rum.4
Chipset: Ralink RT2501USB. (RT2528+RT2571W) rum0 at uhub0 port 1 Ralink 802.11 bg WLAN rev 2.00/0.01 addr 3 rum0: MAC/BBP RT2573 (rev 0x2573a), RF RT2528, address 00:0e:e8:e0:c4:17 Index: rum.4 === RCS file: /cvs/src/share/man/man4/rum.4,v retrieving revision 1.31 diff -u -r1.31 rum.4 --- rum.4 22 Feb 2008 10:46:57 - 1.31 +++ rum.4 4 Mar 2008 09:20:27 - @@ -262,6 +262,7 @@ .It Abocom WUG2700 .It Airlink101 AWLL5025 .It ASUS WL-167g ver 2 +.It Atlantis Land A02-UP1-W54 .It Belkin F5D7050 ver 3 .It Belkin F5D9050 ver 3 .It Buffalo WLI-U2-SG54HP -- see ya, giovanni
Re: pf tag goes missing post sshd tcp decapsulization
On Mon, Mar 03, 2008 at 11:41:39AM -0500, scott wrote: Thanks, everyone, for the user- vs kernel-land info. As soon as I read it, I got it. Disappointed but I got it. ipsec/isakpmd is, I think, kernel-land and it has some very flexible (per ipsec rule, not just daemon level, as in user or group filtering) pf+visible tag capabilities. As he crosses his fingers and starts the please-please-please dance ... Respecting the differences between sshd and ipsec implementations and, now that I get it, their respective run space, it certainly would be nice to see as a futures sshd inherit what ever may be inheritable in these regards. I like henning's idea to use something like a setsockopt(2) option to assign a pf tag to a running session. I was thinking about this before to use it with some weird magic in relayd... but this is way off at the moment. This ssh -w option is sooo very cool!!! It just needs a little more something from the supporting cast of daemons. I'm still waiting for someone who pops up to port it to the Windoze/cygwin version of openssh. There is a tun/tap driver in the OpenVPN package (unfortunately GPL), it could be moved into an external package and used by the port for SSH-VPN. I would only do it if I could get some compensation for immaterial damage; yuck, working on Windows is so painful. Thx. -Original Message- From: Giancarlo Razzolini [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: pf tag goes missing post sshd tcp decapsulization Date: Mon, 03 Mar 2008 13:02:02 -0300 Mailer: Thunderbird 1.5.0.14pre (X11/20071023) Delivered-To: [EMAIL PROTECTED] Henning Brauer escreveu: * Giancarlo Razzolini [EMAIL PROTECTED] [2008-03-03 14:35]: Tags are only visible while in the kernel. Once you send them to a application, unless it has the ability to set a tag, the tag will be lost. The ftp-proxy(8) AFAICR, since 4.1 has the ability to set a tag on the packet. It would be nice if more userland applications like sshd, spamd, hoststated, etc, could set tags too. actually, it is not ftp-proxy that sets tags. ftp-proxy dynamically inserts rules and makes THEM tag the packets. that concept doesn't translate all that well to the other usage cases you mention. And, as the packets passes by the rules that ftp-proxy inserted, they can be filtered on using the tag inserted with ftp-proxy. But it would be really nice to have other applications being able to see tags and set them too in the packets passing through them. But i don't see it much as a limitation. I do use the user keyword or other means to filter based on the application. Also, a very good thing is the ability to use the authpf. I also think that the new chroot functionally off ssh that is shipping with open 4.3, will help on doing this. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
zcat in root partition
Hi! I am writing a script that would be nice to be able to run with only the root partition mounted, and it works fine except that I find no way to read .gz compressed files without e.g /usr/bin/zcat. So my questions are: is there a program in /sbin:/bin that can decompress .gz compressed files? Or should there be? Would it not be nice to be able to untar e.g base43.tgz from single user mode without having to mount /usr? Info: cpio, tar and pax are in /bin but they all rely on an external zcat program. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: zcat in root partition
Raimo Niskanen wrote: I am writing a script that would be nice to be able to run with only the root partition mounted, and it works fine except that I find no way to read .gz compressed files without e.g /usr/bin/zcat. You can do it with something like this in single user mode: # mount /usr # cd /usr/src/usr.bin/compress # make LDSTATIC=-static # cp compress /root/compress_static # make clean # umount /usr # mkdir /usr/bin # mv /root/compress_static /usr/bin/zcat As soon as you mount the /usr partition the contents of /usr will be hidden. So my questions are: is there a program in /sbin:/bin that can decompress .gz compressed files? Or should there be? Would it not be nice to be able to untar e.g base43.tgz from single user mode without having to mount /usr? basexx.tgz will unpack files in /usr which is not mounted. So all files will end up on the wrong partition. # Han
Re: rum.4
On Tue, Mar 04, 2008 at 10:23:47AM +0100, giovanni wrote: Chipset: Ralink RT2501USB. (RT2528+RT2571W) rum0 at uhub0 port 1 Ralink 802.11 bg WLAN rev 2.00/0.01 addr 3 rum0: MAC/BBP RT2573 (rev 0x2573a), RF RT2528, address 00:0e:e8:e0:c4:17 Index: rum.4 === RCS file: /cvs/src/share/man/man4/rum.4,v retrieving revision 1.31 diff -u -r1.31 rum.4 --- rum.4 22 Feb 2008 10:46:57 - 1.31 +++ rum.4 4 Mar 2008 09:20:27 - @@ -262,6 +262,7 @@ .It Abocom WUG2700 .It Airlink101 AWLL5025 .It ASUS WL-167g ver 2 +.It Atlantis Land A02-UP1-W54 .It Belkin F5D7050 ver 3 .It Belkin F5D9050 ver 3 .It Buffalo WLI-U2-SG54HP -- see ya, giovanni committed, thanks. jmc
Re: : zcat in root partition
On Tue, Mar 04, 2008 at 02:30:27PM +0100, Han Boetes wrote: Raimo Niskanen wrote: I am writing a script that would be nice to be able to run with only the root partition mounted, and it works fine except that I find no way to read .gz compressed files without e.g /usr/bin/zcat. You can do it with something like this in single user mode: # mount /usr # cd /usr/src/usr.bin/compress # make LDSTATIC=-static # cp compress /root/compress_static # make clean # umount /usr # mkdir /usr/bin # mv /root/compress_static /usr/bin/zcat As soon as you mount the /usr partition the contents of /usr will be hidden. That is nice. Another alternative would be to copy what ldd says: /usr/bin/zcat /usr/lib/libz.so* /usr/lib/libc.so* /usr/libexec/ld.so* to my mount point /usr from the partition that is supposed to be mounted there. So my questions are: is there a program in /sbin:/bin that can decompress .gz compressed files? Or should there be? Would it not be nice to be able to untar e.g base43.tgz from single user mode without having to mount /usr? basexx.tgz will unpack files in /usr which is not mounted. So all files will end up on the wrong partition. Only if current working directory is /. I will only extract ./usr/mdec and not to /. # Han -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
opensnmpd and net-snmp conflicting ?
