Re: OSS v4.0 released under BSD license
On Jan 9, 2008 12:45 AM, Jacob Meuser [EMAIL PROTECTED] wrote: On Tue, Jan 08, 2008 at 05:54:58PM -0300, Andr?s wrote: Jacob Meuser wrote: the current audio system actually supports a wider variety of audio devices. Sorry for the non-technically-based question but, couldn't OpenBSD contribute its development to audio drivers to OSS so all operating systems using it could benefit? And then OpenBSD could support just OSS. That would make in-house work available to non-OpenBSD users. Just an idea. and as far as that goes, 4Front, or anyone else for that matter, could have already ported these drivers. they've always been BSD licensed. OSS has been developed for x86 and x86_64 linux/solaris/freebsd, and only supports PCI based devices. it's also intended to be installed as kernel modules. just getting OSS running on say OpenBSD/macppc to support PCI devices would be considerable work. and then the i2s drivers we have would need to be ported to OSS. that's just one arch. as of right now, there are basically 3 regular audio developers for OpenBSD. oh, and then all the ports would need to be changed to use OSS or be modified to not use libossaudio ... while I do think a single audio API for unix would be beneficial, I also prefer the Sun API. it's sort of a tough position. believe me, there has been considerable thought put into this. Greetings! for myself the only point that I miss with audio driver on openbsd is lack of audio or software mixing like you have on alsa or oss. It's a pity to have to use esound or such program to just mix different audio source. Any idee how it could be implemented with sun audio ? - benont - benoit
Re: : Help with root partition on RaidFrame
On Wed, Jan 09, 2008 at 02:00:31AM -0500, Nick Guenther wrote: On Jan 9, 2008 1:22 AM, William Sloan [EMAIL PROTECTED] wrote: Dear misc -- I'm attempting to get a root partition on raid 1 RaidFrame configuration working with OpenBSD 4.2. I have a Soekris 4801 with a compact flash card, a USB 2.0 PCI card and 2 identical external usb hard drives. I built a new kernel configured with the pseudo-device raid 4 and option RAID_AUTOCONFIG. I installed OpenBSD on the compact flash, created and initialized the raid array, set the raid device to autoconfigure and set the root flag, changed fstab on the raid disks to point root to raid0a instead of wd0a and rebooted. When the system rebooted wd0a was mounted as root. Attached is dmesg, mount, raid0.conf, disklables. raidctl -sv output. If someone can point me in the direction of what to look at or give me any ideas of what could be going wrong. When you build your new kernel you also need to change config(8) to set root on raid0. fstab isn't read until *after* the root is mounted, remember; how is it going to know to read from raid0a:/etc/fstab if the file to tell it that is raid0a:/etc/fstab? This was not needed in 4.1, just setting the RAID_AUTOCONFIG and setting the root flag on the raid array was enough, just as wsloan did it was enough. This is my /usr/src/sys/arch/i386/conf/GENERIC.RAID: # # GENERIC.RAID - Add kernelized RAIDframe disk driver # include arch/i386/conf/GENERIC option RAID_AUTOCONFIG pseudo-device raid4 My raid0 has Autoconfig: Yes Root partition: Yes and that was enough in OpenBSD 4.1 Has the behaviour changed? Is there somewhere else to configure the root device, e.g from /etc/boot.conf. I know you can give a flag -a to boot(8) to make the kernel ask for a root device, but I do not find a root device variable to set there, nor in options(4) and boot_config(8). -Nick -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: NAT IPV4 and bridge only IPV6
Hi all, On Tue, 8 Jan 2008 21:52:22 +0100 Good Good [EMAIL PROTECTED] wrote: Free.fr is the first general public ISP in France to provide IPV6 to its customers (it seems that I would be lucky) :) Just a minor correction there: it is *not* -- Nerim has been routing /48 IPv6 blocks to every customer since years... And no, a /64 is not particularly useful; it's encouraging nevertheless that IPv6 gets at least a bit attention. Simon
Re: NAT IPV4 and bridge only IPV6
Simon Vallet wrote, On 9/01/08 10:44: Hi all, On Tue, 8 Jan 2008 21:52:22 +0100 Good Good[EMAIL PROTECTED] wrote: Free.fr is the first general public ISP in France to provide IPV6 to its customers (it seems that I would be lucky) :) Just a minor correction there: it is *not* -- Nerim has been routing /48 IPv6 blocks to every customer since years... And no, a /64 is not particularly useful; it's encouraging nevertheless that IPv6 gets at least a bit attention. Simon In a [1]press communiqui (in french, sorry) they say they give 2^64 ip address to every customer. To me, total ipv6 beginner, it seems a lot ! What is bad with /64 ? Are they sort of lying ? Playing with words ? [1]http://www.iliad.fr/presse/2007/CP_IPv6_121207.pdf
Re: AMD Geode LX Video on fit-PC
Matt Jibson wrote: I recently got a fit-PC. I found that after installing snapshots, issuing startx simply blacks the screen. The normal methods to stop X and recover the screen were unsuccessful. This is the behavior when using the vesa driver. Under the vga driver, X starts, but the fonts are unreadable and the resolution very low. It appears from the fit-PC forums that the amd driver is needed. Has anyone had other success with this machine, or previously ported this driver to OpenBSD? dmesg below. I have several AMD Geode LX devices that have Video. The video port on these devices must be programmed using some Geode specific instructions (write MSR/read MSR). Adding that support is in my plans, but I have no idea when it will be ready. [...]
Re: NAT IPV4 and bridge only IPV6
On Wed, Jan 09, 2008 at 11:04:59AM +0100, Stiphane Chausson wrote: In a [1]press communiqui (in french, sorry) they say they give 2^64 ip address to every customer. To me, total ipv6 beginner, it seems a lot ! It seems to be, though it is the bare minimum. What is bad with /64 ? This is only _one_ prefix. The other lower-order 64 bits would generally be used for autoconfiguration (IPv6 has mechanisms allowing devices to automatically determine a routable address from the prefix and, e.g., their MAC address*). This means you won't be able to do any _clean_ subnetworking. Usually when giving prefixes, the leaf ISPs are supposed to delegate /48 to their customers. This lets enough lattitude to design your network plan without limitation due to being short of /64's. That said, it may be true that most end-users like Free.fr has won't need much more than one /64. But still, this can become frustrating (How come my car cannot be a subnetwork as my home is?!) Are they sort of lying ? Playing with words ? Nope. And it is still a good thing that they finally provide IPv6 connectivity, but this is the smallest move they could have done. * this means, indeed, that the /64 range is very sparsely populated. -- Olivier Mehani [EMAIL PROTECTED] PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: : Help with root partition on RaidFrame
On Jan 9, 2008 5:05 AM, Raimo Niskanen [EMAIL PROTECTED] wrote: On Wed, Jan 09, 2008 at 02:00:31AM -0500, Nick Guenther wrote: On Jan 9, 2008 1:22 AM, William Sloan [EMAIL PROTECTED] wrote: Dear misc -- I'm attempting to get a root partition on raid 1 RaidFrame configuration working with OpenBSD 4.2. I have a Soekris 4801 with a compact flash card, a USB 2.0 PCI card and 2 identical external usb hard drives. I built a new kernel configured with the pseudo-device raid 4 and option RAID_AUTOCONFIG. I installed OpenBSD on the compact flash, created and initialized the raid array, set the raid device to autoconfigure and set the root flag, changed fstab on the raid disks to point root to raid0a instead of wd0a and rebooted. When the system rebooted wd0a was mounted as root. Attached is dmesg, mount, raid0.conf, disklables. raidctl -sv output. If someone can point me in the direction of what to look at or give me any ideas of what could be going wrong. When you build your new kernel you also need to change config(8) to set root on raid0. fstab isn't read until *after* the root is mounted, remember; how is it going to know to read from raid0a:/etc/fstab if the file to tell it that is raid0a:/etc/fstab? This was not needed in 4.1, just setting the RAID_AUTOCONFIG and setting the root flag on the raid array was enough, just as wsloan did it was enough. This is my /usr/src/sys/arch/i386/conf/GENERIC.RAID: # # GENERIC.RAID - Add kernelized RAIDframe disk driver # include arch/i386/conf/GENERIC option RAID_AUTOCONFIG pseudo-device raid4 My raid0 has Autoconfig: Yes Root partition: Yes and that was enough in OpenBSD 4.1 Has the behaviour changed? Is there somewhere else to configure the root device, e.g from /etc/boot.conf. I know you can give a flag -a to boot(8) to make the kernel ask for a root device, but I do not find a root device variable to set there, nor in options(4) and boot_config(8). No. No it hasn't. And I've been been burned by not doing my research all the way through yet again. Sorry. -Nick
Re: OSS v4.0 released under BSD license
On Wed, Jan 09, 2008 at 03:21:01AM +, Matthew Szudzik wrote: There is also the question of ALSA compatibility layer which is in my understanding slowly incorporated into OSS. Is it really important to have ALSA compatibility layer? Can somebody give me an example of the software which requires ALSA (please exclude Skype although there is OSS version) Yes, an ALSA compatibility would allow us to use Linux binaries (through compat_linux) which require ALSA. The most infamous example is the Adobe Flash 9 Plugin. that would require kernel level ALSA emulation, just as we have kernel level OSS emulation for linux binaries using OSS. I have absolutely no interest in that whatsoever. you'd have better luck convincing Adobe to make an OpenBSD native version of their plugin. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: [Fwd: Open-Hardware]
On 1/9/08 3:13 AM, Alexander Terekhov wrote: On Jan 9, 2008 1:20 AM, chefren [EMAIL PROTECTED] wrote: [...] This man has no respect for programmers, clearly doesn't understand why money was invented and how a market can be a very reasonable way to let people earn money. http://www.gnu.org/philosophy/words-to-avoid.html#Market It is misleading to describe the users of free software, or the software users in general, as a market. This is not to say we're against markets. It's misleading to call GNU GNU it should be called BSD/GNU. (Thanks to Wijnand for pointing at this.) BSD/GPL BSD/GPLvX Somewhat more typing but good PR. +++chefren
Re: Real men don't attack straw men
On 1/9/08 1:49 AM, Steve Shockley wrote: Marco Peereboom wrote: I don't think so. We check for this before we buy hardware. I'd bet money that you have hardware that requires driver assist. I doubt it; if he needs to use a device that doesn't meet his criteria for free (like a cell phone), he just has someone else carry it around for him. That absolves him from all responsibility without any inconvenience. Most chips require bits to be stored in registers (addresses) to get them do what they need to do. In the 80's manufacturers started with delivering chips that hadn't all registers in the address space of the processor and subsequent writes to the same address were necessary after a reset condition to get the chip working (this spared physical address lines and thus expensive pins on the chip). Even if a blob needs to be stored on a chip it's often by sending subsequent writes to the same address. Sometimes this goes the other way around, with DMA, the chip reads a block of outside adresses (flash memory or memory filled by the main processor). Sometimes a memory besides the chip is attached with a serial connection (i2c etc, saves pins!). I have certainly not mentioned all way's to get required setup data to chips. But in general: After start the CPU reads the first bytes of the bios and starts setting up at least all chips on the motherboard with data from the bios etc etc etc... +++chefren
