Re: A neat twist on nginx + php-fpm = no input file selected
Scott McEachern wrote: And here's where it can't find the file: 23595 php-fpm-5.3 GIO fd 2 wrote 100 bytes ERROR: Unable to open primary script: /var/nginx/html/who_is_online.php (No such file or directory) ... This problem is a real mystery to me, and I'm hoping I didn't miss something crazy-simple. Can anyone explain it? I'm not familiar with nginx but in general, the crazy-simple explanation I can think of is that you're running from a chroot. So the daemon will look for files relative to its chroot. I stuck with the default php-fpm.conf file, except changing the user:group to _nginx and the chroot dir, so I'll just post a diff: snip # diff php-fpm.conf php-fpm.conf.dist 132,135c132,133 ;user = www ;group = www user = _nginx group = _nginx --- user = www group = www 442,443c440 ;chroot = /var/www chroot = /var/nginx --- chroot = /var/www /snip If the file on your file system is /var/nginx/html/who_is_online.php, a daemon chrooted to /var/nginx will see it as /html/who_is_online.php. If the daemon chrooted to /var/nginx should really see /var/nginx/html/who_is_online.php, the file should live in /var/nginx/var/nginx/html/who_is_online.php on your file system. Hope this helps.
Re: A neat twist on nginx + php-fpm = no input file selected
On 02/29/12 03:52, Remco wrote: I'm not familiar with nginx but in general, the crazy-simple explanation I can think of is that you're running from a chroot. So the daemon will look for files relative to its chroot. That's *hilarious*. And of course, you're quite right. It works perfectly fine. Now, I can only hope it stays alive, unlike php-fastcgi... Thanks Remco! -- Scott McEachern
Re: A neat twist on nginx + php-fpm = no input file selected
On 02/29/12 03:52, Remco wrote: If the file on your file system is /var/nginx/html/who_is_online.php, a daemon chrooted to /var/nginx will see it as /html/who_is_online.php. If the daemon chrooted to /var/nginx should really see /var/nginx/html/who_is_online.php, the file should live in /var/nginx/var/nginx/html/who_is_online.php on your file system. Hope this helps. Oh, I just wanted to mention one more thing for the archives/google: php-fpm takes on the chroot of the web server. Ignore the php-fpm.conf documentation where it says Default value: not set and When this value is not set, chroot is not used. Bah. :/ -- Scott McEachern
Re: Router project on OpenBSD questions
On 2012-02-28, Kaya Saman kayasa...@gmail.com wrote: I was planning on getting a 2901 with VDSL2/ADSL2/2+ Annex M card and 8 port Gb switch card. But after careful consideration I decided against it as it would issue the same problems for me and be more expensive then going down the OpenBSD route as discussed previously. Also 75Mbps is mentioned by Cisco for the 2900 series: http://www.cisco.com/en/US/prod/collateral/routers/ps10537/data_sheet_c78_553896.html which is pathetic as in the UK fiber networks are slowly becoming more available to the masses - in terms of offerings of up to 1Gbps are available for round #50/month ($75/month (US)). For the current deployments in the UK the VDSL modem (FTTC) or ONT (for FTTP) is provided by BT, the demarc point is their ethernet interface which speaks pppoe. I have OpenBSD boxes running with both of these now (and you can get 1500 MTU in -current / 5.1 as long as your network interface supports jumbo frames). Even a VDSL2 solution offers up to 100Mbps - depending on distance between local loop and CPE but I'm sure that the 2900 series or 800 series VDSL provisioned ISR would struggle to meet those speeds. Couple that with 1000+ TCP/IP flows through UDP or TCP packet transactions and any **standard** branch based ISR wouldn't be able to cope :-( Yep. I think they may cope in some conditions but for real-world usage they are going to run out of steam with this type of line speed. The OpenBSD routing daemons are pretty good. Other than that for open-source routing there are some circumstances where BIRD running on Linux might be useful (personally I can't stand the config but I'd rather run this than Quagga..). Coming from FreeBSD background I didn't know of the OpenBSD integration with routing etc... so thanks for the 'wake up call' :-) We have route priorities, multiple routing tables, MPLS, LDP, pretty decent BGP support including IP-VPN (OpenBGPd is run at a number of places including some busy internet exchange points as route- servers). Yes the routing support is pretty good as far as open-source OS go :) Cool. as once my design is physically built and established I will look at building a PPPoE server and getting a Zyxell cheap DSLAM for #150 (GB) + line cards and emulate an ISP using my would be then redundant Cisco DSL routers.. You'll have to build it from source for now (it's not fully integrated with the OS yet), but /usr/src/usr.sbin/npppd is a decent daemon for L2TP LNS and PPPoE. You may already know this but you can get BT (21cn/20cn)/Be ADSL and Three 3g presented as an L2TP feed by some UK ISPs. Huge project I know but that's what keeps me going :-) enjoy (:
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 11:35 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron logana...@gmail.com wrote: I came across this: http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29 The deadline is the 29th. I'd be interested in accelerating the port of capsicum :-) Check archives like http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b , OpenBSD tried to apply at least two times or so, but was not chosen. The question is if there's real potential in that for some really new stuff. Personally I think that developers which hacks in their free time work on needed features anyway even without GSoC and probably don't have free summer because of that and regular job (but probably money from GSoC may be of some use for them as for anyone). Then there's quality - OpenBSD model proved during years that really only skilled people (or those which want to be skilled) are getting inside dev team and we can use high quality results of that. Seems like OpenBSD has much more higher standards for quality of code, documentation and skills of programmers then GSoC can offer most of the times. Examples of outputs related to BSD are eg. here: http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html but when testing those you can see that they are mostly not so stable as OpenBSD wants. Here something gets implemented when it's really ready and stable as much as possible. This doesn't seems to be same for GSoC results. Style is something like https://en.wikipedia.org/wiki/Release_early,_release_often //Logan C-x-C-c -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light ! Ok, instead of at least trying something, we're not going to do anything, Why ? because, the intermediate results is crap. -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light !
