question to normal user

[Jörg Klein]

Hallo,

I am use OpenBSD since 5 years. Thank you for all for this wonderfull work. I
have a small company in Hamburg and all my server work with OpenBSD. At the
moment I use OpenBSD 4.2.
I have some question about normal user.

I add a user with adduser. It works fine. All user can change from her home
directory into every other directory. By my anonymous ftp server gives a
ftpchroot file. I my opinion thats must by give for a normal user too. How can
I put it a normal user in a jail?

I found no answer in the internet.

Thank you for help

Joerg

Re: question to normal user

[Jussi Peltola]

Hi,

On Sun, Jan 20, 2008 at 09:10:21AM +0100, Jvrg Klein wrote:
 I add a user with adduser. It works fine. All user can change from her home
 directory into every other directory. By my anonymous ftp server gives a
 ftpchroot file. I my opinion thats must by give for a normal user too. How can
 I put it a normal user in a jail?
 
You cannot put logins under a chroot, the users need access to /bin,
/lib, /usr/bin, /usr/lib and practically all the other directories on
the machine. You would have to copy almost the whole OS into their home
directory to make it work.

If you want to prevent users from looking at each others' files, chmod
their home directories to 711. There is very little reason to chroot
users in a secure system, just chmod your secrets so they can not see
them.

-- 
Jussi Peltola

Re: ibm thinkpad x60s + suspend mode

[Benoit Chesneau]

On Jan 19, 2008 11:24 PM, Jussi Peltola [EMAIL PROTECTED] wrote:

 Oh - and to answer your question, not that I know of. Sorry.

I read tphdisk could work in my case. The only thing I don't really
know if the tphdisk could be put on a partition that isn't the first
one ?

- benont

Re: cwm background invoking mutt

[Stuart Henderson]

On 2008/01/20 16:28, Chris wrote:
 After reading the undeadly post on cwm(1) I am trying it out in
 Xnest(1). I was wondering how I could get a background image like the
 one shown in undeadly.

I guess you're talking about Jasper's article,
http://216.194.67.89/cgi?action=articlesid=20070712103624

You can use xloadimage from ports, there are various alternatives
(most X image viewers allow you to do this - look for something like
display an image on the root window). The transparent terminals
might be from something like aterm with the -tr option.

 Also, I can't invoke mutt using C-/ although I have a symlink in
 .calmwm/. GUI apps like firefox and soffice fire up fine.

xterm -e mutt

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Schöberle Dániel]

 From: Richard Daemon [mailto:[EMAIL PROTECTED]

 On Jan 19, 2008 8:31 PM, Schvberle Daniel
 [EMAIL PROTECTED] wrote:


   Hi all!

   I've just upgraded my firewall from OpenBSD 4.0 to
 4.2-stable and ran
   into a small problem regarding mount_mfs. I solved it,
 but in case
   anybody else runs into it, here's something for the archives.

   I run the box from a 512MB CF and, originally, with very limited
   memory. The /var, tmp and /dev are mount_mfs and during
 the upgrade I
   had trobule with mounting /dev.

   I used to mount /dev with the following line:

   swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0

   It seems that sometime after 4.1 was released (probably
 during ffs2
   development) mount_mfs was changed in such a way that
 it doesn't allow
   very high density for inodes. This resulted in
 mount_mfs failing on
   replicating the /dev and me getting a readonly /dev,
 which resulted
   in a box that I couldn't login into remotly (with ssh).
 Luckily you I
   could still issue commands with winscp or login
 locally. After couple
   of tests I concluded that mount_mfs simply ignores
 density settings
   lower than 1024, so I changed the /dev to settings to
 the following
   line:

   swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0

   Now everything is ok, I'm happy and sice CF is in a new
 box with lots
   of memory I'm not trying to squeeze every byte out of it.

   Maybe this maximal density could be documented somehow?
 I glanced at
   the mkfs.c and saw that, in theory, it should warn the user when
   reducing the density but I never got a warning during my tests.

   dmesg in case anybody needs it:

snip dmesg


 Wow, very weird that you post this. I just noticed the exact
 same thing yesterday too. Upgraded from 4.0-stable to
 4.2-stable on a WRAP (pcengines.ch) box with my 512M CF and
 /dev entries failing as well. My previous inode settings used to be:

 swap /dev mfs rw,-P=/.devtmp,-s=1200,-i=128 0 0 but that
 crapped out in 4.2.

 I changed it to -s=3072, -i=128 just to get it fully working
 properly and I haven't looked into it further yet, but
 wondering if I'm better off maybe trying higher inode (like
 yours) but lower MFS size such as -s=1024 because I'm limited
 in memory (128M total). Other than that, is an MFS /dev size
 bigger than 1M even needed? I'd really like to reduce as much
 as possible.

 Thanks for the post!

 I'm new to this mailing list and so far, it's great!

No, I don't think you'd ever need a /dev this big, but in order to
get the needed number of inodes you have to push the size up.
Your line is ok, but maybe you should put i=1024 instead of i=128,
so you know what the real values are - that's what it's using anyway
With 128MB you really shouldn'y worry. I was concerned because I had
only 32MB or 48MB. mount_mfs doesn't really use the memory untill
it's needed, so you could make, say 100GB mfs on a box with 128MB of
RAM and it would work as long as you've got memory to hold the
files. Regardnig /dev, you really don't need much as it's a small
filesystem, but sometimes you can get real files in there. This is
what happend once to my lil' box (I had a _real_ /dev/null) and it
crapped out because it ran out of memory. After that I reduced the
/dev as much as I could, I didn't want another local DoS to happen.
I have 512MB now and couldn't care less if /dev is 0.1 or 1 MB,
and with 128MB you shouldn't either, especially since it gets
allocated only if really needed by the files.

Re: Concurrecnt PPPoE(4)?

[Sunnz]

So, as per my understanding so far, packets are routed correctly from
internet to pppoe0, but responses from pppoe0 are going through pppoe1
which is wrong...

So...

1) internet packets  pppoe0 got through correctly and worked.

2) pppoe0 response  pppoe1 wrong and dropped by the ISP.

And I need to change 2) to...

3) pppoe0 response  pppoe0

Or am I terribly wrong?

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/20, Jussi Peltola [EMAIL PROTECTED]:
 On Sun, Jan 20, 2008 at 07:13:02AM +0200, Jussi Peltola wrote:
  On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote:
 
   pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \
   from any to pppoe0
  I don't think that will work. Anyone trying to reach pppoe0 will not get
  routed out on pppoe1.
 Hmm, actually that rule is almost correct, and I ended up getting confused...

 What you probably mean is:
 pass out on pppoe1 route-to (pppoe0 pppoe0:peer) from pppoe0 to any
  

Hey, I have tried the following:

reply-to:
1)
pass in on pppoe0 reply-to pppoe0 from any to pppoe0

It just works, both traceroute, ping, and ssh

route-to
2)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any

3)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any

4)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
pass in  on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0
pass in  on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0

2) 3) and 4) works with traceroute and ping from the outside, but not ssh.

So, do I need to use some kind of packet management with tag to get
route-to to work? Or would using reply-to suffice?

