Nepenthes on OBSD

[Parvinder Bhasin]

Hi,

I installed Nepenthes from ports on OBSD and when I run it,  I get  
this message saying:


[ crit mgr ] Compiled without support for capabilities, no way to run  
capabilities


Even though I see its workings (sort of) but I don't think its working  
as expected.  It has been running for couple of days and hasn't caught  
anything.  I have Nepenthes on an ubuntu machine , it doesn't give me  
this message and has caught many binaries in the wild.


Can anyone point me why I am getting this message? or the fix?  I  
tried compiling it from scratch with --enable-capabilities but still I  
get the same message.

I would appreciate any help.

Thanks
Parvinder Bhasin

Re: Nepenthes on OBSD

[Tobias Ulmer]

On Sun, Jan 25, 2009 at 01:58:01AM -0800, Parvinder Bhasin wrote:
 Hi,

 I installed Nepenthes from ports on OBSD and when I run it,  I get this 
 message saying:

 [ crit mgr ] Compiled without support for capabilities, no way to run  
 capabilities

 Even though I see its workings (sort of) but I don't think its working  
 as expected.  It has been running for couple of days and hasn't caught  
 anything.  I have Nepenthes on an ubuntu machine , it doesn't give me  
 this message and has caught many binaries in the wild.

 Can anyone point me why I am getting this message? or the fix?  I tried 
 compiling it from scratch with --enable-capabilities but still I get the 
 same message.
 I would appreciate any help.

Likely means it can (optionally) use libcap, a library to set POSIX 1e
capabilities, an extension to the kernel which is not supported by
OpenBSD but popular under Linux etc.


 Thanks
 Parvinder Bhasin

Find special hidden files (e.g. .#Makefile.1.31)

[Patrick Oeschger]

Makefile was modified in the source tree.
After a CVS update the modified file is renamed to .#Makefile.1.31.
I tried the cmd 'find' to find all files starting with '.#' in the
source tree.
Tried escape characters for '.' and '#' but did not succeed...
Any advise/hints?
BR
/pat

Re: Find special hidden files (e.g. .#Makefile.1.31)

[Eugene Ryazanov]

2009/1/25 Patrick Oeschger tbeoe...@armdev.swissptt.ch:
 I tried the cmd 'find' to find all files starting with '.#' in the
 source tree.
 Tried escape characters for '.' and '#' but did not succeed...

find . -name .\\#*

getting random icmp host unreachable messages from firewall

[Imre Oolberg]

Hallo again!

When i access internet from behind nat'ting OpenBSD 4.4-current i386 
platform firewall (20090121 snapshot, under Xen HVM quest if this test 
then qualifies) i get randomly icmp host unreachable messages. At the 
same time network traffic is low and this test firewall is not under any 
mentionable load. For example about five to ten icmp error messages 
appear from firewall to wget client when issuing 300 wgets i a raw, like 
this


$ for i in `seq 1 300`; do wget http://172.16.0.12/README?count=$i; -O
- 1dhs.$i.log; done

# tcpdump -nttti ne3 icmp
tcpdump: listening on ne3, link-type EN10MB
Jan 25 15:21:04.986368 192.168.10.210  192.168.10.10: icmp: host 
x.x.x.x unreachable
Jan 25 15:21:06.444112 192.168.10.210  192.168.10.10: icmp: host 
x.x.x.x unreachable

...

And insterting one second delay between wgets reduces icmp errors a lot.

I belive it has something to do with a firewall's natting because with 
plain routing it seems to work all right.


I would be very greateful if somebody could comment on this.


Imre

 Original Message 
Subject: getting random icmp host unreachable messages while accessing 
host from behind nat with 4.4 amd64

Date: Thu, 22 Jan 2009 22:10:32 +0200
From: Imre Oolberg i...@auul.pri.ee
To: misc@openbsd.org

Hi!

I have following problem with my OpenBSD amd64 version firewall and
would be very thankful if you can help me with it.

Quite accidentally my collegue discovered that while he is accessing
content over http from behind natting firewall he doest get it every
time. And it happens seemengly randomly, say about ten times per 300
attempts (vise versa firewall is working all right and also with
routing). I tested it on living firewall and confirmed it and after that
i set up other computers dedicated to test this case more throughly.

This is my test setup

http server  em1 firewall bge0 --- mgm computer
server   10.0.5.2 -- 192.168.2.38
172.16.0.12| em0
   |
   |
   |
computer accessing http server (10.0.6.242)

firewall has following addresses

em0 - 10.0.6.248
em1 - 172.16.0.78
bge0 - 10.0.5.7

mgm computer actually is 192.168.2.38, a hop away.

I used 4.4 amd64 system with latest kernel patches (and userspace
patches between them) but i also tried original 4.4 kernel, results seem
to be the same. dmesg and full pfctl -sa are included in the end of this
letter.

rules on the firewall are no more no less like this

# pfctl -sn
nat on em1 inet all tagged ICMP_TEST - 172.16.0.78
# pfctl -sr
block drop log all
pass in quick on bge0 inet from 192.168.2.0/24 to 10.0.5.7 flags S/SA
keep state (tcp.established 1064000)
pass in quick on bge0 inet from 10.0.5.0/24 to 10.0.5.7 flags S/SA keep
state (tcp.established 1064000)
pass in quick on em0 inet proto tcp from 10.0.6.242 to 172.16.0.12 port
= www flags S/SA keep state tag ICMP_TEST
pass out quick on em1 all flags S/SA keep state tagged ICMP_TEST


Here is my testing.

I access http in this manner (after fresh reboot)

$ for i in `seq 1 300`; do wget http://172.16.0.12/README?count=$i; -O
- 1dhs.$i.log; done

and the results are like this, i.e. this time five responses are not
succeeding

$ find . -size 0
./dhs.251.log
./dhs.171.log
./dhs.179.log
./dhs.188.log
./dhs.149.log

while listening on firewall on em0 for icmp i get

# tcpdump -nettti em0 icmp
Jan 22 21:06:45.787661 00:04:23:09:14:30 70:10:00:00:62:42 0800 70:
10.0.6.248  10.0.6.242: icmp: host 172.16.0.12 unreachable
Jan 22 21:06:45.995783 00:04:23:09:14:30 70:10:00:00:62:42 0800 70:
10.0.6.248  10.0.6.242: icmp: host 172.16.0.12 unreachable
Jan 22 21:06:46.067863 00:04:23:09:14:30 70:10:00:00:62:42 0800 70:
10.0.6.248  10.0.6.242: icmp: host 172.16.0.12 unreachable
Jan 22 21:06:46.150686 00:04:23:09:14:30 70:10:00:00:62:42 0800 70:
10.0.6.248  10.0.6.242: icmp: host 172.16.0.12 unreachable
Jan 22 21:06:46.765440 00:04:23:09:14:30 70:10:00:00:62:42 0800 70:
10.0.6.248  10.0.6.242: icmp: host 172.16.0.12 unreachable

It may also be essential to say that there does not appear anything
relevant (on this network there are other traffic as well to be honest)
in  pflog.

I also saved all traffic on both relevant firewall interfaces during
test and followed it and tcpdump shows that during connection failure

1. http client sends syn packet which do not get to the other side of
firewall
2. firewall answers this with icmp host unreachable message
3. wget saves zero result
4. client then sends out next syn which gets properly served

In the end i tested removing nat and it worked well i.e. without errors
(16k of queries).

I also tested the same thing with OpenBSD 4.3 and i did work for 24k
queries all right (didnt try longer).

If someone could please confirm whether this holds true generally on
amd64 and i386 (havent tried it yet) platform or it still is some kind
of specific combination of my computer and networking 

Problems with bwi0 - drops packets and stops responding

[rexregis]

While using the bwi0 WiFi on a Dell 1501 laptop, a lot of packets
are being dropped (no firewall, 4 yards away from AP, AP is fine
as iPhone drops no packets). After a while, the device completely
stops responding. I do:

$ sudo ifconfig bwi0 down
$ sudo ifconfig bwi0 up

and within 10 secs, the device works again, but drops a lot of
packets until it completely stops responding again, and repeat.
I can not tell if the problem is in the kernel (default GENERIC
4.4-STABLE) or in the firmware. Any ideas on how I could figure
out the source of the problem and a way to fix would be greatly
appreciated. Unless I missed it, I do not see any recent patches
for the bwi device.

$ dmesg | grep bwi
bwi0 at pci3 dev 0 function 0 Broadcom BCM4312 rev 0x01: apic 2 int 18
(irq
11), address 00:19:7d:5e:f5:1f

$ uname -a
OpenBSD jupiter32-bsd.rexregis.org 4.4 GENERIC.MP#844 i386

$ ifconfig bwi0
bwi0: flags=8843 mtu 1500
lladdr 00:19:7d:5e:f5:1f
groups: wlan egress
media: IEEE802.11 autoselect (OFDM36 mode 11g)
status: active
ieee80211: nwid DDWRT chan 11 bssid 00:40:10:10:00:03 51dB wpapsk
wpaprotos wpa1,wpa2 wpaakms psk,802.1x wpaciphers tkip,ccmp
wpagroupcipher tkip
inet6 fe80::219:7dff:fe5e:f51f%bwi0 prefixlen 64 scopeid 0x1
inet 10.192.168.201 netmask 0xff00 broadcast 10.192.168.255

$ ls /var/db/pkg/ | grep bwi
bwi-firmware-1.4

$ ping -c 1000 10.192.168.1
64 bytes from 10.192.168.1: icmp_seq=280 ttl=255 time=0.831 ms
64 bytes from 10.192.168.1: icmp_seq=281 ttl=255 time=0.879 ms
64 bytes from 10.192.168.1: icmp_seq=282 ttl=255 time=0.902 ms
ping: sendto: Host is down
ping: wrote 10.192.168.1 64 chars, ret=-1
ping: sendto: Host is down
ping: wrote 10.192.168.1 64 chars, ret=-1
--- 10.192.168.1 ping statistics ---
390 packets transmitted, 162 packets received, 58.5% packet loss
round-trip min/avg/max/std-dev = 0.728/1.011/7.031/0.782 ms

As you can see, I only made it to 390 packets, but device quit
responding at 282 packets. But with only 162 packets received,
that's still a 42.5% packet loss. FYI: 10.192.168.1 is still up.

Jason

P.S: Yes, I know, Broadcom is a POS for OpenSource. I will do a better
job next time when I shop for a laptop. Are the Apple MacBook Pros
completely OpenBSD compatible?

Re: Find special hidden files (e.g. .#Makefile.1.31)

[Alexander Yurchenko]

On Sun, Jan 25, 2009 at 01:19:28PM +0100, Patrick Oeschger wrote:
 Makefile was modified in the source tree.
 After a CVS update the modified file is renamed to .#Makefile.1.31.
 I tried the cmd 'find' to find all files starting with '.#' in the
 source tree.
 Tried escape characters for '.' and '#' but did not succeed...
 Any advise/hints?

find . -name '.#*'

 BR
 /pat

-- 
   Alexander Yurchenko

OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Toni Mueller]

Hi,

On Fri, 23.01.2009 at 21:28:34 +, Dieter open...@sopwith.solgatos.com 
wrote:
 Recovering from Seagate's problematic 7200.11 firmware.


first off, several other product lines are affected, too. In
particular, the popular ES and ES.2 server grade disks are also
affected, to the best of my knowledge. Seagate only admits to problems
with ES.2 drives, not ES drives, though.


 Seagate's response has been less than wonderful.  We need
 a FLOSS solution.

Right.

 We need for this to work with any flavor of Unix,

We need to do this from within a running system.

 We need for this to work on one drive without affecting
 other drives.

My first idea is that smartmontools probably provide much of the
required framework alreaedy, and could possibly extended to work with
this situation, too.

 If Maxtorman is correct, then once the drive has been operating awhile,

Seagate sent me the following link

http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207931

which imho contributes to the impression of a less-than-stellar
response by stating Based on the low risk as determined by an analysis
of actual field return data, Seagate believes that the affected drives
can be used as is. (current as of _now_).

 that works properly.  Since Seagate's solution will require attaching
 the drive to an x86 system and booting a FreeDOS ISO from CD, if the log
 is at 320 that boot will brick the drive.

As far as I understood, the firmware has a sort of a boot loader which
reads the actual firmware from the drive, and also writes new firmware
to the drive. This leads me to suspect that writing a modified boot
loader firmware which does not contain such log entry reading or
writing, could bypass the 'brickedness' caused by the broken firmware
which is actually on the platters (ie, which is what the boot loader
needs to load to begin with). So, if a modified boot loader would eg.
abstain from loading the firmware on the drive, the corruption of said
firmware on the drive would not occur, thus not blocking the remainder
of the hardware. However, if, and how, such a new boot loader could be
placed into the ???ROMs of the drive, I really don't know.

 Once Seagate releases working firmware, we want to be able to install
 it from Unix, on any CPU arch.  Seagate's release can only install
 on x86 using FreeDOS.

- smartmontools come to mind.

   Is Maxtorman correct about the 320 log entries?

My dealer told me a similar story, but I don't know where he had it
from.



Kind regards,
--Toni++

Mr.SAIDOU KEITA URGENT PARTNERSHIP/INVESTMENT

[saidou keita]

!Tengo nueva direccisn de correo!Ahora puedes escribirme a: 
saidoukeit...@yahoo.com.mx

Mr Saidou Keita,staff of bank,i wan't to transfer $4.500 million to your account


Saidou Keita

- saidou keita

Re: KDE/DCOP vs pf

[Ken Dickey]

On 2009 January 24 03:09:57 pm Pereresus ne Vlezaet Buggy wrote:
 Add set skip on lo. Searching for the right place of this string will
 be your homework.

Thanks much.  My working pf.conf now contains:

vvv=pf.conf===vvv
## MACROS
tcp_services = { ssh, smtp, smtps, domain, www, auth, pop3s, ftp, sftp, 
https, imaps }
udp_services = { domain, pop3, pop3s, imaps }

# KDE uses loopback
set skip on lo0

## DEFAULT: DENY external access; OK going out
block in  all
pass out proto tcp to any port $tcp_services
pass proto udp to any port $udp_services
pass out inet proto icmp all icmp-type 8 code 0
^^^=E O F===^^^

Cheers,
-KenD

Re: ipv6 neighbor discovery over a wpa wireless link

[FRLinux]

On Sat, Jan 24, 2009 at 3:46 PM, Mark Zimmerman markz...@frii.com wrote:
 Greetings:

 I am trying to get ipv6 neighbor discovery working over a wpa wireless
 link between two ral interfaces. I get nothing, and no error messages
 from rtadvd on the router. The router is 4.4-current and the laptop is
 a 4.3 snapshot that I really need to update. Ipv4 works fine.

Hello,

My setup is the following:

router on OpenBSD 4.4-STABLE  access point linksys running openwrt 
laptop devices with v6 support

None of them have a single problem getting a router advertisement. So
I am guessing you might have some filtering taking place or maybe
radvd is not listening to the right interface. So, are you getting RA
over wired connection? If so, are you using a separate network for the
wireless net (although I have wired and wireless, i do not separate
subnets). Last but not least, may I suggest that you run pftop (from
ports) and look at it when you connect the laptop.

Cheers,
Steph

Re: ipv6 neighbor discovery over a wpa wireless link

[Stuart Henderson]

On 2009-01-24, Mark Zimmerman markz...@frii.com wrote:
 Greetings:

 I am trying to get ipv6 neighbor discovery working over a wpa wireless
 link between two ral interfaces. I get nothing, and no error messages
 from rtadvd on the router. The router is 4.4-current and the laptop is
 a 4.3 snapshot that I really need to update. Ipv4 works fine.

 Before I spend too much time on this, I wanted to check if this might
 not be a supported capability. Should it be possible to do this?

ral/wpa/ipv6 works ok here with -current from the last week on the
laptop and Dec 13 snap on the hostap box...

if you really need to update the laptop, why not do that before
spending any time on it.

Re: ral0 hangs during sftp

[Stuart Henderson]

On 2009-01-24, David Higgs hig...@gmail.com wrote:
 I recently installed 4.4-stable and started using wireless with WPA2.
 Basic web browsing had been working fine all week, but today I started
 moving some files around via sftp and suddenly the link stalled.  Log
 messages indicate resource problems with named but not a total link
 failure, since dhcpd still worked.  Running ifconfig up/down appeared
 to fix the problem temporarily; I lost patience and found a wired
 connection after the second hang.

 Is this somehow related to Fix HW crypto on ral(4) devices. in the
 list of -current changes?  Is there any additional information I can
 provide?

there are various fixes to ral(4) post-4.4. I definitely think you
should be running -current from the last month or so if you have problems
with earlier ral(4) code.

Re: KDE/DCOP vs pf

[jared r r spiegel]

On Sun, Jan 25, 2009 at 03:45:25AM -0800, Ken Dickey wrote:
 On 2009 January 24 03:09:57 pm Pereresus ne Vlezaet Buggy wrote:
  Add set skip on lo. Searching for the right place of this string will
  be your homework.
 
 Thanks much.  My working pf.conf now contains:

  i'll take the opportunity to offer my opinion that one stands to save
  a LOT of time by *logging blocks* during debugging.

  eg: 'block in log all' or whatever the grammar needs to be.

  then just watch pflog0 on tcpdump with a bunch of -v action and you
  can see what the traffic is and create allows based on that.

-- 

  jared

Re: isakmpd does not initiate quick mode after main mode is established

[Christian Weisgerber]

Christoph Leser le...@sup-logistik.de wrote:

 I'm still struggling to keep my ipsec vpns running smoothly.

FWIW, I mostly use IPsec on my home WLAN and I observe a similar
lack of reliability.  My laptop sets up two IPsec associations, one
IPv4 and one IPv6, and from time to time one of these or both fail
inexplicably (no response, no proposal chosen) but eventually get
established within ten minutes or so.

Since this is WLAN, I have considered that packet loss may screw
up the ISAKMP negotiation, but I haven't investigated.

I wonder how people who run a large number of IPsec associations
in production settings deal with this or if they are seeing it at
all.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: Apache file upload

[Steve Shockley]

On 1/23/2009 11:37 PM, Nick Holland wrote:

I found an application called file upload by Jeffery Carnahan.  GNU
license, and currently seems to be proof that GNU does NOT mean can't
disappear.


A quick search found http://www.freebsddiary.org/fileupload.php, which 
has a link to a mirror of the tar file.

Re: Altq doesn't works as I expect on OpenBSd 4.4

[Toni Mueller]

Hi,

On Thu, 20.11.2008 at 17:08:31 +, Stuart Henderson s...@spacehopper.org 
wrote:
 also note you can queue the _inbound_ packets, which will associate
 a queue with the state table entry, then the queue of this name will
 be used when those packets are sent _out_.

this sounds like it fills a gap in the man page, imho.

 many of the views from pftop are also available in systat
 (in the base OS) these days.
 
 see systat queues, systat rules, systat pf etc.

systat queues does not work if you're not root, but otherwise, it
fills a gap, too.


Thank you!


Kind regards,
--Toni++

Re: Problems with bwi0 - drops packets and stops responding

[JasonLC]

I may have found my answer looking at the 4.4 to -current log.

Make sure the bwi(4) driver does not try to attach rev 2 BCM431[1-2]
chipsets, as they require v4 firmware and bwi(4) currently uses v3. 

However, this says rev 2 of the chipset, from dmesg:

bwi0 at pci3 dev 0 function 0 Broadcom BCM4312 rev 0x01: apic 2 int 18
(irq 11), address 00:19:7d:5e:f5:1f

it says I have rev 1 of the chipset. Is my problem related to this or are we
sure the v4 firmware only affects rev 2 chipsets? If my problem is due to
firmware versions, any work on getting bwi(4) to v4?

Jason

-- 
View this message in context: 
http://www.nabble.com/Problems-with-bwi0---drops-packets-and-stops-responding-tp21652920p21659111.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: ipv6 neighbor discovery over a wpa wireless link

[Mark Zimmerman]

On Sun, Jan 25, 2009 at 09:56:50PM +, Stuart Henderson wrote:
 On 2009-01-24, Mark Zimmerman markz...@frii.com wrote:
  Greetings:
 
  I am trying to get ipv6 neighbor discovery working over a wpa wireless
  link between two ral interfaces. I get nothing, and no error messages
  from rtadvd on the router. The router is 4.4-current and the laptop is
  a 4.3 snapshot that I really need to update. Ipv4 works fine.
 
  Before I spend too much time on this, I wanted to check if this might
  not be a supported capability. Should it be possible to do this?
 
 ral/wpa/ipv6 works ok here with -current from the last week on the
 laptop and Dec 13 snap on the hostap box...
 
 if you really need to update the laptop, why not do that before
 spending any time on it.
 

I think I will do that now that I have confirmation that it ought to
work. Thanks for the response.

Publique GRATIS no nosso portal

[Classificados GRATIS portaldanet.com]

Se nco visualizar esta pagina correctamente , clique aqui

* Conhega as diferentes formas de publicitar o seu produto ou negscio *

Anzncios online de publicagco imediata. Faga a sua prspria gestco,  e
modificagco dos anzncios online. Publique GRATIS no portaldanet.com , com
fotos e texto da sua empresa, negscio ou produtos nas categorias do site.

Se quiser aderir ` nossa campanha de web marketing semanal, do seu
negscio ou produto, para 350.000 contactos em Portugal, contacte-nos para
aderir ao nosso sistema, ou entre na sua conta pessoal e adira ao pacote
instantbneo Campanha publicitaria. O envio dessa campanha tera  uma
foto da sua empresa ou produto com o link directo para a sua pagina Web
ou para a publicidade que tiver publicada no nosso portal de
classificados.

Veja a campanha de alguns negscios desta semana nos links abaixo:

Nissan NAVARRA 2004

MORADIA T4 - NOVA - OPORTUNIDADE

Ford Focus TCDI 1600 Sport

CAHER 550F - BOM PREGO

Mota Honda CBF 1000 Preta

Sofa cama de 3 lug+1 +poltrona

Pastelaria/Geladaria

Mobiliario escritsrio

Fiat Punto HGT 1.8 16v

Esta mensagem esta de acordo com a legislagco Europeia sobre o envio de
mensagens comerciais. Destina-se unicamente a clientes, potenciais
clientes e parceiros e nco pode ser considerada SPAM porque tem inclumdo
contacto e instrugues para remogco da nossa lista de emails. Qualquer
mensagem devera estar claramente identificada com os dados do emissor e
devera proporcionar ao receptor a hipstese de ser removida da lista
(Directiva 2000/31/CE do Parlamento Europeu; Relatsrio A5-0270/2001 do
Parlamento Europeu).

Se desejar ser retirado desta mailing list Clique aqui. Obrigado!

Re: OT: Hard Disk Problems (was: Re: Dealing with Seagate's problematic 7200.11 firmware.)

[Dieter]

  Recovering from Seagate's problematic 7200.11 firmware.
 
 
 first off, several other product lines are affected, too. In
 particular, the popular ES and ES.2 server grade disks are also
 affected, to the best of my knowledge. Seagate only admits to problems
 with ES.2 drives, not ES drives, though.

Word is the Maxtor Diamond Max 21 line is also affected.

 We need to do this from within a running system.

Yes.

 My first idea is that smartmontools probably provide much of the
 required framework alreaedy, and could possibly extended to work with
 this situation, too.

Thanks.  I downloaded smartmontools, fixed a couple of ILP vs LP64 bugs,
and it appears to provide the number of SMART log entries.

  Is Maxtorman correct about the 320 log entries?
 
 My dealer told me a similar story, but I don't know where he had it
 from.

I guess the next step is to find out if Maxtorman is correct about this
320 log entries stuff, and if the SMART log entries as reported by
smartmontools is the log to worry about, or if there is some other log.
E.g. see the Read Log Ext and Write Log Extended commands I posted
yesterday.  I don't know if these use the same log as the SMART commands
or if this is something different.

Re: ral0 hangs during sftp

[bofh]

On Sun, Jan 25, 2009 at 5:00 PM, Stuart Henderson s...@spacehopper.org wrote:
 there are various fixes to ral(4) post-4.4. I definitely think you
 should be running -current from the last month or so if you have problems
 with earlier ral(4) code.

Can I take that ral code and stick it into 4.4?


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related