Re: OSS v4.0 released under BSD license

[Benoit Chesneau]

On Jan 9, 2008 12:45 AM, Jacob Meuser [EMAIL PROTECTED] wrote:

 On Tue, Jan 08, 2008 at 05:54:58PM -0300, Andr?s wrote:
  Jacob Meuser wrote:
  the current audio system actually supports a wider variety of audio
devices.
 
  Sorry for the non-technically-based question but, couldn't OpenBSD
  contribute its development to audio drivers to OSS so all operating
  systems using it could benefit? And then OpenBSD could support just
  OSS. That would make in-house work available to non-OpenBSD users.
 
  Just an idea.

 and as far as that goes, 4Front, or anyone else for that matter, could
 have already ported these drivers.  they've always been BSD licensed.

 OSS has been developed for x86 and x86_64 linux/solaris/freebsd, and
 only supports PCI based devices.  it's also intended to be installed
 as kernel modules.  just getting OSS running on say OpenBSD/macppc
 to support PCI devices would be considerable work.  and then the
 i2s drivers we have would need to be ported to OSS.  that's just
 one arch.  as of right now, there are basically 3 regular audio
 developers for OpenBSD.  oh, and then all the ports would need to
 be changed to use OSS or be modified to not use libossaudio ...

 while I do think a single audio API for unix would be beneficial, I
 also prefer the Sun API.

 it's sort of a tough position.  believe me, there has been considerable
 thought put into this.

  Greetings!

 

for myself the only point that I miss with audio driver on openbsd is
lack of audio or software mixing like you have on alsa or oss. It's a
pity to have to use esound or such program to just  mix different
audio source. Any idee how it could be implemented with sun audio ?

- benont

- benoit

Re: : Help with root partition on RaidFrame

[Raimo Niskanen]

On Wed, Jan 09, 2008 at 02:00:31AM -0500, Nick Guenther wrote:
 On Jan 9, 2008 1:22 AM, William Sloan [EMAIL PROTECTED] wrote:
  Dear misc --
 
  I'm attempting to get a root partition on raid 1 RaidFrame
  configuration working with OpenBSD 4.2.  I have a Soekris 4801 with a
  compact flash card, a USB 2.0 PCI card and 2 identical external usb
  hard drives.
 
  I built a new kernel configured with the pseudo-device raid 4 and
  option RAID_AUTOCONFIG.
 
  I installed OpenBSD on the compact flash, created and initialized
  the raid array, set the raid device to autoconfigure and set the root
  flag, changed fstab on the raid disks to point root to raid0a instead
  of wd0a and rebooted.  When the system rebooted wd0a was mounted as
  root.
 
  Attached is dmesg, mount, raid0.conf, disklables. raidctl -sv 
  output.
 
  If someone can point me in the direction of what to look at or give
  me any ideas of what could be going wrong.
 
 
 When you build your new kernel you also need to change config(8) to
 set root on raid0. fstab isn't read until *after* the root is
 mounted, remember; how is it going to know to read from
 raid0a:/etc/fstab if the file to tell it that is raid0a:/etc/fstab?
 

This was not needed in 4.1, just setting the RAID_AUTOCONFIG and
setting the root flag on the raid array was enough, just as wsloan
did it was enough. This is my /usr/src/sys/arch/i386/conf/GENERIC.RAID:
#
# GENERIC.RAID - Add kernelized RAIDframe disk driver
#
include arch/i386/conf/GENERIC

option  RAID_AUTOCONFIG
pseudo-device   raid4

My raid0 has
   Autoconfig: Yes
   Root partition: Yes
and that was enough in OpenBSD 4.1

Has the behaviour changed?

Is there somewhere else to configure the root device, e.g from
/etc/boot.conf. I know you can give a flag -a to boot(8) to make
the kernel ask for a root device, but I do not find a root device
variable to set there, nor in options(4) and boot_config(8).

 -Nick

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: NAT IPV4 and bridge only IPV6

[Simon Vallet]

Hi all,

On Tue, 8 Jan 2008 21:52:22 +0100
Good Good [EMAIL PROTECTED] wrote:

 Free.fr is the first general public ISP in France to provide IPV6 to its
 customers (it seems that I would be lucky) :)

Just a minor correction there: it is *not* -- Nerim has been routing /48
IPv6 blocks to every customer since years...

And no, a /64 is not particularly useful; it's encouraging
nevertheless that IPv6 gets at least a bit attention.

Simon

Re: NAT IPV4 and bridge only IPV6

[Stéphane Chausson]

Simon Vallet wrote, On 9/01/08 10:44:

Hi all,

On Tue, 8 Jan 2008 21:52:22 +0100
Good Good[EMAIL PROTECTED]  wrote:


Free.fr is the first general public ISP in France to provide IPV6 to its
customers (it seems that I would be lucky) :)


Just a minor correction there: it is *not* -- Nerim has been routing /48
IPv6 blocks to every customer since years...

And no, a /64 is not particularly useful; it's encouraging
nevertheless that IPv6 gets at least a bit attention.

Simon




In a [1]press communiqui (in french, sorry) they say they give 2^64 ip 
address to every customer.

To me, total ipv6 beginner, it seems a lot !
What is bad with /64 ?
Are they sort of lying ? Playing with words ?

[1]http://www.iliad.fr/presse/2007/CP_IPv6_121207.pdf

Re: AMD Geode LX Video on fit-PC

[Marc Balmer]

Matt Jibson wrote:


I recently got a fit-PC. I found that after installing snapshots,
issuing startx simply blacks the screen. The normal methods to stop X
and recover the screen were unsuccessful. This is the behavior when
using the vesa driver. Under the vga driver, X starts, but the fonts
are unreadable and the resolution very low. It appears from the fit-PC
forums that the amd driver is needed. Has anyone had other success
with this machine, or previously ported this driver to OpenBSD? dmesg
below.


I have several AMD Geode LX devices that have Video.  The video port
on these devices must be programmed using some Geode specific
instructions (write MSR/read MSR).  Adding that support is in my
plans, but I have no idea when it will be ready.

[...]

Re: NAT IPV4 and bridge only IPV6

[Olivier Mehani]

On Wed, Jan 09, 2008 at 11:04:59AM +0100, Stiphane Chausson wrote:
 In a [1]press communiqui (in french, sorry) they say they give 2^64 ip
 address to every customer.

 To me, total ipv6 beginner, it seems a lot !

It seems to be, though it is the bare minimum.

 What is bad with /64 ?

This is only _one_ prefix. The other lower-order 64 bits would generally
be used for autoconfiguration (IPv6 has mechanisms allowing devices to
automatically determine a routable address from the prefix and, e.g.,
their MAC address*). This means you won't be able to do any _clean_
subnetworking.

Usually when giving prefixes, the leaf ISPs are supposed to delegate
/48 to their customers. This lets enough lattitude to design your
network plan without limitation due to being short of /64's.

That said, it may be true that most end-users like Free.fr has won't
need much more than one /64. But still, this can become frustrating (How
come my car cannot be a subnetwork as my home is?!)

 Are they sort of lying ? Playing with words ?

Nope. And it is still a good thing that they finally provide IPv6
connectivity, but this is the smallest move they could have done.

* this means, indeed, that the /64 range is very sparsely populated.

--
Olivier Mehani [EMAIL PROTECTED]
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: : Help with root partition on RaidFrame

[Nick Guenther]

On Jan 9, 2008 5:05 AM, Raimo Niskanen [EMAIL PROTECTED] wrote:
 On Wed, Jan 09, 2008 at 02:00:31AM -0500, Nick Guenther wrote:
  On Jan 9, 2008 1:22 AM, William Sloan [EMAIL PROTECTED] wrote:
   Dear misc --
  
   I'm attempting to get a root partition on raid 1 RaidFrame
   configuration working with OpenBSD 4.2.  I have a Soekris 4801 with a
   compact flash card, a USB 2.0 PCI card and 2 identical external usb
   hard drives.
  
   I built a new kernel configured with the pseudo-device raid 4 and
   option RAID_AUTOCONFIG.
  
   I installed OpenBSD on the compact flash, created and initialized
   the raid array, set the raid device to autoconfigure and set the root
   flag, changed fstab on the raid disks to point root to raid0a instead
   of wd0a and rebooted.  When the system rebooted wd0a was mounted as
   root.
  
   Attached is dmesg, mount, raid0.conf, disklables. raidctl -sv 
   output.
  
   If someone can point me in the direction of what to look at or 
   give
   me any ideas of what could be going wrong.
  
 
  When you build your new kernel you also need to change config(8) to
  set root on raid0. fstab isn't read until *after* the root is
  mounted, remember; how is it going to know to read from
  raid0a:/etc/fstab if the file to tell it that is raid0a:/etc/fstab?
 

 This was not needed in 4.1, just setting the RAID_AUTOCONFIG and
 setting the root flag on the raid array was enough, just as wsloan
 did it was enough. This is my /usr/src/sys/arch/i386/conf/GENERIC.RAID:
 #
 # GENERIC.RAID - Add kernelized RAIDframe disk driver
 #
 include arch/i386/conf/GENERIC

 option  RAID_AUTOCONFIG
 pseudo-device   raid4

 My raid0 has
Autoconfig: Yes
Root partition: Yes
 and that was enough in OpenBSD 4.1

 Has the behaviour changed?

 Is there somewhere else to configure the root device, e.g from
 /etc/boot.conf. I know you can give a flag -a to boot(8) to make
 the kernel ask for a root device, but I do not find a root device
 variable to set there, nor in options(4) and boot_config(8).

No. No it hasn't. And I've been been burned by not doing my research
all the way through yet again. Sorry.

-Nick

Re: OSS v4.0 released under BSD license

[Jacob Meuser]

On Wed, Jan 09, 2008 at 03:21:01AM +, Matthew Szudzik wrote:
  There is also the question of ALSA compatibility layer which is in my
  understanding slowly incorporated into OSS. Is it really important to have
  ALSA compatibility layer? Can somebody give me an example of the software
  which  requires ALSA (please exclude Skype although there is OSS version)
 
 Yes, an ALSA compatibility would allow us to use Linux binaries (through
 compat_linux) which require ALSA.  The most infamous example is the
 Adobe Flash 9 Plugin.

that would require kernel level ALSA emulation, just as we have kernel
level OSS emulation for linux binaries using OSS.  I have absolutely
no interest in that whatsoever.  you'd have better luck convincing
Adobe to make an OpenBSD native version of their plugin.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: [Fwd: Open-Hardware]

[chefren]

On 1/9/08 3:13 AM, Alexander Terekhov wrote:

On Jan 9, 2008 1:20 AM, chefren [EMAIL PROTECTED] wrote:
[...]

This man has no respect for programmers, clearly doesn't understand why money
was invented and how a market can be a very reasonable way to let people earn
money.


http://www.gnu.org/philosophy/words-to-avoid.html#Market

It is misleading to describe the users of free software, or the
software users in general, as a market.

This is not to say we're against markets.



It's misleading to call GNU GNU it should be called BSD/GNU.

(Thanks to Wijnand for pointing at this.)

BSD/GPL
BSD/GPLvX

Somewhat more typing but good PR.

+++chefren

Re: Real men don't attack straw men

[chefren]

On 1/9/08 1:49 AM, Steve Shockley wrote:

Marco Peereboom wrote:

I don't think so.  We check for this before we buy hardware.


I'd bet money that you have hardware that requires driver assist.


I doubt it; if he needs to use a device that doesn't meet his criteria 
for free (like a cell phone), he just has someone else carry it around 
for him.  That absolves him from all responsibility without any 
inconvenience.


Most chips require bits to be stored in registers (addresses) to get them do 
what they need to do. In the 80's manufacturers started with delivering chips 
that hadn't all registers in the address space of the processor and subsequent 
writes to the same address were necessary after a reset condition to get the 
chip working (this spared physical address lines and thus expensive pins on 
the chip).


Even if a blob needs to be stored on a chip it's often by sending subsequent 
writes to the same address. Sometimes this goes the other way around, with 
DMA, the chip reads a block of outside adresses (flash memory or memory filled 
by the main processor). Sometimes a memory besides the chip is attached with a 
serial connection (i2c etc, saves pins!). I have certainly not mentioned all 
way's to get required setup data to chips. But in general: After start the CPU 
 reads the first bytes of the bios and starts setting up at least all chips 
on the motherboard with data from the bios etc etc etc...


