CARP technical paper
Hi OpenBSD Team, My request goes for a tech paper with specifications for the CARP protocol, just like a RFC. I Google 'd quite a long time with no luck. Wish you could help with this. Greetings, Steven Moncayo.
Coaching y Multihabilidades de Supervision
Coaching y Multihabilidades de Supervisisn El Nuevo concepto de Coaching y Multihabilidades le ayudara a mejorar y aumentar notablemente su capacidad de trabajo, le brindara las ticnicas mas modernas y efectivas que usted necesita para destacar en su organizacisn. Entre los temas a tratar, se incluyen: . ?Csmo se transforma un Supervisor en un Coach - Multihabilidades? . Mitodos practicos para planear, organizar y controlar su trabajo y el de sus colaboradores. . ?Cuando y csmo delegar y facultar a sus colaboradores? . Establecer una cultura de previsisn, eficiencia y proactividad hacia la solucisn de problemas. . Ticnicas avanzadas para medir el trabajo, controlar la eficiencia y rendimiento de la mano de obra. . ?Csmo administrar y distribuir mejor las cargas de trabajo? - Estandares de tiempo. Programado en: Mixico, D.F. 11 de agosto Guadalajara 19 de agosto Monterrey 26 de agosto Requiere un folleto GRATUITO con mas informacisn? Responda este correo con los siguientes datos: Empresa: Nombre: Puesto: Tel: ( ) E-mail: misc@openbsd.org Fecha de interis: ( ) Mixico, D.F - ( ) Guadalajara - ( ) Monterrey o Llame a nuestra lada sin costo: 01 800 250 10 20 Q U A L I T Y T R A I N I N G D E M E X I C O Si no desea mas informacisn de nuestra compaqma, responda con el asunto znointeres
Re: pf synproxy
On Wed, Jul 28, 2010 at 07:59:20PM -0700, Justin wrote: >Confirmed - synproxy works great if the synproxy machine is the > default gateway for the end host. Yes, PF has to handle every packet of a synproxy'd connection. > Sadly this means scalability (adding multiple synproxy boxes) is not > possible, nor is it possible to filter a specific IP out of the end > machines ranges. It's not clear what you mean by either of these statements. >Perhaps I'm shooting for the moon here - but shouldn't it be > possible to have a machine validate a remote host to be real and > then create a state to simply permit all traffic from it to pass > without additional filtering? Thus no breaking of packets and > allowing the remote host to respond directly? I don't think it is possible to do what you want. Once you have completed the 3-way handshake and negotiated a set of sequence numbers to use for the connection, there is no way to simply dump the established connection on another box that knows nothing about it. synproxy works by completing the 3-way handshake with the source first, then negotiating a separate 3-way handshake with the client. Because the negotiations are separate and the two endpoints have no direct knowlege of each other, there sequence numbers negotiated are different. PF handles translation between the different sets of sequence numbers, and has to be man-in-the middle for every packet on the connection in order to do this translation.
Re: macppc: firefox 3.6.8 crashing (same as 3.6.7)
On Thu, Jul 29, 2010 at 3:42 AM, patrick keshishian wrote: > FF 3.6.7 was crashing as reported by Dawe and me[1] same as X (from > snapshots and built from source). Rebuilding xenocara from source with > debug got X working (don't know why). > > I tried building FF 3.6.8 and it too is crashing with signal 11. I > built FF 3.6.8 with DEBUG="-g -O0" hoping to at least get a backtrace > out of the core, but evidently the resulting binary is stripped[2] > (brilliant!). > > Question: I'm about to rebuild this monster again on my slow ibook. > how do I prevent it from being stripped? > > Google finds me "--disable-install-strip", but does our port > infrastructure provide a more uniform way of handling this across all > (or most) ports? DEBUG="-g -O0" INSTALL_STRIP= make clean repackage reinstall Ciao, David
El Planeador Maestro de Produccion Altamente Competitivo
El Planeador Maestro de ProducciC3n Altamente Competitivo - TC)cnicas, Habilidades y Herramientas de Excelencia ConviC)rtase en un verdadero "Mariscal de Campo" organizando, integrando y coordinando de manera inteligente los esfuerzos de las C!reas que forman parte del negocio manufacturero (ventas, producciC3n, control de inventarios, almacenes, compras, control de calidad, ingenierCa, etc.) y diseC1e el modelo de PlaneaciC3n Maestra que se ajuste perfectamente a su organizaciC3n, considerando la estructura de su producto, el tipo de proceso, las polCticas de servicio a clientes, su estrategia de manufactura, polCticas de inventarios, de utilizaciC3n de gente y equipos, logrando asC: - Asegurar la satisfacciC3n de sus clientes con embarques en tiempo y forma, sin el estrC)s, la presiC3n y los costos extra que implica una programaciC3n deficiente - B!Planear el futuro y no padecer el presente! -Aprovechar de la manera mC!s C3ptima sus recursos productivos (gente, mC!quinas, equipos, materiales) sin que le afecten los cambios abruptos que haya en la demanda de sus productos. -Controlar los niveles de inventario en proceso, alimentando los materiales a la planta de acuerdo al plan de fabricaciC3n y a los pedidos y pronC3sticos de demanda de sus productos. -El diseC1o de estrategias que le permitan disminuir los pedidos atrasados (backorder) hasta ponerse al corriente. -Eliminar las quejas constantes de las C!reas financieras por altos costos de operaciC3n (mantenimiento de inventarios, gastos por fletes urgentes, tiempo extra desmedido, pago de penalizaciones a clientes insatisfechos, costos de calidad, etc.). -La C3ptima utilizaciC3n de la capacidad de planta, considerando el tamaC1o de la demanda, perCodos estacionales, paros por mantenimiento, inventarios de anticipaciC3n, utilizaciC3n de maquiladores, rotaciC3n de personal, entre otros. -CC3mo sacar el mC!ximo provecho del costoso ERP de su empresa, utilizando las bondades del mC3dulo de PlaneaciC3n Maestra (Master Scheduling). Programado en: Guadalajara 11 de agosto Monterrey 18 de agosto MC)xico, D.F. 20 de agosto Si desea recibir un folleto GRATUITO sobre este seminario, Responda este correo con los siguientes datos: Empresa: Nombre: Puesto: Tel: ( ) E-mail: misc@openbsd.org Fecha de interC)s: ( ) Guadalajara - ( ) Monterrey b ( ) MC)xico, D.F. o Llame a nuestra lada sin costo: 01 800 250 10 20 Q U A L I T Y T R A I N I N G D E M E X I C O Para cancelar su suscripciC3n haga reply con el asunto omitir08
Re: pf synproxy
Confirmed - synproxy works great if the synproxy machine is the default gateway for the end host. Sadly this means scalability (adding multiple synproxy boxes) is not possible, nor is it possible to filter a specific IP out of the end machines ranges. Perhaps I'm shooting for the moon here - but shouldn't it be possible to have a machine validate a remote host to be real and then create a state to simply permit all traffic from it to pass without additional filtering? Thus no breaking of packets and allowing the remote host to respond directly? On 7/28/2010 2:01 PM, Justin wrote: Ahh. That explains it then. I was operating under the assumption that the machine doing the synproxy would forge the reply such that the TARGET host would reply to the synproxy box, not its default gateway. As in 1.2.3.4 request to client 5.5.5.5 via -> 2.3.4.5, forged 2.3.4.5 request to 5.5.5.5, 5.5.5.5 replies to 2.3.4.5, 2.3.4.5 no long proxies state and allows 1.2.3.4 and 5.5.5.5 to talk to each other directly. The topology is as such: internet - switch -> em0 | pf | em1 -> switch -> client \--/ So the clients default gateway out is the switch, which doesn't send all traffic back over the PF machine. From what you've described, the PF synproxy box would literally have to be inline and the default gateway. internet - em0 | pf | em1 -> client Is this the case?
