Re: managing authorized_keys

[Janne Johansson]

Joachim Schipper wrote:
>> There's 400+ unix boxes.  I know we can stick keys into
>> authorized_keys, but managing it for a bunch of automated processes
>> seems a bit unwieldy.  
> Have you considered Kerberos? You'll still have to add accounts (or use
> LDAP, indeed), but at least you don't have to copy the keys everywhere.
> 

With some patches, you can use the krb5 host-keys instead of the
ssh-host-keys.

Then again, any site with 400+ boxes should really have most of them on
a "automated install" procedure anyhow, so sending out authorized_keys
using that should be a high priority.

HABILIDADES EN COMUNICACIÓN Y MOTIVACIÓN - 28 de setiembre en Hotel Ibis, Montevideo.

[EsAG Uruguay]

ESCUELA DE ALTA GERENCIA

INVITA

TALLER DE CAPACITACISN

HABILIDADES DE MOTIVACISN Y COMUNICACISN

28 DE SEPTIEMBRE

DE 18 A 22 HS.

Hemos omdo de la necesidad de metas de corto, mediano y largo plazo, de la 
importancia de la comunicacisn con el sujeto a motivar, de la esperanza o la fe 
y la confianza, de los recursos y conocimientos que son necesarios. Tambiin de 
la importancia de los ejemplos a seguir, de la fragilidad de la motivacisn ante 
problemas, de una efectiva comunicacisn, etc.



Cada situacisn de falta de motivacisn puede surgir de alguno de estos u otros 
factores.

Con este taller se abordaran temas dinamicos y participativos como: 

- Mapa de la comunicacisn 

- No es lo que se dice, sino como se dice.

- Mapa de la motivacisn

- Diferentes estrategias practicas

- Y respuestas al pzblico

Duracisn: 4 horas

Lugar: Hotel Ibis (Rambla Sur, Montevideo)

Docente:

Ing. Eustaquio Vera, Magmster en Ciencias de Administracisn (Univ. Standford)

Instructor Universitario y en Instituciones de Comunicacisn, Negociacisn, Toma 
de Decisiones, Motivacisn, Comunicacisn Polmtica.

Vea un fragmento de una de sus conferencias haciendo click en el link

Inversisn:

$U 900 (pesos uruguayos)

Inscripciones antes del 26/9: $U 750

Pago mediante Abitab, BROU o Cobrador.

Financia VISA, OCA y ANDA

Se entregan materiales y certificado.

CUPOS LIMITADOS, RESERVE HOY!  Info-reservas:

  Tel. (02) 314 1688*

  E-mail: esag.reser...@ejecutivos.com

  * Descuentos para grupos



GRACIAS



Para evitar el envio de este mail escriba a esta misma vma.

.

Re: Outbound RST not seen by tcpdump?

[Janne Johansson]

Ian Chard wrote:
> I'm troubleshooting a very strange problem, where my ssh connection to a
> few different OpenBSD machines drops suddenly, with the client machine
> receiving a TCP RST from the server.  I've taken tcpdump captures on
> both sides (in different sessions, so the tcpdump process doesn't die
> with my shell), and the OpenBSD machine's capture doesn't log the RST it
> apparently sends.
>
There are ISPs that "traffic shape" their links by killing long-lasting
TCP streams by faking the RST in the middle.

Re: Recent ThinkPad T series

[Brynet]

Hi Michael,

> CPU:  Intel Core2 Duo (SP9600 or T9600)  - yes; use AMD64 arch?
Both the i386 and amd64 ports of OpenBSD support the Core 2 Duo, it's
your choice.

> ATI Mobility Radeon 3470 - yes
The Radeon 3470 is part of the R600 family, support for R600/700 is
still a work in progress.. 2 different Xorg drivers exist, radeon and
radeonhd.

> Intel GMA 4500MHD - ?
Intel graphics should work with both 2D/3D acceleration, should
meaning possibly.

> Sound card (no specs available) - ?
Most systems utilize Intel HD audio chipsets, it should be supported
by the azalia(4) driver.

> 5 in 1 or 7 in 1 Media Card Reader - standard USB storage device?
Sometimes they are supported, this is something you'll have to
determine yourself.

> Integrated camera - no
This may be a UVC compliant USB device, if so, it may be supported by
the uvideo(4) driver.. and you can use ports supporting the V42L API.

> Fingerprint reader - no
This might be supported by the libfprint port, unfortunately the
associated demo utilities aren't included (?) yet.. not that it's even
remotely practical.

-Brynet

Re: Outbound RST not seen by tcpdump?

[Claudio Jeker]

On Mon, Sep 21, 2009 at 09:44:34AM +0200, Janne Johansson wrote:
> Ian Chard wrote:
> > I'm troubleshooting a very strange problem, where my ssh connection to a
> > few different OpenBSD machines drops suddenly, with the client machine
> > receiving a TCP RST from the server.  I've taken tcpdump captures on
> > both sides (in different sessions, so the tcpdump process doesn't die
> > with my shell), and the OpenBSD machine's capture doesn't log the RST it
> > apparently sends.
> >
> There are ISPs that "traffic shape" their links by killing long-lasting
> TCP streams by faking the RST in the middle.
> 

pf(4) does this as well, if the state times out (the default timeout for
established sessions is around a day). Many other systems behave
similar (sometimes with much shorter timeouts). Enabling ssh keepalive
helps.

-- 
:wq Claudio

Re: Outbound RST not seen by tcpdump?

[Ian Chard]

Janne Johansson wrote:

Ian Chard wrote:

I'm troubleshooting a very strange problem, where my ssh connection to a
few different OpenBSD machines drops suddenly, with the client machine
receiving a TCP RST from the server.  I've taken tcpdump captures on
both sides (in different sessions, so the tcpdump process doesn't die
with my shell), and the OpenBSD machine's capture doesn't log the RST it
apparently sends.


There are ISPs that "traffic shape" their links by killing long-lasting
TCP streams by faking the RST in the middle.


A good thought, and I've seen this myself.  However, these connections 
can drop after a second or two, and aren't traversing an ISP.


- Ian

--
Ian Chard, Senior Unix and Network Gorilla | E: ian.ch...@sers.ox.ac.uk
Systems and Electronic Resources Service   | T:  80587 / (01865) 280587
Oxford University Library Services | F:  (01865) 242287

Re: Recent ThinkPad T series

[Michiel van Baak]

On 03:46, Mon 21 Sep 09, Brynet wrote:
> Hi Michael,
> 
> > Fingerprint reader - no
> This might be supported by the libfprint port, unfortunately the
> associated demo utilities aren't included (?) yet.. not that it's even
> remotely practical.

I have login_fingerprint working on my T61p
(is also in ports and available as package via pkg_add)
> 
> -Brynet
> 

-- 

Michiel van Baak
mich...@vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"

slip cable

[sonjaya]

hi ...

i want using slip as my network interface,  for cable layout what kind
recomended and working in openbsd.
i search null modem cable rs232 a have some type:
- null  modem without handshaking
- null  modem with loop back  handshaking
- null  modem with partial  handshaking
- null  modem with full handshaking

which one compatible for openbsd network ?

my plan that cable  will be transfer file between openbsd  server ( 3
openbsd server ) for syncronise file each server at least  more than
10 G transfer with that cable every day.


sonjaya
http://idsale.blogspot.com

Re: Recent ThinkPad T series

[Stuart Henderson]

On 2009-09-21, Brynet  wrote:
>
>> Intel GMA 4500MHD - ?
> Intel graphics should work with both 2D/3D acceleration, should
> meaning possibly.

GMA 4500 should. Careful with a blanket "Intel graphics" though;
GMA 500 is not supported by a particular driver, you are limited t
vesa(4).

>> Integrated camera - no
> This may be a UVC compliant USB device, if so, it may be supported by
> the uvideo(4) driver.. and you can use ports supporting the V42L API.

If it's a "vista-compatible" machine it should be UVC compliant
and fairly likely to work.

The thing you didn't mention; don't expect suspend to work yet.

Re: slip cable

[Paul de Weerd]

On Mon, Sep 21, 2009 at 05:12:13PM +0700, sonjaya wrote:
| hi ...
| 
| i want using slip as my network interface,  for cable layout what kind
| recomended and working in openbsd.
| i search null modem cable rs232 a have some type:
| - null  modem without handshaking
| - null  modem with loop back  handshaking
| - null  modem with partial  handshaking
| - null  modem with full handshaking
| 
| which one compatible for openbsd network ?
| 
| my plan that cable  will be transfer file between openbsd  server ( 3
| openbsd server ) for syncronise file each server at least  more than
| 10 G transfer with that cable every day.

10G/day is almost 1Mbit per second average (without encapsulation
overhead). Not really suitable for serial lines (or do you want to
bundle several 115kbit lines together for "super serial speed" ?). Why
are you avoiding a dedicated ethernet interface (or VLAN) between the
two machines ?

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: Outbound RST not seen by tcpdump?

[Stuart Henderson]

On 2009-09-21, Claudio Jeker  wrote:
> On Mon, Sep 21, 2009 at 09:44:34AM +0200, Janne Johansson wrote:
>> Ian Chard wrote:
>> > I'm troubleshooting a very strange problem, where my ssh connection to a
>> > few different OpenBSD machines drops suddenly, with the client machine
>> > receiving a TCP RST from the server.  I've taken tcpdump captures on
>> > both sides (in different sessions, so the tcpdump process doesn't die
>> > with my shell), and the OpenBSD machine's capture doesn't log the RST it
>> > apparently sends.

You mentioned a complex network environment - any firewalls (especially
stateful ones) involved?

>> There are ISPs that "traffic shape" their links by killing long-lasting
>> TCP streams by faking the RST in the middle.
>> 
>
> pf(4) does this as well, if the state times out (the default timeout for
> established sessions is around a day). Many other systems behave
> similar (sometimes with much shorter timeouts). Enabling ssh keepalive
> helps.
>

I think those pf(4)-generated RST would show up through bpf, though -
at least they do if you "block return", I guess it's the same when tearing
down an established session.

Re: Recent ThinkPad T series

[Samuel Baldwin]

2009/9/21 Michael Burk :
> CPU: B Intel Core2 Duo (SP9600 or T9600) B - yes; use AMD64 arch?

I run AMD64 on my T61.

> ATI Mobility Radeon 3470 - yes
> B - or -
> Intel GMA 4500MHD - ?

I got the one with the nvidia card, this was my biggest mistake. As a
result I can't run OpenBSD comfortably (although I'm very pleased with
Arch Linux as a desktop, but that's another email). I've run OpenBSD
on here before, though, before you start complaining that my email
isn't relevant. ;-)

> UltraNav (TrackPoint and TouchPad) - probably

Most certainly. You can disable aspects of it in the BIOS, I took the
liberty of turning off the touchpad, best thing I've done for a laptop
in years.

> DisplayPort video port for external monitor - ?
> B  B (I'd like to be able to have two separate screens configured,
> B  B  though video mirroring would be OK)

Yup, I'm doing this right this moment.
http://logik.li/images/screenshots/arrakis/dualhead_for_obsd_misc.png

> Intel WiFi Link 5300 - yes
> Sound card (no specs available) - ?