Re: Router project on OpenBSD questions
Le Mon, 27 Feb 2012 19:38:45 +, Kaya Saman kayasa...@gmail.com a icrit : Hello, I have currently only used OpenBSD as a test vector setup on VirtualBox and 2x Sun Fire V240's as a DNS server (master/slave) using Bind9. So basically in short am an OpenBSD newbee :-) Ok so here goes; I've been using FreeBSD for around 3+ years now and really enjoy it, in comparing OpenBSD to FreeBSD I first would like to get some user experience of the major advantages over it. Well, I mostly use FreeBSD and I prefer it in general. But for router/firewall I think that OpenBSD suits better. All the tools are available out of the box and that just works. There are few things missing in FreeBSD (for our need at work): - missing tcp signature in OpenBGDd. - missing pflow. - some problem with carp (for example flip-flop of master/backup when a machine boots up, but carp would be better in FreeBSD 10.0). OpenBSD is not perfect too, it would be nice that pflow handles ipv6 and the support of one year is a bit short. But nothing is perfect. from my (vastly) limited experience it's quite different to work with then FreeBSD. Not really.
Re: pgt firmware ...
Hi Stuart. do you know which device you have? This is what I get on the console: pgt0 at cardbus0 dev 0 function 0 Intersil Prism GT/Duette rev 0x01: irq 11 According to the meagre research I've done it's a 3880 chipset. The card is an SMC2835W ... In theory dmesg should be able to pick up the message buffer from that dump, see the options in dmesg(8). Cheers. I think this is right: cbb0: rbus no bus space panic: io alloc Stopped at Debugger+0x4: popl%ebp ddbPID PPID PGRPUID S FLAGS WAIT COMMAND 3832 1 1 0 30x80 nanosleep init 14 0 0 0 30x100200 aiodoned aiodoned 13 0 0 0 30x100200 syncerupdate 12 0 0 0 30x100200 cleaner cleaner 11 0 0 0 30x100200 reaperreaper 10 0 0 0 30x100200 pgdaemon pagedaemon 9 0 0 0 30x100200 bored crypto 8 0 0 0 30x100200 pftm pfpurge 7 0 0 0 30x100200 usbtskusbtask 6 0 0 0 30x100200 usbatsk usbatsk 5 0 0 0 30x100200 apmev apm0 *4 0 0 0 70x100200syswq 3 0 0 0 3 0x40100200idle0 2 0 0 0 30x100200 kmalloc kmthread 1 0 1 0 30x80 wait init 0 -1 0 0 3 0x200 scheduler swapper ddb Debugger(d08cee78,d94fcc88,d097fc1c,d94fcc88,1000) at Debugger+0x4 panic(d097fc1c,d1178ea0,38901270,10,) at panic+0x5d cardbus_read_exrom(d1191c00,0,10,0,0) at cardbus_read_exrom cardbus_read_tuples(d94fcd94,801,d11c6000,800,0) at cardbus_read_tuples+0x125 cardbus_attach_card(d1191c00,d560,d94fcf6c,d03ece07,d0a20ba0) at cardbus_attach_card+0x58d cardslot_event(d1191c80,0,d02008c4,d09b3a60,d03e4e40) at cardslot_event+0x11a workq_thread(d09b3a60) at workq_thread+0x36 Bad frame pointer: 0xd0b8ce38 OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 266 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR real mem = 301330432 (287MB) avail mem = 286351360 (273MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/18/99, BIOS32 rev. 0 @ 0xfd820 apm0 at bios0: Power Management spec V1.2 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x800 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9e10/96 (4 entries) pcibios0: PCI Exclusive IRQs: 11 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xa000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX rev 0x02 cbb0 at pci0 dev 2 function 0 TI PCI1250 CardBus rev 0x02: irq 11 cbb1 at pci0 dev 2 function 1 TI PCI1250 CardBus rev 0x02: irq 11 vga1 at pci0 dev 3 function 0 Neomagic Magicgraph NM2160 rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x01 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: HITACHI_DK23EA-60 wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, CD-ROM XM-1702BC, 1564 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x01: SMI iic0 at piixpm0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 1 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 isa0 at piixpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.02 midi0 at sb0: SB MIDI UART audio0 at sb0 opl at sb0 not configured pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt2 at isa0 port 0x3bc/4: polled npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support
