Re: Lemote Leeyong 8101B pr0n
Hello The Lemote Netbook is great, got mine some month ago. And the progress of OpenBSD development for it is impressive (as usual). The only disadvantage are the graphical browsers wich keep crashing. But links -g works for most stuff. Greetings and thanks to the developers Wolf On 05/19/11 12:44, Gilbert Fernandes wrote: Hello Just received a Lemote Leeyong 8101B (the 10 inches display model). I took pictures of the machine from all sides + a few with a centimeters/inches ruler for people interested by this machine. OpenBSD support page for the platform : http://www.openbsd.org/loongson.html If you do not know anything about it, it's a netbook that is powered by a Loongson (chinese) MIPS-III chip (it has some MIPS-IV operands I think, from a PDF I downloaded that covers its chip available operands). The machine is fully open about it's hardware : no binary blob is used for anything and the BIOS is PMON, a C-written BIOS (Miod says it's crap so it probably is). Weak point of the machine would be autonomy : battery is light and small, is rated for 23 W/h of power (fully charged I get 25 W/h from it). SD model uses 12 W/h and hard-disk model uses 15 W/h so it gives you 1.5 hour of autonomy under load (might get near 2h if not loaded too much but don't hope too much for it). The machine is loaded with a Linux (I did not power it yet). Here are the pictures : https://picasaweb.google.com/gilb/LemoteLeeyong8101_B# If you want some specific pictures, close ups of some parts, please email me. I am going to install OpenBSD using Miod's doc and document each part of it with pictures so the whole process for total noobs can be used. I think this machine is the only machine currently used by Richard Stallman because of its open hardware approach. While Theo is loading his shotgun with salt to take care of me for saying that, please check the pictures and consider it. It's MIPS, it runs OpenBSD, and it works without any binary blob (it also has two stereo speakers on front if you like to listen to music while coding ! Very nice !) Greeting to Miod for his work on the platform, but also Jasper Lievisse, Adriaanse for allowing us to be able to use this very nice platform on OpenBSD. Your beers are waiting for you, all expenses covered by me.
IBM xServer 336/346 - OpenBSD 4.9
Hi! (Just for the record) Regarding PR#6523, OpenBSD 4.9 works with pci.c 1.88 (from OPENBSD_4_9), patched with kettenis@'s pci.c patch 1.72 [1]. I was afraid it won't apply, or there will be incompatibilities with other parts, but so far so good. (It's unfortuane it broke other systems :( ) Anyway, thanks! [1]: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/pci.c.diff?r1=1.71;r2=1.72 Daniel -- LIVAI Daniel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
TODOS FRACASOS - Dr. HORACIO SEREBRINSKY
Psicolibro Ediciones y la Escuela Sistimica Argentina Invitan a la presentacisn del libro TODOS FRACASOS Experiencias Terapiuticas. Para Psicslogos, Pacientes e impacientes. De HORACIO SEREBRINSKY COLECCISN CUENTOS Martes 24 de Mayo a las 19.30 hs. en Dolce Vita Nicaragua 4849 Ciudad de Bs. As. Te encontraras con los personajes de los cuentos que se escaparon del libro. Compartiremos algunos de ellos entre vinos y empanadas. Berta Kucher firmara ejemplares. No soy un amante de la conversacisn, del tener que decirse cosas por mas fuertes que sean. No hay dudas de que es liberador para el humano y que, temo admitirlo, hace crecer relaciones. Pero al leer cada pagina que precede a este prslogo, me hace sentir un poco deseoso de ser parte de lo que se cuenta. Y ahm encuentro a alguien que siempre vivis, como dira el al comienzo, relatando cuentos. Contando y siendo parte de historias. Algunas graciosas, como al llegar a demostrar que Alma y Culo pueden llegar a ser lo mismo y otras un poco mas tristes como ser de Racing (necesitaba decirlo) Del prslogo de Mario Pergolini. Lo producido por la venta sera donado al Comedor La Buena Voluntad de Ciudad Oculta. Bs As. [IMAGE]
Maximum bandwidth per IP
I see... I have to define a separate queue for each IP. But as far as i know I'd have to recompile the kernel in order to have as much queues as I need (more than 200). Don't you think I'd be nice to have something that helps in defining such things ? Maybe I'm approaching this problem the wrong way ? Thanks for any suggestion Regards, Leonardo