Re: NAT IPV4 and bridge only IPV6
On Wed, 09 Jan 2008 11:04:59 +0100 Stiphane Chausson [EMAIL PROTECTED] wrote: In a [1]press communiqui (in french, sorry) they say they give 2^64 ip address to every customer. To me, total ipv6 beginner, it seems a lot ! What is bad with /64 ? Are they sort of lying ? Playing with words ? [1]http://www.iliad.fr/presse/2007/CP_IPv6_121207.pdf Well, in theory 64 bits would be sufficient for 2^64 adresses, but that's not the way IPv6 functions -- in reality they are providing you with exactly 1 usable IPv6 address (link in french), hence the need to NAT or bridge: http://fr.wikipedia.org/wiki/IPv6#Adresses_IPv6 Simon
Re: NAT IPV4 and bridge only IPV6
On Wed, Jan 09, 2008 at 11:04:59AM +0100, Stiphane Chausson wrote: Simon Vallet wrote, On 9/01/08 10:44: Hi all, On Tue, 8 Jan 2008 21:52:22 +0100 Good Good[EMAIL PROTECTED] wrote: Free.fr is the first general public ISP in France to provide IPV6 to its customers (it seems that I would be lucky) :) Just a minor correction there: it is *not* -- Nerim has been routing /48 IPv6 blocks to every customer since years... And no, a /64 is not particularly useful; it's encouraging nevertheless that IPv6 gets at least a bit attention. Simon In a [1]press communiqui (in french, sorry) they say they give 2^64 ip address to every customer. To me, total ipv6 beginner, it seems a lot ! What is bad with /64 ? Are they sort of lying ? Playing with words ? Of the 128bit IPv6 address only 64bits are actually usable the /64 is actually more similar to a /32 host route in IPv4 land. To be correct a /64 represents one LAN segement with maybe multiples hosts on it. This comes from the fact that the lower 64bits of a IPv6 address are autogenerated. rtsol (router solicitation) uses these lower 64bit. -- :wq Claudio
Re: NAT IPV4 and bridge only IPV6
On 2008/01/09 11:04, Stiphane Chausson wrote: In a [1]press communiqui (in french, sorry) http://signal.eu.org/blog/2007/12/12/ipv6-chez-free/ is informative too. (this is also in french). they say they give 2^64 ip address to every customer. To me, total ipv6 beginner, it seems a lot ! What is bad with /64 ? rfc4291 says: For all unicast addresses, except those that start with the binary value 000, Interface IDs are required to be 64 bits long and to be constructed in Modified EUI-64 format. so if you further divide a /64 into multiple subnets you aren't compliant with the standards, and you break the usual ipv6 address autoconfiguration method. the current _guidelines_ (not requirements) for allocations to subscribers are given in rfc3177: [...] - /48 in the general case, except for very large subscribers - /64 when it is known that one and only one subnet is needed by design - /128 when it is absolutely known that one and only one device is connecting. In particular, we recommend: - Home network subscribers, connecting through on-demand or always-on connections should receive a /48. - Small and large enterprises should receive a /48. - Very large subscribers could receive a /47 or slightly shorter prefix, or multiple /48's. - Mobile networks, such as vehicles or mobile phones with an additional network interface (such as bluetooth or 802.11b) should receive a static /64 prefix to allow the connection of multiple devices through one subnet. - A single PC, with no additional need to subnet, dialing-up from a hotel room may receive its /128 IPv6 address for a PPP style connection as part of a /64 prefix. Note that there seems to be little benefit in not giving a /48 if future growth is anticipated. In the following, we give the arguments for a uniform use of /48 and then demonstrate that it is entirely compatible with responsible stewardship of the total IPv6 address space. [...] there are some suggestions out (see recent nanog posts) that /56 be used for private consumer subscribers, though this is probably not useful for all but the largest consumer ISPs.
work and live canada
You are invited to work and live canada . By your host Brenda Grand: am Brenda from Canada, i am the assistant manager of Canadian Hotels,i wish to inform you that the hotel need man and woman who can work and live in omni hotel Canada , A Division Of Delta Chelsea Canadian Hotel Canada , hotel will care of your tickets,accommodation lodging and the visa assistance in your country,if you are interested ,you should please contact me back via the mail box, [EMAIL PROTECTED] N/B THE HOTEL MANAGEMENT ARE NOT RESPONSIBLE FOR YOUR CANADA C Date: Wednesday January 9, 2008 Time: 5:00 am - 6:00 am (GMT -07:00 US/Canada Mountain) Will you attend? RSVP to this invitation at: http://calendar.yahoo.com/advert_omni?v=126a1=0iid=DxAyfp3dmkuz%40BYKMxHmeAdaE-2yAozGigid=Cxa7Psh%40ml%405aUN8ixO9EB3%40e4gkANxfyxAVlx%40%40 Copyright ) 2008 All Rights Reserved www.yahoo.com Privacy Policy: http://privacy.yahoo.com/privacy/us Terms of Service: http://docs.yahoo.com/info/terms/
Re: Real men don't attack straw men
[...] Linux is not free software. [...] Linux [...] is on the ok side of the line. Therefore: if there's only one popular kernel that GNU can use in its project, then it's OK to use it, even if it's not free software. Unpopular stuff like gNewSense have to be thought about, probably by a marketing team inside GNU/FSF, while popular non-free software is chosen. I'll put this clear, once again: every time the GNU Project or the Free Software Foundation talks about GNU/Linux in a positive way, they're promoting a non-free software kernel. There's no way to talk about Linux without promoting it, except the FSF forks its own copy of Linux and uses a name that has nothing to do with it. Period. And in case you thought about, a Q: Isn't Linux non-free software? A: Yes, it is; everytime we talk about Linux, we are talking about a version that's not from Linus Torvalds text somewhere in GNU/FSF's Web site does not do any good at all. Your personal ad* says that you value truth [...] more than \success\, right? Well, then sacrifice Linux's popularity for the sake of the FSF's purpose. I find it funny that the FSF did remove Linux from the Free Software Directory but is afraid to disassociate from it. That _is_ hypocritical. Be a Real Men, Richard. Original quotes: Torvalds' version of Linux is not free software Mentioning Linux is referring to something well-known that people have already heard of, which is on the ok side of the line. * http://www.stallman.org/extra/personal.html
Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
Hello, I'm running two Dell Poweredge 2650 Servers with dual Xeon 2,2 GHz und 5 Gig Ram as a redundant firewall cluster, using Broadcom and Intel Gigabit Cards (bge and em Drivers). Last weekend I got a Denial of Service Attack on my network which brings the firewall to its limits. As some people sometimes asks for the maximum packets per seconds to handle with OpenBSD, here is my feedback: everything works fine up to roundabout 100-120k pps. A Dell Poweredge 1650 Dual P3 1,4 GHz with 2 Gigs of Ram and Intel Gigabit Cards (em Driver) handles up to 30-40k pps. Hope this value may help you for finding the matching hardware for your needs. Regards, Falk
work and live canada
You are invited to work and live canada . By your host Brenda Grand: am Brenda from Canada, i am the assistant manager of Canadian Hotels,i wish to inform you that the hotel need man and woman who can work and live in omni hotel Canada , A Division Of Delta Chelsea Canadian Hotel Canada , hotel will care of your tickets,accommodation lodging and the visa assistance in your country,if you are interested ,you should please contact me back via the mail box, [EMAIL PROTECTED] N/B THE HOTEL MANAGEMENT ARE NOT RESPONSIBLE FOR YOUR CANADA C Date: Wednesday January 9, 2008 Time: 5:00 am - 6:00 am (GMT -07:00 US/Canada Mountain) Will you attend? RSVP to this invitation at: http://calendar.yahoo.com/advert_omni?v=126a1=0iid=DxAyfp3dmkuz%40BYKMxHmeAdaE-2yAozGigid=Cxa7Psh%40ml%405aU68yxP9UFl%40d4vkANyfxxAVlx%40%40 Copyright ) 2008 All Rights Reserved www.yahoo.com Privacy Policy: http://privacy.yahoo.com/privacy/us Terms of Service: http://docs.yahoo.com/info/terms/
Re: OSS v4.0 released under BSD license
Jacob Meuser [EMAIL PROTECTED] wrote: that would require kernel level ALSA emulation, just as we have kernel level OSS emulation for linux binaries using OSS. I have absolutely no interest in that whatsoever. you'd have better luck convincing Adobe to make an OpenBSD native version of their plugin. That wouldn't be required if we have a different alsa-lib than normal linux systems have. It's possible that compiling libsalsa for Linux and using in with compat_linux is already enough. -- Jonathan
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:09]: Last weekend I got a Denial of Service Attack on my network which brings the firewall to its limits. As some people sometimes asks for the maximum packets per seconds to handle with OpenBSD, here is my feedback: everything works fine up to roundabout 100-120k pps. I have had and seen _way_ more than that. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
OpenBSD and ISDN TA
Simply question: does OpenBSD support ISDN? I have great interest to use OpenBSD as ISDN router with an external ISDN terminal adapter (USB interface). Until now I didn't find any configuration hints for ISDN devices under OpenBSD. I have found only a project called isdn4bsd, but unfortunately, there is no maintainer on OpenBSD. Any suggestions? Thanks
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
Henning Brauer wrote: Hi Henning, * Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:09]: works fine up to roundabout 100-120k pps. I have had and seen _way_ more than that. Can you please provide some details of the configuration and tweaks you have done to handle this amount of pps on such a hardware? This would be really nice! I did a default OpenBSD 4.2 setup and followed the FAQ section Tuning networking parameters - nothing more yet. Regards, Falk
Re: OpenBSD and ISDN TA
On Wed, 9 Jan 2008, SeDoFa wrote: Simply question: does OpenBSD support ISDN? Simple answer: no
Re: OpenBSD and ISDN TA
Sorry, no chance Regards Andre Ruppert
Re: OpenBSD and ISDN TA
SeDoFa [EMAIL PROTECTED] writes: Simply question: does OpenBSD support ISDN? I have great interest to use OpenBSD as ISDN router with an external ISDN terminal adapter (USB interface). If your ISDN TA can be made to look like a serial device and accept AT commands (ie behave like a modem) it should be relatively straightforward to use it via ppp. Otherwise, I think ISDN is one of those technologies a significant part of the OpenBSD population would be very happy to suppress any remaining memories of. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD and ISDN TA
* SeDoFa [EMAIL PROTECTED] [2008-01-09 14:53]: Simply question: does OpenBSD support ISDN? I have great interest to use OpenBSD as ISDN router with an external ISDN terminal adapter (USB interface). Until now I didn't find any configuration hints for ISDN devices under OpenBSD. I have found only a project called isdn4bsd, but unfortunately, there is no maintainer on OpenBSD. Any suggestions? ISDN TAs just show up as regular modems controlled by AT commands. no special support required, you might have to fiddle with init strings etc a bit. well, serial ones at least. no idea how the USB ones are implimented. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: [Fwd: Open-Hardware]
On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said: Eric Furman [EMAIL PROTECTED] writes: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? Good question. Theo de Raadt [EMAIL PROTECTED] writes: Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. Maybe this guy can explain it to you. OK, *that* was the most retarded thing I have ever read. You're comparing apples and oranges.
