Re: fw_update

[Laurence Rochfort]

If you're really *that* worried you should build everything you use from
source after trawling through the source.

Personally I'd be much more concerned about all the other components on
your internet connection from router to ISP.

Then of course there's your mobile phone...
On May 9, 2012 8:38 PM, mark sullivan mark.sulli...@gmx.fr wrote:

Re: fw_update

[David Coppa]

On Thu, May 10, 2012 at 2:34 AM, Brett brett.ma...@gmx.com wrote:
I would like to hear your arguments on this and if there is a simple way to 
disable fw_update and uninstall in general everything propietary 
affecting the network card that I have not been warned about.

 If you're using a PC you should probably also be aware that
 there is likely to be bios-installed code which runs in system
 management mode behind the back of the OS, this is also
 proprietary and could also affect the network card and all
 other parts of the machine. Also some of the various management
 controllers you might find have pretty far-reaching capabilities
 in this respect.


If you have concerns with firmwares, swap your card with, for example, an
atheros or another card that doesn't need a firmware.

 Some atheros does use firmware, eg athn(4).

Not all the athns. Only USB ones, like the AR9271, need a firmware.

cheers,
David

Re: Hardware (firewall) recommendation

[Stuart Henderson]

On 2012-05-10, Predrag Punosevac punoseva...@gmail.com wrote:
 I would like to hear opinion about: 

 Dell PowerEdge R210 II Ultra-compact Rack Server

These work fine, quite nice machines.

 I am looking at the one with 

 Intel Gigabit ET Quad Port Adapter, Gigabit Ethernet NIC, PCIe x4

I think these are 82576, no personal experience with these (I have
usually got second-hand older cards when I've needed multi-port
nics), they are listed as supported by em(4), should be alright
but they would be better supported by a different driver which
might happen sometime.

 Does One Dual port Broadcom BCM 5716 work on OpenBSD? 
 What about those Broadcom NetXtremes ? It is not going to
 have RAID controller. We are looking at the one with Dual-core Intel
 Celeron G400 and G500 series

The onboard BCM 5716 a.k.a. NetXtreme II work fine with bnx(4).
I include a dmesg from one with PERC H200 raid controller and a
Xeon E3 (note that this Xeon E3 cpu has the instructions that can
be used to speed up AES, see AES in the cpu0 attach line,
the core i3/celerons don't have this - might not be important
for you but I thought I'd point it out just in case).

Note the cheaper DRACs with shared network port are not supported by
OpenBSD, I believe the enterprise DRAC with a separate port should work
but I haven't used one myself (I usually prefer a standalone remote
power controller and cereal console).

OpenBSD 5.1 (GENERIC.MP) #207: Sun Feb 12 09:42:14 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
real mem = 4283691008 (4085MB)
avail mem = 4155494400 (3962MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6730 (57 entries)
bios0: vendor Dell Inc. version 1.2.3 date 07/21/2011
bios0: Dell Inc. PowerEdge R210 II
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPMI ASF! HPET APIC MCFG BOOT SSDT SSDT ASPT SSDT SSDT 
HEST ERST BERT EINJ
acpi0: wakeup devices P0P1(S4) GLAN(S0) EHC1(S4) EHC2(S4) PXSX(S4) RP01(S5) 
PXSX(S4) RP02(S5) PXSX(S4) RP03(S5) PXSX(S4) RP04(S5) PXSX(S4) RP05(S5) 
PXSX(S4) RP06(S5) PXSX(S4) RP07(S5) PXSX(S4) RP08(S5) PEG0(S5) PEGP(S5) 
PEG1(S5) PEG2(S5) PEG3(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3100.44 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 100MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3100.02 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3100.02 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3100.02 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus 1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpicpu2 at acpi0: C3, C2, C1, PSS
acpicpu3 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: FN00
acpipwrres1 at acpi0: FN01
acpipwrres2 at acpi0: FN02
acpipwrres3 at acpi0: FN03
acpipwrres4 at acpi0: FN04
acpitz0 at acpi0: critical temperature is 100 degC
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
cpu0: Enhanced SpeedStep 3100 MHz: speeds: 3101, 3100, 2600, 2400, 2200, 2000, 
1800, 1600 MHz
pci0 at mainbus0 bus 0
pchb0 at 

strange lockups

[Adam Jacob Muller]

Hi,
I have a few OpenBSD boxes, including two firewalls at my house that I 
just upgraded to 5.1.



Unfortunately post-upgrade I seem to have triggered some unusual 
condition with them where they go completely unresponsive 
(network/console don't respond at all). Keyboard lights do continue to 
work and i'm able to enter ddb with the ctrl-alt-esq sequence.


Sadly, I'm not so versed in kernel debugging, and OpenBSD kernel 
debugging even less so, if I had a panic backtrace or similar I could 
get somewhere but as-is, i'm somewhat lost for what information I need 
to make a good bug report (I think its a bug).


