Re: Real men don't attack straw men
On Jan 2, 2008 2:54 AM, Richard Stallman [EMAIL PROTECTED] wrote: Here is the real issue, Richard. You go off and endorse OpenSolaris without knowing the facts. You get confronted with them and you change history. Sound familiar? What sounds familiar is the nasty spin you place on a minor confusion. But you have added a new false accusation of changing history. MINOR CONFUSION? With all the spin you are doing with your own words it is quite clear that 1) You don't know the facts OR 2) You are a compulsive liar OR 3) You have an agenda. You are going through all these verbal gymnastics just because your mail to misc@ was appropriately addressed by the people there. While you still continue to confuse the masses who do not know the details but just get excited when they hear FSF and GNU and RMS the people at misc stated the facts with proof and now you have no choice but to apologize. Be a man Richard. You are making a big fool of yourself in public by beating about the bush. And the 'nasty spin' you make on your own statements while desperately accuse other doing the same. Anybody who followed this thread would have clearly seen what a hypocrite you are and how you use different standards to judge and attack and try to destroy the reputation of Open Source projects you are envious of ( perhaps they don't give a damn to what you say or think about them ) . You are not just a hypocrite but a kind of terrorist too with a deluded feeling that people will all automatically subscribe to your views and may be get afraid when you attack them in public with your lies. In fact many of the people did expect this when you favorite organization lost the battle publically on Reyk's code that your friends stole and tried to impose your license on it, and when they even tried vainly to go legal by the advice of a un-educated american lawyer but finally foun that they have just embarrassed themselves in public. Your organization is slowly turning to a mafia Richard. Do you see that? You have already crossed the boundaries of decency and you are still bent on going that way. It is terrible to see this with no regards what so ever --Siju I asked for my note of clarification to be labeled explicitly as such, so that it would be clear what was the original answer and what was the clarification. Perhaps you should judge your own statements by the standards that you seek to apply to mine. If you want to run your mouth about projects try spending a few minutes reading information about them and draw your own conclusions. I investigated the BSD systems, and I got the accurate information that the ports system can install non-free software. Then I stated that accurate information using words that were subject to misunderstanding. and so you made the nasty spin you are accusing theo of now and went into media and said OpenBSD CONTAINED non-Free software. Great Spin Doctor! Anybody would expect this mistake from a kinder garden student but from a person like you? NO! you either did not study much or else you were taking revenge on OpenBSD project by trying to tarnish their image because your friends were put to shame publically by their own unwise zealotry ( with the stupid advice of a stupid american lawyer who again did not study the facts like you, remember one of the great kernel programmers of linux did mockingly ask Theo to go and learn the copyright law but after the issue was setelled against your friends we hears nothing from him too!!) while trying to steal Reyk's code and play bullies with sub-standard lawyer on your side. Shame, Shame!!! You witnessed the words I said in the interview. However, you make claims about what I knew, what I thought, and what I intended which are based on pure speculation. No wonder yourclaims are mistaken. Shouldn't you investigate the facts before you make such claims? Every body who followed this thread has the facts before them with proof. If you say you investigated things properly the what you are called by people here is VERY APPROPRIATE!!! HIPPO HIPPOCRITE no more regards Siju
gnash: can't load library
I upgraded from 4.1 to 4.2 with X and upgraded gnash. Now when I go to certain sites using Firefox I get the following in STDOUT - /usr/local/bin/gnash: can't load library 'libavcodec.so.8.0' /usr/local/bin/gnash: can't load library '/usr/local/lib/libcurl.so.5.0' Child process exited with status 1024 Starting process: /usr/local/bin/gnash -v -x 8427142 -j 100 -k 100 -u https://google.com/im/sound.swf -U https://google.com/?shva=1 -P id=flash_object -P pluginspage=http://www.macromedia.com/go/getflashplayer -P quality=high -P src=im/sound.swf -P style=position: absolute; top: 0px; left: 0px; height: 100px; width: 100px; -P type=application/x-shockwave-flash Could anyone shed some light on this and how to resolve this issue? Thanks for any help.
Re: openldap with dbv4 crash
On 1 January 2008, Daniel [EMAIL PROTECTED] wrote: Vijay Sankar mrta: [...] there's support in 2.4 but iirc it's not a simple thing to backport. Why should we backport the db4.6 support? We just need to use 2.4. [...] (1) Historically, upgrading existing OpenLDAP databases to new formats has always been a PITA; (2) The 2.4 branch is still unstable; historically, previous branches haven't become (somewhat) usable until about minor version 20; and guess what: the new branch is not exactly less complex than the older ones; (3) Historically, none of the new brances have been backward compatible; many applications don't support 2.6 yet. Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: Real men don't attack straw men
Richard, you are too stupid to go and learn FACTS before you open your big fat lying mouth. I am sure the readers can judge for themselves whether I am stupid. They will certainly see I am not perfect. I had learned the facts about OpenSolaris, but that was months before. By the time I did that interview my memory was incorrect. In addition, I thought that OpenSolaris was just a kernel, but it looks like the question had in mind a whole system. This miscommunication has the effect of making my statement appear to be an endorsement of a system. Partly I had forgotten and partly I fell into a miscommunication. I am sure the readers can judge for themselves how grave that is. Lying is another matter. That is a grave accusation which you and others have made with absolutely no basis. Shouldn't you make sure of the facts before you accuse? As regards the size of my mouth, I got a testimonial from a dentist that it is rather small. If you won't take my word for it, I will ask my mother to send me a copy.
[OT] sendmail on dynamic IP
I got a test box at home I'm trying to setup sendmail in. I bought a domain and host a website on that box. I get dynamic IP from my ISP which gets updated via DynDNS for the website. I added the MX for my domain with Google and it's been working fine (I can send receive mail). But I want to setup sendmail friends (clamav, mimedefang, spamd etc.) to get familiar with them. I understand that having a dynamic IP and not having a reverse DNS working to mail.domain.com would put me in the block list pretty soon. I am not considering hosting outside. Could sendmail's smarthost be the best option in this scenario? If yes, should I point it to Google or my ISP? Is there any other option? Thanks.
Re: [OT] sendmail on dynamic IP
On 2008/01/02 21:22, Chris wrote: I got a test box at home I'm trying to setup sendmail in. I bought a domain and host a website on that box. I get dynamic IP from my ISP which gets updated via DynDNS for the website. I added the MX for my domain with Google and it's been working fine (I can send receive mail). But I want to setup sendmail friends (clamav, mimedefang, spamd etc.) to get familiar with them. I understand that having a dynamic IP and not having a reverse DNS working to mail.domain.com would put me in the block list pretty soon. I am not considering hosting outside. Could sendmail's smarthost be the best option in this scenario? If yes, should I point it to Google or my ISP? Is there any other option? $ host -t txt gmail.com gmail.com descriptive text v=spf1 redirect=_spf.google.com $ host -t txt _spf.google.com _spf.google.com descriptive text v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ?all if you're sending from your gmail.com address through it, you'll probably have better luck using Google. otherwise, your ISP (it can be fiddly setting up SMTP auth).
Able to access data on HD on platforms with different endianness?
