Re: Slow ral(4) 802.11b in hostap mode?
Hi, We have great performance by using these two PCI cards while on 11g mode. ral0 at pci1 dev 13 function 0 Ralink RT2561S rev 0x00: irq 5, address 00:0e:8e:04:8b:08 ral0: MAC/BBP RT2561C, RF RT2527 ral0 at pci1 dev 15 function 0 Ralink RT2561 rev 0x00: irq 11, address 00:05:9e:84:9c:c8 ral0: MAC/BBP RT2561C, RF RT2527 RT2560 is becoming old now. Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damon McMahon Sent: Saturday, September 22, 2007 9:42 AM To: misc list Subject: Re: Slow ral(4) 802.11b in hostap mode? Thanks for the responses from Peter and others. The CAVEAT seems only to apply to the USB variant - mine is a PCI: # dmesg| grep ral0 ral0 at pci0 dev 15 function 0 Ralink RT2560 rev 0x01: irq 5, address 00:13:d3:6a:bb:9d ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 I've tried setting specific media types rather than autoselect but if anything this reduces throughput. I also have an aftermarket high- gain antenna fitted. Are there any other suggestions readers can offer? Thanks in advance, Damon On 20/09/2007, at 1:09 AM, Peter N. M. Hansteen wrote: Damon McMahon [EMAIL PROTECTED] writes: Also, while top(1) shows that the CPU is 95% idle the ssh terminal seems very sluggish when the ral(4) connection is maxed out, even when it's another host that's maxing it out (i.e. not the host on which the ssh client is operating). It's sort of a known problem I'm afraid. it sounds like you're stuck on a suboptimal mode, and ral doesn't really know how to fix that. It's under CAVEATS at the end of the ral(4) man page. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
19 inch rack (DEC-StoageWorks) available in Munich
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Folks, is anybody interested in a SWXSC-CB 19 StorageWorks rack? I'm giving it away. For more info, see: http://www.spielwiese.de/rob/Stuff/Cabinet/ cheers, Rob Urban Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG9kGZ33x7lJjLFm4RAjDeAJ4omWqiUq3Ibea1HR/hWeUDJ8ArgwCgrS8a bDJBktuDaV3Yc9uTX61O0BY= =0cGA -END PGP SIGNATURE-
Unable to map phys mem on Intel D945G motherboard
Dear friends, I am not able to produce a dmesg for you because neither the CD nor the hard disk would boot on the cutting edge Intel D945G motherboard. I tried changing the RAM with no effect. It is a brand new motherboard. NetBSD does not boot either. But FreeBSD and linux work. Any clue? I have another motherboard of the same make on which an IDE hard disk with an old OpenBSD install works fine but CD booting does not work. I have three machines all of the same make. What could be going wrong? Thanks. regards, Girish
4.2 on alix 2a2/2b2
hi everyone a new toy at house :) a pc engines 2b2 (two lan, two usb, two mini pci..500 mhz) http://www.pcengines.ch/alix2b2.htm OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC RTC BIOS diagnostic error 80clock_battery cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 251506688 (239MB) RTC BIOS diagnostic error 80clock_battery mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/01/07, BIOS32 rev. 0 @ 0xfcc1a pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 12 function 0 VIA VT6105M RhineIII rev 0x96: irq 15, address 00:0d:b9:12:50:bc ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 13 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:12:50:bc ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 pcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03 pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TRANSCEND wd0: 1-sector PIO, LBA, 495MB, 1014048 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) AMD CS5536 Audio rev 0x01 at pci0 dev 15 function 3 not configured ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 9, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 9 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: AMD EHCI root hub, rev 2.00/1.00, addr 1 isa0 at pcib0 isadma0 at isa0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console usb1 at ohci0: USB revision 1.0 uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1 biomask 77ef netmask ffef ttymask ffef pctr: user-level cycle counter enabled mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout WARNING: clock time much less than file system time WARNING: using file system time WARNING: CHECK AND RESET THE DATE!