Yup, although I had to write a little utility to toggle the volume,
but that was probably just due to never using OpenBSD's sound
subsystem before.

> One serious drawback is that I can't find a place locally that sells
> them, so I can't find out how they feel, sound, or how good the screen
> looks. I'd appreciate any comments about these aspects also.

My T61 is pretty quiet for a laptop, it also runs way cooler than most
laptops I've seen. I brought it into 100B0F heat for a month and while
most people's laptops overheated, the only part that even got hot to
the touch was the power cord. My screen handles up to 1680x1050
comfortably, which with a small font and good window managers means
you can fit a lot information on the screen. It's matte, so you never
feel like you're looking at a mirror, unlike most new laptops these
days. I can only see a rough outline of my head when I move it and I'm
infront of something white on a black screen, otherwise it's a nice
deep black. The sound system has been great, I use Grado SR-60's every
day with it and can't hear any noticable drop in sound quality from my
desktop.

The keyboard is very, very nice for a laptop and is essentially a full
size keyboard. I've been using my laptop as my primary computer for a
year now and I haven't had any complaints (even compared to my Model
M!), besides the fact that I can't rearrange the keys for dvorak, but
that's not really important since I'm a touch typist. I've never
bothered to figure out how to use the Fn key to use the numpad though,
but I guess that's a problem with most every laptop, not just
ThinkPads. (Or indeed a problem with me.) I can actually type faster
on this than my Model M, and with a fraction of the noise. (Although
it's not quite the same, but you're never going to have buckling
springs in a laptop.)

Hope this helps, sorry I'm not using the same model you were looking
for, but overall IBM's ThinkPad line has seemed great to me, even
after giving it to Lenovo.

--
Samuel Baldwin - logik.li

Re: Recent ThinkPad T series

[Jeffrey 'jf' Lim]

On Mon, Sep 21, 2009 at 1:41 PM, Jeffrey 'jf' Lim wrote:

> On Mon, Sep 21, 2009 at 12:11 PM, Michael Burk  wrote:
>
>>
>> UltraNav (TrackPoint and TouchPad) - probably
>>
>
>
these (plural!) should be detected as standard HID devices.

-jf

Re: slip cable

[Josh Grosse]

On Mon, Sep 21, 2009 at 05:12:13PM +0700, sonjaya wrote:

[snip]
> my plan that cable  will be transfer file between openbsd  server ( 3
> openbsd server ) for syncronise file each server at least  more than
> 10 G transfer with that cable every day.

IIRC the max speed for a serial port is 115200 Kbps.  10GB would take just
under 208 hours -- more than eight days.  Perhaps a network connection 
would be more useful.

Re: realtime mirroring and openbsd ?

[Joachim Schipper]

On Sun, Sep 20, 2009 at 10:58:56AM +0200, Benoit Chesneau wrote:
> Hi all,
> 
> I have to setup a full redundant installation for a web services in
> view of  having failover from one machine to the other. So data need
> to be replicated fin quasi realtime. There is solution like drbd on
> linux that works like a raid1 over tcp, but I wonder if there is any
> solution that would allow me to do it on openbsd ? also is there any
> distributed fs that could work over openbsd ?

The "well-known" solution is to use a database for all state and
replicate that. A simpler solution is to just use a static site. What
issue are you trying to solve?

Joachim

Re: slip cable

[Paul M]

On 21/09/2009, at 10:12 PM, sonjaya wrote:


hi ...

i want using slip as my network interface,  for cable layout what kind
recomended and working in openbsd.
i search null modem cable rs232 a have some type:
- null  modem without handshaking
- null  modem with loop back  handshaking
- null  modem with partial  handshaking
- null  modem with full handshaking

which one compatible for openbsd network ?

my plan that cable  will be transfer file between openbsd  server ( 3
openbsd server ) for syncronise file each server at least  more than
10 G transfer with that cable every day.


sonjaya
http://idsale.blogspot.com


This has nothing to do with openbsd, it's determined by your hardware.

Use a cable with full handshaking. The hw can then use it if it needs 
to.



paulm

FFS/disklabel compatibility among platforms

[David Vasek]

Hi all,

is there any guide about compatibility of (OpenBSD) FFS filesystem and 
disklabel among different hardware platforms? As I understand it, FFS 
filesystems on architectures with different byte endianess are not 
mutually compatible. What about different word length with same 
byte-endianess? Is FFS2 any different in this respect? The FAQ suggests 
that that i386 and amd64 are not mutually compatible.



From http://www.openbsd.org/faq/faq12.html#amd64better :


12.3.3 - Is it always better to run OpenBSD/amd64 on processors that
 support it?

   Not always.

There are a number of reasons one may desire to use OpenBSD/i386 over
OpenBSD/amd64, even on hardware that supports amd64 code:
[...]
* Need for ability to move disks to another machine that isn't amd64
  capable
[...]

Do I understand it right that disks (FFS, disklabel?) from OpenBSD/i386 
cannot be accessed on OpenBSD/amd64 or vice versa? I want to share 
external backup disks among different architectures and do not want to 
screw my data. What is the solution then?


Thanks for your help.

Regards,
David

Re: Recent ThinkPad T series

[neal hogan]

On Sun, Sep 20, 2009 at 10:11:12PM -0600, Michael Burk wrote:
> Hi All,
> 
> After years of using OpenBSD on servers, I want to take the plunge and
> setup an OpenBSD-based laptop. From what I gather on this list, it
> looks like ThinkPads are better supported than most. I've been looking
> at two models - the ThinkPad T400 and T400s. I've tried to determine
> if all the components are supported, but I'm not sure about some
> things. If anyone has direct experience with these models (they've
> been out for a year or so, I think), I'd appreciate any feedback.
> 
> Here's what I've determined about support:
> 
> CPU:  Intel Core2 Duo (SP9600 or T9600)  - yes; use AMD64 arch?
> ATI Mobility Radeon 3470 - yes
>   - or -
> Intel GMA 4500MHD - ?
> UltraNav (TrackPoint and TouchPad) - probably
> DisplayPort video port for external monitor - ?
> (I'd like to be able to have two separate screens configured,
>  though video mirroring would be OK)
> Intel WiFi Link 5300 - yes

I have a T400 w/ an ATHEROS 5425 card that is yet to be supported.
Although, there are versions of that chip that have support.

> Sound card (no specs available) - ?
> Bluetooth - yes through ports
> 5 in 1 or 7 in 1 Media Card Reader - standard USB storage device?
> Integrated camera - no
> Fingerprint reader - no
> 
> One serious drawback is that I can't find a place locally that sells
> them, so I can't find out how they feel, sound, or how good the screen
> looks. I'd appreciate any comments about these aspects also.

I really like the look and feel (I can send screenshots, if you desire).
When I was researching what to buy, many reviews claimed that the
keyboard too "flimsy." While I can bend the plastic in a couple of
places, I find that keyboard is quite sturdy.

The sound is fine. As good as I expect from small laptop speakers. I
use them everyday to listen to music while I work and sometimes turn the
sound up to listen to stuff as I do things like fold laundry or cook
dinner. Also, the keyboard sound control buttons work (and
have since I installed oBSD on it over a year ago).

I would recommend this machine.

g'luck!
-Neal


dmesg:

OpenBSD 4.6-current (GENERIC.MP) #178: Tue Sep  8 20:47:48 MDT 2009
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2070614016 (1974MB)
avail mem = 2011025408 (1917MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
bios0: vendor LENOVO version "7UET43WW (1.13 )" date 08/19/2008
bios0: LENOVO 7417CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
TCPA SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4)
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3)
USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.30 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 3MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T5225" serial  3388 type LION oem
"Panasonic"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2401, 2400, 1600, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
vga1 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at inteldrm0
"Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured
"Intel GM45 HECI

Prioritizing pf.conf entries over relayd?

[silvershadow123]

Hi misc@,

I have a cluster of firewall running based on pf, relayd, pfsync and carp.

Everything works perfectly, thanks to OpenBSD and the brilliant developers 
behind it! :-)

However, I've got a question where I don't seem to find the answer to myself:

There's a public (carped) IP (set up in relayd.conf) listing on port 80, 
redirecting traffic to two web servers in the back end.

Now I need an IP or IP range that is *excluded* from being load balanced. 
Traffic from this IP(s) should be redirected to only one (the first) of those 
web servers, as IP from this traffic is the web server admin who feeds the 
machines. He has to be connected to the same machine every time (due to some 
differences on the web servers and the 'direction' the data and databases are 
synced).

Thanks in advance,

Donald
-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser

Re: slip cable

[Diana Eichert]

On Mon, 21 Sep 2009, Josh Grosse wrote:
SNIP

IIRC the max speed for a serial port is 115200 Kbps.  10GB would take just
under 208 hours -- more than eight days.  Perhaps a network connection
would be more useful.


nope, read com(4)

diana

Re: slip cable

[Diana Eichert]

On Mon, 21 Sep 2009, Paul de Weerd wrote:
SNIP

overhead). Not really suitable for serial lines (or do you want to
bundle several 115kbit lines together for "super serial speed" ?). Why


Maybe they aren't using stock UART?  I've used 16750 based cards before,
read com(4) .  However I can see where you could make this assumption
because they didn't really provide much information to go on.

diana

Re: slip cable

[Josh Grosse]

On Mon, 21 Sep 2009 05:58:25 -0600 (MDT), Diana Eichert wrote

> nope, read com(4)

I did, but misread it.  "...factor of 115200..."   

Thanks for the correction.

   -J-

smtpd makemap question

[Didier Wiroth]

Hello,

I'm trying to add a single or more domain entries to 
the /etc/mail/virtual file and use makemap to generate 
the /etc/mail/virtual.db file but I keep getting an error.

1) f.ex. the virtual file contains:
@toto.net

2) try to generate the db file:
#makemap -o virtual.db virtual
makemap: virtual:1: invalid entry

Do I miss something?

Thanks a lot!
Kind regards
Didier

Re: slip cable

[Paul de Weerd]

Hey Diana,

On Mon, Sep 21, 2009 at 06:01:01AM -0600, Diana Eichert wrote:
> On Mon, 21 Sep 2009, Paul de Weerd wrote:
> SNIP
>> overhead). Not really suitable for serial lines (or do you want to
>> bundle several 115kbit lines together for "super serial speed" ?). Why
>
> Maybe they aren't using stock UART?  I've used 16750 based cards before,
> read com(4) .  However I can see where you could make this assumption
> because they didn't really provide much information to go on.

I know about the higher speeds but i doubt the OP does. They're
focusing on cables for a job that is way more suitable for a "real"
network and (as you say) forget to mention any other relevant details.

My guess would be that if you have high-speed UARTs, then you know
what you're doing and have a notion of the cables you need (and
recognize that this setup is basically a Bad Idea (tm)). I realized
later that OP mentioned 3 machines, not 2, making "real network" an
even more suitable solution.

Paul 'WEiRD' de Weerd

PS: have you ever done mbit+ over standard serial cabling ?

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

Re: smtpd makemap question

[Gilles Chehade]

Didier Wiroth a icrit :

Hello,

I'm trying to add a single or more domain entries to 
the /etc/mail/virtual file and use makemap to generate 
the /etc/mail/virtual.db file but I keep getting an error.


