Re: a GOOD idea to harden OpenSSH!

[Joachim Schipper]

On Tue, Apr 19, 2011 at 11:56:51AM +0200, Peter N. M. Hansteen wrote:
 Alexander Schrijver alexander.schrij...@gmail.com writes:
  I think it's a bad idea to disable ssh login while someone is bruteforcing 
  your
  account.
 
 (...) industrial-scale password guessing (...)
 
 If you allow password logins at all, there are worse ideas than
 running john (or similar) to flush out the bad ones occasionally.

If you're going to check password quality, use security/passwdqc (by the
same author as John the Ripper, based on the same code) - it will
actually prevent people from setting bad passwords, and using it to
check plaintext passwords is much more efficient than running john.

(Of course, it doesn't work on passwords already set, so *one* john runs
makes sense.)

Joachim

-- 
PotD: devel/p5-YAML - YAML ain't a markup language
http://www.joachimschipper.nl/

Re: syslog and interfaces

[Joachim Schipper]

On Tue, Apr 19, 2011 at 09:08:52AM +, Julien Dyie wrote:
 Hi,
 after the reading of syslog.conf (5) and syslogd (8), I can't find how to
 disable syslog's listening on specifical interfaces.

syslogd always opens a UDP port, but it silently drops all traffic
unless you pass the -u option. Yes, this is a bit confusing.

Joachim

-- 
PotD: x11/fvwm2,-main,i18n - multiple virtual desktop window manager, with icons
http://www.joachimschipper.nl/

Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8

[Indunil Jayasooriya]

On Tue, Apr 19, 2011 at 12:00 PM, Indunil Jayasooriya
induni...@gmail.com wrote:


 many thanks.  I got it working. I changed from http_port 3129 intercept to
 http_port 127.0.0.1:3129 intercept in squid.conf file.

 Here's the rule in pf.conf

 pass in log on $int_if proto tcp from $lan_net to any port 80 \
 divert-to 127.0.0.1 port 3129


very sorry. After sending this mail, I checked squid cache.log with
below command

tail -f /var/squid/logs/cache.log


 this below error still appears.

Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied


I just wanted to let you know. If this is a trouble, Pls excuse me.





--
Thank you
Indunil Jayasooriya

Re: Building from the source -Current

[Henning Brauer]

* Insan Praja SW insan.pr...@gmail.com [2011-04-19 21:50]:
 Hi Misc@,
 Tried to build kernel from the source but something like this;
 
 $ sudo config GENERIC.MP
 Don't forget to run make depend
 Kernel options have changed -- you must run make clean
 $ cd ../compile/GENERIC.MP/
 $ sudo make clean  sudo make depend  sudo make  sudo make install
 rm -f eddep *bsd *bsd.gdb tags *.[io] [a-z]*.s  [Ee]rrs linterrs assym.h
 make: don't know how to make machine/freebsd_machdep.h. Stop in
 /usr/src/sys/arch/i386/compile/GENERIC.MP.
 
 What should I do?

  rm -rf ./compile/GENERIC.MP/
and reconfig. occasionally make clean is not enough.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Citrix ICAclient hangs whole PC with latest i386 PC

[Tomas Bodzar]

Sorry, still same issue as yesterday even with latest sources so I
can't build new kernel. I tried make clean  make depend  make too
even as make depend is not needed anymore, but just to be sure.


ERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DSOCKET_SPLICE -DTCP_SACK
-DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP
-DPPP_DEFLATE -DMROUTING -DMPLS -DBOOT_CONFIG -DUSER_PCICONF -DKVM86
-DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_LINUX -DCOMPAT_AOUT
-DPROCFS -DNTFS -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE
-DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD
-DWSDISPLAY_DEFAULTSCREENS=6 -DWSDISPLAY_COMPAT_PCVT -DX86EMU
-DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL -MD -MP  -c
../../../../kern/vfs_vops.c
../../../../kern/vfs_vops.c: In function 'VOP_ISLOCKED':
../../../../kern/vfs_vops.c:66: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_LOOKUP':
../../../../kern/vfs_vops.c:81: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_CREATE':
../../../../kern/vfs_vops.c:99: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_MKNOD':
../../../../kern/vfs_vops.c:116: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_OPEN':
../../../../kern/vfs_vops.c:130: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_CLOSE':
../../../../kern/vfs_vops.c:146: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_ACCESS':
../../../../kern/vfs_vops.c:162: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_GETATTR':
../../../../kern/vfs_vops.c:177: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_SETATTR':
../../../../kern/vfs_vops.c:194: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_READ':
../../../../kern/vfs_vops.c:210: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_WRITE':
../../../../kern/vfs_vops.c:227: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_IOCTL':
../../../../kern/vfs_vops.c:244: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_POLL':
../../../../kern/vfs_vops.c:257: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_KQFILTER':
../../../../kern/vfs_vops.c:269: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_REVOKE':
../../../../kern/vfs_vops.c:281: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_FSYNC':
../../../../kern/vfs_vops.c:298: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_REMOVE':
../../../../kern/vfs_vops.c:314: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_LINK':
../../../../kern/vfs_vops.c:329: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_RENAME':
../../../../kern/vfs_vops.c:349: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_MKDIR':
../../../../kern/vfs_vops.c:366: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_RMDIR':
../../../../kern/vfs_vops.c:382: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_SYMLINK':
../../../../kern/vfs_vops.c:400: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_READDIR':
../../../../kern/vfs_vops.c:419: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_READLINK':
../../../../kern/vfs_vops.c:434: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_ABORTOP':
../../../../kern/vfs_vops.c:446: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_INACTIVE':
../../../../kern/vfs_vops.c:460: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_RECLAIM':
../../../../kern/vfs_vops.c:472: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_LOCK':
../../../../kern/vfs_vops.c:485: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_UNLOCK':
../../../../kern/vfs_vops.c:498: error: 'struct vops' has no member
named 'vop_default'
../../../../kern/vfs_vops.c: In function 'VOP_BMAP':
../../../../kern/vfs_vops.c:516: error: 'struct vops' has no member
named 'vop_default'

Re: CARP compatibility

[Marcus Mülbüsch]

Router 2
carp1: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:00:00:00:00
priority: 0
carp: INIT carpdev none vhid 2 advbase 1 advskew 0
groups: carp


This mightily looks like some other interface is trying to use the same 
IP-address (the 00:00:00:00:00:00 hints at that).


In that case the carp interface naturally remains at INIT.

Marcus

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Stuart VanZee]

 On Tue, Apr 19, 2011 at 08:11:10PM +, Miod Vallat wrote:
   The OpenBSD project does not receive any proceeds from
 tshirt, posters, doll or
   book sales.
 
  In any case, the OpenBSD project receives more money from
 the sale of
  one CD set than from the sale of one clothing attire, due to the
  production costs of said items.
 
  So if you want to contribute but don't know what to get,
 get a CD set
  (or several!). Noone will mind if you frame them and hang
 them on your
  wall; it's the thought which counts.
 
  Miod
 

 In fact one famous CD decorates the ceiling of a Calgary bar. Why
 not upgrade the decor of your local drinking establishment and
 give them a CD set to put on the wall/ceiling! And then you can
 raise a beer to OpenBSD every visit.