Re: OSS v4.0 released under BSD license
Jonathan Schleifer writes: Jacob Meuser [EMAIL PROTECTED] wrote: that would require kernel level ALSA emulation, just as we have kernel level OSS emulation for linux binaries using OSS. I have absolutely no interest in that whatsoever. you'd have better luck convincing Adobe to make an OpenBSD native version of their plugin. That wouldn't be required if we have a different alsa-lib than normal linux systems have. It's possible that compiling libsalsa for Linux and using in with compat_linux is already enough. Alsa is really, really not important to us. In the past few years of working on OpenBSD ports I have only run across one open source application that required alsa, and I took that as a sign that the app wasn't worth having anyway. Should a worthy alsa-only *open source* app appear, I'm sure that someone could port it to Sun audio. There is already a lot of code in the ports tree that does this to provide better support than the OSS 3.x- emulation we have now. But for Linux binary emulation? No way. If you want that, run Linux. What kind of people run Linux binaries on OpenBSD, anyway? Don't give me that I need Flash, since I spent months of my life working on Gnash for OpenBSD just so you wouldn't have to use the Adobe Linux binary.. and more months working on PJSIP so that you wouldn't have to use Skype. If this interest in alsa is just general multimedia envy and not some specific need for alsa support, you might find this article in Hannu's blog interesting. He details the history of the two and makes a good case for adopting OSS instead. http://4front-tech.com/hannublog/?p=5
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
On January 9, 2008 08:20:40 am Vijay Sankar wrote: On January 9, 2008 06:35:56 am Falk Brockerhoff wrote: Hello, I'm running two Dell Poweredge 2650 Servers with dual Xeon 2,2 GHz und 5 Gig Ram as a redundant firewall cluster, using Broadcom and Intel Gigabit Cards (bge and em Drivers). Last weekend I got a Denial of Service Attack on my network which brings the firewall to its limits. As some people sometimes asks for the maximum packets per seconds to handle with OpenBSD, here is my feedback: everything works fine up to roundabout 100-120k pps. A Dell Poweredge 1650 Dual P3 1,4 GHz with 2 Gigs of Ram and Intel Gigabit Cards (em Driver) handles up to 30-40k pps. Hope this value may help you for finding the matching hardware for your needs. Regards, Falk I changed from using HP DL380's to Dell 2950's in the last year or so since it has better support for OpenBSD. With the DL380's, we were getting about 70,000 pps during tests but after following the explanations about network performance tuning in a great article by Henning Brauer (I have been searching for it for the past hour but can't find the URL -- it was at the www.openbsd.org web site and I had downloaded it couple of years ago), we could get 180,000 pps on DL380's. On the 2950's, I haven't done any tests yet but as soon as I find that paper, I will do so. Finally found the paper I was looking for. It is at http://www.openbsd.org/papers/tuning-openbsd.ps Looks like it is older than I thought and some of the points in the paper are already addressed by new versions of OpenBSD. But it was very educational and helpful for me when I was trying to improve network performance on some servers. -- Vijay Sankar, M.Eng., P.Eng. President CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
ponuda za posao
Potovani U prolici smo da Vam ponudimo najnoviju mogicnost zarade. Uskoro na naim prostorima pocinje da radi Lyoness Na vrijeme zauzmite svoje mjesto u ovom perspektivnom poslu. Uclanjenje je potpuno besplatno-nita ne rizikujete. Informiite se http://lyonesszarada.50webs.com
Re: [Fwd: Open-Hardware]
On Jan 8, 2008 7:20 PM, chefren [EMAIL PROTECTED] wrote: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? Following Richard Stallman's theories everyone may make money with his creation/work except a programmer. Richard Stallman /says/ a programmer may earn money 1 time and than the code should be free after that. Why he says so is clueless, he clearly cannot explain how a programmer should make money if it's about a lot of work that is just a little feature for a lot of people, such a programmer should go around and ask a milion users a cent before he lets them test the code. Because the moment he let other people test it, the code should be for grabs too. Richard want's such a programmer to spam the world about a little feature to get money for it. Though - it must be said - RedHat certain employs a number of GPL programmers. As do IBM, and even Microsoft. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:50]: Henning Brauer wrote: Hi Henning, * Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:09]: works fine up to roundabout 100-120k pps. I have had and seen _way_ more than that. Can you please provide some details of the configuration and tweaks you have done to handle this amount of pps on such a hardware? This would be really nice! well, that has been detailed to this list a hundred times... not much tuning required. kern.maxclusters=128000 net.inet.ip.ifq.maxlen=2500 net.inet.ip.forwarding=1 net.inet.carp.preempt=1 net.inet.icmp.errppslimit=1000 GENERIC kernel, no SMP (hurts in that case), right amount of RAM (a gig is plenty), good NICs (usually server-grade ems in my case) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
On January 9, 2008 06:35:56 am Falk Brockerhoff wrote: Hello, I'm running two Dell Poweredge 2650 Servers with dual Xeon 2,2 GHz und 5 Gig Ram as a redundant firewall cluster, using Broadcom and Intel Gigabit Cards (bge and em Drivers). Last weekend I got a Denial of Service Attack on my network which brings the firewall to its limits. As some people sometimes asks for the maximum packets per seconds to handle with OpenBSD, here is my feedback: everything works fine up to roundabout 100-120k pps. A Dell Poweredge 1650 Dual P3 1,4 GHz with 2 Gigs of Ram and Intel Gigabit Cards (em Driver) handles up to 30-40k pps. Hope this value may help you for finding the matching hardware for your needs. Regards, Falk I changed from using HP DL380's to Dell 2950's in the last year or so since it has better support for OpenBSD. With the DL380's, we were getting about 70,000 pps during tests but after following the explanations about network performance tuning in a great article by Henning Brauer (I have been searching for it for the past hour but can't find the URL -- it was at the www.openbsd.org web site and I had downloaded it couple of years ago), we could get 180,000 pps on DL380's. On the 2950's, I haven't done any tests yet but as soon as I find that paper, I will do so. -- Vijay Sankar, M.Eng., P.Eng. President CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
Re: [Fwd: Open-Hardware]
On Wed, 09 Jan 2008 09:30:52 -0500, Richard Stallman [EMAIL PROTECTED] said: http://www.gnu.org/philosophy/words-to-avoid.html#Market It is misleading to describe the users of free software, or the software users in general, as a market. This is not to say we're against markets. If you want to see what we really say about this, visit that URL and read the whole three paragraphs. You mean what you say about it this week. Blah blah blah. If you're not issuing and apology to OBSD then STFU and go away. They don't want or need your endorsement just an apology for misrepresenting them.
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
* Vijay Sankar [EMAIL PROTECTED] [2008-01-09 16:11]: Finally found the paper I was looking for. It is at http://www.openbsd.org/papers/tuning-openbsd.ps this is (almost) completely obsolete. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
trouble with apache2 and php5
Hello, i want to install a apache2 serveur on my OpenBSD 4.2 with mysql and php5 i installed apache-httpd php5-core and mysql (and php5-mysql) with the pkg_add command, but when a execute phpxs, it's configuring the 1.3apache versions. it seems normal but how can i do to configure php5 for apache2. do i have to use ports? please help. thanks -- Cassier Sebastien Network and Security staff LP-system 23 rue la boetie 75008 Paris [EMAIL PROTECTED] 06 08 23 20 53
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
Henning Brauer wrote: well, that has been detailed to this list a hundred times... not much tuning required. Oh, sorry, I should have had a look at the mailing list archive. I'm not reading the list all the time. Thank you for your hint! GENERIC kernel, no SMP (hurts in that case), right amount of RAM (a gig is plenty), good NICs (usually server-grade ems in my case) Hm, without a SMP enabled kernel the system wouldn't take any advantage of the dual cpu board, right? So a single CPU system would really be the better choice for firewalling services? Regards, Falk
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
I changed from using HP DL380's to Dell 2950's in the last year or so since it has better support for OpenBSD. With the DL380's, we were getting about 70,000 pps during tests but after following the explanations about network performance tuning in a great article by Henning Brauer (I have been searching for it for the past hour but can't find the URL -- it was at the www.openbsd.org web site and I had downloaded it couple of years ago), we could get 180,000 pps on DL380's. On the 2950's, I haven't done any tests yet but as soon as I find that paper, I will do so. Is this it? http://www.openbsd.org/papers/tuning-openbsd.ps Sevan / Venture37 _ Fancy some celeb spotting? https://www.celebmashup.com
Mozilla Firefox security updates
Could anyone enlighten me about how Mozilla Firefox security updates are implemented in OpenBSD? I notice that the version of Firefox I am using in OBSD is 2.0.0.6 whereas the latest versions on Windows and Ubuntu are both 2.0.0.11, and several security vulnerabilities are present in 2.0.0.6. In my version of Debian (Etch) Iceweasel is at version 2.0.0.10 but I note from the Mozilla site that the 2.0.0.11 update doesn't include any security fixes whereas 2.0.0.10 does include security fixes. Updates to Firefox are pretty regular things at present and if you are running Windows they always seem to emphasise the need to update as soon as a fix is announced, presumably meaning that vulnerabilities could well be exploited quickly. In Windows updates are downloaded from within the running program, in Ubuntu via the usual software update process (binary updates - either apt-get, aptitude or Synaptic). I presume the OBSD team are only concerned with updates to the basic OS and package updates are handled by the package developers. I can find the source of 2.0.0.11 on Mozilla's site. Can I assume I must use this and compile it myself? I have had a look at the ports source on the UK mirror site and it is dated 1 Sept 07 so I presume this includes only 2.0.0.6 and there is no port later than this. I am out on a limb regarding implementing 2.0.0.11 in source form - what do other people do? Russell
Re: Pre-Orders for Limited Edition Puffy the Blowfish
Eric Furman wrote: You mean you killed a poor innocent puffy fish to make your unethical corporate dollars? I'll have to report you to rms. Free puffy fish for all! No, it's okay; he borrowed the knife from someone else.
