question to normal user
Hallo, I am use OpenBSD since 5 years. Thank you for all for this wonderfull work. I have a small company in Hamburg and all my server work with OpenBSD. At the moment I use OpenBSD 4.2. I have some question about normal user. I add a user with adduser. It works fine. All user can change from her home directory into every other directory. By my anonymous ftp server gives a ftpchroot file. I my opinion thats must by give for a normal user too. How can I put it a normal user in a jail? I found no answer in the internet. Thank you for help Joerg
Re: question to normal user
Hi, On Sun, Jan 20, 2008 at 09:10:21AM +0100, Jvrg Klein wrote: I add a user with adduser. It works fine. All user can change from her home directory into every other directory. By my anonymous ftp server gives a ftpchroot file. I my opinion thats must by give for a normal user too. How can I put it a normal user in a jail? You cannot put logins under a chroot, the users need access to /bin, /lib, /usr/bin, /usr/lib and practically all the other directories on the machine. You would have to copy almost the whole OS into their home directory to make it work. If you want to prevent users from looking at each others' files, chmod their home directories to 711. There is very little reason to chroot users in a secure system, just chmod your secrets so they can not see them. -- Jussi Peltola
Re: ibm thinkpad x60s + suspend mode
On Jan 19, 2008 11:24 PM, Jussi Peltola [EMAIL PROTECTED] wrote: Oh - and to answer your question, not that I know of. Sorry. I read tphdisk could work in my case. The only thing I don't really know if the tphdisk could be put on a partition that isn't the first one ? - benont
Re: cwm background invoking mutt
On 2008/01/20 16:28, Chris wrote: After reading the undeadly post on cwm(1) I am trying it out in Xnest(1). I was wondering how I could get a background image like the one shown in undeadly. I guess you're talking about Jasper's article, http://216.194.67.89/cgi?action=articlesid=20070712103624 You can use xloadimage from ports, there are various alternatives (most X image viewers allow you to do this - look for something like display an image on the root window). The transparent terminals might be from something like aterm with the -tr option. Also, I can't invoke mutt using C-/ although I have a symlink in .calmwm/. GUI apps like firefox and soffice fire up fine. xterm -e mutt
Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2
From: Richard Daemon [mailto:[EMAIL PROTECTED] On Jan 19, 2008 8:31 PM, Schvberle Daniel [EMAIL PROTECTED] wrote: Hi all! I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran into a small problem regarding mount_mfs. I solved it, but in case anybody else runs into it, here's something for the archives. I run the box from a 512MB CF and, originally, with very limited memory. The /var, tmp and /dev are mount_mfs and during the upgrade I had trobule with mounting /dev. I used to mount /dev with the following line: swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0 It seems that sometime after 4.1 was released (probably during ffs2 development) mount_mfs was changed in such a way that it doesn't allow very high density for inodes. This resulted in mount_mfs failing on replicating the /dev and me getting a readonly /dev, which resulted in a box that I couldn't login into remotly (with ssh). Luckily you I could still issue commands with winscp or login locally. After couple of tests I concluded that mount_mfs simply ignores density settings lower than 1024, so I changed the /dev to settings to the following line: swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0 Now everything is ok, I'm happy and sice CF is in a new box with lots of memory I'm not trying to squeeze every byte out of it. Maybe this maximal density could be documented somehow? I glanced at the mkfs.c and saw that, in theory, it should warn the user when reducing the density but I never got a warning during my tests. dmesg in case anybody needs it: snip dmesg Wow, very weird that you post this. I just noticed the exact same thing yesterday too. Upgraded from 4.0-stable to 4.2-stable on a WRAP (pcengines.ch) box with my 512M CF and /dev entries failing as well. My previous inode settings used to be: swap /dev mfs rw,-P=/.devtmp,-s=1200,-i=128 0 0 but that crapped out in 4.2. I changed it to -s=3072, -i=128 just to get it fully working properly and I haven't looked into it further yet, but wondering if I'm better off maybe trying higher inode (like yours) but lower MFS size such as -s=1024 because I'm limited in memory (128M total). Other than that, is an MFS /dev size bigger than 1M even needed? I'd really like to reduce as much as possible. Thanks for the post! I'm new to this mailing list and so far, it's great! No, I don't think you'd ever need a /dev this big, but in order to get the needed number of inodes you have to push the size up. Your line is ok, but maybe you should put i=1024 instead of i=128, so you know what the real values are - that's what it's using anyway With 128MB you really shouldn'y worry. I was concerned because I had only 32MB or 48MB. mount_mfs doesn't really use the memory untill it's needed, so you could make, say 100GB mfs on a box with 128MB of RAM and it would work as long as you've got memory to hold the files. Regardnig /dev, you really don't need much as it's a small filesystem, but sometimes you can get real files in there. This is what happend once to my lil' box (I had a _real_ /dev/null) and it crapped out because it ran out of memory. After that I reduced the /dev as much as I could, I didn't want another local DoS to happen. I have 512MB now and couldn't care less if /dev is 0.1 or 1 MB, and with 128MB you shouldn't either, especially since it gets allocated only if really needed by the files.
Re: Concurrecnt PPPoE(4)?
So, as per my understanding so far, packets are routed correctly from internet to pppoe0, but responses from pppoe0 are going through pppoe1 which is wrong... So... 1) internet packets pppoe0 got through correctly and worked. 2) pppoe0 response pppoe1 wrong and dropped by the ISP. And I need to change 2) to... 3) pppoe0 response pppoe0 Or am I terribly wrong?
Re: Concurrecnt PPPoE(4)?
2008/1/20, Jussi Peltola [EMAIL PROTECTED]: On Sun, Jan 20, 2008 at 07:13:02AM +0200, Jussi Peltola wrote: On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote: pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ from any to pppoe0 I don't think that will work. Anyone trying to reach pppoe0 will not get routed out on pppoe1. Hmm, actually that rule is almost correct, and I ended up getting confused... What you probably mean is: pass out on pppoe1 route-to (pppoe0 pppoe0:peer) from pppoe0 to any Hey, I have tried the following: reply-to: 1) pass in on pppoe0 reply-to pppoe0 from any to pppoe0 It just works, both traceroute, ping, and ssh route-to 2) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any 3) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any 4) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any pass in on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0 pass in on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0 2) 3) and 4) works with traceroute and ping from the outside, but not ssh. So, do I need to use some kind of packet management with tag to get route-to to work? Or would using reply-to suffice? What I am worried about is this section from pf.conf(5): reply-to The reply-to option is similar to route-to, but routes packets that pass in the opposite direction (replies) to the specified inter- face. Opposite direction is only defined in the context of a state entry, and reply-to is useful only in rules that create state. It can be used on systems with multiple external connections to route all outgoing packets of a connection through the interface the in- coming connection arrived through (symmetric routing enforcement). Opposite direction is only defined in the context of a state entry, and reply-to is useful only in rules that create state. - as far as I know of, only TCP connections has states, but not UDP... so what I am worried about is that reply-to does not work with UDP connections? I don't have a UDP service to test this out now, but I probably will have some UDP service in the future. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Concurrecnt PPPoE(4)?