Re: Odd CARP behavior
Hello, We had the same problem a few weeks ago, where one interface on the backup machine decides to become master. This will create an ARP conflict as both machines will respond to the ARP request, and that will make it very slow. The first thing to check is wether the two interfaces see each other, are they receiving the CARP messages? do a tcpdump and find out if the CARP packets are received (they will be marked as VRRP in wireshark). Next check your firewall rules (pf.conf if you are using it) make sure that you pass carp packets (add these rules after the global block rule) After resovling this issue use ifstated that comes with openbsd to force MASTER/MASTER interfaces on the machine that becomes MASTER. Le 20/05/11 00:57, Gary Thornock a icrit : My previous company has a pair of firewalls running OpenBSD 4.4 with CARP. They've been running with no problem since just after the 4.4 release, until the last couple of days. Now, the firewall that should be in BACKUP state has somehow decided that it needs to be MASTER for some, but not all, of the CARP interfaces, even though the master machine is running fine. Something like this: if machine 1 machine 2 carp0 MASTER BACKUP carp1 MASTER BACKUP carp2 MASTER MASTER carp3 MASTER BACKUP carp4 MASTER MASTER The interfaces where both machines try to be MASTER at the same time become unreliable or unreachable. I looked around Google but couldn't turn up any reports of similar issues. Admittedly I might have been searching for the wrong terms, though. Any ideas as to what could be causing this problem? They're likely to rebuild both machines in the next week or so, either with 4.6 (so they can keep their existing pf.conf) or with 4.9 so as to be current, but they'd like some assurance that a rebuild will actually solve the problem. (If it were, say, a failing NIC, updating the software wouldn't help.) For whatever it's worth, the machines in question are Poweredge R200s, with the two on-board Broadcom gigabit ports and an additional Intel gigabit card for pfsync. They're running the i386 rather than the amd64 version of OpenBSD. Thanks in advance for any suggestions. -- Abbass MAROUNI Internet Memory Foundation internetmemory.org
merge 2 internet connection
Hi, I have a client who have 2 locations : A, B On side A : he has a RDS Server (TSE), with a router provided by ISP (there's no internet, it's a 2M connection) On side B : he has 2 IP VPN Connection to Side A (2 x routers, there's no internet, but the link is 1M, so 2 x 1M). Users in B works on RDS Server thanks to VPN. (A) router A ---IP VPN--1MrouterB1 (B) (A) router A---IP VPN --1MrouterB2 (B) I want to put an OpenBSD Gateway at B Location, with 3 network cards. Rl0 : router B1 Rl1 : router B2 RL2 : LAN B Is it possible to have thanks to PF , the 2 bandwidths (router B1 and routerB2) cumulated, and so have a 2M connection instead of 2x 1M ? Thank you very mych for your replies. Best Regards, Wesley MOUEDINE ASSABY
Re: sparc64 v120 needed in the Netherlands
On Wed, May 18, 2011 at 6:48 PM, Ariane van der Steldt ari...@stack.nl wrote: Hi, For development on OpenBSD, I need a sun v120 machine in Eindhoven, the Netherlands. It turns out, I don't have a 64-bit big-endian machine (and suns are just awesome). Please contact me if you have one. Thanks, I assume this is for legacy compatibility work? No. We do not consider any machines like that 'legacy'. Running the same kernel code, different machines architectures can expose bugs differently. Besides the i386/amd64 differences, the sparc64 and hppa architectures are very important. They are relatively fast and pretty weird in some ways, so bugs are spotted fast. While Sun made good hardware, My friends in Boston universities, such as MIT and Harvard, with Sun hardware have been extremely unhappy with Oracle's support. The Oracle presented upgrade paths for such hardware has been basically replace the hardware and install a more supported OS such as the Oracle rebundled RHEL called Unbreakable Linux. I am still hoping someone will get me a Sun/Fujitsu M3000.