Hello list happy new year, due to some problems with a x86 machine I got here I have the problem of accessing data on one of its hard discs. The machine runned OpenBSD 4.2, and its first (system) HD died. I have a 500GByte SATA drive connected to it on a dedicated controller, which contains a lot of my data. As I need to access it ASAP, I thought of connecting it to my G4 Power Mac, after I built in the Promise SATA HBA that was used in the PC (this device will be operatable under OpenBSD as there's a driver for it; however, the machine wouldn't be able to boot off of it, but that's not needed anyways). Now my question: The x86 machine is little endian, the PowerPC is big endian. Is there a chance to have access to my data or will it all be 'upside down' (or, even worse, would I destroy the disklabel)? Thanks, Seth
lm(4) sensor device at 0xa10
Hello misc, the mainboard I am currently using has a Winbond W83627EHF Super-I/O chip which is accessed via address 0xa10 on the isa bus. This patch brings that chip into the kernel config files for i386 and amd64, below is the dmesg output (amd64, if needed I could provide the i386 dmesg for -current) and the output of sysctl hw.sensors.lm3. Best regards, Markus Index: amd64/conf/GENERIC === RCS file: /var/cvs/src/sys/arch/amd64/conf/GENERIC,v retrieving revision 1.211 diff -u -p -r1.211 GENERIC --- amd64/conf/GENERIC 31 Dec 2007 19:29:46 - 1.211 +++ amd64/conf/GENERIC 2 Jan 2008 11:59:37 - @@ -70,6 +70,7 @@ agp* at pchb?# AGP bridge lm0at isa? port 0x290 #lm1 at isa? port 0x280 #lm2 at isa? port 0x310 +lm3at isa? port 0xa10 it0at isa? port 0x290 # ITE IT8705F, IT8712F, IT8716F, IT8718F, it1at isa? port 0xc00 # IT8726F and SiS SiS950 monitors and Index: i386/conf/GENERIC === RCS file: /var/cvs/src/sys/arch/i386/conf/GENERIC,v retrieving revision 1.599 diff -u -p -r1.599 GENERIC --- i386/conf/GENERIC 31 Dec 2007 19:29:46 - 1.599 +++ i386/conf/GENERIC 2 Jan 2008 11:59:38 - @@ -99,6 +99,7 @@ pwdog0at pci? # Quancom PWDOG1 watchd lm0at isa? port 0x290 #lm1 at isa? port 0x280 #lm2 at isa? port 0x310 +lm3at isa? port 0xa10 nsclpcsio* at isa? port 0x2e # NS PC87366 LPC Super I/O nsclpcsio* at isa? port 0x4e gpio* at nsclpcsio? $ sysctl hw.sensors.lm3 hw.sensors.lm3.temp0=44.00 degC hw.sensors.lm3.temp1=51.00 degC hw.sensors.lm3.temp2=50.50 degC hw.sensors.lm3.fan0=907 RPM hw.sensors.lm3.fan1=2136 RPM hw.sensors.lm3.volt0=1.09 VDC (VCore) hw.sensors.lm3.volt1=12.36 VDC (+12V) hw.sensors.lm3.volt2=3.31 VDC (+3.3V) hw.sensors.lm3.volt3=3.31 VDC (+3.3V) hw.sensors.lm3.volt4=-9.18 VDC (-12V) hw.sensors.lm3.volt5=1.46 VDC hw.sensors.lm3.volt6=1.46 VDC hw.sensors.lm3.volt7=3.30 VDC (3.3VSB) hw.sensors.lm3.volt8=1.64 VDC (VBAT) hw.sensors.lm3.volt9=1.63 VDC $ dmesg OpenBSD 4.2-current (GENERIC.MP) #1: Wed Jan 2 12:38:52 CET 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3489067008 (3327MB) avail mem = 3373764608 (3217MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfc7c0 (54 entries) bios0: vendor American Megatrends Inc. version V1.7 date 09/13/2007 bios0: MSI MS-7280 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices SBAZ(S0) PS2K(S0) PS2M(S0) P0PC(S0) AC97(S0) MC97(S0) USB1(S0) USB2(S0) USB3(S0) USB4(S0) USB5(S0) EUSB(S0) PCE2(S0) PCE3(S0) PCE4(S0) PCE5(S0) PCE6(S0) PCE7(S0) PWRB(S0) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+, 2613.38 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 201MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+, 2613.07 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative ioapic0 at mainbus0 apid 2 pa 0xfec0, version 21, 24 pins acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (P0PC) acpiprt2 at acpi0: bus 1 (PCE2) acpiprt3 at acpi0: bus -1 (PCE3) acpiprt4 at acpi0: bus -1 (PCE4) acpiprt5 at acpi0: bus -1 (PCE5) acpiprt6 at acpi0: bus 2 (PCE6) acpiprt7 at acpi0: bus -1 (PCE7) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: PWRB cpu0: PowerNow! K8 2613 MHz: speeds: 2600 2400 2200 2000 1800 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RD580 Host rev 0x00 ppb0 at pci0 dev 2 function 0 ATI RX480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 7600 GT rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 6 function 0 ATI RX480 PCIE rev 0x00 pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x01: RTL8168 2 (0x3800), apic 2 int 18 (irq 10), address 00:19:db:60:e4:a2 rgephy0 at re0 phy 7:
Cluebat and other hints required - how to figure out what happened to a box that stops responding but doesn't crash?
I have a serial console set up on that box, and can make it drop to ddb... But what next? I am still/again trying to figure out what's happening when rtorrent is run, and the otherwise stable box does stop responding after a while... But I need some help on how to get more useful info out of the box. Thanks in advance for any pointers. -- viq
Re: gnash: can't load library
On Wed, Jan 02, 2008 at 07:24:49PM +1100, Chris wrote: I upgraded from 4.1 to 4.2 with X and upgraded gnash. Now when I go to certain sites using Firefox I get the following in STDOUT - Did you upgrade your other packages as well or only gnash? How did you upgrade gnash? /usr/local/bin/gnash: can't load library 'libavcodec.so.8.0' /usr/local/bin/gnash: can't load library '/usr/local/lib/libcurl.so.5.0' Child process exited with status 1024 Starting process: /usr/local/bin/gnash -v -x 8427142 -j 100 -k 100 -u https://google.com/im/sound.swf -U https://google.com/?shva=1 -P id=flash_object -P pluginspage=http://www.macromedia.com/go/getflashplayer -P quality=high -P src=im/sound.swf -P style=position: absolute; top: 0px; left: 0px; height: 100px; width: 100px; -P type=application/x-shockwave-flash Could anyone shed some light on this and how to resolve this issue? Update all the packages if not done yet. Regards, Markus
Re: router/firewall PF
[EMAIL PROTECTED] wrote: I'm looking for a basic router/firewall configuration http://home.nuug.no/~peter/pf/en/ There's also this one: Firewalling IPv6 with OpenBSD's pf (packet filter) https://solarflux.org/pf/pf+IPv6.php IPv6 will be required in a number of governments starting this year. -Lars
Re: fvwm in base and repository with security issues?
On Tue, Jan 01, 2008 at 10:46:43PM -0800, Unix Fan wrote: Douglas A. Tutty wrote: To satisfy my own curiosity, looking at www.en.wikipedia.org/wiki/Category:Free_X_window_managers which provides links to 45 window managers for which there are wiki pages, I looked at the licence for each and found that only xmonad, wmii, fluxbox, and blackbox are licenced under BSD or MIT license. Since I didn't look at the software itself, I don't know if any require GPL libraries. Just thought I'd FYI. I'm not making an argument either/any way. Doug. Fluxbox is MIT licenced, it's dependencies are Imlib2, which is BSD licenced.. everything else is included in Xorg and is (AFAIK..) under a similar licence. -Nix Fan. (Fvwm, IMHO is ugly..) Fluxbox is fugly, fvwm is awesome. this discussion is very useful!
Re: Able to access data on HD on platforms with different endianness?
Don't mix endianess on filesystems. It won't work. On Wed, Jan 02, 2008 at 12:34:52PM +0100, Seth Brundle wrote: Hello list happy new year, due to some problems with a x86 machine I got here I have the problem of accessing data on one of its hard discs. The machine runned OpenBSD 4.2, and its first (system) HD died. I have a 500GByte SATA drive connected to it on a dedicated controller, which contains a lot of my data. As I need to access it ASAP, I thought of connecting it to my G4 Power Mac, after I built in the Promise SATA HBA that was used in the PC (this device will be operatable under OpenBSD as there's a driver for it; however, the machine wouldn't be able to boot off of it, but that's not needed anyways). Now my question: The x86 machine is little endian, the PowerPC is big endian. Is there a chance to have access to my data or will it all be 'upside down' (or, even worse, would I destroy the disklabel)? Thanks, Seth
Re: Able to access data on HD on platforms with different endianness?
2008/1/2, Marco Peereboom [EMAIL PROTECTED]: Don't mix endianess on filesystems. It won't work. Thanks. Surely saved some time for me. On Wed, Jan 02, 2008 at 12:34:52PM +0100, Seth Brundle wrote: Hello list happy new year, due to some problems with a x86 machine I got here I have the problem of accessing data on one of its hard discs. The machine runned OpenBSD 4.2, and its first (system) HD died. I have a 500GByte SATA drive connected to it on a dedicated controller, which contains a lot of my data. As I need to access it ASAP, I thought of connecting it to my G4 Power Mac, after I built in the Promise SATA HBA that was used in the PC (this device will be operatable under OpenBSD as there's a driver for it; however, the machine wouldn't be able to boot off of it, but that's not needed anyways). Now my question: The x86 machine is little endian, the PowerPC is big endian. Is there a chance to have access to my data or will it all be 'upside down' (or, even worse, would I destroy the disklabel)? Thanks, Seth
Re: Perpetually Current
On Dec 27, 2007 11:17 AM, new_guy [EMAIL PROTECTED] wrote: I would like to install OpenBSD *once* and keep it patched and secured for many years there after (5 - 7 years) in a production environment. Would it be feasible to get a snapshot today and follow -current for many years w/o having to reinstall? Basically, this approach would skip -stable and -release and always be -current. I understand the implications of being current and that things might change and break and may need re-configuring on occasion. I'm OK with that... I just don't want to reinstall a -release every year... although I'll still buy CDs as they are released to support the project. I have quite the same problem. my OBSD routers are usually old PII boxes and doing this kind of upgrade on them is not trivial. other, I have some remote routers I cant do this, so They run FBSD. I'd rather use OBSD on my routers, but this thing of not been able to make 4.1 become 4.2 without a cdrom (as is recommended) makes me use OBSD only in the closest routers. i'm not here to make comparissons from OSes, or to make trouble. I just felt that would be good to say that if anytime in OBSD this upgrade was possible it would be a great feature (well, at least for me an the new_guy :) ) :) matheus -- We will call you cygnus, The God of balance you shall be
Re: openldap with dbv4 crash
On December 31, 2007 06:59:06 am Vijay Sankar wrote:
On December 30, 2007 08:03:09 pm Stuart Henderson wrote:
On December 29, 2007 11:23:19 am Daniel wrote:
Hi (again, sorry, now with Subject)!
Anyone experiencing or experienced segfaults with openldap using
the bdb backed? I'm using -current ports tree, and built the
openldap-{client,server}, dbv4 and cyrus-sasl2 packages from
there.
openldap 2.3 doesn't support newer db 4.6 versions (should fail the
regression tests).
there's support in 2.4 but iirc it's not a simple thing to backport.
Thanks very much for this information. Not sure how to help, but I am not
seeing any seg faults so far. If there is something helpful for me to do,
please advise. It is not clear from Daniel's message as to whether there is
any specific thing that causes the seg fault or whether slapd just simply
does not start.
To verify I restarted slapd with a -d -1 and here is some of the output.
/usr/local/libexec/slapd -d -1
@(#) $OpenLDAP: slapd 2.3.33 (Dec 12 2007 04:19:57) $
@i386new.ports.openbsd.org:/usr/obj/i386/openldap-2.3.33-bdb/build-i386-bdb
/servers/slapd daemon_init: null
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
perl backend open
reading config file /etc/openldap/slapd.conf
line 5 (include /etc/openldap/schema/core.schema)
reading config file /etc/openldap/schema/core.schema
.