Re: PF synproxy - never worked?
This removes any chance of scalability or the ability to separate out single targeted IP addresses. I suppose the synproxy machine would have to in some way act as NAT - translating between the two - or alternately, act as a NAT to establish an initial session, then insert a state to pass all traffic between both ends without additional inspection or proxying... perhaps some sort of validation then push back... I just can't see how to impliment it with existing stuff... On 7/28/2010 6:24 PM, Denis Doroshenko wrote: On 7/29/10, Justin wrote: I got a reply on the FreeBSD lists suggesting the firewall itself -had- to be the default gateway for the client; Ahh. That explains it then. I was operating under the assumption that the machine doing the synproxy would forge the reply such that the TARGET host would reply to the synproxy box, not its default gateway. As in 1.2.3.4 request to client 5.5.5.5 via -> 2.3.4.5, forged 2.3.4.5 request to 5.5.5.5, 5.5.5.5 replies to 2.3.4.5, 2.3.4.5 no long proxies state and allows 1.2.3.4 and 5.5.5.5 to talk to each other directly. how could it be done within the same TCP connection? a TCP connection is identified with two addresses and two ports. if the handshake is done off 2.3.4.5, how can the connection go on aftewards off 1.2.3.4? the connection should be proxied then till the end, and 5.5.5.5 will never know who was the real originator of the connection. obviously, for 5.5.5.5 to be able to answer to 1.2.3.4, the firewall doing the synproxying should be the gateway. sounds logical.
Re: Boot hang on 4.7/sparc64
On Wed, Jul 28, 2010 at 2:43 AM, Fred Crowson wrote: > On 28 July 2010 06:57, Nathan Sandver wrote: >> >> The swap partition I created at wd1b is correctly listed in /etc/fstab: >> # cat /mnt/etc/fstab >> /dev/wd1b none swap sw 0 0 >> /dev/wd0a / ffs rw 1 1 >> /dev/wd1a /usr ffs rw,nodev 1 2 >> > > What happens when you remove the wd1b line from fstab? Exactly the same thing. The system hangs at the same point, with the same message (dmesg output below). Rebooting with command: boot Boot device: disk File and args: OpenBSD IEEE 1275 Bootblock 1.3 ..>> OpenBSD BOOT 1.3 Trying bsd... Booting /p...@1f,0/p...@1,1/i...@3/d...@0,0:a/bsd 6372...@0x100+616@0x1613d98+190...@0x180+4004176@0x182e6b0 symbols @ 0xfef642c0 81+390912+244649 start=0x100 [ using 636360 bytes of bsd ELF symbol table ] console is /p...@1f,0/p...@1,1/e...@1/s...@14,40:b Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2010 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.7 (GENERIC) #258: Wed Mar 17 23:40:34 MDT 2010 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC real mem = 134217728 (128MB) avail mem = 115802112 (110MB) mainbus0 at root: Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 360MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi (rev 9.1) @ 360 MHz cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 256K external (64 b/l) psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0 psycho0: bus range 0-2, PCI bus 0 psycho0: dvma map c000-dfff pci0 at psycho0 ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power0 at ebus0 addr 724000-724003 ivec 0x25 "SUNW,pll" at ebus0 addr 504000-504002 not configured sab0 at ebus0 addr 40-40007f ivec 0x2b: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1: console comkbd0 at ebus0 addr 3083f8-3083ff ivec 0x29: no keyboard comms0 at ebus0 addr 3062f8-3062ff ivec 0x2a wsmouse0 at comms0 mux 0 lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ivec 0x22: polled clock1 at ebus0 addr 0-1fff: mk48t59 "flashprom" at ebus0 addr 0-f not configured audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ivec 0x23 ivec 0x24: nvaddrs 0 audio0 at audioce0 hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address 08:00:20:d1:7e:f8 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 machfb0 at pci1 dev 2 function 0 "ATI Mach64" rev 0x5c machfb0: ATY,GT-C, 1152x900 wsdisplay0 at machfb0 mux 1 wsdisplay0: screen 0 added (std, sun emulation) pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x7e0 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: wd0: 4-sector PIO, LBA, 489MB, 1001952 sectors wd1 at pciide0 channel 0 drive 1: wd1: 32-sector PIO, LBA, 4112MB, 8421840 sectors wd0(pciide0:0:0): using PIO mode 4 wd1(pciide0:0:1): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13 pci2 at ppb1 bus 2 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root bootpath: /p...@1f,0/p...@1,1/i...@3,0/d...@0,0 root on wd0a swap on wd0b dump on wd0b -- Nathan Sandver
macppc: firefox 3.6.8 crashing (same as 3.6.7)
FF 3.6.7 was crashing as reported by Dawe and me[1] same as X (from snapshots and built from source). Rebuilding xenocara from source with debug got X working (don't know why). I tried building FF 3.6.8 and it too is crashing with signal 11. I built FF 3.6.8 with DEBUG="-g -O0" hoping to at least get a backtrace out of the core, but evidently the resulting binary is stripped[2] (brilliant!). Question: I'm about to rebuild this monster again on my slow ibook. how do I prevent it from being stripped? Google finds me "--disable-install-strip", but does our port infrastructure provide a more uniform way of handling this across all (or most) ports? Also, what's the idea behind 'make repackage' deleting every dependency package from /usr/ports/packages/ directory? This seems quite insane, especially when those packages aren't rebuilt (although, the latter is besides the point)? I don't know how to express my frustration over this, when the dependency packages (python, gtk+, etc. etc.) took 6+ hours to build and now they are fucking gone. --patrick [1] http://marc.info/?l=openbsd-misc&m=128002243807124&w=2 [2] $ gdb /usr/local/mozilla-firefox/firefox-bin firefox-bin.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "powerpc-unknown-openbsd4.7"... (no debugging symbols found) Core was generated by `firefox-bin'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/mozilla-firefox/libxul.so.22.0...done. Loaded symbols for /usr/local/mozilla-firefox/libxul.so.22.0 Reading symbols from /usr/local/mozilla-firefox/libmozjs.so.22.0...done. Loaded symbols for /usr/local/mozilla-firefox/libmozjs.so.22.0 Reading symbols from /usr/local/mozilla-firefox/libxpcom.so.22.0...done. Loaded symbols for /usr/local/mozilla-firefox/libxpcom.so.22.0 Reading symbols from /usr/local/lib/libplds4.so.21.0...done. Loaded symbols for /usr/local/lib/libplds4.so.21.0 Reading symbols from /usr/local/lib/libplc4.so.21.0...done. Loaded symbols for /usr/local/lib/libplc4.so.21.0 Reading symbols from /usr/local/lib/libnspr4.so.21.0...done. Loaded symbols for /usr/local/lib/libnspr4.so.21.0 Reading symbols from /usr/local/lib/libgtk-x11-2.0.so.1403.0...done. Loaded symbols for /usr/local/lib/libgtk-x11-2.0.so.1403.0 Reading symbols from /usr/local/lib/libatk-1.0.so.2800.0...done. Loaded symbols for /usr/local/lib/libatk-1.0.so.2800.0 Reading symbols from /usr/local/lib/libgdk-x11-2.0.so.1403.0...done. Loaded symbols for /usr/local/lib/libgdk-x11-2.0.so.1403.0 Reading symbols from /usr/local/lib/libgdk_pixbuf-2.0.so.1403.0...done. Loaded symbols for /usr/local/lib/libgdk_pixbuf-2.0.so.1403.0 Reading symbols from /usr/local/lib/libpangocairo-1.0.so.1802.0...done. Loaded symbols for /usr/local/lib/libpangocairo-1.0.so.1802.0 Reading symbols from /usr/local/lib/libpangoft2-1.0.so.1802.0...done. Loaded symbols for /usr/local/lib/libpangoft2-1.0.so.1802.0 Reading symbols from /usr/local/lib/libpango-1.0.so.1802.0...done. Loaded symbols for /usr/local/lib/libpango-1.0.so.1802.0 Reading symbols from /usr/local/lib/libgio-2.0.so.1803.0...done. Loaded symbols for /usr/local/lib/libgio-2.0.so.1803.0 Reading symbols from /usr/local/lib/libgobject-2.0.so.1803.0...done. Loaded symbols for /usr/local/lib/libgobject-2.0.so.1803.0 Reading symbols from /usr/local/lib/libgthread-2.0.so.1803.0...done. Loaded symbols for /usr/local/lib/libgthread-2.0.so.1803.0 Reading symbols from /usr/local/lib/libgmodule-2.0.so.1803.0...done. Loaded symbols for /usr/local/lib/libgmodule-2.0.so.1803.0 Reading symbols from /usr/local/lib/libglib-2.0.so.1803.0...done. Loaded symbols for /usr/local/lib/libglib-2.0.so.1803.0 Reading symbols from /usr/local/lib/libintl.so.5.0...done. Loaded symbols for /usr/local/lib/libintl.so.5.0 Reading symbols from /usr/local/lib/libiconv.so.6.0...done. Loaded symbols for /usr/local/lib/libiconv.so.6.0 Reading symbols from /usr/X11R6/lib/libXinerama.so.5.0...done. Loaded symbols for /usr/X11R6/lib/libXinerama.so.5.0 Reading symbols from /usr/X11R6/lib/libXi.so.11.0...done. Loaded symbols for /usr/X11R6/lib/libXi.so.11.0 Reading symbols from /usr/X11R6/lib/libXrandr.so.6.1...done. Loaded symbols for /usr/X11R6/lib/libXrandr.so.6.1 Reading symbols from /usr/X11R6/lib/libXcursor.so.4.0...done. Loaded symbols for /usr/X11R6/lib/libXcursor.so.4.0 Reading symbols from /usr/X11R6/lib/libXcomposite.so.3.0...done. Loaded symbols for /usr/X11R6/lib/libXcomposite.so.3.0 Reading symbols from /usr/X11R6/lib/libXext.so.11.0...done. Loaded symbols for /usr/X11R6/lib/libXext.so.11.0 Reading symbols from /usr/X11R6/lib/libXdamage.so.3.1...done. Loaded symbols for /usr/X11R6/lib/libXdamage.so.3.1 Reading symbols from /us
Re: PF synproxy - never worked?
On 7/29/10, Justin wrote: > I got a reply on the FreeBSD lists suggesting the firewall itself -had- to > be the default gateway for the client; > > Ahh. That explains it then. I was operating under the assumption that the > machine doing the synproxy would forge the reply such that the TARGET host > would reply to the synproxy box, not its default gateway. > > As in 1.2.3.4 request to client 5.5.5.5 via -> 2.3.4.5, forged 2.3.4.5 > request to 5.5.5.5, 5.5.5.5 replies to 2.3.4.5, 2.3.4.5 no long proxies > state and allows 1.2.3.4 and 5.5.5.5 to talk to each other directly. how could it be done within the same TCP connection? a TCP connection is identified with two addresses and two ports. if the handshake is done off 2.3.4.5, how can the connection go on aftewards off 1.2.3.4? the connection should be proxied then till the end, and 5.5.5.5 will never know who was the real originator of the connection. obviously, for 5.5.5.5 to be able to answer to 1.2.3.4, the firewall doing the synproxying should be the gateway. sounds logical.
Re: PF synproxy - never worked?
I got a reply on the FreeBSD lists suggesting the firewall itself -had- to be the default gateway for the client; Ahh. That explains it then. I was operating under the assumption that the machine doing the synproxy would forge the reply such that the TARGET host would reply to the synproxy box, not its default gateway. As in 1.2.3.4 request to client 5.5.5.5 via -> 2.3.4.5, forged 2.3.4.5 request to 5.5.5.5, 5.5.5.5 replies to 2.3.4.5, 2.3.4.5 no long proxies state and allows 1.2.3.4 and 5.5.5.5 to talk to each other directly. The topology is as such: internet - switch -> em0 | pf | em1 -> switch -> client \--/ So the clients default gateway out is the switch, which doesn't send all traffic back over the PF machine. From what you've described, the PF synproxy box would literally have to be inline and the default gateway. internet - em0 | pf | em1 -> client Is this the case? Would it not be possible to add this functionality in some way? On 7/28/2010 11:42 AM, Justin wrote: Well, only one interface is set to be a default gateway out, the other has an IP with no gateway, but a manual route entry for how to reach the client machine. I've also tried applying the synproxy rules on the interface facing the client heading outbound to no avail. On 7/28/2010 5:26 AM, Tom Murphy wrote: Synproxy only appears to work on the interface with the default gateway (egress). I could never make it work on a firewall with more than 1 external interface properly. I don't know if this is a bug or by design. Tom
Re: HP laptops again
On Mon, 26 Jul 2010 12:52:35 -0500 Marco Peereboom wrote: > I am 25% there with pledges. So if you are interested in getting > these 2 bugs fixed send me an email with the pledge amount. I won't > accept cash until we have enough to actually order machines. 150 USD sent. Thank you very much for you time to help us solving this issues. jirib
Re: HP laptops again
Quoting "Peter N. M. Hansteen" : > Jan Stary writes: > > >> Actually a test with up to the second -current would be helpful to > get a > >> baseline where we are at with this machine. > > > > What is the "second -current"? > > "up to the second" -- as fresh as physically possible That's what hyphens are for - so "up-to-the-second" would show that the words are related. > > - p > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: zyd fails to associate with a network
| Thanks! | | While it's not a valid workaround, I've set my router up to long slot, | so my issue is resolved. | | Still, could You please tell me where can I find that info without | disturbing developpers and mailing list memebers? In the IEEE 802.11 standard or in /usr/src/sys/net80211/ieee80211.h or /usr/include/net80211/ieee80211.h Damien
Re: zyd fails to associate with a network
damien.bergam...@free.fr wrote: > Status 25 is IEEE80211_STATUS_SHORTSLOT_REQUIRED. > It means that the access point refuses association from > clients that do not support short slot time. Thanks! While it's not a valid workaround, I've set my router up to long slot, so my issue is resolved. Still, could You please tell me where can I find that info without disturbing developpers and mailing list memebers? -- Dmitrij D. Czarkoff
Re: HP laptops again
On Jul 28 23:06:48, Peter N. M. Hansteen wrote: > Jan Stary writes: > > >> Actually a test with up to the second -current would be helpful to get a > >> baseline where we are at with this machine. > > > > What is the "second -current"? > > "up to the second" -- as fresh as physically possible aaargh, sorri me not gut english.
Re: HP laptops again
On Wed, Jul 28, 2010 at 4:36 PM, Jan Stary wrote: >> Actually a test with up to the second -current would be helpful to get a >> baseline where we are at with this machine. > > What is the "second -current"? -current that is current as of this second.
Re: HP laptops again
Jan Stary writes: >> Actually a test with up to the second -current would be helpful to get a >> baseline where we are at with this machine. > > What is the "second -current"? "up to the second" -- as fresh as physically possible - p -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: HP laptops again
On Jul 28 11:07:08, Marco Peereboom wrote: > On Wed, Jul 28, 2010 at 05:45:14PM +0200, Jan Stary wrote: > > > On Mon, Jul 26, 2010 at 12:52:35PM -0500, Marco Peereboom wrote: > > > > I have got a few pledges for hp laptops. I have gotten good (as in bad) > > > > test reports of the following models that fail one way or another: > > > > * HP eb8730w > > > > * HP nw9440 > > > > * HP Mini 5102 > > > > * HP 530 > > > > While I cannot donate my HP eb8530w (NB: 8530, not 8730), > > I would at least like to provide a good (=bad) test report. > > Actually a test with up to the second -current would be helpful to get a > baseline where we are at with this machine. What is the "second -current"? I have just seen the very current bsd.rd (from ftp.openbsd.org) segfault on me during the fdisk stage of an install. (This has happened sooner today on another machine, too.) So I have used the 4.7/i386/bsd.rd to install -current, ignoring the checksum missmatches. > Then mail me acpidump -o hp8350 results + dmesg + pcidump -v The acpidump is at http://stare.cz/~hans/.tmp/hp8530w.tar and the dmesg and pcidump -v is below. (1) Right after the first (re)boot, the system gets shut down because of "critical temperature": acpitz2: Critical temperature 4989C (52624K), shutting down A workaround that works for me is to simply 'disable acpitz' in UKC. (2) 'apmd -C' works OK: the CPU scales appropriately based on load; the battery status is reported correctly; the monitor dims/brightens when AC is plugged out/in. (3) 'apm -S' puts the machine to standby; everything goes black, just the power button's led starts blinking. After pressing the power button everything comes back up, including the network connections (of em0; don't know about iwn0, I am not in a reach of a wifi network right now; will test tomorrow). One exception is the monitor: it is still dark; I can log in remotely though, bring my tmux sessions back up etc. The tmux sessions come back up with the windows reduced (as happens in a larger xterm when the same session is still open with smaller 80x25 windows elsewhere). I was at the console when I issued 'apm -S', X was not running. If it makes any difference, I issued the 'apm -S' from within root's tmux session. According to my cheap wattmeter, the power consumption drops from about 30W to 0 during the standby mode, and comes back up to 23W (the difference being the monitor not comming back up?). (4) 'apm -z' suspends the machine. On the outside the behaviour is just like (3), incluing the monitor not comming back up. (not that I really understand the exact differences of what apm -S / apm -z is supposed to do). (5) Both (3) and (4) behave the same on AC and on battery. (6) apm -S worked with both closed and open lid. (7) apm -z worked with the lid open; with the lid closed, it worked more then once and failed more then once. Actually, it *sometimes* happens that the machine does not boot - the LEDs turn on, but the monitor does not, and nothing else happens. I have seen this even before trying suspend, just on normal boots in the last months. Now this seems to be the same state into which the machine gets after an unsuccesfull suspend/resume - it almost reboots, but not really. I have not been able to detect any pattern of when this happens. (8) *Sometimes* the machine boots fully, but then I cannot type my login; when this happens, then also the sound and wifi hardware "icons" do not work. As if the whole keyboard was not there. I haven't detected any pattern in this either. Please let me knoe of what more I should test. Thank you very much for you efforts! Jan dmesg of a boot that ends with a shutdown due to "critical temperature": Jul 28 21:07:34 hp syslogd: start Jul 28 21:07:34 hp /bsd: OpenBSD 4.8-beta (GENERIC.MP) #282: Tue Jul 27 14:43:59 MDT 2010 Jul 28 21:07:34 hp /bsd: dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP Jul 28 21:07:34 hp /bsd: RTC BIOS diagnostic error bb Jul 28 21:07:34 hp /bsd: cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz ("GenuineIntel" 686-class) 2.53 GHz Jul 28 21:07:34 hp /bsd: cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1 Jul 28 21:07:34 hp /bsd: real mem = 2125561856 (2027MB) Jul 28 21:07:34 hp /bsd: avail mem = 2080784384 (1984MB) Jul 28 21:07:34 hp /bsd: mainbus0 at root Jul 28 21:07:34 hp /bsd: bios0 at mainbus0: AT/286+ BIOS, date 11/10/08, SMBIOS rev. 2.4 @ 0x7edc4000 (21 entries) Jul 28 21:07:34 hp /bsd: bios0: vendor Hewlett-Packard version "68PDV Ver. F.06" date 12/15/2008 Jul 28 21:07:34 hp /bsd: bios0: Hewlett-Packard HP EliteBook 8530w Jul 28 21:07:34 hp /bsd: acpi0 at bios0: rev 2 Jul 28 21:07:34 hp /bsd: acpi0: tables DSDT FACP HPET APIC MCFG TCPA SSDT SLIC SSDT DMAR ASF! SSDT SSDT SSDT Jul 28 21:07:34 hp /bsd: acpi0: wakeup devices
misc@openbsd.org a project worth $22.7M for you. Contact me for information
Contact me for information
Re: zyd fails to associate with a network
| So now I know that that: | | 1. the association fails with status 25; | 2. the drivers actively sends free-roaming requests during | asssociation | process while is requested to connect an exact network. | | Where can I read what is "association failed (status 25)" and | "deauthenticate (reason 3)"? Does anyone know what the problem is? Status 25 is IEEE80211_STATUS_SHORTSLOT_REQUIRED. It means that the access point refuses association from clients that do not support short slot time. zyd(4) does not have the IEEE80211_C_SHSLOT capability. I'll try to see what is required to support that functionnality. I suggest you submit a PR with sendbug so it does not get lost. Damien
Re: UTF-8 (was: Re: CVS: cvs.openbsd.org: src)
Christian Weisgerber wrote: > == xterm == What doesn't work: UTF-8 mode is incompatible with 8-bit control sequences. If that doesn't ring a bell for you, then you don't need to worry about it. ;-) I only noticed because the RMC on my AlphaServer 800 inserts 8-bit controls to set bold and blink attributes in its status output. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: zyd fails to associate with a network
damien.bergam...@free.fr wrote: > "ifconfig zyd0 debug" is usually a good start. Thanks. Actually, I didn't get anything I believe to be helpful. So, my steps were: # ifconfig zyd0 debug # ifconfig zyd0 up # ifconfig zyd0 scan zyd0: flags=8847 mtu 1500 lladdr 00:18:6e:35:fd:7f priority: 4 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid "" 100dBm nwid STREAM-15 chan 6 bssid 00:13:33:8a:03:bf 142dB 54M privacy,short_slottime nwid TheTail chan 6 bssid 00:14:d1:59:16:d3 143dB 54M privacy,short_preamble,short_slottime nwid TP-LINK chan 6 bssid 00:1d:0f:f3:1e:5b 156dB 54M privacy,short_preamble,short_slottime nwid kusso chan 6 bssid 00:1e:58:b8:99:2b 20dB 54M privacy,short_preamble,short_slottime nwid bedova chan 11 bssid 00:23:54:71:50:71 24dB 54M short_preamble,short_slottime # ifconfig zyd0 nwid bedova # dhclient zyd0 zyd0: no link . sleeping # ifconfig zyd0 down The corresponding dmesg says: zyd0 at uhub0 port 2 configuration 1 interface 0 "ZyDAS USB2.0 WLAN" rev 2.00/48.10 addr 3 zyd0: HMAC ZD1211B, FW 47.25, RF AL2230, PA 0, address 00:18:6e:35:fd:7f zyd0: begin active scan zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 2 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 3 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 4 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 5 mode 11g zyd0: received beacon from 00:1e:58:b8:99:2b rssi 20 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 6 mode 11g zyd0: received beacon from 00:14:d1:59:16:d3 rssi 143 mode 11g zyd0: received beacon from 00:13:33:8a:03:bf rssi 140 mode 11g zyd0: received beacon from 00:13:33:8a:03:bf rssi 142 mode 11g zyd0: received beacon from 00:1d:0f:f3:1e:5b rssi 156 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 7 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 8 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 9 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 10 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 172 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 11 mode 11g zyd0: received probe_resp from 00:23:54:71:50:71 rssi 161 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 24 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 24 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 12 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 156 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 162 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 161 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 13 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 14 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 1 mode 11g zyd0: end active scan zyd0: begin active scan zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 2 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 3 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 4 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 5 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 6 mode 11g zyd0: received beacon from 00:13:33:8a:03:bf rssi 138 mode 11g zyd0: received beacon from 00:14:d1:59:16:d3 rssi 119 mode 11g zyd0: received beacon from 00:13:33:8a:03:bf rssi 137 mode 11g zyd0: received beacon from 00:14:d1:59:16:d3 rssi 137 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 7 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 8 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 9 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 10 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 56 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 159 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 11 mode 11g zyd0: received probe_resp from 00:23:54:71:50:71 rssi 160 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 30 mode 11g zyd0: received beacon from 00:16:e3:f3:a3:ce rssi 147 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 147 mode 11g zyd0: received beacon from 00:16:e3:f3:a3:ce rssi 25 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 20 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 12 mode 11g zyd0: received beacon from 00:23:54:71:50:71 rssi 165 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 13 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 14 mode 11g zyd0: sending probe_req to ff:ff:ff:ff:ff:ff on channel 1 mode 11g zyd0: end active scan zyd0: sending auth to 00:23:54:71:50:71 on channel 11 mode 11g zyd0: received auth from 00:23:54:71:50:71 rssi 27 mode 11g zyd0: sending assoc_req to 00:23:54:71:50:71 on channel 11 mode 11g z
Re: Lenovo ThinkPad Edge 14 i330
fqui nonez wrote: > this Laptop has an extra key (fn) which i could not find how to use it > to jump to TTYs. As I understand, Fn key doesn't send a separate keypress event and therefor can't be remapped. >Another question is related to use ix86 or amd64? i386 is much better tested, but amd64 should be fine. Actually, my experience shows that there's no big difference on a home user laptop untill You want to have more then 4Gb of RAM and Your laptops supports that. -- Dmitrij D. Czarkoff
Re: PF synproxy - never worked?
Well, only one interface is set to be a default gateway out, the other has an IP with no gateway, but a manual route entry for how to reach the client machine. I've also tried applying the synproxy rules on the interface facing the client heading outbound to no avail. On 7/28/2010 5:26 AM, Tom Murphy wrote: Synproxy only appears to work on the interface with the default gateway (egress). I could never make it work on a firewall with more than 1 external interface properly. I don't know if this is a bug or by design. Tom
Lenovo ThinkPad Edge 14 i330
Hello I have a Compaq Presario 3019US working correctly with OBSD-4.7, and i have recived a ThinkPad Edge 14 i330 (4 processors) as a present; it has Windows 7. The parttions do not finish at the end of cilinders by defaults. My question is if you recomend keeping Windows 7 beside to OBSD working well? I installed OBSD-4.7 resulting that TTYs do not work correctly, but this Laptop has an extra key (fn) which i could not find how to use it to jump to TTYs. Another question is related to use ix86 or amd64? i could observed that temperature was higher than with Windows using amd64. Thanks -- Agr. francisco Quinonez. "Our mission, feed the World" "notre mission, nourrir au monde" "Nuestra mision, alimentar al mundo"
Re: HP laptops again
On Wed, Jul 28, 2010 at 9:21 AM, matteo filippetto wrote: >> Then mail me acpidump -o hp8350 results + dmesg + pcidump -v >> > > Hi, > > I have an hp ProBook 4520s that has problem with acpi (boot only with > acpi disable). > > Do you need my results for those commands? Only if you want it fixed. :)
Re: OpenBSD Training
writes: > I have th following aim : Master OpenBSD, pass BSDP(OpenBSD)exam when this > one will be available. > I have good knowledege on TCP/IP;PF use > Is there a good training center in French or English language? > (I will be ready to buy a plane ticket.) Assuming the EuroBSDCon programme turns out roughly like the earlier conferences, there's a distinct possibility that there will be useful tutorials in Karlsruhe in October (http://2010.eurobsdcon.org/). The schedule isn't done yet it appears, but there as far as I can tell from the bsdcertification.org web, the BSDA exam will be offered during the conference. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD Training
> Date: Wed, 28 Jul 2010 05:50:19 -0600 > From: ch...@bennettconstruction.biz > Concrete with re-bar works well for hardening the box. > As far as the software, OpenBSD comes "pre-hardened". > Nothing really needs to be changed for security. > Use good passwords and long passwords is about all you have to do. Good point, all the salting, encrypting, and multiple encryption rounds in the world won't save the Internet from the idiots that set root passwords to "password". The irony of it all is that these 0wned idiots will complain that their "system" was insecure (that's why they got "hacked"). Unfortunately, we in OpenBSD-land live in a vacum of common sense that does not exist out in the real world. People actually use "password" for their password, or the ones who believe themselves clever set it to "secret" or "letmein". Don't believe me, look at the logs on your bastion OpenBSD servers. The reason there are so many ssh bruteforce attempts is because... wait for it.. it works. While we thank the gods for OpenBSD and all of the common sense it comes with, let's not forget that humans can break anything and overcome any amount of logic and careful design. Sincerely, IR _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Re: HP laptops again
> Then mail me acpidump -o hp8350 results + dmesg + pcidump -v > Hi, I have an hp ProBook 4520s that has problem with acpi (boot only with acpi disable). Do you need my results for those commands? Best regards. -- Matteo Filippetto
Re: HP laptops again
On Wed, Jul 28, 2010 at 05:45:14PM +0200, Jan Stary wrote: > > On Mon, Jul 26, 2010 at 12:52:35PM -0500, Marco Peereboom wrote: > > > I have got a few pledges for hp laptops. I have gotten good (as in bad) > > > test reports of the following models that fail one way or another: > > > * HP eb8730w > > > * HP nw9440 > > > * HP Mini 5102 > > > * HP 530 > > While I cannot donate my HP eb8530w (NB: 8530, not 8730), > I would at least like to provide a good (=bad) test report. Actually a test with up to the second -current would be helpful to get a baseline where we are at with this machine. Then mail me acpidump -o hp8350 results + dmesg + pcidump -v > > > > I think we have 2 major acpi issues with these. One of them looks like > > > an aml bug where we don't dereference an object deep enough and some > > > thermal zone issues. > > I have had issues with acpitz shuting down on boot because > of critical temperature, as described also by others on > this list some time ago. > > What else do I need to provide besides dmesg, sysctl hw, > and an acpidump (which I did)? > > Thank you for your time > > Jan
Re: HP laptops again
> On Mon, Jul 26, 2010 at 12:52:35PM -0500, Marco Peereboom wrote: > > I have got a few pledges for hp laptops. I have gotten good (as in bad) > > test reports of the following models that fail one way or another: > > * HP eb8730w > > * HP nw9440 > > * HP Mini 5102 > > * HP 530 While I cannot donate my HP eb8530w (NB: 8530, not 8730), I would at least like to provide a good (=bad) test report. > > I think we have 2 major acpi issues with these. One of them looks like > > an aml bug where we don't dereference an object deep enough and some > > thermal zone issues. I have had issues with acpitz shuting down on boot because of critical temperature, as described also by others on this list some time ago. What else do I need to provide besides dmesg, sysctl hw, and an acpidump (which I did)? Thank you for your time Jan
Re: OpenBSD Training
On Wed, 28 Jul 2010 15:59:33 +0100 Michal wrote: > Apart from ESXi is free but the management isn't...you need vSphere to > manage the thing. This seams like a very expensive way to learn an Just a note: You don't need vSphere for this setup; only if you have to manage a couple of vmware servers (= real hardware) you would need it. In the free version you have to manage each vmware host (not virtual machine) manually through a web interface, which unfortunately only runs under Windows... So, yes, you can run this at without any vmWare licence cost. regards, Robert
Re: HP laptops again
Little status update. We got one laptop ordered (thanks everyone!) and are a few hundred short of the next. So if you care about these bugs please pony up ;-) /marco On Mon, Jul 26, 2010 at 12:52:35PM -0500, Marco Peereboom wrote: > I have got a few pledges for hp laptops. I have gotten good (as in bad) > test reports of the following models that fail one way or another: > * HP eb8730w > * HP nw9440 > * HP Mini 5102 > * HP 530 > > I think we have 2 major acpi issues with these. One of them looks like > an aml bug where we don't dereference an object deep enough and some > thermal zone issues. Unfortunately it seems that these are 2 distinct > issues and therefore potentially require 2 laptops to figure them out. > The laptops in question are relatively cheap on ebay so I think we can > make do with about $800USD worth for 2 machines. > > One of these machines fails to boot; different class of bug but very > interesting nonetheless to fix. > > I am 25% there with pledges. So if you are interested in getting these > 2 bugs fixed send me an email with the pledge amount. I won't accept > cash until we have enough to actually order machines. > > Oh and so that you know once these bugs are fixed we'll try to make > these laptops suspend and resume (an entire different beast!). And > after that the laptops will go to a developer who needs a laptop to work > on. > > Please contact me at ma...@openbsd.org and not on the list.
Re: zyd fails to associate with a network
| Maybe anyone knows how can I get any debugging information about my device? | I could try to solve it on my own if I understood where the error is... "ifconfig zyd0 debug" is usually a good start. Damien
Crema de Concha Nacar Venus Veracruz de Mexico
Buenos Dias/Tardes Sr/a: La crema de Concha Nacar, borra manchas generadas por el paso de los aqos, por el sol y aquellas producidas por el embarazo. Atenza todo tipo de cicatrices, elimina el acni, los barritos y espinillas en forma rapida y efectiva. Alivia las picaduras de insectos y elimina su marca, humecta la piel seca sin dejarla grasosa, alivia la irritacisn despuis de la afeitada. Concha de Nacar Venus Veracruz de Mexico Este producto maravilloso es elaborado por el prestigioso Laboratorio Venus Veracruz de Mixico. Su principal ingrediente es el fantastico polvo de CONCHA NACAR. El polvo de nacar se obtiene de las conchas marinas, formada en el Tondo de los mares, demostrando tener propiedades insuperables para el tratamiento en el cuidado de la piel. Es conocido que desde hace muchmsimos aqos, los indmgenas de Amirica del Sur mezclaban este polvo de nacar con jugo de Limsn; con la finalidad de obtener una crema pastosa para ser usada en la piel, que ha sido deteriorada, daqada con cicatrices, manchas y otras imperfecciones. La crema Concha Nacar penetra profundamente en las capas de la piel actuando sobre las bacterias y los depssitos de grasa en la estructura de la dermis y epidermis, evitando asm la acumulacisn de bacterias y grasa que pueden producir infecciones, como en el caso del acni. La Original Crema de Concha Nacar, es la del Envase rosado, Producida en los prestigiosos laboratorios VENUS VERACRUZ DE MEXICO y distribuida unica y exclusivamente por Prestige Universal Corp USA NO SE DEJE ENGAQAR POR FALSAS IMITACIONES! Para pedidos contactenos en el DF PBX: +52 55 8525-9069
Re: OpenBSD Training
On 28/07/10 14:49, Robert wrote: On Wed, 28 Jul 2010 05:50:19 -0600 Chris Bennett wrote: My advice is to setup a server with some websites (doesn't matter if the are "real" or bogus) and learn to deal with the problems that pop-up. Be sure to get an ISP with remote IP-KVM so you can fix any mistakes that lock you out. I think it's too risky for a newcomer to go straight for a real server. Get a dual/quad core machine with 8GB (used ones are pretty cheap) and install the free ("no licence cost") vmWare ESXi server. Use this to host a whole network (dns, file server, email, etc.). Put another low cost machine with 2 NICs in front of it; this will be your firewall. Now you can simulate locally the daily business, e.g. remote administration, remote upgrades, road warrior setups etc. But you don't have the risk that someone roots your box because you made a mistake. Instead you can (should!) try out to attack it ;) When you're very confident in working with your network, yes, then you need to go out on The Hostile Internet to learn more. regards, Robert Apart from ESXi is free but the management isn't...you need vSphere to manage the thing. This seams like a very expensive way to learn an OS...you can install a free virtual piece of software on your computer, virtual box, vmware server etc and get going, or even get some very cheap PC's off ebay. And to be honest I wouldn't worry about a cert that much, just get some real experience under your belp. Certs help but they are not the be all and end all that some people like to make out
