Re: FWIW Current snapshot Apache/PHP buggy
Vijay Sankar wrote: Robert wrote: On Wed, 03 Mar 2010 17:37:23 -0600 Vijay Sankar wrote: I have problems running Horde on 4.7 -beta i386. The /var/www/tmp directory gets filled with sess_ files and there is no output on any of the frames. 4.7-beta is not very precise, date of snapshot build or cvs checkoutwould help. There has been an ABI change for apache. I am using the following packages php5-core-5.2.12server-side HTML-embedded scripting language Because of the changes to apache, you need recompiled packages/modules. The php5 port is at p1. So my guess is that that's the problem you are hitting. i386 packages on ftp.openbsd.org are dated 1st of march, those should be new enough to work with -current apache. (Check if your mirror has that package build.) - Robert Thanks very much. I had built the kernel and binaries on the weekend kern.version= OpenBSD 4.7-beta (GENERIC.MP) #7: Sat Feb 27 16:28:09 CST 2010 r...@i386.sankars.local:/usr/src/sys/arch/i386/compile/GENERIC.MP from CVS checkout at 2:30PM CST that day. In /var/www/logs/access_log, I get 10.0.0.111 - - [03/Mar/2010:21:51:46 -0600] "GET /horde/login.php?url=%2Fpost%2Fservices%2Fportal%2Fsi debar.php&nosidebar=1&horde_logout_token=NtFW8jojbT7M0QYrK5BxOsfqqTA&app=horde HTTP/1.1" 200 363 when trying to set up horde (the logout_token is different in each log entry) and there are lots of sess_ files. Just in case I had made mistakes building binaries or had screwed up somehow, I did the following. I set up a VM guest (qemu running on my OpenBSD 4.6 -stable desktop), downloaded install47.iso, php5-core, postgresql-server, horde, etc., from i386 snapshots last night (from ftp.ca.openbsd.org and had the same results. Not sure whether a new physical machine to repeat the test is the right way to go. There are no errors in error_log, ssl_engine_log, and ssl_request_log. I tried configuration with http as well as https (self-signed cert) So I am not sure what is the right step to take to get Horde working. Thanks again, Vijay Just for the archives -- in case anyone else searches the archives and thinks there are any issues or problems. Quick answer is that there are no problems with 4.7 -beta as of March 3 2010 and php5 as far as horde is concerned. I tested this again and again and finally figured out that the fault was entirely mine. Unfortunately I have no excuse. There are no problems with php5 packages or with OpenBSD httpd or horde and related packages or anything related to OpenBSD. It looks like I had copied configuration files from a production server and they had the wrong cookie path. This resulted in the errors I mentioned in earlier email messages on this thread. Thanks again to all the developers and OpenBSD Gurus who tried to help through the list as well as through private messages. Sorry for the noise. -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
Re: OT: opinions on IDS / IPS solutions
On Thu, Feb 18, 2010 at 2:59 PM, bofh wrote: > On Thu, Feb 18, 2010 at 11:48 AM, Laurens Vets wrote: > >> >> >>> Just don't get ISS crap. >>> >>> Also, snort is good, but you must know what you're doing. Our snort box, >>> running on an old throw away box, and only capturing/analyzing 10 minutes >>> of >>> every hour, is giving us *MORE* useful data than half a mil worth of ISS >>> crap. >>> >> >> Care to elaborate? :) > > I have updated information. Now, it's more along the lines of "we will regroup", change focus, realign focus, etc etc, reinvent themselves. Sorry, this is like the 4th time they are "re-inventing" something or other. GX6116 re-arranges traffic. Bleh Over the past week, we had a system compromised. A vulnerability that is at least 3 months old (PDF and others) that the ISS IPS system claimed to have *BLOCKED*. However, we have evidence, capture on both sides of the IPS (GX5208) that the traffic went through. Only 1 out of the 6 attacks was actually blocked. And the XForce have confirmed that our analysis is correct. They're working on a signature. But it will not make March xpu. No promises on April's xpu. They will provide us a "patch". Bad bad taste in my mouth. My guy wrote a custom signature in snort in a couple of hours. And lets not even talk about the damned SQL Injection signature. Every few months, they "tune" it. A "+" in the URL triggers it. *ANY* URL with a "+" triggers the damned SQL Injection signature... This is such a major WTF?! I'll send a list of the tools we used later, have to ping my guy for it :) What he did is have a cron job. Remember, we are doing this on an old box, so we could only analyze a fraction of the traffic. 10 minutes of every hour. tcpdump, dumps the traffic. A bunch of processes are executed against the pcap file. tcpdstat, 3 snorts - one against VRT ,one against community, and one against custom sigs, other tcp* tools (tcpflow, etc etc). Anything interesting is extracted and archived. Reports are generated. Afterglow generates a nice display so that we can visualize the problems, and executives can look at it and nod knowingly. Alerts are sent off whenever certain thresholds are met. We're looking to hook it into our help desk ticketing system so that we don't have to manually do it :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: Opteron 250 Overheating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Mar 05, 2010 at 09:01:13AM +1100, Rod Whitworth spoke thusly: > On Thu, 4 Mar 2010 06:18:30 -0800, J.C. Roberts wrote: > > >> > >> I had this problem before, an old Cereal box + Scissors + tape fixed > >> it right up. But your mileage may vary > > > >I'm Jealous! --I've always wanted a cereal console. > > And now you are a cereal offender! > > > *** NOTE *** Please DO NOT CC me. I subscribed to the list. > Mail to the sender address that does not originate at the list server is > tarpitted. The reply-to: address is provided for those who feel compelled to > reply off list. Thankyou. > > Rod/ > --- > This life is not the real thing. > It is not even in Beta. > If it was, then OpenBSD would already have a man page for it. > OpenBSD, Breakfast of Champions! A nutritious kernel in every byte. Cocoa Puffys, even! Okay, exit, stage right. ;) - -- === Denny White - denny...@cableone.net GnuPG key : 0x1644E79A | http://wwwkeys.de.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A === () ASCII ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments === iEYEARECAAYFAkuQaU8ACgkQy0Ty5RZE55oKtQCgzGkFQEE/ipgRVWAmnWM595gD Jj8AoLkbWFmTcO2uuZhUTLulRppZXiue =xU6b -END PGP SIGNATURE-
booby trapped firmware (was Re: Dell PE850 & CERC SATA controller)
On 2010-3-5 2:47 AM, Nick Holland wrote: > Think about this a bit. These people DELIBERATELY put a feature in > their firmware to STOP me (and a lot of other people) from using this > card. Legit user, but they felt that I was entitled to help them > debug their shit for no more than sixty days. They worked hard at > putting this feature in... That's a very clear illustration of how shit can be loaded into the flash memory AND still have room over for the code that (kind of) does what it is supposed to do. In an 8MB flash, a small network stack and server can fit in a few hundred KB each. /Lars
Re: Make "don't know how to make"
Abel Abraham Camarillo Ojeda wrote: Alex Carver wrote: Suggestions? are you running current? if so: http://www.openbsd.org/faq/current.html#20100203 No, I am not running current. This is a stock installation of 4.6 and the source is from the src.tar.gz file from the same place. I went ahead and wiped the entire src tree and started from scratch. The compile started working but then died later: In file included from ../../../../kern/init_sysent.c:14: ../../../../sys/syscallargs.h:1119: Internal compiler error in 'grokdeclarator', at c-decl.c:4505 No idea what happened there.
Re: Dell PE850 & CERC SATA controller
On Thu, 04 Mar 2010 19:47:38 -0500 Nick Holland wrote: > Tomas Bodzar wrote: > > You just think that it's running perfectly under Linux ;-) See eg. > > this post http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 > > Think about this a bit. These people DELIBERATELY put a feature in > their firmware to STOP me (and a lot of other people) from using this > card. Legit user, but they felt that I was entitled to help them > debug their shit for no more than sixty days. They worked hard at > putting this feature in. This isn't a piece of software that has > access to the resources of a computer, like real-time clocks and > writable disks. This is a fucking RAID controller, which they managed > to build a persistent time bomb into so that after 60 days of > operation, it destroyed itself!! (and again, note: it didn't just > crash and need to be power cycled, it DAMAGED THE CARD). This took > some effort -- I can't think of any other reason to have a RTC in a > RAID card. I also somehow doubt that the coder who did this sat down > and wrote the time bomb AFTER he was charged with coming up with the > diagnostic firmware. No, I rather suspect he grabbed some > off-the-shelf code, something they put routinely into their diagnostic > and troubleshooting systems, but wasn't intended to get out into the > general public. They obviously care more about things OTHER than your > system integrity and reliability. This coder made an error in > judgment, but they obviously had the tools laying around for some > reason. > NOTE: A customer should never need to do this, but... For all intents and purposes, the card "damaged" itself per se by preventing itself from working, but with the right know-how, you could get it working again. The RTC of the card has to pull time from somewhere as well as keep time (i.e. needs power). If the card is not battery-backed, then it's drawing current from the mainboard. Yes, even when the system is supposedly in a "powered off" state. (If you read the PCI/PCIX/PCIE specs, you'll understand there is power available even in the "powered off" state to support features like "Wake-On-LAN"). If the card is battery-backed, then it could be drawing current from either the bus or the battery. None the less, no current, no clock. Remove the card, and remove the battery from the card if one is present. In case they have caps in place to handle short outages, short the battery leads and PCI power pins to drain them. Boot the system, set the clock back a month or whatever, then power it off again. Reinstall the card and you'll be able to get into it again to reflash with non-time-bombed firmware. Of course no sane human being would put up with needing to do crap like the above just to use the hardware they've paid for, but when you're stuck, you're stuck. > > Now, tell me again how horrible it is that OpenBSD doesn't let you > trust your data (and OpenBSD's reputation) to these incompetent > assholes? > Adaptec is actually far worse than they seems to normal end users and open source developers... I might get my happy ass sued into oblivion for posting the stuff I know, so I'll tell you a possibly fictitious story that was told to me by a friend. A number of humongous, deep pocket, mega corps decided to bring a new type of tech to market... QUIETLY! One of the requirements was testing said tech with *ALL* of the *BEST* storage cards and storage devices, which is nothing more than a pleasant way to say the unannounced stuff that doesn't officially exist yet. The CTO was told by said friend to not waste any time testing Adaptec, but was promptly told to shut up, since their "unannounced" gear had already been delivered, along with the personal cell phone number of the EVP from Adaptec in charge of storage products. Ya, the usual... There were "business connections" involved and "agreements" at the "highest levels," so plainly stating the obvious like saying "The Emperor has no clothes" was strictly verboten... Four weeks and multiple replacement cards later, they gave up trying to test Adaptec cards. The all failed. Miserably. The newest storage devices (various forms of "SSD's") caused everything from Adaptec to fail, even though there was nothing wrong with the storage devices. Of course they got the typical story from Adaptec of, "We've only qualified Intel SSD's with our products." --Bullshit. On inquiry, it turns out they never bothered to see what would happen if a *FULL* *SET* of (still unreleased) Intel SLC based 512GB SSD's was attached to their controller. Even a "minimal" set (no expansion backplanes) of the widely available Intel SSD's made their controller fail. It was pretty obvious that Adaptec hadn't tested their shit at all with SSD's of any type... Of course Adaptec claimed the problem was not their fault due to them using the newest unreleased "research" devices, but they were then duly informed of all the failed tests using the exact off-the-shelf Intel S