2008/1/21, Sunnz [EMAIL PROTECTED]: route-to 2) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any 3) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any 4) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any pass in on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0 pass in on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0 2) 3) and 4) works with traceroute and ping from the outside, but not ssh. Oh, what was I thinking!! it should be like pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any ^^ Right? Ok I just tested that one out as well... does not work neither... (with 2,3,4) -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Concurrecnt PPPoE(4)?
On 2008/01/21 00:31, Sunnz wrote: So, do I need to use some kind of packet management with tag to get route-to to work? Or would using reply-to suffice? Just use reply-to, that's what it's for. Opposite direction is only defined in the context of a state entry, and reply-to is useful only in rules that create state. - as far as I know of, only TCP connections has states, but not UDP... see pfctl -ss.
Re: Concurrecnt PPPoE(4)?
Sunnz P=P0P?P8QP0: 2008/1/21, Sunnz [EMAIL PROTECTED]: route-to 2) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any 3) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any 4) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any pass in on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0 pass in on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0 2) 3) and 4) works with traceroute and ping from the outside, but not ssh. Oh, what was I thinking!! it should be like pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any ^^ Right? Ok I just tested that one out as well... does not work neither... (with 2,3,4) http://www.openbsd.org/faq/pf/pools.html#outgoing
Re: Concurrecnt PPPoE(4)?
On Mon, Jan 21, 2008 at 12:31:35AM +1100, Sunnz wrote: Opposite direction is only defined in the context of a state entry, and reply-to is useful only in rules that create state. - as far as I know of, only TCP connections has states, but not UDP... so what I am worried about is that reply-to does not work with UDP connections? I don't have a UDP service to test this out now, but I probably will have some UDP service in the future. pf keeps state on UDP (and ICMP) just fine. -- Jussi Peltola
Re: Concurrecnt PPPoE(4)?
On Mon, Jan 21, 2008 at 12:38:36AM +1100, Sunnz wrote: 2008/1/21, Sunnz [EMAIL PROTECTED]: route-to 2) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any 3) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any 4) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any pass in on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0 pass in on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0 2) 3) and 4) works with traceroute and ping from the outside, but not ssh. Oh, what was I thinking!! it should be like pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any This probably fails because of stateful filtering: the connection is to pppoe0:0 but the replies are from pppoe0:0, and the rule will not match them when it is stateful. Try adding no state to your rules (which is not recommended) or using reply-to. -- Jussi Peltola
Re: Concurrecnt PPPoE(4)?
On Mon, Jan 21, 2008 at 12:18:26AM +1100, Sunnz wrote: So, as per my understanding so far, packets are routed correctly from internet to pppoe0, but responses from pppoe0 are going through pppoe1 which is wrong... So... 1) internet packets pppoe0 got through correctly and worked. 2) pppoe0 response pppoe1 wrong and dropped by the ISP. And I need to change 2) to... 3) pppoe0 response pppoe0 Or am I terribly wrong? That is correct as far as I can see. -- Jussi Peltola
Re: Concurrecnt PPPoE(4)?
2008/1/21, Jussi Peltola [EMAIL PROTECTED]: pf keeps state on UDP (and ICMP) just fine. -- Jussi Peltola Oh I see, that's very nice, thanks for all the help everyone! -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2
On Jan 20, 2008 5:51 AM, SchC6berle DC!niel [EMAIL PROTECTED] wrote: From: Richard Daemon [mailto:[EMAIL PROTECTED] On Jan 19, 2008 8:31 PM, Schvberle Daniel [EMAIL PROTECTED] wrote: Hi all! I've just upgraded my firewall from OpenBSD 4.0 to 4.2-stable and ran into a small problem regarding mount_mfs. I solved it, but in case anybody else runs into it, here's something for the archives. I run the box from a 512MB CF and, originally, with very limited memory. The /var, tmp and /dev are mount_mfs and during the upgrade I had trobule with mounting /dev. I used to mount /dev with the following line: swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0 It seems that sometime after 4.1 was released (probably during ffs2 development) mount_mfs was changed in such a way that it doesn't allow very high density for inodes. This resulted in mount_mfs failing on replicating the /dev and me getting a readonly /dev, which resulted in a box that I couldn't login into remotly (with ssh). Luckily you I could still issue commands with winscp or login locally. After couple of tests I concluded that mount_mfs simply ignores density settings lower than 1024, so I changed the /dev to settings to the following line: swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0 Now everything is ok, I'm happy and sice CF is in a new box with lots of memory I'm not trying to squeeze every byte out of it. Maybe this maximal density could be documented somehow? I glanced at the mkfs.c and saw that, in theory, it should warn the user when reducing the density but I never got a warning during my tests. dmesg in case anybody needs it: snip dmesg Wow, very weird that you post this. I just noticed the exact same thing yesterday too. Upgraded from 4.0-stable to 4.2-stable on a WRAP (pcengines.ch) box with my 512M CF and /dev entries failing as well. My previous inode settings used to be: swap /dev mfs rw,-P=/.devtmp,-s=1200,-i=128 0 0 but that crapped out in 4.2. I changed it to -s=3072, -i=128 just to get it fully working properly and I haven't looked into it further yet, but wondering if I'm better off maybe trying higher inode (like yours) but lower MFS size such as -s=1024 because I'm limited in memory (128M total). Other than that, is an MFS /dev size bigger than 1M even needed? I'd really like to reduce as much as possible. Thanks for the post! I'm new to this mailing list and so far, it's great! No, I don't think you'd ever need a /dev this big, but in order to get the needed number of inodes you have to push the size up. Your line is ok, but maybe you should put i=1024 instead of i=128, so you know what the real values are - that's what it's using anyway With 128MB you really shouldn'y worry. I was concerned because I had only 32MB or 48MB. mount_mfs doesn't really use the memory untill it's needed, so you could make, say 100GB mfs on a box with 128MB of RAM and it would work as long as you've got memory to hold the files. Regardnig /dev, you really don't need much as it's a small filesystem, but sometimes you can get real files in there. This is what happend once to my lil' box (I had a _real_ /dev/null) and it crapped out because it ran out of memory. After that I reduced the /dev as much as I could, I didn't want another local DoS to happen. I have 512MB now and couldn't care less if /dev is 0.1 or 1 MB, and with 128MB you shouldn't either, especially since it gets allocated only if really needed by the files. Thank you very much for the reply! Much appreciate your suggestions and advice.