1) f.ex. the virtual file contains:
@toto.net

2) try to generate the db file:
#makemap -o virtual.db virtual
makemap: virtual:1: invalid entry

Do I miss something?

Thanks a lot!
Kind regards
Didier
  

x...@toto.net   x
y...@toto.net   y
@toto.netz

this means that x...@toto.net is delivered to account x, y...@toto.net is 
delivered to account y
and all other @toto.net addresses are delivered to z. you're missing a 
column


Gilles

Re: slip cable

[Diana Eichert]

On Mon, 21 Sep 2009, Paul de Weerd wrote:


Hey Diana,


SNIP

I know about the higher speeds but i doubt the OP does. They're
focusing on cables for a job that is way more suitable for a "real"
network and (as you say) forget to mention any other relevant details.


Yeah, it's always interesting trying to determine what someone is
really trying to ask.


My guess would be that if you have high-speed UARTs, then you know
what you're doing and have a notion of the cables you need (and
recognize that this setup is basically a Bad Idea (tm)). I realized
later that OP mentioned 3 machines, not 2, making "real network" an
even more suitable solution.


Serial Bus ;-)  but I doubt that's what they had in mind.


Paul 'WEiRD' de Weerd

PS: have you ever done mbit+ over standard serial cabling ?


highest I've used is 8x clock of 115k AKA 920k

diana

Past hissy-fits are not a predictor of future hissy-fits.
Nick Holland(06 Dec 2005)

Re: Prioritizing pf.conf entries over relayd?

[Vadim Zhukov]

On 21 September 2009 c. 15:55:22 silvershadow...@gmx.de wrote:
> Hi misc@,
>
> I have a cluster of firewall running based on pf, relayd, pfsync and
> carp.
>
> Everything works perfectly, thanks to OpenBSD and the brilliant
> developers behind it! :-)
>
> However, I've got a question where I don't seem to find the answer to
> myself:
>
> There's a public (carped) IP (set up in relayd.conf) listing on port
> 80, redirecting traffic to two web servers in the back end.
>
> Now I need an IP or IP range that is *excluded* from being load
> balanced. Traffic from this IP(s) should be redirected to only one
> (the first) of those web servers, as IP from this traffic is the web
> server admin who feeds the machines. He has to be connected to the
> same machine every time (due to some differences on the web servers
> and the 'direction' the data and databases are synced).

pass in quick on $ext_if from  to $ext_web_ip rdr-to $int_web_ip
anchor "relayd/*"

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Prioritizing pf.conf entries over relayd?

[silvershadow123]

> > Hi misc@,
> >
> > I have a cluster of firewall running based on pf, relayd, pfsync and
> > carp.
> >
> > Everything works perfectly, thanks to OpenBSD and the brilliant
> > developers behind it! :-)
> >
> > However, I've got a question where I don't seem to find the answer to
> > myself:
> >
> > There's a public (carped) IP (set up in relayd.conf) listing on port
> > 80, redirecting traffic to two web servers in the back end.
> >
> > Now I need an IP or IP range that is *excluded* from being load
> > balanced. Traffic from this IP(s) should be redirected to only one
> > (the first) of those web servers, as IP from this traffic is the web
> > server admin who feeds the machines. He has to be connected to the
> > same machine every time (due to some differences on the web servers
> > and the 'direction' the data and databases are synced).
> 
> pass in quick on $ext_if from  to $ext_web_ip rdr-to $int_web_ip
> anchor "relayd/*"

That was exactly what I was searching for, thank you very much! In fact, I 
forgot to 'rdr' the traffic, as relayd does. 

Thanks again,

Donald

> --
>   Best wishes,
> Vadim Zhukov
> 
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?

;)
-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser

Re: slip cable

[sonjaya]

[snip]
On Mon, Sep 21, 2009 at 5:59 PM, Paul M  wrote:
>
> This has nothing to do with openbsd, it's determined by your hardware.
>
> Use a cable with full handshaking. The hw can then use it if it needs to.

thank's i will create null modem with full handshaking.if that best
options for all choice

Re: Outbound RST not seen by tcpdump?

[Mike Shaw]

I had a similar situation with an old PIX firewall.  It wasn't SSH...this
was HTTP but it was the same thing. The firewall was using a buggy IOS and
was resetting connections whenever it felt like it.  But only telling one
side.  This was on an internal DMZ'd network as wellno ISP.

This was a Java application server with ridiculous keepalives, so eventually
the server would crash when the firewall decided to drop alot over a short
period.

-Mike

On Fri, Sep 18, 2009 at 9:20 AM, Ian Chard  wrote:

> Hi,
>
> I'm troubleshooting a very strange problem, where my ssh connection to a
> few different OpenBSD machines drops suddenly, with the client machine
> receiving a TCP RST from the server.  I've taken tcpdump captures on both
> sides (in different sessions, so the tcpdump process doesn't die with my
> shell), and the OpenBSD machine's capture doesn't log the RST it apparently
> sends.
>
> Now the machines are in a complex network, so it's possible that the packet
> is being generated spuriously by something else.  My question is: is there
> any way that the OpenBSD kernel could sent a TCP RST that is always missed
> by tcpdump running on the same machine?
>
> Thanks for any help
> - Ian
>
> --
> Ian Chard, Senior Unix and Network Gorilla | E: ian.ch...@sers.ox.ac.uk
> Systems and Electronic Resources Service   | T:  80587 / (01865) 280587
> Oxford University Library Services | F:  (01865) 242287

Re: slip cable

[sonjaya]

[snip]
On Mon, Sep 21, 2009 at 5:25 PM, Paul de Weerd  wrote:
>
> 10G/day is almost 1Mbit per second average (without encapsulation
> overhead). Not really suitable for serial lines (or do you want to
> bundle several 115kbit lines together for "super serial speed" ?). Why
> are you avoiding a dedicated ethernet interface (or VLAN) between the
> two machines ?

yes the best options is using switch and vlan , buat is my problem in
my place no switch support vlan also no pci socket avaliable for
another ethernet card.i have try using usb to network but have poor
link.

Re: slip cable

[Diana Eichert]

On Mon, 21 Sep 2009, sonjaya wrote:


yes the best options is using switch and vlan , buat is my problem in
my place no switch support vlan also no pci socket avaliable for
another ethernet card.i have try using usb to network but have poor
link.


What device did you use to "usb to network"?

diana

Re: slip cable

[Stuart Henderson]

On 2009-09-21, sonjaya  wrote:
> [snip]
> On Mon, Sep 21, 2009 at 5:25 PM, Paul de Weerd  wrote:
>>
>> 10G/day is almost 1Mbit per second average (without encapsulation
>> overhead). Not really suitable for serial lines (or do you want to
>> bundle several 115kbit lines together for "super serial speed" ?). Why
>> are you avoiding a dedicated ethernet interface (or VLAN) between the
>> two machines ?
>
> yes the best options is using switch and vlan , buat is my problem in
> my place no switch support vlan also no pci socket avaliable for
> another ethernet card.

even fairly inexpensive "web managed" switches can do vlan segregation.
I've personally used hp, dlink, allied telesyn, smc (the ones I used of
these are limited but were pretty much ok), and netgear and linksys
(didn't like either of these at all).

this is probably cheaper, will most likely put less load on your servers,
and are almost certainly easier to purchase than serial ports fast enough
to handle your data transfer requirements (and you mention 3 machines so
you're going to need buy 3 high quality cables, and at least 4 fast serial
cards unless you plan on taking machines down to swap cards between
them ..).

there are good, appropriate, uses for serial-line comms, this is not one
of them.

> i have try using usb to network but have poor link.

some are terrible, others are totally fine. you have a lot of choices
here (e.g. 2x usb ethernet with many types available + crossover cable,
or 1x client-client cdce(4) cable).

PF binat: How to Binat bewteen two public IPs?

[Matthew Young]

Hello,

Iam trying to  setup a PF box with ONE interface on a public IP to be able
to redirect all packets that come to one of its IPs to another IP. The
objective is to cloak the IP of the final destination. Please note that
there is a public IP on both sides.

1.1.1.1 (me) ---> 2.2.2.2 (PF box with binat) --> 3.3.3.3

So, if I want to SSH in 3.3.3.3 for example I could just ssh into 2.2.2.2 .


Here is my pf.conf:

# cat
/etc/pf.conf
t_externa = "re0"

web_serv_int = "1.1.1.1"
web_serv_ext = "3.3.3.3"

binat on $t_externa from $web_serv_int to any -> $web_serv_ext



I have also tried to add 1.1.1.1 as an ipaliase in the PF box ... but that
just makes all my communications hang if I try to SSH to 2.2.2.2  from
1.1.1.1.


Is there something Iam missing? I think this would be possible, right?


--Matt

Re: slip cable

[Ahlsen-Girard, Edward F CTR USAF AFSOC AFSOC/A6OK]

>> Past hissy-fits are not a predictor of future hissy-fits.
>> Nick Holland(06 Dec 2005)


Speaking of hissy-fits, see LMCCONTROL(8) for HSSI.  Although that would
need the cards.


--
Ed Ahlsen-Girard, Contractor (EITC)
AFSOC/A6OK
email: edward.ahlsen-girard@hurlburt.af.mil
850-884-2414
DSN: 579-2414

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: PF binat: How to Binat bewteen two public IPs?

[James Records]

I think you are probably missing a route back to your source through the
middle box.  You might want to look at relayd to "relay" the connection to
the other box, I believe that would get you what you want.

J

On Mon, Sep 21, 2009 at 10:50 AM, Matthew Young wrote:

> Hello,
>
> Iam trying to  setup a PF box with ONE interface on a public IP to be able
> to redirect all packets that come to one of its IPs to another IP. The
> objective is to cloak the IP of the final destination. Please note that
> there is a public IP on both sides.
>
> 1.1.1.1 (me) ---> 2.2.2.2 (PF box with binat) --> 3.3.3.3
>
> So, if I want to SSH in 3.3.3.3 for example I could just ssh into 2.2.2.2 .
>
>
> Here is my pf.conf:
>
> # cat
> /etc/pf.conf
> t_externa = "re0"
>
> web_serv_int = "1.1.1.1"
> web_serv_ext = "3.3.3.3"
>
> binat on $t_externa from $web_serv_int to any -> $web_serv_ext
>
>
>
> I have also tried to add 1.1.1.1 as an ipaliase in the PF box ... but that
> just makes all my communications hang if I try to SSH to 2.2.2.2  from
> 1.1.1.1.
>
>
> Is there something Iam missing? I think this would be possible, right?
>
>
> --Matt

Re: PF binat: How to Binat bewteen two public IPs?

[Matthew Young]

I think this is why I choose binat, so it works bilateral... serves the same
function, doesnt it?