Re: OpenBSD and ISDN TA
Diana Eichert [EMAIL PROTECTED] wrote: Simply question: does OpenBSD support ISDN? Simple answer: no Well, you can hook up ISDN TAs with a serial port that look like a dial-up modem (AT command set etc.). However, I think these have long since disappeared from the market. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: Advice requested on security issues
Jussi Peltola wrote: On Tue, Jan 08, 2008 at 10:48:41AM -0500, Douglas A. Tutty wrote: I suppose the only way to have a trusted-secure box and an untrusted-insecure box with one disply/keyboard would be a KVM. Actual, physical separation of the machines is the only 100% secure way to prevent information from leaking between them. I'd be more worried about the network cable between them than a KVM, though. I looked at KVM and came to the same conclusion - that most now have some software (partly to allow the boot process to discover the keyboard, etc hardware), so there is a risk of some leakage. My configuration will be physical separation of secure box from main box with network cabling to the router as the only link. So my security measures on the secure box are a simple PF setup permitting only outgoing initiation of connections and some sort of restriction on the internet sites visited. i.e. simply setting up the appropriate bank sites as bookmarks and only using these as starting pages to visit. Plus maybe some form of whitelisting in the browser setup if I don't trust myself to be awake. Unfortunately some bank sites do use javascript and I have a concern over cross site scripting - only because I have yet to look deeper into this to see what the risks are. But if I never visit non-bank sites is this a problem? Russell
PF Rules Configuration
Hi, I'm trying to setup PF Rules for a new OpenBSD 4.2 installation, but after struggling for a few days I still can't get it the way I need it to be. This is my first time setting up a pf.conf file, so any assistance would be greatly appreciated. What I need: - A firewall that allows ONLY the required access - A firewall that allows FTP (passive active) - A firewall that is also a transparent bridge - A firewall that reduces spam - A firewall that keeps hackers bruteforcers out by any means neccessary My biggest issue so far was getting the FTP working, but that's working now, but moving on to the spam part, I re-approached the same issue I initially had with the FTP (resulting in me using ftpsesame instead of ftp-proxy, since it turned out simpler). My /etc/pf.conf file: ## BEGIN /etc/pf.conf ## ext_if = xl1 int_if = xl0 opt_if = xl2 table bruteforce persist tcp_ports = { ftp-data, ftp, ssh, smtp, domain, http, pop3, https, pop3s, radius, radacct } udp_ports = { domain, bootps, bootpc, ntp, radius, radacct, 33433 33626 } icmp_types = { echoreq, unreach } martians = { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 } set block-policy drop scrub in all antispoof for $ext_if antispoof for $int_if antispoof for $opt_if block quick from bruteforce block drop in quick on $ext_if from $martians to any block drop out quick on $ext_if from any to $martians pass in quick on $int_if pass out quick on $int_if pass in quick on $opt_if pass out quick on $opt_if block in log on $ext_if all block return out log on $ext_if all anchor ftpsesame/* proto tcp all pass on $ext_if inet proto tcp from any to any port $tcp_ports keep state \ (max-src-conn 100, max-src-conn-rate 15/5, \ overload bruteforce flush global) pass on $ext_if inet proto udp from any to any port $udp_ports keep state \ (max-src-conn 100, max-src-conn-rate 15/5, \ overload bruteforce flush global) pass inet proto icmp all icmp-type $icmp_types keep state ## END /etc/pf.conf ## Can somebody please advise me which rules I should put in here to get spamd working? The standard rdr stuff specified everywhere doesn't appear to work for my setup. My network configuration is as follows: xl0: up xl1: up xl2: inet 10.2.254.253 255.255.0.0 up bridge0: add ep0 add ep1 blocknonip ep0 blocknonip ep1 up I hope I have provided enough information on my setup, basically all that needs to change is to hook the spamd daemon in somewhere, but like I said, the standard instructions from spamd didn't work (it instead blocks port 25 completely, spamd doesn't receive any traffic nor does any packets get logged - even if I turn on more verbose logging). Regards, Lionel Pinkhard
Re: OSS v4.0 released under BSD license
On Jan 9, 2008 4:10 PM, Deanna Phillips [EMAIL PROTECTED] wrote: Jonathan Schleifer writes: Jacob Meuser [EMAIL PROTECTED] wrote: that would require kernel level ALSA emulation, just as we have kernel level OSS emulation for linux binaries using OSS. I have absolutely no interest in that whatsoever. you'd have better luck convincing Adobe to make an OpenBSD native version of their plugin. That wouldn't be required if we have a different alsa-lib than normal linux systems have. It's possible that compiling libsalsa for Linux and using in with compat_linux is already enough. Alsa is really, really not important to us. In the past few years of working on OpenBSD ports I have only run across one open source application that required alsa, and I took that as a sign that the app wasn't worth having anyway. Should a worthy alsa-only *open source* app appear, I'm sure that someone could port it to Sun audio. There is already a lot of code in the ports tree that does this to provide better support than the OSS 3.x- emulation we have now. But for Linux binary emulation? No way. If you want that, run Linux. What kind of people run Linux binaries on OpenBSD, anyway? Don't give me that I need Flash, since I spent months of my life working on Gnash for OpenBSD just so you wouldn't have to use the Adobe Linux binary.. and more months working on PJSIP so that you wouldn't have to use Skype. You're working on PJSIP?!?!! SWEEET I'm going to love you forever :) (makes me wish i could code so i could help you out) If this interest in alsa is just general multimedia envy and not some specific need for alsa support, you might find this article in Hannu's blog interesting. He details the history of the two and makes a good case for adopting OSS instead. http://4front-tech.com/hannublog/?p=5
Re: [Fwd: Open-Hardware]
Eric Furman wrote: On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said: Eric Furman [EMAIL PROTECTED] writes: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? Good question. Theo de Raadt [EMAIL PROTECTED] writes: Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. Maybe this guy can explain it to you. OK, *that* was the most retarded thing I have ever read. You're comparing apples and oranges. No, he's not. Stallman said I'm not against buying software from developers (as long as it is free software). That is the baseline for your This is one of the most retarded things I've ever read comment. You make a valid point, what is to keep someone from taking the source that they'd bought and putting an exact digital replica online. This implies that you can't make money selling the source to software that could potentially be had sans gratis on the 'net. Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. By your implication that you can't make money selling the source to potentially sans gratis, it's also implied that you shouldn't be able to make money with CD sales of *definite* sans gratis software because someone could either buy the CD and make a .iso version available online or you could just get the software sans gratis anyway. Since you're missing the analogy I'd say you probably didn't intend to imply that. For those of us that read the implication there, though, the analogy makes perfect sense. kmw -- Quis custodiet ipsos custodes
Re: OSS v4.0 released under BSD license
Deanna Phillips [EMAIL PROTECTED] wrote: Should a worthy alsa-only *open source* app appear, I'm sure that someone could port it to Sun audio. What about libjingle for example? It's opensource and used by all Jabber clients which support VoIP - and it only supports ALSA (at least the last time I looked at it - it wouldn't even compile without it). -- Jonathan
Re: Mozilla Firefox security updates
Hi! On Wed, Jan 09, 2008 at 03:44:00PM +, Russell Gadd wrote: Could anyone enlighten me about how Mozilla Firefox security updates are implemented in OpenBSD? $ pkg_info mozilla-firefox Information for inst:mozilla-firefox-2.0.0.10 [...] You've seen that ports/packages are currently not maintained for -stable? I'm using -current and thus have all the necessary bug and security fixes. Kind regards, Hannah.
Re: OpenBSD and ISDN TA
Any suggestions? Get a Netgear ISDN router - used one for a number of years with no problems. They come in either single network connection or with 4 port hub. -N
Re: OpenBSD and ISDN TA
I think ISDN is one of those technologies a significant part of the OpenBSD population would be very happy to suppress any remaining memories of. I'm getting flashbacks just reading this. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Pre-Orders for Limited Edition Puffy the Blowfish
On Jan 8, 2008 11:40 AM, Sunnz [EMAIL PROTECTED] wrote: 2008/1/8, Sam Fourman Jr. [EMAIL PROTECTED]: do you have a website that has pictures, the mail server stripped your attachemnts Sam Fourman Jr. I second that, me want see pictures!!! http://icanhascheezburger.com/2008/01/04/funny-pictures-i-this-means-i-not-happy/
Re: [Fwd: Open-Hardware]
Eric Furman wrote: *BULLSHIT*. You have so completely missed the point it is to laugh. Apples and Oranges. Remember OBSD isn't GPL'ed There's no need to continue this on the list because you don't get the analogy so I'm replying directly. I didn't say that OBSD is GPL'ed, did I? I said that selling software that's available at no cost (GPL software someone has bought and re-released to the public) is no different than selling software that's available at no cost (an OpenBSD CD versus the .iso format available to the public). In both cases you are taking software that is freely (cost) available and selling it via some physical medium. I even stated that it was just something that I had picked up as an implication and that for those of us that interpreted your statement in that fashion, the analogy made sense. How is that bs? I've no qualms being someone's laughing stock because they fail to understand something so feel free to laugh away. My regret is that I failed to sufficiently explain the analogy, and why at least a few of us felt it was appropriate, in a manner you could understand the first time. If you still do not understand the analogy, and why I agree with Daniel that it was an appropriate one, please feel free to email me directly and we can discuss it. There's no point in continuing to butt heads on the list. kmw
Re: [Fwd: Open-Hardware]
On Wed, 09 Jan 2008 11:01:52 -0500, Kevin Wilcox [EMAIL PROTECTED] said: Eric Furman wrote: *BULLSHIT*. You have so completely missed the point it is to laugh. Apples and Oranges. Remember OBSD isn't GPL'ed There's no need to continue this on the list because you don't get the analogy so I'm replying directly. Then why did you cc the list? I didn't say that OBSD is GPL'ed, did I? I said that selling software No, but you are making comparisons. OBSD doesn't follow GPL's rules. that's available at no cost (GPL software someone has bought and re-released to the public) is no different than selling software that's available at no cost (an OpenBSD CD versus the .iso format available to the public). In both cases you are taking software that is freely (cost) available and selling it via some physical medium. Yes, but the *intentions* are completely different. I even stated that it was just something that I had picked up as an implication and that for those of us that interpreted your statement in that fashion, the analogy made sense. How is that bs? I've no qualms being someone's laughing stock because they fail to understand something so feel free to laugh away. My regret is that I failed to sufficiently explain the analogy, and why at least a few of us felt it was appropriate, in a manner you could understand the first time. *I* understand perfectly, but because you have swallowed a lot of GNU baloney you don't get my original point and I don't feel like wasting my time explaining it to you. If you still do not understand the analogy, and why I agree with Daniel that it was an appropriate one, please feel free to email me directly and we can discuss it. There's no point in continuing to butt heads on the list. I know why you agree with him. No further discussion is necessary.
