any advice would be appreciated. # dmesg OpenBSD 4.1 (GENERIC) #0: Sat May 26 01:30:55 CST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 499 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, MMX,FXSR,SSE real mem = 200773632 (196068K) avail mem = 175529984 (171416K) using 2481 buffers containing 10162176 bytes (9924K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 07/11/02, BIOS32 rev. 0 @ 0xfd7b1, SMBIOS rev. 2.3 @ 0xf8386 (38 entries) bios0: IBM 656345A apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1e60/160 (8 entries) pcibios0: PCI Interrupt Router at 000:02:0 ("VIA VT82C596A ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa000 0xca000/0x1000 acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA VT82C691 PCI" rev 0x82 ppb0 at pci0 dev 1 function 0 "VIA VT82C598 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "S3 Savage 4" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 "VIA VT82C596A ISA" rev 0x12 pciide0 at pci0 dev 2 function 1 "VIA VT82C571 IDE" rev 0x06: ATA66, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 12949MB, 26520480 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/ cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 2 function 2 "VIA VT83C572 USB" rev 0x08: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered "VIA VT82C596 Power" rev 0x20 at pci0 dev 2 function 3 not configured fxp0 at pci0 dev 14 function 0 "Intel 8255x" rev 0x08, i82559: irq 9, address 00:04:ac:8b:51:11 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ral0 at pci0 dev 15 function 0 "Ralink RT2560" rev 0x01: irq 5, address 00:13:d3:6a:bb:9d ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 esa0 at pci0 dev 18 function 0 "ESS ES1989" rev 0x10: irq 9 ac97: codec id 0x45838308 (ESS Technology ES1921) ac97: codec features 20 bit DAC, 20 bit ADC, ESS Technology audio0 at esa0 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fd45 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 # ifconfig -M ral0 ral0: flags=8843 mtu 1500 lladdr 00:13:d3:6a:bb:9d groups: wlan media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap) status: active ieee80211: nwid THE_OFFICE chan 1 bssid 00:13:d3:6a:bb:9d 100dBm lladdr 00:11:09:17:35:24 67dB 11M short_preamble assoc lladdr 00:30:65:1a:43:7d 56dB 11M assoc inet6 fe80::213:d3ff:fe6a:bb9d%ral0 prefixlen 64 scopeid 0x2 inet 192.168.1.5 netmask 0xfffc broadcast 192.168.1.7 inet 192.168.1.9 netmask 0xfffc broadcast 192.168.1.11 inet 192.168.1.13 netmask 0xfffc broadcast 192.168.1.15 inet 192.168.1.17 netmask 0xfffc broadcast 192.168.1.19 inet 192.168.1.21 netmask 0xfffc broadcast 192.168.1.23 inet 192.168.1.25 netmask 0xfffc broadcast 19
Re: Define hosts lookup for pf.conf
On Wed, 19 Sep 2007, Craig Skinner wrote: Diana Eichert wrote: B I find that statement incredibly offensive. I think a more appropriate statement is: "Now you are crying like a closeted cross-dressing British man" You should not talk about your husband like that. Geez, what planet rock did you crawl out from underneath? I think I've been the out lesbian on misc@ for years. Actually I was thinking about your poor wife when I wrote that. diana
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On 9/19/07, Lars Noodin <[EMAIL PROTECTED]> wrote: > By what method is shutdown then forced to wait until said processes have > cleaned up? None. rc.shutdown is for those processes with slow/important shutdown that needs waiting for. --- Lars Hansson
another spamd-setup question
I'm running OpenBSD 4.0 and I'm having trouble loading my spamd blacklist table with spamd-setup: $ sudo pfctl -t spamd -T show | wc -l 7070 $ sudo pfctl -t spamd -T flush 7070 addresses deleted. $ sudo pfctl -t spamd -T show | wc -l 0 $ sudo /usr/libexec/spamd-setup -d Getting http://www.openbsd.org/spamd/spews_list_level1.txt.gz blacklist spews1 14482 entries Getting http://www.openbsd.org/spamd/chinacidr.txt.gz blacklist china 431 entries Getting http://www.openbsd.org/spamd/koreacidr.txt.gz blacklist korea 270 entries $ sudo pfctl -t spamd -T show | wc -l 7070 Why is this happening? Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On 2007/09/19 16:28, Tomas wrote: > That's an excelent idea. I will use 'pkill mysqld'. But instead > of 'sleep 10' myabe it's better to check every second if mysqld.sock > exists? I would choose to limit the maximum time, in case mysqld deadlocks. I think "pgrep mysqld" is a safer test than mysqld.sock (unless you've read mysql code and determined that the control socket is only removed after the tables have been flushed).
