Re: cwm: xterm -e and ssh-to

[Dmitrij D. Czarkoff]

On Tue, Feb 22, 2011 at 07:03:37PM -0700, Clint Pachl wrote:
 I want my cwm to open xterm window with tmux on CM-Return, so I write in my
 ~/.cwmrc:
 
 command term uxterm +sb -bg #000 -fg #aaa -e tmux
 
 That does the trick with tmux, but ssh-to dialog fails to open. When I remove
 -e tmux from the command, ssh-to works fine, but I have to manualy start
 tmux of new xterm windows, which isn't a desired behaviour.
 
 Sure, I can have in ~/.cwmrc:
 
 bind CM-Return   uxterm +sb -bg #000 -fg #aaa -e tmux
 command term uxterm +sb -bg #000 -fg #aaa
 
 But as I understand, the term command was supposed to avoid setting that
 twice.
 
 Therefor, the question is, what would be the right way to do what I want it 
 to
 do? Does there exist some syntax for nested commands? Or is there some way of
 commands concatination? Or anything else I may be missing?
 
 Whenever I have a complex command sequence like this in cwmrc (I
 usually run into problems too), I just break it out into a separate
 script in ~/bin/ then bind a key sequence to that script.

But there is bo complex command sequence here! I do actually want to do 4
simple things:

1. Run uxterm with some custom options as the default terminal emulator in
cwm;

2. Still have a possibility to run uxterm with default settings when run from
exec dialog;

3. Have uxterm started with tmux already running if no other task is bound to
it by cwm.

4. Do 1-3 the right way.

-- 
Dmitrij D. Czarkoff

Re: /etc/hosts comments update

[Stuart Henderson]

On 2011-02-22, Joachim Schipper joac...@joachimschipper.nl wrote:
 I think your IPv4 text unwisely suggests that using e.g. 192.0.2.0/24
 for your own stuff is okay. That's true only until you put a device with
 an appropriate list of unroutable IPs on your network, etc.

the same applies to the standard rfc1918 nets we already list..

Your web development opinions

[Tomas Vavrys]

Hi,

what does OpenBSD community think about new trends in web development
HTML5, javascript (jquery), AJAX? Do you block javascript? If so, do
you mind to turn it on sometimes? What browser do you use (lynx,
firefox, chromium, ...)?

I am learning Django at the moment and I would like to know more about
the nature of common OpenBSD user and how could I contribute to
project with my webdev skills.

Haftanın Fırsatı

[info]

Marma Paket.jpg

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
image001.jpg]

[no subject]

[Alpino]

Subject: Oferta comerciala alpinism utilitar

Stimate partener, 
 Sunt Andrei Neboisa si reprezint ALPINO-Servicii la inaltime. 
 Compania noastra presteaza servicii de alpinism utilitar si industrial la 
 cele mai inalte standarde si cele mai bune preturi preturi pe tot 
 teritoriul Romaniei si in toate statele unde aceasta activitate este 
 autorizata. 
 
 In cazul in care sunteti interesat de o oferta de pret nu ezitati sa ne 
contactati. 
 Va multumesc! 
 
 O zi buna, 
 Andrei Neboisa, administrator 
 
 mobil: +40.747.87.87.41 
 e-mail: off...@alpino.ro 
 www.alpino.ro 
 facebook.com/alpinobyqconstruct 
 Piatra Neamt, str. Aleea Ulmilor nr.19, bl.B6, 
 610292, Neamt(NT), ROMANIA

Re: Your web development opinions

[Ana Zgombic]

On Wed, Feb 23, 2011 at 6:04 PM, Tomas Vavrys vav...@cleancode.cz wrote:
 Hi,

 what does OpenBSD community think about new trends in web development
 HTML5, javascript (jquery), AJAX? Do you block javascript? If so, do

lots of code. lots of untested code.

yes, i block javascript. my blood temp rises a bit when a site makes
it a requirement.

 you mind to turn it on sometimes? What browser do you use (lynx,
 firefox, chromium, ...)?

not much choice. firefox.


 I am learning Django at the moment and I would like to know more about
 the nature of common OpenBSD user and how could I contribute to
 project with my webdev skills.



the common openbsd user is male, closet romantic, mildly aggressive,
mildly masochistic, highly opinionated, loves to use the word 'fuck'
and definitely does the act more than linux users.

Ana

-- 
http://nybl.info

Re: Your web development opinions

[Chris Bennett]

 They're a fucking disaster security-wise.

+1

 In general, blocking javascript won't get you too far, because most of the
 issues are not in the client, but rather in the use that's made of javascript.

I basically block javascript to stop some adveritising and keep some sites from 
crashing firefox.
But many, many sites require javascript to even login (i.e. many bank websites!)

 - trying to do https and having to deal with corrupt certificate authorities
 that don't guarantee too much in the end.

CA's cannot be trusted to even pay attention to carefully securing your 
certificate.
Here in the US, the government can simply ask for your certificate and get it ( 
and possibly even use it to impersonate you)

I sign my own certificates, post a copy of serial number and correct name and 
IP address on my websites using them. I explain to every customer that I do not 
trust external CA's and that I am only using https for encryption of passwords 
and paid content.
No one has complained.

Some have told me that I am risking a man-in-the-middle attack. Perhaps. But I 
see little reason to trust the CA man-at-the-end!

Chris Bennett

Re: Your web development opinions

[Kevin Chadwick]

On Wed, 23 Feb 2011 11:04:58 +0100
Tomas Vavrys wrote:

 Hi,
 
 what does OpenBSD community think about new trends in web development
 HTML5, javascript (jquery), AJAX? Do you block javascript? If so, do
 you mind to turn it on sometimes? What browser do you use (lynx,
 firefox, chromium, ...)?
 
I like html5 just because it allows videos that can be viewed
universally and hopefully one day to demote flash to easy to do basic
animation as was originally intended before the apple vs microsoft
format and patent wars and regain the oodles of power wasted by flash,
especially on Linux. Hopefully a video format that is as free as we can
get will stop this kind of video war with dire consequences in terms of
owned boxes via flash ads etc., happening again. I am concerned about
the data storage and other functions of html5 and privacy, though.

Javascript does annoy me a great deal especially when they say it's
required to click a link or download a pdf. I was shown a link the
other day saying install flash 8?!?! or greater to download this pdf
about a product. Have they not heard of w3c and audience maximisation.

Generally I leave javascript off, it even annoys me on google searches
 but I occasionally turn it on when it's not required to get
 functionality on sites I trust. I use noscript in firefox but also
 have a disable button. Chromium availability has just come back, I
 think on OpenBSD. I may use chromium and/or xxxterm at times or in
 the future.

Almost forgot all the exploits in browsers, related to javascript.

 I am learning Django at the moment and I would like to know more about
 the nature of common OpenBSD user and how could I contribute to
 project with my webdev skills.

OT: Risks of CAs (Re: Your web development opinions)

[Olivier Mehani]

Just some OT thoughts.

On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote:
 CA's cannot be trusted to even pay attention to carefully securing
 your certificate.  Here in the US, the government can simply ask for
 your certificate and get it ( and possibly even use it to impersonate
 you)

The government would have the certificate, but not the private key, so
I'm not sure how they can impersonate you with it.

However, they can just get their own key to *any* shoddy CA included in
browsers, and get a certificate linking that key to your services
without much problem.

The problem is not really whether there is a trust relationship between
your CA provider and you, it's whether at least *one* CA is laxist
enough that they give out certificates without thorough checking.

Even with your self-signed approach, somebody could get a CA to issue a
certificate that their key is good for your website, and impersonate it
to any of your new-coming customers who haven't been exposed to your
official key yet.

I may also be wrong in my analysis, but as far as my understanding goes,
it's correct.

--
Olivier Mehani sht...@ssji.net
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE  F5F9 F012 A6E2 98C6 6655

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: network bandwith with em(4)

[Patrick Lamaiziere]

Le Tue, 22 Feb 2011 19:13:48 +0100,
Manuel Guesdon ml+openbsd.m...@oxymium.net a icrit :

Hello,

 We've got same problems (on a routeur, not a firewall). Increasing
 MAX_INTS_PER_SEC to 24000  increased bandwith and lowered packet loss.
 Our cards are Intel PRO/1000 (82576) and Intel PRO/1000 FP
 (82576).

Did you try to increase the number of descriptor?
#define EM_MAX_TXD 256
#define EM_MAX_RXD 256

I've tried up to 2048 (and with MAX_INTS_PER_SEC = 16000) but it looks
worth.

My configuration is two firewalls in master/backup mode. On the first
one the two most busy links are on the first card (Fiber). On the
second, these two links are not on the same card, one is on the fiber
card and the other on the cupper card. I've noticed today that the
input Ierr rate is far lower on the second firewall than on the first.

Is it possible to have a bottleneck on the ethernet card or on the bus?

I will make more tests tomorrow...
Thanks, regards.

Re: network bandwith with em(4)

[Patrick Lamaiziere]

Le Tue, 22 Feb 2011 10:22:16 -0800 (PST),
James A. Peltier jpelt...@sfu.ca a icrit :

 Those documents do not necessarily apply any more.  Don't go tweaking
 knobs until you know what they do.  We have machines here that
 transfer nearly a gigabit of traffic/s without tuning in bridge mode
 non-the-less.
 
 Are you seeing any packet congestion markers (counter congestion) in
 systat pf?  If so you might not have sufficient states available

I log the congestion counter (each 10s) and there are at max 3 or 4
congestions per day. I don't think the bottleneck is pf.
 
 What about framentation?

None.

 Interface errors?

Quite a lot.
 
 There are many other non-tweakable issues that could cause this.

Sure, it's hard to know.

Thanks, regards.

hi

[adriano __]

hello  my friend
i just order an iphone4 from this company
www.elerong.com  8
good price and quality !
thoudans of products
just do it now .
good luck

Re: network bandwith with em(4)

[Manuel Guesdon]

On Wed, 23 Feb 2011 17:52:21 +0100
Patrick Lamaiziere patf...@davenulle.org wrote:

| Le Tue, 22 Feb 2011 19:13:48 +0100,
| Manuel Guesdon ml+openbsd.m...@oxymium.net a icrit :
|
| Hello,
|
|  We've got same problems (on a routeur, not a firewall). Increasing
|  MAX_INTS_PER_SEC to 24000  increased bandwith and lowered packet loss.
|  Our cards are Intel PRO/1000 (82576) and Intel PRO/1000 FP
|  (82576).
|
| Did you try to increase the number of descriptor?
| #define EM_MAX_TXD 256
| #define EM_MAX_RXD 256
|
| I've tried up to 2048 (and with MAX_INTS_PER_SEC = 16000) but it looks
| worth.

Thank you ! I'll investigate this !


| My configuration is two firewalls in master/backup mode. On the first
| one the two most busy links are on the first card (Fiber). On the
| second, these two links are not on the same card, one is on the fiber
| card and the other on the cupper card. I've noticed today that the
| input Ierr rate is far lower on the second firewall than on the first.
|
| Is it possible to have a bottleneck on the ethernet card or on the bus?

May be (but I'm not an expert :-). In my case, the bus doesn't seems to be
the problem (cards are on the PCI #1 64-bit PCI Express on a X8DTU
http://www.supermicro.com/products/motherboard/QPI/5500/X8DTU.cfm).

Manuel

--
__
Manuel Guesdon - OXYMIUM

Re: Problems with USB on 4.9

[Dennis den Brok]

Jacob Meuser jake...@sdf.lonestar.org wrote:
 it does seem to be that the hub has disabled a port. that is done by
 the usb stack when the disabling port message appears.  but that
 only happens when trying to attach a device, and I don't see any
 other code that's intentionally disabling ports.  and afaics, the
 only times the usb stack does anything to ports is when a device
 is attached or detached.

Yes, I think you're right.

 I wish I could at least give some ideas about how to debug this,
 but I'm basically without any ideas right now.  sorry.  I'll
 keep thinking about it.

Never mind, I was prepared that this would be difficult to debug.
Thank you anyway.

--
Dennis den Brok

Y Venda al Peru y al Mundo.............Publicidad

[Obtenga su Tienda Virtual]

[IMAGE]

[IMAGE]

Re: Your web development opinions

[Hugo Osvaldo Barrera]

On 02/23/2011 08:59 AM, Ana Zgombic wrote:
  you mind to turn it on sometimes? What browser do you use (lynx,
  firefox, chromium, ...)?
 not much choice. firefox.
 

Regrettably, it is.

Firefox is now more about:

 * users are too stupid to read
 * let's not have any buttons so user's don't click one they shouldn't
 * features confuse user, it's better to remove them/hide them.

The only plus side, is that standard-complaint browsers with market
share this way (a plus for web developers and standard-compliance).

I remember firefox sync used to have an encryption passphrase for
syncing data.  Now that's gone, and users are motivated to PRINT an
auto-generated one, because they can't remember the one that they set,
and printing it is the safest way to make sure they don't loose it.
Of course, if you CAN remember passphrases, you can't set your own any more.

This stuff is happening all the time with firefox, and I hope some
OpenBSD-like developers branch firefox some day.  A browser for people
who can read would be a great slogan.

-- 
Hugo Osvaldo Barrera

Small fix to calendar.music

[Jeff Ross]

--- usr.bin/calendar/calendars/calendar.music.org   Wed Feb 23 
15:37:02 2011

+++ usr.bin/calendar/calendars/calendar.music   Wed Feb 23 15:38:08 2011
@@ -89,7 +89,7 @@
 02/23  George Friedrich Handel is born in Halle on the Salle, Germany, 
1685

 02/23  Johnny Winter is born in Leland, Mississippi, 1944
 02/23  Sir Edward William Elgar dies 1934
-02/24  Howard Hanson in Rochester, New York, 1981
+02/24  Howard Hanson dies in Rochester, New York, 1981
 02/25  George Harrison born in Liverpool, England, 1943
 02/27  Alexander Borodin dies, 1887
 02/29  Jimmy Dorsey born, 1904

Re: Your web development opinions

[Daniel Ouellet]

On 2/23/11 5:34 PM, Hugo Osvaldo Barrera wrote:

On 02/23/2011 08:59 AM, Ana Zgombic wrote:

you mind to turn it on sometimes? What browser do you use (lynx,
firefox, chromium, ...)?

not much choice. firefox.



Regrettably, it is.

Firefox is now more about:

  * users are too stupid to read
  * let's not have any buttons so user's don't click one they shouldn't
  * features confuse user, it's better to remove them/hide them.

The only plus side, is that standard-complaint browsers with market
share this way (a plus for web developers and standard-compliance).

I remember firefox sync used to have an encryption passphrase for
syncing data.  Now that's gone, and users are motivated to PRINT an
auto-generated one, because they can't remember the one that they set,
and printing it is the safest way to make sure they don't loose it.
Of course, if you CAN remember passphrases, you can't set your own any more.

This stuff is happening all the time with firefox, and I hope some
OpenBSD-like developers branch firefox some day.  A browser for people
who can read would be a great slogan.


You can always try xxxterm from Marco for a more secure browser.

It really isn't bad at all! Very Fast, small and I would say more 
trusted then firefox or other, but sure no question, definitely more 
trusted then IE. (;


Doesn't support flash, but that's not a lost, I HATE flash! YMMV.

I am not going to say it's full feature and fully compliant, I never 
tested it, but as long as it does what you need, who cares! May be some 
journalist trying to write an article, but then what


Just a thought. My son use it and preach it! Yeap!!!

Haven't been able to compile it on mac yet, but when time allow may be 
in 20 years or so! (:

Re: OT: Risks of CAs (Re: Your web development opinions)

[Andres Perera]

On Wed, Feb 23, 2011 at 9:21 AM, Olivier Mehani sht...@ssji.net wrote:
 Just some OT thoughts.

 On Wed, Feb 23, 2011 at 07:35:19AM -0600, Chris Bennett wrote:
 CA's cannot be trusted to even pay attention to carefully securing
 your certificate. B Here in the US, the government can simply ask for
 your certificate and get it ( and possibly even use it to impersonate
 you)

 The government would have the certificate, but not the private key, so
 I'm not sure how they can impersonate you with it.

it's a little more detailed than that

they gov could say revoke his cert on the crl, and assign the next iteration
to
me with my arbitrary req generated with my arbitrary key

at that point it would not matter if they don't have *his* private key

if he controls the ca, then the gov/whoever is forced to do true mitm

the big problem with the first is that chances are that your ca company is
american/european (no bullet proof host), and they will give in like paypal
wrt
wikileaks


 However, they can just get their own key to *any* shoddy CA included in
 browsers, and get a certificate linking that key to your services
 without much problem.

 The problem is not really whether there is a trust relationship between
 your CA provider and you, it's whether at least *one* CA is laxist
 enough that they give out certificates without thorough checking.

 Even with your self-signed approach, somebody could get a CA to issue a
 certificate that their key is good for your website, and impersonate it
 to any of your new-coming customers who haven't been exposed to your
 official key yet.

 I may also be wrong in my analysis, but as far as my understanding goes,
 it's correct.

 --
 Olivier Mehani sht...@ssji.net
 PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE B F5F9 F012 A6E2 98C6 6655

 [demime 1.01d removed an attachment of type application/pgp-signature]

ruby-thin: Errno::EPERM wtih QUIT Signal

[Clint Pachl]

I use Thin (ruby-thin) as the HTTP frontend for my web frameworks.

STARTING/STOPPING:
$ sudo -u #{USER} thin -C #{THIN_PRODUCTION_CONF} start
$ sudo -u #{USER} thin -C #{THIN_PRODUCTION_CONF} stop


THIN_PRODUCTION_CONF:
---
rackup: config/config.ru
address: localhost
port: 3020
servers: 4
max_conns: 1024
max_persistent_conns: 512
timeout: 30
environment: production
pid: tmp/thin-production.pid
log: log/thin-production.log
daemonize: true


When sending the thin stop command, I get the following error on STDOUT:

Stopping server on localhost:3020 ...
Sending QUIT signal to process 15182 ...
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:7:in `getpgid': 
Operation not permitted (Errno::EPERM)
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:7:in `running?'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:118:in 
`send_signal'

from /usr/local/lib/ruby/1.8/timeout.rb:67:in `timeout'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:117:in 
`send_signal'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:103:in 
`kill'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.rb:87:in 
`stop'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.rb:128:in 
`tail_log'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.rb:86:in 
`stop'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:177:in 
`send'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:177:in 
`run_command'
from 
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:143:in 
`run!'

from /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/bin/thin:6
from /usr/local/bin/thin:19:in `load'
from /usr/local/bin/thin:19


Here's a snipped from daemonizing.rb:

 6: def running?(pid)
 7:Process.getpgid(pid) != -1
 8:  rescue Errno::ESRCH
 9:false
10:  end

As you can see, the ESRCH error is rescued here, which is the other 
error that getpgid(2) can return.



Can anyone explain this?

When the thin processes are daemonized, are they detached from the 
session and that's why it's complaining with an EPERM error?


The daemonized processes all do quit, but not without a delay, which may 
be the reason for entering the timeout.rb code? So I'm not sure I need 
to worry. I've been running things like this for over 2 years now, but 
I'd just like to quiet it down as it doesn't seem normal.


Thanks,

Clint

Re: ruby-thin: Errno::EPERM wtih QUIT Signal

[Clint Pachl]

Thanks Jeremy. I also reported this on Thin's bug tracking system as well.


Jeremy Evans wrote:

On Wed, Feb 23, 2011 at 4:32 PM, Clint Pachlpa...@ecentryx.com  wrote:
   

I use Thin (ruby-thin) as the HTTP frontend for my web frameworks.

STARTING/STOPPING:
$ sudo -u #{USER} thin -C #{THIN_PRODUCTION_CONF} start
$ sudo -u #{USER} thin -C #{THIN_PRODUCTION_CONF} stop


THIN_PRODUCTION_CONF:
---
rackup: config/config.ru
address: localhost
port: 3020
servers: 4
max_conns: 1024
max_persistent_conns: 512
timeout: 30
environment: production
pid: tmp/thin-production.pid
log: log/thin-production.log
daemonize: true


When sending the thin stop command, I get the following error on STDOUT:

Stopping server on localhost:3020 ...
Sending QUIT signal to process 15182 ...
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:7:in
`getpgid': Operation not permitted (Errno::EPERM)
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:7:in
`running?'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:118:in
`send_signal'
from /usr/local/lib/ruby/1.8/timeout.rb:67:in `timeout'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:117:in
`send_signal'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:103:in
`kill'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.rb:87:in
`stop'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.rb:128:in
`tail_log'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.rb:86:in
`stop'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:177:in
`send'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:177:in
`run_command'
from
/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:143:in
`run!'
from /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/bin/thin:6
from /usr/local/bin/thin:19:in `load'
from /usr/local/bin/thin:19


Here's a snipped from daemonizing.rb:

  6: def running?(pid)
  7:Process.getpgid(pid) != -1
  8:  rescue Errno::ESRCH
  9:false
10:  end

As you can see, the ESRCH error is rescued here, which is the other error
that getpgid(2) can return.


Can anyone explain this?
 

Yes.  The original author is not checking all of the errors he should
be checking.  He should be rescuing Errno::EPERM and returning true, I
think.

Looks like a patch for exactly that was committed in June of last
year: https://github.com/macournoyer/thin/blob/master/lib/thin/daemonizing.rb#L8

So thin should probably be updated after ports unlocks.  I'll take care of it.

Jeremy

El Regalo para tu cumple o para tus amigos

[Increible]

 Queres festejar tu cumple con Barra libre de Cerveza y Pizza libre ?

Si  la fecha de tu cumple es en Febrero  Marzo o Abril

Te regalamos SIN CARGO en el mejor Resto Bar Lounge de Capital Federal

Canilla libre de Cerveza + Pizza libre para vos y para tus invitados
tenemos la mejor promo

Si tenes el cumple de tus amigos reenviale este mail y ganan la cena con
barra libre !!!

Solo con reserva previa Capacidad limitada hasta 200 personas

Nuestros telefonos oficina   4-331.6350 - Telefono Celular 153-801-5852

Tambien si te queres reunir con tus amigos o tenes alguna despedida
tenemos el lugar ideal para que festejes a lo grande

Ademas te regalamos consumiciones sin cargo para vos y Listas Free para
todos tus amigos

Te gustaria NO PAGAR ALQUILER DE SALON para realizar festejos de:

Casamientos, Bautismos, Agasajos, Eventos, Graduados, Fiestas
universitarias y cumple de 15

Enviar unicamente tu consulta a -  masi...@apennootje.nl

Nuestros telefonos oficina   4-331.6350 - Telefono Celular 153-801-5852

Promocion valida unicamente para Gran Buenos Aires y Capital Federal

Mode de Vie Estate - Burgundy's best value

[Burgundy's Best Value]

MODE DE VIE ESTATE
AFFORDABLE APPARTMENTS FROM R599 900

INVEST NOW!
THE MARKET HAS TURNED!

b Stylish 2 bedroom apartments
b Full family bathroom (bath and shower)
b Secure parking Kitchens with stainless steel appliances
b Gymnasium
b Built-in braai on patio / balcony
b Price includes all costs
b Only R20 000 reservation deposit

Visit www.modedev.co.za for more information

Regards
Jaco Maritz
021 801 5400


We would like to ensure that we only communicate with investors/people
that are interested in our current and future projects and would like to
be kept informed via our regular newsletter.

This email is intended for misc@openbsd.org. If you would like to
unsubcribe
please use the link provided.
http://www.propertyinv.co.za/prop/unsubscribe.php?M=3815548C=0ddabfac7300f87257d733ec0b2a1f62L=93N=282
If the unsubscribe link is unsuccessful, please email:
unsubscr...@propertyinv.co.za

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
2aebe496defe080bfc818b3e10b6fe37]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
69376a480a030df70a54a2d0dbcb1b17]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
1463d177bbb6a21ac4919f1601acdc0b]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
3cc457c86916246519f29c6d95091157]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
5b11b08040c90f32bebce394b581d5b5]

Re: Your web development opinions

[Hugo Osvaldo Barrera]

On 23/02/11 20:56, Andres Perera wrote:
 On Wed, Feb 23, 2011 at 5:57 PM, Hugo Osvaldo Barrera
 h...@osvaldobarrera.com.ar wrote:
 On 02/23/2011 10:35 AM, Chris Bennett wrote:
 They're a fucking disaster security-wise.

 +1

 In general, blocking javascript won't get you too far, because most of the
 issues are not in the client, but rather in the use that's made of 
 javascript.

 I basically block javascript to stop some adveritising and keep some sites 
 from crashing firefox.
 But many, many sites require javascript to even login (i.e. many bank 
 websites!)

 - trying to do https and having to deal with corrupt certificate 
 authorities
 that don't guarantee too much in the end.

 CA's cannot be trusted to even pay attention to carefully securing your 
 certificate.
 Here in the US, the government can simply ask for your certificate and get 
 it ( and possibly even use it to impersonate you)

 I sign my own certificates, post a copy of serial number and correct name 
 and IP address on my websites using them. I explain to every customer that 
 I do not trust external CA's and that I am only using https for encryption 
 of passwords and paid content.
 No one has complained.

A simple man-in-the middle of that site, and replacing it's content
would open the door for every site you refer to.
If it's an SSL website, you're in and endless loop without a CA or
trusted third party.


 Some have told me that I am risking a man-in-the-middle attack. Perhaps. 
 But I see little reason to trust the CA man-at-the-end!

 Chris Bennett


 Supposing that's the case, the government can just request a CA a
 certificate for your domain, and do a man-in-the middle.  User's won't
 get any prompt for invalid cert, and the same vulnerability you
 described using still exists.

 
 that's flawed because you're assuming his users are trusting equifax,
 cacert.org, and the countless of others that get bundled in certs packages for
 unix, or worse, his users are ussing a browser that comes bundled with its own
 set of certs and ssl library (firefox).

That means you'd have to physically give the certificate to every user,
with no trusted authority, or trusted third party, you have no way of
establishing a secure (authenticated) communication, except physically
being with that person.

How do you then pay your taxes?  Check your bank account, etc?  I don't
like having to trust dozens of CA and it's definitely not the best
solution, but I don't see any alternative for this sort of thing.

 
 when you download openssh, does it come with bundled with a known hosts file?
 
 no, you go to the site and look at their public key. if they delegated their
 public keys to a central authority they excert no control over, they don't 
 have
 the power to shutdown their site when it becomes compromised to display bogus
 public keys, or worse
 
 simlarly, i dont feed the cert bundle to sendmail, but instead feed it a
 *single* cert that i'm vary wary of if it changes
 
 ssl everywhere is a stupid concept because of this. you should only ssl
 select communications so that managing the certs is plausible
 
 Additionally, you have to make users accept the cert manually the first
 time (checking it, of course).  It may not be much of a fuss, but I
 don't see you actually fixing any security holes.

 --
 Hugo Osvaldo Barrera




-- 
Hugo Osvaldo Barrera

Re: ruby-thin: Errno::EPERM wtih QUIT Signal

[Jeremy Evans]

On Wed, Feb 23, 2011 at 4:32 PM, Clint Pachl pa...@ecentryx.com wrote:
 I use Thin (ruby-thin) as the HTTP frontend for my web frameworks.

 STARTING/STOPPING:
 $ sudo -u #{USER} thin -C #{THIN_PRODUCTION_CONF} start
 $ sudo -u #{USER} thin -C #{THIN_PRODUCTION_CONF} stop


 THIN_PRODUCTION_CONF:
 ---
 rackup: config/config.ru
 address: localhost
 port: 3020
 servers: 4
 max_conns: 1024
 max_persistent_conns: 512
 timeout: 30
 environment: production
 pid: tmp/thin-production.pid
 log: log/thin-production.log
 daemonize: true


 When sending the thin stop command, I get the following error on STDOUT:

 Stopping server on localhost:3020 ...
 Sending QUIT signal to process 15182 ...
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:7:in
 `getpgid': Operation not permitted (Errno::EPERM)
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:7:in
 `running?'
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:118:in
 `send_signal'
from /usr/local/lib/ruby/1.8/timeout.rb:67:in `timeout'
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:117:in
 `send_signal'
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/daemonizing.rb:103:in
 `kill'
from

/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.
rb:87:in
 `stop'
from

/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.
rb:128:in
 `tail_log'
from

/usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/controllers/controller.
rb:86:in
 `stop'
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:177:in
 `send'
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:177:in
 `run_command'
from
 /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/lib/thin/runner.rb:143:in
 `run!'
from /usr/local/lib/ruby/gems/1.8/gems/thin-1.2.7/bin/thin:6
from /usr/local/bin/thin:19:in `load'
from /usr/local/bin/thin:19


 Here's a snipped from daemonizing.rb:

  6: def running?(pid)
  7:Process.getpgid(pid) != -1
  8:  rescue Errno::ESRCH
  9:false
 10:  end

 As you can see, the ESRCH error is rescued here, which is the other error
 that getpgid(2) can return.


 Can anyone explain this?

Yes.  The original author is not checking all of the errors he should
be checking.  He should be rescuing Errno::EPERM and returning true, I
think.

Looks like a patch for exactly that was committed in June of last
year:
https://github.com/macournoyer/thin/blob/master/lib/thin/daemonizing.rb#L8

So thin should probably be updated after ports unlocks.  I'll take care of
it.

Jeremy

FSC CERTIFIED PRINTER

[POLYWELL PRINTING AND SUPPLIES LIMITED]

Having problems viewing this email? Please click here.For enquiry, please send 
email to i...@polywellps.com.hk

eg!f3i1h.d;%d8ge'e.9oh+f   f-$.ef   
d;;d=f%h)h+i;i5h3 i...@polywellps.com.hk













eff(d8
f3e
f6e0fegd?!d;6oh+fih#ie.

Important Notice: Base on the Unsolicited Electronic Messages Ordinance, if you 
DO NOT want to receive any promotional email messages from us in the future, 
please kindly reply this e-mail for DELETION. If you would like to continue to 
receive our promotional email massages, you do not need to reply us.

AHCI configuration delay

[Luis Useche]

Hi Guys,

Today I installed a new machine with an ahci sata controller. When the
machine is booting, during the configuration of the ahci driver, the kernel
has a delay of aproximately 30 seconds. During this time, the disk led is
constantly blinking. Then, the driver prints two messages of PHY offline on
port and the machine boots normally.

The snippet that matters:

ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x02: apic 2 int 19
(irq 10), AHCI 1.2
ahci0: PHY offline on port 1
ahci0: PHY offline on port 5
scsibus0 at ahci0: 32 targets

For the sake of completeness, I am also attaching the complete dmesg:

OpenBSD 4.9 (GENERIC.MP) #811: Tue Feb 22 12:04:57 MST 2011
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3714764800 (3542MB)
avail mem = 3601858560 (3435MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf70c0 (43 entries)
bios0: vendor Dell Inc. version A00 date 01/06/2010
bios0: Dell Inc. Latitude 13
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET  APIC ASF! MCFG TCPA SLIC SSDT
acpi0: wakeup devices PCI0(S5) PCIE(S4) USB1(S0) USB2(S0) USB3(S0) USB4(S0)
USB5(S0) USB6(S0) EHC2(S0) EHCI(S0) AZAL(S3) RP01(S3) RP02(S1) RP03(S3)
RP04(S3) RP05(S3) RP06(S5) LID_(S3) PBTN(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Genuine Intel(R) CPU U7300 @ 1.30GHz, 1297.09 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU U7300 @ 1.30GHz, 1296.89 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu1: 3MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 2 (PCIE)
acpiprt1 at acpi0: bus 11 (RP01)
acpiprt2 at acpi0: bus 12 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus 13 (RP04)
acpiprt5 at acpi0: bus -1 (RP05)
acpiprt6 at acpi0: bus 9 (RP06)
acpiprt7 at acpi0: bus 0 (PCI0)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpitz0 at acpi0: critical temperature 107 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model DELL NTG4J0B serial 409 type LION oem SMP
acpivideo0 at acpi0: VID_
acpivout0 at acpivideo0: CRT_
acpivout1 at acpivideo0: TV__
acpivout2 at acpivideo0: LCD_
acpivout3 at acpivideo0: DP__
acpivout4 at acpivideo0: DP2_
acpivout5 at acpivideo0: DVI_
acpivout6 at acpivideo0: DVI2
acpivideo1 at acpi0: VID2
cpu0: Enhanced SpeedStep 1296 MHz: speeds: 1300, 1200, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1: apic 2 int 16 (irq 11)
drm0 at inteldrm0
Intel GM45 Video rev 0x07 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 2 int 20
(irq 10)
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 2 int 21
(irq 7)
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 2 int 22
(irq 5)
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 2 int 22
(irq 5)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x02: apic 2
int 21 (irq 7)
azalia0: codecs: Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 2 int 16
(irq 0)
pci1 at ppb0 bus 11
ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x02: apic 2 int 17
(irq 0)
pci2 at ppb1 bus 12
iwn0 at pci2 dev 0 function 0 Intel WiFi Link 5100 rev 0x00: apic 2 int 17
(irq 4), MIMO 1T2R, MoW, address 00:24:d6:ad:e7:a8
ppb2 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x02: apic 2 int 19
(irq 0)
pci3 at ppb2 bus 13
ppb3 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: apic 2 int 17
(irq 0)
pci4 at ppb3 bus 9
bge0 at pci4 dev 0 function 0 Broadcom BCM5761E rev 0x10, BCM5761 A1
(0x5761100): apic 2 int 17 (irq 4), address 00:26:b9:69:27:e6
brgphy0 at bge0 phy 1: BCM5761 10/100/1000baseT PHY, rev. 0
uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 2 int 20
(irq 10)
uhci4 at pci0 dev 29 function 

Re: Your web development opinions

[Andres Perera]

On Wed, Feb 23, 2011 at 9:20 PM, Hugo Osvaldo Barrera
h...@osvaldobarrera.com.ar wrote:
 On 23/02/11 20:56, Andres Perera wrote:
 On Wed, Feb 23, 2011 at 5:57 PM, Hugo Osvaldo Barrera
 h...@osvaldobarrera.com.ar wrote:
 On 02/23/2011 10:35 AM, Chris Bennett wrote:
 They're a fucking disaster security-wise.

 +1

 In general, blocking javascript won't get you too far, because most of
the
 issues are not in the client, but rather in the use that's made of
javascript.

 I basically block javascript to stop some adveritising and keep some
sites from crashing firefox.
 But many, many sites require javascript to even login (i.e. many bank
websites!)

 - trying to do https and having to deal with corrupt certificate
authorities
 that don't guarantee too much in the end.

 CA's cannot be trusted to even pay attention to carefully securing your
certificate.
 Here in the US, the government can simply ask for your certificate and
get it ( and possibly even use it to impersonate you)

 I sign my own certificates, post a copy of serial number and correct name
and IP address on my websites using them. I explain to every customer that I
do not trust external CA's and that I am only using https for encryption of
passwords and paid content.
 No one has complained.

 A simple man-in-the middle of that site, and replacing it's content
 would open the door for every site you refer to.
 If it's an SSL website, you're in and endless loop without a CA or
 trusted third party.

i hope that you realize that the loop applies to the initial
distribution of the bundle aswell and that the difference after that is
one is centralized (bigger target) and the other one isn't

you're going to get their crl from them, right? like the millions of
other people that trust them should?



 Some have told me that I am risking a man-in-the-middle attack. Perhaps.
But I see little reason to trust the CA man-at-the-end!

 Chris Bennett


 Supposing that's the case, the government can just request a CA a
 certificate for your domain, and do a man-in-the middle. B User's won't
 get any prompt for invalid cert, and the same vulnerability you
 described using still exists.


 that's flawed because you're assuming his users are trusting equifax,
 cacert.org, and the countless of others that get bundled in certs packages
for
 unix, or worse, his users are ussing a browser that comes bundled with its
own
 set of certs and ssl library (firefox).

 That means you'd have to physically give the certificate to every user,
 with no trusted authority, or trusted third party, you have no way of
 establishing a secure (authenticated) communication, except physically
 being with that person.

 How do you then pay your taxes? B Check your bank account, etc? B I don't
 like having to trust dozens of CA and it's definitely not the best
 solution, but I don't see any alternative for this sort of thing.

my bank account and other items would never account for the plethora of
bundled certs, nor with the inability of a client to associate cacerts
with specific hosts. the latter is why your argument is flawed, and it
has nothing to do with self-singing

a cert pool should have varying degrees of trust and reach. if firefox
doesn't do this, the problem is firefox and not the server's cert
distribution model



 when you download openssh, does it come with bundled with a known hosts
file?

 no, you go to the site and look at their public key. if they delegated
their
 public keys to a central authority they excert no control over, they don't
have
 the power to shutdown their site when it becomes compromised to display
bogus
 public keys, or worse

 simlarly, i dont feed the cert bundle to sendmail, but instead feed it a
 *single* cert that i'm vary wary of if it changes

 ssl everywhere is a stupid concept because of this. you should only ssl
 select communications so that managing the certs is plausible

 Additionally, you have to make users accept the cert manually the first
 time (checking it, of course). B It may not be much of a fuss, but I
 don't see you actually fixing any security holes.

 --
 Hugo Osvaldo Barrera




 --
 Hugo Osvaldo Barrera

Seminario: Guia a tu Equipo de Trabajo al Exito

[Lic. Roberto Gonzalez P.]

Si no puede ver el mensaje haga click aqui