Re: disknice
On Thursday 04 February 2010 01:44:15 Ted Unangst wrote: > I haven't really solved the problem I want to solve, but was able to whip > this up pretty quickly. Basically, it's just a wrapper that runs a > command and then starves it from running. disknice is a misnomer, it also > gets starved from cpu, but at the current time the only way to slow down a > process's io is to stop it. Not a complete solution, but it will slow > down a large tar job to the point where other programs have plenty of time > to get their requests in. The sleep ratios should be tunable, aren't. > > > time disknice md5 -t I'm definitely going to play with this. To retard a process might be a better word, but might raise objections, so arrest, bridle or moderate might be better? --STeve Andre'
disknice
I haven't really solved the problem I want to solve, but was able to whip this up pretty quickly. Basically, it's just a wrapper that runs a command and then starves it from running. disknice is a misnomer, it also gets starved from cpu, but at the current time the only way to slow down a process's io is to stop it. Not a complete solution, but it will slow down a large tar job to the point where other programs have plenty of time to get their requests in. The sleep ratios should be tunable, aren't. > time disknice md5 -t MD5 time trial. Processing 1 1-byte blocks... Digest = 52e5f9c9e6f656f3e1800dfa5579d089 Time = 3.339803 seconds Speed = 29941885.793863 bytes/second 0m3.50s real 0m0.30s user 0m0.00s system #include #include #include #include #include int main(int argc, char **argv) { int i; char **nargv; pid_t pid; int status; const int onesec = 100; nargv = malloc((sizeof(*nargv) * argc + 1)); for (i = 1; i < argc; i++) { nargv[i-1] = argv[i]; } nargv[i-1] = NULL; pid = fork(); if (pid == -1) err(127, "fork"); if (!pid) { execvp(nargv[0], nargv); write(2, "failed to exec\n", 15); _exit(127); } usleep(10); while (!waitpid(pid, &status, WNOHANG)) { kill(pid, SIGSTOP); usleep(onesec / 2); kill(pid, SIGCONT); usleep(onesec / 10); } return WEXITSTATUS(status); }
Re: is the Lemote Yeeloong available in the US?
On Wed, Feb 03, 2010 at 09:48:29PM -0800, J.C. Roberts wrote: > On Wed, 3 Feb 2010 18:45:13 -0700 (MST) Diana Eichert > wrote: > > > Really, I meant, Where would Carmen San Diego find a > > Lemote Yeeloong in the US? > > > > diana > > > > I was wondering when Loongson based systems would start showing up, but > the following was a wonderful surprise: > > http://www.lemote.com/english/index.html > > "The world's first laptop which contains completely free > software. All system source files(BIOS, kernel, drivers etc.) > are free , no close firmware needed.High performance. Tests > show that our platform gets the best performance for 7"-9"ultra > mobile laptops. ... " > > > Any vendor that puts the above on their home page, and lives up to it, > deserves support. > > The Dutch Tekmote company sells them for under EUR 350 including > shipping and VAT, and they seem to ship worldwide. I'd guess there's no Small correction: the price mentioned are without VAT and shipping. > VAT on non-EU orders? > http://www.tekmote.nl/epages/61504599.sf > > I haven't found anyone in the US selling them, but I'm still looking. > > jon If you are surprised the little machine exists, you might also be surprised by these urls: http://www.openbsd.org/loongson.html and http://www.drijf.net/pictures/lemote/ Miod did the big bulk of work, he had to do some of his magic to get this working facing very nasty processor bugs. Matthieu had X working in a breeze and I did assorted things here and there, fixing a gcc propolice bug that potentially could harm other platforms as well being the most important one. If you want to move things forward, please get jasper@ a machine. We need ports! -Otto
Re: is the Lemote Yeeloong available in the US?
On Wed, 3 Feb 2010 18:45:13 -0700 (MST) Diana Eichert wrote: > Really, I meant, Where would Carmen San Diego find a > Lemote Yeeloong in the US? > > diana > I was wondering when Loongson based systems would start showing up, but the following was a wonderful surprise: http://www.lemote.com/english/index.html "The world's first laptop which contains completely free software. All system source files(BIOS, kernel, drivers etc.) are free , no close firmware needed.High performance. Tests show that our platform gets the best performance for 7"-9"ultra mobile laptops. ... " Any vendor that puts the above on their home page, and lives up to it, deserves support. The Dutch Tekmote company sells them for under EUR 350 including shipping and VAT, and they seem to ship worldwide. I'd guess there's no VAT on non-EU orders? http://www.tekmote.nl/epages/61504599.sf I haven't found anyone in the US selling them, but I'm still looking. jon
Re: Fw: pico and/or nano in the releases and snapshots
Hello, While you're likely a troll, you may just be some sad religious zealot ranting on a mailing list. If you're not fond of vi(1), you may be interested in mg(1).. while it's not exactly the same as pico or nano, it's not that far off. Keep it off the lists next time, -Bryan.
Re: Fw: pico and/or nano in the releases and snapshots
On Thu, Feb 4, 2010 at 11:35 AM, Scott McEachern wrote: > Giridhari wrote: > > blah blah >> >> pico or nano > > blah blah >> >> part of the distribution. > > and more blah blah blah. > > All that because you find 'pkg_add pico" or "pkg_add nano" too difficult to > type? > > -- > > -RSM > > http://www.erratic.ca > > Or not be an arse and learn vi. Giridhari, I once thought like you did. Then I discovered a wonderful resource - a mug that is sold by ThinkGeek. It has all of the commands you could hope to need, and how to use them. The graphic that's used on the cup is freely downloadable, so you can blow it up to A3 and stick it on the wall behind your computer for easy reference. Believe me, learning how to use vi will save you a lot of headaches in the long run. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
Re: http://www.apache.org/dist/httpd/Announcement1.3.html
OpenBSD apache 1.3 != apache 1.3 What is wrong with apache in base? And if you don't like it what is wrong with apache 2 in ports? Or any other web server in ports for that matter. On Wed, Feb 03, 2010 at 07:21:03PM -0800, David wrote: > Given the above, is openbsd going to stick with Apache 1.3?
Re: OpenBSD on Wyse C90LE
Jacob Meuser wrote: >> Absolutely right. Kernel doesn't see USB drive from that point because >> USB is not 2.0 as advertised but it is 1.1. Crapy hardware. Seems that >> uhci doesn't pick up from ehci during the boot process. > did you ty disabling echi in UKC? No, I didn't try. I will try tomorrow morning when I have access to hardware again. I was slow to realize what was happening and by the time I realized I had to go for a meeting. Cheers, Predrag
http://www.apache.org/dist/httpd/Announcement1.3.html
Given the above, is openbsd going to stick with Apache 1.3?