Re: trouble with apache2 and php5
On Wed, 9 Jan 2008, cassier sebastien wrote: it seems normal but how can i do to configure php5 for apache2. do i have to use ports? Why do you really need Apache2? Is there something missing from the base httpd server? [EMAIL PROTECTED] You should shave... ;) -- Antoine
Re: [Fwd: Open-Hardware]
On Wed, 09 Jan 2008 10:07:50 -0500, Kevin Wilcox [EMAIL PROTECTED] said: Eric Furman wrote: On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said: Eric Furman [EMAIL PROTECTED] writes: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? Good question. Theo de Raadt [EMAIL PROTECTED] writes: Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. Maybe this guy can explain it to you. OK, *that* was the most retarded thing I have ever read. You're comparing apples and oranges. No, he's not. Stallman said I'm not against buying software from developers (as long as it is free software). That is the baseline for your This is one of the most retarded things I've ever read comment. You make a valid point, what is to keep someone from taking the source that they'd bought and putting an exact digital replica online. This implies that you can't make money selling the source to software that could potentially be had sans gratis on the 'net. Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. By your implication that you can't make money selling the source to potentially sans gratis, it's also implied that you shouldn't be able to make money with CD sales of *definite* sans gratis software because someone could either buy the CD and make a .iso version available online or you could just get the software sans gratis anyway. Since you're missing the analogy I'd say you probably didn't intend to imply that. For those of us that read the implication there, though, the analogy makes perfect sense. *BULLSHIT*. You have so completely missed the point it is to laugh. Apples and Oranges. Remember OBSD isn't GPL'ed
Re: [Fwd: Open-Hardware]
On 01/09/08 16:44, Kevin Wilcox wrote: I don't think either of you have a firm grasp of what's being said with regards to selling free software. Or of the GPL in general. http://webster.com/dictionary/selling http://webster.com/dictionary/free http://webster.com/dictionary/software The use of the word free has nothing to do with price, it is that the recipient of a piece of software has the freedom to modify the software as they see necessary so that it does what they want it to do. If you mean that, don't use the word free. To accomplish this, they should receive the source to said software. That's what the GPLv2 is all about - providing the recipient of a piece of software with the source code to that software and the freedom to modify it as they desire. Sorry, after reading and understanding GPL itself I never put much time in understanding subsequent versions... But I do understand that the word free, as in http://webster.com/dictionary/free Has nothing to do with it. Nice to know. It is only once they decide to *further distribute* the software that they are restricted. At that point the only restrictions placed on them is that they provide the source - thereby giving the recipient the same rights bestowed upon them by *their* provider. Come on, what a details, if it's not free as in http://webster.com/dictionary/free and is about open source software as in: http://webster.com/dictionary/software none of the subscribers of this list is interested any more. I'm sorry if this shocks you. No one has said that you can't charge whatever you like for your software *or* that you have to give the code away to the world - they are saying that if you provide a binary then you should provide the recipients of that binary with the corresponding source and the right to change it and distribute it as they see fit. Well, I presume that after GPLv4 were you wrote now No one should be written Richard Stallman and his cronies. Richard Stallman's ideas clearly point at robbing software writers, if software writers hide their work behind webservices he will definitely introduce GPLv4 for it. .. In no way is anyone saying you can't make a comfortable living writing code and that you have to go through life as a beggar. If my profession is writing software and I was so stupid to start concentrating on GPL software it's very difficult to make a living. I know RichardCo like to point at a handful of jobs at IBM+Redhat+Microsoft but I cannot take that serious at all. +++chefren
Re: [Fwd: Open-Hardware]
On 01/09/08 15:30, Richard Stallman wrote: http://www.gnu.org/philosophy/words-to-avoid.html#Market It is misleading to describe the users of free software, or the software users in general, as a market. This is not to say we're against markets. If you want to see what we really say about this, visit that URL and read the whole three paragraphs. OK here are all paragraphs: Market It is misleading to describe the users of free software, or the software users in general, as a market. If people exchange things it's about a market. Please don't try to change definitions like you do with free. What you call free software has clearly =more= stings attached than you would suppose if you look up the word free in the dictionaries. The word misleading should be replaced by something like against our beliefs. Please let the webmaster of the site fix that. No problem if he fixes the by L donated security problem first. This is not to say we're against markets. If you try to change the meaning of words you are basically against something. You are =against= free software and =against= markets for software. Be honest! Didn't your parents told you so? If you have a free software support business, then you have clients, and you trade with them in a market. Not according to GPLvX, if you supply a fix to GPL code you cannot trade it more than 1 time, all other possible clients have a free ride after that, that has nothing to do with a market. Please understand, I have no problems with it but I think programmers should have a free choice for each programming work() they do. Let each client pay, let one client pay and give it away for the rest, etc. As long as you respect their freedom, we wish you success in your market. He! When I use your definitions I get a parse error!!! What you call freedom is freedom with DRM, and everyone knows DRM spoils markets. Your wish for succes is clueless, meaningless, and perhaps plain evil. But the free software movement is a social movement, not a business, and the success it aims for is not a market success. Please get your facts straight with reality In practice the social thing doesn't count for the creators of free software. We are trying to serve the public by giving it freedom---not competing to take them away from a rival. To equate this campaign for freedom to a business' campaign for mere success is to diminish the significance of freedom. All blurp, the only thing that real counts is code. Preferably functional elegantly written secure code and for outsiders preferable free, BSD licensed code, without the GNU GPLvX DRM. Can't you understand a programmer, for himself, prefers to start with BSD license? I presume this is a stupid question because Richard Stallman seems to have has a hole or something in his brain. That makes him loop the word social in all kind of ways but the words emphatic and individual are missing. I start believing Richard Stallmans brain is compiled by GCC. It behaves like what we see with OpenBSD copiled with GCC, someone has shot at it with a shotgun, few bit's on strange places are flipped. +++chefren
Re: spamd-setup hangup/timeout settings
Jason George wrote: My spamd-setup always takes 20-30 minutes on two servers (4.1 and 4.2). This is not normal? When I run it manually; most of the time is spent downloading traplist.gz You are all connecting to beck@'s machine at the University of Alberta (www.openbsd.org) ? I use the same major ISP that the U of A uses as one of its principal peers. I get timeouts, poor throughput and generally the same behaviour as mentioned above for all transfers to that site (spamd lists, snapshots, etc). Are there any alternative? /etc/mail/spamd.conf mentions www.de.openbsd.org; but Beck's traplist.gz is not actually mirrored there. Frank
Re: [Fwd: Open-Hardware]
chefren wrote: On 1/9/08 12:54 AM, Eric Furman wrote: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? You got the point, Richard doesn't respect creators. He wants every programmer to go through life as beggar like he does himself. Giving in that that's impossible, that you cannot raise children that way doesn't matter to him. Following Richard Stallman's theories everyone may make money with his creation/work except a programmer. Richard Stallman /says/ a programmer may earn money 1 time and than the code should be free after that. Why he says so is clueless, he clearly cannot explain how a programmer should make money if it's about a lot of work that is just a little feature for a lot of people, such a programmer should go around and ask a milion users a cent before he lets them test the code. Because the moment he let other people test it, the code should be for grabs too. Richard want's such a programmer to spam the world about a little feature to get money for it. This man has no respect for programmers, clearly doesn't understand why money was invented and how a market can be a very reasonable way to let people earn money. I don't think either of you have a firm grasp of what's being said with regards to selling free software. Or of the GPL in general. The use of the word free has nothing to do with price, it is that the recipient of a piece of software has the freedom to modify the software as they see necessary so that it does what they want it to do. To accomplish this, they should receive the source to said software. That's what the GPLv2 is all about - providing the recipient of a piece of software with the source code to that software and the freedom to modify it as they desire. It is only once they decide to *further distribute* the software that they are restricted. At that point the only restrictions placed on them is that they provide the source - thereby giving the recipient the same rights bestowed upon them by *their* provider. No one has said that you can't charge whatever you like for your software *or* that you have to give the code away to the world - they are saying that if you provide a binary then you should provide the recipients of that binary with the corresponding source and the right to change it and distribute it as they see fit. While that *can* present a situation where you sell software to PERSON_A and PERSON_A distributes the code to whomever they choose, it's a perfectly reasonable assumption that that is not likely to occur in a high-end software field because no corporation or organization will want to give away something for which they had to pay top dollar. Testing the software has nothing to do (as far as licensing goes) with a final, released GPL product. You can release the alpha and beta releases under whatever license you want to. Just license the final product under the GPL. In no way is anyone saying you can't make a comfortable living writing code and that you have to go through life as a beggar. Disclaimer: In no way am I suggesting that anyone should use the GPL over another license. When I talk about releasing code under the GPL in previous paragraphs I am speaking for hypothetical situations. I have only been involved with GPL software for a limited time, 4-5 years, so my understanding of GPL/v2 may be incorrect. kmw -- Quis custodiet ipsos custodes
Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS
* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 17:24]: Henning Brauer wrote: well, that has been detailed to this list a hundred times... not much tuning required. Oh, sorry, I should have had a look at the mailing list archive. I'm not reading the list all the time. Thank you for your hint! GENERIC kernel, no SMP (hurts in that case), right amount of RAM (a gig is plenty), good NICs (usually server-grade ems in my case) Hm, without a SMP enabled kernel the system wouldn't take any advantage of the dual cpu board, right? So a single CPU system would really be the better choice for firewalling services? unless you run heavy proxies or other stuff in userland, yes (that might change in future tho) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Apache box behind Openbsd
Did you follow 6.2.7 part of the OpenBSD F.A.Q.? http://www.openbsd.org/faq/faq6.html#Setup.forward Cheers, PV On 08/01/2008, Sewan [EMAIL PROTECTED] wrote: Hi, I have an apache-php website running on windows server 2003 port 80, i have correct rdr rules that pointing my web server, i can view website inside my LAN, but i can't view page outside of my network. I've checked all dns- ip settings, everything's fine but problem continues. I've read at some forums that apache doesn't recognize rdr rules from openbsd, so how can i publish my site ? Thanks... -- View this message in context: http://www.nabble.com/Apache-box-behind-Openbsd-tp14692638p14692638.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD and ISDN TA
Ray Percival [EMAIL PROTECTED] writes: I think ISDN is one of those technologies a significant part of the OpenBSD population would be very happy to suppress any remaining memories of. I'm getting flashbacks just reading this. yes, the pain. the pain. we hates it, preciousss -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD supported servers ?
