Re: serial port usage
Craig Skinner wrote: Darren Spruell wrote: For the scenario where you have two openbsd hosts, one connected to the second with a serial null modem cable, what is the right device to use when connecting using tip(1) from the first to a console on the second? [snip] Then, on either box, I can do this to get to the console on its neighbour: $ sudo tip tty01 Replying to myself here for the archives: In another recent thread (operator permissions: a wish-list) started by Douglas Tutty; dialout: so I can use minicom to access the modem directly When I saw that, I added myself to the dialer group so that I can tip to another box over the serial line without sudo: $ ls -l /dev/tty01 crw-rw 1 uucp dialer8, 1 Sep 20 08:20 /dev/tty01 $ groups staff wheel operator dialer $ tip tty01 connected Nice one, thanks for the idea!
Re: : OpenBSD Install Goal
On 9/19/07, Nick Holland [EMAIL PROTECTED] wrote: did anyone notice that this thread was accidentally brought back from almost a year ago? Raimo Niskanen wrote: A lot of people has praised the current OpenBSD installer. I too. I think it is at the right level and does the right things, without unneccesary hazzle. But... There are a few things that I remember really missing when I was a beginner, and being nice to beginners is a good thing: 1) Not every time did I have another machine to go to the OpenBSD web site and read the install guide and related docs online. It is almost necessary in order to succeed as a beginner, and it could be improved upon. Why not put the install guide and disk partitioning guide on the CD (maybe it is), and give very visible hints on how to mount and read them during the installation from a parallel console (i386) or how to exit to a shell to read during installation. 1) there are no multiple consoles on the install kernel. 2) I really think it would be excessively awkward to be trying to read docs on the same machine you are installing to. 3) the CD set provides much of this in printed form. Granted, I may be an extreme case, but I really can't imagine there are a lot of people installing OpenBSD on their one-and- only computer who couldn't have at least printed out some docs before hand. 1b)Having the partitioning guide available while installing is maybe good enough, but it would also be nice if there was a disklabel template for large enough disks that created / swap /var /tmp /usr sufficient for a potent desktop install capable of kernel and ports tree compilation, and the rest on /home. actually, the FAQ provides a pretty good example for this (if I do say so myself! :) I've actually been wanting to add some other partitioning examples (for 1G, 4G, 20G hds with some specific apps), but obviously it isn't there yet. :-/ 2) Make it more obvious during the installation when the MBR gets modified, how and when the MBR code gets modified, and how and when the PBR gets written. I was always scared to destroy the MBR code and ruin my Windows boot (company necessity) - I had to use the NT boot loader. This is one of those things that you can't win on. People who understand the process closely will have no problem seeing where this is happening (covered in the FAQ moderately well, I think). However, the vast majority of the users don't understand this, and won't care until AFTER something they didn't want to happen happens. No amount of red-flag warnings is going to change this, I suspect. The best advice there is in the section about multi-booting which warns that this is very difficult and easy to mess up and should be done on a practice machine first. Unfortunately, many new users want to start on a non-dedicated machine in spite of all the warnings that this is a really bad idea (regardless of OS you are a new user on). I understand disk partitioning pretty darned well, I think. I have had the interesting experience of trying to multi-boot with an OS that claimed to be very multi-boot friendly. The pretty graphical user interface slowly chewed through the four or five(!!?) CDs of the install, recognized the other OSs on the disk...and proceeded to give me a completely non-bootable disk when I was done. Fortunately, it wasn't too difficult to fix...with the OpenBSD install CD. :) Nick. Lean back people. I'm working on DirectX10 and Wii controller support for the installer. For the disc paritioning part you can do the samoan slap dance with the Wii-controller. /Tony
Forward traffic on incoming port help
Hello, I am wondering what software could I use besides pf to forwarding traffic coming in on my server on a specific port to another ip on my lan? Basically I'm using an openbsd as my router and I want to forward public traffic coming in on a certain port to a computer behind it in my lan. What are my options? Thanks, - Jake
Re: OpenCVS
On 19/09/2007, Adrian Fisher [EMAIL PROTECTED] wrote: 3. When will it be released? Will it be released at the same time as I was wondering this also. I am really looking forward to the release to replace GNU CVS. I think ( I might be wrong ), the code is there in current, but not linked with the build, so you might be-able to test what they have so far. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: Forward traffic on incoming port help
Jake Conk [EMAIL PROTECTED] writes: I am wondering what software could I use besides pf to forwarding traffic coming in on my server on a specific port to another ip on my lan? PF is in the base system and pretty easy to configure for setups like the one you describe - Basically I'm using an openbsd as my router and I want to forward public traffic coming in on a certain port to a computer behind it in my lan. What are my options? Assuming your local net is NATed with unroutable addresses on the LAN, the traffic is directed to a routable address but the computer you want to receive the traffic is on a nonroutable address inside, some basic redirection (rdr) should do the trick. I'm a bit interested in why you should be looking for a different and probably more difficult way to do it. Are there any specific things in your setup which would break with PF? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
SMP processor kernel usage
Hi list! We are working on SMP adaption of the programming language Erlang. It is an emulated language with light weight threads. The threads are run on a set of schelulers. These schedulers run in separate Posix threads. On Linux we see that using as many schedulers (Posix threads) as there are processor kernels gives almost linear performance increase compared to running on one kernel. On OpenBSD we get no such performance increase, only overhead, and I understand the reason is that OpenBSD Posix threads are not distributed over all processor kernels. It is OpenBSD processes that are distributed over kernels, and all Posix threads run on the same kernel as the process. I understand there is work done to improve on this (rthreads), so the actual question comes here: what's up with rthreads and will they be of any help to us? -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Mailing list issues (was: Microsoft gets the Most Secure Operating Systems award)
Tony Abernethy wrote: Dunno about anyone else, but that seems like some kind of poetic justice. Preserving the pseudo-integrity of garbage seems like it should be very low on the list of priorities. I'm not entirely sure what you mean, but I do think that persuading the mailing list server not to send malformed email messages is an entirely reasonable goal... -- David Given [EMAIL PROTECTED]
CPAN Checksum mismatch for distribution file. Please investigate.
Ok. I get this error: Checksum mismatch for distribution file. Please investigate. Where should I be looking? The full message: cpan install Bundle::CPAN CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Thu, 20 Sep 2007 08:36:49 GMT CPAN: Digest::MD5 loaded ok Checksum mismatch for distribution file. Please investigate. Distribution id = A/AN/ANDK/Bundle-CPAN-1.856.tar.gz CPAN_USERID ANDK (Andreas J. Koenig [EMAIL PROTECTED]) CONTAINSMODS MD5_STATUS localfile /root/.cpan/sources/authors/id/A/AN/ANDK/Bundle-CPAN-1.856.tar.gz I'd recommend removing /root/.cpan/sources/authors/id/A/AN/ANDK/Bundle-CPAN-1.856.tar.gz. Its MD5 checksum is incorrect. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. Nuking the file sources/authors/... has no effect, neither does resetting /usr/libdata/perl5/CPAN/Config.pm CPAN/Config.pm has for URLs: 'urllist' = [q[ftp://ftp.funet.fi/pub/languages/perl/CPAN/]], -Lars
Checking mailbox ownership.
I am getting this message from Charlie Root over and over: Checking mailbox ownership. user clock mailbox is drwx--, group users Does it mean I should change the mailbox flags or group? If yes, what are the correct values then? CL
Re: Checking mailbox ownership.