Re: OpenBSD on Wyse C90LE
On Wed, Feb 03, 2010 at 08:48:35PM -0500, Predrag Punosevac wrote: > Absolutely right. Kernel doesn't see USB drive from that point because > USB is not 2.0 as advertised but it is 1.1. Crapy hardware. Seems that > uhci doesn't pick up from ehci during the boot process. did you ty disabling echi in UKC? -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Fw: pico and/or nano in the releases and snapshots
Giridhari wrote: Hare Krsna. From: Giridhari Sent: Thursday, February 04, 2010 7:37 AM To: dera...@cvs.openbsd.org ; dera...@openbsd.org Subject: Fw: pico and/or nano in the releases and snapshots ATTENTION Last night I saved a rat from certain death at the hands of a cat whose ovaries had been cut out. This is the cutting edge of bhakti in the interests of OpenBSD. You have been notified. Note: The below message has been slightly adjusted to that which was sent to dera...@theos.org. From: Giridhari Sent: Thursday, February 04, 2010 7:28 AM To: dera...@theos.com Subject: pico and/or nano in the releases and snapshots Hare Krsna Mr. DeRaadt. I am trying to write a new security implementation for OpenBSD, but find vi to be clumsy and hampering. I was very comfortable with pico, and nano. I am running a new system with multiprocessor kernel, and currently have no support for the ZTE MF626 modem I connect via cellular network with. I have tried installing the package of pico but it failed, so I installed it's dependencies, but pico still would not install because it had partially installed, would not pkg_delete (not even when forced), and I could not find a way to clean this up. I would really appreciate if pico or nano, which are simple and elegant, perhaps not with the frills vi uses apparently seem to appreciate, but simple and natural nonetheless, we part of the distribution. I agree, vi is terribly complicated and confusing to use. That is way I have always found ed to be a wonderful editor It is in the base and ALWAYS works even under the most terrifying and frightening conditions. Long Live ED! I fly with those. PLEASE INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please overlook the apparent justifications for vi-only exclusivity, and help please. FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding to do, including writing support for umodem for the MF626, and I would like to write it as a learning exercise in assembly. The new security mechanism is brute force resilient, and it is for particularly nasty weather. Pull a Torvaldsesque dictatorship because-I-said-so if you have to. Hare Bol. -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: OpenBSD on Wyse C90LE
On Wed, Feb 04, 2010 at 1:01:38AM Jacob Meuser wrote: >>On Wed, Feb 03, 2010 at 01:06:15PM -0500, Predrag Punosevac wrote: >> This is the brief preliminary report on Wyse C90LE. I downloaded >> yesterday the latest snapshot of OpenBSD 4.7 beta for i386. >> >> I installed on 2.0 USB of 2GB. >> I tested the live USB by booting DeLL optiplex 960 (Intel 2 core). >> Everything works perfect including X server. >> >> Conclusion is that USB media is OK. > are you sure it really booted off the USB? I am 1000% sure I booted from USB. The Thin Client comes pre-installed with WindowsXP embedded. > >> I broke into the BIOS of Wyse C90LE by holding DEL key. BIOS requires >> password. The default password is Fireport (found on the web-site of >> manufacturer). I changed the boot order so that PXE boot is the first >> and USB 2.0 is the second. I didn't see any other options I could play >> with in BIOS (like legacy USB or similar). >> >> Boot process goes fine and then stops. It is looking for the root device >> I manually typed wd0a and wd0b for swap (original partition was done >> by accepting defaults from the installer just for test). >> The boot process is aborted. >> >> ddb{0}>trace >> Debugger(50,d08cf780,d0a32f48,0,0) at Debugger +0x4 >> panic(d07543e8,1,,0,d0863178) at panic +0x55 >> dk_mountroot(2,2,2fecc,d0a32f9c,d04ca223) at dk_mountroot +0x1a7 >> main(0,0,0,0,0) at main +0x4eb >I've never seen a USB disk come up as wd*, always sd*. Me neither! I tried to put sd0a as a root directory. I think, I have very clear idea what is wrong. Look at my second message where I describe the boot process. Problems occur after four messages ehci_sync_hs:tsleep()=35 ehci as you know is the driver for USB 2.0. I looked through archives and I found that people have reported problems with sheety USB controller on VIA mother boards. Somebody submitted the patch last year. Obviously even the best software can not fixed crapy hardware. The OpenBSD aborts the boot because USB is not anymore seen by kernel. >so your crash makes sense, since you told it to boot off something that >doesn't yet exist. Absolutely right. Kernel doesn't see USB drive from that point because USB is not 2.0 as advertised but it is 1.1. Crapy hardware. Seems that uhci doesn't pick up from ehci during the boot process. > sounds like your USB image is not right. it should be booting off > sd0. when the kernel boots, do you see sd0 in the dmesg? > you got trace output, so where's the dmesg? There is no dmesg. The boot process aborts. My hunch is that I would be able to install OpenBSD on internal flash drive possibly even by booting with USB. I booted bsd.rd from USB without problems but I didn't want to erase embedded image because these units are not paid. They were given to us for evaluation. That is way I wanted to use Live USB. Jake, thanks a lot for taking the time to think about my problem. Predrag
is the Lemote Yeeloong available in the US?
Really, I meant, Where would Carmen San Diego find a Lemote Yeeloong in the US? diana
Re: pico and/or nano in the releases and snapshots
If you are smart enough to write support for umodem for the MF626, then learning vi should be a breeze. Alternatively: If learning vi is so hard for you, then you havn't a hope in hell of writing support for umodem for the MF626. paulm On 4/02/2010, at 12:52 PM, Giridhari wrote: Hare Krsna. From: Giridhari Sent: Thursday, February 04, 2010 7:37 AM To: dera...@cvs.openbsd.org ; dera...@openbsd.org Subject: Fw: pico and/or nano in the releases and snapshots ATTENTION Last night I saved a rat from certain death at the hands of a cat whose ovaries had been cut out. This is the cutting edge of bhakti in the interests of OpenBSD. You have been notified. Note: The below message has been slightly adjusted to that which was sent to dera...@theos.org. From: Giridhari Sent: Thursday, February 04, 2010 7:28 AM To: dera...@theos.com Subject: pico and/or nano in the releases and snapshots Hare Krsna Mr. DeRaadt. I am trying to write a new security implementation for OpenBSD, but find vi to be clumsy and hampering. I was very comfortable with pico, and nano. I am running a new system with multiprocessor kernel, and currently have no support for the ZTE MF626 modem I connect via cellular network with. I have tried installing the package of pico but it failed, so I installed it's dependencies, but pico still would not install because it had partially installed, would not pkg_delete (not even when forced), and I could not find a way to clean this up. I would really appreciate if pico or nano, which are simple and elegant, perhaps not with the frills vi uses apparently seem to appreciate, but simple and natural nonetheless, we part of the distribution. I fly with those. PLEASE INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please overlook the apparent justifications for vi-only exclusivity, and help please. FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding to do, including writing support for umodem for the MF626, and I would like to write it as a learning exercise in assembly. The new security mechanism is brute force resilient, and it is for particularly nasty weather. Pull a Torvaldsesque dictatorship because-I-said-so if you have to. Hare Bol.