  Ken


Ken,

I hang out in the most red-neck hick places.  They would likely
try to put the cd in the juke box and would get mad that it
didn't play.  You should see them look at the OpenBSD shirts that
I wear there occasionally.  I think they think they are for some
kind of devil-music rock band or something.

s

Re: 4.7 ospfd FIB/RIB synchronization

[David Gwynne]

you might be able to upgrade your passive firewall to 4.9 next to the active
4.7 one. it looks like the protocol stayed the same so they should be able to
talk to each other.

however, it looks like bulk updates were broken in 4.7, which would explain
your failover problems. you can work around that by going pfctl -S
/dev/stdout | ssh activefw pfctl -L /dev/stdin as root on the passive fw.

as a matter of interest, are you using ospf for failover on one side of your
firewalls?

dlg

On 20/04/2011, at 2:45 PM, Jonathan Lassoff wrote:

 On Tue, Apr 19, 2011 at 7:14 PM, David Gwynne l...@animata.net wrote:
 i had this same problem and fixed it in time for the 4.8 release. is it
possible you can upgrade?

 Do you mean that this was an issue in 4.7 that was fixed in 4.8?

 I most definitely plan to upgrade (all the way to 4.9, most likely),
 but am stuck with 4.7 for now, since there's not a hitless way for me
 to upgrade right now (mostly due to pfsync causing sessions to reset
 when failing over).

 Thanks for the pointer.

 Cheers,
 jof

En Abril nuestras Bases de Datos al 2 x 1 (ID:243807)

[Bases al 2 x 1 VGK]

Me interesa la promocisn de todo al 2 x 1... dar click aqum

Una base de datos es determinante para el ixito de un negocio. Durante
Abril todas nuestras bases de datos al 2 x 1

Hola:

Durante el mes de Abril todas nuestras bases de Datos al 2 x 1. En la
compra de una se lleva otra de igual o menor precio sin costo adicional.
O puede llevarse 3 o mas con un atractivo descuento.

Base

Registros

Precio de Lista

Hospitales

3,000

$4,500

Farmacias

15,000

$9,900

Midicos

47,000

$9,500

Laboratorios Clmnicos

4,500

$4,200

Gimnasios y Clubes

3,000

$3,000

Restaurantes

25,000

$2,500

Hoteles

10,000

$2,000

Bares, Centros Nocturnos y Vinatermas

10,000

$2,000

Constructoras y Afines

20,000

$5,500

Talleres Mecanicos

13,000

$2,500

Venta y Renta Autos

4,500

$2,000

Refaccionarias

15,000

$2,750

Nuestras bases de datos cuentan con los siguientes campos:

  * Nombre

  * Direccion

  * Telifono

  * Giro

Tenemos otras bases de datos, si la que necesita no esta en la lista,
llamenos.

Durante Abril todas al 2 x 1. Di click aqum

Para mas detalles sobre nuestras bases de datos, llamenos al 01
800-716-1681

Eliminar mi direccion de su lista

Re: OpenBSD-Wiki.org

[Sunnz]

e( 2011e944f19f%ffd:oWayne Oliver wayn0...@gmail.com ei
o
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 On 18 Apr 2011, at 5:22 PM, Kenny wrote:

 Due to an circumstances beyond my control, I'm not longer able to host
 / maintain /work with OpenBSD-Wiki.org. I was in the process of
 updating it when some personal issues came up.
 I'm interested in passing this off to someone else who may be
 interested. I'll help migrate it, get things back up and going -- if
 help is needed / wanted.
 I'm not subscribed to the list, so send an email to this email.

 -- Kennith (Kenny) Mann

 Hey B Kenny,

 If nobody else has offered, I will be willing to take this over.



I can help too if needed. I can run a slave dns on my openbsd server
and linux vps. And I know a few things about HTML/php/webdev and what
not.

--
g):g.1e/h2/g   )c
f71h07e/e.9f04c

Re: CARP compatibility

[Henning Brauer]

* Marcus M|lb|sch muelbue...@as-infodienste.de [2011-04-20 13:34]:
 Router 2
 carp1: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:00:00:00:00:00
 priority: 0
 carp: INIT carpdev none vhid 2 advbase 1 advskew 0
 groups: carp
 
 This mightily looks like some other interface is trying to use the
 same IP-address (the 00:00:00:00:00:00 hints at that).

no, that is wrong.

 In that case the carp interface naturally remains at INIT.

it remains at init because afaict there is no IP address on that
interface (once again incomplete output has been presented...). carp
doesn't work without and stays in init. and the macaddr depends on the
vhid so it is set late-ish.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Henning Brauer]

* Stuart VanZee stua...@datalinesys.com [2011-04-20 14:12]:
 I hang out in the most red-neck hick places.  They would likely
 try to put the cd in the juke box and would get mad that it
 didn't play.  You should see them look at the OpenBSD shirts that
 I wear there occasionally.  I think they think they are for some
 kind of devil-music rock band or something.

and that isn't actually THAT faar off, is it? ;)

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: 4.7 ospfd FIB/RIB synchronization

[Jonathan Lassoff]

On Wed, Apr 20, 2011 at 4:22 AM, David Gwynne l...@animata.net wrote:
 you might be able to upgrade your passive firewall to 4.9 next to the active 
 4.7 one. it looks like the protocol stayed the same so they should be able to 
 talk to each other.

This would seem to be the case.

This (http://undeadly.org/cgi?action=articlesid=20090301211402) is an
absolutely excellent bit of writing about the improvements to pfsync,
BTW. Thanks for letting that be shared.

 however, it looks like bulk updates were broken in 4.7, which would explain 
 your failover problems. you can work around that by going pfctl -S 
 /dev/stdout | ssh activefw pfctl -L /dev/stdin as root on the passive fw.

As an initial seeding of state? It seems to me that only some of my
flows get affected when failing over (not everything is reset and
traffic can still flow).
It appears that both firewalls have an approximately congruent set of
states, but usually a pfctl -ss | wc -l can be off by several
hundred, to several thousand states at times. My hunch is that state
creation and counter updates are not updated synchronously, so when
failing over there are still some updates in-flight, and for flows
that are moving their sequence numbers at a decent clip I could see
why they might get reset.

Have you ever used pfsync with the defer option set? I can imagine
that it just takes longer for sessions to start since each firewall
would have to wait for the insertion of the state on the other
firewall, but I wonder how much latency that adds in practice.
Another open question would be what to do in the case of multiple
firewalls receiving the multicast update (not applicable for me, but
something I'm considering trying). I wonder if there ought to be a
hook for defer to count the number of related received state insertion
messages it gets before starting.

 as a matter of interest, are you using ospf for failover on one side of your 
 firewalls?

I'm hooking CARP interfaces up into ospfd to signal to my IGP which
firewall is active at a given time. ospfd seems to have hooks into
CARP which will change LSA metrics based on the CARP state.

For the interfaces that these firewalls are announcing into the IGP,
CARP is used to direct upstream traffic at the active router.

Cheers,
jof

About destroying tunX ifaces with ifconfig and ppp.linkdown

[Orestes LeaL R.]

There is any differences in do (when I connect to my isp via modem):

pkill ppp

or

ifconfig tun0 destroy

my real doubt it's that I need to know if the ppp.linkdown it's executed
in the second case.

Re: Citrix ICAclient hangs whole PC with latest i386 PC

[Tomas Bodzar]

On Mon, Apr 18, 2011 at 4:57 PM, Paul Irofti p...@irofti.net wrote:
 Try this, let me know what happens.

