Re: Unbound in base

[Gregory Edigarov]

On Mon, 13 Feb 2012 22:35:15 +0100
BjC6rn Ketelaars  wrote:

> Hello,
>
> After some recent discussions [1, 2] on the topic of unbound in base,
> and (more important) really liking the idea of an alternative for
> BIND in base, I made a start with fitting the different pieces of the
> puzzle. What is finished:
>
> 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of
> relevant Makefile wrappers. Wrapper script also compiles and installs
> drill; 2.) Testing (read: does it compile and work) on AMD64.
>
> Stuart Henderson had some good remarks on integrating the above [3].
> What do you guys think of the following:
>
> What to do with the BIND tools (dig/host/nslookup)?

I would live them alone. They are used in most of the scripts all over
the place.
I.e. have a usr.sbin/bind-utils in the source tree.

> Unbound offers drill. From drill.1: "The name drill is a pun on dig.
> With drill you should be able get even more information than with
> dig.". Proposal therefore is to replace the BIND tools with drill.

Not, see above.

> Do we run unbound-anchor automatically? if so, how do we handle
> possibly not having working DNS at that time to resolve data.iana.org
> (http://data.iana.org) (http://data.iana.org)?
> From unbound-anchor.8 I understand that unbound-anchor can be run
> from the command line, or run as part of startup scripts _before_ the
> actual (unbound) DNS server is started. So there is no need for DNS.
> Proposal therefor is to run unbound-anchor automatically before
> starting the unbound daemon (rc_pre in unbound rc-script).

Agreed.

> How and when do we automatically generate unbound-control keys? if
> so, where should that be done? b&
>
> From unbound-control.8: The script unbound-control-setup generates
> these control keys in the default run directory. If you change the
> access control permissions on the key files you can decide who can
> use unbound-control. Run the script under the same username as you
> have configured in unbound.conf or as root, so that the daemon is
> permitted to read the files, for example with: sudo -u unbound
> unbound-control-setup. If you have not configured a username in
> unbound.conf, the keys need read permission for the user credentials
> under which the daemon is started. The script preserves private keys
> present in the directory. After running the script as root, turn on
> control-enable in unbound.conf.
> The unbound-control-script can be called from rc->make_keys(). The
> knob 'control-enable' can be set as default.

unbound-control should be renamed to more convenient 'unboundctl'.

> After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A
> bit to large to send to this list. if anyone feels like looking at
> the workb&do not hesitate to mail me.
>
> Again, what do you guys think?
>
> Kind regards,
>
> BjC6rn
>
>
> [1] http://marc.info/?l=openbsd-misc&m=132205020820910&w=2
> [2] http://marc.info/?l=openbsd-tech&m=132573371521516&w=2
> [3] http://marc.info/?l=openbsd-misc&m=132217547525487&w=2

Re: CVS checkout for OPENBSD_5_0 : aborted

[Richard Toohey]

On 14/02/2012, at 8:41 PM, Giridhari wrote:

> I'm not sure what you mean. Are you suggesting I should read up on how to
> operate cvs, or is there something specific about CVS and OPenBSD I should
> be aware of? I'm following the faq. I have updated several times in the
past
> with CVS with no trouble at all.

Google's first result (for me, hard to tell these days what other people will
get - with the Google filter bubble):

http://www.openbsd.org/faq/faq5.html#snake

It's hard to tell from your email what step(s) you've followed, so it's hard
to help you.

>
> -Original Message- From: Richard Toohey
> Sent: Tuesday, February 14, 2012 5:15 PM
> To: Giridhari
> Cc: misc@openbsd.org
> Subject: Re: CVS checkout for OPENBSD_5_0 : aborted
>
> On 14/02/2012, at 5:01 PM, Giridhari wrote:
>
>> HELO
>>
>> have tried a cvs checkout of OPENBSD_5_0 several times in the last week or
> two
>> and have seen cvs abort:
>>
>>
>>
>> cvs checkout: Updating src/games/snake
>> cvs [chckout aborted]: could not chdir to src/games/snake/snake : Not a
>> directory
>>
>> Could someone have a look at this please.
>>
> Have you tried Google yet?

Re: CVS checkout for OPENBSD_5_0 : aborted

[patrick keshishian]

On Mon, Feb 13, 2012 at 11:59 PM, Giridhari  wrote:
> $ ls -F src/games/snake/
>
> did you `make build' without `make obj' first?
>
> --patrick
>
> I'm not sure why I would do that. CVS doesn't build anything. Can you
> explain a bit about why you suggest that? Please excuse me if I don't know
> what you mean.

One reason one might use cvs to get the OpenBSD sources is to build
the system using these sources.

--patrick

Re: Unbound in base

[Peter van Oord van der Vlies]

Hello,

Why replacing bind ?

Kind Regards

Peter

- Oorspronkelijk bericht -
Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl]
Verzonden: Monday, February 13, 2012 10:35 PM
Aan: misc@openbsd.org
; t...@openbsd.org 
Onderwerp: Unbound in base

Hello,

After some recent discussions [1, 2] on the topic of unbound in base, and
(more important) really liking the idea of an alternative for BIND in base, I
made a start with fitting the different pieces of the puzzle. What is
finished:

1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of relevant
Makefile wrappers. Wrapper script also compiles and installs drill;
2.) Testing (read: does it compile and work) on AMD64.

Stuart Henderson had some good remarks on integrating the above [3]. What do
you guys think of the following:

What to do with the BIND tools (dig/host/nslookup)?

Unbound offers drill. From drill.1: "The name drill is a pun on dig. With
drill you should be able get even more information than with dig.". Proposal
therefore is to replace the BIND tools with drill.

Do we run unbound-anchor automatically? if so, how do we handle possibly not
having working DNS at that time to resolve data.iana.org
(http://data.iana.org) (http://data.iana.org)?

>From unbound-anchor.8 I understand that unbound-anchor can be run from the
command line, or run as part of startup scripts _before_ the actual (unbound)
DNS server is started. So there is no need for DNS. Proposal therefor is to
run unbound-anchor automatically before starting the unbound daemon (rc_pre
in
unbound rc-script).



How and when do we automatically generate unbound-control keys? if so, where
should that be done? b&

>From unbound-control.8: The script unbound-control-setup generates these
control keys in the default run directory. If you change the access control
permissions on the key files you can decide who can use unbound-control. Run
the script under the same username as you have configured in unbound.conf or
as root, so that the daemon is permitted to read the files, for example with:
sudo -u unbound unbound-control-setup. If you have not configured a username
in unbound.conf, the keys need read permission for the user credentials under
which the daemon is started. The script preserves private keys present in the
directory. After running the script as root, turn on control-enable in
unbound.conf.

The unbound-control-script can be called from rc->make_keys(). The knob
'control-enable' can be set as default.

After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to
large to send to this list. if anyone feels like looking at the workb&do not
hesitate to mail me.

Again, what do you guys think?

Kind regards,

BjC6rn


[1] http://marc.info/?l=openbsd-misc&m=132205020820910&w=2
[2] http://marc.info/?l=openbsd-tech&m=132573371521516&w=2
[3] http://marc.info/?l=openbsd-misc&m=132217547525487&w=2

Re: Unbound in base

[Vitali]

On Tue, Feb 14, 2012 at 10:09 AM, Peter van Oord van der Vlies
 wrote:
> Hello,
>
> Why replacing bind ?

That's a good question, Peter. Welcome aboard.
https://www.isc.org/software/bind/advisories/cve-2012-1033

>
> Kind Regards
>
> Peter


--
### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le
Puits
Dans L'Ombre ###

Keeping installed ports up-to-date

[Giridhari]

HELO,

whatbs the correct procedure for keeping ports that are installed up to date
when the system is updated with CVS?

Do I need to make uninstall the ports, perform the cvs update, build the new
system and then make the new ports?

Giridhari

Re: Unbound in base

[Gregory Edigarov]

On Tue, 14 Feb 2012 08:09:16 +
Peter van Oord van der Vlies  wrote:

> Hello,
> 
> Why replacing bind ?
Because bind is full of security related bugs and a bloatware.