I'm obviously being very nebulous with this email, I apologize for that. 
Hopefully someone can point me in the right direction so I can gather 
the required information to make a proper investigation and bug report, 
if warranted.


The short and highly incomplete version of the issue i'm seeing is that 
some network commands (even as simple as ifconfig x up -- or down/up) 
trigger the hang. I'm fairly confident i'm not dealing with a hardware 
problem as I have two different boxes that I can cause this on.



Thanks in advance for any information you can offer to help,

-Adam

Re: Hardware (firewall) recommendation

[Hrvoje Popovski]

On 10.5.2012 3:28, Predrag Punosevac wrote:
 Dear All,
 
 I am resurrecting this thread which I followed carefully because I need
 some hardware advice for the firewall machine which is going to serve
 our new scientific computing laboratory. Initially behind this firewall,
 we will have only two small (16 and 8 nodes) clusters, a GPU based super
 computer, a CVS/File server and a web-server for PMWiki.  They  will be
 accessible to users (15-20 for now) only via SSH(NX X) and HTTP 
 protocols.
 
 We are vendor locked due to the contract between DeLL and the University
 system of Georgia.
 
 I would like to hear opinion about: 
 
 Dell PowerEdge R210 II Ultra-compact Rack Server
 
 http://www.dell.com/us/enterprise/p/poweredge-r210-2/pd
 
 I am looking at the one with 
 
 Intel Gigabit ET Quad Port Adapter, Gigabit Ethernet NIC, PCIe x4
 
 Does One Dual port Broadcom BCM 5716 work on OpenBSD? 
 What about those Broadcom NetXtremes ? It is not going to
 have RAID controller. We are looking at the one with Dual-core Intel
 Celeron G400 and G500 series
 
 
 Thank you so much!
 
 Predrag
 

Hello,

I have R410 (OpenBSD 5.0) in production with BCM5716 and intel 82599 and
everything is working fine. BCM5716 does not support mtu 9000.


OpenBSD 5.0 (GENERIC.MP) #63: Wed Aug 17 10:14:30 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6428266496 (6130MB)
avail mem = 6243024896 (5953MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xcf49c000 (78 entries)
bios0: vendor Dell Inc. version 1.6.3 date 02/07/2011
bios0: Dell Inc. PowerEdge R410
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DM__ MCFG WD__ SLIC ERST HEST
BERT EINJ SRAT TCPA SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 32 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5630 @ 2.53GHz, 2527.32 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 34 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5630 @ 2.53GHz, 2527.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 50 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5630 @ 2.53GHz, 2527.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 52 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5630 @ 2.53GHz, 2527.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 1 pa 0xfec8, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEX1)
acpiprt2 at acpi0: bus 2 (PEX3)
acpiprt3 at acpi0: bus 3 (PEX7)
acpiprt4 at acpi0: bus -1 (PEX9)
acpiprt5 at acpi0: bus -1 (PEXA)
acpiprt6 at acpi0: bus -1 (SBEX)
acpiprt7 at acpi0: bus 4 (COMP)
acpicpu0 at acpi0: C3, C1
acpicpu1 at acpi0: C3, C1
acpicpu2 at acpi0: C3, C1
acpicpu3 at acpi0: C3, C1
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel 5500 Host rev 0x13
ppb0 at pci0 dev 1 function 0 Intel X58 PCIE rev 0x13
pci1 at ppb0 bus 1
bnx0 at pci1 dev 0 function 0 Broadcom BCM5716 rev 0x20: apic 1 int 4
bnx1 at pci1 dev 0 function 1 Broadcom BCM5716 rev 0x20: apic 1 int 16
ppb1 at pci0 dev 3 function 0 Intel X58 PCIE rev 0x13
pci2 at ppb1 bus 2
mpi0 at pci2 dev 0 function 0 Symbios Logic SAS1068E rev 0x08: msi
scsibus0 at mpi0: 112 targets
sd0 at scsibus0 targ 0 lun 0: Dell, VIRTUAL DISK, 1028 SCSI3 0/direct
fixed naa.600508e02a7749fd24f2d10d
sd0: 139392MB, 512 bytes/sector, 285474816 sectors
ses0 at scsibus0 targ 8 lun 0: DP, BACKPLANE, 1.07 SCSI3 13/enclosure
services fixed t10.DP_BACKPLANE00
ppb2 at pci0 dev 7 function 0 Intel X58 PCIE rev 0x13: msi
pci3 at ppb2 bus 3
ix0 at pci3 dev 0 function 0 Intel 10GbE SFP+ (82599) rev 0x01: msi,
address 00:1b:21:9e:6c:98
ix1 at pci3 dev 0 function 1 Intel 10GbE SFP+ (82599) rev 0x01: 

Re: strange lockups

[Jérémie Courrèges-Anglas]

Please see
  http://www.openbsd.org/faq/faq2.html
and
  http://www.openbsd.org/report.html

Regards.
-- 
JC)rC)mie CourrC(ges-Anglas
GPG fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494

Re: Watchdog timeout reset in 5.1 on intel nic:s

[Garry Dolley]

On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not 
 functional. Backed out. Did not investigate further.
 /aol

 Simon

I had another customer on amd64 report this problem today.  Not sure
what the solution is.  I'm recommending either downgrade to 5.0 or
use i386 arch for now.