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Henning Brauer wrote: > any software which requires special shutdown handling ist busted. Sounds fair. > all processes get a SIGTERM on shutdown. the ones that need to do > cleanup before they exit need to install a signal handler for that (and > in general they do). Pardon the ignorant question. By what method is shutdown then forced to wait until said processes have cleaned up? Is a response expected by shutdown from the daemon as a result to sending SIGTERM? Regards, -Lars
Re: : : OpenBSD Install Goal
On Wed, Sep 19, 2007 at 07:18:05AM -0400, Nick Holland wrote: > did anyone notice that this thread was accidentally brought back > from almost a year ago? > Nope :-) > Raimo Niskanen wrote: > > A lot of people has praised the current OpenBSD installer. > > I too. I think it is at the right level and does the right > > things, without unneccesary hazzle. > > > > But... > > > > There are a few things that I remember really missing when I was > > a beginner, and being nice to beginners is a good thing: > > > > 1) Not every time did I have another machine to go to the > >OpenBSD web site and read the install guide and related docs > >online. It is almost necessary in order to succeed as a beginner, > >and it could be improved upon. > > > >Why not put the install guide and disk partitioning guide on > >the CD (maybe it is), and give very visible hints on how to > >mount and read them during the installation from a parallel > >console (i386) or how to exit to a shell to read during > >installation. > > 1) there are no multiple consoles on the install kernel. Ouch! > 2) I really think it would be excessively awkward to be trying > to read docs on the same machine you are installing to. Yes. But not impossible :-) > 3) the CD set provides much of this in printed form. But not any good disk partitioning examples. > > Granted, I may be an extreme case, but I really can't imagine > there are a lot of people installing OpenBSD on their one-and- > only computer who couldn't have at least printed out some docs > before hand. > Well, it is hard to know beforehand for the beginner which documents are worth printing, and for a long while I did not have a printer. To print the installation guide is unfortunately not enough. Selected parts of the FAQ or some of the documents the installation guide points to is also necessary. > > 1b)Having the partitioning guide available while installing > >is maybe good enough, but it would also be nice if there > >was a disklabel template for large enough disks that > >created / swap /var /tmp /usr sufficient for a potent > >desktop install capable of kernel and ports tree compilation, > >and the rest on /home. > > actually, the FAQ provides a pretty good example for this (if I > do say so myself! :) I've actually been wanting to add some > other partitioning examples (for 1G, 4G, 20G hds with some > specific apps), but obviously it isn't there yet. :-/ > Yes, it is excellent. But the whole FAQ is too much to print. > > 2) Make it more obvious during the installation when the MBR > >gets modified, how and when the MBR code gets modified, > >and how and when the PBR gets written. I was always > >scared to destroy the MBR code and ruin my Windows > >boot (company necessity) - I had to use the NT boot loader. > > > > This is one of those things that you can't win on. > People who understand the process closely will have no problem > seeing where this is happening (covered in the FAQ moderately > well, I think). However, the vast majority of the users don't > understand this, and won't care until AFTER something they > didn't want to happen happens. No amount of red-flag warnings > is going to change this, I suspect. Perhaps a bit better FAQ coverage would be sufficient. See new suggestions below. > > The best advice there is in the section about multi-booting > which warns that this is very difficult and easy to mess up > and should be done on a "practice" machine first. > > Unfortunately, many new users want to start on a non-dedicated > machine in spite of all the warnings that this is a really bad > idea (regardless of OS you are a new user on). > I guess many new users have very good reasons to why they want to test OpenBSD on a certain machine, and to why it must have other OSes too. If you have a spare machine you can take to install an unknown OS (OpenBSD) just for fun, it is probably because the machine is too old or to broken to be usable. > > I understand disk partitioning pretty darned well, I think. I > have had the "interesting" experience of trying to multi-boot > with an OS that claimed to be very multi-boot friendly. The > pretty graphical user interface slowly chewed through the four > or five(!!?) CDs of the install, recognized the other OSs on > the disk...and proceeded to give me a completely non-bootable > disk when I was done. Fortunately, it wasn't too difficult > to fix...with the OpenBSD install CD. :) > > Nick. Oh yes! Automatic tools shoot you in both feet and give you no way to figure out how to repair. To conclude, what still might be valid suggestions: * How about a section early in the installation guide (FAQ 4) that hints about printing the installation guide and the platform specific file INSTALL.xxx. Also make the INSTALL.xxx files browsable so you can print them from a browser. The installation guide and the INSTALL.xxx file should
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Stuart Henderson wrote: On 2007/09/19 14:48, Tomas wrote: Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. For most things, there's no need to worry at all. >From http://dev.mysql.com/doc/refman/5.0/en/server-shutdown.html , mysql does a controlled shutdown when it receives SIGTERM. Examining the code of halt(8) (in src/sbin/reboot), at normal shutdown SIGTERM is sent to running processes, then a delay of 2 seconds before a sync(2), then a delay of 3 seconds followed by SIGKILL to anything still running. So the question is, whether mysql has enough time to shut down before it's killed. If you think it doesn't, you might like to add something like 'pkill mysqld; sleep 10' to rc.shutdown. (No need for some 'mysqladmin shutdown' which would mean listing a plain- text password in the file). That's an excelent idea. I will use 'pkill mysqld'. But instead of 'sleep 10' myabe it's better to check every second if mysqld.sock exists?
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Thanks, I will start using rc.shutdown more often :) Craig Skinner wrote: Tomas wrote: Hi list, Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care). $ man rc.shutdown Up to you. I shut down almost all daemons in it. Again, you can call your own scripts, e.g: echo -n ' mailman' /usr/local/lib/mailman/bin/mailmanctl -q stop sleep 30 echo -n ' mailgraph' /usr/local/site/sbin/mailgraphctl stop > /dev/null echo -n ' squid' /usr/local/sbin/squid -k shutdown echo -n ' dovecot' pkill dovecot echo -n ' apache' apachectl stop echo -n ' postfix' /usr/local/site/sbin/postfixctl stop echo -n ' viagrad' su -m _viagrad /usr/local/site/libexec/viagrad/viagrad stop echo -n ' named' rndc stop echo '.'
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
And can I ask how do you do it? Because I don't want to write my mysql password in rc.shutdown script. Lars Hansson wrote: On 9/19/07, Tomas <[EMAIL PROTECTED]> wrote: Is it necessary to shutdown certain services when machine goes down? Very few, I'd wager. The only ones I bother with doing it for are postgresql and mysql since it can take them a while to shut down correctly and it can get messy if they're not. --- Lars Hansson
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Yes it's obvious :) But I've got a little bit confused because I've seen very few using it. But that's already my problem, isn't it? :) Thanks :) Artur Litwinowicz wrote: Hi, yes, You are right - proper shutdown is important. This functionality realizes script /etc/rc.shutdown fired during shutdown. I that place should be commands for all services which require shutdown command. I hope it is what You looking for ;) (sorry if it is to obvious true for You). Best regards, Artur On Wed, 19 Sep 2007 14:48:54 +0300, Tomas <[EMAIL PROTECTED]> wrote: Hi list, Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care).