What I am worried about is this section from pf.conf(5):

 reply-to
   The reply-to option is similar to route-to, but routes packets that
   pass in the opposite direction (replies) to the specified inter-
   face.  Opposite direction is only defined in the context of a state
   entry, and reply-to is useful only in rules that create state.  It
   can be used on systems with multiple external connections to route
   all outgoing packets of a connection through the interface the in-
   coming connection arrived through (symmetric routing enforcement).

Opposite direction is only defined in the context of a state entry,
and reply-to is useful only in rules that create state. - as far as I
know of, only TCP connections has states, but not UDP... so what I am
worried about is that reply-to does not work with UDP connections? I
don't have a UDP service to test this out now, but I probably will
have some UDP service in the future.
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/21, Sunnz [EMAIL PROTECTED]:
 route-to
 2)
 pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any

 3)
 pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
 pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any

 4)
 pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
 pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
 pass in  on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0
 pass in  on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0

 2) 3) and 4) works with traceroute and ping from the outside, but not ssh.

Oh, what was I thinking!! it should be like

pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any
  ^^

Right?

Ok I just tested that one out as well... does not work neither... (with 2,3,4)

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Concurrecnt PPPoE(4)?

[Stuart Henderson]

On 2008/01/21 00:31, Sunnz wrote:
 So, do I need to use some kind of packet management with tag to get
 route-to to work? Or would using reply-to suffice?

Just use reply-to, that's what it's for.

 Opposite direction is only defined in the context of a state entry,
 and reply-to is useful only in rules that create state. - as far as I
 know of, only TCP connections has states, but not UDP...

see pfctl -ss.

Re: Concurrecnt PPPoE(4)?

[NetOne - Doichin Dokov]

Sunnz P=P0P?P8Q
P0:

2008/1/21, Sunnz [EMAIL PROTECTED]:
  

route-to
2)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any

3)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any

4)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
pass in  on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0
pass in  on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0

2) 3) and 4) works with traceroute and ping from the outside, but not ssh.



Oh, what was I thinking!! it should be like

pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any
  ^^

Right?

Ok I just tested that one out as well... does not work neither... (with 2,3,4)
  

http://www.openbsd.org/faq/pf/pools.html#outgoing

Re: Concurrecnt PPPoE(4)?

[Jussi Peltola]

On Mon, Jan 21, 2008 at 12:31:35AM +1100, Sunnz wrote:
 Opposite direction is only defined in the context of a state entry,
 and reply-to is useful only in rules that create state. - as far as I
 know of, only TCP connections has states, but not UDP... so what I am
 worried about is that reply-to does not work with UDP connections? I
 don't have a UDP service to test this out now, but I probably will
 have some UDP service in the future.
pf keeps state on UDP (and ICMP) just fine.

-- 
Jussi Peltola

Re: Concurrecnt PPPoE(4)?

[Jussi Peltola]

On Mon, Jan 21, 2008 at 12:38:36AM +1100, Sunnz wrote:
 2008/1/21, Sunnz [EMAIL PROTECTED]:
  route-to
  2)
  pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
 
  3)
  pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
  pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
 
  4)
  pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
  pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
  pass in  on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0
  pass in  on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0
 
  2) 3) and 4) works with traceroute and ping from the outside, but not ssh.
 
 Oh, what was I thinking!! it should be like
 
 pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any
This probably fails because of stateful filtering: the connection is to
pppoe0:0 but the replies are from pppoe0:0, and the rule will not
match them when it is stateful. Try adding no state to your rules
(which is not recommended) or using reply-to.

-- 
Jussi Peltola

Re: Concurrecnt PPPoE(4)?

[Jussi Peltola]

On Mon, Jan 21, 2008 at 12:18:26AM +1100, Sunnz wrote:
 So, as per my understanding so far, packets are routed correctly from
 internet to pppoe0, but responses from pppoe0 are going through pppoe1
 which is wrong...
 
 So...
 
 1) internet packets  pppoe0 got through correctly and worked.
 
 2) pppoe0 response  pppoe1 wrong and dropped by the ISP.
 
 And I need to change 2) to...
 
 3) pppoe0 response  pppoe0
 
 Or am I terribly wrong?
That is correct as far as I can see.

-- 
Jussi Peltola

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/21, Jussi Peltola [EMAIL PROTECTED]:
 pf keeps state on UDP (and ICMP) just fine.

 --
 Jussi Peltola



Oh I see, that's very nice, thanks for all the help everyone!

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Richard Daemon]

On Jan 20, 2008 5:51 AM, SchC6berle DC!niel [EMAIL PROTECTED]
wrote:

  From: Richard Daemon [mailto:[EMAIL PROTECTED]
 
  On Jan 19, 2008 8:31 PM, Schvberle Daniel
  [EMAIL PROTECTED] wrote:
 
 
Hi all!
 
I've just upgraded my firewall from OpenBSD 4.0 to
  4.2-stable and ran
into a small problem regarding mount_mfs. I solved it,
  but in case
anybody else runs into it, here's something for the archives.
 
I run the box from a 512MB CF and, originally, with very limited
memory. The /var, tmp and /dev are mount_mfs and during
  the upgrade I
had trobule with mounting /dev.
 
I used to mount /dev with the following line:
 
swap /dev mfs rw,-P=/proto/dev,-s=700,-i=256 0 0
 
It seems that sometime after 4.1 was released (probably
  during ffs2
development) mount_mfs was changed in such a way that
  it doesn't allow
very high density for inodes. This resulted in
  mount_mfs failing on
replicating the /dev and me getting a readonly /dev,
  which resulted
in a box that I couldn't login into remotly (with ssh).
  Luckily you I
could still issue commands with winscp or login
  locally. After couple
of tests I concluded that mount_mfs simply ignores
  density settings
lower than 1024, so I changed the /dev to settings to
  the following
line:
 
swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0
 
Now everything is ok, I'm happy and sice CF is in a new
  box with lots
of memory I'm not trying to squeeze every byte out of it.
 
Maybe this maximal density could be documented somehow?
  I glanced at
the mkfs.c and saw that, in theory, it should warn the user when
reducing the density but I never got a warning during my tests.
 
dmesg in case anybody needs it:

 snip dmesg

 
  Wow, very weird that you post this. I just noticed the exact
  same thing yesterday too. Upgraded from 4.0-stable to
  4.2-stable on a WRAP (pcengines.ch) box with my 512M CF and
  /dev entries failing as well. My previous inode settings used to be:
 
  swap /dev mfs rw,-P=/.devtmp,-s=1200,-i=128 0 0 but that
  crapped out in 4.2.
 
  I changed it to -s=3072, -i=128 just to get it fully working
  properly and I haven't looked into it further yet, but
  wondering if I'm better off maybe trying higher inode (like
  yours) but lower MFS size such as -s=1024 because I'm limited
  in memory (128M total). Other than that, is an MFS /dev size
  bigger than 1M even needed? I'd really like to reduce as much
  as possible.
 
  Thanks for the post!
 
  I'm new to this mailing list and so far, it's great!