Karel Kulhavy wrote: I am getting this message from Charlie Root over and over: Checking mailbox ownership. user clock mailbox is drwx--, group users Does it mean I should change the mailbox flags or group? If yes, what are the correct values then? Needs to be owned by the system user, e.g: $ ls -ld /var/mail/someone drwx-- 9 someone users 512 Dec 20 2006 /var/mail/someone/ But, you will still get the alerts unless you patch /etc/security as this script assumes mboxes, not maildirs. The below allows for both: $ rcsdiff -r1.1 /etc/security === RCS file: /etc/RCS/security,v retrieving revision 1.1 diff -r1.1 /etc/security 428c428 $1 != -rw--- \ --- $1 != -rw--- $1 != drwx-- \
Re: OpenCVS
Le 20 sept. 07 ` 07:10, Karl Sjvdahl - dunceor a icrit : On 9/19/07, Adrian Fisher [EMAIL PROTECTED] wrote: 1. Who here knows about OpenCVS? 2. How is it used? 3. When will it be released? Will it be released at the same time as 4.2? Regards, A. 1. OpenCVS is developed by several of the OpenBSD developers, those I see commit most is xsa@, niallo@, ray@ and lateley a lot by [EMAIL PROTECTED] You forgot [EMAIL PROTECTED] 2. It's a replacement for GNU CVS so it's compatiable with it. Their goal is first to make sure everything supported in GNU CVS should be supported in OpenCVS. 3. Do not know about release, probobly not ready for prime time yet. But I'm sure it needs testers, that will speed up the development. Ps. I'm not a developer. ds. br Dunceor
Error while trying to build xenocara
Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... no checking for nawk... nawk checking whether make sets $(MAKE)... yes configure: error: source directory already configured; run make distclean there first *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 97 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 133 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto. *** Error code 1 Stop in /usr/xenocara. command used: cd /usr/xenocara make bootstrap make obj make build What's up? -- With best regards, Gregory Edigarov
New Digg Profiles and Updated Site Policies
Lots of new changes coming to Digg! We're excited to introduce you to the new Digg Profiles. With over fifty new features, we've completely revamped our profiles from the ground up - making it easy for you to share your favorite Digg stories with friends. If you'd like to see them in action, visit Digg or get a walk through of some of the new features in this video: http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg1 Because Digg enables people to share information with one another, the policies for how you use Digg and how we treat your privacy on Digg are very important to us. As part of this release, we have updated our Terms of Use and Privacy Policy, which we encourage you to check out. Terms of Use: http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg2 Privacy Policy: http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg3 Some highlights to note: * Digg will notify you via email when certain activities happen, such as when someone adds you as a friend or a story you submit becomes popular. You can control what emails you want to receive in the Email Settings section of your Digg User Profile: http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg4 * You can easily find your friends' Profiles on Digg by searching for them by their email address. If you don't want to enable others to search for your Digg Profile by your email address, or if you want to manage what personal information to display in your Digg Profile, you can reflect this in your Privacy Settings: http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg5 The best way to learn more about these changes is to try out Digg Profiles for yourself. Visit Digg.com, login, and click the Profile button at the top of any page on the site. http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg6 Cheers, The Digg Crew This is a system message from Digg.com, which we are required to send to all account holders. Control what other emails you receive from Digg: http://e.digg.com/a/tBG8iT$BZHXPpBaQOdpBacZ8VG0/digg7
Re: Error while trying to build xenocara
Gregory Edigarov wrote: Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory Just an update: I've made /usr/xobj directory, then run the same command again, with same result. checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... no checking for nawk... nawk checking whether make sets $(MAKE)... yes configure: error: source directory already configured; run make distclean there first *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 97 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 133 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto. *** Error code 1 Stop in /usr/xenocara. command used: cd /usr/xenocara make bootstrap make obj make build What's up? -- With best regards, Gregory Edigarov
Re: Error while trying to build xenocara
* Gregory Edigarov wrote: Gregory Edigarov wrote: Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory Just an update: I've made /usr/xobj directory, then run the same command again, with same result. read the README file, under the hopeless case section... that helped me (I am a hopeless case, too, but not hopless ;) checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... no checking for nawk... nawk checking whether make sets $(MAKE)... yes configure: error: source directory already configured; run make distclean there first *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 97 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 133 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto. *** Error code 1 Stop in /usr/xenocara. command used: cd /usr/xenocara make bootstrap make obj make build What's up? -- With best regards, Gregory Edigarov
Re: Error while trying to build xenocara
Marc Balmer wrote: * Gregory Edigarov wrote: Gregory Edigarov wrote: Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory Just an update: I've made /usr/xobj directory, then run the same command again, with same result. read the README file, under the hopeless case section... that helped me (I am a hopeless case, too, but not hopless ;) Are you kidding? -- With best regards, Gregory Edigarov
Re: Microsoft gets the Most Secure Operating Systems award
On 9/19/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: The One [EMAIL PROTECTED] writes: Security is one of the concerns Leopard will solve. **BLAM** Security is never, ever a completely solved problem. Your world just isn' that simple. Do NOT pass GO. I sincerely hope never to hear such nonsense on misc, ever again. Sure, the next release is always better. But you won't hear me saying that OpenBSD 4.3 is your solution to all ills. At the moment, both Leopard and OpenBSD 4.3 are clouds of virtual unobtanium, not to be confused with the final solution to anything. Don't bother following up, I won't be listening. Or maybe I will, and I might even venture out from under my rock again before 4.4 ships. If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top.
Re: OpenBSD Install Goal
On Tue, 18 Sep 2007 16:28:48 -0700 Darren Spruell [EMAIL PROTECTED] wrote: There are resources a-plenty; anyone who finds it confusing is either trying to install without having read docs, or is not familiar with computers in the first place (and thus needs to read the docs.) Computer users need to get smarter, instead of technology getting dumber for them. True. If someone will not (care to) at least read and try to understand the FAQs on installation, how will this person, continuing to totally ignore documentation, be able to configure and maintain the system anyway? I am new to OpenBSD and I do find most things a little difficult. Installation was the easy part :-) - Ulf
Re: Microsoft gets the Most Secure Operating Systems award
On Fri, Sep 21, 2007 at 12:08:55AM +1000, The One wrote: If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top. Stop sending this stuff to misc@openbsd.org, it is totally irrelevant here, and your email address tags you as a Troll as well.