Re: 2008 Approved cryptographic algorithms -- Government of Canada
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday, 03.01.2008 at 13:01 -0500, scott wrote: Referencing: http://www.cse-cst.gc.ca/services/crypto-services/crypto-algorithms-e.html It is now 2008 and, per above link, the CSE de-lists certain HASH and HMAC standards and algorithms, namely sha-1 is bumped to sha-224 (as a minimum) including its downstream incorporations/reliances. With regard to openBSD's the broad sheet of crypto software -- ssh in particular but not just ssh -- in so far as I can see from userland (aka a non-developer) the userland user-interface presently limits in places to sha-1. Not saying that oBSD is/isn't/should/shall be CSE compliant but rather working from the premise that the CSE document is of merit and any such de-listings are noteworthy, will the 2008 openBSD releases 4.3 and 4.4 include -- i.e. pace -- and make usable at the userland user-interface levels (e.g. sshd_config MACs, et al) the modern standards and algorithms. The above is an interesting issue. A related issue: is there any simple way to, say, disable use of a particular algorithm entirely? For example, if a serious compromise is found in an algorithm, can use of it (through whichever context: ssh, gpg, hashing, something else) be disabled? Dave. - -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92 iD8DBQFHk2Q4nhBnac0o2pIRApAeAKDJ6xVaFLePpCYdEhAS1LNUeixkRQCgt4yt E/bW1rD0EcGk1Omg5Yns8QA= =sbH3 -END PGP SIGNATURE-
OpenCVS?
Hi, Just wondering what the status of OpenCVS is. Is it still being actively worked on more or on the back burner for now? Just curious to know. TIA.
Re: OpenCVS?
On 2008/01/20 10:22, Richard Daemon wrote: Just wondering what the status of OpenCVS is. Is it still being actively worked on more or on the back burner for now? See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/
Re: Reversing audio channels
Antti Harri writes: how can I reverse the audio output, left-right and right-left channel? It would help with the placement of my PC's speakers. Depends on your hardware. Some have kernel flags for it, so look in the manpage for your device.
Reversing audio channels
Hi, how can I reverse the audio output, left-right and right-left channel? It would help with the placement of my PC's speakers. -- Antti Harri
miniPCI Wi-Fi cards in Moscow (Russia)
Does anyone know a place I can buy some non-Intel miniPCI Wi-Fi card in Moscow (Russia)? Just need to replace miniPCI ipw3945 which has hardware rf_kill switch bound to Windows-only software controlling the Fn button on laptop's keyboard. Or maybe anyone knows the way to somehow disable the hard rf_switch? -- Dmitrij D. Czarkoff
Looking for advice on wireless mini-pci cards for WAP (Soekris4801, OpenBSD4.2)
Hi I recently built an wireless access point using a Soekris 4801 with Atheros AR5212 and OBSD4.2 (flashimg-2007110) I bought two Atheros cards for the WAP and the client laptop, because the ath(4) manpage indicated that 802.11a/g operation was possible. In actuality turns out 802.11a or g just don't want to work in my setup regardless of client OS (and from further research online others have had that issue too, doh!) Ok so live and learn... Now, I want to change the mini-pci adapter on my Soekris 4801 from ath0 to something else, so that I may enjoy robust 802.11g (and/or 802.11a). I have read recent threads on ral(4) and also looked at pgt(4) also and my gut feeling is that I should probably buy two Ralink Technology IEEE 802.11a/b/g wireless mini-pci cards. Any thoughts, or insights, suggestions as to which of the mini-pci cards below work *really well* with a Soekris 4801 box? Amigo AWI-922W, Billionton MIWLGRL, Gigabyte GN-WIKG, Gigabyte GN-WI01GS, Gigabyte GN-WI02GM, MSI MP54G2, MSI MS-6833, Tonze PC-620C, Zinwell ZWX-G36 Thanks in advance for any info. :-) Best regards, Andre
Re: Reversing audio channels
On Sun, 20 Jan 2008, Deanna Phillips wrote: Depends on your hardware. Some have kernel flags for it, so look in the manpage for your device. It's emu, which doesn't support it? Why is the reverse feature in the driver layer, and not in more generic layer? -- Antti Harri
Re: cksum: out of data
On Sat, Jan 19, 2008 at 05:33:58PM +0100, Dirk Mast wrote: Hello, my dmesg is filled with this message cksum: out of data and i can't find out from where it is (has something to do with the internet connection going up and down). It's a Alix 2c3 Board running as a DSL-Router and what I suspect might be the issue is serving a sixxs.net IPv6 tunnel (via aiccu). /var/log/messages contain this message everytime the internet connection goes down /bsd: cksum: out of data Is this message something to ignore, or to investigate further? i had these appear on machine about june/july of last year, which was running -current. i discussed it with some developers, but no one ever got to the bottom of it. then they stopped. i don;t know why, but presumably after installing a newer snapshot. then this week they came back, two or three times, again on a box running -current (as of jan 9th). i haven;t seen them in a few days (nor have i upgraded the box). sorry i can;t be of more help. oh, i run a sixxs tunnel too ;) jmc
Re: Reversing audio channels
Antti Harri writes: On Sun, 20 Jan 2008, Deanna Phillips wrote: Depends on your hardware. Some have kernel flags for it, so look in the manpage for your device. It's emu, which doesn't support it? Why is the reverse feature in the driver layer, and not in more generic layer? The OpenBSD mixer is very simple and many things like this are hardware-dependent or left to userland. Get some new speakers. :)
Re: Reversing audio channels
On Sun, 20 Jan 2008, Antti Harri wrote: Hi, how can I reverse the audio output, left-right and right-left channel? It would help with the placement of my PC's speakers. -- Antti Harri Ahh, .. swap the speakers or wires?? Lee
Re: OpenCVS?