Yours C. O.

> Kind Regards
> 
> Peter
> 
> - Oorspronkelijk bericht -
> Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl]
> Verzonden: Monday, February 13, 2012 10:35 PM
> Aan: misc@openbsd.org
> ; t...@openbsd.org 
> Onderwerp: Unbound in base
> 
> Hello,
> 
> After some recent discussions [1, 2] on the topic of unbound in base,
> and (more important) really liking the idea of an alternative for
> BIND in base, I made a start with fitting the different pieces of the
> puzzle. What is finished:
> 
> 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of
> relevant Makefile wrappers. Wrapper script also compiles and installs
> drill; 2.) Testing (read: does it compile and work) on AMD64.
> 
> Stuart Henderson had some good remarks on integrating the above [3].
> What do you guys think of the following:
> 
> What to do with the BIND tools (dig/host/nslookup)?
> 
> Unbound offers drill. From drill.1: "The name drill is a pun on dig.
> With drill you should be able get even more information than with
> dig.". Proposal therefore is to replace the BIND tools with drill.
> 
> Do we run unbound-anchor automatically? if so, how do we handle
> possibly not having working DNS at that time to resolve data.iana.org
> (http://data.iana.org) (http://data.iana.org)?
> 
> From unbound-anchor.8 I understand that unbound-anchor can be run
> from the command line, or run as part of startup scripts _before_ the
> actual (unbound) DNS server is started. So there is no need for DNS.
> Proposal therefor is to run unbound-anchor automatically before
> starting the unbound daemon (rc_pre in
> unbound rc-script).
> 
> 
> 
> How and when do we automatically generate unbound-control keys? if
> so, where should that be done? b&
> 
> From unbound-control.8: The script unbound-control-setup generates
> these control keys in the default run directory. If you change the
> access control permissions on the key files you can decide who can
> use unbound-control. Run the script under the same username as you
> have configured in unbound.conf or as root, so that the daemon is
> permitted to read the files, for example with: sudo -u unbound
> unbound-control-setup. If you have not configured a username in
> unbound.conf, the keys need read permission for the user credentials
> under which the daemon is started. The script preserves private keys
> present in the directory. After running the script as root, turn on
> control-enable in unbound.conf.
> 
> The unbound-control-script can be called from rc->make_keys(). The
> knob 'control-enable' can be set as default.
> 
> After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A
> bit to large to send to this list. if anyone feels like looking at
> the workb&do not hesitate to mail me.
> 
> Again, what do you guys think?
> 
> Kind regards,
> 
> BjC6rn
> 
> 
> [1] http://marc.info/?l=openbsd-misc&m=132205020820910&w=2
> [2] http://marc.info/?l=openbsd-tech&m=132573371521516&w=2
> [3] http://marc.info/?l=openbsd-misc&m=132217547525487&w=2

Re: Keeping installed ports up-to-date

[Peter N. M. Hansteen]

On Tue, Feb 14, 2012 at 07:06:26PM +1030, Giridhari wrote:
> whatbs the correct procedure for keeping ports that are installed up to
date
> when the system is updated with CVS?

Use packages. Set your PKG_PATH to something appropriate - since I'm based in
northern Europe,
the .profile for a i386 box of mine contains this line:

export
PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/`uname -m`/

then use pkg_add -vui or similar to fetch and install updated packages that
may be available.

Only very rarely does it make sense to build packages locally. Also the FAQ is
your best friend,
in this case specifically part 15 - http://www.openbsd.org/faq/faq15.html

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD 5.1 - snapshot - bsd.mp only detects one CPU of dual-processor AOpen DX34 Plus board

[Adriaan]

On 2/14/12, Brynet  wrote:
> On Mon, Feb 13, 2012 at 11:34:59PM +0100, Adriaan wrote:
>> ...
>> OpenBSD 5.1 (GENERIC.MP) #187: Sat Feb 11 12:30:14 MST 2012
>> apm0 at bios0: Power Management spec V1.2
>> acpi at bios0 function 0x0 not configured
>> ..
>>
>> I need the machine right now for testing my new Internet line, but in
>> two or three days, I could install some older snapshots or 5.0 to find
>> out about which time this regression occurred.
>>
>> Adriaan
>
> Hmm, your system doesn't have legacy MP tables. You'll need to use acpi
> to bootstrap the other processor.

A year ago, with a 4.9 snapshot  the acpi stuff on that box was
configured, and both CPUs detected.

OpenBSD 4.9 (GENERIC.MP) #785: Fri Feb 18 14:16:01 MST 2011
  t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 857 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE
real mem  = 536375296 (511MB)
avail mem = 517447680 (493MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/20/02, BIOS32 rev. 0 @
0xf0230, SMBIOS rev. 2.3 @ 0xfa920 (44 entries)
bios0: vendor AOpen version "V4.0 R1.22EN" date 02/20/2002
bios0: AOpen DX34 Plus
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices PCI0(S1) KBC0(S1) PS2M(S1) UAR1(S1) UAR2(S1)
USB0(S1) USB1(S1)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat

>
> 'disable apm' in config(8) or UKC.
>
> -Bryan.
>
So how would you explain that? ;)

Adriaan

Re: Unbound in base

[Björn Ketelaars]

2012/2/13 Stuart Henderson :
...
>> After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit
to
>> large to send to this list. if anyone feels like looking at the workb&do
not
>> hesitate to mail me.
>
> Please do. It would be nice to put them on a public server.
>

WIP can be found here:

http://goo.gl/BIRR5

.tar.gz contains a README which explains the status


--
Bjvrn Ketelaars

Re: Unbound in base

[Stuart Henderson]

Let's not crosspost replies, misc is more suitable for this one.
CCs trimmed.

On 2012/02/14 08:09, Peter van Oord van der Vlies wrote:
> Hello,
> 
> Why replacing bind ?

The version we have is in need of an update. Due to some of the design
decisions made for BIND 10 that's not really going to be suitable for
inclusion in base so even if we were to update to a newer BIND 9 now,
we'd still need to look elsewhere in future, so considering that
something fairly suitable is already available, imho rather than
update BIND (which is not just a simple task of importing the code,
we have quite a few local changes which can't be applied directly),
it makes more sense to move directly there,

Re[2]: Unbound in base

[Mo Libden]

14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov :
> On Tue, 14 Feb 2012 08:09:16 +
> Peter van Oord van der Vlies  wrote:
> 
> > Hello,
> >
> > Why replacing bind ?
> 
> Because bind is full of security related bugs and a bloatware.

Oh come on!
They say about the same thing about sendmail for years (decades already?).
Still it is in the base.

Are you spreading FUD here, or there are real cases with the version of BIND 
that is in the base?

> Yours C. O.

Re: OpenBSD 5.1 - snapshot - bsd.mp only detects one CPU of dual-processor AOpen DX34 Plus board

[Brynet]

On Tue, Feb 14, 2012 at 10:00:52AM +0100, Adriaan wrote:
> A year ago, with a 4.9 snapshot  the acpi stuff on that box was
> configured, and both CPUs detected.

For some reason the probe for apm fails on your system in 4.9, so acpi
was allowed to attach.

In later releases, it seems the probe for apm succeeds, which is
prefered for older systems.

Unfortunately for you the BIOS vendor didn't include MP tables, so the
decision to use apm over acpi means the kernel is now unaware of additional
processors.

Check for BIOS knobs? or.. as previously suggested:

> > 'disable apm' in config(8) or UKC.
> >
> > -Bryan.
> >
> So how would you explain that? ;)
> 
> Adriaan

Hmm, what were you unable to understand about that?

-Bryan.

Re: Unbound in base

[Peter Hessler]

On 2012 Feb 14 (Tue) at 13:23:01 +0400 (+0400), Mo Libden wrote:
:14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov
:
:> On Tue, 14 Feb 2012 08:09:16 +
:> Peter van Oord van der Vlies  wrote:
:>
:> > Hello,
:> >
:> > Why replacing bind ?
:>
:> Because bind is full of security related bugs and a bloatware.
:
:Oh come on!
:They say about the same thing about sendmail for years (decades already?).
:Still it is in the base.

Did you notice that there is lots of work being done to replace sendmail?

Yes, there is an interest in replacing bind (and sendmail).  However, we
are doing it slowly and cautiously, to ensure we do not make the
situation worse.


--
Any sufficiently advanced technology is indistinguishable from a rigged
demo.

Re: Unbound in base

[Gregory Edigarov]

On Tue, 14 Feb 2012 13:23:01 +0400
Mo Libden  wrote:

> 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov
> :
> > On Tue, 14 Feb 2012 08:09:16 +
> > Peter van Oord van der Vlies 
> > wrote:
> >
> > > Hello,
> > >
> > > Why replacing bind ?
> >
> > Because bind is full of security related bugs and a bloatware.
>
> Oh come on!
> They say about the same thing about sendmail for years (decades
> already?). Still it is in the base.
>
> Are you spreading FUD here, or there are real cases with the version
> of BIND that is in the base?

well, better answer was just given by stu@.
BIND 10 requires at least Python 3.1

--
With best regards,
Gregory Edigarov

Re: Unbound in base

[Oliver Peter]

On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote:
> 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov
:
> > On Tue, 14 Feb 2012 08:09:16 +
> > Peter van Oord van der Vlies  wrote:
> >
> > > Hello,
> > >
> > > Why replacing bind ?
> >
> > Because bind is full of security related bugs and a bloatware.
>
> Oh come on!
> They say about the same thing about sendmail for years (decades already?).
> Still it is in the base.

smtpd(8) is underway. Also there is no proper MTA implementation out
there served under the BSD license (i.e. Postfix has IBM license).

Unbound (and also nsd) is a good and lightweight alternative to
sendmail using the BSD license.  License stuff is more important than
it sounds.

IMO the separate development of a resolver (unbound) and an authoritive
nameserver (nsd) is better than having all functionality within one
server (named).

--
Oliver PETER   oli...@opdns.de   0x456D688F

Lenovo E320: strange things happen with X

[Rod Whitworth]

dmesg is under the story, of course.

I have been following 5.0 current through 5.1 beta updating from CVS
and 
building through to release and a CD so that I can track stuff.

When my smooth red new Thinkpad arrived I decided to use it to try out
my latest 5.1beta CD. So I shoved win7 aside and left a big chunk of
space for the A6 beauty.

I even got game and allowed it to boot into X. Big mistake. As soon as
I tried to switch to a Vconsole it seemed like the whole thing siezed
up. That is really true as we will see later.

Next I booted from the CD and used the install shell to comment out the
rc.conf.local xdm line on the mounted sd0a/etc.

Rebooting let me log in to a console session and I fired up sshd so
that another box could log in running top so that I could tell if the
thing was truly locked-up. Running startx presented me with the default
wndow and I could do stuff there but attempting to go to another
console session made it look to be frozen but the remote box running
top over ssh proved that it was not.

I found out that if I did Ctl-Alt-F5 on the "dead" X window, it brought
X back to life

Having done as well as I could in choosing a Tpad with mostly OpenBSD
friendly bits, I don't like the idea of just running a bunch of "glass
teleprinters".

Any other tests I can do to get more clues for the clueful?

Oh, the dmesg shows the usb stick I copied to to get it here. Not a
part of the kit.

dmesg: (I'm sending a copy to the openbsd collection and I'll send one
to the publically available collection if somebody reminds me of where
it can be found. I did send one for my previous laptop but that was
in'09)
==
OpenBSD 5.1-beta (GENERIC.MP) #5: Tue Feb  7 08:26:54 EST 2012
r...@nero.witworx.com:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ("GenuineIntel"
686-class) 
2.50 GHz
cpu0

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFL
USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,D
S-
CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSA
VE,
AVX,LAHF
real mem  = 3133054976 (2987MB)
avail mem = 3071692800 (2929MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/30/11, BIOS32 rev. 0 @
0xfc000, 
SMBIOS rev. 2.6 @ 0xe0830 (71 entries)
bios0: vendor LENOVO version "8NET32WW (1.16 )" date 12/01/2011
bios0: LENOVO 1298CTO
acpi0 at bios0: rev 4
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC SSDT SSDT UEFI UEFI
UEFI
acpi0: wakeup devices P0P1(S4) EHC1(S3) EHC2(S3) HDEF(S4) PXSX(S4)
RP01(S4) 
PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4)

PXSX(S4) RP06(S4) PXSX(S4) BLAN(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4)

PEG0(S4) PEGP(S4) PEG1(S4) PEG2(S4) PEG3(S4) LID_(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 99MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ("GenuineIntel"
686-class) 
2.50 GHz
cpu1

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFL
USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,D
S-
CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSA
VE,
AVX,LAHF
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ("GenuineIntel"
686-class) 
2.50 GHz
cpu2

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFL
USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,D
S-
CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSA
VE,
AVX,LAHF
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ("GenuineIntel"
686-class) 
2.50 GHz
cpu3

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFL
USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,D
S-
CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSA
VE,
AVX,LAHF
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus 2 (RP02)
acpiprt4 at acpi0: bus 3 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus 8 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpiec0 at acpi0
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpicpu2 at acpi0: C2, C1, PSS
acpicpu3 at acpi0: C2, C1, PSS
acpitz0 at acpi0: critical temperature is 100 degC
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model "42T4951" serial 10775 ty

Re: Lenovo E320: strange things happen with X

[David Coppa]

On Tue, Feb 14, 2012 at 11:33 AM, Rod Whitworth  wrote:
> dmesg is under the story, of course.
>
> I have been following 5.0 current through 5.1 beta updating from CVS
> and
> building through to release and a CD so that I can track stuff.
>
> When my smooth red new Thinkpad arrived I decided to use it to try out
> my latest 5.1beta CD. So I shoved win7 aside and left a big chunk of
> space for the A6 beauty.
>
> I even got game and allowed it to boot into X. Big mistake. As soon as
> I tried to switch to a Vconsole it seemed like the whole thing siezed
> up. That is really true as we will see later.
>
> Next I booted from the CD and used the install shell to comment out the
> rc.conf.local xdm line on the mounted sd0a/etc.
>
> Rebooting let me log in to a console session and I fired up sshd so
> that another box could log in running top so that I could tell if the
> thing was truly locked-up. Running startx presented me with the default
> wndow and I could do stuff there but attempting to go to another
> console session made it look to be frozen but the remote box running
> top over ssh proved that it was not.
>
> I found out that if I did Ctl-Alt-F5 on the "dead" X window, it brought
> X back to life
>
> Having done as well as I could in choosing a Tpad with mostly OpenBSD
> friendly bits, I don't like the idea of just running a bunch of "glass
> teleprinters".

It's a known bug with Intel Sandybridge: support for this GPU is far
from being optimal.

ciao,
David

linux xterm + openbsd "vi"

[Илья Шипицин]

Hello!

is anybody using linux xterm (or gnu terminal) + openbsd "vi" ?
it breaks "home/end" keys.

Google says things about utf-8 and non-utf8 terminals, some people tell to
fix terminfo/termcap.
I do not have any idea, what exactly to fix there.

I tried things, without result.

any advice ?

Ilya Shipitsin

Re: Lenovo E320: strange things happen with X

[Rod Whitworth]

On Tue, 14 Feb 2012 11:48:35 +0100, David Coppa wrote:

>It's a known bug with Intel Sandybridge: support for this GPU is far
>from being optimal.
>

There goes $552.59 ... ;((

I guess I'd bettr watch the commit messages closely for good news. We
live in hope.

Thanx for the message, even if it's bad news. I don't have to try lots
of desperate tricks to investigate further.


*** NOTE *** Please DO NOT CC me. I  subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: Lenovo E320: strange things happen with X

[Fred Crowson]

On 14 February 2012 11:41, Rod Whitworth  wrote:
> There goes $552.59 ... ;((
>
> I guess I'd bettr watch the commit messages closely for good news. We
> live in hope.
>
> Thanx for the message, even if it's bad news. I don't have to try lots
> of desperate tricks to investigate further.

The public dmesg database is at: http://www.nycbug.org/index.php?NAV=dmesgd

hth

Fred

Re: Lenovo E320: strange things happen with X

[Rod Whitworth]

On Tue, 14 Feb 2012 12:34:43 +, Fred Crowson wrote:

>On 14 February 2012 11:41, Rod Whitworth  wrote:
>> There goes $552.59 ... ;((
>>
>> I guess I'd bettr watch the commit messages closely for good news. We
>> live in hope.
>>
>> Thanx for the message, even if it's bad news. I don't have to try lots
>> of desperate tricks to investigate further.
>
>The public dmesg database is at: http://www.nycbug.org/index.php?NAV=dmesgd
>
>hth
>
>Fred
>

Thanks Fred,
If you come back to Aussie sometime I'll buy you a beer.

Boags if you like!

Rod/

Re: Unbound in base

[Henning Brauer]

* Peter van Oord van der Vlies  [2012-02-14 
09:11]:
> Why replacing bind ?

1) because it's shit (yes yes vixie, the next release won't be written
   by drunken grad students and fix all design and implementation issues,
   we hear that since bind4 at least)
2) it's a dead end anyway - i have never seen such a dramatic design
   fuckup as the bind10 design docs, and anything depending on PYTHON
   (gimme a break) will never make it into base anyway.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

(DESCARGA GRATUITA) Optimice sus Tiempos Envie su Declaracion Informativa de Sueldos y Salarios con Carga Batch

[Corporativo Fiscal Decada SC]

Si no puede ver esta informacisn haga click aqum

[IMAGE]

OPTIMICE SUS TIEMPOS
Envme su Declaracisn Informativa de Sueldos y Salarios con Carga Batch

Corporativo Fiscal Dicada (COFIDE) pone a su disposicisn de forma
gratuita la "Carga Batch" para que presente oportunamente su Declaracisn
Anual de S y S

Ingrese a esta Comunidad Fiscal y Descarguelo AHORA !

Si usted azn no es parte de esta Nueva Comunidad Fiscal, Regmstrese AHORA!
y obtenga grandes beneficios

POLMTICAS DE CANCELACISN

Corporativo Fiscal Dicada, S.C. posee una rmgida polmtica contra el
SPAMming, por lo que respetamos su privacidad. Por favor, si usted no
desea recibir mas informacisn y comunicados sobre Corporativo Fiscal
Dicada, S.C. o considera que recibis por error este e-mail, le suplicamos
haga click aqum, escriba su nombre y lo daremos de baja inmediatamente de
nuestra base de datos.
PROGRAMACION COFIDE

FEBRERO 2012





(1) JUEVES 02

RESOLUCISN MISCELANEA 2012

SEDE TLALNEPANTLA

Duracisn:6 Hrs.

De:  09:00 A 15:00 Hrs.

Desayuno de: 08:00 A 09:00 Hrs.

Expositor:   C.P.C Y E.F.  LUIS GUILLERMO DELGADO PEDROZA

Inversisn:   $ 1,800.00 mas IVA





(2) JUEVES 02 

COMPROBANTES FISCALES DIGITALES "FACTURACION ELECTRONICA" (CON NUEVAS 
DISPOSICIONES)

Duracisn:   5 Hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 a 09:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA

Inversisn:  $1,500.00 mas IVA





(3) VIERNES 03 Y SABADO 04

BASE DE DATOS, CARGA BATCH, APLICACIONES PARA EL SUA E INFORMATIVAS

Duracisn:   10 Hrs.

Viernes 03

De: 15:00 A 20:00 Hrs.

Comida de:  14:00 a 15:00 Hrs.

Sabado 04

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs

Expositor:  C.P.C Y E.F. JOSI MARTIN PONCE ROSAS

Inversisn:  $3,000.00 mas IVA 





(4) MIERCOLES 08

PLATAFORMA DEL SAT: PAGOS REFERENCIADOS Y SOLUCISN INTEGRAL (OBLIGATORIO PARA 
TODAS LAS PERSONAS MORALES)

Duracisn:   5 Hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA

Inversisn:  $ 1,500.00 mas IVA







(5) MIIRCOLES 08

TALLER DE ELABORACISN DE CARGA BATCH PARA DECLARACIONES INFORMATIVAS (NECESARIO 
LLEVAR COMPUTADORA)

Duracisn:   5 Hrs.

De: 15:00 A 20:00 Hrs.

Comida de:  14:00 A 15:00 Hrs.

Expositor:  L.C. Y E.F.  JOSI MARTIN PONCE ROSAS

Inversisn:  $1,500.00  mas IVA





(6) JUEVES 09

ANALISIS PRACTICO DE DECLARACIONES INFORMATIVAS (INCLUYE SUELDOS Y SALARIOS CON 
CARGA BATCH)

Duracisn:   8 Hrs.

De: 09:00 A 18:00 Hrs.

Comida de:  14:00 A 15:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA

C.P.C Y E.F. JOSI MARTIN PONCE ROSAS

Inversisn:  $2,450.00 mas IVA 





(7) VIERNES 10

CIERRE DEL EJERCICIO FISCAL 2011

Duracisn:   5 Hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs.

Expositor:  C.P.C Y E.F.  LUIS GUILLERMO DELGADO PEDROZA

Inversisn:  $1,600.00 mas IVA





(8) VIERNES 10

PLATAFORMA DEL SAT: PAGOS REFERENCIADOS Y SOLUCISN INTEGRAL (OBLIGATORIO PARA 
TODAS LAS PERSONAS MORALES)

SEDE TLALNEPANTLA

Duracisn:   5 Hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA

Inversisn:  $ 1,500.00 mas IVA





(9) VIERNES 10

DEFENSA FISCAL ESTRATIGICA APLICACISN PRACTICA SAT, IMSS E INFONAVIT

Duracisn:   5 Hrs.

De: 15:00 A 20:00 Hrs.

Comida de:  14:00 a 15:00 Hrs.

Expositor:  LIC. RAFAEL RIVERA PRADO

Inversisn:  $1,500.00 mas IVA





(10) SABADO 11 

PLATAFORMA DEL SAT: PAGOS REFERENCIADOS Y SOLUCISN INTEGRAL (OBLIGATORIO PARA 
TODAS LAS PERSONAS MORALES)

Duracisn:   5 Hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA

Inversisn:  $1,500.00 mas IVA





(11) MIERCOLES 15

TRATAMIENTO FISCAL DE SOCIEDADES CIVILES

Duracisn:   5 Hrs.

De: 15:00 A 20:00 Hrs.

Comida de:  14:00 A 15:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA 

Inversisn:  $ 1,500.00 mas IVA





(12) JUEVES 16

LIQUIDACISN DE SOCIEDADES

Duracisn:   5 Hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs.

Expositor:  C.P.C Y E.F.  GADIEL ARAGSN PERALTA 

Inversisn:  $ 1,750.00 mas IVA







(13) JUEVES 16

ANALISIS DEL CONTROL INTERNO (NECESARIO DICTAMEN 2011)

Duracisn:   5 Hrs.

De: 15:00 A 20:00 Hrs.

Comida de:  14:00 A 15:00 Hrs.

Expositor:  M.A. EDUARDO MAUBED VIVEROS

Inversisn:  $1,500.00 mas IVA 





(14) SABADO 18

IMSS LA MEJOR OPCISN PARA PENSIONARSE (Ley del Seguro Social 1973) INFASIS EN 
RECUPERACISN DE CUOTAS DE INFONAVIT

Duracisn:   5 hrs.

De: 09:00 A 14:00 Hrs.

Desayuno de:08:00 A 09:00 Hrs.

Expositores:C.P.C. CECILIA BRAVO NAVARRO 

Re: Unbound in base

[Steffen Daode Nurpmeso]

Henning Brauer wrote [2012-02-14 13:52+0100]:
> anything depending on PYTHON

MY WOMAN!

> (gimme a break)

Aeh.
Man.

> will never make it into base anyway.

If it were true!

--steffen

Despite ftp-proxy anchor, pf blocks outgoing ftp connetion from Filezilla

[Nikola Knežević]

Hi,

I'm running into a problem on a Soekris firewall I manage. It is a Soekris
net6501, running OpenBSD 5.0-stable.
On this machine, I run pf and ftp-proxy (ftp-proxy="" in rc.conf.local). There
are 4 NICs on this machine, one is for the internal traffic, one for the DMZ,
one for the phone network and one external.

There is one remote FTP server (not on our network), that we need to access.
However, when using Filezilla on Windows, the pf drops some packets. When
using the command line ftp on Linux and Windows, the connection works. My
"workaround" was to set Filezilla to establish connections in the active mode,
and change the ftp-proxy correspondingly (ftp-proxy="-r"). However, we would
like to have the whole system running with passive connections.


As you can see below, ftp-proxy inserts a rule to allow traffic to the ftp
server 50.22.96.60:45337, however, pf drops that one:
Feb 14 15:43:03.055902 rule 19/(match) block out on em1: gate..50641 >
50.22.96.60-static.reverse.softlayer.com.45337: S 2268496888:2268496888(0) win
65535  (DF)

Now, I am aware that the anchor is bound to the address of the local machine
(10.0.10.30), and pf correctly drops the packet. However, I don't know what to
do to allow this kind of traffic?

Thanks,
Nikola

# The console in Filezilla:
Status: Connected
Status: Retrieving directory listing...
Command:PWD
Response:   257 "/" is your current location
Command:TYPE I
Response:   200 TYPE is now 8-bit binary
Command:PASV
Response:   227 Entering Passive Mode (50,22,96,60,206,25)
Command:MLSD
Error:  Connection timed out
Error:  Failed to retrieve directory listing


# The output of ftp-proxy:
#60 accepted connection from 10.0.10.30
#60 FTP session 2/100 started: client 10.0.10.30 to server 50.22.96.60 via
proxy 
#60 server: 220-- Welcome to Pure-FTPd [privsep] [TLS] --\r\n
#60 server: 220-You are user number 1 of 50 allowed.\r\n
#60 server: 220-Local time is now 08:43. Server port: 21.\r\n
#60 server: 220-This is a private system - No anonymous login\r\n
#60 server: 220-IPv6 connections are also welcome on this server.\r\n
#60 server: 220 You will be disconnected after 15 minutes of inactivity.\r\n
#60 client: USER @ \r\n
#60 server: 331 User @ OK. Password required\r\n
#60 client: PASS **\r\n
#60 server: 230-OK. Current restricted directory is /\r\n
#60 server: 230 1577608 Kbytes used (30%) - authorized: 512 Kb\r\n
#60 client: PWD\r\n
#60 server: 257 "/" is your current location\r\n
#60 client: TYPE I\r\n
#60 server: 200 TYPE is now 8-bit binary\r\n
#60 client: PASV\r\n
#60 server: 227 Entering Passive Mode (50,22,96,60,177,25)\r\n
#60 passive: client to server port 45337 via port 52761
#60 proxy: 227 Entering Passive Mode (50,22,96,60,206,25)\r\n
#60 client: MLSD\r\n
#60 client close
#60 ending session


#
And this is the output I see on pflog0 (gate. is our firewall):
Feb 14 15:43:01.851117 rule 70/(match) pass in on em0: 10.0.10.30.56888 >
50.22.96.60-static.reverse.softlayer.com.ftp: S 3508732651:3508732651(0) win
8192  (DF)
Feb 14 15:43:03.055746 rule 73.804.60.0/(match) pass in on em0:
10.0.10.30.56889 > 50.22.96.60-static.reverse.softlayer.com.45337: S
2268496888:2268496888(0) win 65535 
(DF)
Feb 14 15:43:03.055902 rule 19/(match) block out on em1: gate..50641 >
50.22.96.60-static.reverse.softlayer.com.45337: S 2268496888:2268496888(0) win
65535  (DF)
Feb 14 15:43:06.053164 rule 19/(match) block out on em1: gate..65096 >
50.22.96.60-static.reverse.softlayer.com.45337: S 2268496888:2268496888(0) win
65535  (DF)



#
This is the anchor installed by "/usr/sbin/ftp-proxy -D 7 -v -d":
@0 pass in log quick on rdomain 0 inet proto tcp from 10.0.10.30 to
50.22.96.60 port = 52761 flags S/SA keep state (max 1) rtable 0 rdr-to
50.22.96.60 port 45337 prio 0
  [ Evaluations: 12Packets: 4 Bytes: 216 States: 1
]
  [ Inserted: uid 71 pid 804 State Creations: 1 ]
@1 pass out log quick on rdomain 0 inet proto tcp from 10.0.10.30 to
50.22.96.60 port = 45337 flags S/SA keep state (max 1) nat-to  prio 0
  [ Evaluations: 5 Packets: 0 Bytes: 0   States: 0
]
  [ Inserted: uid 71 pid 804 State Creations: 0 ]


#
The relevant parts of the pf.conf are:
antispoof quick for { lo0 $intif $dmzif $phoneif ($extif) }

block in  quick proto icmp6
block out quick proto icmp6
block in  quick inet6
block out quick inet6

block drop log on $extif
block return log on $intif
block return log on $dmzif
block return on $phoneif
block return on $tunif

match out on $extif from $intif:network nat-to ($extif)
match out on $extif from $dmzif:network nat-to ($extif)

# FTP
pass in log on $intif inet proto tcp from $intif:network to !$intif port ftp
divert-to 127.0.0.1 port 8021
pass in on $dmzif inet proto tcp from $dmzif:network to !$dmzif port ftp
divert-to 127.0.0.1 port 8021
pass in on $tunif inet proto tcp from to !$tunif p

Re: Lenovo E320: strange things happen with X

[Mihai Popescu]

> OpenBSD 5.1-beta (GENERIC.MP) #5: Tue Feb  7 08:26:54 EST 2012
>r...@nero.witworx.com:/usr/src/sys/arch/i386/compile/GENERIC.MP

Is it a custom built kernel ?

Re: Unbound in base

[Claus Assmann]

On Tue, Feb 14, 2012, Vitali wrote:
> On Tue, Feb 14, 2012 at 10:09 AM, Peter van Oord van der Vlies

> > Why replacing bind ?

> https://www.isc.org/software/bind/advisories/cve-2012-1033

Bad CVE choice...
That's a design issue in DNS, not a vulnerability in BIND.

And if you want to throw CVEs around:
Unbound VU#209659 CVE-2011-4528
   Unbound denial of service vulnerabilities from nonstandard
   redirection and denial of existence

But at least it seems to have less problems than bind(?)

Re: uaudio0: sync ep address mismatch

[Gregor Pintar]

I tried NetBSD and FreeBSD also. Same problem on NetBSD, but works on FreeBSD.

Is it hard to port FreeBSD's uaudio (/src/sys/dev/sound/usb/uaudio.c)
to OpenBSD?
Could anyone port it or fix this?


2012/1/26, Gregor Pintar :
> More info with UAUDIO_DEBUG enabled.
>
> dmesg:
> uaudio0 at uhub2 port 2 configuration 1 interface 0 "Creative
> Technology USB Sound Blaster HD" rev 1.10/1.00 addr 2
> id 1: AC_INPUT type=UAT_STREAM
>   input0: UAT_STREAM
>   output: UATO_SPEAKER
> id 2: AC_FEATURE src=1
>   input0: UAT_STREAM
>   output: UATO_SPEAKER
> id 3: AC_OUTPUT type=UATO_SPEAKER src=2
>   input0: UAT_STREAM
>   output: UATO_SPEAKER
> id 4: AC_INPUT type=UAT_STREAM
>   input0: UAT_STREAM
>   output: UATE_DIGITALAUIFC
> id 6: AC_OUTPUT type=UATE_DIGITALAUIFC src=4
>   input0: UAT_STREAM
>   output: UATE_DIGITALAUIFC
> id 7: AC_INPUT type=UATE_SPDIF
>   input0: UATE_SPDIF
>   output: UAT_STREAM
> id 9: AC_OUTPUT type=UAT_STREAM src=7
>   input0: UATE_SPDIF
>   output: UAT_STREAM
> id 10:AC_INPUT type=UATI_MICROPHONE
>   input0: UATI_MICROPHONE
>   output: UAT_STREAM
> id 12:AC_INPUT type=UATE_LINECONN
>   input0: UATE_LINECONN
>   output: UAT_STREAM
> id 14:AC_INPUT type=UATF_PHONOGRAPH
>   input0: UATF_PHONOGRAPH
>   output: UAT_STREAM
> id 16:AC_SELECTOR src=10 12 14
>   input0: UATI_MICROPHONE
>   input1: UATE_LINECONN
>   input2: UATF_PHONOGRAPH
>   output: UAT_STREAM
> id 17:AC_OUTPUT type=UAT_STREAM src=16
>   input0: UATI_MICROPHONE UATE_LINECONN UATF_PHONOGRAPH
>   output: UAT_STREAM
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: sync ep address mismatch
> uaudio0: ignored setting with type 8193 format
> uaudio0: ignored setting with type 8193 format
> uaudio0: recording: 2-ch 16-bit 2-byte pcm, 48000Hz
> uaudio0: recording: 2-ch 24-bit 3-byte pcm, 48000Hz
> uaudio0: recording: 2-ch 16-bit 2-byte pcm, 96000Hz
> uaudio0: recording: 2-ch 24-bit 3-byte pcm, 96000Hz
> uaudio0: recording: 2-ch 16-bit 2-byte pcm, 44100Hz
> uaudio0: recording: 2-ch 24-bit 3-byte pcm, 44100Hz
> uaudio0: recording: 2-ch 16-bit 2-byte pcm, 48000Hz
> uaudio0: recording: 2-ch 24-bit 3-byte pcm, 48000Hz
> uaudio0: recording: 2-ch 16-bit 2-byte pcm, 96000Hz
> uaudio0: recording: 2-ch 24-bit 3-byte pcm, 96000Hz
> uaudio0: audio rev 1.00, 3 mixer controls
> audio0 at uaudio0
> uhidev0 at uhub2 port 2 configuration 1 interface 5 "Creative
> Technology USB Sound Blaster HD" rev 1.10/1.00 addr 2
> uhidev0: iclass 3/0, 1 report id
> uhid0 at uhidev0 reportid 1: input=1, output=0, feature=0
> ugen0 at uhub2 port 2 configuration 1 "Creative Technology USB Sound
> Blaster HD" rev 1.10/1.00 addr 2
>
> audioctl:
> name=USB audio
> version=
> config=uaudio
> encodings=slinear_le:16:2:1,slinear_le:24:3:1
> properties=independent
> full_duplex=0
> fullduplex=0
> blocksize=8816
> hiwat=7
> lowat=5
> output_muted=0
> monitor_gain=0
> mode=
> play.rate=44100
> play.sample_rate=44100
> play.channels=2
> play.precision=16
> play.bps=2
> play.msb=1
> play.encoding=slinear_le
> play.gain=127
> play.balance=32
> play.port=0x0
> play.avail_ports=0x0
> play.seek=0
> play.samples=0
> play.eof=0
> play.pause=0
> play.error=0
> play.waiting=0
> play.open=0
> play.active=0
> play.buffer_size=65536
> play.block_size=8816
> play.errors=0
> record.rate=44100
> record.sample_rate=44100
> record.channels=2
> record.precision=16
> record.bps=2
> record.msb=1
> record.encoding=slinear_le
> record.gain=127
> record.balance=32
> record.port=0x0
> record.avail_ports=0x0
> record.seek=0
> record.samples=0
> record.eof=0
> record.pause=0
> record.error=0
> record.waiting=0
> record.open=0
> record.active=0
> record.buffer_size=65536
> record.block_size=8816
> record.errors=0
>
> mixerctl:
> outputs.spkr.mute=off
> outputs.spkr=255,255
> record.sel16-i10i12i14=2

Re: Unbound in base

[Stuart Henderson]

On 2012-02-14, Gregory Edigarov  wrote:
> unbound-control should be renamed to more convenient 'unboundctl'.

and break scripts that are meant to work with cross-OS deployments?

Re: Despite ftp-proxy anchor, pf blocks outgoing ftp connetion from Filezilla

[Stuart Henderson]

Your ftp-proxy anchor is too late, move it *before* the match...nat-to rules


On 2012-02-14, Nikola KneE>eviD  wrote:
> Hi,
>
> I'm running into a problem on a Soekris firewall I manage. It is a Soekris
> net6501, running OpenBSD 5.0-stable.
> On this machine, I run pf and ftp-proxy (ftp-proxy="" in rc.conf.local). There
> are 4 NICs on this machine, one is for the internal traffic, one for the DMZ,
> one for the phone network and one external.
>
> There is one remote FTP server (not on our network), that we need to access.
> However, when using Filezilla on Windows, the pf drops some packets. When
> using the command line ftp on Linux and Windows, the connection works. My
> "workaround" was to set Filezilla to establish connections in the active mode,
> and change the ftp-proxy correspondingly (ftp-proxy="-r"). However, we would
> like to have the whole system running with passive connections.
>
>
> As you can see below, ftp-proxy inserts a rule to allow traffic to the ftp
> server 50.22.96.60:45337, however, pf drops that one:
> Feb 14 15:43:03.055902 rule 19/(match) block out on em1: gate..50641 >
> 50.22.96.60-static.reverse.softlayer.com.45337: S 2268496888:2268496888(0) win
> 65535  (DF)
>
> Now, I am aware that the anchor is bound to the address of the local machine
> (10.0.10.30), and pf correctly drops the packet. However, I don't know what to
> do to allow this kind of traffic?
>
> Thanks,
> Nikola
>
> # The console in Filezilla:
> Status:   Connected
> Status:   Retrieving directory listing...
> Command:  PWD
> Response: 257 "/" is your current location
> Command:  TYPE I
> Response: 200 TYPE is now 8-bit binary
> Command:  PASV
> Response: 227 Entering Passive Mode (50,22,96,60,206,25)
> Command:  MLSD
> Error:Connection timed out
> Error:Failed to retrieve directory listing
>
>
> # The output of ftp-proxy:
> #60 accepted connection from 10.0.10.30
> #60 FTP session 2/100 started: client 10.0.10.30 to server 50.22.96.60 via
> proxy 
> #60 server: 220-- Welcome to Pure-FTPd [privsep] [TLS] --\r\n
> #60 server: 220-You are user number 1 of 50 allowed.\r\n
> #60 server: 220-Local time is now 08:43. Server port: 21.\r\n
> #60 server: 220-This is a private system - No anonymous login\r\n
> #60 server: 220-IPv6 connections are also welcome on this server.\r\n
> #60 server: 220 You will be disconnected after 15 minutes of inactivity.\r\n
> #60 client: USER @ \r\n
> #60 server: 331 User @ OK. Password required\r\n
> #60 client: PASS **\r\n
> #60 server: 230-OK. Current restricted directory is /\r\n
> #60 server: 230 1577608 Kbytes used (30%) - authorized: 512 Kb\r\n
> #60 client: PWD\r\n
> #60 server: 257 "/" is your current location\r\n
> #60 client: TYPE I\r\n
> #60 server: 200 TYPE is now 8-bit binary\r\n
> #60 client: PASV\r\n
> #60 server: 227 Entering Passive Mode (50,22,96,60,177,25)\r\n
> #60 passive: client to server port 45337 via port 52761
> #60 proxy: 227 Entering Passive Mode (50,22,96,60,206,25)\r\n
> #60 client: MLSD\r\n
> #60 client close
> #60 ending session
>
>
> #
> And this is the output I see on pflog0 (gate. is our firewall):
> Feb 14 15:43:01.851117 rule 70/(match) pass in on em0: 10.0.10.30.56888 >
> 50.22.96.60-static.reverse.softlayer.com.ftp: S 3508732651:3508732651(0) win
> 8192  (DF)
> Feb 14 15:43:03.055746 rule 73.804.60.0/(match) pass in on em0:
> 10.0.10.30.56889 > 50.22.96.60-static.reverse.softlayer.com.45337: S
> 2268496888:2268496888(0) win 65535 
> (DF)
> Feb 14 15:43:03.055902 rule 19/(match) block out on em1: gate..50641 >
> 50.22.96.60-static.reverse.softlayer.com.45337: S 2268496888:2268496888(0) win
> 65535  (DF)
> Feb 14 15:43:06.053164 rule 19/(match) block out on em1: gate..65096 >
> 50.22.96.60-static.reverse.softlayer.com.45337: S 2268496888:2268496888(0) win
> 65535  (DF)
>
>
>
> #
> This is the anchor installed by "/usr/sbin/ftp-proxy -D 7 -v -d":
> @0 pass in log quick on rdomain 0 inet proto tcp from 10.0.10.30 to
> 50.22.96.60 port = 52761 flags S/SA keep state (max 1) rtable 0 rdr-to
> 50.22.96.60 port 45337 prio 0
>   [ Evaluations: 12Packets: 4 Bytes: 216 States: 1
> ]
>   [ Inserted: uid 71 pid 804 State Creations: 1 ]
> @1 pass out log quick on rdomain 0 inet proto tcp from 10.0.10.30 to
> 50.22.96.60 port = 45337 flags S/SA keep state (max 1) nat-to  prio 0
>   [ Evaluations: 5 Packets: 0 Bytes: 0   States: 0
> ]
>   [ Inserted: uid 71 pid 804 State Creations: 0 ]
>
>
> #
> The relevant parts of the pf.conf are:
> antispoof quick for { lo0 $intif $dmzif $phoneif ($extif) }
>
> block in  quick proto icmp6
> block out quick proto icmp6
> block in  quick inet6
> block out quick inet6
>
> block drop log on $extif
> block return log on $intif
> block return log on $dmzif
> block return on $phoneif
> block return on $tunif
>
> match out on $extif from $intif:

Re: OpenBSD 5.1 - snapshot - bsd.mp only detects one CPU of dual-processor AOpen DX34 Plus board

[Stuart Henderson]

On 2012-02-14, Adriaan  wrote:
> On 2/14/12, Brynet  wrote:
>> On Mon, Feb 13, 2012 at 11:34:59PM +0100, Adriaan wrote:
>>> ...
>>> OpenBSD 5.1 (GENERIC.MP) #187: Sat Feb 11 12:30:14 MST 2012
>>> apm0 at bios0: Power Management spec V1.2
>>> acpi at bios0 function 0x0 not configured
>>> ..
>>>
>>> I need the machine right now for testing my new Internet line, but in
>>> two or three days, I could install some older snapshots or 5.0 to find
>>> out about which time this regression occurred.
>>>
>>> Adriaan
>>
>> Hmm, your system doesn't have legacy MP tables. You'll need to use acpi
>> to bootstrap the other processor.
>
> A year ago, with a 4.9 snapshot  the acpi stuff on that box was
> configured, and both CPUs detected.

Perhaps that kernel was modified to disable apm.
config -ef /bsd

Re: how to move "advskew" out of hostname.carpXXX ?

[Stuart Henderson]

On 2012-02-13, PP;QQ P(P8P?P8QP8P=  wrote:
>  Hello!
>
> I'd like to sync /etc/hostname.carpXXX files between MASTER and BACKUP, the
> only difference, of course is "advskew" paramter. Is there a way to specify
> it in different config file ?
>
> I seen bug report on fwbuilder (www.fwbuilder.org), which describes
> something called "create_args_carp0", but I didn't found any other presence
> of it:
>
>
> see #2636
> "carp : Incorrect output in rc.conf.local format". Should use
> create_args_carp0 instead of ifconfig_carp0 to set up CARP interface vhid,
> pass and adskew parameters."
>
>
> Cheers,
> Ilya Shipitsin
>
>

Adding something like this currently seems to work, but it's pretty dirty:

`cat /etc/advskew`

Re: Keeping installed ports up-to-date

[Chris Bennett]

On Tue, Feb 14, 2012 at 07:06:26PM +1030, Giridhari wrote:
> HELO,
>
> whatbs the correct procedure for keeping ports that are installed up to
date
> when the system is updated with CVS?
>
> Do I need to make uninstall the ports, perform the cvs update, build the
new
> system and then make the new ports?

If you are running -current or if you update to a newer release AND are
running ports that are NOT in packages then you will need to do the
following:

For -current:
Update your ports tree at the SAME time as you update -current, never
before or after.

make clean
make update
make repackage
make reinstall

For a release upgrade, do the same except only once until you upgrade
again.

Do not use ports if you can use pkg_add -ui instead.


Chris Bennett

Re: Keeping installed ports up-to-date

[Marc Espie]

On Tue, Feb 14, 2012 at 11:50:31AM -0600, Chris Bennett wrote:
> On Tue, Feb 14, 2012 at 07:06:26PM +1030, Giridhari wrote:
> > HELO,
> >
> > whatbs the correct procedure for keeping ports that are installed up to
> date
> > when the system is updated with CVS?
> >
> > Do I need to make uninstall the ports, perform the cvs update, build the
> new
> > system and then make the new ports?
>
> If you are running -current or if you update to a newer release AND are
> running ports that are NOT in packages then you will need to do the
> following:
>
> For -current:
> Update your ports tree at the SAME time as you update -current, never
> before or after.
>
> make clean
> make update
> make repackage
> make reinstall

Huh this reads like an excerpt of freebsd's handbook or something.

if make update works, you have a new package, and it's installed.
The rest isn't needed.

We always, always make package even for updates.

The only trouble is that sometimes, make package won't work if an older
version is already installed (you've got to thank the gnu autohell for
that, mostly).

dpb -R -u -U is also a possibility, though its not 100%.

And out-of-date will tell you which of your ports you need to rebuild.

One longer, more sure-fire procedure would be to
pkg_info -q -m -P -a >list
pkg_delete /var/db/pkg/*
dpb -I list

(e.g., grab the list of packages you really want, zap the old ones, rebuild
them and install with dpb)

network throughput tool suggestion

[Mihai Popescu]

Hi,

I need to test a commercial router for throughtput and I decided to
put it between 2 OpenBSD systems running network benchmark software.
Looking on openports.se I found iperf, netperf and ttcp. Could you
suggest one from them, based on your experience, please ?

Thanks.

Re: Lenovo E320: strange things happen with X

[Rod Whitworth]

On Tue, 14 Feb 2012 17:23:34 +0200, Mihai Popescu wrote:

>> OpenBSD 5.1-beta (GENERIC.MP) #5: Tue Feb  7 08:26:54 EST 2012
>>r...@nero.witworx.com:/usr/src/sys/arch/i386/compile/GENERIC.MP
>
>Is it a custom built kernel ?

No way. I just update from CVS and build as per the FAQ instructions.
In fact I have all of it scripted and I simply run each of the nine
scripts and end up with a CD.

Custom kernels are the product of true geniuses and fools. The gap
between them is wide.

I'm not a genius but I'm smart enough to know my limitations. :-)

>

*** NOTE *** Please DO NOT CC me. I  subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: Unbound in base

[roberth]

On Tue, 14 Feb 2012 17:16:15 + (UTC)
Stuart Henderson  wrote:

> On 2012-02-14, Gregory Edigarov  wrote:
> > unbound-control should be renamed to more convenient 'unboundctl'.
> 
> and break scripts that are meant to work with cross-OS deployments?

nah, he is talking bout convinience, not sanity, eh?

# grep unbound-control ~/.kshrc
alias ubc="/usr/local/sbin/unbound-control"

Re: network throughput tool suggestion

[Christiano F. Haesbaert]

On 14 February 2012 17:59, Mihai Popescu  wrote:
> Hi,
>
> I need to test a commercial router for throughtput and I decided to
> put it between 2 OpenBSD systems running network benchmark software.
> Looking on openports.se I found iperf, netperf and ttcp. Could you
> suggest one from them, based on your experience, please ?
>
> Thanks.
>

We have tcpbench in base, that's what most devs use.

Fotografía Publicitaria

[Lazcano Comunicación]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
image001.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
image002.jpg]

Re: Keeping installed ports up-to-date

[Chris Bennett]

On Tue, Feb 14, 2012 at 08:32:52PM +0100, Marc Espie wrote:
> On Tue, Feb 14, 2012 at 11:50:31AM -0600, Chris Bennett wrote:
> > On Tue, Feb 14, 2012 at 07:06:26PM +1030, Giridhari wrote:
> > > HELO,
> > >
> > > whatbs the correct procedure for keeping ports that are installed up
to
> > date
> > > when the system is updated with CVS?
> > >
> > > Do I need to make uninstall the ports, perform the cvs update, build
the
> > new
> > > system and then make the new ports?
> >
> > If you are running -current or if you update to a newer release AND are
> > running ports that are NOT in packages then you will need to do the
> > following:
> >
> > For -current:
> > Update your ports tree at the SAME time as you update -current, never
> > before or after.
> >
> > make clean
> > make update
> > make repackage
> > make reinstall
>
> Huh this reads like an excerpt of freebsd's handbook or something.
>

Sorry, I pulled this stuff off of www.openbsd.org.

> if make update works, you have a new package, and it's installed.
> The rest isn't needed.
>
> We always, always make package even for updates.

I took the question in a different way.
Sounded to me like a more basic question on the right way to go from a
certain point.
There have been a ton of messages lately from people wanting to build
all kinds of stuff from ports when perfectly good packages are
available.
I was assuming that there was a need to make clear not to build from
ports unless using a FLAVOR not in prebuilt downloadable packages.

>
> The only trouble is that sometimes, make package won't work if an older
> version is already installed (you've got to thank the gnu autohell for
> that, mostly).
>

Feel free to blast me some more if I am still seeing things wrong.

So what I said above will NOT work with these troublesome packages?
I have been using all of the make commands when working on ports, stuff
like make uninstall, etc.
The Porters Handbook seems to suggest that roughly this procedure does
work.

make clean=work flavors packages plist depends
No?

> dpb -R -u -U is also a possibility, though its not 100%.
>
> And out-of-date will tell you which of your ports you need to rebuild.
>
> One longer, more sure-fire procedure would be to
> pkg_info -q -m -P -a >list
> pkg_delete /var/db/pkg/*
> dpb -I list
>
> (e.g., grab the list of packages you really want, zap the old ones, rebuild
> them and install with dpb)
>

Chris Bennett

Re: Keeping installed ports up-to-date

[Marc Espie]

On Tue, Feb 14, 2012 at 04:14:06PM -0600, Chris Bennett wrote:
> So what I said above will NOT work with these troublesome packages?
> I have been using all of the make commands when working on ports, stuff
> like make uninstall, etc.
> The Porters Handbook seems to suggest that roughly this procedure does
> work.
> 
> make clean=work flavors packages plist depends
> No?

(Unless you're a *developer*, or you want to *downgrade* ports,
you should never ever have to run make clean=plist
that's stupid. register-plist catches *bugs*.)

Nope, won't work. You haven't de-installed the troublesome package, so a
new build will still break. (e.g., it doesn't have
make clean=install).


That's the crux of the matter.

Eventually, we'll solve most of these.  Not all of them, not ever. Because
the number of combinations old package installed/new package build is very
very large, so the best we can hope is to fix the most common ones
(having our own libtool for most of the tree does help a great deal).

There are so many things to do... this is not a huge priority. We don't
fix the ports tree, we fix binary packages. Once they're all perfect
(ah ! :) ) we'll fix every little remaining bug in ports.

Promise ! :)

(I'm not promising anything, actually, since there's always always more 
polishing to  do for binary packages proper).

Re: Keeping installed ports up-to-date

[Carson Chittom]

Marc Espie  writes:

> And out-of-date will tell you which of your ports you need to rebuild.
>
> One longer, more sure-fire procedure would be to
> pkg_info -q -m -P -a >list
> pkg_delete /var/db/pkg/*
> dpb -I list

I'm looking at the dpb man page on 5.0-stable.  Did you mean "-P" on
that last line?

Re: Lenovo E320: strange things happen with X

[Fred Crowson]

On 14 February 2012 12:48, Rod Whitworth  wrote:

>
> Boags if you like!

The true nectar - the OpenBSD of beers ;~)

Estados Financieros para Directores No Financieros

[Lic. Ericka Camacho]

Aumenta tus posibilidades de crecer profesionalmente.

GuCa de ComprensiC3n de Estados Financieros para Directores No
Financieros

La habilidad de revisar estados financieros y tomar decisiones
inteligentes es esencial para los Directores y Gerentes que dirigen el
rumbo de sus compaC1Cas, sin embargo, para muchos de ellos el mundo de
las finanzas y sus tC)rminos son a menudo B!confusos, poco claros y
frustrantes!, desaprovechando el potencial de esta informaciC3n, cuando
en realidadb& dentro de esos nC:meros se encuentran las respuestas
necesarias para tomar las decisiones claves del negocio.

B!Venga y descubra cC3mo comprender desde un punto de vista ESTRATC GICO,
AMENO Y PRC
CTICO, los diferentes reportes financieros que usted necesita
para dirigir con C)xito su organizaciC3n!, incluyendo:

b"B?QuC) tipo de reportes e informaciC3n financiera necesita y cC3mo
puede usted saber si su departamento financiero estC! actuando
debidamente?
b"B?CC3mo identificar los problemas de la empresa en las fases de
INGRESOS, COSTOS, GASTOS O UTILIDADES?
b"B?CC3mo requiere los reportes? - Modelos prC!cticos, comprensibles y
efectivos.
b"B?CuC!l es la aportaciC3n estratC)gica de los balances, estados de
resultados, flujos de efectivo y otros reportes financieros?
b"B?CC3mo identificar indicadores claves que prevengan del peligro a su
organizaciC3n?
b"B?CC3mo reconocer los problemas del flujo de caja antes de que sea
demasiado tarde?

Programado en :
Monterrey 17 de Febrero
MC)xico D.F. 22 de Febrero
Online en Vivo 23 de Febrero

Para obtener un folleto GRATUITO con la informaciC3n completa, responda
este correo con los siguientes datos:
Empresa:
Nombre:
Puesto:
Tel: ( )
Fecha de interC)s: ( ) Monterrey - ( ) MC)xico, D.F. - ( ) Online en Vivo
E-mail: misc@openbsd.org

Llame a nuestra lada sin costo: 01800 25.010.20

*Les pedimos que compartan esta invitaciC3n con quienes puedan
interesarse.
*Solicite una cotizaciC3n Incompany (Cuento con mC!s de 10 participantes
y me gustarCa llevar este evento a mis instalaciones).

Si desea que su cuenta de correo electrC3nico se elimine de nuestras
listas de distribuciC3n, responda con el asunto 76guiam

Re: how to move "advskew" out of hostname.carpXXX ?

[Илья Шипицин]

I wonder if /etc/rc.conf.local included into hostname.xxx scripts ?

if so, I could use

advskew=100 in rc.conf.local and

$advskew in hostname.xxx later

14 FEWRALQ 2012 G. 23:29 POLXZOWATELX Stuart Henderson
NAPISAL:

> On 2012-02-13, P P;Q Q  P(P8P?P8Q P8P=  wrote:
> >  Hello!
> >
> > I'd like to sync /etc/hostname.carpXXX files between MASTER and BACKUP,
> the
> > only difference, of course is "advskew" paramter. Is there a way to
> specify
> > it in different config file ?
> >
> > I seen bug report on fwbuilder (www.fwbuilder.org), which describes
> > something called "create_args_carp0", but I didn't found any other
> presence
> > of it:
> >
> >
> > see #2636
> > "carp : Incorrect output in rc.conf.local format". Should use
> > create_args_carp0 instead of ifconfig_carp0 to set up CARP interface
> vhid,
> > pass and adskew parameters."
> >
> >
> > Cheers,
> > Ilya Shipitsin
> >
> >
>
> Adding something like this currently seems to work, but it's pretty dirty:
>
> `cat /etc/advskew`