dear list, recently i upgrade one of my machine to 4.3-beta, and found the new snmp program, but i'm still using the net-snmp from ports, and somehow when i try to issue the oid .1.3.6.1.2.1.4.20.1.2 ( ip address look up ) it did not show anything, but if i use opensnmpd and issue the same oid, it shows the current ip address. also if i issue .1.3.6.1.2.1.1.3.0 it didn't show the machine uptime, but show the snmp daemon uptime ( same for net-snmp and opensnmpd ). is it some kind of MIB conflict or something ? anyone else has same problem with me ? can opensnmpd developer confirm me ? thank you. rgds, Agung
Re: opensnmpd and net-snmp conflicting ?
On 2008-03-04, Agung T. Apriyanto [EMAIL PROTECTED] wrote: recently i upgrade one of my machine to 4.3-beta, and found the new snmp program, but i'm still using the net-snmp from ports Did you upgrade net-snmp to a version that will match your new kernel?
Re: Nfsen and php problems...?
1. In php.ini, set short_open_tag = On 2. Apply the following patch where you have installed NfSen: --- libexec/Nfcomm.pm.orig Sun Feb 17 13:12:15 2008 +++ libexec/Nfcomm.pm Sun Feb 17 13:12:20 2008 @@ -753,6 +753,7 @@ return undef; } chmod 0660, $socket_path; + chown $NfConf::UID, $NfConf::GID, $socket_path; } else { # TCP Internet socket The error message: ERROR: nfsend connect() error: Permission denied! will be solved with the two steps above. Reload nfsen: ./nfsen reload and you are done. The error message: ERROR: nfsend connect() error: No such file or directory! requires anadditional step: Either run apache in non chroot mode ( -u ) or follow the steps below: 1. in nfsen.conf # # nfsend communication socket # $COMMSOCKET = $PIDDIR/nfsen.comm; Set COMMSOCKET to a path inside the chroot of apache e.g. $COMMSOCKET = /var/www/var/tmp/nfsen.comm; Make sure the directory exists and user $USER can read/write. 2. Edit the conf.php file in the nfsen htdocs directory: Edit the line: $COMMSOCKET = .. to point to the socket inside apache root e.g. $COMMSOCKET = /var/tmp/nfsen.comm; Reload nfsen: ./nfsen reload - Peter --On March 3, 2008 1:21:51 PM -0800 Balgaa [EMAIL PROTECTED] wrote: | hello, | | I have problem similiar but it says about permission. | ERROR: nfsend connect() error: Permission denied! | ERROR: nfsend - connection failed!! | ERROR: Can not initialize globals! | | Is there anything wrong with directory or file permission? | | | | Richard Daemon wrote: | | Hi, | | I'm really stumped on this and any help would be greatly appreciated. | | When trying to load the nfsen/nfsen.php page I get: | | ERROR: nfsend connect() error: No such file or directory! | ERROR: nfsend - connection failed!! | ERROR: Can not initialize globals! | | I'm sure I have it configured properly and started properly as the | documentation states, I've read over and over and over again... | | I've used the default ./etc/nfsen-dist.conf ./etc/nfsen.conf (tried | with and without changing HTMLDIR) | | I'm running httpd -u (non-chroot), php enabled, configured in | httpd.conf and tested ok - httpd chrooted works less, for now. | | I did the mkdir /data then ran the ./install.pl etc/nfsen.conf | | Started it with: ./nfsen start and it starts ok. | | in nfsen.conf I tried with /var/www/nfsen and /var/www/htdocs/nfsen | (same results)... | | %sources = ( | # 'upstream1'= { 'port'= '9995', 'col' = '#ff', | 'type' = 'netflow' }, | 'slacker'= { 'port'= '9995', 'col' = '#ff', 'type' | = 'netflow' }, | # 'peer1'= { 'port'= '9996', 'col' = '#ff' }, | ); | | Then when I try http://slacker/nfsen/nfsen.php I get: | | ERROR: nfsend connect() error: No such file or directory! | ERROR: nfsend - connection failed!! | ERROR: Can not initialize globals!in red. | | pfflowd -d -n 192.168.0.10 running from remote host. | | I tried 1.3 and 1.3b, including nfsen -r live. | | I also get this in /var/log/messages: | Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat | information. Missing key 'first' | | $ netstat -anf inet |grep 995 | udp0 0 *.9995 *.* | | Running OpenBSD 4.2-stable. | | Did I miss anything? Am I doing something wrong? | | Any help is greatly appreciated! | | | | | -- | View this message in context: http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15814259.html | Sent from the openbsd user - misc mailing list archive at Nabble.com. | -- Peter Haag
Re: Nfsen and php problems...?