-- 
Garry Dolley
ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181
Data center, VPS, and IP Transit solutions
Member Los Angeles County REACT, Unit 336 | WQGK336
Blog http://scie.nti.st

block return on bridge(4)

[Peter Hallin]

Hello,

From man pf.conf:

Options returning ICMP packets currently have no effect if pf(4)
operates on a bridge(4), as the code to support this feature has
not yet been implemented.

Just wondering, will this be implemented?

If I understand correctly, if block return is set on a bridging 
firewall TCP RST will be sent out when TCP is blocked, but nothing is
sent out when UDP or any other protocol is blocked. Right?

Thanks,

Peter Hallin, Lund University

Re: Watchdog timeout reset in 5.1 on intel nic:s

[mxb]

On 05/10/2012 09:14 AM, Garry Dolley wrote:

 On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not 
 functional. Backed out. Did not investigate further.
 /aol

 Simon
 
 I had another customer on amd64 report this problem today.  Not sure
 what the solution is.  I'm recommending either downgrade to 5.0 or
 use i386 arch for now.
 


I see this on 5.0-stable as well (one so far).

//maxim

Re: fw_update

[Kevin Chadwick]

On Thu, 10 May 2012 00:46:05 +0200
Alexander Hall wrote:

 revision 1.654
 date: 2011/11/08 19:55:52;  author: deraadt;  state: Exp;  lines: +2 -6
 Now that the code is well tested, don't ask the firmware question
 anymore.  Saves 141 precious bytes on the inside of the media.
 ok krw

I bet he paused before pressing the enter button on that one, but cd
creation pain won over.

Re: A free, open source mail server solution for OpenBSD: iRedMail

[livemoon]

I used iRedMail . Good work. Thanks.

On Thu, May 10, 2012 at 3:34 PM, Zhang Huangbin
zhbmaillisto...@gmail.comwrote:

 Dear list,

 I'd like to introduce iRedMail[1] to you, a free, open source mail
 server solution
 for OpenBSD and other Linux/BSD distributions: http://www.iredmail.org/

 Installation guide for OpenBSD is here:
 http://www.iredmail.org/install_iredmail_on_openbsd.html

 What iRedMail is:

 - A zero-cost, fully fledged, full-featured mail server solution. All used
  packages are free and open source, provided by the Linux/BSD distribution
  venders you trust.

 - An open source project, released under GPLv2, hosted on BitBucket.

 What iRedMail does:

 - Install and configure mail server related BINARY packages automatically
  from the official software repositories provided by Linux/BSD distribution
  venders.

 What benefits iRedMail provides:

 - Fast deployment in LESS THAN 1 MINUTE, easy to use and stable.
 - Control over your own data. You have all personal data on your hard disk,
  it is not on somebody else's storage medium.
 - All components are free and open source softwares, and you get the bug
  fixes and updates of the used packages from the Linux/BSD distribution
  venders you trust, not iRedMail project.
 - Works on both non-virtualized and virtualized boxes, e.g. VMware, Xen,
 KVM,
  OpenVZ, VirtualBox, with i386 and x86_64/amd64 support.
 - Full-featured web admin panel - iRedAdmin. You can setup mail server
  manually with the same softwares as used in iRedMail, but you cannot find
  a suitable web-based admin panel like iRedAdmin.
 - Works on main stream Linux/BSD distributions. No matter you switch to
 which
  Linux/BSD distribution listed below, you can get the same mail server in
  few minutes: Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian,
  Ubuntu, Mint, openSUSE, Gentoo, FreeBSD, OpenBSD.

 Hope you guys will like it. :)




--
7G5-1!N^RTCwV#,7GD~2N^RTVBT6

Şirketler, Eski Notebooklarınızı Alıp iPad3 Hediye Ediyoruz

[Ebru Özen]

Resimleri gvremiyor musunuz? Resimleri gvsteri segin ya da bu iletiyi
tarayD1cD1nD1zda gvr|nt|leyin.
Bilgilendirme e-postalarD1nD1 almak istemiyorsanD1z l|tfen tD1klayD1n.

[IMAGE]

0212 252 15 75

[IMAGE]

KullanmadD1DD1nD1z arD1zalD1 veya galD1ED1r durumdaki
bilgisayarlarD1nD1z bizim igin deDerli... Firmalar, eski diz|st|
bilgisayarlarD1nD1zD1 gvpe atmayD1n, bize getirin size iPad hediye*
edelim...