Re: Dell PE850 & CERC SATA controller
On Fri, Mar 5, 2010 at 12:47 AM, Nick Holland wrote: > Now, tell me again how horrible it is that OpenBSD doesn't let you > trust your data (and OpenBSD's reputation) to these incompetent assholes? Thanks for the update, you convinced me the last time but have definitely so now. We have about 2 servers with that hardware in it. I might end up retiring the second production one quicker than expected just so I can sleep at night... And by the way (even though this is quite horrific), you are good at story telling :) Cheers, Steph
Re: Dell PE850 & CERC SATA controller
Tomas Bodzar wrote: > You just think that it's running perfectly under Linux ;-) See eg. this post > http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 I've been waiting for an excuse to update that story... :) First of all, I want you to note that was posted in November. It is now March, almost four months later, and it had been going on for quite some time back in November. Recap: Bad firmware -> locking system. New firmware -> rebooting system. Newer firmware -> still reboots, now trashes file systems Newer firmware -> still reboots, trashes file systems less often. At time of that posting, new firmware which has diagnostic code in it to capture critical info so Adaptec can figure out why their cards are crashing my system. So, for a couple months, things were going pretty well. We got a few crashes out of the system and data to the vendor to pass up to Adaptec, but no really big events. Then one weekend, one of the machines falls over and can't get back up. I figure "surprise", VPN into work, remove it from the cluster, and I'll worry about it Monday. Ok, now look at this from Adaptec's perspective... You have pissed off your customer and your customer's customer. You can't find the problem, so you have asked them to run special diagnostic firmware to have them help you do your job. What can you possibly do to further impress them with your incompetence now? So Monday, I go into work, cable up the machine and...it's hung in the RAID controller boot (not the system boot, but since HW manufacturers think it is so f*ing cool that OSs boot, of course they want their RAID controller to have a well advertised boot process too). And it hangs. Not even trying to read an OS off the disks, just hung. Power off, back on, still hangs. Reseat card, still hangs. I call our vendor, tell 'em the symptoms, they agree that it is the RAID controller that failed. I start thinking, well, maybe I was a little hard on Adaptec, publicly bashing them like this and in reality, maybe I just had a defective RAID card all along. It might explain why a large majority (though certainly not all!) of the crashes happened on this one machine...and now the card is totally dead. Hm. Maybe just bad hardware. I'm starting to consider how I'll word my semi-retraction. Then the phone rings, it's my regular contact at the system vendor. He's telling me there's something really strange going on, as these cards are popping all over the country, all at people who have been running the diagnostic firmware. They can't believe the conclusion, but it seems like there's a time bomb in the diagnostic firmware. They have a call in to Adaptec, but the guy responsible for the diagnostic firmware is on vacation, and it takes 'em a while to track the guy down, "but it is possible". Sure enough, a couple hours later, I get a call back that confirms the firmware is actively killing our cards, and thank goodness that I upgraded them over a period of days and not all in a short period of time, and I do an emergency reversion of all the other systems. How do you top your past levels of incompetence now? Thank your victim..er..customers who are helping you debug your product by time-bombing the device so that sixty days after install, your adapter breaks. Can you top that? Yeah. Don't tell anyone about the time bomb -- don't tell the VAR, or the end user, "if you help us debug our crappy product, don't let it run this way for 60 days, or your computer will start doing space heater imitations". (One could argue that they topped that one step further by actually locking the boot process so one could not even boot up the firmware update disk and downgrade the firmware to something that sucks less, but I am willing to pass that off as a bug, not deliberate). Think about this a bit. These people DELIBERATELY put a feature in their firmware to STOP me (and a lot of other people) from using this card. Legit user, but they felt that I was entitled to help them debug their shit for no more than sixty days. They worked hard at putting this feature in. This isn't a piece of software that has access to the resources of a computer, like real-time clocks and writable disks. This is a fucking RAID controller, which they managed to build a persistent time bomb into so that after 60 days of operation, it destroyed itself!! (and again, note: it didn't just crash and need to be power cycled, it DAMAGED THE CARD). This took some effort -- I can't think of any other reason to have a RTC in a RAID card. I also somehow doubt that the coder who did this sat down and wrote the time bomb AFTER he was charged with coming up with the diagnostic firmware. No, I rather suspect he grabbed some off-the-shelf code, something they put routinely into their diagnostic and troubleshooting systems, but wasn't intended to get out into the general public. They obviously care more about things OTHER than your system integrity and reliability. This coder
Re: Dell PE850 & CERC SATA controller
That card is a bag of ass. Do yourself a favor and throw it in a moat. On Thu, Mar 04, 2010 at 11:55:56PM +, FRLinux wrote: > On Thu, Mar 4, 2010 at 5:15 PM, Tomas Bodzar wrote: > > You just think that it's running perfectly under Linux ;-) See eg. this post > > http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 > > Ah, I had actually skipped that one back then, thanks for pointing > that to me. So I now officially have a lump of metal in my office :) > > Cheers, > Steph
Re: Dell PE850 & CERC SATA controller
On Thu, Mar 4, 2010 at 5:15 PM, Tomas Bodzar wrote: > You just think that it's running perfectly under Linux ;-) See eg. this post > http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 Ah, I had actually skipped that one back then, thanks for pointing that to me. So I now officially have a lump of metal in my office :) Cheers, Steph
Re: -current or -stable [was: Not another Browser Question]
Giannis, thank you for your helpful answer. -- Ron McDowell San Antonio TX Kapetanakis Giannis wrote: On 05/03/10 01:33, Ron McDowell wrote: Where does one find details of things like this? If you mean about changes in -current, I monitor these two http://www.openbsd.org/faq/current.html http://www.openbsd.org/plus.html Giannis
Re: -current or -stable [was: Not another Browser Question]
On 05/03/10 01:33, Ron McDowell wrote: Where does one find details of things like this? If you mean about changes in -current, I monitor these two http://www.openbsd.org/faq/current.html http://www.openbsd.org/plus.html Giannis
Re: -current or -stable [was: Not another Browser Question]
One doesn't find details like that because people doing this for fun don't write lists of details like that. > Where does one find details of things like this? > > > --had I paid more > > attention, I would have seen that new stuff was added, which fixed the > > particular problem I had.
Re: -current or -stable [was: Not another Browser Question]
Where does one find details of things like this? -- Ron McDowell San Antonio TX STeve Andre' wrote: --had I paid more attention, I would have seen that new stuff was added, which fixed the particular problem I had.
Re: -current or -stable [was: Not another Browser Question]
On Thursday 04 March 2010 15:30:25 Bret S. Lambert wrote: > On Thu, Mar 04, 2010 at 03:12:35PM -0500, nixlists wrote: > > On Thu, Mar 4, 2010 at 12:28 PM, wrote: > > > If you don't have a good understanding of things, I'd say you should > > > > By good understanding do you mean ability to read and write system > > code, and intimate familiarity with *nix internals? > > I'd imagine he meant a basic understanding of unix systems in general. Yes, a basic understanding, plus the understanding that you need to "catch" a set of commits completely. That requires some understanding of the code at some level. Fortunately messing that up only means that you have to wait and update again, and not make the mistake of posting on a mailing list that something is wrong. I just did this, with the new distributed package builder that Marc Espie has redone--had I paid more attention, I would have seen that new stuff was added, which fixed the particular problem I had. > > > ... > > > > > not follow -current on machines that are critical to you. I do use > > > > -current > > > > ... > > > > It seems the opinion on running current in production ranges from > > being overly optimistic to being very cautious. If running -current in > > production is only recommended for people who are intimately familiar > > with the internals, doesn't that exclude many if not most users? > > if "intimate familiar[ity] with the internals" means being able to damn > read instructions, then yes. You're making this out to be far harder > than it has to be. If you're able to follow instructions, you can > run -stable or -current, the docs are there to do so. What you need to be able to do is be able to jump back to a previous system if the new -current system does something bad. Now, this is just as true if you only jump from -stable to -stable system, but I have encountered a huge number of people who don't get the idea that an upgrade always has the possibility of messing up, and for a production system its a grand idea to be able to get back up, quickly. --STeve Andre' [snip]
possible relayd bug? intermittent SSL handshake errors SSL3_GET_FINISHED:digest check failed) , SSL3_GET_RECORD:decryption failed or bad record mac)
Hello,
I have a very simple relayd config:
## Macros
#
relayd_addr="xx.xx.xx.xx"
relayd_port="81"
web_port="80"
table { xx.xx.xx.xx }
## Global Options
#
# Interval in seconds at which the back-end hosts
# will be checked (default: 10 seconds)
interval 10
# Timeout for back-end servers to respond. Set to
# 200 for local servers and around 1000 for servers
# on other subnets. (default: 200 milliseconds)
timeout 1000
# Number of child processes to run. (default: 5)
prefork 5
# Log state notifications after completed host
# checks. State can be up, down or unknown.
log updates
http protocol "httpfilter" {
### TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
### Return HTTP/HTML error pages
return error
### allow logging of remote client ips to internal web servers
header append "$REMOTE_ADDR" to "X-Forwarded-For"
### set Keep-Alive timeout to global timeout
header change "Keep-Alive" to "$TIMEOUT"
### close connections upon receipt
header change "Connection" to "close"
ssl { sslv3, tlsv1, ciphers "HIGH:!ADH:!MD5", no sslv2 }
ssl session cache disable
}
relay httpproxy {
listen on $relayd_addr port $relayd_port ssl
protocol "httpfilter"
forward to port $web_port mode loadbalance check icmp
}
Intermittently the client making requests to it get this error. 90% of
the time it works without errors.
(SSL: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check
failed) while SSL handshaking to upstream, client:
THen also.. sometimes my client gets this error.. (this is more rare)
(SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac) while SSL handshaking to upstream, client:
I have started relayd -vv -n and I dont get any errors BUT
sometimes for the last error mentioned I get this error in relayd:
SSL library error: httpproxy: relay_ssl_accept: error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac
I have tried querying from the outside the relayd box directly with
this command:
openssl s_client -connect ip.of.relayd.box:81 -state -ssl3 -no_ssl2 -no_tls1
I have repeated that 100times and I never get any errors..
My remote client can GET any other SSL website without any problem.
The cert installed in relayd is valid with the exception that it
doesnt match the hostname being asked for .. but that shouldnt be an
issue right??
Please help.