On Mon, Sep 21, 2009 at 1:34 PM, James Records wrote:

> I think you are probably missing a route back to your source through the
> middle box.  You might want to look at relayd to "relay" the connection to
> the other box, I believe that would get you what you want.
>
> J
>
>
> On Mon, Sep 21, 2009 at 10:50 AM, Matthew Young wrote:
>
>> Hello,
>>
>> Iam trying to  setup a PF box with ONE interface on a public IP to be able
>> to redirect all packets that come to one of its IPs to another IP. The
>> objective is to cloak the IP of the final destination. Please note that
>> there is a public IP on both sides.
>>
>> 1.1.1.1 (me) ---> 2.2.2.2 (PF box with binat) --> 3.3.3.3
>>
>> So, if I want to SSH in 3.3.3.3 for example I could just ssh into 2.2.2.2
>> .
>>
>>
>> Here is my pf.conf:
>>
>> # cat
>> /etc/pf.conf
>> t_externa = "re0"
>>
>> web_serv_int = "1.1.1.1"
>> web_serv_ext = "3.3.3.3"
>>
>> binat on $t_externa from $web_serv_int to any -> $web_serv_ext
>>
>>
>>
>> I have also tried to add 1.1.1.1 as an ipaliase in the PF box ... but that
>> just makes all my communications hang if I try to SSH to 2.2.2.2  from
>> 1.1.1.1.
>>
>>
>> Is there something Iam missing? I think this would be possible, right?
>>
>>
>> --Matt

Re: Recent ThinkPad T series

[STeve Andre']

On Monday 21 September 2009 00:11:12 Michael Burk wrote:
> Hi All,
>
> After years of using OpenBSD on servers, I want to take the plunge and
> setup an OpenBSD-based laptop. From what I gather on this list, it
> looks like ThinkPads are better supported than most. I've been looking
> at two models - the ThinkPad T400 and T400s. I've tried to determine
> if all the components are supported, but I'm not sure about some
> things. If anyone has direct experience with these models (they've
> been out for a year or so, I think), I'd appreciate any feedback.
>
> Here's what I've determined about support:
>
> CPU:  Intel Core2 Duo (SP9600 or T9600)  - yes; use AMD64 arch?
> ATI Mobility Radeon 3470 - yes
>   - or -
> Intel GMA 4500MHD - ?
> UltraNav (TrackPoint and TouchPad) - probably
> DisplayPort video port for external monitor - ?
> (I'd like to be able to have two separate screens configured,
>  though video mirroring would be OK)
> Intel WiFi Link 5300 - yes
> Sound card (no specs available) - ?
> Bluetooth - yes through ports
> 5 in 1 or 7 in 1 Media Card Reader - standard USB storage device?
> Integrated camera - no
> Fingerprint reader - no
>
> One serious drawback is that I can't find a place locally that sells
> them, so I can't find out how they feel, sound, or how good the screen
> looks. I'd appreciate any comments about these aspects also.
>
> Thanks,
> Michael

Michael,

I've been running OpenBSD exclusively on Thinkpads since 1999.  They
are pretty much the most OpenBSD compatible laptops, and the
best built laptops.

I can attest to the T60p being good ('till it was stolen) and I currently
have a W500, of which everything works except for the winmodem
and fingerprint reader (mine doesn't have it, except that the hardware
is still there).  The W500 is a kick ass system.

Neal Hogan helped me last fall when I was determining the hardware
compatibility of the W and T lines.  I believe the only thing he doesn't
have is the wireless card working, which could be solved any number
of ways.

The HD Audio system that Thinkpads have are awesome, through the
azaila(4) driver.  I am ecstatic with that.  I have the 5300 working 
trough iwn(4).  Not sure about the camera.

The T400s/T500s I've bought I haven't had time to test with OpenBSD
but see Neal's mail on that.  Like Neal, I'd recommend the machine,
or the W500 if you can afford it.  Note that the W700s are all Nvidia
so stay away from them.

--STeve Andre'

TRDI3: Testemunhos e InfoGeral

[Almasoma]

**FormaC'C#o de Terapeutas Terapia Regressiva e Desenvolvimento
Integral (TRDI) 

Lisboa, Outubro de 2009 a Julho de 2011, 3B* EdiC'C#o**

FormaC'C#o de terapeutas na C!rea de regressC#o de memC3ria,
contemplando o desenvolvimento integral e recorrendo C  Terapia
Regressiva, a tC)cnicas de Desenvolvimento Pessoal, e C  MeditaC'C#o,
nas vertentes activa e tradicional. Adequa-se ao desenvolvimento
profissional, e C  cura e crescimento da Pessoa nas suas vC!rias
dimensC5es.

FormaC'C#o de 510h horas teC3rico-prC!ticas em pC3s-laboral (SC!b. e
Dom.), dirigida por MC!rio Resende e Ilja van de Griend. Com 190h de
SupervisC#o individual e em grupo incluC-das, facilitada por 5
assistentes formados em TRDI.

FormaC'C#o reconhecida pela European Association for Regression
Therapy (EARTh, http://www.earth-association.org
).

Com a colaboraC'C#o de especialistas nacionais e internacionais, como
Hans ten Dam, Roger Woolger, MC!rio SimC5es e VC-tor Rodrigues, entre
outros.

 Hans ten Dam

 MC!rio Resende

 Ilja van de Griend
 
 Roger Woolger

Hans ten Dam e Roger Woolger sC#o pioneiros da Terapia Regressiva,
professores internacionais, e autores de trabalhos clC!ssicos e
basilares nesta C!rea, como Cura Profunda (Hans ten Dam) e As VC!rias
Vidas da Alma (Roger Woolger).

Para mais detalhes como datas, preC'o, localizaC'C#o e inscriC'C#o
pode fazer o download aqui

.

Para mais informaC'C5es contacte-nos atravC)s de em...@almasoma.pt

;

Do endereC'o AlmaSoma, Rua de Santa Justa, 60 3B:Dto, 1100-485
Lisboa; 

Do tlm 965791605; 

Inscreva-se aqui 
. Ou veja http://www.almasoma.pt

Testemunhos dos Finalistas da 2B* EdiC'C#o

ContribuiC'C#o da TRDI para o seu desenvolvimento como Terapeuta
Regressivo:

Total: a fC3rmula do curso acho-a excelente b aprender as tC)cnicas
na prC!tica como terapeuta e como cliente, tornando-me ciente do
processo no seu todo.

Alexandre F., psicC3logo, professor universitC!rio, investigador

Fundamental! FantC!stica! Super completa! Agora tenho conhecimentos
de Terapia Regressiva, sei pC4-los em prC!tica e posso reconhecer as
variadC-ssimas tC)cnicas para trabalhar um vasto leque de
temas/problemas.

Marta M., psicC3loga clC-nica, especialista em infanto-juvenil

Todo o meu processo como terapeuta regressivo comeC'ou com a TRDI,
atC) aC- apenas tinha sido cliente e lido alguma coisa. Estas
experiC*ncias anteriores permitiram-me comparar o que conheci com o
que me tornei. Sinto que sou uma terapeuta regressiva muito mais
eficaz e completa do que experimentei e li, e tudo isso graC'as C 
TRDI. PoderC#o ser descobertas novas abordagens, cultivados outros
mC)todos, mas a TRDI proporciona aos terapeutas um profundo
conhecimento de tC)cnicas, uma profunda abordagem dos aspectos mais
C-ntimos da alma, um profundo auto-conhecimento. Em suma, ser
terapeuta e ser paciente de TRDI sC#o marcos importantes, diria atC)
imprescindC-veis, na vida de qualquer pessoa que se empenhe em
evoluir.

Maria Clara L., filologia germC"nica, professora primC!ria, autora de
RegressC5es b Processo Pessoal de Cura.

O impacto da TRDI no seu crescimento e desenvolvimento pessoal: 

Profundo. Foi/C) uma grande transformaC'C#o. Existe um antes e um
depois do TRDI na minha vida. Obrigado. Sinto-me em casa depois de
tanto tempo.

Nuno P., psicC3logo clC-nico

Vim C  procura de serenidade. Ganhei serenidade, luz e conheci uma
nova dimensC#o de dentro de mim. Sou o B+tanto maisB; que esperava.

Evelin S., empresC!ria, business coach, facilitadora de
constelaC'C5es sistC)micas

No final da formaC'C#o sinto-me bem prC3xima daquilo que
anteriormente eu gostaria de ser. O que significa que hoje amo o ser
que sou e conheC'o mais das minhas aptidC5es e potencialidades, assim
como aceito, com humildade, mas com muita vontade de trabalhar, as
minhas limitaC'C5es. 

Susana O., enfermeira, hipnoterapeuta.

Clique aqui para fazer o download de mais testemunhos:

Dell PE 1650 RAID options

[OpenBSD]

Hello,

I'm trying to replace the Adaptec RAID card inside the Dell PE 1650  
with a supported card like an LSI.  It seems raid cards like PERC 3/SC  
and DC are PCI, while 1650 has a ROMB - Raid On Motherboard.  I don't  
see anything inside the server (a scsi connector) to where to connect  
the PCI raid controller to with a scsi cable.  How do people go about  
this, is there a way to use another raid card in this server?

Thanks.

Mike


--
http://www.loftmail.com

Re: FFS/disklabel compatibility among platforms

[Nick Holland]

David Vasek wrote:

Hi all,

is there any guide about compatibility of (OpenBSD) FFS filesystem and 
disklabel among different hardware platforms? As I understand it, FFS 
filesystems on architectures with different byte endianess are not 
mutually compatible. What about different word length with same 
byte-endianess? Is FFS2 any different in this respect? The FAQ suggests 
that that i386 and amd64 are not mutually compatible.



From http://www.openbsd.org/faq/faq12.html#amd64better :


12.3.3 - Is it always better to run OpenBSD/amd64 on processors that
 support it?

   Not always.

There are a number of reasons one may desire to use OpenBSD/i386 over
OpenBSD/amd64, even on hardware that supports amd64 code:
[...]
* Need for ability to move disks to another machine that isn't amd64
  capable
[...]

Do I understand it right that disks (FFS, disklabel?) from OpenBSD/i386 
cannot be accessed on OpenBSD/amd64 or vice versa?


ACCESSED, yes, you can access data on your amd64 disks on an i386 system.

That sentence was intended to refer to repair.  If your amd64 system 
craps out and you need to pull the disks out and put it in another 
machine and have it Just Work (or work with minimal effort), you need to 
 have another amd64-compatible processor.  That wasn't referring to a 
file system issue, but rather a rapid repair issue.


I want to share 
external backup disks among different architectures and do not want to 
screw my data. What is the solution then?


There are lots of issues when moving disks between platforms.  Even if 
FFS on a sparc64 and an i386 and a MacPPC weren't issues, they each 
handle the disk differently (i.e., i386/amd64 use the fdisk & disklabel 
layout, sparc/sparc64 use just disklabel, macppc uses pdisk & disklabel 
OR fdisk & disklabel).  Enough issues that I think you are best off just 
planning on putting a disk on a box and leaving it there.  (You may 
actually get away with a bit more for non-boot disks as long as you 
respect endian issues...but you will have to play with it).


Best way I know of to back up a lot of odd machines is to one store is 
running your favorite backup application so it dumps its data over ssh 
link to the one machine (which you have a spare of for repair purposes) 
which has the backup media attached to it.


however, if "Different architectures" means amd64 and i386, no issues at 
all.


Nick.