Re: OpenBSD Install Goal
On Tue, 18 Sep 2007 16:28:48 -0700 Darren Spruell [EMAIL PROTECTED] wrote: Computer users need to get smarter, instead of technology getting dumber for them. I could not disagree more with this statement. Will
Re: help needed with laptop hdd
Henning Brauer [EMAIL PROTECTED] wrote: I just learned that the disk in the X40 is kind of special. It is a 1.8 hard disk that does NOT use the ZIF connector (these are somewhat common) but the same 44pin connector 2.5 disks use. 1.8 disks with that connector have only ever been made by Hitachi. Hmm. I've been entertaining thoughts of putting a flash drive into my X40, as soon as these become more readily available, but I suppose the special connector will render this difficult as well. :-( -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: Microsoft gets the Most Secure Operating Systems award
On 9/20/07, The One [EMAIL PROTECTED] wrote: Don't bother following up, I won't be listening. Or maybe I will, and I might even venture out from under my rock again before 4.4 ships. If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top. You're either incredibly naive, have been drinking too much aqua-colored koolaid, or are just joking. Good one. DS
Re: Microsoft gets the Most Secure Operating Systems award
On 9/20/07, The One [EMAIL PROTECTED] wrote: On 9/19/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: The One [EMAIL PROTECTED] writes: Security is one of the concerns Leopard will solve. **BLAM** Security is never, ever a completely solved problem. Your world just isn' that simple. Do NOT pass GO. I sincerely hope never to hear such nonsense on misc, ever again. Sure, the next release is always better. But you won't hear me saying that OpenBSD 4.3 is your solution to all ills. At the moment, both Leopard and OpenBSD 4.3 are clouds of virtual unobtanium, not to be confused with the final solution to anything. Don't bother following up, I won't be listening. Or maybe I will, and I might even venture out from under my rock again before 4.4 ships. If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top. Okay so you've stopped top-posting. Thanks for that. But what are you? Are you some sort of Apple employee, out to spread the good word? Or are you just someone who has no idea how technology works in reality, your head so far up Apple's... cloud.. that you have never really realized what you're doing? Your opinion is nice, but useless. Opinions mean nothing, only facts. See, my opinion is, if anyone can solve security, OpenBSD definitely can. Now go away. -Nick
Re: Microsoft gets the Most Secure Operating Systems award
Sorry but I am just disagreed with Theo saying that OS X is buggy and insecure. On 9/21/07, Marc Espie [EMAIL PROTECTED] wrote: On Fri, Sep 21, 2007 at 12:08:55AM +1000, The One wrote: If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top. Stop sending this stuff to misc@openbsd.org, it is totally irrelevant here, and your email address tags you as a Troll as well.
Re: Microsoft gets the Most Secure Operating Systems award
The One [EMAIL PROTECTED] writes: In my opinion, In my opinion, you're simply a source of off-topic noise for this mailing list. There has to be dozens of mailing lists, web forums and the like where your fruit worship is welcome. Please go there. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Microsoft gets the Most Secure Operating Systems award
On Fri, Sep 21, 2007 at 01:00:11AM +1000, The One wrote: Sorry but I am just disagreed with Theo saying that OS X is buggy and insecure. Whatever. BORED already. Go troll elsewhere.
Re: help needed with laptop hdd
- Original Message - From: [EMAIL PROTECTED] (Christian Weisgerber) Date: Thursday, September 20, 2007 9:57 am Subject: Re: help needed with laptop hdd To: misc@openbsd.org Henning Brauer [EMAIL PROTECTED] wrote: I just learned that the disk in the X40 is kind of special. It is a 1.8 hard disk that does NOT use the ZIF connector (these are somewhat common) but the same 44pin connector 2.5 disks use. 1.8 disks with that connector have only ever been made by Hitachi. Hmm. I've been entertaining thoughts of putting a flash drive into my X40, as soon as these become more readily available, but I suppose the special connector will render this difficult as well. :-( -- Christian naddy Weisgerber [EMAIL PROTECTED] You'd be unhappy with the write cycle longevity of a flash drive for regular use anyway. Flash and super dense mag drives seem fine for use if write/erase only happens occasionally (i.e. embedded/mp3 etc...) The next step: http://en.wikipedia.org/wiki/Ferroelectric_RAM
2 internet connections on 1 router
Hi All, I'm using a Soekris box with OpenBSD 4.0 (sorry *g*) on my home soekris box. Actual setup is one interface with a cable modem connected for internet use. The cable modem provider talks dhcp, so no pppoe magic involved. Now I do have an old second DSL provider lying around, which I basically not use anymore. However, the old DSL provider tries to get on my ass, and I figured, okay boys, if you don't let me outta this contract, I'll use your uplink to the max 24/7 (while true; do wget -O /dev/null http://something.iso; done). I know my way to configure pppoe and to dial in (without having pppoe modifying my default gw). Question is: How do I fiddle around with my routing table, that basically the wget running on my router is using sis2 (with the pppoe uplink), while the rest (my existing working lan) is still using sis0 with my good-guys cable modem uplink? Any hints highly appreciated. Thanks in advance, Marian
Re: operator permissions: a wish-list
On Wed, 19 Sep 2007 at 20:41 -0400, Douglas A. Tutty wrote: Lets take a typical family setup. Mom is the SA who knows the root password. Dad can be operator and do stuff with sudo. However, the kids may just want to listen to CDs, watch DVDs, access their homework on a USB stick, rip a CD to MP3 and transfer it to their player or move MP3s from their player and burn them to a CD. Actually, I was envisioning that the kids would have operator permissions. I was thinking that an operator is anyone who has physical access to the computer and is expected to use the hardware. I don't know the history of the operator group, but it almost seems as if it dates back to the days when BSD ran on mainframes whose only form of removable media was a tape drive. Of course, computers are being used much differently nowadays, so it makes sense to update the operator group. Or, alternatively, maybe the operator group has become obsolete with the advent of sudo? In that case, perhaps the operator group should be abolished, because I get the feeling that the operator group, in its current form, isn't serving any real purpose.
Re: 2 internet connections on 1 router
Marian Hettwer wrote: Hi All, I'm using a Soekris box with OpenBSD 4.0 (sorry *g*) on my home soekris box. Actual setup is one interface with a cable modem connected for internet use. The cable modem provider talks dhcp, so no pppoe magic involved. Now I do have an old second DSL provider lying around, which I basically not use anymore. However, the old DSL provider tries to get on my ass, and I figured, okay boys, if you don't let me outta this contract, I'll use your uplink to the max 24/7 (while true; do wget -O /dev/null http://something.iso; done). I know my way to configure pppoe and to dial in (without having pppoe modifying my default gw). Question is: How do I fiddle around with my routing table, that basically the wget running on my router is using sis2 (with the pppoe uplink), while the rest (my existing working lan) is still using sis0 with my good-guys cable modem uplink? Any hints highly appreciated. Thanks in advance, Marian route add -host addr of iso source addr of dsl gateway would work, there probably are better ways, but this would be dead simple So vengeance is a dish best served in binary?