.
.
..
line 87 (database bdb)
bdb_db_init: Initializing BDB database
line 88 (suffix dc=sankars,dc=local)
dnPrettyNormal: dc=sankars,dc=local
= ldap_bv2dn(dc=sankars,dc=local,0)
= ldap_bv2dn(dc=sankars,dc=local)=0
= ldap_dn2bv(272)
= ldap_dn2bv(dc=sankars,dc=local)=0
= ldap_dn2bv(272)
= ldap_dn2bv(dc=sankars,dc=local)=0
dnPrettyNormal: dc=sankars,dc=local, dc=sankars,dc=local
line 89 (rootdn cn=ldapadmin,dc=sankars,dc=local)
dnPrettyNormal: cn=ldapadmin,dc=sankars,dc=local
= ldap_bv2dn(cn=ldapadmin,dc=sankars,dc=local,0)
= ldap_bv2dn(cn=ldapadmin,dc=sankars,dc=local)=0
= ldap_dn2bv(272)
= ldap_dn2bv(cn=ldapadmin,dc=sankars,dc=local)=0
= ldap_dn2bv(272)
= ldap_dn2bv(cn=ldapadmin,dc=sankars,dc=local)=0
dnPrettyNormal: cn=ldapadmin,dc=sankars,dc=local,
cn=ldapadmin,dc=sankars,dc=local
line 93 (rootpw ***)
line 97 (directory /var/sankars.local)
line 104 (access to attrs=userPasswordby
dn=cn=sambaadmin,dc=sankars,dc=local readby
dn=cn=syncuser,dc=sankars,dc=local writeby * auth)
dnNormalize: cn=sambaadmin,dc=sankars,dc=local
= ldap_bv2dn(cn=sambaadmin,dc=sankars,dc=local,0)
= ldap_bv2dn(cn=sambaadmin,dc=sankars,dc=local)=0
= ldap_dn2bv(272)
= ldap_dn2bv(cn=sambaadmin,dc=sankars,dc=local)=0
Normally I use packages. But some time ago, I was able to use syncrepl with
OpenLDAP 2.3.33 and used the following ./configure command to build from
source.
env CPPFLAGS=-I/usr/local/include/db4 -I/usr/local/include/sasl \
LDFLAGS=-L/usr/local/lib/db4 -L/usr/local/share/libtool/libltdl
-L/usr/local/lib/sasl2 -L/usr/local/lib\ ./configure \
--prefix=/usr/local \
--enable-slapd \
--enable-cleartext \
--enable-crypt \
--enable-rewrite \
--enable-wrapper \
--with-cyrus-sasl=yes \
--enable-spasswd \
--enable-dnssrv \
--enable-ldap \
--enable-ldbm \
--enable-bdb \
--enable-meta \
--enable-null \
--enable-passwd \
--disable-ipv6 \
--disable-shell \
--enable-slurpd \
--enable-overlays=mod \
--with-tls \
--disable-sql
Is this correct? Should I make any changes? Please let me know.
Thanks very much,
Vijay
I hate to waste developer and port maintainer time, so apologize in advance
for this long message. Anyways, if there is anything useful I can do to help,
please let me know.
I am puzzled about why I don't seem to have any problems with OpenLDAP
2.3.33p2 on
kern.version=OpenBSD 4.2-current (GENERIC.MP) #0: Thu Dec 27 13:53:57 CST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
with
db-4.6.21 Berkeley DB package, revision 4
openldap-server-2.3.33p2-bdbOpen source LDAP software (server)
The OP said that his ./configure command was almost the same as what I did
above but did not bother to say what the difference was. I followed the
settings that Marc Balmer had in ports and so I wonder whether that is why I
haven't seen any problems yet.
Usually, I have problems even when no one else has any issues so I am
surprised to not have had a crash or any problems at all when I should have
had seg faults! I am using all the samba-related schemas PLUS
Re: fvwm in base and repository with security issues?
On Tue, Jan 01, 2008 at 10:46:43PM -0800, Unix Fan wrote: Douglas A. Tutty wrote: To satisfy my own curiosity, looking at www.en.wikipedia.org/wiki/Category:Free_X_window_managers which provides links to 45 window managers for which there are wiki pages, I looked at the licence for each and found that only xmonad, wmii, fluxbox, and blackbox are licenced under BSD or MIT license. Since I didn't look at the software itself, I don't know if any require GPL libraries. Just thought I'd FYI. I'm not making an argument either/any way. Fluxbox is MIT licenced, it's dependencies are Imlib2, which is BSD licenced.. everything else is included in Xorg and is (AFAIK..) under a similar licence. I also forgot that Enlightenment seems to be under a suitable licence, although probably too big to put in base. Doug.
Re: Perpetually Current
On Wed, Jan 02, 2008 at 01:42:01PM -0300, Nenhum_de_Nos wrote: I have quite the same problem. my OBSD routers are usually old PII boxes and doing this kind of upgrade on them is not trivial. other, I have some remote routers I cant do this, so They run FBSD. I'd rather use OBSD on my routers, but this thing of not been able to make 4.1 become 4.2 without a cdrom (as is recommended) makes me use OBSD only in the closest routers. i'm not here to make comparissons from OSes, or to make trouble. I just felt that would be good to say that if anytime in OBSD this upgrade was possible it would be a great feature (well, at least for me an the new_guy :) ) While it's not recommended the instructions for remote upgrading found in the installation guide work flawlessly. I've used those instructions on my colo boxes many times now. Nick doesn't just update them in the FAQ, he tests them. I will say this, though: read the instructions all the way through before doing anything. Make sure you understand what's going on. Then *follow* the instructions. Remotely upgrading without console really does work, and it's pretty quick. Try it some time on a machine you have physical access to, just so you can run through it and see for yourself. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Perpetually Current
* Nenhum_de_Nos [EMAIL PROTECTED] [2008-01-02 17:49]: On Dec 27, 2007 11:17 AM, new_guy [EMAIL PROTECTED] wrote: I would like to install OpenBSD *once* and keep it patched and secured for many years there after (5 - 7 years) in a production environment. Would it be feasible to get a snapshot today and follow -current for many years w/o having to reinstall? Basically, this approach would skip -stable and -release and always be -current. I understand the implications of being current and that things might change and break and may need re-configuring on occasion. I'm OK with that... I just don't want to reinstall a -release every year... although I'll still buy CDs as they are released to support the project. I have quite the same problem. my OBSD routers are usually old PII boxes and doing this kind of upgrade on them is not trivial. other, I have some remote routers I cant do this, so They run FBSD. I'd rather use OBSD on my routers, but this thing of not been able to make 4.1 become 4.2 without a cdrom (as is recommended) makes me use OBSD only in the closest routers. i'm not here to make comparissons from OSes, or to make trouble. I just felt that would be good to say that if anytime in OBSD this upgrade was possible it would be a great feature (well, at least for me an the new_guy :) ) inline updates (i. e. without boot media) work just fine. the risk is a little higher, thus we don't recommend that method - which doesn't prevent you from doing it that way (I do) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Perpetually Current
On Wed, Jan 02, 2008 at 01:42:01PM -0300, Nenhum_de_Nos wrote: On Dec 27, 2007 11:17 AM, new_guy [EMAIL PROTECTED] wrote: I would like to install OpenBSD *once* and keep it patched and secured for many years there after (5 - 7 years) in a production environment. Would it be feasible to get a snapshot today and follow -current for many years w/o having to reinstall? Basically, this approach would skip -stable and -release and always be -current. I understand the implications of being current and that things might change and break and may need re-configuring on occasion. I'm OK with that... I just don't want to reinstall a -release every year... although I'll still buy CDs as they are released to support the project. I have quite the same problem. my OBSD routers are usually old PII boxes and doing this kind of upgrade on them is not trivial. other, I have some remote routers I cant do this, so They run FBSD. I'd rather use OBSD on my routers, but this thing of not been able to make 4.1 become 4.2 without a cdrom (as is recommended) makes me use OBSD only in the closest routers. i'm not here to make comparissons from OSes, or to make trouble. I just felt that would be good to say that if anytime in OBSD this upgrade was possible it would be a great feature (well, at least for me an the new_guy :) ) There has to be a way without CD. Can't you put the 4.2 rd kernel on the root filesystem and boot that then run the installer, pulling the install sets via ftp? I suppose for remote units you need some sort of remote shell (e.g. serial terminal via modem). Doug.
Re: Real men don't attack straw men
Richard, you are too stupid to go and learn FACTS before you open your big fat lying mouth. I am sure the readers can judge for themselves whether I am stupid. They will certainly see I am not perfect. I had learned the facts about OpenSolaris, but that was months before. By the time I did that interview my memory was incorrect. Twice you called free things non-free, and once you called a non-free things free. Your memory was incorrect? I bet you make such a mistake again in a few weeks. If you can't be accurate, perhaps you should not do interviews. In addition, I thought that OpenSolaris was just a kernel, but it looks like the question had in mind a whole system. This miscommunication has the effect of making my statement appear to be an endorsement of a system. Huh? OpenSolaris is just a kernel, and this helps you how? The kernel is not free -- it never was. It has a couple of handful of required drivers which are not included. It is not free, in any sense. Yet you failed to do any research about this before you went into the press. Partly I had forgotten and partly I fell into a miscommunication. I am sure the readers can judge for themselves how grave that is. Someone like you is not allowed to spread mistruths like this in the media. Lying is another matter. That is a grave accusation which you and others have made with absolutely no basis. Shouldn't you make sure of the facts before you accuse? Since you did it three times so rapidly, I am calling you a liar. And since you refuse to undo your commercial support in Emacs and GCC, I am going to call you a hypocrite.
Re: fvwm in base and repository with security issues?
* Douglas A. Tutty wrote: [...] I also forgot that Enlightenment seems to be under a suitable licence, although probably too big to put in base. enlightnment is development code that does not run stable. It is not usable for production or every day use machines. Doug. - Marc Balmer
Using PF to QoS on tun interface
I inherited a system that is attempting (poorly) to QoS traffic going across a tun interface (which is being used by OpenVPN). Examples, books, and ML suggest to tag on the internal interface ingress traffic and QoS on the external interface egress traffic. Since the traffic that I want to QoS doesn't really have an egress interface to QoS on, I am trying to figure out a way to properly QoS the traffic. Here is a quick map on the traffic: rl0 -- tun0 -- OpenVPN -- rl1 -- Internet The traffic I want to QoS on is ingress on rl0 which in turn is also ingress on tun0. By the time it hits rl1, it is OpenVPN traffic. Any recommendations on how to handle this? -- Nick Golder
Re: Perpetually Current
On Wed, Jan 02, 2008 at 12:40:40PM -0500, Douglas A. Tutty wrote: There has to be a way without CD. Can't you put the 4.2 rd kernel on the root filesystem and boot that then run the installer, pulling the install sets via ftp? I suppose for remote units you need some sort of remote shell (e.g. serial terminal via modem). Or yaifo, which is essentially bsd.rd + sshd. Handy as hell if some form of console is not available, especially if you need to do something like reslice your disk. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: fvwm in base and repository with security issues?
Can we please stop this discussion? Nothing is going to change in base X. All the other things you guys are so called proposing are in packages/ports. Use them; that's why they are there for. Base is fine, leave it alone. On Wed, Jan 02, 2008 at 09:19:06AM -0500, Douglas A. Tutty wrote: On Tue, Jan 01, 2008 at 10:46:43PM -0800, Unix Fan wrote: Douglas A. Tutty wrote: To satisfy my own curiosity, looking at www.en.wikipedia.org/wiki/Category:Free_X_window_managers which provides links to 45 window managers for which there are wiki pages, I looked at the licence for each and found that only xmonad, wmii, fluxbox, and blackbox are licenced under BSD or MIT license. Since I didn't look at the software itself, I don't know if any require GPL libraries. Just thought I'd FYI. I'm not making an argument either/any way. Fluxbox is MIT licenced, it's dependencies are Imlib2, which is BSD licenced.. everything else is included in Xorg and is (AFAIK..) under a similar licence. I also forgot that Enlightenment seems to be under a suitable licence, although probably too big to put in base. Doug.
Re: openldap with dbv4 crash
On Wed, 2 Jan 2008 11:13:26 -0600 Vijay Sankar [EMAIL PROTECTED] wrote: On December 31, 2007 06:59:06 am Vijay Sankar wrote: env CPPFLAGS=-I/usr/local/include/db4 -I/usr/local/include/sasl \ LDFLAGS=-L/usr/local/lib/db4 -L/usr/local/share/libtool/libltdl -L/usr/local/lib/sasl2 -L/usr/local/lib\ ./configure \ --prefix=/usr/local \ --enable-slapd \ --enable-cleartext \ --enable-crypt \ --enable-rewrite \ --enable-wrapper \ --with-cyrus-sasl=yes \ --enable-spasswd \ --enable-dnssrv \ --enable-ldap \ --enable-ldbm \ --enable-bdb \ --enable-meta \ --enable-null \ --enable-passwd \ --disable-ipv6 \ --disable-shell \ --enable-slurpd \ --enable-overlays=mod \ --with-tls \ --disable-sql [...] The OP said that his ./configure command was almost the same as what I did above but did not bother to say what the difference was. I followed the settings that Marc Balmer had in ports and so I wonder whether that is why I haven't seen any problems yet. Okay then: ./configure \ --prefix=/usr/local --sysconfdir=/etc --localstatedir=/var \ --enable-shared --disable-static \ --enable-rewrite --without-cyrus-sasl --disable-ipv6 \ --enable-ldap --with-tls=openssl Basically no backends were compiled in except bdb,hdb,monitor,relay and ldap. But really, I don't think these configure options are relevant, because the crash happens with the db-4.6 libraries (according to gdb). Usually, I have problems even when no one else has any issues so I am surprised to not have had a crash or any problems at all when I should have had seg faults! I am using all the samba-related schemas PLUS slurpd and I am still not seeing segfaults with OpenLDAP 2.3.33p2 and DB 4.6. I am not new to OpenBSD (have used it since 2.8 and have the CD's to prove it :) but don't know whether I have somehow made a mistake in compiling userland or whether there is some other issue involved that is making use of older versions of DB4. Can you try executing ldd(1) on slapd. Is it linked against the 4.6 db libraries? Daniel
Re: Using PF to QoS on tun interface
On Jan 2, 2008, at 10:17 AM, Nick Golder wrote:
I inherited a system that is attempting (poorly) to QoS traffic going
across a tun interface (which is being used by OpenVPN). Examples,
books, and ML suggest to tag on the internal interface ingress traffic
and QoS on the external interface egress traffic.
Treat the tun interface as a normal one. I recently had the same
issue, and simply adapted TCP ACK priority to the interface, and found
that worked fine. I'm currently testing a smaller MTU to help with
fragmentation.
Scrub, by the way, also seems to work quite well.
Since the traffic that I want to QoS doesn't really have an egress
interface to QoS on, I am trying to figure out a way to properly QoS
the traffic.
Here is a quick map on the traffic:
rl0 -- tun0 -- OpenVPN -- rl1 -- Internet
i think you're missing a tunneling interface somewhere.
The traffic I want to QoS on is ingress on rl0 which in turn is also
ingress on tun0. By the time it hits rl1, it is OpenVPN traffic.
Could you explain this again?
I've been doing foolish interface setup for a while now. My own
privacy VPN I have running to a co-located box looks a bit like this:
[internet] -- [external interface] -- [tun0] -- [openvpn] --
[external interface]
I also have a LAN to colo box setup, using openvpn on a different port.
Any recommendations on how to handle this?
Treat tun0 as a normal altq interface. So far, there's not been any
real issues with it co-existing with my normal altq rules for non-
VPN traffic on the router. The one thing I've not had is a interface
speed conflict, since I arbitrarily reduced the bandwidth to somewhat
less than my external interface.
For my soekris LAN gateway:
altq on tun0 priq bandwidth 400Kb queue { vpn_tcp_ack, vpn_def,
vpn_null }
queue vpn_tcp_ack priority 7
queue vpn_def priority 1 priq(default)
queue vpn_null priority 0
pass out quick on tun0 proto tcp from ($int_if:network) to any \
queue (vpn_def, vpn_tcp_ack)
pass out quick on tun0 proto { udp icmp } from ($int_if:network) to
any \
queue vpn_def
Re: Perpetually Current
Hi Matheus, Nenhum_de_Nos wrote on Wed, Jan 02, 2008 at 01:42:01PM -0300: my OBSD routers are usually old PII boxes and doing this kind of upgrade on them is not trivial. Saying this kind of upgrade, you refer to the official upgrade process, i presume? The official upgrade process is completely trivial on any imaginable kind of i386 Pentium II box, believe me. A Pentium II may seem old to you, but for running a standard router, it is more than enough, including the handling of the official upgrade process, of course. The dmesg of my own three-leg (internal/dmz/Internet) statefully filtering and NATing main router (saturating a 100 Mbit/s uplink, about 200 user accounts in the internel network, about 50 users regularly accessing us from the Internet, plus multiple web sites and mailing list hosting) is included below. Ya, i do have a couple of 600-900 MHz boxen on the shelf that people have been throwing away recently, so i could upgrade for free, but there's simply no need to hurry... About five years ago, i had to use an old 486-SX25, 24 MB RAM, Harddisk 160 MB (yes, zero dot one six Gigabytes) for the same task. With 16 MB of RAM, i saw occasional shortages of memory - although the users did not even notice that - but with 24 MB, even that crappy thing saturated our 100 Mbit/s uplink just fine. I just checked my notes, it was installed on May 13, 2001 with OpenBSD 2.8, upgraded to OpenBSD 2.9 on June 3, upgraded to OpenBSD 3.1 on June 22, 2002, upgraded to OpenBSD 3.2 on Jan 17, 2003. No, for those upgrades with 160 MB of total disk space, i could not use the official upgrade process, go figure... :-) But honestly, with any kind of Pentium II, what's your problem? All the best for the New Year, Ingo -- Ingo Schwarze [EMAIL PROTECTED] Serverbetrieb usta.de / studis.de - 8 - schnipp - 8 - 8 - schnapp - 8 - OpenBSD 4.2-current (GENERIC) #71: Tue Dec 4 02:15:05 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD-K6tm w/ multimedia extensions (AuthenticAMD 586-class) 234 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX real mem = 133787648 (127MB) avail mem = 121483264 (115MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/18/98, BIOS32 rev. 0 @ 0xfb480 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xb8f8 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc40/128 (6 entries) pcibios0: PCI Exclusive IRQs: 10 11 15 pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Acer Labs M1541 PCI rev 0x04 agp0 at pchb0: aperture at 0xe000, size 0x100 ppb0 at pci0 dev 1 function 0 Acer Labs M5243 AGP/PCI-PCI rev 0x04 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0xc3 rl0 at pci0 dev 8 function 0 Realtek 8139 rev 0x10: irq 15, address 00:e0:7d:93:13:e7 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci0 dev 9 function 0 Realtek 8139 rev 0x10: irq 11, address 00:e0:7d:93:13:ea rlphy1 at rl1 phy 0: RTL internal PHY rl2 at pci0 dev 10 function 0 Realtek 8139 rev 0x10: irq 10, address 00:e0:7d:93:13:e6 rlphy2 at rl2 phy 0: RTL internal PHY pciide0 at pci0 dev 15 function 0 Acer Labs M5229 UDMA IDE rev 0xc1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MPB3032ATU E wd0: 16-sector PIO, LBA, 3093MB, 6335280 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard vga0 at isa0 port 0x3b0/48 iomem 0xa/131072 wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation), using wskbd0 wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask 73fd netmask fffd ttymask softraid0 at root dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b
Re: fvwm in base and repository with security issues?