Re: Dell PE 1650 RAID options

[Nick Holland]

OpenBSD wrote:

Hello,

I'm trying to replace the Adaptec RAID card inside the Dell PE 1650 with 
a supported card like an LSI.  It seems raid cards like PERC 3/SC and DC 
are PCI, while 1650 has a ROMB - Raid On Motherboard.  I don't see 
anything inside the server (a scsi connector) to where to connect the 
PCI raid controller to with a scsi cable.  How do people go about this, 
is there a way to use another raid card in this server?

Thanks.


Use another RAID card? sure.  Plug it in the PCI slot.
Your actual question is more likely, "How do I get the existing hot-swap 
drive bays attached to my add-on PCI card".  That's a trick, 'specially 
in a 1U box.  I don't have a 1650 handy, it is entirely possible there 
is no cable, and even if there was, you would need a longer one to reach 
all the way to the PCI slots (MOST Dells do have a cable between the 
SCSI back plane and the controller, but it is possible a 1650 is an 
exception)


That thing is an old, power-hungry pig, and I think a much better plan 
would be to unplug the ROMB do-hicky and use it as a standard Adaptec 
SCSI adapter (which it will be, if my memory serves me correctly).  Use 
softraid if you need it, or just periodically sync the data between disks.


If you are going to invest the money on a RAID controller, I'd suggest 
investing the money on new hardware all around, you will be much happier 
with the results.  Hey, I am a world champ at reusing old crap for new 
apps (and I've used a recycled, RAID-less 1650 before -- it was an old, 
slow, power-hungry pig three years ago when I did that!), but the point 
is to do it without investing more money in the old pigs.  Use the pigs 
as they are (or strip them down), don't add perfume. :)


Nick.

Re: FFS/disklabel compatibility among platforms

[David Vasek]

On Mon, 21 Sep 2009, Nick Holland wrote:


David Vasek wrote:



From http://www.openbsd.org/faq/faq12.html#amd64better :


12.3.3 - Is it always better to run OpenBSD/amd64 on processors that
 support it?

   Not always.

There are a number of reasons one may desire to use OpenBSD/i386 over
OpenBSD/amd64, even on hardware that supports amd64 code:
[...]
* Need for ability to move disks to another machine that isn't amd64
  capable
[...]

Do I understand it right that disks (FFS, disklabel?) from OpenBSD/i386 
cannot be accessed on OpenBSD/amd64 or vice versa?


ACCESSED, yes, you can access data on your amd64 disks on an i386 system.

That sentence was intended to refer to repair.  If your amd64 system craps 
out and you need to pull the disks out and put it in another machine and have 
it Just Work (or work with minimal effort), you need to  have another 
amd64-compatible processor.  That wasn't referring to a file system issue, 
but rather a rapid repair issue.


I see, it refers to something else. It's clear now. May I suggest a slight 
modification to that sentence in the FAQ then?


* Need for ability to move disks with already installed
  operating system to another machine that isn't amd64 capable


Best way I know of to back up a lot of odd machines is to one store is 
running your favorite backup application so it dumps its data over ssh link 
to the one machine (which you have a spare of for repair purposes) which has 
the backup media attached to it.


I agree, this is approximately what I am doing, but sometimes a directly 
connected USB-attached disk comes handy.



however, if "Different architectures" means amd64 and i386, no issues at all.


Yes, i386 and amd64 currently, but I would like to stay compatible with 
sparc64 too. However, sparc64 is big-endian so I am out of luck anyway. 
And "foreign" filesystems (ext2fs) are so slow on OpenBSD.


Thanks, Nick.

Regards,
David

Re: FFS/disklabel compatibility among platforms

[Hugo Osvaldo Barrera]

David: sorry for the duplicate, I meant to send this to misc@ the first time.


On Mon, Sep 21, 2009 at 17:49, David Vasek  wrote:
> On Mon, 21 Sep 2009, Nick Holland wrote:
>
>> David Vasek wrote:
>
 From http://www.openbsd.org/faq/faq12.html#amd64better :
>>>
>>> 12.3.3 - Is it always better to run OpenBSD/amd64 on processors that
>>> support it?
>>>
>>>   Not always.
>>>
>>>There are a number of reasons one may desire to use OpenBSD/i386 over
>>>OpenBSD/amd64, even on hardware that supports amd64 code:
>>> [...]
>>>* Need for ability to move disks to another machine that isn't amd64
>>>  capable
>>> [...]
>>>
>>> Do I understand it right that disks (FFS, disklabel?) from OpenBSD/i386
>>> cannot be accessed on OpenBSD/amd64 or vice versa?
>>
>> ACCESSED, yes, you can access data on your amd64 disks on an i386 system.
>>
>> That sentence was intended to refer to repair.  If your amd64 system craps
>> out and you need to pull the disks out and put it in another machine and
>> have it Just Work (or work with minimal effort), you need to  have another
>> amd64-compatible processor.  That wasn't referring to a file system issue,
>> but rather a rapid repair issue.
>
> I see, it refers to something else. It's clear now. May I suggest a slight
> modification to that sentence in the FAQ then?
>
>* Need for ability to move disks with already installed
>  operating system to another machine that isn't amd64 capable
>

Having an OS installed doesn't mean you're going to boot from it. I'd rather:
* Need for ability to boot disks on other machines that aren't amd64 capable.

>
>> Best way I know of to back up a lot of odd machines is to one store is
>> running your favorite backup application so it dumps its data over ssh
link
>> to the one machine (which you have a spare of for repair purposes) which
has
>> the backup media attached to it.
>
> I agree, this is approximately what I am doing, but sometimes a directly
> connected USB-attached disk comes handy.
>
>> however, if "Different architectures" means amd64 and i386, no issues at
>> all.
>
> Yes, i386 and amd64 currently, but I would like to stay compatible with
> sparc64 too. However, sparc64 is big-endian so I am out of luck anyway. And
> "foreign" filesystems (ext2fs) are so slow on OpenBSD.
>

If it's for backup purposes only, speed MAY not affect you so badly.
Is it weekly backups of one or two gigs? or a lot more frequent
backups/a lot moremore data.

> Thanks, Nick.
>
> Regards,
> David

mod_mp3 bug or wtf

[Andrej Elizarov]

Hi all.
I'm trying to setup mod_mp3 in default chrooted Apache.

it work like a charm after this:
#mkdir /music
#mkdir /var/www/music
#cp /from/some/*mp3 /music/
#cp /music/* /var/www/music/
create playlist.txt in /music
#cp /music/playlsit.txt /var/www/music

#cat /var/www/conf/modules/mp3.conf


Listen 80
Listen 8000

ServerName *
MP3Engine On
MP3CastName "mod_mp3"
MP3Genre "Sounds of Open Source"
MP3PlayList /music/playlist.txt
MP3LimitPlayConnections 5
Timeout 1200
MP3Random Off
MP3DefaultOperation select


Option "MP3DefaultOperation select" make it possible to view list of
directory "/music" contents and select any track in WinAmp.
Now it's ok, i can hear music in WinAmp on remote winbased notebook, getting
mod_mp3.m3u from http://my-obsd-powered:8000/.

BUT!
If i remove any mp3 file from /var/www/music OR(!!) from /music WinAmp did
not play this deleted track ([error syncing to mpeg] in winamp playlist).
So, it seems mod_mp3 still can operate outside chrooted apache envirenment.

Am i right?

If so, is it reasonable (and possible?) to patch mod_mp3 for playing music
from outside chroot?



---
I found this example:

mkdir /var/www/music
mkdir -p /var/www/var/www
cd /var/www/var/www
ln -s /var/www/music music

But in this case all mp3s must be inside ServerRoot. Not good.

Re: procfs in OpenBSD

[Philip Guenther]

2009/9/20 Daniel Bolgheroni :
> On Sat, 19 Sep 2009, Sergio Andr?s G?mez del Real wrote:
>> I failed googling about this topic. Any help please? :D :D :D :D
>
> This?
>
> # mount -t procfs /proc /proc

Great, now we have another user doing stuff without understanding why.
 Even better, it's with procfs, which none of the developers want to
touch.

To the original poster: I suggest you figure out what problem you're
trying to solve now, while you're thinking about it instead of later,
when some problem with procfs kicks you in the teeth while you're
under a deadline.


Philip Guenther

/31 subnets (RFC 3021)

[Aaron Mason]

Hi all,

Does OpenBSD comply with RFC 3021, allowing /31 subnets for
point-to-point links?  I'd resigned to the fact that you couldn't
since each subnet needs a network and broadcast address, though in the
grand scheme of things it makes sense.

TIA

-- 
Aaron Mason - Programmer, open source addict
- Oh, why does everything I whip leave me?

tmux neww syntax

[frantisek holop]

hi there,

i am having difficulties understanding the syntax tmux
new-windows command.  if i read it correctly, this is the
equivalent of screen's "screen" command.

i am trying to do the screen equivalent of this:

# -
screen  0 vmstat 5
screen -t "mutt"1 mutt
screen  2 ksh
screen  3 ksh
screen  4 ksh
screen -t "pflog"   5 bin/pflog.sh

select 2
# -

if i enter the :neww command from inside tmux,
the window gets created all right.  however if
i have:

# -
newwvmstat 5
newwmutt
newwksh
newwksh
newwksh
newwbin/pflog.sh

selectw 2
# -

i get syntax errors for the neww lines.
a huge .tmux.conf file example would be a godsend.
just cram in as many crazy examples as possible
to show off tmux's capabilities.  the man page
is simply too long and dry to get all the coolness
out of it :[   esp the pane/layout stuff is hard
to visualize reading the man page.

-f
-- 
of course i can cook, but i never do it on the first date.

Re: tmux neww syntax

[Aaron Stellman]

On Tue, Sep 22, 2009 at 03:27:21AM +0200, frantisek holop wrote:
> hi there,
> 
> i am having difficulties understanding the syntax tmux
> new-windows command.  if i read it correctly, this is the
> equivalent of screen's "screen" command.
> 
> i am trying to do the screen equivalent of this:

> # -
> newwvmstat 5
> newwmutt
> newwksh
> newwksh
> newwksh
> newwbin/pflog.sh
> 
> selectw 2
> # -
take a look at
./examples/n-marriott.conf in
http://downloads.sourceforge.net/tmux/tmux-1.0.tar.gz

Re: Dell PE 1650 RAID options

[OpenBSD]

Quoting Nick Holland :


OpenBSD wrote:

Hello,

I'm trying to replace the Adaptec RAID card inside the Dell PE 1650
 with a supported card like an LSI.  It seems raid cards like PERC
3/SC and DC are PCI, while 1650 has a ROMB - Raid On Motherboard.
I don't see anything inside the server (a scsi connector) to where
to connect the PCI raid controller to with a scsi cable.  How do
people go about this, is there a way to use another raid card in
this server?
Thanks.


Use another RAID card? sure.  Plug it in the PCI slot.
Your actual question is more likely, "How do I get the existing
hot-swap drive bays attached to my add-on PCI card".  That's a trick,
'specially in a 1U box.  I don't have a 1650 handy, it is entirely
possible there is no cable, and even if there was, you would need a
longer one to reach all the way to the PCI slots (MOST Dells do have a
cable between the SCSI back plane and the controller, but it is
possible a 1650 is an exception)


Yes, there seems to be no SCSI connector in this one, the ROMB looks
like a zero-raid type card that plugs into the MB via its own
connector.  So there is no way to connect the PCI card with the drives.