FW: Microsoft gets the Most Secure Operating Systems award
The One [EMAIL PROTECTED] writes: If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top. Solve security? GEESH! Mr. The One I must humbly submit to you that you DO NOT KNOW WHEREFORE YOU SPEAK! There is no such thing as Solving Security. It does not exist. It could only exist in a perfect world and as you know, or at least should know, this is NOT a perfect world. My opinion is that Apple puts out a nice product for what it is. I love my MacBook, I use it to play online games and work my second job as an internet radio show personality. I use it when I don't want to think after a long day of thinking at work (thinking isn't my best subject after all). BUT! I do not delude myself into thinking that it is some great bastion of security or ever will be. At work, I use OpenBSD for firewalls, mail servers, (gulp) an FTP server, NIDS, time server, etc... etc... etc... Do I think that OpenBSD is the end-all-be-all of security? nope. A system, no matter how good it is, is only as good as the admin who sets it up. Some systems start out from a much better position than others, and my opinion is that OpenBSD is the very best at this, but ultimately, it has to be set up to do whatever job it needs to perform. No matter how perfect the base system is, there is no way to get around this. There is NO WAY an OS can SOLVE SECURITY. It is as impossible as making an ice machine that SOLVES the problem of ice melting. It is as idiotic as the belief that the Titanic was unsinkable. Please, do not put so much blind faith in a system that is built more for user experience than it is for security. Do not put so much blind faith in ANYTHING. Nothing is infallible, everything eventually crumbles. Even OpenBSD has had 2 remote exploits in the default install in the last 10 years. It happens, even to the very best. Nothing can, or ever will, be able to change this, it is an immutable fact. period. s
������ ������ ��� ������ ������ ������ ���� ���� '��.��.���'; ����� '��� ������ 2030'
[IMAGE]Having trouble reading this email? See it in your browser ArabianBusiness.com Daily News Alert GHMK ]m Gacf^Z: GaCMO ,20 SHJcHQ 2007 [IMAGE] GaCNHGQ GaQFmSmI dGSOG_ fHfQUI OHm JZadGd GJ]G^G cTJQ_G HTCd Jca_ Gf.Gc.G_S dGSOG_ SJJca_ MUI HfQUI OHm ]m Gf.Gc.G_S fHfQUI OHm MUI 20 ]m GacGFI ]m dGSOG_ fMUJeG ]m HfQUI adOd JOTmd NXI CHfYHm 2030 GacNXX GaZcQGdm GaTGca mJf^Z Cd mdcf ZOO S_Gd CHfYHm amUa Eal KaGKI caGmmd dScI f GaGSJKcGQGJ Eal 500 camGQ OQec HMafa 2030 OHm J]JM PQGZmeG aCX]Ga GaZGac GacMQfcmd OHm aaZXGA cHGOQI ZGacmI JSJeO] ]m cQMaJeG GaCfal JCcmd GaJZamc acamfd X]a ]m GacdGX^ Ga]^mQI cd BSmG fC]Qm^mG ArabianBusiness.com JobsBrowse all jobs ; Business Operations Manager Dubai, UAE Head of Risk - Banking Doha, Qatar Head of Proprietary Trading Doha, Qatar [IMAGE] c^GfaGJ H_Ja J]fR HcTQfZ ]m LOI H\ 15 camGQ OfaGQ Gacca_I Ga^GHVI GaSZfOmI JXfQ cLcZ S_dm fJLGQm HcSGMI 2 camfd cJQ cQHZ SmMmX HV]Jm TQc CHMQ cZ LSQ mQHX HmdecG OHm GaZGacmI JdLR U]^I ]m cmdGA QfJQOGc H^mcI 1.25 camGQ OfaGQ QUm] GaMGfmGJ GaLOmO ]m QfJQOGc SmRmO XG^I JZGca GacmdGA GaMGamI cZ GaMGfmGJ HdSHI 40 % Hdf_ fE^JUGO JOGfa CSec Hd_ GaEcGQGJ OHm GafXdm HZO ZmO Ga]XQ SmJc Em^G] GaJZGca HGaCSec GacOQLI aHd_m GaEcGQGJ GaOfam fOHm GafXdm ]m HfQUI OHm ]m GaSGHZ cd C_JfHQ J_dfafLmG JZRmR GaLefO acMGQHI Ga^QUdI GaGa_JQfdmI ]m GaTQ^ GaCfSX fQTI GaZca GaCfal Mfa SHa c_G]MI GaLQmcI GaEa_JQfdmI fVcGd M^f^ Gaca_mI Ga]_QmI ]m GacdX^I cfGUaGJ XmQGd GaEcGQGJ JTJQm 49% cd fMOI JGHZI a\Ga]G GmQHfQJS GafMOI GaLOmOI SJ^fc HJfQmO C[PmI fcTQfHGJ XmQGd GaEcGQGJ NaGa QMaGJeG Eam GSJQGamG Ga_fmJ JLQm cMGOKGJ cZ Hfmd[ f EmQHGU aTQGA XGFQGJ H^mcI 4 camGQ OfaGQ cd Gac^QQ Cd J^fc aLdI cd GaNXfX GaLfmI Ga_fmJmI HGafUfa Eal ^QGQ Mfa cG SmJc TQGDe HZO TeQm Gac^GaGJ GaC_KQ ^QGAI 1. GaNamLmfd mJUOQfd ^GFcI ]fQHS aaZGFaGJ Gaca_mI GaC_KQ KQGA 2. CcmQ ^XQm mTJQm ^UQG ]m HGQmS c^GHa 110 caGmmd OfaGQ 3. GaZcGaI GafG]OI NcSI CVZG] GacfGXdI ]m Ga_fmJ 4. GaNXfX GaSZfOmI JN]V QMaGJeG GaOGNamI 5. _GQ]fQ GaeGmHQcGQ_J GaC_HQ ]m GacdX^ To Advertise in this newsletter please contact : Richard O'Sullivan Tel: +971 50 651 4745 a^O Ja^mJ ePe GaQSGaI cd TQ_I Bm Jm Hm! GaTQ_I GaQGFOI ]m GadTQ ]m cLGa GaGJUGaGJ fJ^dmI GacZafcGJ fGaCZcGa ]m GaTQ^ GaCfSX! f^O Jc JSLma HQmO_ GaEa_JQfdm HZO Cd GTJQ_J ]m GadSNI GaEa_JQfdmI adTQI Arabianbusiness.com/arabic! fPa_ CKdGA GTJQG__ HcSGH^I Cf JU]M_ aCMO cfG^ZdG (ITP.net; GitexTimes.com; ArabianBusiness.com; TimeOutDubai.com; TimeOutAbuDhabi.com and Ahlan.ae ). EPG Q[HJ ]m MP] ZdfGd HQmO_ GaEa_JQfdm cd ^GFcI cQGSaGJdG ]Gd^Q edG Ja^m ePe GadTQI
ural recognized as cd: BUFFALO WLI-U2-KG54-AI
got a ural a supposedly supported usb wifi adapter, BUFFALO WLI-U2-KG54-AI, and it's showing up as a detachable cd drive on a 4.1-release machine: umass0 at uhub3 port 1 configuration 1 interface 0 umass0: BUFFALO WLI-U2-KG54-AI, rev 2.00/1.15, addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets cd0 at scsibus0 targ 1 lun 0: BUFFALO, WLI-U2-KG54-CD, 1.00 SCSI0 5/cdrom removable would like to get this fixed, clues appreciated. if this has been fixed after 4.1-release clues on how i could have figured this out myself are appreciated. cheers, jake
Re: ural recognized as cd: BUFFALO WLI-U2-KG54-AI
On Thu, Sep 20, 2007 at 01:01:52PM -0500, Jacob Yocom-Piatt wrote: | got a ural a supposedly supported usb wifi adapter, BUFFALO | WLI-U2-KG54-AI, and it's showing up as a detachable cd drive on a | 4.1-release machine: | | umass0 at uhub3 port 1 configuration 1 interface 0 | umass0: BUFFALO WLI-U2-KG54-AI, rev 2.00/1.15, addr 2 | umass0: using SCSI over Bulk-Only | scsibus0 at umass0: 2 targets | cd0 at scsibus0 targ 1 lun 0: BUFFALO, WLI-U2-KG54-CD, 1.00 SCSI0 | 5/cdrom removable | | would like to get this fixed, clues appreciated. if this has been fixed | after 4.1-release clues on how i could have figured this out myself are | appreciated. Silly question perhaps, but have you tried mounting the CD ? I have a USB wi(4) adapter (supported) that also attaches as a flash storage device. I knew this beforehand, as it was on the box (Wireless adapter and flash in one !) but a nice feature was that there were two storage devices. sd0 of about 256MB and sd1 with a couple of megs that contained the Windows drivers. Perhaps the CD contains the windows drivers ? As I said, silly question, but maybe it's worth a shot ? Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: ural recognized as cd: BUFFALO WLI-U2-KG54-AI
Jacob Yocom-Piatt wrote: got a ural a supposedly supported usb wifi adapter, BUFFALO WLI-U2-KG54-AI, and it's showing up as a detachable cd drive on a 4.1-release machine: umass0 at uhub3 port 1 configuration 1 interface 0 umass0: BUFFALO WLI-U2-KG54-AI, rev 2.00/1.15, addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets cd0 at scsibus0 targ 1 lun 0: BUFFALO, WLI-U2-KG54-CD, 1.00 SCSI0 5/cdrom removable there is a little switch on the adapter that i flipped it pops up as a ural and is working now. might be worth including in the manpage or something... cheers, jake would like to get this fixed, clues appreciated. if this has been fixed after 4.1-release clues on how i could have figured this out myself are appreciated. cheers, jake --
Re: Error while trying to build xenocara
On 9/20/07, Gregory Edigarov [EMAIL PROTECTED] wrote: Are you kidding? No he wasn't. Did you read /usr/src/xenocara/README? There's a whole paragraph discussing your case: more +134 /usr/src/xenocara/README.