Stuart Henderson wrote: See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ I'm slighly confused by something if the cvs command in OpenBSD 4.2 is OpenCVS, why does cvs --help refer to places like cvshome.org for updates etc? -Nix Fan.
Re: OpenCVS?
On 2008/01/20 10:15, Unix Fan wrote: Stuart Henderson wrote: See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ I'm slighly confused by something if the cvs command in OpenBSD 4.2 is OpenCVS, it isn't - not everything in source is linked to the build yet.
Re: Reversing audio channels
On Sun, 20 Jan 2008, L. V. Lammert wrote: Ahh, .. swap the speakers or wires?? I still don't understand why such a simple thing isn't implemented in the software.. Yeah yeah missing the daemon other crap. I guess I'll have to swap the places of the speakers, it would have been better as is and swapped the output of sound card. -- Antti Harri
Re: OpenCVS?
On 20 Jan 2008 10:15:15 -0800, Unix Fan [EMAIL PROTECTED] wrote: Stuart Henderson wrote: See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ I'm slighly confused by something if the cvs command in OpenBSD 4.2 is OpenCVS, why does cvs --help refer to places like cvshome.org for updates etc? -Nix Fan. Forgot to cc: misc... Sorry. The cvs version shipped with OpenBSD is still GNU CVS, even in -current. -- Pierre Riteau
Re: Reversing audio channels
Antti Harri P=P0P?P8QP0: On Sun, 20 Jan 2008, L. V. Lammert wrote: Ahh, .. swap the speakers or wires?? I still don't understand why such a simple thing isn't implemented in the software.. Yeah yeah missing the daemon other crap. I guess I'll have to swap the places of the speakers, it would have been better as is and swapped the output of sound card. It would be better to code what you want, instead of wonder and bark here oh, why is this not done?!. It would have taken you no more than 10 mins to reverse the cables. Oh - you can also try installing Windows and try to switch the channels there (and then go complain to Microsoft that you can't).
Re: OpenCVS?
OpenCVS is not compiled or installed by default, yet, but the CVS in src/gnu/usr.bin/cvs/ is. Regards, Andreas On 20 Jan 2008 10:15:15 -0800, Unix Fan [EMAIL PROTECTED] wrote: Stuart Henderson wrote: See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ I'm slighly confused by something if the cvs command in OpenBSD 4.2 is OpenCVS, why does cvs --help refer to places like cvshome.org for updates etc? -Nix Fan. -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Reversing audio channels
On 20/01/2008, Antti Harri [EMAIL PROTECTED] wrote: On Sun, 20 Jan 2008, L. V. Lammert wrote: Ahh, .. swap the speakers or wires?? I still don't understand why such a simple thing isn't implemented in the software.. Next you'd want it to fetch your slippers and serve you coffee as well... :-) -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: OpenCVS?
On Sun, Jan 20, 2008 at 06:31:48PM +, Stuart Henderson wrote: On 2008/01/20 10:15, Unix Fan wrote: Stuart Henderson wrote: See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ I'm slighly confused by something if the cvs command in OpenBSD 4.2 is OpenCVS, it isn't - not everything in source is linked to the build yet. However, those interested in using/testing OpenCVS should take a peek at their /usr/src/usr.bin/cvs/README file as a start. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: OpenCVS?
On 20 Jan 2008 10:15:15 -0800, Unix Fan [EMAIL PROTECTED] wrote: Stuart Henderson wrote: See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/ I'm slighly confused by something if the cvs command in OpenBSD 4.2 is OpenCVS, why does cvs --help refer to places like cvshome.org for updates etc? If you take a look at src/usr.bin/Makefile [0], you'll notice that 'cvs' (as well as 'pcc', BTW) is not (yet) connected to the build. The one that is connected is the GNU CVS from src/gnu/usr.bin/cvs/. On the other hand, the situation with rcs is different -- OpenRCS was connected to the build before OpenBSD 4.0, and GNU RCS was completely removed from the source tree before OpenBSD 4.1. br, cnst.su. [0] http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/Makefile
Re: Reversing audio channels
On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote: It would have taken you no more than 10 mins to reverse the cables. Oh - you can also try installing Windows and try to switch the channels there (and then go complain to Microsoft that you can't). Haahaa. very funny. Now why would I rip a perfectly good cable? Or why would I waste lots of money on new speakers? Are you trying to say that OpenBSD's sound card support rocks and kicks ass? Do some research, even the devs acknowledge that it is not the best in the world. Don't get me wrong, I appreciate their code and effort, it's idiots like you that I hate. PS. A small adapter that switches the cables would be okayish. -- Antti Harri
Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2
SchC6berle DC!niel wrote: ... swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0 Now everything is ok, I'm happy and sice CF is in a new box with lots of memory I'm not trying to squeeze every byte out of it. I have -s=3000 which seems to work fine. -s=2500 seems to sometimes run out of inodes. Maybe this maximal density could be documented somehow? I glanced at the mkfs.c and saw that, in theory, it should warn the user when reducing the density but I never got a warning during my tests. When I try setting the inode density lower, I don't get a warning either, but then I'm also using 4.2 i386 stable generic. -Lars
Re: Reversing audio channels
Antti Harri ??: On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote: It would have taken you no more than 10 mins to reverse the cables. Oh - you can also try installing Windows and try to switch the channels there (and then go complain to Microsoft that you can't). Haahaa. very funny. Now why would I rip a perfectly good cable? Or why would I waste lots of money on new speakers? Did I say to rip the cable? Grab a male and a female connector, cross-connect them, and you're done. Are you trying to say that OpenBSD's sound card support rocks and kicks ass? Do some research, even the devs acknowledge that it is not the best in the world. Am I? I'm writing in English, would you mind reading my statement again? Don't get me wrong, I appreciate their code and effort, it's idiots like you that I hate. Idiots are people that tend to classify other people withouth knowing anything about them. Now, read again and see who does that. PS. A small adapter that switches the cables would be okayish. See? You've got the solution by yourself. But waaait, it was a lot of a hell better to bark on the mailing list calling people names, wasn't it? Still wishing you the best, the Idiot
Re: Reversing audio channels
On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote: Antti Harri ??: On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote: It would have taken you no more than 10 mins to reverse the cables. Oh - you can also try installing Windows and try to switch the channels there (and then go complain to Microsoft that you can't). Haahaa. very funny. Now why would I rip a perfectly good cable? Or why would I waste lots of money on new speakers? Did I say to rip the cable? Grab a male and a female connector, cross-connect them, and you're done. In the middle of the night, on Sunday? I hate these fucking flame wars on [EMAIL PROTECTED] should never post here.. You either get no answer here or get flamed. I just asked a simple question and the got the answer from Deanna which verified my original feeling. So you can continue if you want, I'm out. -- Antti Harri
Re: Reversing audio channels
On 2008/01/20 21:11, Antti Harri wrote: On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote: It would have taken you no more than 10 mins to reverse the cables. Oh - you can also try installing Windows and try to switch the channels there (and then go complain to Microsoft that you can't). Haahaa. very funny. Now why would I rip a perfectly good cable? Or why would I waste lots of money on new speakers? Are you trying to say that OpenBSD's sound card support rocks and kicks ass? Do some research, even the devs acknowledge that it is not the best in the world. Don't get me wrong, I appreciate their code and effort, it's idiots like you that I hate. PS. A small adapter that switches the cables would be okayish. Wouldn't it be simpler to put the left speaker where the right speaker is, and vice-versa?