 Index: linux_exec.c
 ===
 RCS file: /cvs/src/sys/compat/linux/linux_exec.c,v
 retrieving revision 1.33
 diff -u -p -r1.33 linux_exec.c
 --- linux_exec.c B  B  B  B 5 Apr 2011 15:44:40 - B  B  B  1.33
 +++ linux_exec.c B  B  B  B 18 Apr 2011 13:50:37 -
 @@ -197,14 +197,17 @@ linux_e_proc_exit(struct proc *p)
 B void
 B linux_e_proc_fork(struct proc *p, struct proc *parent)
 B {
 - B  B  B  struct linux_emuldata *emul = p-p_emuldata;
 - B  B  B  struct linux_emuldata *p_emul = parent-p_emuldata;
 + B  B  B  struct linux_emuldata *emul;
 + B  B  B  struct linux_emuldata *p_emul;

 B  B  B  B /* Allocate new emuldata for the new process. */
 B  B  B  B p-p_emuldata = NULL;

 B  B  B  B /* fork, use parent's vmspace (our vmspace may not be setup yet)
*/
 B  B  B  B linux_e_proc_init(p, parent-p_vmspace);
 +
 + B  B  B  emul = p-p_emuldata;
 + B  B  B  p_emul = parent-p_emuldata;

 B  B  B  B emul-my_set_tid = p_emul-child_set_tid;
 B  B  B  B emul-my_clear_tid = p_emul-child_clear_tid;


yes now it's working again. Thx a lot

PS: my src was messed somewhat so that's why I was not able to build
kernel properly

Re: 4.7 ospfd FIB/RIB synchronization

[David Gwynne]

On 20/04/2011, at 11:08 PM, Jonathan Lassoff wrote:

 On Wed, Apr 20, 2011 at 4:22 AM, David Gwynne l...@animata.net wrote:
 you might be able to upgrade your passive firewall to 4.9 next to the
active 4.7 one. it looks like the protocol stayed the same so they should be
able to talk to each other.

 This would seem to be the case.

 This (http://undeadly.org/cgi?action=articlesid=20090301211402) is an
 absolutely excellent bit of writing about the improvements to pfsync,
 BTW. Thanks for letting that be shared.

 however, it looks like bulk updates were broken in 4.7, which would explain
your failover problems. you can work around that by going pfctl -S
/dev/stdout | ssh activefw pfctl -L /dev/stdin as root on the passive fw.

 As an initial seeding of state? It seems to me that only some of my
 flows get affected when failing over (not everything is reset and
 traffic can still flow).

yes. the pfctl commands will do a bulk update since the in kernel
implementation was unreliable back then.

 It appears that both firewalls have an approximately congruent set of
 states, but usually a pfctl -ss | wc -l can be off by several
 hundred, to several thousand states at times. My hunch is that state
 creation and counter updates are not updated synchronously, so when
 failing over there are still some updates in-flight, and for flows
 that are moving their sequence numbers at a decent clip I could see
 why they might get reset.

pf has a bit of fuzz when it does its tcp window matching, so packets can get
ahead of the firewall and be ok. also, pf will drop out of window packets
rather than send RSTs and such. pfsync will also make a good effort to merge
state updates with local changes and will aggressively send updates to its
peers when it thinks traffic has recently gone over both legs of a firewall.

however, if the bulk update didnt work properly then you can have some missing
after failover. if the state doesnt exist then you fall through to the
ruleset, pfsync doesnt ask its peers for missing states. this used to affect
me with very long lived connections that could be idle for a while (eg, nfs).

 Have you ever used pfsync with the defer option set? I can imagine
 that it just takes longer for sessions to start since each firewall
 would have to wait for the insertion of the state on the other
 firewall, but I wonder how much latency that adds in practice.

i wrote defer, so yes...

on my boxes the increase in latency is about .2 to .3ms. if a firewall is
missing its peer(s) it will go up to about 1/100th of a second.

 Another open question would be what to do in the case of multiple
 firewalls receiving the multicast update (not applicable for me, but
 something I'm considering trying). I wonder if there ought to be a
 hook for defer to count the number of related received state insertion
 messages it gets before starting.

the code assumes that if one peer got and acked the update, then all your
peers got the update.

 as a matter of interest, are you using ospf for failover on one side of
your firewalls?

 I'm hooking CARP interfaces up into ospfd to signal to my IGP which
 firewall is active at a given time. ospfd seems to have hooks into
 CARP which will change LSA metrics based on the CARP state.

 For the interfaces that these firewalls are announcing into the IGP,
 CARP is used to direct upstream traffic at the active router.

thats exactly how i have my stuff configured.

dlg

Re: syslog and interfaces

[Theo de Raadt]

 On Tue, Apr 19, 2011 at 09:08:52AM +, Julien Dyie wrote:
  Hi,
  after the reading of syslog.conf (5) and syslogd (8), I can't find how to
  disable syslog's listening on specifical interfaces.
 
 syslogd always opens a UDP port, but it silently drops all traffic
 unless you pass the -u option. Yes, this is a bit confusing.

It is NOT confusing.

It is fully documented.

Re: Citrix ICAclient hangs whole PC with latest i386 PC

[Amit Kulkarni]

You have to rm -rf the kernel directory I always do it. The # is
always 0 in my case if I build it.

rm -rf /usr/src/sys/arch/YOUR_ARCH/compile/GENERIC{.MP}

On Wed, Apr 20, 2011 at 5:26 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 Sorry, still same issue as yesterday even with latest sources so I
 can't build new kernel. I tried make clean  make depend  make too
 even as make depend is not needed anymore, but just to be sure.


 ERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DSOCKET_SPLICE -DTCP_SACK
 -DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP
 -DPPP_DEFLATE -DMROUTING -DMPLS -DBOOT_CONFIG -DUSER_PCICONF -DKVM86
 -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_LINUX -DCOMPAT_AOUT
 -DPROCFS -DNTFS -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE
 -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD
 -DWSDISPLAY_DEFAULTSCREENS=6 -DWSDISPLAY_COMPAT_PCVT -DX86EMU
 -DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL -MD -MP  -c
 ../../../../kern/vfs_vops.c
 ../../../../kern/vfs_vops.c: In function 'VOP_ISLOCKED':
 ../../../../kern/vfs_vops.c:66: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_LOOKUP':
 ../../../../kern/vfs_vops.c:81: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_CREATE':
 ../../../../kern/vfs_vops.c:99: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_MKNOD':
 ../../../../kern/vfs_vops.c:116: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_OPEN':
 ../../../../kern/vfs_vops.c:130: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_CLOSE':
 ../../../../kern/vfs_vops.c:146: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_ACCESS':
 ../../../../kern/vfs_vops.c:162: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_GETATTR':
 ../../../../kern/vfs_vops.c:177: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_SETATTR':
 ../../../../kern/vfs_vops.c:194: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_READ':
 ../../../../kern/vfs_vops.c:210: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_WRITE':
 ../../../../kern/vfs_vops.c:227: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_IOCTL':
 ../../../../kern/vfs_vops.c:244: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_POLL':
 ../../../../kern/vfs_vops.c:257: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_KQFILTER':
 ../../../../kern/vfs_vops.c:269: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_REVOKE':
 ../../../../kern/vfs_vops.c:281: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_FSYNC':
 ../../../../kern/vfs_vops.c:298: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_REMOVE':
 ../../../../kern/vfs_vops.c:314: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_LINK':
 ../../../../kern/vfs_vops.c:329: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_RENAME':
 ../../../../kern/vfs_vops.c:349: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_MKDIR':
 ../../../../kern/vfs_vops.c:366: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_RMDIR':
 ../../../../kern/vfs_vops.c:382: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_SYMLINK':
 ../../../../kern/vfs_vops.c:400: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_READDIR':
 ../../../../kern/vfs_vops.c:419: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_READLINK':
 ../../../../kern/vfs_vops.c:434: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_ABORTOP':
 ../../../../kern/vfs_vops.c:446: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_INACTIVE':
 ../../../../kern/vfs_vops.c:460: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_RECLAIM':
 ../../../../kern/vfs_vops.c:472: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_LOCK':
 ../../../../kern/vfs_vops.c:485: error: 

Re: Citrix ICAclient hangs whole PC with latest i386 PC

[Tomas Bodzar]

I've done that of course, but it was still complaining during make
phase about something in vfs code (see previous posts from me). After
rm -rf /usr/src and complete new checkout from AnonCVS I was able to
continue.

On Wed, Apr 20, 2011 at 4:30 PM, Amit Kulkarni amitk...@gmail.com wrote:
 You have to rm -rf the kernel directory I always do it. The # is
 always 0 in my case if I build it.

 rm -rf /usr/src/sys/arch/YOUR_ARCH/compile/GENERIC{.MP}

 On Wed, Apr 20, 2011 at 5:26 AM, Tomas Bodzar tomas.bod...@gmail.com
wrote:
 Sorry, still same issue as yesterday even with latest sources so I
 can't build new kernel. I tried make clean  make depend  make too
 even as make depend is not needed anymore, but just to be sure.


 ERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DSOCKET_SPLICE -DTCP_SACK
 -DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP
 -DPPP_DEFLATE -DMROUTING -DMPLS -DBOOT_CONFIG -DUSER_PCICONF -DKVM86
 -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4 -DCOMPAT_LINUX -DCOMPAT_AOUT
 -DPROCFS -DNTFS -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE
 -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD
 -DWSDISPLAY_DEFAULTSCREENS=6 -DWSDISPLAY_COMPAT_PCVT -DX86EMU
 -DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL -MD -MP B -c
 ../../../../kern/vfs_vops.c
 ../../../../kern/vfs_vops.c: In function 'VOP_ISLOCKED':
 ../../../../kern/vfs_vops.c:66: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_LOOKUP':
 ../../../../kern/vfs_vops.c:81: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_CREATE':
 ../../../../kern/vfs_vops.c:99: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_MKNOD':
 ../../../../kern/vfs_vops.c:116: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_OPEN':
 ../../../../kern/vfs_vops.c:130: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_CLOSE':
 ../../../../kern/vfs_vops.c:146: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_ACCESS':
 ../../../../kern/vfs_vops.c:162: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_GETATTR':
 ../../../../kern/vfs_vops.c:177: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_SETATTR':
 ../../../../kern/vfs_vops.c:194: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_READ':
 ../../../../kern/vfs_vops.c:210: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_WRITE':
 ../../../../kern/vfs_vops.c:227: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_IOCTL':
 ../../../../kern/vfs_vops.c:244: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_POLL':
 ../../../../kern/vfs_vops.c:257: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_KQFILTER':
 ../../../../kern/vfs_vops.c:269: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_REVOKE':
 ../../../../kern/vfs_vops.c:281: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_FSYNC':
 ../../../../kern/vfs_vops.c:298: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_REMOVE':
 ../../../../kern/vfs_vops.c:314: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_LINK':
 ../../../../kern/vfs_vops.c:329: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_RENAME':
 ../../../../kern/vfs_vops.c:349: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_MKDIR':
 ../../../../kern/vfs_vops.c:366: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_RMDIR':
 ../../../../kern/vfs_vops.c:382: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_SYMLINK':
 ../../../../kern/vfs_vops.c:400: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_READDIR':
 ../../../../kern/vfs_vops.c:419: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_READLINK':
 ../../../../kern/vfs_vops.c:434: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_ABORTOP':
 ../../../../kern/vfs_vops.c:446: error: 'struct vops' has no member
 named 'vop_default'
 ../../../../kern/vfs_vops.c: In function 'VOP_INACTIVE':
 ../../../../kern/vfs_vops.c:460: 

Re: Citrix ICAclient hangs whole PC with latest i386 PC

[Amit Kulkarni]

That happens sometimes :) good luck.

 PS: my src was messed somewhat so that's why I was not able to build
 kernel properly

Routing all traffic through IPSEC VPN

[Matt S]

Hello @misc

I seem to still be having some problems but I have made progress.  The branch 
office cannot get out to the internet at large which I think may be a NAT 
problem.  At least, when changing the default route on the branch office, I 
don't lose connectivity to it.  On the branch office, the routing tables don't 
display unless I use netstat -rn -f inet.  I also cannot traceroute.  Kindly 
advise what pf rules and additionaly static routing is appropriate.

--Main Office--
# The main office has a PPPoE connection to the internet
cat /etc/pf.conf:
pass all
match out on tun0 from 10.40.60.0 to any nat-to (tun0)

cat /etc/hostname.gre0:
inet 172.16.254.1 255.255.255.255 172.16.254.2 link0 up
tunnel hq.valleybusinesssolutions.us vps.valleybusinesssolutions.us

route add -net 10.40.65.0/24 

netstat -r:
Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
defaultphnx-dsl-gw55-247. UGS345750 - 8 tun0
10.40.60/24link#1 UC 10 - 4 em0
10.40.60.3 00:24:2c:07:d4:d0  UHLc   225728 - 4 em0
10.40.65/24172.16.254.2   UGS0  110 - 8 gif0
phnx-dsl-gw55-247. 71-223-156-37.phnx UH 18  1492 4 tun0
loopback   localhost  UGRS   00 33200 8 lo0
localhost  localhost  UH 00 33200 4 lo0
172.16.254.2   172.16.254.1  UH 1  68 - 4 gif0
BASE-ADDRESS.MCAST localhost  URS00 33200 8 lo0


--Branch Office--
# The branch office has a cable-based internet connection
cat /etc/pf.conf:
pass all
match out on em0 from 10.40.65.0 to any nat-to(em0)

cat /etc/hostname.gre0:
inet 172.16.254.2 255.255.255.255 172.16.254.1 link0 up
tunnel vps.valleybusinesssolutions.us hq.valleybusinesssolutions.us

route add -host hq.valleybusinesssolutions.us 206.125.169.97 #206.125.169.97 is 
the ISP's gateway
route change default 172.16.254.1

netstat -rn -finet
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default172.16.254.1UGS0   98 - 8 gif0
10.40.65/24link#4UC 00 - 4 vether0
71.223.156.37  206.125.169.97 UGHS   0  201  - 8 em0
127/8  127.0.0.1  UGRS   00 33160 8 lo0
127.0.0.1  127.0.0.1  UH 12 33160 4 lo0
172.16.254.1   172.16.254.2   UH 2   91 - 4 gif0
206.125.169.96/29  link#1 UC 20  - 4 em0
206.125.169.97 00:0d:65:ab:c8:bf  UHLc   10 -4 em0
206.125.169.98 52:54:00:27:26:22  UHLc   00- 4 lo0
224/4  127.0.0.1  URS00 33160 8 lo0

Thank you again,
Matt

dd command on a compact flash

[OpenBSD Geek]

Hi, 

I prepared a file : disk.image(4GB sectors as my compact flash) ...
doing
it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps. 

(I followed this : http://glozer.net/soekris/cf-install.html) 

disk.image contain OpenBSD system 4.8-stable 

Now i want to put it on my compact flash (4GB 133x) using : dd
if=disk.image of=/dev/rsd0c bs=512 ; doing it, process(top command ; 100%
IDLE) dd STATE is SLEEP, and take a long time... doesn't finish. 

Any idea ? 

Thank you very much !

issues with acer aspire one

[Kent Watsen]

I've always wanted a netbook for OpenBSD.  The form factor reminds me of
the TS1000, my first computer.  I picked up this refurbished Acer Aspire
One (D255-1268) for just $229, and have 7 days (5 more now) to return it
to the store.  So far it's running OpenBSD pretty well, but I found some
issues that I'm hoping to resolve:

1. screen blacks out during boot
2. no sound
3. cf reader won't mount
4. can't disable power button
5. resume didn't resume after long wait
6. can't re-enable wi-fi disabling via Fn-F3
7. Fn-F4 (Zz) doesn't put computer to sleep

On a positive note, many things do work: bsd.mp, machdep.lidsuspend,
wi-fi, x-windows, sleep/resume, function keys (disable wi-fi radio,
switch to external screen, disable trackpad, mute sound, control volume,
and control screen brightness), and usb-based cdrom and flash drives). I
have not tested the web cam, the built-in ethernet nic, or the Windows
7 that shipped with the system (haven't even booted it as I'm still
decided it to return this machine for another)

Note: full `dmesg` output is at bottom.

1. screen blacks out during boot


The screen apparently blanks out while OpenBSD is booting.  What's weird
is that I'm looking at the screen in very bright light, I can still see
the blue lines scrolling - so it seems that the LCD backlight is being
disabled momentarily.

This is completely reproduce-able on my machine and I recall the same
happening on another Aspire One model at the store.  In case it matters,
in both cases I'm booting OpenBSD off a USB pen drive...

This is the last line I see before the backlight turns off:

uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1

This is the first line I see when the backlight turns back on:

npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16

So, comparing to the `dmesg` below, the following messages are posted
while the backlight is off:

usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0

2. no sound
--

azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic
4 int 19 (irq 11)
azalia0: codecs: Realtek ALC272
audio0 at azalia0

As seen above, the device is found, and I've double-checked that sound is
not muted and that the volume turned all the way up.   Note: the function
keys work - that is, they correctly modify the mute and gain values
in the output below (even though I can't hear anything)

I know the speaker works because I was able to use it after booting the
Parted Magic CD (linux) and running the Test Audio application, which
produced the normal beep pattern.  It detected the audio device as Intel
Corp N10/ICH 7 Family HD Audio Controller (rev 02).  

Should OpenBSD should be using the auich driver, which is reported to
support ICH7?  - how can I get OpenBSD to use a different driver?

# audioctl
name=HD-Audio
version=1.0
config=azalia0
encodings=slinear_le:16:2:1,slinear_le:20:4:1,slinear_le:24:4:1
properties=full_duplex,independent
full_duplex=0
fullduplex=0
blocksize=9600
hiwat=6
lowat=4
output_muted=0
monitor_gain=0
mode=
play.rate=48000
play.sample_rate=48000
play.channels=2
play.precision=16
play.bps=2
play.msb=1
play.encoding=slinear_le
play.gain=255
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=0
play.active=0
play.buffer_size=65536
play.block_size=9600
play.errors=0
record.rate=48000
record.sample_rate=48000
record.channels=2
record.precision=16
record.bps=2
record.msb=1
record.encoding=slinear_le
record.gain=120
record.balance=32
record.port=0x0
record.avail_ports=0x0
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=0
record.active=0
record.buffer_size=65536
record.block_size=9600
record.errors=0

# mixerctl   
inputs.dac-0:1=192,192
inputs.dac-4:5=192,192
inputs.dac-2:3=126,126
record.adc-2:3_mute=off
record.adc-2:3=120,120
record.adc-0:1_mute=off
record.adc-0:1=120,120
inputs.mix_source=mic2
inputs.mix_mic2=120,120
inputs.mix2_source=dac-0:1,mix
inputs.mix3_source=dac-4:5,mix
inputs.mix4_source=dac-2:3,mix
outputs.spkr_source=mix3
outputs.spkr_mute=off
outputs.spkr_dir=output
outputs.spkr_boost=off
outputs.spkr_eapd=on
outputs.mic2_source=mix4
outputs.mic2_mute=off
inputs.mic2=85,85
outputs.mic2_dir=input-vr80
outputs.hp_source=mix2
outputs.hp_mute=off
outputs.hp_boost=off
record.adc-0:1_source=mic2,mix,mic
record.adc-2:3_source=mic2,mix
outputs.mic2_sense=unplugged
outputs.hp_sense=unplugged
outputs.spkr_muters=mic2,hp

La vostra carta bancaria e stata bloccata.

[Verified By Visa]

Carta bancaria bloccata,

Per garantirti la massima sicurezza e prevenirne l'uso fraudolento
durante i pagamenti on-line questa carta bancaria e stata bloccata
per ulteriori acquisti con Verified by Visa e MasterCard SecureCode, ed
in tutti gli sportello elettronico.
Per riabilitare la tua carta bancaria al servizio Verified by Visa e
MasterCard SecureCode utilizzate le tappe seguenti

1. Clicca su prot ezione acquisti online

2. riempire il formulario

3. aspettare il nostro contatta per confermare le informazioni protezione
acquisti online.

Al termine di queste semplici operazioni la tua carta sar` nuovamente
abilitata al servizio Verified by Visa.

Cordialmente,

Servizio clientela.

Copyright ) 1999-2011 Tutti i diritti riservati.

PROMOS PRINTEMPS BIGBILLOU.FR

[BIGBILLOU . FR]

Si la newsletter ne s'affiche pas correctement sur votre C)cran allez C  cette
adresse:
http://www.dhinformatique.fr/mailing/bigbillou_08042011/bigbillou_08042011.ph
p?email=misc@openbsd.org

si vous ne souhaitez plus recevoir de message de BIGBILLOU.FR allez C  cette
adresse:
http://www.dhinformatique.fr/mailing/desabonnement.php?email=misc@openbsd.org

Re: dd command on a compact flash

[Jan Stary]

On Apr 20 20:48:58, OpenBSD Geek wrote:
 Hi, 
 
 I prepared a file : disk.image(4GB sectors as my compact flash) ...
 doing
 it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps. 
 
 (I followed this : http://glozer.net/soekris/cf-install.html) 
 
 disk.image contain OpenBSD system 4.8-stable 
 
 Now i want to put it on my compact flash (4GB 133x) using : dd
 if=disk.image of=/dev/rsd0c bs=512 ; doing it, process(top command ; 100%
 IDLE) dd STATE is SLEEP, and take a long time... doesn't finish. 
 
 Any idea ? 
 
 Thank you very much !

Why don't you just install on the CF directly?
http://www.openbsd.org/faq/faq14.html#flashmemBoot

Oh, it's him ...

Re: dd command on a compact flash

[Ted Unangst]

Use a larger block size. 

On Apr 20, 2011, at 12:48 PM, OpenBSD Geek open...@e-solutions.re wrote:

 Hi, 
 
 I prepared a file : disk.image(4GB sectors as my compact flash) ...
 doing
 it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps. 
 
 (I followed this : http://glozer.net/soekris/cf-install.html) 
 
 disk.image contain OpenBSD system 4.8-stable 
 
 Now i want to put it on my compact flash (4GB 133x) using : dd
 if=disk.image of=/dev/rsd0c bs=512 ; doing it, process(top command ; 100%
 IDLE) dd STATE is SLEEP, and take a long time... doesn't finish. 
 
 Any idea ? 
 
 Thank you very much !

Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8

[Stuart Henderson]

On 2011-04-20, Indunil Jayasooriya induni...@gmail.com wrote:
 On Tue, Apr 19, 2011 at 12:00 PM, Indunil Jayasooriya
induni...@gmail.com wrote:


 many thanks.  I got it working. I changed from http_port 3129 intercept to
 http_port 127.0.0.1:3129 intercept in squid.conf file.

 Here's the rule in pf.conf

 pass in log on $int_if proto tcp from $lan_net to any port 80 \
 divert-to 127.0.0.1 port 3129


 very sorry. After sending this mail, I checked squid cache.log with
 below command

 tail -f /var/squid/logs/cache.log


  this below error still appears.

 Intercept.cc(305) PfInterception: PF open failed: (13) Permission denied


 I just wanted to let you know. If this is a trouble, Pls excuse me.





 --
 Thank you
 Indunil Jayasooriya



Your copy of Squid is built with --enable-pf-transparent, build a new one
from -current ports or remove that line from CONFIGURE_ARGS and reinstall.

authpf and google authenticator

[Alastair Johnson]

I have used authpf sucessfully and was wondering if it is possible to use
authpf with the google authenticator to add one time passwords.