Flash drives (was: Re: help needed with laptop hdd)
[EMAIL PROTECTED] wrote: You'd be unhappy with the write cycle longevity of a flash drive for regular use anyway. I'm not going to take your word for it. Speaking of flash drives, I recently realized again that the OpenBSD CVS repository isn't all that big by todays standards: about 4 GB, easily fitting on an 8-GB flash. This looks like an excellent match. If you mount it with the noatime option, a copy of the repository will see few writes, and read performance is dominated by random access time. That might be interesting for an anoncvs server. I need to look at the options for fitting a compact flash as an ATA drive into a normal PC. The next step: http://en.wikipedia.org/wiki/Ferroelectric_RAM Also: flying cars. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: Flash drives (was: Re: help needed with laptop hdd)
On Thursday, September 20, 2007 at 19:02:23 +, Christian Weisgerber wrote: I need to look at the options for fitting a compact flash as an ATA drive into a normal PC. There are lot's of adapters. Some examples can be found here: http://www.pcengines.ch/cflash.htm Maurice
Re: help needed with laptop hdd
On 2007/09/20 10:26, [EMAIL PROTECTED] wrote: You'd be unhappy with the write cycle longevity of a flash drive for regular use anyway. This depends very much on what your regular use is. They're a lot tougher than common knowledge would have you believe.
Re: help needed with laptop hdd
- Original Message - From: Stuart Henderson [EMAIL PROTECTED] Date: Thursday, September 20, 2007 2:29 pm Subject: Re: help needed with laptop hdd To: [EMAIL PROTECTED] Cc: misc@openbsd.org On 2007/09/20 10:26, [EMAIL PROTECTED] wrote: You'd be unhappy with the write cycle longevity of a flash drive for regular use anyway. This depends very much on what your regular use is. They're a lot tougher than common knowledge would have you believe. From the flash that I've tested for a data logging project, the best I've seen was from M-Systems - now sandisk. http://www.sandisk.com/OEM/ProductCatalog(1335)-SSD_formerly_FFD_UATA_25.aspx Still not with write/erase longevity as a decent spinning drive. Now they(sandisk) have a new line for use in laptops: http://www.sandisk.com/OEM/ProductCatalog(1320)-SanDisk_SSD_UATA_5000_18.aspx http://www.sandisk.com/OEM/ProductCatalog(1321)-SanDisk_SSD_SATA_5000_25.aspx Seemingly difficult to find though.
Re: Flash drives (was: Re: help needed with laptop hdd)
On Thu, 20 Sep 2007 21:20:49 +0200 Maurice Janssen [EMAIL PROTECTED] wrote: On Thursday, September 20, 2007 at 19:02:23 +, Christian Weisgerber wrote: I need to look at the options for fitting a compact flash as an ATA drive into a normal PC. There are lot's of adapters. Some examples can be found here: http://www.pcengines.ch/cflash.htm I have 2 of those CFDISK.5H ones, works like a champ wd0 at pciide0 channel 0 drive 0: CF Card wd0: 1-sector PIO, LBA, 983MB, 2014992 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd0 at pciide1 channel 0 drive 0: Corsair 40x CompactFlash v1.1 wd0: 1-sector PIO, LBA, 249MB, 510976 sectors wd0(pciide1:0:0): using PIO mode 4 // nick
Re: 2 internet connections on 1 router
On Thu, Sep 20, 2007 at 04:43:29PM +0200, Marian Hettwer wrote: However, the old DSL provider tries to get on my ass, and I figured, okay boys, if you don't let me outta this contract, I'll use your uplink to the max 24/7 (while true; do wget -O /dev/null http://something.iso; done). If you have bandwidth to burn, why not set yourself up as an OBSD ftp and rsync mirror too? How about a OBSD mailing list archive? Doug.
Re: FW: Microsoft gets the Most Secure Operating Systems award
On Thu, Sep 20, 2007 at 11:13:48AM -0400, stuart van Zee wrote: There is no such thing as Solving Security. It does not exist. It could only exist in a perfect world and as you know, or at least should know, this is NOT a perfect world. I have one absolutely secure computer. Actually I _had_ one: It is (was) a Pentium 75. It died. I took it apart and had it recycled. Since the drive didn't die (using it right now), it doesn't count. I can guarantee that nobody can do a remote exploit on that computer. :)) Other than that, I agree totally with Stuart. Doug.
Is AMD64 page out of date about W^X?
According to: http://www.openbsd.org/amd64.html W^X will not work on Intel's 64 bit chips. I for one chose to go with i386 on my Core 2 because of this fact alone. Then I saw this: http://www.xbitlabs.com/news/cpu/display/20041011182310.html and scores of other pages that refer to the XD bit. On another page (sorry.. lost the link) a person claimed that newer chips (I believe around the beginning of 2005) started shipping it and that it would work on OpenBSD. As this person is who-knows-who I can't really put much to that. http://processorfinder.intel.com/ shows the Core 2's having Execute Disable Bit Then I see dmesg like the following: http://www.webservertalk.com/archive249-2007-1-1783328.html http://readlist.com/lists/openbsd.org/misc/10/54208.html Here next to the Core 2 we see NXE So I dunno... it looks to me like it is supported. I haven't had a chance to look at how the code functions... but would the kernel use W^X based on NXE being available? Or does it have some other code that might see it is Intel (or use some particular method of checking for the bit that might not work on Intel's implementation). Basically... I can't confirm if it works or not. And if I switch my server over to AMD64... will NXE in the dmesg really let me know that it is indeed working correctly? If indeed W^X is now supported on newer Intel chips... could someone update the AMD64 page? I know that when I was buying my current hardware I considered going AMD for this comp because I saw that. Then the prices fell on Core 2's and I went ahead with it because it does indeed seem faster. I know that Intel has been lame by not giving good documentation and perhaps this could sting them back a bit by putting people off. But it seems at this point (2-3 years after they started adding NXE) it would be good to go ahead and say if it is supported. Perhaps I am wrong and their version of NXE is really a bunch of bull and is not applicable, making the statement true. But if indeed it is supported on newer chips... it seems fair to be honest about it so users of OpenBSD don't make uninformed decisions.
Re: Is AMD64 page out of date about W^X?
On 9/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: According to: http://www.openbsd.org/amd64.html W^X will not work on Intel's 64 bit chips. I for one chose to go with i386 on my Core 2 because of this fact alone. Intel produces 2 families of 64-bit processors; the EM64T and an AMD64 family chip. You're probably misinterpreting what is meant to indicate the former. http://en.wikipedia.org/wiki/64-bit#Current_64-bit_microprocessor_architectures http://www.xbitlabs.com/news/cpu/display/20040310223922.html DS
Re: Microsoft gets the Most Secure Operating Systems award
On 09/19/07 13:07, Die Gestalt wrote: On 9/19/07, Daniel Ouellet [EMAIL PROTECTED] wrote: I think in German, it's call Chaise or something very close to that I believe, but I am absolutely sure the spelling is not good. .. ScheiC e? Merde? Using non-ASCII characters in e-mail is also: Scheisse! Wow misc is becoming cultural. OpenBSD and siblings are Definitely Pieces of Art. The craftsmanship with which the OpenBSD community handles software is comparable to painters handling materials, light and space a couple of hundred years ago. +++chefren p.s. Of course we have digital photographs and high res motion video these days... p.p.s. It was so good to see the recent stories of hacking iPhones: The first serious software they installed was OpenSSH!
