Re: :Microsoft" VPN (OT)

[William Graeber]

On Tue, Sep 15, 2009 at 04:41, Reyk Floeter  wrote:
> I recently implemented support for DHCP-over-IPsec (RFC 3456) in
> dhclient(8) and dhcpd(8). B This makes it very easy to run an OpenBSD
> IPsec gateway with IPsec clients that automatically obtain VPN IP
> address, internal DNS IP etc. via DHCP. B In other words - this makes
> it very easy to deploy many (Windows) clients with very minimal
> configuration on the client side.

This is GREAT news! I can't thank you enough for this functionality.

> - The Cisco IPsec VPN client is not supported, it uses some
> proprietary IKE modecfg extensions ("Cisco Unity") and kind of depends
> on XAUTH (username+password authentication that is currently not
> supported).

Does anyone know if XAUTH is [going to be] being worked on? I think
this would make a great addition for those of us who prefer passkeys
to certificates.

-William

Re: burning cd

[Jacob Meuser]

On Sat, Sep 19, 2009 at 07:25:40AM +0400, igor denisov wrote:
> * igor denisov  [Fri, 18 Sep 2009 05:18:58 
> +0400]:
> hi there,
> 
> cdrecord emulation as it looks like is done
> with /dev/rcd0c, and why they do not mention it in the faq. It is as 
> simple as that:
> #cdrecord dev=/dev/rcd0c -scanbus

the point of -scanbus is to find devices.  it doesn't make much sense
to provide the device identifier, then look for devices.

also, using just the 'bus,target,lun' tupple doesn't work on OpenBSD,
so the info from cdrecord -scanbus is really useless.

> output is what is shown in the faq13 for SCSI hardware.
> 
> And there is something else, when i issue:
> #cdrecord -multi -tao /dev=/dev/rcd0c myfile.pdf
> 
> everything starts fine, the only WARNING: padding to something size.
> 
> and when i try to mount cd after burning, i get a message
> #bla bla device is not configured
> 
>  when change the cd to another cd, mount works fine.
> any ideas?

you can't mount a pdf.  but you can put your pdf on a cd9660 (ISO9660
if you will) filesystem and mount that.  see mkhybrid(8) or mkisofs(8).

> regards,
> igor.
> 

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Reduza as suas mensalidades até 60%!

[Partners Finances]

Caso nco visualize correctamente este e-mail, por favor clique AQUI.

Partners Finances : Solugues Financeiras

Partners finance, para reduzir as suas mensalidades ati -60%

Muitos Criditos, reduza as suas mensalidades

Partners Finance, solugues financeiras

Partners finance

Muitos criditos? Reduza as suas mensalidades ati -60%

Tem muitos criditos e quer reduzir as suas mensalidades?

Faga a simulagco online e reduza as suas mensalidades ati - 60%
com a Partners Finances.

 Para deixar de receber estas ofertas no seu e-mail clicar aqui

burning cd

[igor denisov]

* igor denisov  [Fri, 18 Sep 2009 05:18:58 
+0400]:

hi there,

cdrecord emulation as it looks like is done
with /dev/rcd0c, and why they do not mention it in the faq. It is as 
simple as that:

#cdrecord dev=/dev/rcd0c -scanbus

output is what is shown in the faq13 for SCSI hardware.

And there is something else, when i issue:
#cdrecord -multi -tao /dev=/dev/rcd0c myfile.pdf

everything starts fine, the only WARNING: padding to something size.

and when i try to mount cd after burning, i get a message
#bla bla device is not configured

 when change the cd to another cd, mount works fine.
any ideas?
regards,
igor.

Re: OpenBSD on first gen Asus eeePCs

[Brad Tilley]

On Fri, Sep 18, 2009 at 9:30 PM, Dawe  wrote:

> It doesn't seem like just an msdos issue to me.

I made my 701 model lock-up while using a ffs formatted SD card, but
not by coping files ( I tried that a few dozen times w/o issue). I
directed the output of dd to a file on the SD card and that did the
trick.

Brad

Re: OT: Old School Unix vs. Modern Day Support "Professionals" - was (Defending OpenBSD Performance)

[J.C. Roberts]

On Thu, 17 Sep 2009 12:27:47 -0400 "Brian Shackelford"
 wrote:

> Old School Unix = People that KNOW what they are doing.  I work with
> Macs, PC's, Windows, Novell, Mac OS, Linux, Unix, Windows, DOS (Yes
> some customers still use this), THEOS (anyone else heard of that
> one???)

Most long term OpenBSD users know of THEOS. The reason is simple; the
scumbag company behind that OS tried to use "reverse domain hijacking"
(i.e. a bogus dispute claim) to steal the "THEOS.COM" domain name from
it's owner, namely Theo de Raadt.

-jon

-- 
J.C. Roberts

Re: OpenBSD on first gen Asus eeePCs

[Dawe]

Brad Tilley wrote:
> On Thu, Sep 17, 2009 at 8:58 PM, frantisek holop  wrote:
> 
>> does the built in usb emulated sd card reader works?
>> i can read anything from it, but writing anything big
>> (> 100MB) freezes first the process doing the writing,
>> then the io subsystem, and eventually the whole system.
> 
> I tested this evening on i386 -current as of 9-14-2009.
> 
> # dd if=/dev/zero of=big.bin count=750 bs=1m
> 750+0 records in
> 750+0 records out
> 786432000 bytes transferred in 46.633 secs (16864064 bytes/sec)
> 
> I then tried to copy the 750 MB file to a 2 GB SD card that had a
> msdos (fat) file system. The eeePC froze-up rather hard, but was still
> sort-of usable. I would be glad to debug more should an OS developer
> show me how/what to do. Here is some output I could copy before the
> system went totally unresponsive... about 5 mins passed before the ath
> msgs appeared on console:
> 
> # cp big.bin /mnt
> ath0 detached
> ath0 at pci3 dev 0 function 0 "Atheros AR5424" rev 0x01: apic 1 int 18 (irq 
> 10)
> ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:xx:xx:xx
> 
> Rebooted (pressed and held power button) and tried the same thing with
> an older 32 MB SD card (also formatted msdos), dd'ed a 28 MB file and
> attempted to copy it. Same thing happened.
> 
> So just for fun, I formatted newfs on both SD cards and tried the
> copies again. Both worked fine with ffs file systems. This is not the
> most accurate test, but it seems that it may to be msdos file system
> related. Were your SD cards formatted fat? Have you had the issue on a
> ffs formatted card?
> 
> Brad
> 

It doesn't seem like just an msdos issue to me.
I can reproduce the described behavior (without the ath detachment) on
my eee pc 900 with an msdos and an ffs sd card.
When it freezes while writing, there is a file created with a size of 0
bytes.
Sometimes the write succeeds. But an ls on the mount point freezes with
a D+ state.
Building a kernel with MSDOSFS_DEBUG showed nothing so far.

Dawe

(OT / xorg): How to use 2 USB keyboard devices at the same time, but with different key mappings?

[Robert]

(maybe a little bit OT...)

Is there any way to have 2 USB keyboard devices connected at the same
time, but each having different key mappings or user-defined key code
mappings in X?
I managed to do this on the console with wsconsctl, but I can't figure 
out how to do it in X although xorg.conf says to use wskbd* (see below).



What I exactly want to do:

I've attached a USB keyboard (through a KVM):
/bsd: uhidev1 at uhub5 port 2 configuration 1 interface 0 "Belkin
Components USB-PS2 Adapter" rev 1.10/1.20 addr 2
/bsd: uhidev1: iclass 3/1
/bsd: ukbd0 at uhidev1: 8 modifier keys, 6 key codes
/bsd: wskbd1 at ukbd0 mux 1
/bsd: wskbd1: connecting to wsdisplay0

And a laserpointer (has 4 buttons):
/bsd: uhidev3 at uhub8
/bsd:  port 2 configuration 1 interface 0 "Kensington Wireless Presenter
with Laser Pointer" rev 2.00/0.06 addr 2
/bsd: uhidev3: iclass 3/1
/bsd: ukbd1 at uhidev3: 8 modifier keys, 6 key codes, country code 33
/bsd: wskbd2 at ukbd1 mux 1
/bsd: wskbd2: connecting to wsdisplay0

In the end I want to use the laserpointer buttons to start applications
through xbindkeys.
The problem is that currently its buttons send the keycodes for
"page_up"/"page_down", "F5" and "b" - so I can't catch them through
xbindkeys as this would also be triggered if I type those keys on the
keyboard.
Therefore I want to map those keycodes only for the laserpointer to 
currently unused ones - which I then can catch without side effects.


So far I've created 2 InputDevices in xorg.conf, but I can't figure out 
how to configure them separately - xmodmap has no parameter for this and 
always changes the "whole" keyboard.


Any ideas?

regards,
Robert


xorg.conf:

Section "Files"
FontPath   "/usr/X11R6/lib/X11/fonts/misc/"
FontPath   "/usr/X11R6/lib/X11/fonts/75dpi/:unscaled"
FontPath   "/usr/X11R6/lib/X11/fonts/100dpi/:unscaled"
FontPath   "/usr/local/lib/X11/fonts/ghostscript/"
FontPath   "/usr/X11R6/lib/X11/fonts/Type1/"
FontPath   "/usr/X11R6/lib/X11/fonts/TTF/"
FontPath   "/usr/X11R6/lib/X11/fonts/CID/"
FontPath   "/usr/X11R6/lib/X11/fonts/local/"
FontPath   "/usr/X11R6/lib/X11/fonts/Speedo/"
FontPath   "/usr/X11R6/lib/X11/fonts/TrueType/"
FontPath   "/usr/X11R6/lib/X11/fonts/freefont/"

ModulePath "/usr/X11R6/lib/modules"
EndSection


Section "Module"
Load "i2c"
Load "bitmap"
Load "ddc"
Load "extmod"
Load "freetype"
Load "int10"
Load "vbe"
Load "glx"
Load "GLcore"
EndSection


Section "InputDevice"
Identifier "keyboard1"
Driver "kbd"
Option "Device" "/dev/wskbd1"
Option "Protocol" "wskbd"
Option "CoreKeyboard"
Option "AutoRepeat" "500 30"
Option "XkbRules" "xorg"
Option "XkbModel" "pc105"
Option "XkbLayout" "de"
Option "XkbVariant" "nodeadkeys"
Option "XkbOptions" "eurosign:e"
EndSection


Section "InputDevice"
Identifier "keyboard2"
Driver "kbd"
Option "Device" "/dev/wskbd2"
Option "Protocol" "wskbd"
Option "AutoRepeat" "500 30"
Option "XkbRules" "xorg"
Option "XkbModel" "pc105"
Option "XkbLayout" "de"
Option "XkbVariant" "nodeadkeys"
Option "XkbOptions" "eurosign:e"
EndSection


Section "InputDevice"
Identifier "mouse0"
Driver "mouse"
Option "Protocol" "wsmouse"
Option "Device" "/dev/wsmouse"
Option "CorePointer"
Option "ZAxisMapping" "4 5"
EndSection


Section "Modes"
Identifier  "modes0"
Mode"m1920x1080"
# 67.1 kHz
DotClock172.80
HTimings1920 2040 2248 2576
VTimings1080 1081 1084 1118
Flags   "-HSync" "+VSync"
EndMode
EndSection


Section "Monitor"
Identifier  "tft0"
VendorName  "Benq"
ModelName   "G2412HD"
HorizSync   24-83
VertRefresh 50-76
UseModes"modes0"
EndSection

Section "Monitor"
Identifier  "tft1"
VendorName  "Benq"
ModelName   "G2412HD"
HorizSync   24-83
VertRefresh 50-76
UseModes"modes0"
EndSection


Section "Screen"
Identifier  "screen0"
Device  "rhd3650"
Monitor "tft0"
DefaultDepth 24
SubSection "Display"
Virtual 3840 1080
Modes   "m1920x1080"
Depth 24
EndSubSection
EndSection


Section "Device"
Identifier  "rhd3650"
Driver  "radeon"
BusId   "PCI:1:0:0"
Option  "monitor-VGA-0" "tft0"
Option  "monitor-DVI-0" "tft1"
Option  "SWcursor""true"
EndSection


Section "DRI"
Mode 0666
EndSection


Section "ServerLayout"
Identifier  "layout0"
Screen  "screen0"
InputDevice "keyboard1"
InputDevice "keyboard2"
InputDevice "mouse0"
EndSection

Re: OpenBSD on first gen Asus eeePCs

[Brad Tilley]

On Thu, Sep 17, 2009 at 8:58 PM, frantisek holop  wrote:

> does the built in usb emulated sd card reader works?
> i can read anything from it, but writing anything big
> (> 100MB) freezes first the process doing the writing,
> then the io subsystem, and eventually the whole system.

I tested this evening on i386 -current as of 9-14-2009.