Re: Reversing audio channels
On Sun, 20 Jan 2008, Stuart Henderson wrote: Wouldn't it be simpler to put the left speaker where the right speaker is, and vice-versa? No, that's why I was asking how to do it in software, maybe I didn't say this clearly enough in the original post. I can do it, and probably will as there clearly isn't any other solution. It's just more ugly if I have to change their physical places. -- Antti Harri
Re: cksum: out of data
Jason McIntyre wrote: On Sat, Jan 19, 2008 at 05:33:58PM +0100, Dirk Mast wrote: Hello, my dmesg is filled with this message cksum: out of data and i can't find out from where it is (has something to do with the internet connection going up and down). It's a Alix 2c3 Board running as a DSL-Router and what I suspect might be the issue is serving a sixxs.net IPv6 tunnel (via aiccu). /var/log/messages contain this message everytime the internet connection goes down /bsd: cksum: out of data Is this message something to ignore, or to investigate further? i had these appear on machine about june/july of last year, which was running -current. i discussed it with some developers, but no one ever got to the bottom of it. then they stopped. i don;t know why, but presumably after installing a newer snapshot. then this week they came back, two or three times, again on a box running -current (as of jan 9th). i haven;t seen them in a few days (nor have i upgraded the box). sorry i can;t be of more help. oh, i run a sixxs tunnel too ;) jmc sorry i can;t be of more help. oh, i run a sixxs tunnel too ;) Seems like we can somehow reduce the problem ;) I'll now stop running aiccu for 2 days or so, hopefully the messages will disappear then. Actually I think they don't represent a too big problem, but a spammed dmesg/messages is not nice and something which writes there should have a reason to do so.
Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2
On Sun, Jan 20, 2008 at 09:46:27PM +0200, Lars Nood??n wrote: SchC6berle DC!niel wrote: ... swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0 Now everything is ok, I'm happy and sice CF is in a new box with lots of memory I'm not trying to squeeze every byte out of it. I have -s=3000 which seems to work fine. -s=2500 seems to sometimes run out of inodes. Maybe this maximal density could be documented somehow? I glanced at the mkfs.c and saw that, in theory, it should warn the user when reducing the density but I never got a warning during my tests. When I try setting the inode density lower, I don't get a warning either, but then I'm also using 4.2 i386 stable generic. -Lars The density you are getting is on target. The thing that changed is that the minimum number of cylinder groups is now 4. That means more meta data overhead and less data space, hence less inodes. [EMAIL PROTECTED]:60]$ sudo mount_mfs -s 700 -i 256 swap /mnt mount_mfs: reduced number of fragments per cylinder group from 80 to 72 to enlarge last cylinder group [EMAIL PROTECTED]:62]$ df -i /mnt Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted on mfs:15606 173 1 164 1% 1 6370% /mnt [EMAIL PROTECTED]:63]$ 173k of data with 4 inodes per k resulting in 638 inodes is about right. To sqeeze more inodes out of a small file system you can use -c and smaller fragment and block size, but ir remains a bit of a black art. e.g. [EMAIL PROTECTED]:64]$ sudo mount_mfs -s 700 -c 700 -i 256 -f 512 -b 4096 swap /mnt mount_mfs: reduced number of fragments per cylinder group from 696 to 512 to enlarge last cylinder group [EMAIL PROTECTED]:65]$ df -i /mnt Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted on mfs:26011 181 0 172 0% 110210% /mnt [EMAIL PROTECTED]:66]$ -Otto
Re: Looking for advice on wireless mini-pci cards for WAP (Soekris4801, OpenBSD4.2)
On Sun, 20 Jan 2008 10:49:11 -0500, Andre Pierre wrote: Hi I recently built an wireless access point using a Soekris 4801 with Atheros AR5212 and OBSD4.2 (flashimg-2007110) I bought two Atheros cards for the WAP and the client laptop, because the ath(4) manpage indicated that 802.11a/g operation was possible. In actuality turns out 802.11a or g just don't want to work in my setup regardless of client OS (and from further research online others have had that issue too, doh!) Ok so live and learn... Now, I want to change the mini-pci adapter on my Soekris 4801 from ath0 to something else, so that I may enjoy robust 802.11g (and/or 802.11a). I have read recent threads on ral(4) and also looked at pgt(4) also and my gut feeling is that I should probably buy two Ralink Technology IEEE 802.11a/b/g wireless mini-pci cards. Any thoughts, or insights, suggestions as to which of the mini-pci cards below work *really well* with a Soekris 4801 box? Amigo AWI-922W, Billionton MIWLGRL, Gigabyte GN-WIKG, Gigabyte GN-WI01GS, Gigabyte GN-WI02GM, MSI MP54G2, MSI MS-6833, Tonze PC-620C, Zinwell ZWX-G36 Thanks in advance for any info. I have zero issues with MSI either PCI or miniPCI for quite some time. Back to 3.9 or 4.0 IIRC. :-) Best regards, Andre Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: OpenCVS?