Re: 19 inch rack (DEC-StoageWorks) available in Munich
Robert Urban [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Folks, is anybody interested in a SWXSC-CB 19 StorageWorks rack? I'm giving it away. For more info, see: http://www.spielwiese.de/rob/Stuff/Cabinet/ Would you mind giving the RZ28 disks to the project? http://www.openbsd.org/want.html sturm@ and grunk@ are probably real close :)
Re: Instant Messenger (CLI-based multi-protocol)
On Sat, Sep 22, 2007 at 08:05:57PM -0500, Sean Darby wrote: I have been wanting to switch from a GUI meta-type chat (uses Yahoo, AIM, etc.) to terminal/CLI-based. I came across centericq (apparently it works with multiple protocols) though when trying to install it I get... [...] Is there a better program out there somewhere that is CLI-based for using chat with Yahoo, AIM, MSN, ICQ, IRC, and Jabber? Better I don't know, but Bitlbee [0] is an IRC to said IM networks gateway. You connect to it using your favorite IRC client, lots of which being console apps, like irssi [1], and it will in turn connect to all the IM accounts you've set up and show your contacts as if they were in an IRC chatroom, from which you can query them (or even talk to then directly by prefixing the message by there nick and a colon). [0] http://www.bitlbee.org/ [1] http://www.irssi.org/ -- Olivier Mehani [EMAIL PROTECTED] PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
Re: Does OpenBSD support Hebrew?
On 9/23/07, Dmitrij D. Czarkoff [EMAIL PROTECTED] wrote: On Sunday 23 September 2007 01:58:51 you wrote: On 9/22/07, Dmitrij D. Czarkoff [EMAIL PROTECTED] wrote: I believe OpenBSD's libiconv doesn't have UTF-8 support, so You might need to choose another locale... OK, let's assume I want to use the ISO-8859-8 locale. How do I do that? Amit. -- Dmitrij D. Czarkoff Just the same way as with Your utf8 locale: $ echo export LC_ALL=he_IL.ISO-8859-8 LANG=he_IL.ISO-8859-8 ~/.xsession Unfortunately, this locale (or for that matter, any he_IL) doesn't exist on my system, i.e. in /usr/share/locale. This brings me back to my original question: Does OpenBSD support Hebrew? Amit. Should work (anyway does for me with ru_RU.KOI8-R). I don't know about OpenOffice - I'm avoiding it, but AbiWord works... -- Dmitrij D. Czarkoff
Re: Does OpenBSD support Hebrew?
On 9/23/07, Amit Finkler [EMAIL PROTECTED] wrote: This brings me back to my original question: Does OpenBSD support Hebrew? in many cases, you want application support, and openbsd didn't write all the apps you use. suppport is a pretty broad concept.
Re: Does OpenBSD support Hebrew?
Amit Finkler [EMAIL PROTECTED] wrote: Unfortunately, this locale (or for that matter, any he_IL) doesn't exist on my system, i.e. in /usr/share/locale. And that's probably the easiest part. Think of right-to-left writing or mixing ltr/rtl. This brings me back to my original question: Does OpenBSD support Hebrew? I don't know what supporting Hebrew would entail overall, but I think it's fair to say that OpenBSD doesn't support it. Some applications running on OpenBSD may deal with it to some degree, e.g., try Firefox with the Hebrew Wikipedia. -- Christian naddy Weisgerber [EMAIL PROTECTED]
how can I find xyz | xargs tar ... like gtar
Hello, I would like to tar and compress my ports dir without the following 2 directories: a) distfiles b) packages Here is a gtar command I used that works well: cd /usr gtar -czpf ~/test.tar.gz --exclude=packages --exclude=distfiles ports Actually I would like to do the same with the default openbsd tools ... but I can't :-(( I tried different commands ... but without success it does not work. Using find ... | xargs tar ... does not work as expected, as it looks like xargs invokes the tar command multiple times. As a result, the ports.tar.gz file is overwritten and incomplete. I tried a lot of combinations like: cd /usr find ports/ ! \( -type d -name packages -maxdepth 1 \) -and ! \( -type d -name distfiles -maxdepth 1 \) -print \ | xargs tar -czpf ~/ports.tar.gz; This does not work the ports.tar.gz file is overwritten multiple times and at the end it is incomplete. I also tried pax or tried to redirect the find command in a file ( find .. files.txt), and use cat files | xargs tar ... same result :-( How can achive my goal with the standard openbsd files (without installing gtar!)? Thank you very much didier
Re: how can I find xyz | xargs tar ... like gtar
On Sun, 23 Sep 2007, Didier Wiroth wrote: How can achive my goal with the standard openbsd files (without installing gtar!)? Read tar(1) and have a look at the -s flag. -- Antoine
Re: OBSD's perspective on SELinux