 No, I don't think you'd ever need a /dev this big, but in order to
 get the needed number of inodes you have to push the size up.
 Your line is ok, but maybe you should put i=1024 instead of i=128,
 so you know what the real values are - that's what it's using anyway
 With 128MB you really shouldn'y worry. I was concerned because I had
 only 32MB or 48MB. mount_mfs doesn't really use the memory untill
 it's needed, so you could make, say 100GB mfs on a box with 128MB of
 RAM and it would work as long as you've got memory to hold the
 files. Regardnig /dev, you really don't need much as it's a small
 filesystem, but sometimes you can get real files in there. This is
 what happend once to my lil' box (I had a _real_ /dev/null) and it
 crapped out because it ran out of memory. After that I reduced the
 /dev as much as I could, I didn't want another local DoS to happen.
 I have 512MB now and couldn't care less if /dev is 0.1 or 1 MB,
 and with 128MB you shouldn't either, especially since it gets
 allocated only if really needed by the files.

 Thank you very much for the reply! Much appreciate your suggestions and
advice.

Re: 2008 Approved cryptographic algorithms -- Government of Canada

[Dave Ewart]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday, 03.01.2008 at 13:01 -0500, scott wrote:

 Referencing:
 http://www.cse-cst.gc.ca/services/crypto-services/crypto-algorithms-e.html
 
 It is now 2008 and, per above link, the CSE de-lists certain HASH and
 HMAC standards and algorithms, namely sha-1 is bumped to sha-224 (as a
 minimum) including its downstream incorporations/reliances.
 
 With regard to openBSD's the broad sheet of crypto software -- ssh in
 particular but not just ssh -- in so far as I can see from userland
 (aka a non-developer) the userland user-interface presently limits in
 places to sha-1.
 
 Not saying that oBSD is/isn't/should/shall be CSE compliant but rather
 working from the premise that the CSE document is of merit and any
 such de-listings are noteworthy, will the 2008 openBSD releases 4.3
 and 4.4 include -- i.e. pace -- and make usable at the userland
 user-interface levels (e.g. sshd_config  MACs, et al) the modern
 standards and algorithms.

The above is an interesting issue.

A related issue: is there any simple way to, say, disable use of a
particular algorithm entirely?  For example, if a serious compromise is
found in an algorithm, can use of it (through whichever context: ssh,
gpg, hashing, something else) be disabled?

Dave.
- -- 
Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee
All email from me is now digitally signed, http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
iD8DBQFHk2Q4nhBnac0o2pIRApAeAKDJ6xVaFLePpCYdEhAS1LNUeixkRQCgt4yt
E/bW1rD0EcGk1Omg5Yns8QA=
=sbH3
-END PGP SIGNATURE-

OpenCVS?

[Richard Daemon]

Hi,

Just wondering what the status of OpenCVS is. Is it still being actively
worked on more or on the back burner for now?

Just curious to know.

TIA.

Re: OpenCVS?

[Stuart Henderson]

On 2008/01/20 10:22, Richard Daemon wrote:
 Just wondering what the status of OpenCVS is. Is it still being actively
 worked on more or on the back burner for now?

See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/

Re: Reversing audio channels

[Deanna Phillips]

Antti Harri writes:

 how can I reverse the audio output, left-right and
 right-left channel? It would help with the placement
 of my PC's speakers.

Depends on your hardware.  Some have kernel flags for it, so
look in the manpage for your device.

Reversing audio channels

[Antti Harri]

Hi,

how can I reverse the audio output, left-right and
right-left channel? It would help with the placement
of my PC's speakers.

--
Antti Harri

miniPCI Wi-Fi cards in Moscow (Russia)

[Dmitrij Czarkoff]

Does anyone know a place I can buy some non-Intel miniPCI Wi-Fi card
in Moscow (Russia)? Just need to replace miniPCI ipw3945 which has
hardware rf_kill switch bound to Windows-only software controlling the
Fn button on laptop's keyboard.

Or maybe anyone knows the way to somehow disable the hard rf_switch?

-- 
Dmitrij D. Czarkoff

Looking for advice on wireless mini-pci cards for WAP (Soekris4801, OpenBSD4.2)

[Andre Pierre]

Hi

I recently built an wireless access point using a Soekris 4801 with 
Atheros AR5212 and OBSD4.2 (flashimg-2007110)


I bought two Atheros cards for the WAP and the client laptop, because 
the ath(4) manpage indicated that 802.11a/g operation was possible.


In actuality turns out 802.11a or g just don't want to work in my setup 
regardless of client OS (and from further research online others have 
had that issue too, doh!)


Ok so live and learn...

Now, I want to change the mini-pci adapter on my Soekris 4801 from ath0 
to something else, so that I may enjoy robust 802.11g (and/or 802.11a).



I have read recent threads on ral(4) and also looked at pgt(4) also and 
my gut feeling is that I should probably buy two Ralink Technology IEEE 
802.11a/b/g wireless mini-pci cards.


Any thoughts, or insights, suggestions as to which of the mini-pci cards 
below work *really well* with a Soekris 4801 box?


Amigo AWI-922W, Billionton MIWLGRL, Gigabyte GN-WIKG, Gigabyte 
GN-WI01GS, Gigabyte GN-WI02GM, MSI MP54G2, MSI MS-6833, Tonze PC-620C, 
Zinwell ZWX-G36



Thanks in advance for any info.

:-)

Best regards,

Andre

Re: Reversing audio channels

[Antti Harri]

On Sun, 20 Jan 2008, Deanna Phillips wrote:


Depends on your hardware.  Some have kernel flags for it, so
look in the manpage for your device.


It's emu, which doesn't support it?

Why is the reverse feature in the driver layer, and not in more generic
layer?

--
Antti Harri

Re: cksum: out of data

[Jason McIntyre]

On Sat, Jan 19, 2008 at 05:33:58PM +0100, Dirk Mast wrote:
 Hello,
 
 my dmesg is filled with this message
 cksum: out of data 
 and i can't find out from where it is (has something to do with 
 the internet connection going up and down).
 
 It's a Alix 2c3 Board running as a DSL-Router
 and what I suspect might be the issue is serving
 a sixxs.net IPv6 tunnel (via aiccu).
 
 /var/log/messages contain this message everytime the 
 internet connection goes down 
 
 /bsd: cksum: out of data
 
 Is this message something to ignore, or to investigate further?
 

i had these appear on machine about june/july of last year, which was
running -current. i discussed it with some developers, but no one ever
got to the bottom of it.

then they stopped. i don;t know why, but presumably after installing a
newer snapshot.

then this week they came back, two or three times, again on a box
running -current (as of jan 9th). i haven;t seen them in a few days (nor
have i upgraded the box).

sorry i can;t be of more help. oh, i run a sixxs tunnel too ;)

jmc

Re: Reversing audio channels

[Deanna Phillips]

Antti Harri writes:

 On Sun, 20 Jan 2008, Deanna Phillips wrote:

 Depends on your hardware.  Some have kernel flags for it, so
 look in the manpage for your device.

 It's emu, which doesn't support it?

 Why is the reverse feature in the driver layer, and not in
 more generic layer?

The OpenBSD mixer is very simple and many things like this are
hardware-dependent or left to userland.

Get some new speakers. :)

Re: Reversing audio channels

[L. V. Lammert]

On Sun, 20 Jan 2008, Antti Harri wrote:

 Hi,

 how can I reverse the audio output, left-right and
 right-left channel? It would help with the placement
 of my PC's speakers.

 --
 Antti Harri

Ahh, .. swap the speakers or wires??

Lee

Re: OpenCVS?

