Re: A neat twist on nginx + php-fpm = no input file selected

[Remco]

Scott McEachern wrote:

 And here's where it can't find the file:
 
   23595 php-fpm-5.3 GIO   fd 2 wrote 100 bytes
 ERROR: Unable to open primary script:
 /var/nginx/html/who_is_online.php (No such file or directory)
 
 ...
 
 This problem is a real mystery to me, and I'm hoping I didn't miss
 something crazy-simple.  Can anyone explain it?
 

I'm not familiar with nginx but in general, the crazy-simple explanation I
can think of is that you're running from a chroot.

So the daemon will look for files relative to its chroot.

 
 I stuck with the default php-fpm.conf file, except changing the
 user:group to _nginx and the chroot dir, so I'll just post a diff:
 
 snip
 # diff php-fpm.conf php-fpm.conf.dist
 132,135c132,133
  ;user = www
  ;group = www
  user = _nginx
  group = _nginx
 ---
   user = www
   group = www
 442,443c440
  ;chroot = /var/www
  chroot = /var/nginx
 ---
   chroot = /var/www
 /snip
 
 

If the file on your file system is /var/nginx/html/who_is_online.php, a
daemon chrooted to /var/nginx will see it as /html/who_is_online.php.
If the daemon chrooted to /var/nginx should really
see /var/nginx/html/who_is_online.php, the file should live
in /var/nginx/var/nginx/html/who_is_online.php on your file system.

Hope this helps.

Re: A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

On 02/29/12 03:52, Remco wrote:
I'm not familiar with nginx but in general, the crazy-simple 
explanation I can think of is that you're running from a chroot. So 
the daemon will look for files relative to its chroot. 


That's *hilarious*.

And of course, you're quite right.  It works perfectly fine.  Now, I can 
only hope it stays alive, unlike php-fastcgi...


Thanks Remco!

--
Scott McEachern

Re: A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

On 02/29/12 03:52, Remco wrote:
If the file on your file system is /var/nginx/html/who_is_online.php, 
a daemon chrooted to /var/nginx will see it as 
/html/who_is_online.php. If the daemon chrooted to /var/nginx should 
really see /var/nginx/html/who_is_online.php, the file should live in 
/var/nginx/var/nginx/html/who_is_online.php on your file system. Hope 
this helps. 


Oh, I just wanted to mention one more thing for the archives/google:

php-fpm takes on the chroot of the web server.

Ignore the php-fpm.conf documentation where it says Default value: not 
set and When this value is not set, chroot is not used.  Bah.  :/


--
Scott McEachern

Re: Router project on OpenBSD questions

[Stuart Henderson]

On 2012-02-28, Kaya Saman kayasa...@gmail.com wrote:
 I was planning on getting a 2901 with VDSL2/ADSL2/2+ Annex M card and 8 
 port Gb switch card. But after careful consideration I decided against 
 it as it would issue the same problems for me and be more expensive then 
 going down the OpenBSD route as discussed previously.

 Also 75Mbps is mentioned by Cisco for the 2900 series:

 http://www.cisco.com/en/US/prod/collateral/routers/ps10537/data_sheet_c78_553896.html


 which is pathetic as in the UK fiber networks are slowly becoming more 
 available to the masses - in terms of offerings of up to 1Gbps are 
 available for round #50/month ($75/month (US)).

For the current deployments in the UK the VDSL modem (FTTC) or ONT (for
FTTP) is provided by BT, the demarc point is their ethernet interface
which speaks pppoe. I have OpenBSD boxes running with both of these
now (and you can get 1500 MTU in -current / 5.1 as long as your
network interface supports jumbo frames).

 Even a VDSL2 solution offers up to 100Mbps - depending on distance 
 between local loop and CPE but I'm sure that the 2900 series or 800 
 series VDSL provisioned ISR would struggle to meet those speeds.

 Couple that with 1000+ TCP/IP flows through UDP or TCP packet 
 transactions and any **standard** branch based ISR wouldn't be able to 
 cope :-(

Yep. I think they may cope in some conditions but for real-world usage
they are going to run out of steam with this type of line speed.

 The OpenBSD routing daemons are pretty good. Other than that for
 open-source routing there are some circumstances where BIRD running on
 Linux might be useful (personally I can't stand the config but I'd
 rather run this than Quagga..).

 Coming from FreeBSD background I didn't know of the OpenBSD integration 
 with routing etc... so thanks for the 'wake up call' :-)

We have route priorities, multiple routing tables, MPLS, LDP, pretty
decent BGP support including IP-VPN (OpenBGPd is run at a number
of places including some busy internet exchange points as route-
servers). Yes the routing support is pretty good as far as open-source
OS go :)

 Cool. as once my design is physically built and established I will 
 look at building a PPPoE server and getting a Zyxell cheap DSLAM for 
 #150 (GB) + line cards and emulate an ISP using my would be then 
 redundant Cisco DSL routers..

You'll have to build it from source for now (it's not fully integrated
with the OS yet), but /usr/src/usr.sbin/npppd is a decent daemon for
L2TP LNS and PPPoE.

You may already know this but you can get BT (21cn/20cn)/Be ADSL
and Three 3g presented as an L2TP feed by some UK ISPs.

 Huge project I know but that's what keeps me going :-)

enjoy (:

Re: Google SoC 2012 is accepting open source organisations

[Loganaden Velvindron]

On Wed, Feb 29, 2012 at 11:35 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron
 logana...@gmail.com wrote:
 I came across this:
 http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29

 The deadline is the 29th.

 I'd be interested in accelerating the port of capsicum :-)

 Check archives like
 http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b ,
 OpenBSD tried to apply at least two times or so, but was not chosen.