On Sat, Sep 22, 2007 at 08:38:17PM +0300, Ihar Hrachyshka wrote: The problem of Linux as a whole is that it tries to resolve security problems not by auditing code but by implementing SELinux. But what the problem would be if OpenBSD has SeBSD extension? I think the nearest equivalent is TrustedBSD. The main trouble with SELinux is that it's so horrendously complex [1] and fraught with traps for the unwary [2]. The chance that the policy you've written is correct (i.e. without unwanted holes), unless you happen to have a PhD in SELinux, is pretty much zero. On the other hand, the basic Unix permissions model is so simple it's easy to audit. The other problem with SELinux is that there seems to be some smoke and mirrors going on. SELinux: We don't have a superuser account! Me: So how do you configure SELinux policies? SELinux: You need to have a special role, sysadm_r [3] Me: So someone logged with sysadm_r can change any SELinux policy they like? Or even disable SELinux entirely? SELinux: Yes Me: So how is that different from having a root account? SELinux: Well, only the trusted administrator needs to have this privilege. You don't give it to any of your service daemons, for example, and they can't recover it Me: But I don't run any of my daemons as root anyway; they all run as their own separate unprivileged uids. SELinux: Hmm. Good point. But on a non-SELinux system, you could attempt to break a setuid-root binary to get root again. Me: But with SELinux, don't you have rules so that privileged applications transition the domain? So for example, when you run tcpdump, it transitions into another domain which has privileges to capture network packets? SELinux: Yes. But it's much more granular and configurable than setuid. Me: I think I've heard enough. Just let me audit my few setuid programs properly, and then I won't need to learn SELinux at all, thank you. [1] http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html [2] http://fedoraproject.org/wiki/SELinux/EnforcePolicy [3] http://docs.fedoraproject.org/selinux-faq-fc3/index.html#id2826056 How do I temporarily turn off enforcing mode without having to reboot? ... You must issue the setenforce command with the sysadm_r role; to do so, use the newrole command. Alternately, if you switch to root using su -, you gain the sysadm_r role automatically. [4] http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/selg-section-0107.html Should an attacker gain root control, they could rebuild the policy to weaken or neutralize SELinux
Re: how can I find xyz | xargs tar ... like gtar
On Sun, 23 Sep 2007, Didier Wiroth wrote: How can achive my goal with the standard openbsd files (without installing gtar!)? When I started to do backup many years ago it was a find piped to cpio. so i think you could replace the xargs tar with some variant of cpio -o -H ustar which should generate a tar archive. but i havn't tested... So look at the switches for cpio. -moj Thank you very much didier
Re: how can I find xyz | xargs tar ... like gtar
Well that's not so hard... ~/.tmp% ls -la total 2190 drwx-- 3 han users512 Sep 23 21:19 . drwx-- 18 han users 1536 Sep 23 21:20 .. -rwxr-xr-x 1 han users 908581 Sep 7 18:55 configure -rwxr-xr-x 1 han users 908228 Sep 7 18:51 configure.orig -rw-r--r-- 1 han users596 Sep 7 18:48 irssi.configure.in.patch -rw--- 1 han users243 Sep 23 20:59 mailtmp drwx-- 2 han users512 Sep 22 18:58 mc-han -rw-r--r-- 1 han users 3214 Aug 21 08:53 mutt-haddock-1000-26618-424 ~/.tmp% tar czf foo.tgz $(find . ! -name mc-han ! -name .) ~/.tmp% tar tvzf foo.tgz -rw--- 1 han users 243 Sep 23 20:59 ./mailtmp -rw-r--r-- 1 han users 3214 Aug 21 08:53 ./mutt-haddock-1000-26618-424 -rwxr-xr-x 1 han users 908581 Sep 7 18:55 ./configure -rw-r--r-- 1 han users 596 Sep 7 18:48 ./irssi.configure.in.patch -rwxr-xr-x 1 han users 908228 Sep 7 18:51 ./configure.orig Got it? :-) # Han
Re: Does OpenBSD support Hebrew?
I am willing to guess that with something like Hebrew, OpenBSD has all the necessary support for the system, but, most common applications do not have support for the right-to-left way of writing. There should be no problem actually getting file names into hebrew form, because that should just be an encoding issue, and you need the right fonts to be able to display Hebrew glyphs. On the other hand, not all applications are going to support filenames written like that, and even less applications are going to know how to write Hebrew. If you use Emacs, I am fairly confident that you can get hebrew working on it, for basic editing and all the good stuff. KDE and some of the others may have input editors that will allow you to do things on their level, but overall, you'll have to very carefully pick and choose applications, because you won't find blankent compatibility. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Does OpenBSD support Hebrew?
GNOME and all GTK+ programs should work with r-t-l scripts rather good.
Re: Does OpenBSD support Hebrew?
On 9/23/07, Ted Unangst [EMAIL PROTECTED] wrote: On 9/23/07, Amit Finkler [EMAIL PROTECTED] wrote: This brings me back to my original question: Does OpenBSD support Hebrew? in many cases, you want application support, and openbsd didn't write all the apps you use. suppport is a pretty broad concept. That is true, but I would expect that at least the locales would be installed by default in /usr/share/locale so that a user from a right-to-left speaking country would be able to use it. I volunteer to make it so if I only knew how.