Andres
Re: Opteron 250 Overheating
On Thu, 4 Mar 2010 06:18:30 -0800, J.C. Roberts wrote: >> >> I had this problem before, an old Cereal box + Scissors + tape fixed >> it right up. But your mileage may vary > >I'm Jealous! --I've always wanted a cereal console. And now you are a cereal offender! *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Solicitud de Informacion
PACK E-MAIL PREMIUM La Mayor Base de Datos de E-Mails jamas Recopilada Actualizada al 30 de Septiembre de 2009!!! Pedidos: (011)(15) 6263-7899 www.elgenuino.zobyhost.com Transmita su idea, haga conocer su oferta, su negocio o envme su Curriculum a nada mas y nada menos que a 4.800.000 direcciones electrsnicas. El correo electrsnico ha tenido un crecimiento tan explosivo, que esta reemplazando rapidamente a los sistemas tradicionales de correspondencia. Su velocidad, capacidad de penetracisn y bajo costo, ha derivado en que sea una herramienta fundamental en el nuevo manejo del marketing, gracias a las siguientes ventajas: Una forma rapida y eficaz de presentar su empresa en Internet a nivel nacional y mundial. Aumentar en forma eficaz el nzmero de visitas y transacciones de su Sitio. Entregar informacisn directa y oportuna de su empresa o producto con imagenes, sonido y texto directamente a la pantalla de su receptor. Promover productos y servicios. Lanzar productos, ofertas y nuevas oportunidades de negocios. Crear un sistema de comunicaciones permanente con sus clientes. Generar nuevas ventas. El Genuino Pack E-Mail Premium es una enorme Base de Datos diseqada en tres tipos de formatos distintos (Excel, Outlook y Archivos de Texto por abecedario). Esta Primer Guma Argentina de Direcciones Electrsnicas fue realizada con el fin de potenciar el Marketing Electrsnico en nuestro pams!! Contenido del Pack: 13000 E-mails de Universidades & Facultades Septiembre 2009 5200 E-mails de Empresas Lideres 35000 E-mails de Capital Federal separados por Zonas Septiembre 2009 700 E-mails de Estaciones de Servicio Argentina en Actividad 3 E-mails del Gran Buenos Aires separados por Zonas. 1800 E-mails de Organizadores de Eventos y Fiestas 2500 E-mails de Exportadores, Importadores y Mayoristas 2000 E-mails de Fabricas e Industrias Argentinas en Actividad 1900 E-mails de Farmacias, Laboratorios y Droguermas en Actividad 4300 E-mails de Ferretermas y afines Argentinas en actividad. 3400 E-mails de Hoteles Argentinos en actividad 1800 E-mails de Inmobiliarias Argentinas en actividad 1500 E-mails de Juguetermas y Fabricantes Argentinos en actividad 7800 E-mails de Empresas de Marketing y Publicidad Argentinos 1300 E-mails de Empresas Metalzrgicas Argentinas en actividad 350 E-mails de Mueblermas Y Fabricantes de Argentina en actividad 2500 E-mails de Organizaciones no Gubernamentales en actividad 800 E-mails de Empresas Qummicas y Petroleras en actividad 3000 E-mails de Estaciones de Radio y Televisisn Argentina en actividad 1200 E-mails de Restaurantes , Bares y Pubs Argentinos en actividad 300 E-mails de Empresas de Seguridad Argentina en actividad 5000 E-mails de Empresas de Telefonma y Comunicaciones en actividad 1000 E-mails de Empresas Textiles en actividad 1900 E-mails de Empresas de Transporte Argentina en actividad 900 E-mails de Veterinarias Argentinas en actividad 44.000 E-mails de Provincias Argentinas separadas por Provincia actualizadas a Septiembre 2009!! 1800 E-mails de Administracisn de Consorcios y Campos de Argentina 2700 E-mails de Abogados a Septiembre 2009 800 E-mails de Profesionales del Area Humanmstica 3800 E-mails de Arquitectos Septiembre 2009 1500 E-mails de Empresas de Alimentacisn Argentina 4500 E-mails de Cientmficos e Investigadores Argentina 600 E-mails de Aseguradoras Argentina 1 E-mails de Comerciantes Varios de Argentina 1600 E-mails de Asociaciones Bancarias de Argentina 1200 E-mails de Cine, Video y Fotografma Argentina 4000 E-mails de Asociaciones Culturales Argentina 300 E-mails de Diputados y Senadores en sus cargos actualmente 7000 E-mails de Asociaciones y Empleados Gubernamentales 3000 E-mails de Docentes Argentina 1600 E-mails de Empresas Automotrices Argentina 7300 E-mails de Encargados de Sistemas Argentina 2100 E-mails de Centros Comerciales Argentina 4500 E-mails de Clubes y Actividades deportivas Argentina 37000 E-mails de Personas del Sexo Masculino Argentina edades 20 a 45 aqos. 14500 E-mails de Empresas Computacisn Argentina Septiembre 2009 26000 E-mails de Personas del Sexo Femenino Argentinas edades 20 a 50 aqos 2500 E-mails de Diarios y Revistas Argentina Septiembre 2009 900 E-mails de Odontslogos Argentina Septiembre 2009 1600 E-mails de Empresas Discograficas y Grabadoras Argentina 800 E-mails de Psicslogos en actividad Argentina 2200 E-mails de Empresas de Electrsnica 16.000 E-mails de Argentina de Educacisn Septiembre 2009 12.000 E-mails de Argentina de Salud Septiembre 2009 100.000 E-mails de Empresas Argentinas a Septiembre 2009 40.000 E-mails de Profesionales Argentinos Septiembre 2009 40.000 E-mails de Comerciantes Argentinos Septiembre 2009 15.000 E-mails de Turismo Argentina Septiembre 2009 16.500 E-mails de Empresas Agropecuarias Argentinas Septiembre 2009 10.500 E-mails de Industria Grafica Argentina Septiembre 2009 5.500 E-mails de Constructoras
Re: Best Mail Archive
On Thu, 2010-03-04 at 11:08 -0500, Kenneth R Westerback wrote: > On Thu, Mar 04, 2010 at 03:23:24PM +0100, Bret S. Lambert wrote: > > On Thu, Mar 04, 2010 at 10:56:00AM -0300, Christiano F. Haesbaert wrote: > > > 2010/3/4 nixlists : > > > > Every time someone tells me to go search an archive, I want to use > > > > profanity. They never think of just how painful mail archive searching > > > > is, but I guess we all have to bite the bullet and use search systems > > > > that are bad at searching. > > > > > > > > > > Do you realize how painful it is to answer the same question over and > > > over ? > > > > > > > Of course not! He can't find that thread!!! > > But has a point. Mail archives are dead as an interface. Google > knows all. We should be asking 'Did you ask Google?' rather than > 'Did you search the mail archives.' I'm sure many people have to > go Google 'mail archives' to figure out what they are anyway. :-). > > Ken > you can use google to search the archives put site:http://www.mail-archive.com/misc@openbsd.org/ your search into the google search bar That will use the gmane archive and the power of google. using gmane Searched gmane.gmane.os.openbsd.misc for current ports Around 825 matching articles. Results 1-10. 75,674,724 articles searched in 1.296083 seconds. using google Results 1 - 10 of about 2,250 from www.mail-archive.com/misc@openbsd.org for current ports. (0.15 seconds) not really sure if it's better, but it's possible. The top 10 results are slightly different. -- Later Peter
Re: -current or -stable [was: Not another Browser Question]
Why don't you try it by yourself what's appropriate for you? I started with stable because I was scared from other systems that current is something worse and less stable then stable version (even stable version of those systems is something to be scared about). Now I'm using for about two years or more just current because I discovered that developers of OpenBSD really know what they are doing and they are doing it unbelievable perfect. Which is very different when comparing with other systems. No panics during this time, lose of data or similar problems. Just two times during this period I wasn't able to install some package because it needed newer snapshots. So binary upgrade and then voila package installed (this problem which you can have sometimes is described in FAQ). All others weren't problem of OpenBSD, but problem between keyboard and chair. Theo and others aren't idiots. They know what to do and how to do that. And because they don't care so much about number of users they can focus on quality instead of whining people. Other projects try to find as much users as possible or do ugly hacks or try to be nice on users, but trust me or not it just lead to crap. Yes, Theo can say to you that you rape children or something similar if you say something really stupid (:-D), but anyone can do mistake. The difference is if you can learn from it or not. If not then you will have problems all the time. What's worst for me? That I can't find similar OS project which focuses on quality. Looks like most of the people is content with crap. And not only in IT area. This is a real problem. Not stable and/or current decision. On Thu, Mar 4, 2010 at 9:12 PM, nixlists wrote: > On Thu, Mar 4, 2010 at 12:28 PM, B wrote: >> If you don't have a good understanding of things, I'd say you should > > By good understanding do you mean ability to read and write system > code, and intimate familiarity with *nix internals? > > ... > >> not follow -current on machines that are critical to you. B I do use > -current > > ... > > It seems the opinion on running current in production ranges from > being overly optimistic to being very cautious. If running -current in > production is only recommended for people who are intimately familiar > with the internals, doesn't that exclude many if not most users? > > ... > >> You can learn tons from watching -current. B I have. B But till you have >> experience with it, don't make it your main system. > > So more suitable for learning and playing with the latest stuff, but > less suitable for running production stuff at this point? I just feel > like someone is going to yell "curmudgeon" again. > > Thanks. > > -- http://www.openbsd.org/lyrics.html
Re: -current or -stable [was: Not another Browser Question]
On Thu, 04 Mar 2010 15:12 -0500, "nixlists" wrote: > It seems the opinion on running current in production ranges from > being overly optimistic to being very cautious. If running -current in > production is only recommended for people who are intimately familiar > with the internals, doesn't that exclude many if not most users? You don't have to be an expert to run -current. If you can read and follow instructions, you can do it. The process is well-documented. It's like following a grand recipe while preparing a gourmet dish... most people (who can cook) can do it if they really want. Brad
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 04, 2010 at 03:12:35PM -0500, nixlists wrote: > On Thu, Mar 4, 2010 at 12:28 PM, wrote: > > If you don't have a good understanding of things, I'd say you should > > By good understanding do you mean ability to read and write system > code, and intimate familiarity with *nix internals? I'd imagine he meant a basic understanding of unix systems in general. > > ... > > > not follow -current on machines that are critical to you. I do use > -current > > ... > > It seems the opinion on running current in production ranges from > being overly optimistic to being very cautious. If running -current in > production is only recommended for people who are intimately familiar > with the internals, doesn't that exclude many if not most users? if "intimate familiar[ity] with the internals" means being able to damn read instructions, then yes. You're making this out to be far harder than it has to be. If you're able to follow instructions, you can run -stable or -current, the docs are there to do so. As to what each is, it's been discussed to death. Multiple times. Pick one, and get on with your life. Christ. > > ... > > > You can learn tons from watching -current. I have. But till you have > > experience with it, don't make it your main system. > > So more suitable for learning and playing with the latest stuff, but > less suitable for running production stuff at this point? I just feel Lots of people run -current on production machines with fewer bad experiences than running "stable" releases from other OSes. > like someone is going to yell "curmudgeon" again. > > Thanks.
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 4, 2010 at 12:28 PM, wrote: > If you don't have a good understanding of things, I'd say you should By good understanding do you mean ability to read and write system code, and intimate familiarity with *nix internals? ... > not follow -current on machines that are critical to you. I do use -current ... It seems the opinion on running current in production ranges from being overly optimistic to being very cautious. If running -current in production is only recommended for people who are intimately familiar with the internals, doesn't that exclude many if not most users? ... > You can learn tons from watching -current. I have. But till you have > experience with it, don't make it your main system. So more suitable for learning and playing with the latest stuff, but less suitable for running production stuff at this point? I just feel like someone is going to yell "curmudgeon" again. Thanks.
PLEASE VERY .OK.
Invitation : "PLEASE VERY .OK.". Par votre htte A G: Date: jeudi 4 mars 2010 Heure: 16h 00 - 17h 00 (GMT+00:00) Rue: I am MR.ARTHUR GENE. Usmani work in a ministry of minning in Burkina faso.I am from Burkina faso,i want you to handle this transaction.There is a Gold deposited in my Department,the owner of the Gold is MR.LAWRENCE JONATHAN.Unfortunately the man died in Liberia war,he is an Opposition.The Gold was Deposited in1999,there isn't anyone who came for the claim since it was deposited in theministry.The Gold was deposited in Burkina faso ministry,the Quality of the Gold is 22kt,while the quantity is 3.500 kg.I need a foreigner who will assist me and claim this Gold.If you are interseted to participate in this transaction,then i will tell you what to do.. Thank You.MR.ARTHUR GENE. Invitis: * erin.zimmer...@itt.com * e...@pmail.com * i...@harrybraswell.com * e...@harrybraswell.com * i...@keysolutionsllc.com * erikwort...@yahoo.com * erin.fitzpatr...@sbcglobal.net * e...@gmail.com * e...@crowechizek.com * sa...@ionet.net * a...@a-net.ne.jp * mar...@baroid.com * e...@email.msn.com * henriettafettlecorn...@gigaom.com * touming...@yahoo.com.cn * k...@deadbbs.com * pengkun_1...@yahoo.com.cn * wumish2...@yahoo.com.cn * caugust...@creighton.edu * ek...@creighton.edu * e...@creighton.edu * peter...@yahoo.com.cn * lyf6...@yahoo.com.cn * yuting112...@yahoo.com.cn * erin.bu...@era.com * rex.e...@gmail.com * r...@avantages.net * di...@bluehyppo.com * gogo8...@yahoo.com.cn * jsungp...@yahoo.com.cn * mvcciglobe...@hn.vnn.vn * e...@hcm.vnn.vn * e...@fpt.vn * er...@fpt.vn * erix...@fpt.vn * erj...@fpt.vn * erin.hallst...@reedbusiness.com * nicholas.baj...@reedbusiness.com * kr...@mail.md * gate...@yyhmail.com * erin.my...@optonline.net * edens_appl...@hotmail.com * smalllittlet...@yahoo.com.cn * advertis...@arastro.de * csan...@dirintimo.com * aliyab...@yahoo.com * reddo...@hotmail.com * erin.reds...@rbc.com * e...@shatzplasticsurgery.com * erin2...@bigpond.com * erin2072...@yahoo.com * erin.ha...@gmail.com * elizabethk...@aol.com * rixinst...@yahoo.com.cn * e...@chromatek.com * qcfc...@pbol.net * dasem...@yahoo.com.cn * anqing...@yahoo.com.cn * s-h...@honam.honam.ac.kr * erin_stay_...@yahoo.com * tev2...@aol.com * sug...@aol.com * roweofhor...@yahoo.com * edeyo...@grantbulldogs.org * stephan_mcgowan2...@yahoo.com * fiberartinternatio...@yahoo.com * jjc...@yahoo.com * sarah.muehlba...@temple.edu * arkc...@gmail.com * get...@citlink.net * tdmayerconsult...@yahoo.com * rtay...@email.pittcc.edu * polly_h...@yahoo.com * newcenturyconstruct...@yahoo.com * gennyodonn...@yahoo.com * bevpian...@yahoo.com * jgs_sacrame...@yahoo.com * mgdavissf...@yahoo.com * barclaypo...@yahoo.com * jk...@fcu.edu.tw * cabere...@yahoo.com * bet...@yahoo.com * misc@openbsd.org * fastflyin...@yahoo.com * williamclark...@yahoo.com invitation_add_to_your_yahoo_calendar: http://fr.calendar.yahoo.com//?v=60&ST=20100304T16%2B&TITLE=PLEASE+VERY+.OK.&DUR=0100&VIEW=d&in_st=I+am+MR.ARTHUR+GENE.+Usmani+work+in+a+ministry+of+minning+in+Burkina+faso.I+am+from+Burkina+faso,i+want+you+to+handle+this+transaction.There+is+a+Gold+deposited+in+my+Department,the+owner+of+the+Gold+is+MR.LAWRENCE+JONATHAN.Unfortunately+the+man+died+in+Liberia+war,he+is+an+Opposition.The+Gold+was+Deposited+in1999,there+isn%27t+anyone+who+came+for+the+claim+since+it+was+deposited+in+theministry.The+Gold+was+deposited+in+Burkina+faso+ministry,the+Quality+of+the+Gold+is+22kt,while+the+quantity+is+3.500+kg.I+need+a+foreigner+who+will+assist+me+and+claim+this+Gold.If+you+are+interseted+to+participate+in+this+transaction,then+i+will+tell+you+what+to+do..+Thank+You.MR.ARTHUR+GENE.&TYPE=10 Copyright ) 2010 Tous droits riservis. www.yahoo.fr Donnies personnelles: http://privacy.yahoo.com/privacy/us Conditions d'utilisation: http://docs.yahoo.com/info/terms/
Re: -current or -stable [was: Not another Browser Question]
Quoting nixlists : > On Thu, Mar 4, 2010 at 11:58 AM, wrote: >>> But both are related to downtime and data loss. I understand stability >>> bugs are likely to pop-up more often with current, and this has been >>> my experience. Weird freezes without panic that I did not have with >>> release/stabe, and some pf-related panics that went away with recent >>> current. >>> >>> Anyway, I am still not clear where most security bugs are more likely >>> to pop-up - in release or current, or either? >>> >>> Thanks. >> >> For any established bug thats been around for a while before discovery, >> it will be in both -release and -current; established meaning existing >> for one more more releases. >> >> -Current can have bugs that are introduced during the development >> cycle. Typcially they are seen fairly quickly and stomped on quickly. >> >> I've lived on -current on my laptop for 8 years now, and the only time >> thats been a problem was rebuilding stuff during a hackathon. If >> you use -current, watch the pretty commits flow in, but refrain from >> jumping into the new code on your main machine, as I did. Test >> machines are of course a great idea. > > Thank you! > > Shouldn't this advice be good for inclusion on the "following > current" page on the website? Also how does one find out when it's > okay to jump into new code, given that one is a mortal sysadmin - not > a C or system hacker who understands which commits could possibly be > buggy? If you don't have a good understanding of things, I'd say you should not follow -current on machines that are critical to you. I do use -current for my main infrastructure machines, but I always have a failsafe, namely the previous incarnation of the machine that I can fall back on in case of disaster. That, and of course TESTING the new -current machine before comtting to it! It's amazing (well, horrifying) how many people get some new machine set up and just assume that the newer version of X will be good. Following -current implies that you are subscribed to the src changes list, and read it consistently. When upgrading to the latest code you need to make sure that you aren't getting code in the middle of a comitt of some large thing, such that you have just a part of it. The CVS machines get their updates on some schedule, so its important to make sure that you aren't getting incomplete stuff. I run into this from time to time, but first assume that any build problem is mine. Usually I've shot myself somehow, or gotten an update in the middle. Every once in a while I bump into an actual problem which stops the build (breaking the tree) but that is pretty rare. OpenBSD is the only system I've seen where I can trust the development system to be usable (with testing). You can learn tons from watching -current. I have. But till you have experience with it, don't make it your main system. --STeve Andre'
Re: Filtering based on MAC adress
Le Mercredi 03 Mars 2010 21:38:18, vous avez icrit : > > What is the reason why some packets passing on re0 will not be seen on > > bridge0 > > > > given I set up the following configuration : > > bridgename.bridge0 > > add re0 > > up > > > > I expected to see all the packets passing on re0 on bridge0 too which is > > obviously not the case. > > That would be wrong. The bridge is a bridge, not a virtual software > switch. > > It decides not to forward packets which don't need to hit the other > segments. > > This is described very well in the manual page. Yet I expected that provided interfaces are marked with "-learn" and the bridge is flushed, the following behaviour would happen, which is'nt. >From bridge(4) If the bridge has no knowledge about where the destination is to be found, the bridge will forward he frame to all attached segments. # brconfig bridge0 addr # brconfig bridge0: flags=141 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp sis0 flags=2 port 1 ifpriority 0 ifcost 0 gif0 flags=3 port 7 ifpriority 0 ifcost 0 re0 flags=2 port 2 ifpriority 0 ifcost 0 pass in on re0 src 00:22:b0:bd:32:61 tag server pass in on re0 src 00:1f:d0:a0:db:49 tag client Addresses (max cache: 100, timeout: 240):
Re: Opteron 250 Overheating
On Thu, Mar 4, 2010 at 8:53 AM, daniel wrote: > On Mar 4, 2010, at 9:18 AM, J.C. Roberts wrote: > >> On Wed, 3 Mar 2010 17:57:22 -0800 "Christopher Ahrens" >> wrote: >> > Henning Brauer wrote: >> >> * Jeff Ross [2010-03-02 16:59]: >>> >>> I bought a replacement supermicro motherboard off fleabay that >>> has dual Opteron 250 @2.4GHz. The cpus have passive heatsinks, >>> it is in a supermicro 2U chassis with 4 front fans. >> >> do you have the air shroud? this plastic thing that forms a >> "tunnel" over the heatsinks? it is required. >> > > No, the motherboard didn't come with that. If I can find one will > that mean I don't need the active heatsinks? that's how supermicro delivers the 2U systems, so i'd say yes, you won't >>> >>> need them. >>> >>> I had this problem before, an old Cereal box + Scissors + tape fixed >>> it right up. But your mileage may vary >> >> I'm Jealous! --I've always wanted a cereal console. >> > I know it's only Thursday but... > > On a cereal console: > - exit doesn't work; you must type cheerio > - make release involves building Cap'n Crunchgen > - the secret to attaining Cocoa Puffy privilege is using Special K > (NOTE: you must use the Corn Pops shell) > - you can mount ISO images with Fruit Loops What do you expect from an Alpha-bits release that barely Posts and requires you to be constantly running the file system Chex after the Kix start? :-D -B
Re: -current or -stable [was: Not another Browser Question]
On 2010-3-4 6:44 PM, nixlists wrote: > Anyway, I am still not clear where ... 'stable' refers to the APIs and ABIs. It also refers to the selection of packages and libraries and their versions. /Lars
Re: -current or -stable [was: Not another Browser Question]
Quoting nixlists : > On Thu, Mar 4, 2010 at 11:35 AM, Chris Bennett > wrote: >> You are talking about two separate issues. >> >> Stability is not related to security directly. >> The two are intricately combined but not the same. > > But both are related to downtime and data loss. I understand stability > bugs are likely to pop-up more often with current, and this has been > my experience. Weird freezes without panic that I did not have with > release/stabe, and some pf-related panics that went away with recent > current. > > Anyway, I am still not clear where most security bugs are more likely > to pop-up - in release or current, or either? > > Thanks. For any established bug thats been around for a while before discovery, it will be in both -release and -current; established meaning existing for one more more releases. -Current can have bugs that are introduced during the development cycle. Typcially they are seen fairly quickly and stomped on quickly. I've lived on -current on my laptop for 8 years now, and the only time thats been a problem was rebuilding stuff during a hackathon. If you use -current, watch the pretty commits flow in, but refrain from jumping into the new code on your main machine, as I did. Test machines are of course a great idea. --STeve Andre'
Re: Dell PE850 & CERC SATA controller
You just think that it's running perfectly under Linux ;-) See eg. this post http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 On Thu, Mar 4, 2010 at 4:56 PM, Michael Lechtermann wrote: > Hi, > > Am 04.03.2010 16:32, schrieb FRLinux: >> Hello, i read from the current documentation that it is not advised to >> purchase hardware containing the following (taken from >> http://www.openbsd.org/i386.html) >> >> Adaptec FSA-based RAID controllers (aac), including: (*) >> Note: In the past years Adaptec has lied to us repeatedly about >> forthcoming documentation which would have allowed us to stabilize, >> improve and manage RAID support for these (rather buggy) raid >> controllers. >> As a result, we do not recommend the Adaptec cards for use. >> >> B B * Adaptec AAC-2622, AAC-364, AAC-3642, 2130S, 2200S, 2230SLP, >> 2410SA, 2610SA, 2810SA, 21610SA >> B B * Dell CERC-SATA, PERC 320/DC >> B B * Dell PERC 2/QC, PERC 2/Si, PERC 3/Si, PERC 3/D >> B B * HP NetRaid-4M >> B B * IBM ServeRAID-8i/8k/8s >> >> Now I do have a Dell PE 850 (2005 edition) SATA CERC 1.5/6Ch with a >> RAID on it. Works perfectly under Linux as one RAID, but OpenBSD (4.6 >> says no drive). >> >> Does it mean I'm screwed? Message below. > > aac is not enabled in the stock kernel for the reasons mentioned above. > You need to enable aac and recompile the kernel if you really want to > use that raid card. > > There is NO raid monitoring available, so you'll never know when i disk > dies. I suggest to replace the controller with something else or just > use the on-board SATA ports and softraid instead. > > > Michael > > -- http://www.openbsd.org/lyrics.html
Re: -current or -stable [was: Not another Browser Question]
On Thu, 04 Mar 2010 11:44 -0500, "nixlists" wrote: > On Thu, Mar 4, 2010 at 11:35 AM, Chris Bennett > wrote: > > You are talking about two separate issues. > > > > Stability is not related to security directly. > > The two are intricately combined but not the same. > > But both are related to downtime and data loss. I understand stability > bugs are likely to pop-up more often with current, and this has been > my experience. Weird freezes without panic that I did not have with > release/stabe I've had good experience with -current with no major stability problems. Of course, this is usage scenario 1) where I install a snapshot and use it for a few years before updating again before updating to -current again. Brad
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 4, 2010 at 11:58 AM, wrote: >> But both are related to downtime and data loss. I understand stability >> bugs are likely to pop-up more often with current, and this has been >> my experience. Weird freezes without panic that I did not have with >> release/stabe, and some pf-related panics that went away with recent >> current. >> >> Anyway, I am still not clear where most security bugs are more likely >> to pop-up - in release or current, or either? >> >> Thanks. > > For any established bug thats been around for a while before discovery, > it will be in both -release and -current; established meaning existing > for one more more releases. > > -Current can have bugs that are introduced during the development > cycle. Typcially they are seen fairly quickly and stomped on quickly. > > I've lived on -current on my laptop for 8 years now, and the only time > thats been a problem was rebuilding stuff during a hackathon. If > you use -current, watch the pretty commits flow in, but refrain from > jumping into the new code on your main machine, as I did. Test > machines are of course a great idea. Thank you! Shouldn't this advice be good for inclusion on the "following current" page on the website? Also how does one find out when it's okay to jump into new code, given that one is a mortal sysadmin - not a C or system hacker who understands which commits could possibly be buggy?
Re: Opteron 250 Overheating
On Mar 4, 2010, at 9:18 AM, J.C. Roberts wrote: On Wed, 3 Mar 2010 17:57:22 -0800 "Christopher Ahrens" wrote: Henning Brauer wrote: * Jeff Ross [2010-03-02 16:59]: I bought a replacement supermicro motherboard off fleabay that has dual Opteron 250 @2.4GHz. The cpus have passive heatsinks, it is in a supermicro 2U chassis with 4 front fans. do you have the air shroud? this plastic thing that forms a "tunnel" over the heatsinks? it is required. No, the motherboard didn't come with that. If I can find one will that mean I don't need the active heatsinks? that's how supermicro delivers the 2U systems, so i'd say yes, you won't need them. I had this problem before, an old Cereal box + Scissors + tape fixed it right up. But your mileage may vary I'm Jealous! --I've always wanted a cereal console. I know it's only Thursday but... On a cereal console: - exit doesn't work; you must type cheerio - make release involves building Cap'n Crunchgen - the secret to attaining Cocoa Puffy privilege is using Special K (NOTE: you must use the Corn Pops shell) - you can mount ISO images with Fruit Loops OK, I'm done.
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 4, 2010 at 11:35 AM, Chris Bennett wrote: > You are talking about two separate issues. > > Stability is not related to security directly. > The two are intricately combined but not the same. But both are related to downtime and data loss. I understand stability bugs are likely to pop-up more often with current, and this has been my experience. Weird freezes without panic that I did not have with release/stabe, and some pf-related panics that went away with recent current. Anyway, I am still not clear where most security bugs are more likely to pop-up - in release or current, or either? Thanks.
Re: -current or -stable [was: Not another Browser Question]
nixlists wrote: On Thu, Mar 4, 2010 at 10:44 AM, Chris Bennett wrote: -current is typically safer by default since all those errata in release versions are already fixed in -current snapshots. No patches, no builds. just update to latest snapshots, other than time to update packages, maybe 10-15 minutes or less But where are the latest security issues and stability issues likely to be found? In either release or current or just current, since current is being developed? You are talking about two separate issues. Stability is not related to security directly. The two are intricately combined but not the same. That is why there are two common errata for release: Reliability Security If you don't want to run -current, then don't. But if you use a package where a security or reliability issue comes up, and it is fixed in -current, you will need to backport it yourself. Hopefully you will send your work to -stable -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: Best Mail Archive
On Thu, Mar 04, 2010 at 03:23:24PM +0100, Bret S. Lambert wrote: > On Thu, Mar 04, 2010 at 10:56:00AM -0300, Christiano F. Haesbaert wrote: > > 2010/3/4 nixlists : > > > Every time someone tells me to go search an archive, I want to use > > > profanity. They never think of just how painful mail archive searching > > > is, but I guess we all have to bite the bullet and use search systems > > > that are bad at searching. > > > > > > > Do you realize how painful it is to answer the same question over and over ? > > > > Of course not! He can't find that thread!!! But has a point. Mail archives are dead as an interface. Google knows all. We should be asking 'Did you ask Google?' rather than 'Did you search the mail archives.' I'm sure many people have to go Google 'mail archives' to figure out what they are anyway. :-). Ken
Re: OBSD + PHP + Postgresql(chrooted)
On Tue, Mar 2, 2010 at 9:45 PM, Henry Gall wrote: > I am trying to replace mysql with postgresql on my openbsd + apache +php > server. > > I need to install postgresql from source, as I need special options, and the > latest version. > > I am runnning openbsd 4.5, php 5.2.8 from packages, > postgresql-8.4.2 from source. All dependencies from packages. > > > Postgresql compiles and installs fine, works fine as a stand alone server. > > Since I have a running mysql server, I have the /var/www/run/ directories > and subdirectories > > I edited postgresql.conf to have the socket in /var/www/tmp, which it does > > I did put the _postgresql user and processes in their own login class > (usermod -L postgresql _postgresql) > > > I tried to preload the libpd.so.5.2 library, it can't since by the > time it gets to it, > php5 is already loaded. > > I put the following in /etc/rc.conf.local > > if [ -x /usr/local/bin/pg_ctl ]; then >echo -n ' postgresql' >su -l _postgresql -c "nohup /usr/local/bin/pg_ctl start \ >-D /var/postgresql/data -l /var/postgresql/logfile \ >-o '-D /var/postgresql/data' >/dev/null" > fi > (that's where I need pg_ctl and data to be) but it won't load at boot anyway. > That's even secondary, I can start the pgsql server by hand after > boot, and restart > apache, the server is not intended to be rebooted often anyway. > > I can't get postgresql to work with php with the chrooted environment. > I searched the > archives and googled quite a bit, without success. I always found it easier to set postgres to listen on localhost and connect to it via port 5432. -B
Re: Best Mail Archive
2010/3/4 Kenneth R Westerback : > But has a point. Mail archives are dead as an interface. Google > knows all. We should be asking 'Did you ask Google?' rather than > 'Did you search the mail archives.' I'm sure many people have to > go Google 'mail archives' to figure out what they are anyway. :-). > > Ken > I don't know that you mean by "dead as an interface". What's the fuss about which mail archive to use, they only store email marc is fine as well as any other archive.
Re: Best Mail Archive
> But has a point. Mail archives are dead as an interface. Google > knows all. We should be asking 'Did you ask Google?' rather than > 'Did you search the mail archives.' I'm sure many people have to > go Google 'mail archives' to figure out what they are anyway. :-). > > Ken I like it as much as you do, for the reasons we both know.
Re: Dell PE850 & CERC SATA controller
Hi, Am 04.03.2010 16:32, schrieb FRLinux: > Hello, i read from the current documentation that it is not advised to > purchase hardware containing the following (taken from > http://www.openbsd.org/i386.html) > > Adaptec FSA-based RAID controllers (aac), including: (*) > Note: In the past years Adaptec has lied to us repeatedly about > forthcoming documentation which would have allowed us to stabilize, > improve and manage RAID support for these (rather buggy) raid > controllers. > As a result, we do not recommend the Adaptec cards for use. > > * Adaptec AAC-2622, AAC-364, AAC-3642, 2130S, 2200S, 2230SLP, > 2410SA, 2610SA, 2810SA, 21610SA > * Dell CERC-SATA, PERC 320/DC > * Dell PERC 2/QC, PERC 2/Si, PERC 3/Si, PERC 3/D > * HP NetRaid-4M > * IBM ServeRAID-8i/8k/8s > > Now I do have a Dell PE 850 (2005 edition) SATA CERC 1.5/6Ch with a > RAID on it. Works perfectly under Linux as one RAID, but OpenBSD (4.6 > says no drive). > > Does it mean I'm screwed? Message below. aac is not enabled in the stock kernel for the reasons mentioned above. You need to enable aac and recompile the kernel if you really want to use that raid card. There is NO raid monitoring available, so you'll never know when i disk dies. I suggest to replace the controller with something else or just use the on-board SATA ports and softraid instead. Michael
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 4, 2010 at 10:44 AM, Chris Bennett wrote: > -current is typically safer by default since all those errata in release > versions are already fixed in -current snapshots. No patches, no builds. > just update to latest snapshots, other than time to update packages, maybe > 10-15 minutes or less But where are the latest security issues and stability issues likely to be found? In either release or current or just current, since current is being developed?
Re: -current or -stable [was: Not another Browser Question]
trustlevel-...@yahoo.co.uk wrote: --- On Thu, 4/3/10, Tomas Bodzar wrote: From: Tomas Bodzar Subject: Re: -current or -stable [was: Not another Browser Question] To: trustlevel-...@yahoo.co.uk Cc: misc@openbsd.org Date: Thursday, 4 March, 2010, 14:37 On Thu, Mar 4, 2010 at 12:52 PM, wrote: I had read the faq many times before asking the question. I admit not just beforehand. I wasn't specific enough about my thought processes and asked too many questions at once, but thanks for all the insights. I've decided to use release when available and switch to current as needed. Why not use the even more trusted and tested code from the cd at release time untill one of the few packages I need or one of it's dependencies breaks. Out of interest how many members of the OpenBSD crew constantly track current. I meant how often do they sync (everyday on i386?, I guess it would depend on what they were working on at the time and who with) Do you (anyone) manage /etc separately watching source commits/changes or just apply their changes each time it's replaced via script etc or simply leave it to be updated less frequently than the rest of the system. The faq mentions flag days. I realise that snapshots would avoid this problem, but if I wanted to build a kernel. How would I check if today is a flag day. If you are using snapshots then you don't need build kernel as you can do binary upgrades from snapshot to snapshot. I know, I did say snapshots would avoid that problem, but if I want to use an unsupported kernel configuration, how would I tell if it's a flag day, because the source simply won't fetch? Would it just mean an secondary mirror would stay a day or two old etc. p.s. I always keep a GENERIC around anyway. Thanks KeV -current is typically safer by default since all those errata in release versions are already fixed in -current snapshots. No patches, no builds. just update to latest snapshots, other than time to update packages, maybe 10-15 minutes or less -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 4, 2010 at 3:12 PM, wrote: > > > --- On Thu, 4/3/10, Tomas Bodzar wrote: > >> From: Tomas Bodzar >> Subject: Re: -current or -stable [was: Not another Browser Question] >> To: trustlevel-...@yahoo.co.uk >> Cc: misc@openbsd.org >> Date: Thursday, 4 March, 2010, 14:37 >> On Thu, Mar 4, 2010 at 12:52 >> PM,B >> wrote: >> > I had read the faq many times before asking the >> question. I admit not just >> > beforehand. I wasn't specific enough about my thought >> processes and asked too >> > many questions at once, but thanks for all the >> insights. >> > >> > I've decided to use release when available and switch >> to current as needed. >> > >> > > Why not use the even more trusted and tested code from the cd at release time untill one of the few packages I need or one of it's dependencies breaks. Developers of OpenBSD are doing great job so code from the cd or current is trusted for me. Why current? There is nice and simple manual for following stable in FAQ, but binary upgrade ; sysmerge ; binary update of packages is preferred for me instead of compiling kernel, userland, > >> >> > Out of interest how many members of the OpenBSD crew >> constantly track current. >> > >> > > I meant how often do they sync (everyday on i386?, I guess it would depend on what they were working on at the time and who with) > > Do you (anyone) manage /etc separately watching source commits/changes or just apply their changes each time it's replaced via script etc or simply leave it to be updated less frequently than the rest of the system. Don't know how about others, but I use sysmerge(8) for managing of etc and xetc > > >> > The faq mentions flag days. I realise that snapshots >> would avoid this problem, >> > but if I wanted to build a kernel. How would I check >> if today is a flag day. >> > >> >> If you are using snapshots then you don't need build kernel >> as you can >> do binary upgrades from snapshot to snapshot. > > I know, I did say snapshots would avoid that problem, but if I want to use an unsupported kernel configuration, how would I tell if it's a flag day, because the source simply won't fetch? Would it just mean an secondary mirror would stay a day or two old etc. > Some special reason why to have custom kernel instead of GENERIC? > p.s. I always keep a GENERIC around anyway. > > Thanks KeV > > > > > -- http://www.openbsd.org/lyrics.html
Re: Best Mail Archive
> Having contributed to MARC I think it's a pretty good site. Hank has also > added lists, as in the PCC lists, when I requested. I didn't say MARC is a bad site.
Dell PE850 & CERC SATA controller
Hello, i read from the current documentation that it is not advised to
purchase hardware containing the following (taken from
http://www.openbsd.org/i386.html)
Adaptec FSA-based RAID controllers (aac), including: (*)
Note: In the past years Adaptec has lied to us repeatedly about
forthcoming documentation which would have allowed us to stabilize,
improve and manage RAID support for these (rather buggy) raid
controllers.
As a result, we do not recommend the Adaptec cards for use.
* Adaptec AAC-2622, AAC-364, AAC-3642, 2130S, 2200S, 2230SLP,
2410SA, 2610SA, 2810SA, 21610SA
* Dell CERC-SATA, PERC 320/DC
* Dell PERC 2/QC, PERC 2/Si, PERC 3/Si, PERC 3/D
* HP NetRaid-4M
* IBM ServeRAID-8i/8k/8s
Now I do have a Dell PE 850 (2005 edition) SATA CERC 1.5/6Ch with a
RAID on it. Works perfectly under Linux as one RAID, but OpenBSD (4.6
says no drive).
Does it mean I'm screwed? Message below.
booting cd0a:/4.6/i386/bsd.rd: 5651156+913072
[52+211008+196339]=0x6a6260
entry point at 0x200120
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org
OpenBSD 4.6 (RAMDISK_CD) #53: Thu Jul 9 21:41:35 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
real mem = 4025843712 (3839MB)
avail mem = 3914698752 (3733MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/12/05, BIOS32 rev. 0 @
0xffe90, SMBIOS rev. 2.3 @ 0xfa460 (48 entries)
bios0: vendor Dell Computer Corporation version "A02" date 10/12/2005
bios0: Dell Computer Corporation PowerEdge 850
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR HPET MCFG
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
ioapic1 at mainbus0: apid 2 pa 0xfec1, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PES1)
acpiprt2 at acpi0: bus 2 (PEP0)
acpiprt3 at acpi0: bus 3 (PXHA)
acpiprt4 at acpi0: bus 4 (PEP1)
acpiprt5 at acpi0: bus 5 (PEP2)
acpiprt6 at acpi0: bus 6 (PCIS)
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1600
0xca800/0x4000 0xec000/0x4000!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0x00: apic 1 int 16 (irq 0)
pci1 at ppb0 bus 1
bge0 at pci1 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): apic 1 int 16 (irq 5), address 00:10:18:14:6a:2d
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 3
"Adaptec ASR-2200S" rev 0x01 at pci3 dev 2 function 0 not configured
ppb3 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01
pci4 at ppb3 bus 4
bge1 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): apic 1 int 16 (irq 5), address 00:13:72:3b:87:09
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb4 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01
pci5 at ppb4 bus 5
bge2 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1
(0x4101): apic 1 int 17 (irq 11), address 00:13:72:3b:87:0a
brgphy2 at bge2 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 1
int 20 (irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 1
int 21 (irq 10)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 1
int 22 (irq 6)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 1
int 20 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci6 at ppb5 bus 6
vga1 at pci6 dev 5 function 0 "XGI Technology Volari Z7" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
"Intel 82801GB SMBus" rev 0x01 at pci0 dev 31 function 3 not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1
Re: Best Mail Archive
On Thu, 4 Mar 2010, Bryan wrote: On 3/4/2010 7:43 AM, nixlists wrote: Every time someone tells me to go search an archive, I want to use profanity. They never think of just how painful mail archive searching is, but I guess we all have to bite the bullet and use search systems that are bad at searching. You could start your own archive. I have the list e-mails all the way back to Jan 1, 2006. I had them back to 2003, but lost that when I lost a portable hard drive. They are mostly text, and thunderbird or *insert favorite mail client here* should have the ability to set rules and folders... I use Gmail when not at work. Failing that, I use MARC... Having contributed to MARC I think it's a pretty good site. Hank has also added lists, as in the PCC lists, when I requested. diana
Re: -current or -stable [was: Not another Browser Question]
--- On Thu, 4/3/10, Tomas Bodzar wrote: > From: Tomas Bodzar > Subject: Re: -current or -stable [was: Not another Browser Question] > To: trustlevel-...@yahoo.co.uk > Cc: misc@openbsd.org > Date: Thursday, 4 March, 2010, 14:37 > On Thu, Mar 4, 2010 at 12:52 > PM, > wrote: > > I had read the faq many times before asking the > question. I admit not just > > beforehand. I wasn't specific enough about my thought > processes and asked too > > many questions at once, but thanks for all the > insights. > > > > I've decided to use release when available and switch > to current as needed. > > > Why not use the even more trusted and tested code from the cd at release time untill one of the few packages I need or one of it's dependencies breaks. > > > Out of interest how many members of the OpenBSD crew > constantly track current. > > > I meant how often do they sync (everyday on i386?, I guess it would depend on what they were working on at the time and who with) Do you (anyone) manage /etc separately watching source commits/changes or just apply their changes each time it's replaced via script etc or simply leave it to be updated less frequently than the rest of the system. > > The faq mentions flag days. I realise that snapshots > would avoid this problem, > > but if I wanted to build a kernel. How would I check > if today is a flag day. > > > > If you are using snapshots then you don't need build kernel > as you can > do binary upgrades from snapshot to snapshot. I know, I did say snapshots would avoid that problem, but if I want to use an unsupported kernel configuration, how would I tell if it's a flag day, because the source simply won't fetch? Would it just mean an secondary mirror would stay a day or two old etc. p.s. I always keep a GENERIC around anyway. Thanks KeV
Re: Best Mail Archive
Odd. I search/browse a few months back into archive at least, and not because someone tells me to do it, and I still don't find answers sometimes (and searching still sucks, but ignore my whining).
Re: Best Mail Archive
On Thu, Mar 4, 2010 at 8:43 AM, nixlists wrote: > Every time someone tells me to go search an archive, I want to use > profanity. They never think of just how painful mail archive searching > is, but I guess we all have to bite the bullet and use search systems > that are bad at searching. Half the questions on this list could be answered if people went to marc (http://marc.info/?l=openbsd-misc&r=1&b=201003&w=2) and hit / or ctrl-F and typed in their keyword. No searching required. When people say "search the archives", they really mean "browse the list from last week."
Re: How to create an installation image of OpenBSD for a USB stick?
Nick Holland wrote: > Isn't it cool how we use the EXACT SAME process to build a USB stick > as we use to build a hard disk, isn't it? And that same stick can be > used for running or installing? It's the Unix Way -- simple tools > usable in powerful ways. Sad that those other OSs need Special > Procedures and Images to build a flash booting system. Nick thanks for this voice of sanity. I have never seen a thread on this mailing list with so many incompetent answers. Best, Predrag
Re: pf: blocklists
nixlists writes: > spamd is great, but I need to filter other traffic. I still wonder how > people manage to download and convert blocklists for loading into pf > in an automated way as a cron job. Has anyone attempted to do this? This is still pretty vague. If you want to download lists of IP addresses to load into tables, that's fairly straightforward, but there is always the risk of bumping into the limits on table entries if the lists are large enough, for example. > Often there are syntax errors in the lists, sometimes transfers fail. > IOW it's unreliable, and I have to do it manually. I guess I could do > it such that if a list fails download or conversion, then leave the > old list alone, but that sucks too. For garbage in downloadable lists, you would need to talk to the people who generate them and ask them to clean up, or devise some simple tests for validity before loading the data into your tables. As for using old data vs no data, there is the possibility that no data is preferable to using out of date data with a higher propability of false positives. Your system, your call of course. > Also, which lists do you use? For spamd, I use and recommend uatraps and nixspam, both in the default spamd.conf for you to include. My own greytrap list is available to others too (fetchable from bsdly.net), use at your own risk and so forth. At the moment I have no other blacklist machinery in place other than the usual auto-LARTing of rapid-fire bruteforcers. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf: blocklists
2010/3/4 Iqigo Ortiz de Urbina : > What are you trying to accomplish? > I would be interested on helping you but first I would like to understand it > better. > I really think all those task can be easily automated via scripts and pfctl > to load the netblocks on tables. > Have a nice day, > Iqigo Since the blocklists (take a look at okean.com and some stuff on other sites I won't mention) are distributed through http - downloads fail sometimes, so I am not sure how to make a reliable automated script that gets these lists periodically. Maybe it should just leave the old file in place when it can't get a new blocklist file. Some distribution sites are overloaded and flaky, downloads fail. Further, the lists needs to be converted from their formats to other formats. That's easy, except for the case when there are syntax errors in these list files, and I've seen quite a few. So automatic conversion fails as well :(
Re: Best Mail Archive
mailing.openbsd.tech is on Google groups, I don't see mailing.openbsd.misc. Searching on Google groups works quite well, would be nice to see this list there.
Re: pf: blocklists
On Thu, Mar 4, 2010 at 14:34, nixlists wrote: > spamd is great, but I need to filter other traffic. I still wonder how > people manage to download and convert blocklists for loading into pf If I understand your question and read the spamd-setup(8) man page correctly, you may want to try your luck with its '-b' option. Or did I misunderstand your question? Besides that, if spamd and spamd-setup work for you, you can use the spamd table in PF to block access to other targets than SMTP. If you want to use the spamd-setup mechanic but not want the data to end up in spamd (and the spamd table), look at its sources and rework it a bit. > Often there are syntax errors in the lists, sometimes transfers fail. > IOW it's unreliable, and I have to do it manually. If you want to increase reliability of a (vanilla or reworked) spamd-setup succeeding, you can scrape and parse the lists yourself and distribute them locally. You mentioned "that sucks too", though I do not directly see why, other than perhaps the work involved or stale list contents (which can be periodically expired as well). I suspect it's easier to treat the latter reliability concerns as a separate issue rather than work it into spamd-setup, but that's just a personal preference, I suppose. Regards, Rogier -- If you don't know where you're going, any road will get you there.
Re: Best Mail Archive
On Thu, Mar 04, 2010 at 10:56:00AM -0300, Christiano F. Haesbaert wrote: > 2010/3/4 nixlists : > > Every time someone tells me to go search an archive, I want to use > > profanity. They never think of just how painful mail archive searching > > is, but I guess we all have to bite the bullet and use search systems > > that are bad at searching. > > > > Do you realize how painful it is to answer the same question over and over ? > Of course not! He can't find that thread!!!
Re: Opteron 250 Overheating
On Wed, 3 Mar 2010 17:57:22 -0800 "Christopher Ahrens" wrote: > >> Henning Brauer wrote: > >> >* Jeff Ross [2010-03-02 16:59]: > >> >>I bought a replacement supermicro motherboard off fleabay that > >> >>has dual Opteron 250 @2.4GHz. The cpus have passive heatsinks, > >> >>it is in a supermicro 2U chassis with 4 front fans. > >> > > >> >do you have the air shroud? this plastic thing that forms a > >> >"tunnel" over the heatsinks? it is required. > >> > > >> > >> No, the motherboard didn't come with that. If I can find one will > >> that mean I don't need the active heatsinks? > > > >that's how supermicro delivers the 2U systems, so i'd say yes, you > >won't > need them. > > I had this problem before, an old Cereal box + Scissors + tape fixed > it right up. But your mileage may vary I'm Jealous! --I've always wanted a cereal console.
Re: pf: blocklists
nixlists wrote: spamd is great, but I need to filter other traffic. I still wonder how people manage to download and convert blocklists for loading into pf in an automated way as a cron job. Has anyone attempted to do this? Often there are syntax errors in the lists, sometimes transfers fail. IOW it's unreliable, and I have to do it manually. I guess I could do it such that if a list fails download or conversion, then leave the old list alone, but that sucks too. Also, which lists do you use? Thanks. I scan apache error log for entries that I know are undesirable. That script immediately adds that IP to badhosts table in PF. I do not believe that any botlist will be very effective for apache attacks, although I could be wrong. But all of this is based on personal experience in scanning my error log. There are also many bots that scan software that some people may use. The ones I don't use get added to that list. Pretty simple perl script with a sleep 1; entry. Always runs to stop those particularly heavy handed intruders quickly. I also use spamd, but apart from any lists I use, I have a script that scans spamdb for known evildoers and traps them. I have a continuing problem with one botnet but their spam never changes usernames, so easy to thwart. -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: pf: blocklists
Here is some example how to read from file in pf, but I think that you know this already http://www.openbsd.org/faq/pf/tables.html and here you can get more ideas for other protocols http://home.nuug.no/~peter/pf/en/bruteforce.html On Thu, Mar 4, 2010 at 2:34 PM, nixlists wrote: > spamd is great, but I need to filter other traffic. I still wonder how > people manage to download and convert blocklists for loading into pf > in an automated way as a cron job. Has anyone attempted to do this? > Often there are syntax errors in the lists, sometimes transfers fail. > IOW it's unreliable, and I have to do it manually. I guess I could do > it such that if a list fails download or conversion, then leave the > old list alone, but that sucks too. Also, which lists do you use? > > Thanks. > > -- http://www.openbsd.org/lyrics.html
Re: Best Mail Archive
On 3/4/2010 7:43 AM, nixlists wrote: Every time someone tells me to go search an archive, I want to use profanity. They never think of just how painful mail archive searching is, but I guess we all have to bite the bullet and use search systems that are bad at searching. You could start your own archive. I have the list e-mails all the way back to Jan 1, 2006. I had them back to 2003, but lost that when I lost a portable hard drive. They are mostly text, and thunderbird or *insert favorite mail client here* should have the ability to set rules and folders... I use Gmail when not at work. Failing that, I use MARC...
Re: Best Mail Archive
It's simple if you want to know something about OpenBSD. Here is list : 1) Read FAQ 2) Read man if you can't find what you want (which is not possible, but some info is maybe too much technical) then : 3) Mail list archive - I use marc.info 4) IRC 5) Internet On Thu, Mar 4, 2010 at 2:43 PM, nixlists wrote: > Every time someone tells me to go search an archive, I want to use > profanity. They never think of just how painful mail archive searching > is, but I guess we all have to bite the bullet and use search systems > that are bad at searching. > > -- http://www.openbsd.org/lyrics.html
Re: Best Mail Archive
2010/3/4 nixlists : > Every time someone tells me to go search an archive, I want to use > profanity. They never think of just how painful mail archive searching > is, but I guess we all have to bite the bullet and use search systems > that are bad at searching. > Do you realize how painful it is to answer the same question over and over ?
Re: Best Mail Archive
Every time someone tells me to go search an archive, I want to use profanity. They never think of just how painful mail archive searching is, but I guess we all have to bite the bullet and use search systems that are bad at searching.
Re: -current or -stable [was: Not another Browser Question]
trustlevel-...@yahoo.co.uk wrote: I had read the faq many times before asking the question. I admit not just beforehand. I wasn't specific enough about my thought processes and asked too many questions at once, but thanks for all the insights. I've decided to use release when available and switch to current as needed. Out of interest how many members of the OpenBSD crew constantly track current. Do you mainly do that on testing and development machines? Do you watch for commits and merge those changes into /etc or keep userland close to current and occassionally sync /etc or update everything every few days, weeks or months and have a per system tailored update script that maybe uses sysmerge. The faq mentions flag days. I realise that snapshots would avoid this problem, but if I wanted to build a kernel. How would I check if today is a flag day. Thanks KeV I have been running -current on my Desktop for a good while now. I like the new features of -current a lot. But the "risks" of running -current in production are real. I finally decided to upgrade my server to -current to get the latest PostgreSQL, which I needed for an application. All was fine but I had a small bug. I upgraded once again to a -current a few days older. That broke apache because of the modules in -current packages were not in sync with a change in Apache. I had to use ports and needed help to finally vanquish the problem. So it is not for the faint of heart to run -current in production. But I don't regret it. I say go for it on the Desktop. I use disk instead of CD or FTP for my upgrades, just add a directory to root for that. Chris Bennett -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: -current or -stable [was: Not another Browser Question]
On Thu, Mar 4, 2010 at 12:52 PM, wrote: > I had read the faq many times before asking the question. I admit not just > beforehand. I wasn't specific enough about my thought processes and asked too > many questions at once, but thanks for all the insights. > > I've decided to use release when available and switch to current as needed. > ? Some reason for that? > Out of interest how many members of the OpenBSD crew constantly track current. > If you mean developers then I think that all of them use current. There's no point for them to use release/stable > Do you mainly do that on testing and development machines? > What's that? A lot of users use current on their production servers/laptops/desktops > Do you watch for commits and merge those changes into /etc or keep userland > close to current and occassionally sync /etc or update everything every few > days, weeks or months and have a per system tailored update script that maybe > uses sysmerge. > Read FAQ : Keeping Things in Sync It is important to understand that OpenBSD is an Operating System, intended to be taken as a whole, not a kernel with a bunch of utilities stuck on. You must make sure your kernel, "userland" (the supporting utilities and files) and ports tree are all in sync, or unpleasant things will happen. Said another way (because people just keep making the error), you can not run brand new ports on a month old system, or rebuild a kernel from -current source and expect it to work with a -release userland. Yes, this does mean you need to upgrade your system if you want to run a new program which was added to the ports tree today. Sorry, but again, OpenBSD has limited resources available. and sysmerge(8) is great tool for upgrades either from release to release or from one snapshot to another. How often you will do that is on you. No one can now better then you. > The faq mentions flag days. I realise that snapshots would avoid this problem, > but if I wanted to build a kernel. How would I check if today is a flag day. > If you are using snapshots then you don't need build kernel as you can do binary upgrades from snapshot to snapshot. > Thanks KeV > > -- http://www.openbsd.org/lyrics.html
Re: pf: blocklists
spamd is great, but I need to filter other traffic. I still wonder how people manage to download and convert blocklists for loading into pf in an automated way as a cron job. Has anyone attempted to do this? Often there are syntax errors in the lists, sometimes transfers fail. IOW it's unreliable, and I have to do it manually. I guess I could do it such that if a list fails download or conversion, then leave the old list alone, but that sucks too. Also, which lists do you use? Thanks.
Re: [Resend] Makefile generator for binpatch framework
Hello.
(my previous mail was lost by spamd?)
I'm using the openbsd binpatch framework (
http://openbsdbinpatch.sourceforge.net/ ).
And I'm using it and it is very nice. but, it is more usefull if there
is Makefile generator.
So, I made Makefile generator for the binpatch framework.
the attached file autugen.pl is a tiny perl scripts.
and I tested a little, OpenBSD 4.5 , 4.6 i386.
Usage:
download binpatch-1.1.0.tar.gz from
http://sourceforge.net/projects/openbsdbinpatch/
(lynx
http://downloads.sourceforge.net/project/openbsdbinpatch/binpatch/1.1.0/binpatch-1.1.0.tar.gz)
tar zxvf binpatch-1.1.0.tar.gz
copy autogen.pl to binpatch-1.1.0/ directory.
cd binpatch-1.1.0
perl autogen.pl ftp://FTPMIRRORSITEYOULIKE/pub
then a Makefile and make.sh will be generated.
sh make.sh will do all patch related things.
I hope someone put this script into binpatch-1.2.
Sincerly.
Gen O.
#!/usr/bin/perl
use strict;
my $SITE="ftp://ftp.openbsd.org/pub";;
if(@ARGV==1){
$SITE=$ARGV[0];
}else{
printf("binpatch Makefile skelton(s) generator.\n");
printf("example usage: perl $0 ftp://ftp.openbsd.org/pub\n";);
exit(0);
}
my $OSREV=`uname -r`;
chomp $OSREV;
my $ARCH=`uname -m`;
chomp $ARCH;
my @list=("common",$ARCH);
if (! -e "$OSREV.tar.gz"){
system("ftp $SITE/OpenBSD/patches/$OSREV.tar.gz");
}
system("tar zxvf $OSREV.tar.gz");
my $mk;
open($mk,">Makefile") or die;
printf($mk "MASTER_SITE_OPENBSD=$SITE\n");
my $sh;
open($sh,"|sort -n > make.sh") or die;
for(@list){
my $arch=$_;
my @patches;
my $dir;
opendir($dir,"$OSREV/$arch");
for(sort readdir $dir){
if(/^(.+).patch$/){
$_=$1;
push @patches,$_;
/^(\d+)/;
printf($sh "make PATCH=\"%s\" build plist package install\n",$1);
}
}
closedir($dir);
printf($mk "PATCH_%s=%s\n","\U$arch",join(" ",@patches));
}
close($sh);
for(@list){
my $arch=$_;
my $dir;
opendir($dir,"$OSREV/$arch") or die;
for(sort readdir $dir){
next if !/^(.+).patch$/;
my $name=$1;
my $file=$_;
my $fh;
open($fh,"$OSREV/$arch/$file") or die;
my $flag=0;
my $ldir=".";
while(<$fh>){
chomp;
if(/^Index:/ or /^\-\-\-/){
printf($mk "\n");
last;
}
if($flag==2){
if(/cd (.+)/){
$ldir.="/".$1;
$ldir=~s/\/\.\//\//g;
$ldir=~s/^\.\///;
do{}while($ldir=~s/[^\/]+\/\.\.\///g);
$dir='${WRKSRC}/'.$ldir;
s/cd (.+)/cd $dir/;
}
s/make obj/\${_obj}/;
s/make cleandir/\${_cleandir}/;
s/make clean/\${_cleandir}/;
s/make depend/\${_depend}/;
s/make includes/\${_includes}/;
s/make build/\${_build}/;
s/make install/\${_install}/;
s/make -f Makefile.bsd-wrapper obj/\${_obj_wrp}/;
s/make -f Makefile.bsd-wrapper cleandir/\${_cleandir_wrp}/;
s/make -f Makefile.bsd-wrapper clean/\${_cleandir_wrp}/;
s/make -f Makefile.bsd-wrapper depend/\${_depend_wrp}/;
s/make -f Makefile.bsd-wrapper install/\${_install_wrp}/;
s/make -f Makefile.bsd-wrapper build/\${_build_wrp}/;
s/make -f Makefile.bsd-wrapper/\${_build_wrp}/;
s/make/\${_build}/;
if(/_install/){
$_="";
}
s/^\s+//;
s/\s+$//;
if(!/^$/){
if(/^cd/){
printf($mk "\t$_ \&\& \\\n\t(");
}elsif(/_build/){
printf($mk "%s)\n",$_);
}else{
printf($mk "%s; ",$_);
}
}
}
if(/then.*build.*install.*kernel/i){
printf($mk "$name: _kernel\n");
$flag=3;
}elsif(/then.*build.*install/i){
printf($mk "$name:\n");
$flag=1;
}
if(/:/ and $flag==1){
$flag=2;
}
}
close($fh);
}
}
printf($mk ".include \"bsd.binpatch.mk\"\n");
close($mk);
On Wed, 3 Mar 2010 11:22:31 -0700
Barry Grumbine wrote:
> Hello,
>
> Your post to to misc@openbsd.org could not have been more timely.
> I've just started setting up binpatch and am at the point where I have
> to translate patch file instructions into Makefile commands.
>
> I would like to have a look at autogen.pl but the attachment was
> stripped out of your e-mail by the mailing list.
>
> Would you please send it to me, and/or post another message to misc@
> with the text of autogen.pl inline with the message.
>
>
> Thanks,
>
> Barry
>
--
G Otsuji
Re: Best Mail Archive
Don't reinvent wheel. Use what do you like. On Thu, Mar 4, 2010 at 12:53 PM, wrote: > I noticed the mailing list archives seem to have different levels of content > or maybe search mechanism (more found in gmane than monkey.org). What do > people think is the best one, the danger being that one could possibly get > overloaded, if mentioned here. > > KeV > > -- http://www.openbsd.org/lyrics.html
Re: -current or -stable [was: Not another Browser Question]
I had read the faq many times before asking the question. I admit not just beforehand. I wasn't specific enough about my thought processes and asked too many questions at once, but thanks for all the insights. I've decided to use release when available and switch to current as needed. Out of interest how many members of the OpenBSD crew constantly track current. Do you mainly do that on testing and development machines? Do you watch for commits and merge those changes into /etc or keep userland close to current and occassionally sync /etc or update everything every few days, weeks or months and have a per system tailored update script that maybe uses sysmerge. The faq mentions flag days. I realise that snapshots would avoid this problem, but if I wanted to build a kernel. How would I check if today is a flag day. Thanks KeV
Re: FWIW Current snapshot Apache/PHP buggy
Robert wrote: On Wed, 03 Mar 2010 17:37:23 -0600 Vijay Sankar wrote: I have problems running Horde on 4.7 -beta i386. The /var/www/tmp directory gets filled with sess_ files and there is no output on any of the frames. 4.7-beta is not very precise, date of snapshot build or cvs checkoutwould help. There has been an ABI change for apache. I am using the following packages php5-core-5.2.12server-side HTML-embedded scripting language Because of the changes to apache, you need recompiled packages/modules. The php5 port is at p1. So my guess is that that's the problem you are hitting. i386 packages on ftp.openbsd.org are dated 1st of march, those should be new enough to work with -current apache. (Check if your mirror has that package build.) - Robert Thanks very much. I had built the kernel and binaries on the weekend kern.version= OpenBSD 4.7-beta (GENERIC.MP) #7: Sat Feb 27 16:28:09 CST 2010 r...@i386.sankars.local:/usr/src/sys/arch/i386/compile/GENERIC.MP from CVS checkout at 2:30PM CST that day. In /var/www/logs/access_log, I get 10.0.0.111 - - [03/Mar/2010:21:51:46 -0600] "GET /horde/login.php?url=%2Fpost%2Fservices%2Fportal%2Fsi debar.php&nosidebar=1&horde_logout_token=NtFW8jojbT7M0QYrK5BxOsfqqTA&app=horde HTTP/1.1" 200 363 when trying to set up horde (the logout_token is different in each log entry) and there are lots of sess_ files. Just in case I had made mistakes building binaries or had screwed up somehow, I did the following. I set up a VM guest (qemu running on my OpenBSD 4.6 -stable desktop), downloaded install47.iso, php5-core, postgresql-server, horde, etc., from i386 snapshots last night (from ftp.ca.openbsd.org and had the same results. Not sure whether a new physical machine to repeat the test is the right way to go. There are no errors in error_log, ssl_engine_log, and ssl_request_log. I tried configuration with http as well as https (self-signed cert) So I am not sure what is the right step to take to get Horde working. Thanks again, Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
multipath and route-to
Hi all, is there a way to force a route in pf, with route-to, on a machine that have multipath routing enabled ? I'm trying to configure a gateway with multipath routing with the possibility of assigning a fixed route for some clients. I can't find a way but to disable ecmp and do all the work with pf. Can you give me some hints ? Thanks Leonardo
Best Mail Archive
I noticed the mailing list archives seem to have different levels of content or maybe search mechanism (more found in gmane than monkey.org). What do people think is the best one, the danger being that one could possibly get overloaded, if mentioned here. KeV
Re: Filtering based on MAC adress
I work on two ideas, The first is to bridge gif0 and int_if and nat gif0 and ext_if. The second is to find a tricke in order to filter mac on bridge and tag. Could you help me to find a solution preferably for the second one which I can't figure out how to implement. Thanks & regards Le Mercredi 03 Mars 2010 22:39:59, Jean-Francois a icrit : > Thank you for your help in understanding. > > I want to configure a NAT between int_if and ext_if and filter based on MAC > address. > > I was going to proceed as follows, but after reading bridge(4) man page I > understand that the following won't work. > > If the bridge0 has only one member, int_if, it will never accept the > packets but broadcast, in this case it will not tag them either. > > Is it correct and how to proceed in that case ? > I would like to tag packets based on their MAC address. > > re0 : int_if > sis0 : ext_if > > nat on ext_if from int_if -> ext_if > > int_if member of bridge0 > > brconfig bridge0 rule pass in on re0 src 1:2:3:4:5:6 tag allowed > > Regards.
Error in make release
Hello list, since weeks I am trying to do a "make release" on the stable branch on different platforms (all i386). I running always into the same issue. Searching the web didn't provide an answer that fits into my issue. Here the final part of my console output: /usr/mdec/installboot -v /mnt/boot /usr/dest/usr/mdec/biosboot /dev/rsvnd0c boot: /mnt/boot proto: /usr/dest/usr/mdec/biosboot device: /dev/rsvnd0c /mnt/boot is 11 blocks x 4096 bytes fs block shift 0; part offset 0; inode block 56, offset 936 Filesystem 512-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/svnd0a 5695 5215 48092% 3 27 10% /mnt umount /mnt vnconfig -u svnd0 cp /var/tmp/image.1267 cdrom46.fs rm /var/tmp/image.1267 ===> i386/ramdiskA awk -f /usr/src/distrib/i386/ramdiskA/../../miniroot/makeconf.awk CBIN=instbin /usr/src/distrib/i386/ramdiskA/../common/list > instbin.conf crunchgen -E -D /usr/src -L /usr/dest/usr/lib -c instbin.c -e instbin -m instbin.mk instbin.conf instbin.conf: restore: warning: could not find any .o files. instbin.conf: restore: error: no objpaths specified or calculated. instbin.conf: ed: warning: could not find any .o files. instbin.conf: ed: error: no objpaths specified or calculated. instbin.conf: mt: warning: could not find any .o files. instbin.conf: mt: error: no objpaths specified or calculated. instbin.conf: restore: ignoring program because of errors. instbin.conf: ed: ignoring program because of errors. instbin.conf: mt: ignoring program because of errors. Run "make -f instbin.mk objs exe" to build crunched binary. *** Error code 1 Stop in /usr/src/distrib/i386/ramdiskA (line 110 of /usr/src/distrib/i386/ramdiskA/../common/Makefile.inc). *** Error code 1 Stop in /usr/src/distrib/i386 (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/src/distrib (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/src/etc (line 289 of Makefile). --- I have no clue why there are no .o files for the mentioned modules. I habe successful built the kernel and userland. I followed the instruction on http://www.openbsd.org/faq/faq5.html I had built releases in the past - last one was 4.4 - so I am not completely new on this. But anyhow I need some hints from you. Thanks a lot in advance Jochen
NewsLetter clés en main : 9,90 Euros
Newsletter Information
Re: How to create an installation image of OpenBSD for a USB stick?
On Thu, 4 Mar 2010, Ilya Ilembitov wrote: Hi, all. I have a pretty tricky challenge before me. My main (and only) machine is a Lenovo Thinkpad X200s. The problem is that it doesn't have an optical drive. Second problem is that I live in a dorn, so I only have access to wireless connection, not wired. And I want to install OpenBSD to a laptop that is currently running Debian Linux. With Thinkpad, the following has never dissapointed me: dd if=floppy47.fs of=/dev/rsd0c (or whatever your USB flashdrive is) and then just boot off it. This procedure either works or not with machines from other manufacturers, but if a Thinkpad is your only concern, it's damn quick. In fact, I haven't tried it with recent Lenovo branded Thinkpads, but I hope they didn't change the BIOS to worse. You have to try. If the RAMDISK kernel won't give you a working network driver, copy the installation sets to another USB flashdrive (or even the same, you won't need it after the boot), mount it and install. Regards, David
Re: How to create an installation image of OpenBSD for a USB stick?
On Thu, 4 Mar 2010, David Vasek wrote: On Thu, 4 Mar 2010, Ilya Ilembitov wrote: Hi, all. I have a pretty tricky challenge before me. My main (and only) machine is a Lenovo Thinkpad X200s. The problem is that it doesn't have an optical drive. Second problem is that I live in a dorn, so I only have access to wireless connection, not wired. And I want to install OpenBSD to a laptop that is currently running Debian Linux. With Thinkpad, the following has never dissapointed me: dd if=floppy47.fs of=/dev/rsd0c (or whatever your USB flashdrive is) Of course, it should be obvious, but with Debian Linux use an appropriate device for of=. It should be /dev/sda if they didn't change their mind recently. Regards, David
Re: How to create an installation image of OpenBSD for a USB stick?
On 2010-3-4 12:22 AM, Ilya Ilembitov wrote: > ...Second problem is that I live in a dorn, so I only have access to > wireless connection, not wired. And I want to install OpenBSD to a > laptop that is currently running Debian Linux. What you are trying to do turns out to be so easy that there's no need to write it up. It turns out that Nick's answer will help you: 1) Use a friend's computer to burn the OpenBSD installation CD, on Debian see wodim or k3b for burning. 2) Boot the CD install the set bsd.rd onto the USB stick, 3) Then if you will have no network until you are done, also copy the sets over to the USB stick and maybe a few packages. 4) Carry the stick over to your computer and boot it, at the boot loader tell it to use /bsd.rd [1] If neither you or your friend are able or willing to burn a CD, install qemu or Virtual Box and boot the installation cd image using that, but like with the steps Nick outlined, install to the USB stick. > Googling didn't give me any proper answer. Turns out, There's one of the biggest problems with the search engines: crap makes noise, noise makes a lot of hits in the search results. And then people confuse high profile or common with good or useful. There's also the Microsoft Effect to contend with: the idea that all computer technology is difficult and unreliable. Not true. But the OpenBSD documentation does take getting used to: it is thorough and very useful. Later you can install grub on your USB stick, make a lot of partitions and have installation sets for different architectures or distros. /Lars [1] You can set the stick (or any other storage medium) to boot a specific kernel by configuring /etc/boot.cfg to point to the image. e.g. set image /bsd.rd If you are doing a serial console installation then add in your settings there, too.
Re: OpenBSD and DSCP field
On Thu, Mar 04, 2010 at 01:11:22AM +0200, Claudiu Pruna wrote: > Hello, > > I was wondering is there any chance that in the future (close or far) > OpenBSD shall be able to modify (preferred from pf) the DSCP field ? > Did you read pf.conf(5)? tos | This rule applies to packets with the specified TOS bits set. string may be one of critical, inetcontrol, lowdelay, netcontrol, throughput, reliability, or one of the DiffServ Code Points: ef, af11 ... af43, cs0 ... cs7; number may be either a hex or decimal number. For example, the following rules are identical: pass all tos lowdelay pass all tos 0x10 pass all tos 16 IIRC this was already available in 4.6. -- :wq Claudio