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On Wed, Sep 19, 2007 at 04:25:49PM +0300, Tomas wrote: > And can I ask how do you do it? Because I don't want to write my mysql > password in rc.shutdown script. Try: /usr/local/share/mysql/mysql.server stop
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Yes, it should have, but it haven't :) So I've got wondering :) Julian Leyh wrote: On 14:48 Wed 19 Sep , Tomas wrote: Hi list, Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care). At least MySQL should have told you how to shutdown when installing it. rc.shutdown(8)
Re: Define hosts lookup for pf.conf
Diana Eichert wrote: On Wed, 19 Sep 2007, Craig Skinner wrote: SNIP Now you are crying like a girl. Your problems are not this list's problems. Craig I find that statement incredibly offensive. I think a more appropriate statement is: "Now you are crying like a closeted cross-dressing British man" You should not talk about your husband like that.
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
That's a good practice. There's no doubt about it. But like I said I've seen very few people using it, in fact I saw it only once, shuting down amavisd-new. But I don't think that's an error or oversight, that's our ignorance :) And don't want to be ignorant :) So I've asked the question :)
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
* Tomas <[EMAIL PROTECTED]> [2007-09-19 14:02]: > Watching the thread about startup script I thought of a question about > shutdown script. Is it necessary to shutdown certain services when machine > goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've > never saw anybody do that. Lots of people on their manuals, tutorials or > posts writes how to start mysql, but none of then writes a shutdown script. > So maybe it is not so necessary? (But then again, mysql is a database > engine, and databases should be handle with care). any software which requires special shutdown handling ist busted. all processes get a SIGTERM on shutdown. the ones that need to do cleanup before they exit need to install a signal handler for that (and in general they do). -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Define hosts lookup for pf.conf
wait that is no better! how about: "unshaved bloody communist!" This statement is offensive to creatures like me, whose main food source is fresh blood. Miod
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Tomas wrote: And can I ask how do you do it? Because I don't want to write my mysql password in rc.shutdown script. Write a script /root/sbin/mysql-shutdown.sh with whatever you need in it, & call that script from /etc/rc.shutdown Only root can read it. Or: /usr/local/site/sbin/mysql-shutdown.sh chmod it 0770, and chown it root:dba so that anyone in the dba group can edit (passwd changes) and run the script.
Re: Mailing list issues (was: Microsoft gets the Most Secure Operating Systems award)
Dunno about anyone else, but that seems like some kind of poetic justice. Preserving the pseudo-integrity of garbage seems like it should be very low on the list of priorities. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of David Given > Sent: Wednesday, September 19, 2007 7:28 AM > To: obsd-misc > Subject: Mailing list issues (was: Microsoft gets the Most > Secure Operating Systems award) > > Die Gestalt wrote: > [...] > > ScheiC[1F]e? Merde? > > Incidentally, from Gestalt's headers: > > > Content-Type: text/plain; charset=UTF-8 > > Content-Transfer-Encoding: 7bit > > I've been noticing for a while that openbsd-misc appears to be > unilaterally changing the transfer-encoding header to 7bit without > actually reencoding the message body, which is just not on. Gestalt's > message arrived with a 0x1F control code in it because of > this, which is > extremely antisocial. (I changed that in the quoted text above!) > > I appreciate the sentiment in trying to keep the messages > clean, but if > people want to change the transfer encoding or charset, they really > *have to* reencode while they're at it, or the result is nonsense --- > you can see that Gestalt's message is billed as 7bit UTF-8. Not to > mention that it's deeply unfriendly to anyone who doesn't > speak us-ascii. > > What mailing list software does the list use? > > -- > David Given > [EMAIL PROTECTED]
Re: Define hosts lookup for pf.conf
On Wed, Sep 19, 2007 at 06:51:19AM -0600, Diana Eichert wrote: > On Wed, 19 Sep 2007, Craig Skinner wrote: > SNIP > >Now you are crying like a girl. Your problems are not this list's problems. > > Craig > > I find that statement incredibly offensive. I think a more appropriate > statement is: > "Now you are crying like a closeted cross-dressing British man" wait that is no better! how about: "unshaved bloody communist!" cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Tomas wrote: Hi list, Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care). $ man rc.shutdown Up to you. I shut down almost all daemons in it. Again, you can call your own scripts, e.g: echo -n ' mailman' /usr/local/lib/mailman/bin/mailmanctl -q stop sleep 30 echo -n ' mailgraph' /usr/local/site/sbin/mailgraphctl stop > /dev/null echo -n ' squid' /usr/local/sbin/squid -k shutdown echo -n ' dovecot' pkill dovecot echo -n ' apache' apachectl stop echo -n ' postfix' /usr/local/site/sbin/postfixctl stop echo -n ' viagrad' su -m _viagrad /usr/local/site/libexec/viagrad/viagrad stop echo -n ' named' rndc stop echo '.'
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Probably most of the programs does handle SIGTERM appropriately, but it may be too little time for a program to clean itself before it receives SIGKILL signal. For an example mysql. It needs to kill any connections to it (and if any problem killing it, it should wait for some time and then try again), sync data, remove socket (I don't know the exact order of mysql shutdown task and I'm only guessing). And what if SIGKILL arrives in the middle of the mysql shutdown tasks? Hannah Schroeter wrote: Hi! On Wed, Sep 19, 2007 at 02:48:54PM +0300, Tomas wrote: Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care). Probably most programs that need non-trivial cleanup handle SIGTERM appropriately. Kind regards, Hannah.
