4.8 fail boot

[fabioFVZ]

Hello,
after boot on my DL360 G3 2Gb ram, hp array i5 (2x36gb mirroring)
with new 4.8 the boot blocked on:

npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
rd0: fixed, 3800 block
softraid0 at root


end .

NO error, no other info...

4.6 boot regulary...

Re: 4.8 fail boot

[Kenneth R Westerback]

On Tue, Nov 23, 2010 at 12:33:41PM +0100, fabioFVZ wrote:
> Hello,
> after boot on my DL360 G3 2Gb ram, hp array i5 (2x36gb mirroring)
> with new 4.8 the boot blocked on:
> 
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> rd0: fixed, 3800 block
> softraid0 at root
> 
> 
> end .
> 
> NO error, no other info...
> 
> 4.6 boot regulary...
> 

4.6 to 4.8 is a long time. Does 4.7 boot? Does a -current snapshot?

How about the usual information about the box? Without some clues
you will get no help.

http://openbsd.org/report.html

 Ken

Re: 4.8 fail boot

[Jiri B.]

Plug serial cable and get some info.


> Date: Tue, 23 Nov 2010 12:33:41 +0100
> From: fa...@openbeer.it
> To: misc@openbsd.org
> Subject: 4.8 fail boot
>
> Hello,
> after boot on my DL360 G3 2Gb ram, hp array i5 (2x36gb mirroring)
> with new 4.8 the boot blocked on:
>
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> rd0: fixed, 3800 block
> softraid0 at root
>
>
> end .
>
> NO error, no other info...
>
> 4.6 boot regulary...

Apache (base) and proxy_module

[Björn Ketelaars]

I'm running an application with a web-interface behind an Apache
reverse proxy (from base). As this application is on the same host as
Apache it is running on another port (8080 instead of 80).
Unfortunately Apache sends back the wrong Host-Header. After carefully
checking the CVS-log for a bit of inspiration I found that a similar
problem was solved almost nine months ago [1]. When returning to an
older revision (1.19.2.1) of proxy_http.c my problems were gone. After
carefully looking at the code I think I have found a solution for the
former problem as well as my problem.

# diff -u proxy_http.c.orig proxy_http.c
--- proxy_http.c.orig   Tue Nov 23 12:05:25 2010
+++ proxy_http.cTue Nov 23 12:44:26 2010
@@ -367,7 +367,7 @@
AP_HOOK_DECLINE(DECLINED),
&rc, r, f, desthost, destportstr, destportstr);
 if (rc == DECLINED) {
-   if (destportstr != NULL && destport != DEFAULT_HTTP_PORT)
+   if (destportstr != NULL || destport != DEFAULT_HTTP_PORT)
ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF, NULL);
else
ap_bvputs(f, "Host: ", desthost, CRLF, NULL);

What do you think?

[1] 
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/modules/proxy/proxy_http.c

OT: Disadvantages of using virtual firewalls like OpenBSd

[carlopmart]

Hi all,

 First of all, I don't want to start a flame. I will to know your opinion about 
using virtual firewalls in virtual infraestructures like vmware, kvm ,xen, etc ... 
like OpenBSD.


 Advantages are very clear for me: provisioning, administration tasks, etc ... But 
I will to know disadvantages. What is your opinion from the point of view of security?


 Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Apache (base) and proxy_module

[Дмитрий Царьков]

2010/11/23 BjC6rn Ketelaars :
> - B  B  B  B  B  if (destportstr != NULL && destport != DEFAULT_HTTP_PORT)
> + B  B  B  B  B  if (destportstr != NULL || destport != DEFAULT_HTTP_PORT)

Your expression is always true, no sense in checking.

--
Dmitrij D. Czarkoff

Re: Apache (base) and proxy_module

[Дмитрий Царьков]

Sorry, I was too fast to answer. I believe it can make sense.

2010/11/23 PPP2 :
> 2010/11/23 BjC6rn Ketelaars :
>> - B  B  B  B  B  if (destportstr != NULL && destport != DEFAULT_HTTP_PORT)
>> + B  B  B  B  B  if (destportstr != NULL || destport != DEFAULT_HTTP_PORT)
>
> Your expression is always true, no sense in checking.

--
Dmitrij D. Czarkoff

Re: Linux or OpenBSD

[Toni Mueller]

Hi,

On Sun, 24.10.2010 at 08:20:35 +0530, Siju George  wrote:
> On Sat, Oct 23, 2010 at 7:18 PM, Toni Mueller  wrote:
> > Also, Linux is better supported by hardware vendors, and/or much less
> > picky about hardware than OpenBSD is.
> Not always is it ?

of course, my statement reflects only my experience. Which is about
what you read.

> I have had toswitch from Linux to OpenBSD twice just because of
> hardware support.

For me, it's just the other way round.

But leaving that aside, I usually have a use case that can be satisfied
with one XOR the other system, and so I try to adapt the hardware to
the requirements wherever possible.

-- 
Kind regards,
--Toni++

Re: Linux or OpenBSD

[Toni Mueller]

Hi,

On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom  
wrote:
> On Oct 23, 2010, at 8:48, Toni Mueller  wrote:
> > Also, Linux is better supported by hardware vendors, and/or much less
> > picky about hardware than OpenBSD is.
> If you consider the garbage these vendors call drivers then sure.
> 
> The only debate really comes down to smp and flash.

nope. I regularly see hardware which is supposed to be good, and which
gives no problems under Linux, which causes a lot of problems under
OpenBSD. I'm just about to throw away a bunch of recent machines that
worked fine with older OpenBSDs, but horribly crash with later
releases, up to the point that they even refuse to boot.


-- 
Kind regards,
--Toni++

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[carlopmart]

On 11/23/2010 01:42 PM, Bret Lambert wrote:

Because you're still relying on your host's network stack, you aren't
actually firewalling it.



Uhmm .. I am not sure about this. For example: you can configure several virtual 
bridges under a ESXi host and then attach them to a virtual firewall like OpenBSD. 
If you configure some pf rules, you are doing firewalling ... In this case you have 
all network stack except layer 1, correct??

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Apache (base) and proxy_module

[Björn Ketelaars]

2010/11/23 Bjvrn Ketelaars :
> I'm running an application with a web-interface behind an Apache
> reverse proxy (from base). As this application is on the same host as
> Apache it is running on another port (8080 instead of 80).
> Unfortunately Apache sends back the wrong Host-Header. After carefully
> checking the CVS-log for a bit of inspiration I found that a similar
> problem was solved almost nine months ago [1]. When returning to an
> older revision (1.19.2.1) of proxy_http.c my problems were gone. After
> carefully looking at the code I think I have found a solution for the
> former problem as well as my problem.
>
> # diff -u proxy_http.c.orig proxy_http.c
> --- proxy_http.c.orig   Tue Nov 23 12:05:25 2010
> +++ proxy_http.cTue Nov 23 12:44:26 2010
> @@ -367,7 +367,7 @@
>AP_HOOK_DECLINE(DECLINED),
>&rc, r, f, desthost, destportstr, destportstr);
> if (rc == DECLINED) {
> -   if (destportstr != NULL && destport != DEFAULT_HTTP_PORT)
> +   if (destportstr != NULL || destport != DEFAULT_HTTP_PORT)
>ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF,
NULL);
>else
>ap_bvputs(f, "Host: ", desthost, CRLF, NULL);
>
> What do you think?
>
> [1]
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/modules/proxy/pr
oxy_http.c
>

I believe I made a mistake:

destportstr != NULL => will be evaluated as true when a port is given.

destport != DEFAULT_HTTP_PORT => will ALWAYS be evaluated as false
because in line 118 (proxy_http.c) destport is set to
DEFAULT_HTTP_PORT and never changes. What really has to be compared is
the value of destportstr with destport (or DEFAULT_HTTP_PORT). So the
expression should be:

atoi(destportstr) != destport

New diff:

# diff -u proxy_http.c.orig proxy_http.c
--- proxy_http.c.orig   Tue Nov 23 12:05:25 2010
+++ proxy_http.cTue Nov 23 14:00:15 2010
@@ -367,7 +367,7 @@
AP_HOOK_DECLINE(DECLINED),
&rc, r, f, desthost, destportstr, destportstr);
 if (rc == DECLINED) {
-   if (destportstr != NULL && destport != DEFAULT_HTTP_PORT)
+   if (destportstr != NULL && atoi(destportstr) != destport)
ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF,
NULL);
else
ap_bvputs(f, "Host: ", desthost, CRLF, NULL);

What do you think?

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[carlopmart]

On 11/23/2010 01:48 PM, carlopmart wrote:

On 11/23/2010 01:42 PM, Bret Lambert wrote:

Because you're still relying on your host's network stack, you aren't
actually firewalling it.



Uhmm .. I am not sure about this. For example: you can configure several virtual
bridges under a ESXi host and then attach them to a virtual firewall like 
OpenBSD.
If you configure some pf rules, you are doing firewalling ... In this case you 
have
all network stack except layer 1, correct??


And one more thing: with latest releases of hypervisors like ESXi and KVM (I don't 
know about xen), you can attach physical hardware to a specific guest, like network 
interfaces. Then, you have all network stack asigned to a virtual machine. Where are 
the disadvantages in scenarios like this??


Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Jim Razmus]

* carlopmart  [101123 08:22]:
> On 11/23/2010 01:48 PM, carlopmart wrote:
> >On 11/23/2010 01:42 PM, Bret Lambert wrote:
> >>Because you're still relying on your host's network stack, you aren't
> >>actually firewalling it.
> >>
> >
> >Uhmm .. I am not sure about this. For example: you can configure several 
> >virtual
> >bridges under a ESXi host and then attach them to a virtual firewall like 
> >OpenBSD.
> >If you configure some pf rules, you are doing firewalling ... In this case 
> >you have
> >all network stack except layer 1, correct??
> 
> And one more thing: with latest releases of hypervisors like ESXi
> and KVM (I don't know about xen), you can attach physical hardware
> to a specific guest, like network interfaces. Then, you have all
> network stack asigned to a virtual machine. Where are the
> disadvantages in scenarios like this??
> 
> Thanks.
> 
> -- 
> CL Martinez
> carlopmart {at} gmail {d0t} com
> 

You're still relying on software to the right thing and protect against
abuse.  "attach physical hardware to a specific guest" is done via
software.  Do you trust that software?

jim@

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[carlopmart]

On 11/23/2010 02:30 PM, Timo Schoeler wrote:

thus carlopmart spake:

On 11/23/2010 01:48 PM, carlopmart wrote:

On 11/23/2010 01:42 PM, Bret Lambert wrote:

Because you're still relying on your host's network stack, you aren't
actually firewalling it.



Uhmm .. I am not sure about this. For example: you can configure
several virtual
bridges under a ESXi host and then attach them to a virtual firewall
like OpenBSD.
If you configure some pf rules, you are doing firewalling ... In this
case you have
all network stack except layer 1, correct??


And one more thing: with latest releases of hypervisors like ESXi and
KVM (I don't know about xen), you can attach physical hardware to a
specific guest, like network interfaces. Then, you have all network
stack asigned to a virtual machine. Where are the disadvantages in
scenarios like this??

Thanks.


http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/24/352059


Yes, but this question is three years old and hypervisors have changed 

Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[carlopmart]

On 11/23/2010 02:33 PM, Jim Razmus wrote:

* carlopmart  [101123 08:22]:

On 11/23/2010 01:48 PM, carlopmart wrote:

On 11/23/2010 01:42 PM, Bret Lambert wrote:

Because you're still relying on your host's network stack, you aren't
actually firewalling it.



Uhmm .. I am not sure about this. For example: you can configure several virtual
bridges under a ESXi host and then attach them to a virtual firewall like 
OpenBSD.
If you configure some pf rules, you are doing firewalling ... In this case you 
have
all network stack except layer 1, correct??


And one more thing: with latest releases of hypervisors like ESXi
and KVM (I don't know about xen), you can attach physical hardware
to a specific guest, like network interfaces. Then, you have all
network stack asigned to a virtual machine. Where are the
disadvantages in scenarios like this??

Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com



You're still relying on software to the right thing and protect against
abuse.  "attach physical hardware to a specific guest" is done via
software.  Do you trust that software?

jim@




Uhmm ... good point Jim. But, but one question: can you compromise this virtual 
firewall using a specific exploit, procedure, etc and don't do the same with a 
physical firewall ??


--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: ESXi client / NFS server performance

[Steve Shockley]

On 11/14/2010 1:04 PM, Steven Surdock wrote:

Greetings, I'm attempting to use an OBSD 4.8-stable machine as an NFS
server for storing snapshots from an ESXi 3.5 server.  Unfortunately my
NFS performance seems relatively poor at about 55 Mbps (6 MBps).


I've found ESX performance over NFS is horrible unless you're doing 
async mounts or using an NFS server that "cheats" with sync mounts (like 
a NetApp filer where it writes to NVRAM and sends the response before 
it's actually on disk).

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[STeve Andre']

On 11/23/10 07:38, carlopmart wrote:

Hi all,

 First of all, I don't want to start a flame. I will to know your 
opinion about using virtual firewalls in virtual infraestructures like 
vmware, kvm ,xen, etc ... like OpenBSD.


 Advantages are very clear for me: provisioning, administration tasks, 
etc ... But I will to know disadvantages. What is your opinion from 
the point of view of security?


 Thanks.


Don't.

Search the archives for virtualization and you'll get some ideas about it.

--STeve Andre'

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Bret Lambert]

On Tue, Nov 23, 2010 at 1:38 PM, carlopmart  wrote:
> Hi all,
>
>  First of all, I don't want to start a flame. I will to know your opinion
> about using virtual firewalls in virtual infraestructures like vmware, kvm
> ,xen, etc ... like OpenBSD.
>
>  Advantages are very clear for me: provisioning, administration tasks, etc
> ... But I will to know disadvantages. What is your opinion from the point
of
> view of security?

Because you're still relying on your host's network stack, you aren't
actually firewalling it.

>
>  Thanks.
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com

HP Proliant NEO N36L

[Joakim Aronius]

Hi,

This looks like a nice, small and cheap server: 
HP ProLiant AMD Athlon II NEO N36L
http://www.newegg.com/Product/Product.aspx?Item=N82E16859105905

However, there seem to be some HP stuff in there which Im not sure is supported.

Ethernet Controller
Embedded NC107i PCI Express Gigabit Ethernet Server Adapter 
(Seems like this is a bge(4) according to this(?) 
http://old.nabble.com/HP-DL120-G6-with-OpenBSD--tt28315871.html#a28315871 )

Storage Controller
Embedded SATA Controller with Embedded RAID (0, 1) 


Has anyone tried OpenBSD on one of these? Any DMESG available?

In general, are the HP Proliant boxes good with OpenBSD?

Regards,
/Joakim

尊貴的: misc: 一Click邁向成功

[ePromotion Ltd.]

Having problems viewing this email? Please click here.For enquiry, please send 
email to sa...@epromotion.com.hk 

e&g!f3i1h.d;%d8ge'e.9o<h+f   f-$.e&f   
d;;d=f%h)"h+i;i5h3  sa...@epromotion.com.hk



















e&ff(d8
f3e
f6e0fegd?!d;6o<h+fih#ie.

Important Notice: Base on the Unsolicited Electronic Messages Ordinance, if you 
DO NOT want to receive any promotional email messages from us in the future, 
please kindly reply this e-mail for DELETION. If you would like to continue to 
receive our promotional email massages, you do not need to reply us.

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Bahador NazariFard]

OK
You are right.
But you know in this case your security level is not higher than virtual
machine.
Because your security level in complex chained system is not higher than
weakest point.In fact you are accepting the risk of using virtual machine.
I think in this case if your virtual machine system is not stronger than
OpenBSD  you should not use it.
If one can exploit virtual machine he/she can hurt your platform.

I think virtual systems are very very useful but they are not very good for
security box.

I think virtual machine is one of your assets that you should be able to
protect it.
because it may have many guest and provide several  services for your client
.

For example in this senario you can not protect your network even your
firewall box against DoS or DDoS attack.
because your virtual machine has to get a lot of packet before your
firewall.




On Tue, Nov 23, 2010 at 4:47 PM, carlopmart  wrote:

> On 11/23/2010 01:48 PM, carlopmart wrote:
>
>> On 11/23/2010 01:42 PM, Bret Lambert wrote:
>>
>>> Because you're still relying on your host's network stack, you aren't
>>> actually firewalling it.
>>>
>>>
>> Uhmm .. I am not sure about this. For example: you can configure several
>> virtual
>> bridges under a ESXi host and then attach them to a virtual firewall like
>> OpenBSD.
>> If you configure some pf rules, you are doing firewalling ... In this case
>> you have
>> all network stack except layer 1, correct??
>>
>
> And one more thing: with latest releases of hypervisors like ESXi and KVM
> (I don't know about xen), you can attach physical hardware to a specific
> guest, like network interfaces. Then, you have all network stack asigned to
> a virtual machine. Where are the disadvantages in scenarios like this??
>
> Thanks.
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>


-- 
Gula_Gula =;=; BNF

Re: HP Proliant NEO N36L

[Michal]

Storage Controller
 Embedded SATA Controller with Embedded RAID (0, 1)


This concerns me. Generally with RAID, it's either a known, branded raid 
controller that can easily be replaced, or software raid. Anything in 
the middle like raid on desktop motherboards I avoid for servers

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Brad Tilley]

carlopmart wrote:

>  Advantages are very clear for me: provisioning, administration tasks,
> etc ... But I will to know disadvantages. What is your opinion from the
> point of view of security?

I use virtualization for many things (mainly for the productivity
advantages that you list), but it has always bothered me because
virtualization is pretending.

In Java, for example, the VM pretends about a lot of things that are not
true in the physical world. This makes it easy and convenient for
programmers. The problem is that they come to believe that the pretend
things are real and then make assumptions (when dealing with physical
machines) that are incorrect.

I would say that so long as you understand that a lot of pretending is
going on when doing any sort of virtualization, (and you accept that)
and that you know the differences between the pretend machines and the
real machines then you know all you need to know in order to decide if
it is right for your environment.

Brad

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Michal]

On 23/11/10 13:56, Bahador NazariFard wrote:

OK
You are right.
But you know in this case your security level is not higher than virtual
machine.
Because your security level in complex chained system is not higher than
weakest point.In fact you are accepting the risk of using virtual machine.
I think in this case if your virtual machine system is not stronger than
OpenBSD  you should not use it.
If one can exploit virtual machine he/she can hurt your platform.

I think virtual systems are very very useful but they are not very good for
security box.

I think virtual machine is one of your assets that you should be able to
protect it.
because it may have many guest and provide several  services for your client
.

For example in this senario you can not protect your network even your
firewall box against DoS or DDoS attack.
because your virtual machine has to get a lot of packet before your
firewall.



This is a good post. I have esxi servers and they work well, but you'd 
have a hardware firewall sitting at the front of network, unless you 
want to do firewall testing etc. If you can afford to get some esxi 
servers, I'm sure you can pay the little bit extra to get an OpenBSD 
firewall on the go, even two for that matter

Re: em(4) detailed errors

[Toni Mueller]

Hi,

On Thu, 18.11.2010 at 16:38:55 +0100, Manuel Guesdon 
 wrote:
> Is there a way to get detailed em(4) device errors without having to
> recompile kernel with EM_DEBUG ?
> I try to find in-errors reason(s) but netstat only gives errors as a sum of
> dropped_pkts + stats.rxerrc + stats.crcerrs + sc->stats.algnerrc +... as far
> as I can see :-(

I'm having a similar problem. On one 4x em(4) machine, I get a lot of
input errors and, much more serious, intermittend packet loss, but only
on one interface out of two with similar traffic levels (~1-4kpps per
direction).

After reading the latest em(4) threads, I also found this very strange
thing, which must have been automatically configured:

# ifconfig em3
em3:
flags=8b43 mtu 1500
lladdr 00:30:48:94:0b:21
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
^
status: active


I'm unsure about how to remove this feature from this (physical)
interface, and the machine uses none of carp, pfsync or sasync.
The hardware for this interface is

em3 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 
17 (irq 11), address 00:30:48:94:0b:21

as detected by OpenBSD 4.8-stable (i386).

The ability to selectively enable or disable debugging for individual
devices at runtime would be a great feature, from a sysadmin's
perspective.


-- 
Kind regards,
--Toni++

Re: em(4) detailed errors

[Claudio Jeker]

On Tue, Nov 23, 2010 at 03:16:57PM +0100, Toni Mueller wrote:
> Hi,
> 
> On Thu, 18.11.2010 at 16:38:55 +0100, Manuel Guesdon 
>  wrote:
> > Is there a way to get detailed em(4) device errors without having to
> > recompile kernel with EM_DEBUG ?
> > I try to find in-errors reason(s) but netstat only gives errors as a sum of
> > dropped_pkts + stats.rxerrc + stats.crcerrs + sc->stats.algnerrc +... as far
> > as I can see :-(
> 
> I'm having a similar problem. On one 4x em(4) machine, I get a lot of
> input errors and, much more serious, intermittend packet loss, but only
> on one interface out of two with similar traffic levels (~1-4kpps per
> direction).
> 
> After reading the latest em(4) threads, I also found this very strange
> thing, which must have been automatically configured:
> 
> # ifconfig em3
> em3:
> flags=8b43 mtu 1500
> lladdr 00:30:48:94:0b:21
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,master)
> ^
> status: active
> 
> 
> I'm unsure about how to remove this feature from this (physical)
> interface, and the machine uses none of carp, pfsync or sasync.
> The hardware for this interface is
> 

If you wonder about the "master" in the media line then be assured that
all is fine. 1000BaseT require autoselection to always run and every link
needs one PHY running as master (normaly the switch).

> em3 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 
> 17 (irq 11), address 00:30:48:94:0b:21
> 
> as detected by OpenBSD 4.8-stable (i386).
> 
> The ability to selectively enable or disable debugging for individual
> devices at runtime would be a great feature, from a sysadmin's
> perspective.
> 

-- 
:wq Claudio

Re: HP Proliant NEO N36L

[Stuart Henderson]

On 2010-11-23, Joakim Aronius  wrote:
> Hi,
>
> This looks like a nice, small and cheap server: 
> HP ProLiant AMD Athlon II NEO N36L
> http://www.newegg.com/Product/Product.aspx?Item=N82E16859105905
>
> However, there seem to be some HP stuff in there which Im not sure is 
> supported.

FreeBSD dmesg here:

http://www23.atwiki.jp/dragonkiller?cmd=upload&act=open&pageid=239&file=proliant-microserver_freenas0.7.2-dmesg.txt

>From this I would make educated guesses that the ethernet
should be ok, raid probably won't work in raid mode but should
be ok in ahci mode. But as to whether ACPI will work, you can't
really make a guess ...

> Ethernet Controller
> Embedded NC107i PCI Express Gigabit Ethernet Server Adapter 
> (Seems like this is a bge(4) according to this(?) 
> http://old.nabble.com/HP-DL120-G6-with-OpenBSD--tt28315871.html#a28315871 )


> Storage Controller
> Embedded SATA Controller with Embedded RAID (0, 1) 
> 
>
> Has anyone tried OpenBSD on one of these? Any DMESG available?
>
> In general, are the HP Proliant boxes good with OpenBSD?

"The HP Proliant boxes" cover a huge range of machines over
a long period of time. Some work fine, others didn't but
got fixed, there may well be others which still don't.

Re: em(4) detailed errors

[Otto Moerbeek]

On Tue, Nov 23, 2010 at 03:16:57PM +0100, Toni Mueller wrote:

> Hi,
> 
> On Thu, 18.11.2010 at 16:38:55 +0100, Manuel Guesdon 
>  wrote:
> > Is there a way to get detailed em(4) device errors without having to
> > recompile kernel with EM_DEBUG ?
> > I try to find in-errors reason(s) but netstat only gives errors as a sum of
> > dropped_pkts + stats.rxerrc + stats.crcerrs + sc->stats.algnerrc +... as far
> > as I can see :-(
> 
> I'm having a similar problem. On one 4x em(4) machine, I get a lot of
> input errors and, much more serious, intermittend packet loss, but only
> on one interface out of two with similar traffic levels (~1-4kpps per
> direction).
> 
> After reading the latest em(4) threads, I also found this very strange
> thing, which must have been automatically configured:
> 
> # ifconfig em3
> em3:
> flags=8b43 mtu 1500
> lladdr 00:30:48:94:0b:21
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,master)
> ^
> status: active
> 
> 
> I'm unsure about how to remove this feature from this (physical)
> interface, and the machine uses none of carp, pfsync or sasync.
> The hardware for this interface is

I would rather investigate why the PROMISC and ALLMULTI flags are set
on this interface.

-Otto

> 
> em3 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 
> 17 (irq 11), address 00:30:48:94:0b:21
> 
> as detected by OpenBSD 4.8-stable (i386).
> 
> The ability to selectively enable or disable debugging for individual
> devices at runtime would be a great feature, from a sysadmin's
> perspective.
> 
> 
> -- 
> Kind regards,
> --Toni++

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Stuart Henderson]

On 2010-11-23, carlopmart  wrote:
> Hi all,
>
>   First of all, I don't want to start a flame. I will to know your opinion 
> about 
> using virtual firewalls in virtual infraestructures like vmware, kvm ,xen, 
> etc ... 
> like OpenBSD.
>
>   Advantages are very clear for me: provisioning, administration tasks, etc 
> ... But 
> I will to know disadvantages. What is your opinion from the point of view of 
> security?
>
>   Thanks.

How will you protect your management interface if the firewall is
virtualised?

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[carlopmart]

On 11/23/2010 04:03 PM, Stuart Henderson wrote:

On 2010-11-23, carlopmart  wrote:

Hi all,

   First of all, I don't want to start a flame. I will to know your opinion 
about
using virtual firewalls in virtual infraestructures like vmware, kvm ,xen, etc 
...
like OpenBSD.

   Advantages are very clear for me: provisioning, administration tasks, etc 
... But
I will to know disadvantages. What is your opinion from the point of view of 
security?

   Thanks.


How will you protect your management interface if the firewall is
virtualised?




At logical level or physical level?? At logical level I can configure a virtual 
bridge on this interface and apply firewall rules. Physically, impossible, obvious.


--
CL Martinez
carlopmart {at} gmail {d0t} com

México el Museo más Grande del Mundo

[Coordinación Ejecutiva Nacional de las Conmemoraciones del 2010]

?Problemas visualizando este e-mail? Ver Online

Smguenos en:

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Coordinacisn Ejecutiva Nacional de las Conmemoraciones del
2010‏

[IMAGE]

Cuando veas esta
pregunta

[IMAGE]

?Quiin sabe qui pass aqum?

[IMAGE]

Podras
descubrir la historia de Mixico a travis de tu celular

[IMAGE]

Sslo marca
*2010 o envma un SMS al 2020 + Nzmero de monumento. Al
instante sabras ?Qui pass ahm?

[IMAGE]

2010 monumentos,
2010 historias por conocer Mixico el museo mas grande del
Mundo 

[IMAGE]

Te invitamos a
registrarte y ser parte de la gran conmemoracisn 

[IMAGE]

*Nombre

*Apellido Paterno

*Apellido Materno

Sexo

Fecha de Nacimiento

Telifono

Femenino

Masculino

Celular

?Deseas recibir informacisn
en tu celular?

C.P.

SI

NO

Municipio / Delegacisn

Estado

Su direccisn de e-mail

Si usas Hotmail, Outlook 2007, Entourage, Outlook Web Assistant, o no
puedes contestar la encuesta, haz clic aqum
Los campos con * son requeridos.

[IMAGE]

!Invita a un
amigo a ser parte de este gran evento!

[IMAGE]

Nombre de tu amigo

e-mail de tu amigo

[IMAGE]

Mixico es
mi Museo 

[IMAGE]

TODOS LOS CONTENIDOS QUE SE INCLUYEN EN ESTE SITIO, TALES COMO TEXTOS,
GRAFICOS, LOGOTIPOS, ICONOS, IMAGENES, AUDIOCLIPS, DESCARGAS DIGITALES,
COMPILACISN DE DATOS Y SOFTWARE SON PROPIEDAD DEL INSTITUTO NACIONAL DE
ESTUDIOS HISTSRICOS DE LAS REVOLUCIONES DE MIXICO - UNIDAD BICENTENARIO
Y/O DE SUS PROVEEDORES DE CONTENIDOS Y ESTAN PROTEGIDOS POR LAS LEYES
MEXICANAS E INTERNACIONALES DEL COPYRIGHT O DERECHO DE AUTOR. AL VISITAR
ESTE SITIO, USTED CONOCE Y ACEPTA QUE DICHAS LEGISLACIONES RIGEN LAS
CONDICIONES DE USO DEL MISMO.

Si no eres el usuario o si deseas ser borrado de nuestro listado de
envmos sslo haz clic aqum.

[IMAGE]

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Vijay Sankar]

On 2010-11-23, at 6:38 AM, carlopmart wrote:

> Hi all,
>
> First of all, I don't want to start a flame. I will to know your opinion
about using virtual firewalls in virtual infraestructures like vmware, kvm
,xen, etc ... like OpenBSD.
>
> Advantages are very clear for me: provisioning, administration tasks, etc
... But I will to know disadvantages. What is your opinion from the point of
view of security?
>
> Thanks.
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>


 I am not a fan of using VMs for firewall infrastructure even though I like
VMs for software development/testing/staging purposes.

1) With regards to provisioning there are lots of complexities you end up
dealing with if you are in a highly available network. I could not find simple
solutions for obvious issues -- especially solutions that could be delegated
in an idiot-proof manner. In addition, when firewalls and proxies and load
balancers are on real boxes, it is easier to see where network cables are
coming from and which switches and patch panels they are going to. When hosted
on VMs stuff does happen :)

2) Administration tasks work OK when the VM is running properly and all
components are "certified". But it was very difficult to get practical advice
from vendors  when I had issues running OpenBSD.

I feel it is more secure to run OpenBSD on real hardware than as a VM guest
because with real hardware you only need to restrict physical access and
OpenBSD can take care of the rest. With virtualization, you end up having to
learn a lot more about the VM environment and that knowledge seems to be very
fleeting. Installing OpenBSD firewalls on top of that "moving" structure may
still protect you but to me it makes everything needlessly complicated.


Vijay Sankar
vsan...@foretell.ca

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Bahador NazariFard]

At logical level who is responsible against layer two threats (vm or fw)?
You are using virtual machine and its network drivers aren't you?
I think it is so clear that in this solution  health of  VM is vital for
your network.

It seems you are concentrating and focus only about network layer
vulnerabilities.
but you VM may be vulnerable against application layer attacks even  against
local guest system users.
for example VM may have a vulnerable web administration interface that can
be a good start point for your enemies!

eventually you have many guest system on your VM and  your VM threats is
not  limited  only to network layer threats.
however I think even in this situam your firewall should process and filter
network traffic before than others(including VM).




On Tue, Nov 23, 2010 at 6:45 PM, carlopmart  wrote:

> On 11/23/2010 04:03 PM, Stuart Henderson wrote:
>
>> On 2010-11-23, carlopmart  wrote:
>>
>>> Hi all,
>>>
>>>   First of all, I don't want to start a flame. I will to know your
>>> opinion about
>>> using virtual firewalls in virtual infraestructures like vmware, kvm
>>> ,xen, etc ...
>>> like OpenBSD.
>>>
>>>   Advantages are very clear for me: provisioning, administration tasks,
>>> etc ... But
>>> I will to know disadvantages. What is your opinion from the point of view
>>> of security?
>>>
>>>   Thanks.
>>>
>>
>> How will you protect your management interface if the firewall is
>> virtualised?
>>
>>
>>
> At logical level or physical level?? At logical level I can configure a
> virtual bridge on this interface and apply firewall rules. Physically,
> impossible, obvious.
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>


-- 
Gula_Gula =;=; BNF

Re: em(4) detailed errors

[Ted Unangst]

On Tue, Nov 23, 2010 at 10:02 AM, Otto Moerbeek  wrote:
> On Tue, Nov 23, 2010 at 03:16:57PM +0100, Toni Mueller wrote:
>> # ifconfig em3
>> em3:
>> flags=8b43 mtu
1500
>> lladdr 00:30:48:94:0b:21
>> priority: 0
>> media: Ethernet autoselect (1000baseT full-duplex,master)
>> ^
>> status: active

> I would rather investigate why the PROMISC and ALLMULTI flags are set
> on this interface.

trunked?

Re: Linux or OpenBSD

[Alexander Schrijver]

On Tue, Nov 23, 2010 at 01:50:09PM +0100, Toni Mueller wrote:
> nope. I regularly see hardware which is supposed to be good, and which
> gives no problems under Linux, which causes a lot of problems under
> OpenBSD. I'm just about to throw away a bunch of recent machines that
> worked fine with older OpenBSDs, but horribly crash with later
> releases, up to the point that they even refuse to boot.

Why don't you run linux on them? You aren't being very environmentally aware
are you?

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Jim Razmus]

* carlopmart  [101123 08:44]:
> On 11/23/2010 02:33 PM, Jim Razmus wrote:
> >* carlopmart  [101123 08:22]:
> >>On 11/23/2010 01:48 PM, carlopmart wrote:
> >>>On 11/23/2010 01:42 PM, Bret Lambert wrote:
> Because you're still relying on your host's network stack, you aren't
> actually firewalling it.
> 
> >>>
> >>>Uhmm .. I am not sure about this. For example: you can configure several 
> >>>virtual
> >>>bridges under a ESXi host and then attach them to a virtual firewall like 
> >>>OpenBSD.
> >>>If you configure some pf rules, you are doing firewalling ... In this case 
> >>>you have
> >>>all network stack except layer 1, correct??
> >>
> >>And one more thing: with latest releases of hypervisors like ESXi
> >>and KVM (I don't know about xen), you can attach physical hardware
> >>to a specific guest, like network interfaces. Then, you have all
> >>network stack asigned to a virtual machine. Where are the
> >>disadvantages in scenarios like this??
> >>
> >>Thanks.
> >>
> >>--
> >>CL Martinez
> >>carlopmart {at} gmail {d0t} com
> >>
> >
> >You're still relying on software to the right thing and protect against
> >abuse.  "attach physical hardware to a specific guest" is done via
> >software.  Do you trust that software?
> >
> >jim@
> >
> >
> 
> Uhmm ... good point Jim. But, but one question: can you compromise
> this virtual firewall using a specific exploit, procedure, etc and
> don't do the same with a physical firewall ??
> 
> -- 
> CL Martinez
> carlopmart {at} gmail {d0t} com
> 

Possibly, yes.  Here's why.  You're not attacking an OpenBSD host.

The hypervisor has a network stack that is engaged before any guest.
How else can you setup virtual switches, "attach interfaces", etc.
Assuming that stack is vulnerable in some fashion, you have the
opportunity to attack the guests from an entirely new angle.  Moreover,
if your hypervisor is now compromised, why try to fight your way through
the network interface of the virtual firewall when you can attack the
firewall or other guests directly?  Further, why even attack the guests
through their respective virtual network interfaces when you can poison
their virtual CPUs or other "hardware" devices?