Hizmetlerimiz

Kiralama
Diz|st| ve Masa|st| Bilgisayar
Apple iPad
Avugigi Bilgisayar
YazD1cD1
LCD Ekran
Teknik Destek Personeli
Microsoft Lisans

YazD1lD1m
IE AkD1E Yvnetim Sistemi
Kalite Dvk|man Yvnetim Sistemi
Microsoft UygulamalarD1

D0kinci El
Diz|st| Bilgisayar
Masa|st| Bilgisayar
Avugigi Bilgisayar

Teknik Servis
Kurumsal BakD1m AnlaEmalarD1

[IMAGE]

Detay bilgi igin
l|tfen bizi arayD1n...

* iPad hediyemiz minimum 100 adet
bilgisayar satD1ED1nda gegerlidir.

www.bilgisayarhastanesi.com
D0nvn| Caddesi Teknik Han No:38
Kat:3 G|m|Esuyu, Taksim D0STANBUL
0 (212) 252 15 75

Re : Re: fw_update

[mark sullivan]

If you have concerns with firmwares, swap your card with, for example, an
 atheros or another card that doesn't need a firmware.
  Some atheros does use firmware, eg athn(4).
 Not all the athns. Only USB ones, like the AR9271, need a firmware.
 Mine is an Atheros (athn, I don't know the model now sorry), not USB and 
OpenBSD automatically installed athn-firmware-1.1p0. I didn't even have the 
chance to test if it would work without it. This is the point of my complaint. 
I would have expected OpenBSD to ask me whether I wanted to install it and then 
made my own decision (eg. buy another card or not).  If you're really *that* 
worried you should build everything you use from source after trawling through 
the source. Personally I'd be much more concerned about all the other 
components on your internet connection from router to ISP. Then of course 
there's your mobile phone... If you're using a PC you should probably 
also be aware that there is likely to be bios-installed code which runs in 
system management mode behind the back of the OS, this is also proprietary 
and could also affect the network card and all other parts of the machine. 
Also some of the various management controllers you might find hav!
 e pretty far-reaching capabilities in this respect. I agree but all I'm 
asking for is maximum awareness. When you know it, then you do what you think 
best. I also think we should make it as hard as possible for government 
agencies to get our data, that means fight for every detail. Am I in the wrong 
forum? This way, at least you know that those that are able to spy on you are 
not morons. After all, if you donB4t care about anything, why donB4t you use 
Windows 7, Ubuntu or OSX? They are much easier to configure. Easiest way to 
disable the uvideo firmware (and any bios video spyware) is to stick black 
electrical tape over the webcam lens. Thanks for those who pointed me out that 
uvideo was the cam. I agree with the black tape approach because I dont use my 
webcam often but this is more annoying with the network card... Thanks Stuart 
for your insightful comments too.

Re: OT: SSH not secure?

[Mo Libden]

Wed, 9 May 2012 09:20:44 -0600 PQ Alvaro Mantilla Gimenez 
alv...@alvaromantilla.com:
 According these guys connect trough SSH to a remote server is not secure...
 
 http://www.wziss.com/
 
 Look in Case Studies
 

What a disgusting way of promoting one's product!
Content of Case Studies is just ridiculous. If somebody
has keys from your apartment, they can enter it! Locks are
not secure!

You can make it as secure as you want, then
there is also the wrench solution:

http://xkcd.com/538/

:-)

Re: Re : Re: fw_update

[David Coppa]

On Thu, May 10, 2012 at 12:03 PM, mark sullivan mark.sulli...@gmx.fr wrote:
 I didn't even have the chance to test if it would work without it.

Yes, it should work.

Just remove the package with pkg_delete athn-firmware.

Re: Watchdog timeout reset in 5.1 on intel nic:s

[David Higgs]

On Thu, May 10, 2012 at 1:18 PM, mxb m...@alumni.chalmers.se wrote:
 On 05/10/2012 09:14 AM, Garry Dolley wrote:

 On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not
 functional. Backed out. Did not investigate further.
 /aol

 Simon

 I had another customer on amd64 report this problem today.  Not sure
 what the solution is.  I'm recommending either downgrade to 5.0 or
 use i386 arch for now.



 I see this on 5.0-stable as well (one so far).

 //maxim


FWIW, I have a VPS from ARP running amd64 5.0-stable that is working
just fine.  I was looking forward to possibly not having to disable
mpbios with 5.1...

Included dmesg and pcidump below, apologies in advance for the crappy
formatting.

--david

#


OpenBSD 5.0-stable (GENERIC) #2: Wed Nov 30 11:46:44 EST 2011
root@vm.localdomain:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 267321344 (254MB)
avail mem = 246370304 (234MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbd3f (10 entries)
bios0: vendor QEMU version QEMU date 01/01/2007
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
mpbios at bios0 not configured
vmt0 at mainbus0
vmware: open failed, eax=564d5868, ecx=001e, edx=5658
vmt0: failed to open backdoor RPC channel (TCLO protocol)
cpu0 at mainbus0: (uniprocessor)
cpu0: QEMU Virtual CPU version 0.9.1, 2667.18 MHz
cpu0:
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MM
X,FXSR,SSE,SSE2,SSE3,NXE,LONG
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02
pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00
pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK
wd0: 16-sector PIO, LBA48, 5632MB, 11534336 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: QEMU, QEMU DVD-ROM, 0.9. ATAPI 5/cdrom
removable
wd0(pciide0:0:0): using PIO mode 0, DMA mode 2
cd0(pciide0:0:1): using PIO mode 0
atapiscsi1 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: QEMU, QEMU DVD-ROM, 0.9. ATAPI 5/cdrom
removable
cd1(pciide0:1:0): using PIO mode 0
uhci0 at pci0 dev 1 function 2 Intel 82371SB USB rev 0x01: irq 11
piixpm0 at pci0 dev 1 function 3 Intel 82371AB Power rev 0x03: irq 10
iic0 at piixpm0
iic0: addr 0x4c 48=00 words 00= 01= 02= 03= 04=
05= 06= 07=
iic0: addr 0x4e 48=00 words 00= 01= 02= 03= 04=
05= 06= 07=
vga1 at pci0 dev 2 function 0 Cirrus Logic CL-GD5446 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 3 function 0 Intel PRO/1000MT (82540EM) rev 0x03:
irq 11, address 52:54:00:27:27:15
Qumranet Virtio Memory rev 0x00 at pci0 dev 4 function 0 not configured
Qumranet Virtio Console rev 0x00 at pci0 dev 5 function 0 not configured
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: density unknown
fd1 at fdc0 drive 1: density unknown
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1
nvram: invalid checksum
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (76f03dc8be45c6fe.a) swap on wd0b dump on wd0b
clock: unknown CMOS layout



Domain /dev/pci0:
 0:0:0: Intel 82441FX
0x: Vendor ID: 8086 Product ID: 1237
0x0004: Command:  Status ID: 
0x0008: Class: 06 Subclass: 00 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size:
00
0x0010: BAR empty ()
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1af4 

Re: OT: SSH not secure?

[Kevin Chadwick]

On Thu, 10 May 2012 12:49:09 +0400
Mo Libden wrote:

 You can make it as secure as you want, then
 there is also the wrench solution:

I used to work somewhere with a steel door. Downstairs made copper
wire. There was some building work going on across the road. One
morning there was a whole in the wall and a JCB missing from the
building site.

One of the employees said they were more interested in how the gypsies
moved a more than 10 tonne coil of copper with ropes as the crane they
had wasn't big enough and one coil they had nicked on another night had
been there for years.

Re: Watchdog timeout reset in 5.1 on intel nic:s

[Per-Olov Sjöholm]

On 10 maj 2012, at 19:18, mxb wrote:

 On 05/10/2012 09:14 AM, Garry Dolley wrote:

 On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not
 functional. Backed out. Did not investigate further.
 /aol

 Simon

 I had another customer on amd64 report this problem today.  Not sure
 what the solution is.  I'm recommending either downgrade to 5.0 or
 use i386 arch for now.



 I see this on 5.0-stable as well (one so far).

 //maxim



Ok something must have happen since 4.9.

My virtual OpenBSD 4.9 run perfect. When trying 5.1 I use the same physical
nics and the same KVM host and version (i.e same bios etc).

Could it be the em driver or kernel itself ?

I will go through the em  cvs Hm. Could version 1.262 from
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_em.c be related to
this issue?


Tnx
Peo

--
GPG keyID: 5231C0C4
GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Re : Re: fw_update

[Eric Furman]

My advice is to not use a computer at all.
Stick to pen and paper.

P.S. You are a fucking stupid fucking moron.
 I would suggest that you fashion a hat
 out of aluminum foil and wear it firmly
 on your head. This way you will stop
 wasting the time of rational people.

On Thu, May 10, 2012, at 12:03 PM, mark sullivan wrote:
 If you have concerns with firmwares, swap your card with, for example, an
  atheros or another card that doesn't need a firmware.
   Some atheros does use firmware, eg athn(4).
  Not all the athns. Only USB ones, like the AR9271, need a firmware.
  Mine is an Atheros (athn, I don't know the model now sorry), not USB and
  OpenBSD automatically installed athn-firmware-1.1p0. I didn't even have
  the chance to test if it would work without it. This is the point of my
  complaint. I would have expected OpenBSD to ask me whether I wanted to
  install it and then made my own decision (eg. buy another card or not). 
  If you're really *that* worried you should build everything you use
  from source after trawling through the source. Personally I'd be much
  more concerned about all the other components on your internet
  connection from router to ISP. Then of course there's your mobile
  phone... If you're using a PC you should probably also be aware
  that there is likely to be bios-installed code which runs in system
  management mode behind the back of the OS, this is also proprietary
  and could also affect the network card and all other parts of the
  machine. Also some of the various management controllers you might find
  hav!
  e pretty far-reaching capabilities in this respect. I agree but all I'm
  asking for is maximum awareness. When you know it, then you do what you
  think best. I also think we should make it as hard as possible for
  government agencies to get our data, that means fight for every detail.
  Am I in the wrong forum? This way, at least you know that those that are
  able to spy on you are not morons. After all, if you donB4t care about
  anything, why donB4t you use Windows 7, Ubuntu or OSX? They are much
  easier to configure. Easiest way to disable the uvideo firmware (and
  any bios video spyware) is to stick black electrical tape over the
  webcam lens. Thanks for those who pointed me out that uvideo was the
  cam. I agree with the black tape approach because I dont use my webcam
  often but this is more annoying with the network card... Thanks Stuart
  for your insightful comments too.