Mailing list issues (was: Microsoft gets the Most Secure Operating Systems award)
Die Gestalt wrote: [...] ScheiC[1F]e? Merde? Incidentally, from Gestalt's headers: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I've been noticing for a while that openbsd-misc appears to be unilaterally changing the transfer-encoding header to 7bit without actually reencoding the message body, which is just not on. Gestalt's message arrived with a 0x1F control code in it because of this, which is extremely antisocial. (I changed that in the quoted text above!) I appreciate the sentiment in trying to keep the messages clean, but if people want to change the transfer encoding or charset, they really *have to* reencode while they're at it, or the result is nonsense --- you can see that Gestalt's message is billed as 7bit UTF-8. Not to mention that it's deeply unfriendly to anyone who doesn't speak us-ascii. What mailing list software does the list use? -- David Given [EMAIL PROTECTED]
Re: Define hosts lookup for pf.conf
On Wed, 19 Sep 2007, Craig Skinner wrote: SNIP Now you are crying like a girl. Your problems are not this list's problems. Craig I find that statement incredibly offensive. I think a more appropriate statement is: "Now you are crying like a closeted cross-dressing British man" diana
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On Wed, Sep 19, 2007 at 03:16:50PM +0300, Lars Nood??n wrote: > Tomas wrote: > > Watching the thread about startup script I thought of a question about > > shutdown script. Is it necessary to shutdown certain services when > > machine goes down? Like for example mysql, dovecot, clamav, amavis or > > openvpn. > > I myself can't say if it's necessary, but it is probably good practice. > > I do notice that OpenBSD does not use anything similar to System V > runlevels (which may or may not be good to avoid) but does provide > /etc/rc.shutdown: > http://www.openbsd.org/cgi-bin/man.cgi?query=rc.shutdown > > > I've never saw anybody do that... > > Checking on my systems, I see that none of the packages that run daemons > use it, even the ones installed from the official packages and ports. > In fact, rc.shutdown appears completely empty. Perhaps you have found > an error / oversight? > > Regards, > -Lars postgresql-server uses it.. -- Przemyslaw Nowaczyk <[EMAIL PROTECTED]> CS student @ Poznan University of Technology http://www.student.put.poznan.pl/~przemyslaw.nowaczyk/
Re: Mailing list issues
David Given wrote: What mailing list software does the list use? http://www.openbsd.org/mail.html http://lists.openbsd.org/ Majordomo
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On 14:48 Wed 19 Sep , Tomas wrote: > Hi list, > > Watching the thread about startup script I thought of a question about > shutdown script. Is it necessary to shutdown certain services when machine > goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've > never saw anybody do that. Lots of people on their manuals, tutorials or > posts writes how to start mysql, but none of then writes a shutdown script. > So maybe it is not so necessary? (But then again, mysql is a database > engine, and databases should be handle with care). > At least MySQL should have told you how to shutdown when installing it. rc.shutdown(8)
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Hi! On Wed, Sep 19, 2007 at 02:48:54PM +0300, Tomas wrote: >Watching the thread about startup script I thought of a question about >shutdown script. Is it necessary to shutdown certain services when >machine goes down? Like for example mysql, dovecot, clamav, amavis or >openvpn. I've never saw anybody do that. Lots of people on their >manuals, tutorials or posts writes how to start mysql, but none of then >writes a shutdown script. So maybe it is not so necessary? (But then >again, mysql is a database engine, and databases should be handle with >care). Probably most programs that need non-trivial cleanup handle SIGTERM appropriately. Kind regards, Hannah.
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Tomas wrote: > Watching the thread about startup script I thought of a question about > shutdown script. Is it necessary to shutdown certain services when > machine goes down? Like for example mysql, dovecot, clamav, amavis or > openvpn. I myself can't say if it's necessary, but it is probably good practice. I do notice that OpenBSD does not use anything similar to System V runlevels (which may or may not be good to avoid) but does provide /etc/rc.shutdown: http://www.openbsd.org/cgi-bin/man.cgi?query=rc.shutdown > I've never saw anybody do that... Checking on my systems, I see that none of the packages that run daemons use it, even the ones installed from the official packages and ports. In fact, rc.shutdown appears completely empty. Perhaps you have found an error / oversight? Regards, -Lars
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On 2007/09/19 14:48, Tomas wrote: > Watching the thread about startup script I thought of a question about > shutdown script. Is it necessary to shutdown certain services when machine > goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've > never saw anybody do that. For most things, there's no need to worry at all. >From http://dev.mysql.com/doc/refman/5.0/en/server-shutdown.html, mysql does a controlled shutdown when it receives SIGTERM. Examining the code of halt(8) (in src/sbin/reboot), at normal shutdown SIGTERM is sent to running processes, then a delay of 2 seconds before a sync(2), then a delay of 3 seconds followed by SIGKILL to anything still running. So the question is, whether mysql has enough time to shut down before it's killed. If you think it doesn't, you might like to add something like 'pkill mysqld; sleep 10' to rc.shutdown. (No need for some 'mysqladmin shutdown' which would mean listing a plain- text password in the file).
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
Hi, yes, You are right - proper shutdown is important. This functionality realizes script /etc/rc.shutdown fired during shutdown. I that place should be commands for all services which require shutdown command. I hope it is what You looking for ;) (sorry if it is to obvious true for You). Best regards, Artur On Wed, 19 Sep 2007 14:48:54 +0300, Tomas <[EMAIL PROTECTED]> wrote: > Hi list, > > Watching the thread about startup script I thought of a question about > shutdown script. Is it necessary to shutdown certain services when > machine goes down? Like for example mysql, dovecot, clamav, amavis or > openvpn. I've never saw anybody do that. Lots of people on their > manuals, tutorials or posts writes how to start mysql, but none of then > writes a shutdown script. So maybe it is not so necessary? (But then > again, mysql is a database engine, and databases should be handle with > care).
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On 9/19/07, Tomas <[EMAIL PROTECTED]> wrote: > Is it necessary to shutdown certain services when > machine goes down? Very few, I'd wager. The only ones I bother with doing it for are postgresql and mysql since it can take them a while to shut down correctly and it can get messy if they're not. --- Lars Hansson
Shutdown script (derived from "Simple startup daemon's on boot question?")
Hi list, Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care).