npppd with EAP-TLS for PPTP
Hi, since there is the limitation in npppd that it doesn't support multiple clients behind the same NAT host for IPSec/L2TP, I'm looking into using PPTP with EAP-TLS authentication. But I'm wondering, whether this is supported by npppd. The examples in the HOWTO_PIPEX_NPPPD.txt only use mschapv2 and chap with the local authentication. When I'd use radius authentication, would it be possible to use EAP-TLS then? I want to know, whether its generally supposed to work, before I setup a radius server and everything to test EAP-TLS at all. If its not possible this way, would it be possible to use poptop from ports to get EAP-TLS working with PPTP? Googling, I only found refrerences to Linux, where poptop works in conjunction with ppd, but I did not found anything with regard to OpenBSD. So is there any way to setup a PPTP server with EAP-TLS authentication on OpenBSD? any cluestick is appreciated. cheers, Sebastian
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 02:33:33PM +0400, Loganaden Velvindron wrote: On Wed, Feb 29, 2012 at 11:35 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron logana...@gmail.com wrote: I came across this: http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29 The deadline is the 29th. I'd be interested in accelerating the port of capsicum :-) Check archives like http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b , OpenBSD tried to apply at least two times or so, but was not chosen. The question is if there's real potential in that for some really new stuff. Personally I think that developers which hacks in their free time work on needed features anyway even without GSoC and probably don't have free summer because of that and regular job (but probably money from GSoC may be of some use for them as for anyone). Then there's quality - OpenBSD model proved during years that really only skilled people (or those which want to be skilled) are getting inside dev team and we can use high quality results of that. Seems like OpenBSD has much more higher standards for quality of code, documentation and skills of programmers then GSoC can offer most of the times. Examples of outputs related to BSD are eg. here: http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html but when testing those you can see that they are mostly not so stable as OpenBSD wants. Here something gets implemented when it's really ready and stable as much as possible. This doesn't seems to be same for GSoC results. Style is something like https://en.wikipedia.org/wiki/Release_early,_release_often //Logan C-x-C-c -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light ! Ok, instead of at least trying something, we're not going to do anything, Why ? because, the intermediate results is crap. The main reason why there is no OpenBSD GSoC project is the burocracy behind it. It is not possible for many of us to sign the contract with google to be able to participate in the GSoC. -- :wq Claudio
Re: Router project on OpenBSD questions
Le Mon, 27 Feb 2012 16:58:05 -0300, Christiano F. Haesbaert haesba...@haesbaert.org a icrit : Hello, With a decent hardware, I think you can reach 1mpps (that's million packets per second). I don't think. As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt.
Re: Router project on OpenBSD questions
On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote: :OpenBSD is not perfect too, it would be nice that pflow handles ipv6 pflow now handles ipv6 (in 5.1) :and the support of one year is a bit short. But nothing is perfect. If you need support for longer than a year, you will need to contact a vendor offering openbsd support. -- Fights between cats and dogs are prohibited by statute in Barber, North Carolina.
Re: Router project on OpenBSD questions
On Wed, Feb 29, 2012 at 1:10 PM, Patrick Lamaiziere patf...@davenulle.org wrote: Le Mon, 27 Feb 2012 16:58:05 -0300, Christiano F. Haesbaert haesba...@haesbaert.org a icrit : Hello, With a decent hardware, I think you can reach 1mpps (that's million packets per second). I don't think. As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt. What eth card?
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 11:33 AM, Loganaden Velvindron logana...@gmail.com wrote: On Wed, Feb 29, 2012 at 11:35 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron logana...@gmail.com wrote: I came across this: http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29 The deadline is the 29th. I'd be interested in accelerating the port of capsicum :-) Check archives like http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b , OpenBSD tried to apply at least two times or so, but was not chosen. The question is if there's real potential in that for some really new stuff. Personally I think that developers which hacks in their free time work on needed features anyway even without GSoC and probably don't have free summer because of that and regular job (but probably money from GSoC may be of some use for them as for anyone). Then there's quality - OpenBSD model proved during years that really only skilled people (or those which want to be skilled) are getting inside dev team and we can use high quality results of that. Seems like OpenBSD has much more higher standards for quality of code, documentation and skills of programmers then GSoC can offer most of the times. Examples of outputs related to BSD are eg. here: http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html but when testing those you can see that they are mostly not so stable as OpenBSD wants. Here something gets implemented when it's really ready and stable as much as possible. This doesn't seems to be same for GSoC results. Style is something like https://en.wikipedia.org/wiki/Release_early,_release_often //Logan C-x-C-c -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light ! Ok, instead of at least trying something, we're not going to do anything, Why ? because, the intermediate results is crap. I did not say that ;-) I'm not a developer of OpenBSD, just user so I can provide only my view on that. Another question is market share because there's not much hype around OpenBSD so it doesn't have attention like Linux or whatever. No one is saying that people can't hack on OpenBSD to improve/implement something new. Someone who is really willing to do that can do that even without big brother behind him/her. Something similar says Justin Sherrill here http://bsdtalk.blogspot.com/2012/02/bsdtalk212-justin-sherrill-from.html (like - not much people which want to hack on something just because it's fun or because they want to do that, but instead they need big company/money/whatever behind them to be safe). But again. OpenBSD tried at least two times before to apply, but was not accepted by Google and what's more important where are emails of students or developers on Google pages or here in misc@, www@ that they want to do something for OpenBSD, are willing to do that as part of GSoC and all they need is some mentor from OpenBSD team (I'm quite sure that there's a lot of them which can and want to help, but if no one is asking for help). -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light !
Re: Router project on OpenBSD questions
On Wed, Feb 29, 2012 at 01:10:27PM +0100, Patrick Lamaiziere wrote: Le Mon, 27 Feb 2012 16:58:05 -0300, Christiano F. Haesbaert haesba...@haesbaert.org a icrit : Hello, With a decent hardware, I think you can reach 1mpps (that's million packets per second). I don't think. As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt. So maybe your hardware is not decent? -Otto
Re: Router project on OpenBSD questions
Le Wed, 29 Feb 2012 13:13:30 +0100, Peter Hessler phess...@theapt.org a icrit : Hello, On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote: :OpenBSD is not perfect too, it would be nice that pflow handles ipv6 pflow now handles ipv6 (in 5.1) That's cool! Thanks. :and the support of one year is a bit short. But nothing is perfect. If you need support for longer than a year, you will need to contact a vendor offering openbsd support. I don't believe they will be able to support if the support is ended upstream, only few are able to dig into the code. Sure, I will find tons of them able to sell support. But if they sell some wind I can do it myself for free. That was not a criticism, I understand well the release process on OpenBSD and the limited ressources available. But this is something to consider when you choose a system. Regards.
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 01:21:21PM +0100, Tomas Bodzar wrote: I did not say that ;-) I'm not a developer of OpenBSD, just user so I can provide only my view on that. Another question is market share because there's not much hype around OpenBSD so it doesn't have attention like Linux or whatever. Hype... I found on openbsd.org - Commercial support - Czech company (logios.cz), so I asked them what kind of support do the provide for OpenBSD. Well their answer was in mood like 'OpenBSD is dead and lacking all cool features...' :D jirib
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 1:50 PM, Jiri B ji...@devio.us wrote: On Wed, Feb 29, 2012 at 01:21:21PM +0100, Tomas Bodzar wrote: I did not say that ;-) I'm not a developer of OpenBSD, just user so I can provide only my view on that. Another question is market share because there's not much hype around OpenBSD so it doesn't have attention like Linux or whatever. Hype... I found on openbsd.org - Commercial support - Czech company (logios.cz), so I asked them what kind of support do the provide for OpenBSD. Well their answer was in mood like 'OpenBSD is dead and lacking all cool features...' :D I was still looking for time to ask them about something similar, because they are listed as supporter when in fact their page is clearly Linux-only. jirib
Re: Router project on OpenBSD questions
On Wed, Feb 29, 2012 at 1:43 PM, Patrick Lamaiziere patf...@davenulle.org wrote: Le Wed, 29 Feb 2012 13:13:30 +0100, Peter Hessler phess...@theapt.org a icrit : Hello, On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote: :OpenBSD is not perfect too, it would be nice that pflow handles ipv6 pflow now handles ipv6 (in 5.1) That's cool! Thanks. :and the support of one year is a bit short. But nothing is perfect. If you need support for longer than a year, you will need to contact a vendor offering openbsd support. I don't believe they will be able to support if the support is ended upstream, only few are able to dig into the code. Sure, I will find tons of them able to sell support. But if they sell some wind I can do it myself for free. That was not a criticism, I understand well the release process on OpenBSD and the limited ressources available. But this is something to consider when you choose a system. Bugs are in every system including OpenBSD. The question is how many of them comparing to other products and how many is mitigated because of other layers of protection available in OpenBSD. From that point of view 2 years old OpenBSD is better then latest Solaris or whatever :-) And if someone needs corporate support like 10 years then they have HA/clusters/, right? So they can be fine even with OpenBSD to do update on node once a year. Regarding ABI support...paying good developer seems to be cheaper then support contracts offered by big vendors. Regards.