Invitaci�n a Curso Experto en Google y Posicionamiento Web
Invitacisn a Curso Experto en Google y Posicionamiento Web, Curso con sede en: Cursos de Posicionamiento en Google. 11 de Mayo en Santiago de Chile. 13 de Mayo en Temuco Chile. 21 de Mayo en Monterrey 02 de Junio en Canczn 7 de Junio Online en la comodidad de su casa u Oficina. 10 de Junio en Mixico D.F. 17 de Junio en Guadalajara. Dirigido a Empresas que desean Mejorar su Posicionamiento Natural en Buscadores. Usuarios de Google Adwords interesados en Optimizar sus campaqas y sistema de pago por clic. Redes Sociales Orientado a Empresas. Santiago de Chile 12 de Mayo Monterrey 19 de Mayo Canczn 03 de Junio Guadalajara 16 de Junio Mexico D.F 24 de Junio El participante finalizara el curso con conocimientos suficientes para desarrollar y ejecutar una estrategia de Marketing en Redes Sociales que le permita promocionar su web haciendo uso de las herramientas de Publicidad ya sea de paga o Gratis. Para Mas informacisn visite Nuestra web seminariosenmexico.com http://www.seminariosenmexico.com/ /A Telifonos +52 (55) 5523 0796 (Mixico) +56- 2 8977537 (Chile) Contacto vma correo electrsnico conta...@seminariosenmexico.com Messenger seminariosenmex...@hotmail.com Segzn la nueva legislacisn sobre E m a i l, Por seccisn 301, Bajo el decreto aprobado por el 105 congreso base de las normativas Internacionales sobre S P A M, un E m a i l no podra ser considerado S P A M mientras incluya una forma de ser removido. Si usted desea ser removido de nuestra base de datos en forma definitiva por favor responda a este e m a i l indicando Remover en el campo del asunto gracias por su apoyo. Para ser eliminado de nuestra lista de contactos por favor pulse aqum y mandenos un mail indicandolo. unsuscribir.seminarios enmex...@gmail.com
Re: merge 2 connections
Sorry for the subject, but there's no Internet in the 2 connection. It is IP VPN, to connect 2 sites. But i have 2 connections RouterB1 and RouterB2 connected to router A. I want to accumulate the 2 x 1M with OpenBSD,(if it is possible) and so have A big Connection 2M. (B)---LANOpenBSD(routerB1,routerB2)---VPN-NO-INTERNET--LAN---RDS(TSE)--(A) Possible to do it with PF or trunk ? roundrobin ? Thank you for replies. Wesley. On Fri, 20 May 2011 15:33:46 +0200 (CEST), Francois Pussault fpussa...@contactoffice.fr wrote: hi, I guess so, because some hardware routers have bandwidth with 2 input. At my last work, we used one from 2 distinct DSL connections, the router after it the network. So As you want to use RouterB1 RouterB2, using an unique one with 2 inputs should be a good solution, it cots about 100$ or you may use a software solution (but i dont know how to). From: Wesley MOUEDINE ASSABY open...@e-solutions.re Sent: Fri May 20 15:07:31 CEST 2011 To: misc@openbsd.org Subject: merge 2 internet connection Hi, I have a client who have 2 locations : A, B On side A : he has a RDS Server (TSE), with a router provided by ISP (there's no internet, it's a 2M connection) On side B : he has 2 IP VPN Connection to Side A (2 x routers, there's no internet, but the link is 1M, so 2 x 1M). Users in B works on RDS Server thanks to VPN. (A) router A ---IP VPN--1MrouterB1 (B) (A) router A---IP VPN --1MrouterB2 (B) I want to put an OpenBSD Gateway at B Location, with 3 network cards. Rl0 : router B1 Rl1 : router B2 RL2 : LAN B Is it possible to have thanks to PF , the 2 bandwidths (router B1 and routerB2) cumulated, and so have a 2M connection instead of 2x 1M ? Thank you very mych for your replies. Best Regards, Wesley MOUEDINE ASSABY Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 ToulouseB FranceB +33 6 17 230 820 B +33 5 34 365 269 fpussa...@contactoffice.fr
Re: Odd CARP behavior