[Unix Fan]

Stuart Henderson wrote:

 See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/



I'm slighly confused by something if the cvs command in OpenBSD 4.2 is 
OpenCVS, why does cvs --help refer to places like cvshome.org for updates 
etc?



-Nix Fan.

Re: OpenCVS?

[Stuart Henderson]

On 2008/01/20 10:15, Unix Fan wrote:
 Stuart Henderson wrote:
  See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/
 
 I'm slighly confused by something if the cvs command in
 OpenBSD 4.2 is OpenCVS,

it isn't - not everything in source is linked to the build yet.

Re: Reversing audio channels

[Antti Harri]

On Sun, 20 Jan 2008, L. V. Lammert wrote:


Ahh, .. swap the speakers or wires??


I still don't understand why such a simple
thing isn't implemented in the software..
Yeah yeah missing the daemon  other crap.

I guess I'll have to swap the places of the speakers, it would
have been better as is and swapped the output of sound card.

--
Antti Harri

Re: OpenCVS?

[Pierre Riteau]

On 20 Jan 2008 10:15:15 -0800, Unix Fan [EMAIL PROTECTED] wrote:
 Stuart Henderson wrote:

  See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/



 I'm slighly confused by something if the cvs command in OpenBSD 4.2 is 
 OpenCVS, why does cvs --help refer to places like cvshome.org for updates 
 etc?



 -Nix Fan.



Forgot to cc: misc... Sorry.

The cvs version shipped with OpenBSD is still GNU CVS, even in -current.

-- 
Pierre Riteau

Re: Reversing audio channels

[NetOne - Doichin Dokov]

Antti Harri P=P0P?P8Q
P0:

On Sun, 20 Jan 2008, L. V. Lammert wrote:


Ahh, .. swap the speakers or wires??


I still don't understand why such a simple
thing isn't implemented in the software..
Yeah yeah missing the daemon  other crap.

I guess I'll have to swap the places of the speakers, it would
have been better as is and swapped the output of sound card.

It would be better to code what you want, instead of wonder and bark 
here oh, why is this not done?!.


It would have taken you no more than 10 mins to reverse the cables. Oh - 
you can also try installing Windows and try to switch the channels there 
(and then go complain to Microsoft that you can't).

Re: OpenCVS?

[Andreas Kahari]

OpenCVS is not compiled or installed by default, yet, but the CVS in
src/gnu/usr.bin/cvs/ is.

Regards,
Andreas

On 20 Jan 2008 10:15:15 -0800, Unix Fan [EMAIL PROTECTED] wrote:
 Stuart Henderson wrote:

  See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/



 I'm slighly confused by something if the cvs command in OpenBSD 4.2 is 
 OpenCVS, why does cvs --help refer to places like cvshome.org for updates 
 etc?



 -Nix Fan.




-- 
Andreas Kahari
Somewhere in the general Cambridge area, UK

Re: Reversing audio channels

[Andreas Kahari]

On 20/01/2008, Antti Harri [EMAIL PROTECTED] wrote:
 On Sun, 20 Jan 2008, L. V. Lammert wrote:

  Ahh, .. swap the speakers or wires??

 I still don't understand why such a simple
 thing isn't implemented in the software..

Next you'd want it to fetch your slippers and serve you coffee as well...
:-)

-- 
Andreas Kahari
Somewhere in the general Cambridge area, UK

Re: OpenCVS?

[Darrin Chandler]

On Sun, Jan 20, 2008 at 06:31:48PM +, Stuart Henderson wrote:
 On 2008/01/20 10:15, Unix Fan wrote:
  Stuart Henderson wrote:
   See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/
  
  I'm slighly confused by something if the cvs command in
  OpenBSD 4.2 is OpenCVS,
 
 it isn't - not everything in source is linked to the build yet.

However, those interested in using/testing OpenCVS should take a peek at
their /usr/src/usr.bin/cvs/README file as a start.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: OpenCVS?

[Constantine A. Murenin]

On 20 Jan 2008 10:15:15 -0800, Unix Fan [EMAIL PROTECTED] wrote:
 Stuart Henderson wrote:

  See for yourself: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cvs/



 I'm slighly confused by something if the cvs command in OpenBSD 4.2 is 
 OpenCVS, why does cvs --help refer to places like cvshome.org for updates 
 etc?

If you take a look at src/usr.bin/Makefile [0], you'll notice that
'cvs' (as well as 'pcc', BTW) is not (yet) connected to the build. The
one that is connected is the GNU CVS from src/gnu/usr.bin/cvs/.

On the other hand, the situation with rcs is different -- OpenRCS was
connected to the build before OpenBSD 4.0, and GNU RCS was completely
removed from the source tree before OpenBSD 4.1.

br,
cnst.su.

[0] http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/Makefile

Re: Reversing audio channels

[Antti Harri]

On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote:

It would have taken you no more than 10 mins to reverse the cables. Oh - you 
can also try installing Windows and try to switch the channels there (and 
then go complain to Microsoft that you can't).


Haahaa. very funny. Now why would I rip a perfectly good cable?
Or why would I waste lots of money on new speakers?

Are you trying to say that OpenBSD's sound card support rocks
and kicks ass? Do some research, even the devs acknowledge
that it is not the best in the world.

Don't get me wrong, I appreciate their code and effort,
it's idiots like you that I hate.

PS. A small adapter that switches the cables would be okayish.

--
Antti Harri

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Lars Noodén]

SchC6berle DC!niel wrote:
...
 swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0
 
 Now everything is ok, I'm happy and sice CF is in a new box with lots
 of memory I'm not trying to squeeze every byte out of it.

I have -s=3000 which seems to work fine.  -s=2500 seems to sometimes run
out of inodes.

 Maybe this maximal density could be documented somehow? I glanced at
 the mkfs.c and saw that, in theory, it should warn the user when
 reducing the density but I never got a warning during my tests.

When I try setting the inode density lower, I don't get a warning
either, but then I'm also using 4.2 i386 stable generic.

-Lars

Re: Reversing audio channels

[NetOne - Doichin Dokov]

Antti Harri ??:

On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote:

It would have taken you no more than 10 mins to reverse the cables. 
Oh - you can also try installing Windows and try to switch the 
channels there (and then go complain to Microsoft that you can't).


Haahaa. very funny. Now why would I rip a perfectly good cable?
Or why would I waste lots of money on new speakers?

Did I say to rip the cable? Grab a male and a female connector, 
cross-connect them, and you're done.

Are you trying to say that OpenBSD's sound card support rocks
and kicks ass? Do some research, even the devs acknowledge
that it is not the best in the world.


Am I? I'm writing in English, would you mind reading my statement again?

Don't get me wrong, I appreciate their code and effort,
it's idiots like you that I hate.
Idiots are people that tend to classify other people withouth knowing 
anything about them. Now, read again and see who does that.


PS. A small adapter that switches the cables would be okayish.
See? You've got the solution by yourself. But waaait, it was a lot of a 
hell better to bark on the mailing list calling people names, wasn't it?


Still wishing you the best,
the Idiot

Re: Reversing audio channels

[Antti Harri]

On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote:


Antti Harri ??:

On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote:

It would have taken you no more than 10 mins to reverse the cables. Oh - 
you can also try installing Windows and try to switch the channels there 
(and then go complain to Microsoft that you can't).