Re: Fw: pico and/or nano in the releases and snapshots
On Wed, Feb 03, 2010 at 07:06:49PM -0600, Marco Peereboom wrote: > Wow this easily is the best troll of the year so far. really? to me it looks like someone was trying to be funny and totally failed. I give it a two thumbs down. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Fw: pico and/or nano in the releases and snapshots
Wow this easily is the best troll of the year so far. On Thu, Feb 04, 2010 at 10:52:32AM +1100, Giridhari wrote: > Hare Krsna. > > > From: Giridhari > Sent: Thursday, February 04, 2010 7:37 AM > To: dera...@cvs.openbsd.org ; dera...@openbsd.org > Subject: Fw: pico and/or nano in the releases and snapshots > > > ATTENTION > > Last night I saved a rat from certain death at the hands of a cat whose > ovaries had been cut out. This is the cutting edge of bhakti in the interests > of OpenBSD. You have been notified. > > Note: The below message has been slightly adjusted to that which was sent to > dera...@theos.org. > > > From: Giridhari > Sent: Thursday, February 04, 2010 7:28 AM > To: dera...@theos.com > Subject: pico and/or nano in the releases and snapshots > > > Hare Krsna Mr. DeRaadt. > > I am trying to write a new security implementation for OpenBSD, but find vi to > be clumsy and hampering. > > I was very comfortable with pico, and nano. I am running a new system with > multiprocessor kernel, and currently have no support for the ZTE MF626 modem I > connect via cellular network with. I have tried installing the package of pico > but it failed, so I installed it's dependencies, but pico still would not > install because it had partially installed, would not pkg_delete (not even > when forced), and I could not find a way to clean this up. > > I would really appreciate if pico or nano, which are simple and elegant, > perhaps not with the frills vi uses apparently seem to appreciate, but simple > and natural nonetheless, we part of the distribution. I fly with those. PLEASE > INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please > overlook the apparent justifications for vi-only exclusivity, and help please. > FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a > non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding > to do, including writing support for umodem for the MF626, and I would like to > write it as a learning exercise in assembly. The new security mechanism is > brute force resilient, and it is for particularly nasty weather. Pull a > Torvaldsesque dictatorship because-I-said-so if you have to. > > Hare Bol.
Re: Fw: pico and/or nano in the releases and snapshots
I've been avoiding this OP, but I guess I'll weigh in now. This smells like roe. Don't feed it. On Thu, Feb 04, 2010 at 01:54:07AM +0100, Jesus Sanchez wrote: > El 04/02/2010 0:52, Giridhari escribis: > >Hare Krsna. > > > > > >From: Giridhari > >Sent: Thursday, February 04, 2010 7:37 AM > >To: dera...@cvs.openbsd.org ; dera...@openbsd.org > >Subject: Fw: pico and/or nano in the releases and snapshots > > > > > >ATTENTION > > > >Last night I saved a rat from certain death at the hands of a cat whose > >ovaries had been cut out. This is the cutting edge of bhakti in the interests > >of OpenBSD. You have been notified. > > > >Note: The below message has been slightly adjusted to that which was sent to > >dera...@theos.org. > > > > > >From: Giridhari > >Sent: Thursday, February 04, 2010 7:28 AM > >To: dera...@theos.com > >Subject: pico and/or nano in the releases and snapshots > > > > > >Hare Krsna Mr. DeRaadt. > > > >I am trying to write a new security implementation for OpenBSD, but find vi > >to > >be clumsy and hampering. > > > >I was very comfortable with pico, and nano. I am running a new system with > >multiprocessor kernel, and currently have no support for the ZTE MF626 modem > >I > >connect via cellular network with. I have tried installing the package of > >pico > >but it failed, so I installed it's dependencies, but pico still would not > >install because it had partially installed, would not pkg_delete (not even > >when forced), and I could not find a way to clean this up. > > > >I would really appreciate if pico or nano, which are simple and elegant, > >perhaps not with the frills vi uses apparently seem to appreciate, but simple > >and natural nonetheless, we part of the distribution. I fly with those. > >PLEASE > >INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please > >overlook the apparent justifications for vi-only exclusivity, and help > >please. > >FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a > >non-standard request, but honestly, vi is so clumsy, and I have LOTS of > >coding > >to do, including writing support for umodem for the MF626, and I would like > >to > >write it as a learning exercise in assembly. The new security mechanism is > >brute force resilient, and it is for particularly nasty weather. Pull a > >Torvaldsesque dictatorship because-I-said-so if you have to. > > > >Hare Bol. > > > >You're loosing your time, not only for asking something like "put MY > favourite s**t on YOUR system" but also for using something like > pico/nano as text editor. It's the most improductive thing I've seen in > my life (comparing to vi/vim/vi-clones). What makes vi/Vim editors so > "clumsy and hampering" it's the same that makes Photoshop better > than MSpaint: design with productivity in mind. > >In the worst case you can make your own iso with pino/nano/whatever > in it, but seriously, if I were you, I would learn how to use vi/Vim > editors ASAP, it's in ALL unix-like systems, use vi, and you will never > have to use another text editor in your life. > > By the way, this was written using Vim. > -J
Re: Fw: pico and/or nano in the releases and snapshots
He's not asking you to do it, it is all up to the LordKrsna in this case. Mehma === On Wed, Feb 3, 2010 at 4:35 PM, Scott McEachern wrote: > Giridhari wrote: > > blah blah > >> pico or nano >> > blah blah > >> part of the distribution. >> > and more blah blah blah. > > All that because you find 'pkg_add pico" or "pkg_add nano" too difficult to > type? > > -- > > -RSM > > http://www.erratic.ca
Re: OpenBSD on Wyse C90LE
On Wed, Feb 03, 2010 at 01:06:15PM -0500, Predrag Punosevac wrote: > This is the brief preliminary report on Wyse C90LE. I downloaded > yesterday the latest snapshot of OpenBSD 4.7 beta for i386. > > I installed on 2.0 USB of 2GB. > > I tested the live USB by booting DeLL optiplex 960 (Intel 2 core). > Everything works perfect including X server. > > Conclusion is that USB media is OK. are you sure it really booted off the USB? > > I broke into the BIOS of Wyse C90LE by holding DEL key. BIOS requires > password. The default password is Fireport (found on the web-site of > manufacturer). I changed the boot order so that PXE boot is the first > and USB 2.0 is the second. I didn't see any other options I could play > with in BIOS (like legacy USB or similar). > > Boot process goes fine and then stops. It is looking for the root device > I manually typed wd0a and wd0b for swap (original partition was done > by accepting defaults from the installer just for test). > The boot process is aborted. > > ddb{0}>trace > Debugger(50,d08cf780,d0a32f48,0,0) at Debugger +0x4 > panic(d07543e8,1,,0,d0863178) at panic +0x55 > dk_mountroot(2,2,2fecc,d0a32f9c,d04ca223) at dk_mountroot +0x1a7 > main(0,0,0,0,0) at main +0x4eb I've never seen a USB disk come up as wd*, always sd*. so your crash makes sense, since you told it to boot off something that doesn't yet exist. sounds like your USB image is not right. it should be booting off sd0. when the kernel boots, do you see sd0 in the dmesg? you got trace output, so where's the dmesg? -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Fw: pico and/or nano in the releases and snapshots
El 04/02/2010 0:52, Giridhari escribis: Hare Krsna. From: Giridhari Sent: Thursday, February 04, 2010 7:37 AM To: dera...@cvs.openbsd.org ; dera...@openbsd.org Subject: Fw: pico and/or nano in the releases and snapshots ATTENTION Last night I saved a rat from certain death at the hands of a cat whose ovaries had been cut out. This is the cutting edge of bhakti in the interests of OpenBSD. You have been notified. Note: The below message has been slightly adjusted to that which was sent to dera...@theos.org. From: Giridhari Sent: Thursday, February 04, 2010 7:28 AM To: dera...@theos.com Subject: pico and/or nano in the releases and snapshots Hare Krsna Mr. DeRaadt. I am trying to write a new security implementation for OpenBSD, but find vi to be clumsy and hampering. I was very comfortable with pico, and nano. I am running a new system with multiprocessor kernel, and currently have no support for the ZTE MF626 modem I connect via cellular network with. I have tried installing the package of pico but it failed, so I installed it's dependencies, but pico still would not install because it had partially installed, would not pkg_delete (not even when forced), and I could not find a way to clean this up. I would really appreciate if pico or nano, which are simple and elegant, perhaps not with the frills vi uses apparently seem to appreciate, but simple and natural nonetheless, we part of the distribution. I fly with those. PLEASE INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please overlook the apparent justifications for vi-only exclusivity, and help please. FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding to do, including writing support for umodem for the MF626, and I would like to write it as a learning exercise in assembly. The new security mechanism is brute force resilient, and it is for particularly nasty weather. Pull a Torvaldsesque dictatorship because-I-said-so if you have to. Hare Bol. You're loosing your time, not only for asking something like "put MY favourite s**t on YOUR system" but also for using something like pico/nano as text editor. It's the most improductive thing I've seen in my life (comparing to vi/vim/vi-clones). What makes vi/Vim editors so "clumsy and hampering" it's the same that makes Photoshop better than MSpaint: design with productivity in mind. In the worst case you can make your own iso with pino/nano/whatever in it, but seriously, if I were you, I would learn how to use vi/Vim editors ASAP, it's in ALL unix-like systems, use vi, and you will never have to use another text editor in your life. By the way, this was written using Vim. -J
Re: Fw: pico and/or nano in the releases and snapshots
Giridhari wrote: blah blah pico or nano blah blah part of the distribution. and more blah blah blah. All that because you find 'pkg_add pico" or "pkg_add nano" too difficult to type? -- -RSM http://www.erratic.ca
Fw: pico and/or nano in the releases and snapshots
Hare Krsna. From: Giridhari Sent: Thursday, February 04, 2010 7:37 AM To: dera...@cvs.openbsd.org ; dera...@openbsd.org Subject: Fw: pico and/or nano in the releases and snapshots ATTENTION Last night I saved a rat from certain death at the hands of a cat whose ovaries had been cut out. This is the cutting edge of bhakti in the interests of OpenBSD. You have been notified. Note: The below message has been slightly adjusted to that which was sent to dera...@theos.org. From: Giridhari Sent: Thursday, February 04, 2010 7:28 AM To: dera...@theos.com Subject: pico and/or nano in the releases and snapshots Hare Krsna Mr. DeRaadt. I am trying to write a new security implementation for OpenBSD, but find vi to be clumsy and hampering. I was very comfortable with pico, and nano. I am running a new system with multiprocessor kernel, and currently have no support for the ZTE MF626 modem I connect via cellular network with. I have tried installing the package of pico but it failed, so I installed it's dependencies, but pico still would not install because it had partially installed, would not pkg_delete (not even when forced), and I could not find a way to clean this up. I would really appreciate if pico or nano, which are simple and elegant, perhaps not with the frills vi uses apparently seem to appreciate, but simple and natural nonetheless, we part of the distribution. I fly with those. PLEASE INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please overlook the apparent justifications for vi-only exclusivity, and help please. FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding to do, including writing support for umodem for the MF626, and I would like to write it as a learning exercise in assembly. The new security mechanism is brute force resilient, and it is for particularly nasty weather. Pull a Torvaldsesque dictatorship because-I-said-so if you have to. Hare Bol.
Re: Is OpenBSD + PF accredited or certified in any way ?
2010/2/3 Jean-Francois : > Not clear for me, does this firewall reach EAL4+ or EAL6 as stated in their > doc "Certified by the BSI according to CC at the level EAL 4+" http://www.genua.de/genua/kunden/index.en.html Best Martin
Re: Is OpenBSD + PF accredited or certified in any way ?
Le mardi 02 fivrier 2010 20:29:29, Martin Schrvder a icrit : > 2010/2/2 Keith : > > Can anyone help me out ? > > If you need professional services: > http://www.genua.de/produkte/firewall/genugate/index.en.html > > Their firewalls are OpenBSD based. > > Best > Martin > Not clear for me, does this firewall reach EAL4+ or EAL6 as stated in their doc (http://www.genua.de/dateien/genugate-salesfolder-en.pdf) ?
spamd-sync logging? I see the udp traffic but nothing in logs to confirm sync
I'm trying to confirm that spamd is syncing the db properly between 2 hosts. When I startup spamd I get: listening for incoming connections. in /var/log/spamd; but nothing else. There is a lot of UDP traffic on 8025 between the 2 hosts but the databases are still different sizes. I'm starting spamd with the following options, running 4.6: host A /usr/libexec/spamd -v -G10:4:864 -y 172.16.254.1 -Y a.test.com host B /usr/libexec/spamd -v -G10:4:864 -y 172.19.254.1 -Y b.test.com Should I see messages in /var/log/spamd when the spamd processes connect and register with each other? Thank you.
Re: OpenBSD on Wyse C90LE
I booted one more time specifying bsd.sp kernel explicitly. Right before I am asked to explicitly enter the root device. I see the following repeating four times ehci_sync_hs:tsleep()=35 Predrag
Eventos corporativos con mucha mas accion
Para Desuscribirse, por favor, haga click aquí : http://mailing.marketing-ip.com.ar/box.php?funcml=unsub2&nl=502&mi=10216&email=misc%40openbsd.org
Re: OpenBSD on Wyse C90LE
This is the brief preliminary report on Wyse C90LE. I downloaded yesterday the latest snapshot of OpenBSD 4.7 beta for i386. I installed on 2.0 USB of 2GB. I tested the live USB by booting DeLL optiplex 960 (Intel 2 core). Everything works perfect including X server. Conclusion is that USB media is OK. I broke into the BIOS of Wyse C90LE by holding DEL key. BIOS requires password. The default password is Fireport (found on the web-site of manufacturer). I changed the boot order so that PXE boot is the first and USB 2.0 is the second. I didn't see any other options I could play with in BIOS (like legacy USB or similar). Boot process goes fine and then stops. It is looking for the root device I manually typed wd0a and wd0b for swap (original partition was done by accepting defaults from the installer just for test). The boot process is aborted. ddb{0}>trace Debugger(50,d08cf780,d0a32f48,0,0) at Debugger +0x4 panic(d07543e8,1,,0,d0863178) at panic +0x55 dk_mountroot(2,2,2fecc,d0a32f9c,d04ca223) at dk_mountroot +0x1a7 main(0,0,0,0,0) at main +0x4eb ddb{0}>ps PID PPID PGRP UID SFLAGSWAIT Command 11 00 03pftm pfpurge 10 0 0 0 3 usbevt usb3 9 0 0 0 3 usbevt usb2 8 0 0 0 3 usbevt usb1 7 0 0 0 3 usbtsk usbtask 6 0 0 0 3 usbevt usb0 5 0 0 0 3 acpi_idle acpi0 4 0 0 0 3 bored sgswq 3 0 0 0 3 -idle 0 2 0 0 0 3 kmalloc kmthread 1 0 0 0 3 initexec swapper 0 -10 0 2 - swapper I would appreciate any comment or suggestion. Cheers, Predrag
Seksi pokloni za Dan zaljubljenih
If you have trouble seeing this mail, click here. Top Shop Top E-revija: 45, 3. februar 2010. Najbolja praktiD na reE!enja i saveti za bolji E>ivot PoD etna | Budi fit! | Lepota | Zdrav E>ivot DomaDinstvo | Zabava i deca | Quelle katalog | Knjige Top Shop HIT TV proizvodi! 2xSweet Dream Pillow - PAKET! Sweet Dream Pillow Ab Rocket - fitnes sprava Ab Rocket Leg Magic - fitnes sprava Leg Magic Massage cushion - jastuk za masaE>u Massage Cushion FlavorWave Turbo Oven - BESPLATNA ... FlavorWave BESPLATNA DOSTAVA! Seksi pokloni za Dan zaljubljenih Poklonite partneru neE!to seksi za Dan zaljubljenih, proD itajte naE!ih 10 predloga. Na Dan Zaljubljenih ne propustite... E ta ne bi trebalo da propustite za Dan zaljubljenih, podsetite se E!ta treba uraditi. 15 Top ljubavnih filmova svih vremena PreporuD ujemo 15 najromantiD nijih filmova svetske kinematografije od 1939 do 2001. Slatki zalogajiu dvoje: Ljubavna torta Iznenadite svog dragog ili dragu iu malo truda sami napravite tortu za dan zaljubljernih. Seksi pokloni za Dan zaljubljenih Seksi pokloni za Dan zaljubljenih E=elite svom partneru da poklonite neE!to posebno? - E ta kaE>ete na D istu strast? VaE! parnter De svakako biti iznenaDen i zadovoljan. Napravite romantiD nu atmosferu, upalite nekoliko sveDa, pustite laganu muziku, upalite egzotiD ni miriE!ljavi E!tapiD i polako otpakujte svoj poklon... [ProD itajte viE!e ...] Pravo je vreme da mislite na svoj izgled uz ove super ponude! Ab Tronic X2 - BESPLATNA DOSTAVA! Bathroom Scale 5 u 1 - POPUST 15% Celluless - anticelulit masaE>er Ab Tronic X2 - Pojas za stomak ... Bathroom Scale 5 u 1 - POPUST ... Celluless - anticelulit masaE>er SUPER PONUDA! 15% 25% Do D ak 7 puta bolji efekat od klasiD nog veE>banja! Koristite ga samo 10 minuta dnevno! POPUST! MrE!avite zdravo, pratite svoje treninge i dijete. Budite efikasniji! Vakuumska masaE>a- najefikasniji tretman protiv celulita. Zaboravite na skupe tretmane. Cena: 7.990 RSD [ViE!e informacija] Cena: 2.200 RSD [ViE!e informacija] Cena: 2.990 RSD [ViE!e informacija] Dan Zaljubljenih/Sveti Trifun Na Dan Zaljubljenih ne propustite... Iako se kod nas slavi kao Sveti Trifun, zaE!titnik vinogradara, svake godine se ipak slavi i Dan Zaljubljenih (Sveti Valentin). Ne zaboravite na 10 osnovnih stvari koje D ine ovaj datum romantiD nim i intimnim druE>enjem partnera. Podsetite se na vreme E!ta vam je D initi... [ProD itajte viE!e...] Pokloni i popusti proizvoda za dvoje... 2xSweet Dream Pillow - PAKET! 2 x Snuggie - Debe sa rukavima uz POPUST! 2xHeljda Natural Dream jastuci - SUPER CENA! 2xSweet Dream Pillow - PAKET! 2 x Snuggie - 2 Debeta sa rukavima ... 2xHeljda Natural Dream jastuci ... 16% 25% 16% Jastuci od memorijske pene, koji se savrE!eno prilagoDava konturama glave i vrata Komplet od 2 Debeta koje moE>ete nositi na sebi i nesmetano se koristiti rukama. Idealni jastuci za osobe koje su alergiD ne na perjane jastuke, smanjuje bolove u leDima. Cena: 2.990 RSD [ViE!e informacija] Cena: 2.990 RSD [ViE!e informacija] Cena: 3.690 RSD [ViE!e informacija] Dan Zaljubljenih uz filmove - ... 15 top ljubavnih filmova svih vrmena Ukoliko 14. februar bude hladan i stoga nezgodan za romantiD nu E!etnju sa voljenom osobom b imamo pravo reE!enje... PronaDite neki ljubavni film b i voljenoj osobi ulepE!ajte veD e. Pogledajte listu od 15 najromantiD nijih filmova svih vremena i odluD ite se... [ProD itajte viE!e...] Predstavljamo - NAJNOVIJE! Dragon Fly - Stimulator miE!iDa Total Vibes - 5 u 1 fitnes maE!ina Dorisb" - kreativna igra i slagalica Dragon Fly - Stimulator miE!iDa Total Vibes - 5 u 1 fitnes maE!ina Dorisb" - kreativna igra i slagalica NOVO! NOVO! 13% Dovoljno je samo da zalepite jastuD iDe na miE!iDe koje E>elite da veE>bate i opustite se. Sve u jednom - trening snage, zatezanje miE!iDa, poveDanje fleksibilnosti i relaks masaE>a. Kreativna i edukativna igra i slagalica pogodna za uzrast od 6 do 106 godina. Cena: 4.490 RSD [ViE!e informacija] Cena: 46.990 RSD [ViE!e informacija] Cena: 3.490 RSD [ViE!e informacija] Ljubavna torta Slatki zalogaj u dvoje: Ljubavna torta Ako E>elite da obradujete svog partnera za Dan zaljubljenih predlaE>emo da mu priuE!tite uE>ivanje svim D ulima. Zaljubljena torta je neE!to E!to De oD arati D ula ukusa i mirisa. Iznenadite ga/je ovim zanosnim slatkiE!em, fantastiD nog ukusa i jednostavnog za pripremu... [ProD itajte viE!e...] Moj prijatan, udoban i nasmejan dom... Air Sofa Bed - sofa na naduvavanje Omni Floor Polisher - D istaD podova Mamma's Cookie Cutters - Kalupi za kolaD iDe Air Sofa Bed - multinamenski leE>aj ... Omni Floor Polisher - ViE!enamenski ... Mamma s Cookie Cutters - Kalupi ... NAJUDOBNIJE! NOVO! KREATIVNO I ZABAVNO! Elegantna sofa pet u jedan - udobna za spavanje i zgodna za opuE!tanje. Disti i polira sve vrste podova, lako i efikasno - poput profesionalnih maE!ina! Sami ili sa svojim detetom pravite najkr
Re: relayd and weighting
hi no , there is no weighting, but you can use the monitoring feature with an own script that messure the load of the box . if the load going over a limit the script give an exit 1 and relayd diden4t send traffic to this host. holger > Hi list, > > I'm planning to replace a GNU/Linux-driven load balancer (heartbeat, > ldirectord) by an OpenBSD setup using pf, pfsync, and relayd. > > However, I discovered that I need 'weighting' (at least that is what it's > called in ldirectord). > > For example, I have ten web servers to spread the load onto, three of them > are 'old' and would handle less page impressions in the same time frame. > > So I'd like to spread the incoming connections across all machines, but > reduce the amount of connections to the three slower ones, e.g. only the > half or one third of the amount 'the big ones' handle. > > Is there such a feature in relayd I didn't see when reading the > documentation repeatedly? > > I could handle this by creating NIC aliases on the servers depending on > the workload they should handle, but I think that it would be best to have > such functionality in the load balancer. > > Thanks, > > Donald > -- > GRATIS f|r alle GMX-Mitglieder: Die maxdome Movie-FLAT! > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Re: way to help: laptops and weekly
On Wed, Feb 03, 2010 at 07:00:56AM -0800, J.C. Roberts wrote: > On Mon, 1 Feb 2010 13:57:09 + Owain Ainsworth > wrote: > > > On Mon, Feb 01, 2010 at 07:42:57AM +0200, Jussi Peltola wrote: > > > On Mon, Feb 01, 2010 at 04:54:49AM +, Jacob Meuser wrote: > > > > On Mon, Feb 01, 2010 at 05:57:11AM +0200, Jussi Peltola wrote: > > > > > On Mon, Feb 01, 2010 at 02:35:54AM +, Jacob Meuser wrote: > > > > > > yeah, but wasn't the original issue that started this thread > > > > > > was that the locate database was "too old"? maybe if locate, > > > > > > apropos, etc would print "databse last updated 3 weeks 2 days > > > > > > ago"? > > > > > > > > > > This should be done in any case. IMHO it's a bug if they don't > > > > > complain loudly, or even refuse to run with a stale database. > > > > > Stale caches are evil, even if the man page warns about them. > > > > > > > > yeah, but if your computer hasn't been on for 3 weeks and then > > > > locate won't work because the database is 3 weeks old, that would > > > > suck. > > > > > > Of course it would need a switch to force it to run. But I guess a > > > warning is better since locate might be used in scripts and it's not > > > good to add extra knobs to existing programs where they don't gain > > > much. > > > > Please, no. > > > > If nothing has changed on my machine in 3 weeks (say one of the > > laptops I use infrequently) I would utterly hate having locate et al. > > bitch at me continually. > > > > If *you* really want something like that, this is what shell > > functions are for, just check the database mtime, and print to stderr > > if it's too old, then run locate. Please don't try and force that on > > everyone else. > > > > I agree with Owain. I mean no offense to Tedu, but there is no viable > need for serious modifications or significant changes in default > behavior... And worse, trying to "fix" this supposed problem will > most likely cause other problems. For the record, i'm not against something that runs the ${INTERVAL}y scripts in a more intelligent fashion, as long as it is simple and non-intrusive. I was just registering a strong dislike of making things like locate(1) nag about old databases. -0- - who often leaves his main laptop on overnight. -- In the land of the dark, the Ship of the Sun is driven by the Grateful Dead. -- Egyptian Book of the Dead
Re: Maximizing File/Network I/O
* nixlists [2010-01-14 08:39]: > On Wed, Jan 13, 2010 at 11:43 PM, Henning Brauer > wrote: > > * nixlists [2010-01-14 03:21]: > >> > test results on old P4 are unfortunately pretty much pointless. > >> > >> Why? > >> > >> cpu0: Intel(R) Pentium(R) 4 CPU 2.53GHz ("GenuineIntel" 686-class) 2.52 > GHz > >> > >> Isn't 2.52GHz fast enough for gigabit links? I know that's like half > >> that in P3 cycles, but still... What's the issue? > > > > cache > > What about it? Please elaborate. it's very different in P4 and sucks -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: way to help: laptops and weekly
On Mon, 1 Feb 2010 13:57:09 + Owain Ainsworth wrote: > On Mon, Feb 01, 2010 at 07:42:57AM +0200, Jussi Peltola wrote: > > On Mon, Feb 01, 2010 at 04:54:49AM +, Jacob Meuser wrote: > > > On Mon, Feb 01, 2010 at 05:57:11AM +0200, Jussi Peltola wrote: > > > > On Mon, Feb 01, 2010 at 02:35:54AM +, Jacob Meuser wrote: > > > > > yeah, but wasn't the original issue that started this thread > > > > > was that the locate database was "too old"? maybe if locate, > > > > > apropos, etc would print "databse last updated 3 weeks 2 days > > > > > ago"? > > > > > > > > This should be done in any case. IMHO it's a bug if they don't > > > > complain loudly, or even refuse to run with a stale database. > > > > Stale caches are evil, even if the man page warns about them. > > > > > > yeah, but if your computer hasn't been on for 3 weeks and then > > > locate won't work because the database is 3 weeks old, that would > > > suck. > > > > Of course it would need a switch to force it to run. But I guess a > > warning is better since locate might be used in scripts and it's not > > good to add extra knobs to existing programs where they don't gain > > much. > > Please, no. > > If nothing has changed on my machine in 3 weeks (say one of the > laptops I use infrequently) I would utterly hate having locate et al. > bitch at me continually. > > If *you* really want something like that, this is what shell > functions are for, just check the database mtime, and print to stderr > if it's too old, then run locate. Please don't try and force that on > everyone else. > I agree with Owain. I mean no offense to Tedu, but there is no viable need for serious modifications or significant changes in default behavior... And worse, trying to "fix" this supposed problem will most likely cause other problems. If you need a solution for your not-always-on systems like laptops, then just toss the following script into your /etc/rc.local or if you prefer for it to run at login, then toss it into your ~/.profile -start--script--- #!/bin/ksh sysmaint=''; if [ `find /var/log -name security -mtime +1` ]; then sysmaint="/etc/secure"; fi if [ `find /var/log -name daily.out -mtime +1` ]; then sysmaint="$sysmaint /etc/daily"; fi if [ `find /var/log -name weekly.out -mtime +7` ]; then sysmaint="$sysmaint /etc/weekly"; fi if [ `find /var/log -name monthly.out -mtime +31` ]; then sysmaint="$sysmaint /etc/montly"; fi if [ X"$sysmaint" != X"" ] ; then echo; echo "The Following System Maintenance Scripts Are Out Of Date"; for scrp in $sysmaint; do printf "\t%s\n" $scrp; done; echo; read ans?"Should we run the system maintenance scripts now? (Y/N): "; if [ X"$ans" == X"Y" ] || [ X"$ans" == X"y" ] ; then for scrp in $sysmaint; do printf "\t%s\n" $scrp; # if put in your .profile, use `sudo $scrp` # sudo $scrp $scrp done; fi else echo; echo "Your System Maintenance Scripts Are Up To Date"; echo; fi -end--script--- Needless to say, I very *intentionally* gave the user the choice whether or not to run the scripts, but the important thing is this kind of automation is dead-simple to do. We're fighting a battle of opinions; We can all see the system maintenance scripts need to run (even on the not-always-on systems), there's never a "good" time to run the scripts, and there is an expected (historic/de facto) default way it has always been done in the past which works just fine for most systems. For those with the desire to delay some arbitrary amount of time (as mentioned, 30 minutes after boot up), you could easily modify the above to use the at(1) command. Heck, the simple "Y/N" in the above could be changed to something like "Y/N/# (of minutes)" for setting at(1). It is best not to try to force this sort of thing on everyone, particularly when it's so easy to do on your own. If it's something that you think should be easily added through configuration, then the best answer is to add a var to /etc/rc.conf and\or /etc/rc.conf.local to trigger running it at boot with the default being not to run. I think putting the above in /etc/rc.shutdown is overkill (and a very bad idea), but some people have suggested running the scripts at shutdown (while their laptop battery is potentially dying). If some want to perforate their feet, we don't need to help them. Please Note: Tedu previously mentioned some work he was doing to optionally reduce the load of the various scripts (reduced coverage?), and these options could be used along with the above approach to speed things up. If you think this is a fair approach and without forced or unnecessary changes to the existing default behavior, then let me know, and I'll start making the changes/diffs. -jcr
relayd and weighting
Hi list, I'm planning to replace a GNU/Linux-driven load balancer (heartbeat, ldirectord) by an OpenBSD setup using pf, pfsync, and relayd. However, I discovered that I need 'weighting' (at least that is what it's called in ldirectord). For example, I have ten web servers to spread the load onto, three of them are 'old' and would handle less page impressions in the same time frame. So I'd like to spread the incoming connections across all machines, but reduce the amount of connections to the three slower ones, e.g. only the half or one third of the amount 'the big ones' handle. Is there such a feature in relayd I didn't see when reading the documentation repeatedly? I could handle this by creating NIC aliases on the servers depending on the workload they should handle, but I think that it would be best to have such functionality in the load balancer. Thanks, Donald -- GRATIS f|r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
4.6 pf/bridge bug?