Marco Peereboom writes: -Nix Fan. (Fvwm, IMHO is ugly..) Fluxbox is fugly, fvwm is awesome. this discussion is very useful! cwm (with the changes I've made :-) is looking nicer and nicer! I hope to see these changes in the tree, soon. // marc
CDMA modem control utility
Hi! Recently i started project ``CDMA modem control utility''. Currently it partially supports two C-motech modems (CCU-550, CCU-650U). These two modems are popular here at Ukraine (people.net.ua). The program can do the following: - Change/set/enable/disable PIN code. - Send/receive SMS - Manage phonebook - Set modem modes The code is BSD licensed, so you can use and reuse it :) For all who wants it: http://www.bsdua.org/cdma.html Thanks! -- Alexey Vatchenko http://www.bsdua.org E-mail: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]
possible bug in CDROM recognition?
I am a complete novice regarding OpenBSD. However... I was going to ask for assistance as my new install of OBSD wouldn't recognise the cdrom. However after much investigation I fixed it by changing the physical position of the device from IDE slave on the secondary IDE interface to master (in dmesg speak, from channel 1 drive 1 to channel 1 drive 0), as I noticed that it was configured as slave but there was no master on this interface. Windows98 and Debian Linux had no problem recognising the drive but OBSD couldn't find it. Strangely I had no problem installing OBSD from the official CD on this drive, it was just a problem when trying to mount the cdrom after the installation was complete and rebooted. So maybe there is a minor bug in how hardware is recognised. Does anyone want a more detailed description with dmesg output? (before and after). I have to admit not looking for any similar bug reports, but I will if the folks here who know a thing or two want me to file a bug report, in which case please give a few bried pointers as to where to do it. Russell
Re: possible bug in CDROM recognition?
On 2008-01-02, Russell Gadd [EMAIL PROTECTED] wrote: So maybe there is a minor bug in how hardware is recognised. Does anyone want a more detailed description with dmesg output? (before and after). I have to admit not looking for any similar bug reports, but I will if the folks here who know a thing or two want me to file a bug report, in which case please give a few bried pointers as to where to do it. dmesg will shed some light on this. -- Alexey Vatchenko http://www.bsdua.org E-mail: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]
Updated ports/packages in -stable/-release
Hello misc@, I have a question : If I want the last packages/ports, I use a -current system, with -current ports tree. Last updates of softwares are in -current. On the other hand, they're developpement versions, If I want a *very* stable system (in production for example), I use -release or -stable system. On the other hand, packages and ports are not updated even it's necessary (for example, the last mozilla-firefox is in 2.0.0.6 in ports tree -release and 2.0.0.10 in -current port tree). If I use openbsd, it's for security and stability. Or, I must do a choice between : * stability (-stable, -release) with no security updates of packages/ports, * security (-current) with a less stability. Why does OpenBSD team not make a -stable branch of the port tree ? It's necessary to security. What method does recommend to have updated applications in -stable or -release ? Thanks for your informations. Nicolas
Re: possible bug in CDROM recognition?
Russell Gadd wrote: I was going to ask for assistance as my new install of OBSD wouldn't recognise the cdrom. However after much investigation I fixed it by changing the physical position of the device from IDE slave on the secondary IDE interface to master (in dmesg speak, from channel 1 drive 1 to channel 1 drive 0), as I noticed that it was configured as slave but there was no master on this interface. Having a slave on an IDE channel without a master is undefined behaviour. IE: your machine was configured wrong. The fact that it worked with some software was a fluke. -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: diff of the official FAQ
On Saturday 29 December 2007 00:34, Nick Holland wrote: And...just start at chapter 1 and start reading. :) Odds are, you didn't catch it all the first time, even things that didn't change will mean something to you now when it didn't the last time you looked. Exactly. About once a year i go back and reread the entire FAQ. Each time i learn something new and refresh my memory on things i knew but haven't used recently. (I have had people say to me, Hey, you are just looking at the docs, I thought you knew this? I WROTE the docs. Doesn't mean I remember anything more than 'where to look'.) I think knowing how to find information is more useful than having everything memorized without ever needing to look it up. Between work and family and friends i'm expected to varying degrees to support OpenBSD, Linux, Solaris, Mac OS X, and even Windows shudder. I can't remember how to do everything on all those systems. But i can remember how to look up information quickly. Thanks for all your hard work on the documentation. It is one of the things that make OpenBSD much easier to work with than other systems. For most of my questions i don't even bother using a search engine; i just go to the FAQ and more-often-than-not find the answer i wanted. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Problem while chroot python and modules in apache
On Wed, 02 Jan 2008 10:59:27 +0800 Michael Bibby [EMAIL PROTECTED] wrote: Hi, all. I use OpenBSD 4.2 -release and the default chrooted apache. I copied all files python needed, and it works. but the modules py-ldap doesn't work. # tail -f /var/www/logs/error_log Traceback (most recent call last): File /cgi-bin/msm/domain_list, line 5, in ? import ldapoperation File /cgi-bin/msm/ldapoperation.py, line 4, in ? import ldap File /usr/local/lib/python2.4/site-packages/ldap/__init__.py, line 23, in ? from _ldap import * ImportError: Cannot load specified object [Wed Jan 2 19:05:44 2008] [error] [client 172.16.252.1] Premature end of script headers: /cgi-bin/msm/domain_list did you copied openldap libs/files too? afaik, py-ldap module is linked against them. regards, joerg
Re: Updated ports/packages in -stable/-release
2008/1/2, Nicolas Letellier [EMAIL PROTECTED]: Why does OpenBSD team not make a -stable branch of the port tree ? It's Search the archives. Basically you are not paying the team enough. Best Martin
Re: Updated ports/packages in -stable/-release
Nicolas Letellier wrote: Hello misc@, I have a question : If I want the last packages/ports, I use a -current system, with -current ports tree. Last updates of softwares are in -current. On the other hand, they're developpement versions, Might be better to say they are what is going to become the NEXT release. If I want a *very* stable system (in production for example), I use -release or -stable system. That may be what you do, but you are generally wrong if that is your goal. The goal is that the BEST version of OpenBSD is -current. This goal is usually met. The people who usually experience trouble with -current often can't run -release/-stable at all, so no big loss. IF there is a bug in -current and you don't find it, it may very well exist in the next -release. The sooner bugs are found, the happier everyone is. *The name -stable refers to the API and functionality, not to the robustness of the system.* If you create a binary today, it will always run on the same version of -stable. If you are used to one way something works, it will continue to work that way on -stable If you are worried about your system's security or possibility of doing something bad, run -current. Really. The name -stable was really an unfortunate choice, giving people the idea that anything other than the APIs and functionality of -current was unstable. Other projects have done a lot to reinforce this idea, but the fact that other projects use the I screw it, maybe you can fix it development model does not mean OpenBSD does. Again, the most robust, best supported, most secure version of OpenBSD is -current. On the other hand, packages and ports are not updated even it's necessary (for example, the last mozilla-firefox is in 2.0.0.6 in ports tree -release and 2.0.0.10 in -current port tree). and in a few days, it will probably be 2.0.0.11. Don't fool yourself into thinking that running the newest version means you are secure. In that case in particular, it just means you are running a version where they reacted to a few more bugs. Better than IE is the Mozilla goal, not good. If you are doing things that expose yourself to Firefox vulnerabilities, you probably aren't going to save yourself by running the lease insecure version on a secure OS. There are some apps where the lack of a -stable version is an issue, but Firefox is not one that wins any sympathy with me. If I use openbsd, it's for security and stability. Or, I must do a choice between : * stability (-stable, -release) with no security updates of packages/ports, * security (-current) with a less stability. Why does OpenBSD team not make a -stable branch of the port tree ? It's necessary to security. same reason you aren't. Because no one stepped up to do it. Besides, the people best qualified to maintain a -stable are generally working on -current, and thus, the next release. Given finite time and finite people, that's where you want 'em. Otherwise, you end up with crap for the next -release and more dependence on -stable and that's not OpenBSD's goal. What method does recommend to have updated applications in -stable or -release ? Let's say you plan on implementing a new machine today. Install -current. Really. In May, upgrade to the 4.3, and sit there for six months. In November, upgrade to 4.4. IF you are using some third party apps which have issues mid-cycle, bump to a snapshot, and update the packages. If a system bug is found that impacts you, bump to -stable. The -release/-stable spots are resting points in the upgrade cycle. But that new app should be set up and tested out on -current, not -release. Try to use the base OpenBSD system for as much of the system as you can. The fewer packages you have installed, the fewer special cases you will have to deal with. The fewer cutesie-crap apps you put in your servers, the less often you will have to take down your servers because of cutesie-crap bugs. Nick.
Re: Updated ports/packages in -stable/-release
Hi Nicolas, please also read the FAQ on www.openbsd.org. Nicolas Letellier schrieb am Wed, Jan 02, 2008 at 10:50:43PM +0100: If I want the last packages/ports, I use a -current system, with -current ports tree. Last updates of softwares are in -current. Right. On the other hand, they're developpement versions, No, mostly wrong. The ports in the -current ports tree are usually ports of stable upstream releases. That's actually an established policy. There are some exceptions where upstream development versions get built by the ports tree, for example given any of the following conditions: - lack of any stable upstream distribution - stable upstream distribution hopelessly outdated and upstream development distribution reasonably solid - vastly different upstream stable and dev distributions and considerable interest to have each of them available If I want a *very* stable system (in production for example), I use -release or -stable system. You can also use -current snapshots. It requires a bit more experience (ability to act when it's needed, and ability to realize when action is needed), and a bit more work (slightly more frequent upgrades, say half a doven or a dozen times a year instead of twice a year). On the other hand, packages and ports are not updated even it's necessary (for example, the last mozilla-firefox is in 2.0.0.6 in ports tree -release and 2.0.0.10 in -current port tree). If you build a specialized server running two or three daemons, watch the relevant commits, understand them and backport them yourself when needed. In many cases, the task of backporting one single ports security fix to -stable is manageable. In case you fail, pay someone for doing that particular job for you (in case you know any IT consultant with sufficient programming skills). If you build a desktop system requiring 327639245120 packages, personally, IN THE CURRENT EXCEPTIONAL SITUATION, i would suggest to just run a -current snapshot. Should the -stable ports tree ever get resurrected (which could hopefully happen), i shall not uphold that suggestion. If I use openbsd, it's for security and stability. Or, I must do a choice between: * stability (-stable, -release) No, you never run -release. That's not secure. You run -current, -stable or -release+patches. with no security updates of packages/ports, * security (-current) with a less stability. Why does OpenBSD team not make a -stable branch of the port tree ? It's necessary to security. What method does recommend to have updated applications in -stable or -release ? That's a frequently answered question, read the archives and take care not to get yourself flamed. In a nutshell: OpenBSD is a system maintained by a bunch of people for their own enjoyment and use. For those people, the developers, there is no choice between security and stability, they just run -current, so they get BOTH security and stability - or else, in case they break the CVS, they will be gently shot down by Theo. ;-) Popularity is not among the OpenBSD project goals. That it's an excellent system for non-developers to use, too, is mostly a fortunate accident - even though that's not a matter of luck, but a direct, necessary consequence of the project goals and the team sticking to them, of course.
Re: Perpetually Current
On Jan 2, 2008 4:57 PM, Ingo Schwarze [EMAIL PROTECTED] wrote: Hi Matheus, Nenhum_de_Nos wrote on Wed, Jan 02, 2008 at 01:42:01PM -0300: my OBSD routers are usually old PII boxes and doing this kind of upgrade on them is not trivial. Saying this kind of upgrade, you refer to the official upgrade process, i presume? The official upgrade process is completely trivial on any imaginable kind of i386 Pentium II box, believe me. A Pentium II may seem old to you, but for running a standard router, it is more than enough, including the handling of the official upgrade process, of course. The dmesg of my own three-leg (internal/dmz/Internet) statefully filtering and NATing main router (saturating a 100 Mbit/s uplink, about 200 user accounts in the internel network, about 50 users regularly accessing us from the Internet, plus multiple web sites and mailing list hosting) is included below. Ya, i do have a couple of 600-900 MHz boxen on the shelf that people have been throwing away recently, so i could upgrade for free, but there's simply no need to hurry... About five years ago, i had to use an old 486-SX25, 24 MB RAM, Harddisk 160 MB (yes, zero dot one six Gigabytes) for the same task. With 16 MB of RAM, i saw occasional shortages of memory - although the users did not even notice that - but with 24 MB, even that crappy thing saturated our 100 Mbit/s uplink just fine. I just checked my notes, it was installed on May 13, 2001 with OpenBSD 2.8, upgraded to OpenBSD 2.9 on June 3, upgraded to OpenBSD 3.1 on June 22, 2002, upgraded to OpenBSD 3.2 on Jan 17, 2003. No, for those upgrades with 160 MB of total disk space, i could not use the official upgrade process, go figure... :-) But honestly, with any kind of Pentium II, what's your problem? All the best for the New Year, Ingo -- first of all I'd like to thank everyone that responded me in so short time. my problem is not running it, ingo. I do love my PII and they do just fine to keep my home lan security :) the problem for me is to take a cdrom, burn the iso, and have to do it not from a remote ssh window ;) but as many stated that it works, just have to be carefull about the steps :) I'll install a fresh 4.1 just to practice and walk through this process. thank you all for your attention :) I'm kinda new in OpenBSD, a user for about one year, but I already liked it :) I learned too much in this time :) thanks, matheus -- We will call you cygnus, The God of balance you shall be
Improving disk reliability
Hi I am setting up a OpenBSD box to act as a router/file-server for my parents, the box consists mostly of old parts and I try to not spend any extra money on it. One of my biggest worries is, since it will act as a file-server which will contain stuff with some emotional value, data- loss. The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together? -- Erik WikstrC6m
newfs: cg 0: bad magic number
Hi *, I'm trying to build a new FS on an IDE disk. All newfs commands end with: # newfs /dev/rwd1a .. .. newfs: cg 0: bad magic number newfs: fsinit1 failed Here is the disk info: # disklabel wd1 # /dev/rwd1c: type: ESDI disk: ESDI/IDE disk label: Maxtor 6B250R0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30515 total sectors: 490234752 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:481950 4.2BSD 2048 16384 16 c:4902347520 unused 0 0 (I tried several fs size (stard or end of the disk, same error) Any idea? Xavier -- Weird enough for government work.
Re: Improving disk reliability
On Jan 2, 2008, at 4:29 PM, Erik Wikstrvm wrote: The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together? If the disk develops errors, no amount of replication on the same hard disk device will prevent potential dataloss. You'd be better off mirroring on two completely separate devices. Perhaps copying the same data to another system or service may work.
Re: newfs: cg 0: bad magic number
Strange... fdisk wd1 reports: # fdisk wd1 Disk: wd1 geometry: 30515/255/63 [490234752 Sectors] Offset: 0 Signature: 0x180 Starting EndingLBA Info: #: id C H S - C H S [ start:size ] 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused When I create some partitions, write them to the disk, restart fdisk, I'm back to the same empty config. Is my disk physically dead? :( Xavier -- There's no place like ~ On Thu, 3 Jan 2008, Xavier Mertens wrote: Hi *, I'm trying to build a new FS on an IDE disk. All newfs commands end with: # newfs /dev/rwd1a .. .. newfs: cg 0: bad magic number newfs: fsinit1 failed Here is the disk info: # disklabel wd1 # /dev/rwd1c: type: ESDI disk: ESDI/IDE disk label: Maxtor 6B250R0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30515 total sectors: 490234752 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:481950 4.2BSD 2048 16384 16 c:4902347520 unused 0 0 (I tried several fs size (stard or end of the disk, same error) Any idea? Xavier -- Weird enough for government work.
Re: Improving disk reliability
Erik WikstrC6m wrote: Hi I am setting up a OpenBSD box to act as a router/file-server for my parents, the box consists mostly of old parts and I try to not spend any extra money on it. One of my biggest worries is, since it will act as a file-server which will contain stuff with some emotional value, data- loss. The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together? The servo motor no longer spins up the hard drive. How will you recover? Setting up the drive as a multi-partition RAIDFrame doesn't accomplish anything except add complexity. If you want protection against a physical hard drive failure, you need more than one hard drive, end of story. Whether you use a RAID-1 mirror, crontab a nightly dump/restore to an external USB drive, or whatever, if there's a single point of failure, you have to consider it already dead, and choose your preferred recovery method.
Re: Improving disk reliability
Erik Wikstrvm wrote: Hi I am setting up a OpenBSD box to act as a router/file-server for my parents, the box consists mostly of old parts and I try to not spend any extra money on it. One of my biggest worries is, since it will act as a file-server which will contain stuff with some emotional value, data- loss. The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together? Possible, yes. Helpful, almost certainly not. Probably hurtful. I've seen a few cases where what you propose MIGHT have saved some data, but the vast majority of disk failures I have seen this wouldn't have helped in the slightest, and the few cases it saved you would be compensated several times over from software complexity bugs and user error. You will also be thrashing the drive more, probably INCREASING the likelihood of failure. EVEN IF sector failure was a significant part of disk failure, what you propose has nothing to do with backup. Less bad would be to periodically copy from one partition to another, so when you rm -r'd in one partition, you might not damage the other. Mirroring and backup have NOTHING to do with each other. Put a dollar value on the emotional value, and mow a few lawns, shovel some snow, whatever, and get a real backup system of some kind. Even if it is another disk on another computer, you will be doing much better than what you propose (and in fact, I think you would be better off with nothing than what you propose.
Re: newfs: cg 0: bad magic number
Good thing OpenBSD only runs on one platform and one type of computer, eh? Xavier Mertens wrote: ... 16 partitions: #size offset fstype [fsize bsize cpg] a:481950 4.2BSD 2048 16384 16 c:4902347520 unused 0 0 Assuming this is i386 (what people usually assume when they don't bother to show dmesg or even mention platform), you need a one cylinder offset on your 'a' partition (or more accurately, your first partition. TYPICALLY, that's 63 sectors, but not always). What you have here clobbers your MBR, which holds your (now hosed) fdisk partitions. see faq4.html. Nick.
Re: newfs: cg 0: bad magic number
2008/1/3, Xavier Mertens [EMAIL PROTECTED]: When I create some partitions, write them to the disk, restart fdisk, I'm back to the same empty config. Is my disk physically dead? :( http://www.openbsd.org/faq/faq4.html#Install 4.5.2: On platforms which use fdisk, it is important that the first partition skips the first track of the disk, in this case, starting on sector 63. This will vary from machine to machine and disk system to disk system. If an OpenBSD partition is created starting at offset 0, this partition table will end up being overwritten by the OpenBSD partition's Partition Boot Record. The system may still be bootable, but it will be very difficult to maintain, and this configuration is not recommended or supported. Best Martin
Re: newfs: cg 0: bad magic number
On 1/2/08, Xavier Mertens [EMAIL PROTECTED] wrote: 16 partitions: #size offset fstype [fsize bsize cpg] a:481950 4.2BSD 2048 16384 16 your partition is not properly offset from the beginning of the disk, where all the goodies like mbr need to live.
Re: pgt prevents pf from scrubbing? (Solved)
This issue has been address by mglocker@ by modifying the behavior of
pf_normalize_tcpopt() in current's pf_norm.c.
Thank you again Marcus!
On 12/27/07, Daniel Melameth [EMAIL PROTECTED] wrote:
pgt, for me, has proven to be more reliable than ral, but this
annoying scrubbing/mss issue is starting to get to me. Any
recommendations for the best place to look in the source to address
this? The only time I've really worked with C was in college and on a
few ports here and there, but I'm nearing my wit's end with this.
Thanks and Happy Holidays.
On 11/2/07, Daniel Melameth [EMAIL PROTECTED] wrote:
I was able to reproduce this issue with a clean installation of 4.2 as
wellso long as the AP uses pgt, pf's scrub is broken. Thoughts?
On 10/31/07, Daniel Melameth [EMAIL PROTECTED] wrote:
I recently changed my 4.1-stable AP from ral to pgt only to find pf not
scrubbing packets anymore. To make this confusion more simple, I made
a
temporary simple pf.conf:
$ sudo cat /etc/pf.conf
external_if = pppoe0
set debug loud
scrub in on $external_if all
scrub out on $external_if all max-mss 1452
nat on $external_if from ! $external_if - ( $external_if )
block in log on $external_if
pass out quick on $external_if inet proto tcp to any
pass out quick on $external_if inet proto { udp, gre, icmp } to any
block out log on $external_if
With this ruleset I now have the following:
$ sudo pfctl -vvs rules
@0 scrub in on pppoe0 all fragment reassemble
[ Evaluations: 2051 Packets: 292 Bytes: 45542 States:
0
]
[ Inserted: uid 0 pid 10012 ]
@1 scrub out on pppoe0 all max-mss 1452 fragment reassemble
[ Evaluations: 236 Packets: 236 Bytes: 9859States:
0
]
[ Inserted: uid 0 pid 10012 ]
@0 block drop in log on pppoe0 all
[ Evaluations: 831 Packets: 4 Bytes: 1092States:
0
]
[ Inserted: uid 0 pid 10012 ]
@1 pass out quick on pppoe0 inet proto tcp all flags S/SA keep state
[ Evaluations: 32Packets: 242 Bytes: 55041 States:
7
]
[ Inserted: uid 0 pid 10012 ]
@2 pass out quick on pppoe0 inet proto udp all keep state
[ Evaluations: 19Packets: 23Bytes: 3049States:
3
]
[ Inserted: uid 0 pid 10012 ]
@3 pass out quick on pppoe0 inet proto gre all keep state
[ Evaluations: 7 Packets: 0 Bytes: 0 States:
0
]
[ Inserted: uid 0 pid 10012 ]
@4 pass out quick on pppoe0 inet proto icmp all keep state
[ Evaluations: 7 Packets: 0 Bytes: 0 States:
0
]
[ Inserted: uid 0 pid 10012 ]
@5 block drop out log on pppoe0 all
[ Evaluations: 7 Packets: 7 Bytes: 280 States:
0
]
[ Inserted: uid 0 pid 10012 ]
However, a simple visit to a web site when using pgt shows scrub is not
scrubbing as my mss is 1460:
$ sudo tcpdump -ni pppoe0 port 80
tcpdump: listening on pppoe0, link-type PPP_ETHER
12:05:46.892243 x.y.101.219.58561 64.37.182.61.80: S
2341795589:2341795589(0) win 8192 mss 1460,nop,wscale
2,nop,nop,sackOK
(DF)
12:05:46.969268 64.37.182.61.80 x.y.101.219.58561: S
3585146952:3585146952(0) ack 2341795590 win 8190 mss 1460
12:05:46.970368 x.y.101.219.58561 64.37.182.61.80: . ack 1 win 17520
(DF)
12:05:46.970902 x.y.101.219.58561 64.37.182.61.80: P 1:642(641) ack 1
win
17520 (DF)
12:05:47.056958 64.37.182.61.80 x.y.101.219.58561: P 1:636(635) ack
642
win 19200 (DF)
12:05:47.060172 x.y.101.219.58561 64.37.182.61.80: P 642:1347(705) ack
636
win 16885 (DF)
12:05:47.151883 64.37.182.61.80 x.y.101.219.58561: P 3556:3780(224)
ack
1347 win 8190
12:05:47.152153 64.37.182.61.80 x.y.101.219.58561: P 2096:2100(4) ack
1347
win 8190 (frag 55634:[EMAIL PROTECTED])
12:05:47.153298 x.y.101.219.58561 64.37.182.61.80: . ack 636 win
16885
(DF)
12:05:47.156386 x.y.101.219.58561 64.37.182.61.80: . ack 636 win
16885
(DF)
But if I simply put the ral card back and reboot, scrub works again-and
this
is reproducible.
$ sudo tcpdump -ni pppoe0 port 80
tcpdump: listening on pppoe0, link-type PPP_ETHER
11:14:32.100411 x.y.115.226.53842 64.37.182.61.80: S
313284:313284(0) win 8192 mss 1452,nop,wscale
2,nop,nop,sackOK
(DF)
11:14:32.176738 64.37.182.61.80 x.y.115.226.53842: S
2437399687:2437399687(0) ack 313285 win 8190 mss 1452
11:14:32.177300 x.y.115.226.53842 64.37.182.61.80: . ack 1 win 17424
(DF)
11:14:32.177661 x.y.115.226.53842 64.37.182.61.80: P 1:642(641) ack 1
win
17424 (DF)
11:14:32.263894 64.37.182.61.80 x.y.115.226.53842: P 1:636(635) ack
642
win 32767 (DF)
11:14:32.266375 x.y.115.226.53842 64.37.182.61.80: P 642:1347(705) ack
636
win 16789 (DF)
11:14:32.360790 64.37.182.61.80 x.y.115.226.53842: P 636:2088(1452)
ack
1347 win 8190 (DF)
Re: newfs: cg 0: bad magic number
Indeed, this test was bad...
But the same occurs with an offset of 63 sectors :(
Same with fdisk:
fdisk: 1 edit 3
Starting EndingLBA Info:
#: id C H S - C H S [ start:size ]
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
Partition id ('0' to disable) [0 - FF]: [0] (? for help) A6
Do you wish to edit in CHS mode? [n]
offset: [0] 63
size: [0] 488392002
fdisk:*1 q
Writing current MBR to disk.
bash-3.2# fdisk wd1
Disk: wd1 geometry: 30515/255/63 [490234752 Sectors]
Offset: 0 Signature: 0x100
Starting EndingLBA Info:
#: id C H S - C H S [ start:size ]
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
Xavier
--
Secret hacker rule #11: hackers read manuals.
On Wed, 2 Jan 2008, Nick Holland wrote:
Good thing OpenBSD only runs on one platform and one type of computer,
eh?
Xavier Mertens wrote:
..
16 partitions:
#size offset fstype [fsize bsize cpg]
a:481950 4.2BSD 2048 16384 16
c:4902347520 unused 0 0
Assuming this is i386 (what people usually assume when they don't
bother to show dmesg or even mention platform), you need a one
cylinder offset on your 'a' partition (or more accurately, your
first partition. TYPICALLY, that's 63 sectors, but not always).
What you have here clobbers your MBR, which holds your (now hosed)
fdisk partitions.
see faq4.html.
Nick.
Re: Improving disk reliability
On 2008/01/03 01:29, Erik Wikstrvm wrote: The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together? It wouldn't be more likely that the disk _crashes_ by doing this, and it may give _some_ protection against _some_ failure modes. It also gives new and exciting ones to take their place. One of my biggest worries is, since it will act as a file-server which will contain stuff with some emotional value, data- loss. How about just making a second ordinary FFS partition (no ccd/ raidframe/softraid magic) and just rsync the files across using cron? For the situation you describe, that will give some protection against a few extra common failure modes (e.g. accidentally deleted files; look at --link-dest to keep files from a couple of days while, for the most part, only using inodes not storage capacity) and this simplifies recovery from certain other types of problem. It would be better to copy the data off the machine, though. Can you use dump | ssh (maybe piped through something else to encrypt the data), or use rsync/smbclient/something else to copy the relevant data to another machine, possibly over an internet connection?
Re: newfs: cg 0: bad magic number
Ok, I fixed the disk partitions: # fdisk wd1 Disk: wd1 geometry: 30515/255/63 [490234752 Sectors] Offset: 0 Signature: 0x0 Starting EndingLBA Info: #: id C H S - C H S [ start:size ] 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: A6 0 1 1 - 30514 254 63 [ 63: 490223412 ] OpenBSD 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused # disklabel wd1 # Inside MBR partition 1: type A6 start 63 size 490223412 # /dev/rwd1c: type: ESDI disk: ESDI/IDE disk label: Maxtor 6B250R0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30515 total sectors: 490234752 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:490223412 63 4.2BSD 2048 16384 16 c:4902347520 unused 0 0 But I still have the same error at the end of the newfs: newfs: cg 0: bad magic number newfs: fsinit1 failed :( Xavier -- Hint: A reload a day, keeps the TAC away . On Wed, 2 Jan 2008, Ted Unangst wrote: On 1/2/08, Xavier Mertens [EMAIL PROTECTED] wrote: 16 partitions: #size offset fstype [fsize bsize cpg] a:481950 4.2BSD 2048 16384 16 your partition is not properly offset from the beginning of the disk, where all the goodies like mbr need to live.
Re: Improving disk reliability
Chris is very much on point. But if --for what ever reasons-- it has to be a one hard drive (hd) solution then understand that bad power and heat and then shock are your hd's enemies. Use a ups with o/s graceful sync/shutdown signalling enabled. If not a full ups, then an active line-conditioner (not a passive surge bar) can help (power sags are more common and, in context, harmful then blackouts). Mount the hd with regard to heat dissipation AND WITH its own active fan moving air across the hd. Depending on your chassis, best heat dissipation location may not be where the oem chassis' drive bays are located. The older the generation of hd generally and scsi especially it happens to be the more important this is to extending (and realizing) the hd's full life expectancy. Physically locate the machine so as to NOT be subjected to physical shock or vibrations. Sitting the machine on bare upper household floors is not bounce (shock) or vibration free. Whether it exceeds tolerances or not depends on your household. Then, go heed Chris' points as well and any way. /Scott -Original Message- From: Erik WikstrC6m [EMAIL PROTECTED] To: misc@openbsd.org Subject: Improving disk reliability Date: Thu, 03 Jan 2008 01:29:38 +0100 Mailer: Thunderbird 2.0.0.9 (Windows/20071031) Delivered-To: [EMAIL PROTECTED] Hi I am setting up a OpenBSD box to act as a router/file-server for my parents, the box consists mostly of old parts and I try to not spend any extra money on it. One of my biggest worries is, since it will act as a file-server which will contain stuff with some emotional value, data- loss. The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together?
Re: Problem while chroot python and modules in apache
Hi, all.
Thanks Joerg, but it doesn't work yet.
I copied all openldap-client files to chrooted apache dir, but it
shown the same error.
Am i missing something?
Files i copied:
# pkg_info -L openldap-client | grep -v '/man/' | \
grep -v '/share/' | \
grep '^/usr/local/'
/usr/local/bin/ldapadd
/usr/local/bin/ldapcompare
/usr/local/bin/ldapdelete
/usr/local/bin/ldapmodify
/usr/local/bin/ldapmodrdn
/usr/local/bin/ldappasswd
/usr/local/bin/ldapsearch
/usr/local/bin/ldapwhoami
/usr/local/include/lber.h
/usr/local/include/lber_types.h
/usr/local/include/ldap.h
/usr/local/include/ldap_cdefs.h
/usr/local/include/ldap_features.h
/usr/local/include/ldap_schema.h
/usr/local/include/ldap_utf8.h
/usr/local/include/slapi-plugin.h
/usr/local/lib/liblber.a
/usr/local/lib/liblber.la
/usr/local/lib/libldap.a
/usr/local/lib/libldap.la
/usr/local/lib/libldap_r.a
/usr/local/lib/libldap_r.la
/usr/local/lib/liblber-2.3.so.9.1
/usr/local/lib/liblber.so.9.1
/usr/local/lib/libldap-2.3.so.9.1
/usr/local/lib/libldap.so.9.1
/usr/local/lib/libldap_r-2.3.so.9.1
/usr/local/lib/libldap_r.so.9.1
# ldd /usr/local/bin/ldapsearch | grep '/usr/' | \
grep -v ':$' | \
awk '{print $NF}'
/usr/local/bin/ldapsearch
/usr/local/lib/libsasl2.so.2.22
/usr/lib/libgssapi.so.5.0
/usr/lib/libkrb5.so.16.0
/usr/lib/libasn1.so.16.0
/usr/lib/libcom_err.so.16.0
/usr/lib/libssl.so.11.0
/usr/lib/libcrypto.so.13.0
/usr/lib/libc.so.41.0
/usr/libexec/ld.so
Joerg Zinke wrote:
On Wed, 02 Jan 2008 10:59:27 +0800
Michael Bibby [EMAIL PROTECTED] wrote:
Hi, all.
I use OpenBSD 4.2 -release and the default chrooted apache.
I copied all files python needed, and it works. but the modules
py-ldap doesn't work.
# tail -f /var/www/logs/error_log
Traceback (most recent call last):
File /cgi-bin/msm/domain_list, line 5, in ?
import ldapoperation
File /cgi-bin/msm/ldapoperation.py, line 4, in ?
import ldap
File /usr/local/lib/python2.4/site-packages/ldap/__init__.py,
line 23, in ?
from _ldap import *
ImportError: Cannot load specified object
[Wed Jan 2 19:05:44 2008] [error] [client 172.16.252.1] Premature
end of script headers: /cgi-bin/msm/domain_list
did you copied openldap libs/files too?
afaik, py-ldap module is linked against them.
regards,
joerg
Re: Improving disk reliability
On Thu, Jan 03, 2008 at 01:29:38AM +0100, Erik Wikstr??m wrote: I am setting up a OpenBSD box to act as a router/file-server for my parents, the box consists mostly of old parts and I try to not spend any extra money on it. One of my biggest worries is, since it will act as a file-server which will contain stuff with some emotional value, data- loss. The preferable way to solve this would probably be to use two disks but that is not an option for me. So I was wondering if it is possible to instead split the disk in two parts, the first is used to install OpenBSD on, and the rest is split in two and setup in a mirror configuration using RAIDframe or something similar. If this is possible, will it buy me any additional protection against dataloss, or is it more likely that my disk crashes all together? You've had the reasons why what you propose shouldn't be done. Lets look at your opptions: 1. Why isn't a second disk an option? 2. I don't know the size of the disk to know the size of the backup media required. However, CD/DVD burners are less than the cost of a hard drive and the media is relatively cheap. 3. If the box will have internet access, what about using rsync to send a compressed backup to your own box. If you don't want it going via the internet for some reason, what about a good old-fashioned modem to connect with your box and send it via zmodem? Doug.
Re: Real men don't attack straw men
Hello Richard, After reading this thread, I was interested to see what your list recommendation really was, because I have never actually seen it!! So I headed over fsf.org which leads me to this page when trying to find out your list of recommended OS list: http://www.gnu.org/links/links.html Is that the list there? My guess is that if you were to endorse OpenBSD you would have put a link under Other free operating systems... under which, there were 2 interesting systems: GNU/Darwin, based off Apple's userland and kernel, and ReactOS, designed specifically to run MS software. So I have looked into them a bit more... Your main complaint about among the BSD's are that they have a ports system that can be used to install non-free software. In the case of OpenBSD, ports system were not even included, OpenBSD merely includes instruction to install the ports system and how to use it. This is the same with your recommended system GNU/Darwin: http://www.gnu-darwin.org/index.php?page=ports Who also contains instructions to install the such port system. Considering that your main concern with ports system is that it may lead people to install non-free software, well, what about ReactOS, whose _design goal_ is to _run_ non-free software? Before you argue that ReactOS is merely a free implementation of Win32 API, let me clarify: if the purpose of ReactOS isn't to run some Windows-only software S, then what is the purpose of ReactOS? if S was free, it wouldn't be Windows-only as it would have ported to free OS's. Remember that the Windows-only software that people are going to be interested to run are going to be non-free one. Cheers, Sun.
Re: Updated ports/packages in -stable/-release
Nick Holland wrote: Nicolas Letellier wrote: Hello misc@, ... Let's say you plan on implementing a new machine today. Install -current. Really. In May, upgrade to the 4.3, and sit there for six months. In November, upgrade to 4.4. IF you are using some third party apps which have issues mid-cycle, bump to a snapshot, and update the packages. If a system bug is found that impacts you, bump to -stable. The -release/-stable ... The only caveat I would offer here is that *sometimes* -current packages are not in sync with base snapshots, so be aware. -Steve S.
Re: newfs: cg 0: bad magic number
Is that normal to have a signature of 0x0 reported by fdisk? On my other disks, signature is 0xAA55. Thanks for your help! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Xavier Mertens Sent: jeudi 3 janvier 2008 2:28 To: misc@openbsd.org Subject: Re: newfs: cg 0: bad magic number Ok, I fixed the disk partitions: # fdisk wd1 Disk: wd1 geometry: 30515/255/63 [490234752 Sectors] Offset: 0 Signature: 0x0 Starting EndingLBA Info: #: id C H S - C H S [ start:size ] 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: A6 0 1 1 - 30514 254 63 [ 63: 490223412 ] OpenBSD 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused # disklabel wd1 # Inside MBR partition 1: type A6 start 63 size 490223412 # /dev/rwd1c: type: ESDI disk: ESDI/IDE disk label: Maxtor 6B250R0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30515 total sectors: 490234752 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:490223412 63 4.2BSD 2048 16384 16 c:4902347520 unused 0 0 But I still have the same error at the end of the newfs: newfs: cg 0: bad magic number newfs: fsinit1 failed :( Xavier -- Hint: A reload a day, keeps the TAC away . On Wed, 2 Jan 2008, Ted Unangst wrote: On 1/2/08, Xavier Mertens [EMAIL PROTECTED] wrote: 16 partitions: #size offset fstype [fsize bsize cpg] a:481950 4.2BSD 2048 16384 16 your partition is not properly offset from the beginning of the disk, where all the goodies like mbr need to live.
