Re: disknice

[STeve Andre']

On Thursday 04 February 2010 01:44:15 Ted Unangst wrote:
> I haven't really solved the problem I want to solve, but was able to whip
> this up pretty quickly.  Basically, it's just a wrapper that runs a
> command and then starves it from running.  disknice is a misnomer, it also
> gets starved from cpu, but at the current time the only way to slow down a
> process's io is to stop it.  Not a complete solution, but it will slow
> down a large tar job to the point where other programs have plenty of time
> to get their requests in.  The sleep ratios should be tunable, aren't.
>
> > time disknice md5 -t

I'm definitely going to play with this.

To retard a process might be a better word, but might raise objections, 
so arrest, bridle or moderate might be better?

--STeve Andre'

disknice

[Ted Unangst]

I haven't really solved the problem I want to solve, but was able to whip 
this up pretty quickly.  Basically, it's just a wrapper that runs a 
command and then starves it from running.  disknice is a misnomer, it also 
gets starved from cpu, but at the current time the only way to slow down a 
process's io is to stop it.  Not a complete solution, but it will slow 
down a large tar job to the point where other programs have plenty of time 
to get their requests in.  The sleep ratios should be tunable, aren't.


> time disknice md5 -t 
MD5 time trial.  Processing 1 1-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 3.339803 seconds
Speed  = 29941885.793863 bytes/second
0m3.50s real 0m0.30s user 0m0.00s system


#include 
#include 

#include 
#include 
#include 

int
main(int argc, char **argv)
{
int i;
char **nargv;
pid_t pid;
int status;
const int onesec = 100;

nargv = malloc((sizeof(*nargv) * argc + 1));
for (i = 1; i < argc; i++) {
nargv[i-1] = argv[i];
}
nargv[i-1] = NULL;

pid = fork();
if (pid == -1)
err(127, "fork");
if (!pid) {
execvp(nargv[0], nargv);
write(2, "failed to exec\n", 15);
_exit(127);
}
usleep(10);
while (!waitpid(pid, &status, WNOHANG)) {
kill(pid, SIGSTOP);
usleep(onesec / 2);
kill(pid, SIGCONT);
usleep(onesec / 10);
}
return WEXITSTATUS(status);
}

Re: is the Lemote Yeeloong available in the US?

[Otto Moerbeek]

On Wed, Feb 03, 2010 at 09:48:29PM -0800, J.C. Roberts wrote:

> On Wed, 3 Feb 2010 18:45:13 -0700 (MST) Diana Eichert
>  wrote:
> 
> > Really, I meant, Where would Carmen San Diego find a
> > Lemote Yeeloong in the US?
> > 
> > diana
> > 
> 
> I was wondering when Loongson based systems would start showing up, but
> the following was a wonderful surprise:
> 
>   http://www.lemote.com/english/index.html
> 
>   "The world's first laptop which contains completely free
>   software. All system source files(BIOS, kernel, drivers etc.)
>   are free , no close firmware needed.High performance. Tests
>   show that our platform gets the best performance for 7"-9"ultra
>   mobile laptops. ... "
> 
> 
> Any vendor that puts the above on their home page, and lives up to it,
> deserves support.
> 
> The Dutch Tekmote company sells them for under EUR 350 including
> shipping and VAT, and they seem to ship worldwide. I'd guess there's no

Small correction: the price mentioned are without VAT and shipping.

> VAT on non-EU orders?
> http://www.tekmote.nl/epages/61504599.sf
> 
> I haven't found anyone in the US selling them, but I'm still looking.
> 
> jon

If you are surprised the little machine exists, you might also be
surprised by these urls:

http://www.openbsd.org/loongson.html
and
http://www.drijf.net/pictures/lemote/

Miod did the big bulk of work, he had to do some of his magic to get
this working facing very nasty processor bugs. Matthieu had X working
in a breeze and I did assorted things here and there, fixing a gcc
propolice bug that potentially could harm other platforms as well
being the most important one. 

If you want to move things forward, please get jasper@ a machine. We
need ports!

-Otto

Re: is the Lemote Yeeloong available in the US?

[J.C. Roberts]

On Wed, 3 Feb 2010 18:45:13 -0700 (MST) Diana Eichert
 wrote:

> Really, I meant, Where would Carmen San Diego find a
> Lemote Yeeloong in the US?
> 
> diana
> 

I was wondering when Loongson based systems would start showing up, but
the following was a wonderful surprise:

http://www.lemote.com/english/index.html

"The world's first laptop which contains completely free
software. All system source files(BIOS, kernel, drivers etc.)
are free , no close firmware needed.High performance. Tests
show that our platform gets the best performance for 7"-9"ultra
mobile laptops. ... "


Any vendor that puts the above on their home page, and lives up to it,
deserves support.

The Dutch Tekmote company sells them for under EUR 350 including
shipping and VAT, and they seem to ship worldwide. I'd guess there's no
VAT on non-EU orders?
http://www.tekmote.nl/epages/61504599.sf

I haven't found anyone in the US selling them, but I'm still looking.

jon

Re: Fw: pico and/or nano in the releases and snapshots

[Brynet]

Hello,

While you're likely a troll, you may just be some sad religious zealot
ranting on a mailing list.

If you're not fond of vi(1), you may be interested in mg(1).. while it's
not exactly the same as pico or nano, it's not that far off.

Keep it off the lists next time,
-Bryan.

Re: Fw: pico and/or nano in the releases and snapshots

[Aaron Mason]

On Thu, Feb 4, 2010 at 11:35 AM, Scott McEachern  wrote:
> Giridhari wrote:
>
> blah blah
>>
>> pico or nano
>
> blah blah
>>
>> part of the distribution.
>
> and more blah blah blah.
>
> All that because you find 'pkg_add pico" or "pkg_add nano" too difficult to
> type?
>
> --
>
> -RSM
>
> http://www.erratic.ca
>
>

Or not be an arse and learn vi.

Giridhari,

I once thought like you did.  Then I discovered a wonderful resource -
a mug that is sold by ThinkGeek.  It has all of the commands you could
hope to need, and how to use them.  The graphic that's used on the cup
is freely downloadable, so you can blow it up to A3 and stick it on
the wall behind your computer for easy reference.

Believe me, learning how to use vi will save you a lot of headaches in
the long run.

-- 
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Re: http://www.apache.org/dist/httpd/Announcement1.3.html

[Marco Peereboom]

OpenBSD apache 1.3 != apache 1.3

What is wrong with apache in base?

And if you don't like it what is wrong with apache 2 in ports?

Or any other web server in ports for that matter.

On Wed, Feb 03, 2010 at 07:21:03PM -0800, David wrote:
> Given the above, is openbsd going to stick with Apache 1.3?

Re: OpenBSD on Wyse C90LE

[Predrag Punosevac]

Jacob Meuser wrote:
>> Absolutely right. Kernel doesn't see USB drive from that point because
>> USB is not 2.0 as advertised but it is 1.1. Crapy hardware. Seems that 
>> uhci doesn't pick up from ehci during the boot process. 

> did you ty disabling echi in UKC?

No, I didn't try. I will try tomorrow morning when I have access to 
hardware again. I was slow to realize what was happening and by the 
time I realized I had to go for a meeting.


Cheers,
Predrag

http://www.apache.org/dist/httpd/Announcement1.3.html

[David]

Given the above, is openbsd going to stick with Apache 1.3?

Re: OpenBSD on Wyse C90LE

[Jacob Meuser]

On Wed, Feb 03, 2010 at 08:48:35PM -0500, Predrag Punosevac wrote:

> Absolutely right. Kernel doesn't see USB drive from that point because
> USB is not 2.0 as advertised but it is 1.1. Crapy hardware. Seems that 
> uhci doesn't pick up from ehci during the boot process. 

did you ty disabling echi in UKC?

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Fw: pico and/or nano in the releases and snapshots

[Chris Bennett]

Giridhari wrote:

Hare Krsna.