+++chefren

Re: NAT IPV4 and bridge only IPV6

[Simon Vallet]

On Wed, 09 Jan 2008 11:04:59 +0100
Stiphane Chausson [EMAIL PROTECTED] wrote:

 In a [1]press communiqui (in french, sorry) they say they give 2^64 ip
 address to every customer.
 To me, total ipv6 beginner, it seems a lot !
 What is bad with /64 ?
 Are they sort of lying ? Playing with words ?

 [1]http://www.iliad.fr/presse/2007/CP_IPv6_121207.pdf

Well, in theory 64 bits would be sufficient for 2^64 adresses, but
that's not the way IPv6 functions -- in reality they are providing you
with exactly 1 usable IPv6 address (link in french), hence the need to
NAT or bridge:

http://fr.wikipedia.org/wiki/IPv6#Adresses_IPv6

Simon

Re: NAT IPV4 and bridge only IPV6

[Claudio Jeker]

On Wed, Jan 09, 2008 at 11:04:59AM +0100, Stiphane Chausson wrote:
 Simon Vallet wrote, On 9/01/08 10:44:
 Hi all,

 On Tue, 8 Jan 2008 21:52:22 +0100
 Good Good[EMAIL PROTECTED]  wrote:

 Free.fr is the first general public ISP in France to provide IPV6 to its
 customers (it seems that I would be lucky) :)

 Just a minor correction there: it is *not* -- Nerim has been routing /48
 IPv6 blocks to every customer since years...

 And no, a /64 is not particularly useful; it's encouraging
 nevertheless that IPv6 gets at least a bit attention.

 Simon



 In a [1]press communiqui (in french, sorry) they say they give 2^64 ip 
 address to every customer.
 To me, total ipv6 beginner, it seems a lot !
 What is bad with /64 ?
 Are they sort of lying ? Playing with words ?


Of the 128bit IPv6 address only 64bits are actually usable the /64 is
actually more similar to a /32 host route in IPv4 land. To be correct a
/64 represents one LAN segement with maybe multiples hosts on it.
This comes from the fact that the lower 64bits of a IPv6 address are
autogenerated. rtsol (router solicitation) uses these lower 64bit.

-- 
:wq Claudio

Re: NAT IPV4 and bridge only IPV6

[Stuart Henderson]

On 2008/01/09 11:04, Stiphane Chausson wrote:
 In a [1]press communiqui (in french, sorry)

http://signal.eu.org/blog/2007/12/12/ipv6-chez-free/ is informative
too. (this is also in french).

 they say they give 2^64 ip address to every customer.
 To me, total ipv6 beginner, it seems a lot !
 What is bad with /64 ?

rfc4291 says:

   For all unicast addresses, except those that start with the binary
   value 000, Interface IDs are required to be 64 bits long and to be
   constructed in Modified EUI-64 format.

so if you further divide a /64 into multiple subnets you aren't
compliant with the standards, and you break the usual ipv6 address
autoconfiguration method.

the current _guidelines_ (not requirements) for allocations to
subscribers are given in rfc3177:

[...]

- /48 in the general case, except for very large subscribers
- /64 when it is known that one and only one subnet is needed by
  design
- /128 when it is absolutely known that one and only one device is
  connecting.

   In particular, we recommend:

  -  Home network subscribers, connecting through on-demand or
 always-on connections should receive a /48.
  -  Small and large enterprises should receive a /48.
  -  Very large subscribers could receive a /47 or slightly shorter
 prefix, or multiple /48's.
  -  Mobile networks, such as vehicles or mobile phones with an
 additional network interface (such as bluetooth or 802.11b)
 should receive a static /64 prefix to allow the connection of
 multiple devices through one subnet.
  -  A single PC, with no additional need to subnet, dialing-up from
 a hotel room may receive its /128 IPv6 address for a PPP style
 connection as part of a /64 prefix.

   Note that there seems to be little benefit in not giving a /48 if
   future growth is anticipated.  In the following, we give the
   arguments for a uniform use of /48 and then demonstrate that it is
   entirely compatible with responsible stewardship of the total IPv6
   address space.

[...]

there are some suggestions out (see recent nanog posts) that /56 be
used for private consumer subscribers, though this is probably not
useful for all but the largest consumer ISPs.

work and live canada

[Brenda Grand]

You are invited to work and live canada .


By your host Brenda Grand:

am Brenda from Canada, i am the assistant manager of Canadian Hotels,i wish to 
inform you that the hotel  need  man  and woman who can work and live  in  omni 
hotel Canada ,
A Division Of  Delta Chelsea Canadian Hotel Canada , hotel will care of your  
tickets,accommodation lodging and the visa assistance in your country,if you 
are interested ,you should please contact me back via the mail box,
   [EMAIL PROTECTED]  
N/B
THE HOTEL MANAGEMENT ARE NOT RESPONSIBLE  FOR YOUR CANADA C

 Date:  Wednesday January 9, 2008

 Time:  5:00 am - 6:00 am (GMT -07:00 US/Canada Mountain)

Will you attend? RSVP to this invitation at:

 
http://calendar.yahoo.com/advert_omni?v=126a1=0iid=DxAyfp3dmkuz%40BYKMxHmeAdaE-2yAozGigid=Cxa7Psh%40ml%405aUN8ixO9EB3%40e4gkANxfyxAVlx%40%40

Copyright ) 2008 All Rights Reserved
 www.yahoo.com

Privacy Policy:
 http://privacy.yahoo.com/privacy/us

Terms of Service:
 http://docs.yahoo.com/info/terms/

Re: Real men don't attack straw men

[Andrés]

[...] Linux is not free software.
[...] Linux [...] is on the ok side of the line.

Therefore: if there's only one popular kernel that GNU can use in its
project, then it's OK to use it, even if it's not free software.

Unpopular stuff like gNewSense have to be thought about, probably by a
marketing team inside GNU/FSF, while popular non-free software is
chosen.

I'll put this clear, once again: every time the GNU Project or the
Free Software Foundation talks about GNU/Linux in a positive way,
they're promoting a non-free software kernel. There's no way to talk
about Linux without promoting it, except the FSF forks its own copy of
Linux and uses a name that has nothing to do with it. Period.

And in case you thought about, a Q: Isn't Linux non-free software? A:
Yes, it is; everytime we talk about Linux, we are talking about a
version that's not from Linus Torvalds text somewhere in GNU/FSF's
Web site does not do any good at all.

Your personal ad* says that you value truth [...] more than
\success\, right? Well, then sacrifice Linux's popularity for the
sake of the FSF's purpose.

I find it funny that the FSF did remove Linux  from the Free Software
Directory but is afraid to disassociate from it. That _is_
hypocritical.

Be a Real Men, Richard.



Original quotes:

Torvalds' version of Linux is not free software

Mentioning Linux is referring to something well-known that people
have already heard of, which is on the ok side of the line.

*
http://www.stallman.org/extra/personal.html

Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Falk Brockerhoff]

Hello,

I'm running two Dell Poweredge 2650 Servers with dual Xeon 2,2 GHz und 5 
Gig Ram as a redundant firewall cluster, using Broadcom and Intel 
Gigabit Cards (bge and em Drivers).


Last weekend I got a Denial of Service Attack on my network which brings 
the firewall to its limits. As some people sometimes asks for the 
maximum packets per seconds to handle with OpenBSD, here is my feedback: 
everything works fine up to roundabout 100-120k pps.


A Dell Poweredge 1650 Dual P3 1,4 GHz with 2 Gigs of Ram and Intel 
Gigabit Cards (em Driver) handles up to 30-40k pps.


Hope this value may help you for finding the matching hardware for your 
needs.


Regards,

Falk

work and live canada

[Brenda Grand]

You are invited to work and live canada .


By your host Brenda Grand:

am Brenda from Canada, i am the assistant manager of Canadian Hotels,i wish to 
inform you that the hotel  need  man  and woman who can work and live  in  omni 
hotel Canada ,
A Division Of  Delta Chelsea Canadian Hotel Canada , hotel will care of your  
tickets,accommodation lodging and the visa assistance in your country,if you 
are interested ,you should please contact me back via the mail box,
   [EMAIL PROTECTED]  
N/B
THE HOTEL MANAGEMENT ARE NOT RESPONSIBLE  FOR YOUR CANADA C

 Date:  Wednesday January 9, 2008

 Time:  5:00 am - 6:00 am (GMT -07:00 US/Canada Mountain)

Will you attend? RSVP to this invitation at:

 
http://calendar.yahoo.com/advert_omni?v=126a1=0iid=DxAyfp3dmkuz%40BYKMxHmeAdaE-2yAozGigid=Cxa7Psh%40ml%405aU68yxP9UFl%40d4vkANyfxxAVlx%40%40

Copyright ) 2008 All Rights Reserved
 www.yahoo.com

Privacy Policy:
 http://privacy.yahoo.com/privacy/us

Terms of Service:
 http://docs.yahoo.com/info/terms/

Re: OSS v4.0 released under BSD license

[Jonathan Schleifer]

Jacob Meuser [EMAIL PROTECTED] wrote:

 that would require kernel level ALSA emulation, just as we have kernel
 level OSS emulation for linux binaries using OSS.  I have absolutely
 no interest in that whatsoever.  you'd have better luck convincing
 Adobe to make an OpenBSD native version of their plugin.

That wouldn't be required if we have a different alsa-lib than normal
linux systems have. It's possible that compiling libsalsa for Linux and
using in with compat_linux is already enough.

-- 
Jonathan

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Henning Brauer]

* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:09]:
 Last weekend I got a Denial of Service Attack on my network which brings 
 the firewall to its limits. As some people sometimes asks for the maximum 
 packets per seconds to handle with OpenBSD, here is my feedback: everything 
 works fine up to roundabout 100-120k pps.

I have had and seen _way_ more than that.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

OpenBSD and ISDN TA

[SeDoFa]

Simply question: does OpenBSD support ISDN?

I have great interest to use OpenBSD as ISDN router with an external
ISDN terminal adapter (USB interface).

Until now I didn't find any configuration hints for ISDN devices under
OpenBSD. I have found only a project called
isdn4bsd, but unfortunately, there is no maintainer on OpenBSD.

Any suggestions?

Thanks

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Falk Brockerhoff]

Henning Brauer wrote:

Hi Henning,


* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:09]:



works fine up to roundabout 100-120k pps.


I have had and seen _way_ more than that.


Can you please provide some details of the configuration and tweaks you 
have done to handle this amount of pps on such a hardware? This would be 
really nice!


I did a default OpenBSD 4.2 setup and followed the FAQ section Tuning 
networking parameters - nothing more yet.


Regards,

Falk

Re: OpenBSD and ISDN TA

[Diana Eichert]

On Wed, 9 Jan 2008, SeDoFa wrote:


Simply question: does OpenBSD support ISDN?


Simple answer: no

Re: OpenBSD and ISDN TA

[Andre Ruppert]

Sorry, no chance

Regards
Andre Ruppert

Re: OpenBSD and ISDN TA

[Peter N. M. Hansteen]

SeDoFa [EMAIL PROTECTED] writes:

 Simply question: does OpenBSD support ISDN?

 I have great interest to use OpenBSD as ISDN router with an external
 ISDN terminal adapter (USB interface).

If your ISDN TA can be made to look like a serial device and accept AT
commands (ie behave like a modem) it should be relatively
straightforward to use it via ppp.  Otherwise, I think ISDN is one of
those technologies a significant part of the OpenBSD population would
be very happy to suppress any remaining memories of.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD and ISDN TA

[Henning Brauer]

* SeDoFa [EMAIL PROTECTED] [2008-01-09 14:53]:
 Simply question: does OpenBSD support ISDN?
 
 I have great interest to use OpenBSD as ISDN router with an external
 ISDN terminal adapter (USB interface).
 
 Until now I didn't find any configuration hints for ISDN devices under
 OpenBSD. I have found only a project called
 isdn4bsd, but unfortunately, there is no maintainer on OpenBSD.
 
 Any suggestions?

ISDN TAs just show up as regular modems controlled by AT commands. no 
special support required, you might have to fiddle with init strings 
etc a bit.
well, serial ones at least. no idea how the USB ones are implimented.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: [Fwd: Open-Hardware]

[Eric Furman]

On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said:
 Eric Furman [EMAIL PROTECTED] writes:
 
  This is one of the most retarded things I've ever read.
  You might get one wanker to pay for it, but if it comes
  in non-binary with all the source what's to stop them
  from posting it on the internet and everybody else
  getting it for free?
 