That thing is an old, power-hungry pig, and I think a much better plan
would be to unplug the ROMB do-hicky and use it as a standard Adaptec
SCSI adapter (which it will be, if my memory serves me correctly).  Use
softraid if you need it, or just periodically sync the data between
disks.


I think your memory is correct, it looks like the usual Adaptec SCSI
adapter.  This is what I will probably end up doing, mostly wanted the
RAID to use all three drives for a larger disk space.  I will also try
actually using the Adaptec RAID, believe it or not, it might work well
enough. :)



If you are going to invest the money on a RAID controller, I'd suggest
investing the money on new hardware all around, you will be much
happier with the results.  Hey, I am a world champ at reusing old crap
for new apps (and I've used a recycled, RAID-less 1650 before -- it was
an old, slow, power-hungry pig three years ago when I did that!), but
the point is to do it without investing more money in the old pigs.
Use the pigs as they are (or strip them down), don't add perfume. :)


I very much agree with you, but as you know we live in the real world.
:)  This server is here and either I use it or I don't.  I'm just
trying to make the best of it.  The PERC 3/SC/DC is cheap on Ebay but
I agree, lets not feed the old pig.
Thanks Nick, appreciate your thoughts and advice.


--
http://www.loftmail.com

Re: /31 subnets (RFC 3021)

[tico]

Aaron Mason wrote:

Hi all,

Does OpenBSD comply with RFC 3021, allowing /31 subnets for
point-to-point links?  I'd resigned to the fact that you couldn't
since each subnet needs a network and broadcast address, though in the
grand scheme of things it makes sense.

TIA

  

::yawn::

$ sudo ifconfig gif5 208.86.95.254/31  208.86.95.255
$ ifconfig gif5 
gif5: flags=8051 mtu 1280

   groups: gif
   physical address inet6 2607:f618:1::1 --> 2001:470:b8e9::2
   inet6 fe80::230:48ff:fe8a:268e%gif5 ->  prefixlen 64 scopeid 0xc
   inet6 2607:f618:2:1::1 -> 2607:f618:2:1::2 prefixlen 128
   inet 208.86.95.254 --> 208.86.95.255 netmask 0xfffe
$ uname -svr
OpenBSD 4.4 GENERIC#1021

-t

Re: tmux neww syntax

[frantisek holop]

hmm, on Mon, Sep 21, 2009 at 06:36:17PM -0700, Aaron Stellman said that
> take a look at
> ./examples/n-marriott.conf in
> http://downloads.sourceforge.net/tmux/tmux-1.0.tar.gz

thanks for the pointer.
it seems that i am missing new-session before creating new-window's.

.tmux.conf:

set -g visual-bell on
set -g prefix C-x

unbind C-b
  bind xsend-prefix
  bind C-x  send-prefix
  bind C-x  last
  bind ' '  next
  bind C-' 'next
  bind '"'  choose-window
  bind bspace   previous-window

new
neww
neww

selectw -t 0


i found it a bit confusing that if i started tmux with no parameters,
then after creating my 0 session from the config file, tmux goes
on to create another one:

0: 3 windows (created Tue Sep 22 04:25:12 2009) [80x24]
1: 1 windows (created Tue Sep 22 04:25:12 2009) [99x25] (attached)

because new-session is the implied command if no parameters are
specified on the command line:

 command [flags]
   This specifies one of a set of commands used to control
   tmux, as described in the following sections.  If no com-
   mands are specified, the new-session command is assumed.

this is probably up to personal preference, but i think in the case of
sessions/windows explicitly specified in the config file, attach-session
would be a more intuitive assumed command. those sessions/windows are
probably the ones the user will want to use and creating an entirely new
and isolated session would be probably a much less often used scenario..
(not that typing "tmux a" is so much more than "tmux", it's just the
principle)

one could also look at it from an ontogenetic perspective: just before
starting tmux the sessions/windows inside .tmux.conf do not exist as
such, that's why i haven't thought of starting tmux with attach -- there
was nothing to attach to basically.


as a (very) long time screen user, let me state it that tmux
is looking great and i will be holding a screen good bye party
one of these days.  it was a great idea to include it in base.
(now only if apache would get the boot)  thanks for the great job.

-f
-- 
the worst vice of a fanatic is his sincerity.

Re: managing authorized_keys

[Chris Dukes]

On Fri, Sep 18, 2009 at 01:32:34PM -0400, bofh wrote:
> 
> That's one problem, I have no idea.  I do know that we have some
> automated processes for grabbing performance data.  I'm thinking
> probably between 20 and 50 keys.  It really depends on a couple of
> other factors as well - do I want to pull ftp type access in to this
> little project?  If so, that definitely increases things quite a bit.
> Hmm... can things be locked down so that scp access won't provide
> shell access?  This would be whatever version of openssh IBM put on
> AIX.  Gah, now have to go do more research... :)

IBM punted their port of openssh to AIX to sourceforge.
You'll need the openssl LPP from IBM.

As for locking down to just scp/sftp/rsync, you want something like rssh.
Warning, the last released version doesn't play nice with rsync 3.x.
The Debian folks were kind enough to document their patches to resolve the
issue.

-- 
Chris Dukes

Re: managing authorized_keys

[Chris Dukes]

On Fri, Sep 18, 2009 at 10:29:54AM -0400, bofh wrote:
> Hi,
> Just wanted to see how you guys manage authorized_keys.  I'm trying to
> move everyone off "legacy" protocols onto openssh, and one of my
> proposals will involve using authorized keys for scripts/automated
> processes.
> 
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?
> 
> Thanks for any pointers!

In the present enironment I work in we have about 120 boxes and about
15 people that can run around as root for various tasks.
To meet corporate requirements for tracking which sysadmin is doing
what we have kerberos 5 in the environment and manage admin logins through
centrally managed .k5login files and gssapi.

For key based access to privileged accounts we have to, by corporate
policy, lock down each authorized key to a specific host and features
such as interactive login and port forwarding are disabled.
On the down side, it's a PITA.  On the up side, we have a strong incentive
to keep the simplest trust graph possible.

The nastiest web we have is about 17 accounts that need ssh access to 
two accounts.  In that case the server that is sshed to is using a restricted
shell.

We're sure a determined cracker could compromise our scheme but
1) The gaping obvious holes with more disgruntled employees mucking
with them are the web apps we host.
2) You know that recent theregister article about how more outtages
are the result of incompetence rather than malice... the apps we host
suffer from that problem.

> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted."  -- Gene Spafford

"Securing Windows NT:  Wire Cutter or Thermite?"

> learn french:  http://www.youtube.com/watch?v=30v_g83VHK4
> 

-- 
Chris Dukes

Re: managing authorized_keys

[Chris Dukes]

On Fri, Sep 18, 2009 at 03:08:09PM -0400, bofh wrote:
> On Fri, Sep 18, 2009 at 2:26 PM, Jim Razmus  wrote:
> > cfengine in ports.
> 
> While cfengine and puppet are good solutions (or not so good,
> depending on how you get it in :)), unfortunately, that's not
> something I have available (and since I don't manage the systems...)
> 
> But maybe they do have something centrally managed.  I'll have to look
> into it.  Thanks for the pointer!
> 
> (but, I doubt so... :( )

If you don't manage the systems, the appropriate action would be to
open a ticket with those that manage the systems to start a dialog
about addressing your needs.

If you've done that and it's a no go for whatever reason...
there's these spiffy things called
dancer's shell
and 
bourne/korn shell for loop


> 
> 
> -- 
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted."  -- Gene Spafford
> learn french:  http://www.youtube.com/watch?v=30v_g83VHK4
> 

-- 
Chris Dukes

Re: FFS/disklabel compatibility among platforms

[Matthew Szudzik]

On Mon, Sep 21, 2009 at 11:49:33PM +0200, David Vasek wrote:
>> Best way I know of to back up a lot of odd machines is to one store is  
>> running your favorite backup application so it dumps its data over ssh 
>> link to the one machine (which you have a spare of for repair purposes) 
>> which has the backup media attached to it.
>
> I agree, this is approximately what I am doing, but sometimes a directly  
> connected USB-attached disk comes handy.

You can use a combination of pax and dd to write directly to a
USB-attached disk in a platform-independent manner.  For example, to
back up the contents of the directory DIR to the drive sd2, use

 pax -w -x cpio DIR | dd of=/dev/rsd2c bs=32b

The speed of this operation will depend on the blocksize (I used 32 in
this example).  I suggest doing some experiments to see what blocksize
is the fastest for your hardware.

Re: managing authorized_keys

[bofh]

Oops, replied to Chris by mistake - meant to send it to the list

On Mon, Sep 21, 2009 at 11:48 PM, bofh  wrote:
> On Mon, Sep 21, 2009 at 11:13 PM, Chris Dukes 
wrote:
>> If you don't manage the systems, the appropriate action would be to
>> open a ticket with those that manage the systems to start a dialog
>> about addressing your needs.
>
> Heh.  I'm in security.  At a previous place, a fortune 100 company, it
> took 1.5 years of pushing before the team managing the DMZ boxes
> finally got around to using ssh and killing telnet/rsh access.  And
> it's not like they're dumb folks - they've contributed code to
> sendmail, bash, amanda, etc, and even have stuff that's in openbsd's
> ports.  People just hate change, I guess.
>
>> If you've done that and it's a no go for whatever reason...
>> there's these spiffy things called
>> dancer's shell
>
> The dancer's shell actually look pretty interesting! :)
> Unfortunately, the current place has a very strong "if I didn't pay
> IBM for it, I'm not using it because I need support" mentality by
> management.  Unfortunately, to push killing telnet/rsh, I need
> management support.  *sigh*  So, I had hoped that there was a chance
> that openssh can use certs that are in ldap for authorized_keys
> (understanding the security issues behind that), but if not, then, oh
> well :)
>
>
> --
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted."  -- Gene Spafford
> learn french:  http://www.youtube.com/watch?v=30v_g83VHK4
>



--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: PF binat: How to Binat bewteen two public IPs? *NOT RESOLVED*

[Matthew Young]

Hello guys,

Wouldnt a BINAT bewteen to public ips be possible, or wouldnt that make a
difference to what iam trying to achieve?

Thank you.