# dd if=/dev/zero of=big.bin count=750 bs=1m
750+0 records in
750+0 records out
786432000 bytes transferred in 46.633 secs (16864064 bytes/sec)

I then tried to copy the 750 MB file to a 2 GB SD card that had a
msdos (fat) file system. The eeePC froze-up rather hard, but was still
sort-of usable. I would be glad to debug more should an OS developer
show me how/what to do. Here is some output I could copy before the
system went totally unresponsive... about 5 mins passed before the ath
msgs appeared on console:

# cp big.bin /mnt
ath0 detached
ath0 at pci3 dev 0 function 0 "Atheros AR5424" rev 0x01: apic 1 int 18 (irq 10)
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:xx:xx:xx

Rebooted (pressed and held power button) and tried the same thing with
an older 32 MB SD card (also formatted msdos), dd'ed a 28 MB file and
attempted to copy it. Same thing happened.

So just for fun, I formatted newfs on both SD cards and tried the
copies again. Both worked fine with ffs file systems. This is not the
most accurate test, but it seems that it may to be msdos file system
related. Were your SD cards formatted fat? Have you had the issue on a
ffs formatted card?

Brad

Re: Defending OpenBSD Performance

[Buzzer]

On Fri, Sep 18, 2009 at 10:30:25PM +, Jacob Meuser wrote:

> > fluidsynth -ni Unison.sf2 beethoven_-_5th_simphony.mid fluidsynth:
> > warning: Ignoring sample *KPianoB5: can't use ROM samples fluidsynth:
> > error: Couldn't set libsndio audio parameters as desired Failed to
> > create the audio driver
> 
> your soundcard apparently can't do 48kHz 16-bit stereo.

Sure. Max 44100 Hz.

> I'm going to take a wild guess and suggest you try using '-r 44100'
> on the fluidsynth command line.

Thank you for advice. Now I've got sound. However, I must say, timidity on
FreeBSD 4.11 produce more fluently sound. Especially when speech together
many instruments.

> > >>> the way the manual says to.
> > >> What make you think that I did not saw the manual?
> > >
> > > You should probably stop posting about now, you're starting to make
> > > yourself look realy bad.
> > 
> > Your are talking about unrelated topics, Paul. I do not care about how
> > everything looks there and I did not ask your opinion about how I
> > look... Good or bad - it is indifferent for me. By the way, absence of
> > constructive reply starting to make you look really bad.
> 
> btw, I tried finding 'beethoven_-_5th_simphony.mid' to see if I could
> reproduce your problem or at least have some basic idea of what's
> going on.
I will e-mail you some files.

> oh, wait.  I found a dmesg: PR 6220.  PII @ 349 MHz w/ s...@isapnp
Correct.

> ok, now I can believe you may have a "performance" issue.
> 
> PS do you really think that's the kind of system most people would use
> as a "desktop" in 2009?  after all, this subthread started with you
> saying OpenBSD might not be suitable as a desktop system, because of your
> issue with timidity "performance".

I affirm that it is timidity on FreeBSD 4.11 display more performance than
timidity or fluidsynth both on OpenBSD 4.5.

-- 
/Buzzer

Re: Defending OpenBSD Performance

[Buzzer]

On Fri, Sep 18, 2009 at 06:48:06PM -0400, bofh wrote:
> actually beat me out for stupidity of the day.  He probably believes
> Microsoft and runs XP on a 486 too.
You are probably junked now.

-- 
/Buzzer

Re: IPSEC: Problem with default route

[Lordsporkton]

Toni Mueller wrote:

Hi,

I tend to a network that "locally" looks like this:

East = 1.2.0.0/15 (central site)

West = 1.5.0.0/16 (satellite site)


"West" has a default route across the VPN to "East".

All gateways are running OpenBSD 4.5-stable.


Connectivity between East and West is no problem. The problem is that
there is no connectivity between the gateway at West and other hosts at
West. After some debugging, I found out that the gateway at "West"
sends packets destined for hosts in the "West" network to "East"
instead, eventually getting a TTL exceeded from the gateway at "East".

I'd like the more specific route, ie, the one out the LAN interface
which is directly attached to all of "West", to prevail over the
default route, but it observably doesn't.

Any enlightenment on this issue is most welcome, despite my having
found a workaround!


Kind regards,
--Toni++

  


Could you send us some actual details? Interface configs, ipsec.conf, 
pf.conf, output of route show, maybe a little network diagram? anything 
so that we actually know what is doing on?

Algarve e:Motion - Agenda

[Algarve e:Motion]

Algarve e:Motion - Portal de desportos radicais e alternativos no Algarve

Agenda: Semana 38/09

Eventos:


| 12-09-2009  ati  19-09-2009 |
Firias de Yoga com Rachel Lovegrove-Quinta Mimosa
Louli (Louli) 
Yoga
http://www.algarvemotion.com/eventos.php?id=160




| 19-09-2009 |
Internacional Cleanup Day
Praia dos Carneiros (Lagoa) 
Mergulho
http://www.algarvemotion.com/eventos.php?id=156




| 19-09-2009 |
Pedalar pela Igualdade
Faro (Faro) 
BTT
http://www.algarvemotion.com/eventos.php?id=158




| 18-09-2009  ati  20-09-2009 |
12* edigco do Concurso de Saltos Internacional de Portimco
Portimco (Portimco) 
Equitagco
http://www.algarvemotion.com/eventos.php?id=157




| 19-09-2009  ati  20-09-2009 |
Faro activo "MEXA-SE"
Faro (Faro) 
Escalada
http://www.algarvemotion.com/eventos.php?id=155




| 19-09-2009  ati  20-09-2009 |
Festival da Luz
Almancil (Louli) 
Yoga
http://www.algarvemotion.com/eventos.php?id=159






Algarve e:Motion - Agenda
enviada para m...@openbsd.org.

Estas e outras sugestues em http://www.algarvemotion.com


Se desejar cancelar a subscrigco envie mail para:
i...@algarvemotion.com com o assunto 'REMOVER AGENDA'

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of cabecalho.jpg]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of footer.jpg]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of ponto.jpg]

Re: Defending OpenBSD Performance

[Bryan Irvine]

> But I think this - 350Mhz general use cpu turned midi player may
> actually beat me out for stupidity of the day.  He probably believes
> Microsoft and runs XP on a 486 too.

You can get close though!
http://www.winhistory.de/more/386/xpmini_eng.htm

;-)

-B

Re: Defending OpenBSD Performance

[bofh]

On Fri, Sep 18, 2009 at 6:30 PM, Jacob Meuser 
wrote:
> oh, wait.  I found a dmesg: PR 6220.  PII @ 349 MHz w/ s...@isapnp
>
> ok, now I can believe you may have a "performance" issue.


OK, that beats what I saw at work today.  Someone sent me an email
with a subject that said "Issue with ticket  #12345" and a long thread
inside (sexchange mails, what can I do?)  I took a look at it, and one
of my folks had already sent instructions on what to do, and closed it
out.  So I replied - did you do what we told you to do for issue
ticket #12345?

He then replies - oh, your folks already helped me solve issue #12345,
I'm actually talking about ticket #98765.  I went WTF?  Am I a
freaking mind reader?

But I think this - 350Mhz general use cpu turned midi player may
actually beat me out for stupidity of the day.  He probably believes
Microsoft and runs XP on a 486 too.



--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

IPSEC: Problem with default route

[Toni Mueller]

Hi,

I tend to a network that "locally" looks like this:

East = 1.2.0.0/15 (central site)

West = 1.5.0.0/16 (satellite site)


"West" has a default route across the VPN to "East".

All gateways are running OpenBSD 4.5-stable.


Connectivity between East and West is no problem. The problem is that
there is no connectivity between the gateway at West and other hosts at
West. After some debugging, I found out that the gateway at "West"
sends packets destined for hosts in the "West" network to "East"
instead, eventually getting a TTL exceeded from the gateway at "East".

I'd like the more specific route, ie, the one out the LAN interface
which is directly attached to all of "West", to prevail over the
default route, but it observably doesn't.

Any enlightenment on this issue is most welcome, despite my having
found a workaround!


Kind regards,
--Toni++

Re: Defending OpenBSD Performance

[Alexandre Ratchov]

On Fri, Sep 18, 2009 at 01:13:56PM -0700, 4625 wrote:
> On Fri, Sep 18, 2009 at 01:59:43PM +1200, Paul M wrote:
> > I like fluidsynth.
>  Well, I got it. Could you explain me how do you ran it?
> >
> > Are you serious?
> Is it looks like joke?
> fluidsynth -ni Unison.sf2 beethoven_-_5th_simphony.mid
> fluidsynth: warning: Ignoring sample *KPianoB5: can't use ROM samples
> fluidsynth: error: Couldn't set libsndio audio parameters as desired
> Failed to create the audio driver
> 

your device doesn't seem to support what fluidsynth
requested. Try using ``-r 48000'' or whatever is appropriate
for your device. Alternatively, use aucat(1) in server mode
(ie ``aucat -l'' or whatever).

-- Alexandre

Re: Defending OpenBSD Performance

[Jacob Meuser]

On Fri, Sep 18, 2009 at 01:13:56PM -0700, 4625 wrote:
> On Fri, Sep 18, 2009 at 01:59:43PM +1200, Paul M wrote:
> > I like fluidsynth.
>  Well, I got it. Could you explain me how do you ran it?
> >
> > Are you serious?
> Is it looks like joke?
> fluidsynth -ni Unison.sf2 beethoven_-_5th_simphony.mid
> fluidsynth: warning: Ignoring sample *KPianoB5: can't use ROM samples
> fluidsynth: error: Couldn't set libsndio audio parameters as desired
> Failed to create the audio driver

your soundcard apparently can't do 48kHz 16-bit stereo.

hmm ... all ac97(4) and azalia(4) cards can do that ... you're using
FreeBSD 4.11 ... hmm

I'm going to take a wild guess and suggest you try using '-r 44100'
on the fluidsynth command line.

> >>> the way the manual says to.
> >> What make you think that I did not saw the manual?
> >
> > You should probably stop posting about now, you're starting to make
> > yourself look realy bad.
> 
> Your are talking about unrelated topics, Paul. I do not care about how
> everything looks there and I did not ask your opinion about how I look...
> Good or bad - it is indifferent for me. By the way, absence of constructive
> reply starting to make you look really bad.

you've now complained about at least two "performance" issues, yet,
with neither complaint, did you send a dmesg, despite having been
pointed to instructions for reporting problems that tell you to
include a dmesg.

btw, I tried finding 'beethoven_-_5th_simphony.mid' to see if I could
reproduce your problem or at least have some basic idea of what's
going on.

but I'll leave it at a "performance" issue.  you're probably running
a 486 with an ISA soundcard anyway.

oh, wait.  I found a dmesg: PR 6220.  PII @ 349 MHz w/ s...@isapnp

ok, now I can believe you may have a "performance" issue.

PS do you really think that's the kind of system most people would use
as a "desktop" in 2009?  after all, this subthread started with you
saying OpenBSD might not be suitable as a desktop system, because of your
issue with timidity "performance".

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Defending OpenBSD Performance

[4625]

On Fri, Sep 18, 2009 at 04:09:04PM +0200, Alexandre Ratchov wrote:
> > > > > > > > > > I think your problem can be traced to the different
> > > > > > > > > > default voices.
> > > > > > > > > I've test timidity with a different sound fonts and with
> > > > > > > > > the same config, like I have one in FreeBSD, on the same
> > > > > > > > > PC.
> > > > > > > > 
> > > > > > > > I wonder if FreeBSD's patch-playmidi would make any
> > > > > > > difference. It is not port or patch problem, but perfomance
> > > > > > > (on my opinion).
> > > > > > > > 
> > > > > > > > maybe you don't.  but for me, multichannel audio is more
> > > > > > > > important for a desktop than some busted old software midi
> > > > > > > > player.
> > > > > 
> > > > > It would be nice to hope that there is exist good substitute for
> > > > > timidity, which able to produce sound with the same quality.
> > > > 
> > > > did you try that timidity patch from freebsd I refered you to?
> > > Sure.
> > > 
> > > > > > > > > But I'm sure, I should boot
> > > > > > > > > FreeBSD-4.11 to listen midi files.
> > > > > > > > 
> > > > > > > > or you could use a less ancient midi player.
> > > > > > > Could you advice me one?
> > > > > > 
> > > > > > I like fluidsynth.
> > > > > Well, I got it. Could you explain me how do you ran it?
> > > > 
> > > > the way the manual says to.
> > > What make you think that I did not saw the manual?
> > > 
> > 
> > Feel free to ask for hints and to explain what you try to do
> > with MIDI and -- most importantly -- with what MIDI hardware.
> > Either privately or on the list, if you feel there's
> > something others should know.

I'd like nothing especially, just listen classical music in midi.

sb1 at isapnp0 "Creative SB AWE64 PnP, CTL0045, , Audio" port
0x220/16,0x330/2,0 x388/4 irq 5 drq 1,5: dsp v4.16
midi1 at sb1: 
audio0 at sb1
"Creative SB AWE64 PnP, CTL0022, , WaveTable" at isapnp0 port 0x620/4 not
configured

-- 
/4625

Re: ppp vs mgetty. Device busy.

[Brynet]

Hello.. err.. random radio frequency.

Reading tty(4) would have explained that /dev/cua01 is the dial-out
device for COM2, it should be used by programs that are.. dialling
out.

tty01 is what you should use in /etc/ttys, there is a setup script
included that could have helped you.

-Brynet

Re: relayd feature request

[James Records]

I may be wrong, but it sounds like what you really want is a leastconns
loadbalancing alg, which currently doesn't exist, though I don't know the
state of dev, anyone?

J

On Fri, Sep 18, 2009 at 1:13 PM, Josh Hoppes  wrote:

> I should clarify that the tag option is usable as an option to a
> redirection, and not a relay if I understand the man page correctly.
>
> On Fri, Sep 18, 2009 at 3:10 PM, Josh Hoppes 
> wrote:
> > You could try using the tag option in the configuration, and then have
> > a rule in your
> > pf.conf act on that tag to do what ever you need.
> >
> > On Fri, Sep 18, 2009 at 2:31 PM, Brian McCann 
> wrote:
> >> Hi all.  I've been using relayd for about 6 months or so now on OpenBSD
> 4.4.
> >>  I'm quite happy with it, but there's something I'd really like to do
> with
> >> it that it currently can't do (or perhaps I just missed how to do it, or
> >> just couldn't connect the dots).
> >> I currently have a pool of mail servers behind relayd, forwarding port
> 25
> to
> >> the servers in the pool.  I know this is sort of possible using pf, but
> I'd
> >> like to do is have relayd be able to limit connections per source
> address.
> >>  My goal is that once the limit has been reached for any address, relayd
> >> will then pass that connection off to a different host or table which
> can
> >> handle the overage.  In my case, those "overage" servers would say "421
> Too
> >> many connections, please try again momentarily", if it were a web server
> >> load balancer, those "overage" servers could say something similar.
> >>
> >> Maybe I missed that this is currently possible...if so, great.  If not,
> I
> >> think this could be very useful.
> >>
> >> Thanks!
> >> --Brian
> >>
> >> --
> >> _-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
> >> Brian McCann
> >>
> >> "I don't have to take this abuse from you -- I've got hundreds of
> >> people waiting to abuse me."
> >>   -- Bill Murray, "Ghostbusters"

Re: OT: Iphone with OpenBSD

[Bruce Bauer]

Here is dmesg from my 16G ipod touch:
Don't know if it is useful

Bruce's iPod:~ root# dmesg
2SPI: disabled power
AppleMBXDevice(0xc0b70c00)::changePowerStateGated(0)
AppleMRVL868x::setPOWER() [kernel_task]: 0
AppleMRVL868x Deauth'ed AP: BSSID = 00:21:29:97:2b:e4, rssi =  25, rate = 
18 ( 33%), channel =  6, encryption = 0x4, ap = 1, hidden = 0, directed = 0, 
failures =   0, age = 84, ssid = "Garnet House"
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setPOWER(): Flushing beacons!!
AppleMRVL868x::setPowerStateGated(): 1 -> 0, 0xc0bf4800
AppleSynopsysOTG2::handleUSBCableDisconnect
 0 [Time 1253304525] [Message System Sleep
pmu wake events: exton1(buttons)
System Wake
+ AppleMPVDDriver[0xc0a5d600]::setPowerStateGated()

AppleMBXDevice(0xc0b70c00)::setPowerState(1)
AppleMBXDevice(0xc0b70c00)::changePowerStateGated(1)
AppleMRVL868x::setPowerStateGated(): 0 -> 1, 0xc0bf4800
AppleMRVL868x::wakeupSequence()
AppleMRVL868x::setPOWER() [kernel_task]: 1
AppleMultitouchZ2SPI: enabled power, scheduled bootloading
AppleMultitouchSPIUserClient: Inhibited externally initiated reset
AppleMRVL868x::setASSOCIATE() [configd]: lowerAuth = AUTHTYPE_OPEN, upperAuth = 
AUTHTYPE_WPA_PSK, key = CIPHER_PMK, flags = 0x2
tlv_wmm_ie type=221, len=7 oui = 0x00 0x00 0x00  type= 0x00  subType = 0x00 
vers = 0x00 QoSInfo 0x00
AppleMRVL868x Joined AP:BSSID = 00:21:29:97:2b:e4, rssi =  22, rate = 
54 (100%), channel =  6, encryption = 0x4, ap = 1, hidden = 0, directed = 0, 
failures =   0, age = 1, ssid = "Garnet House"
AirPort: Link Up on en0
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_TKIP, index = 0, 
flags = 0x4
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_TKIP, index = 2, 
flags = 0x0
+ AppleMPVDDriver[0xc0a5d600]::setPowerStateGated()

AppleMBXDevice(0xc0b70c00)::setPowerState(0)
AppleMultitouchZ2SPI: disabled power
AppleMBXDevice(0xc0b70c00)::changePowerStateGated(0)
AppleMRVL868x::setPOWER() [kernel_task]: 0
AppleMRVL868x Deauth'ed AP: BSSID = 00:21:29:97:2b:e4, rssi =  25, rate = 
36 ( 66%), channel =  6, encryption = 0x4, ap = 1, hidden = 0, directed = 0, 
failures =   0, age = 37, ssid = "Garnet House"
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setCIPHER_KEY(): WiFi not powered on (0x3)
AppleMRVL868x::setPOWER(): Flushing beacons!!
AppleMRVL868x::setPowerStateGated(): 1 -> 0, 0xc0bf4800
AppleSynopsysOTG2::handleUSBCableDisconnect
 0 [Time 1253304640] [Message System Sleep
pmu wake events: exton1(buttons)
System Wake
+ AppleMPVDDriver[0xc0a5d600]::setPowerStateGated()

AppleMBXDevice(0xc0b70c00)::setPowerState(1)
AppleMBXDevice(0xc0b70c00)::changePowerStateGated(1)
AppleMRVL868x::setPowerStateGated(): 0 -> 1, 0xc0bf4800
AppleMRVL868x::wakeupSequence()
AppleMRVL868x::setPOWER() [kernel_task]: 1
AppleMultitouchSPIUserClient: Inhibited externally initiated reset
AppleMultitouchZ2SPI: enabled power, scheduled bootloading
AppleMRVL868x::setASSOCIATE() [configd]: lowerAuth = AUTHTYPE_OPEN, upperAuth = 
AUTHTYPE_WPA_PSK, key = CIPHER_PMK, flags = 0x2
tlv_wmm_ie type=221, len=7 oui = 0x00 0x00 0x00  type= 0x00  subType = 0x00 
vers = 0x00 QoSInfo 0x00
AppleMRVL868x::handleCommandPacket(): Error, aborting scan! 
(fScanningForNetworks = 0, fScanMechanism = 0)
AppleMRVL868x Joined AP:BSSID = 00:21:29:97:2b:e4, rssi =  14, rate = 
54 (100%), channel =  6, encryption = 0x4, ap = 1, hidden = 0, directed = 0, 
failures =   0, age = 1, ssid = "Garnet House"
AirPort: Link Up on en0
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_TKIP, index = 0, 
flags = 0x4
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_TKIP, index = 2, 
flags = 0x0
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_TKIP, index = 2, 
flags = 0x0
Bruce's iPod:~ root# ifcong fig -a
lo0: flags=8049 mtu 16384
inet 127.0.0.1 netmask 0xff00 
en0: flags=8863 mtu 1500
inet 192.168.1.102 netmask 0xff00 broadcast 192.168.1.255
ether 00:1d:4f:d7:36:31 
Bruce's iPod:~ root# uname -ap
Darwin Bruce's iPod 9.4.1 Darwin Kernel Version 9.4.1: Mon Dec  8 20:59:30 PST 
2008; root:xnu-1228.7.37~4/RELEASE_ARM_S5L8900X iPod1,1 arm N45AP Darwin
Bruce's iPod:~ root# exit
logout


--- h...@stare.cz wrote:

From: Jan Stary 
To: misc@openbsd.org
Subject: Re: OT: Iphone with OpenBSD
Date: Fri, 18 Sep 2009 19:30:46 +0200

On Sep 18 10:04:11, Alvaro Mantilla Gimenez wrote:
> Jan Stary escribis:
> >
> >  We will be trying to develop an entire suite of device
> >  drivers for undocumented hardware and the

Re: OT: Old School Unix vs. Modern Day Support "Professionals" - was (Defending OpenBSD Performance)

[bofh]

On Thu, Sep 17, 2009 at 8:36 PM, Aaron Mason 
wrote:
> Oh yes, M$ were very much against that, even when it was the only
> solution and the one suggested in their knowledge base!  This is good
> reading that goes through the horrors of such things, as well as their
> training slash indoctrination: http://www.kmfms.com/unmaintainable.txt

You need to read this then:
http://www.theregister.co.uk/2002/11/21/ms_paper_touts_unix/


--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: relayd feature request

[Josh Hoppes]

I should clarify that the tag option is usable as an option to a
redirection, and not a relay if I understand the man page correctly.

On Fri, Sep 18, 2009 at 3:10 PM, Josh Hoppes  wrote:
> You could try using the tag option in the configuration, and then have
> a rule in your
> pf.conf act on that tag to do what ever you need.
>
> On Fri, Sep 18, 2009 at 2:31 PM, Brian McCann  wrote:
>> Hi all.  I've been using relayd for about 6 months or so now on OpenBSD
4.4.
>>  I'm quite happy with it, but there's something I'd really like to do with
>> it that it currently can't do (or perhaps I just missed how to do it, or
>> just couldn't connect the dots).
>> I currently have a pool of mail servers behind relayd, forwarding port 25
to
>> the servers in the pool.  I know this is sort of possible using pf, but
I'd
>> like to do is have relayd be able to limit connections per source address.
>>  My goal is that once the limit has been reached for any address, relayd
>> will then pass that connection off to a different host or table which can
>> handle the overage.  In my case, those "overage" servers would say "421
Too
>> many connections, please try again momentarily", if it were a web server
>> load balancer, those "overage" servers could say something similar.
>>
>> Maybe I missed that this is currently possible...if so, great.  If not, I
>> think this could be very useful.
>>
>> Thanks!
>> --Brian
>>
>> --
>> _-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
>> Brian McCann
>>
>> "I don't have to take this abuse from you -- I've got hundreds of
>> people waiting to abuse me."
>>   -- Bill Murray, "Ghostbusters"

Re: Defending OpenBSD Performance

[4625]

On Fri, Sep 18, 2009 at 01:59:43PM +1200, Paul M wrote:
> I like fluidsynth.
 Well, I got it. Could you explain me how do you ran it?
>
> Are you serious?
Is it looks like joke?
fluidsynth -ni Unison.sf2 beethoven_-_5th_simphony.mid
fluidsynth: warning: Ignoring sample *KPianoB5: can't use ROM samples
fluidsynth: error: Couldn't set libsndio audio parameters as desired
Failed to create the audio driver

>>> the way the manual says to.
>> What make you think that I did not saw the manual?
>
> You should probably stop posting about now, you're starting to make
> yourself look realy bad.

Your are talking about unrelated topics, Paul. I do not care about how
everything looks there and I did not ask your opinion about how I look...
Good or bad - it is indifferent for me. By the way, absence of constructive
reply starting to make you look really bad.

-- 
/4625

Re: relayd feature request

[Josh Hoppes]

You could try using the tag option in the configuration, and then have
a rule in your
pf.conf act on that tag to do what ever you need.

On Fri, Sep 18, 2009 at 2:31 PM, Brian McCann  wrote:
> Hi all.  I've been using relayd for about 6 months or so now on OpenBSD
4.4.
>  I'm quite happy with it, but there's something I'd really like to do with
> it that it currently can't do (or perhaps I just missed how to do it, or
> just couldn't connect the dots).
> I currently have a pool of mail servers behind relayd, forwarding port 25
to
> the servers in the pool.  I know this is sort of possible using pf, but I'd
> like to do is have relayd be able to limit connections per source address.
>  My goal is that once the limit has been reached for any address, relayd
> will then pass that connection off to a different host or table which can
> handle the overage.  In my case, those "overage" servers would say "421 Too
> many connections, please try again momentarily", if it were a web server
> load balancer, those "overage" servers could say something similar.
>
> Maybe I missed that this is currently possible...if so, great.  If not, I
> think this could be very useful.
>
> Thanks!
> --Brian
>
> --
> _-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
> Brian McCann
>
> "I don't have to take this abuse from you -- I've got hundreds of
> people waiting to abuse me."
>   -- Bill Murray, "Ghostbusters"

ppp vs mgetty. Device busy.

[4625]

I have use mgetty on FreeBSD and that work very well there for a long time
(about 9 years). Currenlty I'd like to achieve the same behaviour on
OpenBSD. The problem is ppp unable to open /dev/cua01 till mgetty shut down.
ppp[7296]: tun0: Warning: deflink: /dev/cua01: Device busy

I ran mgetty from /etc/ttys (like on FreeBSD):
cua01 "/usr/local/libexec/mgetty -D -n 4 -s 115200" dialup on secure

And I have been test mgetty with old one config from FreeBSD. Does anyone
there have idea, why ppp unable to open COM port on OpenBSD, but able to do
it on FreeBSD???

OpenBSD localhost 4.5 200908010004#0 i386
mgetty+sendfax-1.1.36p0
-- 
/4625

Re: managing authorized_keys

[Stuart Henderson]

On 2009-09-18, bofh  wrote:
> Hi,
> Just wanted to see how you guys manage authorized_keys.  I'm trying to
> move everyone off "legacy" protocols onto openssh, and one of my
> proposals will involve using authorized keys for scripts/automated
> processes.
>
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?
>
> Thanks for any pointers!
>

I'm not sure what became of it, but the thread starting here may
be of some interest:

http://marc.info/?l=openbsd-tech&m=116360255224472&w=2

Re: 4.6 postponed to Nov 1

[Noah Pugsley]

Bret S. Lambert wrote:

On Fri, Sep 18, 2009 at 01:05:51PM +0200, Gilles Chehade wrote:

Bret S. Lambert wrote:

On Fri, Sep 18, 2009 at 11:47:37AM +0200, Alexander Hall wrote:

Oohhh... One dollar...

But, hey, wait a minute... You still owe me a jager bomb since... s2k8?

I'll update my accounting, should we name it Puffy. ;-)


I owe you what I say I owe you.

Now fetch me some pickled fish.

Where's my baconcheese ?


Still in the tube. At the store.


For long life and good health: http://www.jdfoods.net/products/baconsalt.php

Re: managing authorized_keys

[Han Hwei Woo]

We've used perl scripts on crontabs that lookup a postgres db.


bofh wrote:

Hi,
Just wanted to see how you guys manage authorized_keys.  I'm trying to
move everyone off "legacy" protocols onto openssh, and one of my
proposals will involve using authorized keys for scripts/automated
processes.

There's 400+ unix boxes.  I know we can stick keys into
authorized_keys, but managing it for a bunch of automated processes
seems a bit unwieldy.  Is there any way of pointing to an external
source, say, ldap?

Thanks for any pointers!

Re: OT: Old School Unix vs. Modern Day Support "Professionals" - was (Defending OpenBSD Performance)

[Brian Shackelford]

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of openbsd misc
Sent: Friday, September 18, 2009 2:27 PM
To: misc@openbsd.org
Subject: Re: OT: Old School Unix vs. Modern Day Support "Professionals"
- was (Defending OpenBSD Performance)

  >Fact of the matter is that I have
> become convinced that those that know how to actually TROUBLESHOOT
> problems are in the very small minority in this industry.

>   I think this is really the crux of the matter, I find the ability
>to troubleshoot multi-vendor complexity is getting to be a  rare
>commodity, its something thats very hard to interview people for.
>Nowadays people are so proud of their certification and specialized
>domain knowledge
>that they actively avoid learning or thinking about stuff outside of
>their specialized area.


And that is specifically my point.  People want to justify their own
worth and bloat their value beyond what it is by calling others names or
by raising their "specialization" higher than the median thereby making
themselves better about themselves.  In reality it is understanding the
median rather than the specialization that will allow one to find the
solution to the majority of problems.  So many times I tell our clients
- I don't care who's fault it is - let's just get it fixed (this is
usually in response to a finger pointing in our face by another vendor
trying to save face - blaming us for something we have absolutely no
control over...).  In order to just get it fixed one has to stop
worrying about who's fault it is and man up (or woman up - don't want to
seem discriminatory here...) and take responsibility to follow it
through to a solution.

Unix folks had to "know" what they were doing because you had to
understand how it all worked.  You actually had to read the manual and
understand what effect enabling this or disabling that would do.  The
best part is you couldn't accidentally point, click, and stop or remove
a piece of software that hoses the entire system - you had to use the
command line to do administrative tasks - which meant you had to (or
should) know the commands to use before attempting anything.  That is
why I love OpenBSD.  Everything is documented, source is available, and
you have to understand the system to use it...

...if you don't understand it - and are unhappy with the system - and
are unwilling to spend the time to learn it - then the best thing for
you to do is login as root and type in the following:

*
cd /
rm -rf *
*

...and now you learned something - DONT DO ANYTHING WIHTOUT
UNDERSTANDING IT FIRST

***  Disclaimer:  I take no responsibility for the results of running
the above commands although I would be intensely interested to hear the
results of anyone who does run them and their personal experiences
immediately following.  Run them only at your own risk AFTER
understanding what they do...

That is where these folks that want to LOUDLY complain about something
not working in OpenBSD or want to complain because feature X is not in
the OS really kill me. They try to use OpenBSD to fit into a mold that
it was not designed for and want feature X to work.  Either take the
initiative and contribute feature X, politely ask if there is a need for
feature X or if has been thought of, or be quiet.  OpenBSD works great
for everything I use it for - unfortunately until I can run MS SQL and
.NET 3.5 (yes mono is getting close - and - MySQL is maturing very
nicely in its featureset!!) to run on it I am relegated to a MS based
system for now as my work PC.  But for my firewalls and mail filtering
systems OpenBSD rocks and is rock solid.  There isn't anything I have
tried to use OpenBSD for (knowing the limitations on it - such as it
can't run apps written for Windows - which is something other people
seem to forget) that has not worked.

I never claim or even suspect that I know all the answers (but I know
where to find them) - and that is the strength and difference between
those people that know how to fix problems and those that do not.  If
you think you know it all - then there is no more room for knowledge and
you are unwilling to accept you might be wrong - which will forever
hinder your ability to learn from your mistakes.  If you approach every
problem with no preconceived notions and look at it as if you had never
seen it before you are more likely to find the right solution the first
time - and yes sometimes it is YOUR fault!

Again - feel free to obliterate my thoughts - but know that if your
comments are negative I might not and probably will not lose any sleep
over it.

Thank you to those that continue to devote their time and money to this
project and I will make a great attempt and not extending this thread
longer than I have already..

:)

relayd feature request

[Brian McCann]

Hi all.  I've been using relayd for about 6 months or so now on OpenBSD 4.4.
 I'm quite happy with it, but there's something I'd really like to do with
it that it currently can't do (or perhaps I just missed how to do it, or
just couldn't connect the dots).
I currently have a pool of mail servers behind relayd, forwarding port 25 to
the servers in the pool.  I know this is sort of possible using pf, but I'd
like to do is have relayd be able to limit connections per source address.
 My goal is that once the limit has been reached for any address, relayd
will then pass that connection off to a different host or table which can
handle the overage.  In my case, those "overage" servers would say "421 Too
many connections, please try again momentarily", if it were a web server
load balancer, those "overage" servers could say something similar.

Maybe I missed that this is currently possible...if so, great.  If not, I
think this could be very useful.

Thanks!
--Brian

-- 
_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
Brian McCann

"I don't have to take this abuse from you -- I've got hundreds of
people waiting to abuse me."
   -- Bill Murray, "Ghostbusters"

Re: managing authorized_keys

[Lars Nooden]

bofh wrote:
> On Fri, Sep 18, 2009 at 2:26 PM, Jim Razmus  wrote:
>> cfengine in ports.
> 
> While cfengine and puppet are good solutions (or not so good,
> depending on how you get it in :))

If you are looking that direction, consider also radmind.
 http://www.openbsd.org/4.5_packages/i386/radmind-1.13.0.tgz-long.html

regards
-Lars

Re: managing authorized_keys

[Martin Schröder]

2009/9/18 Matthew Dempsky :
> I thought that only solves management of the known_hosts file, not
> authorized_keys.  (Also, it requires secure DNS.)

True. I misunderstood your problem. Sorry for the noise.

Best
   Martin

Re: managing authorized_keys

[bofh]

On Fri, Sep 18, 2009 at 2:26 PM, Jim Razmus  wrote:
> cfengine in ports.

While cfengine and puppet are good solutions (or not so good,
depending on how you get it in :)), unfortunately, that's not
something I have available (and since I don't manage the systems...)

But maybe they do have something centrally managed.  I'll have to look
into it.  Thanks for the pointer!

(but, I doubt so... :( )


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: managing authorized_keys

[Bret S. Lambert]

On Fri, Sep 18, 2009 at 10:29:54AM -0400, bofh wrote:
> Hi,
> Just wanted to see how you guys manage authorized_keys.  I'm trying to
> move everyone off "legacy" protocols onto openssh, and one of my
> proposals will involve using authorized keys for scripts/automated
> processes.
> 
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?

Not an external source, but we use puppet to manage the authorized
keys file amongst our servers and vms at work. If you need to add or
remove a key, just make the change on the master and let the magic
flow.

> 
> Thanks for any pointers!
> 
> -- 
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted."  -- Gene Spafford
> learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: managing authorized_keys

[Matthew Dempsky]

On Fri, Sep 18, 2009 at 10:30 AM, Martin Schrvder  wrote:
> If the fingerprint is unknown, an alternative method of
> verification is available: SSH fingerprints ver-
> ified by DNS.  An additional resource record (RR), SSHFP, is
> added to a zonefile and the connecting
> client is able to match the fingerprint with that of the key presented.

I thought that only solves management of the known_hosts file, not
authorized_keys.  (Also, it requires secure DNS.)

Re: OT: Old School Unix vs. Modern Day Support "Professionals" - was (Defending OpenBSD Performance)

[openbsd misc]

  >Fact of the matter is that I have
> become convinced that those that know how to actually TROUBLESHOOT
> problems are in the very small minority in this industry.

   I think this is really the crux of the matter, I find the ability
to troubleshoot multi-vendor complexity is getting to be a  rare
commodity, its something thats very hard to interview people for.
Nowadays people are so proud of their certification and specialized
domain knowledge
that they actively avoid learning or thinking about stuff outside of
their specialized area.

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Miod Vallat escribis:
>> The iPhone is already using a BSD OS..so..is it possible that some of
>> the drivers required are already functional?
>>
>> Check this:
>>
>> $ ssh r...@iphone | tee iphone.txt
>> r...@iphone's password:
> [...]
>
> What, no dmesg?
>
> Miod

After I upgraded the Iphone to 3.01 I lost some of the Unix tools I had
installed.

dmesg just give me some partial information. Nothing valuable. I will
look for the unix tool missing and give you the dmesg output...

= CIPHER_PMK, flags = 0x2
AppleMRVL868x Joined AP:@ 0xc3374800, BSSID = 00:90:XX:XX:XX:XX,
rssi = -63, rate = 54 (100%), channel = 11, encryption = 0x8, ap = 1,
hidden = 0, directed = 0, failures =   0, age = 11, ssid[ 9] = ""
AirPort: Link Up on en0
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_AES_CCM,
index = 0, flags = 0x4
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_AES_CCM,
index = 1, flags = 0x0
launchd[69] Builtin profile: apsd (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/zoneinfo/America/Costa_Rica 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/zoneinfo/America/Costa_Rica 13 (seatbelt)
apsd 69 FS_READ_DATA SBF /private/var/stash/share.APlLQm/zoneinfo/UTC 13
(seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/zoneinfo/posixrules 13 (seatbelt)
launchd[103] Builtin profile: MobileSafari (seatbelt)
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_AES_CCM,
index = 2, flags = 0x0

Re: managing authorized_keys

[bofh]

On Fri, Sep 18, 2009 at 12:53 PM, Lars Nooden  wrote:
> bofh wrote:
>> Hi,
>> Just wanted to see how you guys manage authorized_keys.  I'm trying to
>> move everyone off "legacy" protocols onto openssh, and one of my
>> proposals will involve using authorized keys for scripts/automated
>> processes.
>>
>> There's 400+ unix boxes.  I know we can stick keys into
>> authorized_keys, but managing it for a bunch of automated processes
>> seems a bit unwieldy.  Is there any way of pointing to an external
>> source, say, ldap?
>
> A long time ago, for a much smaller number of machines and only two or
> three, I used rsync + authorized_keys.
> How many keys are you talking about?

That's one problem, I have no idea.  I do know that we have some
automated processes for grabbing performance data.  I'm thinking
probably between 20 and 50 keys.  It really depends on a couple of
other factors as well - do I want to pull ftp type access in to this
little project?  If so, that definitely increases things quite a bit.
Hmm... can things be locked down so that scp access won't provide
shell access?  This would be whatever version of openssh IBM put on
AIX.  Gah, now have to go do more research... :)



--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: OT: Iphone with OpenBSD

[Jan Stary]

On Sep 18 10:04:11, Alvaro Mantilla Gimenez wrote:
> Jan Stary escribis:
> >
> >  We will be trying to develop an entire suite of device
> >  drivers for undocumented hardware and then attempt to run
> >  a full-fledged operating system on it.
> >
> > Just hack away! After reading
> > http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
> > of course.
> 
> 
> Compare the two phones is not the point here...this guy does not have
> any clue about what the iPhone is and probably he is using his Nokia to
> give pleasure himself through his ass.
> 
> The site describes a "normal" iPhone. A Jailbroken iPhone with cydia and
> all the packages and cool stuff is a different beast. You can run perl,
> php, python, ruby, apache, svn, cvs, etc...you can manage your servers
> (the example that the guy is using against the iPhone) trough the
> Terminal application and connect with openssh, rdp or vnc...whatever you
> want.
> 
> The keyboard comment...it is just valid for an English speaker...if you
> are from other language with more complex characters then you do "less
> work" because is more easy to select that characters and guest what? you
> do less "taps" and the end of the day.
> 
> You can actually said: "Hey, here is your small server for your small
> office...right here in my pocket !!" "You can use it as media server,
> web server, backup server...". Take a look to cydia and the repositories.
> 
> It has support for MMS and Video recording (yes..cycorder), IM (too many
> clients...you already have problems to choose one because of that), vlc,
> mplayer, mxtube (In fact...I downloaded the slackathon conferences with
> that), SIP, VoIP and a lot of other cool stuff. You can, from long time
> ago, personalize your ringtones without iTunes...so...that site is just
> the opinion from one guy that does not know wtf he is talking about.
> 
> The actual point of the post was to have an iPhone/iPod Touch running as
> small SECURE server.
> 
> It is running a BSD OS already...but not secure. That's the point of all
> this post.

iLOL'd

Re: managing authorized_keys

[Martin Schröder]

2009/9/18 bofh :
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?

>From ssh(1):

 If the fingerprint is unknown, an alternative method of
verification is available: SSH fingerprints ver-
 ified by DNS.  An additional resource record (RR), SSHFP, is
added to a zonefile and the connecting
 client is able to match the fingerprint with that of the key presented.

Best
   Martin

Re: OT: Iphone with OpenBSD

[Miod Vallat]

> The iPhone is already using a BSD OS..so..is it possible that some of
> the drivers required are already functional?
> 
> Check this:
> 
> $ ssh r...@iphone | tee iphone.txt
> r...@iphone's password:
[...]

What, no dmesg?

Miod

Re: managing authorized_keys

[Lars Nooden]

John Jackson wrote:

> I've been meaning to give this a try:
> 
> http://code.google.com/p/openssh-lpk/

It seems to support LDAP+TLS, but not SSL.

It's an interesting idea, and may address having a large number of keys.
But if I am reading it right, it has not been worked on since 2007.


-Lars

Re: managing authorized_keys

[Lars Nooden]

bofh wrote:
> Hi,
> Just wanted to see how you guys manage authorized_keys.  I'm trying to
> move everyone off "legacy" protocols onto openssh, and one of my
> proposals will involve using authorized keys for scripts/automated
> processes.
> 
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?

A long time ago, for a much smaller number of machines and only two or
three, I used rsync + authorized_keys.
How many keys are you talking about?

Regards,
-Lars

Re: OT: Iphone with OpenBSD

[Brynet]

Hi,

Perhaps it's not an IPhone, but it may be possible to run OpenBSD on
it.. with potentially less hair pulling.

http://www.windowsfordevices.com/c/a/News/In-Technology-Group-XPPhone/

I humbly request dmesg pr0n, and that everyone hug Bob Beck when you see him.

-Brynet

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Lars Nooden escribis:
> Alvaro Mantilla Gimenez wrote:
>> Joachim Schipper escribis:
>>
>>> Actually, I think that's a rather low estimate. A lot of what people
>>> seem to like about the iPhone is the software: the hardware is neat and
>>> all, but not *that* different from other smartphones. Apple has spent a
>>> lot of money producing a really polished UI; duplicating that on OpenBSD
>>> would be an unpleasantly large amount of work.
>> That is a very good point.
>
> Yet look at the FVWM-crystal theme to see how much *could* be done to
> customize even a simple window manager.  FVWM-crystal is for the desktop
> with more or less average screens.
>
> Regards
> -Lars

Very Nice: http://manualinux.my-place.us/imagenes/fvwm-crystal2.jpg

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Michal escribis:
> ...you just kill-joyed that whole page. It's a stupid rant that's quite
funny
> if you like that humour and he is going on the first version of the iphone,
> non-jailbreak, (you cant bring that into it by the way as he is taking both
> phones as-is) So please donbt suck the humour out of everything
>

HaHaHa...sorry...I wake up this morning without sense of humor

>
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Alvaro Mantilla Gimenez
> Sent: 18 September 2009 17:04
> To: misc@openbsd.org
> Subject: Re: OT: Iphone with OpenBSD
>
> Jan Stary escribis:
>>  We will be trying to develop an entire suite of device
>>  drivers for undocumented hardware and then attempt to run
>>  a full-fledged operating system on it.
>>
>> Just hack away! After reading
>> http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
>> of course.
>
>
> Compare the two phones is not the point here...this guy does not have
> any clue about what the iPhone is and probably he is using his Nokia to
> give pleasure himself through his ass.
>
> The site describes a "normal" iPhone. A Jailbroken iPhone with cydia and
> all the packages and cool stuff is a different beast. You can run perl,
> php, python, ruby, apache, svn, cvs, etc...you can manage your servers
> (the example that the guy is using against the iPhone) trough the
> Terminal application and connect with openssh, rdp or vnc...whatever you
> want.
>
> The keyboard comment...it is just valid for an English speaker...if you
> are from other language with more complex characters then you do "less
> work" because is more easy to select that characters and guest what? you
> do less "taps" and the end of the day.
>
> You can actually said: "Hey, here is your small server for your small
> office...right here in my pocket !!" "You can use it as media server,
> web server, backup server...". Take a look to cydia and the repositories.
>
> It has support for MMS and Video recording (yes..cycorder), IM (too many
> clients...you already have problems to choose one because of that), vlc,
> mplayer, mxtube (In fact...I downloaded the slackathon conferences with
> that), SIP, VoIP and a lot of other cool stuff. You can, from long time
> ago, personalize your ringtones without iTunes...so...that site is just
> the opinion from one guy that does not know wtf he is talking about.
>
> The actual point of the post was to have an iPhone/iPod Touch running as
> small SECURE server.
>
> It is running a BSD OS already...but not secure. That's the point of all
> this post.
>
> Regards,
>
>
>  Alvaro

Re: OT: Iphone with OpenBSD

[Lars Nooden]

Alvaro Mantilla Gimenez wrote:
> Joachim Schipper escribis:
> 
>> Actually, I think that's a rather low estimate. A lot of what people
>> seem to like about the iPhone is the software: the hardware is neat and
>> all, but not *that* different from other smartphones. Apple has spent a
>> lot of money producing a really polished UI; duplicating that on OpenBSD
>> would be an unpleasantly large amount of work.
> 
> That is a very good point.

Yet look at the FVWM-crystal theme to see how much *could* be done to
customize even a simple window manager.  FVWM-crystal is for the desktop
with more or less average screens.

Regards
-Lars

Re: managing authorized_keys

[John Jackson]

On Fri, Sep 18, 2009 at 10:29:54AM -0400, bofh wrote:
> Hi,
> Just wanted to see how you guys manage authorized_keys.  I'm trying to
> move everyone off "legacy" protocols onto openssh, and one of my
> proposals will involve using authorized keys for scripts/automated
> processes.
> 
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?
> 
> Thanks for any pointers!

I've been meaning to give this a try:

http://code.google.com/p/openssh-lpk/


John


> 
> -- 
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted."  -- Gene Spafford
> learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Jacob Yocom-Piatt escribis:

>
> getting openbsd working on an iphone would be a pretty serious
> undertaking and would require a lot of man hours that aren't currently
> available. you have to remember that the project is mostly driven by
> donated developer time.

Yes, I know. The developers are doing an amazing work. I am very
grateful for this awesome OS.


> there is no doubt this would be sweet but you have to be realistic when
> considering the amount of work it would take to make this happen. there
> are >10 mln iphones in circulation so there is no shortage of machines

There is nothing it could be used from the ARM OpenBSD release? Maybe is
a start...

The iPhone is already using a BSD OS..so..is it possible that some of
the drivers required are already functional?

Check this:

$ ssh r...@iphone | tee iphone.txt
r...@iphone's password:

root# df -h
FilesystemSize  Used Avail Use% Mounted on
/dev/disk0s1  500M  420M   76M  85% /
devfs  25K   25K 0 100% /dev
/dev/disk0s2  7.1G  1.9G  5.3G  27% /private/var

KKroto:~ root# sysctl -a
kern.ostype = Darwin
kern.osrelease = 10.0.0d3
kern.osrevision = 199506
kern.version = Darwin Kernel Version 10.0.0d3: Wed May 13 22:11:58 PDT
2009; root:xnu-1357.2.89~4/RELEASE_ARM_S5L8900X
kern.maxvnodes = 800
kern.maxproc = 52
kern.maxfiles = 12288
kern.argmax = 262144
kern.securelevel = 0
kern.hostname = KKroto
kern.hostid = 0
kern.clockrate: hz = 100, tick = 1, profhz = 100, stathz = 100
kern.posix1version = 200112
kern.ngroups = 16
kern.job_control = 1
kern.saved_ids = 1
kern.boottime = Fri Sep 18 09:32:58 2009
kern.nisdomainname =
kern.maxfilesperproc = 10240
kern.maxprocperuid = 26
kern.dummy = 0
kern.dummy = 0
kern.usrstack = 805306368
kern.dummy = 0
kern.dummy = 0
kern.dummy = 0
kern.exec: unknown type returned
kern.aiomax = 10
kern.aioprocmax = 4
kern.aiothreads = 2
kern.corefile = /cores/core.%P
kern.delayterm = 0
kern.shreg_private = 0
kern.usrstack64 = 8247063986311266304
kern.procname =
kern.speculative_reads_disabled = 0
kern.osversion = 7A341
kern.safeboot = 0
kern.rage_vnode = 0
vfs.hfs has 2 mounted instances
hw.machine = iPhone1,1
hw.model = M68AP
hw.ncpu = 1
hw.byteorder = 1234
hw.physmem = 121634816
hw.usermem = 93564928
hw.pagesize = 4096
hw.epoch = 1
hw.vectorunit = 0
hw.busfrequency = 10300
hw.cpufrequency = 41200
hw.cachelinesize = 32
hw.l1icachesize = 16384
hw.l1dcachesize = 16384
hw.l2settings = 0
hw.l2cachesize = 0
hw.tbfrequency = 600
hw.memsize = 121634816
hw.availcpu = 1
user.cs_path = /usr/bin:/bin:/usr/sbin:/sbin
user.bc_base_max = 99
user.bc_dim_max = 2048
user.bc_scale_max = 99
user.bc_string_max = 1000
user.coll_weights_max = 2
user.expr_nest_max = 32
user.line_max = 2048
user.re_dup_max = 255
user.posix2_version = 200112
user.posix2_c_bind = 0
user.posix2_c_dev = 0
user.posix2_char_term = 0
user.posix2_fort_dev = 0
user.posix2_fort_run = 0
user.posix2_localedef = 0
user.posix2_sw_dev = 0
user.posix2_upe = 0
user.stream_max = 20
user.tzname_max = 255
kern.ostype: Darwin
kern.osrelease: 10.0.0d3
kern.osrevision: 199506
kern.version: Darwin Kernel Version 10.0.0d3: Wed May 13 22:11:58 PDT
2009; root:xnu-1357.2.89~4/RELEASE_ARM_S5L8900X
kern.maxvnodes: 800
kern.maxproc: 52
kern.maxfiles: 12288
kern.argmax: 262144
kern.securelevel: 0
kern.hostname: KKroto
kern.hostid: 0
kern.clockrate: { hz = 100, tick = 1, tickadj = -1072182583, profhz
= 100, stathz = 100 }
kern.posix1version: 200112
kern.ngroups: 16
kern.job_control: 1
kern.saved_ids: 1
kern.boottime: { sec = 1253287978, usec = 0 } Fri Sep 18 09:32:58 2009
kern.nisdomainname:
kern.maxfilesperproc: 10240
kern.maxprocperuid: 26
kern.ipc.maxsockbuf: 8388608
kern.ipc.sockbuf_waste_factor: 8
kern.ipc.somaxconn: 128
kern.ipc.nmbclusters: 3455
kern.ipc.soqlimitcompat: 1
kern.ipc.mb_normalized: 0
kern.ipc.sosendminchain: 16384
kern.ipc.sorecvmincopy: 16384
kern.ipc.sosendjcl: 1
kern.ipc.sosendjcl_ignore_capab: 0
kern.ipc.maxsockets: 128
kern.ipc.sbspace_factor: 8
kern.ipc.njcl: 0
kern.ipc.njclbytes: 0
kern.ipc.soqlencomp: 0
kern.dummy: 0
kern.usrstack: 805306368
kern.aiomax: 10
kern.aioprocmax: 4
kern.aiothreads: 2
kern.corefile: /cores/core.%P
kern.delayterm: 0
kern.shreg_private: 0
kern.posix.sem.max: 1
kern.usrstack64:
kern.tfp.policy: 2kern.procname:
kern.speculative_reads_disabled: 0
kern.osversion: 7A341
kern.safeboot: 0
kern.lctx.last: 1
kern.lctx.count: 0
kern.lctx.max: 8192
kern.rage_vnode: 0
kern.tty.ptmx_max: 127
kern.sleeptime: { sec = 0, usec = 0 } Wed Dec 31 18:00:00 1969
kern.waketime: { sec = 0, usec = 0 } Wed Dec 31 18:00:00 1969
kern.willshutdown: 0
kern.hibernatefile:
kern.bootsignature:
kern.hibernatemode: 0
kern.monotonicclock: 1253319276
kern.nbuf: 552
kern.maxnbuf: 552
kern.flush_cache_on_write: 0
kern.sugid_scripts: 0
kern.bootargs:
kern.num_files: 203
kern.num_vnodes: 800
kern.num_tasks: 512
kern.num_threads: 1024
kern.num_taskthreads: 1024
kern.preheat_pages_max: 256
kern.preheat_pages_min: 8
kern

Re: OT: Iphone with OpenBSD

[Michal]

...you just kill-joyed that whole page. It's a stupid rant that's quite funny
if you like that humour and he is going on the first version of the iphone,
non-jailbreak, (you cant bring that into it by the way as he is taking both
phones as-is) So please donbt suck the humour out of everything



-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Alvaro Mantilla Gimenez
Sent: 18 September 2009 17:04
To: misc@openbsd.org
Subject: Re: OT: Iphone with OpenBSD

Jan Stary escribis:
>
>  We will be trying to develop an entire suite of device
>  drivers for undocumented hardware and then attempt to run
>  a full-fledged operating system on it.
>
> Just hack away! After reading
> http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
> of course.


Compare the two phones is not the point here...this guy does not have
any clue about what the iPhone is and probably he is using his Nokia to
give pleasure himself through his ass.

The site describes a "normal" iPhone. A Jailbroken iPhone with cydia and
all the packages and cool stuff is a different beast. You can run perl,
php, python, ruby, apache, svn, cvs, etc...you can manage your servers
(the example that the guy is using against the iPhone) trough the
Terminal application and connect with openssh, rdp or vnc...whatever you
want.

The keyboard comment...it is just valid for an English speaker...if you
are from other language with more complex characters then you do "less
work" because is more easy to select that characters and guest what? you
do less "taps" and the end of the day.

You can actually said: "Hey, here is your small server for your small
office...right here in my pocket !!" "You can use it as media server,
web server, backup server...". Take a look to cydia and the repositories.

It has support for MMS and Video recording (yes..cycorder), IM (too many
clients...you already have problems to choose one because of that), vlc,
mplayer, mxtube (In fact...I downloaded the slackathon conferences with
that), SIP, VoIP and a lot of other cool stuff. You can, from long time
ago, personalize your ringtones without iTunes...so...that site is just
the opinion from one guy that does not know wtf he is talking about.

The actual point of the post was to have an iPhone/iPod Touch running as
small SECURE server.

It is running a BSD OS already...but not secure. That's the point of all
this post.

Regards,


 Alvaro

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Jan Stary escribis:
>
>  We will be trying to develop an entire suite of device
>  drivers for undocumented hardware and then attempt to run
>  a full-fledged operating system on it.
>
> Just hack away! After reading
> http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
> of course.


Compare the two phones is not the point here...this guy does not have
any clue about what the iPhone is and probably he is using his Nokia to
give pleasure himself through his ass.

The site describes a "normal" iPhone. A Jailbroken iPhone with cydia and
all the packages and cool stuff is a different beast. You can run perl,
php, python, ruby, apache, svn, cvs, etc...you can manage your servers
(the example that the guy is using against the iPhone) trough the
Terminal application and connect with openssh, rdp or vnc...whatever you
want.

The keyboard comment...it is just valid for an English speaker...if you
are from other language with more complex characters then you do "less
work" because is more easy to select that characters and guest what? you
do less "taps" and the end of the day.

You can actually said: "Hey, here is your small server for your small
office...right here in my pocket !!" "You can use it as media server,
web server, backup server...". Take a look to cydia and the repositories.

It has support for MMS and Video recording (yes..cycorder), IM (too many
clients...you already have problems to choose one because of that), vlc,
mplayer, mxtube (In fact...I downloaded the slackathon conferences with
that), SIP, VoIP and a lot of other cool stuff. You can, from long time
ago, personalize your ringtones without iTunes...so...that site is just
the opinion from one guy that does not know wtf he is talking about.

The actual point of the post was to have an iPhone/iPod Touch running as
small SECURE server.

It is running a BSD OS already...but not secure. That's the point of all
this post.

Regards,


 Alvaro

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Joachim Schipper escribis:

>
> Actually, I think that's a rather low estimate. A lot of what people
> seem to like about the iPhone is the software: the hardware is neat and
> all, but not *that* different from other smartphones. Apple has spent a
> lot of money producing a really polished UI; duplicating that on OpenBSD
> would be an unpleasantly large amount of work.

That is a very good point.

>
> Of course, if you're happy with a basic (X) terminal, that's a lot
> easier: but I don't really see the advantage of the iPhone over other
> smartphones there.

As a small server maybe it could have a little fluxbox screen just to
see the status of network, cpu load, etc...

>
> Or am I missing something? I must admit to not being sufficiently
> interested in this stuff to follow all the minutiae...
>
>   Joachim

Re: 4.6 postponed to Nov 1

[Michal]

How dare she...you'd only be thinking about it ;)

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Matt
Bettinger
Sent: 18 September 2009 15:39
To: Michael
Cc: m...@cvs.openbsd.org
Subject: Re: 4.6 postponed to Nov 1

On 9/18/09, Michael  wrote:
> >>> Heh. I just cannot help being a little amused by this, since we are
> >>> expecting our second kid with an ETA of Nov 1, and I thought it would
> >>> have been a fun coincidence to have OpenBSD and (possibly) a kid
> >>> "released" the same day. :-)
> >>
> >> don't name it puffy, please ;)
> >>
> >
> > Don't listen to him; there's a shiny American dollar in it if you do.
>
> +1 EUR
>
> ;-)
>
>

That funny because we have a c section scheduled Oct 1, 2009  to go in
and get my third child.  (boy). My wife REALLY believed (and maybe it
is true)  that I was going to be upgrading boxes on the same day my
sone is born.  She can rest easy now that the Release date has been
bumped up!

re,

mb

Re: Outbound RST not seen by tcpdump?

[Mike Small]

Sorry for the dup, Ian. I meant to send to the list the first time.

Ian Chard  writes:

> Hi,
>
> I'm troubleshooting a very strange problem, where my ssh connection to
> a few different OpenBSD machines drops suddenly, with the client
> machine receiving a TCP RST from the server.  I've taken tcpdump
> captures on both sides (in different sessions, so the tcpdump process
> doesn't die with my shell), and the OpenBSD machine's capture doesn't
> log the RST it apparently sends.
>
> Now the machines are in a complex network, so it's possible that the
> packet is being generated spuriously by something else.  My question
> is: is there any way that the OpenBSD kernel could sent a TCP RST that
> is always missed by tcpdump running on the same machine?
>
> Thanks for any help
> - Ian

This sounds a little like something I'm noticing lately.  I thought it
was our network at work, but now I see it's really predictable.  If
you run "dillo boston.com" on a connection with X forwarded and wait a
few seconds do you see the reset too?

I'm connecting using PuTTY 0.60-2008-09-17 on a windows xp machine
with Xming 6.0.9.31.

$ pkg_info -c dillo

Information for inst:dillo-2.0p1

Comment:
fast and light graphical web browser

$ dmesg
[ using 426072 bytes of bsd ELF symbol table ]
console out [ATY,Rage128Pd]console in [keyboard] , using USB
: memaddr 9400 size 400, : consaddr 96008000, : ioaddr 9002, size 
2: memtag 8000, iotag 8000: width 1280 linebytes 1280 height 960 depth 8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2009 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.5 (GENERIC) #0: Thu May  7 17:54:23 EDT 2009
r...@holly.mauritania:/usr/src/sys/arch/macppc/compile/GENERIC
real mem = 402653184 (384MB)
avail mem = 377503744 (360MB)
mainbus0 at root: model PowerMac3,4
cpu0 at mainbus0: 7400 (Revision 0x209): 466 MHz: 1MB backside cache
mem0 at mainbus0
spdmem0 at mem0: 128MB SDRAM non-parity PC133CL2
spdmem1 at mem0: 256MB SDRAM non-parity PC133CL3
memc0 at mainbus0: uni-n
kiic0 at memc0 offset 0xf8001000
iic0 at kiic0
mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 "Apple Uni-N2 AGP" rev 0x00
vgafb0 at pci0 dev 16 function 0 "ATI Rage Fury" rev 0x00, mmio
wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation)
mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x0
pci1 at mpcpcibr1 bus 0
pchb1 at pci1 dev 11 function 0 "Apple Uni-N2 Host" rev 0x00
macobio0 at pci1 dev 23 function 0 "Apple Keylargo" rev 0x03
openpic0 at macobio0 offset 0x4: version 0x4614 little endian
macgpio0 at macobio0 offset 0x50
macgpio1 at macgpio0 irq 47
"programmer-switch" at macgpio0 not configured
"gpio5" at macgpio0 not configured
"gpio6" at macgpio0 not configured
"gpio11" at macgpio0 not configured
"extint-gpio15" at macgpio0 not configured
"extint-gpio16" at macgpio0 not configured
"escc-legacy" at macobio0 offset 0x12000 not configured
zsc0 at macobio0 offset 0x13000: irq 22,50
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
tumbler0 at macobio0 offset 0x1: irq 30,1,2
"timer" at macobio0 offset 0x15000 not configured
adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets
apm0 at adb0: battery flags 0x9, 0% charged
kiic1 at macobio0 offset 0x18000
iic1 at kiic1
wdc0 at macobio0 offset 0x1f000 irq 19: DMA
wd0 at wdc0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(wdc0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
wdc1 at macobio0 offset 0x2 irq 20: DMA
atapiscsi0 at wdc1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(wdc1:0:0): using BIOS timings, DMA mode 2
wdc2 at macobio0 offset 0x21000 irq 21: DMA
audio0 at tumbler0
ohci0 at pci1 dev 24 function 0 "Apple USB" rev 0x00: irq 27, version 1.0
ohci1 at pci1 dev 25 function 0 "Apple USB" rev 0x00: irq 28, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 "Apple OHCI root hub" rev 1.00/1.00 addr 1
usb1 at ohci1: USB revision 1.0
uhub1 at usb1 "Apple OHCI root hub" rev 1.00/1.00 addr 1
mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x16
pci2 at mpcpcibr2 bus 0
pchb2 at pci2 dev 11 function 0 "Apple Uni-N2 Host" rev 0x00
"AT&T/Lucent FW322 1394" rev 0x00 at pci2 dev 14 function 0 not configured
gem0 at pci2 dev 15 function 0 "Apple Uni-N GMAC" rev 0x01: irq 41, address 
00:03:93:04:f9:b2
brgphy0 at gem0 phy 0: BCM5401 10/100/1000baseT PHY, rev. 3
uhub2 at uhub0 port 1 "Chicony Generic USB Hub" rev 1.10/1.00 addr 2
uhidev0 at uhub2 port 1 configuration 1 interface 0 "Chicony PFU-65 USB 
Keyboard" rev 1.10/1.00 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub2 port 2 configuration 1 interface 0 "Microsoft Microsoft 
3-Button Mouse with IntelliEye(TM)" rev 1.10/3.00 addr 4
uhidev1: iclass 3

Re: Logging when interfaces go down

[Thomas Jeunet]

On Fri, Sep 18, 2009 at 15:37, Ian Chard  wrote:
> Hi,
>
> Is it possible to log, or in some other way capture the event, when network
> interfaces go down?
>
> Thanks
> - Ian
>
> --
> Ian Chard, Senior Unix and Network Gorilla | E: ian.ch...@sers.ox.ac.uk
> Systems and Electronic Resources Service   | T:  80587 / (01865) 280587
> Oxford University Library Services | F:  (01865) 242287
>
>

See ifstated : http://www.openbsd.org/cgi-bin/man.cgi?query=ifstated

--
Thomas Jeunet

Re: 4.6 postponed to Nov 1

[Matt Bettinger]

On 9/18/09, Michael  wrote:
> >>> Heh. I just cannot help being a little amused by this, since we are
> >>> expecting our second kid with an ETA of Nov 1, and I thought it would
> >>> have been a fun coincidence to have OpenBSD and (possibly) a kid
> >>> "released" the same day. :-)
> >>
> >> don't name it puffy, please ;)
> >>
> >
> > Don't listen to him; there's a shiny American dollar in it if you do.
>
> +1 EUR
>
> ;-)
>
>

That funny because we have a c section scheduled Oct 1, 2009  to go in
and get my third child.  (boy). My wife REALLY believed (and maybe it
is true)  that I was going to be upgrading boxes on the same day my
sone is born.  She can rest easy now that the Release date has been
bumped up!

re,

mb

managing authorized_keys

[bofh]

Hi,
Just wanted to see how you guys manage authorized_keys.  I'm trying to
move everyone off "legacy" protocols onto openssh, and one of my
proposals will involve using authorized keys for scripts/automated
processes.

There's 400+ unix boxes.  I know we can stick keys into
authorized_keys, but managing it for a bunch of automated processes
seems a bit unwieldy.  Is there any way of pointing to an external
source, say, ldap?

Thanks for any pointers!

-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Outbound RST not seen by tcpdump?

[Ian Chard]

Hi,

I'm troubleshooting a very strange problem, where my ssh connection to a 
few different OpenBSD machines drops suddenly, with the client machine 
receiving a TCP RST from the server.  I've taken tcpdump captures on 
both sides (in different sessions, so the tcpdump process doesn't die 
with my shell), and the OpenBSD machine's capture doesn't log the RST it 
apparently sends.


Now the machines are in a complex network, so it's possible that the 
packet is being generated spuriously by something else.  My question is: 
is there any way that the OpenBSD kernel could sent a TCP RST that is 
always missed by tcpdump running on the same machine?


Thanks for any help
- Ian

--
Ian Chard, Senior Unix and Network Gorilla | E: ian.ch...@sers.ox.ac.uk
Systems and Electronic Resources Service   | T:  80587 / (01865) 280587
Oxford University Library Services | F:  (01865) 242287

Re: Logging when interfaces go down

[Ian Chard]

Everyone said:
> ifstated

Thanks to everyone :-)

- Ian

--
Ian Chard, Senior Unix and Network Gorilla | E: ian.ch...@sers.ox.ac.uk
Systems and Electronic Resources Service   | T:  80587 / (01865) 280587
Oxford University Library Services | F:  (01865) 242287

Re: Logging when interfaces go down

[Jason Dixon]

On Sep 18, 2009, at 9:37 AM, Ian Chard  wrote:


Hi,

Is it possible to log, or in some other way capture the event, when  
network interfaces go down?


Ifstated(8)

-J.

Re: Defending OpenBSD Performance

[Alexandre Ratchov]

On Fri, Sep 18, 2009 at 03:33:07PM +0200, Alexandre Ratchov wrote:
> On Thu, Sep 17, 2009 at 04:59:45PM -0700, 4625 wrote:
> > On Thu, Sep 17, 2009 at 10:08:55PM +, Jacob Meuser wrote:
> > > > > > > > > I think your problem can be traced to the different default
> > > > > > > > > voices.
> > > > > > > > I've test timidity with a different sound fonts and with the
> > > > > > > > same config, like I have one in FreeBSD, on the same PC.
> > > > > > > 
> > > > > > > I wonder if FreeBSD's patch-playmidi would make any difference.
> > > > > > It is not port or patch problem, but perfomance (on my opinion).
> > > > > > > 
> > > > > > > maybe you don't.  but for me, multichannel audio is more important
> > > > > > > for a desktop than some busted old software midi player.
> > > > 
> > > > It would be nice to hope that there is exist good substitute for 
> > > > timidity,
> > > > which able to produce sound with the same quality.
> > > 
> > > did you try that timidity patch from freebsd I refered you to?
> > Sure.
> > 
> > > > > > > > But I'm sure, I should boot
> > > > > > > > FreeBSD-4.11 to listen midi files.
> > > > > > > 
> > > > > > > or you could use a less ancient midi player.
> > > > > > Could you advice me one?
> > > > > 
> > > > > I like fluidsynth.
> > > > Well, I got it. Could you explain me how do you ran it?
> > > 
> > > the way the manual says to.
> > What make you think that I did not saw the manual?
> > 
> 
> IMHO this discussion is taking the wrong direction.
> 
> I use MIDI a lot, exclusively on OpenBSD; both for playback,
> recording, editting and basic real-time "filtering".
> 
> Feel free to ask for hints and to explain what you try to do
> with MIDI and -- most importantly -- with what MIDI hardware.
> Either privately or on the list, if you feel there's
> something others should know.
> 
> To quickly summarize where OpenBSD is:
> 
>  - harware synths, keyboards, control surfaces etc...  just
>work, and are fully usable for real-time stuff since few years.
>After all MIDI is a dumb serial port.
> 
>  - opl(4), pcppi(4) are almost useless and seem
>unmaintained, I have plans to work on them (or anything
>based on src/sys/dev/midisyn.h).

of course, I have absolutely _no_ plans to work on them...
...other than possibly removing them if one day they block
development.

sorry for the typo.

-- Alexandre

Re: Defending OpenBSD Performance

[Alexandre Ratchov]

On Thu, Sep 17, 2009 at 04:59:45PM -0700, 4625 wrote:
> On Thu, Sep 17, 2009 at 10:08:55PM +, Jacob Meuser wrote:
> > > > > > > > I think your problem can be traced to the different default
> > > > > > > > voices.
> > > > > > > I've test timidity with a different sound fonts and with the
> > > > > > > same config, like I have one in FreeBSD, on the same PC.
> > > > > > 
> > > > > > I wonder if FreeBSD's patch-playmidi would make any difference.
> > > > > It is not port or patch problem, but perfomance (on my opinion).
> > > > > > 
> > > > > > maybe you don't.  but for me, multichannel audio is more important
> > > > > > for a desktop than some busted old software midi player.
> > > 
> > > It would be nice to hope that there is exist good substitute for timidity,
> > > which able to produce sound with the same quality.
> > 
> > did you try that timidity patch from freebsd I refered you to?
> Sure.
> 
> > > > > > > But I'm sure, I should boot
> > > > > > > FreeBSD-4.11 to listen midi files.
> > > > > > 
> > > > > > or you could use a less ancient midi player.
> > > > > Could you advice me one?
> > > > 
> > > > I like fluidsynth.
> > > Well, I got it. Could you explain me how do you ran it?
> > 
> > the way the manual says to.
> What make you think that I did not saw the manual?
> 

IMHO this discussion is taking the wrong direction.

I use MIDI a lot, exclusively on OpenBSD; both for playback,
recording, editting and basic real-time "filtering".

Feel free to ask for hints and to explain what you try to do
with MIDI and -- most importantly -- with what MIDI hardware.
Either privately or on the list, if you feel there's
something others should know.

To quickly summarize where OpenBSD is:

 - harware synths, keyboards, control surfaces etc...  just
   work, and are fully usable for real-time stuff since few years.
   After all MIDI is a dumb serial port.

 - opl(4), pcppi(4) are almost useless and seem
   unmaintained, I have plans to work on them (or anything
   based on src/sys/dev/midisyn.h).

 - ports/audio/fluidsynth is almost usable as a real-time synth.
   There's a recent patch on ports@, making it look as hardware to
   MIDI players. It works, but is not as good as hardware synths,
   especially for real-time performance. I use hardware most
   of the time.

 - ports/audio/timidity: it's good for MIDI rendering. I'd love your
   issues to get solved, but I have much more urgent/fun things to
   work on. I use it sometimes to render .wav files.

 - midiplay(1) is in base. It works only with hardware, because it
   uses the (obsolete) sequencer(4) interface; this is being worked
   on, though.

 - ports/audio/midish works in all cases and does much more
   than midiplay(4), that's the tool i'm working on the most.

HTH

-- Alexandre

Logging when interfaces go down

[Ian Chard]

Hi,

Is it possible to log, or in some other way capture the event, when 
network interfaces go down?


Thanks
- Ian

--
Ian Chard, Senior Unix and Network Gorilla | E: ian.ch...@sers.ox.ac.uk
Systems and Electronic Resources Service   | T:  80587 / (01865) 280587
Oxford University Library Services | F:  (01865) 242287

Re: 4.6 postponed to Nov 1

[Michael]

>>> Heh. I just cannot help being a little amused by this, since we are
>>> expecting our second kid with an ETA of Nov 1, and I thought it would
>>> have been a fun coincidence to have OpenBSD and (possibly) a kid
>>> "released" the same day. :-)
>>
>> don't name it puffy, please ;)
>>
> 
> Don't listen to him; there's a shiny American dollar in it if you do.

+1 EUR

;-)

Adira já e receba 5 euros grátis

[Raspadinhas Online]

Caso tenha dificuldade em visualizar, por favor clique no link abaixo

www.informacaobyweb.com/raspadinhas.html




Ao abrigo do Dec.Lei 67/98 de 26 de Outubro, o destinatario podera
proceder ` rectificagco
ou cancelamento dos seus dados, conforme o disposto nos artigos 10: e
11:.

Se pretender remover o seu enderego de email, por favor no link abaixo
http://www.informacaobyweb.com/unsubcribe/index.php?a=

Re: OT: Iphone with OpenBSD

[Michal]

That whole site as brilliant rants that remind me zero punctuation videos :)

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Gilles Chehade
Sent: 18 September 2009 12:22
To: Jacob Yocom-Piatt
Cc: misc@openbsd.org
Subject: Re: OT: Iphone with OpenBSD

hehe, following a link from a link from thelinuxoniphone blog, I ran
into this:

http://www.thebestpageintheuniverse.net/c.cgi?u=iphone

made my day ;-)

Gilles

On Fri, Sep 18, 2009 at 05:10:49AM -0500, Jacob Yocom-Piatt wrote:
> Alvaro Mantilla Gimenez wrote:
> >I just found this page:
> >
> >http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html
> >
> >I don't have any idea about how/where to start. Maybe Theo can put some
> >light here...I think my developer skills are far to be good enough but,
> >hey...I would like to try !!
> >
> >
>
>
> getting openbsd working on an iphone would be a pretty serious
> undertaking and would require a lot of man hours that aren't currently
> available. you have to remember that the project is mostly driven by
> donated developer time.
>
> if you have >100K USD and are committed you might be able to make it
> happen. there would have to be a lot of reverse engineering on drivers
> and there is no reason to expect apple wouldn't change the chipsets
> across versions to make minute optimizations on cost. assuming you could
> get all this code written there are many man hours that go into keeping
> the arch working properly on an ongoing basis.
>
> there is no doubt this would be sweet but you have to be realistic when
> considering the amount of work it would take to make this happen. there
> are >10 mln iphones in circulation so there is no shortage of machines
>
>
> >Regards,
> >
> >Alvaro
> >
> >beowuff escribis:
> >
> >>>Reading the article posted on undeadly.org:
> >>>http://www.informit.com/articles/article.aspx?p=1393496
> >>>
> >>>I was thinking it would be cool to have an Iphone running OpenBSD...
> >>>
> >>>Imagine that: the most secure phone in the planet :-P
> >>>
> >>Man, I have an old 1st gen iPhone just sitting there... I would so put
> >>OpenBSD on it. Unfortunately, I wouldn't know where to begin :(
>

--
Gilles Chehade
freelance developer/sysadmin/consultant

   http://www.poolp.org

Re: route-to/reply-to broken on amd64?

[Michael]

Hi,

Am 11.09.2009 00:58, schrieb Laurent Ghigonis:
> On Fri, 11 Sep 2009 02:23:54 +0400
> Vadim Zhukov  wrote:
>> Hello all.
>>
>> Can anyone ack that route-to/reply-to rules do not work on amd64?
>> I have the following rule in pf.conf:
>>
>> pass in quick on $limit_if inet proto icmp icmp-type echoreq \
>> reply-to ($limit_if $limit_gw)
>>
>> It does not work (IPs replaced via corresponding macros by me),
>> see tcpdump(8) output:
>>
>> 02:00:58.171084 77.108.65.40 > ($limit_if): icmp: echo request
>> 02:00:58.171113 77.108.65.40 > $limit_gw: icmp: echo request
>>
>> Yep, such weird. And when I remove "reply-to" clause, it works as
>> intended:
>>
>> 01:53:11.174644 77.108.65.40 > ($limit_if): icmp: echo request
>>
>> No ICMP replies seen - they try to go via default route that is on
>> another interface.
>>
>> There are similar problems with "route-to": it looks like acting as
>> "rdr-to", replacing destination IP address.
>>
>> I have no problems on i386 firewall with same sort of setup.
>>
>> System was updated via snapshot two days ago, and then kernel and
>> pfctl(8) were rebuilt then from source while debugging this case. Full
>> dmesg is at the end of letter.
>>
>> Thank you for any responses.
>>
> 
> i think i have the same problem on amd64 (current) with reply-to
> 
> the reply-to ($if $gw) makes reply go to $gw instead of the sender
> it was working before the pf nat change

I is also not working with the 2009-09-07 snapshot on i386.

Michael

Re: OT: Iphone with OpenBSD

[Gilles Chehade]

hehe, following a link from a link from thelinuxoniphone blog, I ran
into this:

http://www.thebestpageintheuniverse.net/c.cgi?u=iphone

made my day ;-)

Gilles

On Fri, Sep 18, 2009 at 05:10:49AM -0500, Jacob Yocom-Piatt wrote:
> Alvaro Mantilla Gimenez wrote:
> >I just found this page:
> >
> >http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html
> >
> >I don't have any idea about how/where to start. Maybe Theo can put some
> >light here...I think my developer skills are far to be good enough but,
> >hey...I would like to try !!
> >
> >  
> 
> 
> getting openbsd working on an iphone would be a pretty serious 
> undertaking and would require a lot of man hours that aren't currently 
> available. you have to remember that the project is mostly driven by 
> donated developer time.
> 
> if you have >100K USD and are committed you might be able to make it 
> happen. there would have to be a lot of reverse engineering on drivers 
> and there is no reason to expect apple wouldn't change the chipsets 
> across versions to make minute optimizations on cost. assuming you could 
> get all this code written there are many man hours that go into keeping 
> the arch working properly on an ongoing basis.
> 
> there is no doubt this would be sweet but you have to be realistic when 
> considering the amount of work it would take to make this happen. there 
> are >10 mln iphones in circulation so there is no shortage of machines
> 
> 
> >Regards,
> >
> >Alvaro
> >
> >beowuff escribis:
> >  
> >>>Reading the article posted on undeadly.org:
> >>>http://www.informit.com/articles/article.aspx?p=1393496
> >>>
> >>>I was thinking it would be cool to have an Iphone running OpenBSD...
> >>>
> >>>Imagine that: the most secure phone in the planet :-P
> >>>  
> >>Man, I have an old 1st gen iPhone just sitting there... I would so put
> >>OpenBSD on it. Unfortunately, I wouldn't know where to begin :(
> 

-- 
Gilles Chehade
freelance developer/sysadmin/consultant

   http://www.poolp.org

Re: 4.6 postponed to Nov 1

[Gilles Chehade]

On Fri, Sep 18, 2009 at 01:15:33PM +0200, Bret S. Lambert wrote:
> On Fri, Sep 18, 2009 at 01:05:51PM +0200, Gilles Chehade wrote:
> > Bret S. Lambert wrote:
> > >On Fri, Sep 18, 2009 at 11:47:37AM +0200, Alexander Hall wrote:
> > >>Oohhh... One dollar...
> > >>
> > >>But, hey, wait a minute... You still owe me a jager bomb since... s2k8?
> > >>
> > >>I'll update my accounting, should we name it Puffy. ;-)
> > >>
> > >
> > >I owe you what I say I owe you.
> > >
> > >Now fetch me some pickled fish.
> > Where's my baconcheese ?
> 
> Still in the tube. At the store.

I see you don't track things you owe then ...
Alexander, don't call your child puffy, you'll never see
that dollar ! ;-)

Gilles

-- 
Gilles Chehade
freelance developer/sysadmin/consultant

   http://www.poolp.org

Re: 4.6 postponed to Nov 1

[Bret S. Lambert]

On Fri, Sep 18, 2009 at 01:05:51PM +0200, Gilles Chehade wrote:
> Bret S. Lambert wrote:
> >On Fri, Sep 18, 2009 at 11:47:37AM +0200, Alexander Hall wrote:
> >>Oohhh... One dollar...
> >>
> >>But, hey, wait a minute... You still owe me a jager bomb since... s2k8?
> >>
> >>I'll update my accounting, should we name it Puffy. ;-)
> >>
> >
> >I owe you what I say I owe you.
> >
> >Now fetch me some pickled fish.
> Where's my baconcheese ?

Still in the tube. At the store.

Re: 4.6 postponed to Nov 1

[Siegbert Marschall]

> On Fri, Sep 18, 2009 at 11:18:30AM +0200, Stephan A. Rickauer wrote:
>> On Fri, 2009-09-18 at 11:09 +0200, Alexander Hall wrote:
>> > Theo de Raadt wrote:
>> > > The 4.6 release will be postponed to Nov 1.
>> >
>> > Heh. I just cannot help being a little amused by this, since we are
>> > expecting our second kid with an ETA of Nov 1, and I thought it would
>> > have been a fun coincidence to have OpenBSD and (possibly) a kid
>> > "released" the same day. :-)
>>
>> don't name it puffy, please ;)
>>
>
> Don't listen to him; there's a shiny American dollar in it if you do.
>
I put a shiny silver 10,- EUR coin on top of it. ;)

Re: 4.6 postponed to Nov 1

[Gilles Chehade]

Bret S. Lambert wrote:

On Fri, Sep 18, 2009 at 11:47:37AM +0200, Alexander Hall wrote:
  

Oohhh... One dollar...

But, hey, wait a minute... You still owe me a jager bomb since... s2k8?

I'll update my accounting, should we name it Puffy. ;-)




I owe you what I say I owe you.

Now fetch me some pickled fish.
  

Where's my baconcheese ?

Gilles

Re: OT: Iphone with OpenBSD

[Joachim Schipper]

On Fri, Sep 18, 2009 at 05:10:49AM -0500, Jacob Yocom-Piatt wrote:
> Alvaro Mantilla Gimenez wrote:
> >I just found this page:
> >
> >http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html
> >
> >I don't have any idea about how/where to start. Maybe Theo can put some
> >light here...I think my developer skills are far to be good enough but,
> >hey...I would like to try !!
> >
> 
> 
> getting openbsd working on an iphone would be a pretty serious
> undertaking and would require a lot of man hours that aren't
> currently available. you have to remember that the project is mostly
> driven by donated developer time.
> 
> if you have >100K USD and are committed you might be able to make it
> happen. there would have to be a lot of reverse engineering on
> drivers and there is no reason to expect apple wouldn't change the
> chipsets across versions to make minute optimizations on cost.
> assuming you could get all this code written there are many man
> hours that go into keeping the arch working properly on an ongoing
> basis.
> 
> there is no doubt this would be sweet but you have to be realistic
> when considering the amount of work it would take to make this
> happen. there are >10 mln iphones in circulation so there is no
> shortage of machines

Actually, I think that's a rather low estimate. A lot of what people
seem to like about the iPhone is the software: the hardware is neat and
all, but not *that* different from other smartphones. Apple has spent a
lot of money producing a really polished UI; duplicating that on OpenBSD
would be an unpleasantly large amount of work.

Of course, if you're happy with a basic (X) terminal, that's a lot
easier: but I don't really see the advantage of the iPhone over other
smartphones there.

Or am I missing something? I must admit to not being sufficiently
interested in this stuff to follow all the minutiae...

Joachim

Re: 4.6 postponed to Nov 1

[Bret S. Lambert]

On Fri, Sep 18, 2009 at 11:47:37AM +0200, Alexander Hall wrote:
> Oohhh... One dollar...
> 
> But, hey, wait a minute... You still owe me a jager bomb since... s2k8?
> 
> I'll update my accounting, should we name it Puffy. ;-)
> 

I owe you what I say I owe you.

Now fetch me some pickled fish.

Re: OT: Iphone with OpenBSD

[Jacob Yocom-Piatt]

Alvaro Mantilla Gimenez wrote:

I just found this page:

http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html

I don't have any idea about how/where to start. Maybe Theo can put some
light here...I think my developer skills are far to be good enough but,
hey...I would like to try !!

  



getting openbsd working on an iphone would be a pretty serious 
undertaking and would require a lot of man hours that aren't currently 
available. you have to remember that the project is mostly driven by 
donated developer time.


if you have >100K USD and are committed you might be able to make it 
happen. there would have to be a lot of reverse engineering on drivers 
and there is no reason to expect apple wouldn't change the chipsets 
across versions to make minute optimizations on cost. assuming you could 
get all this code written there are many man hours that go into keeping 
the arch working properly on an ongoing basis.


there is no doubt this would be sweet but you have to be realistic when 
considering the amount of work it would take to make this happen. there 
are >10 mln iphones in circulation so there is no shortage of machines




Regards,

Alvaro

beowuff escribis:
  

Reading the article posted on undeadly.org:
http://www.informit.com/articles/article.aspx?p=1393496

I was thinking it would be cool to have an Iphone running OpenBSD...

Imagine that: the most secure phone in the planet :-P
  

Man, I have an old 1st gen iPhone just sitting there... I would so put
OpenBSD on it. Unfortunately, I wouldn't know where to begin :(

Re: 4.6 postponed to Nov 1

[Alexander Hall]

Bret S. Lambert wrote:
> On Fri, Sep 18, 2009 at 11:18:30AM +0200, Stephan A. Rickauer wrote:
>> On Fri, 2009-09-18 at 11:09 +0200, Alexander Hall wrote:
>>> Theo de Raadt wrote:
 The 4.6 release will be postponed to Nov 1.
>>> Heh. I just cannot help being a little amused by this, since we are
>>> expecting our second kid with an ETA of Nov 1, and I thought it would
>>> have been a fun coincidence to have OpenBSD and (possibly) a kid
>>> "released" the same day. :-)
>> don't name it puffy, please ;)
>>
> 
> Don't listen to him; there's a shiny American dollar in it if you do.

Oohhh... One dollar...

But, hey, wait a minute... You still owe me a jager bomb since... s2k8?

I'll update my accounting, should we name it Puffy. ;-)

/Alexander

Re: OT: Iphone with OpenBSD

[Jan Stary]

On Sep 18 02:20:38, Alvaro Mantilla Gimenez wrote:
> I just found this page:
> 
> http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html
> 
> I don't have any idea about how/where to start. Maybe Theo can put some
> light here...I think my developer skills are far to be good enough but,
> hey...I would like to try !!

 We will be trying to develop an entire suite of device
 drivers for undocumented hardware and then attempt to run
 a full-fledged operating system on it.

Just hack away! After reading
http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
of course.

Re: 4.6 postponed to Nov 1

[Bret S. Lambert]

On Fri, Sep 18, 2009 at 11:18:30AM +0200, Stephan A. Rickauer wrote:
> On Fri, 2009-09-18 at 11:09 +0200, Alexander Hall wrote:
> > Theo de Raadt wrote:
> > > The 4.6 release will be postponed to Nov 1.
> > 
> > Heh. I just cannot help being a little amused by this, since we are
> > expecting our second kid with an ETA of Nov 1, and I thought it would
> > have been a fun coincidence to have OpenBSD and (possibly) a kid
> > "released" the same day. :-)
> 
> don't name it puffy, please ;)
> 

Don't listen to him; there's a shiny American dollar in it if you do.

Re: 4.6 postponed to Nov 1

[Stephan A. Rickauer]

On Fri, 2009-09-18 at 11:09 +0200, Alexander Hall wrote:
> Theo de Raadt wrote:
> > The 4.6 release will be postponed to Nov 1.
> 
> Heh. I just cannot help being a little amused by this, since we are
> expecting our second kid with an ETA of Nov 1, and I thought it would
> have been a fun coincidence to have OpenBSD and (possibly) a kid
> "released" the same day. :-)

don't name it puffy, please ;)

Re: 4.6 postponed to Nov 1

[Alexander Hall]

Theo de Raadt wrote:
> The 4.6 release will be postponed to Nov 1.

Heh. I just cannot help being a little amused by this, since we are
expecting our second kid with an ETA of Nov 1, and I thought it would
have been a fun coincidence to have OpenBSD and (possibly) a kid
"released" the same day. :-)

/Alexander

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

I just found this page:

http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html

I don't have any idea about how/where to start. Maybe Theo can put some
light here...I think my developer skills are far to be good enough but,
hey...I would like to try !!

Regards,

Alvaro

beowuff escribis:
>> Reading the article posted on undeadly.org:
>> http://www.informit.com/articles/article.aspx?p=1393496
>>
>> I was thinking it would be cool to have an Iphone running OpenBSD...
>>
>> Imagine that: the most secure phone in the planet :-P
>
>
> Man, I have an old 1st gen iPhone just sitting there... I would so put
> OpenBSD on it. Unfortunately, I wouldn't know where to begin :(

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

I just found somebody port the netbsd man pages to the iphone (which is
nothing to me).

Brian W. escribis:
> Alvaro Mantilla Gimenez wrote:
>> Totally offtopic:
>>
>> Reading the article posted on undeadly.org:
>> http://www.informit.com/articles/article.aspx?p=1393496
>>
>> I was thinking it would be cool to have an Iphone running OpenBSD...
>>
>> Imagine that: the most secure phone in the planet :-P
>>
>> Regards,
>>
>>   Alvaro
>>
> The netbsd guys try to run in just about anything with a chip in it,
> have they done it yet?
>
> Brian