Lars NoodC)n wrote: we're using G5 HP DL360 and DL380 with no problems whatsoever. Except that the machine uses Intel Celeron/Xeon/Pentium and not G5. Had my hopes up for a second or two there until I saw the actual spec sheet. I think he meant HP DL360/DL380 G5 (Generation five), not the G5 processor :-) -Lars Falk
Re: Pre-Orders for Limited Edition Puffy the Blowfish
Steve Shockley wrote: Eric Furman wrote: You mean you killed a poor innocent puffy fish to make your unethical corporate dollars? I'll have to report you to rms. Free puffy fish for all! No, it's okay; he borrowed the knife from someone else. Are you sure? I heard he had someone else to do it, and his lawyer said it was all fine. /Alexander
Re: spamd-setup hangup/timeout settings
On Wed, Jan 09, 2008 at 09:59:58AM -0500, Frank Bax wrote: Are there any alternative? /etc/mail/spamd.conf mentions www.de.openbsd.org; but Beck's traplist.gz is not actually mirrored there. You could point to a local copy (/var/db/traplist.gz) in spamd.conf and download it in a separate cron process. -ME
Re: OSS v4.0 released under BSD license
On Wed, Jan 09, 2008 at 05:45:21PM +0100, Jonathan Schleifer wrote: Deanna Phillips [EMAIL PROTECTED] wrote: Should a worthy alsa-only *open source* app appear, I'm sure that someone could port it to Sun audio. What about libjingle for example? It's opensource and used by all Jabber clients which support VoIP - and it only supports ALSA (at least the last time I looked at it - it wouldn't even compile without it). what about it? it's open source, so port it to audio(4). do you think this would be harder than implementing an ALSA emulation layer? do you think that using an ALSA emulation layer would make it work better than if it were ported to audio(4)? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: OSS v4.0 released under BSD license
On Wed, Jan 09, 2008 at 02:14:27PM +0100, Jonathan Schleifer wrote: Jacob Meuser [EMAIL PROTECTED] wrote: that would require kernel level ALSA emulation, just as we have kernel level OSS emulation for linux binaries using OSS. I have absolutely no interest in that whatsoever. you'd have better luck convincing Adobe to make an OpenBSD native version of their plugin. That wouldn't be required if we have a different alsa-lib than normal linux systems have. It's possible that compiling libsalsa for Linux and using in with compat_linux is already enough. some more excerpts from libsalsa/README: -- SALSA - Simple ALSA emulation library for OSS = The sole purpose of this library is to make certain key ALSA applications to work with OSS. This is necessary just because some Linux distributions don't ship utilities like esd or xmss with OSS support compiled in. This library has been programmed using brute force methods and it's not designed to be any programming example. We didn't make any attempt to get all ALSA applications to work with it. Most applications support the OSS API directly so there is no need for doing this. - and don't forget, you are suggesting to distribute a *linux binary* of *GPL* software. obviously this could not be distributed as part of OpenBSD. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: [Fwd: Open-Hardware]
On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote: Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. are sure about that? and what about the sticker(s) that come with the CDs? and the artwork on the insert? and the preprinted installation instructions? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: OpenBSD and ISDN TA
There is a Sangoma card supported by OpenBSD, it is ISDN PRI (T1/E1) though, not BRI. I think it is A101, not sure about other models. 2008/1/9, SeDoFa [EMAIL PROTECTED]: Simply question: does OpenBSD support ISDN? I have great interest to use OpenBSD as ISDN router with an external ISDN terminal adapter (USB interface). Until now I didn't find any configuration hints for ISDN devices under OpenBSD. I have found only a project called isdn4bsd, but unfortunately, there is no maintainer on OpenBSD. Any suggestions? Thanks
Re: [Fwd: Open-Hardware]
You can stop the GPL propaganda here. We have wasted enough time rehashing it. You are not going to convince anybody here that some random person has more rights than the author of the software. The end, get over it, walk it off. RMS tried with circle talk to convince people and lost many acolytes in the process. GNU FSF are disingenuous organizations that are and unable to read a dictionary. That makes people angry so stop parroting their manure here. A few more cronies also tried and failed at convincing anyone of the GPL teachings. Yes we get your point and we think it is stupid. No need to discuss it or try to explain it again. We get it. On Wed, Jan 09, 2008 at 10:44:44AM -0500, Kevin Wilcox wrote: chefren wrote: On 1/9/08 12:54 AM, Eric Furman wrote: This is one of the most retarded things I've ever read. You might get one wanker to pay for it, but if it comes in non-binary with all the source what's to stop them from posting it on the internet and everybody else getting it for free? You got the point, Richard doesn't respect creators. He wants every programmer to go through life as beggar like he does himself. Giving in that that's impossible, that you cannot raise children that way doesn't matter to him. Following Richard Stallman's theories everyone may make money with his creation/work except a programmer. Richard Stallman /says/ a programmer may earn money 1 time and than the code should be free after that. Why he says so is clueless, he clearly cannot explain how a programmer should make money if it's about a lot of work that is just a little feature for a lot of people, such a programmer should go around and ask a milion users a cent before he lets them test the code. Because the moment he let other people test it, the code should be for grabs too. Richard want's such a programmer to spam the world about a little feature to get money for it. This man has no respect for programmers, clearly doesn't understand why money was invented and how a market can be a very reasonable way to let people earn money. I don't think either of you have a firm grasp of what's being said with regards to selling free software. Or of the GPL in general. The use of the word free has nothing to do with price, it is that the recipient of a piece of software has the freedom to modify the software as they see necessary so that it does what they want it to do. To accomplish this, they should receive the source to said software. That's what the GPLv2 is all about - providing the recipient of a piece of software with the source code to that software and the freedom to modify it as they desire. It is only once they decide to *further distribute* the software that they are restricted. At that point the only restrictions placed on them is that they provide the source - thereby giving the recipient the same rights bestowed upon them by *their* provider. No one has said that you can't charge whatever you like for your software *or* that you have to give the code away to the world - they are saying that if you provide a binary then you should provide the recipients of that binary with the corresponding source and the right to change it and distribute it as they see fit. While that *can* present a situation where you sell software to PERSON_A and PERSON_A distributes the code to whomever they choose, it's a perfectly reasonable assumption that that is not likely to occur in a high-end software field because no corporation or organization will want to give away something for which they had to pay top dollar. Testing the software has nothing to do (as far as licensing goes) with a final, released GPL product. You can release the alpha and beta releases under whatever license you want to. Just license the final product under the GPL. In no way is anyone saying you can't make a comfortable living writing code and that you have to go through life as a beggar. Disclaimer: In no way am I suggesting that anyone should use the GPL over another license. When I talk about releasing code under the GPL in previous paragraphs I am speaking for hypothetical situations. I have only been involved with GPL software for a limited time, 4-5 years, so my understanding of GPL/v2 may be incorrect. kmw -- Quis custodiet ipsos custodes
vlan trunking OpenBSD/Cisco switch
Hello, Is it posible to do vlan trunking between an OpenBSD and a cisco switch? I know you can create vlan interfaces in OpenBSD but how would they be trunk with the switch? In the physical interface (hostname.fxp1) i should just put 'up'? Do you have to set some kind of native vlan here? Example: $ cat /etc/hostname.fxp1 up $ cat /etc/hostname.vlan0 inet 172.21.0.31 255.255.255.0 NONE vlan 2 vlandev fxp1 I don't have a spare box to test this right now, so any guidelines, advice or tips on how to this would be greatly apreciated as i have to do this overnight. Thanks Der
Re: Improving disk reliability
On 1/9/08, NetOne - Doichin Dokov [EMAIL PROTECTED] wrote: Bacula (www.bacula.org) is your friend. yes, bacula is great. I just discovered, that it is in ports (even as package available), so I have to use it on OpenBSD yet, but it can't be harder to set up than on other platforms. I prefer it to amanda, because (at least as I had to find a suitable solution 1.5 years ago) it was the only one which could do multi-volume-backups. It also works flawless with disk-based backups, simple tape drive and larger tape libraries. --knitti
Re: vlan trunking OpenBSD/Cisco switch
Der Engel wrote: Hello, Hi, Is it posible to do vlan trunking between an OpenBSD and a cisco switch? I know you can create vlan interfaces in OpenBSD but how would they be trunk with the switch? Yes, without any problems. $ cat /etc/hostname.em5 media 100baseTX mediaopt full-duplex description Link to vtsw03 F0/33 Trunk up cat /etc/hostname.vlan130 vlan 130 vlandev em5 description Public Services inet 10.0.130.33 255.255.255.224 up On Cisco side: interface FastEthernet0/33 description temp. Uplink to brain duplex full speed 100 switchport trunk encapsulation dot1q switchport mode trunk no cdp enable end Thanks Der Regards, Falk
Re: [Fwd: Open-Hardware]
On Jan 9, 2008 1:52 PM, Jacob Meuser [EMAIL PROTECTED] wrote: On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote: Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. are sure about that? and what about the sticker(s) that come with the CDs? and the artwork on the insert? and the preprinted installation instructions? This is beyond silly. FSF/GNU used to sell tapes of GPLed stuff too. I'm sure it came with pre-printed instructions as well. No idea about artwork or stickers however. But splitting hairs is not useful. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: OpenBSD and ISDN TA
On 2008/01/09 18:37, Peter N. M. Hansteen wrote: Ray Percival [EMAIL PROTECTED] writes: I think ISDN is one of those technologies a significant part of the OpenBSD population would be very happy to suppress any remaining memories of. I'm getting flashbacks just reading this. yes, the pain. the pain. we hates it, preciousss run H.323 and you can experience much of that same pain again and more besides :-)
Re: Pre-Orders for Limited Edition Puffy the Blowfish
Ok, Puffy, I'm assuming good faith on your side, so let me explain why you're being slightly mocked here: There was a huge toss-up some time ago about some person selling OpenBSD t-shirts on Cafepress without Theo's/Wim's/Ty's permission. The misc crowd will undoubtedly correct me if I'm wrong or if things have changed, but the way I remember things, the sticking points were: - OpenBSD is BSD licensed. - Most OpenBSD Puffy artwork is not. - The non-BSD licensed images may be used for positive promotional use w/o checking with Theo/Wim/Ty (that permission is given on the website). - If you want to do anything potentially infringing with the non-BSD licensed artwork, you need to ask Theo/Wim/Ty first. From your emails, it seems to me as if maybe you haven't done that and maybe you aren't aware of your rights and obligations. So if you're serious, then you probably should talk to Theo or Wim or Ty and work things out, and only come back to this list once you actually have something to offer that is non-infringing and real, preferably with non-Photoshop^WGIMPed pictures. If you don't do that, you'll probably only find yourself earning more ridicule. That's not a NO to your initiative. Plush Puffy was created some time ago: https://https.openbsd.org/images/pluffy.jpg and is still available: https://https.openbsd.org/cgi-bin/order.eu So it can be done, and if you really want to and are able to do something cool that helps the project financially, then more power to you. If however you're only looking to earn a few quick bucks for yourself, then you may not get a lot of takers here. Thanks and regards, --ropers
Re: Help with root partition on RaidFrame
On Tue, Jan 08, 2008 at 10:22:04PM -0800, William Sloan wrote: OpenBSD 4.2-stable (RAID) #3: Mon Jan 7 17:45:05 PST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAID cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC [...] root on wd0a swap on wd0b dump on wd0b raid0: Component /dev/sd0a being configured at row: 0 col: 0 Row: 0 Column: 0 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 123456 Mod Counter: 638 Clean: Yes Status: 0 raid0: Component /dev/sd1a being configured at row: 0 col: 1 Row: 0 Column: 1 Num Rows: 1 Num Columns: 2 Version: 2 Serial Number: 123456 Mod Counter: 638 Clean: Yes Status: 0 raid0 at root It looks like you're booting a kernel that was compiled without the RAID_AUTOCONFIG option set. The system boot script will automatically configure raid0 if the file /etc/raid0.conf (on wd0) exists, so that explains why raid0 gets configured after the location of the root filesystem is determined. Try recompiling a kernel with RAID_AUTOCONFIG set, and boot from that. Don't create an /etc/raid0.conf. Not in /etc on wd0, and not in /etc on raid0. Do create one on another location on wd0 though, it might come in handy later. -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
Re: [Fwd: Open-Hardware]
On 1/9/08 9:10 PM, bofh wrote: On Jan 9, 2008 1:52 PM, Jacob Meuser [EMAIL PROTECTED] wrote: On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote: Daniel then brought up the idea of CD sales. Something you can buy and put an exact digital replica of online. are sure about that? and what about the sticker(s) that come with the CDs? and the artwork on the insert? and the preprinted installation instructions? This is beyond silly. FSF/GNU used to sell tapes of GPLed stuff too. I'm sure it came with pre-printed instructions as well. No idea about artwork or stickers however. But splitting hairs is not useful. With OpenBSD the stickers, printed installation and artwork are copyright Theo de Raadt. You cannot legally sell your own copies of the CD set or use artwork for commercial purposes without permissions of Theo. +++chefren
facts about OpenBSD
Facts about OpenBSD: # Stable release cycle. If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! But don't forget to buy release CD's!!! # Secure By Default. OpenBSD uses broken WEP for securing WiFi networks. Has no WPA/WPA2 support. # Do not let serious problems sit unsolved. OpenBSD doesn't need MAC because it has their own security flawed systrace. # Use of Cryptography. OpenBSD uses file-backed encryption (svnd) which is very suited for Full-disk-encryption. NOT. # Full Disclosure. OpenBSD at first denies remote exploitable flaws. DoS flaws gets marked as reliability not security issues. # Easy maintainable. OpenBSD distributes source patches to make your farm of Pentium2 firewalls updated easly. # Secure Distribution. The most secure operation system gets distributed on FTP servers as unsigned binaries. Disclaimer: Like it or not. I'm OpenBSD user for 4 years. Shit on my head - shit on all OpenBSD supporters. I'm not subscribed, cc me, if have something to say.