Matt

On Mon, Sep 21, 2009 at 12:50 PM, Matthew Young wrote:

> Hello,
>
> Iam trying to  setup a PF box with ONE interface on a public IP to be able
> to redirect all packets that come to one of its IPs to another IP. The
> objective is to cloak the IP of the final destination. Please note that
> there is a public IP on both sides.
>
> 1.1.1.1 (me) ---> 2.2.2.2 (PF box with binat) --> 3.3.3.3
>
> So, if I want to SSH in 3.3.3.3 for example I could just ssh into 2.2.2.2 .
>
>
>
> Here is my pf.conf:
>
> # cat
> /etc/pf.conf
> t_externa = "re0"
>
> web_serv_int = "1.1.1.1"
> web_serv_ext = "3.3.3.3"
>
> binat on $t_externa from $web_serv_int to any -> $web_serv_ext
>
>
>
> I have also tried to add 1.1.1.1 as an ipaliase in the PF box ... but that
> just makes all my communications hang if I try to SSH to 2.2.2.2  from
> 1.1.1.1.
>
>
> Is there something Iam missing? I think this would be possible, right?
>
>
> --Matt

Re: Dell PE 1650 RAID options

[Marco Peereboom]

On Mon, Sep 21, 2009 at 09:51:56PM -0400, OpenBSD wrote:
> Quoting Nick Holland :
>
>> OpenBSD wrote:
>>> Hello,
>>>
>>> I'm trying to replace the Adaptec RAID card inside the Dell PE 1650
>>>  with a supported card like an LSI.  It seems raid cards like PERC
>>> 3/SC and DC are PCI, while 1650 has a ROMB - Raid On Motherboard.
>>> I don't see anything inside the server (a scsi connector) to where
>>> to connect the PCI raid controller to with a scsi cable.  How do
>>> people go about this, is there a way to use another raid card in
>>> this server?
>>> Thanks.
>>
>> Use another RAID card? sure.  Plug it in the PCI slot.
>> Your actual question is more likely, "How do I get the existing
>> hot-swap drive bays attached to my add-on PCI card".  That's a trick,
>> 'specially in a 1U box.  I don't have a 1650 handy, it is entirely
>> possible there is no cable, and even if there was, you would need a
>> longer one to reach all the way to the PCI slots (MOST Dells do have a
>> cable between the SCSI back plane and the controller, but it is
>> possible a 1650 is an exception)
>
> Yes, there seems to be no SCSI connector in this one, the ROMB looks
> like a zero-raid type card that plugs into the MB via its own
> connector.  So there is no way to connect the PCI card with the drives.

Wrong.

It has 2 modes.  Either ROMB aka RAID via the disabled aac driver,  Or
SCSI through the 7899 adaptec chip via the ahc driver.

It has a key and some memory to enable the RAID card; hint NOO zero
RAID.

>
>
>> That thing is an old, power-hungry pig, and I think a much better plan
>> would be to unplug the ROMB do-hicky and use it as a standard Adaptec
>> SCSI adapter (which it will be, if my memory serves me correctly).  Use
>> softraid if you need it, or just periodically sync the data between
>> disks.
>
> I think your memory is correct, it looks like the usual Adaptec SCSI
> adapter.  This is what I will probably end up doing, mostly wanted the
> RAID to use all three drives for a larger disk space.  I will also try
> actually using the Adaptec RAID, believe it or not, it might work well
> enough. :)

1650 is a fine machine and does not draw nearly as much power as any P4.
In fact this was a machine that had the 1.4GHz P3 chips that ran as fast
as the P4 of twice the GHz at the time of launch.

>
>
>> If you are going to invest the money on a RAID controller, I'd suggest
>> investing the money on new hardware all around, you will be much
>> happier with the results.  Hey, I am a world champ at reusing old crap
>> for new apps (and I've used a recycled, RAID-less 1650 before -- it was
>> an old, slow, power-hungry pig three years ago when I did that!), but
>> the point is to do it without investing more money in the old pigs.
>> Use the pigs as they are (or strip them down), don't add perfume. :)
>
> I very much agree with you, but as you know we live in the real world.
> :)  This server is here and either I use it or I don't.  I'm just
> trying to make the best of it.  The PERC 3/SC/DC is cheap on Ebay but
> I agree, lets not feed the old pig.
> Thanks Nick, appreciate your thoughts and advice.

You can not route a cable in this machine since it is part of the
motherboard.  And you should be happy when you see that.  Now you don't
have to deal with crappy ass cables that will generate all kinds of
stupid non fixable issues.

>
>
> --
> http://www.loftmail.com

TRDI3: Testemunhos e InfoGeral

[Almasoma]

**FormaC'C#o de Terapeutas Terapia Regressiva e Desenvolvimento
Integral (TRDI) 

Lisboa, Outubro de 2009 a Julho de 2011, 3B* EdiC'C#o**

FormaC'C#o de terapeutas na C!rea de regressC#o de memC3ria,
contemplando o desenvolvimento integral e recorrendo C  Terapia
Regressiva, a tC)cnicas de Desenvolvimento Pessoal, e C  MeditaC'C#o,
nas vertentes activa e tradicional. Adequa-se ao desenvolvimento
profissional, e C  cura e crescimento da Pessoa nas suas vC!rias
dimensC5es.

FormaC'C#o de 510h horas teC3rico-prC!ticas em pC3s-laboral (SC!b. e
Dom.), dirigida por MC!rio Resende e Ilja van de Griend. Com 190h de
SupervisC#o individual e em grupo incluC-das, facilitada por 5
assistentes formados em TRDI.

FormaC'C#o reconhecida pela European Association for Regression
Therapy (EARTh, http://www.earth-association.org
).

Com a colaboraC'C#o de especialistas nacionais e internacionais, como
Hans ten Dam, Roger Woolger, MC!rio SimC5es e VC-tor Rodrigues, entre
outros.

 Hans ten Dam

 MC!rio Resende

 Ilja van de Griend
 
 Roger Woolger

Hans ten Dam e Roger Woolger sC#o pioneiros da Terapia Regressiva,
professores internacionais, e autores de trabalhos clC!ssicos e
basilares nesta C!rea, como Cura Profunda (Hans ten Dam) e As VC!rias
Vidas da Alma (Roger Woolger).

Para mais detalhes como datas, preC'o, localizaC'C#o e inscriC'C#o
pode fazer o download aqui

.

Para mais informaC'C5es contacte-nos atravC)s de em...@almasoma.pt

;

Do endereC'o AlmaSoma, Rua de Santa Justa, 60 3B:Dto, 1100-485 Lisboa;


Do tlm 965791605; 

Inscreva-se aqui 
. Ou veja http://www.almasoma.pt

Testemunhos dos Finalistas da 2B* EdiC'C#o

ContribuiC'C#o da TRDI para o seu desenvolvimento como Terapeuta
Regressivo:

Total: a fC3rmula do curso acho-a excelente b aprender as tC)cnicas
na prC!tica como terapeuta e como cliente, tornando-me ciente do
processo no seu todo.

Alexandre F., psicC3logo, professor universitC!rio, investigador

Fundamental! FantC!stica! Super completa! Agora tenho conhecimentos de
Terapia Regressiva, sei pC4-los em prC!tica e posso reconhecer as
variadC-ssimas tC)cnicas para trabalhar um vasto leque de
temas/problemas.

Marta M., psicC3loga clC-nica, especialista em infanto-juvenil

Todo o meu processo como terapeuta regressivo comeC'ou com a TRDI,
atC) aC- apenas tinha sido cliente e lido alguma coisa. Estas
experiC*ncias anteriores permitiram-me comparar o que conheci com o
que me tornei. Sinto que sou uma terapeuta regressiva muito mais
eficaz e completa do que experimentei e li, e tudo isso graC'as C 
TRDI. PoderC#o ser descobertas novas abordagens, cultivados outros
mC)todos, mas a TRDI proporciona aos terapeutas um profundo
conhecimento de tC)cnicas, uma profunda abordagem dos aspectos mais
C-ntimos da alma, um profundo auto-conhecimento. Em suma, ser
terapeuta e ser paciente de TRDI sC#o marcos importantes, diria atC)
imprescindC-veis, na vida de qualquer pessoa que se empenhe em
evoluir.

Maria Clara L., filologia germC"nica, professora primC!ria, autora de
RegressC5es b Processo Pessoal de Cura.

O impacto da TRDI no seu crescimento e desenvolvimento pessoal: 

Profundo. Foi/C) uma grande transformaC'C#o. Existe um antes e um
depois do TRDI na minha vida. Obrigado. Sinto-me em casa depois de
tanto tempo.

Nuno P., psicC3logo clC-nico

Vim C  procura de serenidade. Ganhei serenidade, luz e conheci uma
nova dimensC#o de dentro de mim. Sou o B+tanto maisB; que esperava.

Evelin S., empresC!ria, business coach, facilitadora de constelaC'C5es
sistC)micas

No final da formaC'C#o sinto-me bem prC3xima daquilo que anteriormente
eu gostaria de ser. O que significa que hoje amo o ser que sou e
conheC'o mais das minhas aptidC5es e potencialidades, assim como
aceito, com humildade, mas com muita vontade de trabalhar, as minhas
limitaC'C5es. 

Susana O., enfermeira, hipnoterapeuta.

Clique aqui para fazer o download de mais testemunhos:

Re: Recent ThinkPad T series

[Michael Burk]

Thank you to *everyone* who responded - lots of helpful information.
There are still some uncertainties, but it looks like a much better
bet than most brands I've looked into. I was surprised that the camera
and fingerprint reader might actually work, though neither are
anywhere close to deal breakers if they don't.

Regarding the flimsy keyboard, I read that there was a design flaw
with the first release of one (or both) of these, but it was
subsequently fixed.

-- Michael

On Sun, Sep 20, 2009 at 10:11 PM, Michael Burk  wrote:
> Hi All,
>
> After years of using OpenBSD on servers, I want to take the plunge and
> setup an OpenBSD-based laptop. From what I gather on this list, it
> looks like ThinkPads are better supported than most. I've been looking
> at two models - the ThinkPad T400 and T400s. I've tried to determine
> if all the components are supported, but I'm not sure about some
> things. If anyone has direct experience with these models (they've
> been out for a year or so, I think), I'd appreciate any feedback.

Gestão de Empresas em Contexto de Crise

[Master IPEFI]

Programa Master IPEFI
GestC#o de Empresas em Contexto de Crise

ApresentaC'C#o
Portugal vive uma das crises mais graves dos C:ltimos 50 anos.
O investimento e o consumo estC#o em queda, as exportaC'C5es descem
 e o desemprego ameaC'a milhares de postos de trabalho.
A pobreza aumenta e o sistema financeiro exige cuidados.
Cneste contexto que o Instituto PortuguC*s de Estudos Fiscais
 Internacionais lanC'a o Master bGestC#o de Empresas em Contexto
de Criseb.
Este C) um programa de apoio aos empresC!rios, gestores e elementos
 de alta direcC'C#o no sentido de orientar as suas organizaC'C5es no
cenC!rio actual de crise.
O curso estC! divido em quatro grandes nC:cleos de formaC'C#o, cada
um deles correspondente a uma via de ultrapassar as dificuldades
sentidas pelas empresas, neste panorama econC3mico.
1. ElaboraC'C#o de Candidaturas ao QREN;
2. Internacionalizar a sua empresa;
3. Investimento e Financiamento em Tempos de Crise;
4. Re-organizaC'C#o Empresarial.