Unix Fan [EMAIL PROTECTED] writes: Is there a list of GNU software being installed on my computer? The contents of /usr/src/gnu should give you an idea. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Reversing audio channels
On Sun, Jan 20, 2008 at 09:11:55PM +0200, Antti Harri wrote: On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote: It would have taken you no more than 10 mins to reverse the cables. Oh - you can also try installing Windows and try to switch the channels there (and then go complain to Microsoft that you can't). Haahaa. very funny. Now why would I rip a perfectly good cable? Or why would I waste lots of money on new speakers? Are you trying to say that OpenBSD's sound card support rocks and kicks ass? Do some research, even the devs acknowledge that it is not the best in the world. well, that is changing. the devices *I* use work every bit as well, if not better than, they do with any other OS. especialy since there is 0 configuration, where other OSes have kernel modules to build, etc ... Don't get me wrong, I appreciate their code and effort, it's idiots like you that I hate. PS. A small adapter that switches the cables would be okayish. just buy a splitter and swap the wires on one side. mini-sereo splitters are like $3 at the local general store. or you could use that JACK port I sent to ports@, which allows you to do this sort of thing *in software*. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Reversing audio channels
On Sun, Jan 20, 2008 at 08:32:12PM +0200, Antti Harri wrote: On Sun, 20 Jan 2008, L. V. Lammert wrote: Ahh, .. swap the speakers or wires?? I still don't understand why such a simple thing isn't implemented in the software.. because our current mixer is just an interface to the *hardware* mixer. we don't do any *software* mixing in the kernel. Yeah yeah missing the daemon other crap. we have a simple and straight forward audio/mixer API. this allows us to focus on *hardware* support in the kernel, which (should) make userland *software* easier to code (less complicated). bloating the kernel with *software* features doesn't appeal to me. I guess I'll have to swap the places of the speakers, it would have been better as is and swapped the output of sound card. if that is supported by the *hardware*, then there should be a mixer item. otherwise, it should be left to userland *software*. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Reversing audio channels
On Sun, Jan 20, 2008 at 09:30:58PM +0200, Antti Harri wrote: I hate these fucking flame wars on [EMAIL PROTECTED] should never post here.. especially not things like I don't understand why simple things like that can't be implemented in the software. You either get no answer here or get flamed. everyone who flamed gave you a solution. you're the only one calling anyone names. the answers aren't what you want, but they're not flames. I just asked a simple question that's how you started, then you complained ... and the got the answer from Deanna which verified my original feeling. So you can continue if you want, I'm out. -- Antti Harri -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Reversing audio channels
On 1/20/08, Antti Harri [EMAIL PROTECTED] wrote: On Sun, 20 Jan 2008, Deanna Phillips wrote: Depends on your hardware. Some have kernel flags for it, so look in the manpage for your device. It's emu, which doesn't support it? Why is the reverse feature in the driver layer, and not in more generic layer? it is in the generic layer, but the driver has to tell the ac97 layer to reverse the channels.
Re: Reversing audio channels
On Mon, Jan 21, 2008 at 12:01:56AM +, Jacob Meuser wrote: or you could use that JACK port I sent to ports@, which allows you to do this sort of thing *in software*. or mplayer -af channels=2:2:0:1:1:0 maybe other players can do this as well ... -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
You've received A Hallmark E-Card!
Hallmark.comShop OnlineHallmark MagazineE-Cards MoreAt Gold Crown You have recieved A Hallmark E-Card. Hello! You have recieved a Hallmark E-Card. To see it, click here, There's something special about that E-Card feeling. We invite you to make a friend's day and send one. Hope to see you soon, Your friends at Hallmark Your privacy is our priority. Click the Privacy and Security link at the bottom of this E-mail to view our policy. Hallmark.com | Privacy Security | Customer Service | Store Locator
Re: Reversing audio channels
On Sun, Jan 20, 2008 at 04:43:45PM -0800, Ted Unangst wrote: On 1/20/08, Antti Harri [EMAIL PROTECTED] wrote: On Sun, 20 Jan 2008, Deanna Phillips wrote: Depends on your hardware. Some have kernel flags for it, so look in the manpage for your device. It's emu, which doesn't support it? Why is the reverse feature in the driver layer, and not in more generic layer? it is in the generic layer, but the driver has to tell the ac97 layer to reverse the channels. that (AC97_HOST_SWAPPED_CHANNELS) just tells the ac97 layer to swap the gains (change the left gain when the request was to change the right gain), not the channels. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Reversing audio channels
Jacob Meuser writes: that (AC97_HOST_SWAPPED_CHANNELS) just tells the ac97 layer to swap the gains (change the left gain when the request was to change the right gain), not the channels. HD Audio can actually do it in the driver; I just don't think it's worth adding more mixer items. The most I've seen so far is 99, can anyone beat that? If anyone's feeling too lazy to move and has azalia... (from NetBSD) Index: azalia.h === RCS file: /cvs/src/sys/dev/pci/azalia.h,v retrieving revision 1.14 diff -u -p -r1.14 azalia.h --- azalia.h10 Oct 2007 03:39:21 - 1.14 +++ azalia.h21 Jan 2008 01:49:29 - @@ -554,6 +554,7 @@ typedef struct { #define MI_TARGET_ADC 0x105 #define MI_TARGET_VOLUME 0x106 #define MI_TARGET_EAPD 0x107 +#define MI_TARGET_LRSWAP 0x108 } mixer_item_t; #define VALID_WIDGET_NID(nid, codec) (nid == (codec)-audiofunc || \ Index: azalia_codec.c === RCS file: /cvs/src/sys/dev/pci/azalia_codec.c,v retrieving revision 1.46 diff -u -p -r1.46 azalia_codec.c --- azalia_codec.c 16 Dec 2007 18:48:19 - 1.46 +++ azalia_codec.c 21 Jan 2008 02:09:23 - @@ -679,6 +679,29 @@ azalia_generic_mixer_init(codec_t *this) this-nmixers++; } + if (w-widgetcap COP_AWCAP_LRSWAP) { + MIXER_REG_PROLOG; + DPRINTF((%s: lrswap %s\n, __func__, w-name)); + snprintf(d-label.name, sizeof(d-label.name), + %s.lrswap, w-name); + d-type = AUDIO_MIXER_ENUM; + if (w-type == COP_AWTYPE_PIN_COMPLEX) + d-mixer_class = AZ_CLASS_OUTPUT; + else if (w-type == COP_AWTYPE_AUDIO_INPUT) + d-mixer_class = AZ_CLASS_RECORD; + else + d-mixer_class = AZ_CLASS_INPUT; + m-target = MI_TARGET_LRSWAP; + d-un.e.num_mem = 2; + d-un.e.member[0].ord = 0; + strlcpy(d-un.e.member[0].label.name, AudioNoff, + MAX_AUDIO_DEV_LEN); + d-un.e.member[1].ord = 1; + strlcpy(d-un.e.member[1].label.name, AudioNon, + MAX_AUDIO_DEV_LEN); + this-nmixers++; + } + /* volume knob */ if (w-type == COP_AWTYPE_VOLUME_KNOB w-d.volume.cap COP_VKCAP_DELTA) { @@ -1004,6 +1027,15 @@ azalia_generic_mixer_get(const codec_t * mc-un.ord = result CORB_EAPD_EAPD ? 