 Good question.
 
 Theo de Raadt [EMAIL PROTECTED] writes:
 
  Profits from CD sales are the primary income source for the OpenBSD
  project -- in essence selling these CD-ROM units ensures that OpenBSD
  will continue to make another release six months from now.
 
 Maybe this guy can explain it to you.

OK, *that* was the most retarded thing I have ever read.
You're comparing apples and oranges.

Re: OSS v4.0 released under BSD license

[Deanna Phillips]

Jonathan Schleifer writes:

 Jacob Meuser [EMAIL PROTECTED] wrote:

 that would require kernel level ALSA emulation, just as we
 have kernel level OSS emulation for linux binaries using OSS.
 I have absolutely no interest in that whatsoever.  you'd have
 better luck convincing Adobe to make an OpenBSD native
 version of their plugin.

 That wouldn't be required if we have a different alsa-lib than
 normal linux systems have. It's possible that compiling
 libsalsa for Linux and using in with compat_linux is already
 enough.

Alsa is really, really not important to us.  In the past few
years of working on OpenBSD ports I have only run across one
open source application that required alsa, and I took that as a
sign that the app wasn't worth having anyway.  Should a worthy
alsa-only *open source* app appear, I'm sure that someone could
port it to Sun audio.  There is already a lot of code in the
ports tree that does this to provide better support than the OSS
3.x- emulation we have now.

But for Linux binary emulation?  No way.  If you want that, run
Linux.  What kind of people run Linux binaries on OpenBSD,
anyway?  Don't give me that I need Flash, since I spent months
of my life working on Gnash for OpenBSD just so you wouldn't
have to use the Adobe Linux binary.. and more months working on
PJSIP so that you wouldn't have to use Skype.

If this interest in alsa is just general multimedia envy and not
some specific need for alsa support, you might find this article
in Hannu's blog interesting.  He details the history of the two
and makes a good case for adopting OSS instead.

http://4front-tech.com/hannublog/?p=5

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Vijay Sankar]

On January 9, 2008 08:20:40 am Vijay Sankar wrote:
 On January 9, 2008 06:35:56 am Falk Brockerhoff wrote:
  Hello,
 
  I'm running two Dell Poweredge 2650 Servers with dual Xeon 2,2 GHz und 5
  Gig Ram as a redundant firewall cluster, using Broadcom and Intel
  Gigabit Cards (bge and em Drivers).
 
  Last weekend I got a Denial of Service Attack on my network which brings
  the firewall to its limits. As some people sometimes asks for the
  maximum packets per seconds to handle with OpenBSD, here is my feedback:
  everything works fine up to roundabout 100-120k pps.
 
  A Dell Poweredge 1650 Dual P3 1,4 GHz with 2 Gigs of Ram and Intel
  Gigabit Cards (em Driver) handles up to 30-40k pps.
 
  Hope this value may help you for finding the matching hardware for your
  needs.
 
  Regards,
 
  Falk

 I changed from using HP DL380's to Dell 2950's in the last year or so since
 it has better support for OpenBSD. With the DL380's, we were getting about
 70,000 pps during tests but after following the explanations about network
 performance tuning in a great article by Henning Brauer (I have been
 searching for it for the past hour but can't find the URL -- it was at the
 www.openbsd.org web site and I had downloaded it couple of years ago), we
 could get 180,000 pps on DL380's. On the 2950's, I haven't done any tests
 yet but as soon as I find that paper, I will do so.

Finally found the paper I was looking for. It is at

http://www.openbsd.org/papers/tuning-openbsd.ps

Looks like it is older than I thought and some of the points in the paper are 
already addressed by new versions of OpenBSD. But it was very educational and 
helpful for me when I was trying to improve network performance on some 
servers.

-- 
Vijay Sankar, M.Eng., P.Eng.
President  CEO
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]

ponuda za posao

[vladimir]

Potovani
U prolici smo  da Vam ponudimo najnoviju mogicnost zarade.
Uskoro na naim prostorima pocinje da radi Lyoness
Na vrijeme zauzmite svoje mjesto u ovom perspektivnom poslu.
Uclanjenje je potpuno besplatno-nita ne rizikujete.
Informiite se http://lyonesszarada.50webs.com

Re: [Fwd: Open-Hardware]

[bofh]

On Jan 8, 2008 7:20 PM, chefren [EMAIL PROTECTED] wrote:

  This is one of the most retarded things I've ever read.
  You might get one wanker to pay for it, but if it comes
  in non-binary with all the source what's to stop them
  from posting it on the internet and everybody else
  getting it for free?
 Following Richard Stallman's theories everyone may make money with his
 creation/work except a programmer. Richard Stallman /says/ a programmer
 may
 earn money 1 time and than the code should be free after that.

 Why he says so is clueless, he clearly cannot explain how a programmer
 should
 make money if it's about a lot of work that is just a little feature for a
 lot
 of people, such a programmer should go around and ask a milion users a
 cent
 before he lets them test the code. Because the moment he let other people
 test
 it, the code should be for grabs too. Richard want's such a programmer to
 spam
 the world about a little feature to get money for it.


Though - it must be said - RedHat certain employs a number of GPL
programmers. As do IBM, and even Microsoft.


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.  --
Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Henning Brauer]

* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:50]:
 Henning Brauer wrote:

 Hi Henning,

 * Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 14:09]:
 
 works fine up to roundabout 100-120k pps.
 I have had and seen _way_ more than that.

 Can you please provide some details of the configuration and tweaks you 
 have done to handle this amount of pps on such a hardware? This would be 
 really nice!

well, that has been detailed to this list a hundred times...
not much tuning required.

kern.maxclusters=128000
net.inet.ip.ifq.maxlen=2500
net.inet.ip.forwarding=1
net.inet.carp.preempt=1
net.inet.icmp.errppslimit=1000

GENERIC kernel, no SMP (hurts in that case), right amount of RAM (a gig 
is plenty), good NICs (usually server-grade ems in my case)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Vijay Sankar]

On January 9, 2008 06:35:56 am Falk Brockerhoff wrote:
 Hello,

 I'm running two Dell Poweredge 2650 Servers with dual Xeon 2,2 GHz und 5
 Gig Ram as a redundant firewall cluster, using Broadcom and Intel
 Gigabit Cards (bge and em Drivers).

 Last weekend I got a Denial of Service Attack on my network which brings
 the firewall to its limits. As some people sometimes asks for the
 maximum packets per seconds to handle with OpenBSD, here is my feedback:
 everything works fine up to roundabout 100-120k pps.

 A Dell Poweredge 1650 Dual P3 1,4 GHz with 2 Gigs of Ram and Intel
 Gigabit Cards (em Driver) handles up to 30-40k pps.

 Hope this value may help you for finding the matching hardware for your
 needs.

 Regards,

 Falk

I changed from using HP DL380's to Dell 2950's in the last year or so since it 
has better support for OpenBSD. With the DL380's, we were getting about 
70,000 pps during tests but after following the explanations about network 
performance tuning in a great article by Henning Brauer (I have been 
searching for it for the past hour but can't find the URL -- it was at the 
www.openbsd.org web site and I had downloaded it couple of years ago), we 
could get 180,000 pps on DL380's. On the 2950's, I haven't done any tests yet 
but as soon as I find that paper, I will do so.

-- 
Vijay Sankar, M.Eng., P.Eng.
President  CEO
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]

Re: [Fwd: Open-Hardware]

[Eric Furman]

On Wed, 09 Jan 2008 09:30:52 -0500, Richard Stallman [EMAIL PROTECTED]
said:
  http://www.gnu.org/philosophy/words-to-avoid.html#Market
  
  It is misleading to describe the users of free software, or the
  software users in general, as a market.
  
  This is not to say we're against markets.
 
 If you want to see what we really say about this,
 visit that URL and read the whole three paragraphs.

You mean what you say about it this week.
Blah blah blah.
If you're not issuing and apology to OBSD then STFU and go away.
They don't want or need your endorsement just an apology
for misrepresenting them.

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Henning Brauer]

* Vijay Sankar [EMAIL PROTECTED] [2008-01-09 16:11]:
 Finally found the paper I was looking for. It is at
 
 http://www.openbsd.org/papers/tuning-openbsd.ps

this is (almost) completely obsolete.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

trouble with apache2 and php5

[cassier sebastien]

Hello,

i want to install a apache2 serveur on my OpenBSD 4.2 with mysql and php5
i installed apache-httpd php5-core and mysql (and php5-mysql)
with the pkg_add command, but when a execute phpxs, it's configuring
the 1.3apache versions.
it seems normal but how can i do to configure php5 for apache2.
do i have to use ports?

please help.

thanks

-- 
Cassier Sebastien
Network and Security staff
LP-system
23 rue la boetie
75008 Paris
[EMAIL PROTECTED]  06 08 23 20 53

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Falk Brockerhoff]

Henning Brauer wrote:


well, that has been detailed to this list a hundred times...
not much tuning required.


Oh, sorry, I should have had a look at the mailing list archive. I'm not 
reading the list all the time. Thank you for your hint!


GENERIC kernel, no SMP (hurts in that case), right amount of RAM (a gig 
is plenty), good NICs (usually server-grade ems in my case)


Hm, without a SMP enabled kernel the system wouldn't take any advantage 
of the dual cpu board, right? So a single CPU system would really be the 
better choice for firewalling services?


Regards,

Falk

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Sevan / Venture37]

 I changed from using HP DL380's to Dell 2950's in the last year or so since
it
 has better support for OpenBSD. With the DL380's, we were getting about
 70,000 pps during tests but after following the explanations about network
 performance tuning in a great article by Henning Brauer (I have been
 searching for it for the past hour but can't find the URL -- it was at the
 www.openbsd.org web site and I had downloaded it couple of years ago), we
 could get 180,000 pps on DL380's. On the 2950's, I haven't done any tests
yet
 but as soon as I find that paper, I will do so.

Is this it?
http://www.openbsd.org/papers/tuning-openbsd.ps


Sevan / Venture37
_
Fancy some celeb spotting?
https://www.celebmashup.com

Mozilla Firefox security updates

[Russell Gadd]

Could anyone enlighten me about how Mozilla Firefox security updates are 
implemented in OpenBSD?


I notice that the version of Firefox I am using in OBSD is 2.0.0.6 
whereas the latest versions on Windows and Ubuntu are both 2.0.0.11, and 
several security vulnerabilities are present in 2.0.0.6. In my version 
of Debian (Etch) Iceweasel is at version 2.0.0.10 but I note from the 
Mozilla site that the 2.0.0.11 update doesn't include any security fixes 
whereas 2.0.0.10 does include security fixes.


Updates to Firefox are pretty regular things at present and if you are 
running Windows they always seem to emphasise the need to update as soon 
as a fix is announced, presumably meaning that vulnerabilities could 
well be exploited quickly.


In Windows updates are downloaded from within the running program, in 
Ubuntu via the usual software update process (binary updates - either 
apt-get, aptitude or Synaptic). I presume the OBSD team are only 
concerned with updates to the basic OS and package updates are handled 
by the package developers.


I can find the source of 2.0.0.11 on Mozilla's site. Can I assume I must 
use this and compile it myself? I have had a look at the ports source on 
the UK mirror site and it is dated 1 Sept 07 so I presume this includes 
only 2.0.0.6 and there is no port later than this. I am out on a limb 
regarding implementing 2.0.0.11 in source form - what do other people do?


Russell

Re: Pre-Orders for Limited Edition Puffy the Blowfish

[Steve Shockley]

Eric Furman wrote:

You mean you killed a poor innocent puffy fish to make your unethical
corporate dollars? I'll have to report you to rms.
Free puffy fish for all!


No, it's okay; he borrowed the knife from someone else.

Re: OpenBSD and ISDN TA

[Christian Weisgerber]

Diana Eichert [EMAIL PROTECTED] wrote:

  Simply question: does OpenBSD support ISDN?
 
 Simple answer: no

Well, you can hook up ISDN TAs with a serial port that look like a
dial-up modem (AT command set etc.).  However, I think these have
long since disappeared from the market.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

Re: Advice requested on security issues

[Russell Gadd]

Jussi Peltola wrote:

On Tue, Jan 08, 2008 at 10:48:41AM -0500, Douglas A. Tutty wrote:
 

I suppose the only way to have a trusted-secure box and an
untrusted-insecure box with one disply/keyboard would be a KVM.