Peter, Thank you very much. Is there way to see protocol based graph view like ftp, http, ssh, voip, P2P (bittorrent, edonkey, kazaa etc.,). I saw Nfsen only show tcp/udp, icmp and port based graph. Peter Haag-2 wrote: 1. In php.ini, set short_open_tag = On 2. Apply the following patch where you have installed NfSen: --- libexec/Nfcomm.pm.orig Sun Feb 17 13:12:15 2008 +++ libexec/Nfcomm.pm Sun Feb 17 13:12:20 2008 @@ -753,6 +753,7 @@ return undef; } chmod 0660, $socket_path; + chown $NfConf::UID, $NfConf::GID, $socket_path; } else { # TCP Internet socket The error message: ERROR: nfsend connect() error: Permission denied! will be solved with the two steps above. Reload nfsen: ./nfsen reload and you are done. The error message: ERROR: nfsend connect() error: No such file or directory! requires anadditional step: Either run apache in non chroot mode ( -u ) or follow the steps below: 1. in nfsen.conf # # nfsend communication socket # $COMMSOCKET = $PIDDIR/nfsen.comm; Set COMMSOCKET to a path inside the chroot of apache e.g. $COMMSOCKET = /var/www/var/tmp/nfsen.comm; Make sure the directory exists and user $USER can read/write. 2. Edit the conf.php file in the nfsen htdocs directory: Edit the line: $COMMSOCKET = .. to point to the socket inside apache root e.g. $COMMSOCKET = /var/tmp/nfsen.comm; Reload nfsen: ./nfsen reload - Peter --On March 3, 2008 1:21:51 PM -0800 Balgaa [EMAIL PROTECTED] wrote: | hello, | | I have problem similiar but it says about permission. | ERROR: nfsend connect() error: Permission denied! | ERROR: nfsend - connection failed!! | ERROR: Can not initialize globals! | | Is there anything wrong with directory or file permission? | | | | Richard Daemon wrote: | | Hi, | | I'm really stumped on this and any help would be greatly appreciated. | | When trying to load the nfsen/nfsen.php page I get: | | ERROR: nfsend connect() error: No such file or directory! | ERROR: nfsend - connection failed!! | ERROR: Can not initialize globals! | | I'm sure I have it configured properly and started properly as the | documentation states, I've read over and over and over again... | | I've used the default ./etc/nfsen-dist.conf ./etc/nfsen.conf (tried | with and without changing HTMLDIR) | | I'm running httpd -u (non-chroot), php enabled, configured in | httpd.conf and tested ok - httpd chrooted works less, for now. | | I did the mkdir /data then ran the ./install.pl etc/nfsen.conf | | Started it with: ./nfsen start and it starts ok. | | in nfsen.conf I tried with /var/www/nfsen and /var/www/htdocs/nfsen | (same results)... | | %sources = ( | # 'upstream1'= { 'port'= '9995', 'col' = '#ff', | 'type' = 'netflow' }, | 'slacker'= { 'port'= '9995', 'col' = '#ff', 'type' | = 'netflow' }, | # 'peer1'= { 'port'= '9996', 'col' = '#ff' }, | ); | | Then when I try http://slacker/nfsen/nfsen.php I get: | | ERROR: nfsend connect() error: No such file or directory! | ERROR: nfsend - connection failed!! | ERROR: Can not initialize globals!in red. | | pfflowd -d -n 192.168.0.10 running from remote host. | | I tried 1.3 and 1.3b, including nfsen -r live. | | I also get this in /var/log/messages: | Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat | information. Missing key 'first' | | $ netstat -anf inet |grep 995 | udp0 0 *.9995 *.* | | Running OpenBSD 4.2-stable. | | Did I miss anything? Am I doing something wrong? | | Any help is greatly appreciated! | | | | | -- | View this message in context: http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15814259.html | Sent from the openbsd user - misc mailing list archive at Nabble.com. | -- Peter Haag -- View this message in context: http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15833347.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: opensnmpd and net-snmp conflicting ?
yes i did upgrade ports to current too, now its net-snmp 5.4.1 On Tue, Mar 4, 2008 at 11:15 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2008-03-04, Agung T. Apriyanto [EMAIL PROTECTED] wrote: recently i upgrade one of my machine to 4.3-beta, and found the new snmp program, but i'm still using the net-snmp from ports Did you upgrade net-snmp to a version that will match your new kernel?
Re: Nfsen and php problems...?
--On March 4, 2008 10:03:43 AM -0800 Balgaa [EMAIL PROTECTED] wrote: | Peter, | | Thank you very much. Is there way to see protocol based graph view like ftp, | http, ssh, voip, P2P (bittorrent, edonkey, kazaa etc.,). | | I saw Nfsen only show tcp/udp, icmp and port based graph. Create a profile which shows all the profiles you want to see. - Peter | | | | Peter Haag-2 wrote: | | 1. In php.ini, set |short_open_tag = On | | 2. Apply the following patch where you have installed NfSen: | | --- libexec/Nfcomm.pm.orig Sun Feb 17 13:12:15 2008 | +++ libexec/Nfcomm.pm Sun Feb 17 13:12:20 2008 | @@ -753,6 +753,7 @@ | return undef; | } | chmod 0660, $socket_path; | + chown $NfConf::UID, $NfConf::GID, $socket_path; | | } else { | # TCP Internet socket | | The error message: | ERROR: nfsend connect() error: Permission denied! | will be solved with the two steps above. | | Reload nfsen: ./nfsen reload | and you are done. | | | The error message: | ERROR: nfsend connect() error: No such file or directory! | requires anadditional step: Either run apache in non chroot mode ( -u ) or | follow | the steps below: | | 1. in nfsen.conf | # | # nfsend communication socket | # $COMMSOCKET = $PIDDIR/nfsen.comm; | | Set COMMSOCKET to a path inside the chroot of apache e.g. | $COMMSOCKET = /var/www/var/tmp/nfsen.comm; | | Make sure the directory exists and user $USER can read/write. | | 2. Edit the conf.php file in the nfsen htdocs directory: | Edit the line: | $COMMSOCKET = .. | | to point to the socket inside apache root e.g. | $COMMSOCKET = /var/tmp/nfsen.comm; | | Reload nfsen: ./nfsen reload | | - Peter | | | --On March 3, 2008 1:21:51 PM -0800 Balgaa [EMAIL PROTECTED] wrote: | | | hello, | | | | I have problem similiar but it says about permission. | | ERROR: nfsend connect() error: Permission denied! | | ERROR: nfsend - connection failed!! | | ERROR: Can not initialize globals! | | | | Is there anything wrong with directory or file permission? | | | | | | | | Richard Daemon wrote: | | | | Hi, | | | | I'm really stumped on this and any help would be greatly appreciated. | | | | When trying to load the nfsen/nfsen.php page I get: | | | | ERROR: nfsend connect() error: No such file or directory! | | ERROR: nfsend - connection failed!! | | ERROR: Can not initialize globals! | | | | I'm sure I have it configured properly and started properly as the | | documentation states, I've read over and over and over again... | | | | I've used the default ./etc/nfsen-dist.conf ./etc/nfsen.conf (tried | | with and without changing HTMLDIR) | | | | I'm running httpd -u (non-chroot), php enabled, configured in | | httpd.conf and tested ok - httpd chrooted works less, for now. | | | | I did the mkdir /data then ran the ./install.pl etc/nfsen.conf | | | | Started it with: ./nfsen start and it starts ok. | | | | in nfsen.conf I tried with /var/www/nfsen and /var/www/htdocs/nfsen | | (same results)... | | | | %sources = ( | | # 'upstream1'= { 'port'= '9995', 'col' = '#ff', | | 'type' = 'netflow' }, | | 'slacker'= { 'port'= '9995', 'col' = '#ff', 'type' | | = 'netflow' }, | | # 'peer1'= { 'port'= '9996', 'col' = '#ff' }, | | ); | | | | Then when I try http://slacker/nfsen/nfsen.php I get: | | | | ERROR: nfsend connect() error: No such file or directory! | | ERROR: nfsend - connection failed!! | | ERROR: Can not initialize globals!in red. | | | | pfflowd -d -n 192.168.0.10 running from remote host. | | | | I tried 1.3 and 1.3b, including nfsen -r live. | | | | I also get this in /var/log/messages: | | Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat | | information. Missing key 'first' | | | | $ netstat -anf inet |grep 995 | | udp0 0 *.9995 *.* | | | | Running OpenBSD 4.2-stable. | | | | Did I miss anything? Am I doing something wrong? | | | | Any help is greatly appreciated! | | | | | | | | | | -- | | View this message in context: | http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15814259.html | | Sent from the openbsd user - misc mailing list archive at Nabble.com. | | | | | | -- | Peter Haag | | | | | -- | View this message in context: http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15833347.html | Sent from the openbsd user - misc mailing list archive at Nabble.com. | -- Peter Haag
Installation freeze....
Hi, this is my first attemp to installa OpenBSD on a system... I have an Epia PD mini-itx system (http://www.via.com.tw/en/products/mainboards/motherboards.jsp?motherboard_id=241) with a Intel PCI ethernet card (Intel PRO/1000MT Dual Port Server Adapter - PWLA8492MT) when I try to install OpenBSD 4.2 the system freeze (well... it seems to freeze: ctrl-c has no effect, every keypress is printed to the screen without result, after 2 minutes I belive that the system is frozen)... the installation stop during the network configuration after i have entered the IPv4 address for em1 (the system has 4 ethernet port: vr0, vr1, em0, em1)... I was able to install the system without network configuration!!! so I have an OpenBSD 4.2 installation but if I try to bring the ethernet interface up the system freezes (only with em0 or em1)... I do not know how to solve the problem... I have not found usefull information on the mailing list (there was some problem with this ethernet adapter near 2006 with a past OpenBSD version)... I have search into the bug track without result... someone can tell me where can I search for a solution or what to do? thanks... -Massimiliano I have read that the dmesg of the system is usefull: OpenBSD/i386 BOOT 3.01 boot boot booting hd0a:/bsd: 5665588+872060 [52+291168+272312]=0x6c5c70 entry point at 0x200120 m [ using 563904 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2007 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Samuel 2 (CentaurHauls 686-class) 602 MHz cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX real mem = 519602176 (495MB) avail mem = 494755840 (471MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/11/04, BIOS32 rev. 0 @ 0xface0, SMBIOS rev. 2.2 @ 0xf0800 (26 entries) bios0: vendor Award Software International, Inc. version 6.00 PG date 03/11/2004 bios0: VIA Technologies, Inc. VT8623-8235 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdba4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb10/144 (7 entries) pcibios0: PCI Exclusive IRQs: 9 11 12 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xe000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8623 PCI rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8633 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA CLE266 rev 0x03: aperture at 0xe000, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vr0 at pci0 dev 15 function 0 VIA VT6105 RhineIII rev 0x8b: irq 12, address 00:40:63:de:4f:6c ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 0x004063, model 0x0034 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 11 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 11 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x80: irq 9 ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 12 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: VIA EHCI root hub, rev 2.00/1.00, addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00 iic0 at viapm0 pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HTS721080G9AT00 wd0: 16-sector PIO, LBA48, 76319MB, 156301 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8082N, 0B11 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 9 ac97: codec id 0x56494161 (VIA Technologies VT1612A) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr1 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x74: irq 11, address 00:40:63:de:4f:8a ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI 0x004063, model 0x0032 em0 at pci0 dev 19 function 0 Intel PRO/1000MT (82546EB) rev 0x01: irq 12, address 00:07:e9:1f:9f:46 em1 at pci0 dev 19 function 1 Intel PRO/1000MT (82546EB) rev 0x01: irq 11, address 00:07:e9:1f:9f:47 usb1 at uhci0: USB revision 1.0 uhub1 at usb1: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: VIA UHCI root hub, rev 1.00/1.00, addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd
main mode produces comm losses
Hi, I am running OpenBSD 4.0 with carp+isakmpd+sasyncd+pf on 166MHz Pentium boards. Everything is working well. There are 6 locations, all clustered (2 redundant firewalls). When I fail one cluster the other one takes over with some packet loss. I see the carp is doing its thing. After the failover the new master starts using the SAs from its partner until it establishes its own. For this delta time everything is stable. 10-15 seconds later it starts establishing the main mode keys all at the same time and I can see for 7-9 seconds the CPU utilized 100%. During that time the communication is down again. After this new SAs are established everything goes back to normal. Since I already have the SAs, it is really no need to run the CPU demanding D-H to a point where the CPU is fully used and the packet forwarding is affected. Is there a way to have the CPU demanding main mode done so that the packet forwarding is not affected? I tried to run nice isakmpd but I still get the timeouts when the new IKE and IPSEC SAs are established. I also tried renice-ing process id 13 (crypto) with value -20, but I still get the same result. Thanks, Catalin - All new Yahoo! Mail - - Get a sneak peak at messages with a handy reading pane.
Re: opensnmpd and net-snmp conflicting ?
hi! On Tue, Mar 04, 2008 at 10:57:57PM +0700, Agung T. Apriyanto wrote: recently i upgrade one of my machine to 4.3-beta, and found the new snmp program, but i'm still using the net-snmp from ports, and somehow when i try to issue the oid .1.3.6.1.2.1.4.20.1.2 ( ip address look up ) it did not show anything, but if i use opensnmpd and issue the same oid, it shows the current ip address. you mean the new snmpd is working correctly but net-snmp is not? this doesn't surprise me, there were some issues with net-snmp in the past, this was one of my reasons to start working on a new implementation. also if i issue .1.3.6.1.2.1.1.3.0 it didn't show the machine uptime, but show the snmp daemon uptime ( same for net-snmp and opensnmpd ). this is the correct behaviour, the following definition is from the SNMPv2 MIB (RFC 3418): ---snip--- sysUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION The time (in hundredths of a second) since the network management portion of the system was last re-initialized. ::= { system 3 } ---snap--- is it some kind of MIB conflict or something ? anyone else has same problem with me ? can opensnmpd developer confirm me ? thank you. there is no conflict between net-snmp and opensnmpd, they do not share any configuration and, unlike net-snmpd, the openbsd snmp daemon does not parse any ASN.1 MIB files on runtime and uses a compiled-in mib implementation. the only possible conflict is listening on udp port 161 (snmp). rgds, Agung Reyk
high load spamd bridge in greylisting mode
Hi, I need to setup a bridge to run spamd in greylisting mode. Since there have been some changes in spamd recently and the ruleset that appeared in the article in the OpenBSD Journal in the past (http://undeadly.org/cgi?action=articlesid=20061108134508) is more appropriate for blacklist mode, I wonder if anyone could point to a ruleset that considers recent updates in spamd and greylisting mode. Also, since this bridge is going to have to handle a lot of messages (some 50K legitimate and possibly some 450k spams) daily, what kind of tunning should be considered under these circunstances? Tnanks a lot in advance. Regards, Jeff. be a bit out of date. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: high load spamd bridge in greylisting mode
I need to setup a bridge to run spamd in greylisting mode. Since there have been some changes in spamd recently and the ruleset that appeared in the article in the OpenBSD Journal in the past (http://undeadly.org/cgi?action=articlesid=20061108134508) is more appropriate for blacklist mode, I wonder if anyone could point to a ruleset that considers recent updates in spamd and greylisting mode. Yes, things changed. Check the manual pages. They are accurate. Also, since this bridge is going to have to handle a lot of messages (some 50K legitimate and possibly some 450k spams) daily, what kind of tunning should be considered under these circunstances? Probably none. On some machines you may want to slow the clock down if you can, to save power..
Re: high load spamd bridge in greylisting mode
On Tue, Mar 4, 2008 at 5:50 PM, Theo de Raadt [EMAIL PROTECTED] wrote: Yes, things changed. Check the manual pages. They are accurate. Also, since this bridge is going to have to handle a lot of messages (some 50K legitimate and possibly some 450k spams) daily, what kind of tunning should be considered under these circunstances? Probably none. On some machines you may want to slow the clock down if you can, to save power.. So, in other words, the same kind of optimization that bind needed, from a couple of weeks ago? something like apm -L? Cool! -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: opensnmpd and net-snmp conflicting ?
you mean the new snmpd is working correctly but net-snmp is not? this doesn't surprise me, there were some issues with net-snmp in the past, this was one of my reasons to start working on a new implementation. yes, concerning i'm just graphing interface traffic via mrtg/cacti there is no conflict between net-snmp and opensnmpd, they do not share any configuration and, unlike net-snmpd, the openbsd snmp daemon does not parse any ASN.1 MIB files on runtime and uses a compiled-in mib implementation. the only possible conflict is listening on udp port 161 (snmp). well, in my case seems it's not port conflict. could it possible the build in mib somehow effecting net-snmp mibs environment ? considering its not respond to oid query from net-snmp while respond to same query from opensnmpd also previous query from net-snmp show machine uptime, and now show system uptime, same like opensnmpd query thanks agung
Pre-release tests
Right about now is a great time for our user community to jump in and do some install and upgrade tests. The 4.3 release cycle is fully in swing, and I hope that I can get it over with soon so that the developers can start work on the bug fixes and new work that can't make it into 4.3. Here's a list of the things that need testing. I hope that to most people this list is rather self explanatory; if in doubt just think for a particular test might mean, grab a snapshot for some architecture, and take a shot at testing the ones that you can! Our developers work from a list similar to this, but this time I am asking that our user community jump in and help as much as they can, too. I'm hoping to expose the testing mentality a bit.. so that more people help. I must note something of importance in this list. Some things are easy to test, because well... everyone has a PC. Well, the problem is that the bugs we look for in the last bit of a release cycle are more likely to be in vax net booting, or sun4c having a problem, or a particular alpha bug... I mention this hoping that some of you see that there must be a balance of some sort. We want all of our architectures to shine. When everything is great on the little old architectures, then the common ones will be great too. As always, if you find a problem, please file a high quality Problem Report (if you have the strength, check the PR database first to see if similar PRs are not yet closed). You can use the command sendbug(1) to send a PR... If you are able to, please submit a dmesglog of the running machine to [EMAIL PROTECTED] -- with the Subject: set to the type of your machine (ie. SunFire V215, or IBM eServer 325 or such) -- and PLEASE avoid the use of MIME, but instead send your messages without any special encoding since it lets our developers grep easily through the logs looking for specific machines when they are fixing bugs. Recently, I have had to start deleting the MIME submissions with the SPAM. Of course, little that you report will be fixed in the release, but if we run into any show stoppers.. it is a best that we know now. Please also note something else of importance. Since we are close to a release, the snapshots are in a constant state of flux -- as we make changes new ones are being put onto the FTP mirrors very quickly. Please make sure that the files you download have correct MD5 checksums, and please include the timestamps of the files in your bug reports. Thanks. i386 cd43 cdemu43 install43 bsd.rd floppyA floppyB floppyC pxeboot install upgrade bsd.mp on MP real CD X11R6 All the packages amd64 cd43 install43 floppy pxeboot bsd.rd install upgrade bsd.mp X11R6 All the packages macppc cd43 install43 bsd.rd hfs bsd.rd ffs install upgrade X11R6 All the packages sparc64 cd43 install43 netboot miniroot bsd.rd bsd.mp floppy install upgrade X11R6 All the packages alpha cd43 install43 netboot bsd.rd floppy floppyB install upgrade X11R6 All the packages zaurus ipkg bsd.rd ffs bsd.rd ext2fs install upgrade X11R6 All the packages sparc floppy tape cd43 install43 netboot miniroot bsd.rd install upgrade X11R6 All the packages Make sure sun4c and sun4 work sgi cd43 netboot(tftp) bsd.rd install upgrade X11R6 All the packages landisk bsd.rd miniroot install upgrade X11R6 All the packages armish bsd.rd install upgrade X11R6 All the packages mac68k bsd.rd install upgrade X11R6 All the packages hp300 bsd.rd bsd.rd on cd netboot install upgrade X11R6 All the packages mvme68k bsd.rd netboot s-records install upgrade X11R6 (no srv) All the packages mvme88k bsd.rd tftpboot netboot install upgrade X11R6 (no server) All the packages hppa cd43 install43 bsd.rd lif netboot tape install upgrade X11R6 (no server) All the packages vax cd43 install43 floppy/simh mop tape bsd.rd install upgrade X11R6 All the packages
OBSD hacks at ruxcon
Hi, I'm curious what the developers think about the attack angles Ben Hawkes put forth at Ruxcon in 2006. I did manage to find a note in an archive suggesting that these doors were closed, but I could not tell if they are? Ref: http://ruxcon.org.au/files/hawkes_openbsd.pdf Exploiting OpenBSD by Ben Hawkes -- Steve Szmidt They that would give up essential liberty for temporary safety deserve neither liberty nor safety. Benjamin Franklin
Re: OBSD hacks at ruxcon
On Tue, Mar 4, 2008 at 9:57 PM, steve szmidt [EMAIL PROTECTED] wrote: Hi, I'm curious what the developers think about the attack angles Ben Hawkes put forth at Ruxcon in 2006. I did manage to find a note in an archive suggesting that these doors were closed, but I could not tell if they are? Ref: http://ruxcon.org.au/files/hawkes_openbsd.pdf Exploiting OpenBSD by Ben Hawkes http://marc.info/?t=11602591855r=1w=2
Re: Nfsen and php problems...?
Peter, How can I create profile? I am new to Nfsen+Nfdump. I need to create profile on Nfsen or? Peter Haag-2 wrote: --On March 4, 2008 10:03:43 AM -0800 Balgaa [EMAIL PROTECTED] wrote: | Peter, | | Thank you very much. Is there way to see protocol based graph view like ftp, | http, ssh, voip, P2P (bittorrent, edonkey, kazaa etc.,). | | I saw Nfsen only show tcp/udp, icmp and port based graph. Create a profile which shows all the profiles you want to see. - Peter | | | | Peter Haag-2 wrote: | | 1. In php.ini, set |short_open_tag = On | | 2. Apply the following patch where you have installed NfSen: | | --- libexec/Nfcomm.pm.orig Sun Feb 17 13:12:15 2008 | +++ libexec/Nfcomm.pm Sun Feb 17 13:12:20 2008 | @@ -753,6 +753,7 @@ | return undef; | } | chmod 0660, $socket_path; | + chown $NfConf::UID, $NfConf::GID, $socket_path; | | } else { | # TCP Internet socket | | The error message: | ERROR: nfsend connect() error: Permission denied! | will be solved with the two steps above. | | Reload nfsen: ./nfsen reload | and you are done. | | | The error message: | ERROR: nfsend connect() error: No such file or directory! | requires anadditional step: Either run apache in non chroot mode ( -u ) or | follow | the steps below: | | 1. in nfsen.conf | # | # nfsend communication socket | # $COMMSOCKET = $PIDDIR/nfsen.comm; | | Set COMMSOCKET to a path inside the chroot of apache e.g. | $COMMSOCKET = /var/www/var/tmp/nfsen.comm; | | Make sure the directory exists and user $USER can read/write. | | 2. Edit the conf.php file in the nfsen htdocs directory: | Edit the line: | $COMMSOCKET = .. | | to point to the socket inside apache root e.g. | $COMMSOCKET = /var/tmp/nfsen.comm; | | Reload nfsen: ./nfsen reload | | - Peter | | | --On March 3, 2008 1:21:51 PM -0800 Balgaa [EMAIL PROTECTED] wrote: | | | hello, | | | | I have problem similiar but it says about permission. | | ERROR: nfsend connect() error: Permission denied! | | ERROR: nfsend - connection failed!! | | ERROR: Can not initialize globals! | | | | Is there anything wrong with directory or file permission? | | | | | | | | Richard Daemon wrote: | | | | Hi, | | | | I'm really stumped on this and any help would be greatly appreciated. | | | | When trying to load the nfsen/nfsen.php page I get: | | | | ERROR: nfsend connect() error: No such file or directory! | | ERROR: nfsend - connection failed!! | | ERROR: Can not initialize globals! | | | | I'm sure I have it configured properly and started properly as the | | documentation states, I've read over and over and over again... | | | | I've used the default ./etc/nfsen-dist.conf ./etc/nfsen.conf (tried | | with and without changing HTMLDIR) | | | | I'm running httpd -u (non-chroot), php enabled, configured in | | httpd.conf and tested ok - httpd chrooted works less, for now. | | | | I did the mkdir /data then ran the ./install.pl etc/nfsen.conf | | | | Started it with: ./nfsen start and it starts ok. | | | | in nfsen.conf I tried with /var/www/nfsen and /var/www/htdocs/nfsen | | (same results)... | | | | %sources = ( | | # 'upstream1'= { 'port'= '9995', 'col' = '#ff', | | 'type' = 'netflow' }, | | 'slacker'= { 'port'= '9995', 'col' = '#ff', 'type' | | = 'netflow' }, | | # 'peer1'= { 'port'= '9996', 'col' = '#ff' }, | | ); | | | | Then when I try http://slacker/nfsen/nfsen.php I get: | | | | ERROR: nfsend connect() error: No such file or directory! | | ERROR: nfsend - connection failed!! | | ERROR: Can not initialize globals!in red. | | | | pfflowd -d -n 192.168.0.10 running from remote host. | | | | I tried 1.3 and 1.3b, including nfsen -r live. | | | | I also get this in /var/log/messages: | | Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat | | information. Missing key 'first' | | | | $ netstat -anf inet |grep 995 | | udp0 0 *.9995 *.* | | | | Running OpenBSD 4.2-stable. | | | | Did I miss anything? Am I doing something wrong? | | | | Any help is greatly appreciated! | | | | | | | | | | -- | | View this message in context: | http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15814259.html | | Sent from the openbsd user - misc mailing list archive at Nabble.com. | | | | | | -- | Peter Haag | | | | | -- | View this message in context: http://www.nabble.com/Nfsen-and-php-problems...--tp15526200p15833347.html | Sent from the openbsd user - misc mailing list archive at Nabble.com. | -- Peter Haag -- View this message in
floppy.fs
Hi All I'm just wondering how many people out there are using the floppy.fs installer still? I'm wondering if it would be a worthwhile thought to expand past the 1.44Mb limit for the CD and .rd install options if there are features that can be added to the installer. No, I'm not thinking a gui/menu based installer as the main reason, but there might be benefits to something like that. Paul
Re: OBSD hacks at ruxcon
On Tuesday 04 March 2008, David Higgs wrote: I'm curious what the developers think about the attack angles Ben Hawkes put forth at Ruxcon in 2006. I did manage to find a note in an archive suggesting that these doors were closed, but I could not tell if they are? http://marc.info/?t=11602591855r=1w=2 Looks like the malloc is addressed. Anything on the other attack vectors? -- Steve Szmidt They that would give up essential liberty for temporary safety deserve neither liberty nor safety. Benjamin Franklin
Re: floppy.fs
I'm just wondering how many people out there are using the floppy.fs installer still? I think your assumption is that we are facing the space problem just from the i386 side. We are not. We run on lots of architectures. There is some semblance of size pressure from all architectures. But in general we HAVE been coping just fine with that pressure, and excending the install scripts. I'm wondering if it would be a worthwhile thought to expand past the 1.44Mb limit for the CD and .rd install options if there are features that can be added to the installer. No, I'm not thinking a gui/menu based installer as the main reason, but there might be benefits to something like that. We've been adding new features to the installer every release. I guess you just haven't noticed them, but they are there. Lots of them.
Re: Nfsen and php problems...?
--On March 4, 2008 19:38:58 -0800 Balgaa [EMAIL PROTECTED] wrote: | Peter, | | How can I create profile? | | I am new to Nfsen+Nfdump. I need to create profile on Nfsen or? Please read the documentation. Everything is written there. - Peter | | | | Peter Haag-2 wrote: | | --On March 4, 2008 10:03:43 AM -0800 Balgaa [EMAIL PROTECTED] wrote: | | | Peter, | | | | Thank you very much. Is there way to see protocol based graph view like | ftp, | | http, ssh, voip, P2P (bittorrent, edonkey, kazaa etc.,). | | | | I saw Nfsen only show tcp/udp, icmp and port based graph. | | Create a profile which shows all the profiles you want to see. | | - Peter | | | | | | | | Peter Haag-2 wrote: | | | | 1. In php.ini, set | |short_open_tag = On | | | | 2. Apply the following patch where you have installed NfSen: | | | | --- libexec/Nfcomm.pm.orig Sun Feb 17 13:12:15 2008 | | +++ libexec/Nfcomm.pm Sun Feb 17 13:12:20 2008 | | @@ -753,6 +753,7 @@ | | return undef; | | } | | chmod 0660, $socket_path; | | + chown $NfConf::UID, $NfConf::GID, $socket_path; | | | | } else { | | # TCP Internet socket | | | | The error message: | | ERROR: nfsend connect() error: Permission denied! | | will be solved with the two steps above. | | | | Reload nfsen: ./nfsen reload | | and you are done. | | | | | | The error message: | | ERROR: nfsend connect() error: No such file or directory! | | requires anadditional step: Either run apache in non chroot mode ( -u | ) or | | follow | | the steps below: | | | | 1. in nfsen.conf | | # | | # nfsend communication socket | | # $COMMSOCKET = $PIDDIR/nfsen.comm; | | | | Set COMMSOCKET to a path inside the chroot of apache e.g. | | $COMMSOCKET = /var/www/var/tmp/nfsen.comm; | | | | Make sure the directory exists and user $USER can read/write. | | | | 2. Edit the conf.php file in the nfsen htdocs directory: | | Edit the line: | | $COMMSOCKET = .. | | | | to point to the socket inside apache root e.g. | | $COMMSOCKET = /var/tmp/nfsen.comm; | | | | Reload nfsen: ./nfsen reload | | | | - Peter | | | | | | --On March 3, 2008 1:21:51 PM -0800 Balgaa [EMAIL PROTECTED] wrote: | | | | | hello, | | | | | | I have problem similiar but it says about permission. | | | ERROR: nfsend connect() error: Permission denied! | | | ERROR: nfsend - connection failed!! | | | ERROR: Can not initialize globals! | | | | | | Is there anything wrong with directory or file permission? | | | | | | | | | | | | Richard Daemon wrote: | | | | | | Hi, | | | | | | I'm really stumped on this and any help would be greatly | appreciated. | | | | | | When trying to load the nfsen/nfsen.php page I get: | | | | | | ERROR: nfsend connect() error: No such file or directory! | | | ERROR: nfsend - connection failed!! | | | ERROR: Can not initialize globals! | | | | | | I'm sure I have it configured properly and started properly as the | | | documentation states, I've read over and over and over again... | | | | | | I've used the default ./etc/nfsen-dist.conf ./etc/nfsen.conf | (tried | | | with and without changing HTMLDIR) | | | | | | I'm running httpd -u (non-chroot), php enabled, configured in | | | httpd.conf and tested ok - httpd chrooted works less, for now. | | | | | | I did the mkdir /data then ran the ./install.pl etc/nfsen.conf | | | | | | Started it with: ./nfsen start and it starts ok. | | | | | | in nfsen.conf I tried with /var/www/nfsen and | /var/www/htdocs/nfsen | | | (same results)... | | | | | | %sources = ( | | | # 'upstream1'= { 'port'= '9995', 'col' = '#ff', | | | 'type' = 'netflow' }, | | | 'slacker'= { 'port'= '9995', 'col' = '#ff', | 'type' | | | = 'netflow' }, | | | # 'peer1'= { 'port'= '9996', 'col' = '#ff' | }, | | | ); | | | | | | Then when I try http://slacker/nfsen/nfsen.php I get: | | | | | | ERROR: nfsend connect() error: No such file or directory! | | | ERROR: nfsend - connection failed!! | | | ERROR: Can not initialize globals!in red. | | | | | | pfflowd -d -n 192.168.0.10 running from remote host. | | | | | | I tried 1.3 and 1.3b, including nfsen -r live. | | | | | | I also get this in /var/log/messages: | | | Feb 16 22:50:15 slacker nfsen[689]: Error reading channel stat | | | information. Missing key 'first' | | | | | | $ netstat -anf inet |grep 995 | | | udp0 0 *.9995 *.* | | | | | | Running OpenBSD 4.2-stable. | | | | | | Did I miss anything? Am I doing something wrong? | | | | | | Any help is greatly appreciated! | | | | | | | | | | | | | | | -- | | | View this message in context:
Re: floppy.fs
Theo de Raadt wrote: I'm just wondering how many people out there are using the floppy.fs installer still? I think your assumption is that we are facing the space problem just from the i386 side. We are not. We run on lots of architectures. There is some semblance of size pressure from all architectures. But in general we HAVE been coping just fine with that pressure, and excending the install scripts. Fair enough, I remember hearing/reading somewhere that there was no room left to add any features, apparently incorrect. False. The problem is people want to add crap glitz, and then fill it up for what we might want LATER. In a worst case, if there is a useful, yet large feature, it can be added into cd and bsd.rd, but leaving it out of floppy? Having the floppy makes Open unique, and it's a good thing to have. Like what? Where's the diff for this useful, very large feature? The main reason I asked is that I have not seen a floppy disk, or drive in the past 5 years, so it's interesting to know if others are actually using floppies still for this? I used one three days ago. That good enough for you? We've been adding new features to the installer every release. I guess you just haven't noticed them, but they are there. Lots of them. I do notice subtle additions from time to time, but no huge changes. This is a good thing, it shouldn't change that much. But, if there are really good, and useful changes that don't fit, then it might be a problem.
Re: floppy.fs
Paul Greidanus wrote: Theo de Raadt wrote: I'm just wondering how many people out there are using the floppy.fs installer still? I think your assumption is that we are facing the space problem just from the i386 side. We are not. We run on lots of architectures. There is some semblance of size pressure from all architectures. But in general we HAVE been coping just fine with that pressure, and excending the install scripts. Fair enough, I remember hearing/reading somewhere that there was no room left to add any features, apparently incorrect. In a worst case, if there is a useful, yet large feature, it can be added into cd and bsd.rd, but leaving it out of floppy? Having the floppy makes Open unique, and it's a good thing to have. The main reason I asked is that I have not seen a floppy disk, or drive in the past 5 years, so it's interesting to know if others are actually using floppies still for this? I have 8 computers in total and each one of them have a working floppy and 5 of them have working IDE zip-drives. I love using floppy disks. I also use zip drives to back up files as you can get 10 of them (which is 1Gb-2.5Gb) for as little as $1. You can also buy parallel port zip-drives for a $1 but OpenBSD has no driver for them as they are peace of c. I honestly didn't see SCSI zip drivers for a while. Kind Regards, Predrag P. S. If you want I would be more than happy to ship you a used floppy or a IDE zip drive for free anywhere on the North America continent. We've been adding new features to the installer every release. I guess you just haven't noticed them, but they are there. Lots of them. I do notice subtle additions from time to time, but no huge changes. This is a good thing, it shouldn't change that much. But, if there are really good, and useful changes that don't fit, then it might be a problem.
Re: OBSD hacks at ruxcon
On 3/5/08, steve szmidt [EMAIL PROTECTED] wrote: Looks like the malloc is addressed. Anything on the other attack vectors? Do you have a particular concern or are you asking for a 53 slide response presentation?
Re: floppy.fs
Theo de Raadt wrote: I'm just wondering how many people out there are using the floppy.fs installer still? I think your assumption is that we are facing the space problem just from the i386 side. We are not. We run on lots of architectures. There is some semblance of size pressure from all architectures. But in general we HAVE been coping just fine with that pressure, and excending the install scripts. Fair enough, I remember hearing/reading somewhere that there was no room left to add any features, apparently incorrect. In a worst case, if there is a useful, yet large feature, it can be added into cd and bsd.rd, but leaving it out of floppy? Having the floppy makes Open unique, and it's a good thing to have. The main reason I asked is that I have not seen a floppy disk, or drive in the past 5 years, so it's interesting to know if others are actually using floppies still for this? We've been adding new features to the installer every release. I guess you just haven't noticed them, but they are there. Lots of them. I do notice subtle additions from time to time, but no huge changes. This is a good thing, it shouldn't change that much. But, if there are really good, and useful changes that don't fit, then it might be a problem.
Re: floppy.fs
Theo de Raadt wrote: In a worst case, if there is a useful, yet large feature, it can be added into cd and bsd.rd, but leaving it out of floppy? Having the floppy makes Open unique, and it's a good thing to have. Like what? Where's the diff for this useful, very large feature? Don't have one, and I don't even have an idea for anything that would fit, it probably doesn't exist. However, if I do think of things that would be good, I'll keep fitting it into floppy in mind. floppyX.fs is here to stay. The main reason I asked is that I have not seen a floppy disk, or drive in the past 5 years, so it's interesting to know if others are actually using floppies still for this? I used one three days ago. That good enough for you? Doesn't matter what it means to me.. But good to know that it's still used.