On Thu, May 19, 2011 at 3:57 PM, Gary Thornock gthorn...@yahoo.com wrote: My previous company has a pair of firewalls running OpenBSD 4.4 with CARP. They've been running with no problem since just after the 4.4 release, until the last couple of days. Now, the firewall that should be in BACKUP state has somehow decided that it needs to be MASTER for some, but not all, of the CARP interfaces, even though the master machine is running fine. Something like this: if machine 1 machine 2 carp0 MASTER BACKUP carp1 MASTER BACKUP carp2 MASTER MASTER carp3 MASTER BACKUP carp4 MASTER MASTER The interfaces where both machines try to be MASTER at the same time become unreliable or unreachable. I looked around Google but couldn't turn up any reports of similar issues. Admittedly I might have been searching for the wrong terms, though. Any ideas as to what could be causing this problem? They're likely to rebuild both machines in the next week or so, either with 4.6 (so they can keep their existing pf.conf) or with 4.9 so as to be current, but they'd like some assurance that a rebuild will actually solve the problem. (If it were, say, a failing NIC, updating the software wouldn't help.) For whatever it's worth, the machines in question are Poweredge R200s, with the two on-board Broadcom gigabit ports and an additional Intel gigabit card for pfsync. They're running the i386 rather than the amd64 version of OpenBSD. What does netstat -s -p carp show? Run that on each firewall. Also, can you paste the contents of hostname.carp2 and hostname.carp4 from each firewall? -Bryan
We Provide and Monetise Bank Instruments
o;?!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META content=text/html; charset=utf-8 http-equiv=Content-Type META name=GENERATOR content=MSHTML 9.00.8112.16421/HEAD BODY P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 16ptFONT size=6Lease/Monetize Bank Instrument?xml:namespace prefix = o ns = urn:schemas-microsoft-com:office:office /o:p/o:p/FONT/SPAN/P P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 16pto:pFONT size=6nbsp;/FONT/o:p/SPAN/P P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 14ptFONT size=6We can arrange an instrument in your name/company name from Major Banks and Institutions which include: Barclays, HSBC, Bank of America and others (Top 25) with a time period available from 1 to 5 years.o:p/o:p/FONT/SPAN/P P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 14pto:pFONT size=6nbsp;/FONT/o:p/SPAN/P P style=TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo1; tab-stops: list .5in class=MsoNormalFONT size=6SPAN style=FONT-FAMILY: Symbol; FONT-SIZE: 14pt; mso-fareast-font-family: Symbol; mso-bidi-font-family: SymbolSPAN style=mso-list: IgnoreB7SPAN style=FONT: 7pt 'Times New Roman'nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /SPAN/SPAN/SPANSPAN style=FONT-SIZE: 14ptSBLC/BG/MTN in U.S.D. or Euroso:p/o:p/SPAN/FONT/P P style=TEXT-INDENT: -0.25in; MARGIN: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo1; tab-stops: list .5in class=MsoNormalFONT size=6SPAN style=FONT-FAMILY: Symbol; FONT-SIZE: 14pt; mso-fareast-font-family: Symbol; mso-bidi-font-family: SymbolSPAN style=mso-list: IgnoreB7SPAN style=FONT: 7pt 'Times New Roman'nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; /SPAN/SPAN/SPANSPAN style=FONT-SIZE: 14ptAvailable with swift MT-760o:p/o:p/SPAN/FONT/P P style=MARGIN: 0in 0in 0pt class=MsoNormalSPAN style=FONT-SIZE: 14pto:pFONT size=6nbsp;/FONT/o:p/SPAN/P P align=center TABLE style=BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; BORDER-COLLAPSE: collapse; BORDER-TOP: medium none; BORDER-RIGHT: medium none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext class=MsoTableGrid border=1 cellSpacing=0 cellPadding=0 TBODY TR style=mso-yfti-irow: 0; mso-yfti-firstrow: yes TD style=BORDER-BOTTOM: windowtext 1pt solid; BORDER-LEFT: windowtext 1pt solid; PADDING-BOTTOM: 0in; BACKGROUND-COLOR: transparent; PADDING-LEFT: 5.4pt; WIDTH: 221.4pt; PADDING-RIGHT: 5.4pt; BORDER-TOP: windowtext 1pt solid; BORDER-RIGHT: windowtext 1pt solid; PADDING-TOP: 0in; mso-border-alt: solid windowtext .5pt vAlign=top width=295 P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 14ptFONT size=6SBLC/BGo:p/o:p/FONT/SPAN/P/TD TD style=BORDER-BOTTOM: windowtext 1pt solid; BORDER-LEFT: #f0f0f0; PADDING-BOTTOM: 0in; BACKGROUND-COLOR: transparent; PADDING-LEFT: 5.4pt; WIDTH: 221.4pt; PADDING-RIGHT: 5.4pt; BORDER-TOP: windowtext 1pt solid; BORDER-RIGHT: windowtext 1pt solid; PADDING-TOP: 0in; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt vAlign=top width=295 P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 14ptFONT size=6% Rateo:p/o:p/FONT/SPAN/P/TD/TR TR style=mso-yfti-irow: 1 TD style=BORDER-BOTTOM: windowtext 1pt solid; BORDER-LEFT: windowtext 1pt solid; PADDING-BOTTOM: 0in; BACKGROUND-COLOR: transparent; PADDING-LEFT: 5.4pt; WIDTH: 221.4pt; PADDING-RIGHT: 5.4pt; BORDER-TOP: #f0f0f0; BORDER-RIGHT: windowtext 1pt solid; PADDING-TOP: 0in; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt vAlign=top width=295 P style=TEXT-ALIGN: center; MARGIN: 0in 0in 0pt class=MsoNormal align=centerSPAN style=FONT-SIZE: 14ptFONT size=6$10 Million to $1Billion pluso:p/o:p/FONT/SPAN/P/TD TD style=BORDER-BOTTOM: windowtext 1pt solid; BORDER-LEFT: #f0f0f0; PADDING-BOTTOM: 0in; BACKGROUND-COLOR: transparent; PADDING-LEFT: 5.4pt; WIDTH: 221.4pt; PADDING-RIGHT: 5.4pt; BORDER-TOP: #f0f0f0; BORDER-RIGHT: windowtext 1pt solid; PADDING-TOP: 0in; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt vAlign=top width=295 P style=MARGIN: 0in 0in 0pt class=MsoNormalSPAN style=FONT-SIZE: 14ptFONT size=6Annual Fee of 7% to 16% per yearo:p/o:p/FONT/SPAN/P/TD/TR TR style=mso-yfti-irow: 2 TD style=BORDER-BOTTOM: windowtext 1pt solid; BORDER-LEFT: windowtext 1pt solid; PADDING-BOTTOM: 0in; BACKGROUND-COLOR: transparent; PADDING-LEFT: 5.4pt; WIDTH: 221.4pt; PADDING-RIGHT: 5.4pt; BORDER-TOP: #f0f0f0; BORDER-RIGHT:
Re: IPSEC/SSL accelerator
Yes, it would be interesting to hear some devs on this topic. A specially about drivers on board: 1. What can be done and what is missing. 2. What hw is worth to spend money on and what kind of hw devs need to make it worth to spend money on. I'd like to see this kind on acceleration perform best in OpenBSD. Regards Maxim On May 19, 2011, at 9:08 PM, Oeschger Patrick wrote: hi all still thinking about the diff between 2gbit in the specs and about 400mbit in real world on a pretty new processor that's a *big* difference so we can say that every accelerator board - regardless if pci-e 16x or miniPCI - will not be able to perform at lets say 1gbit because of the need of copying packets forth and back can anybody confirm hat most of the speed is lost by copying the packets first TO the accelerator board and then BACK to process it further after decryption? just read some manuals (parts of) regarding the new tilera and cavium octeon architecture ...part of their secret seems to be a kind of 'copyfree' processing of packets (accelerators modify the paket 'in place') has anybody done some reasearch on this? thanks /pat On May 18, 2011, at 21:03, Joosep wrote: Hi! ubsec0 at pci5 dev 0 function 0 Broadcom 5862 rev 0x01: 3DES MD5 SHA1 AES PK, apic 9 int 0 (irq 10) Joosep On Wed, May 18, 2011 at 8:56 PM, Maxim Bourmistrov m...@alumni.chalmers.sewrote: How does it look in dmesg for this card? Sent from my iPhone On May 18, 2011, at 10:42, Joosep joos...@gmail.com wrote: On Wed, May 18, 2011 at 10:06 AM, Patrick Oeschger patrick.oesch...@bluewin.ch wrote: thank you for your input why 'only' 400mbit? the specs say 2gbit for BCM5862 in a pci-e 4x slot... sounds like quite some overhead writing/ getting packets to/from the card - i would have expected it higher but i do not want to question your tests *hmmm* Sent from Pat's iPhone Hi! There is of course a possibility, that the test doesn't simulate reality in the best way. The specs say 2gbit, but when doing 400mbps there isn't much power left on machines main cpu (10% idle). So i guess the limiting factor here is main cpu not the CA card. I have done the same tests with 1,8 GHz opteron and in that case the result was around 270mbps. Joosep
PF - Computer bridging the network it is in itself
Hi, we're struggling with that for quite a while, and I didn't find any hints in 4.8 or 4.9 about it being fixed. The setup (simplified, there's also another firewall with pfsync, but that does not matter): One firewall with three interfaces. em0 is the local interface with an IP, em1 an interface in the same segment (call it segment1) and em2 connected to another segment (segment2). em1 and em2 are bonded to a bridge0. The firewall now filters the traffic between those two segments. All the filtering is usually done with the IP. The problem arises when I want to access segment2 from em0: No matter how I setup pf, I cannot make the outside access em0. No matter how the rules look like (or even both of them are active), it does not work. pass quick on em0 proto tcp from $computer1 to $computer2 port ssh keep state pass quick on em1 proto tcp from $computer1 to $computer2 port ssh keep state (em2 is not considered as it is pass quick) When looking at computers in segment2, I see they receive a SYN, but there's no SYN coming in on em0. The traffic is not filtered as you can see on the pflog-interface. When looking with tcpdump at computer1, I see that he receives several ICMP Redirects from the IP of em0 to the IP of em0 again until the packet is TTLed (this also happens to pings). I assume the problem is connected to the bridge, as the second firewall does not have these problems as long as its bridge is offline (the switch deactivates that port). So: Is this setup even possible or are there some OpenBSD-networking-interna that make this setup impossible? Or am I just missing some important point? Regards, Julian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Maximum bandwidth per IP
On 20 May 2011 09:37, Leonardo Lombardo l.lomba...@jwizard.it wrote: I see... I have to define a separate queue for each IP. But as far as i know I'd have to recompile the kernel in order to have as much queues as I need (more than 200). Don't you think I'd be nice to have something that helps in defining such things ? Maybe I'm approaching this problem the wrong way ? Thanks for any suggestion Regards, Leonardo I was studying a way to have dynamic queues by address, unfortunately I got real busy and couldn't go on. But yes, this seems to be a wanted feature.
Better security? Haha
Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). And I think that we'd all laugh at unpriveleged apps messing with the rules. I just thought I'd share my amusement at this announcement. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Better security? Haha
On Sat, May 21, 2011 at 08:26:50AM +1000, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? That's just asking for trouble! Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). It's actually quite easy to make on the fly changes with iptables. The author may have misquoted. John And I think that we'd all laugh at unpriveleged apps messing with the rules. I just thought I'd share my amusement at this announcement. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Better security? Haha
On Sat, May 21, 2011 at 08:26:50AM +1000, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... Imagine the dynamic firewall technology in the cloud!
Re: Better security? Haha
On Fri, 20 May 2011 17:49:22 -0500, John Jackson wrote: On Sat, May 21, 2011 at 08:26:50AM +1000, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? That's just asking for trouble! Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). It's actually quite easy to make on the fly changes with iptables. The author may have misquoted. Hardly. It is the entire rationale for having the new firewall. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Better security? Haha
Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? That's just asking for trouble! sarcasm You fuddy duddy guys don't know anything. Did you check wikipedia, the authoritative source of everything? http://en.wikipedia.org/wiki/Firewall_pinhole Static firewalls are a thing of the past, the pace of Linux kernel development is so hectic, that pretty soon only dynamically loaded firewalls will exist. /sarcasm Awww... I hope its not serious as some tech journos have a horrible time understanding simple things. In India during childhood, we were told of a story of a guy called Shekhchilli. A poor fool who was a woodcutter by profession. One day he climbed a tall tree with thick branches and started cutting a branch using his axe on it, while he was sitting on the same branch! Passerbys warned him but he wouldn't listen, he wanted that branch so bad. Fedora would be doing a shekhchilli to itself if true.