Actual, physical separation of the machines is the only 100% secure way
to prevent information from leaking between them. I'd be more worried
about the network cable between them than a KVM, though.
  
I looked at KVM and came to the same conclusion - that most now have 
some software (partly to allow the boot process to discover the 
keyboard, etc hardware), so there is a risk of some leakage. My 
configuration will be physical separation of secure box from main box 
with network cabling to the router as the only link.  So my security 
measures on the secure box are a simple PF setup permitting only 
outgoing initiation of connections and some sort of restriction on the 
internet sites visited.  i.e. simply setting up the appropriate bank 
sites as bookmarks and only using these as starting pages to visit. Plus 
maybe some form of whitelisting in the browser setup if I don't trust 
myself to be awake.


Unfortunately some bank sites do use javascript and I have a concern 
over cross site scripting - only because I have yet to look deeper into 
this to see what the risks are. But  if I never visit non-bank sites is 
this a problem?


Russell

PF Rules Configuration

[Lionel Pinkhard]

Hi,

I'm trying to setup PF Rules for a new OpenBSD 4.2 installation, but 
after struggling for a few days I still can't get it the way I need it 
to be. This is my first time setting up a pf.conf file, so any 
assistance would be greatly appreciated.


What I need:
- A firewall that allows ONLY the required access
- A firewall that allows FTP (passive  active)
- A firewall that is also a transparent bridge
- A firewall that reduces spam
- A firewall that keeps hackers  bruteforcers out by any means neccessary

My biggest issue so far was getting the FTP working, but that's working 
now, but moving on to the spam part, I re-approached the same issue I 
initially had with the FTP (resulting in me using ftpsesame instead of 
ftp-proxy, since it turned out simpler).


My /etc/pf.conf file:

## BEGIN /etc/pf.conf ##
ext_if = xl1
int_if = xl0
opt_if = xl2

table bruteforce persist

tcp_ports = { ftp-data, ftp, ssh, smtp, domain, http, pop3, https, 
pop3s, radius, radacct }
udp_ports = { domain, bootps, bootpc, ntp, radius, radacct, 33433  
33626 }

icmp_types = { echoreq, unreach }

martians = { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
   10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
   0.0.0.0/8, 240.0.0.0/4 }

set block-policy drop
scrub in all

antispoof for $ext_if
antispoof for $int_if
antispoof for $opt_if

block quick from bruteforce

block drop in quick on $ext_if from $martians to any
block drop out quick on $ext_if from any to $martians

pass in quick on $int_if
pass out quick on $int_if

pass in quick on $opt_if
pass out quick on $opt_if

block in log on $ext_if all
block return out log on $ext_if all

anchor ftpsesame/* proto tcp all

pass on $ext_if inet proto tcp from any to any port $tcp_ports keep state \
(max-src-conn 100, max-src-conn-rate 15/5, \
 overload bruteforce flush global)
pass on $ext_if inet proto udp from any to any port $udp_ports keep state \
(max-src-conn 100, max-src-conn-rate 15/5, \
 overload bruteforce flush global)

pass inet proto icmp all icmp-type $icmp_types keep state
## END /etc/pf.conf ##

Can somebody please advise me which rules I should put in here to get 
spamd working? The standard rdr stuff specified everywhere doesn't 
appear to work for my setup.


My network configuration is as follows:

xl0: up
xl1: up
xl2: inet 10.2.254.253 255.255.0.0 up
bridge0: add ep0 add ep1 blocknonip ep0 blocknonip ep1 up

I hope I have provided enough information on my setup, basically all 
that needs to change is to hook the spamd daemon in somewhere, but like 
I said, the standard instructions from spamd didn't work (it instead 
blocks port 25 completely, spamd doesn't receive any traffic nor does 
any packets get logged - even if I turn on more verbose logging).


Regards,

Lionel Pinkhard

Re: OSS v4.0 released under BSD license

[Dusty]

On Jan 9, 2008 4:10 PM, Deanna Phillips [EMAIL PROTECTED] wrote:

 Jonathan Schleifer writes:

  Jacob Meuser [EMAIL PROTECTED] wrote:
 
  that would require kernel level ALSA emulation, just as we
  have kernel level OSS emulation for linux binaries using OSS.
  I have absolutely no interest in that whatsoever.  you'd have
  better luck convincing Adobe to make an OpenBSD native
  version of their plugin.
 
  That wouldn't be required if we have a different alsa-lib than
  normal linux systems have. It's possible that compiling
  libsalsa for Linux and using in with compat_linux is already
  enough.

 Alsa is really, really not important to us.  In the past few
 years of working on OpenBSD ports I have only run across one
 open source application that required alsa, and I took that as a
 sign that the app wasn't worth having anyway.  Should a worthy
 alsa-only *open source* app appear, I'm sure that someone could
 port it to Sun audio.  There is already a lot of code in the
 ports tree that does this to provide better support than the OSS
 3.x- emulation we have now.

 But for Linux binary emulation?  No way.  If you want that, run
 Linux.  What kind of people run Linux binaries on OpenBSD,
 anyway?  Don't give me that I need Flash, since I spent months
 of my life working on Gnash for OpenBSD just so you wouldn't
 have to use the Adobe Linux binary.. and more months working on
 PJSIP so that you wouldn't have to use Skype.


You're working on PJSIP?!?!!  SWEEET
I'm going to love you forever  :)
(makes me wish i could code so i could help you out)



 If this interest in alsa is just general multimedia envy and not
 some specific need for alsa support, you might find this article
 in Hannu's blog interesting.  He details the history of the two
 and makes a good case for adopting OSS instead.

 http://4front-tech.com/hannublog/?p=5

Re: [Fwd: Open-Hardware]

[Kevin Wilcox]

Eric Furman wrote:

On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said:

Eric Furman [EMAIL PROTECTED] writes:


This is one of the most retarded things I've ever read.
You might get one wanker to pay for it, but if it comes
in non-binary with all the source what's to stop them
from posting it on the internet and everybody else
getting it for free?

Good question.

Theo de Raadt [EMAIL PROTECTED] writes:


Profits from CD sales are the primary income source for the OpenBSD
project -- in essence selling these CD-ROM units ensures that OpenBSD
will continue to make another release six months from now.

Maybe this guy can explain it to you.


OK, *that* was the most retarded thing I have ever read.
You're comparing apples and oranges.


No, he's not.

Stallman said I'm not against buying software from developers (as long
as it is free software).

That is the baseline for your This is one of the most retarded things
I've ever read comment. You make a valid point, what is to keep someone
from taking the source that they'd bought and putting an exact digital
replica online. This implies that you can't make money selling the
source to software that could potentially be had sans gratis on the 'net.

Daniel then brought up the idea of CD sales. Something you can buy and
put an exact digital replica of online. By your implication that you
can't make money selling the source to potentially sans gratis, it's
also implied that you shouldn't be able to make money with CD sales of
*definite* sans gratis software because someone could either buy the CD
and make a .iso version available online or you could just get the
software sans gratis anyway.

Since you're missing the analogy I'd say you probably didn't intend to
imply that. For those of us that read the implication there, though, the
analogy makes perfect sense.

kmw

--

Quis custodiet ipsos custodes

Re: OSS v4.0 released under BSD license

[Jonathan Schleifer]

Deanna Phillips [EMAIL PROTECTED] wrote:

 Should a worthy
 alsa-only *open source* app appear, I'm sure that someone could
 port it to Sun audio.

What about libjingle for example? It's opensource and used by all
Jabber clients which support VoIP - and it only supports ALSA (at least
the last time I looked at it - it wouldn't even compile without it).

-- 
Jonathan

Re: Mozilla Firefox security updates

[Hannah Schroeter]

Hi!

On Wed, Jan 09, 2008 at 03:44:00PM +, Russell Gadd wrote:
Could anyone enlighten me about how Mozilla Firefox security updates are 
implemented in OpenBSD?

$ pkg_info mozilla-firefox
Information for inst:mozilla-firefox-2.0.0.10
[...]

You've seen that ports/packages are currently not maintained for
-stable? I'm using -current and thus have all the necessary bug and
security fixes.

Kind regards,

Hannah.

Re: OpenBSD and ISDN TA

[Nick Bender]

 Any suggestions?

Get a Netgear ISDN router - used one for a number of years with no problems.

They come in either single network connection or with 4 port hub.

-N

Re: OpenBSD and ISDN TA

[Ray Percival]

I think ISDN is one of



those technologies a significant part of the OpenBSD population would
be very happy to suppress any remaining memories of.


I'm getting flashbacks just reading this.



--  
Peter N. M. Hansteen, member of the first RFC 1149 implementation team

http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673  
seconds.

Re: Pre-Orders for Limited Edition Puffy the Blowfish

[Nick Bender]

On Jan 8, 2008 11:40 AM, Sunnz [EMAIL PROTECTED] wrote:
 2008/1/8, Sam Fourman Jr. [EMAIL PROTECTED]:
  do you have a website that has pictures, the mail server stripped your
  attachemnts
 
  Sam Fourman Jr.
 
 
 I second that, me want see pictures!!!


http://icanhascheezburger.com/2008/01/04/funny-pictures-i-this-means-i-not-happy/

Re: [Fwd: Open-Hardware]

[Kevin Wilcox]

Eric Furman wrote:


*BULLSHIT*.
You have so completely missed the point it is to laugh.
Apples and Oranges.
Remember OBSD isn't GPL'ed


There's no need to continue this on the list because you don't get the
analogy so I'm replying directly.

I didn't say that OBSD is GPL'ed, did I? I said that selling software
that's available at no cost (GPL software someone has bought and
re-released to the public) is no different than selling software that's
available at no cost (an OpenBSD CD versus the .iso format available to
the public).

In both cases you are taking software that is freely (cost) available
and selling it via some physical medium.

I even stated that it was just something that I had picked up as an 
implication and that for those of us that interpreted your statement in 
that fashion, the analogy made sense. How is that bs?


I've no qualms being someone's laughing stock because they fail to
understand something so feel free to laugh away. My regret is that I 
failed to sufficiently explain the analogy, and why at least a few of us 
felt it was appropriate, in a manner you could understand the first time.


If you still do not understand the analogy, and why I agree with Daniel
that it was an appropriate one, please feel free to email me directly
and we can discuss it. There's no point in continuing to butt heads on
the list.

kmw

Re: [Fwd: Open-Hardware]

[Eric Furman]

On Wed, 09 Jan 2008 11:01:52 -0500, Kevin Wilcox
[EMAIL PROTECTED] said:
 Eric Furman wrote:
 
  *BULLSHIT*.
  You have so completely missed the point it is to laugh.
  Apples and Oranges.
  Remember OBSD isn't GPL'ed
 
 There's no need to continue this on the list because you don't get the
 analogy so I'm replying directly.

Then why did you cc the list?

 
 I didn't say that OBSD is GPL'ed, did I? I said that selling software

No, but you are making comparisons. OBSD doesn't follow GPL's rules.

 that's available at no cost (GPL software someone has bought and
 re-released to the public) is no different than selling software that's
 available at no cost (an OpenBSD CD versus the .iso format available to
 the public).
 
 In both cases you are taking software that is freely (cost) available
 and selling it via some physical medium.

Yes, but the *intentions* are completely different.

 
 I even stated that it was just something that I had picked up as an 
 implication and that for those of us that interpreted your statement in 
 that fashion, the analogy made sense. How is that bs?
 
 I've no qualms being someone's laughing stock because they fail to
 understand something so feel free to laugh away. My regret is that I 
 failed to sufficiently explain the analogy, and why at least a few of us 
 felt it was appropriate, in a manner you could understand the first time.

*I* understand perfectly, but because you have swallowed a lot
of GNU baloney you don't get my original point and I don't feel
like wasting my time explaining it to you.

 If you still do not understand the analogy, and why I agree with Daniel
 that it was an appropriate one, please feel free to email me directly
 and we can discuss it. There's no point in continuing to butt heads on
 the list.

I know why you agree with him. No further discussion is necessary.

Re: trouble with apache2 and php5

[Antoine Jacoutot]

On Wed, 9 Jan 2008, cassier sebastien wrote:

it seems normal but how can i do to configure php5 for apache2.
do i have to use ports?


Why do you really need Apache2?
Is there something missing from the base httpd server?