Re: problems with ral0 and OBSD 4.0
Thanks for your answer. unfortunately, I have tried already with 4.1 and current, but the signal didn't get any better. So I am considering changing the chipset, but it is quite confusing the amount of different opinons on the internet. is there anybody who feels like giving a good advice regarding a wireless chipset to be used in hostap mode, well supported by obsd and spreading a good signal? I wouldn't want to make a 2nd mistake, so I think best thing is to trust somebody who's using himself the same hardware. to summarize, I'm running a Soekris NET4501 with obsd 4.0 installed, and not able to find a good wireless chipset to let it act as access point. Regards Alessandro Soekris docs & rulesets http://sekureshell.altervista.org 2007/9/18, Pierre Riteau <[EMAIL PROTECTED]>: > > Le 18 sept. 07 ` 18:41, Alessandro Roncari a icrit : > > > Hello > > > > I have the following issue with ralink wireless card, acting in hostap > > mode > > > >> hardware: ral-rt2561s board acting as access point on a Soekris > >> Net4501, running OpenBSD 4.0. > > > > > > can't seem to make it work like it should, even with a 9dBi antenna > > the > > signal is very weak and much weaker than my old netgear AP. weak and > > unstable > > > > everything is set up correctly > > > > # dmesg | grep ral0 > > ral0 at pci0 dev 16 function 0 "Ralink RT2561S" rev 0x00: irq 10, > > address 00:12:0e:61:80:98 > > ral0: MAC/BBP RT2561C, RF RT5225 > > > > > > ral0: flags=8843 mtu 1500 > > lladdr 00:12:0e:61:80:98 > > media: IEEE802.11 autoselect hostap (autoselect mode 11a > > hostap) > > status: active > > ieee80211: nwid xxx chan 11 bssid 00:12:0e:61:80:98 nwkey > > > > 100dBm > > inet 192.168.x.x netmask 0xff00 broadcast 192.168.x.xxx > > inet6 fe80::212:eff:fe61:8098%ral0 prefixlen 64 scopeid 0x1 > > > > but it seems it's all working at very small % of its power. > > question is: is this a known bug in the driver?? or is there > > anything I > > could do to improve the situation? > > Update to OpenBSD 4.1 or -current, there were some changes in ral(4) > code. > > e.g. > replace rssadapt(9) with amrr for automatic rate control. > as a side-effect, this should fix all the "bogus xmit rate" panics > users have been complaining about for some time when operating in > HostAP mode. > > > > > Thanks, > > > > Alessandro > > Soekris docs & rulesets http://sekureshell.altervista.org
Re: problems with ral0 and OBSD 4.0
On 2007/09/19 13:10, Alessandro Roncari wrote: > So I am considering changing the chipset, but it is quite confusing the > amount of different opinons on the internet. they seem to be quite fussy about pigtail/antenna. I have some GC-WIKG which perform really badly in a soekris with any cable/ant that I've tried, but are ok in my X40, a bit worse than the stock ath(4) but pretty acceptable. > to summarize, I'm running a Soekris NET4501 with obsd 4.0 installed, and not > able to find a good wireless chipset to let it act as access point. I've been happiest with the senao/engenius prism pc-cards, but you'd need 4511/4521 for that...
Re: : OpenBSD Install Goal
did anyone notice that this thread was accidentally brought back from almost a year ago? Raimo Niskanen wrote: > A lot of people has praised the current OpenBSD installer. > I too. I think it is at the right level and does the right > things, without unneccesary hazzle. > > But... > > There are a few things that I remember really missing when I was > a beginner, and being nice to beginners is a good thing: > > 1) Not every time did I have another machine to go to the >OpenBSD web site and read the install guide and related docs >online. It is almost necessary in order to succeed as a beginner, >and it could be improved upon. > >Why not put the install guide and disk partitioning guide on >the CD (maybe it is), and give very visible hints on how to >mount and read them during the installation from a parallel >console (i386) or how to exit to a shell to read during >installation. 1) there are no multiple consoles on the install kernel. 2) I really think it would be excessively awkward to be trying to read docs on the same machine you are installing to. 3) the CD set provides much of this in printed form. Granted, I may be an extreme case, but I really can't imagine there are a lot of people installing OpenBSD on their one-and- only computer who couldn't have at least printed out some docs before hand. > 1b)Having the partitioning guide available while installing >is maybe good enough, but it would also be nice if there >was a disklabel template for large enough disks that >created / swap /var /tmp /usr sufficient for a potent >desktop install capable of kernel and ports tree compilation, >and the rest on /home. actually, the FAQ provides a pretty good example for this (if I do say so myself! :) I've actually been wanting to add some other partitioning examples (for 1G, 4G, 20G hds with some specific apps), but obviously it isn't there yet. :-/ > 2) Make it more obvious during the installation when the MBR >gets modified, how and when the MBR code gets modified, >and how and when the PBR gets written. I was always >scared to destroy the MBR code and ruin my Windows >boot (company necessity) - I had to use the NT boot loader. > This is one of those things that you can't win on. People who understand the process closely will have no problem seeing where this is happening (covered in the FAQ moderately well, I think). However, the vast majority of the users don't understand this, and won't care until AFTER something they didn't want to happen happens. No amount of red-flag warnings is going to change this, I suspect. The best advice there is in the section about multi-booting which warns that this is very difficult and easy to mess up and should be done on a "practice" machine first. Unfortunately, many new users want to start on a non-dedicated machine in spite of all the warnings that this is a really bad idea (regardless of OS you are a new user on). I understand disk partitioning pretty darned well, I think. I have had the "interesting" experience of trying to multi-boot with an OS that claimed to be very multi-boot friendly. The pretty graphical user interface slowly chewed through the four or five(!!?) CDs of the install, recognized the other OSs on the disk...and proceeded to give me a completely non-bootable disk when I was done. Fortunately, it wasn't too difficult to fix...with the OpenBSD install CD. :) Nick.
