Re: I need a new non-sucky laptop...

[Peter N. M. Hansteen]

"Stephan A. Rickauer" <[EMAIL PROTECTED]> writes:

> On Tue, Oct 02, 2007 at 04:24:44PM +1000, Tanvir Ahmed wrote:
>>I'm using OpenBSD 4.1 with a modified kernel on Lenovo Thinkpad T60
>
> Out of curiosity, what modifications are necessary in your point of view?

I'm not Tanvir, but I think the T60 is similar enough for this to be
relevant: I run my R60 with bsd.mp with one modification - 'enable
acpi'.  Makes the machine a lot more responsive.  With bloated X stuff
like KDE, OOo etc loaded to makes a huge difference.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: arc0: unable to query firmware for sensor info

[Stephan A. Rickauer]

On Sun, Sep 30, 2007 at 04:20:27PM +0200, Mark Kettenis wrote:


Also, you may want to try a 4.2-current kernel.  At least one acpi bug
that affects your machine has been fixed recently.


Probably it fixes something I can see once the machine boots ;)

Thanks anyway, tried -current but it still can't boot.

--

 Stephan A. Rickauer

 ---
 Institute of Neuroinformatics Tel  +41 44 635 30 50
 University / ETH Zurich   Sec  +41 44 635 30 52
 Winterthurerstrasse 190   Fax  +41 44 635 30 53
 CH-8057 ZurichWeb  www.ini.unizh.ch

 RSA public key:  https://www.ini.uzh.ch/~stephan/pubkey.asc
 ---

Re: To whom can I direct email for artwork use permission pls?

[Artur Grabowski]

Brian Candler <[EMAIL PROTECTED]> writes:

> Don't be misguided by what has been said here. OpenBSD is genuinely *free*.
> That means you can use it for whatever you like. There's nothing in any way
> immoral from selling it, whether or not you make a profit.

There's a difference between immoral and illegal. Just because we
don't want to forbid it, doesn't mean we have to like it. The license
takes the stance "we don't know better than you what your needs are",
but it doesn't mean we can't judge your behavior later.

As a similar situation, freedom of speech isn't freedom from consequences,
it's just a freedom from punishment. If you say stupid things, you will
get bad reputation and you will get criticized. In our case, if you do
bad things with our code, we will make moral judgements about it, we will
criticize you, we just won't take you to court.

Just because you can build baby mulching machines doesn't mean we have
to use them or like them.

//art

Jumb Frames

[Jake Conk]

Hello,

I was wondering if setting my ethernet's card mtu to 9000 is all I
have to do to enable jumbo frames? (and of course set it on all other
devices that the card connects to)

Thanks,
- Jake

Re: : To whom can I direct email for artwork use permission pls?

[Raimo Niskanen]

If bandwidth is the problem, why not make a DVD simply containing the
complete
packages repository. That can be used as package source for pkg_add.

The regular CDs can be bought and used for installation.

You can also go through the work and download (all?) the distro files
in the ports tree and put them on the DVD. Then you can transfer
the appropriate ones to the ports tree and build the ports
without a network conection.

Also collect the FAQ and other necessary stuff from openbsd.org.



On Wed, Oct 03, 2007 at 08:06:50AM +0800, Tito Mari Francis Escaqo wrote:
> I have already found a resolution on this, I'll continue with creating
> an OpenBSD DVD, since I believe the custom-built distro would enable
> people in my country to reap the benefits of the software, but without
> using any OBSD artwork.
>
> As for donating to the OBSD project, of course I want to give back to
> the community where I got the treasure-trove. I just hope it would be
> the soonest as I hoped. Why leave the resource you reap from lay
> barren?
>
> Thanks!
>
>
> On 10/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > On 02.10-11:46, Bob Beck wrote:
> > > > (though i have to confess, i haven't made a donation since i upgraded
> > > > my gateway to 4.1 ... i have an excuse !!!  and it was only last
week.
> > > > and i will)
> > >
> > >   And this is exactly the problem. Look, you guys can quibble
> > > all you want about "awww, we should be able to make our own distros"
> > > Yes, you can.
> >
> > no, this is "a" problem.  and there's no question that it's important
> > but the relevant discussion was above your cut.  even less to the
> > point, i contribute more than the cost of a CD set without the overhead
> > (but then it's value is greater to me than it may be to others).
> >
> > encouraging people to purchase CD sets is great (bit like a suggested
> > donation at a museum) but more important is iterating to people the
> > value of the software and that it is their *responsibility* to refelect
> > that value in their contibutions; whatever form that contribution
> > takes.
> >
> >
>
>
> --
> Tito Mari Francis H. Escaqo
> Computer Engineer and Free Software Proponent

--

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: ms exchange replacement

[Mike Lott]

Karsten McMinn wrote:

On 10/2/07, Lord Sporkton <[EMAIL PROTECTED]> wrote:

i am looking into an exchange replacement, im looking to have use of
calender appointments, tasks and mail all through a central server,
also i have multiple windows based mobile devices syncing with this
server, i wasnt able to find anything that looked like a exchange
replacement in ports or pkgs


quite a few options these days- kolab, horde (ports), mozilla +friends (ports),
scalix, zimba, open-xchange, and opengroupware. sorts depends
on how you define groupware. Not all of these in ports of course.




When you say "zimba", do you mean Zimbra ? If 
so, be aware that Yahoo! have acquired it so what the future holds is 
unclear:




Mike

Re: ms exchange replacement

[Stephan A. Rickauer]

On Wed, Oct 03, 2007 at 10:31:49AM +0100, Mike Lott wrote:

scalix, zimba, open-xchange, and opengroupware. sorts depends
on how you define groupware. Not all of these in ports of course.


I looked at all of them, tried Kolab and Opengroupware.org and: they all suck. 
I am now back to mutt and devtodo (cause I can).

BTW: Does anyone happen to know of a mobile phone than _really_ synchronizes 
todo's and calendar with OpenBSD? I don't mind using command line tools or 
write a perl script around some tools ...

--

 Stephan A. Rickauer

 ---
 Institute of Neuroinformatics Tel  +41 44 635 30 50
 University / ETH Zurich   Sec  +41 44 635 30 52
 Winterthurerstrasse 190   Fax  +41 44 635 30 53
 CH-8057 ZurichWeb  www.ini.unizh.ch

 RSA public key:  https://www.ini.uzh.ch/~stephan/pubkey.asc
 ---

Re: ftp-proxy and no route to host issue

[Falk Brockerhoff]

Camiel Dobbelaar wrote:

> A better test would be to try if you can "nc  21" from the 
> firewall.

I'll try it from outside the firewall. As I tried in the past rdr/nat
rules on specific interfaces will only work on incoming, not outgoing
connections.

> Please don't edit the information...  Did you use "127.0.0.1" or some 
> other IP that's not routable for the loopback-ip ?

I used the ip address of the lo1 interface, which is a public one I
successfully use as for internal ospf routing (between firewall and the
bgp border routers) and connections (ssh) from outside.

> Can you show your NAT rules?  And the information of "pfctl -si" when 
> the problem happens?

I'll do this next times the problem occures. Actualy all works fine.

> Cam

Regards,

Falk

Encrypting partitions with openbsd 4.1 or 4.2

[carlopmart]

Hi all,

 How can I encrypt a whole partition with OpenBSD 4.1 or 4.2-current?? 
I  only info about encrypt image files and not partitions 


many thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Jumb Frames

[Stephan A. Rickauer]

On Wed, Oct 03, 2007 at 01:32:15AM -0700, Jake Conk wrote:


I was wondering if setting my ethernet's card mtu to 9000 is all I
have to do to enable jumbo frames? (and of course set it on all other
devices that the card connects to)


works for me.

--

 Stephan A. Rickauer

 ---
 Institute of Neuroinformatics Tel  +41 44 635 30 50
 University / ETH Zurich   Sec  +41 44 635 30 52
 Winterthurerstrasse 190   Fax  +41 44 635 30 53
 CH-8057 ZurichWeb  www.ini.unizh.ch

 RSA public key:  https://www.ini.uzh.ch/~stephan/pubkey.asc
 ---

Re: Speed Problems

[Claudio Jeker]

On Tue, Oct 02, 2007 at 08:46:43PM +0100, Tony Sarendal wrote:
> On 9/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
> >
> > On 9/27/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:

...

> 
> I hooked up the X4100 to one of our testers and ran some basic tests just to
> get
> familiar with the tester.
> 
> I put up the results of the first run of tests on
> http://www.layer17.net/openbsd-router-intro.html
> 
> All opinions are welcome, please be gentle.
> 
> I hope to be able to test the 1k vlan interface firewall setup later,
> I just need to baseline a bit first.
> 

Quite interesting numbers. I guess that em(4) does still to many pci
read/write accesses and so 64byte packet storms are mostly limited by the
PCI bus access delay. My gut feeling is that the TX path is causing the
slow down (enqueing happens on a per packet basis and that is porbably not
optimal for current high speed cards).
Could you add the dmesg of the test box to the website?
Do you have any other network cards you could test? (I'm mostly interested
in bnx but sk, msk, bge and nfe could be interesting as well).

-- 
:wq Claudio

Re: Speed Problems

[Tony Sarendal]

On 10/3/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> On Tue, Oct 02, 2007 at 08:46:43PM +0100, Tony Sarendal wrote:
> > On 9/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
> > >
> > > On 9/27/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> ...
>
> >
> > I hooked up the X4100 to one of our testers and ran some basic tests
> just to
> > get
> > familiar with the tester.
> >
> > I put up the results of the first run of tests on
> > http://www.layer17.net/openbsd-router-intro.html
> >
> > All opinions are welcome, please be gentle.
> >
> > I hope to be able to test the 1k vlan interface firewall setup later,
> > I just need to baseline a bit first.
> >
>
> Quite interesting numbers. I guess that em(4) does still to many pci
> read/write accesses and so 64byte packet storms are mostly limited by the
> PCI bus access delay. My gut feeling is that the TX path is causing the
> slow down (enqueing happens on a per packet basis and that is porbably not
> optimal for current high speed cards).
> Could you add the dmesg of the test box to the website?
> Do you have any other network cards you could test? (I'm mostly interested
> in bnx but sk, msk, bge and nfe could be interesting as well).


I'll put up the dmesg when I'm in the office again.
The nfe port I do management over has jammed, a little bios tweaking
might fix that.

The only cards I have access to at the moment are the builtins,
2xem and 2xnfe.

The packet drops of 64 byte frames in the throughput/latency test is a bit
confusing, I can't see that behaviour if I slowly ramp up from 1kpps.
Before I do tests with more advanced config I want the basic ones to give
a result I understand so I'll try to figure that one out.

/Tony

Re: Encrypting partitions with openbsd 4.1 or 4.2

[Guillaume Dualé]

Hello,
perhaps this HowTo will help you ?

http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto

See you :)
Guillaume.
---
carlopmart a icrit :

Hi all,

 How can I encrypt a whole partition with OpenBSD 4.1 or 4.2-current?? 
I  only info about encrypt image files and not partitions 


many thanks.

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Nick Guenther]

On 10/2/07, Siju George <[EMAIL PROTECTED]> wrote:
> Hi,
>
> One of my best friends who was working with me for about 5 years
> recently got job in Bangalore.
> He had repeatedly turned down my offer to teach him OpenBSD and even
> teased me at times :-)
>
> As he Joined Yahoo Bangalore to his horror he found that the desktop
> assigned to him Booted OpenBSD. As soon as he mildly recovered fromhis
> shock he called me up to ask me what to do with it now? LOL
>
> I thought they used Linux and FreeBSD in yahoo and even in my remotest
> thought did it ever occour that this guy would pay for his dis respect
> to openBSD ;-)

!
ridiculous!
That's so awesomely happy.

-Nick

Re: Encrypting partitions with openbsd 4.1 or 4.2

[carlopmart]

Guillaume Duali wrote:

Hello,
perhaps this HowTo will help you ?

http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto

See you :)
Guillaume.
---
carlopmart a icrit :

Hi all,

 How can I encrypt a whole partition with OpenBSD 4.1 or 4.2-current?? 
I  only info about encrypt image files and not partitions 


many thanks.




In this howto only explains howto encrypt sparse files and not partitions ..

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Jumb Frames

[MikeM]

On 10/3/2007 at 1:32 AM Jake Conk wrote:

|Hello,
|
|I was wondering if setting my ethernet's card mtu to 9000 is all I
|have to do to enable jumbo frames? (and of course set it on all other
|devices that the card connects to)
|
|Thanks,
|- Jake

 =

Also make sure your network switches will pass jumbo frames.  Some just
cannot, others need to have a configuration parameter changed to enable
jumbo frame support, some others will pass jumbo frames in default
configuration.

Re: To whom can I direct email for artwork use permission pls?

[Henning Brauer]

* Richard Toohey <[EMAIL PROTECTED]> [2007-10-03 08:04]:
> So if I need five CDs for five servers, should I buy one CD (something
> to install off and also so that my employer gets something physical for
> the expenditure - seems to help getting the money) and donate $200
> - total $250?
>
> Or would you prefer me to buy 5 CDs so that CD sales are up - and
> so same total $250?
>
> Seems like a dumb question ($200 for doing nothing has got to leave
> the project with more money than $200 for making four CD sets?) but
> the repeated references to CD sales has got me wondering ... I am
> assuming the "buy CDs" message is directed at people who do not
> give anything at all.

exactly.
from donations, 100% get to the project (well, minus credit card 
processing perhaps).
from CD sales, the percentage is obviously lower, due to the production 
costs.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Any users in Portugal?

[Timo Schoeler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi lists,

I'd very much appreciate it to hear from BSD users in Portugal as I'm
relocating there. :)

Any response very much appreciated (please PM me directly).

Cheers,

Timo
iD8DBQFHA591UY3eBSqOgOMRCjV5AJ46RY/LrNWfCwL73yMBZsiZ8gLh+QCdEwCW
2DuijKxPyyuHUkxEoi/mXgo=
=6Lfi
-END PGP SIGNATURE-

Re: ms exchange replacement

[L. V. Lammert]

On Tue, 2 Oct 2007, mcb, inc. wrote:

> On Tue, 2 Oct 2007, bofh wrote:
>
> > Is there even anything that's a full sexchange replacement?
>
> Postpath did a reverse engineering job on exchange and has
> what is reputed to be a full replacement.  Effort must have
> left quite a few engineers with brain damage...
>
Zimbra seems to be just that, .. an associate of ours is actually
offerring Exchange replacement as an ASP with it.

Lee


  Leland V. Lammert[EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
 Network/Internet Consultants   www.omnitec.net

Hey , you just recieved a greeting

[E-Greetingz]

Hi,

You have been just sent an electronic greeting card.It is waiting for you
at our card site, go ahead and see it!

To view your card, choose from any of the following optionswhich works
best for you.
Method 1
Just click on the following Internet address (if that doesn't work foryou,
copy & paste the address onto your browser's address box.)
http://cards.123greetings.com/cgi-bin/cards/showcard.pl?cardnum=ZBE80927120152493&log=e_greetings
Method 2
Copy & paste your card number in the view card box athttp://www.e-greetingz.com
Your card number isZBE80927120152493
(For your convenience, the greeting card will be available for the next30
days)
Webmaster,http://www.e-greetingz.com

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 09:10:59AM -0400, Nick Guenther wrote:
> On 10/2/07, Siju George <[EMAIL PROTECTED]> wrote:
> >
> > One of my best friends who was working with me for about 5 years
> > recently got job in Bangalore.
> > He had repeatedly turned down my offer to teach him OpenBSD and even
> > teased me at times :-)
> >
> > As he Joined Yahoo Bangalore to his horror he found that the desktop
> > assigned to him Booted OpenBSD. As soon as he mildly recovered fromhis
> > shock he called me up to ask me what to do with it now? LOL
> >
> > I thought they used Linux and FreeBSD in yahoo and even in my remotest
> > thought did it ever occour that this guy would pay for his dis respect
> > to openBSD ;-)
> 
> !
> ridiculous!
> That's so awesomely happy.

I wonder how much they contribute or how many CDs they buy.  

Doug.

Venezuala Change to GMT -4:30

[Julian Bolivar]

Hello everybody,

In this month Caracas/Venezuela change to GMT -4:30, anyone know if this 
change will be included in the next openbsd release?


Thanks and Regards,

Julian Bolivar
www.julianbolivar.com

Re: Speed Problems

[Daniel Ouellet]

Claudio Jeker wrote:

Could you add the dmesg of the test box to the website?
Do you have any other network cards you could test? (I'm mostly interested
in bnx but sk, msk, bge and nfe could be interesting as well).


This box if the M2 version also come with nfe cards as well, but there 
is issue with it at the moment. dmesg available:


http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5587

Daniel

Re: Encrypting partitions with openbsd 4.1 or 4.2

[Jacob Yocom-Piatt]

carlopmart wrote:

Guillaume Duali wrote:

Hello,
perhaps this HowTo will help you ?

http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto

See you :)
Guillaume.
---
carlopmart a icrit :

Hi all,

 How can I encrypt a whole partition with OpenBSD 4.1 or 
4.2-current?? I  only info about encrypt image files and not 
partitions 


many thanks.



In this howto only explains howto encrypt sparse files and not 
partitions ..




the technique in the article does not only apply to sparse files. have 
an encrypted /var on some of my webservers and the procedure is 
identical to what's in the link further down (starts with the dd-ing of 
an image file).


do note it's not possible to encrypt all partitions using vnconfig. for 
the time being this is the best you can do: encrypt images and mount 
them after using vnconfig.

Re: Venezuala Change to GMT -4:30

[Antti Harri]

On Wed, 3 Oct 2007, Julian Bolivar wrote:

In this month Caracas/Venezuela change to GMT -4:30, anyone know if this 
change will be included in the next openbsd release?


4.2 has been finished for some time now. So: no.

--
Antti Harri

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Nick Guenther]

On 10/3/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 03, 2007 at 09:10:59AM -0400, Nick Guenther wrote:
> > On 10/2/07, Siju George <[EMAIL PROTECTED]> wrote:
> > >
> > > One of my best friends who was working with me for about 5 years
> > > recently got job in Bangalore.
> > > He had repeatedly turned down my offer to teach him OpenBSD and even
> > > teased me at times :-)
> > >
> > > As he Joined Yahoo Bangalore to his horror he found that the desktop
> > > assigned to him Booted OpenBSD. As soon as he mildly recovered fromhis
> > > shock he called me up to ask me what to do with it now? LOL
> > >
> > > I thought they used Linux and FreeBSD in yahoo and even in my remotest
> > > thought did it ever occour that this guy would pay for his dis respect
> > > to openBSD ;-)
> >
> > !
> > ridiculous!
> > That's so awesomely happy.
>
> I wonder how much they contribute or how many CDs they buy.

True, but you don't have to be so instantly bitter. Remember, we want
quality code running everywhere we can get it, and we claim (by our
choice of license) that we want full freedom to do anything you want
with it...

But this can be kept in mind for the next time the project needs 10,000$

-Nick

Re: Venezuala Change to GMT -4:30

[Peter N. M. Hansteen]

Antti Harri <[EMAIL PROTECTED]> writes:

>> In this month Caracas/Venezuela change to GMT -4:30, anyone know if
>> this change will be included in the next openbsd release?
>
> 4.2 has been finished for some time now. So: no.

Did you check? 

The /usr/share/zoneinfo/zone.tab file on my system (Sep 24 snapshot)
was commited 22 August.  If the change (Daylight savings, perhaps?)
was known at that time, it's reasonable to assume that the system
ships with time zone files which *do* include that information.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Speed Problems

[Tony Sarendal]

On 10/3/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
>
> Claudio Jeker wrote:
> > Could you add the dmesg of the test box to the website?
> > Do you have any other network cards you could test? (I'm mostly
> interested
> > in bnx but sk, msk, bge and nfe could be interesting as well).
>
> This box if the M2 version also come with nfe cards as well, but there
> is issue with it at the moment. dmesg available:
>
> http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5587


Dmesg's are on the site now.
http://www.layer17.net/openbsd-test-setup.html

Note that the box actually has 8Gigs of memory.

Since I'm off-site I had to get someone else to powercycle the box for me
to wake up the nfe I use as management interface, so the MP dmesg is
from the logs.

Running with the SP kernel the nfe's seem to work ok.

I'm running the same set of tests with the SP kernel right now.
The 64 byte frames issue in the throughput/latency test looks to be gone...
cross fingers...

/Tony




Daniel

Re: Speed Problems

[Daniel Ouellet]

Tony Sarendal wrote:



On 10/3/07, *Daniel Ouellet* <[EMAIL PROTECTED] 
> wrote:


Claudio Jeker wrote:
 > Could you add the dmesg of the test box to the website?
 > Do you have any other network cards you could test? (I'm mostly
interested
 > in bnx but sk, msk, bge and nfe could be interesting as well).

This box if the M2 version also come with nfe cards as well, but there
is issue with it at the moment. dmesg available:

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5587



Dmesg's are on the site now.
http://www.layer17.net/openbsd-test-setup.html 



Note that the box actually has 8Gigs of memory.

Since I'm off-site I had to get someone else to powercycle the box for me
to wake up the nfe I use as management interface, so the MP dmesg is
from the logs.

Running with the SP kernel the nfe's seem to work ok.


You can't manually fix the option on that card and if you do:

ifconfig -m nfe0

You will see the option for:
media 1000baseSX
media 1000baseSX mediaopt full-duplex

Witch are obviously wrong.

Also, some issue with the AMD64 mp kernel, make the box crash when you 
push a lots of traffic to it.


Lots of comment in archive and tests as well. The i386 looks ok so far, 
except the nfe still bad no matter what, however the AMD64 is not really 
stable and if you put the ACPI on, well...



I'm running the same set of tests with the SP kernel right now.
The 64 byte frames issue in the throughput/latency test looks to be 
gone... cross fingers...


I have 4 of these and still sadly haven't put any in production yet 
because of various stability issue with them.


So, I wouldn't put it as a router right now, but YMMV I guess.

Test well before you do.

Daniel

Re: Venezuala Change to GMT -4:30

[Jeremy C. Reed]

The new VET is in tzdata2007h (and not in tzdata2007g).

OpenBSD 4.2 and HEAD is tzdata2007f

partition layout

[Douglas A. Tutty]

Hello all,

I have a 486DX4-100 with 32 MB ram.  I bought an 8 GB drive to put in my
P-II and it won't boot it so I've put in in the 486 along with a 1 GB
drive.

I'm on dialup and would like to avoid a bad partitioning decision
requring a whole new install/download cycle (I'm on slow dialup).

The purpose of the box is to try out the mechanics of using OpenBSD for
a desktop.  Obviously, the 486 will be slow at running (or unable to run
some) desktop apps but I'll learn the mechanics of following patch
branch and get totally comfortable with the system.  I'll also be able
to learn pf (I'm used to Shorewall on Debian).

The box has two drives, both Western Digital.  One is 8.1 GB, the other
is 1.1.  I'll be installing 4.1 release then installing the patches and
following their instructions re rebuilding.

Here's what I'm thinking:

wd0 (1.1 GB drive):
a100 MB /
b128 MB swap
c1.1 GB
d256 MB /tmp
e   ~640 MB /var

wd1 (8.1 GB drive):
a100 MB spare /
b128 MB swap
c8.1 GB
d1.0 GB /home
e   ~6.9 GB /usr

Do you think that this will give me all the room I need to install and
keep patched:

full install
icewm or Xfce
Konqueror
Firefox
a pdf reader or two (Evince, Kpdf, Xpdf)
mplayer
mc
mutt
vim

Yes, I know that compiles will take forever and a day, but hopefully I
won't be recompiling much; I need the space in case its required.

Are these partitions a good size in the right order or are they any
suggestions for improvement?

Thanks,

Doug.

sign and timestamp

[Gábri Máté]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hey there!

I've read a lot about timestamping a document, but dunno how it works in
practice. How can i apply a timestamp to a digitally signed or encrypted
document? Like i encrypt or sign a document with gnupg, but before the
process how can i timestamp it?
Sorry for the stupid question but i really can't imagine it.

- --
Gabri Mate
[EMAIL PROTECTED]
iD8DBQFHA8Gh8najRxwF9nkRAiceAKC5E4GSj9DyBFhADFhB7oBLBKvUZQCgs+ct
hGyUmMhM39QHXhf/XadvH+o=
=SFZt
-END PGP SIGNATURE-

Re: Encrypting partitions with openbsd 4.1 or 4.2

[carlopmart]

Jacob Yocom-Piatt wrote:

carlopmart wrote:

Guillaume Duali wrote:

Hello,
perhaps this HowTo will help you ?

http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto

See you :)
Guillaume.
---
carlopmart a icrit :

Hi all,

 How can I encrypt a whole partition with OpenBSD 4.1 or 
4.2-current?? I  only info about encrypt image files and not 
partitions 


many thanks.



In this howto only explains howto encrypt sparse files and not 
partitions ..




the technique in the article does not only apply to sparse files. have 
an encrypted /var on some of my webservers and the procedure is 
identical to what's in the link further down (starts with the dd-ing of 
an image file).


do note it's not possible to encrypt all partitions using vnconfig. for 
the time being this is the best you can do: encrypt images and mount 
them after using vnconfig.



Thanks jacob, but  I have received an email from openbsd's developer 
that it isn't possible to encrypt partitions or disks ... only image 
files created by dd command ...


--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Paul de Weerd]

On Wed, Oct 03, 2007 at 11:23:03AM -0400, Nick Guenther wrote:
| But this can be kept in mind for the next time the project needs 10,000$

I think the project is always in need of money. There's no steady
supply of incoming cash except for the (dropping) CD sales etc. Always
try to persuade your employer to donate if they're using OpenBSD or
OpenBSD-derived software (eg, OpenSSH) (of course, you can also try to
persuade your employer if he doesn't use OpenBSD-code, the more
donations the better, methinks ;)

Cheers,

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 11:23:03AM -0400, Nick Guenther wrote:
> On 10/3/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > On 10/2/07, Siju George <[EMAIL PROTECTED]> wrote:
> > > > As he Joined Yahoo Bangalore to his horror he found that the desktop
> > > > assigned to him Booted OpenBSD. As soon as he mildly recovered fromhis
> > > > shock he called me up to ask me what to do with it now? LOL
> > > > I thought they used Linux and FreeBSD in yahoo and even in my remotest
> > > > thought did it ever occour that this guy would pay for his dis respect
> > > > to openBSD ;-)
> >
> > I wonder how much they contribute or how many CDs they buy.
> 
> True, but you don't have to be so instantly bitter. Remember, we want
> quality code running everywhere we can get it, and we claim (by our
> choice of license) that we want full freedom to do anything you want
> with it...
> 
> But this can be kept in mind for the next time the project needs 10,000$

I'm not bitter; it was a genuine question given the recent thread about
making a DVD.  Does yahoo buy one/several CDs and install on all their
desktops or do they pay $50 per desktop.  How many desktops do they
have?

As for the next time the project needs $10,000, I thought that it could
always use $10,000.  

A release is made every 6 months.  How much does each release cycle cost
including keeping the lights on, bandwidth and hardware running, new
equipment to test out new drivers, etc?

Doug.

Re: wine question

[Joachim Schipper]

On Mon, Oct 01, 2007 at 05:56:46PM -0400, Frank Bax wrote:
> I installed wine-990225p0 from packages on 4.1 and can run simple programs 
> like sol and notepad.  I have an old program I'm trying to run; but this 
> program cannot find it's own files unless the current working directory is 
> set to the directory where software was installed.  It seems more recent 
> wine versions support 'bat' files which would solve this; but this doesn't 
> seem to work in this version.
>
> When I try:
>   wine c://program.exe
> the software complains that it cannot open LIBS\FOXTOOLS.FLL
>
> This file is found at C:\\LIBS\FOXTOOLS.FLL
>
> Is there a way to run something like this on wine 990225?:
>   cd 
>   program.exe
>
> If this is not workable on 990225; do current wine versions work on 
> OpenBSD?

I'm not sure if there is a way to 'cd' on OpenBSD's version of Wine. As
to porting: more recent Wines do weird things with threads, if I
understand the issue correctly. In short, don't expect an update soon.

Qemu works fine, if you don't need to run a particularly demanding
program.

Joachim

-- 
TFMotD: inet6 (4) - Internet protocol version 6 family

Re: Encrypting partitions with openbsd 4.1 or 4.2

[Chris Kuethe]

On 10/3/07, carlopmart <[EMAIL PROTECTED]> wrote:
> Thanks jacob, but  I have received an email from openbsd's developer
> that it isn't possible to encrypt partitions or disks ... only image
> files created by dd command ...

The developer of whom you speak may be slightly misinformed, or just
hasn't tried it. There is no need to mention names, but as of ...
hmmm... 2 minutes ago, i was able to use vnd to encrypt an entire
partition.

CK

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 06:28:52PM +0200, Paul de Weerd wrote:
> 
> I think the project is always in need of money. There's no steady
> supply of incoming cash except for the (dropping) CD sales etc. Always
> try to persuade your employer to donate if they're using OpenBSD or
> OpenBSD-derived software (eg, OpenSSH) (of course, you can also try to
> persuade your employer if he doesn't use OpenBSD-code, the more
> donations the better, methinks ;)

Do the other OSs/Distros that include OpenSSH make any contributions?  

The one I'm familiar with is Debian.  Its well funded.  It uses OpenSSH,
OpenSSL, and OpenBSD's lpr, plus who knows what else here and there.

I understand the moral bind that OBSD is in.  For its own reasons, it
wants to be able to interoperate with other OSs so it needs to create
OpenSSH and have other OSs adopt it.  However, it costs money to produce
and mainatin yet a non-BSD licence would preclude its inclusion in some
OSs and many/most hardware devices.  

I guess the closest analogy is the educational one.  The BSD licence is
a University licence.  Universities are funded by governments
(sometimes) and foundations.  The foundatations get the money from
corporate sponsorship and alumni.  For OBSD, the alumni are all the
people using OBSD products; they earn money with it so they should send
money back.  University alumni earn money with their degrees so are
asked (repeatedly!!!) for money.  

Think of watching a TV show on PBS in/out-of the USA.  There's the
Pledge Drive that interrupts the movie, and there's the "This program
made possible in part by contributions from...".  

Perhaps the top 10 donors to OBSD at each release should be included in
a MajorDonors.txt file on the ftp and CDs and on the inside cover
package, and included in the install /etc/motd file.  The latter can be
changed by the end-user but at least it will be seen once.

If a major donor wanted to fund a whole 6-month cycle, their name could
go on the CD cover:  "OpenBSD 4.6 release cycle funded entirely by the
acme tire and widget company.  Proceeds from these CDs goes towards
future releases."  Or something.

---

There's also the business ethics issue.  I have a nephew working on a
business degree and they don't have time in 5 years (he's doing two
degrees at once) for philosophy or ethics.

If I was buiding a new widget that needed an OS, I'd say:  It will take
3 years and $10 million to create an OS in-house that I'd be comfortable
putting my name on the box.  Or, I could put OpenBSD on it right now.
I'll put OpenBSD on it, lable the box "Powered by OpenBSD" and give
OpenBSD $2 per box.  Sure, it should be $50 per box but the boxes only
sell for $25, and $9.99 on sale, and cost the store only $8.99.  

Its difficult for ethical companies to compete ethically with unethical
companies when everything that everyone is doing is perfectly legal, yet
alone if some to illegeal things that aren't prosecuted.

Doug.

Re: ms exchange replacement

[Joachim Schipper]

On Tue, Oct 02, 2007 at 11:06:00AM -0700, Lord Sporkton wrote:
> i am looking into an exchange replacement, im looking to have use of
> calender appointments, tasks and mail all through a central server,
> also i have multiple windows based mobile devices syncing with this
> server, i wasnt able to find anything that looked like a exchange
> replacement in ports or pkgs
> 
> this is on 4.1 release
> 
> was hoping someone here had experience with such and could give
> suggestions on some i might look into

If you want Exchange, with all the Microsoft-integration that it can
provide, just run Exchange. Just don't ask me to admin it, put a sane
MTA in front, and make sure not to misconfigure it too badly.

Yes, as Karsten pointed out, there is quite a bit of open source
groupware available, and quite a few of those are in ports (and porting
the rest is not necessarily difficult). And there are plenty of MTAs
that are much less brain-damaged than Exchange; OpenBSD's default
Sendmail is a lot better. And something like Postfix is even sane ;-).

However, integrating all that with a completely Microsoft-centric
environment takes an unfun amount of work.

In short, what do you really want to achieve? OSS offers plenty of
groupware and some very good MTAs, but no real drop-in replacement for
Exchange.

Joachim

-- 
TFMotD: bce (4) - Broadcom BCM4401 10/100 Ethernet device

Re: sign and timestamp

[Gábri Máté]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sorry i wasn't totally specific. Yes, later on the reciever need to
verify the timestamp. I was looking for an oss application but couldn't
find any for timestamping.

Gabri Mate
[EMAIL PROTECTED]
DUOSOL Bt.
http://www.duosol.hu


Douglas A. Tutty mrta:
> On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
>> I've read a lot about timestamping a document, but dunno how it works in
>> practice. How can i apply a timestamp to a digitally signed or encrypted
>> document? Like i encrypt or sign a document with gnupg, but before the
>> process how can i timestamp it?
>> Sorry for the stupid question but i really can't imagine it.
>>
> 
> I suppose the first question is: is the time stamp for info only or does
> the recipient have to verify the accuracy of the timestamp?  I.e. lets
> say you take the file you want to encrypt and sign, put it in a tarball
> that will protect the file's modification time, and encrypt and sign
> that.  This gives the recipient your opinion on the timestamp and
> protects it from being changed enroute.  However, the recipient can't
> verify that you or your system are telling the truth.
> 
> I don't know if there's an accepted strategy, but if I had to create one
> from scratch, off the top of my head I'm thinking some time of time
> server.  It would have to publish a signed file of the current time, say
> once per minute, so that you could include the hash in the above noted
> tarball.  The recipient could note the time of that hash file, query the
> time server for the matching hash and compare the two.  If they match,
> then the time matches.
> 
> This would have to be a time server that is trusted by the recipient.  
> 
> I'll be interested to hear from someone who really knows about this.
> 
> Doug.
iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS
MxT2+9gw9WpbIi6BXfeeSSc=
=0rKL
-END PGP SIGNATURE-

Re: partition layout

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 12:40:25PM -0400, Stephan Andre' wrote:
> On Wednesday 03 October 2007 11:50:40 Douglas A. Tutty wrote:
 >
> > Here's what I'm thinking:
> >
> > wd0 (1.1 GB drive):
> > a100 MB /
> > b128 MB swap
> > c1.1 GB
> > d256 MB /tmp
> > e   ~640 MB /var
> >
> > wd1 (8.1 GB drive):
> > a100 MB spare /
> > b128 MB swap
> > c8.1 GB
> > d1.0 GB /home
> > e   ~6.9 GB /usr
> >
> > Do you think that this will give me all the room I need to install and
> > keep patched:
> >
> > full install
> > icewm or Xfce
> > Konqueror
> > Firefox
> > a pdf reader or two (Evince, Kpdf, Xpdf)
> > mplayer
> > mc
> > mutt
> > vim
> >
> > Yes, I know that compiles will take forever and a day, but hopefully I
> > won't be recompiling much; I need the space in case its required.
> >
> > Are these partitions a good size in the right order or are they any
> > suggestions for improvement?
> >
 
> Running graphical stuff on a 32M 486 is going to test your patience.
> If you can survive this without defenistrating your system, you are
> an amazing person.

I don't necessarily want to run it, just install it, read the man pages,
etc.  I know already that this box will run X, links+, xpdf, and can ssh
to my Athlon64 box to run Konqeror.

 
> Given that you are testing things, in this case I think I'd just create
> a swap of 512M or so, and just create an 'a' partition thats the rest
> of the disk.  The downside here is that if you run the potential risk
> of losing everything if 'a' goes, but I'd be more worried about the
> lack of disk overall.  As an example, you can't hold all the packages
> you could compile, etc.
> 
> But if you really want to partition, make the faster drive wd0 and
> make one swap partition.  Don't create a spare--you don't have
> spare space--use it for /home or /usr.  Don't forget that your 1G
> drive is elderly, so keeping the least important stuff there is a
> good idea.

Since both drives are WD Cavier 3600's I'd guess that they're the same
speed.

So how would this look:

wd0
a1 GB /
c1 GB

wd1
a7.6 GB /usr
b512 MB swap
c 8.1 GB

Doug.
> 
> I don't know where you are, but getting ANY Pentium would be a
> huge win.  I just found some 233MHz Dells with 128/256M ram and
> 10G disks, which went for $33 each.  Given what you have at the
> moment, a 200-500MHz class machine would be ever so much
> faster.  Ask around and you might be able to get several for free.
> The experience of a 486 with graphical stuff is likely to be stunning.

I'm in Kingston Ontario.  There aren't any local computer shops with
used computers.  They break, people take them to the recycling center
and buy a new one.

Doug.

Re: To whom can I direct email for artwork use permission pls?

[Brian Candler]

On Tue, Oct 02, 2007 at 11:46:24AM -0600, Bob Beck wrote:
> > (though i have to confess, i haven't made a donation since i upgraded
> > my gateway to 4.1 ... i have an excuse !!!  and it was only last week.
> > and i will)
> > 
> 
>   And this is exactly the problem. Look, you guys can quibble
> all you want about "awww, we should be able to make our own distros"
> Yes, you can. 
> 
>   However, you won't be able to make your own distro when OpenBSD
> ceases to exist for financial reasons. Free software still costs money
> to produce, and all the talk about "well I should donate" does not translate
> into dollars. 
> 
>   Unless people buy CD's, you may not see future releases. it's that
> simple. We all love doing this, but without money to maintain a place to
> do it and someone to look over it, it isn't going to continue.  

That is blatant FUD. There are dozens of counterexamples of large-scale free
software projects which continue successfully without this sort of emotional
blackmail.

I would argue that OpenBSD is probably the least "free" of all the free Unix
options out there. Why?

* You cannot download an ISO image and burn it yourself.
* If you buy a CD-ROM, you cannot legally make copies to give to your
  friends, your school etc.

By this measure, OpenBSD is about as "free" as, say, Red Hat Enterprise
Linux.

Of course, if there were enough demand, someone would go and make their own
OpenBSD distribution with downloadable unencumbered ISO images built from
source - such as CentOS do with RHEL. Nobody says "don't use CentOS; you're
stealing money from those poor Red Hat guys who have put so much investment
into refining their product".

The reason nobody makes free OpenBSD ISO images, I presume, is because the
user base is comparatively tiny, and it's not worth the effort. And that in
turn is probably because OpenBSD turns people away with this sort of
nonsense.

FreeBSD used to have a similar model: you had to buy the CDs and you
couldn't copy them. They abandoned it several years ago, and have flourished
since. If they hadn't, they would have risked losing against the Linux tide.
They also risked losing high quality code contributors.

So if OpenBSD does come to an end, as you threaten, IMO it won't be because
people don't buy the CDs - it will be because it continues to cut itself off
from the mainstream and simply becomes irrelevant.

Regards,

Brian.

Re: ms exchange replacement

[L. V. Lammert]

At 10:59 PM 10/2/2007 +0200, Joachim Schipper wrote:

On Tue, Oct 02, 2007 at 11:06:00AM -0700, Lord Sporkton wrote:
> i am looking into an exchange replacement, im looking to have use of
> calender appointments, tasks and mail all through a central server,
> also i have multiple windows based mobile devices syncing with this
> server, i wasnt able to find anything that looked like a exchange
> replacement in ports or pkgs
>
> this is on 4.1 release
>
> was hoping someone here had experience with such and could give
> suggestions on some i might look into

If you want Exchange, with all the Microsoft-integration that it can
provide, just run Exchange. Just don't ask me to admin it, put a sane
MTA in front, and make sure not to misconfigure it too badly.

However, integrating all that with a completely Microsoft-centric
environment takes an unfun amount of work.

In short, what do you really want to achieve? OSS offers plenty of
groupware and some very good MTAs, but no real drop-in replacement for
Exchange.


Sorry, but Zimbra is alive and well and a great replacement for Exchange. 
Contact me offline if anyone would like a referral to a service provider - 
here is my associates comment [he has been part of the Zimbra project for 
three years] on the acquisition by Yahoo:


Zimbra will be proceeding down a faster development path with the Yahoo 
acquisition!  Y! paid about $350m and locked in the core  executive team 
for 3-5 years (depending upon individual) and plan  to remain true to 
their open source roots.  They view Zimbra as the  way to tackle Google 
Apps - offering both hosted (small biz) and on- site/dedicated hosting.


Lee

Re: sign and timestamp

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
> I've read a lot about timestamping a document, but dunno how it works in
> practice. How can i apply a timestamp to a digitally signed or encrypted
> document? Like i encrypt or sign a document with gnupg, but before the
> process how can i timestamp it?
> Sorry for the stupid question but i really can't imagine it.
> 

I suppose the first question is: is the time stamp for info only or does
the recipient have to verify the accuracy of the timestamp?  I.e. lets
say you take the file you want to encrypt and sign, put it in a tarball
that will protect the file's modification time, and encrypt and sign
that.  This gives the recipient your opinion on the timestamp and
protects it from being changed enroute.  However, the recipient can't
verify that you or your system are telling the truth.

I don't know if there's an accepted strategy, but if I had to create one
from scratch, off the top of my head I'm thinking some time of time
server.  It would have to publish a signed file of the current time, say
once per minute, so that you could include the hash in the above noted
tarball.  The recipient could note the time of that hash file, query the
time server for the matching hash and compare the two.  If they match,
then the time matches.

This would have to be a time server that is trusted by the recipient.  

I'll be interested to hear from someone who really knows about this.

Doug.

Re: sign and timestamp

[Douglas A. Tutty]

Without a mutually-trusted source of time "cookies", it depends on
specific needs.

Further infomation on the nature of the transaction is required since I
haven't heard of a pre-packaged oss application.

Doug.



On Wed, Oct 03, 2007 at 08:36:37PM +0200, G?bri M?t? wrote:
> Sorry i wasn't totally specific. Yes, later on the reciever need to
> verify the timestamp. I was looking for an oss application but couldn't
> find any for timestamping.
> 
 
> Douglas A. Tutty ?rta:
> > On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
> >> I've read a lot about timestamping a document, but dunno how it works in
> >> practice. How can i apply a timestamp to a digitally signed or encrypted
> >> document? Like i encrypt or sign a document with gnupg, but before the
> >> process how can i timestamp it?
> >> Sorry for the stupid question but i really can't imagine it.
> >>
> > 
> > I suppose the first question is: is the time stamp for info only or does
> > the recipient have to verify the accuracy of the timestamp?  I.e. lets
> > say you take the file you want to encrypt and sign, put it in a tarball
> > that will protect the file's modification time, and encrypt and sign
> > that.  This gives the recipient your opinion on the timestamp and
> > protects it from being changed enroute.  However, the recipient can't
> > verify that you or your system are telling the truth.
> > 
> > I don't know if there's an accepted strategy, but if I had to create one
> > from scratch, off the top of my head I'm thinking some time of time
> > server.  It would have to publish a signed file of the current time, say
> > once per minute, so that you could include the hash in the above noted
> > tarball.  The recipient could note the time of that hash file, query the
> > time server for the matching hash and compare the two.  If they match,
> > then the time matches.
> > 
> > This would have to be a time server that is trusted by the recipient.  
> > 
> > I'll be interested to hear from someone who really knows about this.
> > 
> > Doug.
> > 
> > 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.5 (GNU/Linux)
> 
> iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS
> MxT2+9gw9WpbIi6BXfeeSSc=
> =0rKL
> -END PGP SIGNATURE-

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Nick Guenther]

On 10/3/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 03, 2007 at 06:28:52PM +0200, Paul de Weerd wrote:
> >
> > I think the project is always in need of money. There's no steady
> > supply of incoming cash except for the (dropping) CD sales etc. Always
> > try to persuade your employer to donate if they're using OpenBSD or
> > OpenBSD-derived software (eg, OpenSSH) (of course, you can also try to
> > persuade your employer if he doesn't use OpenBSD-code, the more
> > donations the better, methinks ;)
>
> Do the other OSs/Distros that include OpenSSH make any contributions?
>
[snip]

Overall: Yes.

To the original poster: can you get your friend to ask about these
things for us? *Did* Yahoo India buy the OpenBSD discs or did it just
download them? Is there a large OpenBSD presence or is the desktop an
odd one-off installed by the last random intern who showed up there?

-Nick

Re: To whom can I direct email for artwork use permission pls?

[Paul de Weerd]

On Wed, Oct 03, 2007 at 07:27:59PM +0100, Brian Candler wrote:
| That is blatant FUD. There are dozens of counterexamples of large-scale
free
| software projects which continue successfully without this sort of
emotional
| blackmail.

FUD ? Hmm.

| I would argue that OpenBSD is probably the least "free" of all the free
Unix
| options out there. Why?
|
| * You cannot download an ISO image and burn it yourself.

Yes you can. It may not be an image of the release CD's, but you can
most certainly download ISO's, burn them, copy them, make coasters out
of them, shoot them at the moon, watch them fall back on your nose,
etc.

| * If you buy a CD-ROM, you cannot legally make copies to give to your
|   friends, your school etc.

This is true for most CD's you buy these days. Talk about FUD.

| By this measure, OpenBSD is about as "free" as, say, Red Hat Enterprise
| Linux.

By the 'you have to pay for the official distribution CD's', OpenBSD
is about as free as Microsoft. What is your point ? The fact that the
software on the CD is free ? Or that it isn't ? You have me confused.

| Of course, if there were enough demand, someone would go and make their own
| OpenBSD distribution with downloadable unencumbered ISO images built from
| source - such as CentOS do with RHEL. Nobody says "don't use CentOS; you're
| stealing money from those poor Red Hat guys who have put so much investment
| into refining their product".

So go do it. Nobody is stopping you, read Bob's mail again. You can do
it, go right ahead.

I won't buy it because it lacks the stickers - probably the only
reason I buy the CD's (oh, and the fact that I want the 'entire
series' of course). You may even find yourself ridiculed. You don't
seem to care about that, so why not do it ?

| The reason nobody makes free OpenBSD ISO images, I presume, is because the
| user base is comparatively tiny, and it's not worth the effort. And that in
| turn is probably because OpenBSD turns people away with this sort of
| nonsense.

What is the nonsense here, exactly ? The fact that OpenBSD tries to
generate some money to fund the project ? Or is it just the way they
do it ? There isn't some business funding the project on a steady
basis (that I know of), except their own business of selling CD's (and
other stuff).

| FreeBSD used to have a similar model: you had to buy the CDs and you
| couldn't copy them. They abandoned it several years ago, and have
flourished
| since. If they hadn't, they would have risked losing against the Linux
tide.
| They also risked losing high quality code contributors.

Perhaps the goals of FreeBSD differ from those of OpenBSD. I can't
tell for sure as I'm not deeply into FreeBSD. I do know that there is
a somewhat larger company backing the project, as is the case with
Linux (not just talking about Red Hat here).

| So if OpenBSD does come to an end, as you threaten, IMO it won't be because
| people don't buy the CDs - it will be because it continues to cut itself
off
| from the mainstream and simply becomes irrelevant.

I doubt OpenBSD will come to an end. "By the developers, for the
developers" has been seen on these lists several times. The public
(ie, me) may not get as much out of it as we do now, but that doesn't
mean it goes away. The funding pays for lots of stuff that we, as
users of the OS, get for free. If the funding disappears, it would
also hurt the users, so it's up to the users to make sure funding
doesn't disappear. Buy CD's. Donate. Make your employer donate. Do
what you can. It's sad to see that complaining about the "non
freeness" of the CD's is most what some users can do.

OpenBSD mainstream ? Don't think it ever has been. I doubt it's a goal
of the project anyway. "Irrelevant" ? OpenSSH.

Fud for thought...

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Martin Schröder]

2007/10/3, Douglas A. Tutty <[EMAIL PROTECTED]>:
> Do the other OSs/Distros that include OpenSSH make any contributions?

Do your research. "OpenSSH has no wealthy sponsors, nor a business
model. In fact, no Commercial Unix or Linux vendor has ever given our
project a cent."

Best
   Martin

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Martin Schröder]

2007/10/3, Nick Guenther <[EMAIL PROTECTED]>:
> On 10/3/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > Do the other OSs/Distros that include OpenSSH make any contributions?
> >
> [snip]
>
> Overall: Yes.

So the second sentence at http://www.openssh.org/donations.html is wrong?

Best
   Martin

Re: OpenBSD Desktop sighted in Yahoo Bangalore, India

[Siju George]

On 10/4/07, Nick Guenther <[EMAIL PROTECTED]> wrote:
> On 10/3/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > On Wed, Oct 03, 2007 at 06:28:52PM +0200, Paul de Weerd wrote:
> > >
> > > I think the project is always in need of money. There's no steady
> > > supply of incoming cash except for the (dropping) CD sales etc. Always
> > > try to persuade your employer to donate if they're using OpenBSD or
> > > OpenBSD-derived software (eg, OpenSSH) (of course, you can also try to
> > > persuade your employer if he doesn't use OpenBSD-code, the more
> > > donations the better, methinks ;)
> >
> > Do the other OSs/Distros that include OpenSSH make any contributions?
> >
> [snip]
>
> Overall: Yes.
>
> To the original poster: can you get your friend to ask about these
> things for us? *Did* Yahoo India buy the OpenBSD discs or did it just
> download them? Is there a large OpenBSD presence or is the desktop an
> odd one-off installed by the last random intern who showed up there?
>

Sure :-)

He just joined might take some time for him to find that out.

Kind Regards

Siju

Re: sign and timestamp

[Joachim Schipper]

On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
> Hey there!
> 
> I've read a lot about timestamping a document, but dunno how it works in
> practice. How can i apply a timestamp to a digitally signed or encrypted
> document? Like i encrypt or sign a document with gnupg, but before the
> process how can i timestamp it?
> Sorry for the stupid question but i really can't imagine it.

The Big G is your friend [1]:

http://www.itconsult.co.uk/stamper.htm

(Obviously, one could sent them a hash instead of the original if one
were afraid of sending data unencrypted over the net.)

Joachim

[1] Trust The Computer. The Computer is Your Friend.

-- 
TFMotD: h2xs (1) - convert .h C header files to Perl extensions

Re: Venezuala Change to GMT -4:30

[Constantine A. Murenin]

On 03/10/2007, Julian Bolivar <[EMAIL PROTECTED]> wrote:
> In this month Caracas/Venezuela change to GMT -4:30, anyone know if this
> change will be included in the next openbsd release?

Any country that changes the timezones without an advance notice is
asking for an IT disaster.

The whole story with various governments changing timezones out of the
blue is getting a bit old now, and affected people should complain to
their governments about the problem, not to the developers of the UNIX
operating systems that already have a well-defined mechanism for
effectively dealing with the timezones.

C.

msdos partitions, made by Windows

[Robert C Wittig]

On a machine that dual-boots both Windows 2000 and OpenBSD 4.0, I have 
a second data hard drive (wd1) with two primary partitions, FAT32L, 
which were created by Windows 2000.


Mount fails because they do not have OBSD disklabels... "Device not 
configured".


# disklabel wd1

...warns that the partition table has no valid OBSD partitions, then 
shows /dev/rwd1c having c:, i: and j: partitions, c: being the entire 
drive, i: and j: being the two msdos partitions.


I do have a lot of data on these two partitions, that I would like to 
have accessible to both operating systems.


Is there any way I can safely disklabel the partitions, without losing 
the data, and still have them readable by both operating systems?


Thanks in advance for any suggestions.


--
-wittig http://www.robertwittig.com/
http://robertwittig.net/
http://robertwittig.org/
.

Re: sign and timestamp

[Gábri Máté]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

A service will gather data in a database and this data has to be signed
and timestamped for security reasons, and the archives of these data are
also need to signed and timestamped. The data will be used for internal
purposes, so another internal server can issue the signs and stamps.


Gabri Mate
[EMAIL PROTECTED]
DUOSOL Bt.
http://www.duosol.hu


Douglas A. Tutty mrta:
> Without a mutually-trusted source of time "cookies", it depends on
> specific needs.
> 
> Further infomation on the nature of the transaction is required since I
> haven't heard of a pre-packaged oss application.
> 
> Doug.
> 
> 
> 
> On Wed, Oct 03, 2007 at 08:36:37PM +0200, G?bri M?t? wrote:
>> Sorry i wasn't totally specific. Yes, later on the reciever need to
>> verify the timestamp. I was looking for an oss application but couldn't
>> find any for timestamping.
>>
>  
>> Douglas A. Tutty ?rta:
>>> On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
 I've read a lot about timestamping a document, but dunno how it works in
 practice. How can i apply a timestamp to a digitally signed or encrypted
 document? Like i encrypt or sign a document with gnupg, but before the
 process how can i timestamp it?
 Sorry for the stupid question but i really can't imagine it.

>>> I suppose the first question is: is the time stamp for info only or does
>>> the recipient have to verify the accuracy of the timestamp?  I.e. lets
>>> say you take the file you want to encrypt and sign, put it in a tarball
>>> that will protect the file's modification time, and encrypt and sign
>>> that.  This gives the recipient your opinion on the timestamp and
>>> protects it from being changed enroute.  However, the recipient can't
>>> verify that you or your system are telling the truth.
>>>
>>> I don't know if there's an accepted strategy, but if I had to create one
>>> from scratch, off the top of my head I'm thinking some time of time
>>> server.  It would have to publish a signed file of the current time, say
>>> once per minute, so that you could include the hash in the above noted
>>> tarball.  The recipient could note the time of that hash file, query the
>>> time server for the matching hash and compare the two.  If they match,
>>> then the time matches.
>>>
>>> This would have to be a time server that is trusted by the recipient.  
>>>
>>> I'll be interested to hear from someone who really knows about this.
>>>
>>> Doug.
>>>
>>>
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.5 (GNU/Linux)
>>
>> iD8DBQFHA+E08najRxwF9nkRAkZnAJ9F83yBOJ7KhTgUngOtFAcCWJeDcwCeOEUS
>> MxT2+9gw9WpbIi6BXfeeSSc=
>> =0rKL
>> -END PGP SIGNATURE-
iD8DBQFHA/Fa8najRxwF9nkRAhEEAJ4+TygfHgFyHF5ih+UElEVQoiSrFQCgrMpq
JzzHM57RLOmKE4dWMOCCalA=
=HV+v
-END PGP SIGNATURE-

Re: msdos partitions, made by Windows

[L. V. Lammert]

At 02:40 PM 10/3/2007 -0500, Robert C Wittig wrote:
On a machine that dual-boots both Windows 2000 and OpenBSD 4.0, I have a 
second data hard drive (wd1) with two primary partitions, FAT32L, which 
were created by Windows 2000.


Mount fails because they do not have OBSD disklabels... "Device not 
configured".


Why are you mounting a FAT32 partition as ffs??

Lee

hoststated with multiple virtual hosts

[José Costa]

Hello,

Is it possible to configure hoststated.conf with IPs in a  {
ip1, ip2} and virtual host  ... ?

Re: Venezuala Change to GMT -4:30

[Marcus Andree]

Please, post a copy of this message to our (Brazilian) government. We're
telling them the same thing for years. But, for whatever is the reason,
they insist to defy nature and often change DST arrival every couple years.

On 10/3/07, Constantine A. Murenin <[EMAIL PROTECTED]> wrote:
> On 03/10/2007, Julian Bolivar <[EMAIL PROTECTED]> wrote:
> > In this month Caracas/Venezuela change to GMT -4:30, anyone know if this
> > change will be included in the next openbsd release?
>
> Any country that changes the timezones without an advance notice is
> asking for an IT disaster.
>
> The whole story with various governments changing timezones out of the
> blue is getting a bit old now, and affected people should complain to
> their governments about the problem, not to the developers of the UNIX
> operating systems that already have a well-defined mechanism for
> effectively dealing with the timezones.
>
> C.

Re: msdos partitions, made by Windows

[Joachim Schipper]

On Wed, Oct 03, 2007 at 02:40:33PM -0500, Robert C Wittig wrote:
> On a machine that dual-boots both Windows 2000 and OpenBSD 4.0, I have a 
> second data hard drive (wd1) with two primary partitions, FAT32L, which 
> were created by Windows 2000.
>
> Mount fails because they do not have OBSD disklabels... "Device not 
> configured".
>
> # disklabel wd1
>
> ...warns that the partition table has no valid OBSD partitions, then shows 
> /dev/rwd1c having c:, i: and j: partitions, c: being the entire drive, i: 
> and j: being the two msdos partitions.
>
> I do have a lot of data on these two partitions, that I would like to have 
> accessible to both operating systems.
>
> Is there any way I can safely disklabel the partitions, without losing the 
> data, and still have them readable by both operating systems?

You cannot, and should not try to. The automatically constructed
disklabel is fine, mount /dev/wd1i or /dev/wd1j.


Joachim

-- 
TFMotD: perltie (1) - how to hide an object class in a simple variable

Re: partition layout

[Stephan Andre']

On Wednesday 03 October 2007 11:50:40 Douglas A. Tutty wrote:
> Hello all,
>
> I have a 486DX4-100 with 32 MB ram.  I bought an 8 GB drive to put in my
> P-II and it won't boot it so I've put in in the 486 along with a 1 GB
> drive.
>
> I'm on dialup and would like to avoid a bad partitioning decision
> requring a whole new install/download cycle (I'm on slow dialup).
>
> The purpose of the box is to try out the mechanics of using OpenBSD for
> a desktop.  Obviously, the 486 will be slow at running (or unable to run
> some) desktop apps but I'll learn the mechanics of following patch
> branch and get totally comfortable with the system.  I'll also be able
> to learn pf (I'm used to Shorewall on Debian).
>
> The box has two drives, both Western Digital.  One is 8.1 GB, the other
> is 1.1.  I'll be installing 4.1 release then installing the patches and
> following their instructions re rebuilding.
>
> Here's what I'm thinking:
>
> wd0 (1.1 GB drive):
> a100 MB /
> b128 MB swap
> c1.1 GB
> d256 MB /tmp
> e   ~640 MB /var
>
> wd1 (8.1 GB drive):
> a100 MB spare /
> b128 MB swap
> c8.1 GB
> d1.0 GB /home
> e   ~6.9 GB /usr
>
> Do you think that this will give me all the room I need to install and
> keep patched:
>
> full install
> icewm or Xfce
> Konqueror
> Firefox
> a pdf reader or two (Evince, Kpdf, Xpdf)
> mplayer
> mc
> mutt
> vim
>
> Yes, I know that compiles will take forever and a day, but hopefully I
> won't be recompiling much; I need the space in case its required.
>
> Are these partitions a good size in the right order or are they any
> suggestions for improvement?
>
> Thanks,
>
> Doug.

Running graphical stuff on a 32M 486 is going to test your patience.
If you can survive this without defenistrating your system, you are
an amazing person.

Given that you are testing things, in this case I think I'd just create
a swap of 512M or so, and just create an 'a' partition thats the rest
of the disk.  The downside here is that if you run the potential risk
of losing everything if 'a' goes, but I'd be more worried about the
lack of disk overall.  As an example, you can't hold all the packages
you could compile, etc.

But if you really want to partition, make the faster drive wd0 and
make one swap partition.  Don't create a spare--you don't have
spare space--use it for /home or /usr.  Don't forget that your 1G
drive is elderly, so keeping the least important stuff there is a
good idea.

I don't know where you are, but getting ANY Pentium would be a
huge win.  I just found some 233MHz Dells with 128/256M ram and
10G disks, which went for $33 each.  Given what you have at the
moment, a 200-500MHz class machine would be ever so much
faster.  Ask around and you might be able to get several for free.
The experience of a 486 with graphical stuff is likely to be stunning.

--STeve Andre'

Re: To whom can I direct email for artwork use permission pls?

[Marc Balmer]

Brian Candler wrote:

On Tue, Oct 02, 2007 at 11:46:24AM -0600, Bob Beck wrote:

(though i have to confess, i haven't made a donation since i upgraded
my gateway to 4.1 ... i have an excuse !!!  and it was only last week.
and i will)


And this is exactly the problem. Look, you guys can quibble
all you want about "awww, we should be able to make our own distros"
Yes, you can. 


However, you won't be able to make your own distro when OpenBSD
ceases to exist for financial reasons. Free software still costs money
to produce, and all the talk about "well I should donate" does not translate
into dollars. 


Unless people buy CD's, you may not see future releases. it's that
simple. We all love doing this, but without money to maintain a place to
do it and someone to look over it, it isn't going to continue.  


That is blatant FUD. There are dozens of counterexamples of large-scale free
software projects which continue successfully without this sort of emotional
blackmail.

I would argue that OpenBSD is probably the least "free" of all the free Unix
options out there. Why?

* You cannot download an ISO image and burn it yourself.
* If you buy a CD-ROM, you cannot legally make copies to give to your
  friends, your school etc.

By this measure, OpenBSD is about as "free" as, say, Red Hat Enterprise
Linux.

Of course, if there were enough demand, someone would go and make their own
OpenBSD distribution with downloadable unencumbered ISO images built from
source - such as CentOS do with RHEL. Nobody says "don't use CentOS; you're
stealing money from those poor Red Hat guys who have put so much investment
into refining their product".

The reason nobody makes free OpenBSD ISO images, I presume, is because the
user base is comparatively tiny, and it's not worth the effort. And that in
turn is probably because OpenBSD turns people away with this sort of
nonsense.

FreeBSD used to have a similar model: you had to buy the CDs and you
couldn't copy them. They abandoned it several years ago, and have flourished
since. If they hadn't, they would have risked losing against the Linux tide.
They also risked losing high quality code contributors.

So if OpenBSD does come to an end, as you threaten, IMO it won't be because
people don't buy the CDs - it will be because it continues to cut itself off
from the mainstream and simply becomes irrelevant.


why are you on our mailing lists?

Re: msdos partitions, made by Windows

[Robert C Wittig]

L. V. Lammert wrote:

At 02:40 PM 10/3/2007 -0500, Robert C Wittig wrote:
On a machine that dual-boots both Windows 2000 and OpenBSD 4.0, I have 
a second data hard drive (wd1) with two primary partitions, FAT32L, 
which were created by Windows 2000.


Mount fails because they do not have OBSD disklabels... "Device not 
configured".


Why are you mounting a FAT32 partition as ffs??



I'm not.

I did not include any reference to a mount command in my email, 
because it failed, but when I did run it, I ran it as:


# mount -t msdos /dev/wd1a /mnt/images

...(I was just guessing 'a') ...but the 'Device not configured' 
returned caused me to do some googling, which is how I figured out the 
problem was probably disklabel-related, which was why I then ran:


# disklabel wd1

...which confirmed 'DOS partition table with no valid OpenBSD partition'.


--
-wittig http://www.robertwittig.com/
http://robertwittig.net/
http://robertwittig.org/
.

Re: sign and timestamp

[Stuart Henderson]

On 2007/10/03 21:36, Joachim Schipper wrote:
> On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
> > Hey there!
> > 
> > I've read a lot about timestamping a document, but dunno how it works in
> > practice. How can i apply a timestamp to a digitally signed or encrypted
> > document? Like i encrypt or sign a document with gnupg, but before the
> > process how can i timestamp it?

google/patent search: haber stornetta

dead trees: there's a little section in Applied Cryptography
(surprise!), the basics are fairly obvious (send TTP a hash, they
append a timestamp and sign the lot) but to prevent collusion
between sender and TTP additional measures are normally used.

> The Big G is your friend [1]:
> 
> http://www.itconsult.co.uk/stamper.htm

Now it's October 2007 and RIPA part III is in force, .uk is not
a great jurisdiction to be hosting cryptographic services.

Re: sign and timestamp

[Gábri Máté]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yes, but i wan't to solve this without an outsider for practical reasons.

Gabri Mate
[EMAIL PROTECTED]
DUOSOL Bt.
http://www.duosol.hu


Joachim Schipper mrta:
> On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
>> Hey there!
>>
>> I've read a lot about timestamping a document, but dunno how it works in
>> practice. How can i apply a timestamp to a digitally signed or encrypted
>> document? Like i encrypt or sign a document with gnupg, but before the
>> process how can i timestamp it?
>> Sorry for the stupid question but i really can't imagine it.
> 
> The Big G is your friend [1]:
> 
> http://www.itconsult.co.uk/stamper.htm
> 
> (Obviously, one could sent them a hash instead of the original if one
> were afraid of sending data unencrypted over the net.)
> 
>   Joachim
> 
> [1] Trust The Computer. The Computer is Your Friend.
iD8DBQFHA/488najRxwF9nkRAk/sAKCFzKm7tBxsNHwFCYFdtHP8NWClXwCbBWcC
jHWm4T+Eimk1p1ZQ2GyoKqc=
=s5sI
-END PGP SIGNATURE-

kernel panic on fujitsu siemens d2151-a11 using oBSD4.1

[Insan Praja SW]

Dear all,
Recently I've installed a fujitsu-siemens motherboard with obsd 4.1. At
first, it works. Then, after I use amd64 kernel and configure ot with:
option MSGMNB=16384 # max # of bytes in a queue
option MSGMNI=80 # number of message queue identifiers
option MSGSEG=4096 # number of message segments per queue
option MSGSSZ=128 # size of a message segment
option MSGTQL=2048 # max messages in system
(optimization for squid), after several hours running it went bad and
panicking.. This happen several times, using .mp or .generic. From the
panic message,
Any help, please?
Thanks

Insan Praja SW

panic: pool_get(mclpl): free list modified: magic=deaf; page
0xfe80185d8000; item addr 0xfe80185d8000
Stopped at Debugger+0x5: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb>trace
Debugger() at Debugger+0x5
panic() at panic+0x12a
pool_get() at pool_get+0x368
pfsync_get_mbuf() at pfsync_get_mbuf+0x18b
pfsync_pack_state() at pfsync_pack_state+0x44c
pf_test() at pf_test+0xc33
ipv4_input() at ipv4_input+0x142
ipintr() at ipintr+0x77
end of kernel
end trace frame: 0x4bdc34c0, count: -8
ddb>ps
PGRP UID S FLAGS WAIT COMMAND
22198 0 7 0x4000 snmpget
--- snip -
dumping to dev 0,1 3165175

dmesg
OpenBSD 4.1 (GREENLINKS) #0: Tue Oct  2 00:06:41 WIT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GREENLINKS
real mem = 526905344 (514556K)
avail mem = 438521856 (428244K)
using 12915 buffers containing 52899840 bytes (51660K) of memory
mainbus0 (root)
bios0 at mainbus0: SMBIOS rev. 2.34 @ 0x1f6ee000 (78 entries)
bios0: FUJITSU SIEMENS D2151-A1
acpi at mainbus0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Pentium(R) D CPU 2.66GHz, 2660.41 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,
xTPR,NXE,LONG
cpu0: 1MB 64b/line 8-way L2 cache
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "Intel 82945GP" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82945G Video" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: irq 9
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Realtek ALC260 (rev. 4.0), HDA version 1.0
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci1 at ppb0 bus 3
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01
pci2 at ppb1 bus 5
bge0 at pci2 dev 0 function 0 "Broadcom BCM5751" rev 0x01, BCM5750 A1
(0x4001): irq 11, address 00:30:05:c9:79:df
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01
pci3 at ppb2 bus 7
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01
pci4 at ppb3 bus 9
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 9
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11
ehci0: timed out waiting for BIOS
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb4 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xe1
pci5 at ppb4 bus 11
xl0 at pci5 dev 5 function 0 "3Com 3c905B 100Base-TX" rev 0x30: irq 10,
address 00:01:02:fd:52:26
exphy0 at xl0 phy 24: 3Com internal media interface
fxp0 at pci5 dev 7 function 0 "Intel 8255x" rev 0x02, i82557: irq 5,
address 00:04:ac:56:ee:78
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
ukphy0 at fxp0 phy 2: Generic IEEE 802.3u media interface, rev. 3: OUI
0x1e3b80, model 0x000a
pcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01
pciide0 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: irq 9
iic0 at ichiic0
isa0 at pcib0
isadma0 at isa0
com0 at is

Re: msdos partitions, made by Windows

[Robert C Wittig]

Joachim Schipper wrote:


You cannot, and should not try to. The automatically constructed
disklabel is fine, mount /dev/wd1i or /dev/wd1j.



Thanks, Joachim... worked perfectly!


--
-wittig http://www.robertwittig.com/
http://robertwittig.net/
http://robertwittig.org/
.

OpenBSD router - CARP to VRRP

[nachocheeze]

Dunno if this is possible...

I'm trying to set up an OpenBSD (4.2 snapshot) router as a VRRP
neighbor to a Juniper M7i (JunOS version 7.5R2).  I've set up the
following:

On the M7i Gigabit interface:

unit 0 {
description "Gigabit Ethernet Backbone";
family inet {
mtu 9000;
no-redirects;
address X.X.X.49/28 {
vrrp-group 55 {
virtual-address X.X.X.55;
priority 10;
accept-data;
}
}
}
}

> show vrrp detail
Physical interface: ge-0/0/0, Unit: 0, Address: X.X.X.49/28
  Index: 72, SNMP ifIndex: 72, VRRP-Traps: enabled
  Interface state: up, Group: 55, State: master
  Priority: 10, Advertisement interval: 1, Authentication type: none
  Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: X.X.X.55
  Advertisement timer: 0.631s, Master router: X.X.X.49
  Virtual router uptime: 00:46:48, Master router uptime: 00:46:39
  Virtual MAC: 00:00:5e:00:01:37
  Tracking: disabled


On the OpenBSD machine (4.2 GENERIC.MP#259):

msk0: flags=8943 mtu 9000
lladdr 00:00:5a:72:6f:9f
description: Gigabit Ethernet Backbone #1
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet X.X.X.50 netmask 0xfff0 broadcast X.X.X.63
inet6 fe80::200:5aff:fe72:6f9f%msk0 prefixlen 64 scopeid 0x4

carp1: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:37
carp: MASTER carpdev msk0 vhid 55 advbase 1 advskew 150
groups: carp
inet6 fe80::200:5eff:fe00:137%carp1 prefixlen 64 scopeid 0xe
inet X.X.X.55 netmask 0xfff0 broadcast X.X.X.63

CARP preempt is set on the BSD box.

They both show up as CARP/VRRP masters no matter how much I play with
the VRRP priority or the CARP advskew, and cause duplicate IP probs
(same IP, same virtual MAC).

I turned on logging for CARP, and am getting this:

carp: packet too short 40 on carp1
carp: packet too short 40 on carp1
carp: packet too short 40 on carp1


Doing a sniff, it looks like the VRRP packet from the Juniper is 10
bytes smaller than the CARP packet on the BSD machine (60 bytes vs
70).  Does anyone know if there's a tweakable option to fix this, or
if it's even possible to do this at all (is CARP compatible with
regular VRRP)?

Re: OpenBSD router - CARP to VRRP

[Jon Simola]

On 10/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

> I'm trying to set up an OpenBSD (4.2 snapshot) router as a VRRP
> neighbor to a Juniper M7i (JunOS version 7.5R2).
<...>
> Does anyone know if there's a tweakable option to fix this, or
> if it's even possible to do this at all (is CARP compatible with
> regular VRRP)?

No, please see the sidebar at http://www.openbsd.org/lyrics.html#35 for details.

-- 
Jon

Re: sign and timestamp

[Steve McConville]

> I don't know if there's an accepted strategy, but if I had to create one
> from scratch, off the top of my head I'm thinking some time of time
> server.  It would have to publish a signed file of the current time, say
> once per minute, so that you could include the hash in the above noted
> tarball.  The recipient could note the time of that hash file, query the
> time server for the matching hash and compare the two.  If they match,
> then the time matches.

Slightly OT...

That (and variations therof) would work for a 'not earlier than' lower
bound, but I'm pretty sure there is a good theoretical reason why 'not
later than' shouldn't be possible without a third party, making
timestamping (in the sense of having happened in this given interval)
impossible. I am open to contradiction though :)

-- 
steev
http://www.daikaiju.org.uk/~steve/

Re: Speed Problems

[Tony Sarendal]

New set of tests done with AMD64 UP kernel.

http://www.layer17.net/openbsd-router-intro.html

/Tony

Re: partition layout

[Nick Holland]

Douglas A. Tutty wrote:
> Hello all,
> 
> I have a 486DX4-100 with 32 MB ram.  I bought an 8 GB drive to put in my
> P-II and it won't boot it so I've put in in the 486 along with a 1 GB
> drive.

you might want to spend more time on that PII system...

> I'm on dialup and would like to avoid a bad partitioning decision
> requring a whole new install/download cycle (I'm on slow dialup).

Ouch.
...
> The box has two drives, both Western Digital.  One is 8.1 GB, the other
> is 1.1.  I'll be installing 4.1 release then installing the patches and
> following their instructions re rebuilding.

have you tested that 1G WD drive?  Those were curiously cranky, reliable
drives.  Yes, that's what I meant to say: some years ago, I became the
proud owner of something like 60 machines with those drives in them,
ranging from never having been powered up (still had factory load on
'em!) to being very heavily used.  The majority did not spin up on their
own, but if you manually "twisted" them, they would fire up and stay
running...until you turned 'em off long enough to cool back down.

> Here's what I'm thinking:
...[snip a very functional plan]

> Do you think that this will give me all the room I need to install and
> keep patched:
> 
> full install
> icewm or Xfce
> Konqueror

on a 486??

> Firefox

on a 486?  With 32M RAM???
18489 nick   20   73M   93M sleeppoll313:36  0.10% firefox-bin
No freaking way.
I don't like running Firefox on my 850MHz laptop.

> a pdf reader or two (Evince, Kpdf, Xpdf)
> mplayer

on a 486?

> mc
> mutt
> vim
> 
> Yes, I know that compiles will take forever and a day, but hopefully I
> won't be recompiling much; I need the space in case its required.

Not just compiles.  Most of those apps just won't run on a 486 in
anything more than a "oh, look, it came up!" sort of way.

> Are these partitions a good size in the right order or are they any
> suggestions for improvement?

your (partitioning) plan is not bad, but here are some thoughts:

Assuming your 1G drive works and you don't bust your knuckles spinning
the thing up manually (don't ask), don't use it on this system, but rather
use it to place all the install files on.  That way, you don't have to do
it "right" the first time.  Load it up on another machine (or on this
machine before you remove its current OS).  Put it in as the secondary
drive on the system, boot off floppy, point the install media to the 1G
drive as the source for the files (it will read FAT and FAT32).

Every time you download a new package, put it on this drive.

More reality checks:
1) Many 486 machines have only one IDE port.
2) Many 8G drives don't want to work as a secondary to a 1G drive
  (but the 1G drive will probably work fine as a secondary to a 8G)
3) IF you get X running on this thing, you will very possibly find that
  quits working for 4.2.  Many old systems like this will need XF3, as
  XF4 and X.org don't support many of the old drivers.  XF3 is gone for
  4.2 (and there was much rejoicing).
4) At best, this thing will be an X terminal for you, you won't run
  many X apps on it.
5) You probably don't know how to configure an ISA NIC
6) I'm trying to forget how to configure an ISA NIC (damn flashbacks)
7) You don't want to know what I will hopefully be putting out on the
  curb for trash day ..er..next week, since I'm spending tonight
  answering email.
8) with 32M RAM, swap will be your friend.  You need to get out more
  and meet better friends.

This is going to be a really frustrating machine to learn OpenBSD on.
Learning almost always requires making "mistakes" (even if completely
intentionally made!).  OpenBSD will run on a 486 better than just about
any other OS now, but that's not saying much at all, unfortunately.
Just logging into the machine will be painful.

I wish there was an economical way to get some of the stuff I toss
out to some of the people in the world who would love to have it.

Nick.

Re: OpenBSD router - CARP to VRRP

[Henning Brauer]

* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-03 23:25]:
> (is CARP compatible with regular VRRP)?

no, VRRP is not compatible with CARP.
yes, vrrp should adopt. as in, vendors shall implement carp 
instead, it's better anyway.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Cannot change MTU of carp interface?

[Jake Conk]

Hello,

I am able to change the MTU of my nic card where my carp address is
binded to to 9000 but when I try to change the mtu on the carp
interface I get this error, "ifconfig: SIOCSIFMTU: Invalid argument".
Anyone know if its possible to change the MTU on a carp address or is
it just not possible?

Thank you,
- Jake

Re: sign and timestamp

[Joachim Schipper]

On Wed, Oct 03, 2007 at 10:40:28PM +0200, G?bri M?t? wrote:
> Yes, but i wan't to solve this without an outsider for practical reasons.
> 
> Gabri Mate
> [EMAIL PROTECTED]
> DUOSOL Bt.
> http://www.duosol.hu
> 
> 
> Joachim Schipper mrta:
> > On Wed, Oct 03, 2007 at 06:21:53PM +0200, G??bri M??t?? wrote:
> >> Hey there!
> >>
> >> I've read a lot about timestamping a document, but dunno how it works in
> >> practice. How can i apply a timestamp to a digitally signed or encrypted
> >> document? Like i encrypt or sign a document with gnupg, but before the
> >> process how can i timestamp it?
> >> Sorry for the stupid question but i really can't imagine it.
> > 
> > The Big G is your friend [1]:
> > 
> > http://www.itconsult.co.uk/stamper.htm
> > 
> > (Obviously, one could sent them a hash instead of the original if one
> > were afraid of sending data unencrypted over the net.)
> > 
> > Joachim
> > 
> > [1] Trust The Computer. The Computer is Your Friend.
> iD8DBQFHA/488najRxwF9nkRAk/sAKCFzKm7tBxsNHwFCYFdtHP8NWClXwCbBWcC
> jHWm4T+Eimk1p1ZQ2GyoKqc=
> =s5sI
> -END PGP SIGNATURE-

Perhaps off-topic, but do consider improving your signal-to-noise ratio;
I count one useful, albeit misspelled, line - remove the (non-delimited)
sig, broken PGP signature, and useless cruft from replied messages.

What you want to do is a lot more complicated. The easiest solution I
can think of is chaining. For instance, given data_1, data_2, ...,
data_n which must be signed on date_1, date_2, ..., date_n, define

hash_0 = SOME_VALUE
hash_i+1 = f(hash_i ++ data_i+1 ++ date_i+1)

Here, f() is a hash function, for instance RIPEMD-160 or SHA2-256, and
++ denotes some mixing operation (XOR might be a good bet).

Suppose you provide someone with frequent values of hash_i. If you later
make a false claim about either data_j or date_j, and the other person
has hash_i, hash_k, data_1, ..., data_k, and date_i, ..., date_k,, where
i < j <= k, then you would be quickly found out.

Of course, more sophisticated algorithms can do the same thing, but
without revealing quite this much. Go read a good book; Practical
Cryptography provides a good overview.

Joachim

Disclaimer: I am not a cryptographer, crypto is hard, and I'm tired. So
no guarantees that the above actually works.

-- 
PotD: x11/matchbox/matchbox-window-manager - window manager with a
classic pda management policy

Re: sign and timestamp

[Ted Unangst]

On 10/3/07, Gabri Mati <[EMAIL PROTECTED]> wrote:
> I've read a lot about timestamping a document, but dunno how it works in
> practice. How can i apply a timestamp to a digitally signed or encrypted
> document? Like i encrypt or sign a document with gnupg, but before the
> process how can i timestamp it?

you cannot provably timestamp anything.  you can only provide copies
or hashes at the time you would like to prove creation, either by
sending it to the person you want to prove it to or a trusted third
party.  or generally publishing it, and hoping you can gather enough
witnesses to testify when they first saw it.

Re: sign and timestamp

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 09:45:30PM +0200, G?bri M?t? wrote:
> 
> A service will gather data in a database and this data has to be signed
> and timestamped for security reasons, and the archives of these data are
> also need to signed and timestamped. The data will be used for internal
> purposes, so another internal server can issue the signs and stamps.
> 

OK.  This service gathering the data: is it your own dedicated server or
is it an external service provider.  Assuming that you don't controll
(in a security sense) the database itself (if you did, why bother with
this?).

If I understand correclty:  Database the data-gatherer can query.  You
set up a dedicated, physically secure box and provide it with a secure
source of time (GPS?).  

Assuming that you don't want the latency for them to email the box a
hash, have the box append a time stamp, sign it, and mail it back.  You
need a dedicated channel from the time server to the data-gatherer of
latency low enough to meet the time-stamp requirements.  

Do you need to send the timestamp back to the data-gatherer or will they
be sending the data to you by a slower method?  

You could either write a dedicated server or set up a lpd hack.  

They gather the data, tarball it, take a hash and put it in an index
file (like an MD5SUM file in an ftp archive).  They send a file
containing only the hash and the unique tarball file name to the lpr on
the time server.  A dummy spool there hands the file to a 'filter' that
takes that file, extracts the md5sum, file name, appends the time, and
appends that whole line to a file.  For hard copy, each line could be
printed to dedicated dot-matrix printer as it is generated.

Or your time server is running a database and the data-gather can issue
the SQL insert query directly and the database system itself fills in a
time-stamp field.

Doug.

Re: partition layout

[Stuart Henderson]

On 2007/10/03 19:46, Nick Holland wrote:
> > I have a 486DX4-100 with 32 MB ram.  I bought an 8 GB drive to put in my
> > P-II and it won't boot it so I've put in in the 486 along with a 1 GB
> > drive.
> 
> you might want to spend more time on that PII system...

yes. an OS booted from another drive can often use a drive that the
BIOS is unable to see.

> on a 486?  With 32M RAM???
> 18489 nick   20   73M   93M sleeppoll313:36  0.10% firefox-bin

w3m or dillo, maybe. Opera is probably pushing it. 93M isn't bad going
for firefox, think mine was around 500M earlier...

> I wish there was an economical way to get some of the stuff I toss
> out to some of the people in the world who would love to have it.

freecycle.org might be worth a look.

Re: 19 inch rack (DEC-StoageWorks) available in Munich

[Robert Urban]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

last call for interest in hard disks (SCSI, IDE) for donation.

Robert Urban wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hallo Martin,
> 
> Martin Reindl wrote:
>> Robert Urban <[EMAIL PROTECTED]> wrote:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> Hi Folks,
>>>
>>> is anybody interested in a SWXSC-CB 19" StorageWorks rack? I'm giving it
>>> away.  For more info, see:
>>>
>>> http://www.spielwiese.de/rob/Stuff/Cabinet/
>>>
>> Would you mind giving the RZ28 disks to the project?
> 
> indeed.  I guess no one wants the rack?  see below for a list of disks
> available for donation.
> 
>> sturm@ and grunk@ are probably real close :)
> 
> I've got a move looming, so I'd like to get any transactions completed
> relatively quickly.
> 
> cheers,
> 
> Robert Urban
> - snip--
> 
> The following SCSI disks are all in StorageWorks Building Block (SBB)
> enclosuers:
> "Cap" "Model" "count" "comment"
> - -   --- -
> "1GB" "RZ26L-VA"  8
>   "RZ26-VA"   1   
> "2BG" "RZ28-VA"   16  
>   "SWXD3-SG"  5   
> "4GB" "RZ29B-VW"  3   
>   "DS-RZ1CB-VW"   4   
> "9GB" "DS-RZ1DF-VW"   2   
>   "DS-RZ1DD-VW"   3   
> 
> "Other SCSI (no enclosure)"   
> "9GB" "IBM/Digital RZ1DF-CB (DGHS)"   2   "SCA"
> "9GB" "Quantum/Digital RZ2DC-KA"  2   "68pin"
> "2GB" "RZ28-E"3   
> "2GB" "Seagate ST32550W"  1   "68pin"
> "2GB" "Micropolis 4421"   1   "50pin"
> "1GB" "RZ26L-E"   4   
> "2GB" "Seagate/Digital RZ23B-E (ST12400N)"1   
> "1GB" "Digital DSP3107L (RH31E-DC)"   1   
> "425MB"   "Digital RZ25-E"1   
>   
> "IDE/ATAPI Disks" 
> "3.2GB"   "Maxtor DiamondMax "4   
> "3.2GB"   "Quantum Fireball " 1   
> "850MB"   "Quantum Trailblazer"   1   
> "1.2GB"   "Quantum Fireball " 3   
> "540MB"   "Maxtor 7540AV" 1   
> "127MB"   "Quantum ProDrive"  4   
> "850MB"   "Western Digital Caviar 2850"   1   
> "170MB"   "Maxtor 7171AT" 1
> "130MB"   "Seagate ST3145A"   1
> "122MB"   "Digital RE23L-E"   1
>   
> 
> "StorageWorks enclosuers:"
>   "BA350" 6   
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFG/plV33x7lJjLFm4RAh1/AKCgtLiAKAF7/P0MFvWAiHLfmbhA7wCcDyuv
> IT5WRp54jt8JGDuq0D6qMN8=
> =HCdP
> -END PGP SIGNATURE-
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHBEpf33x7lJjLFm4RAhu1AJsFMpIYlx6KtRq+vD432JowVWAMTwCeKGje
j6O7hoWvPvWRkzfmf5YyD9s=
=xLw/
-END PGP SIGNATURE-

Re: partition layout

[Jacob Meuser]

On Thu, Oct 04, 2007 at 02:03:41AM +0100, Stuart Henderson wrote:
> On 2007/10/03 19:46, Nick Holland wrote:

> > I wish there was an economical way to get some of the stuff I toss
> > out to some of the people in the world who would love to have it.
> 
> freecycle.org might be worth a look.

or see if there's something in your community like this:

http://www.nextsteprecycling.org/

went there today (on my bicycle :) to get a mb with an auich(4)
device.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Cisco 3002 VPN client to OpenBSD?

[Jeff Simmons]

Anyone have any experience with this?

A company a client of mine wishes to work with insists this will work, but I 
have my doubts. The documentation for the 3002 seems to indicate that it is 
specifically for connections to a Cisco 3000 series VPN concentrator, and it 
requires (?) group-password and user-password entries for connections to the 
3000. Most of the rest of the configuration is pretty standard, if old (3des, 
sha1).

I'd rather find out before we buy one. Thanks!

-- 
Jeff Simmons   [EMAIL PROTECTED]
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise.  Are you sure you're doing it right?"
--  My Life With The Thrill Kill Kult

Re: To whom can I direct email for artwork use permission pls?

[Curt Micol]

> why are you on our mailing lists?

Indeed, my response also.

-- 
"I am very easy to get along with, but I don't have time to waste
being nice to people who are being stupid." -- Theo de Raadt,
Founder/Lead Developer of OpenBSD

Re: Cisco 3002 VPN client to OpenBSD?

[Aaron W. Hsu]

I highly recommend that you don't go with the routers, and just do your own 
work, mostly because it's a pain. On the other hand, vpnc is ported to OpenBSD 
and it works. You can see some of the issues relating to this when you check 
out the ports@ list where you can find some of the discussions about porting a 
newer version of vpnc to OpenBSD.


-- 
((name "Aaron Hsu")
 (email/xmpp "[EMAIL PROTECTED]")
 (phone "703-597-7656")
 (site "http://www.aaronhsu.com";))

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: partition layout

[Douglas A. Tutty]

On Wed, Oct 03, 2007 at 07:46:01PM -0400, Nick Holland wrote:
> Douglas A. Tutty wrote:
> > Hello all,
> > 
> > I have a 486DX4-100 with 32 MB ram.  I bought an 8 GB drive to put in my
> > P-II and it won't boot it so I've put in in the 486 along with a 1 GB
> > drive.
> 
> you might want to spend more time on that PII system...

Yeah, I've tried all the BIOS options that I can find, it just doesn't
like any drive but the 850 MB it has; it will only take one drive.

> 
> > I'm on dialup and would like to avoid a bad partitioning decision
> > requring a whole new install/download cycle (I'm on slow dialup).
> 
> Ouch.
> ...
> > The box has two drives, both Western Digital.  One is 8.1 GB, the other
> > is 1.1.  I'll be installing 4.1 release then installing the patches and
> > following their instructions re rebuilding.
> 
> have you tested that 1G WD drive?  Those were curiously cranky, reliable
> drives.  Yes, that's what I meant to say: some years ago, I became the
> proud owner of something like 60 machines with those drives in them,
> ranging from never having been powered up (still had factory load on
> 'em!) to being very heavily used.  The majority did not spin up on their
> own, but if you manually "twisted" them, they would fire up and stay
> running...until you turned 'em off long enough to cool back down.
> 

Both drives are just fine.


> > Here's what I'm thinking:
> ...[snip a very functional plan]
> 
> > Do you think that this will give me all the room I need to install and
> > keep patched:
> > 
> > full install
> > icewm or Xfce
> > Konqueror
> 
> on a 486??
> 
> > Firefox
> 
> on a 486?  With 32M RAM???
> 18489 nick   20   73M   93M sleeppoll313:36  0.10% firefox-bin
> No freaking way.
> I don't like running Firefox on my 850MHz laptop.
> 
> > a pdf reader or two (Evince, Kpdf, Xpdf)
> > mplayer
> 
> on a 486?
> 
> > mc
> > mutt
> > vim
> > 
> > Yes, I know that compiles will take forever and a day, but hopefully I
> > won't be recompiling much; I need the space in case its required.
> 
> Not just compiles.  Most of those apps just won't run on a 486 in
> anything more than a "oh, look, it came up!" sort of way.
> 

Before Debian released Etch, this 486 box was running everything but
Konquerer and Firefox just fine.  Sure, xpdf rendering a page may take 20
seconds or so but everything else was OK.  So scratch Konq, Firefox and
ofcourse mplayer as runnable apps.


> > Are these partitions a good size in the right order or are they any
> > suggestions for improvement?
> 
> your (partitioning) plan is not bad, but here are some thoughts:
> 
> Assuming your 1G drive works and you don't bust your knuckles spinning
> the thing up manually (don't ask), don't use it on this system, but rather
> use it to place all the install files on.  That way, you don't have to do
> it "right" the first time.  Load it up on another machine (or on this
> machine before you remove its current OS).  Put it in as the secondary
> drive on the system, boot off floppy, point the install media to the 1G
> drive as the source for the files (it will read FAT and FAT32).

This 486 box is my only free box for testing and getting proficient with
keeping OpenBSD up-to-date.  My Athlon has Etch on it and is my main
box; does everything including watching DVDs full-screen.  My P-II is my
upstairs slim-X client that seems to only take an 850 drive.  That
leaves my 486 for OBSD testing.

> 
> More reality checks:
> 1) Many 486 machines have only one IDE port.

This has two.

> 2) Many 8G drives don't want to work as a secondary to a 1G drive
>   (but the 1G drive will probably work fine as a secondary to a 8G)

This pair is fine both ways.

> 3) IF you get X running on this thing, you will very possibly find that
>   quits working for 4.2.  Many old systems like this will need XF3, as
>   XF4 and X.org don't support many of the old drivers.  XF3 is gone for
>   4.2 (and there was much rejoicing).

X runs just fine under OBSD: 4.0 under X version 3; 4.1 with Xorg.  It
has an S3Vision864 with sdac, 1 MB video ram.  Does 1024x768x8bit @ 75Hz

> 4) At best, this thing will be an X terminal for you, you won't run
>   many X apps on it.

That's all it needs to do.

> 5) You probably don't know how to configure an ISA NIC

Yes I do.  Already done it under OBSD.  Its an ne clone that matches the
kernel.  If it didn't, I've got Absolute OpenBSD and see that the kernel
can be tweaked without recompiling it.

Besides, I can always learn how to set up a ppp link over a serial cable
in OBSD.  Did that all the time in Debian before I could afford an NIC.
NFS is rather slow and X is impossible.  Other than that, it works.

> 6) I'm trying to forget how to configure an ISA NIC (damn flashbacks)

Perhaps I can help. :)

> 7) You don't want to know what I will hopefully be putting out on the
>   curb for trash day ..er..next week, since I'm spending tonight
>   answering email.

How close to Kingston Ontario are you?  Assuming th