SessC#o I b ElaboraC'C#o de Candidaturas QREN

Dia 10 de Outubro (SC!bado)
HorC!rio: 10h b 14h
TagusPark b NC:cleo Central bSala 279

b"  QREN b Enquadramento

b"  Novos Sistemas de Incentivos C s Empresas

b"  Sistema de Apoio C  ModernizaC'C#o da AdministraC'C#o PC:blica

b"  Programa Operacional do Potencial Humano

b"  ElaboraC'C#o de Candidatura

b"  Entrega da candidatura


SessC#o II b InternacionalizaC'C#o e Marketing Internacional

Dia 17 de Outubro (SC!bado)
HorC!rio: 10h b 14h
TagusPark b NC:cleo Central bSala 279

b"  O processo de InternacionalizaC'C#o e o Marketing Global
b"  GlobalizaC'C#o e o Ambiente Internacional
b"  A SegmentaC'C#o em Ambiente Internacional
b"  Formas de Entrada em Mercados Internacionais
b"  DefiniC'C#o da Oferta em Mercados Externos. StandarizaC'C#o
vs. AdaptaC'C#o
b"  TendC*ncias em Empresas com presenC'a Internacional/Global
b"  OrganizaC'C#o da FunC'C#o Marketing em Mercados Globais
b"  Estudo de Casos

SessC#o III b Financiamento da Empresa

Dia 24 de Outubro (SC!bado)
HorC!rio: 10h b 14h
TagusPark b NC:cleo Central bSala 279

b"  Instrumentos de Financiamento de Curto Prazo
b"  Instrumentos de Financiamento de MC)dio Longo Prazo
b"  Re-EstruturaC'C#o Financeira da Empresa
b"  Plano de Financiamento
b"  Plano de Investimento
b"  Mapas de ExploraC'C#o
b"  Projectos de Investimento
b"  Novos VeC-culos de Financiamento:
- Project Finance
- Parcerias PC:blico Privadas

SessC#o IV b Re-OrganizaC'C#o Empresarial

Dia 31 de Outubro (SC!bado)
HorC!rio: 10h b 14h
TagusPark b NC:cleo Central bSala 279

b"  AvaliaC'C#o e RecuperaC'C#o de Empresas;
b"  ReorganizaC'C#o empresarial;
b"  GestC#o financeira e administrativa;
b"  Controlo de Tesouraria e GestC#o de CobranC'as;
b"  AnC!lise econC3mica e financeira
b"  Outsourcing
b"  OffShoring
b"  DownSizing
b"  Re-Engenharia de Processos e Qualidade

PreC'o do Programa

1 participante por empresa b 450 euros
2 participantes por empresa b 300 euros/cada
3 participantes por empresa b 250 euros/cada

*** Novos Contactos IPEFI ***

Se desejar receber informaC'C5es sobre este curso poderC! obtC*-las
respondendo a este mail ou contactando:

Instituto PortuguC*s de Estudos Fiscais Internacionais
Taguspark b Parque da CiC*ncia e Tecnologia
NC:cleo Central b Sala 279
Oeiras
2740-122 Porto Salvo

Tel. + 351 219 176 376 | www.ipefi.com
-
Esta mensagem estC! de acordo com a legislaC'C#o Europeia sobre o
envio de mensagens comerciais: Para ser removido da nossa lista,
basta que prima no link abaixo, ou responda a esta mensagem colo-
cando a palavra "Remover'"  em assunto




http://app.streamsend.com/private/8PuG/4FG/29CHD8D/unsubscribe/6239151

VPN using ipsec and NAT : NO_TRAFFIC: SINGLE

[openbsd]

Hello,

VPN is mounted but there's no traffic.
For recall :
Factory ip : 22.22.22.22 
factory lan : 10.0.0.0/8 --> biNAT--> 192.168.191.0
Our ip : 11.11.11.11
Our lan : 10.0.0.0/24 --> biNAT --> 192.168.192.0
our ftp : 10.0.0.115 --> biNAT --> 192.168.192.115
our OpenBSD Firewal : 10.0.0.113 (ftpproxy) -->biNAT--> 192.168.192.113 

In /var/log/daemon and messages, there's no error, so i think that the
error comes from my pf.conf file.

pfctl -s states ::
---
all tcp 10.0.0.114:25 (11.11.11.11:25) <- 193.253.100.193:1311
ESTABLISHED:ESTABLISHED
all tcp 193.253.100.193:1311 -> 10.0.0.114:25 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.114:25 (11.11.11.11:25) <- 193.253.100.193:1316
ESTABLISHED:ESTABLISHED
all tcp 193.253.100.193:1316 -> 10.0.0.114:25 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.114:110 (11.11.11.11:110) <- 193.253.100.193:1320
ESTABLISHED:ESTABLISHED
all tcp 193.253.100.193:1320 -> 10.0.0.114:110 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.114:25 (11.11.11.11:25) <- 193.253.100.193:1328
ESTABLISHED:ESTABLISHED
all tcp 193.253.100.193:1328 -> 10.0.0.114:25 ESTABLISHED:ESTABLISHED
all tcp 10.0.0.114:110 (11.11.11.11:110) <- 193.253.99.118:2600
FIN_WAIT_2:FIN_WAIT_2
all tcp 193.253.99.118:2600 -> 10.0.0.114:110 FIN_WAIT_2:FIN_WAIT_2
all tcp 10.0.0.114:110 (11.11.11.11:110) <- 193.253.99.118:2979
FIN_WAIT_2:FIN_WAIT_2
all tcp 193.253.99.118:2979 -> 10.0.0.114:110 FIN_WAIT_2:FIN_WAIT_2
all esp 11.11.11.11 <- 22.22.22.22 NO_TRAFFIC:SINGLE

tcpdump -nettti pflog0 ::
--
Sep 22 09:10:15.348127 rule 0/(match) block in on bge0: 192.168.0.13.138 >
192.168.0.255.138: udp 201
Sep 22 09:10:16.268114 rule 0/(match) block out on rl0:
192.168.191.254.11215 > 192.168.192.113.21: S 416012410:416012410(0) win
16384  (DF)
Sep 22 09:10:16.270094 rule 0/(match) block out on rl0:
192.168.191.254.5558 > 192.168.192.115.21: S 3008802303:3008802303(0) win
16384  (DF)
Sep 22 09:10:19.442729 rule 0/(match) block out on rl0:
192.168.191.254.5558 > 192.168.192.115.21: S 3008802303:3008802303(0) win
16384  (DF)
Sep 22 09:10:19.442782 rule 0/(match) block out on rl0:
192.168.191.254.11215 > 192.168.192.113.21: S 416012410:416012410(0) win
16384  (DF)
Sep 22 09:10:21.744797 rule 0/(match) block in on bge0: 10.0.0.114.138 >
10.0.0.255.138: udp 204
Sep 22 09:10:26.004802 rule 0/(match) block out on rl0:
192.168.191.254.5558 > 192.168.192.115.21: S 3008802303:3008802303(0) win
16384  (DF)
Sep 22 09:10:26.004856 rule 0/(match) block out on rl0:
192.168.191.254.11215 > 192.168.192.113.21: S 416012410:416012410(0) win
16384  (DF)
Sep 22 09:10:55.980627 rule 0/(match) block in on bge0: 192.168.0.92 >
224.0.0.22: igmp-2 [v2] [ttl 1]
Sep 22 09:10:55.987199 rule 0/(match) block in on bge0: 192.168.0.92 >
224.0.0.22: igmp-2 [v2] [ttl 1]
Sep 22 09:10:56.055641 rule 0/(match) block in on bge0: 192.168.0.92 >
224.0.0.22: igmp-2 [v2] [ttl 1]
Sep 22 09:10:56.132420 rule 0/(match) block in on bge0: 192.168.0.92 >
224.0.0.22: igmp-2 [v2] [ttl 1]
Sep 22 09:10:56.177171 rule 0/(match) block in on bge0: 192.168.0.92 >
224.0.0.22: igmp-2 [v2] [ttl 1]
Sep 22 09:10:56.347699 rule 0/(match) block in on bge0: 192.168.0.92 >
224.0.0.22: igmp-2 [v2] [ttl 1]
Sep 22 09:11:00.759127 rule 0/(match) block in on bge0: 192.168.0.92.138 >
192.168.0.255.138: udp 201
Sep 22 09:11:09.724487 rule 0/(match) block out on rl0:
192.168.191.254.22124 > 192.168.192.113.21: S 4242417665:4242417665(0) win
16384  (DF)
Sep 22 09:11:09.724542 rule 0/(match) block out on rl0:
192.168.191.254.12443 > 192.168.192.115.21: S 916436565:916436565(0) win
16384  (DF)
Sep 22 09:11:11.743450 rule 0/(match) block in on bge0: 10.0.0.115.137 >
10.0.0.255.137: udp 50 (DF)
Sep 22 09:11:12.925128 rule 0/(match) block out on rl0:
192.168.191.254.22124 > 192.168.192.113.21: S 4242417665:4242417665(0) win
16384  (DF)
Sep 22 09:11:12.927137 rule 0/(match) block out on rl0:
192.168.191.254.12443 > 192.168.192.115.21: S 916436565:916436565(0) win
16384  (DF)
Sep 22 09:11:13.743026 rule 0/(match) block in on bge0: 10.0.0.115.137 >
10.0.0.255.137: udp 50 (DF)
Sep 22 09:11:13.743317 rule 0/(match) block in on bge0: 10.0.0.115.137 >
10.0.0.255.137: udp 50 (DF)
Sep 22 09:11:15.742900 rule 0/(match) block in on bge0: 10.0.0.115.137 >
10.0.0.255.137: udp 50 (DF)
Sep 22 09:11:15.743629 rule 0/(match) block in on bge0: 10.0.0.115.138 >
10.0.0.255.138: udp 183 (DF)
Sep 22 09:11:19.487204 rule 0/(match) block out on rl0:
192.168.191.254.22124 > 192.168.192.113.21: S 4242417665:4242417665(0) win
16384  (DF)
Sep 22 09:11:19.489208 rule 0/(match) block out on rl0:
192.168.191.254.12443 > 192.168.192.115.21: S 916436565:916436565(0) win
16384  (DF)
Sep 22 09:12:02.397661 rule 0/(match) block out on rl0:
192.168.191.254.20978 > 192.168.192.113.21: S 313707294:313707294(0) win
16384  (DF)
Sep 22 09:12:02.399746 rule 0/(match) block out on rl0:
192.168.191.254.21081 > 192.168.192.115.21: S 32318798:32318798(0) win
16384  (DF)
Sep 22 09:12:05.642545 rule 0/(match) block out on rl0:
192.168.191.254.2097

Re: realtime mirroring and openbsd ?

[Benoit Chesneau]

On Mon, Sep 21, 2009 at 12:47 PM, Joachim Schipper
 wrote:

> The "well-known" solution is to use a database for all state and
> replicate that. A simpler solution is to just use a static site. What
> issue are you trying to solve?
>


Wan't to replicate a full couchdb (http://couchb.org) node. For now
replication of couchdb works only per db and over http. So if i have
1000 db I will have 1000 http connections open on the same machines.
It's somehow dangerous. That's why I'm/was looking for a way to
replicate on the fs level rather than db level. I've since developped
(yesterday morning) a global change handler that allow me to know in
quasi rt changes in all dbs of a couchdb node. That could hep for a
global replication I guess. I will do more tests/try today, but any
other idee is welcome :)

- benont