Re: Microsoft gets the Most Secure Operating Systems award
On 9/19/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: > I think in German, it's call "Chaise" or something very close to that I > believe, but I am absolutely sure the spelling is not good. But, I am > however sure that with a few seconds of thinking you will understand it. > Kind of pronounce in "Francais / using English" for a Germen word. ScheiCe? Merde? Wow misc is becoming cultural. -- Die Gestalt
Re: OpenBGPd Regular Expression
On Wed, Sep 19, 2007 at 11:51:10AM +0200, Claer wrote: > On Tue, Sep 18 2007 at 06:20, Claudio Jeker wrote: > > On Tue, Sep 18, 2007 at 12:25:02PM -0500, [EMAIL PROTECTED] wrote: > > > I saw from a thread a while back that putting as-path regular > > > expression support into OpenBGPd was being considered. I'm testing > > > out a 4.2 snapshot, and so far it doesn't seem to be there just yet. > > > > > > For various reasons, I'd like to be able to tweak prefixes based on > > > some specific as-path values a la Juniper. This kind of stuff: > > > > > > Criteria: Path whose second AS number must be 56 or 78. > > > Regular Expression: (. 56) | (. 78) or . (56|78) > > > Example Matches: 1234 56 and/or 34 78 > > > > > > http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html > > > > > > Anyone know if this is in the works? > > > > > > > Adding a better AS filter list is on my todo list since a long time. We > > will not implement a full regex -- cisco demonstrated once again why regex > > is a bad idea. > > > > Just a few thoughts. I do not like the | (or) operator. This can be > > written with two rules without any issues. I guess we will support +, ., - > > , ^ and $. > > About OpenBGPd todo list, is there any plan to implement bpg > confederations ? > Honestly, no. I have not the free time to do that but my company does consulting which can include developing such features if you are in desperate need. I also accept diffs if somebody likes to implement it. -- :wq Claudio
Hardened PhP5 (suhosin patch) and XCache, memcached
Hi, I am looking for help how to compile (or enable working) XCache and memcached for hardened (with suhosin patch) Php5. Standard installation from port or package do not works (but installation are successfully) - just XCache and memcached do not starts. On may server runs OpenBSD 4.0 - bellow the log from Apache: XCache is not compiled with Hardening-Patch. The Hardening-Patch version 1022051106 is installed. PHP Warning: PHP Startup: memcache: Unable to initialize module Module compiled without Hardening-Patch, module API=20050922, debug=0, thread-safety=0 PHPcompiled with Hardening-Patch=1002051106, module API=20050922, debug=0, thread-safety=0 These options need to match in Unknown on line 0 [Wed Sep 19 11:23:04 2007] [notice] FastCGI: process manager initialized (pid 12800) XCache is not compiled with Hardening-Patch. The Hardening-Patch version 1022051106 is installed. PHP Warning: PHP Startup: memcache: Unable to initialize module Module compiled without Hardening-Patch, module API=20050922, debug=0, thread-safety=0 PHPcompiled with Hardening-Patch=1002051106, module API=20050922, debug=0, thread-safety=0 These options need to match in Unknown on line 0 [Wed Sep 19 11:23:04 2007] [notice] Initializing etag from /var/www/logs/etag-state [Wed Sep 19 11:23:04 2007] [notice] Apache/1.3.29 (Unix) mod_gzip/1.3.26.1a mod_fastcgi/2.4.2 mod_ssl/2.8.16 OpenSSL/0.9.7j configured -- resuming normal operations [Wed Sep 19 11:23:04 2007] [notice] Accept mutex: sysvsem (Default: sysvsem) Best regards :) Artur
Re: : OpenBSD Install Goal
A lot of people has praised the current OpenBSD installer. I too. I think it is at the right level and does the right things, without unneccesary hazzle. But... There are a few things that I remember really missing when I was a beginner, and being nice to beginners is a good thing: 1) Not every time did I have another machine to go to the OpenBSD web site and read the install guide and related docs online. It is almost necessary in order to succeed as a beginner, and it could be improved upon. Why not put the install guide and disk partitioning guide on the CD (maybe it is), and give very visible hints on how to mount and read them during the installation from a parallel console (i386) or how to exit to a shell to read during installation. 1b)Having the partitioning guide available while installing is maybe good enough, but it would also be nice if there was a disklabel template for large enough disks that created / swap /var /tmp /usr sufficient for a potent desktop install capable of kernel and ports tree compilation, and the rest on /home. 2) Make it more obvious during the installation when the MBR gets modified, how and when the MBR code gets modified, and how and when the PBR gets written. I was always scared to destroy the MBR code and ruin my Windows boot (company necessity) - I had to use the NT boot loader. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Microsoft gets the Most Secure Operating Systems award
Henning Brauer wrote: * The One <[EMAIL PROTECTED]> [2007-09-19 11:17]: What I meant to say was that "Leopard"'s release will solve every current problem prevailant in "OS X Tiger" and people's opinions about the Macintosh platform, although their current, so-called "opinions" have no evidence behind them, whatsoever. Well, I think that OS X is an insecure piece of shit. WOW. I don't see Henning replying with such an unusual American type of grace so often. (;> You got me smiling men. I think in German, it's call "Chaise" or something very close to that I believe, but I am absolutely sure the spelling is not good. But, I am however sure that with a few seconds of thinking you will understand it. Kind of pronounce in "Francais / using English" for a Germen word. Best, Daniel
Re: OpenBGPd Regular Expression