Package Dependency Problem with glitz and X
Hi all, first post here... Running obsd 4.1/i386, generic, fresh install, with all components and X components installed Did a pkg_add -nv xfwm4 to get xfce 4 and all the dependencies on there, but the installed failed because of glitz, specifically saying there was a library the system could not find. Can't install glitz-0.5.6: lib not found GL.4.0 Even by looking in the dependency tree: Can't install glitz-0.5.6: lib not found X11.9.0 I read on the web that if you get this message it usually means X is not installed, but I have X installed, and working correctly with the basic/default windows manager, and I want to run xfce. Even tried upgrading on the install cd but to no avail. Please help, TIA David
Re: Package Dependency Problem with glitz and X
Hi, On 23/09/2007, David [EMAIL PROTECTED] wrote: Can't install glitz-0.5.6: lib not found GL.4.0 Even by looking in the dependency tree: Can't install glitz-0.5.6: lib not found X11.9.0 Did you instal the X distributions at install time? Regards Edd
Re: OBSD's perspective on SELinux
On Sat, Sep 22, 2007 at 06:47:46PM -0500, L. V. Lammert wrote: OBSD is UNIX, .. SELinux is Linux. If you want a secure, efficient, compact OS done by folks you can trust and actually talk to, use OBSD; if you want 'fairly secure Linux' [which has had thousands of hand in it including NSA, as mentioned previousy], use OpenSUSE with ***AppArmor***. Simple and easy to implement, even by less senior Admins. Can you say root can only run this and that application when su'ed from that guy, and may not open any net connection, but open this file and none else in OpenBSD? If so, how can I do it? :) SELinux is **NOT** ready for primetime, unless it's changed tremenduously in the past couple of years. Last time we tried it, management was totally arcane and the machines would lock up on a regular (monthly) basis. It wasn't worth the time to troubleshoot so we went with AppArmor for that application. A couple of years is a long time, in terms of software, so I'd expect such instabilities, if SELinux is the culprit, to be fixed. But I won't deny it's learning curve is extremely steep. So steep indeed that most of the time it's easier to have carefully laid out standard unix permissions associated with sudo and specific users for specific software. The *need* for things like SELinux exists in some niche markets where higher levels of security are necessary. Remember: OpenBSD still doesn't have a digitally signed code distribution, and in some places that means it can't enter! Stupid, I know, but not too stupid for the blame game rules, which sort of ignore the secure by design initiatives. Rui -- All Hail Discordia! Today is Sweetmorn, the 47th day of Bureaucracy in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Does OpenBSD support Hebrew?
We do not have full i18n support. The locale stuff in the base system is not finished (I know, I'm late...) Qt has its own locale system, so hebrew should work just fine in all Qt and KDE applications (including right-to-left text). Gnome and gtk also have some support. Vim supports more or less every script including hebrew. I don't know if there's any issue with input, I'm not familiar with hebrew, and I've only been working with japanese input. There might be some tweak to help OpenOffice. Does OpenOffice support hebrew on some platforms ? If it does, it might make sense to try to figure out the configuration differences.
SMTP flood + spamdb
Hi all, At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE 717 Typical value for above is not more than 20. Traffic going in/out of my mail-server is minimal. I would remove them from the WHITE list and they would fill up almost immediately. My guess is someone is using these faked addresses ([EMAIL PROTECTED]) to send out SPAM and I'm getting the bounces from these. I'm basically looking for opinions as how to combat this problem right now. I'm not even 100% on the bounced email theory, but this had happened to me once before back in May 2003, but the bounces were mainly from gc.ca domain. I use gmane to read the list. If not too much to ask, please CC me on your reply(ies). Thanks, --patrick p.s., Server is running cvs updated -rOPENBSD_4_1 code.