Re: Is AMD64 page out of date about W^X?
On 9/20/07, Darren Spruell [EMAIL PROTECTED] wrote: On 9/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: According to: http://www.openbsd.org/amd64.html W^X will not work on Intel's 64 bit chips. I for one chose to go with i386 on my Core 2 because of this fact alone. the early chips didn't have it, the new ones do. the web page is old. Intel produces 2 families of 64-bit processors; the EM64T and an AMD64 family chip. i cannot find any mention of the intel amd64 family on their website.
Re: Is AMD64 page out of date about W^X?
I am not so sure of that.If you go here: http://processorfinder.intel.com/Default.aspx and then select Core 2 Duo or some such... then filter by Execute Disable Bit under supported features... you will see a bunch of Core 2s. The Core 2 is ia32e. It is not EM64T. According to some sites... if anyone really cares I will find the links... Intel started putting ia32e chips out in late 2004.. this includes some Pentium 4's. I believe Theo was expressing his disappointment around Feb of 2004. Anyway... the page does seem to be updated semi-regularly.. if the date at the bottom is accurate.. it was last changed on 2007/08/10 If Intel did indeed start including it on chips in early 2005... it would be nice to know that instead of a blanket statement that Intel does not support the NXE bit at all. It is important when making purchasing decisions and architecture choices. Darren Spruell [EMAIL PROTECTED] wrote: On 9/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: According to: http://www.openbsd.org/amd64.html W^X will not work on Intel's 64 bit chips. I for one chose to go with i386 on my Core 2 because of this fact alone. Intel produces 2 families of 64-bit processors; the EM64T and an AMD64 family chip. You're probably misinterpreting what is meant to indicate the former. http://en.wikipedia.org/wiki/64-bit#Current_64-bit_microprocessor_architectures http://www.xbitlabs.com/news/cpu/display/20040310223922.html DS
isakmp phase 2 negotiation failed
having a nightmare getting two openbsd (one 3.8, one 4.0) boxes to setup a tunnel. finally got the phase 1 negotiation going (or so i believe from reviewing the logs) but it appears that the phase two starts and is just abandoned. my best guess is that the default definitions for QM-ESP-DES-MD5-SUITE are incompatible but i can't seem to get by it. the -DA=99 output and configuration files are attached in the hope that someone make sense of this. i also have the -L dump if anyone needs it. thanks for any assistance. -- t t w # isakmpd configuration [General] Listen-on= 83.104.36.71 [X509-Certificates] CA-directory= /etc/isakmpd/ca/ Cert-directory= /etc/isakmpd/certs/ Private-key=/etc/isakmpd/private/local.key [Phase 1] #84.203.180.117=gw.vpn.cobbled.net [caley01.vpn.cobbled.net] ID-Type=FQDN Name= caley01.vpn.cobbled.net [gw.vpn.cobbled.net] ID-Type=FQDN Name= gw.vpn.cobbled.net [Phase 2] Connections=cobbled-caley [cobbled_net-gw] Phase= 1 Configuration= low-crypto Address=84.203.180.117 ID= caley01.vpn.cobbled.net Remote-ID= gw.vpn.cobbled.net [cobbled-caley] Phase= 2 ISAKMP-peer=cobbled_net-gw Configuration= low-crypto-quick Local-ID= cobbled_net-caley Remote-ID= cobbled_net-all [cobbled_net-all] ID-Type=IPV4_ADDR_SUBNET Network=10.0.0.0 Netmask=255.0.0.0 [cobbled_net-caley] ID-Type=IPV4_ADDR_SUBNET Network=10.192.0.0 Netmask=255.255.0.0 [min-crypto-quick] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Transforms= QM-ESP-DES-MD5-SUITE [low-crypto] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA-RSA_SIG [low-crypto-quick] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Transforms= QM-ESP-3DES-SHA-PFS-SUITE [demime 1.01d removed an attachment of type application/x-gunzip]
Re: Is AMD64 page out of date about W^X?
On 9/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I am not so sure of that.If you go here: http://processorfinder.intel.com/Default.aspx and then select Core 2 Duo or some such... then filter by Execute Disable Bit under supported features... you will see a bunch of Core 2s. The Core 2 is ia32e. It is not EM64T. um, if you go to the very web page that tells you the core 2 supports execute disable and click down twice, you'll find EM64T.
Re: Is AMD64 page out of date about W^X?
Well I'll be durned.. apparently ia32e is EM64T(Intel's marketing name for it). I was thinking it was the itanium arch which is actually ia64. But either way... EM64T is supposed to run on AMD64... the only question is will OpenBSD respond accordingly when NXE is present during dmesg. And if so.. it would be nice to change this on the AMD64 page so people are aware of it. Darren Spruell [EMAIL PROTECTED] wrote: On 9/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: According to: http://www.openbsd.org/amd64.html W^X will not work on Intel's 64 bit chips. I for one chose to go with i386 on my Core 2 because of this fact alone. Intel produces 2 families of 64-bit processors; the EM64T and an AMD64 family chip. You're probably misinterpreting what is meant to indicate the former. http://en.wikipedia.org/wiki/64-bit#Current_64-bit_microprocessor_architectures http://www.xbitlabs.com/news/cpu/display/20040310223922.html DS
Re: isakmp phase 2 negotiation failed
n0g0013 wrote: having a nightmare getting two openbsd (one 3.8, one 4.0) boxes to setup a tunnel. finally got the phase 1 negotiation going (or so i believe from reviewing the logs) but it appears that the phase two starts and is just abandoned. This may not be the best advise, but there have been so many changes in the area of ipsec, key work and isakmp in the last few release, I would strongly suggest that you first try to set this up with 4.1 as it's become so much easier now for most of these things oppose to before that I am not sure I would waist any time trying to set this up on earlier version, plus 3.8 is not even supported for a while already and 4.0 will not be in a month from now, so why invest so much time trying, specially if that doesn't work now after many tries as you express it. Do, as you see fit, but my advise to you, wouldn't be to help trying to get it up as is now, but first run 4.1, then try the new way of doing it. I think that would be much better spend of time. But again, I could be wrong, that's just me. Best of luck. Daniel
Re: help needed with laptop hdd
On Thu, 20 Sep 2007 10:26:14 -0500, [EMAIL PROTECTED] wrote: You'd be unhappy with the write cycle longevity of a flash drive for regular use anyway. Flash and super dense mag drives seem fine for use if write/erase only happens occasionally (i.e. embedded/mp3 etc...) The next step: The next step is to find some justification for your statement about longevity. I remember early nand tech that wore out in a few days or maybe hours. That isn't now. I have attempted to wear out an Apacer CF 512MB by doing a regular install of OpenBSD (no memfs, no mount ro) and then turning the most verbose logging possible for spamd with daily rotations. I then used it to run a firewall in front of a moderately busy mailserver that had hundreds of spamtrap addresses. After fourteen months I gave up and put the spamd stuff on the mailserver (simply to keep all the email process on one box) at the next OS update. I have about a dozen client sites for one company that store all their inventory data on CF at their branch firewalls on a similar CF. Updates daily from head office overwrite the data. No problems. I saw some info recently that showed that flash technology is now less likely to fail than a spinny disk. Wish I'd kept a link to it because I don't really have time to Google it ATM. Price is the killer on the basis of storage size but it is heading down fast. We already have one flash drive in a desktop PC and it is slick. For laptops the ruggedness is tops. R/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: help needed with laptop hdd
- Original Message - From: RW [EMAIL PROTECTED] Date: Thursday, September 20, 2007 6:50 pm Subject: Re: help needed with laptop hdd To: misc@openbsd.org misc@openbsd.org On Thu, 20 Sep 2007 10:26:14 -0500, [EMAIL PROTECTED] wrote: You'd be unhappy with the write cycle longevity of a flash drive for regular use anyway. Flash and super dense mag drives seem fine for use if write/erase only happens occasionally (i.e. embedded/mp3 etc...) The next step: The next step is to find some justification for your statement about longevity. I remember early nand tech that wore out in a few days or maybe hours. That isn't now. I have attempted to wear out an Apacer CF 512MB by doing a regular install of OpenBSD (no memfs, no mount ro) and then turning the most verbose logging possible for spamd with daily rotations. I then used it to run a firewall in front of a moderately busy mailserver that had hundreds of spamtrap addresses. After fourteen months I gave up and put the spamd stuff on the mailserver (simply to keep all the email process on one box) at the next OS update. I have about a dozen client sites for one company that store all their inventory data on CF at their branch firewalls on a similar CF. Updatesdaily from head office overwrite the data. No problems. I saw some info recently that showed that flash technology is now less likely to fail than a spinny disk. Wish I'd kept a link to it because I don't really have time to Google it ATM. Price is the killer on the basis of storage size but it is heading downfast. We already have one flash drive in a desktop PC and it is slick. For laptops the ruggedness is tops. R/ From the land down under: Australia. Do we look umop apisdn from up over? I guess they are great and I'm an idiot, nuff said...