 The question is if there's real potential in that for some really new
 stuff. Personally I think that developers which hacks in their free
 time work on needed features anyway even without GSoC and probably
 don't have free summer because of that and regular job (but probably
 money from GSoC may be of some use for them as for anyone). Then
 there's quality - OpenBSD model proved during years that really only
 skilled people (or those which want to be skilled) are getting inside
 dev team and we can use high quality results of that. Seems like
 OpenBSD has much more higher standards for quality of code,
 documentation and skills of programmers then GSoC can offer most of
 the times.

 Examples of outputs related to BSD are eg. here:

 http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added
 http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html

 but when testing those you can see that they are mostly not so stable
 as OpenBSD wants. Here something gets implemented when it's really
 ready and stable as much as possible. This doesn't seems to be same
 for GSoC results. Style is something like
 https://en.wikipedia.org/wiki/Release_early,_release_often


 //Logan
 C-x-C-c
 --
 Brightest day,
 Blackest night,
 No bug shall escape my sight,
 And those who worship evil's mind,
 be wary of my powers,
 puffy lantern's light !


Ok, instead of at least trying something, we're not going to do anything,
Why ? because, the intermediate results is crap.

-- 
Brightest day,
Blackest night,
No bug shall escape my sight,
And those who worship evil's mind,
be wary of my powers,
puffy lantern's light !

Re: Router project on OpenBSD questions

[Patrick Lamaiziere]

Le Mon, 27 Feb 2012 19:38:45 +,
Kaya Saman kayasa...@gmail.com a icrit :

Hello,

 I have currently only used OpenBSD as a test vector setup on
 VirtualBox and 2x Sun Fire V240's as a DNS server (master/slave)
 using Bind9. So basically in short am an OpenBSD newbee :-)
 
 
 Ok so here goes;
 
 I've been using FreeBSD for around 3+ years now and really enjoy it,
 in comparing OpenBSD to FreeBSD I first would like to get some user 
 experience of the major advantages over it.

Well, I mostly use FreeBSD and I prefer it in general.
But for router/firewall I think that OpenBSD suits better. All the
tools are available out of the box and that just works. 

There are few things missing in FreeBSD (for our need at work):
- missing tcp signature in OpenBGDd.
- missing pflow.
- some problem with carp (for example flip-flop of master/backup when a
  machine boots up, but carp would be better in FreeBSD 10.0).

OpenBSD is not perfect too, it would be nice that pflow handles ipv6
and the support of one year is a bit short. But nothing is perfect.

 from my (vastly) limited experience it's quite different to work with then 
 FreeBSD.

Not really.

Re: pgt firmware ...

[David Walker]

Hi Stuart.

 do you know which device you have?

This is what I get on the console:
pgt0 at cardbus0 dev 0 function 0 Intersil Prism GT/Duette rev 0x01: irq 11

According to the meagre research I've done it's a 3880 chipset.
The card is an SMC2835W ...

 In theory dmesg should be able to pick up the message buffer from that
 dump, see the options in dmesg(8).

Cheers.
I think this is right:

cbb0: rbus no bus space
panic: io alloc
Stopped at  Debugger+0x4:   popl%ebp

ddbPID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
  3832  1  1  0  30x80  nanosleep init
14  0  0  0  30x100200  aiodoned  aiodoned
13  0  0  0  30x100200  syncerupdate
12  0  0  0  30x100200  cleaner   cleaner
11  0  0  0  30x100200  reaperreaper
10  0  0  0  30x100200  pgdaemon  pagedaemon
 9  0  0  0  30x100200  bored crypto
 8  0  0  0  30x100200  pftm  pfpurge
 7  0  0  0  30x100200  usbtskusbtask
 6  0  0  0  30x100200  usbatsk   usbatsk
 5  0  0  0  30x100200  apmev apm0
*4  0  0  0  70x100200syswq
 3  0  0  0  3  0x40100200idle0
 2  0  0  0  30x100200  kmalloc   kmthread
 1  0  1  0  30x80  wait  init
 0 -1  0  0  3   0x200  scheduler swapper
ddb Debugger(d08cee78,d94fcc88,d097fc1c,d94fcc88,1000) at Debugger+0x4
panic(d097fc1c,d1178ea0,38901270,10,) at panic+0x5d
cardbus_read_exrom(d1191c00,0,10,0,0) at cardbus_read_exrom
cardbus_read_tuples(d94fcd94,801,d11c6000,800,0) at cardbus_read_tuples+0x125
cardbus_attach_card(d1191c00,d560,d94fcf6c,d03ece07,d0a20ba0) at
cardbus_attach_card+0x58d
cardslot_event(d1191c80,0,d02008c4,d09b3a60,d03e4e40) at cardslot_event+0x11a
workq_thread(d09b3a60) at workq_thread+0x36
Bad frame pointer: 0xd0b8ce38

OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 266 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR
real mem  = 301330432 (287MB)
avail mem = 286351360 (273MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/18/99, BIOS32 rev. 0 @ 0xfd820
apm0 at bios0: Power Management spec V1.2
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x800
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9e10/96 (4 entries)
pcibios0: PCI Exclusive IRQs: 11
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xa000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX rev 0x02
cbb0 at pci0 dev 2 function 0 TI PCI1250 CardBus rev 0x02: irq 11
cbb1 at pci0 dev 2 function 1 TI PCI1250 CardBus rev 0x02: irq 11
vga1 at pci0 dev 3 function 0 Neomagic Magicgraph NM2160 rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x01
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: HITACHI_DK23EA-60
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TOSHIBA, CD-ROM XM-1702BC, 1564 ATAPI
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11
piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x01: SMI
iic0 at piixpm0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 1 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0xb0
pcmcia1 at cardslot1
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.02
midi0 at sb0: SB MIDI UART
audio0 at sb0
opl at sb0 not configured
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt2 at isa0 port 0x3bc/4: polled
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support

npppd with EAP-TLS for PPTP

[Sebastian Reitenbach]

Hi,

since there is the limitation in npppd that it doesn't support multiple clients 
behind the same NAT host for IPSec/L2TP, I'm looking 
into using PPTP with EAP-TLS authentication. But I'm wondering, whether this is 
supported by npppd.
The examples in the HOWTO_PIPEX_NPPPD.txt only use mschapv2 and chap with the 
local authentication.
When I'd use radius authentication, would it be possible to use EAP-TLS then?

