Difficult routing problem
Hello all, I am having some trouble with a routing situation that is difficult for me to explain, so if you need more info let me know. vendor --vendor router-- Internal LAN Location A --OBSD GW A-- Internet VPN Between Internet --OBSD GW B-- Internal LAN Location B From the above I will try and describe the situation. A vendor has a private T1 that terminates through NAT to the customers Internal LAN at location A, the IP addresses that this vendor is using are part of there public IP space but they are not routable over the Internet just through the T1. I have a OpenBSD box at that location that provides internet access and routes the block of IPs belonging to the vendor to the vendor's router. There is a VPN between the OpenBSD boxes at both locations which is performing fine and I can contact both internal LANs from the other. The problem that I have not been able to solve is that the workstations at location B need to get to the vendor's router at location A using the public IPs of the vendor. I have tried using route-to in pf and some ideas I had in the routing table, but so far nothing has routed the packets over the VPN. I am sure I am missing something basic, but so far I have not been able to see it. Some info: (these are representative IPs) Vendor's IP block that need to go over their T1: 207.12.0.0/18 Internal LAN A: 10.74.10.0/24 Vendor router Internal LAN IP: 10.74.10.245 OpenBSD A Internal IP: 10.74.10.254 OpenBSD A External IP: a.b.c.d OpenBSD B Internal IP: 10.76.10.254 OpenBSD B External IP: w.x.y.z Any pointers will sure be appreciated. Thanks Layne Evans
1.8 CF adapter (X40)
In case anyone's interested, I just found this.. http://linitx.com/viewproduct.php?prodid=11521
Encrypting home partition
I'm just trying to encrypt my laptops /home partition to hide my personal info if the worst happens and my lappy is stolen. I'm wondering what would be the best method to encrypt the hard drive? I saw some discussion on the mailing list recently and somebody pointed out that I could encrypt whole partition. I'm currently creating a image within a partition which I intend to encrypt then as instructed for example here: http://www.blackant.net/other/docs/howto-encrypted-home.php Which would be a better method, the separate image or encrypt whole partition and how to encrypt whole partition on OpenBSD? Timo
Re: pf
On 2007/10/06 00:36, Nenhum_de_Nos wrote: you say the two queues are bound to that rule in that line ? I never got 100% this bindings from queues and rules. how will pf know that in the first rule, it will treat ack packets differente from bulk ones ? thats my main doubt ... is the order (bulk,ack) that does it ? or anything with the flags (S/SA) ? I really never got the mechanics of this ... if anyone could explain, Yes, pf.conf(5) explains this, it's towards the end of the QUEUEING section.
OpenBSD router performance tests
I made a new more detailed latency/throughput test with ifq.maxlen set to 2500. With AMD64 UP kernel we are now looking at around 500kpps without packet loss. From 400 to 500kpps with one command, pretty nice, I have to remember that one. http://www.layer17.net/openbsd-test-rfc2544-throughput-latency.html (bottom of the page). Next up is the i386 kernel. /Tony
Re: partition layout
On Thu, 2007-10-04 at 17:10 -0700, Clint Pachl wrote: The only thing I would use that 486 for would be an X client, with a good graphics card, a router, or as a command line tinkering system. Yes, a 486 is still plenty of system for use as a router, assuming the right networking hardware is available for it. Heck, I miss my old Pentium 100 I was using as a router (well, sort of). -- Shawn K. Quinn [EMAIL PROTECTED]
Any PC-Engines ALIX board users around?
If you own/use a PC-Engines ALIX board, can you please contact me offlist?
AMD Quad Core
Has anyone here used a new Quad Core chip from AMD (or indeed Intel) and if so, how do they run with OpenBSD? A.
Re: Thank you developers... 4.2 arrived in the mail today
One other data point - My preordered 4.2 set arrived here in Bergen, Norway today. Excellent artwork as usual, and great song :) Cheers, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Enabling Tidy in PHP
I have tidy built as an extension and not into php and it works completely fine. Where does it say to not do that? On 10/5/07, Marti Martinez [EMAIL PROTECTED] wrote: On 10/5/07, Daniel Barowy [EMAIL PROTECTED] wrote: Any suggestions? Apparently I don't know what I don't know. Well, this is a suggestion, not an answer, but I've saved myself a lot of pain by building ports of PHP related stuff on relatively clean systems (by relatively clean I mean NO packages installed that are later going to be required when building the ports), building the packages, and then installing the relevant packages on the target system with pkg_add, rather than directly from the ports tree. I think in my case most problems stemmed from conflicts between already installed packages and the ones that I was trying to build, and the subsequent wrangling and mangling of the ports tree that I tried to do to fix it. My rule for myself, at least until I have a much deeper understanding of the ports tree, is to never install ANY downloaded packages on the machine that I use to interact with the ports tree. If this isn't the solution to your problem, maybe we can help with some more details about the failure of make install Thanks, Dan Marti -- Systems Programmer, Principal Electrical Computer Engineering The University of Arizona [EMAIL PROTECTED]
Xbox 360 controller at the -current
Hi, /bsd: ugen0 at uhub0 port 1 /bsd: ugen0: Microsoft product 0x028f, rev 2.00/1.05, addr 2 /bsd: ugen0 detached has anyone tried to use it? :-) (Yes I'd read the news about the old Xbox port, but this here is an Xbox 360 controller) Regards Alex
Re: partition layout
On Sat, Oct 06, 2007 at 05:14:53AM -0500, Shawn K. Quinn wrote: On Thu, 2007-10-04 at 17:10 -0700, Clint Pachl wrote: The only thing I would use that 486 for would be an X client, with a good graphics card, a router, or as a command line tinkering system. Yes, a 486 is still plenty of system for use as a router, assuming the right networking hardware is available for it. Heck, I miss my old Pentium 100 I was using as a router (well, sort of). It also works just fine as: firewall for dial-up print server with apsfilter home mail server, Wordprocessor with vim + LaTex Python development (non-GUI) light browsing with lynx and links/elinks small-data-set postgresql (home use) and anything else for home use _except_ for running X-apps locally (other than gv or something for previewing documents before printing). The only things I cannot do comfortably on the 486: Surf the web with firefox/konqueror watch movies Doesn't have a great sound card so not the best music box graphical spreadsheet Install Debian (need to do a drive-shuffle from another box) patch BSD Run Debian (since they admit that they link to many libraries not required for normal use, slowing the execs and increasing memory useage). Doug.
Re: Web configure Firewall
On Sat, 06 Oct 2007 07:23:02 +0700, Piotrek Kapczuk [EMAIL PROTECTED] wrote: Wow, leeching mode :D 2007/10/6, Cyrus [EMAIL PROTECTED]: I'm looking for a ready to install roll package for configureing and administering a OpenBSD firewall from the web. something along the lines of pfSense, but with OpenBSD base. Thanks, http://www.undeadly.org/cgi?action=articlesid=20071003090749 -- Insan Praja SW
Speeding up OBSD bootup
Is it possible to specify the kernel that the hardware for which there are drivers probing for but I don't have in my PC is absent? Since OBSD has no suspend to disk/RAM, the bootup speed is critical when working with a laptop in public transport. Or are there any other possible ways how to speed up the bootup process? CL
Re: partition layout
Douglas A. Tutty wrote: It also works just fine as: home mail server, Unless, of course, you run Perl-based anti-spam filters... I just upgraded a P2 2x450 to P3 2x933 and it still seems sluggish.
Re: Speeding up OBSD bootup
On Sat, 6 Oct 2007 16:08:41 +0200 Karel Kulhavy [EMAIL PROTECTED] wrote: Is it possible to specify the kernel that the hardware for which there are drivers probing for but I don't have in my PC is absent? Since OBSD has no suspend to disk/RAM, the bootup speed is critical when working with a laptop in public transport. Look at config(8). There is also an entry in the FAQ: http://openbsd.org/faq/faq5.html#config Eric.
Re: To whom can I direct email for artwork use permission pls?
On 10/6/07, Frank Bax [EMAIL PROTECTED] wrote: Presto, a complete ISO install disk. It would have been trivial to add some packages. It seems to me the install process cannot find filesets if they are placed in root directory on cdrom; but that's easily corrected using expected directory structure. doesn't the install process prompt you for the path to sets? sure, it assumes $MOUNTPOINT/$VERSION/$ARCH but if memory serves correctly you could override and say the sets were in . ... aka the root of the mount point of the source disk. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Difficult routing problem
On Sat, 6 Oct 2007, Layne Evans wrote: Hello all, I am having some trouble with a routing situation that is difficult for me to explain, so if you need more info let me know. vendor --vendor router-- Internal LAN Location A --OBSD GW A-- Internet VPN Between Internet --OBSD GW B-- Internal LAN Location B From the above I will try and describe the situation. A vendor has a private T1 that terminates through NAT to the customers Internal LAN at location A, the IP addresses that this vendor is using are part of there public IP space but they are not routable over the Internet just through the T1. I have a OpenBSD box at that location that provides internet access and routes the block of IPs belonging to the vendor to the vendor's router. There is a VPN between the OpenBSD boxes at both locations which is performing fine and I can contact both internal LANs from the other. The problem that I have not been able to solve is that the workstations at location B need to get to the vendor's router at location A using the public IPs of the vendor. I have tried using route-to in pf and some ideas I had in the routing table, but so far nothing has routed the packets over the VPN. I am sure I am missing something basic, but so far I have not been able to see it. Some info: (these are representative IPs) Vendor's IP block that need to go over their T1: 207.12.0.0/18 Internal LAN A: 10.74.10.0/24 Vendor router Internal LAN IP: 10.74.10.245 OpenBSD A Internal IP: 10.74.10.254 OpenBSD A External IP: a.b.c.d OpenBSD B Internal IP: 10.76.10.254 OpenBSD B External IP: w.x.y.z Any pointers will sure be appreciated. Maybe I'm missing something, but (given that everything else is working and assuming that the systems on LAN B have a default route directed to GW B) wouldn't a static route on GW B for 207.12.0.0/18 pointing to 10.74.10.245 do the job? Dave -- Dave Anderson [EMAIL PROTECTED]
Re: qemu speed
You can't run java on what? I use java every day for citrix so that I don't have to run a windows machine at work at all. Works fine for me. On Thu, Oct 04, 2007 at 03:50:13PM -0700, Allie D. wrote: I'm bitter because I can't run java on it. I have to use ubuntu with VirtualBox to run some critical work apps that use java :( -- ~Allie D. On Thu, October 4, 2007 15:41, Jacob Yocom-Piatt wrote: Gerald Thornberry wrote: I've never used QEMU so I may be talking out my hat. Looking at the docs for it yesterday I remember seeing something about the QEMU accelerator. Is that an option here? When used as a virtualizer, QEMU achieves near native performances by executing the guest code directly on the host CPU. A host driver called the QEMU accelerator (also known as KQEMU) is needed in this case. The virtualizer mode requires that both the host and guest machine use x86 compatible processors. i've found qemu-0.8.2p4 on 4.1-release (i386) to be horribly slow and some apps don't install correctly when emulating windows xp. it's ok for viewing ms office documents but doing anything processor or disk intensive takes an order of magnitude longer than usual. would be nice to know if the KQEMU driver is the bottleneck. cheers, jake http://fabrice.bellard.free.fr/qemu/about.html On 10/4/07, Frank Bax [EMAIL PROTECTED] wrote: Indeed, this is a FoxPro program. I had tried changing the path; and tested it by starting program without using full path to EXE - although the program does startup this way; it still fails at the same point. I also tried QEMU; but was still researching options before bringing speed question here. I've read that it can be a bit slow; but I'm wondering HOW slow? I use the FoxPro program to convert a database from one format to another. Native Win98 on P3-600 the process takes 1:20 (min:sec). On a 2GHz Core2Duo, QEMU takes 6:00 minutes. Is this expected speed? On QEMU/BSD forum, it was suggested I compile from source, so I used ports instead of package, but there was no change to speed of this process. Files are currently inside a virtual disk. Is that fastest for disk i/o? Am I likely to speed it up if I have files on host and access them via samba? Is there another way to access host files from Win98 guest? Frank Richard Toohey wrote: I do not know much about wine, but the issue interested me ... I've built from ports and I am having a look. From the manual page, re. the wine configuration file, it has this: format: path = directories separated by semi-colons default: C:\WINDOWS;C:\WINDOWS\SYSTEM Used to specify the path which will be used to find exe- cutables and .DLL's. Can you add C:\ and/or C:\\LIBS to that list and see if it helps? A FLL looks like a FoxPro dynamic link library, so it should count as a DLL. Back to RTFMing ... On 3/10/2007, at 8:27 AM, Joachim Schipper wrote: On Mon, Oct 01, 2007 at 05:56:46PM -0400, Frank Bax wrote: I installed wine-990225p0 from packages on 4.1 and can run simple programs like sol and notepad. I have an old program I'm trying to run; but this program cannot find it's own files unless the current working directory is set to the directory where software was installed. It seems more recent wine versions support 'bat' files which would solve this; but this doesn't seem to work in this version. When I try: wine c://program.exe the software complains that it cannot open LIBS\FOXTOOLS.FLL This file is found at C:\\LIBS\FOXTOOLS.FLL Is there a way to run something like this on wine 990225?: cd program.exe If this is not workable on 990225; do current wine versions work on OpenBSD? I'm not sure if there is a way to 'cd' on OpenBSD's version of Wine. As to porting: more recent Wines do weird things with threads, if I understand the issue correctly. In short, don't expect an update soon. Qemu works fine, if you don't need to run a particularly demanding program. Joachim -- TFMotD: inet6 (4) - Internet protocol version 6 family --
Re: To whom can I direct email for artwork use permission pls?
On Saturday 06 October 2007, you wrote: doesn't the install process prompt you for the path to sets? sure, it assumes $MOUNTPOINT/$VERSION/$ARCH but if memory serves correctly you could override and say the sets were in . ... aka the root of the mount point of the source disk. CK Yes, that's how I do it when I cut new ISOs with errata and packages... --James
Re: wine question - BAT2EXE?
wine-990225 does not run BAT or COM files; only EXE files. There are two problems with: wine command.com /c progam.bat wine does not execute COM and expects every argument to be executable. I've seen some references to cmd and wcmd (which seem to be wine internal replacement for command.com); but as near as I can tell, this is a feature added in later versions of wine; because I can't get it to work either. My plan is to create a BAT file containing cd program.exe And convert to an EXE file, thereby (hopefully) avoiding problem in initial post. It is not necessary for the BAT2EXE program itself to work on wine (I can run that native); but I need the resulting EXE to run on wine. I've used OpenBSD for hosting (apache/mail) since 2000; and last year we setup an OpenBSD router in the house (with wifi even). I just moved from my (7 yr old) P3-600 laptop with Win98 to a new laptop with OpenBSD in August. I tried OpenBSD desktop several times over those years; but kept switching back - OpenBSD has come a LONG way with desktop support in recent years! As you can see from my posts (wine and qemu); I am open to any solution that will allow me to run this app with performance approaching (preferably faster than) native P3-600. I'll donate C$100 to OpenBSD if it works before year-end - it's not much, but its more than US$100 for the first time in +30 years. Shucks, I'll probably make the donation anyway; after all, the cost of a cdrom has been constant for a couple of years now. Frank ropers wrote: Sorry if this is nosy and sounds stupid, but I'm intrigued: Why would you need your .bat to become a .exe file? Hiding your code is obviously not a valid reason, or you wouldn't be asking this on the OpenBSD mailing list. On 05/10/2007, Frank Bax [EMAIL PROTECTED] wrote: Does know of a BAT2EXE program that produces an EXE which works under wine? First hit on google bat2exe wine indicates there is one that works on Linux (written in delphi), but the link is broken. I've tried several. Some actually create COM (not EXE) files which wine won't run. Others create EXE files that crash in various ways under wine. Frank Frank Bax wrote: I installed wine-990225p0 from packages on 4.1 and can run simple programs like sol and notepad. I have an old program I'm trying to run; but this program cannot find it's own files unless the current working directory is set to the directory where software was installed. It seems more recent wine versions support 'bat' files which would solve this; but this doesn't seem to work in this version. When I try: wine c://program.exe the software complains that it cannot open LIBS\FOXTOOLS.FLL This file is found at C:\\LIBS\FOXTOOLS.FLL Is there a way to run something like this on wine 990225?: cd program.exe If this is not workable on 990225; do current wine versions work on OpenBSD? Frank
Re: Speeding up OBSD bootup
On 10/6/07, Karel Kulhavy [EMAIL PROTECTED] wrote: Is it possible to specify the kernel that the hardware for which there are drivers probing for but I don't have in my PC is absent? Since OBSD has no suspend to disk/RAM, the bootup speed is critical when working with a laptop in public transport. Or are there any other possible ways how to speed up the bootup process? CL OpenBSD can suspend, man 8 apm apm -s for standby or apm -z for suspend state. I don't know if it will work with your device, but it does work on some -- Mark Mathias
Re: Speeding up OBSD bootup
On Sat, Oct 06, 2007 at 04:08:41PM +0200, Karel Kulhavy wrote: Is it possible to specify the kernel that the hardware for which there are drivers probing for but I don't have in my PC is absent? Since OBSD has no suspend to disk/RAM, the bootup speed is critical when working with a laptop in public transport. You can use config(8) to disable drivers without building a new kernel, but you really have to know what you're doing. There's a tool called dmassage in the ports tree (sysutils/dmassage) which can help determining unused devices by looking at dmesgs's output. My experience (I tried it once on a Soekris Net4801) is that doing this kind of tuning won't gain you much speed at but time but is a real PITA if you want to plug some new device and have to re-enable it first to use it. Ciao, Kili -- Automake and autoconf deserve to wither and die, but unfortunately noone at GNU seems to make much of an effort to euthanasize them. -- Han-Wen Nienhuys, on Lilypond-devel mailing list
Re: pf
On 06/10/2007, a.padilla [EMAIL PROTECTED] wrote: this is a small private I'm doing between to computers for educational purposes. the server is also connected to a dhcp network. that's why the internal interface has a private IP. I'm not surprised your internal NIC has a private IP. I'm surprised your external NIC has one too. I'm trying to work with what's available to me. On Oct 5, 2007, at 3:10 PM, ropers wrote: On 05/10/2007, a.padilla [EMAIL PROTECTED] wrote: ifconfig: (...) rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:4d:ea:33:0a groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::218:4dff:feea:330a%rl0 prefixlen 64 scopeid 0x1 inet 192.168.0.111 netmask 0xff00 broadcast 192.168.0.255 dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:bf:53:1e:fe media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::214:bfff:fe53:1efe%dc0 prefixlen 64 scopeid 0x2 inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0 I need to do a double-take on the above: Why do both of your NICs have private IPs? Is your ISP doing NAT as well and do they only give you private IPs or what's the story? -- www.ropersonline.com
non-PHP webmail solutions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Folks, a while ago (Nov, 2006), someone asked what webmail solutions people recommended. People suggested: - - squirrelmail - - the horde - - Ilohamail - - RoundCube - - hastymail - - openwebmail of all of these, only openwebmail does not rely on PHP, which I deeply mistrust. Does anyone know of any others that don't use PHP? thanks, Rob Urban Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHB7T633x7lJjLFm4RAi4oAJ9Pvs4sSjSm3VyXE4YZJ+5oDPqzHwCgmaiV 7WBKb3QjD//gjqjxqE2XhVI= =GzVa -END PGP SIGNATURE-
Re: Difficult routing problem
On Sat, Oct 06, 2007 at 10:37:12AM -0400, Dave Anderson wrote: On Sat, 6 Oct 2007, Layne Evans wrote: Hello all, vendor --vendor router-- Internal LAN Location A --OBSD GW A-- Internet VPN Between Internet --OBSD GW B-- Internal LAN Location B Some info: (these are representative IPs) Vendor's IP block that need to go over their T1: 207.12.0.0/18 Internal LAN A: 10.74.10.0/24 Vendor router Internal LAN IP: 10.74.10.245 OpenBSD A Internal IP: 10.74.10.254 OpenBSD A External IP: a.b.c.d OpenBSD B Internal IP: 10.76.10.254 OpenBSD B External IP: w.x.y.z Any pointers will sure be appreciated. Maybe I'm missing something, but (given that everything else is working and assuming that the systems on LAN B have a default route directed to GW B) wouldn't a static route on GW B for 207.12.0.0/18 pointing to 10.74.10.245 do the job? this will not work. ipsec will not encap packets that not belong to a flow. you need a second ipsec flow like on GW B: ike esp from LAN_B/24 to vendor/18 peer OPENBSD_A_External and on GW A: ike esp from VENDOR/18 to LAN_B/24 peer OPENBSD_B_External and then a route on GW A to the vendor network. i think this will do the trick. thomas
TPMs in Macbooks on OpenBSD
I've got me a macbook and I'm figuring out how to install OpenBSD on it (I'm going to see if I can do it without BootCamp, appearently it's possible: http://refit.sourceforge.net/myths/). One of my friends mentioned too bad about the evil to me and so I started digging into one of the evils: Trusted Computing. How do I find out if this mac has a TPM chip? Apple is never open about this fact. This page http://attivissimo.blogspot.com/2006/04/trusted-computing-chips-found-in-intel.html reports that some macs have them and some don't. It also says that in linux you can check `ioreg` for mentions of TPM. What would the equivalent method in OpenBSD? Would the chip show up in dmesg? Here's one dmesg http://erdelynet.com/tech/openbsd/openbsd-on-intel-mac-mini/ and I don't see anything that looks like a TPM chip but I'm not sure what all the devices are. If I can't know for sure from software I plan on cracking the case and searching for one physically anyway. -Nick
Re: Encrypting home partition
On 10/6/07, Timo Myyrd [EMAIL PROTECTED] wrote: I'm just trying to encrypt my laptops /home partition to hide my personal info if the worst happens and my lappy is stolen. I'm wondering what would be the best method to encrypt the hard drive? I saw some discussion on the mailing list recently and somebody pointed out that I could encrypt whole partition. I'm currently creating a image within a partition which I intend to encrypt then as instructed for example here: http://www.blackant.net/other/docs/howto-encrypted-home.php Which would be a better method, the separate image or encrypt whole partition and how to encrypt whole partition on OpenBSD? *The* way to make encrypted disks on OpenBSD is through vnconfig -k. Go read up on that and come back. Then here's what you can do (it's dead simple): # vnconfig -k key svnd0 /path/to/image # mount /dev/svnd0 /home #note: the image file should be available somewhere that isn't /home, obviously... you may be able to have a /home with it on there and then mount over that and it might keep working but it's just asking for trouble to do it that way are you sure you want to encrypt your *whole* drive though? Is your data really that secret? For most people there are only a few /really secret/ things, and you can just make a small secure partition and place them in there. Encryption does take a performance hit. -Nick
Re: non-PHP webmail solutions
a while ago (Nov, 2006), someone asked what webmail solutions people recommended. People suggested:... of all of these, only openwebmail does not rely on PHP, which I deeply mistrust. Does anyone know of any others that don't use PHP? AlphaMail (mod_perl/PERL/C++) was recently reviewed in Linux Journal: http://alphamail.sourceforge.net/ http://www.linuxjournal.com/article/9320 Michael.
Re: TPMs in Macbooks on OpenBSD
On 10/6/07, Nick Guenther [EMAIL PROTECTED] wrote: I've got me a macbook and I'm figuring out how to install OpenBSD on it (I'm going to see if I can do it without BootCamp, appearently it's possible: http://refit.sourceforge.net/myths/). One of my friends mentioned too bad about the evil to me and so I started digging into one of the evils: Trusted Computing. How do I find out if this mac has a TPM chip? Apple is never open about this fact. This page http://attivissimo.blogspot.com/2006/04/trusted-computing-chips-found-in-intel.html reports that some macs have them and some don't. It also says that in linux you can check `ioreg` for mentions of TPM. What would the equivalent method in OpenBSD? Would the chip show up in dmesg? Here's one dmesg http://erdelynet.com/tech/openbsd/openbsd-on-intel-mac-mini/ and I don't see anything that looks like a TPM chip but I'm not sure what all the devices are. If I can't know for sure from software I plan on cracking the case and searching for one physically anyway. -Nick I have a Macbook 2,1 that I run OpenBSD exclusively on. No Boot camp or anything special. Just OpenBSD as it is. There are a few things you need to know before you install. You will need acpi and you will need an external USB-keyboard during installization. I use AMD64 and GENERIC.MP. I did some googling about TPM in macbook and newer Apple hardware and it seems like there isn't one. http://www.osxbook.com/book/bonus/chapter10/tpm/ http://www.tuaw.com/2006/11/02/apple-drops-trusted-computing/ Both these links say newer Apple hardware does not contain it, they only mention Mac Pro and Macbook Pro's though. There are still a few problems with the macbook, I'm trying to write a driver for Apple system Management Controller, it's not going that good but I should have it working soon. There is a few other problems like bluetooth, iSight camera, IR. Sound is working and trackpad is working. BR dunceor Here is my dmesg: OpenBSD 4.2-current (GENERIC.MP) #8: Sat Sep 22 19:44:03 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2114535424 (2016MB) avail mem = 2041937920 (1947MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe7460 (37 entries) bios0: vendor Apple Inc. version MB21.88Z.00A5.B06.0704201208 date 04/20/07 bios0: Apple Inc. MacBook2,1 acpi0 at mainbus0: rev 0 acpi0: tables DSDT HPET APIC MCFG ASF! SBST ECDT FACP SSDT SSDT SSDT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpihpet0 at acpi0 table HPET: 14318179 Hz acpimadt0 at acpi0 table APIC addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.57 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.25 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpi device at acpi0 from table MCFG not configured acpi device at acpi0 from table ASF! not configured acpi device at acpi0 from table SBST not configured acpi device at acpi0 from table ECDT not configured acpi device at acpi0 from table FACP not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpi device at acpi0 from table SSDT not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpiec0 at acpi0: EC__ acpicpu0 at acpi0 C3, C2 acpicpu1 at acpi0 C3, C2 acpiac0 at acpi0: AC unit offline acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpibat0 at acpi0: BAT0: model: ASMB016 serial: type: LION016 oem: DPON016 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130d2b06000b25 cpu0: using only highest, current and lowest power states cpu0: Enhanced SpeedStep 1833 MHz (1292 mV): speeds: 2167, 1833, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured vendor Intel, unknown product 0x27a3 (class DASP subclass Time and Frequency, rev 0x03) at pci0 dev 7 function 0 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 1 int 22 (irq 10) azalia0: host:
Re: non-PHP webmail solutions
On Sat, 6 Oct 2007, Robert Urban wrote: of all of these, only openwebmail does not rely on PHP, which I deeply mistrust. Does anyone know of any others that don't use PHP? Probably out of date, but see http://www.reedmedia.net/misc/mail/web-based.html which tries to list perl or php or others. Jeremy C. Reed
Re: Encrypting home partition
Nick Guenther wrote: On 10/6/07, Timo Myyrd [EMAIL PROTECTED] wrote: I'm just trying to encrypt my laptops /home partition to hide my personal info if the worst happens and my lappy is stolen. I'm wondering what would be the best method to encrypt the hard drive? I saw some discussion on the mailing list recently and somebody pointed out that I could encrypt whole partition. I'm currently creating a image within a partition which I intend to encrypt then as instructed for example here: http://www.blackant.net/other/docs/howto-encrypted-home.php Which would be a better method, the separate image or encrypt whole partition and how to encrypt whole partition on OpenBSD? *The* way to make encrypted disks on OpenBSD is through vnconfig -k. Go read up on that and come back. Then here's what you can do (it's dead simple): # vnconfig -k key svnd0 /path/to/image # mount /dev/svnd0 /home #note: the image file should be available somewhere that isn't /home, obviously... you may be able to have a /home with it on there and then mount over that and it might keep working but it's just asking for trouble to do it that way using the -K switch for vnconfig is good if you're worried about offline brute forcing. are you sure you want to encrypt your *whole* drive though? Is your data really that secret? For most people there are only a few /really secret/ things, and you can just make a small secure partition and place them in there. Encryption does take a performance hit. the performance hit is pretty unnoticeable unless you're doing lots of reads and writes, e.g. a fileserver. on a decently fast machine you can get 20-30 MBps read and write speed on an encrypted image which is plenty for your /home in most cases. -Nick
Re: TPMs in Macbooks on OpenBSD
On 10/6/07, Karl Sjvdahl - dunceor [EMAIL PROTECTED] wrote: On 10/6/07, Nick Guenther [EMAIL PROTECTED] wrote: I've got me a macbook and I'm figuring out how to install OpenBSD on it (I'm going to see if I can do it without BootCamp, appearently it's possible: http://refit.sourceforge.net/myths/). One of my friends mentioned too bad about the evil to me and so I started digging into one of the evils: Trusted Computing. How do I find out if this mac has a TPM chip? Apple is never open about this fact. This page http://attivissimo.blogspot.com/2006/04/trusted-computing-chips-found-in-int el.html reports that some macs have them and some don't. It also says that in linux you can check `ioreg` for mentions of TPM. What would the equivalent method in OpenBSD? Would the chip show up in dmesg? Here's one dmesg http://erdelynet.com/tech/openbsd/openbsd-on-intel-mac-mini/ and I don't see anything that looks like a TPM chip but I'm not sure what all the devices are. If I can't know for sure from software I plan on cracking the case and searching for one physically anyway. -Nick I have a Macbook 2,1 that I run OpenBSD exclusively on. No Boot camp or anything special. Just OpenBSD as it is. ooh, first: thanks for your quick response. What *is* BootCamp? I know it's mostly just repartitioning software but the readme that comes with it seems to imply that it install certain special drivers to let you use the mac keyboard under windows (i.e. Mac-Click is mapped to right click, and so on). Although I guess those would just be those Windows drivers, wouldn't they... There are a few things you need to know before you install. You will need acpi and you will need an external USB-keyboard during installization. Why do you need acpi? I did read that and I did make myself an acpi-enabled kernel that I can boot from if I choose (though really I could just do drop into config from boot, right?) but the default is to boot the normal i386/bsd.rd and when I let it do that it boots fine and gets to the install prompt. What's the problem? I did indeed run into the problem of the keyboard not working during install. Why is that? Is the ramdisk kernel just missing some drivers? I use AMD64 and GENERIC.MP. Is there an advantage to AMD64 over i386? My default was to grab i386 but I'm not particularly tied to it. I did some googling about TPM in macbook and newer Apple hardware and it seems like there isn't one. http://www.osxbook.com/book/bonus/chapter10/tpm/ mm I found this one too, it's linked at the end of the link I gave. http://www.tuaw.com/2006/11/02/apple-drops-trusted-computing/ This just references the link I gave. Still, TPM needs software to run it. It would be a very strange move for Apple to somehow hide the TPM from anything besides OS X. I'm settled. Both these links say newer Apple hardware does not contain it, they only mention Mac Pro and Macbook Pro's though. I only have a Macbook. Maybe they big-brother anyone who doesn't shell out enough (;))? There are still a few problems with the macbook, I'm trying to write a driver for Apple system Management Controller, it's not going that good but I should have it working soon. There is a few other problems like bluetooth, iSight camera, IR. Sound is working and trackpad is working. Oh sweet, that's really nice. Related but off topic question: How do I get right-clicking working? Do I have to play with X keymaps? I've poked at this from playing on zaurus, but I don't really understand it. Links please? I'm guessing there's nothing like Appletouch http://www.popies.net/atp/ in OpenBSD right? The SMC controls low-level power functions. Does it do that on its own? (i.e. if I sleep while under OpenBSD does the light still snore?). Would your driver just instruct the SMC, or actually run it? Here is my dmesg: OpenBSD 4.2-current (GENERIC.MP) #8: Sat Sep 22 19:44:03 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2114535424 (2016MB) avail mem = 2041937920 (1947MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe7460 (37 entries) bios0: vendor Apple Inc. version MB21.88Z.00A5.B06.0704201208 date 04/20/07 bios0: Apple Inc. MacBook2,1 acpi0 at mainbus0: rev 0 acpi0: tables DSDT HPET APIC MCFG ASF! SBST ECDT FACP SSDT SSDT SSDT acpitimer0 at acpi0: 3579545 Hz, 24 bits acpi device at acpi0 from table DSDT not configured acpihpet0 at acpi0 table HPET: 14318179 Hz acpimadt0 at acpi0 table APIC addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.57 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16, xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2
Re: TPMs in Macbooks on OpenBSD
On 10/6/07, Nick Guenther [EMAIL PROTECTED] wrote: On 10/6/07, Karl SjC6dahl - dunceor [EMAIL PROTECTED] wrote: On 10/6/07, Nick Guenther [EMAIL PROTECTED] wrote: I've got me a macbook and I'm figuring out how to install OpenBSD on it (I'm going to see if I can do it without BootCamp, appearently it's possible: http://refit.sourceforge.net/myths/). One of my friends mentioned too bad about the evil to me and so I started digging into one of the evils: Trusted Computing. How do I find out if this mac has a TPM chip? Apple is never open about this fact. This page http://attivissimo.blogspot.com/2006/04/trusted-computing-chips-found-in-intel.html reports that some macs have them and some don't. It also says that in linux you can check `ioreg` for mentions of TPM. What would the equivalent method in OpenBSD? Would the chip show up in dmesg? Here's one dmesg http://erdelynet.com/tech/openbsd/openbsd-on-intel-mac-mini/ and I don't see anything that looks like a TPM chip but I'm not sure what all the devices are. If I can't know for sure from software I plan on cracking the case and searching for one physically anyway. -Nick I have a Macbook 2,1 that I run OpenBSD exclusively on. No Boot camp or anything special. Just OpenBSD as it is. ooh, first: thanks for your quick response. What *is* BootCamp? I know it's mostly just repartitioning software but the readme that comes with it seems to imply that it install certain special drivers to let you use the mac keyboard under windows (i.e. Mac-Click is mapped to right click, and so on). Although I guess those would just be those Windows drivers, wouldn't they... Boot camp is both a tool to handle dual boot of operating systems but it also provide drivers for the apple hardware so Windows can use it. There are a few things you need to know before you install. You will need acpi and you will need an external USB-keyboard during installization. Why do you need acpi? I did read that and I did make myself an acpi-enabled kernel that I can boot from if I choose (though really I could just do drop into config from boot, right?) but the default is to boot the normal i386/bsd.rd and when I let it do that it boots fine and gets to the install prompt. What's the problem? Ok then it has started to get better because in the beginning I couldn't even get to the install prompt because it hang on some usb controller. ACPI is needed to get some of the drivers to work correctly. And yes enable it in ukc is enough. I did indeed run into the problem of the keyboard not working during install. Why is that? Is the ramdisk kernel just missing some drivers? I use AMD64 and GENERIC.MP. Is there an advantage to AMD64 over i386? My default was to grab i386 but I'm not particularly tied to it. Well the new Intel Core 2 Duo are Intels version of AMD64 and there fore the closest thing you should use. You could use i386 also and there might not be that much difference. I have only tried AMD64. I did some googling about TPM in macbook and newer Apple hardware and it seems like there isn't one. http://www.osxbook.com/book/bonus/chapter10/tpm/ mm I found this one too, it's linked at the end of the link I gave. http://www.tuaw.com/2006/11/02/apple-drops-trusted-computing/ This just references the link I gave. Still, TPM needs software to run it. It would be a very strange move for Apple to somehow hide the TPM from anything besides OS X. I'm settled. Both these links say newer Apple hardware does not contain it, they only mention Mac Pro and Macbook Pro's though. I only have a Macbook. Maybe they big-brother anyone who doesn't shell out enough (;))? There are still a few problems with the macbook, I'm trying to write a driver for Apple system Management Controller, it's not going that good but I should have it working soon. There is a few other problems like bluetooth, iSight camera, IR. Sound is working and trackpad is working. Oh sweet, that's really nice. Related but off topic question: How do I get right-clicking working? Do I have to play with X keymaps? I've poked at this from playing on zaurus, but I don't really understand it. Links please? I'm guessing there's nothing like Appletouch http://www.popies.net/atp/ in OpenBSD right? I haven't got the right click to work, I do not know if it's possible to do. It is one of the annoying stuff at the moment and I use an external USB mouse. I also have problems with the swedish keyboard layout because {,[ ,] ,} are existing and this is annoying when you code =) That Appletouch driver you linked to looked old and it's only for Powerbooks. I know the FreeBSD people has done some work on it so maybe I can port that later also. The SMC controls low-level power functions. Does it do that on its own? (i.e. if I sleep while under OpenBSD does the light still snore?). Would your driver just
4.2 song
Just back from my (hiking) trip, I am happy to announce the 4.2 song has been added to the lyrics page at http://www.openbsd.org/lyrics.html Yes, it is designed to sound like a mid-era Rush song, ie. something from Grace Under Pressure or such. And there's a few easter eggs hidden in the song as well. It also explains the inside sleeve image...
Re: non-PHP webmail solutions
On Sat, Oct 06, 2007 at 06:16:59PM +0200, Robert Urban wrote: ... a while ago (Nov, 2006), someone asked what webmail solutions people recommended. People suggested: ... of all of these, only openwebmail does not rely on PHP, which I deeply mistrust. Does anyone know of any others that don't use PHP? About a year ago (http://archives.neohapsis.com/archives/openbsd/2006-11/0052.html) Diana mentioned Prayer: http://www-uxsup.csx.cam.ac.uk/~dpc22/prayer/ I have no need for such a thing, but given what (little) I know about Diana from reading this list, and a brief perusal of the foregoing page, that's one of the first things I'd try. -b
Re: Xbox 360 controller at the -current
On Sat, Oct 06, 2007 at 03:26:58PM +0200, Alexander Farber wrote: Hi, /bsd: ugen0 at uhub0 port 1 /bsd: ugen0: Microsoft product 0x028f, rev 2.00/1.05, addr 2 /bsd: ugen0 detached has anyone tried to use it? :-) (Yes I'd read the news about the old Xbox port, but this here is an Xbox 360 controller) Did you connect it directly, or use the microsoft adaptator for wireless stuff ?
Re: TPMs in Macbooks on OpenBSD
As I understand, macbooks doesn't have TPM, macbooks PRO has. Thanks to deanna (yeah!) sound works in 4.2, and I read cvs that newer -current has feature when plugging headphones in event gets noticed and built in speakers gets vol down... nice, havent tried jet. However, sound recording doesn't work jet... What I really miss is: powermanagement support, bluetooth support, supported touchpad features, like scrooling down wouldn't be bad atheros wifi too, isight camera just for fun :) Few tips and tricks for macbook: /usr/X11R6/bin/xset dpms force off /usr/X11R6/bin/xlock -- before closing and putting in bag. xset dpms turns of display till next mouse/keyboard event. Right mouse click I simulate using xkbset (from ports) and using right button after right apple key (numkey button), and make use of left apple key (Super_L) as modifier, so I could stick interesting stuff in e16keyedit. Grave needs to be remaped to tilde too... I miss pageup/pagedown too: $ cat .xsession xset r rate 400 40-- faster cursor xmodmap ~/.xmodmaprc load .xmodmaprc keyboard mappings xkbset m - make xkbset load mousekeys xset m 1 1 slow down radio mouse cursor a little bit exec /usr/local/bin/enlightenment --- start enlightenment $ cat .xmodmaprc !map tilde and grave keycode 94 = grave asciitilde !add mod3 modifier as Super_L add mod3 = Super_L !control+up[pageup], control+down[pagedown] !keycode 98 = Prior !keycode 104 = Next !map num enter to mouse button 2 keycode 108 = Pointer_Button3
Re: Is install42.iso lagging behind cd42.iso and individual packages?
Yesterday evening I downloaded the install42.iso, cd42.iso and all *.tgz packages from the i386 snapshots directory on the ftp.openbsd.org website. All files had a timestamp of Sept. 24. I then ran them through MD5 to make sure they matched the expected checksum. This morning I performed two OpenBSD installs on two VMware machines; one using the install42.iso image and the included *.tgz packages, and one using cd42.iso and the individual packages (which I made available via a local HTTP server). Once this was done I compared the dmesg output of both installs and noticed that the install42.iso machine's kernel date is Sept. 13 while the cd42.iso machine's kernel date is Sept. 24. A quick check of the MD5s of the *.tgz packages in the install42.iso file show that they are different from the packages on the FTP site? So I'm just wondering: in the i386 snaphots directory, do the *.tgz packages in the install42.iso file typically lag behind the individual packages available on the FTP site? Is the way to get the most recent binaries (from -CURRENT) of OpenBSD to use individual packages and *not* the install42.iso? Building the install##.iso files with the X sets requires a bit of clever management. While I was on my recent vacation Peter Valchev was building snapshots and he did not know about the new build sequence required to do this right. We'll try to make it simpler, of course... In the next snapshots, it will be OK again.
Re: Web configure Firewall
On Sat, 06 Oct 2007 07:23:02 +0700, Piotrek Kapczuk [EMAIL PROTECTED] wrote: Wow, I've tried pfsense and now i'm going to leech the comixwall :D Thanks, Insan 2007/10/6, Cyrus [EMAIL PROTECTED]: I'm looking for a ready to install roll package for configureing and administering a OpenBSD firewall from the web. something along the lines of pfSense, but with OpenBSD base. Thanks, http://www.undeadly.org/cgi?action=articlesid=20071003090749
Re: Speeding up OBSD bootup
On 06/10/2007, Karel Kulhavy [EMAIL PROTECTED] wrote: Is it possible to specify the kernel that the hardware for which there are drivers probing for but I don't have in my PC is absent? Since OBSD has no suspend to disk/RAM, the bootup speed is critical when working with a laptop in public transport. Or are there any other possible ways how to speed up the bootup process? You might want to checkout ports/sysutils/dmassage/. Obviously, under improper use this might disable all hotpluggable USB stuff. C.
Re: Encrypting home partition
I have read the mount_vnd manual page and it describes the mount options of the image that are needed to succesfully mount the partition on boot but didn't reveal if there's a method to encrypt whole partition. I know it will give me small performance hit to encrypt whole partition but it should be OK. I had all of my HD except the /boot partition encrypted with Linux and I didn't notice any difference in casual use. Currently waiting for the urandom to fill the image... Timo Jacob Yocom-Piatt wrote: Nick Guenther wrote: On 10/6/07, Timo Myyrd [EMAIL PROTECTED] wrote: I'm just trying to encrypt my laptops /home partition to hide my personal info if the worst happens and my lappy is stolen. I'm wondering what would be the best method to encrypt the hard drive? I saw some discussion on the mailing list recently and somebody pointed out that I could encrypt whole partition. I'm currently creating a image within a partition which I intend to encrypt then as instructed for example here: http://www.blackant.net/other/docs/howto-encrypted-home.php Which would be a better method, the separate image or encrypt whole partition and how to encrypt whole partition on OpenBSD? *The* way to make encrypted disks on OpenBSD is through vnconfig -k. Go read up on that and come back. Then here's what you can do (it's dead simple): # vnconfig -k key svnd0 /path/to/image # mount /dev/svnd0 /home #note: the image file should be available somewhere that isn't /home, obviously... you may be able to have a /home with it on there and then mount over that and it might keep working but it's just asking for trouble to do it that way using the -K switch for vnconfig is good if you're worried about offline brute forcing. are you sure you want to encrypt your *whole* drive though? Is your data really that secret? For most people there are only a few /really secret/ things, and you can just make a small secure partition and place them in there. Encryption does take a performance hit. the performance hit is pretty unnoticeable unless you're doing lots of reads and writes, e.g. a fileserver. on a decently fast machine you can get 20-30 MBps read and write speed on an encrypted image which is plenty for your /home in most cases. -Nick
Upgrade process in 4.2
Hi, I just download the last snapshots available on ftp.openbsd.org. note Because my new and shiny CDs not arrive yet to Costa Rica and i can't wait to install 4.2 /note. I was reading the faq on the OpenBSD web: -Current is where active development work is done, and eventually, it will turn into the next -release of OpenBSD. Every six months, when a new version of OpenBSD is released, -current is tagged, and becomes -release: a frozen point in the history of the source tree. -Stable is based on -release . -stable is also known as the patch branch. Upgrading is the process of installing a newer version of OpenBSD So...i have a question here: is it possible install 4.2 from snapshots, then upgrade to release (a frozen point...) and then goes to stable??? Regards, Alvaro
Re: Upgrade process in 4.2
On 2007/10/06 15:55, Alvaro Mantilla Gimenez wrote: So...i have a question here: is it possible install 4.2 from snapshots, then upgrade to release (a frozen point...) and then goes to stable??? that would be downgrade, not upgrade. That's not supported.
Re: Upgrade process in 4.2
Alvaro Mantilla Gimenez [EMAIL PROTECTED] writes: So...i have a question here: is it possible install 4.2 from snapshots, then upgrade to release (a frozen point...) and then goes to stable??? I'm afraid it's a bit too late. If you install a snapshot now, you will be installing 4.2-current, which has moved some increments in the direction of what will become 4.3. If you want 4.2, you will need to wait for either your disks to arrive or the release date, whichever happens first. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Upgrade process in 4.2
Alvaro Mantilla Gimenez wrote: Hi, I just download the last snapshots available on ftp.openbsd.org. note Because my new and shiny CDs not arrive yet to Costa Rica and i can't wait to install 4.2 /note. I was reading the faq on the OpenBSD web: -Current is where active development work is done, and eventually, it will turn into the next -release of OpenBSD. Every six months, when a new version of OpenBSD is released, -current is tagged, and becomes -release: a frozen point in the history of the source tree. -Stable is based on -release . -stable is also known as the patch branch. Upgrading is the process of installing a newer version of OpenBSD So...i have a question here: is it possible install 4.2 from snapshots, then upgrade to release (a frozen point...) and then goes to stable??? Regards, Alvaro Short answer: NO. Longer answer: snapshots are now AFTER 4.2 and BEFORE 4.3 is tagged. Even though 4.2 is not yet officially supported. The upgrades go from one supported release to another. Anything in the middle ((almost) all snapshots) can be a bad mix of old and new and do not mix well with either before nor after. You should get a small flurry of answers from people who know why.
Re: Encrypting home partition
On 10/6/07, Nick Guenther [EMAIL PROTECTED] wrote: are you sure you want to encrypt your *whole* drive though? Yes. (says the guy who left his laptop in an airport last week) Is your data really that secret? Why is that important? AKA it's my laptop, and I will explicitly choose to disclose it's contents. (says the guy who left his laptop in an airport last week) For most people there are only a few /really secret/ things, and you can just make a small secure partition and place them in there. except for when you forget to encrypt something, or when a process unexpectedly leaves plaintext laying about (editor temp files, core dumps, i-meant-to-download-that-someplace-else, ...), or when you forget your laptop in an airport or a taxi or leave the door to your office unlocked... Encryption does take a performance hit. Worthy trade-off. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Encrypting home partition
On 10/6/07, Chris Kuethe [EMAIL PROTECTED] wrote: On 10/6/07, Nick Guenther [EMAIL PROTECTED] wrote: are you sure you want to encrypt your *whole* drive though? Yes. (says the guy who left his laptop in an airport last week) Is your data really that secret? Why is that important? AKA it's my laptop, and I will explicitly choose to disclose it's contents. (says the guy who left his laptop in an airport last week) For most people there are only a few /really secret/ things, and you can just make a small secure partition and place them in there. except for when you forget to encrypt something, or when a process unexpectedly leaves plaintext laying about (editor temp files, core dumps, i-meant-to-download-that-someplace-else, ...), or when you forget your laptop in an airport or a taxi or leave the door to your office unlocked... Encryption does take a performance hit. Worthy trade-off. Good points. I was just playing devil's advocate.
Re: pf
On 06/10/2007, a.padilla [EMAIL PROTECTED] wrote: I know its not optimal but I would think I can still get this done. Do you think this is why it's not working? There are any number or reasons why it is not working. Frankly, and no offense here, I'm no longer sure I understand just what you're trying to get working. You told us at the beginning you wanted an internal machine to communicate to the outside world (by which I presumed you meant the Internet). But given what you've supplied here: rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:4d:ea:33:0a groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::218:4dff:feea:330a%rl0 prefixlen 64 scopeid 0x1 inet 192.168.0.111 netmask 0xff00 broadcast 192.168.0.255 dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:bf:53:1e:fe media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::214:bfff:fe53:1efe%dc0 prefixlen 64 scopeid 0x2 inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0 that doesn't appear to be what you're doing. I've already pointed out that your OpenBSD box's two NICs both have private IPs (192.168.0.111 and 10.0.0.0; cf. http://en.wikipedia.org/wiki/Private_network ). You said rl0 is connected to the internet. but rl0 has the private IP 192.168.0.111, so you obviously aren't talking to the outside world (at least not without there being yet another box you haven't told us about doing NAT between the OpenBSD box and the public Internet). Others on this list were much more eagle-eyed than me and have already pointed out further problems with your setup: - John pointed out that your broadcast address on dc0 is set to '255.255.255.0', which looks more like a netmask. - Stuart observed that the 10.0.0.0 IP address, apart from being private, is not even valid: 10.0.0.0 is not valid with a 255.0.0.0 netmask, it's reserved as the network address and shouldn't be used by a host. You could use 10.0.0.1. He also elaborated on the misconfigured broadcast address John spotted earlier: 255.255.255.0 is not a sensible broadcast address for the configured network. For 10.xxx with a 255.0.0.0 netmask, the normal broadcast address is 10.255.255.255. For 10.0.0.x with a 255.255.255.0 netmask, the normal broadcast address is 10.0.0.255. Try it with just 'inet 10.0.0.1 255.255.255.0' in hostname.dc0, adjust dhcpd.conf as necessary, and reboot. (you could do this on a running box, but this way you'll know it will come back up correctly next reboot). Note that the format of hostname.if(5) is different to that of the ifconfig(8) command line. - And James told you at the start of this conversation: Make sure the clients have gateways, make sure the bsd box has a gateway and all masks are correct. Try doing traceroute's and working your way up and IMHO that still applies. Anyway, you later wrote: this is a small private I'm doing between [two] computers for educational purposes. the server is also connected to a dhcp network. This is obviously not the same thing as trying to get an internal machine to talk to the Internet. And I don't know what you mean by the server is also connected to a dhcp network. Do you mean the OpenBSD box is getting one of its IP addresses (for rl0?) from another DHCP server? You also haven't supplied the contents of your /etc/hostname.if(5) files. Forgive me my skepticism, but are you sure you fully understand IPv4? I.e. have you read this part of the FAQ? http://www.openbsd.org/faq/faq6.html#Intro and have you read this document http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf as is recommended there? In conclusion: No, I can't tell you why it is not working, but if you address the multiple issues that have already been pointed out to you, do your homework, and ask precise questions, then there are excellent chances that you can get VERY competent answers on this list. Most people here are a lot more technical than me, and I have read the 3com PDF ;-) Bonne chance! ropers
Re: Encrypting home partition
On 10/6/07, Timo Myyrd [EMAIL PROTECTED] wrote: I have read the mount_vnd manual page and it describes the mount options of the image that are needed to succesfully mount the partition on boot but didn't reveal if there's a method to encrypt whole partition. I know it will give me small performance hit to encrypt whole partition but it should be OK. I had all of my HD except the /boot partition encrypted with Linux and I didn't notice any difference in casual use. Currently waiting for the urandom to fill the image... Timo Hm? I don't understand what you don't understand. There's no such thing as a half-encrypted svnd (=partition). If you can mount an encrypted svnd then you have a totally encrypted drive. If you put it in fstab even better, but you need to somehow get it to ask you for a password (-k) or give it a saltfile (-K) from somewhere when it does that (and you better not store that password on the same laptop). -Nick
Re: pf
I've been keeping up with all those emails and have made the adjustments they suggested. I did indicate my knowledge is limited and apologize for troubling. I do have limited knowledge of IPv4, I am by no means experienced in any of this. I am trying to learn. I think it is clear I'm in way over my head. So again, sorry for troubling you. I will come back, perhaps when I have better knowledge. Thanks for all of your help. You guys are great. On Oct 6, 2007, at 6:49 PM, ropers wrote: On 06/10/2007, a.padilla [EMAIL PROTECTED] wrote: I know its not optimal but I would think I can still get this done. Do you think this is why it's not working? There are any number or reasons why it is not working. Frankly, and no offense here, I'm no longer sure I understand just what you're trying to get working. You told us at the beginning you wanted an internal machine to communicate to the outside world (by which I presumed you meant the Internet). But given what you've supplied here: rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:4d:ea:33:0a groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::218:4dff:feea:330a%rl0 prefixlen 64 scopeid 0x1 inet 192.168.0.111 netmask 0xff00 broadcast 192.168.0.255 dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:bf:53:1e:fe media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::214:bfff:fe53:1efe%dc0 prefixlen 64 scopeid 0x2 inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0 that doesn't appear to be what you're doing. I've already pointed out that your OpenBSD box's two NICs both have private IPs (192.168.0.111 and 10.0.0.0; cf. http://en.wikipedia.org/wiki/Private_network ). You said rl0 is connected to the internet. but rl0 has the private IP 192.168.0.111, so you obviously aren't talking to the outside world (at least not without there being yet another box you haven't told us about doing NAT between the OpenBSD box and the public Internet). Others on this list were much more eagle-eyed than me and have already pointed out further problems with your setup: - John pointed out that your broadcast address on dc0 is set to '255.255.255.0', which looks more like a netmask. - Stuart observed that the 10.0.0.0 IP address, apart from being private, is not even valid: 10.0.0.0 is not valid with a 255.0.0.0 netmask, it's reserved as the network address and shouldn't be used by a host. You could use 10.0.0.1. He also elaborated on the misconfigured broadcast address John spotted earlier: 255.255.255.0 is not a sensible broadcast address for the configured network. For 10.xxx with a 255.0.0.0 netmask, the normal broadcast address is 10.255.255.255. For 10.0.0.x with a 255.255.255.0 netmask, the normal broadcast address is 10.0.0.255. Try it with just 'inet 10.0.0.1 255.255.255.0' in hostname.dc0, adjust dhcpd.conf as necessary, and reboot. (you could do this on a running box, but this way you'll know it will come back up correctly next reboot). Note that the format of hostname.if(5) is different to that of the ifconfig(8) command line. - And James told you at the start of this conversation: Make sure the clients have gateways, make sure the bsd box has a gateway and all masks are correct. Try doing traceroute's and working your way up and IMHO that still applies. Anyway, you later wrote: this is a small private I'm doing between [two] computers for educational purposes. the server is also connected to a dhcp network. This is obviously not the same thing as trying to get an internal machine to talk to the Internet. And I don't know what you mean by the server is also connected to a dhcp network. Do you mean the OpenBSD box is getting one of its IP addresses (for rl0?) from another DHCP server? You also haven't supplied the contents of your /etc/hostname.if(5) files. Forgive me my skepticism, but are you sure you fully understand IPv4? I.e. have you read this part of the FAQ? http://www.openbsd.org/faq/faq6.html#Intro and have you read this document http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf as is recommended there? In conclusion: No, I can't tell you why it is not working, but if you address the multiple issues that have already been pointed out to you, do your homework, and ask precise questions, then there are excellent chances that you can get VERY competent answers on this list. Most people here are a lot more technical than me, and I have read the 3com PDF ;-) Bonne chance! ropers
Re: wine question - BAT2EXE?
I just went back to your first post: On 05/10/2007, Frank Bax [EMAIL PROTECTED] wrote: Does know of a BAT2EXE program that produces an EXE which works under wine? First hit on google bat2exe wine indicates there is one that works on Linux (written in delphi), but the link is broken. Well, you didn't try hard enough. True, the first Google hit http://www.rohitab.com/discuss/lofiversion/index.php/t10621.html shows this link: http://www.home.no/im-zenith/prg/bat2exe.exe and that returns a 404, but just with a little URL hacking you will find: http://www.home.no/im-zenith/program/ and there's your bat2exe program. Dude just reoranised his website. He must have missed the Tim BL memo: http://www.w3.org/Provider/Style/URI ;-) -ropers
Re: Xbox 360 controller at the -current
I've used Microsoft's Play and Charge cable to connect it to my -current PC: http://www.amazon.de/Xbox-360-Play-Charge-Bundle/dp/B000AYS8FK/ref=pd_bbs_7/303-8512256-9012257 It is a cable for charging the wireless controller's battery via USB. You can stick it into the Xbox 360 or into a PC. On 10/6/07, Marc Espie [EMAIL PROTECTED] wrote: On Sat, Oct 06, 2007 at 03:26:58PM +0200, Alexander Farber wrote: /bsd: ugen0 at uhub0 port 1 /bsd: ugen0: Microsoft product 0x028f, rev 2.00/1.05, addr 2 /bsd: ugen0 detached Did you connect it directly, or use the microsoft adaptator for wireless stuff ? Regards Alex
Re: Upgrade process in 4.2
Stuart Henderson wrote: On 2007/10/06 15:55, Alvaro Mantilla Gimenez wrote: So...i have a question here: is it possible install 4.2 from snapshots, then upgrade to release (a frozen point...) and then goes to stable??? that would be downgrade, not upgrade. That's not supported. Thanks. The answer that i was looking for came from Peter N. M. Hansteen. Probably my poor english made my question not very well explained. In my sentence i need to add: ..and then go to stable 4.2. Anyways...like Peter said: it's a bit too late because the snapshots are moving to 4.3 direction. So...probably...in some point of time...my question was correct..right? Regards, Alvaro
Re: Speeding up OBSD bootup
On Sat, 2007-10-06 at 16:31 -0400, Constantine A. Murenin wrote: On 06/10/2007, Karel Kulhavy [EMAIL PROTECTED] wrote: Is it possible to specify the kernel that the hardware for which there are drivers probing for but I don't have in my PC is absent? You might want to checkout ports/sysutils/dmassage/. Obviously, under improper use this might disable all hotpluggable USB stuff. Ideally, you should plug in all USB gadgets you ever plan to use with the laptop before running dmassage. If you can't do that, then you should specifically re-enable them. Be sure to enable things like the SCSI subsystem if you plan to use a USB mass storage device (pen drive, external hard drive, CD-/DVD-ROM, floppy drive). I made the mistake of leaving this out once after compiling a custom kernel, then weeks later plugged in a pen drive and wondered why I wasn't able to mount the damn thing. (Note this is exactly why you shouldn't compile a custom kernel unless you know what you're doing.) -- Shawn K. Quinn [EMAIL PROTECTED]
info heimdal typo
simple typo Index: heimdal.info-1 === RCS file: /cvs/src/kerberosV/src/doc/heimdal.info-1,v retrieving revision 1.1.1.4 diff -u -r1.1.1.4 heimdal.info-1 --- heimdal.info-1 14 Apr 2006 07:32:34 - 1.1.1.4 +++ heimdal.info-1 7 Oct 2007 02:49:33 - @@ -467,7 +467,7 @@ Master key: Verifying password - Master key: -If you want to generate a random master key you can use the -random-key +If you want to generate a random master key you can use the --random-key to kstash. This will make sure you have a good key on which attackers can't do a dictionary attack.
Ext2fs Mount Problem
I have an old backup drive from a Linux file server I was running. I want it to be mounted in my new openBSD, but I'm having trouble with it. I had FreeBSD on this server last and it was able to mount this ext2 fs fine after installing the e2fsprogs suite. I built and installed the e2fsprogs suite from ports on the OpenBSD server, but when I run /usr/local/sbin/e2fsck /dev/wd1i it makes a lot of fixes and then the whole system crashes and drops me to a ddb prompt. Here's some info about the drive, any thoughts or suggestions are much appreciated. Before this happened I didn't see all the dma errors in dmesg: # dmesg |grep wd1 wd1 at pciide0 channel 1 drive 0: Maxtor 6Y060P0 wd1: 16-sector PIO, LBA, 58644MB, 120103200 sectors wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 dkcsum: wd1 matches BIOS drive 0x81 wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1 at pciide0 channel 1 drive 0: Maxtor 6Y060P0 wd1: 16-sector PIO, LBA, 58644MB, 120103200 sectors wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 dkcsum: wd1 matches BIOS drive 0x81 wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1i: DMA error reading fsbn -1030692568 of -1030692568-3 (wd1 bn -1030692505; cn 3238367 tn 13 sn 36), retrying wd1 at pciide0 channel 1 drive 0: Maxtor 6Y060P0 wd1: 16-sector PIO, LBA, 58644MB, 120103200 sectors wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 dkcsum: wd1 matches BIOS drive 0x81 disklabel wd1i: # disklabel wd1i # /dev/rwd1i: type: ESDI disk: ESDI/IDE disk label: Maxtor 6Y060P0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total sectors: 120103200 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] c: 120103200 0 unused 0 0 # Cyl 0 -119149 i: 12010313763 ext2fs # Cyl 0*-119149