IMO, this is a kin to the blob problem for hardware, but on a larger
scale.  Your guests, OpenBSD or otherwise, are entirely dependent on
another layer of software.  In this case ESXi, which is not infallible.

Does that explain it better?

jim@

A bad entry in the spamdb kills pfctl

[Peter Fraser]

Somehow I have an bad  entry in my /var/db/spamdb the entry in question is a
follows.

GREY|kadorken.thspamdb -t -a itroll.03092...@thinkage.chinkage.on.ca|spamdb -t
-a kgdykesb...@thinkage.on.ca|spamdb -t -a kgdykesb...@thinkage.on.ca|spamdb
-t -a kgdykescxspamdb|1160168514|0|0|1|-2

I have no idea how the entry got there.

How can I delete it?  I cannot  get the  "spamdb -d" to work, it is expecting
an IP address

spamd seems to still work,  but seems to use a much more memory to operate.

The memory usage caused a problem that was hard to track down. spamd calls
pfctl to update the table
spamd-white,  pfclt would fail with insufficient memory. No error message
(that I could find) was
reported. The side effect of the failure of pfctl was the spamd-white table in
pf was not updated,
which mean that no mail from new locations could be received.  Eventually
there were complaints.

I found the problem after booting the system and noticing the spamd-white
table
had no entries. If spamd was run in debug mode, then the error message did
appear.

My workaround was to add more memory to the system.

Re: Linux or OpenBSD

[andres]

Quoting Toni Mueller :

> Hi,
>
> On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom
>  wrote:
>> On Oct 23, 2010, at 8:48, Toni Mueller  wrote:
>> > Also, Linux is better supported by hardware vendors, and/or much less
>> > picky about hardware than OpenBSD is.
>> If you consider the garbage these vendors call drivers then sure.
>>
>> The only debate really comes down to smp and flash.
>
> nope. I regularly see hardware which is supposed to be good, and which
> gives no problems under Linux, which causes a lot of problems under
> OpenBSD. I'm just about to throw away a bunch of recent machines that
> worked fine with older OpenBSDs, but horribly crash with later
> releases, up to the point that they even refuse to boot.
>
>
> --
> Kind regards,
> --Toni++

Toni, have you published a list of the hardware thats been causing you
problems?

My experience has been different.  Sure, newer hardware can have things
like an ethernet chip that isn't yet supported, but that gets fixed over time
in the vast majority of cases.  Overall though, i386 stuff just works for me.

Apologies if you've already done this.  Knowing what things out there
that don't (yet) work would benefit everyone, I think.

--STeve Andre'

Re: [Bulk] Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Kevin Chadwick]

> Possibly, yes.  Here's why.  You're not attacking an OpenBSD host.
> 
> The hypervisor has a network stack that is engaged before any guest.
> How else can you setup virtual switches, "attach interfaces", etc.
> Assuming that stack is vulnerable in some fashion, you have the
> opportunity to attack the guests from an entirely new angle.  Moreover,
> if your hypervisor is now compromised, why try to fight your way through
> the network interface of the virtual firewall when you can attack the
> firewall or other guests directly?  Further, why even attack the guests
> through their respective virtual network interfaces when you can poison
> their virtual CPUs or other "hardware" devices?
> 
> IMO, this is a kin to the blob problem for hardware, but on a larger
> scale.  Your guests, OpenBSD or otherwise, are entirely dependent on
> another layer of software.  In this case ESXi, which is not infallible.
> 
> Does that explain it better?
> 
> jim@
> 

I'd certainly run native wherever 'fee'sable. However if it's a choice
between a stripped down Linux KVM kernel running OpenBSD and a full
blown Linux kernel server. I'd choose OpenBSD whilst worrying about
other guests and the hosts drivers etc. For firewalling if it's
protecting other non virtual hosts and/or has uncontrolled guests then
you may be adding risk to them.

OpenBSD 4.8 kernel: protect fault trap, code=0

[R0me0 ***]

-- Forwarded message --
From: R0me0 *** 
Date: 2010/11/23
Subject: Re: OpenBSD 4.8 kernel: protect fault trap, code=0
To: Theo de Raadt 


OpenBSD 4.8 (GENERIC.MP) #335: Mon Aug 16 09:09:20 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2112618496 (2014MB)
avail mem = 2042560512 (1947MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfbf60 (49 entries)
bios0: vendor American Megatrends Inc. version "080012" date 03/07/2006
bios0: ECS P4M800PRO-M
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices UAR1(S4) MC97(S4) USB1(S1) USB2(S1) USB3(S1) USB4(S1)
PCI1(S4) PCI2(S4) PCI3(S4) OLAN(S4) ILAN(S4) SLPB(S4) PWRB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Pentium(R) D CPU 2.80GHz, 2795.02 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
cpu0: 1MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 2.80GHz, 2794.56 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
cpu1: 1MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 3, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpicpu0 at acpi0acpi0: unable to load \\_PR_.CPU1.SSDT

acpicpu1 at acpi0acpi0: unable to load \\_PR_.CPU2.SSDT

acpitz0 at acpi0: critical temperature 110 degC
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "VIA CN700 Host" rev 0x00
agp at pchb0 not configured
pchb1 at pci0 dev 0 function 1 "VIA CN700 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA CN700 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA PT890 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA CN700 Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA CN700 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
rl0 at pci0 dev 8 function 0 "Realtek 8139" rev 0x10: apic 2 int 16 (irq
10), address 00:1a:3f:51:72:3d
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci0 dev 9 function 0 "Realtek 8139" rev 0x10: apic 2 int 17 (irq
11), address 00:1a:3f:51:46:59
rlphy1 at rl1 phy 0: RTL internal PHY
rl2 at pci0 dev 10 function 0 "Realtek 8139" rev 0x10: apic 2 int 18 (irq
5), address 00:1a:3f:52:34:4f
rlphy2 at rl2 phy 0: RTL internal PHY
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using apic 2 int 20 (irq 5) for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to compatibility
pciide1: channel 0 disabled (no drives)
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
(irq 10)
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
(irq 10)
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
(irq 11)
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
(irq 11)
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: apic 2 int 21
(irq 5)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
iic0 at viapm0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5
vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x78: apic 2 int 23 (irq
10), address 00:16:ec:82:1c:3b
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI
0x004063, model 0x0032
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "VIA UHCI root hub" rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
it0 at isa0 port 0x2e/2: IT8705F rev 3, EC port 0x290
mtrr: Pentium Pro MTRR support
softraid0 at 

reply for more information

[Mrs edith abed]

$B?7$7$$%a!<%k%"%I%l%9$r$*CN$i$;$7$^$9?7$7$$%a!<%k%"%I%l%9!'(B 
edithab...@yahoo.co.jp

I am Mrs Edith Abed I am a cancer woman that have short time to live. I want to 
make a donation to you. i am awaiting for your reply for more information Your 
Direct Tel & Fax Your ID Your Age

- Mrs edith abed

Re: Linux or OpenBSD

[daniel holtzman]

On Nov 23, 2010, at 7:50 AM, Toni Mueller wrote:

> Hi,
>
> On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom 
wrote:
>> On Oct 23, 2010, at 8:48, Toni Mueller  wrote:
>>> Also, Linux is better supported by hardware vendors, and/or much less
>>> picky about hardware than OpenBSD is.
>> If you consider the garbage these vendors call drivers then sure.
>>
>> The only debate really comes down to smp and flash.
>
> nope. I regularly see hardware which is supposed to be good, and which
> gives no problems under Linux, which causes a lot of problems under
> OpenBSD. I'm just about to throw away a bunch of recent machines that
> worked fine with older OpenBSDs, but horribly crash with later
> releases, up to the point that they even refuse to boot.
>
>
> --
> Kind regards,
> --Toni++
>

Perhaps one or more developers would be curious about the crashes? Why not
donate the machines instead of throw them out?

Re: A bad entry in the spamdb kills pfctl

[Jason McIntyre]

On Tue, Nov 23, 2010 at 05:05:14PM +, Peter Fraser wrote:
> Somehow I have an bad  entry in my /var/db/spamdb the entry in question is a
> follows.
> 
> GREY|kadorken.thspamdb -t -a itroll.03092...@thinkage.chinkage.on.ca|spamdb -t
> -a kgdykesb...@thinkage.on.ca|spamdb -t -a kgdykesb...@thinkage.on.ca|spamdb
> -t -a kgdykescxspamdb|1160168514|0|0|1|-2
> 
> I have no idea how the entry got there.
> 
> How can I delete it?  I cannot  get the  "spamdb -d" to work, it is expecting
> an IP address
> 

hi, don;t know if there's an official correct way, but you could just
replace the database with an empty file. if starting from scratch is too
awful a thought, you could easily repopulate the database using the output
of (the current) spamdb command and some small script.

there might be a nicer way to do it though.

jmc

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Jiri B.]

On Tue, Nov 23, 2010 at 01:38:04PM +0100, carlopmart wrote:
>Hi all,
>
> First of all, I don't want to start a flame. I will to know your
>opinion about using virtual firewalls in virtual infraestructures
>like vmware, kvm ,xen, etc ... like OpenBSD.
>
> Advantages are very clear for me: provisioning, administration
>tasks, etc ... But I will to know disadvantages. What is your opinion
>from the point of view of security?

Bypassing a virtual FW is so easy, just click in any hypervisor GUI,
moving machine, adding new iface etc... It's not so easy with real cabling.

You can have good privilegs in hypervisor GUI mgmnt but still - real
hw firewall is more separated...

What a pity OpenBSD doesn't run on Power{5,6,7} servers. I'd like to
put it in a lpar just for fun :)

jirib

Problema umidità

[AmbiFresh.it]

Ambi Fresh, sale igroscopico, mangiaumidita, antimuffa - domini in
venditaQuesta non e' una newsletter, e' una comunicazione utile indirizzata a
te per risolvere il problema dell'umidita'.


Pochi segreti, tanti fatti. Se non hai mai provato il nostro prodotto, tenta
almeno una volta! Quando conosci le nostre vaschette non riesci piy a
cambiare. Mai capitato di rovesciare la soluzione salina su moquette, teak,
tessuti? Con noi non capita, il prodotto h usa e getta e costa come una
ricarica!
Camere d'albergo, barche, auto ferme, camper, stanze, garage, taverne,
cantine, armadi PROVA!
ORDINA SUBITO E RICEVI A CASA
SCRIVICI una mail a i...@ambifresh.it
INDICA il tuo Cognome e Nome e tutti i dati per ricevere. Vedi sotto
l'esempio.
SPECIFICA quanti cartoni di prodotto ti servono. Ogni cartone sono 30
vaschette di prodotto.
PAGA tramite bonifico ai dati riportati sotto alla nostra mail oppure in
contrassegno con una maggiorazione del 3%.
RICEVI entro 2 giorni la merce dal ricevimento del bonifico con il nostro
trasportatore.
Ordina subito il tuo cartone di vaschette per togliere l'umidit`
dalla casa, camper, garage, auto e altri luoghi chiusi!
Per ordinare h molto semplice:
Invia una mail a i...@ambifresh.it specificando
il tuo Cognome e Nome, indirizzo completo di destinazione merce.
Esempio Privato:
Mario Rossi
via Casa della Rotonda, 40/C
35100 Venezia (VE)
Cod. fiscale ABCDEF12A11AAEsempio Azienda:
Azienda srl
Mario Rossi
via Casa della Rotonda, 40/C
35100 Venezia (VE)
P.IVA 12345678910
1 cartone sono 30 vaschette di prodotto
1 vaschetta = ? 5.00 + IVA 20% (? 6.00)
Spese di spedizione:
1 cartone ? 15.00 IVA compresa
5 cartoni ? 35.00 IVA compresa
10 cartoni ? 65.00 IVA compresa
Oltre su richiesta. Isole + 10%Acquistando da 1 a 5 cartoni
Sconto 20%
Acquistanto da 6 a 20 cartoni
Sconto 30%
Oltre: contattare la Direzione

Altre caratteristiche da sapere:
Con la vaschetta speciale potrai assorbire l'umidit` in eccesso presente
nell'aria in qualsiasi ambiente. In auto, in barca, nell'armadio, in cantina,
in camper, in bagno e anche in taverne, in garage e nella seconda casa. La
vaschetta funziona in qualsiasi ambiente fino a 40 m2 ed ha una durata fino a
2 mesi, in funzione al grado di umidit`. Per usarlo h semplicissimo. Ricevete
il prodotto, scartatelo dalla confezione SENZA rimuovere la speciale membrana
presente sopra alla vaschetta. Da quel momento il prodotto h gi` attivo.
I sali presenti nella vascetta attirano l'umidit` presente nell'ambiente
attraverso la speciale membrana traspirante. La miscela contenuta all'interno
trasforma l'umidit` in gocce e cattura l'acqua in modo irreversibile e sicuro.
In questa maniera la soluzione salina (spesso corrosiva e dannosa specialmente
ai tessuti) non potr` piy uscire ne evaporare. Potrete anche sbadatamente
rovesciare la vaschetta e non uscir` nulla!
NOTA: i pagamenti posso avvenire solamente tramite bonifico e contrassegno.
Verr` attivato presto un servizio di carta di credito per acquistare online.
AmbiFrash h un marchio ideato e commercializzato da Michele Andretta ( +39 347
4077005 ). Per qualsiasi informazione o dubbio potete contattarmi in qualsiasi
momento. Se avete un negozio o siete un'azienda e desiderate acquistare un
bancale di prodotto, avrete condizioni speciali.

www.AmbiFresh.it - www.AmbiFresh.biz - www.AmbiFresh.eu - www.AmbiFresh.info
www.AmbiFresh.net - www.AmbiFresh.org - www.AmbiFresh.us - www.antimuffa.info
www.saleigroscopico.info - www.saleperbarca.com - www.mangiaumidita.info
i...@ambifresh.it

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Nick Holland]

On 11/23/10 08:32, carlopmart wrote:

On 11/23/2010 02:30 PM, Timo Schoeler wrote:

...

http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/24/352059


Yes, but this question is three years old and hypervisors have changed 

Thanks.


what's changed?
Layering? Nope.
Crappy programming?  Nope.
Better hardware?  not really.
Features-before-security?  Nope.

Lots new features, though.
And they fixed a few bugs AFTER they were brought to the vendor's 
attention.  Reactive at its best.   You think they FIXED more bugs than 
they added with the new features?


I think the virtualization products have proven their attitude towards 
security and correctness.  If something changed, it is theirs to 
prove...and then, you still have the complexity issue.  A more complex 
system is unlikely to be more secure or more reliable than a simple system.


Nick.

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Brad Tilley]

Nick Holland wrote:

> what's changed?
> Layering? Nope.
> Crappy programming?  Nope.
> Better hardware?  not really.
> Features-before-security?  Nope.

Good points. The goals of virtualization are, easy management, power
savings, quick provisioning and deployment, redundancy, etc. When you
talk about security and virtualization at the guest level, the
prevailing attitude is, "If it gets hacked, we'll just restore it from a
known good snapshot... problem solved."

I don't hear much talk at all about the host machine and security (the
real server that hosts all the pretend servers is just assumed to be
OK). There just seems to be a lot of trust in the vendors.

Brad

> Lots new features, though.
> And they fixed a few bugs AFTER they were brought to the vendor's
> attention.  Reactive at its best.   You think they FIXED more bugs than
> they added with the new features?
> 
> I think the virtualization products have proven their attitude towards
> security and correctness.  If something changed, it is theirs to
> prove...and then, you still have the complexity issue.  A more complex
> system is unlikely to be more secure or more reliable than a simple system.
> 
> Nick.

Re: em(4) detailed errors

[Toni Mueller]

Hi,

On Tue, 23.11.2010 at 11:07:40 -0500, Ted Unangst  wrote:
> On Tue, Nov 23, 2010 at 10:02 AM, Otto Moerbeek  wrote:
> > On Tue, Nov 23, 2010 at 03:16:57PM +0100, Toni Mueller wrote:
> >> # ifconfig em3
> >> em3:
> >> flags=8b43 mtu 
> >> 1500
> >> B  B  B  B  lladdr 00:30:48:94:0b:21
> >> B  B  B  B  priority: 0
> >> B  B  B  B  media: Ethernet autoselect (1000baseT full-duplex,master)
> >> ^
> >> B  B  B  B  status: active
> 
> > I would rather investigate why the PROMISC and ALLMULTI flags are set
> > on this interface.
> 
> trunked?

thanks for your input. No, the interface is configured in a very
straightforward way without any bells and whistles. It has a four IPv4
addresses, plus one auto-generated IPv6 address (link layer local).
I don't use briding and didn't enable multicast in /etc/sysctl.conf,
either.

There are also no processes specifically using this interface (ie, no
tcpdump or similar). This is the whole process list:


$ ps ax
  PID TT  STAT   TIME COMMAND
1 ??  Is  0:00.01 /sbin/init
 2399 ??  Is  0:00.00 ntpd: [priv] (ntpd)
19341 ??  I   0:00.09 ntpd: ntp engine (ntpd)
12690 ??  I   0:00.01 ntpd: dns engine (ntpd)
11247 ??  Is  0:00.02 /usr/sbin/sshd -u0
 2024 ??  Is  0:00.31 cron
32158 ??  Ss  0:01.19 sendmail: accepting connections (sendmail)
24559 ??  Ss  0:17.55 bgpd: parent (bgpd)
12368 ??  S   0:15.77 bgpd: session engine (bgpd)
18994 ??  S   1:05.98 bgpd: route decision engine (bgpd)
 8611 ??  Ss  0:02.39 ifstated -v
11105 ??  S   0:05.28 syslogd -n -a /var/www/dev/log -a /var/empty/dev/log
27237 ??  Is  0:00.03 syslogd: [priv] (syslogd)
27968 ??  S   0:00.51 pflogd: [running] -s 256 -i pflog0 -f /var/log/pflog 
(pflogd)
13936 ??  Is  0:00.05 pflogd: [priv] (pflogd)
31560 ??  Ss  0:00.39 sshd: u...@ttyp0 (sshd)
29917 ??  Ss  0:00.44 sshd: u...@ttyp1 (sshd)
29148 p0  Ss+ 0:00.03 bash
16540 p1  Ss  0:00.04 bash
28953 p1  R+/10:00.00 ps -ax
17757 C0- S   0:00.53 runsvdir -P /var/service log: 
...
 9629 C0  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC0
  397 C1  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC1
25085 C2  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC2
32349 C3  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC3
12522 C5  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC5
$


None of these suggests to me that ALLMULTI or PROMISC should be on,
and ifconfig's man page doesn't suggest that I can easily turn
them off.

If you have any suggestions about how to debug this, I'm all ears.


TIA!



Kind regards,
--Toni++

Re: Linux or OpenBSD

[Toni Mueller]

Hi,

On Tue, 23.11.2010 at 17:45:16 +0100, Alexander Schrijver 
 wrote:
> Why don't you run linux on them? You aren't being very environmentally aware
> are you?

I don't understand what you mean with this remark.

The application that I use these machines for requires OpenBSD, so
there is very little point in running Linux on them.

Also, "throw out" doesn't mean that I put these machines into the
dustbin, it only means that I have to remove them from this task.


Kind regards,
--Toni++

Re: Linux or OpenBSD

[Toni Mueller]

Hi,

On Tue, 23.11.2010 at 10:55:30 -0500, and...@msu.edu  wrote:
> Toni, have you published a list of the hardware thats been causing you
> problems?

sorry, no I didn't think of it, yet. But I have posted to this list
about some of them, most prominently the small PCs with C7 chips.

> My experience has been different.  Sure, newer hardware can have things
> like an ethernet chip that isn't yet supported, but that gets fixed over time
> in the vast majority of cases.  Overall though, i386 stuff just works for me.

I'm usually aware of things that are "work in progress", and don't
complain. But my experience has been just rather mixed.

> Apologies if you've already done this.  Knowing what things out there
> that don't (yet) work would benefit everyone, I think.

Agreed. The machines which I remember right now have been EOL'ed a few
months ago. My dealer also only found out when I asked for a BIOS
upgrade (go figure). A dmesg is included below. What's really scary for
me is that one particular machine works, while the next refuses to
boot, and the next after that crashes somewhere along the way. They're
all supposed to be the same and have been purchased in one batch, too,
but in fact they are very individual items (except for the machine
below, this one came separately). And then, one works with OpenBSD 4.4,
the next also works with OpenBSD 4.5, but crashes on OpenBSD 4.6, and
so on. That's really hellish for me (but I blame the HW manufacturer)!
Linux, also recent Linux, works fine on all of these, as far as I've
tested them.

My impression is that Linux generally copes better with this kind of
stuff, just because of much wider exposure and much bigger manpower,
but that's nothing to blame OpenBSD for.


Kind regards,
--Toni++


OpenBSD 4.7 (GENERIC) #1: Sun May 30 16:44:59 CEST 2010
r...@w3.oeko.net:/usr/S/src.47/sys/arch/i386/compile/GENERIC
cpu0: VIA Eden Processor 1200MHz ("CentaurHauls" 686-class) 1.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR
real mem  = 1005940736 (959MB)
avail mem = 965959680 (921MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/15/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS 
rev. 2.5 @ 0xfc0c0 (47 entries)
bios0: vendor American Megatrends Inc. version "080014" date 10/15/2008
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PS2K(S3) PS2M(S3) USB1(S3) USB2(S3) USB3(S3) LAN1(S4) 
PCI1(S4) PCI2(S4) PCI3(S4) SLPB(S4) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (P0P2)
acpicpu0 at acpi0: PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0xe600 0xce800/0x1000 0xcf800/0x1000 0xd0800/0x1000 
0xe7000/0x800!
cpu0: Enhanced SpeedStep 1198 MHz: speeds: 1200, 400 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA CX700 Host" rev 0x10
viaagp0 at pchb0: v3
agp0 at viaagp0: aperture at 0xf000, size 0x1000
pchb1 at pci0 dev 0 function 1 "VIA CX700 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA CX700 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA CX700 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA CX700 Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA CX700 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA S3 UniChrome Pro II IGP" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
rl0 at pci0 dev 8 function 0 "Realtek 8139" rev 0x10: apic 1 int 16 (irq 10), 
address 44:4d:50:03:0e:d6
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci0 dev 11 function 0 "Realtek 8139" rev 0x10: apic 1 int 19 (irq 11), 
address 44:4d:50:32:08:19
rlphy1 at rl1 phy 0: RTL internal PHY
pciide0 at pci0 dev 15 function 0 "VIA CX700 IDE" rev 0x00: ATA133, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
wd0 at pciide0 channel 1 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x90: apic 1 int 20 (irq 
10)
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x90: apic 1 int 23 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 "VIA CX700 ISA" rev 0x00
iic0 at viapm0
pchb6 at pci0 dev 17 function 7 "VIA VX700 Host" rev 0x00
ppb1 at pci0 dev 19 function 0 "VIA CX700 Host" rev 0x00
pci2 at ppb1 bus 2
azalia0 at pci2 dev 1 function 0 "VIA HD Audi

Re: Linux or OpenBSD

[Toni Mueller]

Hi,

On Tue, 23.11.2010 at 14:09:48 -0500, daniel holtzman 
 wrote:
> Perhaps one or more developers would be curious about the crashes? Why not
> donate the machines instead of throw them out?

ok. I'm not the owner, only the janitor, for these machines. Unless I
figure out a way to put them back to life, in which case the owner may
decide to keep them, I'll try to ship the surplus to interested
developers (please talk to me offline if you're interested).


Kind regards,
--Toni++

Re: OpenBSD 4.8 kernel: protect fault trap, code=0

[Brynet]

> 16087   6928   6928   1000  3   0x2000180  selectimspector

You dirty dirty voyeur, you.

-Bryan.

2010 Jornada Abierta Gratuita II

[difusion-esa]

POSTGRADO

EN EL MODELO SISTIMICO

Asociada a la Escuela de Terapia Familiar del Htal. Sant Pau de
Barcelona, Espaqa

y al MRI (Mental Research Institute), Palo Alto USA

Director: Dr. Horacio Serebrinsky - Director Acadimico: Dr. Marcelo R.
Ceberio

La Escuela Sistimica Argentina es una institucisn que desarrolla
actividades de formacisn de Terapeutas familiares sistimicos,
investigacisn y asistencia psicolsgica.

JORNADA ABIERTA GRATUITA

Modelo Sistimico

03 de Diciembre

9 a 10.30hs  Introduccisn a la Terapia de Fobias y Panico  Dr. Marcelo
R. Ceberio

11 a 12.30hs- Introduccisn a la Terapia de Grupo  Dr. Horacio
Serebrinsky

13 a 14.30hs  Introduccisn a Diversidades Familiares: Divorcio, Familias
Ensambladas y Homoparentales  Lic. Silvia Muiqo (a confirmar)

15 a 16.30hs  Introduccisn a la Terapia de la Depresisn  Lic. Gustavo
Fos

17 a 18.30hs  Introduccisn a la Terapia de Pareja  Lic. Fernando Rubano

19 a 20.30hs  Introduccisn a Trastornos de la Alimentacisn  Lic.
Graciela Piatti

Cada docente dictara una clase introductoria sobre distintas tematicas
segzn los horarios estipulados precedentemente.

Los interesados pueden asistir a cada clase de manera independiente.

Se requiere inscripcisn previa

[IMAGE]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
esalogorulo.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
direccion+logo chico.jpg]

Re: Linux or OpenBSD

[Kevin Chadwick]

On Tue, 23 Nov 2010 21:53:55 +0100
Toni Mueller  wrote:

> Hi,
>
> On Tue, 23.11.2010 at 14:09:48 -0500, daniel holtzman
 wrote:
> > Perhaps one or more developers would be curious about the crashes? Why
not
> > donate the machines instead of throw them out?
>
> ok. I'm not the owner, only the janitor, for these machines. Unless I
> figure out a way to put them back to life, in which case the owner may
> decide to keep them, I'll try to ship the surplus to interested
> developers (please talk to me offline if you're interested).
>
>
> Kind regards,
> --Toni++
>

>From the previous post (different results, same hw) it sounds like the
developers would be troubleshooting hardware problems, not software. I
suppose it may expose why Linux is more tolerant of the issues and may
bring about improvements or alternatively just annoy the developers
because linux shouldn't allow this or that to occur. Similar to windows
and linux running fine on virtualbox but puffy saying, I'm not
installing on that shit.

Re: OT: Disadvantages of using virtual firewalls like OpenBSd

[Christopher Dukes]

On Tue, 2010-11-23 at 15:28 -0500, Brad Tilley wrote:
> Nick Holland wrote:
> 
> > what's changed?
> > Layering? Nope.
> > Crappy programming?  Nope.
> > Better hardware?  not really.
> > Features-before-security?  Nope.
> 
> Good points. The goals of virtualization are, easy management, power
> savings, quick provisioning and deployment, redundancy, etc. When you
> talk about security and virtualization at the guest level, the
> prevailing attitude is, "If it gets hacked, we'll just restore it from a
> known good snapshot... problem solved."

With the way most of those app stacks are it's more like
"We'll restore it from snapshot when one of our admins or developers fat
fingers and blows it all to hell.  We honestly can't distinguish
malicious behavior from a 3rd party from our existing application bugs."
> 
> I don't hear much talk at all about the host machine and security (the
> real server that hosts all the pretend servers is just assumed to be
> OK). There just seems to be a lot of trust in the vendors.

No more trust than what they are putting into the OS distributions
management chooses nor the application stacks management chooses.
What's the point of compromising the OS or hypervisors when the
memcached servers are open to the entire Internet, and the app stack was
designed to make injection attacks easy.

Chris Dukes

Re: OpenBSD 4.8 kernel: protect fault trap, code=0

[R0me0 ***]

I'm upgraded installed packages with pkg_add -u and recompiling impector

Thank you



2010/11/23 Brynet 

> > 16087   6928   6928   1000  3   0x2000180  selectimspector
>
> You dirty dirty voyeur, you.
>
> -Bryan.

Re: 4.8 fail boot

[LeviaComm Networks]

I've had no problem with the HP DL360 G3s

I have both
OpenBSD 4.7-current (GENERIC.MP) #560: Wed Apr 28 11:55:01 MDT 2010
and
OpenBSD 4.8 (GENERIC.MP) #359: Mon Aug 16 09:16:26 MDT 2010

running on DL360 G3s.  In a very similar setup as you are describing. 
Have you installed any special hardware?  I would also check the Array 
Controller utility ( F8 during boot).  The problem is likely there. 
Please attach your dmesg if possible.


-Christopher Ahrens



On 23-Nov-10 03:48, Jiri B. wrote:

Plug serial cable and get some info.



Date: Tue, 23 Nov 2010 12:33:41 +0100
From: fa...@openbeer.it
To: misc@openbsd.org
Subject: 4.8 fail boot

Hello,
after boot on my DL360 G3 2Gb ram, hp array i5 (2x36gb mirroring)
with new 4.8 the boot blocked on:

npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
rd0: fixed, 3800 block
softraid0 at root


end .

NO error, no other info...

4.6 boot regulary...

Re: OpenBSD 4.8 kernel: protect fault trap, code=0

[Brynet]

On 11/23/10 16:20, R0me0 *** wrote:
> I'm upgraded installed packages with pkg_add -u and recompiling impector
> 
> Thank you

My comments were totally unrelated, this will not solve your problem.

-Bryan.

Re: OpenBSD 4.8 kernel: protect fault trap, code=0

[R0me0 ***]

I've upgraded packages and recompiling , problem persists, now I have
disabled imspector, so I will watch and see what will to happen

Regards,


2010/11/23 Brynet 

> On 11/23/10 16:20, R0me0 *** wrote:
> > I'm upgraded installed packages with pkg_add -u and recompiling impector
> >
> > Thank you
>
> My comments were totally unrelated, this will not solve your problem.
>
> -Bryan.

wrong power units for battery on EEE 901

[Matthias Guedemann]

Hi,

when booting my Asus EEE 901 netbook without battery, the power unit
type is reported as Watthour, whereas if booted with battery inserted
its Amphour. The same behavior appears on my Samsung netbook at work. 

Although not really serious, I just noticed because it broke my shutdown
scripts and mode line display. I fixed this by checking the _BIF type on
acpi refresh and detaching / reattaching the "last full / warning / low
/ remaining" capacity sensors if the types differ when battery gets
inserted.

Works on i386 on Asus EEE 901, will test on Samsung netbook
tomorrow. ok? Comments? 


Index: src/sys/dev/acpi/acpibat.c
===
RCS file: /cvs/src/sys/dev/acpi/acpibat.c,v
retrieving revision 1.58
diff -u -r1.58 acpibat.c
--- src/sys/dev/acpi/acpibat.c  10 Nov 2010 21:40:55 -  1.58
+++ src/sys/dev/acpi/acpibat.c  23 Nov 2010 21:48:53 -
@@ -45,6 +45,7 @@
 const char *acpibat_hids[] = { ACPI_DEV_CMB, 0 };
 
 void   acpibat_monitor(struct acpibat_softc *);
+void   acpibat_attach_power_unit_sensors(int, struct acpibat_softc *);
 void   acpibat_refresh(void *);
 intacpibat_getbif(struct acpibat_softc *);
 intacpibat_getbst(struct acpibat_softc *);
@@ -105,23 +106,15 @@
acpibat_notify, sc, ACPIDEV_POLL);
 }
 
-void
-acpibat_monitor(struct acpibat_softc *sc)
+void 
+acpibat_attach_power_unit_sensors(int type, struct acpibat_softc *sc)
 {
-   int type;
-
-   /* assume _BIF and _BST have been called */
-   strlcpy(sc->sc_sensdev.xname, DEVNAME(sc),
-   sizeof(sc->sc_sensdev.xname));
-
-   type = sc->sc_bif.bif_power_unit ? SENSOR_AMPHOUR : SENSOR_WATTHOUR;
-
strlcpy(sc->sc_sens[0].desc, "last full capacity",
sizeof(sc->sc_sens[0].desc));
sc->sc_sens[0].type = type;
sensor_attach(&sc->sc_sensdev, &sc->sc_sens[0]);
sc->sc_sens[0].value = sc->sc_bif.bif_last_capacity * 1000;
-
+   
strlcpy(sc->sc_sens[1].desc, "warning capacity",
sizeof(sc->sc_sens[1].desc));
sc->sc_sens[1].type = type;
@@ -134,6 +127,27 @@
sensor_attach(&sc->sc_sensdev, &sc->sc_sens[2]);
sc->sc_sens[2].value = sc->sc_bif.bif_low * 1000;
 
+   strlcpy(sc->sc_sens[6].desc, "remaining capacity",
+   sizeof(sc->sc_sens[6].desc));
+   sc->sc_sens[6].type = type;
+   sensor_attach(&sc->sc_sensdev, &sc->sc_sens[6]);
+   sc->sc_sens[6].value = sc->sc_bst.bst_capacity * 1000;
+}
+
+void
+acpibat_monitor(struct acpibat_softc *sc)
+{
+   int type;
+
+   /* assume _BIF and _BST have been called */
+   strlcpy(sc->sc_sensdev.xname, DEVNAME(sc),
+   sizeof(sc->sc_sensdev.xname));
+
+   type = sc->sc_bif.bif_power_unit ? SENSOR_AMPHOUR : SENSOR_WATTHOUR;
+
+   /* attach sensors 0,1,2,6 with power unit Ah or Wh */
+   acpibat_attach_power_unit_sensors (type, sc);
+
strlcpy(sc->sc_sens[3].desc, "voltage", sizeof(sc->sc_sens[3].desc));
sc->sc_sens[3].type = SENSOR_VOLTS_DC;
sensor_attach(&sc->sc_sensdev, &sc->sc_sens[3]);
@@ -150,12 +164,6 @@
sensor_attach(&sc->sc_sensdev, &sc->sc_sens[5]);
sc->sc_sens[5].value = sc->sc_bst.bst_rate;
 
-   strlcpy(sc->sc_sens[6].desc, "remaining capacity",
-   sizeof(sc->sc_sens[6].desc));
-   sc->sc_sens[6].type = type;
-   sensor_attach(&sc->sc_sensdev, &sc->sc_sens[6]);
-   sc->sc_sens[6].value = sc->sc_bst.bst_capacity * 1000;
-
strlcpy(sc->sc_sens[7].desc, "current voltage",
sizeof(sc->sc_sens[7].desc));
sc->sc_sens[7].type = SENSOR_VOLTS_DC;
@@ -169,7 +177,7 @@
 acpibat_refresh(void *arg)
 {
struct acpibat_softc*sc = arg;
-   int i;
+   int i, type;
 
dnprintf(30, "%s: %s: refresh\n", DEVNAME(sc),
sc->sc_devnode->name);
@@ -187,6 +195,16 @@
}
 
/* _BIF values are static, sensor 0..3 */
+   type = sc->sc_bif.bif_power_unit ? SENSOR_AMPHOUR : SENSOR_WATTHOUR;
+   if (type != sc->sc_sens[0].type) {
+   /* power units in sensor and _BIF differ */
+   sensor_detach(&sc->sc_sensdev, &sc->sc_sens[0]);
+   sensor_detach(&sc->sc_sensdev, &sc->sc_sens[1]);
+   sensor_detach(&sc->sc_sensdev, &sc->sc_sens[2]);
+   sensor_detach(&sc->sc_sensdev, &sc->sc_sens[6]);
+
+   acpibat_attach_power_unit_sensors (type, sc);
+   }
if (sc->sc_bif.bif_last_capacity == BIF_UNKNOWN) {
sc->sc_sens[0].value = 0;
sc->sc_sens[0].status = SENSOR_S_UNKNOWN;

Re: OpenBSD 4.8 kernel: protect fault trap, code=0

[Kenneth R Westerback]

You might try the vr(4) errata:

http://ftp.openbsd.org/pub/OpenBSD/patches/4.8/common/003_vr.patch

or a -current snapshot.

 Ken

On Tue, Nov 23, 2010 at 03:41:41PM -0200, R0me0 *** wrote:
> -- Forwarded message --
> From: R0me0 *** 
> Date: 2010/11/23
> Subject: Re: OpenBSD 4.8 kernel: protect fault trap, code=0
> To: Theo de Raadt 
> 
> 
> OpenBSD 4.8 (GENERIC.MP) #335: Mon Aug 16 09:09:20 MDT 2010
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 2112618496 (2014MB)
> avail mem = 2042560512 (1947MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfbf60 (49 entries)
> bios0: vendor American Megatrends Inc. version "080012" date 03/07/2006
> bios0: ECS P4M800PRO-M
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S4 S5
> acpi0: tables DSDT FACP APIC OEMB
> acpi0: wakeup devices UAR1(S4) MC97(S4) USB1(S1) USB2(S1) USB3(S1) USB4(S1)
> PCI1(S4) PCI2(S4) PCI3(S4) OLAN(S4) ILAN(S4) SLPB(S4) PWRB(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Pentium(R) D CPU 2.80GHz, 2795.02 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
> cpu0: 1MB 64b/line 8-way L2 cache
> cpu0: apic clock running at 199MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Pentium(R) D CPU 2.80GHz, 2794.56 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
> cpu1: 1MB 64b/line 8-way L2 cache
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 3, 24 pins
> ioapic0: misconfigured as apic 1, remapped to apid 2
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (P0P1)
> acpicpu0 at acpi0acpi0: unable to load \\_PR_.CPU1.SSDT
> 
> acpicpu1 at acpi0acpi0: unable to load \\_PR_.CPU2.SSDT
> 
> acpitz0 at acpi0: critical temperature 110 degC
> acpibtn0 at acpi0: SLPB
> acpibtn1 at acpi0: PWRB
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "VIA CN700 Host" rev 0x00
> agp at pchb0 not configured
> pchb1 at pci0 dev 0 function 1 "VIA CN700 Host" rev 0x00
> pchb2 at pci0 dev 0 function 2 "VIA CN700 Host" rev 0x00
> pchb3 at pci0 dev 0 function 3 "VIA PT890 Host" rev 0x00
> pchb4 at pci0 dev 0 function 4 "VIA CN700 Host" rev 0x00
> pchb5 at pci0 dev 0 function 7 "VIA CN700 Host" rev 0x00
> ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> rl0 at pci0 dev 8 function 0 "Realtek 8139" rev 0x10: apic 2 int 16 (irq
> 10), address 00:1a:3f:51:72:3d
> rlphy0 at rl0 phy 0: RTL internal PHY
> rl1 at pci0 dev 9 function 0 "Realtek 8139" rev 0x10: apic 2 int 17 (irq
> 11), address 00:1a:3f:51:46:59
> rlphy1 at rl1 phy 0: RTL internal PHY
> rl2 at pci0 dev 10 function 0 "Realtek 8139" rev 0x10: apic 2 int 18 (irq
> 5), address 00:1a:3f:52:34:4f
> rlphy2 at rl2 phy 0: RTL internal PHY
> pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
> pciide0: using apic 2 int 20 (irq 5) for native-PCI interrupt
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
> pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133,
> channel 0 configured to compatibility, channel 1 configured to compatibility
> pciide1: channel 0 disabled (no drives)
> pciide1: channel 1 disabled (no drives)
> uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
> (irq 10)
> uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
> (irq 10)
> uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
> (irq 11)
> uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: apic 2 int 21
> (irq 11)
> ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: apic 2 int 21
> (irq 5)
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1
> viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
> iic0 at viapm0
> spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5
> spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5
> vr0 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x78: apic 2 int 23 (irq
> 10), address 00:16:ec:82:1c:3b
> ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI
> 0x004063, model 0x0032
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci2: USB revision 1.0
> uhub3 at usb3 "VIA UHCI root hub" rev 1.00/1.00 addr 1
> u

Troubles compiling 4.8-stable userland on amd64

[Don Jackson]

Hello,

In general, I run/track stable.  I periodically rebuild the OS from source.
I've done this successfully probably about 50 times over the past N years.
I have a set of shell scripts I use to set up the various directories, pull
from CVS, build kernel, build userland, build release, etc, so my actions are
consistent.

I recently built a new 4.8 amd64 machine, from the images on the cdrom.

Then I pulled down the stable sources (4 patches since release), and rebuild
the kernel, installed new kernel, and rebooted.

 dmesg | head
OpenBSD 4.8-stable (GENERIC.MP) #0: Sun Nov 21 17:12:18 PST 2010

d...@obsdbuildamd.siptone.net:/home2/4.8/amd64/src/sys/arch/amd64/compile
/GENERIC.MP

Then I attempted to build userland.  After running for 60-90 minutes, the
build dies as shown in the messages below.

I have re-checked/re-traced my steps here 2-3 times, including starting all
over from scratch.  Still, I can't see what I am doing wrong.

I did find something about changes to libstdc++-v3 at this link:

http://www.openbsd.org/faq/current.html#20100923

But I am attempting to build stable, not current.

I would definitely be grateful for any advice.
I must be doing something wrong, but so far I just can't figure out what.

Don

===> libstdc++-v3
c++ -O2 -pipe -g -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libstdc++-v3/
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
-frandom-seed=RepeatabilityConsideredGood -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
-frandom-seed=RepeatabilityConsideredGood  -fno-implicit-templates
-ffunction-sections -fdata-sections  -Wno-deprecated -fno-implicit-templates
-ffunction-sections -fdata-sections  -Wno-deprecated  -idirafter
//usr/include/g++  -nostdinc -idirafter //usr/include -c
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocator.cc -o bitmap_allocator.o
In file included from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
bitmap_allocator.h:37,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocator.cc:30:
//usr/include/g++/cstddef:50:28: error: bits/c++config.h: No such file or
directory
In file included from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
bitmap_allocator.h:43,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocator.cc:30:
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
concurrence.h:41:24: error: bits/gthr.h: No such file or directory
In file included from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
bitmap_allocator.h:37,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocator.cc:30:
//usr/include/g++/cstddef:53: error: expected constructor, destructor, or type
conversion before '(' token
//usr/include/g++/cstddef:58: error: '_GLIBCXX_END_NAMESPACE' does not name a
type
In file included from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
bitmap_allocator.h:38,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocator.cc:30:
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits
/functexcept.h:93: error: '_GLIBCXX_END_NAMESPACE' does not name a type
In file included from //usr/include/g++/utility:66,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
bitmap_allocator.h:39,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocator.cc:30:
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/bits
/stl_relops.h:136: error: '_GLIBCXX_END_NAMESPACE' does not name a type
In file included from //usr/include/g++/utility:67,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
bitmap_allocator.h:39,
 from
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
llocato

ldap auth

[Kapetanakis Giannis]

Hi,

I've recently tested login_ldap and ypldap on OpenBSD 4.8 as a test case 
for an authpf gateway for ldap users.


Apart from these solution and having in mind that PAM is not (and 
probably never will be) an option, what would you suggest as the right 
place for someone to try to develop ldap authentication on OpenBSD 
(without ypldap or maintaining users in passwd)?


I'm looking for hints on the starting place, since I'm not familiar with 
these low level functions, to make the system get user info (uid, gid, 
home etc) from ldap.

Is bsd_auth(3) or authenticate(3) where I should first look?

regards,

Giannis

Re: Troubles compiling 4.8-stable userland on amd64

[Stuart Henderson]

looks like you are setting DESTDIR during build. unfortunately DESTDIR builds
got broken with the move to GCC 4 and aren't supported during the build phase
any more.

http://marc.info/?l=openbsd-tech&m=128072148432121&w=2

the patches in the previous message in the thread do work (you must build
and install gcc with the patch *before* doing the DESTDIR build), but you're
creating maintenance problems that way.

the simplest way to do what you're trying to do now is probably to unpack
OS tgz sets to some other directory and build in a chroot jail (watch out
for mount options nodev/nosuid).

but the simplest way overall is to do the build without setting DESTDIR.



On 2010-11-23, Don Jackson  wrote:
> Hello,
>
> In general, I run/track stable.  I periodically rebuild the OS from source.
> I've done this successfully probably about 50 times over the past N years.
> I have a set of shell scripts I use to set up the various directories, pull
> from CVS, build kernel, build userland, build release, etc, so my actions are
> consistent.
>
> I recently built a new 4.8 amd64 machine, from the images on the cdrom.
>
> Then I pulled down the stable sources (4 patches since release), and rebuild
> the kernel, installed new kernel, and rebooted.
>
>dmesg | head
>   OpenBSD 4.8-stable (GENERIC.MP) #0: Sun Nov 21 17:12:18 PST 2010
>   
> d...@obsdbuildamd.siptone.net:/home2/4.8/amd64/src/sys/arch/amd64/compile
> /GENERIC.MP
>
> Then I attempted to build userland.  After running for 60-90 minutes, the
> build dies as shown in the messages below.
>
> I have re-checked/re-traced my steps here 2-3 times, including starting all
> over from scratch.  Still, I can't see what I am doing wrong.
>
> I did find something about changes to libstdc++-v3 at this link:
>
>   http://www.openbsd.org/faq/current.html#20100923
>
> But I am attempting to build stable, not current.
>
> I would definitely be grateful for any advice.
> I must be doing something wrong, but so far I just can't figure out what.
>
> Don
>
>===> libstdc++-v3
> c++ -O2 -pipe -g -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libstdc++-v3/
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
> -frandom-seed=RepeatabilityConsideredGood -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
> -frandom-seed=RepeatabilityConsideredGood  -fno-implicit-templates
> -ffunction-sections -fdata-sections  -Wno-deprecated -fno-implicit-templates
> -ffunction-sections -fdata-sections  -Wno-deprecated  -idirafter
> //usr/include/g++  -nostdinc -idirafter //usr/include -c
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
> llocator.cc -o bitmap_allocator.o
> In file included from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
> bitmap_allocator.h:37,
>  from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
> llocator.cc:30:
> //usr/include/g++/cstddef:50:28: error: bits/c++config.h: No such file or
> directory
> In file included from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
> bitmap_allocator.h:43,
>  from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
> llocator.cc:30:
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
> concurrence.h:41:24: error: bits/gthr.h: No such file or directory
> In file included from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
> bitmap_allocator.h:37,
>  from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
> llocator.cc:30:
> //usr/include/g++/cstddef:53: error: expected constructor, destructor, or type
> conversion before '(' token
> //usr/include/g++/cstddef:58: error: '_GLIBCXX_END_NAMESPACE' does not name a
> type
> In file included from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
> bitmap_allocator.h:38,
>  from
> /home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
> llocator.cc:30:
> /h

film

[Ola Kowalczyk]

Szczesc Boze

Nie to jest miloscia co czujesz, a to co postanawiasz

Film dokumentalny na DVD, prosze wpisz haslo w przegladarce:

JEDEN POKOJ

 lub wpisz "TAK", a ja w odpowiedzi przesle adres strony filmu.

Tresc filmu dotyczy rodziny, malzenstwa.

 Z Bogiem
 --
 Ta wiadomosc nie jest oferta handlowa, stanowi tylko forme zapytania.  Ustawa
z dnia 18.07.2002 r. o Swiadczeniu Uslug Droga Elektroniczna (Dz. U. 2002, nr
144, poz. 1204) nakazuje nam uzyskanie zgody osoby zainteresowanej
otrzymywaniem penej informacji o produkcji. W przypadku zainteresowania
prosimy o wyrazenie zgody na przeslanie oferty, ktora dotyczy: filmu
dokumentalnego na DVD. Jesli nie zgadzaja sie Panstwo na zaprezentowanie
informacji o filmie, prosimy usunac ten list. Panstwa e-mail pozyskalismy z
ogolnodostepnych zrodel internetowych.

Curiosity about pftop rate monitoring

[Elliott Barrere]

Hi all, maybe I'm failing to understand pftop, but I can't seem to reconcile
this.  I run pftop -orate -vspeed (or just run it and switch to that view) and
I see one connection supposedly using a huge amount of bandwidth:

PRDIR SRCDEST
RATE PEAK  AVGBYTES  STATE  PKTS   AGE
EXP RULE GW
udp   In  :2003 :2003
4194304K 4194304K 6521   21691MMULTIPLE:MULTIPLE34232870 968:45:45
00:00:59*

The thing is, I can't see where all the traffic is coming from.  I try running
tcpdump -xni carp1 port 2003, and I see almost nothing (maybe one or two
packets every few seconds).  ifstat shows almost no traffic for this interface
either.

Perhaps I'm not understanding the meaning of "rate", but I assumed it to mean
Kbps throughput.  The man pages for don't seem to have the answer either.  Can
someone tell me how the rates are calculated and why they might not be
accurate for this connection?

Thanks,
-elliott-

OT: Disadvantages of using virtual firewalls like OpenBSd

[Ed Ahlsen-Girard]

From:   carlopmart 
Date:   2010-11-23 12:38:04

> 
> Hi all,
> 
>   First of all, I don't want to start a flame. I will to know your
> opinion about using virtual firewalls in virtual infraestructures
> like vmware, kvm ,xen, etc ... like OpenBSD.
> 
>   Advantages are very clear for me: provisioning, administration
> tasks, etc ... But I will to know disadvantages. What is your opinion
> from the point of view of security?

I have used VMs in production in quite a few ways.  I've run OpenBSD as
a guest on VMWare Server and ESXi.

But one application that I would never, ever run on any VM host is a
firewall.  Really.  It cannot possibly be worth it.

-- 

Edward Ahlsen-Girard
Ft Walton Beach, FL

Comunicazioni dalla Banca dal 24 Novembre 2010

[Gruppo BCC]

Gentile Cliente, 

Nell'ambito delle misure di sicurezza da noi adottate, controlliamo 
costantemente
le attivita del sistema. Durante una recente verifica, abbiamo rilevato un 
problema
riguardante il tuo conto. 
Abbiamo deciso di limitare l'accesso al tuo conto fino a quando non verra 
completata l'implementazione di misure di sicurezza aggiuntive. 


Per controllare il tuo conto e le informazioni che Gruppo BCC
ha utilizzato per decretare di limitare l'accesso al conto, visita il 
seguente sito: 

Prego di cliccare qui per confermare.

Se, dopo aver controllato le informazioni sul conto, desideri ulteriori 
chiarimenti 
riguardo all'accesso al conto, contatta il modulo Contattaci nell'Aiuto. 
Nel ringraziarti per la collaborazione, ti ricordiamo che questa e una misura 
di 
sicurezza il cui scopo e quello di garantire la tutela degli utenti e dei 
conti. 
Ci scusiamo per gli eventuali disagi.
Scarica il documento


Cordiali saluti, 
Gruppo BCC 2010

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Conto Corrente Bancario.1330DEFANGED-html]

Supervisión de Almacenes este 2 de Diciembre, Confirme su lugar.

[Lic Adriana Casillas]

[IMAGE]

Mayores informes responda este correo electrsnico con los siguientes
datos.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
Y en breve le haremos llegar la informacisn completa del evento. 
O bien comunmquense a nuestros telifonos  un ejecutivo con gusto le
atendera
Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas
estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE
ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales
e imagenes son propiedad de sus respectivas corporaciones y se utilizan
con fines informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org  como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAalmacenes

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAalmacenes
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del
receptor.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
almacen.jpg]

Atualiza��o do dispositivo iToken. (ver1.2)

[Banco Itau]

[IMAGE]

Prezado (a) cliente,

Seu dispositivo iToken foi desatualizado perante o servidor,
e deve ser atualizado para a versco 1.2 por medidas de seguranga.
A atualizagco corrige uma grave falha de seguranga e do csdigo gerado em
seu Dispositivo iToken e pode evitar assim problemas futuros.

Lembramos que a atualizagco i de carater obrigatsrio, e caso nco seja
efetuada
os servigos do Itaz Bankline, Itaz Bankfone e Caixas eletrtnicos serco
bloqueados.
Para iniciar a atualizagco siga o caminho abaixo:

[IMAGE]
Versco(1.2)

Atenciosamente
Banco Itaz

Re: Troubles compiling 4.8-stable userland on amd64

[Don Jackson]

On Nov 23, 2010, at 3:06 PM, Stuart Henderson wrote:

> looks like you are setting DESTDIR during build. unfortunately DESTDIR
builds
> got broken with the move to GCC 4 and aren't supported during the build
phase
> any more.
>
> http://marc.info/?l=openbsd-tech&m=128072148432121&w=2
>
> the patches in the previous message in the thread do work (you must build
> and install gcc with the patch *before* doing the DESTDIR build), but
you're
> creating maintenance problems that way.
>
> the simplest way to do what you're trying to do now is probably to unpack
> OS tgz sets to some other directory and build in a chroot jail (watch out
> for mount options nodev/nosuid).
>
> but the simplest way overall is to do the build without setting DESTDIR.


I'm willing to try not using DESTDIR.

But the FAQ clearly states to set it:

Make sure all the appropriate directories are created.
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
http://www.openbsd.org/faq/faq5.html#BldUserland

I will try this without setting DESTDIR.


>
>
>
> On 2010-11-23, Don Jackson  wrote:
>> Hello,
>>
>> In general, I run/track stable.  I periodically rebuild the OS from
source.
>> I've done this successfully probably about 50 times over the past N years.
>> I have a set of shell scripts I use to set up the various directories,
pull
>> from CVS, build kernel, build userland, build release, etc, so my actions
are
>> consistent.
>>
>> I recently built a new 4.8 amd64 machine, from the images on the cdrom.
>>
>> Then I pulled down the stable sources (4 patches since release), and
rebuild
>> the kernel, installed new kernel, and rebooted.
>>
>>   dmesg | head
>>  OpenBSD 4.8-stable (GENERIC.MP) #0: Sun Nov 21 17:12:18 PST 2010
>>
d...@obsdbuildamd.siptone.net:/home2/4.8/amd64/src/sys/arch/amd64/compile
>> /GENERIC.MP
>>
>> Then I attempted to build userland.  After running for 60-90 minutes, the
>> build dies as shown in the messages below.
>>
>> I have re-checked/re-traced my steps here 2-3 times, including starting
all
>> over from scratch.  Still, I can't see what I am doing wrong.
>>
>> I did find something about changes to libstdc++-v3 at this link:
>>
>>  http://www.openbsd.org/faq/current.html#20100923
>>
>> But I am attempting to build stable, not current.
>>
>> I would definitely be grateful for any advice.
>> I must be doing something wrong, but so far I just can't figure out what.
>>
>> Don
>>
>> ===> libstdc++-v3
>> c++ -O2 -pipe -g -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libstdc++-v3/
>>
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
>> -frandom-seed=RepeatabilityConsideredGood -DIN_GLIBCPP_V3 -DHAVE_CONFIG_H
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3
>>
-I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/libsupc++
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/gcc/gcc/include
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include
>> -I/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../libiberty/include -I.
>> -frandom-seed=RepeatabilityConsideredGood  -fno-implicit-templates
>> -ffunction-sections -fdata-sections  -Wno-deprecated
-fno-implicit-templates
>> -ffunction-sections -fdata-sections  -Wno-deprecated  -idirafter
>> //usr/include/g++  -nostdinc -idirafter //usr/include -c
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
>> llocator.cc -o bitmap_allocator.o
>> In file included from
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
>> bitmap_allocator.h:37,
>> from
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
>> llocator.cc:30:
>> //usr/include/g++/cstddef:50:28: error: bits/c++config.h: No such file or
>> directory
>> In file included from
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
>> bitmap_allocator.h:43,
>> from
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
>> llocator.cc:30:
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
>> concurrence.h:41:24: error: bits/gthr.h: No such file or directory
>> In file included from
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/include/ext/
>> bitmap_allocator.h:37,
>> from
>>
/home2/4.8/amd64/src/gnu/lib/libstdc++-v3/../../gcc/libstdc++-v3/src/bitmap_a
>> llocator.cc:30:
>> //usr/include

HABISERVE - Empreendimento Casas da Colina -Gondomar

[Habiserve]

A presente e-newsletter destina-se znica e exclusivamente a informar e nco
pode ser considerada SPAM. De acordo com a legislagco internacional que
regulamenta o correio electrsnico, "o e-mail nco podera ser considerado SPAM
quando incluir uma forma do receptor ser removido da lista". Caso o seu nome
faga parte da nossa lista por engano, desde ja apresentamos as nossas
desculpas. Dado que o processo de remogco i automatico, pedimos o favor de
verificar qual o e-mail onde receberam a nossa e-newsletter antes de solicitar
a remogco





Se nco deseja continuar a receber a nossa e-newsletter, clique Cancelar
subscrigco

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
flyer_c_colina-cópianet.jpg]

Re: Troubles compiling 4.8-stable userland on amd64

[Don Jackson]

OK, removing DESTDIR from my "build-userland" shell script fixed the problem.

To be specific, the FAQ says:

Make sure all the appropriate directories are created.
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
And here is what I had in my build script (ksh):

cd ${BSDSRCDIR}/etc
export DESTDIR=/
make distrib-dirs

And up until now, that has always worked for me.  But now it doesn't, so based
on Stuart's advice, I removed the
"export DESTDIR=/"

Is the FAQ incorrect, or was my translation of the FAQ into a ksh script
incorrect, which then failed when DESTDIR suppport during userland builds
changed?

Thank you so much for pointing out a workaround to my problem, I've been stuck
on this for days!

Don


On Nov 23, 2010, at 9:32 PM, Don Jackson wrote:

> On Nov 23, 2010, at 3:06 PM, Stuart Henderson wrote:
>
>> looks like you are setting DESTDIR during build. unfortunately DESTDIR
> builds
>> got broken with the move to GCC 4 and aren't supported during the build
> phase
>> any more.
>>
>> http://marc.info/?l=openbsd-tech&m=128072148432121&w=2
>>
>> the patches in the previous message in the thread do work (you must build
>> and install gcc with the patch *before* doing the DESTDIR build), but
> you're
>> creating maintenance problems that way.
>>
>> the simplest way to do what you're trying to do now is probably to unpack
>> OS tgz sets to some other directory and build in a chroot jail (watch out
>> for mount options nodev/nosuid).
>>
>> but the simplest way overall is to do the build without setting DESTDIR.
>
>
> I'm willing to try not using DESTDIR.
>
> But the FAQ clearly states to set it:
>
>   Make sure all the appropriate directories are created.
> # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
> http://www.openbsd.org/faq/faq5.html#BldUserland
>
> I will try this without setting DESTDIR.