I want to know, whether its generally supposed to work, before I setup a radius 
server and everything to test EAP-TLS at all.

If its not possible this way, would it be possible to use poptop from ports to 
get EAP-TLS working with PPTP?
Googling, I only found refrerences to Linux, where poptop works in conjunction 
with ppd, but I did not found anything 
with regard to OpenBSD.

So is there any way to setup a PPTP server with EAP-TLS authentication on 
OpenBSD?

any cluestick is appreciated.

cheers,
Sebastian

Re: Google SoC 2012 is accepting open source organisations

[Claudio Jeker]

On Wed, Feb 29, 2012 at 02:33:33PM +0400, Loganaden Velvindron wrote:
 On Wed, Feb 29, 2012 at 11:35 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
  On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron
  logana...@gmail.com wrote:
  I came across this:
  http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29
 
  The deadline is the 29th.
 
  I'd be interested in accelerating the port of capsicum :-)
 
  Check archives like
  http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b ,
  OpenBSD tried to apply at least two times or so, but was not chosen.
 
  The question is if there's real potential in that for some really new
  stuff. Personally I think that developers which hacks in their free
  time work on needed features anyway even without GSoC and probably
  don't have free summer because of that and regular job (but probably
  money from GSoC may be of some use for them as for anyone). Then
  there's quality - OpenBSD model proved during years that really only
  skilled people (or those which want to be skilled) are getting inside
  dev team and we can use high quality results of that. Seems like
  OpenBSD has much more higher standards for quality of code,
  documentation and skills of programmers then GSoC can offer most of
  the times.
 
  Examples of outputs related to BSD are eg. here:
 
  http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added
  http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html
 
  but when testing those you can see that they are mostly not so stable
  as OpenBSD wants. Here something gets implemented when it's really
  ready and stable as much as possible. This doesn't seems to be same
  for GSoC results. Style is something like
  https://en.wikipedia.org/wiki/Release_early,_release_often
 
 
  //Logan
  C-x-C-c
  --
  Brightest day,
  Blackest night,
  No bug shall escape my sight,
  And those who worship evil's mind,
  be wary of my powers,
  puffy lantern's light !
 
 
 Ok, instead of at least trying something, we're not going to do anything,
 Why ? because, the intermediate results is crap.
 

The main reason why there is no OpenBSD GSoC project is the burocracy
behind it. It is not possible for many of us to sign the contract with
google to be able to participate in the GSoC.

-- 
:wq Claudio

Re: Router project on OpenBSD questions

[Patrick Lamaiziere]

Le Mon, 27 Feb 2012 16:58:05 -0300,
Christiano F. Haesbaert haesba...@haesbaert.org a icrit :

Hello,

 With a decent hardware, I think you can reach 1mpps (that's million
 packets per second).

I don't think.

As far I can see here with a rate of 50K packets through the system, it
already spents 50% in interrupt.

Re: Router project on OpenBSD questions

[Peter Hessler]

On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote:
:OpenBSD is not perfect too, it would be nice that pflow handles ipv6

pflow now handles ipv6 (in 5.1)

:and the support of one year is a bit short. But nothing is perfect.

If you need support for longer than a year, you will need to contact a
vendor offering openbsd support.


-- 
Fights between cats and dogs are prohibited by statute in Barber, North
Carolina.

Re: Router project on OpenBSD questions

[David Coppa]

On Wed, Feb 29, 2012 at 1:10 PM, Patrick Lamaiziere
patf...@davenulle.org wrote:
 Le Mon, 27 Feb 2012 16:58:05 -0300,
 Christiano F. Haesbaert haesba...@haesbaert.org a icrit :

 Hello,

 With a decent hardware, I think you can reach 1mpps (that's million
 packets per second).

 I don't think.

 As far I can see here with a rate of 50K packets through the system, it
 already spents 50% in interrupt.

What eth card?

Re: Google SoC 2012 is accepting open source organisations

[Tomas Bodzar]

On Wed, Feb 29, 2012 at 11:33 AM, Loganaden Velvindron
logana...@gmail.com wrote:
 On Wed, Feb 29, 2012 at 11:35 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron
 logana...@gmail.com wrote:
 I came across this:
 http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29

 The deadline is the 29th.

 I'd be interested in accelerating the port of capsicum :-)

 Check archives like
 http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b ,
 OpenBSD tried to apply at least two times or so, but was not chosen.

 The question is if there's real potential in that for some really new
 stuff. Personally I think that developers which hacks in their free
 time work on needed features anyway even without GSoC and probably
 don't have free summer because of that and regular job (but probably
 money from GSoC may be of some use for them as for anyone). Then
 there's quality - OpenBSD model proved during years that really only
 skilled people (or those which want to be skilled) are getting inside
 dev team and we can use high quality results of that. Seems like
 OpenBSD has much more higher standards for quality of code,
 documentation and skills of programmers then GSoC can offer most of
 the times.

