Re: poll(2) vs kqueue(2) performance
On Mon, Apr 21, 2008 at 2:05 PM, Gilles Chehade <[EMAIL PROTECTED]> wrote: > Yay, I too fell in love with it and it's various API's despite the lack > of documentation for most of them, header help understanding how things > work but I wasted quite some time on bufferevents ;-) The documentation has actually become much better over time: http://www.monkey.org/~provos/libevent/doxygen-1.4.3/ However, I'd be happy to see any patches to improve the documentation. Thanks, Niels.
Re: ipw freezes my system
Replying to myself> I'm running 4.2 with -current kernel on acentrino notebook with> Intel PRO/Wireless 2100 netword card. I already got areply off-list (thanks Mike!) with asuggestion to run astandard configuration. Actually, I started with OpenBSD 4.2 but it didn't work. So Idecided to give new kernel atry. Sorry for not being clear in the first message. My one year old daughter can't sleep unless we turn all lights off, it was already late and Iwas in ahurry. She's sleeping now but the modem with acable is in her room and I'm writing this from M$ Windows. Now you understand how important to me is to get the wireless working ;) --Alexander Nasonov
Re: Where I am? [Was: Rolling release?]
On Wed, 2008-04-23 at 19:10 +, Stuart Henderson wrote: > On 2008-04-23, Zbigniew Baniewski <[EMAIL PROTECTED]> wrote: > > And even, if I - or someone - will ask the question covered by any docs, > > isn't just easier to skip it, giving no response at all, instead of wasting > > time answering the question, which - as I understood from some answers - > > perhaps isn't (from that person's point of view) worth any response? > > It's in everyone's interests to keep the signal:noise ratio high enough > that those developers still reading misc@ continue to do so. Sometimes > skipping it is best, sometimes it feels better to post on a thread to > try and dissuade other posts - I think this needs to happen from time > to time to keep up the quality of the questions :) > A suggestion... www.bsdforums.org a good, and possibly better, channel for user/admin class questions and dialogue (i.e. non-developer). :-)
Re: Upgrading 4.1->4.3
On Thu, Apr 24, 2008 at 08:03:18AM +0930, Damon McMahon wrote: > > I avoided the 4.1->4.2 upgrade due to the libexpat issue - using > several packages which use libexpat and not wanting to install xbase > on my system. I have read through upgrade43.html and just want to make > sure that I can upgrade 4.1->4.2, skip the "Upgrading packages" step > and then upgrade 4.2->4.3 without having to install xbase? I did it without problems when the 4.3 CDs arrived last week. As long as you are careful, you should not have a problem (as usual around here).
Re: mrxvt and ksh issue
Jesus Sanchez wrote: Hi, I'm using 4.2. I'm using 4.1. I have installed from ports the program mrxvt it works well as people say but I have (I believe) found a buggy behaviour when using mrxvt and ksh (the OpenBSD one). I launch startx (with fvwm2 and mrxvt on my .xinitrc) as a regular user (it's in the wheel group) and then I open a few tabs on mrxvt (3 or 4), then I close X with Ctrl+Alt+Backspace and I found with 'ps -ax' that the ksh opened with mrxvt (ttyp0, ttyp1, and more) are still running, not mrxvt. I am also using fvwm2, but I use xdm instead of startx. I used to have the same problem you describe and I can't remember what I did to fix it. In my ~/.Xdefaults I have the line: mrxvt.macro.Primary+Ctrl+W: Close 0 I only have that because it matches the shortcut to close a tab in my Seamonkey browser. Also, I'm not sure if I installed from ports. OpenBSD didn't have an mrxvt port for quite awhile so I always compiled my own. Here are the characteristics of my current mrxvt: [EMAIL PROTECTED] mrxvt -h Mrxvt v0.5.2 Options: XPM,Jpeg,PNG,transparent,fade,tint,utmp,menubar,XIM, scrollbars=rxvt+NeXT+xterm+sgi+plain,xft,frills,linespace,selectionscrolling, 256colour,cursorBlink,pointerBlank,session management,Resources When I try to kill them this doesn't works and ps return the "Is+" STATE I get 0wn3d and then try (as root) kill -9 and still doesn't works, ps returns "IEs+" STATE. Even If I have to power off the computer with 'halt -p' these ksh sessions make it imposible, I have to use 'halt -p -q'. What happens when you type the exit command instead of using the keyboard shortcut to close a tab/terminal? I wish I could remember what I did to fix the problem, but I also found this interesting line in my ~/.Xdefaults that may help: mrxvt.holdExit: 0x00 This stuff doesn't happends with tcsh and mrxvt. And also if I use rxvt instead of mrxvt this also doesn't happends with ksh. I have not added my dmesg or something else because I really don't know if it's necessary. You may also want to try the mrxvt mailing lists. I'm subscribed and they seem very active. The lead developer is top notch. -pachl
NFS Failover Fails
I have two public load balanced webservers and one private database server. The database server runs nfsd and is nfs mounted by the two webservers. I am adding a backup database server so that when the master database fails, the backup takes over. No problems there. The part I am having difficulty with is the nfs mounts. It is no secret that when the nfsd goes down, it becomes a headache to umount the directories that relay on this. I have tried everything that I have been able to find in my searching. My most successful attempt was like this: - the two databases use carp and ifstated, when the master database fails and the backup database takesover, it triggers a script in ifstated. - The script will ssh into each webserver, umount the nfs mounts then mount them again with the backup database as the target. When the initial mount used "mount -t nfs ..." the umount would just hang. When the initial mount used "mount_nfs -is ..." the umount would work only sometimes, with no obvious pattern of when it would work or not. I will consider any suggestion, or alternative. Is OpenAFS an option? I am just looking for a way to have failover for network file storage. Thanks, - Tom --- # cat /etc/ifstated.conf init-state auto carp_up = "carp0.link.up && carp1.link.up" carp_down = "!carp0.link.up || !carp1.link.up" state auto { if $carp_up set-state master if $carp_down set-state backup } # in this state we are the master mysql server, and the nfs mount state master { init { # start nfs posse #run "/usr/sbin/portmap" #run "echo -n>/var/db/mountdtab" #run "/sbin/mountd" #run "/sbin/nfsd -tun 4" #run "/bin/sleep 20" # go through each client using our nfsd and umount them # from their current nfs mounts and remount them using us run "/etc/ifstated_scripts/remount_nfs.sh" # let things settle run "/bin/sleep 20" } if $carp_down set-state backup } # in this state we are just waiting to take over state backup { init { # stop nfs posse (in reverse order) #run "ps -acx | grep nfsd | awk '{print $1}' | xargs kill " #run "kill -TERM `cat /var/run/mountd.pid`" #run "ps -acx | grep portmap | awk '{print $1}' | xargs kill " # let things settle run "/bin/sleep 20" } if $carp_up set-state master } # cat /etc/ifstated_scripts/remount_nfs.sh #!/bin/sh # when using master nfs server, ip=192.168.20.32 # when using backup nfs server, ip=192.168.20.31 # webserver (nfs-client) ips = 192.168.20.12, 192.168.20.11 # the same test directory exists on all nfs-server and nfs-client servers # /backup/nfs_test_mount NFS_SERVER_IP=192.168.20.32 SSH=/usr/bin/ssh MOUNT=/sbin/mount_nfs UMOUNT=/sbin/umount SLEEP=/bin/sleep ECHO=/bin/echo # list all directories that haves to me umount'd NFS_MOUNTS="/backup/nfs_test_mount" for machine in 192.168.20.12 192.168.20.11 do $ECHO "Logging into $machine ... "; for directory in $NFS_MOUNTS do NFS_UNMOUNT="$UMOUNT -f $directory" NFS_MOUNT="$MOUNT -si $NFS_SERVER_IP:$directory $directory" $ECHO "- unmounting $directory" $SSH [EMAIL PROTECTED] "$NFS_UNMOUNT" $ECHO "- sleeping zZzZ" $SLEEP 20 $ECHO "- mounting $directory" $SSH [EMAIL PROTECTED] "$NFS_MOUNT" done done _ Spell a grand slam in this game where word skill meets World Series. Get in the game. http://club.live.com/word_slugger.aspx?icid=word_slugger_wlhm_admod_april08
Re: Upgrading 4.1->4.3
Damon McMahon wrote: > I have read through upgrade43.html and just want to make sure that I can > upgrade 4.1->4.2, skip the "Upgrading packages" step and then > upgrade > 4.2->4.3 without having to install xbase? http://openbsd.org/faq/upgrade43.html wrote: > Note: Upgrades are only supported from one release to the release immediately > following it. Do not skip releases. Does this not answer your question? Skipping the 4.2 release means you can't install the 4.3 one, assuming you chose to setup multiple labels and didn't throw everything in wd0a (/), you can backup various configuration files into your /home partition and then install 4.3 "fresh". Just be sure to answer "none" when it asks you about your /home label, as you risk the installer newfs-ing it. :) -Nix Fan.
Bad aperture size reported? (agp..)
Hello, Seeing how OpenBSD 4.3 is due out "officially" soon, I decided to try it out on one of my older AMD systems: I'm noting an unusual problem though, agp0 is showing an unusual large aperture size, I only have a 32M card, and 32M is selected in the BIOS. ~SNIP~ pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev 0x00 agp0 at pchb0: v3, aperture at 0xfc00, size 0xe80 ppb0 at pci0 dev 1 function 0 "VIA VT8235 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "NVIDIA GeForce2 MX" rev 0xb2 -SNIP~ I'm not positive, but does 0xe80 mean 232 MB aperture? Kinda crazy isn't it? More information is available if needed, my real concern is, Will it cause problems when I upgrade? I'm running Xorg on this box with OpenBSD 4.2 without problems. -Nix Fan.
OpenBSD 4.3 arrives to Costa Rica !!
Hi folks, My copy of OpenBSD arrived this morning to my hands. Very nice !! I had a lot of fun reading the story. Good Work guys !! Warm Regards, Alvaro
Upgrading 4.1->4.3
Greetings, I avoided the 4.1->4.2 upgrade due to the libexpat issue - using several packages which use libexpat and not wanting to install xbase on my system. I have read through upgrade43.html and just want to make sure that I can upgrade 4.1->4.2, skip the "Upgrading packages" step and then upgrade 4.2->4.3 without having to install xbase? Any advice will be much appreciated. Cheers, Damon
ultima fecha de MAMMON
ZLTIMA FECHA DE MAMMON e s t e j u e v e s2 4 / 4 Mammon cumple aqos y lo festeja en la zltima fecha del ciclo O sea, tiramos la casa por la ventana pero sacado, mal. Vamos a tocar todo el repertorio iujuuu , mas de un invitado sorpresa como para que digas eh para !! Se fueron al carajo. Globos, preservativos usb para todos, fiesta, alegrma y mas fiesta MAMMON despide el ciclo a lo grande !!! este jueves 24/4 a las 21:30 El Condado . Niceto Verga 5542 (ant. $12 puerta $15) Te esperamos cabeza de raviol Trai amigos asm rompemos todo www.mammon.com.ar si no queris recibir mas mails de MAMMON es szper entendible, respondi este mail vacmo y en el subject poni BASTA
Re: Logging failed SSH users and the passwords they typed
Thanks Guys!! Like what Claer said, this was just for the purpose of honeypot research. I don't care about user passwords in real world :) Thanks for the patch. -Parvinder Bhasin On Apr 23, 2008, at 9:06 AM, HDC wrote: I have 3 sshd deamons in my border firewall, 2 in no common ports for my use, and 1 on default port (without real access) for "prevention statistics". Depending of the "prevention statistic" I design de security policy to SSH and passwords. It nice to see the statistics of ilegal access on the default port of your sshd :) Greetings, Hernan OpenBSDeros.org On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen <[EMAIL PROTECTED] > wrote: "Ed Ahlsen-Girard" <[EMAIL PROTECTED]> writes: When I was getting brute forced that way I just turned off remote password login and use keypairs exclusively. Which won't work for everybody, I guess. plus, of course, the fact that overload + flush global is fun to watch - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- # /dev/hdc -> OpenBSDeros.org hdc [at] openbsderos [dot] org
Re: slow ping with em(4)
On 2008-04-23, Benoit Chesneau <[EMAIL PROTECTED]> wrote: > On Wed, Apr 23, 2008 at 9:51 PM, Marc Winiger >> What happens if you penetrate your disk while pinging? Something like > that: >> dd if=/dev/sd0c of=/dev/null >> >> Marc >> > hi, > > While doing this, ping time response is ok around 85ms. What does it > mean ? Anyway seem like you catch it . > > > - benont ahci0 at pci0 dev 31 function 2 "Intel 82801GBM AHCI" rev 0x02: apic 2 int 16 (irq 11), AHCI 1.1 em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 16 (irq 11), address 00:16:d3:c0:22:c8 em0 is not really generating interrupts on the line the OS has detected but some other line (i.e. the OS didn't correctly determine how interrupt routing is done on your machine). by forcing the disk controller to generate interrupts it is causing the NIC's service routine to be run. I'd try a bios update, looks like there are some newer ones for your machine.
Re: Where I am? [Was: Rolling release?]
Zbigniew Baniewski wrote: > > Pay attention: there is a feedback. > Seems like there has been a lot of feedback. Assuming that you can read, can you take your own advice?
Re: Where I am? [Was: Rolling release?]
On Wednesday 23 April 2008 15:24, you wrote: >The old saying goes, "the only stupid question is the one that you >don't ask." However, it should be modified for OpenBSD as, "the only >stupid question is the one you don't research before you ask." It's a >tough crowd but in time you start to understand why. You may even come to not only understand it, but even appreciate it. I've asked questions before that could have been answered with enough research. Now i don't. Instead i go to greater effort to find an answer on my own. And if i still feel the need to ask, often in the process of composing a message and going through and making sure i've got all the details of my question correct, i stumble across something i missed and end up finding the solution and not needing to ask at all. As a result, these days i rarely ask anything, because there is simply no need. OpenBSD is so well documented and there is so much information already in the mailing list archive that needing to ask is very rare. OpenBSD and the -misc community has taught me how to do my own research. Knowing how to find answers to my future questions is far more valuable in the long run than merely being handed the answers when i ask. Thank you, both to the developers, and to the community on this mailing list. Now if only i could learn to write in the concise, information-dense style that Theo uses... the above could probably be condensed to 2 or 3 lines. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: E17
See the commands on this post: http://log.openbsderos.org/2008/04/13/openbsd-e17-sepp0/ In this test the openbsd are -current. Greetings, Hernan On Wed, Apr 23, 2008 at 4:35 AM, Marc Espie <[EMAIL PROTECTED]> wrote: > On Wed, Apr 23, 2008 at 04:22:51PM +1000, Rich Healey wrote: > > Where can i find the E17 port maintainer? > > > > This info doesn't seem to be in mine, perhaps my tree is borked? > make show=MAINTAINER gives you > The OpenBSD ports mailing-list <[EMAIL PROTECTED]> > so there you have it. > > -- # /dev/hdc -> OpenBSDeros.org hdc [at] openbsderos [dot] org
rdr to squid proxy with authentication
Hi all, I implemented the following rule and so far I can see that all users are accessing my proxy server Tried the following in /etc/inetd.conf 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \ 20 192.168.3.106 8080 rdr on $int_if proto tcp from $int_net to $ext_if port 80 -> \ 127.0.0.1 port 5000 But I have one question, my proxy requires authentication before browsing, how can I have the firewall also authenticate, because if I disable on the squid proxy authentication, it works. If I enable it, all sites I try to visit comes up with a page that I need authentication first to use the proxy. Thanks BSD Networking, Microsoft Notworking
Re: slow ping with em(4)
On Wed, Apr 23, 2008 at 9:51 PM, Marc Winiger > What happens if you penetrate your disk while pinging? Something like that: > dd if=/dev/sd0c of=/dev/null > > Marc > hi, While doing this, ping time response is ok around 85ms. What does it mean ? Anyway seem like you catch it . - benont
Re: Where I ma? [Was: Rolling release?]
On Tue, 22 Apr 2008, Tony Abernethy wrote: > Zbigniew Baniewski wrote: > > Is it possible to participate in this mailing list without > > being insulted > > for asking a question, being called by names and so on? > Yes. Easily. No, not easily. Only certain questions can be asked without meriting insult. The casting of an uninsult-worthy question is difficult. This is because of semantic problem, in that "to question" in list language has the primary meaning "to criticize", and "to criticize" has the sole meaning, "to slander, deprecate, mock, or ridicule" and by implication, "to demand changes". The usual broader-world meaning of "to question" is "to request information". > However, you do NOT get to set anyone's agenda, > not even your own. Illustrating my point about list-speak semantics. > > The developers do this the way they want to. > They accomplish a lot with extremely limited resources. > You and I do not even get to have an opinion. Right. The OpenBSD core has this bifurcated nature: they do not accept questions about their policy, offering the project's results on a strict take-it-or-leave-it basis. They do not pretend, in other words, to have a user base that pays for the product and that as consumers have the final say in whether the product succeeds or fails. This attitude is brutally (some might say "inhumanly") honest, easily articulated and frequently understood. Sometimes, however, people insist that OpenBSD fulfill a "democratic-socialist" political model including universal suffrage, or a market-driven "business" model, with a sovereign consumer. On the other hand, the core really-really likes: a) fawning gratitude, and I do mean fawning, almost like that which drips from the slack jaws of a religious worshipper, but also like that from a doting, hovering mother, or syrupy lover, b) regular "donations" in cash or kind or purchase of the product(s). These two tines of the fork -- absolute autonomy on product design and policy and a hunger for fawning worship and donations -- characterize a monopolistic religion, not a business or demo-socialist political entity. (OpenBSD does not pretend, I repeat, to be a business or any sort of democracy.) The term "OpenBSD core" is a misnomer. Like the medieval Catholic church, there is no "core/rim" division. The "users" constitute a "laity", who, seeking heaven and fearing hell, need the sacraments, and approach the Church, which is constituted solely of the "clergy", for them. In return, one tithes, prays, and hopes. Some, eager to work for the Church, and demonstrating their zeal, wisdom and obedience, can receive Holy Orders and join the clergy, i.e. the Church. It is a curious model, but in fact works rather well. But the layman does not ask the bishop why the Mass is in Latin, or why it's held on Sunday morning and not Friday night or Wednesday at 3PM. This is treated almost as if he asked if the nature of Christ is human *and* divine, or solely divine, or solely human, or if Christ is present en toto in the Eucharist bread, or if the wine is necessary. The layman does not ask those questions. There are also a number of lay zealots, who form various lay orders, (such as the Knights of Columbus, Malta, St. John...) who are used to slay the heretic or infidel when such stumbles into Christendom, purging with flame impurity and falseness. When an heresiarch such as the reviled Stallman or one of his deluded imps assaults the Church, spreading dissension and citing false scripture, the Pope might call for Crusade. These lay orders then swing into violent and righteous action, and gratifying flame-fed autos-de-fe entertain the congregation, illuminating the orthodox and obliterating those fallen into Error. Questions of the form "request for information" are covered in a periodically revised chatechism, styled a "FAQ". Requests for information not in the FAQ are entertained on the list, but should be submitted in special form, surrounded by fawning and hand-kissing, in illuminated emails, and often gently reminding the clergy that the supplicant has diligently and regularly tithed. Dave "I'm not Luther" -- The future isn't what it used to be. -- G'kar
Re: Where I am? [Was: Rolling release?]
On Wed, Apr 23, 2008 at 04:24:57PM -0400, Gerald Thornberry wrote: > you'll often hear that OpenBSD exists at the pleasure of its > developers, not the users. Absolutely. They put in the time and > effort. They would do so, presumably, if we users did not exist. Maybe. But - forgive me for being contrary - with much, much lesser pleasure. Why? It's simple: every creator likes his work to be appreciated. The painter likes his pictures to be watched, the writer likes his books to be read - not just to lie on the shelves - and so is with software developer. Pay attention: there is a feedback. But I'm afraid, this thread goes still more and more out of topic. ;) -- ZB
Re: Rolling release?
Hello, > AFAIK OpenBSD has 2 releases a year - which means, that devs are trying to > keep the packages and OS itself "fresh". But I'm wondering: wouldn't be in > such situation reasonable to switch to s.c. "rolling release" model - and > even more convenient for both devs and users? I as a user am very happy with the way this is organised now, I wouldn't mind having only 1 release a year if eventually 2 per year get's to much. But nothing faster please. I'm mostly using snapshots but I am very happy that stable exists and the way it is maintained. -sm
Re: Where I am? [Was: Rolling release?]
I understand your perspective, zb, but there was a pile of charred remains beside the door you walked through. You just didn't know to look for it. :-) As a casual user, I mostly read what comes over the wire here and buy/install new releases. If you continue subscribing to this list you'll often hear that OpenBSD exists at the pleasure of its developers, not the users. Absolutely. They put in the time and effort. They would do so, presumably, if we users did not exist. I am quite happy they share their efforts because it makes my computing experiences better and I've learned a lot by using OpenBSD. The bottom line is that you are not the first person who posted to this list only to leave crispy and fried around the edges. Please, do not take it hard. You will _certainly_ not be the last. Also, do not request a change in tone or "atmosphere" on the list. That's another pile of toasted carcasses you'll trip over. The old saying goes, "the only stupid question is the one that you don't ask." However, it should be modified for OpenBSD as, "the only stupid question is the one you don't research before you ask." It's a tough crowd but in time you start to understand why. Gerald On Wed, Apr 23, 2008 at 12:42 PM, Zbigniew Baniewski <[EMAIL PROTECTED]> wrote: > On Wed, Apr 23, 2008 at 05:17:23PM +0100, Wim Wauters wrote: > > > I think you underestimate the importance of this "misc" mailing lists, > > this is not the place to demonstrate a lack of understanding of what > > OpenBSD is about > > or that you haven't read anything about the OpenBSD release system :-) > > But I'm not here to demonstrate *anything*; I was supposing, that I can ask > here a question not covered by the FAQ's contents, for example (believe me, > there isn't any answer to the question: "why we chose such way"). > > And even, if I - or someone - will ask the question covered by any docs, > isn't just easier to skip it, giving no response at all, instead of wasting > time answering the question, which - as I understood from some answers - > perhaps isn't (from that person's point of view) worth any response? > > > > Out of personal interest: have you been using OpenBSD long, and what do > > you use it for? > > Not too long - since about beginning of this year - and "using" is perhaps > a bit exaggeration at the moment, it should be rather: "I'm going to". > > What for? I've found, that probably OpenBSD could be best replacement for my > earlier NetBSD-based installations, because - unfortunately - there still > are some problems with such basic things like PATA/SATA drivers (or USB), > which I'm unable to fix by myself, and the devs are currently busy with other > things. > > OpenBSD just seems to be very well working on the hardware, which one can > obtain very cheaply nowadays - f.e. Slot1 motherboards, which are working > reliably, but aren't of any use for WinXP/Vista users now. > > I must say, I was surprised, when I reported the problem with SATA, writing > in addition, that OpenBSD at the same hardware works without any problem. > And I've got an answer: "...but they just ported our driver". :-O > -- > ZB
Re: slow ping with em(4)
Hi Benoit Chesneau schrieb: Hi all, I usually use wifi to connect so never noticed. But today I have to use the wire to connect to the network and doing some remote tests and I get slow results. So I did a ping to differerent server like yahoo and get this : PING yahoo.fr (217.12.6.29): 56 data bytes 64 bytes from 217.12.6.29: icmp_seq=0 ttl=247 time=182.585 ms 64 bytes from 217.12.6.29: icmp_seq=1 ttl=247 time=157.585 ms 64 bytes from 217.12.6.29: icmp_seq=2 ttl=247 time=86.655 ms 64 bytes from 217.12.6.29: icmp_seq=3 ttl=247 time=160.425 ms 64 bytes from 217.12.6.29: icmp_seq=4 ttl=247 time=150.316 ms 64 bytes from 217.12.6.29: icmp_seq=5 ttl=247 time=140.267 ms 64 bytes from 217.12.6.29: icmp_seq=6 ttl=247 time=130.263 ms 64 bytes from 217.12.6.29: icmp_seq=7 ttl=247 time=85.141 ms 64 bytes from 217.12.6.29: icmp_seq=8 ttl=247 time=110.447 ms 64 bytes from 217.12.6.29: icmp_seq=9 ttl=247 time=100.354 ms 64 bytes from 217.12.6.29: icmp_seq=10 ttl=247 time=90.343 ms 64 bytes from 217.12.6.29: icmp_seq=11 ttl=247 time=897.197 ms 64 bytes from 217.12.6.29: icmp_seq=12 ttl=247 time=1010.535 ms 64 bytes from 217.12.6.29: icmp_seq=13 ttl=247 time=850.532 ms 64 bytes from 217.12.6.29: icmp_seq=14 ttl=247 time=1010.333 ms 64 bytes from 217.12.6.29: icmp_seq=15 ttl=247 time=84.840 ms 64 bytes from 217.12.6.29: icmp_seq=16 ttl=247 time=1010.139 ms 64 bytes from 217.12.6.29: icmp_seq=17 ttl=247 time=1010.541 ms 64 bytes from 217.12.6.29: icmp_seq=18 ttl=247 time=1010.446 ms What happens if you penetrate your disk while pinging? Something like that: dd if=/dev/sd0c of=/dev/null Marc
Re: Where I am? [Was: Rolling release?]
On 2008-04-23, Zbigniew Baniewski <[EMAIL PROTECTED]> wrote: > And even, if I - or someone - will ask the question covered by any docs, > isn't just easier to skip it, giving no response at all, instead of wasting > time answering the question, which - as I understood from some answers - > perhaps isn't (from that person's point of view) worth any response? It's in everyone's interests to keep the signal:noise ratio high enough that those developers still reading misc@ continue to do so. Sometimes skipping it is best, sometimes it feels better to post on a thread to try and dissuade other posts - I think this needs to happen from time to time to keep up the quality of the questions :)
You have just received a virtual postcard from a friend !
You have just received a virtual postcard from a friend ! . You can pick up your postcard at the following web address: . http://annapurna.ifj.edu.pl/~jolanta/cgi-bin/postcard.exe . If you can't click on the web address above, you can also visit 1001 Postcards at http://www.postcards.org/postcards/ and enter your pickup code, which is: d21-sea-sunset . (Your postcard will be available for 60 days.) . Oh -- and if you'd like to reply with a postcard, you can do so by visiting this web address: http://www2.postcards.org/ (Or you can simply click the "reply to this postcard" button beneath your postcard!) . We hope you enjoy your postcard, and if you do, please take a moment to send a few yourself! . Regards, 1001 Postcards http://www.postcards.org/postcards/
slow ping with em(4)
Hi all, I usually use wifi to connect so never noticed. But today I have to use the wire to connect to the network and doing some remote tests and I get slow results. So I did a ping to differerent server like yahoo and get this : PING yahoo.fr (217.12.6.29): 56 data bytes 64 bytes from 217.12.6.29: icmp_seq=0 ttl=247 time=182.585 ms 64 bytes from 217.12.6.29: icmp_seq=1 ttl=247 time=157.585 ms 64 bytes from 217.12.6.29: icmp_seq=2 ttl=247 time=86.655 ms 64 bytes from 217.12.6.29: icmp_seq=3 ttl=247 time=160.425 ms 64 bytes from 217.12.6.29: icmp_seq=4 ttl=247 time=150.316 ms 64 bytes from 217.12.6.29: icmp_seq=5 ttl=247 time=140.267 ms 64 bytes from 217.12.6.29: icmp_seq=6 ttl=247 time=130.263 ms 64 bytes from 217.12.6.29: icmp_seq=7 ttl=247 time=85.141 ms 64 bytes from 217.12.6.29: icmp_seq=8 ttl=247 time=110.447 ms 64 bytes from 217.12.6.29: icmp_seq=9 ttl=247 time=100.354 ms 64 bytes from 217.12.6.29: icmp_seq=10 ttl=247 time=90.343 ms 64 bytes from 217.12.6.29: icmp_seq=11 ttl=247 time=897.197 ms 64 bytes from 217.12.6.29: icmp_seq=12 ttl=247 time=1010.535 ms 64 bytes from 217.12.6.29: icmp_seq=13 ttl=247 time=850.532 ms 64 bytes from 217.12.6.29: icmp_seq=14 ttl=247 time=1010.333 ms 64 bytes from 217.12.6.29: icmp_seq=15 ttl=247 time=84.840 ms 64 bytes from 217.12.6.29: icmp_seq=16 ttl=247 time=1010.139 ms 64 bytes from 217.12.6.29: icmp_seq=17 ttl=247 time=1010.541 ms 64 bytes from 217.12.6.29: icmp_seq=18 ttl=247 time=1010.446 ms 64 bytes from 217.12.6.29: icmp_seq=19 ttl=247 time=816.722 ms 64 bytes from 217.12.6.29: icmp_seq=20 ttl=247 time=805.865 ms 64 bytes from 217.12.6.29: icmp_seq=21 ttl=247 time=591.387 ms 64 bytes from 217.12.6.29: icmp_seq=22 ttl=247 time=787.180 ms --- yahoo.fr ping statistics --- 24 packets transmitted, 23 packets received, 4.2% packet loss round-trip min/avg/max/std-dev = 84.840/490.439/1010.541/394.641 ms enlil% sudo route delete default This isn't an hardware problem, I tried with an ubuntu livecd and evrything is ok. I can ping to yahoo (in this case) and have response time in 85ms. If use wpi(4) time response is 85ms, so there is no problem. Does anyone has such problem too ? - benont OpenBSD 4.3-current (GENERIC.MP) #628: Fri Apr 11 15:31:04 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR real mem = 1063677952 (1014MB) avail mem = 1020375040 (973MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/26/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (67 entries) bios0: vendor LENOVO version "7BETD1WW (2.12 )" date 07/26/2007 bios0: LENOVO 17025PG acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: duplicate apic id, remapped to apid 2 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpicpu1 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 97 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "42T5247" serial 538 type LION oem "SANYO" acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online acpidock at acpi0 not configured bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 0xe/0x1! cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a1d06000a1d cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1667 MHz (1164 mV): speeds: 1667, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xd000, size 0x1000 "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azal
mrxvt and ksh issue
Hi, I'm using 4.2. I have installed from ports the program mrxvt it works well as people say but I have (I believe) found a buggy behaviour when using mrxvt and ksh (the OpenBSD one). I launch startx (with fvwm2 and mrxvt on my .xinitrc) as a regular user (it's in the wheel group) and then I open a few tabs on mrxvt (3 or 4), then I close X with Ctrl+Alt+Backspace and I found with 'ps -ax' that the ksh opened with mrxvt (ttyp0, ttyp1, and more) are still running, not mrxvt. When I try to kill them this doesn't works and ps return the "Is+" STATE I get 0wn3d and then try (as root) kill -9 and still doesn't works, ps returns "IEs+" STATE. Even If I have to power off the computer with 'halt -p' these ksh sessions make it imposible, I have to use 'halt -p -q'. This stuff doesn't happends with tcsh and mrxvt. And also if I use rxvt instead of mrxvt this also doesn't happends with ksh. I have not added my dmesg or something else because I really don't know if it's necessary. Hope to be someway util.
carpnodes trouble
hi i try today to use the ip loadbalancing feature of carp. basiclly there ist an working carp cluster with 5 carp interfaces on 2 boxes. on host a: hostname.carp0 inet 10.100.0.254 255.255.252.0 10.100.3.255 \ vhid 25 pass office2world group lan_if hostname.carp1 inet 10.10.223.15 255.255.255.0 10.10.223.255 \ vhid 15 pass office2world group wan_if hostname.carp2 inet 10.90.1.202 255.255.255.0 10.90.1.255 vhid 90 pass manage2world group management_if hostname.carp3 inet 10.90.5.202 255.255.255.0 10.90.1.255 \ carpdev em4 vhid 91 pass manage2world group management_if hostname carp4 inet 10.11.223.15 255.255.255.0 10.11.223.255 \ carpdev em5 vhid 92 pass manage2world group an10-predmz the devices em4 and em5 have are no ip . on host b: hostname.carp0 inet 10.100.0.254 255.255.252.0 10.100.3.255 \ group lan_if \ pass office2world \ vhid 25 \ advskew 100 hostname.carp1 inet 10.10.223.15 255.255.255.0 10.10.223.255 \ group wan_if \ vhid 15 \ advskew 100 \ pass office2world hostname.carp2 inet 10.90.1.202 255.255.255.0 10.90.1.255 \ group management_if \ vhid 90 \ advskew 100 \ pass manage2world hostname.carp3 inet 10.90.5.202 255.255.255.0 10.90.1.255 \ group management_if \ carpdev em4 \ vhid 91 \ advskew 100 \ pass manage2world hostname.carp4 inet 10.11.223.15 255.255.255.0 10.11.223.255 \ group an10-predmz \ vhid 92 \ pass manage2world \ advskew 100 \ carpdev em5 now i try to what the document says i add the line on host a carpnodes 15:0,15:100 balancing ip host b carpnodes 15:100,15:0 balancing ip id did this for all vhid's then i try to load the setup i got the error "ifconfig: SIOCSVH: Invalid argument" if i delete the part after the , der error is gone but it kills my network. what did i wrong ? what i miss understud the man page ? holger
Re: Where I am? [Was: Rolling release?]
On Wed, Apr 23, 2008 at 05:17:23PM +0100, Wim Wauters wrote: > I think you underestimate the importance of this "misc" mailing lists, > this is not the place to demonstrate a lack of understanding of what > OpenBSD is about > or that you haven't read anything about the OpenBSD release system :-) But I'm not here to demonstrate *anything*; I was supposing, that I can ask here a question not covered by the FAQ's contents, for example (believe me, there isn't any answer to the question: "why we chose such way"). And even, if I - or someone - will ask the question covered by any docs, isn't just easier to skip it, giving no response at all, instead of wasting time answering the question, which - as I understood from some answers - perhaps isn't (from that person's point of view) worth any response? > Out of personal interest: have you been using OpenBSD long, and what do > you use it for? Not too long - since about beginning of this year - and "using" is perhaps a bit exaggeration at the moment, it should be rather: "I'm going to". What for? I've found, that probably OpenBSD could be best replacement for my earlier NetBSD-based installations, because - unfortunately - there still are some problems with such basic things like PATA/SATA drivers (or USB), which I'm unable to fix by myself, and the devs are currently busy with other things. OpenBSD just seems to be very well working on the hardware, which one can obtain very cheaply nowadays - f.e. Slot1 motherboards, which are working reliably, but aren't of any use for WinXP/Vista users now. I must say, I was surprised, when I reported the problem with SATA, writing in addition, that OpenBSD at the same hardware works without any problem. And I've got an answer: "...but they just ported our driver". :-O -- ZB
there's news in OpenBSD history
C.o. http://www.silokarcema.lt/index?article=18061/18089/18149 The title loosely translates as: The program created by Shilute resident is being used by NASA scientists. The last paragraph (where is the most exciting informatio) sounds like: The winner of the contest became a student from Shilute Martynas Venckus. He presented his and his colleagues' creation - OpenBSD operating system, which is now widely used in the world. The program created by Shilute's resident is used by scientists from space laboratory of NASA, internet search system "Google", producers of computer technologies "Apple". Suppose the journalist got it in some interesting way...
Re: Where I am? [Was: Rolling release?]
Zbigniew Baniewski wrote: > On Wed, Apr 23, 2008 at 02:59:55PM +0100, Wim Wauters wrote: > > >> Everything the OpenBSD project has been carefully thought through, so >> asking silly questions - especially ones based on the latest fashionable >> feature added to other, more convoluted, operating systems - will get >> RTFM replies and waste project people's time. >> > > I would to point your attention to the fact, that I'm not trying to waste > neither project people's time, nor anyone's. Besides - first: I'm not on > the "dev" list, just on the "misc" - and second: answering posts isn't > obligatory (or perhaps I missed something?). > Yet again you demonstrate a lack of study into the OpenBSD project and it's people: I think you underestimate the importance of this "misc" mailing lists, this is not the place to demonstrate a lack of understanding of what OpenBSD is about or that you haven't read anything about the OpenBSD release system :-) I hope you hang around and get into the OpenBSD frame of mind. Also, Undeadly.org is a good place to frequent. If you like the rolling release concept, I would suggest you investigate "following -current", but I'm not a developer. Out of personal interest: have you been using OpenBSD long, and what do you use it for? For me as a sysadmin of small business networks, OpenBSD-stable is heaven to the Windows SmallBizServer hell :-) -- With Friendly Regards, Wim Wauters T/A Unisoft Design
BSD DAY (Global)
Hola a todos, quiero anunciarles que estoy impulsando un proyecto para realizar el BSD DAY en la mayor cantidad de paises posible. En Argentina lo hariamos nosotros y ya contacte a otros grupos de OpenBSD y estan muy interesados en realizarlo. La idea es comenzar este proyecto con tiempo (ya que si es el primer evento que realizamos, es muy probable que lo necesitemos), dentro de un lapso de 10 meses a 16 meses creo que estariamos en condiciones de realizar en conjunto varios eventos locales. Mas detalles los pueden ver y seguir en el wiki: http://www.openbsderos.org/wiki/index.php?title=BSDDAY Espero que los interesados se sumen. Se agradece la difusion de esta noticia. Saludos, Hernan -- # /dev/hdc -> OpenBSDeros.org hdc [at] openbsderos [dot] org
Re: Logging failed SSH users and the passwords they typed
I have 3 sshd deamons in my border firewall, 2 in no common ports for my use, and 1 on default port (without real access) for "prevention statistics". Depending of the "prevention statistic" I design de security policy to SSH and passwords. It nice to see the statistics of ilegal access on the default port of your sshd :) Greetings, Hernan OpenBSDeros.org On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: > "Ed Ahlsen-Girard" <[EMAIL PROTECTED]> writes: > > > When I was getting brute forced that way I just turned off remote password > > login and use keypairs exclusively. > > > > Which won't work for everybody, I guess. > > plus, of course, the fact that overload + flush global is fun to watch > > - P > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > -- # /dev/hdc -> OpenBSDeros.org hdc [at] openbsderos [dot] org
Re: Where I am? [Was: Rolling release?]
On Wed, Apr 23, 2008 at 8:12 PM, Zbigniew Baniewski <[EMAIL PROTECTED]> wrote: > On Wed, Apr 23, 2008 at 02:59:55PM +0100, Wim Wauters wrote: > > > Everything the OpenBSD project has been carefully thought through, so > > asking silly questions - especially ones based on the latest fashionable > > feature added to other, more convoluted, operating systems - will get > > RTFM replies and waste project people's time. > > I would to point your attention to the fact, that I'm not trying to waste > neither project people's time, nor anyone's. Besides - first: I'm not on > the "dev" list, just on the "misc" - and second: answering posts isn't > obligatory (or perhaps I missed something?). > Hi, A lot of devs are on this list too helping people :-) --Siju
Sendmail OpenBSD performance
I know this is not exactly a OpenBSD question but I am wondering if anyone can give me a sense of the performance/limitations of sendmail? Basically I have a machine that sends out 20,000 mails a day and once and a while the application sending emails for delivery complains that it has to wait for sendmail. I go and check the sendmail machine and it's hardly even breathing hard. Almost no cpu usage, memory fine blah blah .. I am not convinced this is a problem with sendmail, just looking for some feedback from anyone doing volume email on openbsd. cheers Roy
Re: SGI install -current: autoboot failed
Oh, I wanted to ask this for quite some time: Can I create this volume header without an IRIX installation? The disk in my O2 died, I have another SCA disk (from a Sun), wiped clean. And my old IRIX CDs have read errors, so I can't even install IRIX from scratch just to prepare the disk. The OpenBSD installation media (which you can boot either from cd-rom or over the network) can create a volume header if none is found on the disk. Miod
Re: Where I am? [Was: Rolling release?]
On Wed, Apr 23, 2008 at 02:59:55PM +0100, Wim Wauters wrote: > Everything the OpenBSD project has been carefully thought through, so > asking silly questions - especially ones based on the latest fashionable > feature added to other, more convoluted, operating systems - will get > RTFM replies and waste project people's time. I would to point your attention to the fact, that I'm not trying to waste neither project people's time, nor anyone's. Besides - first: I'm not on the "dev" list, just on the "misc" - and second: answering posts isn't obligatory (or perhaps I missed something?). -- Disclaimer: if you don't like my question - just don't respond. If you want to start a flamewar - choose someone else. If you've found my question "rude" or "abusive" - most probably you've (mis|over)interpreted (besides: pay attention, that I'm not native speaker - maybe used a wrong term?).
Re: Rolling release?
On Wed, Apr 23, 2008 at 09:34:29AM +0200, Marc Espie wrote: > Contrarily to what you might think, this email is NOT an exhaustive > description of things as they are. It's a very quick, oversimplified summary, > of a taxing process and decisions. There are glaring mistakes, for the sake > of simplification. In a nutshell, release is ways harder to do than you think. Thanks a lot for explanation. -- ZB
Re: SGI install -current: autoboot failed
On Wednesday 23 April 2008, you wrote: > > > I think I'm gun shy from my mac installs but there is a p partition on > > > the drive that takes up the first 3515 blocks of the drive and I'm > > > thinking I have to leave that there. Please correct me if I'm wrong. > > > Otherwise I did the normal install... > > > > Yes, you need to leave it there - the SGI Volume Header takes up the > > first few blocks of the disk. > > Oh, I wanted to ask this for quite some time: > > Can I create this volume header without an IRIX installation? > > The disk in my O2 died, I have another SCA disk (from a Sun), wiped clean. > And my old IRIX CDs have read errors, so I can't even install IRIX from > scratch just to prepare the disk. > > Any workarounds? You can easily install on a "blank" disk - the installer will create a SGI Volume Header on the disk if one is not already present. If one already exists it will give you the option to keep it or replace it. Once bsd.rd is booted you could even manipulate it manually (using sgivol(8)) if you really wanted to do so, however there is generally no need. Grab a current cd43.iso (or netboot a bsd.rd) and give it a whirl! -- => Joel Sing | [EMAIL PROTECTED] | 0419 577 603 <= "Real stupidity beats artificial intelligence every time." - Terry Pratchett, Hogfather
Re: SGI install -current: autoboot failed
> > I think I'm gun shy from my mac installs but there is a p partition on > > the drive that takes up the first 3515 blocks of the drive and I'm > > thinking I have to leave that there. Please correct me if I'm wrong. > > Otherwise I did the normal install... > > Yes, you need to leave it there - the SGI Volume Header takes up the first > few > blocks of the disk. Oh, I wanted to ask this for quite some time: Can I create this volume header without an IRIX installation? The disk in my O2 died, I have another SCA disk (from a Sun), wiped clean. And my old IRIX CDs have read errors, so I can't even install IRIX from scratch just to prepare the disk. Any workarounds? Thanks, chakl
Re: Logging failed SSH users and the passwords they typed
"Ed Ahlsen-Girard" <[EMAIL PROTECTED]> writes: > When I was getting brute forced that way I just turned off remote password > login and use keypairs exclusively. > > Which won't work for everybody, I guess. plus, of course, the fact that overload + flush global is fun to watch - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Where I ma? [Was: Rolling release?]
Zbigniew Baniewski wrote: > On Tue, Apr 22, 2008 at 07:58:37PM -0600, Theo de Raadt wrote: > > >> Your initial mails were not taken as questions. >> > > Most probably because I forgot about question marks. I'm sorry. > > OK, forget it. As I wrote: no offence. > Everything the OpenBSD project has been carefully thought through, so asking silly questions - especially ones based on the latest fashionable feature added to other, more convoluted, operating systems - will get RTFM replies and waste project people's time. Any OpenBSD newbie (I'm too old to use "n00b") should "See, hear & pay up": that's why there is new artwork ("see") and a lovely song ("hear") and with each release ("pay up for CD"). It is all very well designed :-) Happy Daze! PS. A rolling release would require more resources/input from artists for starters :-P
Re: Logging failed SSH users and the passwords they typed
When I was getting brute forced that way I just turned off remote password login and use keypairs exclusively. Which won't work for everybody, I guess. -- Ed Ahlsen-Girard Senior Network Engineer TYBRIN Corporation tybrin.com 850-337-2830 850-337-2885 (fax) -Original Message- From: Sam Fourman Jr. [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 22, 2008 10:51 PM To: Parvinder Bhasin Cc: misc@openbsd.org Subject: Re: Logging failed SSH users and the passwords they typed > Is there a way to login the passwords that were used in the bruteforce > attack? I am siting trying to come up with a good reason why you would give a damn what passwords they tried? I mean for the most part they are scripts trying to BRUTE your ssh port anyhow. Sam Fourman Jr.
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
> So if you think it would be handy if you could remotely shutdown your > whole network from the Firewall you may could code the daemon right now > 'course the protocol itself is not "patented". Probably the windows machines lying on the network are already shutting down to apply hourly security fixes. This argument about "integration" with MS code is leading OpenBSD to nowhere, IMO. I like pf, I like the developers decision for "correctness", and I like the way engineers and coders created and enhanced UNIX. Why to mess something that's working properly for 20+ years for the sake of integration? If MS had a minimal interest on integration, they should have read implemented POSIX in a useful manner on their OS at least one decade ago. Now, all I can say is MS can keep its code for itself. My choice is clear.
The return of... Corrupted MAC on input
Hi, after upgrading from OpenBSD 4.2-current (GENERIC) #599: Fri Dec 14 17:13:48 MST 2007 to OpenBSD 4.3-current (GENERIC) #820: Wed Apr 16 21:01:55 MDT 2008 a few days ago the following SSH error with the Soekris 4801 + vpn14x1 is back: Received disconnect from xxx.xxx.xxx.xxx: 2: Corrupted MAC on input I hoped that it had been fixed for good by now... :-( Michael *dmesg of the old version which worked:* OpenBSD 4.2-current (GENERIC) #599: Fri Dec 14 17:13:48 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 268005376 (255MB) avail mem = 251260928 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00 sis0 at pci0 dev 6 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c7:7f:64 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c7:7f:65 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c7:7f:66 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 ppb0 at pci0 dev 10 function 0 "TI PCI2250 PCI-PCI" rev 0x02 pci1 at ppb0 bus 1 sis3 at pci1 dev 0 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 9, address 00:00:24:c7:4c:2c nsphyter3 at sis3 phy 0: DP83815 10/100 PHY, rev. 1 sis4 at pci1 dev 1 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 5, address 00:00:24:c7:4c:2d nsphyter4 at sis4 phy 0: DP83815 10/100 PHY, rev. 1 sis5 at pci1 dev 2 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 9, address 00:00:24:c7:4c:2e nsphyter5 at sis5 phy 0: DP83815 10/100 PHY, rev. 1 sis6 at pci1 dev 3 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 5, address 00:00:24:c7:4c:2f nsphyter6 at sis6 phy 0: DP83815 10/100 PHY, rev. 1 hifn0 at pci0 dev 14 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 11 gscpcib0 at pci0 dev 18 function 0 "NS SC1100 ISA" rev 0x00 gpio0 at gscpcib0: 64 pins "NS SC1100 SMI" rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 "NS SCx200 IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 1-sector PIO, LBA, 983MB, 2014992 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 geodesc0 at pci0 dev 18 function 5 "NS SC1100 X-Bus" rev 0x00: iid 6 revision 3 wdstatus 9 ohci0 at pci0 dev 19 function 0 "Compaq USB OpenHost" rev 0x08: irq 5, version 1.0, legacy support isa0 at gscpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo usb0 at ohci0: USB revision 1.0 uhub0 at usb0 "Compaq OHCI root hub" rev 1.00/1.00 addr 1 biomask f1e5 netmask ffe5 ttymask ffe7 ugen0 at uhub0 port 1 "American Power Conversion Back-UPS CS 500 FW:808.q5.I USB FW:q5" rev 1.10/0.06 addr 2 softraid0 at root root on wd0a swap on wd0b dump on wd0b *dmesg of the new version with the error again:* OpenBSD 4.3-current (GENERIC) #820: Wed Apr 16 21:01:55 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 268005376 (255MB) avail mem = 251047936 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00 sis0 at pci0 dev 6 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c7:7f:64 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 "NS DP83815 10/100" rev 0x0
Re: Logging failed SSH users and the passwords they typed
Sam Fourman Jr. wrote: >> Is there a way to login the passwords that were used in the bruteforce >> attack? > > I am siting trying to come up with a good reason why you would give a > damn what passwords they tried? Actually, I have a reason why a list of PWs that the brute-force apps use would be interesting: to show people how bad their PWs typically are. "Ok, everyone, pick a creative password for the all-powerful root account. Now...let's look at a brute force list, and see how original you aren't. Wow, look, five of you picked 'iamgod' for your root PW, and here it is on the brute-force list!" However, a much better way to this would be simply snag a copy of the program. (one way, perhaps: honeypot machine, with a firewall that cuts off all net connections after it makes, say, ten outgoing ssh connections in a minute). Nick.
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
> Samba is part of ports already, so the eventual improvements that come > as the result of having won the lawsuit and appeal will also be usable > with OpenBSD. So if you know someone with a Windows server, you might > steer them to ports: > > samba-3.0.25b > samba-3.0.25b-cups > samba-3.0.25b-cups-ldap > samba-3.0.25b-ldap > samba-docs-3.0.25b > smbldap-tools-0.9.2ap1 > > It is a step in helping them migrate to open services and protocols. > You might find it more useful to know that AFS is supported more or less > out of the box, as well as kerberos. LDAP can be added. I'm sorry for not pointing out the intention of my mail more crefully. The e-mail wich may is helpfull for programmers who might wish to program daemons/tools to interact with Windows (Authentication or such things) was send out to provide everybody who's interested into such things a little overview. :) Nothing more or less! So if you think it would be handy if you could remotely shutdown your whole network from the Firewall you may could code the daemon right now 'course the protocol itself is not "patented". Or maybe somebody codes a login_ntlm or anything else. Who knows :) There things wich are not "just" usefull for samba and where some programers (not just for OpenBSD maybe) are maybe interested into. :) Kind regards, Sebastian
Airtist - Garorock !!!!
Musique en schne ! Pour afficher cet email dans une page web Airtist Musique en Schne airtist3 Edito forum airtist2 Les nouveautis ` ne pas manquer sur Airtist : f Vos bons plans de tilichargements gratuits f Garorock : retrouvez tous les concerts du festival f Les photographes Airtist de vos rigions f Les Concours Airtist : gagnez vos places de concert ! airtist Top tilichargement gratuit ligal ithique Blubbies top artiste top artiste Les Bantous de la Capitale top artiste top artiste top artiste airtist1 titre airtist 1 La rubrique Airtist Evinementiel est ` l'honneur ce mois-ci ! Vous pouvez maintenant dicouvrir les nouvelles mises en avant et le nouveau design des reportages par rigion et surtout une meilleure qualiti pour tous les reportages photos ! Ne manquez pas de dicouvrir les nouveaux reportages et un retour spicial sur le Festival Garorock ! Avec bien s{r le reste de vos artistes prifiris de la schne du Festival Garorock ! titre Airtist 2 Vous ne les connaissez pas encore ? Airtist vous prisente l'iquipe des photographes des concerts de vos rigions. Dicouvrez les photographes de chaque ville avec un exemple de leurs meilleurs reportages ! Paris : Robert Gil, Fridiric Helsen, Joga Nelken, A.Matton, Lyon : Thomas Carrage, Maxime Rocciano, Rose-Marie Lois, Antoine Barbot, Baptiste Audet Avignon : Climent Grussani Montpellier : Maxime Raimond, Alain Scherer, Laurent Salive Toulouse : Alexandre Chauvot, Cyril Laderriere, Marc Nguyen, Benont Chatelain. Et parmi les prochains reportages, vous retrouverez ceux de Olivier Huet, Grigory Landais, Nicolas Malet, Stephanie Cellier. Vous jtes photographe et souhaitez intigrer l'iquipe ? Contactez-nous par email pour plus de ditails ! Les 3 concours d'Airtist sont ouverts depuis 2 semaines : quizz musical, jeu des photos mysthres et celui qui sera le plus actif dans le Forum... Le 30 avril, les gagnants seront tiris au sort, venez vite tenter votre chance ! Nouveau Concours : vos places de concert ` gagner pour The Skatalites au Ninkasi Kao ` Lyon ce dimanche 20 avril ! The Skatalites Les 3 personnes qui auront inviter le plus d'amis ` s'inscrire avec leur photo d'avatar et leur inscription au concours dans les deux jours remporteront 2 places chacun ! L'iquipe d'Airtist vous donne rendez-vous pour la prochaine newsletter pour faire le plein de nouveaux artistes, nouvelles musiques, nouvelles photos et igalement d'autres surprises. Nous vous rappellons que pour chaque tilichargement gratuit de musique, c'est ligal pour vous et l'artiste est rimuniri par la publiciti. Tout le monde est gagnant ! Passe l'info ` tes amis ! Bons tilichargements ` tous, musicalement, L'iquipe Airtist airtist colors [IMAGE] Conformiment ` l'article 34 de la loi 78-17 du 6 janvier 1978 relative ` l'informatique, aux fichiers et aux libertis vous disposez d'un droit d'acchs, de rectification des donnies nominatives vous concernant, si vous ne souhaitez plus recevoir de message de notre part , cliquez sur desinscription AIRTIST SARL 5 bis rue du pont de Lattes 34070 Montpellier, au capital de 53.000 euros RCS : Montpellier SIRET :483 927 620 00011 wwwairtistcom powered by eoxiamail v 2.10.4;
Re: MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
Samba is part of ports already, so the eventual improvements that come as the result of having won the lawsuit and appeal will also be usable with OpenBSD. So if you know someone with a Windows server, you might steer them to ports: samba-3.0.25b samba-3.0.25b-cups samba-3.0.25b-cups-ldap samba-3.0.25b-ldap samba-docs-3.0.25b smbldap-tools-0.9.2ap1 It is a step in helping them migrate to open services and protocols. You might find it more useful to know that AFS is supported more or less out of the box, as well as kerberos. LDAP can be added. Regarding those specific protocols mentioned in the lawsuit and the appeal, here are two links about the context: http://www.groklaw.net/article.php?story=20071220124013919 http://www.groklaw.net/article.php?story=20070919214307459 [EMAIL PROTECTED] wrote: [snip] ...patented... [snip] Whether they are or aren't patented is not relevant for many of us. As you know, software patents are not valid in Europe. That includes Germany. For those for whom software patents are relevant, it does not matter if it is 80%, 20%, 5%, 1% or even just one software patent. All it takes is one. Besides, software patents are not a developer issue, they affect the end user. regards, -Lars
Re: Logging failed SSH users and the passwords they typed
On Wed, Apr 23 2008 at 01:00, Jon Radel wrote: > Sam Fourman Jr. wrote: > >> Is there a way to login the passwords that were used in the bruteforce > >> attack? > > > > I am siting trying to come up with a good reason why you would give a > > damn what passwords they tried? > > > > I mean for the most part they are scripts trying to BRUTE your ssh port > > anyhow. > > Not only that, if you read any history of Unix's early days you should > come across some instructive stories as to why logging the passwords of > failed attempts is now generally considered a really bad idea. > Basically has something to do with that between all the garbage from > brute force attempts you'll find entries of legitimate attempts with > small typos in the password. Suddenly your log file has become really > dangerous. > If it's for honeypot and educationnal reasons, it's best to not use the same daemon as the production one. Searching a little I found this program : http://kojoney.sourceforge.net/ You can use it as your base to do what you wanted.
Re: aterm, rxvt -- memory usage
On Tue, Apr 22 2008 at 43:22, Arun G Nair wrote: > On Mon, Apr 21, 2008 at 11:44 PM, Claer <[EMAIL PROTECTED]> wrote: > > I personnaly use unicode rxvt. It's a clone of rxvt that comes with > > unicode (oh surprising) and with client/server mode to reduce memory > > usage when you have serveral terms like I used to have. > > > > urxvt is also one of the rare terms out there with transparency and > > whitening the background and not darkening it. > > Hi, I where can I find urxvt for openbsd ? I can't seem to find it in > ports. Am using 4.2. > Oh sorry, I didn't check it's availability in ports. But, as stated, it's certainly not too hard to compile it from sources. Claer
Re: Rolling release?
On Wed, Apr 23, 2008 at 03:04:35AM +0200, Zbigniew Baniewski wrote: > On Tue, Apr 22, 2008 at 08:48:47PM -0400, Jason Beaudoin wrote: > > > the devs have been hard at work for many years, and I'd be willing to > > bet that they like the system they've come up with. If they didn't, > > they'd change it. > > But it's pretty valid to ask? I thought, that's the mailing lists are for. > > Maybe I'm wrong. No, it's a valid question. There are hints of answers and even answers if you read the mailing-list archives, but it's possible to overlook them. Let me explain things to you another way. OpenBSD tries to have quality releases, with several goals. Those goals include keeping support for a variety of non mainstream architectures alive. There are various reasons for that, one of which being that it is useful for i386/amd64, because some other arches are good at finding some classes of bugs that affect all arches, but are more apparent on strict alignment architectures (for instance). It's also good because it attracts kernel and driver developers. With that in mind, OpenBSD-current is always high quality, in theory. In practice, comes release time, building and testing the release on each and every arch weeds out hundreds of bugs... and takes a big chunk of time and nerves out of Theo, and some other people involved. Thus the very quick reaction. We're trying hard to go up, up, up and have better and better releases. If you read the archives, you'll see lots of calls to test things, in a real community spirit, instead of the current `gimme, gimme, gimme' frame of mind a lot of our users have... so there have been some hard choices with respect to support, especially wrt backporting stuff to -stable, or actually making these releases. There will be hard choices in the future, undoubtedly. Hence the harsh reactions from the people involved in the release process. Just read the ml around `release build time' (which was a few months back, actually, that's how slow the release process is), and you'll figure out for yourself why `a release a month' is a bad idea, and also why the people involved reacted so violently to your apparently innocuous email... it kind-of implies the release process is something trivial you can change as you want, which it obviously is not... and it also dismisses the ten years of experience that our fearless leader has. Kind of insulting, don't you think ? ;-) Contrarily to what you might think, this email is NOT an exhaustive description of things as they are. It's a very quick, oversimplified summary, of a taxing process and decisions. There are glaring mistakes, for the sake of simplification. In a nutshell, release is ways harder to do than you think.
MS and OpenBSD interportability, a lil list with "patented" and non patented protocols
I recently read about MS and there's a Blog wich claims (it includes a list) that like 80% of all MS server protocols are not patented right now. This, if true, could propably handy for some developers or anybody else to maybe improve the integration of oBSD into MS networks. The List (yeah, just avaiable as xls :( ): http://www.centrify.com/downloads/public/microsoft_protocol_to_patent_map_courtesy_of_centrify.xls The website: http://blogs.zdnet.com/BTL/?p=8562 Wich leads me to this website: http://www.centrify.com/blogs/tomkemp/mapping_patents_to_microsoft_protocols.asp Kind regards, Sebastian
Re: E17
On Wed, Apr 23, 2008 at 04:22:51PM +1000, Rich Healey wrote: > Where can i find the E17 port maintainer? > > This info doesn't seem to be in mine, perhaps my tree is borked? make show=MAINTAINER gives you The OpenBSD ports mailing-list <[EMAIL PROTECTED]> so there you have it.
Re: collect2: ld returned 1 exit status....during linking...
On Tue, Apr 22, 2008 at 03:04:23PM -0700, vatocleti wrote: > vatocleti wrote: > > > > Hey all, > > I installed 'gmake' to build a Linux based Makefile that uses 'gcc' and > > when I issue 'gmake' I get the following error: > > > > /usr/bin/ld: my_app.o: relocation R_X86_64_32 can not be used when making > > a shared object: recompile with -fPIC > > my_app.o: could not read symbols: Bad value > > collect2: ld returned 1 exit status > > gmake: *** [libAPP.so] Error 1 > > > > any ideas/suggestions are greatly appreciated. > > > > Thanks in advance. > > > I added "-fPIC" to CLFAGS and this got me past this error...is that the > proper fix? More or less.