[EMAIL PROTECTED]


You should shave...
;)

--
Antoine

Re: [Fwd: Open-Hardware]

[Eric Furman]

On Wed, 09 Jan 2008 10:07:50 -0500, Kevin Wilcox
[EMAIL PROTECTED] said:
 Eric Furman wrote:
  On 08 Jan 2008 20:21:08 -0500, Daniel Hagerty [EMAIL PROTECTED] said:
  Eric Furman [EMAIL PROTECTED] writes:
 
  This is one of the most retarded things I've ever read.
  You might get one wanker to pay for it, but if it comes
  in non-binary with all the source what's to stop them
  from posting it on the internet and everybody else
  getting it for free?
  Good question.
 
  Theo de Raadt [EMAIL PROTECTED] writes:
 
  Profits from CD sales are the primary income source for the OpenBSD
  project -- in essence selling these CD-ROM units ensures that OpenBSD
  will continue to make another release six months from now.
  Maybe this guy can explain it to you.
  
  OK, *that* was the most retarded thing I have ever read.
  You're comparing apples and oranges.
 
 No, he's not.
 
 Stallman said I'm not against buying software from developers (as long
 as it is free software).
 
 That is the baseline for your This is one of the most retarded things
 I've ever read comment. You make a valid point, what is to keep someone
 from taking the source that they'd bought and putting an exact digital
 replica online. This implies that you can't make money selling the
 source to software that could potentially be had sans gratis on the 'net.
 
 Daniel then brought up the idea of CD sales. Something you can buy and
 put an exact digital replica of online. By your implication that you
 can't make money selling the source to potentially sans gratis, it's
 also implied that you shouldn't be able to make money with CD sales of
 *definite* sans gratis software because someone could either buy the CD
 and make a .iso version available online or you could just get the
 software sans gratis anyway.
 
 Since you're missing the analogy I'd say you probably didn't intend to
 imply that. For those of us that read the implication there, though, the
 analogy makes perfect sense.

*BULLSHIT*.
You have so completely missed the point it is to laugh.
Apples and Oranges.
Remember OBSD isn't GPL'ed

Re: [Fwd: Open-Hardware]

[chefren]

On 01/09/08 16:44, Kevin Wilcox wrote:

 I don't think either of you have a firm grasp of what's being said with
 regards to selling free software. Or of the GPL in general.

http://webster.com/dictionary/selling

http://webster.com/dictionary/free

http://webster.com/dictionary/software

 The use of the word free has nothing to do with price, it is that the
 recipient of a piece of software has the freedom to modify the software
 as they see necessary so that it does what they want it to do.

If you mean that, don't use the word free.

 To
 accomplish this, they should receive the source to said software. That's
 what the GPLv2 is all about - providing the recipient of a piece of
 software with the source code to that software and the freedom to modify
 it as they desire.

Sorry, after reading and understanding GPL itself I never put much
time in understanding subsequent versions...

But I do understand that the word free, as in

http://webster.com/dictionary/free

Has nothing to do with it. Nice to know.

 It is only once they decide to *further distribute*
 the software that they are restricted. At that point the only
 restrictions placed on them is that they provide the source - thereby
 giving the recipient the same rights bestowed upon them by *their*
 provider.

Come on, what a details, if it's not free as in

http://webster.com/dictionary/free

and is about open source software as in:

http://webster.com/dictionary/software

none of the subscribers of this list is interested any more. I'm sorry
if this shocks you.

 No one has said that you can't charge whatever you like for your
 software *or* that you have to give the code away to the world - they
 are saying that if you provide a binary then you should provide the
 recipients of that binary with the corresponding source and the right to
 change it and distribute it as they see fit.

Well, I presume that after GPLv4 were you wrote now No one should be
written Richard Stallman and his cronies.

Richard Stallman's ideas clearly point at robbing software writers, if
software writers hide their work behind webservices he will
definitely introduce GPLv4 for it.

..

 In no way is anyone saying you can't make a comfortable living writing
 code and that you have to go through life as a beggar.

If my profession is writing software and I was so stupid to start
concentrating on GPL software it's very difficult to make a living. I
know RichardCo like to point at a handful of jobs at
IBM+Redhat+Microsoft but I cannot take that serious at all.

+++chefren

Re: [Fwd: Open-Hardware]

[chefren]

On 01/09/08 15:30, Richard Stallman wrote:
 http://www.gnu.org/philosophy/words-to-avoid.html#Market

 It is misleading to describe the users of free software, or the
 software users in general, as a market.

 This is not to say we're against markets.

 If you want to see what we really say about this, visit that URL
 and read the whole three paragraphs.

OK here are all paragraphs:

 Market

 It is misleading to describe the users of free software, or the
 software users in general, as a market.

If people exchange things it's about a market. Please don't try to
change definitions like you do with free. What you call free
software has clearly =more= stings attached than you would suppose if
you look up the word free in the dictionaries.

The word misleading should be replaced by something like against
our beliefs. Please let the webmaster of the site fix that. No
problem if he fixes the by L donated security problem first.

 This is not to say we're against markets.

If you try to change the meaning of words you are basically against
something. You are =against= free software and =against= markets for
software.

Be honest! Didn't your parents told you so?

 If you have a free
 software support business, then you have clients, and you trade
 with them in a market.

Not according to GPLvX, if you supply a fix to GPL code you cannot
trade it more than 1 time, all other possible clients have a free ride
after that, that has nothing to do with a market.

Please understand, I have no problems with it but I think programmers
should have a free choice for each programming work() they do. Let
each client pay, let one client pay and give it away for the rest, etc.

 As long as you respect their freedom, we wish you success in your
market.

He! When I use your definitions I get a parse error!!!

What you call freedom is freedom with DRM, and everyone knows DRM
spoils markets.

Your wish for succes is clueless, meaningless, and perhaps plain evil.


 But the free software movement is a social movement, not a
 business, and the success it aims for is not a market success.

Please get your facts straight with reality

In practice the social thing doesn't count for the creators of free
software.

 We
 are trying to serve the public by giving it freedom---not competing
 to take them away from a rival. To equate this campaign for freedom
 to a business' campaign for mere success is to diminish the
 significance of freedom.

All blurp, the only thing that real counts is code. Preferably
functional elegantly written secure code and for outsiders preferable
free, BSD licensed code, without the GNU GPLvX DRM.


Can't you understand a programmer, for himself, prefers to start with
BSD license?

I presume this is a stupid question because Richard Stallman seems to
have has a hole or something in his brain. That makes him loop the
word social in all kind of ways but the words emphatic and
individual are missing.

I start believing Richard Stallmans brain is compiled by GCC. It
behaves like what we see with OpenBSD copiled with GCC, someone has
shot at it with a shotgun, few bit's on strange places are flipped.

+++chefren

Re: spamd-setup hangup/timeout settings

[Frank Bax]

Jason George wrote:

My spamd-setup always takes 20-30 minutes on two servers (4.1 and 4.2).
  This is not normal?  When I run it manually; most of the time is
spent downloading traplist.gz


You are all connecting to beck@'s machine at the University of Alberta 
(www.openbsd.org) ?


I use the same major ISP that the U of A uses as one of its principal peers.  
I get timeouts, poor throughput and generally the same behaviour as mentioned 
above for all transfers to that site (spamd lists, snapshots, etc).



Are there any alternative?  /etc/mail/spamd.conf mentions 
www.de.openbsd.org; but Beck's traplist.gz is not actually mirrored there.


Frank

Re: [Fwd: Open-Hardware]

[Kevin Wilcox]

chefren wrote:


On 1/9/08 12:54 AM, Eric Furman wrote:



This is one of the most retarded things I've ever read.
You might get one wanker to pay for it, but if it comes
in non-binary with all the source what's to stop them
from posting it on the internet and everybody else
getting it for free?


You got the point, Richard doesn't respect creators. He wants every 
programmer to go through life as beggar like he does himself. Giving in 
that that's impossible, that you cannot raise children that way doesn't 
matter to him.


Following Richard Stallman's theories everyone may make money with his 
creation/work except a programmer. Richard Stallman /says/ a programmer 
may earn money 1 time and than the code should be free after that.


Why he says so is clueless, he clearly cannot explain how a programmer 
should make money if it's about a lot of work that is just a little 
feature for a lot of people, such a programmer should go around and ask 
a milion users a cent before he lets them test the code. Because the 
moment he let other people test it, the code should be for grabs too. 
Richard want's such a programmer to spam the world about a little 
feature to get money for it.


This man has no respect for programmers, clearly doesn't understand why 
money was invented and how a market can be a very reasonable way to let 
people earn money.


I don't think either of you have a firm grasp of what's being said with
regards to selling free software. Or of the GPL in general.

The use of the word free has nothing to do with price, it is that the
recipient of a piece of software has the freedom to modify the software
as they see necessary so that it does what they want it to do. To
accomplish this, they should receive the source to said software. That's
what the GPLv2 is all about - providing the recipient of a piece of
software with the source code to that software and the freedom to modify
it as they desire. It is only once they decide to *further distribute*
the software that they are restricted. At that point the only
restrictions placed on them is that they provide the source - thereby
giving the recipient the same rights bestowed upon them by *their* provider.

No one has said that you can't charge whatever you like for your
software *or* that you have to give the code away to the world - they
are saying that if you provide a binary then you should provide the
recipients of that binary with the corresponding source and the right to
change it and distribute it as they see fit.

While that *can* present a situation where you sell software to PERSON_A
and PERSON_A distributes the code to whomever they choose, it's a
perfectly reasonable assumption that that is not likely to occur in a
high-end software field because no corporation or organization will want
to give away something for which they had to pay top dollar.

Testing the software has nothing to do (as far as licensing goes) with a
final, released GPL product. You can release the alpha and beta releases
under whatever license you want to. Just license the final product under
the GPL.

In no way is anyone saying you can't make a comfortable living writing
code and that you have to go through life as a beggar.

Disclaimer: In no way am I suggesting that anyone should use the GPL
over another license. When I talk about releasing code under the GPL in
previous paragraphs I am speaking for hypothetical situations. I have
only been involved with GPL software for a limited time, 4-5 years, so
my understanding of GPL/v2 may be incorrect.

kmw

--

Quis custodiet ipsos custodes

Re: Dell Poweredge 1650/2650 + OpenBSD4.2 + PF - Maximum PPS

[Henning Brauer]

* Falk Brockerhoff [EMAIL PROTECTED] [2008-01-09 17:24]:
 Henning Brauer wrote:
 well, that has been detailed to this list a hundred times...
 not much tuning required.

 Oh, sorry, I should have had a look at the mailing list archive. I'm not 
 reading the list all the time. Thank you for your hint!

 GENERIC kernel, no SMP (hurts in that case), right amount of RAM (a gig is 
 plenty), good NICs (usually server-grade ems in my case)

 Hm, without a SMP enabled kernel the system wouldn't take any advantage of 
 the dual cpu board, right? So a single CPU system would really be the 
 better choice for firewalling services?

unless you run heavy proxies or other stuff in userland, yes
(that might change in future tho)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Apache box behind Openbsd

[Whyzzi]

Did you follow 6.2.7 part of the OpenBSD F.A.Q.?

http://www.openbsd.org/faq/faq6.html#Setup.forward

Cheers,
PV

On 08/01/2008, Sewan [EMAIL PROTECTED] wrote:
 Hi,

 I have an apache-php website running on windows server 2003 port 80, i have
 correct rdr rules that pointing my web server, i can view website inside my
 LAN, but i can't view page outside of my network. I've checked all dns- ip
 settings, everything's fine but problem continues. I've read at some forums
 that apache doesn't recognize rdr rules from openbsd, so how can i publish
 my site ? Thanks...

 --
 View this message in context: 
 http://www.nabble.com/Apache-box-behind-Openbsd-tp14692638p14692638.html
 Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: OpenBSD and ISDN TA

[Peter N. M. Hansteen]

Ray Percival [EMAIL PROTECTED] writes:

I think ISDN is one of those technologies a significant part of the
OpenBSD population would be very happy to suppress any remaining
memories of.

 I'm getting flashbacks just reading this.

yes, the pain.  the pain.  we hates it, preciousss

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD supported servers ?

[Falk Brockerhoff]

Lars NoodC)n wrote:

we're using G5 HP DL360 and DL380 with no problems whatsoever.


Except that the machine uses Intel Celeron/Xeon/Pentium and not G5.  Had
my hopes up for a second or two there until I saw the actual spec sheet.