Re: fw_update

[Theo de Raadt]

Also, while I recognize this is an edge case, I have in the past sold
systems with OpenBSD installed on them to other people, and now that I
come to think of it I have no idea whether that's legal to do with, say,
iwn-firmware installed on it (it's probably not).

Every firmware package includes a *-license file which is installed
next to the firmware in /etc/firmware

Read that file.  Decide for yourself, rather than posting dribble.

But let's get back to this selling and legalicy thing.  You may be
aware that the rest of OpenBSD comes with a source tree populated with
statements about no warranty, implied or not.  If you sell it, it is
your problem.  If you expect me to protect you -- someone mailing from
a .us address -- from getting sued, you are completely out of your
freaking mind.  If you don't like that, move to another country.

Re: OT: SSH not secure?

[Kenneth R Westerback]

On Wed, May 09, 2012 at 05:59:55PM +, Miod Vallat wrote:
   It's only as secure as the local and/or remote machine.
   There's nothing SSH can do about that
  
   I have a bucket of water. Can anyone tell me why my hand gets wet if I
   put it inside the bucket.
  
  
  That's because you need to buy AutoBucket.
 
 And only AutoBucket can protect you against water temperature attacks.
 You don't want to risk burning your hand with hot water, do you?
 
 Miod
 

This is why the recommended test is to take a cup of the water and
pour it on your crotch before risking your less temperature sensitive
hand in the water.

 Ken

Re: Watchdog timeout reset in 5.1 on intel nic:s

[Stuart Henderson]

In gmane.os.openbsd.misc, Garry Dolley wrote:
 On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not 
 functional. Backed out. Did not investigate further.
 /aol

 Simon

 I had another customer on amd64 report this problem today.  Not sure
 what the solution is.  I'm recommending either downgrade to 5.0 or
 use i386 arch for now.

If possible, tracking down the commit which broke it, or at least
narrow it to a reasonably small date range, would help. I have
an archive of snapshot kernels if you want to work through them
rather than cvs checkouts, contact me if you'd like access to them.

Curso de Administración y Optimización del Tiempo Ultimos Lugares

[Graciela Arellano R.]

!Muy Importante!
Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a
su Bandeja de Entrada

Apreciable Ejecutivo:

Debido al exito obtenido ponemos a su disposicisn una nueva fecha para el
curso de:
Administracisn y Optimizacisn del Tiempo

Esta Programado para el dma:
18 de Mayo de 2012 en la Ciudad de Mixico

Inscrmbase 5 dmas antes de la fecha del Curso y obtenga un descuento del 15%
con Inversisn Inmediata
No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y
Profesional

Para sobrevivir en un mundo cada vez mas competido, las Compaqmas deben
obtener mayores logros con menos recursos, siendo el tiempo uno de los
recursos mas importantes y crmticos del personal clave de una Organizacisn.

Entre los problemas mas comunes que enfrentan los Directivos y Mandos Medios
para administrar su tiempo, se encuentran una carga de trabajo mal planeada y
distribuida, tratan de hacer demasiado en un tiempo muy corto, no saben decir
NO a las distracciones externas, confunden prioridades trabajando en cosas
de segunda o tercera importancia dejando lo urgente para despuis.

Esta comprobado y es un principio fundamental de la planeacisn del tiempo, que
toda hora empleada en planear eficazmente, ahorra de tres a cuatro horas de
ejecucisn y produce mejores resultados; el tiempo del ejecutivo rara vez se
utiliza tal y como lo planea, pero debe procurar dentro de lo posible,
respetar las actividades y compromisos establecidos.

La productividad personal, es la premisa basica para la efectividad
directiva.
Entender el concepto de resultados y de eficacia estableciendo diferencias con
el concepto de contribucisn y colaboracisn es fundamental para lograr un
enfoque de resultados.

Objetivo General:
Lograr que los participantes comprendan el concepto de administracisn del
tiempo y productividad personal y aprendan a manejar modelos y herramientas
para incrementar la misma, trabajando bajo un enfoque de resultados para
transferirlos a su organizacisn y facilitar su alcance.

Si al momento de recibir este correo ya realizo su confirmacisn le pedimos
haga caso omiso.