Re: Google SoC 2012 is accepting open source organisations
I was still looking for time to ask them about something similar, because they are listed as supporter when in fact their page is clearly Linux-only. Afraid this is only due to a wish to get higher in the search result list. I've met such lame clients a lot before. jirib -- ### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le Puits Dans L'Ombre ###
Re: Router project on OpenBSD questions
* Patrick Lamaiziere patf...@davenulle.org [2012-02-29 13:12]: I don't think. it is very tempting to comment on that :) As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt. oh, really! that applies to each and every box and usage scenario on the planet of course. details just complicate things. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: random nat, ftp clients and 425: Securiy: Bad IP connecting
On 2012-02-28 08:23, Stuart Henderson wrote: btw: that random stuff, at least without source-tracking, is likely to break bank websites etc. This is right. Random pools break a lot of things in practice. Do use random it if you're paranoid and don't care about breaking things. Otherwise, the best current practice is to maintain a constant mapping from internal to external source address. Simon
Re: Odd Network Lockups
This is no longer an issue for me. Not because I was able to track down the issue and fix it, but because this machine has been repurposed and the replacement machine (very different hardware) doesn't exhibit the symptoms. Thanks to those that tried to help! -Nick On Feb 1, 2012 6:20 PM, Nick Templeton n...@nicktempleton.com wrote: Anybody else have any suggestions as to what I can do to further troubleshoot this? After a recent upgrade the issue still exists (I've provided the latest dmesg). I've taken to adding a periodic reboot to my cron jobs so that I don't get stuck without network access while I'm away from the machine, that's obviously not a real solution. -Nick OpenBSD 5.1-beta (GENERIC.MP) #189: Thu Jan 26 16:06:17 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 11memory_size real mem = 4216655872 (4021MB) avail mem = 4090253312 (3900MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (71 entries) bios0: vendor Dell Inc. version 2.4.0 date 05/24/2007 bios0: Dell Inc. Dell DXC061 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC BOOT MCFG HPET DUMY SLIC SSDT SSDT SSDT acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, 1862.28 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, 1862.02 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 3 (PCI4) acpiprt1 at acpi0: bus 2 (PCI2) acpiprt2 at acpi0: bus -1 (PCI3) acpiprt3 at acpi0: bus 1 (PCI1) acpiprt4 at acpi0: bus -1 (PCI5) acpiprt5 at acpi0: bus -1 (PCI6) acpiprt6 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: VBTN cpu0: Enhanced SpeedStep 1862 MHz: speeds: 1867, 1600 MHz memory map conflict 0xbf655c00/0x9aa400 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 82G965 Host rev 0x02 ppb0 at pci0 dev 1 function 0 Intel 82G965 PCIE rev 0x02: msi pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address 00:1b:21:ab:bf:ca vga1 at pci0 dev 2 function 0 Intel 82G965 Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xc000, size 0x1000 inteldrm0 at vga1: apic 8 int 16 drm0 at inteldrm0 Intel 82G965 Video rev 0x02 at pci0 dev 2 function 1 not configured em1 at pci0 dev 25 function 0 Intel ICH8 IFE rev 0x02: msi, address 00:16:76:c1:5b:1f uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: apic 8 int 16 uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x02: apic 8 int 17 ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x02: apic 8 int 22 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x02: msi azalia0: codecs: Conexant/0x2bfa, Sigmatel STAC9227X, using Sigmatel STAC9227X audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x02: msi pci2 at ppb1 bus 2 em2 at pci2 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address 00:1b:21:ab:d3:53 uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x02: apic 8 int 23 uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x02: apic 8 int 17 uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x02: apic 8 int 18 ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x02: apic 8 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xf2 pci3 at ppb2 bus 3 TI TSB43AB22 FireWire rev 0x00 at pci3 dev 10 function 0 not configured pcib0 at pci0 dev 31 function 0 Intel 82801HH LPC rev 0x02 ahci0 at pci0 dev 31 function 2 Intel 82801H AHCI rev 0x02: msi, AHCI 1.1 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, SAMSUNG SP2504C, VT10 SCSI3 0/direct fixed t10.ATA_SAMSUNG_SP2504C_S09QJ1SP112542 sd0:
Re: Google SoC 2012 is accepting open source organisations
* Tomas Bodzar tomas.bod...@gmail.com [2012-02-29 13:55]: On Wed, Feb 29, 2012 at 1:50 PM, Jiri B ji...@devio.us wrote: On Wed, Feb 29, 2012 at 01:21:21PM +0100, Tomas Bodzar wrote: I did not say that ;-) I'm not a developer of OpenBSD, just user so I can provide only my view on that. Another question is market share because there's not much hype around OpenBSD so it doesn't have attention like Linux or whatever. Hype... I found on openbsd.org - Commercial support - Czech company (logios.cz), so I asked them what kind of support do the provide for OpenBSD. Well their answer was in mood like 'OpenBSD is dead and lacking all cool features...' :D I was still looking for time to ask them about something similar, because they are listed as supporter when in fact their page is clearly Linux-only. pls drop a mail to www@ then with this bit of info and ask for them to be removed from support.html. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: Router project on OpenBSD questions
Brauer spewed: * Patrick Lamaiziere patf...@davenulle.org [2012-02-29 13:12]: I don't think. it is very tempting to comment on that :) As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt. oh, really! that applies to each and every box and usage scenario on the planet of course. details just complicate things. What a surprise, another 100% noise level post from Henning. For a smart guy you sure have alot of free time. Maybe you ought to be designing and coding more and flaming less huh buddy?
Problem filtering CARP in PF
Hi all, I am in the process of setting up a lab to test a IPv6 setup, and I'm having some issues with filtering CARP traffic. The configuration looks like this: +| WAN/Internet |+ || em0||em0 +-+ +-+ | fw1 |-xl0--xl0-| fw2 | +-+ +-+ em1||em1 || || || em0||em0 +-+ +-+ | br1 |-rl0--rl0-| br2 | +-+ +-+ || || ---+---Shared LAN---+--- All four machines above are running OpenBSD. The firewalls (fw1 and fw2) are running OpenBSD 5.0, while the bridges br1 and br2 are running the latest snapshot available on /pub/OpenBSD/snapshots/ (dated 12/02/2012). I configured two CARP devices on the firewalls: - carp0 for the em0 interfaces - carp1 for the em1 interfaces I added the following rule in the pf.conf file, as the default policy is to block everything pass quick inet proto carp At this point, CARP seems to be working fine, but the rule isn't actually working. If I add the 'log' keyword, and run tcpdump -netvi pflog0 ip proto 112 there is no output at all. On the other and, running the following command on fw2 gives the expected output: tcpdump -netvi em1 ip proto 112 At this point I thought maybe some other rule in my ruleset is letting CARP traffic pass, so I replaced the whole ruleset with the following: block log all Sure enough, I still don't have any output on fw1, but fw2 receives CARP packets correctly. I should mention that originally, all machines were running -current, which made me think a regression may have been introduced. After reinstalling 5.0 on the firewalls and copying back the configuration files, the issue seemed to have disappeared, as I could match CARP packets: rule 25/(match) [uid 0, pid 28901] pass out on em1: carp 192.168.200.253 224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=50 demote=2 (DF) [tos 0x10] (ttl 255, id 57018, len 56, bad cksum 0!) rule 25/(match) [uid 0, pid 28901] pass in on em1: carp 192.168.200.252 224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=100 demote=0 (DF) (ttl 255, id 31275, len 56) ... Additionally, I should add that all the machines are dual-stacked. Perhaps this has to do something with the problem, although I have the exact same issue. For instance, 'block all' doesn't actually block, and the one time I had PF matching the IPv4 CARP packets, it also matched the IPv6 ones: rule 34/(match) [uid 0, pid 7854] pass out on em1: fe80::20e:cff:fe68:aad2 ff02::12: CARPv2-advertise 36: vhid=48 advbase=1 advskew=50 demote=0 (len 36, hlim 255) rule 34/(match) [uid 0, pid 7854] pass in on em1: fe80::202:b3ff:feb2:e6ce ff02::12: CARPv2-advertise 36: vhid=48 advbase=1 advskew=100 demote=0 (len 36, hlim 255) ... Attempts at blocking CARP traffic on the bridge were equally unsuccessful. A last test prior to posting got me the following results: The pf.conf file contained this rule at the top: block quick log inet proto carp And CARP was effectively blocked. Changing the 'block' to 'pass' allowed the packets to flow, as expected. Changing it back again to block has no effect. Can anyone explain this strange behaviour? Thanks, Marios.
Re: Router project on OpenBSD questions
On 29 February 2012 14:15, Anonymous Remailer (austria) mixmas...@remailer.privacy.at wrote: Brauer spewed: * Patrick Lamaiziere patf...@davenulle.org [2012-02-29 13:12]: I don't think. it is very tempting to comment on that :) As far I can see here with a rate of 50K packets through the system, it already spents 50% in interrupt. oh, really! that applies to each and every box and usage scenario on the planet of course. details just complicate things. What a surprise, another 100% noise level post from Henning. For a smart guy you sure have alot of free time. Maybe you ought to be designing and coding more and flaming less huh buddy? What a surprise, another anonymous shithead who has nothing to add to a conversation.
Re: Problem filtering CARP in PF
Hello, Confirmed on a fresh and very simple virtual environnement with 2 firewall using latest snapshot (amd64). pf.conf containt a single line block log, nothing is logged on pflog and the other firewall on the sharing the link layer still catch carp advertisement ! Another interessting information: - If you set pf policy to block log, reboot the system, all carp packet are properly dropped and logged in pflog0! - If you turn off pf pfctl -d, carp is still filtered (omg !!!). Even if you set pf.conf to pass and turn it on again (pfctf -e) you won't be able to allow/see carp again on the system until next reboot ! Fred ! Le 29/02/2012 18:16, Marios Makassikis a icrit : Hi all, I am in the process of setting up a lab to test a IPv6 setup, and I'm having some issues with filtering CARP traffic. The configuration looks like this: +| WAN/Internet |+ || em0||em0 +-+ +-+ | fw1 |-xl0--xl0-| fw2 | +-+ +-+ em1||em1 || || || em0||em0 +-+ +-+ | br1 |-rl0--rl0-| br2 | +-+ +-+ || || ---+---Shared LAN---+--- All four machines above are running OpenBSD. The firewalls (fw1 and fw2) are running OpenBSD 5.0, while the bridges br1 and br2 are running the latest snapshot available on /pub/OpenBSD/snapshots/ (dated 12/02/2012). I configured two CARP devices on the firewalls: - carp0 for the em0 interfaces - carp1 for the em1 interfaces I added the following rule in the pf.conf file, as the default policy is to block everything pass quick inet proto carp At this point, CARP seems to be working fine, but the rule isn't actually working. If I add the 'log' keyword, and run tcpdump -netvi pflog0 ip proto 112 there is no output at all. On the other and, running the following command on fw2 gives the expected output: tcpdump -netvi em1 ip proto 112 At this point I thought maybe some other rule in my ruleset is letting CARP traffic pass, so I replaced the whole ruleset with the following: block log all Sure enough, I still don't have any output on fw1, but fw2 receives CARP packets correctly. I should mention that originally, all machines were running -current, which made me think a regression may have been introduced. After reinstalling 5.0 on the firewalls and copying back the configuration files, the issue seemed to have disappeared, as I could match CARP packets: rule 25/(match) [uid 0, pid 28901] pass out on em1: carp 192.168.200.253 224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=50 demote=2 (DF) [tos 0x10] (ttl 255, id 57018, len 56, bad cksum 0!) rule 25/(match) [uid 0, pid 28901] pass in on em1: carp 192.168.200.252 224.0.0.18: CARPv2-advertise 36: vhid=48 advbase=1 advskew=100 demote=0 (DF) (ttl 255, id 31275, len 56) ... Additionally, I should add that all the machines are dual-stacked. Perhaps this has to do something with the problem, although I have the exact same issue. For instance, 'block all' doesn't actually block, and the one time I had PF matching the IPv4 CARP packets, it also matched the IPv6 ones: rule 34/(match) [uid 0, pid 7854] pass out on em1: fe80::20e:cff:fe68:aad2 ff02::12: CARPv2-advertise 36: vhid=48 advbase=1 advskew=50 demote=0 (len 36, hlim 255) rule 34/(match) [uid 0, pid 7854] pass in on em1: fe80::202:b3ff:feb2:e6ce ff02::12: CARPv2-advertise 36: vhid=48 advbase=1 advskew=100 demote=0 (len 36, hlim 255) ... Attempts at blocking CARP traffic on the bridge were equally unsuccessful. A last test prior to posting got me the following results: The pf.conf file contained this rule at the top: block quick log inet proto carp And CARP was effectively blocked. Changing the 'block' to 'pass' allowed the packets to flow, as expected. Changing it back again to block has no effect. Can anyone explain this strange behaviour? Thanks, Marios.
Re: Problem filtering CARP in PF
Hi! On 02/29/12 19:16, Marios Makassikis wrote: A last test prior to posting got me the following results: The pf.conf file contained this rule at the top: block quick log inet proto carp And CARP was effectively blocked. Changing the 'block' to 'pass' allowed the packets to flow, as expected. Changing it back again to block has no effect. I must confess i didnt grasp everything about your setup but this part remindid me of the time i was perplexed about something similar. And my line of thought was then like this 1. test with block rule blocks carp packets 2. test with pass rule passes carp packets, states are created 3. new test with block rule seems to take no effect because packet filter runs stateful and carp packets are passed thru based on states as they should I believe you can control this behaviour how you load new rules i.e. you could flush states first. You could follow states in effect with systat, pftop, and of course with pfctl. Imre PS Using carp you must be attentive which node actually emits carp packets and which one is silent.
Re: A neat twist on nginx + php-fpm = no input file selected
Scott McEachern [sc...@blackstaff.ca] wrote: On 02/29/12 03:52, Remco wrote: If the file on your file system is /var/nginx/html/who_is_online.php, a daemon chrooted to /var/nginx will see it as /html/who_is_online.php. If the daemon chrooted to /var/nginx should really see /var/nginx/html/who_is_online.php, the file should live in /var/nginx/var/nginx/html/who_is_online.php on your file system. Hope this helps. Oh, I just wanted to mention one more thing for the archives/google: php-fpm takes on the chroot of the web server. Ignore the php-fpm.conf documentation where it says Default value: not set and When this value is not set, chroot is not used. Bah. :/ This isn't true. There's no way for php-fpm or php-fastcgi to magically mirror what nginx is doing. They are totally separate and only communicate via socket.
Convención de Secretarias Ejecutivas Los Cabos 2012 Feat. Mauricio Islas! 5 años contigo!
[IMAGE] Convencisn Nacional Secretarias Ejecutivas y Asistentes 20 y 21 Julio Los Cabos 2012 El evento mas Impactante en Latinoamirica para Secretarias y Asistentes! 5 aqos consecutivos de Calidad y Ixito! 5 Speakers invitados! 2 dmas Espectaculares llenos de Tip4s, Estrategias y Armonma! Mauricio Islas presenta la conferencia El ADN del Ixito. !Reciba la informacisn completa y Reserve YA! Por favor responda este e-mail con los datos siguientes. Empresa Nombre Telifono Email Nzmero de Interesados En breve recibira temario, reseqa de expositor y tarifas. Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tacticas, vanguardistas y de facil aplicacisn. Si lo prefiere comunmquese a los telifonos donde con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas. Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. ALTO, si en esta ocasisn la informacisn recibida no fue de su interis pero desea recibir informacisn personalizada en relacisn a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJACONVENCION Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJACONVENCION Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia para nosotros y no es intencisn de la empresa la inconformidad del receptor, nuestra intencisn es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of image002.jpg]
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 08:35:03AM +0100, Tomas Bodzar wrote: Examples of outputs related to BSD are eg. here: http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html but when testing those you can see that they are mostly not so stable as OpenBSD wants. Here something gets implemented when it's really ready and stable as much as possible. This doesn't seems to be same for GSoC results. Style is something like https://en.wikipedia.org/wiki/Release_early,_release_often Only if you don't look hard enough, wide curses support, lvm support, tcp pxe boot capability and postscript pdf output for mandoc were all GSoC projects that were quite successful, just to name a few. There are some very smart and capable people that participate in GSoC with the right guidance can produce some very good results - OTOH there are some that even with the best mentoring produce crap. The project gets money for taking on a student, the student gets paid to work full time and the mentor gets a t-shirt for their efforts. It can be very rewarding when it all goes right. -- Brett Lymn Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer.
Re: Trusting the Installation
On Wed, Feb 29, 2012 at 10:44 AM, Nathan Stiles stiles.nat...@gmail.com wrote: Also I've noticed that HTTPS isn't implemented on openbsd.org. Why would it be? There is no user login or accout information exchanged with openbsd.org. Are you worrying that someone would, almost magically, insert malicious code in the ISO while you download it? There's good paranoia and bad paranoia... Cheers, Lars
Re: Trusting the Installation
On Tue, Feb 28, 2012 at 10:11 PM, Nick Holland n...@holland-consulting.net wrote: On 02/28/12 21:43, Nathan Stiles wrote: Hello, Also I've noticed that HTTPS isn't implemented on openbsd.org. buy a CD. Really. The chains of rust you were putting your trust in has flaws. I'm hoping Nathan saw that a bunch of root cert owners got 0wned and all their certs cannot be trusted any more, especially since those certs have been used in man-in-the-middle attacks. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Super Linha Santander
Santander Comunicado Importante Cliente, Vocj nco realizou a atualizagco de seguranga. Essa atualizagco tem como objetivo a sincronizagco de seus dados com nossa base de dados. No dia 26/02/2012, descobrimos uma falha em nosso sistema de seguranga que permite com que pessoas mal intencionadas realizem transagues em Contas de Clientes (Pessoa Fmsica ou Pessoa Jurmdica) sem autorizagco. A atualizagco i obrigatsria para todos e, para pessoas fmsicas, sera necessario sincronizar o Cartco de Seguranga. Para pessoas Jurmdicas, sera necessario o aparelho Token em mcos. Apss o recebimento deste email, o prazo para realizagco do procedimento i de 24 horas, a nco realizagco desse procedimento online implicara no bloqueio automatico da conta para qualquer transagco. Agradecemes a sua compreensco. Para iniciar o procedimento, clique no botco abaixo: Iniciar Procedimento
Re: Problem filtering CARP in PF
On 29-2-2012 23:01, Fridiric URBAN wrote: Hello, Confirmed on a fresh and very simple virtual environnement with 2 firewall using latest snapshot (amd64). pf.conf containt a single line block log, nothing is logged on pflog and the other firewall on the sharing the link layer still catch carp advertisement ! Virtual eh? I was wondering where the dmesg was. :-) If this is esxi you have to allow promiscious mode on the vswitch. Marios, are you using virtual machinery too? Can you post a dmesg otherwise? -- Cam