I think he meant HP DL360/DL380 G5 (Generation five), not the G5 
processor :-)



-Lars


Falk

Re: Pre-Orders for Limited Edition Puffy the Blowfish

[Alexander Hall]

Steve Shockley wrote:

Eric Furman wrote:

You mean you killed a poor innocent puffy fish to make your unethical
corporate dollars? I'll have to report you to rms.
Free puffy fish for all!


No, it's okay; he borrowed the knife from someone else.


Are you sure? I heard he had someone else to do it, and his lawyer said 
it was all fine.


/Alexander

Re: spamd-setup hangup/timeout settings

[Mike Erdely]

On Wed, Jan 09, 2008 at 09:59:58AM -0500, Frank Bax wrote:
 Are there any alternative?  /etc/mail/spamd.conf mentions 
 www.de.openbsd.org; but Beck's traplist.gz is not actually mirrored there.

You could point to a local copy (/var/db/traplist.gz) in spamd.conf
and download it in a separate cron process.

-ME

Re: OSS v4.0 released under BSD license

[Jacob Meuser]

On Wed, Jan 09, 2008 at 05:45:21PM +0100, Jonathan Schleifer wrote:
 Deanna Phillips [EMAIL PROTECTED] wrote:
 
  Should a worthy
  alsa-only *open source* app appear, I'm sure that someone could
  port it to Sun audio.
 
 What about libjingle for example? It's opensource and used by all
 Jabber clients which support VoIP - and it only supports ALSA (at least
 the last time I looked at it - it wouldn't even compile without it).

what about it?  it's open source, so port it to audio(4).  do you
think this would be harder than implementing an ALSA emulation
layer?  do you think that using an ALSA emulation layer would make
it work better than if it were ported to audio(4)?

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: OSS v4.0 released under BSD license

[Jacob Meuser]

On Wed, Jan 09, 2008 at 02:14:27PM +0100, Jonathan Schleifer wrote:
 Jacob Meuser [EMAIL PROTECTED] wrote:
 
  that would require kernel level ALSA emulation, just as we have kernel
  level OSS emulation for linux binaries using OSS.  I have absolutely
  no interest in that whatsoever.  you'd have better luck convincing
  Adobe to make an OpenBSD native version of their plugin.
 
 That wouldn't be required if we have a different alsa-lib than normal
 linux systems have. It's possible that compiling libsalsa for Linux and
 using in with compat_linux is already enough.

some more excerpts from libsalsa/README:

--
SALSA - Simple ALSA emulation library for OSS
=

The sole purpose of this library is to make certain key ALSA applications
to work with OSS. This is necessary just because some Linux distributions
don't ship utilities like esd or xmss with OSS support compiled in.

This library has been programmed using brute force methods and it's
not designed to be any programming example. We didn't make any attempt to get
all ALSA applications to work with it. Most applications support the OSS
API directly so there is no need for doing this.
-

and don't forget, you are suggesting to distribute a *linux binary*
of *GPL* software.  obviously this could not be distributed as
part of OpenBSD.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: [Fwd: Open-Hardware]

[Jacob Meuser]

On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote:

 Daniel then brought up the idea of CD sales. Something you can buy and
 put an exact digital replica of online.

are sure about that?  and what about the sticker(s) that come with the
CDs?  and the artwork on the insert?  and the preprinted installation
instructions?

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: OpenBSD and ISDN TA

[Shohrukh Shoyoqubov]

There is a Sangoma card supported by OpenBSD, it is ISDN PRI (T1/E1) though,
not BRI. I think it is A101, not sure about other models.

2008/1/9, SeDoFa [EMAIL PROTECTED]:

 Simply question: does OpenBSD support ISDN?

 I have great interest to use OpenBSD as ISDN router with an external
 ISDN terminal adapter (USB interface).

 Until now I didn't find any configuration hints for ISDN devices under
 OpenBSD. I have found only a project called
 isdn4bsd, but unfortunately, there is no maintainer on OpenBSD.

 Any suggestions?

 Thanks

Re: [Fwd: Open-Hardware]

[Marco Peereboom]

You can stop the GPL propaganda here.  We have wasted enough time
rehashing it.  You are not going to convince anybody here that some
random person has more rights than the author of the software.  The end,
get over it, walk it off.

RMS tried with circle talk to convince people and lost many acolytes in
the process.  GNU  FSF are disingenuous organizations that are and
unable to read a dictionary.  That makes people angry so stop parroting
their manure here.

A few more cronies also tried and failed at convincing anyone of the
GPL teachings.  Yes we get your point and we think it is stupid.  No
need to discuss it or try to explain it again.  We get it.

On Wed, Jan 09, 2008 at 10:44:44AM -0500, Kevin Wilcox wrote:
 chefren wrote:

 On 1/9/08 12:54 AM, Eric Furman wrote:

 This is one of the most retarded things I've ever read.
 You might get one wanker to pay for it, but if it comes
 in non-binary with all the source what's to stop them
 from posting it on the internet and everybody else
 getting it for free?

 You got the point, Richard doesn't respect creators. He wants every 
 programmer to go through life as beggar like he does himself. Giving in 
 that that's impossible, that you cannot raise children that way doesn't 
 matter to him.

 Following Richard Stallman's theories everyone may make money with his 
 creation/work except a programmer. Richard Stallman /says/ a programmer 
 may earn money 1 time and than the code should be free after that.

 Why he says so is clueless, he clearly cannot explain how a programmer 
 should make money if it's about a lot of work that is just a little 
 feature for a lot of people, such a programmer should go around and ask a 
 milion users a cent before he lets them test the code. Because the moment 
 he let other people test it, the code should be for grabs too. Richard 
 want's such a programmer to spam the world about a little feature to get 
 money for it.

 This man has no respect for programmers, clearly doesn't understand why 
 money was invented and how a market can be a very reasonable way to let 
 people earn money.

 I don't think either of you have a firm grasp of what's being said with
 regards to selling free software. Or of the GPL in general.

 The use of the word free has nothing to do with price, it is that the
 recipient of a piece of software has the freedom to modify the software
 as they see necessary so that it does what they want it to do. To
 accomplish this, they should receive the source to said software. That's
 what the GPLv2 is all about - providing the recipient of a piece of
 software with the source code to that software and the freedom to modify
 it as they desire. It is only once they decide to *further distribute*
 the software that they are restricted. At that point the only
 restrictions placed on them is that they provide the source - thereby
 giving the recipient the same rights bestowed upon them by *their* provider.

 No one has said that you can't charge whatever you like for your
 software *or* that you have to give the code away to the world - they
 are saying that if you provide a binary then you should provide the
 recipients of that binary with the corresponding source and the right to
 change it and distribute it as they see fit.

 While that *can* present a situation where you sell software to PERSON_A
 and PERSON_A distributes the code to whomever they choose, it's a
 perfectly reasonable assumption that that is not likely to occur in a
 high-end software field because no corporation or organization will want
 to give away something for which they had to pay top dollar.

 Testing the software has nothing to do (as far as licensing goes) with a
 final, released GPL product. You can release the alpha and beta releases
 under whatever license you want to. Just license the final product under
 the GPL.

 In no way is anyone saying you can't make a comfortable living writing
 code and that you have to go through life as a beggar.

 Disclaimer: In no way am I suggesting that anyone should use the GPL
 over another license. When I talk about releasing code under the GPL in
 previous paragraphs I am speaking for hypothetical situations. I have
 only been involved with GPL software for a limited time, 4-5 years, so
 my understanding of GPL/v2 may be incorrect.

 kmw

 -- 

 Quis custodiet ipsos custodes

vlan trunking OpenBSD/Cisco switch

[Der Engel]

Hello,

Is it posible to do vlan trunking between an OpenBSD and a cisco
switch? I know you can create vlan interfaces in OpenBSD but how would
they be trunk with the switch?

In the physical interface (hostname.fxp1) i should just put 'up'?  Do
you have to set some kind of native  vlan here?

Example:

$ cat /etc/hostname.fxp1
up

$ cat /etc/hostname.vlan0
inet 172.21.0.31 255.255.255.0 NONE vlan 2 vlandev fxp1


I don't have a spare box to test this right now, so any  guidelines,
advice or tips on how to this would be greatly apreciated as i have to
do this overnight.

Thanks

Der

Re: Improving disk reliability

[knitti]

On 1/9/08, NetOne - Doichin Dokov [EMAIL PROTECTED] wrote:
 Bacula (www.bacula.org) is your friend.

yes, bacula is great. I just discovered, that it is in ports (even as
package available), so I have to use it on OpenBSD yet, but it
can't be harder to set up than on other platforms.

I prefer it to amanda, because (at least as I had to find a suitable
solution 1.5 years ago) it was the only one which could do
multi-volume-backups. It also works flawless with disk-based
backups, simple tape drive and larger tape libraries.


--knitti

Re: vlan trunking OpenBSD/Cisco switch

[Falk Brockerhoff]

Der Engel wrote:


Hello,


Hi,


Is it posible to do vlan trunking between an OpenBSD and a cisco
switch? I know you can create vlan interfaces in OpenBSD but how would
they be trunk with the switch?


Yes, without any problems.

$ cat /etc/hostname.em5 
 media 100baseTX 
mediaopt full-duplex

description Link to vtsw03 F0/33 Trunk
up

cat /etc/hostname.vlan130 
   vlan 130 vlandev em5 
description Public Services

inet 10.0.130.33 255.255.255.224
up

On Cisco side:

interface FastEthernet0/33
 description temp. Uplink to brain
 duplex full
 speed 100
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no cdp enable
end


Thanks

Der


Regards,

Falk

Re: [Fwd: Open-Hardware]

[bofh]

On Jan 9, 2008 1:52 PM, Jacob Meuser [EMAIL PROTECTED] wrote:

 On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote:

  Daniel then brought up the idea of CD sales. Something you can buy and
  put an exact digital replica of online.

 are sure about that?  and what about the sticker(s) that come with the
 CDs?  and the artwork on the insert?  and the preprinted installation
 instructions?


This is beyond silly.  FSF/GNU used to sell tapes of GPLed stuff too.  I'm
sure it came with pre-printed instructions as well.  No idea about artwork
or stickers however.  But splitting hairs is not useful.



-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.  --
Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: OpenBSD and ISDN TA

[Stuart Henderson]

On 2008/01/09 18:37, Peter N. M. Hansteen wrote:
 Ray Percival [EMAIL PROTECTED] writes:
 
 I think ISDN is one of those technologies a significant part of the
 OpenBSD population would be very happy to suppress any remaining
 memories of.
 
  I'm getting flashbacks just reading this.
 
 yes, the pain.  the pain.  we hates it, preciousss

run H.323 and you can experience much of that same pain again
and more besides :-)

Re: Pre-Orders for Limited Edition Puffy the Blowfish

[ropers]

Ok, Puffy, I'm assuming good faith on your side, so let me explain
why you're being slightly mocked here:

There was a huge toss-up some time ago about some person selling
OpenBSD t-shirts on Cafepress without Theo's/Wim's/Ty's permission.
The misc crowd will undoubtedly correct me if I'm wrong or if things
have changed, but the way I remember things, the sticking points were:
- OpenBSD is BSD licensed.
- Most OpenBSD Puffy artwork is not.
- The non-BSD licensed images may be used for positive promotional use
w/o checking with Theo/Wim/Ty (that permission is given on the
website).
- If you want to do anything potentially infringing with the non-BSD
licensed artwork, you need to ask Theo/Wim/Ty first.

From your emails, it seems to me as if maybe you haven't done that and
maybe you aren't aware of your rights and obligations. So if you're
serious, then you probably should talk to Theo or Wim or Ty and work
things out, and only come back to this list once you actually have
something to offer that is non-infringing and real,  preferably with
non-Photoshop^WGIMPed pictures. If you don't do that, you'll probably
only find yourself earning more ridicule. That's not a NO to your
initiative. Plush Puffy was created some time ago:
https://https.openbsd.org/images/pluffy.jpg and is still available:
https://https.openbsd.org/cgi-bin/order.eu
So it can be done, and if you really want to and are able to do
something cool that helps the project financially, then more power to
you. If however you're only looking to earn a few quick bucks for
yourself, then you may not get a lot of takers here.

