Re: Internet access over Bluetooth; a summary.

[Denis Doroshenko]

On Mon, Apr 27, 2009 at 11:18 PM, Thomas Pfaff tpf...@tp76.info wrote:
 On Mon, 27 Apr 2009 21:04:01 +0200 Otto Moerbeek o...@drijf.net wrote:
 On Mon, Apr 27, 2009 at 08:43:16PM +0200, Thomas Pfaff wrote:
  B  B $ sudo echo 00:1d:e9:e5:ad:01 phone  /etc/bluetooth/hosts

 I don't think you tested the above command. Hint: the redirect is not
 done as root.

 Quite right, sorry about that. B Just to make the archives happy:

 B # echo 00:1d:e9:e5:ad:01 phone  /etc/bluetooth/hosts

since everything is done with sudo, this might be something like

$ sudo sh -c 'echo 00:1d:e9:e5:ad:01 phone  /etc/bluetooth/hosts'

Re: Transparent firewall (bridge) with DMZ + LAN

[Claudio Jeker]

On Mon, Apr 27, 2009 at 11:20:07PM +0200, Felipe Alfaro Solana wrote:
 On Mon, Apr 27, 2009 at 8:11 PM, Ted Unangst ted.unan...@gmail.com wrote:
 
  On Mon, Apr 27, 2009 at 10:25 AM, Felipe Alfaro Solana
  felipe.alf...@gmail.com wrote:
   Again, not a single or valid technical argument on why a bridging
  firewall
   is a bad idea. Just a moot and offensive responsive, and a very
   strong assessment from someone that doesn't know me at all. It's also
  very
   sad to see so many impolite answers in this list. Perhaps saying are
   apparently black magic would be more appropriate.
 
  http://marc.info/?l=openbsd-miscm=124082008204226w=2
 
  You can either read the code or listen to somebody who has.  I don't
  know you either, but I know Henning and I know the bridge code, and
  the short version is he's right.
 
 
 And again, I think you mean that running a bridge under OpenBSD is perhaps
 not the fastest or brightest solution. And I trust you, But again, I have
 yet to hear a single technical argument on why running, for example, Snort
 inline on other platforms is a bad idea and makes one stupid.
 

Did you ever check the security record of snort? It is at least as bad as
wireshark's but it is sitting in the middle of your network passing
packets. I couldn't sleep with such a system in my core.
It is also a lot easier to bypass unnoticed a bridging FW/IDS then a box
that does actual routing.

Go ahead, use it and get burned, I think you need pain to realize that it is
bad.

-- 
:wq Claudio

Re: Transparent firewall (bridge) with DMZ + LAN

[Tony Abernethy]

Now it makes sense.

Claudio Jeker wrote:
snip
 but it is sitting in the middle of your network passing
 packets. I couldn't sleep with such a system in my core.
 It is also a lot easier to bypass unnoticed a bridging FW/IDS 
 then a box
 that does actual routing.

THAT's why it is called a TRANSPARENT firewall.
There's nothing quite like an oxymoron that SOUNDS good.
Perfect place to hide all sorts of bad stuff.

There is not ONE reason it is a bad idea.
There are MANY and I am neither industrious nor competent enough 
to even crack the surface. However, I am old and crafty enough
to NOT stick my hand in the paper sack.

2x OpenBSD firewalls with failover?

[Coert Waagmeester]

Hallo all OpenBSDers.

I want to setup two openBSD boxes at our office.

They will each have 4 network interfaces, and they will do routing,
NATting (port forwarding) and provide basic DNS services. And also
OpenVPN connectivity to the 4 different networks.


They will be the same, config wise, but what I want to do is have some
kind of seamless failover, ie, box 1 will always be live, and if it goes
down, I want Box 2 to take over its IP addresses, and continue providing
all the services.

Can you guys give me a few pointers as to how I could set up something
like this?


Thank you in advance,
Coert Waagmeester

Re: 2x OpenBSD firewalls with failover?

[Daniel Ouellet]

Coert Waagmeester wrote:

Hallo all OpenBSDers.

I want to setup two openBSD boxes at our office.


http://openbsd.org/faq/faq4.html


They will each have 4 network interfaces, and they will do routing,
NATting (port forwarding) and provide basic DNS services. And also
OpenVPN connectivity to the 4 different networks.


http://openbsd.org/faq/pf/index.html


They will be the same, config wise, but what I want to do is have some
kind of seamless failover, ie, box 1 will always be live, and if it goes
down, I want Box 2 to take over its IP addresses, and continue providing
all the services.


http://openbsd.org/faq/pf/carp.html


Can you guys give me a few pointers as to how I could set up something
like this?


You really didn't try hard did you?

Please help yourself first, and start reading the FAQ that were designed 
specially to answer these questions for you.


Regards,

Daniel

Re: Virtual TAP interface

[Claudio Jeker]

On Tue, Apr 28, 2009 at 08:56:57AM +0200, Jaroslav Joska wrote:
 Hi all!
 I installed OpenBSD on UltraSPARC IIIi machine (SunFire V440) successfully. I 
 want to install dynamips and dynagen,
 but before this procedure I have to make bridge with one real interface and 
 one virtual interface, because dynagen doesn't
 work with real interafces. I did the same things on FreeBSD x86 like this:
 
 # kldload if_tap
 # echo -n  /dev/tap0
 # ifconfig tap0 up
 
 # ifconfig tap0
 tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
 ether 00:bd:33:3d:03:00 Opened by PID 5145
 
 # kldload if_bridge
 # ifconfig bridge0 create
 # ifconfig bridge0 addm tap0
 # ifconfig bridge0 addm rl0
 # ifconfig bridge0 up
 # ifconfig bridge0
 
 Can I make the same on OpenBSD sparc?
 Sorry for my english, 
  BG, JJ

Wow. Incredible how complex FreeBSD got.

ifconfig tun0 up link0
ifconfig bridge0 up
brconfig bridge0 add tun0 add rl0

Will do the trick on OpenBSD.
-- 
:wq Claudio

Re: Virtual TAP interface

[Stuart Henderson]

see tun(4) about the layer 2 tunnelling flag. but note well:

- dynamips from OpenBSD ports/packages does work with real
interfaces now (thanks Claudio!).

- dynamips only has JIT translators for i386 and amd64.
it will *totally* suck on anything else.


On 2009-04-28, Jaroslav Joska jaroslav.jo...@email.cz wrote:
 Hi all!
 I installed OpenBSD on UltraSPARC IIIi machine (SunFire V440) successfully. I 
 want to install dynamips and dynagen,
 but before this procedure I have to make bridge with one real interface and 
 one virtual interface, because dynagen doesn't
 work with real interafces. I did the same things on FreeBSD x86 like this:

 # kldload if_tap
 # echo -n  /dev/tap0
 # ifconfig tap0 up

 # ifconfig tap0
 tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
 ether 00:bd:33:3d:03:00 Opened by PID 5145

 # kldload if_bridge
 # ifconfig bridge0 create
 # ifconfig bridge0 addm tap0
 # ifconfig bridge0 addm rl0
 # ifconfig bridge0 up
 # ifconfig bridge0

 Can I make the same on OpenBSD sparc?
 Sorry for my english, 
  BG, JJ

Re: 2x OpenBSD firewalls with failover?

[Daniel Ouellet]

Coert Waagmeester wrote:

I see your point. Thank you the above link was exactly what I was
looking for. I will remember to go digging around google first next
time.


If I may suggest, even before you go to Google.

If you start using OpenBSD, even before that. Just take a few hours and 
read the FaQ. It's really like reading a very well written book and you 
will see the documentations is very well done oppose to ANY other 
project out there including commercial one. It will be very well spend 
time and you will even discover plenty of very nice things you may not 
even have though of that are just part of OpenBSD and are very 
incredible really. Yes, I am somewhat bias, but that's true never the less.


The order should be FaQ, FaQ, FaQ, FaQ, FaQ, man pages, man pages, list 
archive, then google, some more research on google, and if you still 
have issues, then m...@.


Just read it once, I mean the FaQ and you will just love it. Then send a 
thanks to Nick for them, as he really makes it stand on it's own and 
compare to none out there. I am sure he would appreciate a thanks time 
to time, but even more he would really appreciate you reading it.


So, honor his work by reading it first. The informations you seek for 
most common tasks is there.


Best regards,

Daniel

Re: Transparent firewall (bridge) with DMZ + LAN

[Stuart Henderson]

On 2009-04-28, Daniel Ouellet dan...@presscom.net wrote:
 Henning Brauer wrote:
 * Daniel Ouellet dan...@presscom.net [2009-04-28 02:49]:
 shut up! All are real and I even learn from Henning about the lost of  
 Queue here as well, witch I haven't thought of then. So, loose of queue,  
 mean also lost of AltQ too.
 
 no, this is not related to altq at all.

 Thanks for the correction here Henning. I was wrong.

 I assume AltQ was working with the queue, so, no queue would mean 
 loosing altq capability. Hmmm. Looks like something I miss understood 
 and I will go back looking at it.

 Thanks for the tip.

this is the other queue; sysctl net.inet.ip.ifq

I thought PF would use it in pf_check_congestion() as a hint, but I can't
work out how this happens for ethernet interfaces, only these..

./net/if_ppp.c: if_congestion(inq);
./net/if_sl.c:  if_congestion(ipintrq);
./net/if_spppsubr.c.orig:   if_congestion(inq);
./net/if_spppsubr.c:if_congestion(inq);
./net/if_strip.c:   if_congestion(ipintrq);
./net/if_tun.c: if_congestion(ifq);

from Henning's post;

 i told you before it is not an OpenBSD problem.
 it is implemented the way it is because you kind of have to do it this
 way, or similiar.

not to mention at least 4 OS are using substantially the same code.
at least 5 if you count miros.

Re: Transparent firewall (bridge) with DMZ + LAN

[Daniel Ouellet]

Stuart Henderson wrote:

On 2009-04-28, Daniel Ouellet dan...@presscom.net wrote:

Henning Brauer wrote:

* Daniel Ouellet dan...@presscom.net [2009-04-28 02:49]:
shut up! All are real and I even learn from Henning about the lost of  
Queue here as well, witch I haven't thought of then. So, loose of queue,  
mean also lost of AltQ too.

no, this is not related to altq at all.

Thanks for the correction here Henning. I was wrong.

I assume AltQ was working with the queue, so, no queue would mean 
loosing altq capability. Hmmm. Looks like something I miss understood 
and I will go back looking at it.


Thanks for the tip.


this is the other queue; sysctl net.inet.ip.ifq

I thought PF would use it in pf_check_congestion() as a hint, but I can't
work out how this happens for ethernet interfaces, only these..

./net/if_ppp.c: if_congestion(inq);
./net/if_sl.c:  if_congestion(ipintrq);
./net/if_spppsubr.c.orig:   if_congestion(inq);
./net/if_spppsubr.c:if_congestion(inq);
./net/if_strip.c:   if_congestion(ipintrq);
./net/if_tun.c: if_congestion(ifq);


Thanks Stuart!

I really and totally miss that and confuse the two. Shame on me.

Nice to get it somewhat cleared up however. (;

Some more reading.

Best,

Daniel

Re: Transparent firewall (bridge) with DMZ + LAN

[Felipe Alfaro Solana]

On Tue, Apr 28, 2009 at 8:35 AM, Claudio Jeker cje...@diehard.n-r-g.com wrote:

 Did you ever check the security record of snort? It is at least as bad as
 wireshark's but it is sitting in the middle of your network passing
 packets. I couldn't sleep with such a system in my core.
 It is also a lot easier to bypass unnoticed a bridging FW/IDS then a box
 that does actual routing.

I checked and it doesn't look that bad:

http://secunia.com/advisories/product/16919/?task=statistics
http://secunia.com/advisories/product/13116/?task=statistics

In CERT, it looks like there were 4 vulnerabilities in 2008, 4 in 2007
and currently 2 in 2009 (one of them is related to libpng which Snort
doesn't link to by default in Linux and other one is not specific to
Snort).

But I agree that using snort_inline is probably questionable, given
how complex it is and it's security record. I also agree that, for
passive systems, using a Tap is safer and better.

 Go ahead, use it and get burned, I think you need pain to realize that it is
 bad.

Isn't this how humans learn? By making mistakes and learning from them? :)

Re: Transparent firewall (bridge) with DMZ + LAN

[Tony Abernethy]

Felipe Alfaro Solana wrote:
 
 
 Isn't this how humans learn? By making mistakes and learning 
 from them? :)
 
Nah not really. 
They watch their brother or sister get burned by a hot stove and
decide maybe better not to find out for themselves.
They watch one of their playmates drown or get run over and
decide to not do things quite so risky.
Every new generation, same thing.

Re: soekris 5501, ral(4) and 4.5-current

[Tom]

I took my RT2860 card (which likes to lock up the Soekris 5501 fairly
quickly), stuck it in an Openbsd 4.5-current (April 27 snap) and it
performed properly and didn't lock up. Mind you, the machine is amd64
and quite well powered. I transferred a lot of files with scp, got
about 1.2 MB/s on a single transfer which isn't that bad considering
there's about 4-5 access points around or in the building.

The caveat on the ral(4) man page:
Some PCI ral adapters seem to strictly require a system supporting PCI
 2.2 or greater and will likely not work in systems based on older revi-
 sions of the PCI specification.  Check the board's PCI version before
 purchasing the card.

 Does the Soekris net5501-70 support PCI 2.2 or greater? (I couldn't
find anything in the specs or docs of it.) That's the only thing I can
think of. I can try a new power supply if that's the cause, but it
seems so difficult to isolate this bug.

  Stuart: any luck with your ral* card in your Alix?

   Regards,
   Tom

Re: Transparent firewall (bridge) with DMZ + LAN

[Henning Brauer]

* Stuart Henderson s...@spacehopper.org [2009-04-28 12:08]:
 On 2009-04-28, Daniel Ouellet dan...@presscom.net wrote:
  Henning Brauer wrote:
  * Daniel Ouellet dan...@presscom.net [2009-04-28 02:49]:
  shut up! All are real and I even learn from Henning about the lost of  
  Queue here as well, witch I haven't thought of then. So, loose of queue,  
  mean also lost of AltQ too.
  
  no, this is not related to altq at all.
 
  Thanks for the correction here Henning. I was wrong.
 
  I assume AltQ was working with the queue, so, no queue would mean 
  loosing altq capability. Hmmm. Looks like something I miss understood 
  and I will go back looking at it.
 
  Thanks for the tip.
 
 this is the other queue; sysctl net.inet.ip.ifq
 
 I thought PF would use it in pf_check_congestion() as a hint, but I can't
 work out how this happens for ethernet interfaces, only these..

it does. IF_INPUT_ENQUEUE in sys/net/if.h

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: soekris 5501, ral(4) and 4.5-current

[Markus Hennecke]

On Tue, 28 Apr 2009, Tom wrote:


I took my RT2860 card (which likes to lock up the Soekris 5501 fairly
quickly), stuck it in an Openbsd 4.5-current (April 27 snap) and it
performed properly and didn't lock up. Mind you, the machine is amd64
and quite well powered. I transferred a lot of files with scp, got
about 1.2 MB/s on a single transfer which isn't that bad considering
there's about 4-5 access points around or in the building.

The caveat on the ral(4) man page:
   Some PCI ral adapters seem to strictly require a system supporting PCI
2.2 or greater and will likely not work in systems based on older revi-
sions of the PCI specification.  Check the board's PCI version before
purchasing the card.

Does the Soekris net5501-70 support PCI 2.2 or greater? (I couldn't
find anything in the specs or docs of it.)


Is this a PCI or a Mini PCI card? It should not matter, as Mini PCI is PCI 
2.2. I don't see more than one PCI bus in my soekris dmesg, I would assume 
that the normal PCI connector is PCI 2.2 as well.


Kind regards,
  Markus

Re: Virtual TAP interface

[Daniel Ouellet]

Jaroslav Joska wrote:

Hi all!
I installed OpenBSD on UltraSPARC IIIi machine (SunFire V440) successfully. I 
want to install dynamips and dynagen,
but before this procedure I have to make bridge with one real interface and one 
virtual interface, because dynagen doesn't
work with real interafces. I did the same things on FreeBSD x86 like this:

# kldload if_tap
# echo -n  /dev/tap0
# ifconfig tap0 up

# ifconfig tap0
tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
ether 00:bd:33:3d:03:00 Opened by PID 5145

# kldload if_bridge
# ifconfig bridge0 create
# ifconfig bridge0 addm tap0
# ifconfig bridge0 addm rl0
# ifconfig bridge0 up
# ifconfig bridge0

Can I make the same on OpenBSD sparc?
Sorry for my english, 
 BG, JJ




Hi,

As a start I would suggest to look at man 8 brconfig. Most likely it 
will provide you some of the answers you seek if not all.


Best,

Daniel

Virtual TAP interface

[Jaroslav Joska]

Hi all!
I installed OpenBSD on UltraSPARC IIIi machine (SunFire V440) successfully. I 
want to install dynamips and dynagen,
but before this procedure I have to make bridge with one real interface and one 
virtual interface, because dynagen doesn't
work with real interafces. I did the same things on FreeBSD x86 like this:

# kldload if_tap
# echo -n  /dev/tap0
# ifconfig tap0 up

# ifconfig tap0
tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
ether 00:bd:33:3d:03:00 Opened by PID 5145

# kldload if_bridge
# ifconfig bridge0 create
# ifconfig bridge0 addm tap0
# ifconfig bridge0 addm rl0
# ifconfig bridge0 up
# ifconfig bridge0

Can I make the same on OpenBSD sparc?
Sorry for my english, 
 BG, JJ

Re: 2x OpenBSD firewalls with failover?

[Coert Waagmeester]

On Tue, 2009-04-28 at 04:48 -0400, Daniel Ouellet wrote:
 Coert Waagmeester wrote:
  Hallo all OpenBSDers.
  
  I want to setup two openBSD boxes at our office.
 
 http://openbsd.org/faq/faq4.html
 
  They will each have 4 network interfaces, and they will do routing,
  NATting (port forwarding) and provide basic DNS services. And also
  OpenVPN connectivity to the 4 different networks.
 
 http://openbsd.org/faq/pf/index.html
 
  They will be the same, config wise, but what I want to do is have some
  kind of seamless failover, ie, box 1 will always be live, and if it goes
  down, I want Box 2 to take over its IP addresses, and continue providing
  all the services.
 
 http://openbsd.org/faq/pf/carp.html

I see your point. Thank you the above link was exactly what I was
looking for. I will remember to go digging around google first next
time.
 
  Can you guys give me a few pointers as to how I could set up something
  like this?
 
 You really didn't try hard did you?
 
 Please help yourself first, and start reading the FAQ that were designed 
 specially to answer these questions for you.
 
 Regards,
 
 Daniel

Re: man softraid improvement

[Sebastian Rother]

On Tue, 28 Apr 2009 07:50:20 +0100
Jason McIntyre j...@kerhand.co.uk wrote:

 On Tue, Apr 28, 2009 at 01:34:25AM +0200, Sebastian Rother wrote:
  
  Please add the following to man softraid to enable others to get a clue
  how to encrypt a partition with sofraid.
 
 ok, first off, please mail diffs in future. it takes 10 times longer to
 see what people want without a diff.


Yes, sorry Jason.
But I did not wanted to provide a diff because your phrasing is just
superior.

  
  
  An example to create a encrypted partition from scratch is as follows:
  
 # disklabel -E sd0
  
  Modify or create a partition you like to encrypt.
  Set the FS TYPE to RAID instead of 4.2BSD.
  Save the partition label and exit the interactive mode.
  
  bioctl -c C -l /dev/sd0k softraid0
  
 
 this seems to be the bit you are adding.

Yes
 
 softraid(4) already tells people to use RAID for archs which support it.

That is not the point. People do not figure out how to use it JUST for
a partition except a whole drive.

 it is not a blanket thing - not all archs use it. the disklabel stuff
 well, we expect people to know how to use disklabel anyway. if they
 don;t, they can read the man page.

The method I descriped is NOT mentioned anywhere.
People have to assume that softraid just works with WHOLE disks.
Specialy for the encryption this is wrong so the manpage is missleading.
It is not my point of view but I got already serval mails where people
ask me how to set up such a crypto partition.

And I wanna make it clearly: THEY DO NOT ASK because they simply
somehow fear the bullshit by Marco and other awesome bunnies with
comments like: Do you pay me? Do it yourself? That is not a
supported way of using it or even more rude things.

*rant*
I think if anybody else would for example mention the slow svnd write
speed Marco just would go b00m. But you've luck: Most people stfu and
go away... and Theo wonders about his income? Impressiv. :-)
*/rant*

 your example doesn;t add anything that isn;t already there.

I encounter PERMANENT requests HOW to encrypt a SINGLE partition with
softraid. it is NOT mentioned in the manpage nor is it CLEAR for
everybody that changing the FS type to RAID will be the solution.

That's why I asked you briefly to add the example.

Don't be pissed Jasons but I post the solution at misc@ to inform
people who are not that creativ like you, marco and/or me about how to
use things. The average admin and co just would not try what I
suggested because it is not mentioned in the manpage.

So for everybody else and the LIST ARCHIVES and just to make things
clear for everybody not just OpenBSD developers:

--
Either you have already created a partition you like to encrypt or you
create a partition during the following step:

disklabel -E wd0

Now either create (a %LETTER) or modify (m %LETTER) a partition.
Take care that the FS TYPE is NOT 4.2BSD but RAID.

After you did that please save the changes and leave the interactive
mode. You can now use bioctl to attach the partition to softraid:

bioctl -c C -l /dev/wd0%LETTER softraid0

After this step you can create a dislabel at sd0 or proceed how you
like. If you like to encrypt multiple HDDs or partitions you might need
to add additional softraid devices by
modifying /usr/src/sys/conf/GENERIC and recompiling the kernel or you do nerve 
Marco who created that piece of code.

Kind regards,
Sebastian

Re: vmware esxi 3.5u4: amd64 4.4 generic bsd.mp kernel panic

[J.C. Roberts]

On Tue, 28 Apr 2009 02:34:40 +0200 Erwin van Maanen
open...@acmeweb.nl wrote:

 I've tried to do include the panic and trace with the screenshots i
 attached, i'm afraid i dont know another way to get the info across.
 I can appreciate the devs not being able to look at the/each
 virtualization issue, i was just hopeing someone knew what was going
 on.

 Before reading on: the system seems to work fine with the bsd.mp of
 the 4.5 snapshot of 26/4/2009 as Stuart Henderson suggested.

 Now to be of some use atleast:

  tricked network card to flexible 
 Default the vmware esxi only makes the E1000 network card available
 to the Other 64-bit guest os. (which is also recommended by vmware)
 If you set it to linux 32-bit or something along those lines, you can
 add a flexible network card, which openbsd picks up on as a pcn/AMD
 PCnet-PCI device.
 After which, you can switch back to Other 64-bit and the network
 card will stay as flexible.

 With a bit of testing on performance, i found this network card to
 perform much better than the e1000 over a virtual switch in vmware
 with no actual network card attached to it. (This was OpenBSD 4.4
 unpatched). I'd be happy to test this out with 4.5 current as well.


It's an interesting approach, but the flopping back and forth to
fool the VM and Guest OS seems more than a bit iffy. The fact you're
using a virtual switch in vmware tells me you're talking between two
or more guest operating system instances running simultaneously. My
problems are the exact opposite, namely talking to other real systems
in the real world.

 The actual (relevant?) hardware in the server:
 proc: AMD Phenom 9350e Quad-Core processor 4x2Ghz
 mobo: Supermicro H8SMI-2 rev 2 (MCP55 Pro chipset, incl dual lan)
 mem: 8GB ECC bank interleaving set
 (still waiting on the raid card and the ipmi device)

 That is not actually 2 physical sockets/processors on the board, but
 the hardware chosen is in the supported list on the vmware site.
 I will look into this a bit further, cheers!


There seems to be a large amount of discrepancy between what user
report to work, and what VMware Inc says will work. This combined with
the VMware Inc nonsense of constantly renaming their products leads to
a lot of confusion.

http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_installation_guide.
pdf

The link above might wrap, but page 21 At least two processors
and pg 25:

There are specific hardware requirements for 64
bit guest operating system support.  For AMD
Opteron based systems, the processors must be
Opteron Rev E and later. For Intel Xeon based
systems, the processors must include support for
Intel Virtualization Technology (VT). Many servers
that include CPUs with VT support might ship with
VT disabled by default, and VT must be enabled
manually. If your CPUs support VT but you do not
see this option in the BIOS, contact your vendor
to request a BIOS version that lets you enable VT
support.

According to the support engineer I spoke to, they really do mean that
you must have two physical sockets/processors to run 64-bit guest
operating systems.

Most folks use VM's for consolidation and similar buzz words. In
contrast, my needs are fairly simple; a lab environment for testing
compatibility with a stack of operating systems. At present, I'm
still not convinced virtualization is a good way to do things for a test
lab environment.

--
J.C. Roberts

Re: sudo won't work with login_fingerprint

[LEVAI Daniel]

On Friday 24 April 2009 16.58.06 you wrote:
 login_fingerprint only supports login auth, not support challenge/response
 mode which is what sudo (and other things) uses.
Alright thanks! I've figured it is still useful because of the -a option of
sudo, and thanks to this I've discovered the username[:auth_type] option
when logging in on the console.

Daniel

--
LIVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1

Re: build fails on 4.5

[Toni Mueller]

Hi,

On Mon, 27.04.2009 at 16:19:39 -0400, Ted Unangst ted.unan...@gmail.com wrote:
 That's what I remembered from the last time it happened, but I just
 double checked.  It seems rsync only does this when -C cvs-exclude is
 passed.  The problem is that it ignores directories, not just files.

that sounds broken, indeed. FWIW, to avoid such side effects, I don't
use -C because it leads to the exclusion of .your-scm-here-style
directories as well, and use --include and --exclude instead. Clumsy,
but at least, I'm in control then.


Kind regards,
--Toni++

Re: man softraid improvement

[Michael]

Hi,

Sebastian Rother wrote:
 If you like to encrypt multiple HDDs or partitions you might need
 to add additional softraid devices by
 modifying /usr/src/sys/conf/GENERIC and recompiling the kernel or
 you do nerve Marco who created that piece of code.

You can use multiple encrypted softraid partitions without recompiling
the kernel just fine.

And just for the record, I think the softraid/bioctl manpage is just
fine as it is.


Michael

Re: man softraid improvement

[Damien Miller]

On Tue, 28 Apr 2009, Sebastian Rother wrote:

  it is not a blanket thing - not all archs use it. the disklabel stuff
  well, we expect people to know how to use disklabel anyway. if they
  don;t, they can read the man page.
 
 The method I descriped is NOT mentioned anywhere.
 People have to assume that softraid just works with WHOLE disks.

People who _don't understand disklabel_ assume that softraid just works
with whole disks. It is quite clear what is going on if you get disklabel.

-d

Re: sudo won't work with login_fingerprint

[Pau]

Szia!

have you done this on -current or 4.5?

thanks,

Pau

2009/4/28 LEVAI Daniel l...@ecentrum.hu:
 On Friday 24 April 2009 16.58.06 you wrote:
 login_fingerprint only supports login auth, not support challenge/response
 mode which is what sudo (and other things) uses.
 Alright thanks! I've figured it is still useful because of the -a option of
 sudo, and thanks to this I've discovered the username[:auth_type] option
 when logging in on the console.

 Daniel

 --
 LIVAI Daniel
 PGP key ID = 0x4AC0A4B1
 Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1





--
Let there be peace on earth. And let it begin with misc

Re: soekris 5501, ral(4) and 4.5-current

[Tom Murphy]

Markus Hennecke wrote:

On Tue, 28 Apr 2009, Tom wrote:


I took my RT2860 card (which likes to lock up the Soekris 5501 fairly
quickly), stuck it in an Openbsd 4.5-current (April 27 snap) and it
performed properly and didn't lock up. Mind you, the machine is amd64
and quite well powered. I transferred a lot of files with scp, got
about 1.2 MB/s on a single transfer which isn't that bad considering
there's about 4-5 access points around or in the building.

The caveat on the ral(4) man page:
   Some PCI ral adapters seem to strictly require a system supporting 
PCI
2.2 or greater and will likely not work in systems based on older 
revi-
sions of the PCI specification.  Check the board's PCI version 
before

purchasing the card.

Does the Soekris net5501-70 support PCI 2.2 or greater? (I couldn't
find anything in the specs or docs of it.)


Is this a PCI or a Mini PCI card? It should not matter, as Mini PCI is 
PCI 2.2. I don't see more than one PCI bus in my soekris dmesg, I 
would assume that the normal PCI connector is PCI 2.2 as well. 

Hi Markus,

   It's a PCI card.

ral0 at pci5 dev 9 function 0 Ralink RT2860 rev 0x00: apic 1 int 18 
(irq 11), address MAC address

ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R)

Regards, 
Tom

Re: man softraid improvement

[Sebastian Rother]

On Tue, 28 Apr 2009 22:57:33 +1000 (EST)
Damien Miller d...@mindrot.org wrote:

 On Tue, 28 Apr 2009, Sebastian Rother wrote:
 
   it is not a blanket thing - not all archs use it. the disklabel stuff
   well, we expect people to know how to use disklabel anyway. if they
   don;t, they can read the man page.
  
  The method I descriped is NOT mentioned anywhere.
  People have to assume that softraid just works with WHOLE disks.
 
 People who _don't understand disklabel_ assume that softraid just works
 with whole disks. It is quite clear what is going on if you get disklabel.
 
 -d

Might be logical to you and me.
But the average admin or somebody who's not a permanent openbsd user
might NOT figure it out and he might NOT try it out.

It's nothing about you and me or many others.
I just say I got serval mails during the years HOW to do it exactly.
And the latest arrived yesterday and this was the day I thought the
openbsd manpage lacks clarity.

*cut the beginning* --
Also ich wuerde ganz gerne mal eine Partition auf 
meinem Rechner verschluesseln. Jetzt habe ich in ein/zwei Tutorials und 
die manpages f. softraid geschaut und habe den Eindruck, dass nur 
komplette Platten mit Softraid verschluesselt werden koennen... jetzt 
bin ich ein wenig verunsichert.

Ist es denn moeglich mit disklabel eine einzige Partition fuer s.c. zu 
definieren?

Kannst du mich evtl. noch auf andere manpages/Webseiten/Tutorials 
verweisen, oder ggf. mal ganz grob umreissen, wie ich beim Einrichten 
solch einer Partition vorgehen sollte?!
*cut the end* --

So i give a fuck about your oppinion: It AINT clear for the normal
OpenBSD user. But nobody needs the normal OpenBSD user... right?


Kind regards,
Sebastian

Re: sudo won't work with login_fingerprint

[LEVAI Daniel]

On Tuesday 28 April 2009 15.23.01 Pau wrote:
 Szia!

 have you done this on -current or 4.5?

This is on -current.

 2009/4/28 LEVAI Daniel l...@ecentrum.hu:
  On Friday 24 April 2009 16.58.06 you wrote:
  login_fingerprint only supports login auth, not support
  challenge/response mode which is what sudo (and other things) uses.
 
  Alright thanks! I've figured it is still useful because of the -a option
  of sudo, and thanks to this I've discovered the username[:auth_type]
  option when logging in on the console.


--
LIVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1

Re: soekris 5501, ral(4) and 4.5-current

[Tom Murphy]

Alexander Hall wrote:


I'll second this; from a gw of mine:

$ sudo crontab -l | grep ral0
# Down and up ral0 on failure
*   *   *   *   *   ifconfig ral0 | grep -q OACTIVE  { 
ifconfig \
ral0; echo \n *\n; ifconfig ral0 down; sleep 1; ifconfig ral0 up; 
ifconfig \
ral0; }

/Alexander


Hi Alexander,

  What does the 'OACTIVE' mean? I put that crontab entry in and about 5 times 
already
it came up with OACTIVE in the ifconfig output and it downed the interface and 
brought it back up.
So far the machine has stayed up and hasn't locked up solid yet. Is downing the 
interface and bringing
it back up when it's 'OACTIVE' help prevent the box from locking up?

 Regards,
 Tom

Re: man softraid improvement

[Jason McIntyre]

On Tue, Apr 28, 2009 at 02:37:53PM +0200, Sebastian Rother wrote:
   
   Please add the following to man softraid to enable others to get a clue
   how to encrypt a partition with sofraid.
  

oh great, now you are cc'ing my private mail to misc. and insulting the
people who i work with. and you wonder why you get short shrift!

  ok, first off, please mail diffs in future. it takes 10 times longer to
  see what people want without a diff.
 
 But I did not wanted to provide a diff because your phrasing is just
 superior.
 

that's not the point. if you send a diff i can see what you want. it
means i don;t have to wade through 2 pages of insults about other
developers.

 
 The method I descriped is NOT mentioned anywhere.
 People have to assume that softraid just works with WHOLE disks.
 Specialy for the encryption this is wrong so the manpage is missleading.
 It is not my point of view but I got already serval mails where people
 ask me how to set up such a crypto partition.
 

nowhere does this page say an entire disk must be used. it says
all component partitions. as i understand it, that is correct.

 
 --
 Either you have already created a partition you like to encrypt or you
 create a partition during the following step:
 
 disklabel -E wd0
 
 Now either create (a %LETTER) or modify (m %LETTER) a partition.

this is disklabel(8) stuff.

 Take care that the FS TYPE is NOT 4.2BSD but RAID.

softraid(4):
All component partitions must be of type RAID.  Some
platforms, such as SUN, are not capable of using the RAID
partition type.  The 4.2BSD partition type should be used
on such platforms.

 
 After you did that please save the changes and leave the interactive
 mode. You can now use bioctl to attach the partition to softraid:
 
 bioctl -c C -l /dev/wd0%LETTER softraid0
 

softraid(4):
Assemble the RAID volume:
# bioctl -c 1 -l /dev/wd1a,/dev/wd2a,/dev/wd3a softraid0

bioctl(8):
-l special[,special,...]
Use special device list to create within the softraid(4)
framework.  Requires -c.

this adds nothing that is not already there.

i'm not saying the page cannot be improved, but this is just adding
another example, once that users should be able to come up with if they
read the associated pages.

i think an improvement is more likely to come from the wording of the
text. i'm willing to look at any improvements you might have for that.
if you send a diff. calmly. without insults.

jmc

Re: man softraid improvement

[lagies]

Hello

I guess I kind of triggered this discussion since I asked Sebastian 
yesterday if softraid crypto works only on whole disks or if it is 
applicable on partitions too. I looked into some tutorials, the archive 
and in the softraid manpages, but all examples used whole disks, so I've 
got uncertain how to start.


After Sebastian pointed out that I just need to create a partition of 
type RAID, initialize it using bioctl and go on as in the softraid 
manpage, things became clear to me.


Well, I can only speak for myself. But if in the softraid manpage, where 
the CRYPTO discipline is explained, at least it would have been 
mentioned that it encrypts data on a single disk AND/OR partition, 
things would have been more obvious to me. BTW I wasn't aware that 
bioctl creates a new volume/disk out of my partition.


Anyway, once again, as it worked out for me I was impressed how easy and 
straight forward things actually are on OpenBSD.


Thanks @hackers for this wonderful OS and thanks Sebastian for pointing 
me into the right direction.


Marc

Re: man softraid improvement

[Marco Peereboom]

Bwahahahahaha there really is no end to your stupidity. Thanks for the  
morning laugh.


--- must be this tall to ride
|
|
|
|
|
--- you

You are beyond any help.

On Apr 28, 2009, at 7:37, Sebastian Rother  
sebastian.rot...@jpberlin.de wrote:



On Tue, 28 Apr 2009 07:50:20 +0100
Jason McIntyre j...@kerhand.co.uk wrote:


On Tue, Apr 28, 2009 at 01:34:25AM +0200, Sebastian Rother wrote:


Please add the following to man softraid to enable others to get a  
clue

how to encrypt a partition with sofraid.


ok, first off, please mail diffs in future. it takes 10 times  
longer to

see what people want without a diff.



Yes, sorry Jason.
But I did not wanted to provide a diff because your phrasing is just
superior.




An example to create a encrypted partition from scratch is as  
follows:


  # disklabel -E sd0

Modify or create a partition you like to encrypt.
Set the FS TYPE to RAID instead of 4.2BSD.
Save the partition label and exit the interactive mode.

bioctl -c C -l /dev/sd0k softraid0



this seems to be the bit you are adding.


Yes

softraid(4) already tells people to use RAID for archs which  
support it.


That is not the point. People do not figure out how to use it JUST for
a partition except a whole drive.


it is not a blanket thing - not all archs use it. the disklabel stuff
well, we expect people to know how to use disklabel anyway. if they
don;t, they can read the man page.


The method I descriped is NOT mentioned anywhere.
People have to assume that softraid just works with WHOLE disks.
Specialy for the encryption this is wrong so the manpage is  
missleading.

It is not my point of view but I got already serval mails where people
ask me how to set up such a crypto partition.

And I wanna make it clearly: THEY DO NOT ASK because they simply
somehow fear the bullshit by Marco and other awesome bunnies with
comments like: Do you pay me? Do it yourself? That is not a
supported way of using it or even more rude things.

*rant*
I think if anybody else would for example mention the slow svnd write
speed Marco just would go b00m. But you've luck: Most people stfu and
go away... and Theo wonders about his income? Impressiv. :-)
*/rant*


your example doesn;t add anything that isn;t already there.


I encounter PERMANENT requests HOW to encrypt a SINGLE partition with
softraid. it is NOT mentioned in the manpage nor is it CLEAR for
everybody that changing the FS type to RAID will be the solution.

That's why I asked you briefly to add the example.

Don't be pissed Jasons but I post the solution at misc@ to inform
people who are not that creativ like you, marco and/or me about how to
use things. The average admin and co just would not try what I
suggested because it is not mentioned in the manpage.

So for everybody else and the LIST ARCHIVES and just to make things
clear for everybody not just OpenBSD developers:

--
Either you have already created a partition you like to encrypt or you
create a partition during the following step:

disklabel -E wd0

Now either create (a %LETTER) or modify (m %LETTER) a partition.
Take care that the FS TYPE is NOT 4.2BSD but RAID.

After you did that please save the changes and leave the interactive
mode. You can now use bioctl to attach the partition to softraid:

bioctl -c C -l /dev/wd0%LETTER softraid0

After this step you can create a dislabel at sd0 or proceed how you
like. If you like to encrypt multiple HDDs or partitions you might  
need

to add additional softraid devices by
modifying /usr/src/sys/conf/GENERIC and recompiling the kernel or  
you do nerve Marco who created that piece of code.


Kind regards,
Sebastian

1U server needs home in Paris

[Gilles Chehade]

Hi,

I was kindly offered a v20z 1U server which lacks a home in a bay somewhere 
close to Paris, FR, where it could be used to build and test code, very low
in/out traffic.

If you can help, please contact me off list, there will be beers :-)

Gilles

-- 
Gilles Chehade
http://www.poolp.org/~gilles/

automaticaly mount/umount encrypted $HOME or ...

[Maxim Bourmistrov]

... yet another vnd-hack including modified login_passwd, sudo  
and .bash_logout:


http://en.roolz.org/Blog/Entries/2009/4/27_Auto_mount_umount_of_encrypted_%24HOME_on_OpenBSD.html

Read first-line warning carefully before usage/flame :).

//maxim

Re: man softraid improvement

[Sebastian Rother]

On Tue, 28 Apr 2009 09:19:27 -0500
Marco Peereboom sl...@peereboom.us wrote:

 Bwahahahahaha there really is no end to your stupidity. Thanks for the  
 morning laugh.
 
 --- must be this tall to ride
 |
 |
 |
 |
 |
 --- you
 
 You are beyond any help.

Thos who take my but-reports to fix their own crappy code should be
more quiet. Don't you think so too Marco? Or wait: You found each
bug yourself in softraid. ;)

Go an fix NFS, go an fix the oBSD TCP/IP Stack(s) or go an fix your
code. I think there's more to do then insulting me? Never knew I'm such
a importent part of your life. :-)

Btw: You'll solve everything by insulting me more and harder!
Just don't wonder if people assume your mother would have been ashamed.
But she actualy failed baldy during educating you.

Kind regards,
Sebastian

Re: Internet access over Bluetooth; a summary.

[Thomas Pfaff]

On Mon, 27 Apr 2009 19:51:30 +
rivo nurges r...@estpak.ee wrote:
 Hi!
 
 I have taken a bit different route.
 
 sudo btconfig ubt0 up
 sudo sdpd
 sudo bthcid
...

Thanks for sharing.  This reminds me that I also forgot to mention
sdpd and bthcid *sigh*  I should probably clean up my notes a bit
and put it online.  However, WEiRD mentioned that he might do just
that so I'll wait a bit and see if I can get away with it ;-)

For extra coolness, I'm also running hotplugd(8) to start the
daemons and do the necessary configuration when I enable Bluetooth
(and the other way around when I disable it).

Re: man softraid improvement

[Henning Brauer]

* Sebastian Rother sebastian.rot...@jpberlin.de [2009-04-28 17:02]:
 Thos who take my but-reports

butt-reports, indeed

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: man softraid improvement

[Marco Peereboom]

 Thos who take my but-reports to fix their own crappy code should be
 more quiet. Don't you think so too Marco? Or wait: You found each
 bug yourself in softraid. ;)

I fucking wrote so yeah I am painfully aware of bugs in it.  I haven't
seen any bug reports from you that weren't totally retarded.

 Go an fix NFS, go an fix the oBSD TCP/IP Stack(s) or go an fix your
 code. I think there's more to do then insulting me? Never knew I'm such
 a importent part of your life. :-)

I'll fix whatever I feel like spending my time on learning.  Something
you have no concept of.  You just whine like my daughter when she wants
something she can't have.  The difference being that she is cute.

 Btw: You'll solve everything by insulting me more and harder!
 Just don't wonder if people assume your mother would have been ashamed.
 But she actualy failed baldy during educating you.

I can do that all day long and in fact I'd love to.  You are a fucktard.

My mom has plenty of hair so don't worry about it.

 
 Kind regards,
 Sebastian

Re: man softraid improvement

[Neal Hogan]

On Tue, Apr 28, 2009 at 9:47 AM, Sebastian Rother
sebastian.rot...@jpberlin.de wrote:
 On Tue, 28 Apr 2009 09:19:27 -0500
 Marco Peereboom sl...@peereboom.us wrote:

 Bwahahahahaha there really is no end to your stupidity. Thanks for the
 morning laugh.

 --- must be this tall to ride
 |
 |
 |
 |
 |
 --- you

 You are beyond any help.

 Thos who take my but-reports to fix their own crappy code should be
 more quiet. Don't you think so too Marco? Or wait: You found each
 bug yourself in softraid. ;)

 Go an fix NFS, go an fix the oBSD TCP/IP Stack(s) or go an fix your
 code. I think there's more to do then insulting me? Never knew I'm such
 a importent part of your life. :-)

 Btw: You'll solve everything by insulting me more and harder!


___crossed

 Just don't wonder if people assume your mother would have been ashamed.
 But she actualy failed baldy during educating you.

 Kind regards,

really?

 Sebastian





-- 
www.nealhogan.net  www.lambdaserver.com

Re: man softraid improvement

[Michal]

Seriously, shut up, the pair of you, it's going no where. You're both being
immature twats about raid. Work on what your bitching about, or shut up, or
at least keep the e-mails between your self. I don't fancy reading through a
bitch fest for 6 more hours. This isn't a celebrity paparazzi magazine last
time I checked!!


-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Marco Peereboom
Sent: 28 April 2009 16:34
To: Sebastian Rother
Cc: misc@openbsd.org
Subject: Re: man softraid improvement

 Thos who take my but-reports to fix their own crappy code should be
 more quiet. Don't you think so too Marco? Or wait: You found each
 bug yourself in softraid. ;)

I fucking wrote so yeah I am painfully aware of bugs in it.  I haven't
seen any bug reports from you that weren't totally retarded.

 Go an fix NFS, go an fix the oBSD TCP/IP Stack(s) or go an fix your
 code. I think there's more to do then insulting me? Never knew I'm such
 a importent part of your life. :-)

I'll fix whatever I feel like spending my time on learning.  Something
you have no concept of.  You just whine like my daughter when she wants
something she can't have.  The difference being that she is cute.

 Btw: You'll solve everything by insulting me more and harder!
 Just don't wonder if people assume your mother would have been ashamed.
 But she actualy failed baldy during educating you.

I can do that all day long and in fact I'd love to.  You are a fucktard.

My mom has plenty of hair so don't worry about it.

 
 Kind regards,
 Sebastian

Re: Internet access over Bluetooth; a summary.

[Vadim Zhukov]

On 28 April 2009 c. 19:21:15 Thomas Pfaff wrote:
 On Mon, 27 Apr 2009 19:51:30 +

 rivo nurges r...@estpak.ee wrote:
  Hi!
 
  I have taken a bit different route.
 
  sudo btconfig ubt0 up
  sudo sdpd
  sudo bthcid

 ...

 Thanks for sharing.  This reminds me that I also forgot to mention
 sdpd and bthcid *sigh*  I should probably clean up my notes a bit
 and put it online.  However, WEiRD mentioned that he might do just
 that so I'll wait a bit and see if I can get away with it ;-)

 For extra coolness, I'm also running hotplugd(8) to start the
 daemons and do the necessary configuration when I enable Bluetooth
 (and the other way around when I disable it).

Oops, I forgot to mention that too. :(

BTW, is there anyone working on bluetooth support (especially, OBEX over
Bluetooth), and, if yes, what do those people need (except diffs :) )?

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the way people read text.
Q: Why is a top-posting such a bad thing?

Re: Hardware recommendations for gigabit throughput ipsec

[John Arnold]

 They all did 60+ MB/s, meaning I got at least 60% out of the gig links, 
 without resorting to jumbo frames, creative recv/sendspace sysctls or 
 anything, and also I did generate and sink the traffic on the end nodes, 
 so that also adds to the load for them.
 
 Given that they costed something like $1000-1500 or so when we bought 
 them, I'd say chances are high you can make more vpns than most of your 
 clients will be able to generate traffic for, if you just buy 
 whatever-doesnt-suck today and have decent gig cards.


OK I have now done some testing myself between two Core2Quad 2.8Ghz machines
with Intel em cards.  I can't get above ~210Mbps with them - would using Xeon
processors likely make much difference?

Anybody had any success in using any hardware acceleration cards eg Broadcom
based ones?

Re: man softraid improvement

[Sebastian Rother]

On Tue, 28 Apr 2009 10:33:34 -0500
Marco Peereboom sl...@peereboom.us wrote:

  Thos who take my but-reports to fix their own crappy code should be
  more quiet. Don't you think so too Marco? Or wait: You found each
  bug yourself in softraid. ;)
 
 I fucking wrote so yeah I am painfully aware of bugs in it.  I haven't
 seen any bug reports from you that weren't totally retarded.

And that's why I blame you.
You introduce code, you have NO serious testing routine and you put
user data at risk and you always hide behind that WELL IT IS FREE AND
I DO WHAT I WANT slogan.

 I'll fix whatever I feel like spending my time on learning.  Something
 you have no concept of.  You just whine like my daughter when she wants
 something she can't have.  The difference being that she is cute.

Just I doubt your dougther ever forces you to admit a misstake you did.
But she'll maybe has plenty of time int he future.
 
  Btw: You'll solve everything by insulting me more and harder!
  Just don't wonder if people assume your mother would have been ashamed.
  But she actualy failed baldy during educating you.
 
 I can do that all day long and in fact I'd love to.  You are a fucktard.
 My mom has plenty of hair so don't worry about it.

Who cares...
Go on Marco...

The more you flame me is the less you fix your bug(s++) is the more
others encounter these bugs is the less users openbsd has is the less
money theo earns is the more you lose reputation.. and so on. :-)


Kind regards,
Sebastian

Re: man softraid improvement

[Jordi Espasa Clofent]

Sebastian,

You're really annoying for this planet.
Please, get a gun and shoot on your fucking head.

--
Thanks,
Jordi Espasa Clofent

Re: man softraid improvement

[Abel Camarillo]

On Tue, Apr 28, 2009 at 04:43:54PM +0100, Michal wrote:
 Seriously, shut up, the pair of you, it's going no where. You're both being
 immature twats about raid. Work on what your bitching about, or shut up, or
 at least keep the e-mails between your self. I don't fancy reading through a
 bitch fest for 6 more hours. This isn't a celebrity paparazzi magazine last
 time I checked!!
 
 
 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Marco Peereboom
 Sent: 28 April 2009 16:34
 To: Sebastian Rother
 Cc: misc@openbsd.org
 Subject: Re: man softraid improvement
 
  Thos who take my but-reports to fix their own crappy code should be
  more quiet. Don't you think so too Marco? Or wait: You found each
  bug yourself in softraid. ;)
 
 I fucking wrote so yeah I am painfully aware of bugs in it.  I haven't
 seen any bug reports from you that weren't totally retarded.
 
  Go an fix NFS, go an fix the oBSD TCP/IP Stack(s) or go an fix your
  code. I think there's more to do then insulting me? Never knew I'm such
  a importent part of your life. :-)
 
 I'll fix whatever I feel like spending my time on learning.  Something
 you have no concept of.  You just whine like my daughter when she wants
 something she can't have.  The difference being that she is cute.
 
  Btw: You'll solve everything by insulting me more and harder!
  Just don't wonder if people assume your mother would have been ashamed.
  But she actualy failed baldy during educating you.
 
 I can do that all day long and in fact I'd love to.  You are a fucktard.
 
 My mom has plenty of hair so don't worry about it.
 
  
  Kind regards,
  Sebastian
 

... but it's funny...

-- 
DISCLAIMER: http://goldmark.org/jeff/stupid-disclaimers/ 
This message will self-destruct in 3 seconds.

Re: man softraid improvement

[Neal Hogan]

On Tue, Apr 28, 2009 at 10:52 AM, Sebastian Rother
sebastian.rot...@jpberlin.de wrote:
 On Tue, 28 Apr 2009 10:33:34 -0500
 Marco Peereboom sl...@peereboom.us wrote:

  Thos who take my but-reports to fix their own crappy code should be
  more quiet. Don't you think so too Marco? Or wait: You found each
  bug yourself in softraid. ;)

 I fucking wrote so yeah I am painfully aware of bugs in it.  I haven't
 seen any bug reports from you that weren't totally retarded.

 And that's why I blame you.
 You introduce code, you have NO serious testing routine and you put
 user data at risk and you always hide behind that WELL IT IS FREE AND
 I DO WHAT I WANT slogan.

 I'll fix whatever I feel like spending my time on learning.  Something
 you have no concept of.  You just whine like my daughter when she wants
 something she can't have.  The difference being that she is cute.

AGAIN ___ crossed! Wow!


 Just I doubt your dougther ever forces you to admit a misstake you did.
 But she'll maybe has plenty of time int he future.

  Btw: You'll solve everything by insulting me more and harder!
  Just don't wonder if people assume your mother would have been ashamed.
  But she actualy failed baldy during educating you.

 I can do that all day long and in fact I'd love to.  You are a fucktard.
 My mom has plenty of hair so don't worry about it.

 Who cares...
 Go on Marco...

 The more you flame me is the less you fix your bug(s++) is the more
 others encounter these bugs is the less users openbsd has is the less
 money theo earns is the more you lose reputation.. and so on. :-)


 Kind regards,
 Sebastian





--
www.nealhogan.net  www.lambdaserver.com

Re: Hardware recommendations for gigabit throughput ipsec

[tico]

John Arnold wrote:
They all did 60+ MB/s, meaning I got at least 60% out of the gig links, 
without resorting to jumbo frames, creative recv/sendspace sysctls or 
anything, and also I did generate and sink the traffic on the end nodes, 
so that also adds to the load for them.


Given that they costed something like $1000-1500 or so when we bought 
them, I'd say chances are high you can make more vpns than most of your 
clients will be able to generate traffic for, if you just buy 
whatever-doesnt-suck today and have decent gig cards.




OK I have now done some testing myself between two Core2Quad 2.8Ghz machines
with Intel em cards.  I can't get above ~210Mbps with them - would using Xeon
processors likely make much difference?

Anybody had any success in using any hardware acceleration cards eg Broadcom
based ones?

  


Details please!

What crypto did you choose for your test?
Was the traffic sourced from and destined to those machines, or simply 
routed through them?
How many traffic streams, and of what protocol? (And what were your 
numbers performing those same tests without IPSec?)

What did systat -w1 vmstat tell you?

Re: man softraid improvement

[Robert]

On Tue, 28 Apr 2009 17:52:05 +0200
Sebastian Rother sebastian.rot...@jpberlin.de wrote:

 On Tue, 28 Apr 2009 10:33:34 -0500
 Marco Peereboom sl...@peereboom.us wrote:
 
   Thos who take my but-reports to fix their own crappy code should
   be more quiet. Don't you think so too Marco? Or wait: You found
   each bug yourself in softraid. ;)
  
  I fucking wrote so yeah I am painfully aware of bugs in it.  I
  haven't seen any bug reports from you that weren't totally retarded.
 
 And that's why I blame you.
 You introduce code, you have NO serious testing routine and you put
 user data at risk and you always hide behind that WELL IT IS FREE AND
 I DO WHAT I WANT slogan.
 
  I'll fix whatever I feel like spending my time on learning.
  Something you have no concept of.  You just whine like my daughter
  when she wants something she can't have.  The difference being that
  she is cute.
 
 Just I doubt your dougther ever forces you to admit a misstake you
 did. But she'll maybe has plenty of time int he future.
  
   Btw: You'll solve everything by insulting me more and harder!
   Just don't wonder if people assume your mother would have been
   ashamed. But she actualy failed baldy during educating you.
  
  I can do that all day long and in fact I'd love to.  You are a
  fucktard. My mom has plenty of hair so don't worry about it.
 
 Who cares...
 Go on Marco...
 
 The more you flame me is the less you fix your bug(s++) is the more
 others encounter these bugs is the less users openbsd has is the less
 money theo earns is the more you lose reputation.. and so on. :-)
 
 
 Kind regards,
 Sebastian

Please stop for a moment and take a step back.
My suggestion for you would be to switch to another operating system or
fork your own version.
You don't seem to like how things are handled here, so you have to look
elsehwere.
Your attitude doesn't benefit anyone, not even yourself.

- Robert

OpenBSD install question

[Chuck Robey]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

During install, I got an error, saying (this is hand-copying, here):

softraid0 at root
root on cd0a swap on cd0b dump on cd0b
stopped at debugger+0x4,leave
Panic: cannot read disklabel, 0x600/0xf00, error 5

So, I thought I would give a short summary of what my system looks like, and see
if I need to give more info, or if maybe this might be enough:

SYSTEM: Intel quad processor, 4G of DRAM.  1 3Ware (AMCC) Raid-1, has 2 each
600G SATA disks on the 3Ware controller.  500G already given to FreeBSD, 100
empty.  I have 1 dvd writer (SATA) and 1 cdrom writer (EIDE), they both show
fine, are useable on FreeBSD.  I have 1 each 80G EIDE disk, empty, I intend to
put OpenBSD on this, and the disk was initially used to test the initial FreeBSD
install (because FreeBSD doesn't have the TWA driver for the 3Ware Raid
controller in their generic install image, so I stuck FreeBSD on that 80G EIDE,
used it to build me a kernel WITH the TWA driver for the 3Ware controller, then
moved everything to the 3Ware Raid1 image.  The 80EIDE is now not used, has the
old FreeBSD image on it, but I don't need it, I only want to put OpenBSD their.

I looked, OpenBSD doesn't seem to have the driver for the (slightly old) 9650
3Ware (AMCC) Raid controller, so I might be forced to keep the install on this
80G EIDE disk.  Not what I want, but I'll live with it.  The problem is, when I
put the OpenBSD image (the one with the Firefox executeable in it, no GUI) in
the SATA DVD drive, it Panics on me while booting.

Any idea how I could get any further with this install?  If you need any more
info, just ask, thanks.  (I sure hope I was clear in my description, go ahead
and complain if I wasn't, I'll try again).  Thanks
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn3P4EACgkQz62J6PPcoOkCkgCgiQeWLs/SoXBriOGNk8277RNQ
3zQAnRqZgAzl/5foE7UYjcNU1hMoTQ8e
=iQcp
-END PGP SIGNATURE-

Re: OpenBSD on Sun Netra X1

[Christopher Intemann]

Hi,
thanks for the hint, however, I'm in fact a bit more confused now:-)
Couldn't I use such a thing:
http://cgi.ebay.de/SERIAL-RS232-DB9-9-PIN-FEMALE-TO-RJ45-FEMALE-ADAPTOR_W0QQitemZ390041017767QQcmdZViewItemQQptZUK_Computing_Networking_SM?hash=item390041017767_trksid=p3286.m63.l1177

In addition, I would then only need a RJ45 serial cable. Or an ordinary
telephone cable with 4 wires, right?
Thanks,
 Chris


On Tue, Apr 28, 2009 at 3:42 AM, Jussi Peltola pe...@pelzi.net wrote:

 Many (probably 50%) of RJ11 4-wire telephone cables were crimped wrong
 by the factory and are in fact  roll over cables (RJ11 fits in RJ45,
 but you need 4 wires, 2 won't work).

 Saved me some from hair loss one sunday far away from everything.

 --
 Jussi Peltola

Re: soekris 5501, ral(4) and 4.5-current

[Stuart Henderson]

On 2009-04-28, Tom tdmurp...@gmail.com wrote:

   Stuart: any luck with your ral* card in your Alix?

it still works fine with the up-to-date snap it's now running (before
it was running code from a month or two ago, also pretty much stable).

Re: Someone has running Ekiga?

[Nick Guenther]

The apps dir there is virtual. Gconf makes a virtual filesystem
where preference data is stored. Install gconf-editor to understand
really quickly. I found it confusing too.

So did you run that command?

On 27/04/2009, Toma Bodar tomas.bod...@gmail.com wrote:
 Hi all,

 I installed ekiga trough ports (pkg_add wasn't succesfull) and I'm
 maybe missing some info.

 $ pkg_info -M gnome-keyring
 Information for inst:gnome-keyring-2.24.1p3

 Install notice:
 The gnome-keyring SSH agent is disabled by default. If needed, there are
 two ways to enable it.

 System-wide:
   sudo gconftool-2 --direct --config-source=`gconftool-2
 --get-default-source` \
 --type bool --set /apps/gnome-keyring/daemon-components/ssh true

 Per user:
   gconftool-2 --set --type bool /apps/gnome-keyring/daemon-components/ssh
 true


 $

 I haven't /apps directory on the system.This directory is only in my
 home folder under ~/.gconf and
 I can't set path with '.' after '/'.

 Ekiga is not able to start then.

 Gconf key error

 Ekiga got an invalid value for the GConf key
 /apps/ekiga/general/gconf_test_age.

 It probably means that your GConf schemas have not been correctly
 installed or the that permissions are not correct.

 Please check the FAQ (http://www.ekiga.org/), the troubleshooting
 section of the GConf site (http://www.gnome.org/projects/gconf/) or
 the mailing list archives for more information (http://mail.gnome.org)
 about this problem.

 I'm googling but still no point :-(

 --
 http://www.openbsd.org/lyrics.html

Re: automaticaly mount/umount encrypted $HOME or ...

[Nick Guenther]

Interesting. But if I steal your laptop and run jack the ripper on it
then I get your svnd password, don't I?

Using bash seems awkward. Does this work if you're using xdm?

Otherwise, this is very slick. The reason I haven't gotten around to
using encrypted homes is just that it's awkward to do it in .profile
because you'd have to remount your /home/$USER over top, but moving
the mounting code into login(1) avoids that

-Nick

On 28/04/2009, Maxim Bourmistrov maxim.bourmist...@unixconn.com wrote:
 ... yet another vnd-hack including modified login_passwd, sudo
 and .bash_logout:

 http://en.roolz.org/Blog/Entries/2009/4/27_Auto_mount_umount_of_encrypted_%24HOME_on_OpenBSD.html

 Read first-line warning carefully before usage/flame :).

 //maxim

Re: OpenBSD on Sun Netra X1

[Jussi Peltola]

Depends on the db9-rj45 adaptor, some need a rollover cable, some a
straight one. Try it.

Re: OpenBSD on Sun Netra X1

[Daniel Ouellet]

Christopher Intemann wrote:

Hi,
thanks for the hint, however, I'm in fact a bit more confused now:-)
Couldn't I use such a thing:
http://cgi.ebay.de/SERIAL-RS232-DB9-9-PIN-FEMALE-TO-RJ45-FEMALE-ADAPTOR_W0QQitemZ390041017767QQcmdZViewItemQQptZUK_Computing_Networking_SM?hash=item390041017767_trksid=p3286.m63.l1177


Yes


In addition, I would then only need a RJ45 serial cable. Or an ordinary
telephone cable with 4 wires, right?


Yes

Let me put it this way.

din 9 pin to your laptop, or what ever.

RJ45 plug at the other end.

Plus what ever you want in between to plug the two together. (;

Re: automaticaly mount/umount encrypted $HOME or ...

[Timo Myyrä]

I encrypted my $HOME with bioctl and just put the 'bioctl -c C -l 
/dev/sd0g softraid0' line to my /etc/rc. 
Simple and working solution although it needs a little bit 
tweaking as currently I get dropped to single user mode if I 
misstype my passphrase.  This happens quite easily as I use dvorak 
layout that isn't loaded once the passphrase is prompted.  


Timo

Dell D531 : Mem conflict + pcmcia not responding

[Mark Kettenis]

I just committed a diff that may help your machine (although perhaps
not with the wi(4)).  Should be on your favourite anoncvs mirror in a
couple of hours, or in the snapshots in a couple of days.

Re: OpenBSD on Sun Netra X1

[Frank Bax]

Jussi Peltola wrote:

Depends on the db9-rj45 adaptor, some need a rollover cable, some a
straight one. Try it.



http://www.ossmann.com/5-in-1.html

Re: OpenBSD on Sun Netra X1

[Chuck Robey]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Christopher Intemann wrote:
 Hi,
 thanks for the hint, however, I'm in fact a bit more confused now:-)
 Couldn't I use such a thing:
 http://cgi.ebay.de/SERIAL-RS232-DB9-9-PIN-FEMALE-TO-RJ45-FEMALE-ADAPTOR_W0QQitemZ390041017767QQcmdZViewItemQQptZUK_Computing_Networking_SM?hash=item390041017767_trksid=p3286.m63.l1177
 
 In addition, I would then only need a RJ45 serial cable. Or an ordinary
 telephone cable with 4 wires, right?

In case you're curious, a telco guy would often call such a cable quad, it
usually had pair colors red/green and yellow/black, with yellow/black being used
for receive, versus red/green for send, black and green were the tip conductors,
 red/yellow were the ring conductors.  This wasn't really specified as far as I
know, it was just common convention.

RJ45 is far from being the only Registered Jack that could terminate a quad
circuit (using 4 out or 8 total conductors.  There was even a way to wire the
ordinarily 2 wire RJ11, called RJ14, so that 4 out of the 6 conductors were used
(center 2 for circuit 1, outer 2 for circuit 2).  RJ45 is a pretty popular way
to refer to that 8 place connector, though.

All of these things are regularly violated, so you just have to take your 
chances.

 Thanks,
  Chris
 
 
 On Tue, Apr 28, 2009 at 3:42 AM, Jussi Peltola pe...@pelzi.net wrote:
 
 Many (probably 50%) of RJ11 4-wire telephone cables were crimped wrong
 by the factory and are in fact  roll over cables (RJ11 fits in RJ45,
 but you need 4 wires, 2 won't work).

 Saved me some from hair loss one sunday far away from everything.

 --
 Jussi Peltola
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn3WnoACgkQz62J6PPcoOlNawCgi4y+IdnJe45RJFfvDSOnvEtr
XgUAn2QjgQbVtS/MyrLXy0MgY1mSGuvH
=ugmu
-END PGP SIGNATURE-

Spanish BSD Group

[Daniel Andersen]

Well, I would like to announce that the Spanish BSD User Group (its
Spanish acronym being GUBE) is now official. Its mailing list is
kindly hosted on MetaBUG (http://www.metabug.org/).

--

Key ID:   493FB6AE
Key fingerprint:  3E96 7892 B56D AE27 02EF  BBAA BAA6 6C78 493F B6AE
Keyserver:pgp.mit.edu

Re: Internet access over Bluetooth; a summary.

[Stuart Henderson]

On 2009-04-27, Thomas Pfaff tpf...@tp76.info wrote:

  I've no idea what the name servers are supposed to be, so I
  just started a local one and pointed /etc/resolv.conf at it;
 
 not very nice, better find out what the actual nameservers are. I
 believe ppp has some way to tell the client, see the ppp man page.

 I'm probably missing something obvious here, but can someone
 enlighten me as to why running a local (recursive) name server
 is not very nice?

radio-based connections can often be lossy and higher latency than
landline comms; it will usually work much better if you offload the
main chain of DNS lookups to a resolver on a lower latency, less
lossy connection, and just send 1 query and get 1 response over
the radio conn..

Re: OpenBSD on Sun Netra X1

[Stuart Henderson]

On 2009-04-28, Christopher Intemann intem...@gmail.com wrote:
 Hi,
 thanks for the hint, however, I'm in fact a bit more confused now:-)
 Couldn't I use such a thing:
 http://cgi.ebay.de/SERIAL-RS232-DB9-9-PIN-FEMALE-TO-RJ45-FEMALE-ADAPTOR_W0QQitemZ390041017767QQcmdZViewItemQQptZUK_Computing_Networking_SM?hash=item390041017767_trksid=p3286.m63.l1177

 In addition, I would then only need a RJ45 serial cable. Or an ordinary
 telephone cable with 4 wires, right?

depends how you plug the pins in when you get the adapter. if you do
it this way, assuming the usual colour code for these, you can just
use a normal ethernet cable.

2 black
3 yellow
4 brown
5 red+grn (ground; you /should/ join these together)
6 orange
7 white
8 blue

Re: automaticaly mount/umount encrypted $HOME or ...

[Maxim Bourmistrov]

Well, it is up to you to chose complexity of the password and let the  
john to work harder. :)


Choosing bash was a quick solution for executing the job after I'v  
logged out, e.g. how else do you umount and vnconfig -u?
I'd like to use default ksh, but quick google-search gave me an answer  
- ksh can not exec after logout.
Here I hope someone can point me to the right direction. Using bash  
and shells at all isn't a clean solution, but the only I have found at  
the time.


Not tested with xdm. Really, non tests at all, only the setup described.

As stated, this is just a concept. Improvements always accepted :)

//maxim

On 28 apr 2009, at 20.25, Nick Guenther wrote:


Interesting. But if I steal your laptop and run jack the ripper on it
then I get your svnd password, don't I?

Using bash seems awkward. Does this work if you're using xdm?

Otherwise, this is very slick. The reason I haven't gotten around to
using encrypted homes is just that it's awkward to do it in .profile
because you'd have to remount your /home/$USER over top, but moving
the mounting code into login(1) avoids that

-Nick

On 28/04/2009, Maxim Bourmistrov maxim.bourmist...@unixconn.com  
wrote:

... yet another vnd-hack including modified login_passwd, sudo
and .bash_logout:

http://en.roolz.org/Blog/Entries/2009/4/27_Auto_mount_umount_of_encrypted_%24HOME_on_OpenBSD.html

Read first-line warning carefully before usage/flame :).

//maxim

dualhead Nvidia FX5200 or MX4000?

[Chris Bennett]

I can pick up these two cards very cheap. Nvidia FX5200 or MX4000.
Will either work as dualhead?

Chris Bennett

--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders,
give orders, cooperate, act alone, solve equations, analyze a new
problem, pitch manure, program a computer, cook a tasty meal, fight
efficiently, die gallantly. Specialization is for insects.
  -- Robert Heinlein

Ibiza

[IbizaFlock]

IBIZAFLOCK IS ONLINE NOW!

We want to invite you to take part in a brand new and free community:
IbizaFlock

Meet your Ibiza friends online, chat, post classifieds, share videos
and pictures and get informed about the latest events on world's
leading party island: IBIZA!

http://www.ibizaflock.com

 http://www.ibizaflock.com

HOLIDAY HOUSE RATINGS AND REVIEWS

Looking for a house to rent? First look what others think of that
house:

http://www.holidayhouserating.com

Ratings and reviews of apartments and holiday houses world wide.

 http://www.holidayhouserating.com

This mailing has been sent once, your email address is automaticly
deleted while you read this email.



--
Afmelden? Klik
http://www.earthquake.nl/nieuwsbrief/?p=unsubscribeuid=0bb38aefb99af96d8c142c6d61fd60b3
Wijzigen? Klik
http://www.earthquake.nl/nieuwsbrief/?p=preferencesuid=0bb38aefb99af96d8c142c6d61fd60b3
Doorsturen? Klik
http://www.earthquake.nl/nieuwsbrief/?p=forwarduid=0bb38aefb99af96d8c142c6d61fd60b3mid=122


--
Powered by PHPlist, www.phplist.com --

Re: dualhead Nvidia FX5200 or MX4000?

[Tobias Ulmer]

On Tue, Apr 28, 2009 at 04:15:02PM -0500, Chris Bennett wrote:
 I can pick up these two cards very cheap. Nvidia FX5200 or MX4000.
 Will either work as dualhead?

Nobody sane picks up a nvidia card, not even for very cheap. Get a
older radeon (eg. 9600). These work and you get decent 3D acceleration.


 Chris Bennett

 -- 
 A human being should be able to change a diaper, plan an invasion,
 butcher a hog, conn a ship, design a building, write a sonnet, balance
 accounts, build a wall, set a bone, comfort the dying, take orders,
 give orders, cooperate, act alone, solve equations, analyze a new
 problem, pitch manure, program a computer, cook a tasty meal, fight
 efficiently, die gallantly. Specialization is for insects.
   -- Robert Heinlein

Re: OpenBSD on Sun Netra X1

[Christopher Intemann]

Hi,

On Tue, Apr 28, 2009 at 10:21 PM, Stuart Henderson s...@spacehopper.orgwrote:

 depends how you plug the pins in when you get the adapter. if you do
 it this way, assuming the usual colour code for these, you can just
 use a normal ethernet cable.

 2 black
 3 yellow
 4 brown
 5 red+grn (ground; you /should/ join these together)
 6 orange
 7 white
 8 blue


Great, thanks for this hint!
This will help me a lot. I've just learned that there obviously is no single
standard for rs232-to-rj45 adapters, and I was wondering how to figure out
which would fit for this box.
Thanks a lot!
Chris

wifi modes

[Nick Guenther]

Why do only certain wireless cards support host AP mode or IBSS mode?
Is the 'modality' hardwired into the wifi hardware?

For the archives (since I couldn't find anything on this), the drivers
that support being wireless routers (Host AP mode) are:
acs(4), ath(4), pgt(4), ral(4), rtw(4), rum(4), ural(4) and wi(4)

Drivers that support joining ad-hoc networks:
acx(4), an(4), ath(4), atu(4), atw(4), ipw(4), iwi(4), pgt(4), ral(4),
ray(4), rtw(4), rum(4), ural(4), urtw(4), wi(4)

Drivers that can be ad-hoc masters (is this still correct or are
ad-hoc masters outdated?):
wi(4)

(zyd(4) says the chip has the ability to do ad-hoc but more work is
required, and googling
(http://mirror.hamakor.org.il/archives/linux-il/11-2005/18095.html)
suggests it can be an access point too)

Thank you in advance
-Nick

Re: man softraid improvement

[Justin Fletcher]

On Tue, Apr 28, 2009 at 5:52 PM, Sebastian Rother 
sebastian.rot...@jpberlin.de wrote:

 On Tue, 28 Apr 2009 10:33:34 -0500
 Marco Peereboom sl...@peereboom.us wrote:

   Thos who take my but-reports to fix their own crappy code should be
   more quiet. Don't you think so too Marco? Or wait: You found each
   bug yourself in softraid. ;)
 
  I fucking wrote so yeah I am painfully aware of bugs in it.  I haven't
  seen any bug reports from you that weren't totally retarded.

 And that's why I blame you.
 You introduce code, you have NO serious testing routine and you put
 user data at risk and you always hide behind that WELL IT IS FREE AND
 I DO WHAT I WANT slogan.


I normally just lurk and learn, but this last sentence is just dumb all
over.

It is not a slogan and there is no hiding.  Read that sentence again.  And
since you have been so unwilling to understand it:  read it again.  Done it
yet?  Three times at least so far?  Good.

Again, it is not a slogan, it is a statement you accept when using the
software.  You seem a little slow, so I'll paste the important parts taken
from a random file in the source tree.  I don't think I took this from any
of the parts you are specifically complaining about, but I don't really care
enough to do so.  The basic premise is the same for all of them.  Here it
is:

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.


Read that a few times.  Maybe it will sink in.

The developers work on this stuff because they want to.  We are free to use
and enjoy it for whatever we wish but we cannot blame them for anything.
The developers, being that they enjoy what they do, are willing to help fix
problems but are under no obligation to do so.  If this agreement does not
work for you then please move on.

(apologies to the devs if I have misspoken or misunderstood the terms under
which you allow us to use your works)

Re: wifi modes

[Theo de Raadt]

 Why do only certain wireless cards support host AP mode or IBSS mode?

Because someone has to _want_ to do the work.

I understand not everyone can do the work, but why bother making lists.

It isn't going to encourage anyone to want to.

Why don't you all see that?

We are not your slaves.

Re: wifi modes

[Nick Guenther]

Apologies. By now of course I see *that*. But so it's just a software
issue then: that's the answer I was hoping for! It means there's
nothing inherently wrong with my hardware, I can make it work if I
just put the effort in (and find the time to learn).

Thanks
-Nick

On 28/04/2009, Theo de Raadt dera...@cvs.openbsd.org wrote:
 Why do only certain wireless cards support host AP mode or IBSS mode?

 Because someone has to _want_ to do the work.

 I understand not everyone can do the work, but why bother making lists.

 It isn't going to encourage anyone to want to.

 Why don't you all see that?

 We are not your slaves.

Re: OpenBSD install question

[Nick Holland]

Chuck Robey wrote:

 (I sure hope I was clear in my description, go ahead
 and complain if I wasn't, I'll try again)

complain! :)
I'm going to end up nit-picking your language, but mostly because,
well, I'm confused.  And no one else is responding, so I am going
to take a wild guess that I might not be the only one...

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 During install, I got an error, saying (this is hand-copying, here):
 
 softraid0 at root
 root on cd0a swap on cd0b dump on cd0b
 stopped at debugger+0x4,leave
 Panic: cannot read disklabel, 0x600/0xf00, error 5

whoa.  during install, yet you are showing the tail end of the
dmesg, so that sounds like BEFORE install.

And then there is that root on cd0a line.  WTF? I don't think
I've ever noticed an OpenBSD install or boot disk talk about root
on a CDROM.

 So, I thought I would give a short summary of what my system looks like, and 
 see
 if I need to give more info, or if maybe this might be enough:

[snip a whole bunch of generalities and a few specifics that would
have been much better provided by a serial captured dmesg]

 I looked, OpenBSD doesn't seem to have the driver for the (slightly old) 9650
 3Ware (AMCC) Raid controller, so I might be forced to keep the install on this
 80G EIDE disk.  Not what I want, but I'll live with it.  The problem is, when 
 I
 put the OpenBSD image (the one with the Firefox executeable in it, no GUI) in
 the SATA DVD drive, it Panics on me while booting.

again...what the heck are you talking about? It isn't OpenBSD!
There is no OpenBSD image with a firefox executable and no GUI.

 Any idea how I could get any further with this install?  If you need any more
 info, just ask, thanks.  (I sure hope I was clear in my description, go ahead
 and complain if I wasn't, I'll try again).  Thanks

1) Use an OpenBSD boot CD, and install OpenBSD, not some Frankenstein
monster.
2) IF things don't behave as you expect, get a serial console
attached to the system.

It looks like you are doing some kind of wacko live CD, which
might be all fun and wonderful, but it isn't OpenBSD and to ask
for help on it on an OpenBSD mail list is a tad on the tacky side,
to ask for help on it AND pretend everything is perfectly normal
is completely tacky. :)

Wild guess, though: you have two CD-like devices, you booted off
one, your FrankenBSD boot disk assumed the other was cd0,
and ta-da, no disklabel, which is EXACTLY what the error message
said.  But still...just do a normal OpenBSD install.  It's easy,
it works.

Nick.

Re: OpenBSD install question

[Theo de Raadt]

  root on cd0a swap on cd0b dump on cd0b
  stopped at debugger+0x4,leave
  Panic: cannot read disklabel, 0x600/0xf00, error 5

What official release CD did you generate this error on?

MPLS status questions.

[Daniel Ouellet]

Hi,

I saw many changes in CVS for that and even on the wanted list for 
equipment compatibility testing as well.


So, I am not sure where this is and I am curious as to what stage it 
might be?


No complaint here, just curious what might be the current stage of it.

Is it somewhat usable with acceptable risk, or not yet?

The ATT and Level(3) of the world wants to change a few things and put 
MPLS, witch I might be OK with as I could drop DS3 and use FastE, or GE 
connections instead, so kill more Cisco gear! (;


But at the same time I don't want to go by more Cisco gear either to 
actually install MPLS. I will also have somewhat of a learning to do on 
it too, witch is fine.


I am sure you most likely wouldn't consider it production ready, but I 
am curious as to what level it might be?


Again, just an inquiry as to what's possible and what's not to do with 
what's there in current now.


Should definitely be plenty good for testing and learning for sure 
right, but can it be push more?


Best,

Daniel

Re: Someone has running Ekiga?

[Tomáš Bodžár]

After installation of gconf-editor ekiga runs fine.So why isn't
gconf-editor as dependency for ekiga?

Dne 29. duben 2009 7:03 TomC!E! BodEC!r tomas.bod...@gmail.com napsal(a):
 I haven't gconf-editor installed so I tried it :

 Can't install gconf-editor-2.24.1p3: lib not found iconv.6.0

 I have snapshot from 23.4.I will try ports for it.And I started
 command from ekiga package install message.

 2009/4/28 Nick Guenther kou...@gmail.com:
 The apps dir there is virtual. Gconf makes a virtual filesystem
 where preference data is stored. Install gconf-editor to understand
 really quickly. I found it confusing too.

 So did you run that command?

 On 27/04/2009, TomC!E! BodEC!r tomas.bod...@gmail.com wrote:
 Hi all,

 I installed ekiga trough ports (pkg_add wasn't succesfull) and I'm
 maybe missing some info.

 $ pkg_info -M gnome-keyring
 Information for inst:gnome-keyring-2.24.1p3

 Install notice:
 The gnome-keyring SSH agent is disabled by default. If needed, there are
 two ways to enable it.

 System-wide:
 B  sudo gconftool-2 --direct --config-source=`gconftool-2
 --get-default-source` \
 B  B  B  B  --type bool --set /apps/gnome-keyring/daemon-components/ssh
true

 Per user:
 B  gconftool-2 --set --type bool
/apps/gnome-keyring/daemon-components/ssh
 true


 $

 I haven't /apps directory on the system.This directory is only in my
 home folder under ~/.gconf and
 I can't set path with '.' after '/'.

 Ekiga is not able to start then.

 Gconf key error

 Ekiga got an invalid value for the GConf key
 /apps/ekiga/general/gconf_test_age.

 It probably means that your GConf schemas have not been correctly
 installed or the that permissions are not correct.

 Please check the FAQ (http://www.ekiga.org/), the troubleshooting
 section of the GConf site (http://www.gnome.org/projects/gconf/) or
 the mailing list archives for more information (http://mail.gnome.org)
 about this problem.

 I'm googling but still no point :-(

 --
 http://www.openbsd.org/lyrics.html






 --
 http://www.openbsd.org/lyrics.html




--
http://www.openbsd.org/lyrics.html

Re: wifi modes

[Claudio Jeker]

On Tue, Apr 28, 2009 at 05:47:20PM -0400, Nick Guenther wrote:
 Why do only certain wireless cards support host AP mode or IBSS mode?
 Is the 'modality' hardwired into the wifi hardware?
 
 For the archives (since I couldn't find anything on this), the drivers
 that support being wireless routers (Host AP mode) are:
 acs(4), ath(4), pgt(4), ral(4), rtw(4), rum(4), ural(4) and wi(4)
 
 Drivers that support joining ad-hoc networks:
 acx(4), an(4), ath(4), atu(4), atw(4), ipw(4), iwi(4), pgt(4), ral(4),
 ray(4), rtw(4), rum(4), ural(4), urtw(4), wi(4)
 
 Drivers that can be ad-hoc masters (is this still correct or are
 ad-hoc masters outdated?):
 wi(4)
 
 (zyd(4) says the chip has the ability to do ad-hoc but more work is
 required, and googling
 (http://mirror.hamakor.org.il/archives/linux-il/11-2005/18095.html)
 suggests it can be an access point too)
 

The list is not correct. acx(4) is quite fine in host-ap mode (I guess 
acs(4) is a typo in the first list).
Being not able to do host-ap mode on wifi cards are either HW limitations
or documentation limitation. So not much we can do about it.

-- 
:wq Claudio