1 : 0; } + /* LR-Swap */ + else if (target == MI_TARGET_LRSWAP) { + err = this-comresp(this, nid, + CORB_GET_EAPD_BTL_ENABLE, 0, result); + if (err) + return err; + mc-un.ord = result CORB_EAPD_LRSWAP ? 1 : 0; + } + else { printf(%s: internal error in %s: target=%x\n, XNAME(this), __func__, target); @@ -1278,6 +1310,26 @@ azalia_generic_mixer_set(codec_t *this, if (err) return err; } + + /* LR-Swap */ + else if (target == MI_TARGET_LRSWAP) { + if (mc-un.ord = 2) + return EINVAL; + err = this-comresp(this, nid, + CORB_GET_EAPD_BTL_ENABLE, 0, result); + if (err) + return err; + result = 0xff; + if (mc-un.ord == 0) { + result = ~CORB_EAPD_LRSWAP; + } else { + result |= CORB_EAPD_LRSWAP; + } + err = this-comresp(this, nid, + CORB_SET_EAPD_BTL_ENABLE, result, result); + if (err) + return err; + } else { printf(%s: internal error in %s: target=%x\n,
Re: most secure graphical browser
Well short of building yourself into a faraday cage there is not much you can do to avoid van Eck sniffing. Also while LCD's are immune, I hear that a similar technique can be applied to LCD's. I am guessing sniffing LCD's is probably an order of magnatude more difficult than CRT tho. On 21/01/2008, Joachim Schipper [EMAIL PROTECTED] wrote: On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote: Most secure goes a long way. I run firefox on a sepperate user account. I doubt it's the most secure solution but it sure is quite a bit more secure, and I'm quite sure you really don't want to the most secure solution. :-) http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people That still leaves open a lot of possibilities for mischief [1]. Don't run trusted and untrusted programs on the same X server! Joachim [1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes, taking 'screenshots', and the like. Not things that are acceptable for a 'secure' desktop. -- TFMotD: flex (1) - fast lexical analyzer generator
Re: most secure graphical browser
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote: Most secure goes a long way. I run firefox on a sepperate user account. I doubt it's the most secure solution but it sure is quite a bit more secure, and I'm quite sure you really don't want to the most secure solution. :-) http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people That still leaves open a lot of possibilities for mischief [1]. Don't run trusted and untrusted programs on the same X server! Joachim [1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes, taking 'screenshots', and the like. Not things that are acceptable for a 'secure' desktop. -- TFMotD: flex (1) - fast lexical analyzer generator
Re: Reversing audio channels
On Sun, Jan 20, 2008 at 09:18:16PM -0500, Deanna Phillips wrote: Jacob Meuser writes: that (AC97_HOST_SWAPPED_CHANNELS) just tells the ac97 layer to swap the gains (change the left gain when the request was to change the right gain), not the channels. HD Audio can actually do it in the driver; I just don't think it's worth adding more mixer items. The most I've seen so far is 99, can anyone beat that? If anyone's feeling too lazy to move and has azalia... acer:~% mixerctl | wc -l 103 acer:~% mixerctl record.adc.mute=off record.adc=144,144 record.adc2.mute=off record.adc2=144,144 inputs.mix.mic.mute=off inputs.mix.mic2.mute=off inputs.mix.line.mute=off inputs.mix.speaker4.mu=off inputs.mix.speaker5.mu=off inputs.mix.speaker6.mu=off inputs.mix.headphones.=off inputs.mix.speaker.mut=off inputs.mix.speaker2.mu=off inputs.mix.speaker3.mu=off inputs.mix.mic=120,120 inputs.mix.mic2=120,120 inputs.mix.line=200,200 inputs.mix.speaker4=120,120 inputs.mix.speaker5=120,120 inputs.mix.speaker6=120 inputs.mix.headphones=120,120 inputs.mix.speaker=200,200 inputs.mix.speaker2=120,120 inputs.mix.speaker3=120,120 outputs.mix2=200,200 inputs.mix2.dac.mute=off inputs.mix2.mix.mute=off outputs.mix3=200,200 inputs.mix3.dac2.mute=off inputs.mix3.mix.mute=off outputs.mix4=200,200 inputs.mix4.dac3.mute=off inputs.mix4.mix.mute=off outputs.mix5=200,200 inputs.mix5.dac4.mute=off inputs.mix5.mix.mute=off outputs.headphones.sour=mix2 outputs.headphones.mute=off outputs.headphones=85,85 outputs.headphones.dir=output outputs.headphones.boos=off outputs.speaker.source=mix2 outputs.speaker.mute=off outputs.speaker=170,170 outputs.speaker.dir=output outputs.speaker.boost=on outputs.speaker2.source=mix5 outputs.speaker2.mute=off outputs.speaker2=170,170 outputs.speaker2.dir=output outputs.speaker2.boost=on outputs.speaker3.source=mix5 outputs.speaker3.mute=off outputs.speaker3=170,170 outputs.speaker3.dir=output outputs.speaker3.boost=on outputs.mic.source=mix3 outputs.mic.mute=off outputs.mic=85,85 outputs.mic.dir=output outputs.mic.boost=off outputs.mic2.source=mix5 outputs.mic2.mute=off outputs.mic2=85,85 outputs.mic2.dir=input outputs.mic2.boost=off outputs.line.source=mix4 outputs.line.mute=off outputs.line=255,255 outputs.line.dir=input outputs.line.boost=off outputs.speaker4.source=mix5 outputs.speaker4.mute=off outputs.speaker4=170,170 outputs.speaker4.dir=output outputs.speaker4.boost=on inputs.mix6.mic.mute=off inputs.mix6.mic2.mute=off inputs.mix6.line.mute=off inputs.mix6.speaker4.m=off inputs.mix6.speaker5.m=off inputs.mix6.speaker6.m=off inputs.mix6.headphones=off inputs.mix6.speaker.mu=off inputs.mix6.speaker2.m=off inputs.mix6.speaker3.m=off inputs.mix6.mix.mute=off inputs.mix7.mic.mute=off inputs.mix7.mic2.mute=off inputs.mix7.line.mute=off inputs.mix7.speaker4.m=off inputs.mix7.speaker5.m=off inputs.mix7.speaker6.m=off inputs.mix7.headphones=off inputs.mix7.speaker.mu=off inputs.mix7.speaker2.m=off inputs.mix7.speaker3.m=off inputs.mix7.mix.mute=off outputs.mix8=120,120 inputs.mix8.dac6.mute=off inputs.mix8.mix.mute=off inputs.usingdac=02030405 record.usingadc=0809 it takes a while to figure out what they all do, but the all do something. our current mixer setup doesn't handle complex stuff like this very well though. (from NetBSD) and that probably adds more controls. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Can I use citrus for current ?