Thanks and regards,
--ropers

Re: Help with root partition on RaidFrame

[Jurjen Oskam]

On Tue, Jan 08, 2008 at 10:22:04PM -0800, William Sloan wrote:

 OpenBSD 4.2-stable (RAID) #3: Mon Jan  7 17:45:05 PST 2008
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAID
 cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC  
[...]
 root on wd0a swap on wd0b dump on wd0b
 raid0: Component /dev/sd0a being configured at row: 0 col: 0
  Row: 0 Column: 0 Num Rows: 1 Num Columns: 2
  Version: 2 Serial Number: 123456 Mod Counter: 638
  Clean: Yes Status: 0
 raid0: Component /dev/sd1a being configured at row: 0 col: 1
  Row: 0 Column: 1 Num Rows: 1 Num Columns: 2
  Version: 2 Serial Number: 123456 Mod Counter: 638
  Clean: Yes Status: 0
 raid0 at root

It looks like you're booting a kernel that was compiled without the
RAID_AUTOCONFIG option set. The system boot script will automatically
configure raid0 if the file /etc/raid0.conf (on wd0) exists, so that explains
why raid0 gets configured after the location of the root filesystem is
determined. 

Try recompiling a kernel with RAID_AUTOCONFIG set, and boot from that.
Don't create an /etc/raid0.conf. Not in /etc on wd0, and not in /etc on
raid0. Do create one on another location on wd0 though, it might come
in handy later.

-- 
Jurjen Oskam

Savage's Law of Expediency:
You want it bad, you'll get it bad.

Re: [Fwd: Open-Hardware]

[chefren]

On 1/9/08 9:10 PM, bofh wrote:

On Jan 9, 2008 1:52 PM, Jacob Meuser [EMAIL PROTECTED] wrote:


On Wed, Jan 09, 2008 at 10:07:50AM -0500, Kevin Wilcox wrote:


Daniel then brought up the idea of CD sales. Something you can buy and
put an exact digital replica of online.

are sure about that?  and what about the sticker(s) that come with the
CDs?  and the artwork on the insert?  and the preprinted installation
instructions?



This is beyond silly.  FSF/GNU used to sell tapes of GPLed stuff too.  I'm
sure it came with pre-printed instructions as well.  No idea about artwork
or stickers however.  But splitting hairs is not useful.



With OpenBSD the stickers, printed installation and artwork are copyright Theo 
de Raadt.


You cannot legally sell your own copies of the CD set or use artwork for 
commercial purposes without permissions of Theo.


+++chefren

facts about OpenBSD

[Nikns Siankin]

Facts about OpenBSD:

# Stable release cycle. 
  If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! 
  But don't forget to buy release CD's!!!
# Secure By Default.
  OpenBSD uses broken WEP for securing WiFi networks.
  Has no WPA/WPA2 support.
# Do not let serious problems sit unsolved. 
  OpenBSD doesn't need MAC because it has their own security flawed systrace.
# Use of Cryptography. 
  OpenBSD uses file-backed encryption (svnd) which is very suited
  for Full-disk-encryption. NOT.
# Full Disclosure. 
  OpenBSD at first denies remote exploitable flaws. 
  DoS flaws gets marked as reliability not security issues.
# Easy maintainable. 
  OpenBSD distributes source patches to make your farm of
  Pentium2 firewalls updated easly.
# Secure Distribution.
  The most secure operation system gets distributed on FTP servers
  as unsigned binaries.


Disclaimer: Like it or not. I'm OpenBSD user for 4 years.
Shit on my head - shit on all OpenBSD supporters.



I'm not subscribed, cc me, if have something to say.

OT Re: OpenBSD and ISDN TA

[Diana Eichert]

On Wed, 9 Jan 2008, Stuart Henderson wrote:


run H.323 and you can experience much of that same pain again
and more besides :-)


(now we digress)

give me X.25 any day, instead of this new fangled ISDN technology.

diana

Re: vlan trunking OpenBSD/Cisco switch

[Diana Eichert]

On Wed, 9 Jan 2008, Falk Brockerhoff wrote:


On Cisco side:

interface FastEthernet0/33
description temp. Uplink to brain
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport mode trunk
no cdp enable
end

Regards,

Falk


Not that this is meant to be a Cisco training class, but if your Cisco 
device has a lot of VLANS on it they will all be available to the OpenBSD 
system once you configure the Cisco interface to:

switchport trunk encapsulation dot1q

So if you don't want them all to be available down stream you should 
filter them out on the Cisco side.


diana

flamewars : 9 Tips for Dealing with Idiots on the Internet

[xavier brinon]

Seems to be a must read




Sent to you by Xavier Brinon via Google Reader:



Online Survival Guide: 9 Tips for Dealing with Idiots on the Internet
via Internet Duct Tape by engtech on 09/01/08






My first experience with online communication was bulletin board
systems in the early 90s. The more things change, the more they stay
the same. The experience of running a blog is almost exactly the same
as it was running a BBS 15 years ago. The only difference is the sheer
number of channels available for communication.

Where there was once up to 100 to 200 local BBSes there are now so
many online forums for communication that it might as well be
infinite., New forums for communication are being created all the
time. Mainstream sites like the New York Times let you comment on
articles, and each person has their own discussion forum thanks to
sites like Facebook and MySpace.


When I was involved in the BBS/IRC scene as a teenager I was
surrounded by flame wars; one-upmanship was part of the attraction. I
thought it was because of the immaturity of the participants, but now
I think it is a natural offshoot of digital communication. We lose all
the visual and auditory cues that are a normal part of human dialog
and instead focus on words that can be easy to misinterpret
(especially if looking for a reason to fight). quoting myself

Winter is one of the worst for flame wars because environmental
conditions make people more irritable and more likely to spend more
time online. Here are some tips for navigating online discussions from
someone who has been participating and managing public forums for over
15 years.
Tips for Administrators
Tip #1: Disemvowel


From Wikipedia: In the fields of Internet discussion and forum
moderation, disemvoweling is the removal of vowels from text either as
a method of self-censorship, or as a technique by forum moderators to
censor Internet trolling and other unwanted posting. When used by a
forum moderator, the net effect of disemvowelling text is to render it
illegible or legible only through significant cognitive effort.

Xeni Jardin, co-editor of Boing Boing says of the practice, the
dialogue stays, but the misanthrope looks ridiculous, and the
emotional sting is neutralized.

This original sentence:

In the fields of Internet discussion and forum moderation,
disemvoweling (also spelled disemvowelling) is the removal of vowels
from text.

would be disemvowelled to look like this:

n th flds f ntrnt dscssn nd frm mdrtn, Dsmvwlng (ls splld dsmvwllng) s
th rmvl f vwls frm txt.

You can disemvowel any text using this tool. There is also a Firefox
extension that lets you disemvowel comments if you're a WordPress
administrator. The same guy has a Firefox extension for handling
religious trolls.
Tip #2: Temporarily disable comments for that post

This works well if you've been linked to from another site and it's
bringing a lot of tolls (IE: Digg, Slashdot). You can turn the
comments on after a day or two without having to wade through the 100+
comments telling you how much of an idiot you are because they don't
agree with some minor minutiae of your argument.
Tip #3: Take the discussion to email

Nothing kills a flame war like removing the audience.


Quoting myself: There is a different between scrawling messages on a
public site and having a one on one conversation. The flame wars that
are routine on some sites rarely exist in personal email. People stop
being disembodied words and ideas and you remember that there is a
person behind all of that typing.

Comment Ninja is a handy Firefox extension for WordPress blog
administrators that makes it easy to respond to commenters on your
blog by email.
Tip #4: Never post personal information

Because you are an administrator, you have access to a commenters
email address and their IP address. This information is usually enough
to find out anything else you want to about who they are. (IE: put
their email address into Facebook to find their real name, use their
IP address to find out where they work)

It can be tempting to deal with a troll by removing their anonymity,
but making it personal can change a one time nuisance into someone
with a grudge that won't go away.
Tips for Anyone
Tip #5: Let it stew

If something really gets your goat, then sit on it. Come back and
re-read what bothered you later on and you may find that you were
reading between the lines and interpreting an emotional undertone that
isn't there. The human mind is great at adding missing context, but it
can also trick you into reading what you want to believe.

Revisiting something that filled you with rage days latter can leave
you scratching your head trying to find what it was that pulled your
chain.
Tip #6: Leave it where you found it

As I said earlier, it is ridiculously easy to collect personal
identifying information about someone and find other parts of their
online identity. Other than bringing a public argument to a private
means of communication, you 

Re: OpenBSD and ISDN TA

[Diana Eichert]

On Wed, 9 Jan 2008, Christian Weisgerber wrote:


Well, you can hook up ISDN TAs with a serial port that look like a
dial-up modem (AT command set etc.).  However, I think these have
long since disappeared from the market.

--
Christian naddy Weisgerber  [EMAIL PROTECTED]


I just shutdown my Zyxel external ISDN TA 6 weeks ago after using it for 
over 10 years.  You can connect to it via serial cable at least 460Kbaud, 
that is if you have a serial port available that can run at greater than 
115k.


diana

Re: [Fwd: Open-Hardware]

[bofh]

On Jan 9, 2008 3:29 PM, chefren [EMAIL PROTECTED] wrote:


 On 1/9/08 9:10 PM, bofh wrote:
 
  This is beyond silly.  FSF/GNU used to sell tapes of GPLed stuff too.
  I'm
  sure it came with pre-printed instructions as well.  No idea about
 artwork
  or stickers however.  But splitting hairs is not useful.

 With OpenBSD the stickers, printed installation and artwork are copyright
 Theo
 de Raadt.

 You cannot legally sell your own copies of the CD set or use artwork for
 commercial purposes without permissions of Theo.


I don't get your point.  When you buy the CD, the CD is what you're buying.
The artwork comes with it.  So does the sticker.  So does that thin plastic
wrapper.  And the CD case.  But you are not buying the CD set for those
things.  You are buying it for the source code and binaries on the CD, and
to support OpenBSD.

If you _are_ buying the CDs only for the stickers, then obviously this point
does not apply to you.


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.  --
Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: vlan trunking OpenBSD/Cisco switch

[Thomas Börnert]

hello,

it works.

on openbsd

trunk device em0

ifconfig vlan 1 vlandev em0 up (for example)

on cisco (2950 or 2960)

interface GigabitEthernet0/1
 switchport trunk allowed vlan 1
 switchport mode trunk
 no cdp enable
 spanning-tree portfast trunk
 spanning-tree bpdufilter enable

thats all

  - Thomas

On Wednesday 09 January 2008 20:18, you wrote:
 Hello,

 Is it posible to do vlan trunking between an OpenBSD and a cisco
 switch? I know you can create vlan interfaces in OpenBSD but how would
 they be trunk with the switch?

 In the physical interface (hostname.fxp1) i should just put 'up'?  Do
 you have to set some kind of native  vlan here?

 Example:

 $ cat /etc/hostname.fxp1
 up

 $ cat /etc/hostname.vlan0
 inet 172.21.0.31 255.255.255.0 NONE vlan 2 vlandev fxp1


 I don't have a spare box to test this right now, so any  guidelines,
 advice or tips on how to this would be greatly apreciated as i have to
 do this overnight.

 Thanks

 Der

Re: OT Re: OpenBSD and ISDN TA

[Marco S Hyman]

Diana Eichert writes:
  On Wed, 9 Jan 2008, Stuart Henderson wrote:
  
   run H.323 and you can experience much of that same pain again
   and more besides :-)
  
  (now we digress)
  
  give me X.25 any day, instead of this new fangled ISDN technology.

Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book version,
none of that fancy new red or blue book stuff.

It scares me that I remember such stuff.

// marc

OT: Fiber NIC for OpenBSD router

[Daniel Ouellet]

Hi,

I am getting really stuck here.

Can anyone tell me if they know of a good PCI fiber card that is still 
available for 100Mb today.


All the fiber port cards I am looking at are now all  1Gb.

I would prefer get them new obviously as it's very important where they 
are use and run lots of VoIP on them too, but worst case I could get 
some on EBay as a last choice.


Looks like none are sold anymore for 100Mb however.

Anyone could tell me otherwise, I would be great full.

This is to replace a bunch of Cisco router that run 100Mb fiber, but all 
the infrastructure are massive and run 100Mb fiber, so replacing all is 
not possible for any time soon.


Worst case, I could may be get fiber to FastEthernet converter, but that 
add more device in the path, with I sure hell always avoid to add more 
device and love the KISS gold principal, but even more the problem is 
each fiber also have a bunch of VLAN on them from 10 on small one to 60 
on the biggest one and none of the converter works well with that VLAN 
additional tags in pass experience if at all in some cases like HP 
switches in some cases.


I need 12 of them! (;

I am open to any other suggestions as well that I may not have though of 
too.


