Re: how to repeat messages about manual configuration

[Bret S. Lambert]

On Thu, Oct 21, 2010 at 05:27:02PM +, Jay K wrote:
> You know, installing ports/packages often gives you random manual
> configuration advise, like:
> 
> 
> ===>  Installing jdk-1.6.0.03p9 from /usr/ports/packages/amd64/all/
> jdk-1.6.0.03p9:
> ok   
>   
> --- +jdk-1.6.0.03p9 ---
> You may wish to add /usr/local/jdk-1.6.0/man to /etc/man.conf
> Use and distribution of this technology is subject to the Java Research
> License included herein.
> 
> To use the Java plugin with Seamonkey or Firefox you must create
> a symbolic link (do not copy or hard link) from
> 
> /usr/local/jdk-1.6.0/jre/plugin/amd64/ns7/libjavaplugin_oji.so
> 
> to your local Mozilla plugins directory, which is found at
> 
> ~/.mozilla/plugins/
> 
> or to the shared Mozilla plugins directory, which is found at
> 
> /usr/local/lib/mozilla-plugins/
> =
> 
> 
> 1) There should be a way to repeat all these messages for all installed
> packages.
>   Maybe there already is.

pkg_add  | tee pkg.out ??

> 
> 
> 2) Every time one of these is printed, the command that does #1 should be
> reported, possibly
> both for the specific packages, and all installed packages, or at least for
> all installed packages.
> (Don't make users remember what packages are installed or how to determine
> which are installed or which had the messages.)

Really, some sort of package log file is what you're asking for, and
I'm really not seeing a way that doesn't smack of creeping Linux-itus.

> 
> 
> 3) "You may wish to add /usr/local/jdk-1.6.0/man to /etc/man.conf" isn't
> descriptive enough, I think,
> in that, when I looked into it, I didn't know what edit to make so I gave up.
> It should give a command. For that matter, so should the others.
> The Python messages give you actual copy/pastable commands.
> 
> 
> 3b) Maybe there should be a way to automate that further. But I suppose
> besides being
> optional, these things are also somewhat changable by user? I don't know.
> The Python ones surely could be automatic, without the -f.
> (ln -sf /usr/local/bin/python26 python or such)

What if I'm developing in a split python 2.4/2.6 environment? Not saying
that you're wrong, just raising a reason why what works for you may not
be the best for everybody, or even the majority.

> 
> 
>  - Jay

Re: Can't get pptp vpn working.

[Gregory Edigarov]

sysctl net.inet.gre.allow=1 ?

"pass proto gre" in your pf rules? 


On Thu, 21 Oct 2010 19:50:14 -0700
Peter Merritt  wrote:

>  Hate replying to my own post but anyone have any ideas on this. This
> for pptp pass thru not for a openbsd pptp server. Has anyone got this
> working  with 4.7 or 4.8 ?  
>   
>   
>  
> -Original message-
> To:misc@openbsd.org; 
> From:Peter Merritt
> 
> Sent:Tue 19-10-2010 16:00
> Subject:Can't get pptp
> vpn working.
> I just can not pass gre through a openbsd firewall, this was
> working fine with
> 4.6 a previous. 4.7 would pass traffic irratically  with
> this C7 motherboard,
> so I upgraded to 4.8 beta, and other that this problem
> it has been working
> well. what follow is my pf.conf and other information,
> would like some insight
> to this. Also since 4.7 on logging does not work like
> it used to when using
> tcpdump, for instance you will see that the box is
> passing rdp traffic, but it
> never logs it hitting the rule passing and rdr
> rdp traffic. I think I am
> missing somthing, or the packets are changed by the
> time it hits the rule so
> the rule is not triggered, any explantions would be
> greatly appreciated. 
>
> 
>Peter 
> 
> 
> # uname -a
> OpenBSD
> Firewall.southwest-airmotive.com 4.8 GENERIC#126 i386
> 
> 
> We have 2
> ip's
> cat /etc/hostname.re0
> inet  98.191.121.43  255.255.255.240 NONE
> alias
> 98.191.121.44  255.255.255.255
> 
> # cat /etc/hostname.re1
> inet 192.168.0.254
> 255.255.255.0 NONE
> group ingress
> 
> # sysctl -a | grep gre
> net.inet.gre.allow=0 # I have also tried these setting on
> net.inet.gre.wccp=0
> 
> net.inet.ip.forwarding=1
> net.inet.ip.mforwarding=0
> net.inet6.ip6.forwarding=1
> net.inet6.ip6.mforwarding=0
> 
> 
> stripped down
> pf.conf,  with some experimentation also tried quick with this same
> results Ips and hostnames obfuscated. This box sits in front of sbs
> server. #Macros ##
> 
> ## Interfaces ##
> ext_if  = "re0"
> int_if  =
> "re1"
> 
> ## Global Variables ##
> ext_ip  =  "x.x.x.44"
> int_net  
>   =  $int_if:network
> gateway = "192.168.0.254/32"
> server  =
> "192.168.0.1/32"
> mailgate= "x.x.x.44"
> fake_mx = "x.x.x.43"
> d_pc = "192.168.0.31"
> ftp_port=
> "8021"
> server_ports= "{
> https,imaps,4125,4343 }" # pwm removed pptp 10/17
> smtp= "{ 25 }"
> ssh_ports   = "{ ssh }"
> rdp = "{
> 3389 }"
> antiscanport=
> "{23:79, 6000:8000}"
> 
> icmp_types  = "{
> echoreq, unreach }"
> netbios
> = "{ epmap, netbios-ns, netbios-dgm,
> netbios-ssn, microsoft-ds }"
> trojan
>  = "{
> 3127,31791,6667,7000,8111,49400,54320,61439,61440,61441,65301,19,8998 }"
> 
> ##
> Tables ##
> table const file "/etc/tables/authorized"
> table
>  const file "/etc/tables/blacklist"
> table   
> persist
> table persist file "/etc/tables/bogon-bn-nonagg.txt"
> #table  persist file "/etc/tables/sinokoreacidr.txt"
> #table
>  const file "/etc/tables/adminservers"
> table 
> persist
> table   persist
> tablepersist
> 
> #
> filtering on lo0
> set skip on { lo0 enc0, $int_if }
> 
> 
> #match out log on
> egress from  $server  to any  tag EGRESS nat-to
> ($ext_if) static-port
> #match out log on egress from  $server  to
> any  
>tag EGRESS nat-to ($ext_if:0) static-port
> #match out log on
> egress from
> !$server   to any  tag EGRESS nat-to ($ext_if)
> port
> 1024:65535
> #match out log on egress from !$server   to
> any  
>tag EGRESS nat-to ($ext_if:0) port 1024:65535
> #match out log  on
> egress
> from (self)   to any tag EGRESS  nat-to ($ext_if)
> port
> 1024:65535
> #match out log  on egress from (self)   to
> any  
>   tag EGRESS  nat-to ($ext_if:0) port 1024:65535
> match out on $ext_if from
> 192.168.0.0/24  nat-to ($ext_if)
> 
> ## Packet
> normalization ( "scrubbing" )
> #match log on $ext_if all scrub (random-id
> min-ttl 254 set-tos lowdelay
> reassemble tcp max-mss 1460)
> 
> ### Blocking
> spoofed packets: enable "set
> state-policy if-bound" above
> #antispoof log for
> { lo0 $int_if ($ext_if) }
> #block drop in log inet6
> #block drop in
> log from no-routeto
> any
> #block return  in log on $ext_if 
> from  to any
> #block drop
> in log on $ext_if  from  to
> any
> #block drop in log on $ext_if
>  from to any
> #block drop in
> log on $ext_if  from  to
> any
> #block drop in log on $ext_if  from
>   to any
> #block drop in log
> on $ext_if  from any to $ext_if:broadcast
> #block  in log on $ext_if  from
> 0.0.0.0/32
> #block  in log on $ext_if 
> from any to 224.0.0.1
> #block
>  in log on $ext_if  from 224/8
> #block drop
> in log  on $ext_if

Re: how to repeat messages about manual configuration

[Raimo Niskanen]

On Thu, Oct 21, 2010 at 02:34:03PM -0500, Carson Chittom wrote:
> On Thu, Oct 21, 2010 at 01:20:40PM -0500, Jay K wrote:
> 
> > 1) There should be a way to repeat all these messages for all installed
> > packages.
> >   Maybe there already is.
> 
> $ less /var/db/pkg/*/+DISPLAY
> 
> > 3) "You may wish to add /usr/local/jdk-1.6.0/man to /etc/man.conf" isn't
> > descriptive enough, I think,
> > in that, when I looked into it, I didn't know what edit to make so I gave 
> > up.
> 
> man.conf(5) should help, I think (possibly. I haven't actually looked).

That took me some reading but after that and after inspecting
the suggested path's available sections this is what I appended for Tcl/Tk:

_whatdb /usr/local/lib/tcl8.5/man/whatis.db
_whatdb /usr/local/lib/tk8.5/man/whatis.db
_default/usr/local/lib/{tcl,tk}8.5/man/
1   /usr/local/lib/{tcl,tk}8.5/man/man1
3   /usr/local/lib/{tcl,tk}8.5/man/man3
n   /usr/local/lib/{tcl,tk}8.5/man/mann

And this for JDK:

_whatdb /usr/local/jdk-1.7.0/man/whatis.db
_default/usr/local/jdk-1.7.0/man/
1   /usr/local/jdk-1.7.0/man/man1

That is just a suggestion. I still contemplate if I want the _default lines...

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: how to repeat messages about manual configuration

[Jay K]

I want the messages to tell me how to get the repeat.
If there any messages, I want the instructions repeated at the end as well
(on
how to get the messages, not the actual messages).

> pkg_add  | tee pkg.out ??

I shouldn't have to.


> What if I'm developing in a split python 2.4/2.6 environment? Not saying

That's why omit the -f. Roughly.
Make all the symlinks if none of them are already there.
Granted, if you are en route to setting up 2.4 and 2.6, then whoever
goes first would be arbitrary.

Possibly all this should be deferred to the "end" of whatever all you
are installing and batched up, so it can be analyzed for conflicts,
so both would be skipped.

 - Jay

Remeras publicitarias para tu empresa

[Interesante]

Queres remeras de maxima calidad?

Vendemos la mejor remera publicitaria !!!

Ideal para tu?NEGOCIO/EMPRESA o para regalar

- NO SON DESCARTABLES
- NO SE ENCOGEN
- NO SE BORRA EL ESTAMPADO

Desde 100 remeras en adelante: 17.90 $ mas iva

Desde 1000 remeras en adelante :16,90 $ mas iva

Pedido minimo 100 remeras en Capital Federal y Gran Bs As

Interior del pais pedido minimo 200 remeras

Atencion!!!

Para que te enviemos un presupuesto por favor enviar el archivo del logo
en Corel 10

Nuestro sistema de impresion es en serigrafia
Podes elegir el color que quieras - Tenemos todos los talles

Envianos tu numero de telefono y nos comunicaremos a la brevedad
Unico email de consultas: remeraspublicitar...@mail.ru - Telefono:
1138015852

[IMAGE]

Con la entrega mas rapida del mercado

LAS REMERAS SON DE JERSEY DE ALGODON 24/1

LA MEJOR FORMA DE HACER PUBLICIDAD PARA SU EMPRESA

Aplicamos tu logo a la medida que quieras

Importantisimos descuentos a sindicatos, obras sociales, empresas y
entidades publicas

Stock ilimitado - Envios a todo el pais

Envianos tu numero de telefono y nos comunicaremos a la brevedad.
Responder solo a: remeraspublicitar...@mail.ru - Telefono: 1138015852

pf anchor

[Alex Rastaklov]

Hi all,
I'm actually working with relayd, on 4.7

This a standard configuration used :

/etc/relayd.conf
ext_addr="192.168.0.10"
webhost1="192.168.0.2"
webhost2="192.168.0.3"

table  { $w1 $w2 }
redirect www {
listen on $ext_addr port http
forward to  port http check http "/" code 200
}


In my pf.conf, I added the anchor :

anchor "relayd/*"

#pfctl -a relayd/pool -t pool-T show
pfctl: Table does not exist.

Why my table is empty ?

Thx

Re: how to repeat messages about manual configuration

[Tomas Bodzar]

On Fri, Oct 22, 2010 at 12:19 PM, Jay K  wrote:
> I want the messages to tell me how to get the repeat.
> If there any messages, I want the instructions repeated at the end as well
> (on
> how to get the messages, not the actual messages).

For this purpose there is FAQ and man pages for appropriate commands
as even on eg. Linux


>
>> pkg_add B | tee pkg.out ??
>
> I shouldn't have to.

I you don't want. There is more ways how to get that info. Choose one
which is comfortable for you.

>
>
>> What if I'm developing in a split python 2.4/2.6 environment? Not saying
>
> That's why omit the -f. Roughly.
> Make all the symlinks if none of them are already there.

I don't want system which will be thinking that knows better then I
what I want. I want to choose. And anyway if you have more pythons
installed then you don't need those links created. There is tab
completition in shells.


> Granted, if you are en route to setting up 2.4 and 2.6, then whoever
> goes first would be arbitrary.
>
> Possibly all this should be deferred to the "end" of whatever all you
> are installing and batched up, so it can be analyzed for conflicts,
> so both would be skipped.
>
> B - Jay

Re: pf anchor

[Alex Rastaklov]

>forward to  port http check http "/" code 200

Mistake in my copy/paste, this is the real line in my relayd.conf

Re: password-less console-only access and ssh remote access?

[Jay K]

> You can get almost the same thing by setting "PasswordAuthentication" to
"no"
> in your sshd_config file, and hand out empty or ridiculously simple
passwords
> for the console (honestly, who would forget "yermomsawhore" as a
password?).


How do I limit their use to the console?

If say I ssh in as non-root and then login root?

ssh surely isn't the sole gatekeeper for login?

  (Granted, I am NOT running ftpd or telnetd; though

  at some point I'd like smbd/nfsd, hopefully

  both secure and convenient, hopefully using ssh somehow...).



Thanks,

 - Jay

Re: password-less console-only access and ssh remote access?

[Tomas Bodzar]

On Fri, Oct 22, 2010 at 1:01 PM, Jay K  wrote:
>> You can get almost the same thing by setting "PasswordAuthentication" to
> "no"
>> in your sshd_config file, and hand out empty or ridiculously simple
> passwords
>> for the console (honestly, who would forget "yermomsawhore" as a
> password?).
>
>
> How do I limit their use to the console?
>
> If say I ssh in as non-root and then login root?

You can chroot those logins and why they need root? You don't need to
allow use of su for them, they don't need to be in wheel group and you
can set in sudo only 'must need' apps for them.

>
> ssh surely isn't the sole gatekeeper for login?
>
> B (Granted, I am NOT running ftpd or telnetd; though
>
> B at some point I'd like smbd/nfsd, hopefully
>
> B both secure and convenient, hopefully using ssh somehow...).
>
>
>
> Thanks,
>
> B - Jay

Re: how to repeat messages about manual configuration

[Carson Chittom]

On Thu, Oct 21, 2010 at 05:58:29PM -0500, Jacob Meuser wrote:

> On Thu, Oct 21, 2010 at 02:34:03PM -0500, Carson Chittom wrote:
> > On Thu, Oct 21, 2010 at 01:20:40PM -0500, Jay K wrote:
> > 
> > > 1) There should be a way to repeat all these messages for all installed
> > > packages.
> > >   Maybe there already is.
> > 
> > $ less /var/db/pkg/*/+DISPLAY
> 
> pkg_info -M is nicer

Well, he *did* say "all"--pkg_info -M takes a package name(s) as a mandatory
argument.  Although of course you can do

$ pkg_info -M `pkg_info -q`|less

but I don't see that that's better or worse than just paging the stuff in
/var/db/pkg

Mark Beihoffer has invited you to open a Google mail account

[Mark Beihoffer]

I've been using Gmail and thought you might like to try it out. Here's an
invitation to create an account.


  You're Invited to Gmail!

Mark Beihoffer has invited you to open a Gmail account.

Gmail is Google's free email service, built on the idea that email can be
intuitive, efficient, and fun. Gmail has:

 *Less spam*
Keep unwanted messages out of your inbox with Google's innovative
technology.

*Lots of space*
Enough storage so that you'll never have to delete another message.

*Built-in chat*
Text or video chat with Mark Beihoffer and other friends in real time.

*Mobile access*
Get your email anywhere with Gmail on your mobile phone.

You can even import your contacts and email from Yahoo!, Hotmail, AOL, or
any other web mail or POP accounts.

Once you create your account, Mark Beihoffer will be notified of your new
Gmail address so you can stay in touch. Learn
moreor get
started
!
Sign 
up

Google Inc. | 1600 Ampitheatre Parkway | Mountain View, California 94043

Re: pf anchor

[Alex Rastaklov]

Resolved with : relayd -d -f /etc/relayd.conf
...
Sorry for the noise.

2010/10/22 Alex Rastaklov :
>>forward to  port http check http "/" code 200
>
> Mistake in my copy/paste, this is the real line in my relayd.conf

ATENCION =??Q?informaci=F3n?= importante de Amenitie Solutions

[Amenitie Solutions]

Estimados Clientes y Amigos , les informamos que ya se encuentran en actividad 
nuevamente las cuentas de mail :

amenit...@fibertel.com.ar

amenitiesoluti...@fibertel.com.ar 

fragancias@fibertel.com.ar

Desde ya les pedimos disculpas por alguna molestia ocasionada.

Como siempre nuestras PAGINAS WEB estan a su disposicion .

www.jaboncitos.com.ar

www.amenities01.com.ar 


Un Saludo Cordial.

Mirror Argentina

[Gonzalo L. R.]

Hi all,

The Argentinian Mirror is going down for 2 hours (aprox) we need to
change the DC, this take place tomorrow (Saturday 15:00 / 17:00 UTC/GMT
-3 hours).

I'll send a mail, as soon as we're back up again.


Regards.

-- 
Sending from my Computer.

Adaptec Serial ATA RAID 21610SA

[S H]

Hi misc,

I'm looking for some feedback from people who might have tried using an
Adaptec Serial ATA RAID 21610SA on OpenBSD.  I completely understand why
Theo and the rest of the developers don't include the driver in the GENERIC
kernel since they were never given the documentation from Adaptec needed to
create the best driver possible.

My file server currently runs FreeBSD 8.1 and has the adaptec card in it,
thus far it's ran quite well but I would love to have that system running
OpenBSD if I can.  So I'm hoping someone on misc has experience with this
card and might be able to offer some insight as to what I can expect in
comparison to how it runs on FBSD...

I also wanted to take this time to thank all of the other developers for the
upcoming release.

Shawn

Re: password-less console-only access and ssh remote access?

[Owain Ainsworth]

On Fri, Oct 22, 2010 at 10:01:17AM +, Jay K wrote:
> > You can get almost the same thing by setting "PasswordAuthentication" to
> "no"
> > in your sshd_config file, and hand out empty or ridiculously simple
> passwords
> > for the console (honestly, who would forget "yermomsawhore" as a
> password?).
> 
> 
> How do I limit their use to the console?
> 
> If say I ssh in as non-root and then login root?

Turn off sudo and don't put users you don't want to have root in the
wheel group.

I find what you want to be questionable though.

-0-
-- 
Fortune's graffito of the week (or maybe even month):

Don't Write On Walls!

   (and underneath)

You want I should type?

Re: Adaptec Serial ATA RAID 21610SA

[Tomas Bodzar]

It's not only problem with license, but with quality of Adaptec as a
whole http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 . But
maybe it changed as there is not Adaptec anymore.

On Fri, Oct 22, 2010 at 6:44 PM, S H  wrote:
> Hi misc,
>
> I'm looking for some feedback from people who might have tried using an
> Adaptec Serial ATA RAID 21610SA on OpenBSD. B I completely understand why
> Theo and the rest of the developers don't include the driver in the GENERIC
> kernel since they were never given the documentation from Adaptec needed to
> create the best driver possible.
>
> My file server currently runs FreeBSD 8.1 and has the adaptec card in it,
> thus far it's ran quite well but I would love to have that system running
> OpenBSD if I can. B So I'm hoping someone on misc has experience with this
> card and might be able to offer some insight as to what I can expect in
> comparison to how it runs on FBSD...
>
> I also wanted to take this time to thank all of the other developers for
the
> upcoming release.
>
> Shawn

Re: Adaptec Serial ATA RAID 21610SA

[Marco Peereboom]

run forest run!

really, don't use adaptec raid if you like your data.

On Fri, Oct 22, 2010 at 11:44:08AM -0400, S H wrote:
> Hi misc,
> 
> I'm looking for some feedback from people who might have tried using an
> Adaptec Serial ATA RAID 21610SA on OpenBSD.  I completely understand why
> Theo and the rest of the developers don't include the driver in the GENERIC
> kernel since they were never given the documentation from Adaptec needed to
> create the best driver possible.
> 
> My file server currently runs FreeBSD 8.1 and has the adaptec card in it,
> thus far it's ran quite well but I would love to have that system running
> OpenBSD if I can.  So I'm hoping someone on misc has experience with this
> card and might be able to offer some insight as to what I can expect in
> comparison to how it runs on FBSD...
> 
> I also wanted to take this time to thank all of the other developers for the
> upcoming release.
> 
> Shawn

cwm crashes on Linux when combining grouponly/movetogroup

[Christian Neukirchen]

Hi,

I found this key sequence to crash cwm on Linux in CVS HEAD:

Minimal .cwmrc:
bind C-i grouponly2
bind CS-i movetogroup2

Run cwm, open a window (say xterm), press C-i, press CS-i, press C-i.
cwm crashes on Linux with this backtrace:

#0  0x76027595 in raise () from /lib/libc.so.6
#1  0x76028a16 in abort () from /lib/libc.so.6
#2  0x760612cb in ?? () from /lib/libc.so.6
#3  0x76066676 in ?? () from /lib/libc.so.6
#4  0x00408a72 in group_show (sc=0x625d80, gc=0x625f38) at group.c:135
#5  0x00408e76 in group_only (sc=0x625d80, idx=4) at group.c:302
#6  0x004084e7 in xev_handle_keypress (ee=0x7fffde00)
at xevents.c:335
#7  0x004087dd in xev_loop () at xevents.c:446
#8  0x00403969 in main (argc=, 
argv=) at calmwm.c:92

I have not been able to reproduce this on OpenBSD, so it's not clear to
me where the error actually is.

-- 
Christian Neukirchenhttp://chneukirchen.org

softraid ignorance (mine).

[Christiano F. Haesbaert]

Hi,

Pardon my ignorance, but is it possible to add more drives to a RAID-5 array ?
I basically can't afford to buy them all at once :(.

Thanks

Re: softraid ignorance (mine).

[Adam M. Dutko]

Yes it is possible.  The actual commands are dependent on the firmware and
device manufacturer.  For instance if you have an LSI card you'll want to
look into the "MegaCLI."

Re: softraid ignorance (mine).

[Christiano F. Haesbaert]

On 22 October 2010 17:08, Adam M. Dutko  wrote:
> Yes it is possible.  The actual commands are dependent on the firmware and
> device manufacturer.  For instance if you have an LSI card you'll want to
> look into the "MegaCLI."
>

Maybe I wasn't clear, I'm considering softraid(4)

Broadcom BCM5709C delays with PF routing operators

[cbc]

Hello,

I have 02 dual port Broadcom BCM5709CC0KPBG device running on
routing/pf machine (Dell T110) - OpenBSD 4.7 amd64:


b...@pci0:3:0:0:class=0x02 card=0x191714e4 chip=0x163914e4
rev=0x20 hdr=0x00
vendor = 'Broadcom Corporation'
device = 'NetXtreme II Gigabit Ethernet (BCM5709)'
class  = network
subclass   = ethernet
b...@pci0:3:0:1:class=0x02 card=0x191714e4 chip=0x163914e4
rev=0x20 hdr=0x00
vendor = 'Broadcom Corporation'
device = 'NetXtreme II Gigabit Ethernet (BCM5709)'
class  = network
subclass   = ethernet

... and more bce2 and bce3

One of the NICs is connected across 2 internet links and speed works
fine until uses of reply-to in pf.conf, for example:

pass in quick on bce0 reply-to ( bce0 ip_address_gw1 ) tagged LINK1
pass in quick on bce1 reply-to ( bce1 ip_address_gw2 ) tagged LINK2

After running pfctl -f /etc/pf.conf the 2 internet links goes very
very slow (3KB/s) and CPU irq increases to 10-12%. I have the same
scenario with other NIC cards and works fine, so I think that (maybe)
is a driver problem..

Anyone here uses routing operations (PF) with BCM5709C ethernet cards?

Thanks in advance,

- cbc

Re: Broadcom BCM5709C delays with PF routing operators

[Theo de Raadt]

> I have 02 dual port Broadcom BCM5709CC0KPBG device running on
> routing/pf machine (Dell T110) - OpenBSD 4.7 amd64:
> 
> 
> b...@pci0:3:0:0:  class=0x02 card=0x191714e4 chip=0x163914e4
> rev=0x20 hdr=0x00
> vendor = 'Broadcom Corporation'
> device = 'NetXtreme II Gigabit Ethernet (BCM5709)'
> class  = network
> subclass   = ethernet
> b...@pci0:3:0:1:  class=0x02 card=0x191714e4 chip=0x163914e4
> rev=0x20 hdr=0x00
> vendor = 'Broadcom Corporation'
> device = 'NetXtreme II Gigabit Ethernet (BCM5709)'
> class  = network
> subclass   = ethernet
> 
> ... and more bce2 and bce3
> 
> One of the NICs is connected across 2 internet links and speed works
> fine until uses of reply-to in pf.conf, for example:
> 
> pass in quick on bce0 reply-to ( bce0 ip_address_gw1 ) tagged LINK1
> pass in quick on bce1 reply-to ( bce1 ip_address_gw2 ) tagged LINK2
> 
> After running pfctl -f /etc/pf.conf the 2 internet links goes very
> very slow (3KB/s) and CPU irq increases to 10-12%. I have the same
> scenario with other NIC cards and works fine, so I think that (maybe)
> is a driver problem..
> 
> Anyone here uses routing operations (PF) with BCM5709C ethernet cards?

I have a hard time believing you.

 bce - Broadcom BCM4401 10/100 Ethernet device

 bnx - Broadcom NetXtreme II 10/100/Gigabit Ethernet device

You are using FreeBSD, aren't you.

Re: softraid ignorance (mine).

[Tomas Bodzar]

You will find a lot of answers here
http://2010.asiabsdcon.org/papers/abc2010-P8B-paper.pdf

But quick overview :

RAID5 is still experimental and softraid can be created from 200 chunks max.

On Fri, Oct 22, 2010 at 10:16 PM, Christiano F. Haesbaert
 wrote:
> On 22 October 2010 17:08, Adam M. Dutko  wrote:
>> Yes it is possible. B The actual commands are dependent on the firmware
and
>> device manufacturer. B For instance if you have an LSI card you'll want to
>> look into the "MegaCLI."
>>
>
> Maybe I wasn't clear, I'm considering softraid(4)

Re: password-less console-only access and ssh remote access?

[Jay K]

Tomas, I don't understand.
If I chroot then I can't do much at all right?
  Unless I replicate/link like the entire system, minus login.

su/wheel group/sudo doesn't prevent simple running of login and typing the
root password, right?

Am I missing something?
Maybe that ssh-only access to myself is good enough?
  Once I am me on the machine, there's no need for an obstacle to be root?
 And then su from there to root?
 I don't need to ssh as root?

But if I allow others to ssh in, and don't limit them with chroot,
then a password is needed. They won't be able to su/sudo, but they can still
login.
Right? So I'm back to the earlier point.

Thanks,
 - Jay


> Date: Fri, 22 Oct 2010 13:11:44 +0300
> Subject: Re: password-less console-only access and ssh remote access?
> From: tomas.bod...@gmail.com
> To: jay.kr...@cornell.edu
> CC: bret.lamb...@gmail.com; misc@openbsd.org
>
> On Fri, Oct 22, 2010 at 1:01 PM, Jay K wrote:
> >> You can get almost the same thing by setting "PasswordAuthentication" to
> > "no"
> >> in your sshd_config file, and hand out empty or ridiculously simple
> > passwords
> >> for the console (honestly, who would forget "yermomsawhore" as a
> > password?).
> >
> >
> > How do I limit their use to the console?
> >
> > If say I ssh in as non-root and then login root?
>
> You can chroot those logins and why they need root? You don't need to
> allow use of su for them, they don't need to be in wheel group and you
> can set in sudo only 'must need' apps for them.
>
> >
> > ssh surely isn't the sole gatekeeper for login?
> >
> > (Granted, I am NOT running ftpd or telnetd; though
> >
> > at some point I'd like smbd/nfsd, hopefully
> >
> > both secure and convenient, hopefully using ssh somehow...).
> >
> >
> >
> > Thanks,
> >
> > - Jay

Re: password-less console-only access and ssh remote access?

[Jay K]

Tomas, I don't understand.
If I chroot then I can't do much at all right?
  Unless I replicate/link like the entire system, minus login.

su/wheel group/sudo doesn't prevent simple running of login and typing the
root password, right?

Am I missing something?
Maybe that ssh-only access to myself is good enough?
  Once I am me on the machine, there's no need for an obstacle to be root?
 And then su from there to root?
 I don't need to ssh as root?

But if I allow others to ssh in, and don't limit them with chroot,
then a password is needed. They won't be able to su/sudo, but they can still
login.
Right? So I'm back to the earlier point.

Thanks,
 - Jay


> Date: Fri, 22 Oct 2010 13:11:44 +0300
> Subject: Re: password-less console-only access and ssh remote access?
> From: tomas.bod...@gmail.com
> To: jay.kr...@cornell.edu
> CC: bret.lamb...@gmail.com; misc@openbsd.org
>
> On Fri, Oct 22, 2010 at 1:01 PM, Jay K  wrote:
> >> You can get almost the same thing by setting "PasswordAuthentication" to
> > "no"
> >> in your sshd_config file, and hand out empty or ridiculously simple
> > passwords
> >> for the console (honestly, who would forget "yermomsawhore" as a
> > password?).
> >
> >
> > How do I limit their use to the console?
> >
> > If say I ssh in as non-root and then login root?
>
> You can chroot those logins and why they need root? You don't need to
> allow use of su for them, they don't need to be in wheel group and you
> can set in sudo only 'must need' apps for them.
>
> >
> > ssh surely isn't the sole gatekeeper for login?
> >
> >  (Granted, I am NOT running ftpd or telnetd; though
> >
> >  at some point I'd like smbd/nfsd, hopefully
> >
> >  both secure and convenient, hopefully using ssh somehow...).
> >
> >
> >
> > Thanks,
> >
> >  - Jay

Re: password-less console-only access and ssh remote access?

[Jay K]

> Turn off sudo and don't put users you don't want to have root in the
> wheel group.
>
> I find what you want to be questionable though.


But can't they still run "login"?
Why questionable?
I want security and convenience.
I don't consider passwords to be either.
physical security + ssh is what I want.
I've gotten by with just the second and being sure I don't need console
access after initial setup (I've run systems like this quite a while now,
including upgrading OpenBSD a few times on a few machines, and Debian
4.0=>5.0)


Thanks,
 - Jay

Re: java/amd64/4.7?

[Jay K]

> ok, 1.5 built, 1.6 built, 1.7 in progress. Thanks.

1.7 ultimately fails:

/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
al.c:153: error: redefinition of `throw_new_debugger_exception'
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
al.c:33: error: `throw_new_debugger_exception' previously defined here
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
al.c:163: error: redefinition of
`Java_sun_jvm_hotspot_debugger_bsd_BsdDebuggerLocal_init0'
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
al.c:43: error: `Java_sun_jvm_hotspot_debugger_bsd_BsdDebuggerLocal_init0'
previously defined here
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
al.c:168: error: redefinition of
`Java_sun_jvm_hotspot_debugger_bsd_BsdDebuggerLocal_getAddressSize'
/

etc.
but 1.6 should suffice, thanks.

 - Jay

Re: Broadcom BCM5709C delays with PF routing operators

[cbc]

Ops, sorry. I paste pciconf output instead pcidump, I tried these
setup on FreeBSD too and had the same problem, both running on amd64
port.

On Fri, Oct 22, 2010 at 5:25 PM, Theo de Raadt 
wrote:
>> I have 02 dual port Broadcom BCM5709CC0KPBG device running on
>> routing/pf machine (Dell T110) - OpenBSD 4.7 amd64:
>>
>>
>> b...@pci0:3:0:0:  class=0x02 card=0x191714e4 chip=0x163914e4
>> rev=0x20 hdr=0x00
>> vendor = 'Broadcom Corporation'
>> device = 'NetXtreme II Gigabit Ethernet (BCM5709)'
>> class  = network
>> subclass   = ethernet
>> b...@pci0:3:0:1:  class=0x02 card=0x191714e4 chip=0x163914e4
>> rev=0x20 hdr=0x00
>> vendor = 'Broadcom Corporation'
>> device = 'NetXtreme II Gigabit Ethernet (BCM5709)'
>> class  = network
>> subclass   = ethernet
>>
>> ... and more bce2 and bce3
>>
>> One of the NICs is connected across 2 internet links and speed works
>> fine until uses of reply-to in pf.conf, for example:
>>
>> pass in quick on bce0 reply-to ( bce0 ip_address_gw1 ) tagged LINK1
>> pass in quick on bce1 reply-to ( bce1 ip_address_gw2 ) tagged LINK2
>>
>> After running pfctl -f /etc/pf.conf the 2 internet links goes very
>> very slow (3KB/s) and CPU irq increases to 10-12%. I have the same
>> scenario with other NIC cards and works fine, so I think that (maybe)
>> is a driver problem..
>>
>> Anyone here uses routing operations (PF) with BCM5709C ethernet cards?
>
> I have a hard time believing you.
>
> bce - Broadcom BCM4401 10/100 Ethernet device
>
> bnx - Broadcom NetXtreme II 10/100/Gigabit Ethernet device
>
> You are using FreeBSD, aren't you.

Re: password-less console-only access and ssh remote access?

[Mark Romer]

I believe you can do something like this.  but I see it not really
making you more secure, still questionable

sed s/secure/insecure/g /etc/ttys >> /tmp/temp; mv /tmp/temp /etc/ttys

Mark

On Fri, Oct 22, 2010 at 3:56 PM, Jay K  wrote:

> > Turn off sudo and don't put users you don't want to have root in the
> > wheel group.
> >
> > I find what you want to be questionable though.
>
>
> But can't they still run "login"?
> Why questionable?
> I want security and convenience.
> I don't consider passwords to be either.
> physical security + ssh is what I want.
> I've gotten by with just the second and being sure I don't need console
> access after initial setup (I've run systems like this quite a while now,
> including upgrading OpenBSD a few times on a few machines, and Debian
> 4.0=>5.0)
>
>
> Thanks,
>  - Jay

Re: password-less console-only access and ssh remote access?

[Tomas Bodzar]

On Fri, Oct 22, 2010 at 10:52 PM, Jay K  wrote:
> Tomas, I don't understand.
> If I chroot then I can't do much at all right?
> B Unless I replicate/link like the entire system, minus login.

You sai'd that you want to limit them, not I.

>
> su/wheel group/sudo doesn't prevent simple running of login and typing the
> root password, right?

just test it. If your user is not in wheel then he can use login and
enter root password,  but even when he knows that password login will
not enter root shell as you are not in wheel, but if you know root
password then you don't need to play those games and you can destroy
something directly ;-)

>
> Am I missing something?
> Maybe that ssh-only access to myself is good enough?
> B Once I am me on the machine, there's no need for an obstacle to be root?
> B And then su from there to root?
> B I don't need to ssh as root?

What do you want with that machine and who will use that? It's your
first problem which you must solve.


>
> But if I allow others to ssh in, and don't limit them with chroot,
> then a password is needed. They won't be able to su/sudo, but they can
still
> login.
> Right? So I'm back to the earlier point.
>
> Thanks,
> B - Jay
>
> 
>> Date: Fri, 22 Oct 2010 13:11:44 +0300
>> Subject: Re: password-less console-only access and ssh remote access?
>> From: tomas.bod...@gmail.com
>> To: jay.kr...@cornell.edu
>> CC: bret.lamb...@gmail.com; misc@openbsd.org
>>
>> On Fri, Oct 22, 2010 at 1:01 PM, Jay K wrote:
>> >> You can get almost the same thing by setting "PasswordAuthentication"
to
>> > "no"
>> >> in your sshd_config file, and hand out empty or ridiculously simple
>> > passwords
>> >> for the console (honestly, who would forget "yermomsawhore" as a
>> > password?).
>> >
>> >
>> > How do I limit their use to the console?
>> >
>> > If say I ssh in as non-root and then login root?
>>
>> You can chroot those logins and why they need root? You don't need to
>> allow use of su for them, they don't need to be in wheel group and you
>> can set in sudo only 'must need' apps for them.
>>
>> >
>> > ssh surely isn't the sole gatekeeper for login?
>> >
>> > (Granted, I am NOT running ftpd or telnetd; though
>> >
>> > at some point I'd like smbd/nfsd, hopefully
>> >
>> > both secure and convenient, hopefully using ssh somehow...).
>> >
>> >
>> >
>> > Thanks,
>> >
>> > - Jay

Re: softraid ignorance (mine).

[Christiano F. Haesbaert]

On 22 October 2010 17:31, Tomas Bodzar  wrote:
> You will find a lot of answers here
> http://2010.asiabsdcon.org/papers/abc2010-P8B-paper.pdf
>
> But quick overview :
>
> RAID5 is still experimental and softraid can be created from 200 chunks max.

Thanks Tomas, that would do :P.

Re: java/amd64/4.7?

[Tomas Bodzar]

Do you have release, stable, snapshot or current?

Which commands you tried and what's your /etc/mk.conf ?

On Fri, Oct 22, 2010 at 11:04 PM, Jay K  wrote:
>> ok, 1.5 built, 1.6 built, 1.7 in progress. Thanks.
>
> 1.7 ultimately fails:
>
>
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
> al.c:153: error: redefinition of `throw_new_debugger_exception'
>
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
> al.c:33: error: `throw_new_debugger_exception' previously defined here
>
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
> al.c:163: error: redefinition of
> `Java_sun_jvm_hotspot_debugger_bsd_BsdDebuggerLocal_init0'
>
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
> al.c:43: error: `Java_sun_jvm_hotspot_debugger_bsd_BsdDebuggerLocal_init0'
> previously defined here
>
/usr/ports/pobj/jdk-1.7.0.00/openjdk/hotspot/agent/src/os/bsd/StubDebuggerLoc
> al.c:168: error: redefinition of
> `Java_sun_jvm_hotspot_debugger_bsd_BsdDebuggerLocal_getAddressSize'
> /
>
> etc.
> but 1.6 should suffice, thanks.
>
> B - Jay

Re: password-less console-only access and ssh remote access?

[Jay K]

> > If I chroot then I can't do much at all right?
> > Unless I replicate/link like the entire system, minus login.
>
> You sai'd that you want to limit them, not I.


I just don't want them to be able to login as root.
  And I don't want a password for root.
  If they are on the console though, ok either way.
  That is a laxness I failed to mention would be ok.

> just test it. If your user is not in wheel then he can use login and
> enter root password, but even when he knows that password login will
> not enter root shell as you are not in wheel, but if you know root
> password then you don't need to play those games and you can destroy
> something directly ;-)


I will maybe poke around more.
But again, I don't want anything to depend on root password.
It should be empty and still be secure -- only allow password
login from console, not remote. Only allow ssh access remotely.


And I making sense?
I neither want to remember passwords nor have anyone be able to guess them.
  Which is almost a contradiction.
If someone is at the physical console, they can do anything.
So I should be able to login to the console w/o password.
And remote access only via ssh.


Since I haven't figured out how to configure this, instead I set the password
to "*"
which disallows any password-based login, including physical console.
If I ever really need console access, but haven't lost remote access,
I should be able to reboot remotely and then go to the machine and alter
the boot command line like to use single user mode. I certainly reboot
the machines remotely sometimes (e.g. for an upgrade). Though I haven't
needed single user mode yet, in a long time.


Thanks,
 - Jay

Re: password-less console-only access and ssh remote access?

[Tomas Bodzar]

On Fri, Oct 22, 2010 at 11:53 PM, Jay K  wrote:
>> > If I chroot then I can't do much at all right?
>> > Unless I replicate/link like the entire system, minus login.
>>
>> You sai'd that you want to limit them, not I.
>
>
> I just don't want them to be able to login as root.
> B And I don't want a password for root.
> B If they are on the console though, ok either way.
> B That is a laxness I failed to mention would be ok.

They don't need root at all. root will be only your account as will be
root password

>
>> just test it. If your user is not in wheel then he can use login and
>> enter root password, but even when he knows that password login will
>> not enter root shell as you are not in wheel, but if you know root
>> password then you don't need to play those games and you can destroy
>> something directly ;-)
>
>
> I will maybe poke around more.
> But again, I don't want anything to depend on root password.
> It should be empty and still be secure -- only allow password
> login from console, not remote. Only allow ssh access remotely.

sudo is there to solve your problem to not depend on root password,
login to console via ssh and eg. only with keys is easly doable with
ssh

>
>
> And I making sense?
> I neither want to remember passwords nor have anyone be able to guess them.
> B Which is almost a contradiction.
> If someone is at the physical console, they can do anything.
> So I should be able to login to the console w/o password.
> And remote access only via ssh.

You need password at least for root to be able to maintain that server
locally (in fact you can go easily even around this if you have local
access), but for users you don't need passwords at all as they will be
connecting only remotely and you can create ssh keys for them. But
it's not good idea to create keys without password for users, so they
will need to remember password for their ssh keys

>
>
> Since I haven't figured out how to configure this, instead I set the
password
> to "*"
> which disallows any password-based login, including physical console.
> If I ever really need console access, but haven't lost remote access,
> I should be able to reboot remotely and then go to the machine and alter
> the boot command line like to use single user mode. I certainly reboot
> the machines remotely sometimes (e.g. for an upgrade). Though I haven't
> needed single user mode yet, in a long time.
>
>
> Thanks,
> B - Jay

various openntpd things

[Florin Andrei]

First off, see attachment for an updated version of the spec file for 
the portable version tarball. Changes:

- version number (needs to be updated to the actual version of the 
release every time a new release is sent out)
- replaced Copyright keyword with License
- made other changes to allow installation in parallel with the ntp.org 
daemon (I eliminated some file conflicts)

Secondly: How do I tell whether time is in sync or not? I saw there's a 
message sent to syslog when sync is successful, but logs are rotated and 
lost after a long time. How do I tell without looking at the logs? With 
ntp.org there are various tools that the user could run to get the 
current status. That's a requirement if you want to monitor the time 
sync status of your servers via Nagios or something like that.

-- 
Florin Andrei
http://florin.myip.org/

[demime 1.01d removed an attachment of type text/x-rpm-spec which had a name of 
openntpd.spec]

Re: Adaptec Serial ATA RAID 21610SA

[Nick Holland]

On 10/22/10 11:56, Tomas Bodzar wrote:
> It's not only problem with license, but with quality of Adaptec as a
> whole http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 . But
> maybe it changed as there is not Adaptec anymore.

And don't forget this follow up:
http://marc.info/?l=openbsd-misc&m=126775051500581&w=2

As you people keep bringing Adaptec cards, I'm gonna update my story...
 If you haven't read the above chapters in the story, you might.  I
swear in it a few times.  I don't usually do that.  It's worth the read
just for that. :)

ok, when we last saw this story, Adaptec was working on new firmware
which really would fix the problem.  Not too long after I wrote the
second chapter in this saga, I got word from my ever-patient support guy
that they got a new firmware for me, and if this doesn't do it, they are
sending me new controllers (LSI), which they have switched to for all
new machines they send out (forcing a rev of their application).

The new firmware is installed, and finally..things are working.


For a while.


A couple months ago, one of the boxes hangs and quits working, somewhat
like the very very first problem, but to be honest, that isn't my first
guess.  I reboot the box, and call the service vendor and they look and
sure enough, a couple hours later I get a call from the guy who has
patiently worked with me on this stuff and he said, "It did it again."
I can't believe this, but sure enough, the system logs show the
controller tripping up and killing the system. again.

So, they tell me, "That does it, you are getting the upgrade kit".  They
send me out the deluxe edition, complete with new disks, array
pre-created and preloaded with the new OS, as the old array won't be
readable on the new array controller.  The kit is actually pretty
decent, they have obviously spent a bit of time planning on having
people field-upgrade these what were supposed to be "sealed" boxes, and
changing cards in computers, of course, hasn't been an issue for
me...well, ever.

It's something of a pain, though, as we basically have to rebuild the
box from scratch, and reconfigure it as the old system was (and hope we
got everything right the first time...which we did by the time the third
box was upgraded).  While we are upgrading the first one, though,
another one died on us...leading us to think we've got an uptime-related
issue.

So at this point, I've got three of the boxes upgraded with new firmware
(and a new version of the OS to go along with it).  The fourth box, I
offered to test the NEXT new Craptec firmware on.  Curiously, the
version number on the new firmware is SMALLER than the last "This is it"
version.  Yes, you could feel my support contact rolling his eyes when
he told me that.

Do note that every step of the way, they are sending me new FIRMWARE,
not new OS drivers.  They are having trouble working around the bugs in
the hardware.  THE CARD IS CRAP.  THEY KNOW IT.


Tell me again how wonderfully it is working on your FreeBSD system.  No,
better idea, don't.  Save your breath.  All I will believe at this point
is you haven't seen a problem...yet.  Maybe this card doesn't suck as
bad as the ones we got in these four machines.  Maybe it just sucks
differently.


Nick.




> 
> On Fri, Oct 22, 2010 at 6:44 PM, S H  wrote:
>> Hi misc,
>>
>> I'm looking for some feedback from people who might have tried using an
>> Adaptec Serial ATA RAID 21610SA on OpenBSD. B I completely understand why
>> Theo and the rest of the developers don't include the driver in the GENERIC
>> kernel since they were never given the documentation from Adaptec needed to
>> create the best driver possible.
>>
>> My file server currently runs FreeBSD 8.1 and has the adaptec card in it,
>> thus far it's ran quite well but I would love to have that system running
>> OpenBSD if I can. B So I'm hoping someone on misc has experience with this
>> card and might be able to offer some insight as to what I can expect in
>> comparison to how it runs on FBSD...
>>
>> I also wanted to take this time to thank all of the other developers for
> the
>> upcoming release.
>>
>> Shawn

Re: various openntpd things

[Florin Andrei]

On 10/22/2010 02:09 PM, Florin Andrei wrote:

First off, see attachment for an updated version of the spec file for
the portable version tarball.


Apparently attachments are removed. Okay, here's an online copy:

http://dl.dropbox.com/u/29966/openbsd/openntpd.spec.txt

--
Florin Andrei
http://florin.myip.org/

Need Advice: Thinkpad T60 or T61?

[Clint Pachl]

I've been using an IBM Thinkpad T22 (P3 900MHz) laptop for quite some 
time and I want to upgrade. I am looking for some expert advice on what 
to upgrade to in the Thinkpad T-Series.


Two main considerations:

1. Core Duo 32-bit (T60) or Core 2 Duo 64-bit (T61)? I've only used 
i386, should I think about amd64?


2. I would like graphics hardware acceleration. I know I need to stay 
away from nVidia. The T60 comes with ATI Radeon and the T61 is the 
integrated Intel 965GM.


Is there anything else I need to be concerned with regarding OpenBSD on 
the T-Series? What would you guys choose and why?


Thanks,

Clint

Re: Need Advice: Thinkpad T60 or T61?

[Neal Hogan]

On Fri, Oct 22, 2010 at 8:04 PM, Clint Pachl  wrote:
> I've been using an IBM Thinkpad T22 (P3 900MHz) laptop for quite some time
> and I want to upgrade. I am looking for some expert advice on what to
> upgrade to in the Thinkpad T-Series.
>
> Two main considerations:
>
> 1. Core Duo 32-bit (T60) or Core 2 Duo 64-bit (T61)? I've only used i386,
> should I think about amd64?
>
> 2. I would like graphics hardware acceleration. I know I need to stay away
> from nVidia. The T60 comes with ATI Radeon and the T61 is the integrated
> Intel 965GM.
>
> Is there anything else I need to be concerned with regarding OpenBSD on the
> T-Series?

This is probably obvious and it doesn't address your "main
considerations," but wifi card support may be an issue. I have an
atheros card in my T400 that is not yet supported (although, there has
been some chatter on this list about someone working on it).

Re: Need Advice: Thinkpad T60 or T61?

[Ted Unangst]

On Fri, Oct 22, 2010 at 9:04 PM, Clint Pachl  wrote:
> 1. Core Duo 32-bit (T60) or Core 2 Duo 64-bit (T61)? I've only used i386,
> should I think about amd64?

Are you sure about that? I didn't think they made any T60s with plain
Core chips, though I could be wrong.  My T60 has a Core 2, anyway.
Regardless of whether you want 64-bit or not, the Core 2 performance
is considerably better.

Re: sys/tcp.h does not compile with _POSIX_SOURCE

[Russell]

On 10/21/2010 09:52 AM, hyjial wrote:

Hi list !

There is a u_int on line 50 of sys/tcp.h. u_int is defined only if
__BSD_VISIBLE is which it is not is _POSIX_SOURCE is defined.

Is this intended ?

Hit into this when trying to build a program which uses libsoup.

Thanks,

hyjial

I was hit with this once (surf before it was ported) I just patched out 
the POSIX_SOURCE define in the code I was trying to compile.


However, I to am curious about the politics of that particular ifdef.

Re: Need Advice: Thinkpad T60 or T61?

[Clint Pachl]

Ted Unangst wrote:

On Fri, Oct 22, 2010 at 9:04 PM, Clint Pachl  wrote:
   

1. Core Duo 32-bit (T60) or Core 2 Duo 64-bit (T61)? I've only used i386,
should I think about amd64?
 

Are you sure about that? I didn't think they made any T60s with plain
Core chips, though I could be wrong.  My T60 has a Core 2, anyway.
Regardless of whether you want 64-bit or not, the Core 2 performance
is considerably better.
   


Actually, the T60 comes with 32-bit (T2xxx) or 64-bit (T[57]xxx) 
processors:

http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-62487

Core Duo T2500 processor: http://ark.intel.com/Product.aspx?id=27236

I've seen T60 with Core or Core 2 selling here locally on craigslist. I 
figured, if I go with a 64-bit Core 2, I would just opt for the T61 with 
the slightly faster bus and supposedly lower acoustics. Plus they are 
selling for the same price.

Re: Need Advice: Thinkpad T60 or T61?

[Clint Pachl]

Neal Hogan wrote:

On Fri, Oct 22, 2010 at 8:04 PM, Clint Pachl  wrote:
   

I've been using an IBM Thinkpad T22 (P3 900MHz) laptop for quite some time
and I want to upgrade. I am looking for some expert advice on what to
upgrade to in the Thinkpad T-Series.

Two main considerations:

1. Core Duo 32-bit (T60) or Core 2 Duo 64-bit (T61)? I've only used i386,
should I think about amd64?

2. I would like graphics hardware acceleration. I know I need to stay away
from nVidia. The T60 comes with ATI Radeon and the T61 is the integrated
Intel 965GM.

Is there anything else I need to be concerned with regarding OpenBSD on the
T-Series?
 

This is probably obvious and it doesn't address your "main
considerations," but wifi card support may be an issue. I have an
atheros card in my T400 that is not yet supported (although, there has
been some chatter on this list about someone working on it).
   


I'm not too concerned about wifi as this thing will mostly be plugged 
into a docking station. If I have to, I'll just stick a ral or ath 
pccard in it.

Re: sys/tcp.h does not compile with _POSIX_SOURCE

[Ted Unangst]

On Thu, 21 Oct 2010, hyjial wrote:

> There is a u_int on line 50 of sys/tcp.h. u_int is defined only if
> __BSD_VISIBLE is which it is not is _POSIX_SOURCE is defined.
> 
> Is this intended ?

No. Easy fix.

Index: tcp.h
===
RCS file: /home/tedu/cvs/src/sys/netinet/tcp.h,v
retrieving revision 1.17
diff -u -r1.17 tcp.h
--- tcp.h   27 Apr 2006 02:19:32 -  1.17
+++ tcp.h   23 Oct 2010 02:30:34 -
@@ -47,11 +47,11 @@
tcp_seq   th_seq;   /* sequence number */
tcp_seq   th_ack;   /* acknowledgement number */
 #if _BYTE_ORDER == _LITTLE_ENDIAN
-   u_int th_x2:4,  /* (unused) */
+   u_int32_t th_x2:4,  /* (unused) */
  th_off:4; /* data offset */
 #endif
 #if _BYTE_ORDER == _BIG_ENDIAN
-   u_int th_off:4, /* data offset */
+   u_int32_t th_off:4, /* data offset */
  th_x2:4;  /* (unused) */
 #endif
u_int8_t  th_flags;

CONGRESO NACIONAL ACA 2010 PARA SECRETARIAS EJECUTIVAS Y ASISTENTES 19-20 NOV ACAPULCO, GUERRERO.

[Iveth Vasconcelos]

[IMAGE]

!Promociones Especiales para Grupos!

Mayores informes responda este correo electrsnico con los siguientes
datos.

Empresa:

Nombre:

Telifono:

Email:

Nzmero de Interesados:

Y en breve le haremos llegar la informacisn completa del evento.

O bien comunmquense a nuestros telifonos un ejecutivo con gusto le
atendera
Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas.

ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn
tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA
PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son
propiedad de sus respectivas corporaciones y se utilizan con fines
informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.

Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.

Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAASISTENTES

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAASISTENTES Tenga en cuenta que la gestisn de nuestras
bases de datos es de suma importancia y no es intencisn de la empresa la
inconformidad del receptor.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
congreso asistentes.jpg]

Re: Need Advice: Thinkpad T60 or T61?

[Luca Corti]

On Fri, 2010-10-22 at 19:25 -0700, Clint Pachl wrote:
> I've seen T60 with Core or Core 2 selling here locally on craigslist. I 
> figured, if I go with a 64-bit Core 2, I would just opt for the T61 with 
> the slightly faster bus and supposedly lower acoustics. Plus they are 
> selling for the same price.


Dmesg from my T60 (T7200) below.

No big issues, but the fan is in fact a bit loud on OpenBSD, even when
running apmd -C. It could even suspend and resume correctly recently,
then stopped working but I don't mind since I don't use s/r.

Not all T60 are born equal though, so be sure to check the specs for
your particular model (this is a 2007E79).

I picked this up because of the nice size (14 in screen) and good
resolution (1440x900). It has an ATI x1400, so you get accelerated X.
Intel 82573L gigabit ethernet (em) and Intel 802.11g (wpi) work just
fine.

Unfortunately the chipset is limited to 3GB RAM. I have not tested
bluetooth nor the modem.The fingerprint reader does not attach to any
driver.

After 4 years it is still doing its job, so I can recommend it.


OpenBSD 4.8-current (GENERIC.MP) #591: Tue Oct 19 11:45:02 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3218931712 (3069MB)
avail mem = 3119386624 (2974MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version "79ETE6WW (2.26 )" date 04/01/2010
bios0: LENOVO 2007E79
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4)
EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3)
HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1995.31 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1995.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T4504" serial 10643 type LION oem
"SANYO"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
cpu0: Enhanced SpeedStep 1995 MHz: speeds: 2000, 1667, 1333, 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: apic 1 int
16 (irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X1400" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at radeondrm0
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02:
apic 1 int 17 (irq 11)
azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog
Devices AD1981HD
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int
20 (irq 11)
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic
1 int 16 (irq 11), address 00:15:58:83:a5:0e
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int
21 (irq 11)
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02:
apic 1 int 17 (irq 11), MoW1, address 00:1b:77:02:dc:c5
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int
22 (irq 11)
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int
23 (irq 11)
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int
16 (irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int
17 (irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int
18 (irq 11)
uhci3 at pci0 dev 29 function 3 "Intel 828

Re: sys/tcp.h does not compile with _POSIX_SOURCE

[Philip Guenther]

On Fri, 22 Oct 2010, Ted Unangst wrote:
> On Thu, 21 Oct 2010, hyjial wrote:
> 
> > There is a u_int on line 50 of sys/tcp.h. u_int is defined only if
> > __BSD_VISIBLE is which it is not is _POSIX_SOURCE is defined.
> > 
> > Is this intended ?
> 
> No. Easy fix.

(This is PR 6192)

Instead, how about making  comply with SUS/POSIX, which 
says that in a conforming environment this header file shall define 
TCP_NODELAY and may declare additional TCP_* macros, but shall not 
otherwise intrude on the applicatiojn visible namespace.  Wrapping the top 
of the file in #if __BSD_VISIBLE is the simplest way to meet that 
requirement and solve both the PR and the request in this thread without 
breaking software that doesn't insist on slamming its face into the POSIX 
wall.

Philip Guenther


Index: tcp.h
===
RCS file: /cvs/src/sys/netinet/tcp.h,v
retrieving revision 1.17
diff -u -p -r1.17 tcp.h
--- tcp.h   27 Apr 2006 02:19:32 -  1.17
+++ tcp.h   23 Oct 2010 04:04:17 -
@@ -35,6 +35,8 @@
 #ifndef _NETINET_TCP_H_
 #define_NETINET_TCP_H_
 
+#if __BSD_VISIBLE
+
 typedef u_int32_t tcp_seq;
 
 /*
@@ -113,6 +115,8 @@ struct tcphdr {
 #defineTCP_MAXWIN  65535   /* largest value for (unscaled) window 
*/
 
 #defineTCP_MAX_WINSHIFT14  /* maximum window shift */
+
+#endif /* __BSD_VISIBLE */
 
 /*
  * User-settable options (used with setsockopt).

Re: Adaptec Serial ATA RAID 21610SA

[S H]

Thanks for your updates to the story Nick.  As I said at this time I can't
replace the card but I will certainly do so as soon as I'm able.  I
appreciate your feedback.

Shawn

On Fri, Oct 22, 2010 at 8:23 PM, Nick Holland
wrote:

> On 10/22/10 11:56, Tomas Bodzar wrote:
> > It's not only problem with license, but with quality of Adaptec as a
> > whole http://marc.info/?l=openbsd-misc&m=125783114503531&w=2 . But
> > maybe it changed as there is not Adaptec anymore.
>
> And don't forget this follow up:
> http://marc.info/?l=openbsd-misc&m=126775051500581&w=2
>
> As you people keep bringing Adaptec cards, I'm gonna update my story...
>  If you haven't read the above chapters in the story, you might.  I
> swear in it a few times.  I don't usually do that.  It's worth the read
> just for that. :)
>
> ok, when we last saw this story, Adaptec was working on new firmware
> which really would fix the problem.  Not too long after I wrote the
> second chapter in this saga, I got word from my ever-patient support guy
> that they got a new firmware for me, and if this doesn't do it, they are
> sending me new controllers (LSI), which they have switched to for all
> new machines they send out (forcing a rev of their application).
>
> The new firmware is installed, and finally..things are working.
>
>
> For a while.
>
>
> A couple months ago, one of the boxes hangs and quits working, somewhat
> like the very very first problem, but to be honest, that isn't my first
> guess.  I reboot the box, and call the service vendor and they look and
> sure enough, a couple hours later I get a call from the guy who has
> patiently worked with me on this stuff and he said, "It did it again."
> I can't believe this, but sure enough, the system logs show the
> controller tripping up and killing the system. again.
>
> So, they tell me, "That does it, you are getting the upgrade kit".  They
> send me out the deluxe edition, complete with new disks, array
> pre-created and preloaded with the new OS, as the old array won't be
> readable on the new array controller.  The kit is actually pretty
> decent, they have obviously spent a bit of time planning on having
> people field-upgrade these what were supposed to be "sealed" boxes, and
> changing cards in computers, of course, hasn't been an issue for
> me...well, ever.
>
> It's something of a pain, though, as we basically have to rebuild the
> box from scratch, and reconfigure it as the old system was (and hope we
> got everything right the first time...which we did by the time the third
> box was upgraded).  While we are upgrading the first one, though,
> another one died on us...leading us to think we've got an uptime-related
> issue.
>
> So at this point, I've got three of the boxes upgraded with new firmware
> (and a new version of the OS to go along with it).  The fourth box, I
> offered to test the NEXT new Craptec firmware on.  Curiously, the
> version number on the new firmware is SMALLER than the last "This is it"
> version.  Yes, you could feel my support contact rolling his eyes when
> he told me that.
>
> Do note that every step of the way, they are sending me new FIRMWARE,
> not new OS drivers.  They are having trouble working around the bugs in
> the hardware.  THE CARD IS CRAP.  THEY KNOW IT.
>
>
> Tell me again how wonderfully it is working on your FreeBSD system.  No,
> better idea, don't.  Save your breath.  All I will believe at this point
> is you haven't seen a problem...yet.  Maybe this card doesn't suck as
> bad as the ones we got in these four machines.  Maybe it just sucks
> differently.
>
>
> Nick.
>
>
>
>
> >
> > On Fri, Oct 22, 2010 at 6:44 PM, S H  wrote:
> >> Hi misc,
> >>
> >> I'm looking for some feedback from people who might have tried using an
> >> Adaptec Serial ATA RAID 21610SA on OpenBSD. B I completely understand
> why
> >> Theo and the rest of the developers don't include the driver in the
> GENERIC
> >> kernel since they were never given the documentation from Adaptec needed
> to
> >> create the best driver possible.
> >>
> >> My file server currently runs FreeBSD 8.1 and has the adaptec card in
> it,
> >> thus far it's ran quite well but I would love to have that system
> running
> >> OpenBSD if I can. B So I'm hoping someone on misc has experience with
> this
> >> card and might be able to offer some insight as to what I can expect in
> >> comparison to how it runs on FBSD...
> >>
> >> I also wanted to take this time to thank all of the other developers for
> > the
> >> upcoming release.
> >>
> >> Shawn

Re: sys/tcp.h does not compile with _POSIX_SOURCE

[Philip Guenther]

On Fri, 22 Oct 2010, Philip Guenther wrote:
> Instead, how about making  comply with SUS/POSIX, which 
> says that in a conforming environment this header file shall define 
> TCP_NODELAY and may declare additional TCP_* macros, but shall not 
> otherwise intrude on the applicatiojn visible namespace.  Wrapping the top 
> of the file in #if __BSD_VISIBLE is the simplest way to meet that 
> requirement and solve both the PR and the request in this thread without 
> breaking software that doesn't insist on slamming its face into the POSIX 
> wall.

Update: need  for __BSD_VISIBLE.  Running a build now...

Philip Guenther

Index: sys/netinet/tcp.h
===
RCS file: /cvs/src/sys/netinet/tcp.h,v
retrieving revision 1.17
diff -u -p -r1.17 tcp.h
--- sys/netinet/tcp.h   27 Apr 2006 02:19:32 -  1.17
+++ sys/netinet/tcp.h   23 Oct 2010 05:42:40 -
@@ -35,6 +35,10 @@
 #ifndef _NETINET_TCP_H_
 #define_NETINET_TCP_H_
 
+#include 
+
+#if __BSD_VISIBLE
+
 typedef u_int32_t tcp_seq;
 
 /*
@@ -113,6 +117,8 @@ struct tcphdr {
 #defineTCP_MAXWIN  65535   /* largest value for (unscaled) window 
*/
 
 #defineTCP_MAX_WINSHIFT14  /* maximum window shift */
+
+#endif /* __BSD_VISIBLE */
 
 /*
  * User-settable options (used with setsockopt).

Re: password-less console-only access and ssh remote access?

[Joachim Schipper]

On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote:
> On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote:
> > My ideal setup would be:
> >   1) no passwords  ("*" in /etc/passwd or via vipw)
> >   2) only ssh for remote access
> >i.e. no password-based security, only something better
> >   3) except console, where anyone should be able to login
> > without any password (granted, I only have two users, root and jay)
> 
> You can get almost the same thing by setting "PasswordAuthentication" to "no"
> in your sshd_config file, and hand out (...) simple passwords (...)

Well, except when someone runs login(1) from an SSH'ed shell...

I'm pretty sure you can just add a line along the lines of

ttyC0 "//bin/ksh" vt220 on

to /etc/ttys, if you insist.

Joachim

-- 
TFMotD: qdiv (3) - return quotient and remainder from division
http://www.joachimschipper.nl/

Re: CVS ls Disabled on Mirrors?

[Joachim Schipper]

On Thu, Oct 21, 2010 at 02:02:26PM -0400, Adam M. Dutko wrote:
> I recently tried to list contents of some of the CVS servers without doing a
> checkout to see if it would be feasible to write a small script to identify
> hot spots in the development tree based on recent commits.  I believe this
> functionality is disabled due to security or resource usage concerns.
> 
> The anoncvs.shar file shows most anon servers should chroot, drop
> privileges, and use read only mounts.  I imagine it's the read only mount
> that's the sticking point.  This can probably be accomplished using a local
> copy or a cloned server using cvssync.  I just wanted to make sure I wasn't
> missing something with regard to why ls/dir doesn't seem to work.  Thanks.


You already have a good answer, but allow me to point out that you
shouldn't pester the mirrors for this anyway. Just get a copy with
cvsync and run everything locally.

Joachim

-- 
TFMotD: madvise, posix_madvise (2) - give advice about use of memory
http://www.joachimschipper.nl/