Re: carp ip balancing (-current)
On Wed, Sep 19, 2007 at 09:07:52PM -0700, dane johansen wrote: Hi, I'm trying CARP ip balancing on openbsd 4.2 (-current). I have 3 boxes (host A, host B and host C) so I started configuring carp interfaces according manual: A# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid 7 link0 link1 A# ifconfig carp1 10.10.10.100 netmask 255.255.248.0 vhid 8 advskew 100 B# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid 7 advskew 100 link0 link1 B# ifconfig carp1 10.10.10.100 netmask 255.255.248.0 vhid At this point everything works but there is no IP load balancing, because on host B both interfaces are in backup mode. So I've enabled carp preempt on both hosts: A# sysctl net.inet.carp.preempt=1 B# sysctl net.inet.carp.preempt=1 Now carp1 is master on host B, and it's doing load balancing, so i decided to add host C (maybe we need to add this to example section in the manual, like it's done for arp load balancing? Or is it just coincidence and you don't really need carp preemtp?): Looks all correct. And yes, you do need to enable carp preempt. C# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid 7 advskew 200 link0 link1 Nothing wrong with that. However, if you want to spread the load over 3 servers you'll need 3 carp interfaces each, where each server should be master for one of them. As soon as I wrote this command I lost connection to host C (did that remotely), so I guess tomorrow I'll have to check what happened, but maybe someone knows what did I do wrong (maybe advskew should equal for all backup hosts in the pool? but I assumed that you have to manage priorities that's why I've set it to 200, or maybe the fact that I've set carp.preempt is messing around something?) Not supposed to happen. Do you have more infos about what went wrong on host C ? Marco
Re: how can I find xyz | xargs tar ... like gtar
On Sun, Sep 23, 2007 at 08:53:13PM +0200, Didier Wiroth wrote: Using find ... | xargs tar ... does not work as expected, as it looks like xargs invokes the tar command multiple times. man xargs You probably want to override the limit with xargs -n. But actually, since tar is recursive, you probably just want to grab first level names and prune out distfiles and packages. Or, if you really must figure out every filename you want to archive (say, if you want to avoid CVS or working directories), look up tar -I.
Re: digitally signed distribution (was: OBSD's perspective on SELinux)
On Sun, Sep 23, 2007 at 10:54:06PM +0100, Rui Miguel Silva Seabra wrote: Remember: OpenBSD still doesn't have a digitally signed code distribution, and in some places that means it can't enter! Stupid, I know, but not too stupid for the blame game rules, which sort of ignore the secure by design initiatives. Sure it does, just pull from CVS over SSH and compile your own. Only requires trusting one download, ever, and that can be verified by downloading from n servers from m distinct network locations, and verifying that the checksums match. I do get what you are hinting at, but it's not an insurmountable issue. Joachim -- TFMotD: pflogd (8) - packet filter logging daemon
Re: digitally signed distribution (was: OBSD's perspective on SELinux)
On Mon, Sep 24, 2007 at 12:35:54AM +0200, Joachim Schipper wrote: On Sun, Sep 23, 2007 at 10:54:06PM +0100, Rui Miguel Silva Seabra wrote: Remember: OpenBSD still doesn't have a digitally signed code distribution, and in some places that means it can't enter! Stupid, I know, but not too stupid for the blame game rules, which sort of ignore the secure by design initiatives. Sure it does, just pull from CVS over SSH and compile your own. Only requires trusting one download, ever, and that can be verified by downloading from n servers from m distinct network locations, and verifying that the checksums match. I do get what you are hinting at, but it's not an insurmountable issue. It depends on the rules. If they say it must be digitally signed... one may be SOL :| -- Wibble. Today is Sweetmorn, the 47th day of Bureaucracy in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: lock(1) to lock all virtual terminals?