In the end, these 12, may well turn into 12 OSPF OpenBSD router on the 
back of a much bigger Cisco router for now.


Best,

Daniel

Re: OSS v4.0 released under BSD license

[Marco S Hyman]

Deanna Phillips writes:
  But for Linux binary emulation?  No way.  If you want that, run
  Linux.  What kind of people run Linux binaries on OpenBSD,
  anyway?  Don't give me that I need Flash, since I spent months
  of my life working on Gnash for OpenBSD just so you wouldn't
  have to use the Adobe Linux binary.. and more months working on
  PJSIP so that you wouldn't have to use Skype.

Uhhh, railing against Linux binary emulation is fine, but don't
use gnash as your argument.  Gnash is not usable.  It may play
the run-of-the-mill youtube video, but using it for just about
anything else does no more than leave a dump file on disk.

// marc

Re: facts about OpenBSD

[Marc Balmer]

Nikns Siankin wrote:


Facts about OpenBSD:

# Stable release cycle. 
  If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! 
  But don't forget to buy release CD's!!!

# Secure By Default.
  OpenBSD uses broken WEP for securing WiFi networks.
  Has no WPA/WPA2 support.
# Do not let serious problems sit unsolved. 
  OpenBSD doesn't need MAC because it has their own security flawed systrace.
# Use of Cryptography. 
  OpenBSD uses file-backed encryption (svnd) which is very suited

  for Full-disk-encryption. NOT.
# Full Disclosure. 
  OpenBSD at first denies remote exploitable flaws. 
  DoS flaws gets marked as reliability not security issues.
# Easy maintainable. 
  OpenBSD distributes source patches to make your farm of

  Pentium2 firewalls updated easly.
# Secure Distribution.
  The most secure operation system gets distributed on FTP servers
  as unsigned binaries.


Disclaimer: Like it or not. I'm OpenBSD user for 4 years.
Shit on my head - shit on all OpenBSD supporters.


you are free to use any other operating system if you don't
like OpenBSD.





I'm not subscribed, cc me, if have something to say.

Re: OT Re: OpenBSD and ISDN TA

[Diana Eichert]

On Wed, 9 Jan 2008, Marco S Hyman wrote:


Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book version,
none of that fancy new red or blue book stuff.

It scares me that I remember such stuff.

// marc


Where a triple-X pad is not a description of some leftover Hippie from 
the 60's cabin in the wilderness used by all for Free(GPL) Love. ;-)


diana

Re: OSS v4.0 released under BSD license

[Deanna Phillips]

Marco S Hyman writes:

 Deanna Phillips writes:
   But for Linux binary emulation?  No way.  If you want that, run
   Linux.  What kind of people run Linux binaries on OpenBSD,
   anyway?  Don't give me that I need Flash, since I spent months
   of my life working on Gnash for OpenBSD just so you wouldn't
   have to use the Adobe Linux binary.. and more months working on
   PJSIP so that you wouldn't have to use Skype.

 Uhhh, railing against Linux binary emulation is fine, but don't
 use gnash as your argument.  Gnash is not usable.  It may play
 the run-of-the-mill youtube video, but using it for just about
 anything else does no more than leave a dump file on disk.

; Do something about it
; Use another OS
; Complain

Which are you doing?

Re: facts about OpenBSD

[Antoine Jacoutot]

On Wed, 9 Jan 2008, Nikns Siankin wrote:

Disclaimer: Like it or not. I'm OpenBSD user for 4 years.
Shit on my head - shit on all OpenBSD supporters.


What's your point? I mean, why do you want anyone to shit all over..?
If you don't like it, don't use it.

--
Antoine

Re: OT Re: OpenBSD and ISDN TA

[Ray Percival]

On Jan 9, 2008, at 14:24, Diana Eichert [EMAIL PROTECTED] wrote:


On Wed, 9 Jan 2008, Marco S Hyman wrote:

Yeah, X.25 with a triple-X pad (X.3/X.28/X.29). a Yellow book  
version,

none of that fancy new red or blue book stuff.

It scares me that I remember such stuff.

// marc


Where a triple-X pad is not a description of some leftover Hippie  
from the 60's cabin in the wilderness used by all for Free(GPL)  
Love. ;-)


Hahahah.


diana

Re: OT: Fiber NIC for OpenBSD router

[Stuart Henderson]

On 2008/01/09 17:00, Daniel Ouellet wrote:
 Can anyone tell me if they know of a good PCI fiber card that is still 
 available for 100Mb today.

Good? Don't know. But it looks like D-Link DFE-550FX are available
(at least in europe) and maybe worth a try (you'll need to at least
add 550FX's pci id 0x1003 to sys/dev/pci/pcidevs under 550TX, run
'make', and add a matching line to pci_matchid in if_ste.c. I don't
know what chance we have of supporting the PHY).

Google (100basefx pci) finds some others from less-known makers which
may or may not be supported.

A possible alternative: you can get 100baseFX SFPs for some gigabit
switches, you can probably find something which does handle vlans ok.

Re: OSS v4.0 released under BSD license

[Marco S Hyman]

Deanna Phillips writes:
  ; Do something about it
  ; Use another OS
  ; Complain
  
  Which are you doing?

None of the above.   I ignore flash.  My comment was only to point out
that gnash is not the best example to show why Linux emulation isn't
needed.  Oh, I ignore Linux emulation, too.

Neither is needed in my tiny little world.

// marc

Re: [Fwd: Open-Hardware]

[Jacob Meuser]

On Wed, Jan 09, 2008 at 04:10:07PM -0500, bofh wrote:

 I don't get your point.

then please clear you mind and go back and reread my post.  I did not
say anything about GNU/FSF but somehow that came up in your reply.
I can only assume that you were caught up in arguing and not really
paying attention to the two sentences I quoted or my response.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Advice requested on security issues

[Jussi Peltola]

On Wed, Jan 09, 2008 at 03:14:35PM +, Russell Gadd wrote:
 Unfortunately some bank sites do use javascript and I have a concern 
 over cross site scripting - only because I have yet to look deeper into 
 this to see what the risks are. But  if I never visit non-bank sites is 
 this a problem?
It very much is: if the bank site somehow gives you javascript which
performs a transaction as you, it is very problematic and may make it
very difficult to prove you were attacked, since the requests seem to
come from you. This is not XSS in the literal sense (the site attacks
itself so it is not cross-site), unless one banking site attacks another
one, but I think that will not comfort you much if you get attacked :)

This, however, requires that the bank site is exploitable, and since one
of the starting points is trusting the bank, you should be rather safe 
if you only visit bank sites, assuming you trust the SSL cert to make
sure you really are connecting to the bank and not an impostor.

If you are feeling paranoid, you can contain the damage to one bank by
clearing your cookies between sessions and not using two banks at the
same time.

Trusting SSL also means you have to type your URLs carefully. Most
people do not type 'https://' but trust that an insecure connection will
redirect them to the real site, which is not safe, since you could be
redirected to another site in another domain with a similar name, and at
least some browsers allow javascript to change the address bar, making
the attack hard to detect.

Checking the SSL certificate reveals that kind of trickery: if you
connected to another domain, the certificate can't be the one your bank
uses (unless the browser / SSL library, the CA or the bank screws up -
but those are again things you just have to trust.)

You can get some extra security by disabling JavaScript, because XSS
holes in the bank's system may not mean the attacker can do anything
else than XSS, but we are getting close to the unavoidable problem: you
have to trust the bank, and you can only try to mitigate the effects of
the bank getting compromised, preventing it is up to the bank.

And getting back to reality from all this paranoia: you are already
light years ahead of a normal Windows PC, and compromise is pretty damn
unlikely. The riskiest part I can see is your browser, but if you only
visit banks, the real attack vectors require subverting your SSL
implementation, the CA or the bank itself. This is almost definitely
possible with enough resources, but it is probably not feasible to mount
such an attack - that, however, depends on how much money you have :)

On another note, if security is this important, you always need to buy
the CDs to make sure your OpenBSD is not compromised, and installing
patches is difficult: how do you get them securely, and can you even
trust the OpenBSD project? 

Set some reasonable goal for your security, or you can't do online
banking at all. Paranoia is very good for security, and thinking of all
the possibilities is both entertaining and educational, but in practice
you always have to trust something, so there is no absolute security.

The final point I'd like to make is that we trust our browsers so much
it is pretty scary. They are probably not very secure (I am too bad a
programmer to really say anything, but the exploits seem to keep
appearing), but usually the most security-critical things a Joe User
does involves one, and often it is the Microsoft one.

-- 
Jussi Peltola

Re: OT Re: OpenBSD and ISDN TA

[Nick Bender]

 give me X.25 any day, instead of this new fangled ISDN technology.

Don't forget to run uucp over it ;-)

Re: facts about OpenBSD

[Jacob Yocom-Piatt]

Marc Balmer wrote:

Nikns Siankin wrote:


Facts about OpenBSD:

# Stable release cycle.   If you want to run latest bugfree ClamAV or 
FireFox - upgrade to CURRENT!   But don't forget to buy release CD's!!!

# Secure By Default.
  OpenBSD uses broken WEP for securing WiFi networks.
  Has no WPA/WPA2 support.
# Do not let serious problems sit unsolved.   OpenBSD doesn't need 
MAC because it has their own security flawed systrace.
# Use of Cryptography.   OpenBSD uses file-backed encryption (svnd) 
which is very suited

  for Full-disk-encryption. NOT.
# Full Disclosure.   OpenBSD at first denies remote exploitable 
flaws.   DoS flaws gets marked as reliability not security issues.
# Easy maintainable.   OpenBSD distributes source patches to make 
your farm of

  Pentium2 firewalls updated easly.
# Secure Distribution.
  The most secure operation system gets distributed on FTP servers
  as unsigned binaries.




Facts about Nikns Siankin:

# Whiner.  He bitches incessantly about stuff and does nothing to fix 
it.  AFAICT he's even saying that purchasing the CDs is pointless.
# Jerk.  He ignores that most of the development time that goes into 
OpenBSD is DONATED by highly-skilled individuals.  You can only add as 
many bells and whistles as you have resources and time.
# Misleading.  He claims the system is distributed on FTP servers and 
elects not to note that code is available via cvs over ssh.
# Ignorant.  OpenBSD has myriad additional security technologies in it 
that help to moderate vulnerabilities in poorly coded applications like 
firefox and clamav.
# Idiot.  By whining in a totally counterproductive fashion he alienates 
himself from those who would otherwise, provided his requests were 
reasonable, help him out.





Disclaimer: Like it or not. I'm OpenBSD user for 4 years.
Shit on my head - shit on all OpenBSD supporters.


you are free to use any other operating system if you don't
like OpenBSD.





I'm not subscribed, cc me, if have something to say.





--

Re: Open Source Article Spawns Interesting Ethical Question

[Tobias Weingartner]

In article [EMAIL PROTECTED], chefren wrote:
  On 1/8/08 11:28 PM, Marco Peereboom wrote:
 
  2. Same NIC without flash/ROM bad
 
  Eh, that's just a meaningless pile of transistors.

Surely you jest?  An FPGA is a meaningless pile of transistors?
Weird...

-Toby.
-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

Re: [Fwd: Open-Hardware]

[Tobias Weingartner]

In article [EMAIL PROTECTED], chefren wrote:
 
  It's misleading to call GNU GNU it should be called BSD/GNU.
 
  BSD/GPL
  BSD/GPLvX
 
  Somewhat more typing but good PR.

Again, I surely hope you jest?

Please don't associate me or anything I currently code on with the GPL.
Why would you want to?  Seriously?  Use the GPL if that is what you wish,
but why taint what BSD is with the GPL, even the mention of GPL?  To get
publicity?  Someone said that 'there ain't no such thing as bad publicity',
a stupid statement if I ever heard one.  From the PR standpoint, even
thinking about BSD/GPL or BSD/GNU is almost absurd.


Anyhow, my $0.02 worth,

-Toby.
-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

Re: [Fwd: Open-Hardware]

[Tobias Weingartner]

In article [EMAIL PROTECTED], Kevin Wilcox wrote:
 
  Testing the software has nothing to do (as far as licensing goes) with a
  final, released GPL product. You can release the alpha and beta releases
  under whatever license you want to. Just license the final product under
  the GPL.

If the testing software was originally licensed with the GPL, this is
not true.  The license does not cease to exist (nor copyright law) just
because you are only distributing an alpha or beta product.

-Toby.
-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax