Re: rc_scripts

[Remco]

Vijay Sankar wrote:

> Is it possible that you are installing packages from the wrong
> version? I have done that a couple of times because I copied .profile
> files from the wrong server
> 
> Is your PKG_PATH set to /pub/OpenBSD/4.9/packages/amd64, for example?
> 

To avoid release/architecture mixups you could use something
like "/pub/OpenBSD/`uname -r`/packages/`uname -m`/".

I haven't got a CURRENT system available right know but I reckon `uname -r` 
could also be used to conditionally set package path
to  "/pub/OpenBSD/snapshots/packages/`uname -m`/" when running a
non-release version.

Re: no packages for amd64 snapshot

[Marc Espie]

To put things in perspective, the dpb framework is now about two years old.
It was a bit quirky and experimental until 4.9.

The addition of /usr/ports/infrastructure/man to man.conf  happened a little
before 5.0.

So, people wanting to build packages *for current* should have no problem
accessing that information... if they do, they're probably not fit to
build their own packages anyways.

Another data point: as an OpenBSD developer, I have to *check* to figure out
those things.  See, 5.0 was a done deal for me in august, and there have 
been large advances since then.

In reality, people who keep up with binary snapshots have (more or less)
5.0, as far as packages are concerned (unless they were away when we asked
for package testing... but you weren't, right ? right ?)

As far as amd64 goes, I expect Robert will resume building snaps as soon as
he's back home. I don't know if Kiki has been chewing network cables or what.

Re: no packages for amd64 snapshot

[Stuart Henderson]

On Sun, 25 Sep 2011 02:25:58 +0100, ropers wrote:

> > If the ports tree is in the usual place
> 
> "If" being the operative word; to quote from undeadly, emphasis added:

This thread is about building -current packages from the ports tree, so I think 
it's a reasonable assumption.

> > then yes 'man dpb' should display
> > something. If not then either you didn't merge config updates like you
> > should,
> 
> I'm not 100% sure I fully understand what you're saying -- do you mean
> if I'm not running -stable instead of just -release?

If you're running -current (or 5.0 when it's available) and merged config 
updates, you'll have this.

Catalogo de viajes - Setiembre 2011

[Nap travel]

Catalogo de viajes -  Setiembre 2011

Re: rc_scripts

[Ingo Schwarze]

Hi,

Remco wrote on Sun, Sep 25, 2011 at 08:28:10AM +0200:

> To avoid release/architecture mixups you could use something
> like "/pub/OpenBSD/`uname -r`/packages/`uname -m`/".

That sounds like terrible advice:

  $ sysctl kern.version 
  kern.version=OpenBSD 5.0-current (GENERIC) #7: Wed Sep 21 23:55:26 CEST 2011
ischwa...@isnote.usta.de:/usr/src/sys/arch/i386/compile/GENERIC
  $ uname -r
  5.0

> I haven't got a CURRENT system available right know

Checking the accuracy of advice before providing it
is often useful.

Besides, i'd advise against too much magic.
Following that usually gives you less bugs
and systems that are easier to understand,
i.e. two of the typical virtues of OpenBSD systems.

Yours,
  Ingo

Re: no packages for amd64 snapshot

[Ingo Schwarze]

Hi,

ropers wrote on Sun, Sep 25, 2011 at 03:25:58AM +0200:
>> On 2011-09-23, ropers  wrote:

>>>$ mandoc -Tascii /usr/ports/infrastructure/build/dpb3.1 | less
> mandoc -Tascii /usr/ports/infrastructure/man/man1/dpb.1 | less

As you keep citing that line from the outdated undeadly article,
here is a side note:  Just make that

  mandoc /usr/ports/infrastructure/man/man1/dpb.1 | less

Sane defaults the OpenBSD way implies "when given no options, do the
most common, fundamental thing", which for mandoc clearly is "just read
the manual".  

With groff, by contrast, you need
  nroff -mandoc -Tascii -c /usr/ports/infrastructure/man/man1/dpb.1 | less
or
  groff -mandoc -mtty-char -Tascii -P -c \
/usr/ports/infrastructure/man/man1/dpb.1 | less
which doesn't even fit on a line, and when tbl(1) or eqn(1) is
involved, it gets worse and you need pipes.

With mandoc, basically, forget about options, except -Tlint and -Ttree
for debugging the manual source code.

Yours,
  Ingo

Re: rc_scripts

[Peter Hessler]

On 2011 Sep 25 (Sun) at 08:28:10 +0200 (+0200), Remco wrote:
:Vijay Sankar wrote:
:
:> Is it possible that you are installing packages from the wrong
:> version? I have done that a couple of times because I copied .profile
:> files from the wrong server
:> 
:> Is your PKG_PATH set to /pub/OpenBSD/4.9/packages/amd64, for example?
:> 
:
:To avoid release/architecture mixups you could use something
:like "/pub/OpenBSD/`uname -r`/packages/`uname -m`/".
:
:I haven't got a CURRENT system available right know but I reckon `uname -r` 
:could also be used to conditionally set package path
:to  "/pub/OpenBSD/snapshots/packages/`uname -m`/" when running a
:non-release version.
:

I use the following on all of my boxes.

export PKG_PATH=ftp://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/`arch 
-s`/

The advantage of arch -s, is that it chooses the application arch, not
just the kernel arch.  Very important on ppc, arm, mips, etc
architectures.  On those systems, uname -m gives me the wrong value.

$ uname -m
loongson
$ arch -s
mips64el




-- 
You don't sew with a fork, so I see no reason to eat with knitting
needles.
-- Miss Piggy, on eating Chinese Food

Re: microsoft and UEFI boot

[Mike.]

On 9/24/2011 at 6:57 PM Paolo Aglialoro wrote:

|Unfortunately, just a tiny percentage of sold X86 boxes is no-OS, and
also
|dell has stopped selling linux PCs.
|The last "no-OS" one I bought was an HP laptop (HP 360) with suse 11
|onboard. Drops within an ocean.
|Unless EU Commission helps, it'll be a hell of a scenery
 =


Interesting that all this is happening just after Microsoft comes out
from under the auspices of the DoJ for anti-trust violations.

OpenBSD 5.0 PF and Syn attak

[Pui Edylie]

Hi Everyone,

I am trying to put a pair of OBSD box together to provide Syn, UDP and 
ICMP flood protection with pretty graphs.


May I know if anyone has accomplished this?

If you had, I have the following question

1. What is the hardware spec you use? What is the maximum attack PPS and 
Bandwidth were you able to absorb?

2. What do you use for graphing?

Thank you for your time :)

Re: OpenBSD 5.0 PF and Syn attak

[Łukasz Czarniecki]

W dniu 2011-09-25 17:50, Pui Edylie pisze:
> Hi Everyone,
> 
> I am trying to put a pair of OBSD box together to provide Syn, UDP and
> ICMP flood protection with pretty graphs.
> 
> May I know if anyone has accomplished this?

Check this out:

Bakeca.it DDoS: How Evil Forces Have Been Defeated

http://data.proidea.org.pl/confidence/5edycja/materialy/prezentacje/alessio_pennasilico_bakeca_ddos_confidence_2009.pdf
http://data.proidea.org.pl/confidence/5edycja/materialy/video/alessio_pennasilico.avi

Only noise from Azalia

[Jairo Souto]

I can get only noise from the audio of a notebook Acer Aspire
5820T-6825.
The dmesg, audioctl and mixerctl are attached for OpenBSD-4.9 and
for the 2011-09-22 snapshot.
Can anyone give me an help?

--Jairo Souto (38)8816-1254
dmesg:
--
OpenBSD 4.9 (GENERIC.MP) #2: Sun Jul 17 09:40:29 BRT 2011
jso...@uranio.dlg:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 3008843776 (2869MB)
avail mem = 2914725888 (2779MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9460 (51 entries)
bios0: vendor INSYDE version "V1.23" date 12/21/2010
bios0: Acer Aspire 5820T
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT WDAT SSDT
acpi0: wakeup devices EHC1(S3) EHC2(S3) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4) 
PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2661.00 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.46 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 3 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus -1 (RP03)
acpiprt6 at acpi0: bus -1 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpitz0 at acpi0: critical temperature 105 degC
acpibat0 at acpi0: BAT1 model "AS10B3E" serial 7F5A type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: LCD_
acpivideo1 at acpi0: VGA_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266, 2133, 
1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x18
vga1 at pci0 dev 2 function 0 "Intel Mobile HD graphics" rev 0x18
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1: apic 2 int 16 (irq 7)
drm0 at inteldrm0
"Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 16 (irq 7)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x05: apic 2 int 22 
(irq 11)
azalia0: codecs: Realtek ALC269, Intel/0x2804, using Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x05: apic 2 int 17 (irq 
255)
pci1 at ppb0 bus 1
alc0 at pci1 dev 0 function 0 "Attansic Technology L1D" rev 0xc0: apic 2 int 16 
(irq 7), address 60:eb:69:d8:e3:e3
atphy0 at alc0 phy 0: F1 10/100/1000 PHY, rev. 15
ppb1 at pci0 dev 28 function 5 "Intel 3400 PCIE" rev 0x05: apic 2 int 16 (irq 
255)
pci2 at ppb1 bus 2
"Broadcom BCM43225" rev 0x01 at pci2 dev 0 function 0 not configured
ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 23 (irq 
11)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BAM 

Re: OpenBSD 5.0 PF and Syn attak

[Hassan Monfared]

Enjoyed the story,
by the way CARP & pfsync seems right solution for us today.

2011/9/25 E
ukasz Czarniecki 

> W dniu 2011-09-25 17:50, Pui Edylie pisze:
> > Hi Everyone,
> >
> > I am trying to put a pair of OBSD box together to provide Syn, UDP and
> > ICMP flood protection with pretty graphs.
> >
> > May I know if anyone has accomplished this?
>
> Check this out:
>
> Bakeca.it DDoS: How Evil Forces Have Been Defeated
>
>
>
http://data.proidea.org.pl/confidence/5edycja/materialy/prezentacje/alessio_p
ennasilico_bakeca_ddos_confidence_2009.pdf
>
>
http://data.proidea.org.pl/confidence/5edycja/materialy/video/alessio_pennasi
lico.avi

Write Apt and Accurate English (adv)

[binson]

Keyboard
"Write Apt And Accurate English"

Dear friends,
The aim of the LCCI Certificate in English for Business Level 2 programme is
to enable candidates to develop the ability to  undersatnd and write English
using formats that are current and common in business communication.

Objectives
to enable candidates to develop the ability to:
Write apt and accurate English suited to the stated purpose
Write business correspondence in a clear and concise manner
Adopt the tone, form, layout, content and composition appropriate to the
requirements of a given situation
Effectively resolve problems through writing
Participate in conversations

Course Outline
Communications in business
Common errors in business writing
Effective business writing
Styles in business writing
The art of business writing
The buslness letter
The business report
Memorandum
Leaftlet development
Notice for business
Article writing
List format
Email writing

Administrative Details

Course Name: LCCI Certificate in English for Business level 2
Start Date: 18.10.11
End Date: 10.01.12
Day/Time: Tuesday / 7pm to 10pm
Course Duration: 13 sessions (3hrs per session)
Training Venue: 19 Carpenter Street. (near Clarke Quay MRT station)
Course Fee: $250nett with SDF grant ( for Singapore Citizen and Singapore PR
only)
Other fees: Admin fee @ $15nett,Course book @ $25nett, Exam fee @ $138nett
Course fee without SDF grant @ $530nett (for non Singapore citizen and PR )

 For enquiry or registration
 Contact Binson Lim @ 91783929 or email :  bin...@edutrainingresources.com.sg
Training Provider: Edu Training Resources Pte Ltd , 40C Hongkong Street ,
Singapore 05967




LCCI or The london Chamber of Commerce and Industry has over 100 years of
experience in providing trusted and valued business-related qualifications.
Employers and professional bodies recognise the LCCI international
qualifications. LCCI's range of courses is designed to deliver the skills
essential for success in todays's  demanding  business environment

Re: Help on understanding mbr.S

[Alan Cheng]

On Fri, Sep 23, 2011 at 11:24 AM, Daniel Dickman wrote:
>
> What are you trying to do though? Working with x86 in real mode and dealing
> with ancient PC conventions is probably not the easiest place to start.


I'm trying to learn how kernel (or OS) works.
I went through a couple of books on OS design and implementation and think I
know some general rules on OS, now I'm reading the source code to learn the
details.

Thanks Daniel for the explanation.
I went over the links you posted, and that gives me a better understanding
of what the "1:"  is and local labels in general.

A follow up question, though:
So "ljmp $BOOTSEC, $1f" is used to set seg:offset to 07C0:. While
$BOOTSEC is defined to be 07C0, why "$1f" is guaranteed to be "", isn't
it something volatile?

Re: Help on understanding mbr.S

[Alan Cheng]

Thanks Bryan. Your explanation makes things a lot clearer to me.
As mentioned in my reply to Daniel, I not cannot figure out why "$1f" will
be "".


On Fri, Sep 23, 2011 at 12:05 PM, Brynet  wrote:

> One of the first things an MBR does is do a long jump from where the BIOS
> loaded it.
>
> The thing is, often you can't trust the BIOS to do the right thing, the x86
> in
> 16-bit real mode uses segmented memory, so you may be at :07C0 or
> 7C00:
> depending on the implementation. If you read the comment higher up you'll
> see
> they perform a long jump to "normalize" the Code Segment to 07C0, offset 0.
>
> :07C0 and 7C00: technically resolve to the same address, but
> enforcing
> segment:offset (cs:ip) just makes things consistent.
>
> The references to ":1" is a local label, used for relative addressing, 'f'
> meaning forward and 'b' meaning backward.
>
> http://sourceware.org/binutils/docs/as/Symbol-Names.html
>
> Most MBR's are OS-independent, they relocate, parse partition table, load
> the
> PBR/VBR to 7C00 and perform a ljmp to it.
>
> Hope that helps,
> -Bryan.

Blocking Trojans with PF

[Hassan Monfared]

Hi,
Any idea for denying connection initiation to outside from any web server
protected by PF? ( wanna block Trojans and reverse connections while
incomming http traffic is allowed) .

Regards,
Hassan H. Monfared

Re: Blocking Trojans with PF

[Johan Beisser]

"block all"

Permit inbound port 80, but do not permit new outbound connections.
Consider each interface a separate firewall, with separate flows
entirely, then use policy enforcement (see tagging:
http://cvs.openbsd.org/faq/pf/tagging.html) to ensure only properly
tagged packets are passed out from the firewall.

Nice thing about pf: stateful tracking of connections. It makes
tracking sessions, blocking unwanted traffic, and tagging systems much
easier.

http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

On Sun, Sep 25, 2011 at 11:18 PM, Hassan Monfared  wrote:
> Hi,
> Any idea for denying connection initiation to outside from any web server
> protected by PF? ( wanna block Trojans and reverse connections while
> incomming http traffic is allowed) .
>
> Regards,
> Hassan H. Monfared

Re: Blocking Trojans with PF

[Gregory Edigarov]

On Mon, 26 Sep 2011 09:48:20 +0330
Hassan Monfared  wrote:

> Hi,
> Any idea for denying connection initiation to outside from any web
> server protected by PF? ( wanna block Trojans and reverse connections
> while incomming http traffic is allowed) .

block all 
pass in on $if from any to ($if)

will block it as you wish.
 

-- 
With best regards,
Gregory Edigarov