De lo contrario, favor de responder este correo con los siguientes datos:
 Empresa:
 Nombre:
 Ciudad:
 Telifono:

O si lo prefiere comunmquese a los telifonos:

Del DF al 5611-0969 con 10 lmneas
Interior del Pams Lada sin Costo
01 800 900 TIEM (8436)
Aceptamos todas las TDC y Dibito.
**Promocisn: 3 meses sin Intereses pagando con American Express
**Aplica solo con Inversisn Normal

.Todos los Derechos Reservados )2011 TIEM Talento e Innovacisn Empresarial
de Mixico
Este Mensaje le ha sido enviado como usuario de TIEM de Mixico o bien un
usuario le refiris para recibir este boletmn.
Como usuario de TIEM de Mixico, en este acto autoriza de manera expresa que
TIEM de Mixico le puede contactar vma correo electrsnico u otros medios.
Si usted ha recibido este mensaje por error, haga caso omiso de il y reporte
su cuenta respondiendo este correo con el subject BAJABD
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del receptor.

Re: strange lockups

[Adam Jacob Muller]

On 05/10/12 04:24, JC)rC)mie CourrC(ges-Anglas wrote:

Please see
   http://www.openbsd.org/faq/faq2.html
and
   http://www.openbsd.org/report.html

Regards.


Hi,
Thanks for that.

So i'm basically looking for ps/registers since I don't have any panic 
message? I was able to get that far, but it did not seem that that would 
be enough useful information to diagnose the issue. I'll gather the 
information tonight.


-Adam

Sendmail at home

[Laurence Rochfort]

I want to setup sendmail so that I can send mail from my home network.

I have no experience with sendmail outside a corporate environment where
DNS makes everything happen automagically.

I have a Gmail account. Is sending via Gmail possible or sensible?

Any advice would be appreciated.

install freeze w/ trigger-happy softraid

[Petah]

Hey, newbie here,

I had major freezes very early in the CD install process (kbd dead, no log, PC 
has no serial) because of mistaken softraid detection. It happened on 
exceptionally crappy hardware: a Dell Vostro 200 w/ Intel rapid storage RAID, 
i.e. latest BIOS is still old. BIOS UI has only IDE or RAID, that is, auto 
RAID/AHCI, AHCI kicks in implicitly when HDDs are not part of a raid group. No 
issue in IDE mode. The drives were never in a RAID until OpenBSD joined them 
(40gb SSD + 2 TB Seagate :). 

Fault is obviously with Dell/Intel but possibly of interest is that disabling 
softraid in UKC seems too late. To get back to normal I had to wipe HDDs' 
headers, install obsd with a single drive, boot_config a softraid-less kernel, 
then plug the 2nd HDD. Maybe a deeper HDD reload is needed when exiting UKC 
and/or more timid softraid detection, at least during install.

While I'm at it: config(8) has uses IRQ 10 instead of 5 backwards, the same 
example appears in boot_config(8) which also refers to boot.conf hence driving 
me in circles. Most confusing is that 'config -b/p/s' is a major operation 
while 'config -e' a harmless patch whose very point is to avoid recompilation. 
Looking up my ass I'd say config -e should get its own PG-13 command, away from 
XXX kernel-compiling (and deranged metaphors).

I just got started on OpenBSD so can't be more constructive right now -- how'd 
you usually expect a developer to contribute? fix it? draw up a proposal? shut 
the fuck up?

-- p

In gmane.os.openbsd.misc, Garry Dolley wrote:
 On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not 
 functional. Backed out. Did not investigate further.
 /aol

 Simon

 I had another customer on amd64 report this problem today.  Not sure
 what the solution is.  I'm recommending either downgrade to 5.0 or
 use i386 arch for now.

If possible, tracking down the commit which broke it, or at least
narrow it to a reasonably small date range, would help. I have
an archive of snapshot kernels if you want to work through them
rather than cvs checkouts, contact me if you'd like access to them.

Re: fw_update

[Chris Bennett]

On Thu, May 10, 2012 at 10:34:14AM +1000, Brett wrote:
 
 Easiest way to disable the uvideo firmware (and any bios video spyware) is to 
 stick black electrical tape over the webcam lens.
 

When I was a kid, one of the science experiments we did was to use a
speaker as a microphone.
Electrical tape clearly wouldn't work here. Get out your soldering iron.


Anyway, my personal paranoid favorite is that here in the Austin Texas
area, they have helpful traffic cameras for adjusting traffic flow that
do not point upwards at traffic to be adjusted for, but point directly
at face and license plates.

Scary Huh. Theo's advice to leave the country seems appropriate.

Enough paranoia. ;(

Re: Sendmail at home

[Peter N. M. Hansteen]

Laurence Rochfort laurence.rochf...@gmail.com writes:

 I want to setup sendmail so that I can send mail from my home network.

Shouldn't be too hard, but make sure you get your mail server machine a
static IP address *and* a correct DNS entry, complete with reverse
resolution.  Largish chunks of the net will simply drop SMTP traffic
from hosts without correct reverse on the floor.