On Tue, Sep 18 2007 at 06:20, Claudio Jeker wrote: > On Tue, Sep 18, 2007 at 12:25:02PM -0500, [EMAIL PROTECTED] wrote: > > I saw from a thread a while back that putting as-path regular > > expression support into OpenBGPd was being considered. I'm testing > > out a 4.2 snapshot, and so far it doesn't seem to be there just yet. > > > > For various reasons, I'd like to be able to tweak prefixes based on > > some specific as-path values a la Juniper. This kind of stuff: > > > > Criteria: Path whose second AS number must be 56 or 78. > > Regular Expression: (. 56) | (. 78) or . (56|78) > > Example Matches: 1234 56 and/or 34 78 > > > > http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html > > > > Anyone know if this is in the works? > > > > Adding a better AS filter list is on my todo list since a long time. We > will not implement a full regex -- cisco demonstrated once again why regex > is a bad idea. > > Just a few thoughts. I do not like the | (or) operator. This can be > written with two rules without any issues. I guess we will support +, ., - > , ^ and $. About OpenBGPd todo list, is there any plan to implement bpg confederations ? Thanks Claer
Re: Microsoft gets the Most Secure Operating Systems award
* The One <[EMAIL PROTECTED]> [2007-09-19 11:17]: > What I meant to say was that "Leopard"'s release will solve every > current problem prevailant in "OS X Tiger" and people's opinions about > the Macintosh platform, although their current, so-called "opinions" > have no evidence behind them, whatsoever. Well, I think that OS X is an insecure piece of shit. Does that matter for this list? no. Do I keep posting that here? no. Should you? no. Now please go away. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Microsoft gets the Most Secure Operating Systems award
"The One" <[EMAIL PROTECTED]> writes: > Security is one of the concerns "Leopard" will solve. **BLAM** Security is never, ever a completely solved problem. Your world just isn' that simple. Do NOT pass GO. I sincerely hope never to hear such nonsense on misc, ever again. Sure, the next release is always better. But you won't hear me saying that OpenBSD 4.3 is your solution to all ills. At the moment, both "Leopard" and OpenBSD 4.3 are clouds of virtual unobtanium, not to be confused with the final solution to anything. Don't bother following up, I won't be listening. Or maybe I will, and I might even venture out from under my rock again before 4.4 ships. And by the way, top posting *is* silly. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Microsoft gets the Most Secure Operating Systems award
What I meant to say was that "Leopard"'s release will solve every current problem prevailant in "OS X Tiger" and people's opinions about the Macintosh platform, although their current, so-called "opinions" have no evidence behind them, whatsoever. Security is one of the concerns "Leopard" will solve. I was, in a way, issuing a final statement about the stance of operating systems and general computers, at least "OS X" and "Windows"-wise. "OpenBSD" and "Linux both have functions that make them unique. The simple fact is that the "Windows" OS has nothing unique about it whatsoever ... except for the fact that it is the only flawed OS to gain massive poularity ... temporarily -The One On 9/18/07, Nick Guenther <[EMAIL PROTECTED]> wrote: > Why are you still talking? > Why are you topposting? > Why does it matter to the world at all what your one random friend does? > And the standard: What does this have to do with OpenBSD? > > On 9/17/07, The One <[EMAIL PROTECTED]> wrote: > > Apple will, undoubtedly, implement some of these basic techniques for > > "Leopard". > > > > But market share has completely NOTHING to do with "OS X"'s security. > > > > Apple always has and will be 100 % when it comes to their software for > > OS X and OS X itself. > > > > Only time will tell. "Leopard"'s release will solve every Mac user's > > concerns and PC fanboys idiocy! > > > > Even my friend, who uses a PC, is considering the purchase of a Mac. I > > told him to wait until October, which is very near, to buy one. That > > way he will not have to pay extra for "Leopard"! ;) > > > > On 9/5/07, Nick Shank <[EMAIL PROTECTED]> wrote: > > > The One wrote: > > > > But how would it spread? There have been 2 OS X viruses, yet they > > > > spread terribly. > > > > > > > > And Apple has already fixed the issue. :) > > > > > > > > -The One > > > > > > > > On 9/2/07, Kennith Mann III <[EMAIL PROTECTED]> wrote: > > > > > > > >> On 9/1/07, The One <[EMAIL PROTECTED]> wrote: > > > >> > > > >>> On 3/23/07 2:53 AM, Theo de Raadt wrote: > > > >>> > > > > Symantec have been trying to demonise OS X for a long while. > > > > > > > And it is going to work soon. > > > > > > Because OS X has no Propolice-like compiler stack protection, nor > > > anything like W^X which makes parts of the address space > > > non-executable, nor anything like address space randomization which > > > makes certain attacks very difficult, especially with the previous > > > two > > > techniques. > > > > > > So when they have a bug, it is exploitable just like bugs are on any > > > other powerpc or i386 machine running some other operating system. > > > > > > These days even operating systems like Vista have the above 3 > > > security > > > technologies. > > > > > > > > > >>> First of all, "bugs" and "viruses" are two different things. > > > >>> > > > >>> Second, OS X does not need third-party "protection". All of the > > > >>> protection is built into the OS! > > > >>> > > > >>> If Vista is so secure, then why does one need to download > > > >>> "virus/spyware protection" when it can simply be built into the OS? > > > >>> > > > >>> -The One > > > >>> > > > >>> > > > >>> > > > >> I don't have "virus/spyware protection" and I've been fine before with > > > >> Vista and XP. > > > >> > > > >> Perhaps you mean to say "why do users who install things they > > > >> shouldn't need virus/spyware protection?" which I would argue that the > > > >> OS doesn't matter. I could write a script that asks for rootly > > > >> permission in OS X and start nuking stuff with the promise of prettier > > > >> icons for their desktop or IM client. > > > >> > > > >> If you were to argue for worms and things of the like, then I would > > > >> agree. The only virus I will probably ever catch is some zero-day that > > > >> hits the world and gets in my work network (won't happen at my house > > > >> -- I live alone) > > > >> > > > > > > > > > > > Here we hit the heart of the issue. The virus and spyware detection > > > software for Windows isn't really to protect to the OS. It's to protect > > > the user from themselves.