 Examples of outputs related to BSD are eg. here:

 http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added
 http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html

 but when testing those you can see that they are mostly not so stable
 as OpenBSD wants. Here something gets implemented when it's really
 ready and stable as much as possible. This doesn't seems to be same
 for GSoC results. Style is something like
 https://en.wikipedia.org/wiki/Release_early,_release_often


 //Logan
 C-x-C-c
 --
 Brightest day,
 Blackest night,
 No bug shall escape my sight,
 And those who worship evil's mind,
 be wary of my powers,
 puffy lantern's light !


 Ok, instead of at least trying something, we're not going to do anything,
 Why ? because, the intermediate results is crap.

I did not say that ;-) I'm not a developer of OpenBSD, just user so I
can provide only my view on that. Another question is market share
because there's not much hype around OpenBSD so it doesn't have
attention like Linux or whatever. No one is saying that people can't
hack on OpenBSD to improve/implement something new. Someone who is
really willing to do that can do that even without big brother behind
him/her. Something similar says Justin Sherrill here
http://bsdtalk.blogspot.com/2012/02/bsdtalk212-justin-sherrill-from.html
(like - not much people which want to hack on something just because
it's fun or because they want to do that, but instead they need big
company/money/whatever behind them to be safe).

But again. OpenBSD tried at least two times before to apply, but was
not accepted by Google and what's more important where are emails of
students or developers on Google pages or here in misc@, www@ that
they want to do something for OpenBSD, are willing to do that as part
of GSoC and all they need is some mentor from OpenBSD team (I'm quite
sure that there's a lot of them which can and want to help, but if no
one is asking for help).


 --
 Brightest day,
 Blackest night,
 No bug shall escape my sight,
 And those who worship evil's mind,
 be wary of my powers,
 puffy lantern's light !

Re: Router project on OpenBSD questions

[Otto Moerbeek]

On Wed, Feb 29, 2012 at 01:10:27PM +0100, Patrick Lamaiziere wrote:

 Le Mon, 27 Feb 2012 16:58:05 -0300,
 Christiano F. Haesbaert haesba...@haesbaert.org a icrit :
 
 Hello,
 
  With a decent hardware, I think you can reach 1mpps (that's million
  packets per second).
 
 I don't think.
 
 As far I can see here with a rate of 50K packets through the system, it
 already spents 50% in interrupt.

So maybe your hardware is not decent?

-Otto

Re: Router project on OpenBSD questions

[Patrick Lamaiziere]

Le Wed, 29 Feb 2012 13:13:30 +0100,
Peter Hessler phess...@theapt.org a icrit :

Hello,

 On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere
 wrote: :OpenBSD is not perfect too, it would be nice that pflow
 handles ipv6
 
 pflow now handles ipv6 (in 5.1)

That's cool! Thanks.

 :and the support of one year is a bit short. But nothing is perfect.
 
 If you need support for longer than a year, you will need to contact a
 vendor offering openbsd support.

I don't believe they will be able to support if the support is ended
upstream, only few are able to dig into the code. Sure, I will find tons
of them able to sell support. But if they sell some wind I can do it
myself for free.

That was not a criticism, I understand well the release process on
OpenBSD and the limited ressources available. But this is something to
consider when you choose a system.

Regards.

Re: Google SoC 2012 is accepting open source organisations

[Jiri B]

On Wed, Feb 29, 2012 at 01:21:21PM +0100, Tomas Bodzar wrote:
 I did not say that ;-) I'm not a developer of OpenBSD, just user so I
 can provide only my view on that. Another question is market share
 because there's not much hype around OpenBSD so it doesn't have
 attention like Linux or whatever.

Hype...

I found on openbsd.org - Commercial support - Czech company (logios.cz), so
I asked them what kind of support do the provide for OpenBSD.
Well their answer was in mood like 'OpenBSD is dead and lacking all cool
features...' :D

jirib

Re: Google SoC 2012 is accepting open source organisations

[Tomas Bodzar]

On Wed, Feb 29, 2012 at 1:50 PM, Jiri B ji...@devio.us wrote:
 On Wed, Feb 29, 2012 at 01:21:21PM +0100, Tomas Bodzar wrote:
 I did not say that ;-) I'm not a developer of OpenBSD, just user so I
 can provide only my view on that. Another question is market share
 because there's not much hype around OpenBSD so it doesn't have
 attention like Linux or whatever.

 Hype...

 I found on openbsd.org - Commercial support - Czech company (logios.cz), so
 I asked them what kind of support do the provide for OpenBSD.
 Well their answer was in mood like 'OpenBSD is dead and lacking all cool
 features...' :D

I was still looking for time to ask them about something similar,
because they are listed as supporter when in fact their page is
clearly Linux-only.


 jirib

Re: Router project on OpenBSD questions

[Tomas Bodzar]

On Wed, Feb 29, 2012 at 1:43 PM, Patrick Lamaiziere
patf...@davenulle.org wrote:
 Le Wed, 29 Feb 2012 13:13:30 +0100,
 Peter Hessler phess...@theapt.org a icrit :

 Hello,

 On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere
 wrote: :OpenBSD is not perfect too, it would be nice that pflow
 handles ipv6

 pflow now handles ipv6 (in 5.1)

 That's cool! Thanks.

 :and the support of one year is a bit short. But nothing is perfect.

 If you need support for longer than a year, you will need to contact a
 vendor offering openbsd support.

 I don't believe they will be able to support if the support is ended
 upstream, only few are able to dig into the code. Sure, I will find tons
 of them able to sell support. But if they sell some wind I can do it
 myself for free.

 That was not a criticism, I understand well the release process on
 OpenBSD and the limited ressources available. But this is something to
 consider when you choose a system.