OT Re: OpenBSD and ISDN TA
On Wed, 9 Jan 2008, Stuart Henderson wrote: run H.323 and you can experience much of that same pain again and more besides :-) (now we digress) give me X.25 any day, instead of this new fangled ISDN technology. diana
Re: vlan trunking OpenBSD/Cisco switch
On Wed, 9 Jan 2008, Falk Brockerhoff wrote: On Cisco side: interface FastEthernet0/33 description temp. Uplink to brain duplex full speed 100 switchport trunk encapsulation dot1q switchport mode trunk no cdp enable end Regards, Falk Not that this is meant to be a Cisco training class, but if your Cisco device has a lot of VLANS on it they will all be available to the OpenBSD system once you configure the Cisco interface to: switchport trunk encapsulation dot1q So if you don't want them all to be available down stream you should filter them out on the Cisco side. diana
flamewars : 9 Tips for Dealing with Idiots on the Internet
Seems to be a must read Sent to you by Xavier Brinon via Google Reader: Online Survival Guide: 9 Tips for Dealing with Idiots on the Internet via Internet Duct Tape by engtech on 09/01/08 My first experience with online communication was bulletin board systems in the early 90s. The more things change, the more they stay the same. The experience of running a blog is almost exactly the same as it was running a BBS 15 years ago. The only difference is the sheer number of channels available for communication. Where there was once up to 100 to 200 local BBSes there are now so many online forums for communication that it might as well be infinite., New forums for communication are being created all the time. Mainstream sites like the New York Times let you comment on articles, and each person has their own discussion forum thanks to sites like Facebook and MySpace. When I was involved in the BBS/IRC scene as a teenager I was surrounded by flame wars; one-upmanship was part of the attraction. I thought it was because of the immaturity of the participants, but now I think it is a natural offshoot of digital communication. We lose all the visual and auditory cues that are a normal part of human dialog and instead focus on words that can be easy to misinterpret (especially if looking for a reason to fight). quoting myself Winter is one of the worst for flame wars because environmental conditions make people more irritable and more likely to spend more time online. Here are some tips for navigating online discussions from someone who has been participating and managing public forums for over 15 years. Tips for Administrators Tip #1: Disemvowel From Wikipedia: In the fields of Internet discussion and forum moderation, disemvoweling is the removal of vowels from text either as a method of self-censorship, or as a technique by forum moderators to censor Internet trolling and other unwanted posting. When used by a forum moderator, the net effect of disemvowelling text is to render it illegible or legible only through significant cognitive effort. Xeni Jardin, co-editor of Boing Boing says of the practice, the dialogue stays, but the misanthrope looks ridiculous, and the emotional sting is neutralized. This original sentence: In the fields of Internet discussion and forum moderation, disemvoweling (also spelled disemvowelling) is the removal of vowels from text. would be disemvowelled to look like this: n th flds f ntrnt dscssn nd frm mdrtn, Dsmvwlng (ls splld dsmvwllng) s th rmvl f vwls frm txt. You can disemvowel any text using this tool. There is also a Firefox extension that lets you disemvowel comments if you're a WordPress administrator. The same guy has a Firefox extension for handling religious trolls. Tip #2: Temporarily disable comments for that post This works well if you've been linked to from another site and it's bringing a lot of tolls (IE: Digg, Slashdot). You can turn the comments on after a day or two without having to wade through the 100+ comments telling you how much of an idiot you are because they don't agree with some minor minutiae of your argument. Tip #3: Take the discussion to email Nothing kills a flame war like removing the audience. Quoting myself: There is a different between scrawling messages on a public site and having a one on one conversation. The flame wars that are routine on some sites rarely exist in personal email. People stop being disembodied words and ideas and you remember that there is a person behind all of that typing. Comment Ninja is a handy Firefox extension for WordPress blog administrators that makes it easy to respond to commenters on your blog by email. Tip #4: Never post personal information Because you are an administrator, you have access to a commenters email address and their IP address. This information is usually enough to find out anything else you want to about who they are. (IE: put their email address into Facebook to find their real name, use their IP address to find out where they work) It can be tempting to deal with a troll by removing their anonymity, but making it personal can change a one time nuisance into someone with a grudge that won't go away. Tips for Anyone Tip #5: Let it stew If something really gets your goat, then sit on it. Come back and re-read what bothered you later on and you may find that you were reading between the lines and interpreting an emotional undertone that isn't there. The human mind is great at adding missing context, but it can also trick you into reading what you want to believe. Revisiting something that filled you with rage days latter can leave you scratching your head trying to find what it was that pulled your chain. Tip #6: Leave it where you found it As I said earlier, it is ridiculously easy to collect personal identifying information about someone and find other parts of their online identity. Other than bringing a public argument to a private means of communication, you
Re: OpenBSD and ISDN TA
On Wed, 9 Jan 2008, Christian Weisgerber wrote: Well, you can hook up ISDN TAs with a serial port that look like a dial-up modem (AT command set etc.). However, I think these have long since disappeared from the market. -- Christian naddy Weisgerber [EMAIL PROTECTED] I just shutdown my Zyxel external ISDN TA 6 weeks ago after using it for over 10 years. You can connect to it via serial cable at least 460Kbaud, that is if you have a serial port available that can run at greater than 115k. diana
Re: [Fwd: Open-Hardware]
On Jan 9, 2008 3:29 PM, chefren [EMAIL PROTECTED] wrote: On 1/9/08 9:10 PM, bofh wrote: This is beyond silly. FSF/GNU used to sell tapes of GPLed stuff too. I'm sure it came with pre-printed instructions as well. No idea about artwork or stickers however. But splitting hairs is not useful. With OpenBSD the stickers, printed installation and artwork are copyright Theo de Raadt. You cannot legally sell your own copies of the CD set or use artwork for commercial purposes without permissions of Theo. I don't get your point. When you buy the CD, the CD is what you're buying. The artwork comes with it. So does the sticker. So does that thin plastic wrapper. And the CD case. But you are not buying the CD set for those things. You are buying it for the source code and binaries on the CD, and to support OpenBSD. If you _are_ buying the CDs only for the stickers, then obviously this point does not apply to you. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: vlan trunking OpenBSD/Cisco switch
hello, it works. on openbsd trunk device em0 ifconfig vlan 1 vlandev em0 up (for example) on cisco (2950 or 2960) interface GigabitEthernet0/1 switchport trunk allowed vlan 1 switchport mode trunk no cdp enable spanning-tree portfast trunk spanning-tree bpdufilter enable thats all - Thomas On Wednesday 09 January 2008 20:18, you wrote: Hello, Is it posible to do vlan trunking between an OpenBSD and a cisco switch? I know you can create vlan interfaces in OpenBSD but how would they be trunk with the switch? In the physical interface (hostname.fxp1) i should just put 'up'? Do you have to set some kind of native vlan here? Example: $ cat /etc/hostname.fxp1 up $ cat /etc/hostname.vlan0 inet 172.21.0.31 255.255.255.0 NONE vlan 2 vlandev fxp1 I don't have a spare box to test this right now, so any guidelines, advice or tips on how to this would be greatly apreciated as i have to do this overnight. Thanks Der
Re: OT Re: OpenBSD and ISDN TA
Diana Eichert writes: On Wed, 9 Jan 2008, Stuart Henderson wrote: run H.323 and you can experience much of that same pain again and more besides :-) (now we digress) give me X.25 any day, instead of this new fangled ISDN technology. Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book version, none of that fancy new red or blue book stuff. It scares me that I remember such stuff. // marc
OT: Fiber NIC for OpenBSD router
Hi, I am getting really stuck here. Can anyone tell me if they know of a good PCI fiber card that is still available for 100Mb today. All the fiber port cards I am looking at are now all 1Gb. I would prefer get them new obviously as it's very important where they are use and run lots of VoIP on them too, but worst case I could get some on EBay as a last choice. Looks like none are sold anymore for 100Mb however. Anyone could tell me otherwise, I would be great full. This is to replace a bunch of Cisco router that run 100Mb fiber, but all the infrastructure are massive and run 100Mb fiber, so replacing all is not possible for any time soon. Worst case, I could may be get fiber to FastEthernet converter, but that add more device in the path, with I sure hell always avoid to add more device and love the KISS gold principal, but even more the problem is each fiber also have a bunch of VLAN on them from 10 on small one to 60 on the biggest one and none of the converter works well with that VLAN additional tags in pass experience if at all in some cases like HP switches in some cases. I need 12 of them! (; I am open to any other suggestions as well that I may not have though of too. In the end, these 12, may well turn into 12 OSPF OpenBSD router on the back of a much bigger Cisco router for now. Best, Daniel
Re: OSS v4.0 released under BSD license
Deanna Phillips writes: But for Linux binary emulation? No way. If you want that, run Linux. What kind of people run Linux binaries on OpenBSD, anyway? Don't give me that I need Flash, since I spent months of my life working on Gnash for OpenBSD just so you wouldn't have to use the Adobe Linux binary.. and more months working on PJSIP so that you wouldn't have to use Skype. Uhhh, railing against Linux binary emulation is fine, but don't use gnash as your argument. Gnash is not usable. It may play the run-of-the-mill youtube video, but using it for just about anything else does no more than leave a dump file on disk. // marc
Re: facts about OpenBSD
Nikns Siankin wrote: Facts about OpenBSD: # Stable release cycle. If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! But don't forget to buy release CD's!!! # Secure By Default. OpenBSD uses broken WEP for securing WiFi networks. Has no WPA/WPA2 support. # Do not let serious problems sit unsolved. OpenBSD doesn't need MAC because it has their own security flawed systrace. # Use of Cryptography. OpenBSD uses file-backed encryption (svnd) which is very suited for Full-disk-encryption. NOT. # Full Disclosure. OpenBSD at first denies remote exploitable flaws. DoS flaws gets marked as reliability not security issues. # Easy maintainable. OpenBSD distributes source patches to make your farm of Pentium2 firewalls updated easly. # Secure Distribution. The most secure operation system gets distributed on FTP servers as unsigned binaries. Disclaimer: Like it or not. I'm OpenBSD user for 4 years. Shit on my head - shit on all OpenBSD supporters. you are free to use any other operating system if you don't like OpenBSD. I'm not subscribed, cc me, if have something to say.