Haahaa. very funny. Now why would I rip a perfectly good cable?
Or why would I waste lots of money on new speakers?

Did I say to rip the cable? Grab a male and a female connector, cross-connect 
them, and you're done.


In the middle of the night, on Sunday?

I hate these fucking flame wars on [EMAIL PROTECTED] should never post here..
You either get no answer here or get flamed.

I just asked a simple question and the got the answer from Deanna
which verified my original feeling. So you can continue if you want,
I'm out.

--
Antti Harri

Re: Reversing audio channels

[Stuart Henderson]

On 2008/01/20 21:11, Antti Harri wrote:
 On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote:

 It would have taken you no more than 10 mins to reverse the cables. Oh - 
 you can also try installing Windows and try to switch the channels there 
 (and then go complain to Microsoft that you can't).

 Haahaa. very funny. Now why would I rip a perfectly good cable?
 Or why would I waste lots of money on new speakers?

 Are you trying to say that OpenBSD's sound card support rocks
 and kicks ass? Do some research, even the devs acknowledge
 that it is not the best in the world.

 Don't get me wrong, I appreciate their code and effort,
 it's idiots like you that I hate.

 PS. A small adapter that switches the cables would be okayish.

Wouldn't it be simpler to put the left speaker where the right
speaker is, and vice-versa?

Re: Reversing audio channels

[Antti Harri]

On Sun, 20 Jan 2008, Stuart Henderson wrote:


Wouldn't it be simpler to put the left speaker where the right
speaker is, and vice-versa?


No, that's why I was asking how to do it in software,
maybe I didn't say this clearly enough in the original post.

I can do it, and probably will as there clearly isn't
any other solution. It's just more ugly if I have
to change their physical places.

--
Antti Harri

Re: cksum: out of data

[Dirk Mast]

Jason McIntyre wrote:

 On Sat, Jan 19, 2008 at 05:33:58PM +0100, Dirk Mast wrote:
 Hello,
 
 my dmesg is filled with this message
 cksum: out of data
 and i can't find out from where it is (has something to do with
 the internet connection going up and down).
 
 It's a Alix 2c3 Board running as a DSL-Router
 and what I suspect might be the issue is serving
 a sixxs.net IPv6 tunnel (via aiccu).
 
 /var/log/messages contain this message everytime the
 internet connection goes down
 
 /bsd: cksum: out of data
 
 Is this message something to ignore, or to investigate further?
 
 
 i had these appear on machine about june/july of last year, which was
 running -current. i discussed it with some developers, but no one ever
 got to the bottom of it.
 
 then they stopped. i don;t know why, but presumably after installing a
 newer snapshot.
 
 then this week they came back, two or three times, again on a box
 running -current (as of jan 9th). i haven;t seen them in a few days (nor
 have i upgraded the box).
 
 sorry i can;t be of more help. oh, i run a sixxs tunnel too ;)
 
 jmc


 sorry i can;t be of more help. oh, i run a sixxs tunnel too ;)
Seems like we can somehow reduce the problem ;)

I'll now stop running aiccu for 2 days or so, hopefully the messages
will disappear then.

Actually I think they don't represent a too big problem, but 
a spammed dmesg/messages is not nice and something which writes
there should have a reason to do so.

Re: mount_mfs change of behaviour regarding -i (inode density) on 4.2

[Otto Moerbeek]

On Sun, Jan 20, 2008 at 09:46:27PM +0200, Lars Nood??n wrote:

 SchC6berle DC!niel wrote:
 ...
  swap /dev mfs rw,-P=/proto/dev,-s=4000,-i=1024 0 0
  
  Now everything is ok, I'm happy and sice CF is in a new box with lots
  of memory I'm not trying to squeeze every byte out of it.
 
 I have -s=3000 which seems to work fine.  -s=2500 seems to sometimes run
 out of inodes.
 
  Maybe this maximal density could be documented somehow? I glanced at
  the mkfs.c and saw that, in theory, it should warn the user when
  reducing the density but I never got a warning during my tests.
 
 When I try setting the inode density lower, I don't get a warning
 either, but then I'm also using 4.2 i386 stable generic.
 
 -Lars

The density you are getting is on target. The thing that
changed is that the minimum number of cylinder groups is now 4. That
means more meta data overhead and less data space, hence less inodes.

[EMAIL PROTECTED]:60]$ sudo mount_mfs -s 700 -i 256 swap /mnt
mount_mfs: reduced number of fragments per cylinder group from 80 to
72 to enlarge last cylinder group
[EMAIL PROTECTED]:62]$ df -i /mnt
Filesystem  1K-blocks  Used Avail Capacity iused   ifree %iused  
Mounted on
mfs:15606 173 1   164 1%   1 6370%   /mnt
[EMAIL PROTECTED]:63]$ 

173k of data with 4 inodes per k resulting in 638 inodes is about right.

To sqeeze more inodes out of a small file system you can use -c and smaller
fragment and block size, but ir remains a bit of a black art.
e.g.

[EMAIL PROTECTED]:64]$ sudo mount_mfs -s 700 -c 700 -i 256 -f 512 -b 4096 swap 
/mnt 
mount_mfs: reduced number of fragments per cylinder group from 696 to
512 to enlarge last cylinder group
[EMAIL PROTECTED]:65]$ df -i /mnt
Filesystem  1K-blocks  Used Avail Capacity iused   ifree %iused  
Mounted on
mfs:26011 181 0   172 0%   110210%   /mnt
[EMAIL PROTECTED]:66]$ 

-Otto

Re: Looking for advice on wireless mini-pci cards for WAP (Soekris4801, OpenBSD4.2)

[Rod Whitworth]

On Sun, 20 Jan 2008 10:49:11 -0500, Andre Pierre wrote:

Hi

I recently built an wireless access point using a Soekris 4801 with 
Atheros AR5212 and OBSD4.2 (flashimg-2007110)

I bought two Atheros cards for the WAP and the client laptop, because 
the ath(4) manpage indicated that 802.11a/g operation was possible.

In actuality turns out 802.11a or g just don't want to work in my setup 
regardless of client OS (and from further research online others have 
had that issue too, doh!)

Ok so live and learn...

Now, I want to change the mini-pci adapter on my Soekris 4801 from ath0 
to something else, so that I may enjoy robust 802.11g (and/or 802.11a).


I have read recent threads on ral(4) and also looked at pgt(4) also and 
my gut feeling is that I should probably buy two Ralink Technology IEEE 
802.11a/b/g wireless mini-pci cards.

Any thoughts, or insights, suggestions as to which of the mini-pci cards 
below work *really well* with a Soekris 4801 box?

Amigo AWI-922W, Billionton MIWLGRL, Gigabyte GN-WIKG, Gigabyte 
GN-WI01GS, Gigabyte GN-WI02GM, MSI MP54G2, MSI MS-6833, Tonze PC-620C, 
Zinwell ZWX-G36


Thanks in advance for any info.

I have zero issues with MSI either PCI or miniPCI for quite some time.
Back to 3.9 or 4.0 IIRC.



:-)

Best regards,

Andre


Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device

Re: OpenCVS?

[Peter N. M. Hansteen]

Unix Fan [EMAIL PROTECTED] writes:

 Is there a list of GNU software being installed on my computer? 

The contents of /usr/src/gnu should give you an idea.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Reversing audio channels

[Jacob Meuser]

On Sun, Jan 20, 2008 at 09:11:55PM +0200, Antti Harri wrote:
 On Sun, 20 Jan 2008, NetOne - Doichin Dokov wrote:
 
 It would have taken you no more than 10 mins to reverse the cables. Oh - 
 you can also try installing Windows and try to switch the channels there 
 (and then go complain to Microsoft that you can't).
 
 Haahaa. very funny. Now why would I rip a perfectly good cable?
 Or why would I waste lots of money on new speakers?
 
 Are you trying to say that OpenBSD's sound card support rocks
 and kicks ass? Do some research, even the devs acknowledge
 that it is not the best in the world.

well, that is changing.  the devices *I* use work every bit as well,
if not better than, they do with any other OS.  especialy since
there is 0 configuration, where other OSes have kernel modules to
build, etc ...

 Don't get me wrong, I appreciate their code and effort,
 it's idiots like you that I hate.
 
 PS. A small adapter that switches the cables would be okayish.

just buy a splitter and swap the wires on one side.  mini-sereo
splitters are like $3 at the local general store.

or you could use that JACK port I sent to ports@, which allows you
to do this sort of thing *in software*.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Reversing audio channels

[Jacob Meuser]

On Sun, Jan 20, 2008 at 08:32:12PM +0200, Antti Harri wrote:
 On Sun, 20 Jan 2008, L. V. Lammert wrote:
 
 Ahh, .. swap the speakers or wires??
 
 I still don't understand why such a simple
 thing isn't implemented in the software..

because our current mixer is just an interface to the *hardware* mixer.
we don't do any *software* mixing in the kernel.

 Yeah yeah missing the daemon  other crap.

we have a simple and straight forward audio/mixer API.  this allows
us to focus on *hardware* support in the kernel, which (should) make
userland *software* easier to code (less complicated).  bloating the
kernel with *software* features doesn't appeal to me.

 I guess I'll have to swap the places of the speakers, it would
 have been better as is and swapped the output of sound card.

if that is supported by the *hardware*, then there should be a mixer
item.  otherwise, it should be left to userland *software*.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Reversing audio channels

[Jacob Meuser]

On Sun, Jan 20, 2008 at 09:30:58PM +0200, Antti Harri wrote:

 I hate these fucking flame wars on [EMAIL PROTECTED] should never post here..

especially not things like I don't understand why simple things
like that can't be implemented in the software.

 You either get no answer here or get flamed.

everyone who flamed gave you a solution.  you're the only one
calling anyone names.  the answers aren't what you want, but
they're not flames.

 I just asked a simple question

that's how you started, then you complained ...

 and the got the answer from Deanna
 which verified my original feeling. So you can continue if you want,
 I'm out.
 
 -- 
 Antti Harri
 

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Reversing audio channels

[Ted Unangst]

On 1/20/08, Antti Harri [EMAIL PROTECTED] wrote:
 On Sun, 20 Jan 2008, Deanna Phillips wrote:

  Depends on your hardware.  Some have kernel flags for it, so
  look in the manpage for your device.

 It's emu, which doesn't support it?

 Why is the reverse feature in the driver layer, and not in more generic
 layer?

it is in the generic layer, but the driver has to tell the ac97 layer
to reverse the channels.

Re: Reversing audio channels

[Jacob Meuser]

On Mon, Jan 21, 2008 at 12:01:56AM +, Jacob Meuser wrote:

 or you could use that JACK port I sent to ports@, which allows you
 to do this sort of thing *in software*.

or mplayer -af channels=2:2:0:1:1:0

maybe other players can do this as well ...

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

You've received A Hallmark E-Card!

[hallmark.com]

Hallmark.comShop OnlineHallmark MagazineE-Cards  MoreAt Gold
Crown

You have recieved A Hallmark E-Card.

Hello!

You have recieved a Hallmark E-Card.

To see it, click here,

There's something special about that E-Card feeling. We invite you to
make a friend's day and send one.

Hope to see you soon,
Your friends at Hallmark

Your privacy is our priority. Click the Privacy and Security link at
the bottom of this E-mail to view our policy.

Hallmark.com | Privacy  Security | Customer Service | Store Locator

Re: Reversing audio channels

[Jacob Meuser]

On Sun, Jan 20, 2008 at 04:43:45PM -0800, Ted Unangst wrote:
 On 1/20/08, Antti Harri [EMAIL PROTECTED] wrote:
  On Sun, 20 Jan 2008, Deanna Phillips wrote:
 
   Depends on your hardware.  Some have kernel flags for it, so
   look in the manpage for your device.
 
  It's emu, which doesn't support it?
 
  Why is the reverse feature in the driver layer, and not in more generic
  layer?
 
 it is in the generic layer, but the driver has to tell the ac97 layer
 to reverse the channels.

that (AC97_HOST_SWAPPED_CHANNELS) just tells the ac97 layer to swap
the gains (change the left gain when the request was to change the
right gain), not the channels.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Reversing audio channels

[Deanna Phillips]

Jacob Meuser writes:

 that (AC97_HOST_SWAPPED_CHANNELS) just tells the ac97 layer to
 swap the gains (change the left gain when the request was to
 change the right gain), not the channels.

HD Audio can actually do it in the driver; I just don't think
it's worth adding more mixer items.  The most I've seen so far
is 99, can anyone beat that?

If anyone's feeling too lazy to move and has azalia...

(from NetBSD)

Index: azalia.h
===
RCS file: /cvs/src/sys/dev/pci/azalia.h,v
retrieving revision 1.14
diff -u -p -r1.14 azalia.h
--- azalia.h10 Oct 2007 03:39:21 -  1.14
+++ azalia.h21 Jan 2008 01:49:29 -
@@ -554,6 +554,7 @@ typedef struct {
 #define MI_TARGET_ADC  0x105
 #define MI_TARGET_VOLUME   0x106
 #define MI_TARGET_EAPD 0x107
+#define MI_TARGET_LRSWAP   0x108
 } mixer_item_t;
 
 #define VALID_WIDGET_NID(nid, codec)   (nid == (codec)-audiofunc || \
Index: azalia_codec.c
===
RCS file: /cvs/src/sys/dev/pci/azalia_codec.c,v
retrieving revision 1.46
diff -u -p -r1.46 azalia_codec.c
--- azalia_codec.c  16 Dec 2007 18:48:19 -  1.46
+++ azalia_codec.c  21 Jan 2008 02:09:23 -
@@ -679,6 +679,29 @@ azalia_generic_mixer_init(codec_t *this)
this-nmixers++;
}
 
+   if (w-widgetcap  COP_AWCAP_LRSWAP) {
+   MIXER_REG_PROLOG;
+   DPRINTF((%s: lrswap %s\n, __func__, w-name));
+   snprintf(d-label.name, sizeof(d-label.name),
+   %s.lrswap, w-name);
+   d-type = AUDIO_MIXER_ENUM;
+   if (w-type == COP_AWTYPE_PIN_COMPLEX)
+   d-mixer_class = AZ_CLASS_OUTPUT;
+   else if (w-type == COP_AWTYPE_AUDIO_INPUT)
+   d-mixer_class = AZ_CLASS_RECORD;
+   else
+   d-mixer_class = AZ_CLASS_INPUT;
+   m-target = MI_TARGET_LRSWAP;
+   d-un.e.num_mem = 2;
+   d-un.e.member[0].ord = 0;
+   strlcpy(d-un.e.member[0].label.name, AudioNoff,
+   MAX_AUDIO_DEV_LEN);
+   d-un.e.member[1].ord = 1;
+   strlcpy(d-un.e.member[1].label.name, AudioNon,
+   MAX_AUDIO_DEV_LEN);
+   this-nmixers++;
+   }
+
/* volume knob */
if (w-type == COP_AWTYPE_VOLUME_KNOB 
w-d.volume.cap  COP_VKCAP_DELTA) {
@@ -1004,6 +1027,15 @@ azalia_generic_mixer_get(const codec_t *
mc-un.ord = result  CORB_EAPD_EAPD ? 1 : 0;
}
 
+   /* LR-Swap */
+   else if (target == MI_TARGET_LRSWAP) {
+   err = this-comresp(this, nid,
+   CORB_GET_EAPD_BTL_ENABLE, 0, result);
+   if (err)
+   return err;
+   mc-un.ord = result  CORB_EAPD_LRSWAP ? 1 : 0;
+   }
+
else {
printf(%s: internal error in %s: target=%x\n,
XNAME(this), __func__, target);
@@ -1278,6 +1310,26 @@ azalia_generic_mixer_set(codec_t *this, 
if (err)
return err;
} 
+
+   /* LR-Swap */
+   else if (target == MI_TARGET_LRSWAP) {
+   if (mc-un.ord = 2)
+   return EINVAL;
+   err = this-comresp(this, nid,
+   CORB_GET_EAPD_BTL_ENABLE, 0, result);
+   if (err)
+   return err;
+   result = 0xff;
+   if (mc-un.ord == 0) {
+   result = ~CORB_EAPD_LRSWAP;
+   } else {
+   result |= CORB_EAPD_LRSWAP;
+   }
+   err = this-comresp(this, nid,
+   CORB_SET_EAPD_BTL_ENABLE, result, result);
+   if (err)
+   return err;
+   }
 
else {
printf(%s: internal error in %s: target=%x\n,

Re: most secure graphical browser

[Joel Wiramu Pauling]

Well short of building yourself into a faraday cage there is not much you
can do to avoid van Eck sniffing. Also while LCD's are immune, I hear that a
similar technique can be applied to LCD's. I am guessing sniffing LCD's is
probably an order of magnatude more difficult than CRT tho.

On 21/01/2008, Joachim Schipper [EMAIL PROTECTED] wrote:

 On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote:
  Most secure goes a long way. I run firefox on a sepperate user
  account. I doubt it's the most secure solution but it sure is
  quite a bit more secure, and I'm quite sure you really don't want
  to the most secure solution. :-)
 
  http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people

 That still leaves open a lot of possibilities for mischief [1]. Don't
 run trusted and untrusted programs on the same X server!

 Joachim

 [1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes,
 taking 'screenshots', and the like. Not things that are acceptable for a
 'secure' desktop.
 --
 TFMotD: flex (1) - fast lexical analyzer generator

Re: most secure graphical browser

[Joachim Schipper]

On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote:
 Most secure goes a long way. I run firefox on a sepperate user
 account. I doubt it's the most secure solution but it sure is
 quite a bit more secure, and I'm quite sure you really don't want
 to the most secure solution. :-)
 
 http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people

That still leaves open a lot of possibilities for mischief [1]. Don't
run trusted and untrusted programs on the same X server!

Joachim

[1] Including, in an otherwise-unsecured X setup, 'sniffing' keystrokes,
taking 'screenshots', and the like. Not things that are acceptable for a
'secure' desktop.
-- 
TFMotD: flex (1) - fast lexical analyzer generator

Re: Reversing audio channels

[Jacob Meuser]

On Sun, Jan 20, 2008 at 09:18:16PM -0500, Deanna Phillips wrote:
 Jacob Meuser writes:
 
  that (AC97_HOST_SWAPPED_CHANNELS) just tells the ac97 layer to
  swap the gains (change the left gain when the request was to
  change the right gain), not the channels.
 
 HD Audio can actually do it in the driver; I just don't think
 it's worth adding more mixer items.  The most I've seen so far
 is 99, can anyone beat that?
 
 If anyone's feeling too lazy to move and has azalia...

acer:~% mixerctl | wc -l
103
acer:~% mixerctl
record.adc.mute=off
record.adc=144,144
record.adc2.mute=off
record.adc2=144,144
inputs.mix.mic.mute=off
inputs.mix.mic2.mute=off
inputs.mix.line.mute=off
inputs.mix.speaker4.mu=off
inputs.mix.speaker5.mu=off
inputs.mix.speaker6.mu=off
inputs.mix.headphones.=off
inputs.mix.speaker.mut=off
inputs.mix.speaker2.mu=off
inputs.mix.speaker3.mu=off
inputs.mix.mic=120,120
inputs.mix.mic2=120,120
inputs.mix.line=200,200
inputs.mix.speaker4=120,120
inputs.mix.speaker5=120,120
inputs.mix.speaker6=120
inputs.mix.headphones=120,120
inputs.mix.speaker=200,200
inputs.mix.speaker2=120,120
inputs.mix.speaker3=120,120
outputs.mix2=200,200
inputs.mix2.dac.mute=off
inputs.mix2.mix.mute=off
outputs.mix3=200,200
inputs.mix3.dac2.mute=off
inputs.mix3.mix.mute=off
outputs.mix4=200,200
inputs.mix4.dac3.mute=off
inputs.mix4.mix.mute=off
outputs.mix5=200,200
inputs.mix5.dac4.mute=off
inputs.mix5.mix.mute=off
outputs.headphones.sour=mix2
outputs.headphones.mute=off
outputs.headphones=85,85
outputs.headphones.dir=output
outputs.headphones.boos=off
outputs.speaker.source=mix2
outputs.speaker.mute=off
outputs.speaker=170,170
outputs.speaker.dir=output
outputs.speaker.boost=on
outputs.speaker2.source=mix5
outputs.speaker2.mute=off
outputs.speaker2=170,170
outputs.speaker2.dir=output
outputs.speaker2.boost=on
outputs.speaker3.source=mix5
outputs.speaker3.mute=off
outputs.speaker3=170,170
outputs.speaker3.dir=output
outputs.speaker3.boost=on
outputs.mic.source=mix3
outputs.mic.mute=off
outputs.mic=85,85
outputs.mic.dir=output
outputs.mic.boost=off
outputs.mic2.source=mix5
outputs.mic2.mute=off
outputs.mic2=85,85
outputs.mic2.dir=input
outputs.mic2.boost=off
outputs.line.source=mix4
outputs.line.mute=off
outputs.line=255,255
outputs.line.dir=input
outputs.line.boost=off
outputs.speaker4.source=mix5
outputs.speaker4.mute=off
outputs.speaker4=170,170
outputs.speaker4.dir=output
outputs.speaker4.boost=on
inputs.mix6.mic.mute=off
inputs.mix6.mic2.mute=off
inputs.mix6.line.mute=off
inputs.mix6.speaker4.m=off
inputs.mix6.speaker5.m=off
inputs.mix6.speaker6.m=off
inputs.mix6.headphones=off
inputs.mix6.speaker.mu=off
inputs.mix6.speaker2.m=off
inputs.mix6.speaker3.m=off
inputs.mix6.mix.mute=off
inputs.mix7.mic.mute=off
inputs.mix7.mic2.mute=off
inputs.mix7.line.mute=off
inputs.mix7.speaker4.m=off
inputs.mix7.speaker5.m=off
inputs.mix7.speaker6.m=off
inputs.mix7.headphones=off
inputs.mix7.speaker.mu=off
inputs.mix7.speaker2.m=off
inputs.mix7.speaker3.m=off
inputs.mix7.mix.mute=off
outputs.mix8=120,120
inputs.mix8.dac6.mute=off
inputs.mix8.mix.mute=off
inputs.usingdac=02030405
record.usingadc=0809


it takes a while to figure out what they all do, but the all
do something.  our current mixer setup doesn't handle complex
stuff like this very well though.

 (from NetBSD)

and that probably adds more controls.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Can I use citrus for current ?

[Jung]

if you want to use that patch, you need some modification that you can
use the patch for current.

i knew, no public cvs

i think, if you want to use a korean(hangul) on openbsd,
another method for korean, it's some quick ulgy hack ;-)

these lines comment in src/lib/libc/locale/setrunelocale.c
then libc re-compile.

if (strcmp(rl-rl_encoding, _CITRUS_DEFAULT_CTYPE_NAME) != 0) {
_NukeRune(rl);
return EINVAL;
}

these lines remove a comment in src/share/locale/ctype/Makefile
then korean locale install.
#LOCALES += ko_KR.eucKR
# LOCALESRC_ko_KR.eucKR = ko_KR.eucKR

and use a nabi for X
http://marc.info/?l=openbsd-portsm=115871943726656w=2

thanks
- Jung


 I found the only citrus patch is 20071008:
 http://sigsegv.s25.xrea.com/distfiles/citrus/OpenBSD/OpenBSD-HEAD-citrus-20071008.tar.bz2

 Can I use the patch for current ? Is there a public cvs ?

 Thanks for some help.

 Dongsheng

Re: Security meassures or just plain stupidity

[Joachim Schipper]

On Fri, Jan 18, 2008 at 09:49:10PM +0100, [EMAIL PROTECTED] wrote:
 In the last couple of weeks I have been reading a lot of security
 (...) literature (...) on web related issues.
 
 It seems to me that a lot of people (...) call themselves Security
 Experts

 But (...) [a] LOT of the examples provided in the material are just
 so damn stupid that I can't believe anyone can take them serious.

 (...) I tend to think: Dude if that can
 happen to someone running a web server he's to stupid to understand what
 you are writing and he shouldn't be running a web server in the first place.
 
 Is this just me or!?

No, it's not just you. Doing web application security or web programming
correctly is hard, and not quite all the people doing it (are
smart|care) enough to know what they are talking about.

This does not mean that there are no people who actually know what they
are talking about; for instance, Amit Klein tends to produce posts that
are, if not ground-breaking or brilliant, at least reasonably
well-written explanations of issues that could actually crop up in
programs or deployments created by competent people[1]. (Like
http://seclists.org/bugtraq/2005/Aug/0200.html).

As a general rule, web security requires securing the underlying server
(which is obviously a topic of its own, and includes DNS spoofing),
knowledge of common programming errors (mostly variations on not
distrusting input enough - which can range from SQL injection to
allowing people to upload/link to malicious image files - see
http://www.kb.cert.org/vuls/id/181038), and some protocol-level issues
like HTTP response splitting. Add in basic knowledge of cryptographic
issues - storing customer passwords using anything but salted hashes is
likely a mistake, and you should at least be aware of how much entropy
your session handler provides - and you've evaded most issues. At least,
until you're stupid enough to allow random 'widgets' on your page and
the like.

There are some tricks - stuff like mod_security[1] or simulating static
type checking by using Hungarian notation[2] - that can help a little,
but in the end it remains a difficult problem.

In the end, however, 'too stupid to run a web server' (for example,
running phpBB and not updating it) tends to cause much more damage than
a badly-written custom application.

I do hope some of these pointers are useful. Of course, this advice
might turn out to be worth what you paid for it; I do not claim to
belong to the few people who know enough to actually know what they are
talking about, after all...

Joachim

[1] mod_security 1 is in ports, under security/mod_security;
mod_security 2.x is only available for Apache 2, and not currently
ported. (Although Apache 2 is.) The underlying model is fundamentally
broken, but it can still catch some common problems, fix an issue
quickly, and/or protect you from issues in decoders by rewriting a lot
of stuff into a saner form.
[2] The basic idea is as written in
http://www.joelonsoftware.com/articles/Wrong.html, under 'The Real
Solution'.

Bind port for bind/dlz

[Michael Spratt]

I have a question, I'm trying to recompile a flavor of bind but I 
can't find  the port because its part of the base install.
 
 Could you point me in the right direction on how I would do it ? 
 
 I downloaded the bind source and compiled it but obviously the 
 original version that ships on base should be un-installed from openbsd
first..
 
 I don't know how to do it because its part of the base system.
 
 Sorry if I'm posting in the wrong area if so please direct me to the 
 proper area. I don't have experinece interacting with the community here.

If you have src.tar.gz downloaded from an FTP mirror, You can use the local
modified version of BIND instead of trying to hack it out of the base
system.

/usr/src/usr.sbin/bind/Makefile.bsd-wrapper would be the file to look at...


I hope this helps, Good luck.

-Nix Fan.

Ok so I'm compiling bind 9.4.2 using the bsd makefile like you suggested I
can compile and install however when add the --with-dlz-bdb option and I
keep getting a stop on line 70 of Makefile.bsd-wrapper 

error: could not find Berkeley DB include directory 

Already had installed db-4.2.5p11 I know the lib files for bdb go to
/usr/local/lib/db4 but I can't figure out what directory the bind compile
wants. It seems to want the intstall directory for dbv4. 

Anyone know which directory I can specify for --with-dlz-dbd=/sw/install? 

Re: Reversing audio channels

[Jacob Meuser]

On Mon, Jan 21, 2008 at 08:54:33AM +0200, Antti Harri wrote:
 On Mon, 21 Jan 2008, Jacob Meuser wrote:
 
 or you could use that JACK port I sent to ports@, which allows you
 to do this sort of thing *in software*.
 
 Hi,
 
 I would, but I asked you in private what about the software that doesn't 
 support JACK when you sent the port.. I would have to be 
 killing the daemon for such every software, right? I hated that with 
 artsd, it was always blocking the audio devices from non-artsd supporting
 software. It would be neat if JACK would work some how transparently.

with artsd, you can set the suspend timeout to a really low value.

some jack clients, like xmms, will start jackd when they start
playing and kill it when they're done.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Reversing audio channels

[Antti Harri]

On Mon, 21 Jan 2008, Jacob Meuser wrote:


or you could use that JACK port I sent to ports@, which allows you
to do this sort of thing *in software*.


Hi,

I would, but I asked you in private what about the software that doesn't 
support JACK when you sent the port.. I would have to be 
killing the daemon for such every software, right? I hated that with 
artsd, it was always blocking the audio devices from non-artsd supporting

software. It would be neat if JACK would work some how transparently.

--
Antti Harri