On 9/22/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Sat, Sep 22, 2007 at 06:08:53PM +0200, Joachim Schipper wrote: On Fri, Sep 21, 2007 at 12:46:40PM -0400, Douglas A. Tutty wrote: I don't use X much and instead use lots of Virtual Terminals. Since I'm on dialup, sometimes I need to leave multiple VTs open to do things, perhaps downloading something, or its just that I'm in the middle of things. How can I lock the whole virtual termial setup? lock(1) only lets me lock the one VT without blocking the ability to switch to others. On Debian, there's vlock -a that does this. I don't see anything similar in the available packages for OBSD. I can't read code so I don't know how lock(1) works internally. To get it to lock everything, I guess it would have to capture the Alt-Fn key combo. However, the OS (wscons(4)?) likely captures that before the keys get passed on to the application. So I'm sorry, I can't provide a patch. Switch to GNU screen? You get the locking you desire, and lots of other neat stuff thrown in for free. I do believe lock(1) doesn't really work in this case; I don't know if it could be made to work, but since I always use screen I don't really care. I tried Screen on Debian briefly. I'm not good at remembering magic keystrokes. If necessary, I'll try again. However, since I'm trying to get used to the OBSD way of doing things, and since this seemed like a security issue, I wanted to see how to solve this using what is in OBSD base. Does lock -nv not work? I just read about this in BSD Hacks last night, oddly enough. -Todd
����� ������ ����� ��������� �� ����� ���� �����; �������� ����� ��� ���� ����� ��� ��� �����
[IMAGE]Having trouble reading this email? See it in your browser ArabianBusiness.com Daily News Alert GHMK ]m Gacf^Z: GaCMO ,23 SHJcHQ 2007 [IMAGE] GaCNHGQ GaQFmSmI EmQGd JSJZQV ^fJeG GaUGQfNmI ]m JMPmQ LOmO aa[QH GaUfGQmN ^GOQI Zal GafUfa Eal CeOG] ]m ESQGFma f^fGZO CcQm_mI ]m GacdX^I GaEcGQGJ JfG]^ Zal OfGA mSGZO Zal f^] GaJONmd GaOfGA mZca cd NaGa JN]mV MOI OG]Z GaJONmd fJN]m] CZQGV GaGd^XGZ Zd Gadm_fJmd fGaTZfQ HGadTfI GacQG]^ aaJONmd GaSZfOmI J]QL Zd dGTX EUaGMm aCSHGH UMmI ZOO [mQ cMOO cd GaEUaGMmmd aG mRGafd Qed GaEZJ^Ga cdP cOI cd Ofd cMG_cI fHZVec cVQH Zd GaXZGc ArabianBusiness.com JobsBrowse all jobs ; Business Operations Manager Dubai, UAE Head of Risk - Banking Doha, Qatar Head of Proprietary Trading Doha, Qatar [IMAGE] Hdf_ fE^JUGO 1.6 JQmamfd OfaGQ cfLfOGJ GacUGQ] GaZQHmI Gadcf LGA dJmLI aaZfGFO Gad]XmI GacQJ]ZI fGaSmfaI GaQCScGamI GaJm JSJKcQeG GaHdf_ GaZQHmI GaQmGa GaSZfOm m^]R aCZal cSJfmGJe ]m 21 ZGcG GQJ]GZ GaQmGa LGA HSHH GaE^HGa Ga_HmQ Zal TQGFe Zal Na]mI J_edGJ HGMJcGa Cd JJNal Gacca_I Zd QHX ZcaJeG HGaOfaGQ JLGQI GSc ]mQLd HG^ ]m GaTQ^ GaCfSX cJGLQ ]mQLd ]m GacdX^I ac JJCKQ H^QGQ QmJTGQO HQGdSfd HHmZ cJGLQ GaTQ_I ]m HQmXGdmG fEmQadOG GQJ]GZ GaXaH Zal JZGcaGJ GaTGm ]m OHm cQ_R OHm aJLGQI GaTGm mZJRc Jd]mP JfSZI cdTGJ aaJNRmd fGaJfam]GJ fGaJZHFI aGLJPGH TQ_GJ GaTGm GaZGacmI Ga^XQmfd md]^fd 178 camfd OfaGQ Zal GacfGO Ga[PGFmI NaGa QcVGd RmGOI HdSHI GaVZ] ]m cZOaGJ GSJeaG_ GaSf^ Ga^XQm cd GacfGO Ga[PGFmI SHHeG GaQFmSm GaRmGOI GaS_GdmI Ga_HmQI Z^GQGJ OGcG_ JXa^ C_KQ cd 70 HQLG ]m GacdX^I OGcG_ GaZ^GQmI ]m OHm JXa^ 79 HQLG ZHQ GaEcGQGJ f^XQ fGaCQOd faHdGd fGaSZfOmI ]m GaSdfGJ GaNcSI GacGVmI Gac^GaGJ GaC_KQ ^QGAI 1. GaNamLmfd mJUOQfd ^GFcI ]fQHS aaZGFaGJ Gaca_mI GaC_KQ KQGA 2. CcmQ ^XQm mTJQm ^UQG ]m HGQmS c^GHa 110 caGmmd OfaGQ 3. JcGS_ GaZcaGJ GaNamLmI HZO N]V CSZGQ Ga]GFOI GaCcQm_mI fJQGLZ GaOfaGQ 4. cUGOQI cZLfd CSdGd SGc ]m GaSZfOmI 5. H_Ja J]fR HcTQfZ ]m LOI H\ 15 camGQ OfaG To Advertise in this newsletter please contact : Richard O'Sullivan Tel: +971 50 651 4745 a^O Ja^mJ ePe GaQSGaI cd TQ_I Bm Jm Hm! GaTQ_I GaQGFOI ]m GadTQ ]m cLGa GaGJUGaGJ fJ^dmI GacZafcGJ fGaCZcGa ]m GaTQ^ GaCfSX! f^O Jc JSLma HQmO_ GaEa_JQfdm HZO Cd GTJQ_J ]m GadSNI GaEa_JQfdmI adTQI Arabianbusiness.com/arabic! fPa_ CKdGA GTJQG__ HcSGH^I Cf JU]M_ aCMO cfG^ZdG (ITP.net; GitexTimes.com; ArabianBusiness.com; TimeOutDubai.com; TimeOutAbuDhabi.com and Ahlan.ae ). EPG Q[HJ ]m MP] ZdfGd HQmO_ GaEa_JQfdm cd ^GFcI cQGSaGJdG ]Gd^Q edG Ja^m ePe GadTQI
Re: lock(1) to lock all virtual terminals?
On 9/23/07, Todd Alan Smith [EMAIL PROTECTED] wrote: Does lock -nv not work? I just read about this in BSD Hacks last night, oddly enough. # lock -nv lock: unknown option -- v usage: lock [-np] [-a style] [-t timeout] -np will at least lock the terminal with your password and no timeout CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Does OpenBSD support Hebrew?
Hi Amit, Maybe I missed something, but you do have a Hebrew font installed on your system and in your font path right? On 24/09/2007, Marc Espie [EMAIL PROTECTED] wrote: We do not have full i18n support. The locale stuff in the base system is not finished (I know, I'm late...) Qt has its own locale system, so hebrew should work just fine in all Qt and KDE applications (including right-to-left text). Gnome and gtk also have some support. Vim supports more or less every script including hebrew. I don't know if there's any issue with input, I'm not familiar with hebrew, and I've only been working with japanese input. There might be some tweak to help OpenOffice. Does OpenOffice support hebrew on some platforms ? If it does, it might make sense to try to figure out the configuration differences.
Re: Question on interface enumeration
On 9/21/07, Marius ROMAN [EMAIL PROTECTED] wrote: On 9/21/07, Gregory Edigarov [EMAIL PROTECTED] wrote: The best thing however would be to have the ability to set the name of an intreface based on it's mac address, perhaps somebody is working on it/having it on the todo list? Something like iftab on debian. This won't happen. The developers value simplicity over error-prone complexity. How many times do you need to move a card from machine to machine that you wouldn't be configuring things by hand anyway? If you need to keep the same config for each card handy, read hostname.if(8) and use those; e.g. /etc/hostname.de0 contains the config for your card on one machine; you move the card to another and it becomes de3, so copy the file and rename it to /etc/hostname.de3 on the new machine. Always ask: what's the real issue? -Nick
Re: How to upgrade libstdc++ to 4.2 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Joachim, I agree that using a snapshot or waiting for a tarball to be available could be an easier way to upgrade libstc++ to 4.2. However, I'm curious to know if libstdc++ can be compiled with the GCC and binutils, without having to upgrade the whole system. Note that I'm not implicitely seeking technical support here -- only trying to occupy some spare time learning how GCC et al can be used or 'misused' in OpenBSD.. Regards, Etienne On Sun, 23 Sep 2007 21:52:00 +0200 Joachim Schipper [EMAIL PROTECTED] wrote: On Sat, Sep 22, 2007 at 09:43:34PM -0400, Etienne Robillard wrote: Greetings, Is there a way for building libstdc++ and friends without having to do a ``make build'' in /usr/src ? Why not install a snapshot [1]? It is a lot easier... Joachim [1] If you really mean to upgrade to 4.2, `why not wait for the tarballs to become available'. Upgrading from one release to another by compiling is very much not supported. iEYEARECAAYFAkb3A2gACgkQdXKAffkXj4Mt9QCfVw3gqCeZKJApfqzvdN9g79ZT 1h8AoLeUMM7hJb4yzscvHGQf6+CG51Uq =hUfz -END PGP SIGNATURE-
Re: SMTP flood + spamdb
On Sun, Sep 23, 2007 at 03:33:03PM -0700, patrick keshishian wrote: At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE 717 I've seen something *very* similar. In my case the user portions seemed random at first glance, but some were repeated a LOT. See if you have that, too. If so, enter those random addresses as SPAMTRAP entries. That way they're blocked for 24 hours, and will reblock themselves if they persist. I had also done a log tailer that added to a blacklist, but that turned out not to be needed with the above. ymmv. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: lock(1) to lock all virtual terminals?
On Sun, Sep 23, 2007 at 05:23:37PM -0600, Chris Kuethe wrote: On 9/23/07, Todd Alan Smith [EMAIL PROTECTED] wrote: Does lock -nv not work? I just read about this in BSD Hacks last night, oddly enough. # lock -nv lock: unknown option -- v usage: lock [-np] [-a style] [-t timeout] -np will at least lock the terminal with your password and no timeout Right, but I want it to prevent me from changing to another virtual terminal.
Re: lock(1) to lock all virtual terminals?
On 9/23/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Sun, Sep 23, 2007 at 05:23:37PM -0600, Chris Kuethe wrote: On 9/23/07, Todd Alan Smith [EMAIL PROTECTED] wrote: Does lock -nv not work? I just read about this in BSD Hacks last night, oddly enough. # lock -nv lock: unknown option -- v usage: lock [-np] [-a style] [-t timeout] -np will at least lock the terminal with your password and no timeout Right, but I want it to prevent me from changing to another virtual terminal. Referring back to the BSD Hacks book (page 22) by Dru Lavigne, I see now that the lock command to which she refers comes with FreeBSD, although she states that it's available for NetBSD and OpenBSD. I'm an OpenBSD newbie, so I'd enjoy learning why a different version of lock is employed in OpenBSD. If anyone in the know wants to elaborate, that'd be great.
Re: SMTP flood + spamdb
On 9/23/07, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Sep 23, 2007 at 03:33:03PM -0700, patrick keshishian wrote: At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE 717 I've seen something *very* similar. In my case the user portions seemed random at first glance, but some were repeated a LOT. See if you have that, too. If so, enter those random addresses as SPAMTRAP entries. That way they're blocked for 24 hours, and will reblock themselves if they persist. They seemed pretty random to me, but I did a quick check after reading your response and I see 468 unique fake email address @my-domain, only one was duplicated twice. This was in the span of about 1 hour, from 13:38 to 14:31 Pacific time. After which I enabled filtering of SMTP port 'til I figure out what I am going to do. I can't imagine entering all those address as spamtraps. Another user suggested greytrapping in private email, which made me reread spamd(8) a couple of times, at least the 'GREYTRAPPING' section, which mentions /etc/mail/spamd.alloweddomains file. It doesn't specifically say one could use it to enter valid email address in that file, but a naive look at the source spamd/grey.c suggests it could work. I plan on giving this a try unless someone from the list advises against it. Is there anyway one could flush the GREY entries from spamdb? I had the problem where I would clear the WHITE entries that didn't belong, but the WHITE list would grow rapidly out of control again. I'm not sure if this is related or not, but I have noticed that a few times yesterday and once again tonight around 8PM PDT, spamd-setup failed on ftp with connection time out. Thanks for all the replies. I had also done a log tailer that added to a blacklist, but that turned out not to be needed with the above. ymmv. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation -- How romantic. Two lovers' first kiss shared on the banks of the river Seine -- LL as CK (ep.72 s04e06)
Re: SMTP flood + spamdb
patrick keshishian wrote: They seemed pretty random to me, but I did a quick check after reading your response and I see 468 unique fake email address @my-domain, only one was duplicated twice. Put greyscanner from Bob in there and sit back and enjoy the look! (; Make sure you pick the version for your OS however. 4.0 and below oppose to 4.1. It will take care of that in a hart beat!
Re: Package Dependency Problem with glitz and X
Yes I did, the X on the 4.1 cd. Edd Barrett wrote: Hi, On 23/09/2007, David [EMAIL PROTECTED] wrote: Can't install glitz-0.5.6: lib not found GL.4.0 Even by looking in the dependency tree: Can't install glitz-0.5.6: lib not found X11.9.0 Did you instal the X distributions at install time? Regards Edd
Re: SMTP flood + spamdb
patrick keshishian [EMAIL PROTECTED] writes: I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. Then it sounds almost like you were running with a too short passtime, but then that's easy to adjust. At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. We've been seeing a lot of that here, too. Mostly it's a few (maybe 20) a day to the most widely known domain here, then occasionally somebody pushes the generate button for too long and one domain almost nobody actually uses gets the bouces for 700+ fake addresses[1]. Bob Beck's greyscanner is rather effective, as is the more manual methods I've blogged about the observations quite a bit, starting with [2]. Short summary for those who are not too interested in blog posts: I started seeing more than the usual amount of bounce activity in my mail server log summaries, close enough to what you describe. So after a bit of thinking and log browsing I decided this was generated mainly by misconfigured mail servers bouncing spam. Then I decided I wanted to do an experiment, to see if I could poison the well and at the same time get a feel for the data I was collecting. I started publishing the fake addresses on a web page[3] as well as entering them into the list of trap addresses. I've been seeing evidence that the addresses are actually being harvested and used as to-be-spammed addresses too: addresses which are all uppercase on the web page turning up in the spamd logs and greylist dumps in all lowercase, addresses which have been on my flypaper list for months turn up all the time, and we see a steadily growing number of hosts in TRAPPED state. My users here are not getting any more spam than they used to (as close as does not matter to none), false positives are pretty much an unknown, and it looks like we're succeeding in making the spammers work harder. [1] http://bsdly.blogspot.com/2007/08/lady-in-distress-or-then-again-maybe.html [2] http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html [3] http://www.bsdly.net/~peter/traplist.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