Late last week I submitted PR 6302. This morning I had it take down two more machines, within minutes of each other. The hardware in this case was completely different: One box is a 32bit Intel with em(4); the other is an amd64 with nfe(4). Has anyone else run into this? -- bda cyberpunk is dead. long live cyberpunk.
ldattach and gpsd errors
I am trying to get ldattach and gpsd to work together, and I'm having issues. I have 3 USB GPS devices, and at least one seems to work with gpsd when not using ldattach (I haven't tested the others yet). When I run ldattach I get the following: # ldattach -d -p nmea /dev/cuaU0 /dev/ttyp2 ldattach[28488]: attach nmea on /dev/cuaU0 ldattach[28488]: passing data to /dev/ttyp2 In sysctl hw.sensors I then have: hw.sensors.nmea0.percent0=100.00% (Signal), UNKNOWN hw.sensors.nmea0.timedelta0=0.00 secs, UNKNOWN I then run gpsd and get the following output: # gpsd -nND2 /dev/ttyp2 gpsd: launching (Version 2.38) gpsd: listening on port 2947 gpsd: running with effective group ID 0 gpsd: running with effective user ID 0 gpsd: opening GPS data source at '/dev/ttyp2' gpsd: speed 9600, 8N1 gpsd: garmin_gps not active. gpsd: gpsd_activate(1): opened GPS (6) gpsd: speed 4800, 8N1 gpsd: speed 9600, 8N1 gpsd: speed 19200, 8N1 gpsd: speed 38400, 8N1 gpsd: speed 57600, 8N1 gpsd: speed 115200, 8N1 gpsd: speed 0, 7N2 gpsd: speed 4800, 7N2 gpsd: speed 9600, 7N2 gpsd: speed 19200, 7N2 gpsd: speed 38400, 7N2 gpsd: speed 57600, 7N2 gpsd: speed 115200, 7N2 gpsd: packet sniffer failed to sync up gpsd: closing GPS=/dev/ttyp2 (6) If I run gpsd without ldattach running I get the following: # gpsd -ND2 /dev/cuaU0 gpsd: launching (Version 2.38) gpsd: listening on port 2947 gpsd: running with effective group ID 0 gpsd: running with effective user ID 0 gpsd: opening GPS data source at '/dev/cuaU0' gpsd: speed 9600, 8N1 gpsd: garmin_gps not active. gpsd: gpsd_activate(1): opened GPS (6) gpsd: FV 0x06: Firmware version: GSW3.2.5_3.3.01.06-SDK001P1.00 I can then run kismet on that system, and it does not complain about not being able to connect to the gpsd. I've tried this on recent snapshots of both i386 and amd64 and get the same results. I also tried setting up ldattach in the /etc/ttys file, but couldn't figure out which tty0? to attach it to (I tried all of the ones in the file, commenting out the original entries). dmesg for the i386 machine (Asus eeepc 701): OpenBSD 4.7-beta (GENERIC) #518: Wed Jan 27 19:22:14 MST 2010 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 900MHz ("GenuineIntel" 686-class) 631 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 2138140672 (2039MB) avail mem = 2063011840 (1967MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf06e0 (37 entries) bios0: vendor American Megatrends Inc. version "0910" date 03/03/2008 bios0: ASUSTeK Computer INC. 701 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC OEMB MCFG acpi0: wakeup devices P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) MC97(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EUSB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 70MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (P0P3) acpiprt2 at acpi0: bus 3 (P0P5) acpiprt3 at acpi0: bus 1 (P0P6) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 90 degC acpibat0 at acpi0: BAT0 model "701" serial type LION oem "ASUS" acpiac0 at acpi0: AC unit online acpiasus0 at acpi0 acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB acpivideo0 at acpi0: VGA_ acpivout0 at acpivideo0: CRTD acpivout1 at acpivideo0: TVOD acpivout2 at acpivideo0: LCDD bios0: ROM list: 0xc/0xf800! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x04 vga1 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 (irq 5) drm0 at inteldrm0 "Intel 82915GM Video" rev 0x04 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04: apic 1 int 16 (irq 5) azalia0: codecs: Realtek ALC662 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04: apic 1 int 16 (irq 5) pci1 at ppb0 bus 4 ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04: apic 1 int 17 (irq 11) pci2 at ppb1 bus 3 lii0 at pci2 dev 0 function 0 "Attansic Technology L2" rev 0xa0: apic 1 int 17 (irq 11), address 00:1e:8c:72:b0:d0 ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2: OUI 0x001374, model 0x0002 ppb2 at pci0 dev 28 function 2 "Intel 82801FB PCIE" rev 0x04: apic 1 int 18 (irq 10) pci3 at ppb2 bus 1 ath0 at pci3 dev 0 function 0 "Atheros AR5424" rev 0x01: apic 1 int 18 (irq 10) ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:6b:ac:e2 uhci0 at pci0 dev 29 function 0 "Intel
Re: pf questions (just to be sure)
Robert Gilaard wrote: > max-src-conn-rate 2/30 implies 1 in 15 seconds No, it does not! Helmut -- No Swen today, my love has gone away My mailbox stands for lorn, a symbol of the dawn
Re: Is OpenBSD + PF accredited or certified in any way ?
Eugene Yunak wrote: 2010/2/2 Keith : organisations WAN. Our security people are asking if the firewall that we use is accreditated by ITSEC and I am pretty sure it isn't but it turns out that our security people will be happy is the firewall is accredited for use by another government ! Ukrainian government has certified a distribution called BBOS that basically is a customised OpenBSD, .."In Soviet Russia, OpenBSD certifies you!"
Re: Is OpenBSD + PF accredited or certified in any way ?
2010/2/2 Keith : > I've used OpenBSD & PF for a number of years without issue and am now in the > position that I want to create a dmz between the Internet and my > organisations WAN. Our security people are asking if the firewall that we > use is accreditated by ITSEC and I am pretty sure it isn't but it turns out > that our security people will be happy is the firewall is accredited for use > by another government ! > > I am very happy with my PF firewalls and their reliability and don't want to > be forced into purchasing some cisco / forenet comercial firewall that I've > never used before so am desperate to find some details of any foreign > governments that are using OpenBSD / PF as a firewall or any details of any > certification of the PF firewall. > > Can anyone help me out ? > > Thanks > Keith > Ukrainian government has certified a distribution called BBOS that basically is a customised OpenBSD, modified for compatibility with local security standards, for the use as servers and clients with access to internet and protect information classified as government secret. http://www.atmnis.com/documents.php?lng=ENG http://www.atmnis.com/files/user_files/BBOS.pdf http://www.atmnis.com/files/user_files/BBOS_OS.pdf -- The best the little guy can do is what the little guy does right
Re: Is OpenBSD + PF accredited or certified in any way ?