Re: OT Re: OpenBSD and ISDN TA
On Wed, 9 Jan 2008, Marco S Hyman wrote: Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book version, none of that fancy new red or blue book stuff. It scares me that I remember such stuff. // marc Where a triple-X pad is not a description of some leftover Hippie from the 60's cabin in the wilderness used by all for Free(GPL) Love. ;-) diana
Re: OSS v4.0 released under BSD license
Marco S Hyman writes: Deanna Phillips writes: But for Linux binary emulation? No way. If you want that, run Linux. What kind of people run Linux binaries on OpenBSD, anyway? Don't give me that I need Flash, since I spent months of my life working on Gnash for OpenBSD just so you wouldn't have to use the Adobe Linux binary.. and more months working on PJSIP so that you wouldn't have to use Skype. Uhhh, railing against Linux binary emulation is fine, but don't use gnash as your argument. Gnash is not usable. It may play the run-of-the-mill youtube video, but using it for just about anything else does no more than leave a dump file on disk. ; Do something about it ; Use another OS ; Complain Which are you doing?
Re: facts about OpenBSD
On Wed, 9 Jan 2008, Nikns Siankin wrote: Disclaimer: Like it or not. I'm OpenBSD user for 4 years. Shit on my head - shit on all OpenBSD supporters. What's your point? I mean, why do you want anyone to shit all over..? If you don't like it, don't use it. -- Antoine
Re: OT Re: OpenBSD and ISDN TA
On Jan 9, 2008, at 14:24, Diana Eichert [EMAIL PROTECTED] wrote: On Wed, 9 Jan 2008, Marco S Hyman wrote: Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book version, none of that fancy new red or blue book stuff. It scares me that I remember such stuff. // marc Where a triple-X pad is not a description of some leftover Hippie from the 60's cabin in the wilderness used by all for Free(GPL) Love. ;-) Hahahah. diana
Re: OT: Fiber NIC for OpenBSD router
On 2008/01/09 17:00, Daniel Ouellet wrote: Can anyone tell me if they know of a good PCI fiber card that is still available for 100Mb today. Good? Don't know. But it looks like D-Link DFE-550FX are available (at least in europe) and maybe worth a try (you'll need to at least add 550FX's pci id 0x1003 to sys/dev/pci/pcidevs under 550TX, run 'make', and add a matching line to pci_matchid in if_ste.c. I don't know what chance we have of supporting the PHY). Google (100basefx pci) finds some others from less-known makers which may or may not be supported. A possible alternative: you can get 100baseFX SFPs for some gigabit switches, you can probably find something which does handle vlans ok.
Re: OSS v4.0 released under BSD license
Deanna Phillips writes: ; Do something about it ; Use another OS ; Complain Which are you doing? None of the above. I ignore flash. My comment was only to point out that gnash is not the best example to show why Linux emulation isn't needed. Oh, I ignore Linux emulation, too. Neither is needed in my tiny little world. // marc
Re: [Fwd: Open-Hardware]
On Wed, Jan 09, 2008 at 04:10:07PM -0500, bofh wrote: I don't get your point. then please clear you mind and go back and reread my post. I did not say anything about GNU/FSF but somehow that came up in your reply. I can only assume that you were caught up in arguing and not really paying attention to the two sentences I quoted or my response. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Advice requested on security issues
On Wed, Jan 09, 2008 at 03:14:35PM +, Russell Gadd wrote: Unfortunately some bank sites do use javascript and I have a concern over cross site scripting - only because I have yet to look deeper into this to see what the risks are. But if I never visit non-bank sites is this a problem? It very much is: if the bank site somehow gives you javascript which performs a transaction as you, it is very problematic and may make it very difficult to prove you were attacked, since the requests seem to come from you. This is not XSS in the literal sense (the site attacks itself so it is not cross-site), unless one banking site attacks another one, but I think that will not comfort you much if you get attacked :) This, however, requires that the bank site is exploitable, and since one of the starting points is trusting the bank, you should be rather safe if you only visit bank sites, assuming you trust the SSL cert to make sure you really are connecting to the bank and not an impostor. If you are feeling paranoid, you can contain the damage to one bank by clearing your cookies between sessions and not using two banks at the same time. Trusting SSL also means you have to type your URLs carefully. Most people do not type 'https://' but trust that an insecure connection will redirect them to the real site, which is not safe, since you could be redirected to another site in another domain with a similar name, and at least some browsers allow javascript to change the address bar, making the attack hard to detect. Checking the SSL certificate reveals that kind of trickery: if you connected to another domain, the certificate can't be the one your bank uses (unless the browser / SSL library, the CA or the bank screws up - but those are again things you just have to trust.) You can get some extra security by disabling JavaScript, because XSS holes in the bank's system may not mean the attacker can do anything else than XSS, but we are getting close to the unavoidable problem: you have to trust the bank, and you can only try to mitigate the effects of the bank getting compromised, preventing it is up to the bank. And getting back to reality from all this paranoia: you are already light years ahead of a normal Windows PC, and compromise is pretty damn unlikely. The riskiest part I can see is your browser, but if you only visit banks, the real attack vectors require subverting your SSL implementation, the CA or the bank itself. This is almost definitely possible with enough resources, but it is probably not feasible to mount such an attack - that, however, depends on how much money you have :) On another note, if security is this important, you always need to buy the CDs to make sure your OpenBSD is not compromised, and installing patches is difficult: how do you get them securely, and can you even trust the OpenBSD project? Set some reasonable goal for your security, or you can't do online banking at all. Paranoia is very good for security, and thinking of all the possibilities is both entertaining and educational, but in practice you always have to trust something, so there is no absolute security. The final point I'd like to make is that we trust our browsers so much it is pretty scary. They are probably not very secure (I am too bad a programmer to really say anything, but the exploits seem to keep appearing), but usually the most security-critical things a Joe User does involves one, and often it is the Microsoft one. -- Jussi Peltola
Re: OT Re: OpenBSD and ISDN TA
give me X.25 any day, instead of this new fangled ISDN technology. Don't forget to run uucp over it ;-)
Re: facts about OpenBSD
Marc Balmer wrote: Nikns Siankin wrote: Facts about OpenBSD: # Stable release cycle. If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! But don't forget to buy release CD's!!! # Secure By Default. OpenBSD uses broken WEP for securing WiFi networks. Has no WPA/WPA2 support. # Do not let serious problems sit unsolved. OpenBSD doesn't need MAC because it has their own security flawed systrace. # Use of Cryptography. OpenBSD uses file-backed encryption (svnd) which is very suited for Full-disk-encryption. NOT. # Full Disclosure. OpenBSD at first denies remote exploitable flaws. DoS flaws gets marked as reliability not security issues. # Easy maintainable. OpenBSD distributes source patches to make your farm of Pentium2 firewalls updated easly. # Secure Distribution. The most secure operation system gets distributed on FTP servers as unsigned binaries. Facts about Nikns Siankin: # Whiner. He bitches incessantly about stuff and does nothing to fix it. AFAICT he's even saying that purchasing the CDs is pointless. # Jerk. He ignores that most of the development time that goes into OpenBSD is DONATED by highly-skilled individuals. You can only add as many bells and whistles as you have resources and time. # Misleading. He claims the system is distributed on FTP servers and elects not to note that code is available via cvs over ssh. # Ignorant. OpenBSD has myriad additional security technologies in it that help to moderate vulnerabilities in poorly coded applications like firefox and clamav. # Idiot. By whining in a totally counterproductive fashion he alienates himself from those who would otherwise, provided his requests were reasonable, help him out. Disclaimer: Like it or not. I'm OpenBSD user for 4 years. Shit on my head - shit on all OpenBSD supporters. you are free to use any other operating system if you don't like OpenBSD. I'm not subscribed, cc me, if have something to say. --
Re: Open Source Article Spawns Interesting Ethical Question
In article [EMAIL PROTECTED], chefren wrote: On 1/8/08 11:28 PM, Marco Peereboom wrote: 2. Same NIC without flash/ROM bad Eh, that's just a meaningless pile of transistors. Surely you jest? An FPGA is a meaningless pile of transistors? Weird... -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: [Fwd: Open-Hardware]
In article [EMAIL PROTECTED], chefren wrote: It's misleading to call GNU GNU it should be called BSD/GNU. BSD/GPL BSD/GPLvX Somewhat more typing but good PR. Again, I surely hope you jest? Please don't associate me or anything I currently code on with the GPL. Why would you want to? Seriously? Use the GPL if that is what you wish, but why taint what BSD is with the GPL, even the mention of GPL? To get publicity? Someone said that 'there ain't no such thing as bad publicity', a stupid statement if I ever heard one. From the PR standpoint, even thinking about BSD/GPL or BSD/GNU is almost absurd. Anyhow, my $0.02 worth, -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: [Fwd: Open-Hardware]
In article [EMAIL PROTECTED], Kevin Wilcox wrote: Testing the software has nothing to do (as far as licensing goes) with a final, released GPL product. You can release the alpha and beta releases under whatever license you want to. Just license the final product under the GPL. If the testing software was originally licensed with the GPL, this is not true. The license does not cease to exist (nor copyright law) just because you are only distributing an alpha or beta product. -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax