Re: Performance problem with CF card on AMD CS5536 IDE
On 2007/12/08 10:59, Antti Harri wrote: anyone figured out where the problem is with OpenBSD CF? Naddy noticed that DMA is only used if the drive supports multi-sector transfers. wd1 at wdc2 channel 0 drive 0: TOSHIBA THNCF512MQG wd1: 1-sector PIO, LBA, 488MB, 1000944 sectors My slow cards are 1-sector, my fast cards are 1.
Re: RS-232 serial PCMCIA cards and/or USB 2.0 serial adapaters
On 2007/12/07 22:31, Theo de Raadt wrote: uark(4) Arkmicro Technologies ARK3116 based USB serial adapter You don't want this one if you might need to send a break. Most I've seen are uplcom (good support in most OS, you'll find some if you search titledescription on ebay for PL2303 or PL-2303) or uark (I've seen both uark and uplcom in the same packaging - translucent blue ends, transparent cable coating - you can't tell much from appearance).
Re: httpdv6
Frank Habicht wrote: [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. can anyone confirm? ( if so i'd send diff for README.v6 - anything else? ) httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. The behaviour can be changed on the command line using the '-4' option (or '-6'). To have your webserver listen on say ports 80 and 443 (assuming you want to use https as well) of all interfaces, you need in your httpd.conf file the following lines: Listen 0.0.0.0 80 Listen 0.0.0.0 443 Listen :: 80 Listen :: 443 This is also needed for the main server configuration. Don't send me a diff for README.v6, I am already working on clarifying a few bits in it. system is current (1day old), httpd.conf.orig from http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/httpd/conf/httpd.conf?rev=1.21content-type=text/plain Thanks, Frank PS: if someone can tell me how to replace the 'lsof' - will be appreciated ;-) you can use 'netstat -an' to display listening ports. [...]
Re: Performance problem with CF card on AMD CS5536 IDE
On Sat, 8 Dec 2007, Stuart Henderson wrote: On 2007/12/08 10:59, Antti Harri wrote: anyone figured out where the problem is with OpenBSD CF? Naddy noticed that DMA is only used if the drive supports multi-sector transfers. wd1 at wdc2 channel 0 drive 0: TOSHIBA THNCF512MQG wd1: 1-sector PIO, LBA, 488MB, 1000944 sectors My slow cards are 1-sector, my fast cards are 1. Ok.. But no ideas why other systems perform better with the same hardware? PS. I can test diffs (and probably a friend of mine too) if someone is working on it. -- Antti Harri
Re: RS-232 serial PCMCIA cards and/or USB 2.0 serial adapaters
On Dec 8, 2007 11:39 AM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/12/07 22:31, Theo de Raadt wrote: uark(4) Arkmicro Technologies ARK3116 based USB serial adapter You don't want this one if you might need to send a break. Most I've seen are uplcom (good support in most OS, you'll find some if you search titledescription on ebay for PL2303 or PL-2303) or uark (I've seen both uark and uplcom in the same packaging - translucent blue ends, transparent cable coating - you can't tell much from appearance). Anyone has succeed in sending a break with an uplcom ? I have the same model you described and it never worked with my unit. -- Mattieu Baptiste /earth is 102% full ... please delete anyone you can.
Re: httpdv6, documentation online
I have put a HTML version of the README content with some clarifications (I hope...) online under the following URL: http://mini.vnode.ch/manual/ipv6.html This is work in progress and I will extend is as needed. The plan is to install this file with the other HTML documentation (if others are fine with that). btw: so far no regressions have been reported.
Re: seeking hardware token recommendations
On Fri, Dec 07, 2007 at 03:23:13PM -0600, K K wrote: the goal is to allow only users with (1) a hardware token and (2) the correct passwords to access services (IMAPS, etc) on openbsd machines. you may want to look at http://www.fatsquirrel.org/veghead/wot/skey.php and its corresponding software for your mobile phone. if this is interesting for you i have a list of similar links; reply offlist i can send these through. some of these are skey based and some are other 2 factor solutions. a+ scorch
Re: RS-232 serial PCMCIA cards and/or USB 2.0 serial adapaters
mufurcz wrote: Greetings, It seems that the dumbing down of laptops is a constant preoccupation/sadistic joy for the laptop manufacturers, and the RS-232/422/485 protocols are destined to be extinct by them. My daily work requires to access a number headless *NIX systems in different places, so I need the missing RS-232 ports on my laptops! Can please, somebody advise me regarding a good quality and reliable well tested RS-232/422 serial PCMCIA card and/or USB 2.0 (to) serial adapters - or I am just day-dreaming?! Theoretically such an (well designed) adapter would work with OpenBSD, Debian, Solaris x86 and Windblown - without installing binary drivers and/or modifying kernel parameters, just simply adding a few16550 UART chips to my laptops. Ioan Thanks for the advise, I guess the Belkin (F5U409-CU) will do for now. The Quatech range of USB 2.0 to serial adapters looks impressive (921.6 kbps, 1024-byte FIFO, hardware and software flow control) but it's very pricey! http://www.quatech.com/catalog/usb_2.0.php Regards, Ioan
Re: Performance problem with CF card on AMD CS5536 IDE
Hi, anyone figured out where the problem is with OpenBSD CF? I got myself a cardbus-CF adapter and tested it, the performance is pretty poor using two cards that worked with Linux (couple of years ago though, when I still had those) about ~6MB/s both reading and writing. The 512M card seemed to perform even more badly than the older 256M card (write ~370kB/s and read ~900kB/s). Kingston 256M: # newfs -t ffs -o time -b 65536 -f 8192 /dev/rwd1a newfs: reduced number of fragments per cylinder group from 7944 to 7936 to enlarge last cylinder group /dev/rwd1a: 248.5MB in 508896 sectors of 512 bytes 5 cylinder groups of 62.00MB, 992 blocks, 2048 inodes each super-block backups (for fsck -b #) at: 128, 127104, 254080, 381056, 508032, # mount /dev/wd1a /mnt/ # cd /mnt/ # dd if=/dev/zero of=test bs=64k count=2500 2500+0 records in 2500+0 records out 16384 bytes transferred in 146.288 secs (1119978 bytes/sec) # dd if=test of=/dev/null bs=64k 2500+0 records in 2500+0 records out 16384 bytes transferred in 133.009 secs (1231789 bytes/sec) During transfer top shows high interrupt: load averages: 2.47, 1.20, 0.88 50 processes: 49 idle, 1 on processor CPU states: 1.8% user, 1.4% nice, 2.8% system, 87.4% interrupt, 6.6% idle Memory: Real: 173M/257M act/tot Free: 302M Swap: 0K/110M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 32682 root -50 404K 212K sleepgetblk0:07 4.64% dd OpenBSD 4.2 (GENERIC) #8: Sat Aug 25 14:21:57 EEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 499 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 603353088 (575MB) avail mem = 574849024 (548MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/30/99, BIOS32 rev. 0 @ 0xfd820, SMBIOS rev. 2.2 @ 0xf7690 (55 entries) bios0: vendor IBM version ITET55WW date 11/30/1999 bios0: IBM 26454EG apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 95% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x800 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9d00/128 (6 entries) pcibios0: PCI Exclusive IRQs: 11 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xc000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Neomagic Magicgraph NM2360 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci0 dev 2 function 0 TI PCI1450 CardBus rev 0x03: irq 11 cbb1 at pci0 dev 2 function 1 TI PCI1450 CardBus rev 0x03: irq 11 ATT/Lucent LTMODEM rev 0x01 at pci0 dev 3 function 0 not configured clcs0 at pci0 dev 6 function 0 Cirrus Logic CS4280/46xx CrystalClear rev 0x01: irq 11 ac97: codec id 0x43525913 (Cirrus Logic CS4297A rev 3) ac97: codec features headphone, 20 bit DAC, 18 bit ADC, Crystal Semi 3D piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02: unable to claim ownership from BIOS, SpeedStep disabled pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: IBM-DTCA-24090 wd0: 16-sector PIO, LBA, 3909MB, 8007552 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-ROM SR-8174, CK20 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x03: SMI iic0 at piixpm0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 isa0 at piixpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt2 at isa0 port 0x3bc/4: polled npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 usb0 at uhci0: USB revision 1.0 uhub0 at usb0: Intel UHCI root hub, rev 1.00/1.00, addr 1 biomask efed netmask efed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support rl0 at cardbus0 dev
Re: httpdv6
Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. OpenBSD and some other BSD's, per default, don't listen on the v4 address (using ::ipv4) when listening on an IPv6 address. This is a good thing. As such you will need to tell apache also to listen on the 'any' address for IPv4 like above. On silly systems like Linux, listening on IPv6 'any' (::) will automatically listen on IPv4 'any', but incoming connections will have an IPv6 socket, with an address of ::a.b.c.d or was it :::a.b.c.d, although it looks handy for quick program conversion from IPv4 to IPv6 (just replace the AF's) this is of course still very annoying as you can't use those addresses in logging programs, who suddenly need to understand that some IPv6 addresses are actually still IPv4 etc. Fortunately there you can also turn it off using net.ipv6.bindv6only = 1 On *BSD you will have to code properly, using separate IPv4 + IPv6 sockets and thus listen for both. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Performance problem with CF card on AMD CS5536 IDE
On 2007/12/08 13:37, Antti Harri wrote: On Sat, 8 Dec 2007, Stuart Henderson wrote: On 2007/12/08 10:59, Antti Harri wrote: anyone figured out where the problem is with OpenBSD CF? Naddy noticed that DMA is only used if the drive supports multi-sector transfers. wd1 at wdc2 channel 0 drive 0: TOSHIBA THNCF512MQG wd1: 1-sector PIO, LBA, 488MB, 1000944 sectors My slow cards are 1-sector, my fast cards are 1. Ok.. But no ideas why other systems perform better with the same hardware? If you try accessing the card on some other OS and see low CPU use while it takes place, it's probably using DMA. But there might well be a reason _why_ we don't do that (other than until recently most IDE/CF weren't even wired for DMA because the lines weren't in older CF spec). PS. I can test diffs (and probably a friend of mine too) if someone is working on it. Due to the type of computer where IDE flash tends to be used, this needs to be done really conservatively, with plenty of testing (lots of machines and cards).
Re: RS-232 serial PCMCIA cards and/or USB 2.0 serial adapaters
* Mattieu Baptiste [EMAIL PROTECTED] [2007-12-08 12:28]: Anyone has succeed in sending a break with an uplcom ? I have the same model you described and it never worked with my unit. all usb-cereals i ever bought (quite a few) turned out to be uplcoms, and sending breaks Just Works on all of them. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Compile jdk-1_5_0_12 on OpenBSD 4.2
Thanks, I think the build system should require xbase42.tgz xshare42.tgz explicit. $ java -version java version 1.5.0_12-p6 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-p6-root_07_dec_2007_22_18) Java HotSpot(TM) Client VM (build 1.5.0_12-p6-root_07_dec_2007_22_18, mixed mode) $ java -server -version java version 1.5.0_12-p6 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-p6-root_07_dec_2007_22_18) Java HotSpot(TM) Server VM (build 1.5.0_12-p6-root_07_dec_2007_22_18, mixed mode) $ java -version java version 1.5.0_13-p7 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13-p7-root_08_dec_2007_20_36) Java HotSpot(TM) Client VM (build 1.5.0_13-p7-root_08_dec_2007_20_36, mixed mode) $ java -server -version java version 1.5.0_13-p7 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13-p7-root_08_dec_2007_20_36) Java HotSpot(TM) Server VM (build 1.5.0_13-p7-root_08_dec_2007_20_36, mixed mode) 2007/12/7, Kurt Miller [EMAIL PROTECTED]: On Friday 07 December 2007 5:15:13 am Dongsheng Song wrote: When I compile jdk from port, after few hours, errors occured: [...] ../../../src/share/native/sun/awt/image/BufImgSurfaceData.c:17: ../../../src/solaris/native/sun/awt/awt.h:20:27: X11/Intrinsic.h: No such file or directory [...] Thanks for some help. The Xorg sets need to be installed to build ports. -Kurt
Re: httpdv6
On 12/8/2007 4:55 PM, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. so the new httpd should, if there's no Listen in httpd.conf, behave same way as if there was Listen :: 80 Listen 0.0.0.0 80 right? Frank
Re: httpdv6
Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. this totally the right way to do it. think of people for a moment that have hostated_flags in /etc/rc.conf.local. They will have to change their config, too. the configuration will have to be changed. people will be warned about this. software that supports IPv4 and IPv6 uses IPv6 by default.
Re: httpdv6
On Sat, Dec 08, 2007 at 02:55:09PM +0100, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. '*' isn't so ambiguous, is it? I agree that this should include v4 and v6. Perhaps :: or 0.0.0.0 can mean one or the other, but * is inclusive. As for fucking everyone, I'd rather have sensible configs going forward rather than mindless backward compatibility, but if that's even an issue here I don't see it. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: httpdv6, documentation online
hopefully it is not running the patched httpdv6 (or is it IPv6 only?): $ lynx http://mini.vnode.ch/manual/ipv6.html Looking up mini.vnode.ch Making HTTP connection to mini.vnode.ch Alert!: Unable to connect to remote host. lynx: Can't access startfile http://mini.vnode.ch/manual/ipv6.html On Sat, Dec 08, 2007 at 10:44:45AM +0100, Marc Balmer wrote: I have put a HTML version of the README content with some clarifications (I hope...) online under the following URL: http://mini.vnode.ch/manual/ipv6.html This is work in progress and I will extend is as needed. The plan is to install this file with the other HTML documentation (if others are fine with that). btw: so far no regressions have been reported.
Re: httpdv6
* Marc Balmer [EMAIL PROTECTED] [2007-12-08 16:07]: Right now I am looking if the code can be changed to make '*:port' a synonym for '0.0.0.0:port', so the old notation would mean IPv4 only. If this is possible, existing config files would continue to work, with IPv4 only. that would be acceptable. the best way would be listening on bith of course. pass in proto tcp to port 80 covers which address family again? :) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 15:50]: so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case or we forget about IPv6 support in httpd for know. I certainly have neither time nor the energy to involve in fights over such a detail. then no v6. what is that for an argument? I have no time/motivation/whatever to do it right, so lets commit it wrong and fuck everyone? nobody is fucked by this. the change to the config is trivial. add -4 to httpd_flags and you are done. no need to even touch httpd.conf.
Re: httpdv6
Henning Brauer wrote: * Frank Habicht [EMAIL PROTECTED] [2007-12-08 15:13]: On 12/8/2007 4:55 PM, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. so the new httpd should, if there's no Listen in httpd.conf, behave same way as if there was Listen :: 80 Listen 0.0.0.0 80 yes. but marcs current patch fails miserably there Just for the record, this is the KAME patch. And it does not fail miserably, it does the right thing.
Re: httpdv6, documentation online
Reyk Floeter wrote: hopefully it is not running the patched httpdv6 (or is it IPv6 only?): $ lynx http://mini.vnode.ch/manual/ipv6.html Looking up mini.vnode.ch Making HTTP connection to mini.vnode.ch Alert!: Unable to connect to remote host. lynx: Can't access startfile http://mini.vnode.ch/manual/ipv6.html hey, this my development box. I run experiments and from time to time it's IPv4 only, IPv6 only etc ;) Depending on what I am trying at the moment. You just hit the wrong time slot ;) It should be fine now. On Sat, Dec 08, 2007 at 10:44:45AM +0100, Marc Balmer wrote: I have put a HTML version of the README content with some clarifications (I hope...) online under the following URL: http://mini.vnode.ch/manual/ipv6.html This is work in progress and I will extend is as needed. The plan is to install this file with the other HTML documentation (if others are fine with that). btw: so far no regressions have been reported.
Re: httpdv6
Marc Balmer wrote: Marc Balmer wrote: Darrin Chandler wrote: On Sat, Dec 08, 2007 at 02:55:09PM +0100, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. '*' isn't so ambiguous, is it? I agree that this should include v4 and v6. Perhaps :: or 0.0.0.0 can mean one or the other, but * is inclusive. As for fucking everyone, I'd rather have sensible configs going forward rather than mindless backward compatibility, but if that's even an issue here I don't see it. it would mean code changes for which I have not time right now. the unspecified address is 0.0.0.0 for IPv4 and :: for IPv6. '*' is ambigous and it makes no sense to assume '0.0.0.0' and '::' if a user specifies '*'. This could lead to security problems if someone would not be aware that this uses both address families. I am strongly in favour of a notation that makes it totally clear wich address family is meant. so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case or we forget about IPv6 support in httpd for know. I certainly have neither time nor the energy to involve in fights over such a detail. The config change is trivial, small and painless and can be well documented. Right now I am looking if the code can be changed to make '*:port' a synonym for '0.0.0.0:port', so the old notation would mean IPv4 only. If this is possible, existing config files would continue to work, with IPv4 only. I concluded that this is a very, very, bad idea.
why is /var/named/standard/root.hint not updated in -stable?
I've just finished updating a 4.2-stable system by following the instructions at http://www.openbsd.org/anoncvs.html: # cd /usr/src # cvs -d $CVSROOT -q update -rOPENBSD_4_2 -Pd echo $CVSROOT JT.CVS.timestamp ? JT.CVS.timestamp ? JT.CVSROOT.de ? xenocara P etc/bind/root.hint P sys/net/pf.c P usr.sbin/bind/lib/dns/rootns.c # then rebuilding the kernel, rebooting, and rebuilding userland, as per http://www.openbsd.org/stable.html My question is, why is it that the rebuild-userland process doesn't copy the new /usr/src/etc/bind/root.hint to /var/named/standard/ ? (I checked, and everything in /var/named/standard/ still has Aug 28 17:00 timestamps, and inode-change times from when I installed 4.2-release before moving to -stable.) Looking at /usr/src/usr.sbin/bind/lib/dns/rootns.c I can see that the root-nameservers data is embedded in the source code, but why is it that we don't keep the /var/named/standard/root.hint file in sync with this in -stable? [My reason for asking is partly idle curiosity (n.b. there's a cat sitting across the room watching me!), and partly practical: I also have a firewall running 4.2-stable, originally installed via 'make release' on my main system, and I'm trying to figure out what to update on the firewall. Given the above cvs-update logs, I clearly need to update the firewall's kernel and /usr/sbin/named, but what about the firewall's /var/named/standard/root.hint ? -- -- Jonathan Thornburg (remove -animal to reply) [EMAIL PROTECTED] School of Mathematics, U of Southampton, England Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam
Re: httpdv6, documentation online
On Sat, Dec 08, 2007 at 04:56:24PM +0100, Marc Balmer wrote: hey, this my development box. I run experiments and from time to time it's IPv4 only, IPv6 only etc ;) Depending on what I am trying at the moment. You just hit the wrong time slot ;) It should be fine now. :) i'm just kidding... reyk
Re: httpdv6
* Marc Balmer [EMAIL PROTECTED] [2007-12-08 15:29]: Henning Brauer wrote: * Jeroen Massar [EMAIL PROTECTED] [2007-12-08 09:49]: Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. wait. if an existing OpenBSD installation with existing httpd.conf gets upgraded (without changing the httpd.conf) and after that the httpd suddenly only listens on v6 and not v4 any more, then the patch is wrong. here, a change to the software requires a change in the configuration as well. In this case it is well documented and the change is trivial. and we have enough ways to teach users about it. bullshit. the diff is plain wrong and willfuck users. and the fix is so obvious and reasonably easy... (no af specified = both, OF COURSE) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
Linus Swdlas wrote: On Sat, 08 Dec 2007 15:41:36 +0100, Marc Balmer [EMAIL PROTECTED] wrote: the unspecified address is 0.0.0.0 for IPv4 and :: for IPv6. '*' is ambigous and it makes no sense to assume '0.0.0.0' and '::' if a user specifies '*'. This could lead to security problems if someone would not be aware that this uses both address families. I am strongly in favour of a notation that makes it totally clear wich address family is meant. I intuitivly feel that * means IPv4 and IPv6, although I agree on the security problem issue. * means all addresses in the default address family. and with this diff, that means all IPv6 addresses. The default can be changed on the command line using the -4 and -6 options (or by being explicit in the config file). Using IPv4 as the default address family in IPv6 capable software is wrong. so making '*:port' a synonym for '0.0.0.0:port' is wrong. the flag is simple enough: if you do not want to change your config files, you just change your /etc/rc.conf.local file: httpd_flags=whatever becomes httpd_flags-4 whatever This should not be to much of a burden for someone upgrading a system (which usually means changing other stuff, too) so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case How about ditching support for * and just support 0.0.0.0:port and ::port? Anyone who agrees on this? No way people can mess that up right? The config change is trivial, small and painless and can be well documented. In case someone else agrees with me, would the change I proposed also be trivial? Regards / Linus
Re: httpdv6
* Jeroen Massar [EMAIL PROTECTED] [2007-12-08 09:49]: Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. wait. if an existing OpenBSD installation with existing httpd.conf gets upgraded (without changing the httpd.conf) and after that the httpd suddenly only listens on v6 and not v4 any more, then the patch is wrong. (and just for the record, the rest of your explanation is totally right) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
* Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
On Sat, Dec 08, 2007 at 03:41:36PM +0100, Marc Balmer wrote: it would mean code changes for which I have not time right now. the unspecified address is 0.0.0.0 for IPv4 and :: for IPv6. '*' is ambigous and it makes no sense to assume '0.0.0.0' and '::' if a user specifies '*'. This could lead to security problems if someone would not be aware that this uses both address families. I am strongly in favour of a notation that makes it totally clear wich address family is meant. so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case or we forget about IPv6 support in httpd for know. I certainly have neither time nor the energy to involve in fights over such a detail. No fighting here, just thoughts on what would suprise *me* least. The config change is trivial, small and painless and can be well documented. As I said before, good configs going forward makes me happiest. These changes are simple enough and can get a big note in install/upgrade instructions. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: httpdv6
Henning Brauer wrote: * Todd T. Fries [EMAIL PROTECTED] [2007-12-08 16:06]: I think you need to realize what you are saying is misleading at best. not at all, you miss the point. Yes this diff creates a mini flag day for httpd's conf file which is absolutely not needed and stupid. * means v6? c'mon. nowhere, no RFC nor anything else defines that '*' should mean unspecified addresses in _all_ address families. the only thing clear is 0.0.0.0 for IPv4 and :: for IPv6. The rest is by convention. and the convention should be that * means 0.0.0.0 for IPv4 only stacks and :: for dual or IPv6 stacks.
Re: httpdv6
On Sat, 8 Dec 2007, Marc Balmer wrote: * means all addresses in the default address family. and with this diff, that means all IPv6 addresses. The default can be changed on the command line using the -4 and -6 options (or by being explicit in the config file). Using IPv4 as the default address family in IPv6 capable software is wrong. so making '*:port' a synonym for '0.0.0.0:port' is wrong. the flag is simple enough: if you do not want to change your config files, you just change your /etc/rc.conf.local file: httpd_flags=whatever becomes httpd_flags-4 whatever This should not be to much of a burden for someone upgrading a system (which usually means changing other stuff, too) IMHO * means include everything, that is, V4 and V6 so I kind of agree with Darrin and Henning. (not that my words mean dick) :-) -- Antti Harri
Re: httpdv6
Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 16:07]: Right now I am looking if the code can be changed to make '*:port' a synonym for '0.0.0.0:port', so the old notation would mean IPv4 only. If this is possible, existing config files would continue to work, with IPv4 only. that would be acceptable. the best way would be listening on bith of course. pass in proto tcp to port 80 covers which address family again? :) The whole problem boils down to the question what an asterisk in OpenBSD mean. Does '*' mean 0.0.0.0 _and_ :: or does it mean an AF dependend default? Does '*' make sense at all? sshd has #ListenAddress 0.0.0.0 #ListenAddress :: and thus is explicit. In my opinion we should not use the ambigous '*' at all, in all daemons.
Re: httpdv6
Linus Swdlas [EMAIL PROTECTED] wrote: I intuitivly feel that * means IPv4 and IPv6, That's the way it is in ntpd(8). -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: httpdv6
Antti Harri wrote: On Sat, 8 Dec 2007, Marc Balmer wrote: * means all addresses in the default address family. and with this diff, that means all IPv6 addresses. The default can be changed on the command line using the -4 and -6 options (or by being explicit in the config file). Using IPv4 as the default address family in IPv6 capable software is wrong. so making '*:port' a synonym for '0.0.0.0:port' is wrong. the flag is simple enough: if you do not want to change your config files, you just change your /etc/rc.conf.local file: httpd_flags=whatever becomes httpd_flags-4 whatever This should not be to much of a burden for someone upgrading a system (which usually means changing other stuff, too) IMHO * means include everything, that is, V4 and V6 so I kind of agree with Darrin and Henning. (not that my words mean dick) :-) well, and now send me a diff please ;) I just notice that our daemons seem not to handle '*' in an unambigous way and probably not all daemons support it. I think if we support '*' it should behave the same in all daemons (even if that means that the current httpd IPv6 has to be changed.)
Re: httpdv6
Frank Habicht wrote: On 12/8/2007 4:55 PM, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. so the new httpd should, if there's no Listen in httpd.conf, behave same way as if there was Listen :: 80 Listen 0.0.0.0 80 not imo. it should do what the user configures it to do. right? Frank
Re: httpdv6
Henning Brauer wrote: * Jeroen Massar [EMAIL PROTECTED] [2007-12-08 09:49]: Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. wait. if an existing OpenBSD installation with existing httpd.conf gets upgraded (without changing the httpd.conf) and after that the httpd suddenly only listens on v6 and not v4 any more, then the patch is wrong. here, a change to the software requires a change in the configuration as well. In this case it is well documented and the change is trivial. and we have enough ways to teach users about it. (and just for the record, the rest of your explanation is totally right)
Re: [OT] Signing messages: S/MIME vs OpenPGP ?
Benjamin M. A'Lee-2 wrote: Also I assume you mean MUA, not MTA, since I don't know of any MTAs that directly support either PGP or S/MIME... Ben Yes, sorry, it was late, I was tired, but at least I was consistently wrong ;) -- View this message in context: http://www.nabble.com/-OT--Signing-messages%3A-S-MIME-vs-OpenPGP---tf4965442.html#a14228844 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: httpdv6
Darrin Chandler wrote: On Sat, Dec 08, 2007 at 02:55:09PM +0100, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. '*' isn't so ambiguous, is it? I agree that this should include v4 and v6. Perhaps :: or 0.0.0.0 can mean one or the other, but * is inclusive. As for fucking everyone, I'd rather have sensible configs going forward rather than mindless backward compatibility, but if that's even an issue here I don't see it. it would mean code changes for which I have not time right now. the unspecified address is 0.0.0.0 for IPv4 and :: for IPv6. '*' is ambigous and it makes no sense to assume '0.0.0.0' and '::' if a user specifies '*'. This could lead to security problems if someone would not be aware that this uses both address families. I am strongly in favour of a notation that makes it totally clear wich address family is meant. so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case or we forget about IPv6 support in httpd for know. I certainly have neither time nor the energy to involve in fights over such a detail. The config change is trivial, small and painless and can be well documented.
Re: httpdv6
Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 15:29]: Henning Brauer wrote: * Jeroen Massar [EMAIL PROTECTED] [2007-12-08 09:49]: Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. wait. if an existing OpenBSD installation with existing httpd.conf gets upgraded (without changing the httpd.conf) and after that the httpd suddenly only listens on v6 and not v4 any more, then the patch is wrong. here, a change to the software requires a change in the configuration as well. In this case it is well documented and the change is trivial. and we have enough ways to teach users about it. bullshit. the diff is plain wrong and willfuck users. and the fix is so obvious and reasonably easy... (no af specified = both, OF COURSE) This diff assumes IPv6 as default if no AF is specified, this is what is expected from IPv6 software and what the original authors intended, The change is so trivial that this will not fuck any users.
Re: httpdv6
* Marc Balmer [EMAIL PROTECTED] [2007-12-08 15:50]: so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case or we forget about IPv6 support in httpd for know. I certainly have neither time nor the energy to involve in fights over such a detail. then no v6. what is that for an argument? I have no time/motivation/whatever to do it right, so lets commit it wrong and fuck everyone? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
Henning, I think you need to realize what you are saying is misleading at best. The v6 diff permits you to start listening on v6 _only_ if you specify a Listen directive that contains a v6 address, including but not limited to, a wildcard v6 address: :: . The v6 diff changes the misleading *:80 format to 0.0.0.0 80 _and/or_ :: 80, you may choose not to listen on v6 by omitting the Listen :: 80 and simply modify your Listen *:80 to be the more clear format: Listen 0.0.0.0 80 Yes this diff creates a mini flag day for httpd's conf file and some modules (I myself have run unmodified php modules with a v6 httpd, but I do not recommend it). I believe this is more than worth the v6 support. Do you have a diff to add v6 to httpd that is not objectionable to you? The diff Marc Balmer is presenting I have run in an earlier form on my production colo for a few years now. Kudos to him for taking it to the next level, lots of people will find this beneficial, I personally want to see this in, it is time httpd supported v6. Thanks, -- Todd Fries .. [EMAIL PROTECTED] _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Henning Brauer on 20071208 14:55.09, we have: | * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: | httpd with IPv6 support uses IPv6 addresses for ambigious constructs. | That is documented in the httpd(8) manpage. | | that is completely wrong and disqualifies this patch. | you are fucking everybody for no good reason, as suddenly their httpds | will only listen on v6. | | -- | Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] | BS Web Services, http://bsws.de | Full-Service ISP - Secure Hosting, Mail and DNS Services | Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
On Sat, 08 Dec 2007 15:41:36 +0100, Marc Balmer [EMAIL PROTECTED] wrote: the unspecified address is 0.0.0.0 for IPv4 and :: for IPv6. '*' is ambigous and it makes no sense to assume '0.0.0.0' and '::' if a user specifies '*'. This could lead to security problems if someone would not be aware that this uses both address families. I am strongly in favour of a notation that makes it totally clear wich address family is meant. I intuitivly feel that * means IPv4 and IPv6, although I agree on the security problem issue. so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case How about ditching support for * and just support 0.0.0.0:port and ::port? Anyone who agrees on this? No way people can mess that up right? The config change is trivial, small and painless and can be well documented. In case someone else agrees with me, would the change I proposed also be trivial? Regards / Linus -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Re: httpdv6
Marc Balmer wrote: Darrin Chandler wrote: On Sat, Dec 08, 2007 at 02:55:09PM +0100, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. '*' isn't so ambiguous, is it? I agree that this should include v4 and v6. Perhaps :: or 0.0.0.0 can mean one or the other, but * is inclusive. As for fucking everyone, I'd rather have sensible configs going forward rather than mindless backward compatibility, but if that's even an issue here I don't see it. it would mean code changes for which I have not time right now. the unspecified address is 0.0.0.0 for IPv4 and :: for IPv6. '*' is ambigous and it makes no sense to assume '0.0.0.0' and '::' if a user specifies '*'. This could lead to security problems if someone would not be aware that this uses both address families. I am strongly in favour of a notation that makes it totally clear wich address family is meant. so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case or we forget about IPv6 support in httpd for know. I certainly have neither time nor the energy to involve in fights over such a detail. The config change is trivial, small and painless and can be well documented. Right now I am looking if the code can be changed to make '*:port' a synonym for '0.0.0.0:port', so the old notation would mean IPv4 only. If this is possible, existing config files would continue to work, with IPv4 only.
error cksum: out of data with current
Hi, I am reporting a problem with one of our firewalls. We are using carp. Yesterday nagios told me that this firewalls is out. First ssh was unavailable and a few hours later it did not even replied to ping! (In fact it replied, but with a large packet loss so about 80% of the packets was lost.) Today I had a chance to take a look and the console was full of cksum: out of data messages. Pressing enter revealed the login prompt, but it was impossible to log in because I get Internal resource error (I did not remember the message correctly.) I cound not even properly reboot the server, so I had to reset. After reboot every few minutes I get these messages, so I upgraded to the latest snapshot I a hope the it will be cure for all my problems. Well actually it is not. I include my dmesg. The other machine still runs fine on a same hw as this one it is: OpenBSD somehost.ppke.hu 4.2 GENERIC#433 i386 If you have any idea how to move forward please tell me. This is the ill one: OpenBSD 4.2-current (GENERIC) #558: Tue Nov 20 10:36:15 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.66 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 1073225728 (1023MB) avail mem = 1029914624 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/11/04, BIOS32 rev. 0 @ 0xfdb54, SMBIOS rev. 2.3 @ 0xf1260 (73 entries) bios0: vendor Intel Corporation version SWV25.86B.0218.P28.0405111912 date 05/11/2004 bios0: Intel SE7501WV2S pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3630/336 (19 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801CA LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x9e00 0xd2000/0x1000 0xd3000/0x1000 acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC OEMR acpi0: wakeup devices PS2M(S1) PS2K(S1) UAR1(S5) UAR2(S5) USB1(S1) USB2(S1) SMB0(S1) P0P1(S5) P5P6(S5) P5P7(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 3 (P5P6) acpiprt3 at acpi0: bus 4 (P5P7) acpiec0 at acpi0 acpicpu0 at acpi0 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 irq 0 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7501 MCH Host rev 0x01 Intel E7500 DRAM rev 0x01 at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 3 function 0 Intel E7500 MCH rev 0x01 pci1 at ppb0 bus 2 Intel 82870P2 IOxAPIC rev 0x04 at pci1 dev 28 function 0 not configured ppb1 at pci1 dev 29 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci2 at ppb1 bus 4 ahd0 at pci2 dev 7 function 0 Adaptec AIC-7902 U320 rev 0x03: irq 9 ahd0: aic7902, U320 Wide Channel A, SCSI Id=7, PCI-X 67-100MHz, 512 SCBs scsibus0 at ahd0: 16 targets ahd1 at pci2 dev 7 function 1 Adaptec AIC-7902 U320 rev 0x03: irq 9 ahd1: aic7902, U320 Wide Channel B, SCSI Id=7, PCI-X 67-100MHz, 512 SCBs scsibus1 at ahd1: 16 targets sd0 at scsibus1 targ 0 lun 0: FUJITSU, MAP3367NC, 0108 SCSI3 0/direct fixed sd0: 35046MB, 48122 cyl, 2 head, 745 sec, 512 bytes/sec, 71775284 sec total sd1 at scsibus1 targ 1 lun 0: FUJITSU, MAP3367NC, 0108 SCSI3 0/direct fixed sd1: 35046MB, 48122 cyl, 2 head, 745 sec, 512 bytes/sec, 71775284 sec total safte0 at scsibus1 targ 6 lun 0: ESG-SHV, SCA HSBP M22, 0.06 SCSI2 3/processor fixed Intel 82870P2 IOxAPIC rev 0x04 at pci1 dev 30 function 0 not configured ppb2 at pci1 dev 31 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci3 at ppb2 bus 3 em0 at pci3 dev 7 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq 9, address 00:0e:0c:30:a1:34 em1 at pci3 dev 7 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq 9, address 00:0e:0c:30:a1:35 fxp0 at pci3 dev 8 function 0 Intel 8255x rev 0x0c, i82550: irq 9, address 00:02:b3:f0:5a:cb inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 em2 at pci3 dev 9 function 0 Intel PRO/1000MT (82545EM) rev 0x01: irq 9, address 00:07:e9:1b:5a:b1 Intel E7500 MCH rev 0x01 at pci0 dev 3 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801CA/CAM USB rev 0x02: irq 9 uhci1 at pci0 dev 29 function 1 Intel 82801CA/CAM USB rev 0x02: irq 10 ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x42 pci4 at ppb3 bus 1 vga1 at pci4 dev 12 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801CA LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801CA IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: SAMSUNG, CD-ROM SN-124, N102 SCSI0 5/cdrom removable
Re: httpdv6
* Frank Habicht [EMAIL PROTECTED] [2007-12-08 15:13]: On 12/8/2007 4:55 PM, Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 09:51]: httpd with IPv6 support uses IPv6 addresses for ambigious constructs. That is documented in the httpd(8) manpage. that is completely wrong and disqualifies this patch. you are fucking everybody for no good reason, as suddenly their httpds will only listen on v6. so the new httpd should, if there's no Listen in httpd.conf, behave same way as if there was Listen :: 80 Listen 0.0.0.0 80 yes. but marcs current patch fails miserably there -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: httpdv6
* Todd T. Fries [EMAIL PROTECTED] [2007-12-08 16:06]: I think you need to realize what you are saying is misleading at best. not at all, you miss the point. Yes this diff creates a mini flag day for httpd's conf file which is absolutely not needed and stupid. * means v6? c'mon. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Intel(R) Core(TM)2 Duo CPU E6550 freeze on core 2 duo
On Thu, 6 Dec 2007, Constantine A. Murenin wrote: On 06/12/2007, Benoit Chesneau [EMAIL PROTECTED] wrote: Hi all, HAve currently problem with a server based on Intel(R) Core(TM)2 Duo CPU E6550 with a Realtek 8168 ( re(4) ). It freeze after some random time. I don't know why. No log about it. I tried to : - enable acpi - force the carde in 100baseTX But without any success yet. Hard to test anyway because this is a remote machine and can't check it from the rescue mode since this rescue mode is under freebsd. Any idee ? Anyone used such machine yet ? Here is a dmesg : http://babilu.metavers.net/dmesg/dmesg_enlil_20071206.txt http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/21/349821 http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5504 No patch yet. As these boxes are pretty popular, if someone writes one, they'll be a hero. :) For me it helped to keep away the multicast traffic from the interface. A notebook with Ubuntu Linux was sending UDP packets to 224.0.0.251:5353 causing the machine to freeze when the first of these packets arrived. Blocking these on the bridge between my LAN and the VPN over WLAN connection was the cure here. Best regards, Markus
Bonus poklon i ove nedelje - USB Flash 4GB
Igraj se i osvoji... Top Shop Kako do bonus nagrade? Lako! Ukljucite jos prijatelja. Transcend USB Flash 4GB Ponovo smo odlucili da vas iznenadimo! Ucesnik koji pozove najveci broj prijatelja do 20. decembra - dobija USB flash memoriju od 4GB kao bonus poklon za prijateljstvo. Imamo i prvog dobitnika bonus nagrade! Nagradu iznenaÄenja - MP3 Player osvojila je Snezana Cejovic iz Beograda. Ipak, borba za glavne poklone jos traje. Ponovo sabiramo rezultate i postavljamo novo pitanje za 60 poena... 6. Slogan Top Shopâa je: A. Kupovina iz kade Klikom na jedan od odgovora, neposredno se ukljucujete u nagradnu igru. Kako biste saznali vise o osvajanju dodatnih bodova i pravilima igre, kliknite ovde. B. Kupovina iz fotelje C. Kupovina iz ljubavi Dosadasnji broj Tvojih poena je: 0 A ako taÄno odgovoriÅ¡ on Äe biti uveÄan za joÅ¡ 60 poena. I naravno -pozivaj prijatelje i osvajaj dodatne bodove, jer USB Flash memorija od 4GB moze biti basTvoja! A na kraju - ucesnici sa najvise bodova dobijaju: Poklon #1: SAMSUNG LCD TV Poklon #2: SONY digitalna kamera Poklon #3: Walkman mobilni telefon I to nije sve! Svakog ucesnika, po zavrsetku igre ocekuje poklon e-knjiga: Ljubav, zdravlje i jos ponesto Ali ni to nije sve ... JoÅ¡ samo do 25. decembra mozete ostvariti bonus od 10% popusta na specijalno odabrane proizvode: Kleen Kut mokro suvi brijaÄ Space Bag 7 Set vakumske vreÄe Velform Smile + POKLON Steralite Kleen Kut Space Bag Veform Smile - 10% popusta! [ ViÅ¡e informacija ] - 10% popusta! [ ViÅ¡e informacija ] - 10% popusta! [ ViÅ¡e informacija ] Heljda Natural Dream jastuk punjen heljdom Steam Gourmet set za kuvanje na pari Paint Runner valjak za kreÄenje Heljda Natural Pillow Steam Gourmet Paint Runner - 10% popusta! [ ViÅ¡e informacija ] - 10% popusta! [ ViÅ¡e informacija ] - 10% popusta! [ ViÅ¡e informacija ] Ovu elektronsku postu primate, ukoliko ste svojevoljno ostavili svoju e-mail adresu na nekom od sajtova Top Shop-a ili se prijavili za e-casopis Top Shop-a ili nekog od nasih brendova. Ukoliko ne zelite vise da primate nase elektronske poruke, za odjavljivanje sa nase e-mailing liste, kliknite ovde. i ostavite svoje podatke. Studio Moderna d.o.o., Laze Nancica 50, 21000 Novi Sad, Tel: 021 489 26 60, Fax: 021 489 26 08, E-mail: [EMAIL PROTECTED] [IMAGE]
Re: why is /var/named/standard/root.hint not updated in -stable?
My question is, why is it that the rebuild-userland process doesn't copy the new /usr/src/etc/bind/root.hint to /var/named/standard/ ? The build process does not install files which are generically considered configuration files. Those are installed using a different target called distribution. However that distribution concept carries everything from this file which could be edited by someone to the password file ... so you do not want to run this by hand. Basically the build processes matches what we do: 1) rebuild our system binaries as we move forward 2) build snapshots It obviously has no support specifically for what you want. If such support was added, I bet it would rot very fast indeed.
Re: httpdv6
On Sat, 08 Dec 2007 16:23:55 +0100, Marc Balmer [EMAIL PROTECTED] wrote: so either people live with the fact that *:port becomes 0.0.0.0:port for the IPv4 case and ::port for the IPv6 case How about ditching support for * and just support 0.0.0.0:port and ::port? Anyone who agrees on this? No way people can mess that up right? The config change is trivial, small and painless and can be well documented. In case someone else agrees with me, would the change I proposed also be trivial? In my opinion we should not use the ambigous '*' at all, in all daemons. So, at least someone agrees. ;) -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Re: httpdv6
Hi. On Sat, 8 Dec 2007, Marc Balmer wrote: well, and now send me a diff please ;) You're the one sending ipv6-enabled Apache-patches, not I :-) Even though I used it for years (some time with ipv6 access enabled) I am not using it currently, www/lighttpd fits *currently* my needs better.. :-) I just notice that our daemons seem not to handle '*' in an unambigous way and probably not all daemons support it. I think if we support '*' it should behave the same in all daemons (even if that means that the current httpd IPv6 has to be changed.) I agree with you that consistency is good. -- Antti Harri
hoststated is dead, long lives relayd!
hi! as you probably noticed, hoststated got renamed to relayd to reflect the enhanced scope of the daemon. i also used the chance to do significat changes to the configuration language. we may do a few more changes with the goal to get something that is extensible, nice, and consistent. this is the final name change for a tool that became very powerful and grew out of its roots, hopefully. if you run the OpenBSD upgrade process, it will keep the old hoststated/hoststatectl binaries, which allows you to keep the old configuration while you're migrating from hoststated.conf to the new relayd.conf format. but i strongly advise to get rid of grumpy old hoststated! to get an impression about the language changes, have a look at relayd.conf(5), see src/etc/relayd.conf, and view the differences in the OpenBSD CVS tree with: cvs diff -Nup -r1.10 -r1.11 src/etc/relayd.conf (it will take some time to sync it to the anoncvs servers). reyk --- CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2007/12/08 10:07:09 Modified files: etc: relayd.conf usr.sbin/relayd: parse.y relay.c relayd.8 relayd.c relayd.conf.5 relayd.h usr.sbin/relayctl: relayctl.8 Log message: some changes to the relayd.conf configuration language and grammar. the tables will look more like pf tables, it is easier to re-use tables with different options, services will become redirections (they refer to rdr pf rules), sync configuration directives of redirect (l3, ex-service) relay (l7) sections (for example virtual host will become listen on), all target definitions will start with forward to, etc. pp. (see relay.conf(5) and etc/relayd.conf) discussed with pyr and deraadt ok pyr@ CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2007/12/07 10:27:07 Removed files: usr.sbin/hoststatectl: Makefile hoststatectl.8 hoststatectl.c parser.c parser.h usr.sbin/hoststated: Makefile buffer.c carp.c check_icmp.c check_script.c check_tcp.c control.c hce.c hoststated.8 hoststated.c hoststated.conf.5 hoststated.h imsg.c log.c name2id.c parse.y pfe.c pfe_filter.c relay.c relay_udp.c ssl.c ssl_privsep.c Log message: hoststated/hoststatectl get repository copied (and de-tagged) into relayd/relayctl. This is a more suitable place for a daemon that has grown out of it's initial roots of monitoring and redirecting services at various layers, into one that is a full featured proxy, which happens to know what is up/down ---
Re: hoststated is dead, long lives relayd!
All this is great. I have one question n this, that I am not able to get a clear answer on. May be it's totally stupid and if so, just let me know as such and I would even appreciate that. So far looks like all the setup are design to be with relayd in from and all traffic going through a box running relayd and then accessing boxes behind it. I am trying to find ways to actually have relayd do what it does but not having to have the traffic going through it, but redirect by it as a traffic director instead. Doesn't look likes all examples show any setup like that. Is it possible, doable, or stupid to try doing so. I would much prefer, if possible for example having one relayd redirect web traffic for example to a series of boxes that could reply directly to the end users instead of having to come back through relayd box to be sent back to the users. It would allow for example to spread the load between boxes that are located in different data center instead of all on the same boxes behind the relayd in the same data center. And even if the boxes are in the same data center, it would allow to have that box reply directly to the end users without the need to carry all the traffic through it. I hope my details is understandable, if not, I can do some design to illustrate it. Best, Daniel
Re: hoststated is dead, long lives relayd!
On Sat, Dec 08, 2007 at 01:03:42PM -0500, Daniel Ouellet wrote: I would much prefer, if possible for example having one relayd redirect web traffic for example to a series of boxes that could reply directly to the end users instead of having to come back through relayd box to be sent back to the users. this is known as direct server return / DSR and is not yet supported. we may add support for it in the future, but it is not very easy to do. reyk
Re: httpdv6
On Sat, 8 Dec 2007, Marc Balmer wrote: Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 15:29]: Henning Brauer wrote: * Jeroen Massar [EMAIL PROTECTED] [2007-12-08 09:49]: Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. wait. if an existing OpenBSD installation with existing httpd.conf gets upgraded (without changing the httpd.conf) and after that the httpd suddenly only listens on v6 and not v4 any more, then the patch is wrong. here, a change to the software requires a change in the configuration as well. In this case it is well documented and the change is trivial. and we have enough ways to teach users about it. bullshit. the diff is plain wrong and willfuck users. and the fix is so obvious and reasonably easy... (no af specified = both, OF COURSE) This diff assumes IPv6 as default if no AF is specified, this is what is expected from IPv6 software and what the original authors intended, This is the problem. You are trying to switch a daemon to be IPv6 centric when the majority of our users doesn't use IPv6. I can understand that KAME has that agenda but I dont think OpenBSD should. It is like we should have disabled SSHv1 the same moment we implemented SSHv2 in OpenSSH. The change is so trivial that this will not fuck any users. Get real... I have no problems with it listening on both. But one might change the example config file to not use the * syntax. -moj
Re: [OT] Signing messages: S/MIME vs OpenPGP ?
Most companies tend to prefer the B2C model, where they send you an email telling you that they have a secured email for you at their website. This way they can maintain full control over those messages, including revoking it. Just look at banks and healthcare for examples. On 12/7/07, new_guy [EMAIL PROTECTED] wrote: viq-2 wrote: Disclaimer Q: Why bother signing messages at all? A: Because I feel like it. Yes, I know inline signing is frowned upon, and MIME won't make it do the list, but that's besides the point as well. /Disclaimer So, having gotten that out of the way, do you have any opinions on either? The architecture behind it, the technology being used, social implications, and so on. Which one would you choose, and why? Who would you get your keys signed by? I just thought I'd ask, seeing as there seem to be at least a few people with knowledge backing up opinions on similiar subjects. -- viq S/MIME is much more complex (IMO), but you'll find that more MTA's support it. One can also get free Thawte certs for signing/encrypting (but I think they are mostly intended for sigs as they expire yearly). Lots of organization set-up their own CAs (colleges do this often) downside to this is that the certs/sigs are only recognized internally so outside the institution the sigs are useless... that's where something like the Thawte certs come into play. But, then you have the Web of Trust (WOT) and need to find WOT notaries to confirm your ID so that you can get so many points... enough to actually attach a name to the email, national ID, etc. Is your head spinning yet? S/MIME *is* complex! Personally, I like PGP much better as it's much simpler (IMO). It's been around awhile (1991) as has been thoroughly tested. Gnupg has come a long way too... works just as well on Windows as it does on OpenBSD and Linux now. More problems with MTA's. Initial setup can be awkward for non-technical users. Backup the private keys, gen revoke certs, etc. It seems that most companies use PGP to sign stuff, while individuals may be more inclined to use S/MIME for MTA reasons. I use both, but prefer PGP for the simplicity. Just my 2 cents, Brad -- View this message in context: http://www.nabble.com/-OT--Signing-messages%3A-S-MIME-vs-OpenPGP---tf4965442.html#a14225222 Sent from the openbsd user - misc mailing list archive at Nabble.com. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford
Re: httpdv6
Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 I did put up a new diff on http://mini.vnode.ch/diffs/ that makes IPv6 totally optional. If you don't change anything, nothing will change in behaviour. If you want IPv6 be the default, use -6 on the command line. Expressions like '*:port' will then use IPv6. If you want to use IPv6 addresses, use ':: port' where appropriate. my test suggests even without vhosts these are needed to run both v4 and v6. can anyone confirm? ( if so i'd send diff for README.v6 - anything else? ) system is current (1day old), httpd.conf.orig from http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/httpd/conf/httpd.conf?rev=1.21content-type=text/plain Thanks, Frank PS: if someone can tell me how to replace the 'lsof' - will be appreciated ;-) [EMAIL PROTECTED] /var/www/conf $ sudo cp httpd.conf.orig httpd.conf [EMAIL PROTECTED] /var/www/conf $ sudo apachectl restart /usr/sbin/apachectl restart: httpd restarted [EMAIL PROTECTED] /var/www/conf $ sudo lsof -i -n -P | grep httpd httpd 3912 www 17u IPv6 0xd8663008 0t0 TCP *:80 (LISTEN) httpd 7887 www 17u IPv6 0xd8663008 0t0 TCP *:80 (LISTEN) httpd 9134 www 17u IPv6 0xd8663008 0t0 TCP *:80 (LISTEN) httpd21258 www 17u IPv6 0xd8663008 0t0 TCP *:80 (LISTEN) httpd22168 www 17u IPv6 0xd8663008 0t0 TCP *:80 (LISTEN) httpd23865 www 17u IPv6 0xd8663008 0t0 TCP *:80 (LISTEN) # vi httpd.conf [EMAIL PROTECTED] /var/www/conf $ diff httpd.conf httpd.conf.orig 188,189d187 Listen :: 80 Listen 0.0.0.0 80 [EMAIL PROTECTED] /var/www/conf $ sudo apachectl restart /usr/sbin/apachectl restart: httpd restarted [EMAIL PROTECTED] /var/www/conf $ sudo lsof -i -n -P | grep httpd httpd11048 www 16u IPv4 0xd8663008 0t0 TCP *:80 (LISTEN) httpd11048 www 17u IPv6 0xd8663328 0t0 TCP *:80 (LISTEN) httpd11430 www 16u IPv4 0xd8663008 0t0 TCP *:80 (LISTEN) httpd11430 www 17u IPv6 0xd8663328 0t0 TCP *:80 (LISTEN) httpd15586 www 16u IPv4 0xd8663008 0t0 TCP *:80 (LISTEN) httpd15586 www 17u IPv6 0xd8663328 0t0 TCP *:80 (LISTEN) httpd20686 www 16u IPv4 0xd8663008 0t0 TCP *:80 (LISTEN) httpd20686 www 17u IPv6 0xd8663328 0t0 TCP *:80 (LISTEN) httpd23160 www 16u IPv4 0xd8663008 0t0 TCP *:80 (LISTEN) httpd23160 www 17u IPv6 0xd8663328 0t0 TCP *:80 (LISTEN) httpd27443 www 16u IPv4 0xd8663008 0t0 TCP *:80 (LISTEN) httpd27443 www 17u IPv6 0xd8663328 0t0 TCP *:80 (LISTEN) [EMAIL PROTECTED] /var/www/conf $
Re: httpdv6
Mats O Jansson wrote: On Sat, 8 Dec 2007, Marc Balmer wrote: Henning Brauer wrote: * Marc Balmer [EMAIL PROTECTED] [2007-12-08 15:29]: Henning Brauer wrote: * Jeroen Massar [EMAIL PROTECTED] [2007-12-08 09:49]: Frank Habicht wrote: Hi misc, [i guess misc is better than ports for that..] I ran the patched httpdv6 with the stock httpd.conf - it was only bound to v6 README.v6 suggests _for_Vhost_operation_ one needs Listen :: 80 Listen 0.0.0.0 80 my test suggests even without vhosts these are needed to run both v4 and v6. Of course you need this. wait. if an existing OpenBSD installation with existing httpd.conf gets upgraded (without changing the httpd.conf) and after that the httpd suddenly only listens on v6 and not v4 any more, then the patch is wrong. here, a change to the software requires a change in the configuration as well. In this case it is well documented and the change is trivial. and we have enough ways to teach users about it. bullshit. the diff is plain wrong and willfuck users. and the fix is so obvious and reasonably easy... (no af specified = both, OF COURSE) This diff assumes IPv6 as default if no AF is specified, this is what is expected from IPv6 software and what the original authors intended, This is the problem. You are trying to switch a daemon to be IPv6 centric when the majority of our users doesn't use IPv6. I can understand that KAME has that agenda but I dont think OpenBSD should. see my latest diff. it lets the default be IPv4 and makes IPv6 optional. It is like we should have disabled SSHv1 the same moment we implemented SSHv2 in OpenSSH. The change is so trivial that this will not fuck any users. Get real... I have no problems with it listening on both. But one might change the example config file to not use the * syntax. with the latest diff, * means all IPv4 address, like before. -moj
Re: hoststated is dead, long lives relayd!
Reyk Floeter wrote: On Sat, Dec 08, 2007 at 01:03:42PM -0500, Daniel Ouellet wrote: I would much prefer, if possible for example having one relayd redirect web traffic for example to a series of boxes that could reply directly to the end users instead of having to come back through relayd box to be sent back to the users. this is known as direct server return / DSR and is not yet supported. we may add support for it in the future, but it is not very easy to do. Thanks for the answer, it's much appreciated. I understand and will stop searching how to do it then. May be one day, or may be not. Great work and many thanks! Best, Daniel
Re: X display corruption on yesterdays snapshot
On 08/12/2007, Edd Barrett [EMAIL PROTECTED] wrote: a) My main desktop has problems with xterms. If you do something with large output like dmesg, then the output is complete junk. I mean bits of characters all misaligned. Here is a screenshot of symptoms. http://flickr.com/photo_zoom.gne?id=2095308347size=o -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
X display corruption on yesterdays snapshot
Hi, I have 2 machines here running yesterdays snapshot which are suffering from X display corruption of some kind. a) My main desktop has problems with xterms. If you do something with large output like dmesg, then the output is complete junk. I mean bits of characters all misaligned. b) My laptop is worse. The same as before except the mouse pointer is replaced with a huge white box about 100x100 pixels. Kernel and userland in sync. Mergemastered yesterday. Is anyone aware of this? Machine A dmesg: ---8--- OpenBSD 4.2-current (GENERIC) #585: Thu Dec 6 12:17:35 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2397855744 (2286MB) avail mem = 2310959104 (2203MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/05/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfbe40 (76 entries) bios0: vendor Intel Corp. version BF86510A.86A.0058.P15.0404050012 date 04/05/2004 bios0: Intel Corporation D865GLC apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xa200! 0xca800/0x1000 0xcb800/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02 agp0 at pchb0: aperture at 0xf000, size 0x800 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 3 function 0 Intel 82865G/PE/P CPU-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547EI) rev 0x00: irq 10, address 00:0c:f1:f5:13:3c uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 9 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci2 at ppb1 bus 2 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 6E040L0 wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors wd1 at pciide0 channel 0 drive 1: HDS728080PLAT20 wd1: 16-sector PIO, LBA48, 78533MB, 160836480 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 wd2 at pciide0 channel 1 drive 0: IC35L060AVV207-0 wd2: 16-sector PIO, LBA48, 58644MB, 120103200 sectors atapiscsi0 at pciide0 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-M1302, 1006 SCSI0 5/cdrom removable wd2(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: irq 3 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x65 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem2 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5 spdmem3 at iic0 addr 0x53: 1GB DDR SDRAM non-parity PC3200CL3.0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff6d netmask ff6d ttymask ffef mtrr: Pentium Pro MTRR support uplcom0 at
Re: X display corruption on yesterdays snapshot
On Sat, Dec 08, 2007 at 06:58:53PM +, Edd Barrett wrote: | Hi, | | I have 2 machines here running yesterdays snapshot which are suffering | from X display corruption of some kind. | | a) My main desktop has problems with xterms. If you do something with | large output like dmesg, then the output is complete junk. I mean bits | of characters all misaligned. | | b) My laptop is worse. The same as before except the mouse pointer is | replaced with a huge white box about 100x100 pixels. Try playing with accelleration options in your xorg.conf file (generate it, if you don't have it yet and switch options from there). For the laptop, it sounds like the cursor accelleration is broken. Matthieu has just committed something that fixes some accelleration- related stuff. I dont know if it's the problem you're seeing that he fixed, but may be worth trying out (I noticed from your dmesgs that you seem to have Intel video hardware) : Modified files: driver/xf86-video-intel/src: i830_driver.c Log message: Default to XAA acceleration since EXA produces stack overflows for now. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Problem during OpenBSD 4-2 installation
I have got a problem during OpenBSD 4.2 installation. I install on a QEMU virtual machine on a hard disk with 7000M of size. In the end of installation process when the system writes MBR onto the disk I get such a message: Installing boot block... boot: /mnt/boot proto: /usr/mdec/biosboot device: /dev/rwd0c /usr/mdec/biosboot: entry point 0 proto bootblock size 512 /mnt/boot is 3 blocks x 16384 bytes fs block shift 2; part offset 63; inode block 24, offset 1704 installboot: broken MBR done I hope you could help me solve this problem, I assume it is 99% sure my mistake, but I followed the installation process as I made in OpenBSD 4.1 everything went ok, but in 4.2 version I got such a mistake. I really hope u will help me solve that problem. Best regards, Aleksandr. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Re: RS-232 serial PCMCIA cards and/or USB 2.0 serial adapaters
On Fri, 7 Dec 2007, Theo de Raadt wrote: I simply bought a USB serial adaptor. The cheapest that Bamboo Charlie had in stock. It just worked. It was so low priced that if it didn't I'd have just tossed it in the spare parts box and bought another. AFAIK most of them work. There are roughly 20 USB serial variants on the market. A good supplier in the US is BB Electronics - they have USB as well as about ANYTHING in data conversion (being focused on the industrial marketplace). www.bb-elec.com Lee
Intel D946GZIS sound, video, nic?
I have the opportunity to install several low-end non-Windows desktops in a non-profit agency. Over the past 5 years; we've tried a handful of Linux distributions; each one a little better than the one before. I've watched OpenBSD progress a lot in desktop arena over this time period and I want to try it this time; despite my own negative experience with a lenovo laptop (which I still use anyway). We're going to get one system initially; if everything works out; we could get about a dozen systems next year. Windows and Linux users at this agency already use OpenOffice and Firefox on P3 systems. email client is either Outlook Express or Kmail; but I expect to get rid of Kmail. Our hardware supplier deals almost exclusively with Windows users (no surprise); in the low-end business market, they sell many systems with: Intel D946GZIS motherboard SigmaTel* STAC9227 audio codec Intel GMA 3000 onboard graphics subsystem 10/100 Intel 82562G Platform LAN Connect (PLC) Pentium Dual Core E2160 RAM 1G 80G hard disk LG GSA-H62N SATA DVD-RW I don't see the onboard sound/video/nic in i386.html? Our vendor says All of the newer Intel boards use the Intel 3000 GMA and the same NIC also; so I must be the one missing something here? There are no SATA DVD drives listed in i386.htm? Frank
Re: Intel D946GZIS sound, video, nic?
On Dec 8, 2007 11:35 AM, Frank Bax [EMAIL PROTECTED] wrote: Our hardware supplier deals almost exclusively with Windows users (no surprise); in the low-end business market, they sell many systems with: Intel D946GZIS motherboard SigmaTel* STAC9227 audio codec Intel GMA 3000 onboard graphics subsystem D945GCCR... vga1 at pci0 dev 2 function 0 Intel 82945G Video rev 0x02 10/100 Intel 82562G Platform LAN Connect (PLC) got one of those... fxp0 at pci4 dev 8 function 0 Intel PRO/100 VM rev 0x01, i82562: apic 2 int 20 (irq 10) inphy0 at fxp0 phy 1: i82562G 10/100 PHY, rev. 0 Pentium Dual Core E2160 RAM 1G 80G hard disk LG GSA-H62N SATA DVD-RW I don't see the onboard sound/video/nic in i386.html? Our vendor says All of the newer Intel boards use the Intel 3000 GMA and the same NIC also; so I must be the one missing something here? There are no SATA DVD drives listed in i386.htm? My home box has a SATA DVD writer. The best advice I could give is that you build a -current boot cd or USB stick and try it. My aforementioned D945GCCR was all kinds of useless until the recent acpi-hackathon. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
spamdb replication?
Hi, reading about spamd having changed the database format (recently?), how do I best achieve replicating and merging the spamdb database(s) across a number of machines, maintaining consistent white- and greylisting entries? Or is this not yet supported (the docs suggest so)? Best, --Toni++
Re: spamdb replication?
Toni Mueller wrote: Hi, reading about spamd having changed the database format (recently?), how do I best achieve replicating and merging the spamdb database(s) across a number of machines, maintaining consistent white- and greylisting entries? Or is this not yet supported (the docs suggest so)? if the machines are all the same arch, you can copy the db file to the other hosts, best done while spamd not running and then restart using the -y and -Y options appropriately. cheers, jake Best, --Toni++
Re: Problem during OpenBSD 4-2 installation
On 21:55:02 Dec 08, hogo hogo wrote: I have got a problem during OpenBSD 4.2 installation. I install on a QEMU virtual machine on a hard disk with 7000M of size. In the end of installation process when the system writes MBR onto the disk I get such a message: Installing boot block... boot: /mnt/boot proto: /usr/mdec/biosboot device: /dev/rwd0c /usr/mdec/biosboot: entry point 0 proto bootblock size 512 /mnt/boot is 3 blocks x 16384 bytes fs block shift 2; part offset 63; inode block 24, offset 1704 installboot: broken MBR done This means that no matter how many ever times you try you are going to keep getting this message and make no progress at all. ;) You have to zero out your MBR with the dd command or fdisk. # dd if=/dev/zero of=/dev/wd0c bs=512 count=1 Be careful with this command. It can cause real havoc if you give the wrong disk or if you goof up in any other way. You have been warned. Another thing you can try of course is the fdisk reinit command. I remember getting this error and I vaguely remember it was caused by a bad fdisk partition or something. I wish I knew exactly what went wrong. But trying out various methods saved my day. Best of luck! -Girish
Re: httpdv6
On 19:19:30 Dec 08, Mats O Jansson wrote: This is the problem. You are trying to switch a daemon to be IPv6 centric when the majority of our users doesn't use IPv6. I can understand that KAME has that agenda but I dont think OpenBSD should. I know only one thing and it is this. I was looking at KAME for an IPsec implementation. Thank God OpenBSD IPsec is by Angelos Keromytis and not from KAME like FreeBSD and NetBSD. KAME code sucks and no mistake. OpenBSD is far far better than KAME. Please let us not degrade ourselves by going the KAME way. (Either in design,approach or code) And again my opinion does not matter at all I know that. ;) -Girish
Re: Problem during OpenBSD 4-2 installation
hogo hogo wrote: I have got a problem during OpenBSD 4.2 installation. I install on a QEMU virtual machine on a hard disk with 7000M of size. In the end of installation process when the system writes MBR onto the disk I get such a message: Installing boot block... boot: /mnt/boot proto: /usr/mdec/biosboot device: /dev/rwd0c /usr/mdec/biosboot: entry point 0 proto bootblock size 512 /mnt/boot is 3 blocks x 16384 bytes fs block shift 2; part offset 63; inode block 24, offset 1704 installboot: broken MBR done I hope you could help me solve this problem, I assume it is 99% sure my mistake, but I followed the installation process as I made in OpenBSD 4.1 everything went ok, but in 4.2 version I got such a mistake. I really hope u will help me solve that problem. Best regards, Aleksandr. That means that whatever is on your disk where the MBR is, it doesn't appear to be an MBR A few common problems: 1) no offset for the OpenBSD partition. You have to have a one-track (often, but not always, 63 sectors) offset for your OpenBSD partition. If you use a starting offset of zero, your disklabel clobbers your fdisk partition table (which happens to be sitting at sector zero). 2) Forgetting to actually install a valid boot record. If your drive was used before on an i386 machine, it probably has a valid boot record, but if is a new disk, it most likely does not. Since you are using QEMU, it most likely counts as a new disk. Make sure you either answer y to the Use entire disk or Reinit the drive in fdisk to put down a valid MBR before. I'm not sure if #2 will give you that message, I do believe error #1 will. Nick.
Question about new packages for OpenBSD 4.3
Dear All, I noticed significant number of very important desktop related applications ported for OpenBSD (TeXLive, HPLIP, Gutenprint, PJSIP among others) Some of these applications are already in ports for 4.2 but not among pre-compiled binary packages (I personally prefer to use binaries in particularly on my older machines as strongly advised in FAQ). How many release cycles does usually take for an application to move from ports tree to pre-compiled package? I was also wondering if you direct me to some kind documentation that would explain me how can I use binary package which I compiled on one machine on another machine using the same pack_add utility I use when I add binary packages from the mirror-sites. That should be very easy to do. The point is that I do not want to mix packages and ports (as adviced) but some ports are really useful and it is really tantalizing for me to wait for them. I would like to use above as an exercise and try to port a package or two for OpenBSD. There is a very small application called menu maker which is not ported for OpenBSD. I thought it could be useful. It enables you to fill in menu on your favorite window manager (in my case Openbox) as simple as mmaker openbox here is the link from FreeBSD ports tree http://www.freebsd.org/cgi/url.cgi?ports/deskutils/menumaker/pkg-descr. I know that fill in menu for most of you in your favorite Window Manager is 5 minute job. It also takes me 5 minutes to fill in the OpenBox menu by hand with my applications but it usually takes me couple iterations and readings through /var/db/pkg to recall all installed packages. I just thought that it could be a good exercise for me. If there is something simple that you think could be handled by an enthusiastic OpenBSD nOOb (converting from FreeBSD) with formal education in mathematics (my area of expertise is Dynamical Systems including bits of Ergodic theory) I am ready for suggestions. I also have a question to about HPLIP. I noticed following messages on Linux Printing web-site hplip/hpijs since 2.7.10 IS NOT OPEN SOFTWARE anymore. It downloads BINARY LIBRARIES and FIRMWARE automatically. $ strings * | more $ pwd /usr/share/hplip/prnt/plugins $ ll total 136 lrwxrwxrwx 1 root rick 42 Nov 15 13:09 lj.so - /usr/share/hplip/prnt/plugins/lj-x86_64.so -r-xr-xr-x 1 root rick 56851 Sep 19 13:49 lj-x86_32.so -r--r--r-- 1 root rick 70337 Sep 19 13:49 lj-x86_64.so $ strings * | grep JBIG JBIG-KIT 1.6 -- Markus Kuhn -- $Id: jbig.c,v 1.1 2007/08/23 16:44:50 raghothamac Exp $ This is a violation of the GPL rules... no source even though /* * Portable Free JBIG image compression library * * Markus Kuhn -- [www.cl.cam.ac.uk http://www.cl.cam.ac.uk/%7Emgk25/] * * Id: jbig.c,v 1.22 2004-06-11 15:17:06+01 mgk25 Exp $ * $Id: jbig.c,v 1.4 2004/06/12 02:33:05 rick Exp $ * * This module implements a portable standard C encoder and decoder * using the JBIG lossless bi-level image compression algorithm as * specified in International Standard ISO 11544:1993 or equivalently * as specified in ITU-T Recommendation T.82. See the file jbig.doc * for usage instructions and application examples. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. Is there are any kind of security recommendations regarding HPLIP software. I am also personally familiar with few scanners that do require firmware files to work with sane-backhands. Any recommendations about it? What is the best practice for installing third party software on the top of OpenBSD having in mind that the packages are not scrutinized for security as OpenBSD operating system. I read somewhere that the best thing would be to install all packages in regular user mode. That is very possible for me as I am mostly desktop user. Any suggestion about enhancing security of the default installation apart of the standard things which I already use (editing fstab file and making some directories only readable, changing flags on major files, disabling root ssh and inetd daemon which I do not need? Kind Regards to Everyone, Predrag Punosevac
Re: Question about new packages for OpenBSD 4.3
On Sunday 09 December 2007 00:12:57 Predrag Punosevac wrote: Dear All, I noticed significant number of very important desktop related applications ported for OpenBSD (TeXLive, HPLIP, Gutenprint, PJSIP among others) Some of these applications are already in ports for 4.2 but not among pre-compiled binary packages (I personally prefer to use binaries in particularly on my older machines as strongly advised in FAQ). How many release cycles does usually take for an application to move from ports tree to pre-compiled package? You are asking lots of different questions in one email... If a port has made its way into -current, it will be there when -current turns into the next -release version. Thus all the new additions in 4.2-current will be in 4.3. However, not all software packages in the ports collection can be distributed, such as Java, 'till Sun changes its license. Somewhere around 150 - 200 ports can't be distributed as bonary packages because of license issues. I was also wondering if you direct me to some kind documentation that would explain me how can I use binary package which I compiled on one machine on another machine using the same pack_add utility I use when I add binary packages from the mirror-sites. That should be very easy to do. The point is that I do not want to mix packages and ports (as adviced) but some ports are really useful and it is really tantalizing for me to wait for them. If you've made Java, you have a package which you could then move to some other system PROVIDED its the same version of OpenBSD. The reason why the faq says not to mix things is that huge numbers of folks don't get the complexities of how packages interact with the OS, mix things up horribly, and then squeal for help when things don't work. Having a package expect one version of libc when the system has a later version doesn't work so well. Given that lots of people don't understand this, such questions wind up being a drain on everyone. I would like to use above as an exercise and try to port a package or two for OpenBSD. There is a very small application called menu maker which is not ported for OpenBSD. I thought it could be useful. It enables you to fill in menu on your favorite window manager (in my case Openbox) as simple as mmaker openbox Remember to use -current for any port you make. here is the link from FreeBSD ports tree http://www.freebsd.org/cgi/url.cgi?ports/deskutils/menumaker/pkg-descr. I know that fill in menu for most of you in your favorite Window Manager is 5 minute job. It also takes me 5 minutes to fill in the OpenBox menu by hand with my applications but it usually takes me couple iterations and readings through /var/db/pkg to recall all installed packages. I just thought that it could be a good exercise for me. If there is something simple that you think could be handled by an enthusiastic OpenBSD nOOb (converting from FreeBSD) with formal education in mathematics (my area of expertise is Dynamical Systems including bits of Ergodic theory) I am ready for suggestions. First, play with OpenBSD. Read the FAQ. Read the FAQ again--its really very good, and is evolving and getting better all the time. Use the mailing list archives at marc.info to read about problems that others have had in the past. Most of the questions I've had, actually nearly all of them have been answered by searching there. Remember that the man pages are excellent. Start reading code, and every time you see a function that you don't understand, bring the man page up. OpenBSD documentation is really really good--I'd venture to say that its the best documented OS out today. Because of this, you really need to read up on things before asking questions. As you become more familiar you'll see things that you want to fix. I also have a question to about HPLIP. I noticed following messages on Linux Printing web-site hplip/hpijs since 2.7.10 IS NOT OPEN SOFTWARE anymore. It downloads BINARY LIBRARIES and FIRMWARE automatically. $ strings * | more $ pwd /usr/share/hplip/prnt/plugins $ ll total 136 lrwxrwxrwx 1 root rick 42 Nov 15 13:09 lj.so - /usr/share/hplip/prnt/plugins/lj-x86_64.so -r-xr-xr-x 1 root rick 56851 Sep 19 13:49 lj-x86_32.so -r--r--r-- 1 root rick 70337 Sep 19 13:49 lj-x86_64.so $ strings * | grep JBIG JBIG-KIT 1.6 -- Markus Kuhn -- $Id: jbig.c,v 1.1 2007/08/23 16:44:50 raghothamac Exp $ This is a violation of the GPL rules... no source even though /* * Portable Free JBIG image compression library * * Markus Kuhn -- [www.cl.cam.ac.uk http://www.cl.cam.ac.uk/%7Emgk25/] * * Id: jbig.c,v 1.22 2004-06-11 15:17:06+01 mgk25 Exp $ * $Id: jbig.c,v 1.4 2004/06/12 02:33:05 rick Exp $ * * This module implements a portable standard C encoder and decoder * using the JBIG lossless bi-level image compression algorithm as * specified in International Standard ISO 11544:1993 or equivalently * as specified in ITU-T
openssl creating CA, getting error; plz. advice.
Hello, while trying to setup my own CA i am getting below error: # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem Generating a 2048 bit RSA private key ..+++ .+++ writing new private key to 'private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: - problems making Certificate Request 13175:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too long:/usr/src/lib/libssl/src/crypto/asn1/a_mbstr.c:154:maxsize=2 # file permissions: # pwd /etc/ssl # ls -ltr total 348 drwxr-xr-x 2 root wheel 512 Aug 28 11:00 lib -r--r--r-- 1 root bin 895 Aug 28 11:00 x509v3.cnf -r--r--r-- 1 root bin151917 Aug 28 11:00 cert.pem drwxr-xr-x 4 root wheel 512 Nov 21 23:00 orig.dir.with.contents drwxr-xr-x 2 root wheel 512 Nov 25 21:01 crl drwxr-xr-x 2 root wheel 512 Nov 25 21:01 newcerts -rw-r--r-- 1 root wheel 0 Nov 25 21:01 certindex.txt -rw-r--r-- 1 root wheel 7 Nov 25 21:01 serial drwxr-xr-x 2 root wheel 512 Nov 27 22:23 issuedcerts -r--r--r-- 1 root bin 6889 Dec 6 10:50 openssl.cnf drwx-- 2 root wheel 512 Dec 9 00:12 private # ls -l private total 4 -rw-r--r-- 1 root wheel 1743 Dec 9 00:13 cakey.pem # ls -l issuedcerts # ls -l newcerts # here is my config file: $ cat /etc/ssl/openssl.cnf # # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # Plus, # I have configured it for generating CA cert too. # RANDFILE= /dev/arandom dir = /etc/ssl # working dir for all operations [ ca ] # section for CA settings default_ca = CA_default# default CA settings section title [ CA_default ] # default settings for CA certs = $dir/issuedcerts # dir to keep issued certificates new_certs_dir = $dir/newcerts # dir for new certs crl_dir = $dir/crl # dir for issued cert revoc lists serial = $dir/serial # file contains the current serial no. database= $dir/certindex.txt# certificate database index file crl = $dir/crl/ca-crl.pem # the current CRL certificate = $dir/ca-cert.pem # file containing CA certificate private_key = $dir/private/ca-key.pem # the private key corrosponding # to CA certificate default_days= 3650 # valid for 10 years default_md = sha1 # md5 for older software and is weaker preserve= no# whether to preserve the order of DN # fields to match the order passed in email_in_dn = no policy = policy_match # section to tell which fields in certs # must match that of CA, or are mandetory x509_extensions = usr_cert # directives for CA when signing a cert # Make new requests easier to sign - allow two subjects with same name # (Or revoke the old certificate first.) unique_subject = no # Comment out the following two lines for the traditional # (and highly broken) format. nameopt = default_ca certopt = default_ca [ policy_match ]# OIDs that must be same as that of CA countryName = match stateOrProvinceName = match organizationName= match organizationalUnitName = optional commonName = supplied emailAddress= optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. All values are system default. [ policy_anything ] # all possible options for policy... countryName = optional stateOrProvinceName = optional localityName= optional # this is not in policy_match section organizationName= optional organizationalUnitName = optional commonName = supplied emailAddress= optional ### # the req section is used by openssl req command, it creates and process # certificate requests in PKCS#10 format. also creates self signed certs # for use as root CA. [ req ] # directives to process and create cert requests default_bits= 2048 # key size for new cert request default_keyfile = privkey.pem # def key name for any newely generated cert default_md = sha1 # message digest algorithm default was md5 prompt = no string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name #
freeBSD7.0 advertised.
Hello, Is there anything on OpenBSD like the one below for FreeBSD. It presents material very clearly and cleanly, makes look freebsd very attractive. http://people.freebsd.org/~kris/scaling/7.0 Preview.pdf Thank you. -BG ~~Kalyan-mastu~~
Re: freeBSD7.0 advertised.
On Sunday 09 December 2007 00:27:01 badeguruji wrote: Hello, Is there anything on OpenBSD like the one below for FreeBSD. It presents material very clearly and cleanly, makes look freebsd very attractive. http://people.freebsd.org/~kris/scaling/7.0 Preview.pdf Thank you. -BG Not really. OpenBSD doesn't attempt to market itself. You can look at the 4.2 page to see all the new things in 4.2, or scroll back in time by looking at earlier pages. Given that a new release comes out every six months, releases don't tend to have a lot of show-biz flash to them. They give useful data but aren't for the masses. Really, you want to do a lot of reading on the web site. Do that and you'll get good idea of what OpenBSD is about. --STeve Andre'
Re: Question about new packages for OpenBSD 4.3
If a port has made its way into -current, it will be there when -current turns into the next -release version. Thus all the new additions in 4.2-current will be in 4.3. However, not all software packages in the ports collection can be distributed, such as Java, 'till Sun changes its license. Somewhere around 150 - 200 ports can't be distributed as bonary packages because of license issues. Did you mean all the packages that made into 4.3 current ports tree will be in 4.3 release. I am just aware of 4.2 release, 4.2 stable and 4.3 current (of course there is 4.1 release and stable branch)? I am very aware about license issues. I do not use Jave, Flash and such thing. I do not use Linux emulator and any Linux software. I prefer Opera over Firefox but I know that Opera will never be distributed in the binary version so I do not use it. I know about the license problems with Apache 2.0. So I am semi-informed user:-) I noticed for instance that TeXLive is in ports of 4.2 release but not in packages. That is way I was wondering if it takes more than one release cycle for packages to reach the binaries. If you've made Java, you have a package which you could then move to some other system PROVIDED its the same version of OpenBSD. The reason why the faq says not to mix things is that huge numbers of folks don't get the complexities of how packages interact with the OS, mix things up horribly, and then squeal for help when things don't work. Having a package expect one version of libc when the system has a later version doesn't work so well. Given that lots of people don't understand this, such questions wind up being a drain on everyone. Let me see if I understand you well. The only reason that that recommendation about not mixing of ports and packages is written is that people expect to build a port with wrong libraries. Also unless whole userland is synchronized one would create dependency hell. That is actually what would happen if I try to compile fresh port on OpenBSD 4.2 release version. However it seems to me that compiling let say teTeX-base from the ports tree of 4.2 release and then adding foiltex using pre-compiled binaries is OK as both application relay on the same version of libraries and the same version of dependent applications. It looks to me that I would be perfectly ok to compile TeXLive on 4.2 release as it is in 4.2 release ports. (To be on the safe side I probably should not have installed any teTeX related stuff on that machine because of dependency issues). By the same taken I would have to run 4.3 Current in order to be able to use HPLIP. If I remember one of Theo's massages there is no way that one could say to which version of current is HPLIP port created. As the current is constantly changing it could be very tricky to compile HPLIP on the random snapshot of the 4.3 current. Current is not for an average user anyway but I see that if I want to port something I would actually have to run current. Have constantly the latest source and latest ports-tree. Probably I would have to compile and recompile version of the package that I want to port on the daily base as a package which runs today might be broken tomorrow when the source three and libraries are updated. Than there is probably source code freeze and ports freeze. After that things should be changed only for bags issues. After the freeze period the ports and packages would just be re-tagged and released. Am I getting anything or I am plain wrong? First, play with OpenBSD. Read the FAQ. Read the FAQ again--its really very good, and is evolving and getting better all the time. Use the mailing list archives at marc.info to read about problems that others have had in the past. Most of the questions I've had, actually nearly all of them have been answered by searching there. Remember that the man pages are excellent. Start reading code, and every time you see a function that you don't understand, bring the man page up. OpenBSD documentation is really really good--I'd venture to say that its the best documented OS out today. Because of this, you really need to read up on things before asking questions. As you become more familiar you'll see things that you want to fix. I do and I did. Every time I read FAQ I learn something new. I probably read it at least 5 times. The same goes for man pages. Thanks, Predrag