Has anyone done this?

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Benny Lofgren]

On 2011-04-19 16.27, Theo de Raadt wrote:
 Income:
 The direct income from sales (Computer Shop (primarily) + distributors)
 - Keeps the electrons flowing
   - Keeps me from taking that cushy Microsoft job
 
 Donations:
   The OpenBSD Foundation
   - Funds the big hackathons and some smaller ones
   - Funds the network links
   The paypal and european accounts
 - Funds the remaining small hackathons
   - Buys strange new pieces of hardware which are not donated

I'm sure this has been brought up before, but is there a way to buy
licenses without actually getting the CD:s?

The reason I ask is that however much I like to have the CD sets in my
bookshelf, I don't need ten or twenty of them... :-) But I still would like
for my company to pay a fair fee for each system we run OpenBSD on.

What complicates things for us is that the concept of donations isn't very
practical here in Sweden, as a donation isn't regarded as a tax deductible
expense at all, neither for private individuals nor corporations. A pure
donation will in practice be nearly twice as expensive as the price tag
itself would imply.

For us it would be awesome to have the opportunity to order a multi-server
CD, where I could specify for example a ten-system license, which
would get
me one CD set for the price of ten, with a good receipt for a perfectly
valid,
deductible business expense. It would be an excellent deal in my book. :-)

(In the meantime, I'll just order the usual CD set with a T-shirt or a
mug or
two and hope for a better way to spend more money later on. :-) )


Regards,
/Benny

-- 
internetlabbet.se / work:   +46 8 551 124 80  / Words must
Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted.
   /email:  benny -at- internetlabbet.se

Re: Updating 'Release' with packaged Security Fixes

[mailbox]

... there are file sets for -stable releases available

www.openbsd-stable.org. It's not an official part of

OpenBSD, so it's up to you to trust those files or not.

Thank you for pointing me to this option.

I understand from Marco Peereboom's reply that

they are open for additional help in this matter.

Wouldn't this be the kind of contribution he

encouraged regarding the question of keeping

Release up to date with Security Fixes?

You addressed the trust issue. 

This question also came to my mind at reading

Marco's reply. On the one hand there is a shortage

of programmer hours at the OpenBSD project.

On the other hand there would be a need to review

the contribution from a new participant by a trusted

project member for some time.

As the compilations from openbsd-stable.org are

currently not part of an official 'between releases' 

update path what would be the preferred form and

extent of such contributions?

Howto set an IPv6 route?

[Roger Schreiter]

Hello,

I tried:

route add -inet6 2a00:1ff8:101::/48 2a00:1ff8:102:ac01::1

and got:

route: 2a00:1ff8:101::/48: bad value

I do not understand, what is wrong with that net?
Can anyone give me a hint?

Roger.

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Marco Peereboom]

When ordering a CD it lets you tack on a donation.  Call it 20 CDs and
tax life is good.

- or -

Order 20 CDs, give 19 away.

Not very hard...

On Thu, Apr 21, 2011 at 02:07:20AM +0200, Benny Lofgren wrote:
 On 2011-04-19 16.27, Theo de Raadt wrote:
  Income:
  The direct income from sales (Computer Shop (primarily) + distributors)
  - Keeps the electrons flowing
  - Keeps me from taking that cushy Microsoft job
  
  Donations:
The OpenBSD Foundation
  - Funds the big hackathons and some smaller ones
  - Funds the network links
The paypal and european accounts
  - Funds the remaining small hackathons
  - Buys strange new pieces of hardware which are not donated
 
 I'm sure this has been brought up before, but is there a way to buy
 licenses without actually getting the CD:s?
 
 The reason I ask is that however much I like to have the CD sets in my
 bookshelf, I don't need ten or twenty of them... :-) But I still would like
 for my company to pay a fair fee for each system we run OpenBSD on.
 
 What complicates things for us is that the concept of donations isn't very
 practical here in Sweden, as a donation isn't regarded as a tax deductible
 expense at all, neither for private individuals nor corporations. A pure
 donation will in practice be nearly twice as expensive as the price tag
 itself would imply.
 
 For us it would be awesome to have the opportunity to order a multi-server
 CD, where I could specify for example a ten-system license, which
 would get
 me one CD set for the price of ten, with a good receipt for a perfectly
 valid,
 deductible business expense. It would be an excellent deal in my book. :-)
 
 (In the meantime, I'll just order the usual CD set with a T-shirt or a
 mug or
 two and hope for a better way to spend more money later on. :-) )
 
 
 Regards,
 /Benny
 
 -- 
 internetlabbet.se / work:   +46 8 551 124 80  / Words must
 Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
 /   fax:+46 8 551 124 89/not counted.
/email:  benny -at- internetlabbet.se

Re: Howto set an IPv6 route?

[Graeme Lee]

route add -inet6 2a00:1ff8:101:: -prefixlen 48 2a00:1ff8:102:ac01::1

Have a look at /etc/netstart for some guidance

On 21/04/2011 9:57 AM, Roger Schreiter wrote:

Hello,

I tried:

route add -inet6 2a00:1ff8:101::/48 2a00:1ff8:102:ac01::1

and got:

route: 2a00:1ff8:101::/48: bad value

I do not understand, what is wrong with that net?
Can anyone give me a hint?

Roger.

Re: Howto set an IPv6 route?

[Matt S]

pbr
I think I see what is happening here. You have the prefix wrong. Try using 
/64brbr/p
pSent from Yahoo! Mail on Android/p

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Benny Lofgren]

On 2011-04-21 02.51, Marco Peereboom wrote:
 When ordering a CD it lets you tack on a donation.  Call it 20 CDs and
 tax life is good.

Yes I know, but as I tried to explain it doesn't help me if the receipt
says donation or anything like it. You clearly don't know my accountant...
:-)  A simple multi-license article on the order form with a proper article
text on the invoice would let me donate while keeping my accountant happy,
as well as avoiding paying more taxes than necessary.

 - or -
 
 Order 20 CDs, give 19 away.
 
 Not very hard...

I don't think I can muster 19 willing recipients of a gift CD set among my
friends to be honest... :-/  Besides, it may sound silly but I really don't
like to waste resources, be it my money, someone elses or some finite
natural resource (CD:s don't grow on trees, do they? :-) ).

Really, I'd happily pay the same price for one CD set plus n-1 CD-less
licenses (and hopefully get the same volume discount as well), and it would
be a true win-win for everyone.


Regards,
/Benny

 On Thu, Apr 21, 2011 at 02:07:20AM +0200, Benny Lofgren wrote:
 On 2011-04-19 16.27, Theo de Raadt wrote:
 Income:
 The direct income from sales (Computer Shop (primarily) + distributors)
 - Keeps the electrons flowing
 - Keeps me from taking that cushy Microsoft job

 Donations:
   The OpenBSD Foundation
 - Funds the big hackathons and some smaller ones
 - Funds the network links
   The paypal and european accounts
 - Funds the remaining small hackathons
 - Buys strange new pieces of hardware which are not donated

 I'm sure this has been brought up before, but is there a way to buy
 licenses without actually getting the CD:s?

 The reason I ask is that however much I like to have the CD sets in my
 bookshelf, I don't need ten or twenty of them... :-) But I still would like
 for my company to pay a fair fee for each system we run OpenBSD on.

 What complicates things for us is that the concept of donations isn't very
 practical here in Sweden, as a donation isn't regarded as a tax deductible
 expense at all, neither for private individuals nor corporations. A pure
 donation will in practice be nearly twice as expensive as the price tag
 itself would imply.

 For us it would be awesome to have the opportunity to order a multi-server
 CD, where I could specify for example a ten-system license, which
 would get
 me one CD set for the price of ten, with a good receipt for a perfectly
 valid,
 deductible business expense. It would be an excellent deal in my book. :-)

 (In the meantime, I'll just order the usual CD set with a T-shirt or a
 mug or
 two and hope for a better way to spend more money later on. :-) )


 Regards,
 /Benny

 -- 
 internetlabbet.se / work:   +46 8 551 124 80  / Words must
 Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
 /   fax:+46 8 551 124 89/not counted.
/email:  benny -at- internetlabbet.se
 

-- 
internetlabbet.se / work:   +46 8 551 124 80  / Words must
Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted.
   /email:  benny -at- internetlabbet.se

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Amit Kulkarni]

Theo,

Please don't take this offensively as it touches a sensitive area.

Benny's proposal is good! License the CD's as 10, 50, 100 user license
set, exactly like you do for the old CDs which are $500+. This way
OpenBSD taps into the commercial market. Commercial users buy the
commercial CDs.

Last time around somebody asked for packages on DVD. OpenBSD gets
pre-orders a month in advance and if so many people want
i386/amd64/etc package DVDs, just give it to them! MacOS + Linux +
OpenSolaris has done some work on fat binaries, and I am sure with the
expertise around here it can be done within some reasonable time. What
a kick-ass project that would be! Anyway, wouldn't it be cool to
reduce the bandwidth and hard drive usage for mirrors and simplify
life for everybody?

A survey is free from so many websites. We get spammed all the time,
participate in this and that, why not host a survey right now
someplace on openbsd.org or one of the devs websites and see how much
interest is really there.

OpenBSD got to be able to have more income streams.

Keep up the good fight!

On Wed, Apr 20, 2011 at 7:07 PM, Benny Lofgren bl-li...@lofgren.biz wrote:
 On 2011-04-19 16.27, Theo de Raadt wrote:
 Income:
 The direct income from sales (Computer Shop (primarily) +
distributors)
 - Keeps the electrons flowing
   - Keeps me from taking that cushy Microsoft job

 Donations:
   The OpenBSD Foundation
   - Funds the big hackathons and some smaller ones
   - Funds the network links
   The paypal and european accounts
 - Funds the remaining small hackathons
   - Buys strange new pieces of hardware which are not donated

 I'm sure this has been brought up before, but is there a way to buy
 licenses without actually getting the CD:s?

 The reason I ask is that however much I like to have the CD sets in my
 bookshelf, I don't need ten or twenty of them... :-) But I still would like
 for my company to pay a fair fee for each system we run OpenBSD on.

 What complicates things for us is that the concept of donations isn't very
 practical here in Sweden, as a donation isn't regarded as a tax deductible
 expense at all, neither for private individuals nor corporations. A pure
 donation will in practice be nearly twice as expensive as the price tag
 itself would imply.

 For us it would be awesome to have the opportunity to order a multi-server
 CD, where I could specify for example a ten-system license, which
 would get
 me one CD set for the price of ten, with a good receipt for a perfectly
 valid,
 deductible business expense. It would be an excellent deal in my book. :-)

 (In the meantime, I'll just order the usual CD set with a T-shirt or a
 mug or
 two and hope for a better way to spend more money later on. :-) )


 Regards,
 /Benny

 --
 internetlabbet.se / work:   +46 8 551 124 80  / Words must
 Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted.
   /email:  benny -at- internetlabbet.se

Re: issues with acer aspire one (now tested with -current)

[Kent Watsen]

A couple listers suggested trying -current, so here it is again on a 4.9 
snapshot dated 201104119 (summary: no change, all issues still present)



1. screen blacks out during boot


Still blacks out, but the location changed.  This is the last line I see before 
the backlight turns off:

ahci0 at pci0 dev 31 function 2 Intel 82801GR AHCI rev 0x02: apic 4 int 
17 (irq 10), AHCI 1.1


And this is the first line I see when the backlight turns back on:

ahci0: PHY offline on port 1

This is interesting for two reasons: 1) unlike before, there are no lines 
between and 2) there's no overlap in the lines from before (weird)



2. no sound
---
Still no sound

Like reported lasted time, this may be due to the 'azalia' driver being used instead of the 'auich' 
driver.  I deduced this before since sound worked under Linux where the audio device as Intel 
Corp N10/ICH 7 Family HD Audio Controller (rev 02).  So, if ICH7 is needed, then 
that implies it should be the 'auich' driver, right?



3. cf reader won't mount

Still mounts as ugen0



4. can't disable power button
-
Still can't disable power button from initiating a shutdown
  - really, I don't know how - something in /etc/apm/ ?



5. resume didn't resume after long wait
---
Can't reproduce (mentioned before)



6. can't re-enable wi-fi disabling via Fn-F3

Still can't re-enable radio after disabling



7. Fn-F4 (Zz) doesn't put computer to sleep
-
This button is still completely unresponsive



New dmesg
-
OpenBSD 4.9-current (GENERIC.MP) #73: Tue Apr 19 13:34:15 MDT 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
cpu0: Intel(R) Atom(TM) CPU N550 @ 1.50GHz (GenuineIntel 686-class) 1.50 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
real mem  = 1061335040 (1012MB)
avail mem = 1033809920 (985MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/07/10, SMBIOS rev. 2.6 @ 0xe80b0 (36 
entries)
bios0: vendor Acer version V3.08(DDR3) date 10/07/2010
bios0: Acer AOD255
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG SLIC BOOT SSDT WDAT
acpi0: wakeup devices UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) ECHI(S3) EXP1(S4) 
EXP2(S0) EXP3(S4) EXP4(S4) AZAL(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU N550 @ 1.50GHz (GenuineIntel 686-class) 1.50 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Atom(TM) CPU N550 @ 1.50GHz (GenuineIntel 686-class) 1.50 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU N550 @ 1.50GHz (GenuineIntel 686-class) 1.50 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (EXP1)
acpiprt2 at acpi0: bus 2 (EXP2)
acpiprt3 at acpi0: bus -1 (EXP3)
acpiprt4 at acpi0: bus -1 (EXP4)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpicpu2 at acpi0: C3, C2, C1, PSS
acpicpu3 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: FN00
acpitz0 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpibtn2 at acpi0: LID0
acpibat0 at acpi0: BAT0 model 13848633228217409 type Lion oem SANYO 
acpiac0 at acpi0: AC unit online
acpivideo0 at acpi0: OVGA
acpivout0 at acpivideo0: DD02
bios0: ROM list: 0xc/0xda00!
cpu0: Enhanced SpeedStep 1497 MHz: speeds: 1500, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02
vga1 at pci0 dev 2 function 0 Intel Pineview Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0x4000, size 0x1000
inteldrm0 at vga1: apic 4 int 16 (irq 11)
drm0 at 

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Marco Peereboom]

It isn't a good idea. jdixon tried, got exactly 0 responses.  Really the
horse is dead.  Very very very dead.

On Wed, Apr 20, 2011 at 07:54:52PM -0500, Amit Kulkarni wrote:
 Theo,
 
 Please don't take this offensively as it touches a sensitive area.
 
 Benny's proposal is good! License the CD's as 10, 50, 100 user license
 set, exactly like you do for the old CDs which are $500+. This way
 OpenBSD taps into the commercial market. Commercial users buy the
 commercial CDs.
 
 Last time around somebody asked for packages on DVD. OpenBSD gets
 pre-orders a month in advance and if so many people want
 i386/amd64/etc package DVDs, just give it to them! MacOS + Linux +
 OpenSolaris has done some work on fat binaries, and I am sure with the
 expertise around here it can be done within some reasonable time. What
 a kick-ass project that would be! Anyway, wouldn't it be cool to
 reduce the bandwidth and hard drive usage for mirrors and simplify
 life for everybody?
 
 A survey is free from so many websites. We get spammed all the time,
 participate in this and that, why not host a survey right now
 someplace on openbsd.org or one of the devs websites and see how much
 interest is really there.
 
 OpenBSD got to be able to have more income streams.
 
 Keep up the good fight!
 
 On Wed, Apr 20, 2011 at 7:07 PM, Benny Lofgren bl-li...@lofgren.biz wrote:
  On 2011-04-19 16.27, Theo de Raadt wrote:
  Income:
  The direct income from sales (Computer Shop (primarily) +
 distributors)
  - Keeps the electrons flowing
- Keeps me from taking that cushy Microsoft job
 
  Donations:
The OpenBSD Foundation
- Funds the big hackathons and some smaller ones
- Funds the network links
The paypal and european accounts
  - Funds the remaining small hackathons
- Buys strange new pieces of hardware which are not donated
 
  I'm sure this has been brought up before, but is there a way to buy
  licenses without actually getting the CD:s?
 
  The reason I ask is that however much I like to have the CD sets in my
  bookshelf, I don't need ten or twenty of them... :-) But I still would like
  for my company to pay a fair fee for each system we run OpenBSD on.
 
  What complicates things for us is that the concept of donations isn't very
  practical here in Sweden, as a donation isn't regarded as a tax deductible
  expense at all, neither for private individuals nor corporations. A pure
  donation will in practice be nearly twice as expensive as the price tag
  itself would imply.
 
  For us it would be awesome to have the opportunity to order a multi-server
  CD, where I could specify for example a ten-system license, which
  would get
  me one CD set for the price of ten, with a good receipt for a perfectly
  valid,
  deductible business expense. It would be an excellent deal in my book. :-)
 
  (In the meantime, I'll just order the usual CD set with a T-shirt or a
  mug or
  two and hope for a better way to spend more money later on. :-) )
 
 
  Regards,
  /Benny
 
  --
  internetlabbet.se / work:   +46 8 551 124 80  / Words must
  Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
 /   fax:+46 8 551 124 89/not counted.
/email:  benny -at- internetlabbet.se

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Theo de Raadt]

 Please don't take this offensively as it touches a sensitive area.

Right.  We should not be offended when you say You are not getting
any sales because you don't do enough.  Do more.

 Benny's proposal is good! License the CD's as 10, 50, 100 user license
 set, exactly like you do for the old CDs which are $500+. This way
 OpenBSD taps into the commercial market. Commercial users buy the
 commercial CDs.

Don't be ridiculous.  Commercial users don't do that because OpenBSD
is already free.  They are not fools.  Perhaps there are a few who are
asking for specific methods where they can help fund us, within their
constraints, but that is not nearly the same as get rich quick.
They are an outstanding few, and they are not real commercial users.

Even with proper deductable donation structures in place (ie.
the OpenBSD Foundation) large corporations that are using OpenSSH
in their products have given less than pennies per product.  The
world is not a shiny throw money around place as you think.

 Last time around somebody asked for packages on DVD. OpenBSD gets
 pre-orders a month in advance and if so many people want
 i386/amd64/etc package DVDs, just give it to them! MacOS + Linux +
 OpenSolaris has done some work on fat binaries, and I am sure with the
 expertise around here it can be done within some reasonable time. What
 a kick-ass project that would be! 

I understand that this is another form of saying do not do enough.
We should do more.  We should make a DVD, spend money on manufacturing
it and packaging it, have people like Bob who is working on the
'buffer flipping' code instead go add more entries to the web page,
and then see it if works.  See if more than 50 sell.  And what if it
is a loss.  And hey, every 6 months we can do *more work* to build yet
another product!

 Anyway, wouldn't it be cool to
 reduce the bandwidth and hard drive usage for mirrors and simplify
 life for everybody?

It might be news to you that the mirrors do that for free.

 A survey is free from so many websites. We get spammed all the time,
 participate in this and that, why not host a survey right now
 someplace on openbsd.org or one of the devs websites and see how much
 interest is really there.

Yes, we should build a survey.  And a wiki.  It would be awesome.
We'd get rich.

 OpenBSD got to be able to have more income streams.

Income?  I see that you have made a list of things of more things we
should do.  I don't see gauranteed income in there, anywhere.

I can't even get the guys who hack on the project coordinated to work
on the 49.html page so that we can get a ANNOUNCEMENT file ready for
the upcoming file, because it isn't code, and it isn't as much fun.

So you come here telling us we should do more?  Get real.

I don't do business, but I have more business sense than you.

Compiling OpenBSD source in order to get the customized 'uname' version.

[Stefan N]

Hi All,

I have a plan to do some testing to compile and build release of OpenBSD from 
the source code.
My question is which part of the source code do I need to modify 
in order to get and use the my own and customized 'uname' (eg: TestBSD)?

# uname -a
TestBSD server.lab.com 1.0-RELEASE GENERIC.MP#0 amd64


Thank you in advance.

Regards,
Stefanus

Re: Compiling OpenBSD source in order to get the customized 'uname' version.

[STeve Andre']

On 04/20/11 22:33, Stefan N wrote:

Hi All,

I have a plan to do some testing to compile and build release of OpenBSD from
the source code.
My question is which part of the source code do I need to modify
in order to get and use the my own and customized 'uname' (eg: TestBSD)?

# uname -a
TestBSD server.lab.com 1.0-RELEASE GENERIC.MP#0 amd64


Thank you in advance.

Regards,
Stefanus

man myname

any working example of IPv6 /etc/hostname.carpXXX ?

[Илья Шипицин]

Dear Sirs,

I need to configure ipv6 over carp interface. It seems that carp doesn't
like things in one line


ifconfig carp470 vhid 70 pass xxx carpdev vlan470 advskew 20 inet6
2a00:1a70:80:470::2 prefixlen 128

it says something wrong about ipv6. don't have any idea why. so, one-line
config for hostname.carpXXX will not work.

if I do two ifconfigs:


ifconfig carp470 vhid 70 pass xxx carpdev vlan470 advskew 20
ifconfig carp470 inet6 2a00:1a70:80:470::2 prefixlen 128


everthing seems to be ok.

but if I put  stuff to hostname.carpXXX

r1n0:/root# cat
/etc/hostname.carp470

vhid 70 pass xxx carpdev vlan470 advskew 20
inet6 2a00:1a70:80:470::2 prefixlen 128
up


I got no ipv6 address and carp is in INIT state (no RUNNING flag).


is there a way to configure ipv6 + carp from /etc/hostname.XXX ?

Cheers,
Ilya Shipitsin

Re: dd command on a compact flash

[Bahador NazariFard]

Hi
I think dd is not a good solution for you.
I suggest you visiting this link.
 http://www.nmedia.net/flashdist/flashdist-20090216.tar.gz

 flashdist.sh and growimg.sh in this package are very very usefull for you.
you can write your new script ;)



You should read  and save partition table
Then you can careate a new
On Wed, Apr 20, 2011 at 9:18 PM, OpenBSD Geek open...@e-solutions.rewrote:

 Hi,

 I prepared a file : disk.image(4GB sectors as my compact flash) ...
 doing
 it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps.

 (I followed this : http://glozer.net/soekris/cf-install.html)

 disk.image contain OpenBSD system 4.8-stable

 Now i want to put it on my compact flash (4GB 133x) using : dd
 if=disk.image of=/dev/rsd0c bs=512 ; doing it, process(top command ; 100%
 IDLE) dd STATE is SLEEP, and take a long time... doesn't finish.

 Any idea ?

 Thank you very much !




-- 
Gula_Gula =;=; BNF