Re: Skype on OpenBSD 4.1 using Fedora RPM
On 9/20/07, Siju George [EMAIL PROTECTED] wrote: Hi, Is there anybody successfully using skype on OpenBSD 4.1 using Linux emulation? If so which RPM are you using? O.K with the help of Martynas Venckus I got Skype running on 4.1 had to copy libasound.so.2 = /usr/lib/libasound.so.2 libsigc-2.0.so.0 = /usr/lib/libsigc-2.0.so.0 to the openbsd system as told in http://www.openbsd.org/cgi-bin/man.cgi?query=compat_linuxsektion=8 Had problems with running skype. Martynas helped me there too :-) Thanks a million friend. When you restart skype you cannot login as it would give the error Another skype instance may exist so the work around followed now is wipe out whole ~/.Skype directory and it works again. I can chat but cannot make phone calls It gives the error Call Failed : Problem with audio playback Thank ou so much :-) Kind Regards Siju
Re: help needed with laptop hdd
On Thu, 20 Sep 2007 19:25:40 -0500, [EMAIL PROTECTED] wrote: I guess they are great and I'm an idiot, nuff said... No. I don't think so. There are lots of things (in techy stuff particularly) that are true at some point. Later on that thing becomes no longer true but the meme hangs around and most of us at some time get caught by one of these outdated facts. I've seen Theo shoot down improvements suggested by people who thought that code would be better written as it would have been to be efficient back in the days when I did 4040 and 8080 assembler. His explanation was an enlightenment because I had not kept up with modern code generation technology and how CPUs help out. Until the last few years I too had thought that flash memory was easily worn out. Of course it isn't as good as it appears, at least at the cell level. It is partly made to look better because not only has the technology improved but there are stacks of spare cells on board tto replace worn out ones. Read up on wear levelling for better info. Ya just gotta keep on learning. No rest for us wicked older guys! Rod/ A consultant is someone who's called in when someone has painted himself into a corner. He's expected to levitate his client out of that corner. -The Sayings of Chairman Morrow. 1984.
OpenBSD firewalls as virtual machine ?
Hello there. We have a bunch of obsd firewalls, 8 at the moment, all working nice and so forth. But we need to add about another 4 in there for new connections and networks, which means more machines to find room for. So basically I have been asked to investigate running all these firewalls in two big boxes, with lots of NIC's, with a bunch of openbsd vritual machines on them. One main box for the primary firewalls, one for the secondary. Each virtual machine getting its own physical NIC. Personally I dont really like the idea, I can see things going wrong, lots of stuff balancing on a guest os and box. Can someone please inform me if this is a really bad idea or not, ideally with some nice reasoning? Cheers, Josh
Re: OpenBSD firewalls as virtual machine ?
On Sep 20, 2007, at 9:09 PM, Josh wrote: Hello there. We have a bunch of obsd firewalls, 8 at the moment, all working nice and so forth. But we need to add about another 4 in there for new connections and networks, which means more machines to find room for. So basically I have been asked to investigate running all these firewalls in two big boxes, with lots of NIC's, with a bunch of openbsd vritual machines on them. One main box for the primary firewalls, one for the secondary. Each virtual machine getting its own physical NIC. Personally I dont really like the idea, I can see things going wrong, lots of stuff balancing on a guest os and box. Can someone please inform me if this is a really bad idea or not, ideally with some nice reasoning? What type of throughput is required between each segment? If you've been around here much, you've probably heard me espouse on the benefits of VLANs. This is certainly more elegant and secure than running a number of virtualized OpenBSD systems on non-OpenBSD virtual host. There's nothing wrong with running multiple firewalls where your physical topology dictates it. Virtualizing numerous firewalls in the same chassis just doesn't make sense. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: OpenBSD firewalls as virtual machine ?
Josh wrote: Hello there. We have a bunch of obsd firewalls, 8 at the moment, all working nice and so forth. But we need to add about another 4 in there for new connections and networks, which means more machines to find room for. So basically I have been asked to investigate running all these firewalls in two big boxes, with lots of NIC's, with a bunch of openbsd vritual machines on them. One main box for the primary firewalls, one for the secondary. Each virtual machine getting its own physical NIC. Personally I dont really like the idea, I can see things going wrong, lots of stuff balancing on a guest os and box. Can someone please inform me if this is a really bad idea or not, ideally with some nice reasoning? Cheers, Josh Read this: http://advosys.ca/viewpoints/2007/04/fuzzing-virtual-machines/ Read the paper linked there as well. Always good to go back to original source material. Anyone who told you VM technology and security had anything to do with each other was full of doo-doo. After reading that, I'd not want to put any externally exposed apps on a VM system. Granted, OpenBSD might not be the best entry point for a VM attack, but the foundation VM design is based on isn't as solid as people think. Nick.
Re: OpenBSD firewalls as virtual machine ?
On 9/20/07, Jason Dixon [EMAIL PROTECTED] wrote: On Sep 20, 2007, at 9:09 PM, Josh wrote: Can someone please inform me if this is a really bad idea or not, ideally with some nice reasoning? What type of throughput is required between each segment? If you've been around here much, you've probably heard me espouse on the benefits of VLANs. This is certainly more elegant and secure than running a number of virtualized OpenBSD systems on non-OpenBSD virtual host. Well, heck, if he's thinking of putting in lots of interfaces (probably to the tune of 1 interface per firewalled segment), why not just run ONE or TWO firewalls? Either vlan the things or dedicate one interface per network segment, both work well. Actually, use the two boxes, and carp them for failover. -- This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation.
Re: Shutdown script (derived from Simple startup daemon's on boot question?)