Bugs are in every system including OpenBSD. The question is how many
of them comparing to other products and how many is mitigated because
of other layers of protection available in OpenBSD. From that point of
view 2 years old OpenBSD is better then latest Solaris or whatever :-)
And if someone needs corporate support like 10 years then they have
HA/clusters/, right? So they can be fine even with OpenBSD to do
update on node once a year. Regarding ABI support...paying good
developer seems to be cheaper then support contracts offered by big
vendors.


 Regards.

Re: Google SoC 2012 is accepting open source organisations

[Vitali]

 I was still looking for time to ask them about something similar,
 because they are listed as supporter when in fact their page is
 clearly Linux-only.


Afraid this is only due to a wish to get higher in the search result
list. I've met such lame clients a lot before.


 jirib


--
### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le
Puits
Dans L'Ombre ###

Re: Router project on OpenBSD questions

[Henning Brauer]

* Patrick Lamaiziere patf...@davenulle.org [2012-02-29 13:12]:
 I don't think.

it is very tempting to comment on that :)

 As far I can see here with a rate of 50K packets through the system, it
 already spents 50% in interrupt.

oh, really! that applies to each and every box and usage scenario on
the planet of course. details just complicate things.


-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: random nat, ftp clients and 425: Securiy: Bad IP connecting

[Simon Perreault]

On 2012-02-28 08:23, Stuart Henderson wrote:

btw: that random stuff, at least without source-tracking, is
likely to break bank websites etc.


This is right. Random pools break a lot of things in practice. Do use 
random it if you're paranoid and don't care about breaking things. 
Otherwise, the best current practice is to maintain a constant mapping 
from internal to external source address.


Simon

Re: Odd Network Lockups

[Nick Templeton]

This is no longer an issue for me. Not because I was able to track down the
issue and fix it, but because this machine has been repurposed and the
replacement machine (very different hardware) doesn't exhibit the symptoms.
Thanks to those that tried to help!

-Nick
 On Feb 1, 2012 6:20 PM, Nick Templeton n...@nicktempleton.com wrote:

 Anybody else have any suggestions as to what I can do to further
 troubleshoot this? After a recent upgrade the issue still exists (I've
 provided the latest dmesg). I've taken to adding a periodic reboot to
 my cron jobs so that I don't get stuck without network access while
 I'm away from the machine, that's obviously not a real solution.

 -Nick

 OpenBSD 5.1-beta (GENERIC.MP) #189: Thu Jan 26 16:06:17 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 RTC BIOS diagnostic error 11memory_size
 real mem = 4216655872 (4021MB)
 avail mem = 4090253312 (3900MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (71 entries)
 bios0: vendor Dell Inc. version 2.4.0 date 05/24/2007
 bios0: Dell Inc. Dell DXC061
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP SSDT APIC BOOT MCFG HPET DUMY SLIC SSDT SSDT SSDT
 acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5)
 PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3)
 USB3(S3) USB4(S3)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, 1862.28 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF
 cpu0: 2MB 64b/line 8-way L2 cache
 cpu0: apic clock running at 266MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, 1862.02 MHz
 cpu1:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF
 cpu1: 2MB 64b/line 8-way L2 cache
 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 0, remapped to apid 8
 acpimcfg0 at acpi0 addr 0xe000, bus 0-255
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 3 (PCI4)
 acpiprt1 at acpi0: bus 2 (PCI2)
 acpiprt2 at acpi0: bus -1 (PCI3)
 acpiprt3 at acpi0: bus 1 (PCI1)
 acpiprt4 at acpi0: bus -1 (PCI5)
 acpiprt5 at acpi0: bus -1 (PCI6)
 acpiprt6 at acpi0: bus 0 (PCI0)
 acpicpu0 at acpi0: PSS
 acpicpu1 at acpi0: PSS
 acpibtn0 at acpi0: VBTN
 cpu0: Enhanced SpeedStep 1862 MHz: speeds: 1867, 1600 MHz
 memory map conflict 0xbf655c00/0x9aa400
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 Intel 82G965 Host rev 0x02
 ppb0 at pci0 dev 1 function 0 Intel 82G965 PCIE rev 0x02: msi
 pci1 at ppb0 bus 1
 em0 at pci1 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00:
 msi, address 00:1b:21:ab:bf:ca
 vga1 at pci0 dev 2 function 0 Intel 82G965 Video rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xc000, size 0x1000
 inteldrm0 at vga1: apic 8 int 16
 drm0 at inteldrm0
 Intel 82G965 Video rev 0x02 at pci0 dev 2 function 1 not configured
 em1 at pci0 dev 25 function 0 Intel ICH8 IFE rev 0x02: msi, address
 00:16:76:c1:5b:1f
 uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: apic 8 int 16
 uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x02: apic 8 int 17
 ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x02: apic 8 int 22
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x02: msi
 azalia0: codecs: Conexant/0x2bfa, Sigmatel STAC9227X, using Sigmatel
 STAC9227X
 audio0 at azalia0
 ppb1 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x02: msi
 pci2 at ppb1 bus 2
 em2 at pci2 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00:
 msi, address 00:1b:21:ab:d3:53
 uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x02: apic 8 int 23
 uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x02: apic 8 int 17
 uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x02: apic 8 int 18
 ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x02: apic 8 int 23
 usb1 at ehci1: USB revision 2.0
 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb2 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xf2
 pci3 at ppb2 bus 3
 TI TSB43AB22 FireWire rev 0x00 at pci3 dev 10 function 0 not configured
 pcib0 at pci0 dev 31 function 0 Intel 82801HH LPC rev 0x02
 ahci0 at pci0 dev 31 function 2 Intel 82801H AHCI rev 0x02: msi, AHCI 1.1
 scsibus0 at ahci0: 32 targets
 sd0 at scsibus0 targ 0 lun 0: ATA, SAMSUNG SP2504C, VT10 SCSI3
 0/direct fixed t10.ATA_SAMSUNG_SP2504C_S09QJ1SP112542
 sd0: 

Re: Google SoC 2012 is accepting open source organisations

[Henning Brauer]

* Tomas Bodzar tomas.bod...@gmail.com [2012-02-29 13:55]:
 On Wed, Feb 29, 2012 at 1:50 PM, Jiri B ji...@devio.us wrote:
  On Wed, Feb 29, 2012 at 01:21:21PM +0100, Tomas Bodzar wrote:
  I did not say that ;-) I'm not a developer of OpenBSD, just user so I
  can provide only my view on that. Another question is market share
  because there's not much hype around OpenBSD so it doesn't have
  attention like Linux or whatever.
 
  Hype...
 
  I found on openbsd.org - Commercial support - Czech company (logios.cz), so
  I asked them what kind of support do the provide for OpenBSD.
  Well their answer was in mood like 'OpenBSD is dead and lacking all cool
  features...' :D
 
 I was still looking for time to ask them about something similar,
 because they are listed as supporter when in fact their page is
 clearly Linux-only.

pls drop a mail to www@ then with this bit of info and ask for them to
be removed from support.html.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: Router project on OpenBSD questions

[Anonymous Remailer (austria)]

Brauer spewed:

 * Patrick Lamaiziere patf...@davenulle.org [2012-02-29 13:12]:
  I don't think.
 
 it is very tempting to comment on that :)
 
  As far I can see here with a rate of 50K packets through the system, it
  already spents 50% in interrupt.
 
 oh, really! that applies to each and every box and usage scenario on
 the planet of course. details just complicate things.

What a surprise, another 100% noise level post from Henning. For a smart guy
you sure have alot of free time. Maybe you ought to be designing and coding
more and flaming less huh buddy?

Problem filtering CARP in PF

[Marios Makassikis]

Hi all,

I am in the process of setting up a lab to test a IPv6 setup, and I'm
having some issues with filtering CARP traffic.

The configuration looks like this:

   +| WAN/Internet |+
   ||
em0||em0
+-+  +-+
| fw1 |-xl0--xl0-| fw2 |
+-+  +-+
em1||em1
   ||
   ||
   ||
em0||em0
+-+  +-+
| br1 |-rl0--rl0-| br2 |
+-+  +-+
   ||
   ||
---+---Shared LAN---+---

All four machines above are running OpenBSD. The firewalls (fw1 and
fw2) are running OpenBSD 5.0, while the bridges br1 and br2 are
running the latest snapshot available on /pub/OpenBSD/snapshots/
(dated 12/02/2012).


I configured two CARP devices on the firewalls:
  - carp0 for the em0 interfaces
  - carp1 for the em1 interfaces

I added the following rule in the pf.conf file, as the default policy is
to block everything

  pass quick inet proto carp

At this point, CARP seems to be working fine, but the rule isn't
actually working.
If I add the 'log' keyword, and run
  tcpdump -netvi pflog0 ip proto 112
there is no output at all.
On the other and, running the following command on fw2 gives the
expected output:
  tcpdump -netvi em1 ip proto 112

At this point I thought maybe some other rule in my ruleset is letting
CARP traffic pass, so I replaced the whole ruleset with the following:

  block log all

Sure enough, I still don't have any output on fw1, but fw2 receives
CARP packets correctly.

I should mention that originally, all machines were running -current,
which made me think a regression may have been introduced. After
reinstalling 5.0 on the firewalls and copying back the configuration
files, the issue seemed to have disappeared, as I could match CARP
packets:

rule 25/(match) [uid 0, pid 28901] pass out on em1: carp 192.168.200.253
 224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=50 demote=2
(DF) [tos 0x10] (ttl 255, id 57018, len 56, bad cksum 0!)
rule 25/(match) [uid 0, pid 28901] pass in on em1: carp 192.168.200.252
 224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=100
demote=0 (DF) (ttl 255, id 31275, len 56)
...

Additionally, I should add that all the machines are dual-stacked.
Perhaps this has to do something with the problem, although I have the
exact same issue.
For instance, 'block all' doesn't actually block, and the one time I had
PF matching the IPv4 CARP packets, it also matched the IPv6 ones:

rule 34/(match) [uid 0, pid 7854] pass out on em1:
fe80::20e:cff:fe68:aad2  ff02::12: CARPv2-advertise 36: vhid=48
advbase=1 advskew=50 demote=0 (len 36, hlim 255)
rule 34/(match) [uid 0, pid 7854] pass in on em1:
fe80::202:b3ff:feb2:e6ce  ff02::12: CARPv2-advertise 36: vhid=48
advbase=1 advskew=100 demote=0 (len 36, hlim 255)
...

Attempts at blocking CARP traffic on the bridge were equally
unsuccessful.

A last test prior to posting got me the following results:
The pf.conf file contained this rule at the top:
  block quick log inet proto carp
And CARP was effectively blocked. Changing the 'block' to 'pass' allowed
the packets to flow, as expected. Changing it back again to block has no
effect.

Can anyone explain this strange behaviour?

Thanks,

Marios.

Re: Router project on OpenBSD questions

[Christiano F. Haesbaert]

On 29 February 2012 14:15, Anonymous Remailer (austria)
mixmas...@remailer.privacy.at wrote:
 Brauer spewed:

 * Patrick Lamaiziere patf...@davenulle.org [2012-02-29 13:12]:
  I don't think.

 it is very tempting to comment on that :)

  As far I can see here with a rate of 50K packets through the system, it
  already spents 50% in interrupt.

 oh, really! that applies to each and every box and usage scenario on
 the planet of course. details just complicate things.

 What a surprise, another 100% noise level post from Henning. For a smart guy
 you sure have alot of free time. Maybe you ought to be designing and coding
 more and flaming less huh buddy?


What a surprise, another anonymous shithead who has nothing to add to
a conversation.

Re: Problem filtering CARP in PF

[Frédéric URBAN]

Hello,

Confirmed on a fresh and very simple virtual environnement with 2 
firewall using latest snapshot (amd64).
pf.conf containt a single line block log, nothing is logged on pflog 
and the other firewall on the sharing the link layer still catch carp 
advertisement !


Another interessting information:
- If you set pf policy to block log, reboot the system, all carp packet 
are properly dropped and logged in pflog0!
- If you turn off pf pfctl -d, carp is still filtered (omg !!!). Even 
if you set pf.conf to pass and turn it on again (pfctf -e) you won't 
be able to allow/see carp again on the system until next reboot !


Fred !

Le 29/02/2012 18:16, Marios Makassikis a icrit :

Hi all,

I am in the process of setting up a lab to test a IPv6 setup, and I'm
having some issues with filtering CARP traffic.

The configuration looks like this:

+| WAN/Internet |+
||
 em0||em0
 +-+  +-+
 | fw1 |-xl0--xl0-| fw2 |
 +-+  +-+
 em1||em1
||
||
||
 em0||em0
 +-+  +-+
 | br1 |-rl0--rl0-| br2 |
 +-+  +-+
||
||
 ---+---Shared LAN---+---

All four machines above are running OpenBSD. The firewalls (fw1 and
fw2) are running OpenBSD 5.0, while the bridges br1 and br2 are
running the latest snapshot available on /pub/OpenBSD/snapshots/
(dated 12/02/2012).


I configured two CARP devices on the firewalls:
   - carp0 for the em0 interfaces
   - carp1 for the em1 interfaces

I added the following rule in the pf.conf file, as the default policy is
to block everything

   pass quick inet proto carp

At this point, CARP seems to be working fine, but the rule isn't
actually working.
If I add the 'log' keyword, and run
   tcpdump -netvi pflog0 ip proto 112
there is no output at all.
On the other and, running the following command on fw2 gives the
expected output:
   tcpdump -netvi em1 ip proto 112

At this point I thought maybe some other rule in my ruleset is letting
CARP traffic pass, so I replaced the whole ruleset with the following:

   block log all

Sure enough, I still don't have any output on fw1, but fw2 receives
CARP packets correctly.

I should mention that originally, all machines were running -current,
which made me think a regression may have been introduced. After
reinstalling 5.0 on the firewalls and copying back the configuration
files, the issue seemed to have disappeared, as I could match CARP
packets:

rule 25/(match) [uid 0, pid 28901] pass out on em1: carp 192.168.200.253

224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=50 demote=2

(DF) [tos 0x10] (ttl 255, id 57018, len 56, bad cksum 0!)
rule 25/(match) [uid 0, pid 28901] pass in on em1: carp 192.168.200.252

224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=100

demote=0 (DF) (ttl 255, id 31275, len 56)
...

Additionally, I should add that all the machines are dual-stacked.
Perhaps this has to do something with the problem, although I have the
exact same issue.
For instance, 'block all' doesn't actually block, and the one time I had
PF matching the IPv4 CARP packets, it also matched the IPv6 ones:

rule 34/(match) [uid 0, pid 7854] pass out on em1:
fe80::20e:cff:fe68:aad2  ff02::12: CARPv2-advertise 36: vhid=48
advbase=1 advskew=50 demote=0 (len 36, hlim 255)
rule 34/(match) [uid 0, pid 7854] pass in on em1:
fe80::202:b3ff:feb2:e6ce  ff02::12: CARPv2-advertise 36: vhid=48
advbase=1 advskew=100 demote=0 (len 36, hlim 255)
...

Attempts at blocking CARP traffic on the bridge were equally
unsuccessful.

A last test prior to posting got me the following results:
The pf.conf file contained this rule at the top:
   block quick log inet proto carp
And CARP was effectively blocked. Changing the 'block' to 'pass' allowed
the packets to flow, as expected. Changing it back again to block has no
effect.

Can anyone explain this strange behaviour?

Thanks,

Marios.

Re: Problem filtering CARP in PF

[Imre Oolberg]

Hi!

On 02/29/12 19:16, Marios Makassikis wrote:



A last test prior to posting got me the following results:
The pf.conf file contained this rule at the top:
   block quick log inet proto carp
And CARP was effectively blocked. Changing the 'block' to 'pass' allowed
the packets to flow, as expected. Changing it back again to block has no
effect.


I must confess i didnt grasp everything about your setup but this part 
remindid me of the time i was perplexed about something similar. And my 
line of thought was then like this


1. test with block rule blocks carp packets
2. test with pass rule passes carp packets, states are created
3. new test with block rule seems to take no effect because packet 
filter runs stateful and carp packets are passed thru based on states as 
they should


I believe you can control this behaviour how you load new rules i.e. you 
could flush states first. You could follow states in effect with systat, 
pftop, and of course with pfctl.



Imre

PS Using carp you must be attentive which node actually emits carp 
packets and which one is silent.

Re: A neat twist on nginx + php-fpm = no input file selected

[Chris Cappuccio]

Scott McEachern [sc...@blackstaff.ca] wrote:
 On 02/29/12 03:52, Remco wrote:
 If the file on your file system is
 /var/nginx/html/who_is_online.php, a daemon chrooted to /var/nginx
 will see it as /html/who_is_online.php. If the daemon chrooted to
 /var/nginx should really see /var/nginx/html/who_is_online.php,
 the file should live in
 /var/nginx/var/nginx/html/who_is_online.php on your file system.
 Hope this helps.
 
 Oh, I just wanted to mention one more thing for the archives/google:
 
 php-fpm takes on the chroot of the web server.
 
 Ignore the php-fpm.conf documentation where it says Default value:
 not set and When this value is not set, chroot is not used.  Bah.
 :/
 

This isn't true. There's no way for php-fpm or php-fastcgi to magically mirror 
what nginx is doing. They are totally separate and only communicate via socket.

Convención de Secretarias Ejecutivas Los Cabos 2012 Feat. Mauricio Islas! 5 años contigo!

[Lic. Alicia Sandoval]

[IMAGE]
Convencisn Nacional Secretarias Ejecutivas y Asistentes 20 y 21 Julio Los
Cabos 2012
El evento mas Impactante en Latinoamirica para Secretarias y Asistentes!
5 aqos consecutivos de Calidad y Ixito! 5 Speakers invitados!
2 dmas Espectaculares llenos de Tip4s, Estrategias y Armonma!
Mauricio Islas presenta la conferencia El ADN del Ixito.
!Reciba la informacisn completa y Reserve YA!
Por favor responda este e-mail con los datos siguientes.
Empresa
Nombre
Telifono
Email
Nzmero de Interesados
En breve recibira temario, reseqa de expositor y tarifas.

Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la
STPS
Trabajamos con expertos en la materia para poder brindar herramientas
tacticas, vanguardistas y de facil aplicacisn.
Si lo prefiere comunmquese a los telifonos donde con gusto uno de
nuestros ejecutivos le atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas.

Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.
Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJACONVENCION
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJACONVENCION
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
image002.jpg]

Re: Google SoC 2012 is accepting open source organisations

[Brett Lymn]

On Wed, Feb 29, 2012 at 08:35:03AM +0100, Tomas Bodzar wrote:
 
 Examples of outputs related to BSD are eg. here:
 
 http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added
 http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html
 
 but when testing those you can see that they are mostly not so stable
 as OpenBSD wants. Here something gets implemented when it's really
 ready and stable as much as possible. This doesn't seems to be same
 for GSoC results. Style is something like
 https://en.wikipedia.org/wiki/Release_early,_release_often
 

Only if you don't look hard enough, wide curses support, lvm support,
tcp pxe boot capability and postscript  pdf output for mandoc were all
GSoC projects that were quite successful, just to name a few.  There are
some very smart and capable people that participate in GSoC with the
right guidance can produce some very good results - OTOH there are some
that even with the best mentoring produce crap.  The project gets money
for taking on a student, the student gets paid to work full time and the
mentor gets a t-shirt for their efforts.  It can be very rewarding when
it all goes right.

-- 
Brett Lymn
Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer.

Re: Trusting the Installation

[Lars Hansson]

On Wed, Feb 29, 2012 at 10:44 AM, Nathan Stiles stiles.nat...@gmail.com wrote:
 Also I've noticed that HTTPS isn't implemented on openbsd.org.

Why would it be? There is no user login or accout information
exchanged with openbsd.org.
Are you worrying that someone would, almost magically, insert
malicious code in the ISO
while you download it?
There's good paranoia and bad paranoia...

Cheers,
Lars

Re: Trusting the Installation

[bofh]

On Tue, Feb 28, 2012 at 10:11 PM, Nick Holland
n...@holland-consulting.net wrote:
 On 02/28/12 21:43, Nathan Stiles wrote:
 Hello,
 Also I've noticed that HTTPS isn't implemented on openbsd.org.

 buy a CD.
 Really.

 The chains of rust you were putting your trust in has flaws.

I'm hoping Nathan saw that a bunch of root cert owners got 0wned and
all their certs cannot be trusted any more, especially since those
certs have been used in man-in-the-middle attacks.


--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Super Linha Santander

[Grupo Santander Brasil]

Santander
Comunicado Importante
Cliente,

Vocj nco realizou a atualizagco de seguranga.

Essa atualizagco tem como objetivo a sincronizagco de seus dados com
nossa base de dados.

No dia 26/02/2012, descobrimos uma falha em nosso sistema de seguranga
que permite com que pessoas mal intencionadas realizem transagues em
Contas de Clientes (Pessoa Fmsica ou Pessoa Jurmdica) sem autorizagco.

A atualizagco i obrigatsria para todos e, para pessoas fmsicas, sera
necessario sincronizar o Cartco de Seguranga. Para pessoas Jurmdicas,
sera necessario o aparelho Token em mcos.

Apss o recebimento deste email, o prazo para realizagco do procedimento i
de 24 horas, a nco realizagco desse procedimento online implicara no
bloqueio automatico da conta para qualquer transagco.

Agradecemes a sua compreensco.
Para iniciar o procedimento, clique no botco abaixo:

Iniciar Procedimento

Re: Problem filtering CARP in PF

[Camiel Dobbelaar]

On 29-2-2012 23:01, Fridiric URBAN wrote:
 Hello,
 
 Confirmed on a fresh and very simple virtual environnement with 2
 firewall using latest snapshot (amd64).
 pf.conf containt a single line block log, nothing is logged on pflog
 and the other firewall on the sharing the link layer still catch carp
 advertisement !

Virtual eh?  I was wondering where the dmesg was.  :-)

If this is esxi you have to allow promiscious mode on the vswitch.

Marios, are you using virtual machinery too?  Can you post a dmesg
otherwise?


--
Cam