Re: Microsoft gets the Most Secure Operating Systems award
But if "OS X Tiger" was to gain 100 % market share, I honestly believe that my Mac would not be affected by any "viruses" or "hacking", whatsoever. Of course, there may be some flaws discovered if such an event were to occur, but I am a very careful being. And with "Safari"'s "Private Browsing" and helpful settings in "System Preferences", my Mac would be completely secure! :) By the way, Apple makes sure to release security updates in relatively quick amounts of time! ;) With that in mind, and a stronger "Leopard" coming soon, what can possibly occur in a negative connotation? -The One On 9/19/07, The One <[EMAIL PROTECTED]> wrote: > What I meant to say was that "Leopard"'s release will solve every > current problem prevailant in "OS X Tiger" and people's opinions about > the Macintosh platform, although their current, so-called "opinions" > have no evidence behind them, whatsoever. > > Security is one of the concerns "Leopard" will solve. > > I was, in a way, issuing a final statement about the stance of > operating systems and general computers, at least "OS X" and > "Windows"-wise. > > "OpenBSD" and "Linux both have functions that make them unique. The > simple fact is that the "Windows" OS has nothing unique about it > whatsoever ... except for the fact that it is the only flawed OS to > gain massive poularity ... temporarily > > -The One > > On 9/18/07, Nick Guenther <[EMAIL PROTECTED]> wrote: > > Why are you still talking? > > Why are you topposting? > > Why does it matter to the world at all what your one random friend does? > > And the standard: What does this have to do with OpenBSD? > > > > On 9/17/07, The One <[EMAIL PROTECTED]> wrote: > > > Apple will, undoubtedly, implement some of these basic techniques for > > > "Leopard". > > > > > > But market share has completely NOTHING to do with "OS X"'s security. > > > > > > Apple always has and will be 100 % when it comes to their software for > > > OS X and OS X itself. > > > > > > Only time will tell. "Leopard"'s release will solve every Mac user's > > > concerns and PC fanboys idiocy! > > > > > > Even my friend, who uses a PC, is considering the purchase of a Mac. I > > > told him to wait until October, which is very near, to buy one. That > > > way he will not have to pay extra for "Leopard"! ;) > > > > > > On 9/5/07, Nick Shank <[EMAIL PROTECTED]> wrote: > > > > The One wrote: > > > > > But how would it spread? There have been 2 OS X viruses, yet they > > > > > spread terribly. > > > > > > > > > > And Apple has already fixed the issue. :) > > > > > > > > > > -The One > > > > > > > > > > On 9/2/07, Kennith Mann III <[EMAIL PROTECTED]> wrote: > > > > > > > > > >> On 9/1/07, The One <[EMAIL PROTECTED]> wrote: > > > > >> > > > > >>> On 3/23/07 2:53 AM, Theo de Raadt wrote: > > > > >>> > > > > > Symantec have been trying to demonise OS X for a long while. > > > > > > > > > And it is going to work soon. > > > > > > > > Because OS X has no Propolice-like compiler stack protection, nor > > > > anything like W^X which makes parts of the address space > > > > non-executable, nor anything like address space randomization which > > > > makes certain attacks very difficult, especially with the previous > > > > two > > > > techniques. > > > > > > > > So when they have a bug, it is exploitable just like bugs are on > > > > any > > > > other powerpc or i386 machine running some other operating system. > > > > > > > > These days even operating systems like Vista have the above 3 > > > > security > > > > technologies. > > > > > > > > > > > > >>> First of all, "bugs" and "viruses" are two different things. > > > > >>> > > > > >>> Second, OS X does not need third-party "protection". All of the > > > > >>> protection is built into the OS! > > > > >>> > > > > >>> If Vista is so secure, then why does one need to download > > > > >>> "virus/spyware protection" when it can simply be built into the OS? > > > > >>> > > > > >>> -The One > > > > >>> > > > > >>> > > > > >>> > > > > >> I don't have "virus/spyware protection" and I've been fine before > > > > >> with > > > > >> Vista and XP. > > > > >> > > > > >> Perhaps you mean to say "why do users who install things they > > > > >> shouldn't need virus/spyware protection?" which I would argue that > > > > >> the > > > > >> OS doesn't matter. I could write a script that asks for rootly > > > > >> permission in OS X and start nuking stuff with the promise of > > > > >> prettier > > > > >> icons for their desktop or IM client. > > > > >> > > > > >> If you were to argue for worms and things of the like, then I would > > > > >> agree. The only virus I will probably ever catch is some zero-day > > > > >> that > > > > >> hits the world and gets in my work network (won't happen at my house > > > > >> -- I live alone) > > > > >> > > > > > > > > > > > > > > Here we hit the heart of the issue. The virus and spyware
OpenBSD at OpenExpo 2007 in Zurich
We (claudio@, mbalmer@, Wim) are at the OpenEXPO in Zurich. If you like to drop by and have a chat with us in real live have a look at http://www.openexpo.ch/ There is even a OpenBSD specific talk by Stephan A. Rickauer tomorrow at 15:40 about "OpenBSD and Linux: Insights into a migration project at the Institute of Neuroinformatics, ETH Zurich" -- :wq Claudio
Re: Define hosts lookup for pf.conf
pichi wrote: Sorry if I ran into the Big Boys forum crying. I will be more cautious about what I ask next time. Is there a forum for people who are starting out with OpenBSD? The thing is I am new to it and I am in a situation where reading pages and pages of Google is taking a lot of time away from making it work. But just working a few days with this OS I can see that its very solid and worth the many hours of searching for documentation. If you are new, then start by reading the most excellent FAQ, all of it, and it will take you less time then searching Google for hours. It's the place to start. Then if you wan to know more about a special function, the man page are more then excellent. The difference you will find here on OpenBSD is that the developers are spending an incredible amount of time to make excellent man page and as you will see in the FAQ, if the man page is not exact, or represent what's the system is doing, that is consider a bug and they will fix it right away. As for the FAQ, Nick is really a hero if you asked me for the quality of the FAQ that he put together and how well he keeps it up to. So, forget about Google for now and start with the FAQ, then the man page and if you have a very good question after that, then Google is your friend. You may simply not be use to a system that also have the quality of the documentation equal to it's own source. OpenBSD is second to none when it comes to documentations. Try it, you will see. Best of luck, Daniel
Re: Define hosts lookup for pf.conf
pichi wrote: Sorry if I ran into the Big Boys forum crying. I will be more cautious about what I ask next time. Is there a forum for people who are starting out with OpenBSD? Read all of this page, noting the word 'Newbies' http://www.openbsd.org/faq/faq2.html#MailLists The thing is I am new to it and I am in a situation where reading pages and pages of Google is taking a lot of time away from making it work. Now you are crying like a girl. Your problems are not this list's problems.