From: Giridhari
Sent: Thursday, February 04, 2010 7:37 AM
To: dera...@cvs.openbsd.org ; dera...@openbsd.org
Subject: Fw: pico and/or nano in the releases and snapshots


ATTENTION

Last night I saved a rat from certain death at the hands of a cat whose
ovaries had been cut out. This is the cutting edge of bhakti in the interests
of OpenBSD. You have been notified.

Note: The below message has been slightly adjusted to that which was sent to
dera...@theos.org.


From: Giridhari
Sent: Thursday, February 04, 2010 7:28 AM
To: dera...@theos.com
Subject: pico and/or nano in the releases and snapshots


Hare Krsna Mr. DeRaadt.

I am trying to write a new security implementation for OpenBSD, but find vi to
be clumsy and hampering.

I was very comfortable with pico, and nano. I am running a new system with
multiprocessor kernel, and currently have no support for the ZTE MF626 modem I
connect via cellular network with. I have tried installing the package of pico
but it failed, so I installed it's dependencies, but pico still would not
install because it had partially installed, would not pkg_delete (not even
when forced), and I could not find a way to clean this up.

I would really appreciate if pico or nano, which are simple and elegant,
perhaps not with the frills vi uses apparently seem to appreciate, but simple
and natural nonetheless, we part of the distribution. 

I agree, vi is terribly complicated and confusing to use.
That is way I have always found ed to be a wonderful editor
It is in the base and ALWAYS works even under the most terrifying and 
frightening conditions.


Long Live ED!

I fly with those. PLEASE
INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please
overlook the apparent justifications for vi-only exclusivity, and help please.
FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a
non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding
to do, including writing support for umodem for the MF626, and I would like to
write it as a learning exercise in assembly. The new security mechanism is
brute force resilient, and it is for particularly nasty weather. Pull a
Torvaldsesque dictatorship because-I-said-so if you have to.

Hare Bol.


  


--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders,
give orders, cooperate, act alone, solve equations, analyze a new
problem, pitch manure, program a computer, cook a tasty meal, fight
efficiently, die gallantly. Specialization is for insects.
  -- Robert Heinlein

Re: OpenBSD on Wyse C90LE

[Predrag Punosevac]

On Wed, Feb 04, 2010 at 1:01:38AM Jacob Meuser wrote:
>>On Wed, Feb 03, 2010 at 01:06:15PM -0500, Predrag Punosevac wrote:
>> This is the brief preliminary report on Wyse C90LE. I downloaded 
>> yesterday the latest snapshot of OpenBSD 4.7 beta for i386.
>> 
>> I installed on 2.0 USB of 2GB.
>> I tested the live USB by booting DeLL optiplex 960 (Intel 2 core).
>> Everything works perfect including X server. 
>> 
>> Conclusion is that USB media is OK.

> are you sure it really booted off the USB?




I am 1000% sure I booted from USB. The Thin Client comes pre-installed
with WindowsXP embedded.




> 
>> I broke into the BIOS of Wyse C90LE by holding DEL key. BIOS requires 
>> password. The default password is Fireport (found on the web-site of 
>> manufacturer). I changed the boot order so that PXE boot is the first 
>> and USB 2.0 is the second. I didn't see any other options I could play
>> with in BIOS (like legacy USB or similar).
>> 
>> Boot process goes fine and then stops. It is looking for the root device
>> I manually typed wd0a and wd0b for swap  (original partition was done
>> by accepting defaults from the installer just for test).
>> The boot process is aborted.
>> 
>> ddb{0}>trace
>> Debugger(50,d08cf780,d0a32f48,0,0) at Debugger +0x4
>> panic(d07543e8,1,,0,d0863178) at panic +0x55
>> dk_mountroot(2,2,2fecc,d0a32f9c,d04ca223) at dk_mountroot +0x1a7
>> main(0,0,0,0,0) at main +0x4eb

>I've never seen a USB disk come up as wd*, always sd*.




Me neither! I tried to put sd0a as a root directory. I think, I have 
very clear idea what is wrong. Look at my second message where 
I describe the boot process. Problems occur after four messages

ehci_sync_hs:tsleep()=35

ehci as you know is the driver for USB 2.0. I looked through archives
and I found that people have reported problems with sheety USB
controller on VIA mother boards. Somebody submitted the patch last year.
Obviously even the best software can not fixed crapy hardware. 
The OpenBSD aborts the boot because USB is not anymore seen by kernel.




>so your crash makes sense, since you told it to boot off something that
>doesn't yet exist.

Absolutely right. Kernel doesn't see USB drive from that point because
USB is not 2.0 as advertised but it is 1.1. Crapy hardware. Seems that 
uhci doesn't pick up from ehci during the boot process. 





> sounds like your USB image is not right.  it should be booting off
> sd0.  when the kernel boots, do you see sd0 in the dmesg?

> you got trace output, so where's the dmesg?

There is no dmesg. The boot process aborts. My hunch is that I would be
able to install OpenBSD on internal flash drive possibly even by booting
with USB. I booted bsd.rd from USB without problems but I didn't want 
to erase embedded image because these units are not paid. They were 
given to us for evaluation. That is way I wanted to use Live USB. 


Jake, thanks a lot for taking the time to think about my problem.

Predrag

is the Lemote Yeeloong available in the US?

[Diana Eichert]

Really, I meant, Where would Carmen San Diego find a
Lemote Yeeloong in the US?

diana

Re: pico and/or nano in the releases and snapshots

[Paul M]

If you are smart enough to write support for umodem for the MF626, then
learning vi should be a breeze.

Alternatively:
If learning vi is so hard for you, then you havn't a hope in hell of 
writing

support for umodem for the MF626.


paulm


On 4/02/2010, at 12:52 PM, Giridhari wrote:


Hare Krsna.


From: Giridhari
Sent: Thursday, February 04, 2010 7:37 AM
To: dera...@cvs.openbsd.org ; dera...@openbsd.org
Subject: Fw: pico and/or nano in the releases and snapshots


ATTENTION

Last night I saved a rat from certain death at the hands of a cat whose
ovaries had been cut out. This is the cutting edge of bhakti in the 
interests

of OpenBSD. You have been notified.

Note: The below message has been slightly adjusted to that which was 
sent to

dera...@theos.org.


From: Giridhari
Sent: Thursday, February 04, 2010 7:28 AM
To: dera...@theos.com
Subject: pico and/or nano in the releases and snapshots


Hare Krsna Mr. DeRaadt.

I am trying to write a new security implementation for OpenBSD, but 
find vi to

be clumsy and hampering.

I was very comfortable with pico, and nano. I am running a new system 
with
multiprocessor kernel, and currently have no support for the ZTE MF626 
modem I
connect via cellular network with. I have tried installing the package 
of pico
but it failed, so I installed it's dependencies, but pico still would 
not
install because it had partially installed, would not pkg_delete (not 
even

when forced), and I could not find a way to clean this up.

I would really appreciate if pico or nano, which are simple and 
elegant,
perhaps not with the frills vi uses apparently seem to appreciate, but 
simple
and natural nonetheless, we part of the distribution. I fly with 
those. PLEASE
INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and 
please
overlook the apparent justifications for vi-only exclusivity, and help 
please.

FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a
non-standard request, but honestly, vi is so clumsy, and I have LOTS 
of coding
to do, including writing support for umodem for the MF626, and I would 
like to
write it as a learning exercise in assembly. The new security 
mechanism is

brute force resilient, and it is for particularly nasty weather. Pull a
Torvaldsesque dictatorship because-I-said-so if you have to.

Hare Bol.

Re: Fw: pico and/or nano in the releases and snapshots

[Jacob Meuser]

On Wed, Feb 03, 2010 at 07:06:49PM -0600, Marco Peereboom wrote:
> Wow this easily is the best troll of the year so far.

really?  to me it looks like someone was trying to be funny and totally
failed.  I give it a two thumbs down.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Fw: pico and/or nano in the releases and snapshots

[Marco Peereboom]

Wow this easily is the best troll of the year so far.

On Thu, Feb 04, 2010 at 10:52:32AM +1100, Giridhari wrote:
> Hare Krsna.
> 
> 
> From: Giridhari
> Sent: Thursday, February 04, 2010 7:37 AM
> To: dera...@cvs.openbsd.org ; dera...@openbsd.org
> Subject: Fw: pico and/or nano in the releases and snapshots
> 
> 
> ATTENTION
> 
> Last night I saved a rat from certain death at the hands of a cat whose
> ovaries had been cut out. This is the cutting edge of bhakti in the interests
> of OpenBSD. You have been notified.
> 
> Note: The below message has been slightly adjusted to that which was sent to
> dera...@theos.org.
> 
> 
> From: Giridhari
> Sent: Thursday, February 04, 2010 7:28 AM
> To: dera...@theos.com
> Subject: pico and/or nano in the releases and snapshots
> 
> 
> Hare Krsna Mr. DeRaadt.
> 
> I am trying to write a new security implementation for OpenBSD, but find vi to
> be clumsy and hampering.
> 
> I was very comfortable with pico, and nano. I am running a new system with
> multiprocessor kernel, and currently have no support for the ZTE MF626 modem I
> connect via cellular network with. I have tried installing the package of pico
> but it failed, so I installed it's dependencies, but pico still would not
> install because it had partially installed, would not pkg_delete (not even
> when forced), and I could not find a way to clean this up.
> 
> I would really appreciate if pico or nano, which are simple and elegant,
> perhaps not with the frills vi uses apparently seem to appreciate, but simple
> and natural nonetheless, we part of the distribution. I fly with those. PLEASE
> INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please
> overlook the apparent justifications for vi-only exclusivity, and help please.
> FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a
> non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding
> to do, including writing support for umodem for the MF626, and I would like to
> write it as a learning exercise in assembly. The new security mechanism is
> brute force resilient, and it is for particularly nasty weather. Pull a
> Torvaldsesque dictatorship because-I-said-so if you have to.
> 
> Hare Bol.

Re: Fw: pico and/or nano in the releases and snapshots

[Scott Learmonth]

I've been avoiding this OP, but I guess I'll weigh in now.

This smells like roe. Don't feed it.


On Thu, Feb 04, 2010 at 01:54:07AM +0100, Jesus Sanchez wrote:
> El 04/02/2010 0:52, Giridhari escribis:
> >Hare Krsna.
> >
> >
> >From: Giridhari
> >Sent: Thursday, February 04, 2010 7:37 AM
> >To: dera...@cvs.openbsd.org ; dera...@openbsd.org
> >Subject: Fw: pico and/or nano in the releases and snapshots
> >
> >
> >ATTENTION
> >
> >Last night I saved a rat from certain death at the hands of a cat whose
> >ovaries had been cut out. This is the cutting edge of bhakti in the interests
> >of OpenBSD. You have been notified.
> >
> >Note: The below message has been slightly adjusted to that which was sent to
> >dera...@theos.org.
> >
> >
> >From: Giridhari
> >Sent: Thursday, February 04, 2010 7:28 AM
> >To: dera...@theos.com
> >Subject: pico and/or nano in the releases and snapshots
> >
> >
> >Hare Krsna Mr. DeRaadt.
> >
> >I am trying to write a new security implementation for OpenBSD, but find vi 
> >to
> >be clumsy and hampering.
> >
> >I was very comfortable with pico, and nano. I am running a new system with
> >multiprocessor kernel, and currently have no support for the ZTE MF626 modem 
> >I
> >connect via cellular network with. I have tried installing the package of 
> >pico
> >but it failed, so I installed it's dependencies, but pico still would not
> >install because it had partially installed, would not pkg_delete (not even
> >when forced), and I could not find a way to clean this up.
> >
> >I would really appreciate if pico or nano, which are simple and elegant,
> >perhaps not with the frills vi uses apparently seem to appreciate, but simple
> >and natural nonetheless, we part of the distribution. I fly with those. 
> >PLEASE
> >INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please
> >overlook the apparent justifications for vi-only exclusivity, and help 
> >please.
> >FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a
> >non-standard request, but honestly, vi is so clumsy, and I have LOTS of 
> >coding
> >to do, including writing support for umodem for the MF626, and I would like 
> >to
> >write it as a learning exercise in assembly. The new security mechanism is
> >brute force resilient, and it is for particularly nasty weather. Pull a
> >Torvaldsesque dictatorship because-I-said-so if you have to.
> >
> >Hare Bol.
> >
> 
>You're loosing your time, not only for asking something like "put MY
> favourite s**t on YOUR system" but also for using something like
> pico/nano as text editor. It's the most improductive thing I've seen in
> my life (comparing to vi/vim/vi-clones). What makes vi/Vim editors so
> "clumsy and hampering" it's the same that makes Photoshop better
> than MSpaint: design with productivity in mind.
> 
>In the worst case you can make your own iso with pino/nano/whatever
> in it, but seriously, if I were you, I would learn how to use vi/Vim
> editors ASAP, it's in ALL unix-like systems, use vi, and you will never
> have to use another text editor in your life.
> 
> By the way, this was written using Vim.
> -J

Re: Fw: pico and/or nano in the releases and snapshots

[mehma sarja]

He's not asking you to do it, it is all up to the LordKrsna in this
case.

Mehma
===

On Wed, Feb 3, 2010 at 4:35 PM, Scott McEachern  wrote:

> Giridhari wrote:
>
> blah blah
>
>> pico or nano
>>
> blah blah
>
>> part of the distribution.
>>
> and more blah blah blah.
>
> All that because you find 'pkg_add pico" or "pkg_add nano" too difficult to
> type?
>
> --
>
> -RSM
>
> http://www.erratic.ca

Re: OpenBSD on Wyse C90LE

[Jacob Meuser]

On Wed, Feb 03, 2010 at 01:06:15PM -0500, Predrag Punosevac wrote:
> This is the brief preliminary report on Wyse C90LE. I downloaded 
> yesterday the latest snapshot of OpenBSD 4.7 beta for i386.
> 
> I installed on 2.0 USB of 2GB.
> 
> I tested the live USB by booting DeLL optiplex 960 (Intel 2 core).
> Everything works perfect including X server. 
> 
> Conclusion is that USB media is OK.

are you sure it really booted off the USB?

> 
> I broke into the BIOS of Wyse C90LE by holding DEL key. BIOS requires 
> password. The default password is Fireport (found on the web-site of 
> manufacturer). I changed the boot order so that PXE boot is the first 
> and USB 2.0 is the second. I didn't see any other options I could play
> with in BIOS (like legacy USB or similar).
> 
> Boot process goes fine and then stops. It is looking for the root device
> I manually typed wd0a and wd0b for swap  (original partition was done
> by accepting defaults from the installer just for test).
> The boot process is aborted.
> 
> ddb{0}>trace
> Debugger(50,d08cf780,d0a32f48,0,0) at Debugger +0x4
> panic(d07543e8,1,,0,d0863178) at panic +0x55
> dk_mountroot(2,2,2fecc,d0a32f9c,d04ca223) at dk_mountroot +0x1a7
> main(0,0,0,0,0) at main +0x4eb

I've never seen a USB disk come up as wd*, always sd*.

so your crash makes sense, since you told it to boot off something that
doesn't yet exist.

sounds like your USB image is not right.  it should be booting off
sd0.  when the kernel boots, do you see sd0 in the dmesg?

you got trace output, so where's the dmesg?

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Fw: pico and/or nano in the releases and snapshots

[Jesus Sanchez]

El 04/02/2010 0:52, Giridhari escribis:

Hare Krsna.


From: Giridhari
Sent: Thursday, February 04, 2010 7:37 AM
To: dera...@cvs.openbsd.org ; dera...@openbsd.org
Subject: Fw: pico and/or nano in the releases and snapshots


ATTENTION

Last night I saved a rat from certain death at the hands of a cat whose
ovaries had been cut out. This is the cutting edge of bhakti in the interests
of OpenBSD. You have been notified.

Note: The below message has been slightly adjusted to that which was sent to
dera...@theos.org.


From: Giridhari
Sent: Thursday, February 04, 2010 7:28 AM
To: dera...@theos.com
Subject: pico and/or nano in the releases and snapshots


Hare Krsna Mr. DeRaadt.

I am trying to write a new security implementation for OpenBSD, but find vi to
be clumsy and hampering.

I was very comfortable with pico, and nano. I am running a new system with
multiprocessor kernel, and currently have no support for the ZTE MF626 modem I
connect via cellular network with. I have tried installing the package of pico
but it failed, so I installed it's dependencies, but pico still would not
install because it had partially installed, would not pkg_delete (not even
when forced), and I could not find a way to clean this up.

I would really appreciate if pico or nano, which are simple and elegant,
perhaps not with the frills vi uses apparently seem to appreciate, but simple
and natural nonetheless, we part of the distribution. I fly with those. PLEASE
INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please
overlook the apparent justifications for vi-only exclusivity, and help please.
FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a
non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding
to do, including writing support for umodem for the MF626, and I would like to
write it as a learning exercise in assembly. The new security mechanism is
brute force resilient, and it is for particularly nasty weather. Pull a
Torvaldsesque dictatorship because-I-said-so if you have to.

Hare Bol.

   


   You're loosing your time, not only for asking something like "put MY
favourite s**t on YOUR system" but also for using something like
pico/nano as text editor. It's the most improductive thing I've seen in
my life (comparing to vi/vim/vi-clones). What makes vi/Vim editors so
"clumsy and hampering" it's the same that makes Photoshop better
than MSpaint: design with productivity in mind.

   In the worst case you can make your own iso with pino/nano/whatever
in it, but seriously, if I were you, I would learn how to use vi/Vim
editors ASAP, it's in ALL unix-like systems, use vi, and you will never
have to use another text editor in your life.

By the way, this was written using Vim.
-J

Re: Fw: pico and/or nano in the releases and snapshots

[Scott McEachern]

Giridhari wrote:

blah blah

pico or nano

blah blah

part of the distribution.

and more blah blah blah.

All that because you find 'pkg_add pico" or "pkg_add nano" too difficult 
to type?


--

-RSM

http://www.erratic.ca

Fw: pico and/or nano in the releases and snapshots

[Giridhari]

Hare Krsna.


From: Giridhari
Sent: Thursday, February 04, 2010 7:37 AM
To: dera...@cvs.openbsd.org ; dera...@openbsd.org
Subject: Fw: pico and/or nano in the releases and snapshots


ATTENTION

Last night I saved a rat from certain death at the hands of a cat whose
ovaries had been cut out. This is the cutting edge of bhakti in the interests
of OpenBSD. You have been notified.

Note: The below message has been slightly adjusted to that which was sent to
dera...@theos.org.


From: Giridhari
Sent: Thursday, February 04, 2010 7:28 AM
To: dera...@theos.com
Subject: pico and/or nano in the releases and snapshots


Hare Krsna Mr. DeRaadt.

I am trying to write a new security implementation for OpenBSD, but find vi to
be clumsy and hampering.

I was very comfortable with pico, and nano. I am running a new system with
multiprocessor kernel, and currently have no support for the ZTE MF626 modem I
connect via cellular network with. I have tried installing the package of pico
but it failed, so I installed it's dependencies, but pico still would not
install because it had partially installed, would not pkg_delete (not even
when forced), and I could not find a way to clean this up.

I would really appreciate if pico or nano, which are simple and elegant,
perhaps not with the frills vi uses apparently seem to appreciate, but simple
and natural nonetheless, we part of the distribution. I fly with those. PLEASE
INCLUDE PICO OR NANO OR BOTH IN A NEW SNAPSHOT, and from now-on, and please
overlook the apparent justifications for vi-only exclusivity, and help please.
FOR BHAKTA GIRIDHARI. Krsna is your friend. PLEASE!!! I know its is a
non-standard request, but honestly, vi is so clumsy, and I have LOTS of coding
to do, including writing support for umodem for the MF626, and I would like to
write it as a learning exercise in assembly. The new security mechanism is
brute force resilient, and it is for particularly nasty weather. Pull a
Torvaldsesque dictatorship because-I-said-so if you have to.

Hare Bol.

Re: Is OpenBSD + PF accredited or certified in any way ?

[Martin Schröder]

2010/2/3 Jean-Francois :
> Not clear for me, does this firewall reach EAL4+ or EAL6 as stated in their
> doc

"Certified by the BSI according to CC at the level EAL 4+"

http://www.genua.de/genua/kunden/index.en.html

Best
Martin

Re: Is OpenBSD + PF accredited or certified in any way ?

[Jean-Francois]

Le mardi 02 fivrier 2010 20:29:29, Martin Schrvder a icrit :
> 2010/2/2 Keith :
> > Can anyone help me out ?
>
> If you need professional services:
> http://www.genua.de/produkte/firewall/genugate/index.en.html
>
> Their firewalls are OpenBSD based.
>
> Best
> Martin
>

Not clear for me, does this firewall reach EAL4+ or EAL6 as stated in their
doc
(http://www.genua.de/dateien/genugate-salesfolder-en.pdf) ?

spamd-sync logging? I see the udp traffic but nothing in logs to confirm sync

[James Rippas]

I'm trying to confirm that spamd is syncing the db properly between 2
hosts.  When I startup spamd I get:

listening for incoming connections.

in /var/log/spamd; but nothing else.  There is a lot of UDP traffic on 8025
between the 2 hosts but the  databases are still different sizes.

I'm starting spamd with the following options, running 4.6:

host A
/usr/libexec/spamd -v -G10:4:864 -y 172.16.254.1  -Y a.test.com

host B
/usr/libexec/spamd -v -G10:4:864 -y 172.19.254.1 -Y b.test.com

Should I see messages in /var/log/spamd when the spamd processes connect and
register with each other?

Thank you.

Re: OpenBSD on Wyse C90LE

[Predrag Punosevac]

I booted one more time specifying bsd.sp kernel explicitly. Right 
before I am asked to explicitly enter the root device. I see the
following repeating four times

ehci_sync_hs:tsleep()=35

Predrag

Eventos corporativos con mucha mas accion

[PI, Eventos Politicamente Incorrectos]

Para Desuscribirse, por favor, haga click aquí :
http://mailing.marketing-ip.com.ar/box.php?funcml=unsub2&nl=502&mi=10216&email=misc%40openbsd.org

Re: OpenBSD on Wyse C90LE

[Predrag Punosevac]

This is the brief preliminary report on Wyse C90LE. I downloaded 
yesterday the latest snapshot of OpenBSD 4.7 beta for i386.

I installed on 2.0 USB of 2GB.

I tested the live USB by booting DeLL optiplex 960 (Intel 2 core).
Everything works perfect including X server. 

Conclusion is that USB media is OK.


I broke into the BIOS of Wyse C90LE by holding DEL key. BIOS requires 
password. The default password is Fireport (found on the web-site of 
manufacturer). I changed the boot order so that PXE boot is the first 
and USB 2.0 is the second. I didn't see any other options I could play
with in BIOS (like legacy USB or similar).

Boot process goes fine and then stops. It is looking for the root device
I manually typed wd0a and wd0b for swap  (original partition was done
by accepting defaults from the installer just for test).
The boot process is aborted.

ddb{0}>trace
Debugger(50,d08cf780,d0a32f48,0,0) at Debugger +0x4
panic(d07543e8,1,,0,d0863178) at panic +0x55
dk_mountroot(2,2,2fecc,d0a32f9c,d04ca223) at dk_mountroot +0x1a7
main(0,0,0,0,0) at main +0x4eb

ddb{0}>ps 
PID PPID PGRP UID   SFLAGSWAIT  Command
11  00 03pftm pfpurge 
10  0 0 0   3 usbevt   usb3 
9   0 0 0   3 usbevt   usb2
8   0 0 0   3 usbevt   usb1
7   0 0 0   3 usbtsk   usbtask
6   0 0 0   3 usbevt   usb0
5   0 0 0   3 acpi_idle acpi0 
4   0 0 0   3  bored   sgswq 
3   0 0 0   3 -idle 0 
2   0 0 0   3 kmalloc  kmthread 
1   0 0 0   3 initexec  swapper
0   -10 0   2 - swapper



I would appreciate any comment or suggestion.

Cheers,
Predrag

Seksi pokloni za Dan zaljubljenih

[E-topshop]

If you have trouble seeing this mail, click here.

Top Shop

Top E-revija: 45, 3. februar 2010.
Najbolja praktiD
na reE!enja i saveti za bolji E>ivot

PoD
etna | Budi fit! | Lepota | Zdrav E>ivot

DomaDinstvo | Zabava i deca | Quelle katalog | Knjige

Top Shop

HIT TV proizvodi!

2xSweet Dream Pillow - PAKET!

Sweet Dream Pillow

Ab Rocket - fitnes sprava

Ab Rocket

Leg Magic - fitnes sprava

Leg Magic

Massage cushion - jastuk za masaE>u

Massage Cushion

FlavorWave Turbo Oven - BESPLATNA ...

FlavorWave  BESPLATNA DOSTAVA!

Seksi pokloni za Dan zaljubljenih

Poklonite partneru neE!to seksi za Dan zaljubljenih, proD
itajte naE!ih
10 predloga.

Na Dan Zaljubljenih ne propustite...

E ta ne bi trebalo da propustite za Dan zaljubljenih, podsetite se E!ta
treba uraditi.

15 Top ljubavnih filmova svih vremena

PreporuD
ujemo 15 najromantiD
nijih filmova svetske kinematografije od
1939 do 2001.

Slatki zalogajiu dvoje: Ljubavna torta

Iznenadite svog dragog ili dragu iu malo truda sami napravite tortu za
dan zaljubljernih.

Seksi pokloni za Dan zaljubljenih

Seksi pokloni za Dan zaljubljenih

E=elite svom partneru da poklonite neE!to posebno? - E ta kaE>ete na
D
istu strast? VaE! parnter De svakako biti iznenaDen i zadovoljan.
Napravite romantiD
nu atmosferu, upalite nekoliko sveDa, pustite laganu
muziku, upalite egzotiD
ni miriE!ljavi E!tapiD i polako otpakujte svoj
poklon... [ProD
itajte viE!e ...]

Pravo je vreme da mislite na svoj izgled uz ove super ponude!

Ab Tronic X2 - BESPLATNA DOSTAVA!

Bathroom Scale 5 u 1 - POPUST 15%

Celluless - anticelulit masaE>er

Ab Tronic X2 - Pojas za stomak ...

Bathroom Scale 5 u 1 - POPUST ...

Celluless - anticelulit masaE>er

SUPER PONUDA!

15%

25%

Do D
ak 7 puta bolji efekat od klasiD
nog veE>banja! Koristite ga samo 10
minuta dnevno!

POPUST! MrE!avite zdravo, pratite svoje treninge i dijete. Budite
efikasniji!

Vakuumska masaE>a- najefikasniji tretman protiv celulita. Zaboravite na
skupe tretmane.

Cena: 7.990 RSD
[ViE!e informacija]

Cena: 2.200 RSD
[ViE!e informacija]

Cena: 2.990 RSD
[ViE!e informacija]

Dan Zaljubljenih/Sveti Trifun

Na Dan Zaljubljenih ne propustite...

Iako se kod nas slavi kao Sveti Trifun, zaE!titnik vinogradara, svake
godine se ipak slavi i Dan Zaljubljenih (Sveti Valentin). Ne zaboravite
na 10 osnovnih stvari koje D
ine ovaj datum romantiD
nim i intimnim
druE>enjem partnera. Podsetite se na vreme E!ta vam je D
initi... [ProD
itajte
viE!e...]

Pokloni i popusti proizvoda za dvoje...

2xSweet Dream Pillow - PAKET!

2 x Snuggie - Debe sa rukavima uz POPUST!

2xHeljda Natural Dream jastuci - SUPER CENA!

2xSweet Dream Pillow - PAKET!

2 x Snuggie - 2 Debeta sa rukavima ...

2xHeljda Natural Dream jastuci ...

16%

25%

16%

Jastuci od memorijske pene, koji se savrE!eno prilagoDava konturama
glave i vrata

Komplet od 2 Debeta koje moE>ete nositi na sebi i nesmetano se koristiti
rukama.

Idealni jastuci za osobe koje su alergiD
ne na perjane jastuke, smanjuje
bolove u leDima.

Cena: 2.990 RSD
[ViE!e informacija]

Cena: 2.990 RSD
[ViE!e informacija]

Cena: 3.690 RSD
[ViE!e informacija]

Dan Zaljubljenih uz filmove - ...

15 top ljubavnih filmova svih vrmena

Ukoliko 14. februar bude hladan i stoga nezgodan za romantiD
nu E!etnju
sa voljenom osobom b imamo pravo reE!enje... PronaDite neki ljubavni
film b i voljenoj osobi ulepE!ajte veD
e. Pogledajte  listu od 15
najromantiD
nijih filmova svih vremena i odluD
ite se... [ProD
itajte
viE!e...]

Predstavljamo - NAJNOVIJE!

Dragon Fly - Stimulator miE!iDa

Total Vibes - 5 u 1 fitnes maE!ina

Dorisb" - kreativna igra i slagalica

Dragon Fly - Stimulator miE!iDa

Total Vibes - 5 u 1 fitnes maE!ina

Dorisb" - kreativna igra i slagalica

NOVO!

NOVO!

13%

Dovoljno je samo da zalepite jastuD
iDe na miE!iDe koje E>elite da
veE>bate i opustite se.

Sve u jednom - trening snage, zatezanje miE!iDa, poveDanje
fleksibilnosti i relaks masaE>a.

Kreativna i edukativna igra i slagalica pogodna za uzrast od 6 do 106
godina.

Cena: 4.490 RSD
[ViE!e informacija]

Cena: 46.990 RSD
[ViE!e informacija]

Cena: 3.490 RSD
[ViE!e informacija]

Ljubavna torta

Slatki zalogaj u dvoje: Ljubavna torta

Ako E>elite da obradujete svog partnera za Dan zaljubljenih predlaE>emo
da mu priuE!tite uE>ivanje svim D
ulima. Zaljubljena torta je neE!to E!to
De oD
arati D
ula ukusa i mirisa. Iznenadite ga/je ovim zanosnim
slatkiE!em, fantastiD
nog ukusa i jednostavnog za pripremu... [ProD
itajte
viE!e...]

Moj prijatan, udoban i nasmejan dom...

Air Sofa Bed - sofa na naduvavanje

Omni Floor Polisher - D
istaD
 podova

Mamma's Cookie Cutters - Kalupi za kolaD
iDe

Air Sofa Bed - multinamenski leE>aj ...

Omni Floor Polisher - ViE!enamenski ...

Mamma s Cookie Cutters - Kalupi ...

NAJUDOBNIJE!

NOVO!

KREATIVNO I ZABAVNO!

Elegantna sofa pet u jedan - udobna za spavanje i zgodna za opuE!tanje.

Disti i polira sve vrste podova, lako i efikasno - poput profesionalnih
maE!ina!

Sami ili sa svojim detetom pravite najkr

Re: relayd and weighting

[Holger Glaess]

hi

no , there is no weighting, but you can use the monitoring feature
with an own script that messure the load of the box .
if the load going over a limit the script give an exit 1
and relayd diden4t send  traffic to this host.

holger


> Hi list,
>
> I'm planning to replace a GNU/Linux-driven load balancer (heartbeat,
> ldirectord) by an OpenBSD setup using pf, pfsync, and relayd.
>
> However, I discovered that I need 'weighting' (at least that is what it's
> called in ldirectord).
>
> For example, I have ten web servers to spread the load onto, three of them
> are 'old' and would handle less page impressions in the same time frame.
>
> So I'd like to spread the incoming connections across all machines, but
> reduce the amount of connections to the three slower ones, e.g. only the
> half or one third of the amount 'the big ones' handle.
>
> Is there such a feature in relayd I didn't see when reading the
> documentation repeatedly?
>
> I could handle this by creating NIC aliases on the servers depending on
> the workload they should handle, but I think that it would be best to have
> such functionality in the load balancer.
>
> Thanks,
>
> Donald
> --
> GRATIS f|r alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

Re: way to help: laptops and weekly

[Owain Ainsworth]

On Wed, Feb 03, 2010 at 07:00:56AM -0800, J.C. Roberts wrote:
> On Mon, 1 Feb 2010 13:57:09 + Owain Ainsworth
>  wrote:
> 
> > On Mon, Feb 01, 2010 at 07:42:57AM +0200, Jussi Peltola wrote:
> > > On Mon, Feb 01, 2010 at 04:54:49AM +, Jacob Meuser wrote:
> > > > On Mon, Feb 01, 2010 at 05:57:11AM +0200, Jussi Peltola wrote:
> > > > > On Mon, Feb 01, 2010 at 02:35:54AM +, Jacob Meuser wrote:
> > > > > > yeah, but wasn't the original issue that started this thread
> > > > > > was that the locate database was "too old"?  maybe if locate,
> > > > > > apropos, etc would print "databse last updated 3 weeks 2 days
> > > > > > ago"?
> > > > >  
> > > > > This should be done in any case. IMHO it's a bug if they don't
> > > > > complain loudly, or even refuse to run with a stale database.
> > > > > Stale caches are evil, even if the man page warns about them.
> > > > 
> > > > yeah, but if your computer hasn't been on for 3 weeks and then
> > > > locate won't work because the database is 3 weeks old, that would
> > > > suck.
> > >  
> > > Of course it would need a switch to force it to run. But I guess a
> > > warning is better since locate might be used in scripts and it's not
> > > good to add extra knobs to existing programs where they don't gain
> > > much.
> > 
> > Please, no.
> > 
> > If nothing has changed on my machine in 3 weeks (say one of the
> > laptops I use infrequently) I would utterly hate having locate et al.
> > bitch at me continually.
> > 
> > If *you* really want something like that, this is what shell
> > functions are for, just check the database mtime, and print to stderr
> > if it's too old, then run locate. Please don't try and force that on
> > everyone else.
> > 
> 
> I agree with Owain. I mean no offense to Tedu, but there is no viable
> need for serious modifications or significant changes in default
> behavior... And worse, trying to "fix" this supposed problem will
> most likely cause other problems.

For the record, i'm not against something that runs the ${INTERVAL}y
scripts in a more intelligent fashion, as long as it is simple and
non-intrusive.

I was just registering a strong dislike of making things like locate(1)
nag about old databases.

-0- - who often leaves his main laptop on overnight.
-- 
In the land of the dark, the Ship of the Sun
is driven by the Grateful Dead.
-- Egyptian Book of the Dead

Re: Maximizing File/Network I/O

[Henning Brauer]

* nixlists  [2010-01-14 08:39]:
> On Wed, Jan 13, 2010 at 11:43 PM, Henning Brauer 
> wrote:
> > * nixlists  [2010-01-14 03:21]:
> >> > test results on old P4 are unfortunately pretty much pointless.
> >>
> >> Why?
> >>
> >>   cpu0: Intel(R) Pentium(R) 4 CPU 2.53GHz ("GenuineIntel" 686-class) 2.52
> GHz
> >>
> >> Isn't 2.52GHz fast enough for gigabit links? I know that's like half
> >> that in P3 cycles, but still... What's the issue?
> >
> > cache
> 
> What about it? Please elaborate.

it's very different in P4 and sucks

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: way to help: laptops and weekly

[J.C. Roberts]

On Mon, 1 Feb 2010 13:57:09 + Owain Ainsworth
 wrote:

> On Mon, Feb 01, 2010 at 07:42:57AM +0200, Jussi Peltola wrote:
> > On Mon, Feb 01, 2010 at 04:54:49AM +, Jacob Meuser wrote:
> > > On Mon, Feb 01, 2010 at 05:57:11AM +0200, Jussi Peltola wrote:
> > > > On Mon, Feb 01, 2010 at 02:35:54AM +, Jacob Meuser wrote:
> > > > > yeah, but wasn't the original issue that started this thread
> > > > > was that the locate database was "too old"?  maybe if locate,
> > > > > apropos, etc would print "databse last updated 3 weeks 2 days
> > > > > ago"?
> > > >  
> > > > This should be done in any case. IMHO it's a bug if they don't
> > > > complain loudly, or even refuse to run with a stale database.
> > > > Stale caches are evil, even if the man page warns about them.
> > > 
> > > yeah, but if your computer hasn't been on for 3 weeks and then
> > > locate won't work because the database is 3 weeks old, that would
> > > suck.
> >  
> > Of course it would need a switch to force it to run. But I guess a
> > warning is better since locate might be used in scripts and it's not
> > good to add extra knobs to existing programs where they don't gain
> > much.
> 
> Please, no.
> 
> If nothing has changed on my machine in 3 weeks (say one of the
> laptops I use infrequently) I would utterly hate having locate et al.
> bitch at me continually.
> 
> If *you* really want something like that, this is what shell
> functions are for, just check the database mtime, and print to stderr
> if it's too old, then run locate. Please don't try and force that on
> everyone else.
> 

I agree with Owain. I mean no offense to Tedu, but there is no viable
need for serious modifications or significant changes in default
behavior... And worse, trying to "fix" this supposed problem will
most likely cause other problems.

If you need a solution for your not-always-on systems like laptops,
then just toss the following script into your /etc/rc.local or if you
prefer for it to run at login, then toss it into your ~/.profile

-start--script---
#!/bin/ksh

sysmaint='';
if [ `find /var/log -name security -mtime +1` ]; then
  sysmaint="/etc/secure";
fi
if [ `find /var/log -name daily.out -mtime +1` ]; then
  sysmaint="$sysmaint /etc/daily";
fi
if [ `find /var/log -name weekly.out -mtime +7` ]; then
  sysmaint="$sysmaint /etc/weekly";
fi
if [ `find /var/log -name monthly.out -mtime +31` ]; then
  sysmaint="$sysmaint /etc/montly";
fi

if [ X"$sysmaint" != X"" ] ; then
  echo;
  echo "The Following System Maintenance Scripts Are Out Of Date";
  for scrp in $sysmaint; do printf "\t%s\n" $scrp; done;
  echo;
  read ans?"Should we run the system maintenance scripts now? (Y/N): ";
  if [ X"$ans" == X"Y" ] || [ X"$ans" == X"y" ] ; then
for scrp in $sysmaint; do
  printf "\t%s\n" $scrp;
  # if put in your .profile, use `sudo $scrp`
  # sudo $scrp
  $scrp
done;
  fi
else
  echo;
  echo "Your System Maintenance Scripts Are Up To Date";
  echo;
fi

-end--script---

Needless to say, I very *intentionally* gave the user the choice whether
or not to run the scripts, but the important thing is this kind of
automation is dead-simple to do.

We're fighting a battle of opinions; We can all see the system
maintenance scripts need to run (even on the not-always-on systems),
there's never a "good" time to run the scripts, and there is an expected
(historic/de facto) default way it has always been done in the past
which works just fine for most systems.

For those with the desire to delay some arbitrary amount of time (as
mentioned, 30 minutes after boot up), you could easily modify the above
to use the at(1) command. Heck, the simple "Y/N" in the above could be
changed to something like "Y/N/# (of minutes)" for setting at(1).

It is best not to try to force this sort of thing on everyone,
particularly when it's so easy to do on your own. If it's something
that you think should be easily added through configuration, then the
best answer is to add a var to /etc/rc.conf and\or /etc/rc.conf.local
to trigger running it at boot with the default being not to run.

I think putting the above in /etc/rc.shutdown is overkill (and a
very bad idea), but some people have suggested running the scripts at
shutdown (while their laptop battery is potentially dying). If some
want to perforate their feet, we don't need to help them.

Please Note: Tedu previously mentioned some work he was doing to
optionally reduce the load of the various scripts (reduced coverage?),
and these options could be used along with the above approach to speed
things up.

If you think this is a fair approach and without forced or unnecessary
changes to the existing default behavior, then let me know, and I'll
start making the changes/diffs.

-jcr

relayd and weighting

[Donald Reichert]

Hi list,

I'm planning to replace a GNU/Linux-driven load balancer (heartbeat, 
ldirectord) by an OpenBSD setup using pf, pfsync, and relayd.

However, I discovered that I need 'weighting' (at least that is what it's 
called in ldirectord).

For example, I have ten web servers to spread the load onto, three of them are 
'old' and would handle less page impressions in the same time frame.

So I'd like to spread the incoming connections across all machines, but reduce 
the amount of connections to the three slower ones, e.g. only the half or one 
third of the amount 'the big ones' handle.

Is there such a feature in relayd I didn't see when reading the documentation 
repeatedly?

I could handle this by creating NIC aliases on the servers depending on the 
workload they should handle, but I think that it would be best to have such 
functionality in the load balancer.

Thanks,

Donald
-- 
GRATIS f|r alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

4.6 pf/bridge bug?

[Bryan Allen]

Late last week I submitted PR 6302. This morning I had it take down two more
machines, within minutes of each other. The hardware in this case was
completely different: One box is a 32bit Intel with em(4); the other is an
amd64 with nfe(4).

Has anyone else run into this?
-- 
bda
cyberpunk is dead. long live cyberpunk.

ldattach and gpsd errors

[dan]

I am trying to get ldattach and gpsd to work together, and I'm having
issues. I have 3 USB GPS devices, and at least one seems to work with
gpsd when not using ldattach (I haven't tested the others yet).
When I run ldattach I get the following:
# ldattach -d -p nmea /dev/cuaU0
/dev/ttyp2
ldattach[28488]: attach nmea on /dev/cuaU0
ldattach[28488]: passing data to /dev/ttyp2

In sysctl hw.sensors I then have:
hw.sensors.nmea0.percent0=100.00% (Signal), UNKNOWN
hw.sensors.nmea0.timedelta0=0.00 secs, UNKNOWN


I then run gpsd and get the following output:
# gpsd -nND2 /dev/ttyp2
gpsd: launching (Version 2.38)
gpsd: listening on port 2947
gpsd: running with effective group ID 0
gpsd: running with effective user ID 0
gpsd: opening GPS data source at '/dev/ttyp2'
gpsd: speed 9600, 8N1
gpsd: garmin_gps not active.
gpsd: gpsd_activate(1): opened GPS (6)
gpsd: speed 4800, 8N1
gpsd: speed 9600, 8N1
gpsd: speed 19200, 8N1
gpsd: speed 38400, 8N1
gpsd: speed 57600, 8N1
gpsd: speed 115200, 8N1
gpsd: speed 0, 7N2
gpsd: speed 4800, 7N2
gpsd: speed 9600, 7N2
gpsd: speed 19200, 7N2
gpsd: speed 38400, 7N2
gpsd: speed 57600, 7N2
gpsd: speed 115200, 7N2
gpsd: packet sniffer failed to sync up
gpsd: closing GPS=/dev/ttyp2 (6)

If I run gpsd without ldattach running I get the following:
# gpsd -ND2 /dev/cuaU0
gpsd: launching (Version 2.38)
gpsd: listening on port 2947
gpsd: running with effective group ID 0
gpsd: running with effective user ID 0
gpsd: opening GPS data source at '/dev/cuaU0'
gpsd: speed 9600, 8N1
gpsd: garmin_gps not active.
gpsd: gpsd_activate(1): opened GPS (6)
gpsd: FV  0x06: Firmware version: GSW3.2.5_3.3.01.06-SDK001P1.00

I can then run kismet on that system, and it does not complain about not
being able to connect to the gpsd.

I've tried this on recent snapshots of both i386 and amd64 and get the
same results.

I also tried setting up ldattach in the /etc/ttys file, but couldn't
figure out which tty0? to attach it to (I tried all of the ones in the
file, commenting out the original entries).

dmesg for the i386 machine (Asus eeepc 701):

OpenBSD 4.7-beta (GENERIC) #518: Wed Jan 27 19:22:14 MST 2010
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M processor 900MHz ("GenuineIntel" 686-class)
631 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
real mem  = 2138140672 (2039MB)
avail mem = 2063011840 (1967MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/03/08, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.5 @ 0xf06e0 (37 entries)
bios0: vendor American Megatrends Inc. version "0910" date 03/03/2008
bios0: ASUSTeK Computer INC. 701
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC OEMB MCFG
acpi0: wakeup devices P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4)
MC97(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EUSB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 70MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (P0P3)
acpiprt2 at acpi0: bus 3 (P0P5)
acpiprt3 at acpi0: bus 1 (P0P6)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 90 degC
acpibat0 at acpi0: BAT0 model "701" serial   type LION oem "ASUS"
acpiac0 at acpi0: AC unit online
acpiasus0 at acpi0
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibtn2 at acpi0: PWRB
acpivideo0 at acpi0: VGA_
acpivout0 at acpivideo0: CRTD
acpivout1 at acpivideo0: TVOD
acpivout2 at acpivideo0: LCDD
bios0: ROM list: 0xc/0xf800!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x04
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 5)
drm0 at inteldrm0
"Intel 82915GM Video" rev 0x04 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04:
apic 1 int 16 (irq 5)
azalia0: codecs: Realtek ALC662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04: apic 1 int
16 (irq 5)
pci1 at ppb0 bus 4
ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04: apic 1 int
17 (irq 11)
pci2 at ppb1 bus 3
lii0 at pci2 dev 0 function 0 "Attansic Technology L2" rev 0xa0: apic 1
int 17 (irq 11), address 00:1e:8c:72:b0:d0
ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2: OUI
0x001374, model 0x0002
ppb2 at pci0 dev 28 function 2 "Intel 82801FB PCIE" rev 0x04: apic 1 int
18 (irq 10)
pci3 at ppb2 bus 1
ath0 at pci3 dev 0 function 0 "Atheros AR5424" rev 0x01: apic 1 int 18
(irq 10)
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:6b:ac:e2
uhci0 at pci0 dev 29 function 0 "Intel

Re: pf questions (just to be sure)

[Helmut Schneider]

Robert Gilaard wrote:

> max-src-conn-rate 2/30 implies 1 in 15 seconds

No, it does not!

Helmut

-- 
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn

Re: Is OpenBSD + PF accredited or certified in any way ?

[Janne Johansson]

Eugene Yunak wrote:

2010/2/2 Keith :

organisations WAN. Our security people are asking if the firewall that we
use is accreditated by ITSEC and I am pretty sure it isn't but it turns out
that our security people will be happy is the firewall is accredited for use
by another government !


Ukrainian government has certified a distribution called BBOS that
basically is a customised OpenBSD,


.."In Soviet Russia, OpenBSD certifies you!"

Re: Is OpenBSD + PF accredited or certified in any way ?

[Eugene Yunak]

2010/2/2 Keith :
> I've used OpenBSD & PF for a number of years without issue and am now in the
> position that I want to create a dmz between the Internet and my
> organisations WAN. Our security people are asking if the firewall that we
> use is accreditated by ITSEC and I am pretty sure it isn't but it turns out
> that our security people will be happy is the firewall is accredited for use
> by another government !
>
> I am very happy with my PF firewalls and their reliability and don't want to
> be forced into purchasing some cisco / forenet comercial firewall that I've
> never used before so am desperate to find some details of any foreign
> governments that are using OpenBSD / PF as a firewall or any details of any
> certification of the PF firewall.
>
> Can anyone help me out ?
>
> Thanks
> Keith
>

Ukrainian government has certified a distribution called BBOS that
basically is a customised OpenBSD, modified for compatibility with
local security standards, for the use as servers and clients with
access to internet and protect information classified as government
secret.

http://www.atmnis.com/documents.php?lng=ENG
http://www.atmnis.com/files/user_files/BBOS.pdf
http://www.atmnis.com/files/user_files/BBOS_OS.pdf

-- 
The best the little guy can do is what
the little guy does right

Re: Is OpenBSD + PF accredited or certified in any way ?

[T. Ribbrock]

On Tue, Feb 02, 2010 at 02:15:00PM -0500, Brad Tilley wrote:
> Common Criteria - http://www.iso15408.net
[...]
> I think the certification process can be very narrowly focused on a
> few parts of the system
[...]

Yup, that's the whole idea behind CC - all the evaluation does is verify
the claims that the vendor has outlined in the "Security Target" (ST). The
"EAL" levels only tell you to what depth this has been done.
Hence, the "EAL" tells you zilch unless you also read the ST (i.e. the
vendor claims). In some areas (e.g. smartcards), requirements for STs
have been standardised to some extent, so the CC results are more
comparable - but in other areas, vendors can pretty much claim what they
want...

Cheerio,

Thomas
-- 
 ** PLEASE: NO Cc's to me privately, I do read the list - thanks! **
-
 Thomas Ribbrockhttp://www.ribbrock.org   
   "You have to live on the edge of reality - to make your dreams come true!"

Candidaturas para casting de moda, inscreve-te j�!

[Equipa Estilus Portugal]

Ola,

Estco abertas candidaturas para casting na tua cidade!
Nco percas esta oportunidade unica de poder fazer parte do mundo da moda, 
televisco e cinema.

Verifica as varias oportunidades abertas neste momento em,

http://www.estilus.eu/promo/index.php?em=wqw&email=bWlzY0BvcGVuYnNkLm9yZw==

Obrigado pelo tempo disponibilizado.


Equipa Estilus Portugal
www.estilus.eu















Mensagem enviada em Wednesday 3rd dUTC February 2010 11:06:33 AM

Esta mensagem i enviada sob a nova legislagco sobre correio Electrsnico, art. 
22.: do  Decreto-lei n.: 7/2004, de 7 de Janeiro sobre correio electrsnico nco 
requisitado.
Um email nco podera ser considerado SPAM quando inclui uma forma de ser 
removido.
Para remover o seu enderego da nossa base de dados, envie um email com o 
assunto (Remover) a partir do email que esta inscrito para i...@estilus.eu.

Candidaturas para casting de moda, inscreve-te j�!

[Equipa Estilus Portugal]

Ola,

Estco abertas candidaturas para casting na tua cidade!
Nco percas esta oportunidade unica de poder fazer parte do mundo da moda, 
televisco e cinema.

Verifica as varias oportunidades abertas neste momento em,

http://www.estilus.eu/promo/index.php?em=wqw&email=bWlzY0BvcGVuYnNkLm9yZw==

Obrigado pelo tempo disponibilizado.


Equipa Estilus Portugal
www.estilus.eu















Mensagem enviada em Wednesday 3rd dUTC February 2010 11:06:56 AM

Esta mensagem i enviada sob a nova legislagco sobre correio Electrsnico, art. 
22.: do  Decreto-lei n.: 7/2004, de 7 de Janeiro sobre correio electrsnico nco 
requisitado.
Um email nco podera ser considerado SPAM quando inclui uma forma de ser 
removido.
Para remover o seu enderego da nossa base de dados, envie um email com o 
assunto (Remover) a partir do email que esta inscrito para i...@estilus.eu.

Re: Is OpenBSD + PF accredited or certified in any way ?

[David Gwynne]

On 03/02/2010, at 8:49 PM, Stuart Henderson wrote:

> On 2010-02-01, Keith  wrote:
>> I've used OpenBSD & PF for a number of years without issue and am now in 
>> the position that I want to create a dmz between the Internet and my 
>> organisations WAN. Our security people are asking if the firewall that 
>> we use is accreditated by ITSEC and I am pretty sure it isn't but it 
>> turns out that our security people will be happy is the firewall is 
>> accredited for use by another government !
> 
> You could always put an accredited firewall behind the real one.
> This also means you can tick the 'multi-vendor' box.
> 
> To reduce your management hassles you could just leave all ports open.

leave them open on the accredited firewall of course.

Re: Is OpenBSD + PF accredited or certified in any way ?

[Stuart Henderson]

On 2010-02-01, Keith  wrote:
> I've used OpenBSD & PF for a number of years without issue and am now in 
> the position that I want to create a dmz between the Internet and my 
> organisations WAN. Our security people are asking if the firewall that 
> we use is accreditated by ITSEC and I am pretty sure it isn't but it 
> turns out that our security people will be happy is the firewall is 
> accredited for use by another government !

You could always put an accredited firewall behind the real one.
This also means you can tick the 'multi-vendor' box.

To reduce your management hassles you could just leave all ports open.

Re: bgpd log message

[Rod Whitworth]

On Wed, 3 Feb 2010 10:35:33 +0100, Claudio Jeker wrote:

>On Wed, Feb 03, 2010 at 03:02:16PM +1100, Rod Whitworth wrote:
>> I sometimes see a bgpd message in /var/log/messages saying:
>>  /bsd: cannot forward from :: to 2zzz:z000::0005 nxt 17 received on vr2
>> (I snipped the datestamp and hostname to stop linewrap)
>> 
>> It is not common and nothing bad seems to be happening but I'm puzzled
>> as to what it means.
>> 
>> Any clues?
>> 
>
>This is not from bgpd. It is from the kernel to be precise ip6_forward.c:
> * Do not forward packets with unspecified source.  It was discussed
> * in July 2000, on ipngwg mailing list.
>
>Someone is sending packets with a src ip of :: (all null address). This is
>not allowed. You should try to figure out which host on vr2 is doing this
>crap.

Thanx Claudio. Why I didn't notice the /bsd in there must mean I was
not getting enough sleep. I guess that the hostname (bgpd1) that I
snipped out hit my radar and blurred the kernel name.

I'm moving to block all addresses that are not on our /32 v6 and /11 v4
at the downstream routers. That was on a todo list anyway.

I appreciate your prompt assistance and I'd like to thank you for
OpenBGP as well as your work on OSPF that I may be trying to handle
soon.

R/


*** NOTE *** Please DO NOT CC me. I  subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: Disk architecture during install

[Stuart Henderson]

On 2010-02-03, Adriaan  wrote:
> On Tue, Feb 2, 2010 at 10:38 PM, Jean-Francois  wrote:
>> Hi All,
>>
>> I am looking for a way to easily identify the various names given by OpenBSD
>> to the disks before install, in order to be able to correctly make the slides
>> and mount points during an install on a complicated system with several hard
>> disks.
>>
>> Falling back to (S)hell during install process in a first step, second step
>> identifying hardware : interfaces and hard disk.
>> For the first, ifconfig, for the latter, I don't know.
>
> Follow the OpenBSD faq for setting up a serial console. If you then
> run cu or tip within an xterm
> you can easily scroll up and down through the dmesg.

The ramdisks have more(1) on them if that's all you want...

Re: bgpd log message

[Claudio Jeker]

On Wed, Feb 03, 2010 at 03:02:16PM +1100, Rod Whitworth wrote:
> I sometimes see a bgpd message in /var/log/messages saying:
>  /bsd: cannot forward from :: to 2zzz:z000::0005 nxt 17 received on vr2
> (I snipped the datestamp and hostname to stop linewrap)
> 
> It is not common and nothing bad seems to be happening but I'm puzzled
> as to what it means.
> 
> Any clues?
> 

This is not from bgpd. It is from the kernel to be precise ip6_forward.c:
 * Do not forward packets with unspecified source.  It was discussed
 * in July 2000, on ipngwg mailing list.

Someone is sending packets with a src ip of :: (all null address). This is
not allowed. You should try to figure out which host on vr2 is doing this
crap.

-- 
:wq Claudio

Re: Is OpenBSD + PF accredited or certified in any way ?

[Jan Stary]

> Given such limitations, perhaps you might propose a more 
> open evaluation and make code access for audit, including by escrow 
> access for an established third-party authority, as a major criteria?

To simplify things, I have just certified the 4.6/i386 GENERIC
that runs my router as "The Best Damn OS On Earth For The Job".
So yeah, OpenBSD+pf is accredited now.