On Tue, Feb 02, 2010 at 02:15:00PM -0500, Brad Tilley wrote: > Common Criteria - http://www.iso15408.net [...] > I think the certification process can be very narrowly focused on a > few parts of the system [...] Yup, that's the whole idea behind CC - all the evaluation does is verify the claims that the vendor has outlined in the "Security Target" (ST). The "EAL" levels only tell you to what depth this has been done. Hence, the "EAL" tells you zilch unless you also read the ST (i.e. the vendor claims). In some areas (e.g. smartcards), requirements for STs have been standardised to some extent, so the CC results are more comparable - but in other areas, vendors can pretty much claim what they want... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.org "You have to live on the edge of reality - to make your dreams come true!"
Candidaturas para casting de moda, inscreve-te j�!
Ola, Estco abertas candidaturas para casting na tua cidade! Nco percas esta oportunidade unica de poder fazer parte do mundo da moda, televisco e cinema. Verifica as varias oportunidades abertas neste momento em, http://www.estilus.eu/promo/index.php?em=wqw&email=bWlzY0BvcGVuYnNkLm9yZw== Obrigado pelo tempo disponibilizado. Equipa Estilus Portugal www.estilus.eu Mensagem enviada em Wednesday 3rd dUTC February 2010 11:06:33 AM Esta mensagem i enviada sob a nova legislagco sobre correio Electrsnico, art. 22.: do Decreto-lei n.: 7/2004, de 7 de Janeiro sobre correio electrsnico nco requisitado. Um email nco podera ser considerado SPAM quando inclui uma forma de ser removido. Para remover o seu enderego da nossa base de dados, envie um email com o assunto (Remover) a partir do email que esta inscrito para i...@estilus.eu.
Candidaturas para casting de moda, inscreve-te j�!
Ola, Estco abertas candidaturas para casting na tua cidade! Nco percas esta oportunidade unica de poder fazer parte do mundo da moda, televisco e cinema. Verifica as varias oportunidades abertas neste momento em, http://www.estilus.eu/promo/index.php?em=wqw&email=bWlzY0BvcGVuYnNkLm9yZw== Obrigado pelo tempo disponibilizado. Equipa Estilus Portugal www.estilus.eu Mensagem enviada em Wednesday 3rd dUTC February 2010 11:06:56 AM Esta mensagem i enviada sob a nova legislagco sobre correio Electrsnico, art. 22.: do Decreto-lei n.: 7/2004, de 7 de Janeiro sobre correio electrsnico nco requisitado. Um email nco podera ser considerado SPAM quando inclui uma forma de ser removido. Para remover o seu enderego da nossa base de dados, envie um email com o assunto (Remover) a partir do email que esta inscrito para i...@estilus.eu.
Re: Is OpenBSD + PF accredited or certified in any way ?
On 03/02/2010, at 8:49 PM, Stuart Henderson wrote: > On 2010-02-01, Keith wrote: >> I've used OpenBSD & PF for a number of years without issue and am now in >> the position that I want to create a dmz between the Internet and my >> organisations WAN. Our security people are asking if the firewall that >> we use is accreditated by ITSEC and I am pretty sure it isn't but it >> turns out that our security people will be happy is the firewall is >> accredited for use by another government ! > > You could always put an accredited firewall behind the real one. > This also means you can tick the 'multi-vendor' box. > > To reduce your management hassles you could just leave all ports open. leave them open on the accredited firewall of course.
Re: Is OpenBSD + PF accredited or certified in any way ?
On 2010-02-01, Keith wrote: > I've used OpenBSD & PF for a number of years without issue and am now in > the position that I want to create a dmz between the Internet and my > organisations WAN. Our security people are asking if the firewall that > we use is accreditated by ITSEC and I am pretty sure it isn't but it > turns out that our security people will be happy is the firewall is > accredited for use by another government ! You could always put an accredited firewall behind the real one. This also means you can tick the 'multi-vendor' box. To reduce your management hassles you could just leave all ports open.
Re: bgpd log message
On Wed, 3 Feb 2010 10:35:33 +0100, Claudio Jeker wrote: >On Wed, Feb 03, 2010 at 03:02:16PM +1100, Rod Whitworth wrote: >> I sometimes see a bgpd message in /var/log/messages saying: >> /bsd: cannot forward from :: to 2zzz:z000::0005 nxt 17 received on vr2 >> (I snipped the datestamp and hostname to stop linewrap) >> >> It is not common and nothing bad seems to be happening but I'm puzzled >> as to what it means. >> >> Any clues? >> > >This is not from bgpd. It is from the kernel to be precise ip6_forward.c: > * Do not forward packets with unspecified source. It was discussed > * in July 2000, on ipngwg mailing list. > >Someone is sending packets with a src ip of :: (all null address). This is >not allowed. You should try to figure out which host on vr2 is doing this >crap. Thanx Claudio. Why I didn't notice the /bsd in there must mean I was not getting enough sleep. I guess that the hostname (bgpd1) that I snipped out hit my radar and blurred the kernel name. I'm moving to block all addresses that are not on our /32 v6 and /11 v4 at the downstream routers. That was on a todo list anyway. I appreciate your prompt assistance and I'd like to thank you for OpenBGP as well as your work on OSPF that I may be trying to handle soon. R/ *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Disk architecture during install
On 2010-02-03, Adriaan wrote: > On Tue, Feb 2, 2010 at 10:38 PM, Jean-Francois wrote: >> Hi All, >> >> I am looking for a way to easily identify the various names given by OpenBSD >> to the disks before install, in order to be able to correctly make the slides >> and mount points during an install on a complicated system with several hard >> disks. >> >> Falling back to (S)hell during install process in a first step, second step >> identifying hardware : interfaces and hard disk. >> For the first, ifconfig, for the latter, I don't know. > > Follow the OpenBSD faq for setting up a serial console. If you then > run cu or tip within an xterm > you can easily scroll up and down through the dmesg. The ramdisks have more(1) on them if that's all you want...
Re: bgpd log message
On Wed, Feb 03, 2010 at 03:02:16PM +1100, Rod Whitworth wrote: > I sometimes see a bgpd message in /var/log/messages saying: > /bsd: cannot forward from :: to 2zzz:z000::0005 nxt 17 received on vr2 > (I snipped the datestamp and hostname to stop linewrap) > > It is not common and nothing bad seems to be happening but I'm puzzled > as to what it means. > > Any clues? > This is not from bgpd. It is from the kernel to be precise ip6_forward.c: * Do not forward packets with unspecified source. It was discussed * in July 2000, on ipngwg mailing list. Someone is sending packets with a src ip of :: (all null address). This is not allowed. You should try to figure out which host on vr2 is doing this crap. -- :wq Claudio
Re: Is OpenBSD + PF accredited or certified in any way ?
> Given such limitations, perhaps you might propose a more > open evaluation and make code access for audit, including by escrow > access for an established third-party authority, as a major criteria? To simplify things, I have just certified the 4.6/i386 GENERIC that runs my router as "The Best Damn OS On Earth For The Job". So yeah, OpenBSD+pf is accredited now.