if you want to use that patch, you need some modification that you can use the patch for current. i knew, no public cvs i think, if you want to use a korean(hangul) on openbsd, another method for korean, it's some quick ulgy hack ;-) these lines comment in src/lib/libc/locale/setrunelocale.c then libc re-compile. if (strcmp(rl-rl_encoding, _CITRUS_DEFAULT_CTYPE_NAME) != 0) { _NukeRune(rl); return EINVAL; } these lines remove a comment in src/share/locale/ctype/Makefile then korean locale install. #LOCALES += ko_KR.eucKR # LOCALESRC_ko_KR.eucKR = ko_KR.eucKR and use a nabi for X http://marc.info/?l=openbsd-portsm=115871943726656w=2 thanks - Jung I found the only citrus patch is 20071008: http://sigsegv.s25.xrea.com/distfiles/citrus/OpenBSD/OpenBSD-HEAD-citrus-20071008.tar.bz2 Can I use the patch for current ? Is there a public cvs ? Thanks for some help. Dongsheng
Re: Security meassures or just plain stupidity
On Fri, Jan 18, 2008 at 09:49:10PM +0100, [EMAIL PROTECTED] wrote: In the last couple of weeks I have been reading a lot of security (...) literature (...) on web related issues. It seems to me that a lot of people (...) call themselves Security Experts But (...) [a] LOT of the examples provided in the material are just so damn stupid that I can't believe anyone can take them serious. (...) I tend to think: Dude if that can happen to someone running a web server he's to stupid to understand what you are writing and he shouldn't be running a web server in the first place. Is this just me or!? No, it's not just you. Doing web application security or web programming correctly is hard, and not quite all the people doing it (are smart|care) enough to know what they are talking about. This does not mean that there are no people who actually know what they are talking about; for instance, Amit Klein tends to produce posts that are, if not ground-breaking or brilliant, at least reasonably well-written explanations of issues that could actually crop up in programs or deployments created by competent people[1]. (Like http://seclists.org/bugtraq/2005/Aug/0200.html). As a general rule, web security requires securing the underlying server (which is obviously a topic of its own, and includes DNS spoofing), knowledge of common programming errors (mostly variations on not distrusting input enough - which can range from SQL injection to allowing people to upload/link to malicious image files - see http://www.kb.cert.org/vuls/id/181038), and some protocol-level issues like HTTP response splitting. Add in basic knowledge of cryptographic issues - storing customer passwords using anything but salted hashes is likely a mistake, and you should at least be aware of how much entropy your session handler provides - and you've evaded most issues. At least, until you're stupid enough to allow random 'widgets' on your page and the like. There are some tricks - stuff like mod_security[1] or simulating static type checking by using Hungarian notation[2] - that can help a little, but in the end it remains a difficult problem. In the end, however, 'too stupid to run a web server' (for example, running phpBB and not updating it) tends to cause much more damage than a badly-written custom application. I do hope some of these pointers are useful. Of course, this advice might turn out to be worth what you paid for it; I do not claim to belong to the few people who know enough to actually know what they are talking about, after all... Joachim [1] mod_security 1 is in ports, under security/mod_security; mod_security 2.x is only available for Apache 2, and not currently ported. (Although Apache 2 is.) The underlying model is fundamentally broken, but it can still catch some common problems, fix an issue quickly, and/or protect you from issues in decoders by rewriting a lot of stuff into a saner form. [2] The basic idea is as written in http://www.joelonsoftware.com/articles/Wrong.html, under 'The Real Solution'.
Bind port for bind/dlz
I have a question, I'm trying to recompile a flavor of bind but I can't find the port because its part of the base install. Could you point me in the right direction on how I would do it ? I downloaded the bind source and compiled it but obviously the original version that ships on base should be un-installed from openbsd first.. I don't know how to do it because its part of the base system. Sorry if I'm posting in the wrong area if so please direct me to the proper area. I don't have experinece interacting with the community here. If you have src.tar.gz downloaded from an FTP mirror, You can use the local modified version of BIND instead of trying to hack it out of the base system. /usr/src/usr.sbin/bind/Makefile.bsd-wrapper would be the file to look at... I hope this helps, Good luck. -Nix Fan. Ok so I'm compiling bind 9.4.2 using the bsd makefile like you suggested I can compile and install however when add the --with-dlz-bdb option and I keep getting a stop on line 70 of Makefile.bsd-wrapper error: could not find Berkeley DB include directory Already had installed db-4.2.5p11 I know the lib files for bdb go to /usr/local/lib/db4 but I can't figure out what directory the bind compile wants. It seems to want the intstall directory for dbv4. Anyone know which directory I can specify for --with-dlz-dbd=/sw/install?
Re: Reversing audio channels
On Mon, Jan 21, 2008 at 08:54:33AM +0200, Antti Harri wrote: On Mon, 21 Jan 2008, Jacob Meuser wrote: or you could use that JACK port I sent to ports@, which allows you to do this sort of thing *in software*. Hi, I would, but I asked you in private what about the software that doesn't support JACK when you sent the port.. I would have to be killing the daemon for such every software, right? I hated that with artsd, it was always blocking the audio devices from non-artsd supporting software. It would be neat if JACK would work some how transparently. with artsd, you can set the suspend timeout to a really low value. some jack clients, like xmms, will start jackd when they start playing and kill it when they're done. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Reversing audio channels
On Mon, 21 Jan 2008, Jacob Meuser wrote: or you could use that JACK port I sent to ports@, which allows you to do this sort of thing *in software*. Hi, I would, but I asked you in private what about the software that doesn't support JACK when you sent the port.. I would have to be killing the daemon for such every software, right? I hated that with artsd, it was always blocking the audio devices from non-artsd supporting software. It would be neat if JACK would work some how transparently. -- Antti Harri