On 9/19/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/09/19 14:48, Tomas wrote: Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. For most things, there's no need to worry at all. From http://dev.mysql.com/doc/refman/5.0/en/server-shutdown.html, mysql does a controlled shutdown when it receives SIGTERM. Thank you so much Stuart for your reply :-) I have a similar doubt. What happens when I have a lot of windows open in my fvwm2 and I click on my desktop and click Exit Fvwm2 ? Will all the X11 applications be shutdown decently? Or is it better to type halt in an xterm? What is the right way to shutdown a desktop? Thank you so much once again :-) Kind regards Siju
Re: OpenBSD firewalls as virtual machine ?
On Sep 20, 2007, at 9:53 PM, bofh wrote: On 9/20/07, Jason Dixon [EMAIL PROTECTED] wrote: On Sep 20, 2007, at 9:09 PM, Josh wrote: Can someone please inform me if this is a really bad idea or not, ideally with some nice reasoning? What type of throughput is required between each segment? If you've been around here much, you've probably heard me espouse on the benefits of VLANs. This is certainly more elegant and secure than running a number of virtualized OpenBSD systems on non-OpenBSD virtual host. Well, heck, if he's thinking of putting in lots of interfaces (probably to the tune of 1 interface per firewalled segment), why not just run ONE or TWO firewalls? Either vlan the things or dedicate one interface per network segment, both work well. Actually, use the two boxes, and carp them for failover. Because we have no idea what his requirements are. That's exactly why I asked for them. Obviously, CARP is good in any scenario, but it only provides redundancy. It has virtually nothing to do with his network design. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Forward traffic on incoming port help
Yes the PF setup appears to be very easy to setup and I've tried doing it but I can't get it working like the OpenBSD website describes which is why I'm looking for another solution... I added this rdr rule to my pf.conf: rdr on $ext_if proto tcp from any to any port ftp - 192.168.10.9 port ftp Then I added this to my filters: pass in on $ext_if proto tcp from any to any port ftp flags S/SA I restarted with pfctl and it didn't work. I also fiddled with it a few other ways and just can't seem to get it working. If you have any suggestions I'm all ears. The way I had it working with FreeBSD is I just opened the port with the above pass rule then I had ipnat forward the traffic to my ftp server (192.168.10.9) so now that I'm on OpenBSD I'm looking to have a similar solution since ipnat isn't on OpenBSD and I can't get pf to forward the traffic for me. Thanks, - Jake On 9/20/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Jake Conk [EMAIL PROTECTED] writes: I am wondering what software could I use besides pf to forwarding traffic coming in on my server on a specific port to another ip on my lan? PF is in the base system and pretty easy to configure for setups like the one you describe - Basically I'm using an openbsd as my router and I want to forward public traffic coming in on a certain port to a computer behind it in my lan. What are my options? Assuming your local net is NATed with unroutable addresses on the LAN, the traffic is directed to a routable address but the computer you want to receive the traffic is on a nonroutable address inside, some basic redirection (rdr) should do the trick. I'm a bit interested in why you should be looking for a different and probably more difficult way to do it. Are there any specific things in your setup which would break with PF? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Forward traffic on incoming port help
On Sep 20, 2007, at 10:17 PM, Jake Conk wrote: Yes the PF setup appears to be very easy to setup and I've tried doing it but I can't get it working like the OpenBSD website describes which is why I'm looking for another solution... I added this rdr rule to my pf.conf: rdr on $ext_if proto tcp from any to any port ftp - 192.168.10.9 port ftp Then I added this to my filters: pass in on $ext_if proto tcp from any to any port ftp flags S/SA I restarted with pfctl and it didn't work. I also fiddled with it a few other ways and just can't seem to get it working. If you have any suggestions I'm all ears. The way I had it working with FreeBSD is I just opened the port with the above pass rule then I had ipnat forward the traffic to my ftp server (192.168.10.9) so now that I'm on OpenBSD I'm looking to have a similar solution since ipnat isn't on OpenBSD and I can't get pf to forward the traffic for me. Read the following chapter which covers ftp-proxy. http://www.openbsd.org/faq/pf/ftp.html --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: FW: Microsoft gets the Most Secure Operating Systems award
On 9/21/07, stuart van Zee [EMAIL PROTECTED] wrote: The One [EMAIL PROTECTED] writes: If anyone can solve security, whether it is with Leopard or in the future, Apple definitely can. In my opinion, Apple performs 100% in the software field, and 90% in the hardware field, which is due to, as I explained in my previous messages, depending off of factories in third-world countries that are not even Apple operated! But Apple has done so much with software, it is obvious that, in the end, Apple will reach the goal. Even when personal computers are replaced with a different technology, Apple will be on top. Solve security? GEESH! Mr. The One I must humbly submit to you that you DO NOT KNOW WHEREFORE YOU SPEAK! There is no such thing as Solving Security. It does not exist. It could only exist in a perfect world and as you know, or at least should know, this is NOT a perfect world. My opinion is that Apple puts out a nice product for what it is. I love my MacBook, I use it to play online games and work my second job as an internet radio show personality. I use it when I don't want to think after a long day of thinking at work (thinking isn't my best subject after all). BUT! I do not delude myself into thinking that it is some great bastion of security or ever will be. At work, I use OpenBSD for firewalls, mail servers, (gulp) an FTP server, NIDS, time server, etc... etc... etc... Do I think that OpenBSD is the end-all-be-all of security? nope. A system, no matter how good it is, is only as good as the admin who sets it up. Some systems start out from a much better position than others, and my opinion is that OpenBSD is the very best at this, but ultimately, it has to be set up to do whatever job it needs to perform. No matter how perfect the base system is, there is no way to get around this. There is NO WAY an OS can SOLVE SECURITY. It is as impossible as making an ice machine that SOLVES the problem of ice melting. It is as idiotic as the belief that the Titanic was unsinkable. Please, do not put so much blind faith in a system that is built more for user experience than it is for security. Do not put so much blind faith in ANYTHING. Nothing is infallible, everything eventually crumbles. Even OpenBSD has had 2 remote exploits in the default install in the last 10 years. It happens, even to the very best. Nothing can, or ever will, be able to change this, it is an immutable fact. period. s Hi Stuart, Of course, nothing can ever be immune! Sorry for allowing you to have such a misconception about myself! :) But, as I have said before, Apple has virtually never failed in software, why should it fail in security? The One.
Re: Microsoft gets the Most Secure Operating Systems award
On 9/20/07, The One [EMAIL PROTECTED] wrote: Sorry but I am just disagreed with Theo saying that OS X is buggy and insecure. Who gives a shit? This tread is more then FIVE months old and didnt even belong here in the first place. Just stop. --- Lars Hansson
Re: Microsoft gets the Most Secure Operating Systems award
Many people are in agreement over this. Is it possible for someone in charge of the list to either ban or somehow stop The One [EMAIL PROTECTED] from continuing this particular thread/subject? Thank you! On Fri, Sep 21, 2007 at 11:36:34AM +0800, Lars Hansson wrote: On 9/20/07, The One [EMAIL PROTECTED] wrote: Sorry but I am just disagreed with Theo saying that OS X is buggy and insecure. Who gives a shit? This tread is more then FIVE months old and didnt even belong here in the first place. Just stop. --- Lars Hansson -- http://mpec.net/gsd.asc
OpenBSD misc gets most fed Trolls award....
Lemme give you a big whack with the old cluestick guys.. Trolls only work if you *respond*. If you don't feed it. it goes away. Please just stop feeding the trolls.