Re: Better security? Haha
Nope. Was changing a iptable rule on the fly on a ubuntu server at work yesterday. This is nothing new. The new shit is allowing programs to talk to the firewall. This may or may not be a good thing depend on how much control over which program may talk to it and what it can change. I certainly won't make any conclusion til I used and tested it.
Re: Better security? Haha
On 05/20/2011 05:26 PM, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). And I think that we'd all laugh at unpriveleged apps messing with the rules. I just thought I'd share my amusement at this announcement. *** NOTE *** Please DO NOT CC me. Iam subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it. Wonder if it's related to this, in recent Linux kernel release 2.6.39: http://www.h-online.com/open/features/Kernel-Log-Coming-in-2-6-39-Part-1-Network-drivers-and-infrastructure-1227053.html Basically, iptables (which didn't really have user-visible tables at all, from what I can tell) finally gets something akin to pf's tables. But damn, using _dbus_ to update them? Not knocking Linux; I use it, too (hell, iz in ur TV). But not for firewalls.
Re: dmesg for notebooks useful?
On 20/05/2011, at 12:27 PM, Dave Anderson wrote: FWIW I've encountered several ASUS notebooks which panic during boot (in aml_parse or parse_aml, I can't remember which is correct); since aml_xparse these are store demo machines I don't have any good way to capture the detailed information (I'm booting from a USB stick and saving the dmseg to the stick.) If there's some small amount of information that can be gotten without any additional hardware, etc, and would help diagnose these problems, I'll write it down and report it if someone tells me exactly how to get it. The panic info is long enough that some of it scrolls off the screen. Dave I've tried such a laptop, booting from usb stick does indeed fail as you describe, however booting from the install cd (4.9 release) works just fine. Disabling acpi will allow the system to boot from the usb stick. paulm
Hai Ottenuto una ricarica telefonica Wind Gratuita
Gentilissimo Cliente Abbiamo il piacere di farLe presente che il nostro sistema informatico ha scelto la sua posizione per un regalo unico nel suo genere, legga cliccando nell'allegato le istruizioni per ricevere il suo regalo! Wind International Spa [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of Ricarica_Gratuita_Wind.2437DEFANGED-html]
Hai Ottenuto una ricarica telefonica Wind Gratuita
Gentilissimo Cliente Abbiamo il piacere di farLe presente che il nostro sistema informatico ha scelto la sua posizione per un regalo unico nel suo genere, legga cliccando nell'allegato le istruizioni per ricevere il suo regalo! Wind International Spa [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of Ricarica_Gratuita_Wind.385DEFANGED-html]
Re: dmesg for notebooks useful?
On Sat, 21 May 2011, Paul M wrote: On 20/05/2011, at 12:27 PM, Dave Anderson wrote: FWIW I've encountered several ASUS notebooks which panic during boot (in aml_parse or parse_aml, I can't remember which is correct); since aml_xparse these are store demo machines I don't have any good way to capture the detailed information (I'm booting from a USB stick and saving the dmseg to the stick.) If there's some small amount of information that can be gotten without any additional hardware, etc, and would help diagnose these problems, I'll write it down and report it if someone tells me exactly how to get it. The panic info is long enough that some of it scrolls off the screen. I've tried such a laptop, booting from usb stick does indeed fail as you describe, however booting from the install cd (4.9 release) works just fine. Disabling acpi will allow the system to boot from the usb stick. Thanks for the info. I'll try disabling ACPI the next time I encounter one of these. Dave -- Dave Anderson d...@daveanderson.com
Re: Theo's Birthday, have you done anything?
I know Theo wants this: http://cgi.ebay.com/Arcteryx-Naos-55-backpack-size-tall-Arcteryx-/300559016308?pt=LH_DefaultDomain_0hash=item45fab6a174 I am bidding on it so contact me off list if you want to contribute. Remember hiking == code.