UTF-8 (was: Re: CVS: cvs.openbsd.org: src)
Stefan Sperling wrote: > Log message: > Install the en_US.UTF-8 ctype locale support file, and allow the UTF-8 > ctype locale to be enabled via setlocale(3) (export LC_CTYPE='en_US.UTF-8'). > > A lot of programs, especially from ports, will now start using UTF-8 if the > UTF-8 locale is enabled. Use at your own risk, and please report any breakage. > Note that ncurses-based programs cannot display UTF-8 right now, this is being > worked on. Some stuff that works: == xterm == If you start xterm with LC_CTYPE=en_US.UTF-8 set, it will come up in UTF-8 mode. Apart from displaying UTF-8 encoded text, it will also allow you to enter such text. Keysyms are translated, e.g. if you use a German, Swedish, etc. keymap with , that key will produce the byte sequence 0xC4 0xA4 in xterm. If you have a compose key ( in X11 terms), you can enter _a lot_ of characters with compose sequences. For instance, you can use $ setxkbmap -option compose:ralt to configure the right Alt key as compose. Compose sequences work by pressing (and releasing) the compose key and then two or three other keys that get combined into a single character, e.g.: <'> e with acute (French etc.) r with caron (Czech) l with stroke (Polish) Some combinations are fairly intuitive, some are not. The complete list of supported sequences is here: /usr/X11R6/share/X11/locale/en_US.UTF-8/Compose If you have been using a compose key for ISO 8859-X input all along, note that the UTF-8 sequences can be different, and in particular the order is important, e.g. it is always <'> now and <'> is not accepted. == GTK2 == The default GTK2 input method provides its own compose key processing, which already worked without UTF-8 locale. However, GTK2's compose sequences diverge from the X11 ones, and if you find that as confusing as I do, you can disable GTK2's own compose handling and use the X11 one by setting GTK_IM_MODULE=xim in the environment. That didn't work before, but now does. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: OpenBSD Training
On 07/28/10 07:49, Robert wrote: On Wed, 28 Jul 2010 05:50:19 -0600 Chris Bennett wrote: My advice is to setup a server with some websites (doesn't matter if the are "real" or bogus) and learn to deal with the problems that pop-up. Be sure to get an ISP with remote IP-KVM so you can fix any mistakes that lock you out. I think it's too risky for a newcomer to go straight for a real server. Get a dual/quad core machine with 8GB (used ones are pretty cheap) and install the free ("no licence cost") vmWare ESXi server. Use this to host a whole network (dns, file server, email, etc.). Put another low cost machine with 2 NICs in front of it; this will be your firewall. Now you can simulate locally the daily business, e.g. remote administration, remote upgrades, road warrior setups etc. But you don't have the risk that someone roots your box because you made a mistake. Instead you can (should!) try out to attack it ;) When you're very confident in working with your network, yes, then you need to go out on The Hostile Internet to learn more. regards, Robert You're probably right about that. I am just cursed/blessed with one of those "high-risk loving" personalities. Its more fun to live that way! :) There are a great many good tricks you can do with your own stuff, which are good teachers. And you can get Google and some other search engines to index a site without a domain name if you set up a sitemap.xml and ping it to them.
Re: X default screen resolution on sparc64
Pete Vickers wrote: > From dmesg, the graphics card in my Sun blade100 is: > > machfb0 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27 > machfb0: ATY,RageXL, 1280x1024 > > which is connected via DVI cable to a Sun monitor #365-1429. DVI? On a Blade 100? > I thought that one of the big advantages of DVI was that the card could query > the monitor to discover the supported modes automatically ? DDC was already available on VGA connectors. -- Christian "naddy" Weisgerber na...@mips.inka.de
Bandwidth Queue'ing
Hi, I'm trying to get my head round Queue'ing / Atlq and have read (http://www.openbsd.org/faq/pf/queueing.html). We are getting a Gigabit connection to the local internet peering exchange, and I would like to offer other tenants in our building internet access to help offset our costs. What I plan to do is offer 4 users the following, 2Mb International with burst to 10Mb, 5Mb National with burst to 20Mb, and 25Mb Local IX burst to 100Mb. Can I do this with the following rules, (assuming similar rules for inbound traffic (outbound on the internal NIC))? altq on ext0 cbq bandwidth 1Gb queue { intl_ext, nat_ext, ix_ext } queue intl_ext bandwidth 10Mb { intl_ext_pool1 } queue int_ext_pool1 10Mb { intl_ext_pool1_usr1, intl_ext_pool1_usr2, intl_ext_pool1_usr3, intl_ext_pool1_usr4 } intl_ext_pool1_usr1 2Mb cbq(borrow) intl_ext_pool1_usr2 2Mb cbq(borrow) intl_ext_pool1_usr3 2Mb cbq(borrow) intl_ext_pool1_usr4 2Mb cbq(borrow) queue nat_ext bandwidth 20Mb { nat_ext_pool1 } queue nat_ext_pool1 20Mb { nat_ext_pool1_usr1, nat_ext_pool1_usr2, nat_ext_pool1_usr3, nat_ext_pool1_usr4 } nat_ext_pool1_usr1 5Mb cbq(borrow) nat_ext_pool1_usr2 5Mb cbq(borrow) nat_ext_pool1_usr3 5Mb cbq(borrow) nat_ext_pool1_usr4 5Mb cbq(borrow) que ix_ext 100Mb { ix_ext_pool1 } ix_ext_pool1 100Mb { ix_ext_pool1_usr1, ix_ext_pool1_usr2, ix_ext_pool1_usr3, ix_ext_pool1_usr4 } ix_ext_pool1_usr1 25Mb cbq(borrow) ix_ext_pool1_usr2 25Mb cbq(borrow) ix_ext_pool1_usr3 25Mb cbq(borrow) ix_ext_pool1_usr4 25Mb cbq(borrow) Assuming the queue's are matched by using some BGP route magic (to determine if connection is Local IX, National, or International), and the user's local subnet, (assuming a /29 for each local user). Does this make sense? Am I approaching things the right way? Is there any particular material I should be reading up on? Cheers Liam
Re: OpenBSD Training
On Wed, 28 Jul 2010 05:50:19 -0600 Chris Bennett wrote: > My advice is to setup a server with some websites (doesn't matter if the > are "real" or bogus) and learn to deal with the problems that pop-up. Be > sure to get an ISP with remote IP-KVM so you can fix any mistakes that > lock you out. I think it's too risky for a newcomer to go straight for a real server. Get a dual/quad core machine with 8GB (used ones are pretty cheap) and install the free ("no licence cost") vmWare ESXi server. Use this to host a whole network (dns, file server, email, etc.). Put another low cost machine with 2 NICs in front of it; this will be your firewall. Now you can simulate locally the daily business, e.g. remote administration, remote upgrades, road warrior setups etc. But you don't have the risk that someone roots your box because you made a mistake. Instead you can (should!) try out to attack it ;) When you're very confident in working with your network, yes, then you need to go out on The Hostile Internet to learn more. regards, Robert
Re: PF synproxy - never worked?
Synproxy only appears to work on the interface with the default gateway (egress). I could never make it work on a firewall with more than 1 external interface properly. I don't know if this is a bug or by design. Tom
Re: OpenBSD Training
On 07/28/10 04:44, open...@e-solutions.re wrote: Hi, I have th following aim : Master OpenBSD, pass BSDP(OpenBSD)exam when this one will be available. I have good knowledege on TCP/IP;PF use Is there a good training center in French or English language? (I will be ready to buy a plane ticket.) With these covered topics : INSTALLATION UNIX BASIC COMMAND LINE NETWORK CONFIGURATION ADMINISTRATION(Web Hosting, Mailserver, Proxy Cache, DNS, LDAP,SSH) VPN(Site to Site, Nomade use (Home with mac/PC)) BACKUP AND RESTORE HARDENNING THE BOX Concrete with re-bar works well for hardening the box. As far as the software, OpenBSD comes "pre-hardened". Nothing really needs to be changed for security. Use good passwords and long passwords is about all you have to do. VIRTUALISATION with QEMU PF with CARP Thank's My advice is to setup a server with some websites (doesn't matter if the are "real" or bogus) and learn to deal with the problems that pop-up. Be sure to get an ISP with remote IP-KVM so you can fix any mistakes that lock you out. Throw on a mail server, make some different types of connections with your home box, etc. Training is good to get, but getting down in the trenches seems to be essential. I learned to use OpenBSD by setting up a server for my websites, then I added to my home computers.
Re: X default screen resolution on sparc64
On 27. juli 2010, at 15.09, Pete Vickers wrote: > Hi, > > From dmesg, the graphics card in my Sun blade100 is: > > machfb0 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27 > machfb0: ATY,RageXL, 1280x1024 > > which is connected via DVI cable to a Sun monitor #365-1429. This monitor > supports 1280x1...@60hz. However starting X without a config file only run it > at 800x600. These line appears relevant in the Xorg log file: > > > (II) MACH64(0): : Using default hsync range of 31.50-37.90 > kHz > (II) MACH64(0): : Using default vrefresh range of 50.00-70.00 > Hz > ... > (II) MACH64(0): Not using default mode "1280x1024" (hsync out of range) > > > I thought that one of the big advantages of DVI was that the card could query > the monitor to discover the supported modes automatically ? Is there any > commands I can use to enable such probing ? or do I can to create an entire > cfg file to manually enable a higher resolution ? Is there any way to > automatically generate a basic config file to subsequently edit ? > To answer my own question for the sake of the archive, you can ofcourse just write a partial /etc/X11/xorg.conf, and let the defaults provide the rest. This was all that was necessary for me: Section "Device" Identifier "ATI Rage XL" Driver "ati" BusID "PCI:0:19:0" Option "composite_sync" "True" Option "reference_clock" "29.5MHz" EndSection Section "Monitor" Identifier "Sun L9ZF" # 31.5 kHz to 81.1 kHz Horizantal # 56.0 Hz to 76.0 Hz Vertical HorizSync 32-81 VertRefresh 56-76 EndSection Section "Screen" Identifier "Default Screen" Device "ATI Rage XL" Monitor "Sun L9ZF" DefaultDepth 16 SubSection "Display" Depth 16 Modes "1280x1024" EndSubSection EndSection ===
Re: zyd fails to associate with a network
Maybe anyone knows how can I get any debugging information about my device? I could try to solve it on my own if I understood where the error is... Dmitrij D. Czarkoff wrote: > Hello! > > I'm trying to connect a wireless network on my ASUS R2Hv. Both the built-in > and usb dongle wireless adapters are zyd-based: > > Asus WL-159g (built-in): > $ usbdevs -vdf /dev/usb0 -a 3 > Controller /dev/usb0: > addr 3: high speed, power 500 mA, config 1, USB2.0 WLAN(0x171b), > ASUS(0x0b05), > rev 48.02 >zyd0 > > 3COM 3CRUSB10075 (usb dongle): > $ usbdevs -vdf /dev/usb0 -a 7 > Controller /dev/usb0: > addr 7: high speed, power 500 mA, config 1, USB2.0 WLAN(0x1215), > ZyDAS(0x0ace), rev 48.10 >zyd1 > > zyd(4) mensions both as supported. They both attach as zyd0 and zyd1 > respectively. Scanning on them succeeds with my network being found, but > connecting to it gives troubles: > > $ sudo ifconfig zyd0 scan > zyd0: flags=8802 mtu 1500 > lladdr 00:1d:60:62:59:ef > priority: 4 > groups: wlan > media: IEEE802.11 autoselect (DS1 mode 11g) > status: no network > ieee80211: nwid "" 100dBm > nwid bedova chan 11 bssid 00:23:54:71:50:71 26dB 54M > short_preamble,short_slottime > $ sudo ifconfig zyd0 nwid bedova > $ sudo ifconfig zyd0 > zyd0: flags=8802 mtu 1500 > lladdr 00:1d:60:62:59:ef > priority: 4 > groups: wlan > media: IEEE802.11 autoselect (DS1 mode 11g) > status: no network > ieee80211: nwid bedova 100dBm > inet6 fe80::21d:60ff:fe62:59ef%zyd0 prefixlen 64 scopeid 0x4 > $ sudo dhclient zyd0 > zyd0: no link . sleeping > > What can I do to further investigate the problem?
OpenBSD Training
Hi, I have th following aim : Master OpenBSD, pass BSDP(OpenBSD)exam when this one will be available. I have good knowledege on TCP/IP;PF use Is there a good training center in French or English language? (I will be ready to buy a plane ticket.) With these covered topics : INSTALLATION UNIX BASIC COMMAND LINE NETWORK CONFIGURATION ADMINISTRATION(Web Hosting, Mailserver, Proxy Cache, DNS, LDAP,SSH) VPN(Site to Site, Nomade use (Home with mac/PC)) BACKUP AND RESTORE HARDENNING THE BOX VIRTUALISATION with QEMU PF with CARP Thank's
Re: Boot hang on 4.7/sparc64
On 28 July 2010 06:57, Nathan Sandver wrote: > > The swap partition I created at wd1b is correctly listed in /etc/fstab: > # cat /mnt/etc/fstab > /dev/wd1b none swap sw 0 0 > /dev/wd0a / ffs rw 1 1 > /dev/wd1a /usr ffs rw,nodev 1 2 > What happens when you remove the wd1b line from fstab?