And then of course you get to poke into all the pleasures of striving to
keep your inbox relatively sanitary - spamd, spamassassin, clamd etc
come to mind. All the necessary tools are ither in base or within easy
reach as packages. Do remember to read the supplied documentation and
config file comments properly, and you'll get there.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Sendmail at home

[Brian W.]

You can easily send  receive using gmail, either with a gmail account or
with google apps and your domain at home, though neither of these likely
involve your own sendmail setup. If you want your own mailserver, you need
port 25 to be allowed both ways and a static IP (more proper) or dynamic
dns (improper hack) is also needed.

Brian

On Thu, May 10, 2012 at 10:30 AM, Laurence Rochfort 
laurence.rochf...@gmail.com wrote:

 I want to setup sendmail so that I can send mail from my home network.

 I have no experience with sendmail outside a corporate environment where
 DNS makes everything happen automagically.

 I have a Gmail account. Is sending via Gmail possible or sensible?

 Any advice would be appreciated.

Re: fw_update

[Kenneth Gober]

On Wed, May 9, 2012 at 3:33 PM, mark sullivan mark.sulli...@gmx.fr wrote:

  I would like to hear your arguments on this and if there is a simple way
 to disable fw_update and uninstall in general everything propietary
 affecting the network card that I have not been warned about. I read on the
 FAQ that I should have been asked about this firmware but I wasnB4t! (amd64
 cd installer).


are you confusing proprietary with third-party?

the firmware you're concerned about is provided by the card's manufacturer
(or the chipset manufacturer) and the card (or chip) won't work without it.
  the reason OpenBSD needs to download it is because the manufacturer won't
allow OpenBSD to include it on the CD.  if you don't download it, the
device won't work -- if the device could work effectively without it,
OpenBSD would not go to the trouble of downloading it to begin with.

this is not the same thing as third-party firmware which replaces the
manufacturer's firmware.  examples of this kind of thing are OpenWRT and
Tomato firmware which replace the factory firmware on certain
consumer-grade routers.

-ken

Tandil 67% OFF | Cena Gourmet en BRANDS 52% OFF | Cafetera de Filtro 51% OFF | Peninsula Valdez 75% OFF | Kingston de 8 GB 50% OFF | Camara Digital SAMSUNG 49% OFF | Grill George Foreman 59% OFF

[Bonus Cupon]

Para visualizar correctamente este newsletter ingresa a
http://news1.bonuscupon.com.ar/r.html?uid=1.d.29hh.5s.kk7kfzmz5e

Re: Watchdog timeout reset in 5.1 on intel nic:s

[Garry Dolley]

On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote:
 In gmane.os.openbsd.misc, Garry Dolley wrote:
  On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
  On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
  It says em1: watchdog timeout -- resetting
 
  aol
  I saw the same on an amd64 VPS from arpnetworks.com. Network was not 
  functional. Backed out. Did not investigate further.
  /aol
 
  Simon
 
  I had another customer on amd64 report this problem today.  Not sure
  what the solution is.  I'm recommending either downgrade to 5.0 or
  use i386 arch for now.
 
 If possible, tracking down the commit which broke it, or at least
 narrow it to a reasonably small date range, would help. I have
 an archive of snapshot kernels if you want to work through them
 rather than cvs checkouts, contact me if you'd like access to them.

I will take you up on this and post the results back here.

-- 
Garry Dolley
ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181
Data center, VPS, and IP Transit solutions
Member Los Angeles County REACT, Unit 336 | WQGK336
Blog http://scie.nti.st

Re: Sendmail at home

[L. V. Lammert]

At 12:30 PM 5/10/2012, you wrote:

I want to setup sendmail so that I can send mail from my home network.

I have no experience with sendmail outside a corporate environment where
DNS makes everything happen automagically.

I have a Gmail account. Is sending via Gmail possible or sensible?

Any advice would be appreciated.


Google sendmail forward gmail and register your domain name with 
gmail. Your local sendmail instance will login and forward SMTP 
traffic via gmail, .. you can either IMAP from gmail or use the web 
interface. Free for small domains.


Lee 

Estrategias Efectivas para Gerentes de Marketing Exitosos

[Lic. Loana Blum]

[IMAGE]
Pms de Mixico prestigiada firma de Capacitacisn presenta:
Excelencia Estratigica para el Gerente de Marketing
Znico taller diseqado para Marketing donde de forma integral elabore el
plan de medios adecuado a su empresa
Con Mitricos efectivos.
RESERVE YA!
25 de Mayo, Ciudad de Mixico.
Experto consultor Lic. Sergio Villalobos
Un sptimo desempeqo en su funcisn.
Empresa Registrada ante la STPS
Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico.

!Solicite Mayores Informes! Por favor responda este e-mail con los datos
siguientes.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
En breve recibira la informacisn completa de este inigualable evento.
Comunmquese a los telifonos y con gusto uno de nuestros ejecutivos le
atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741.
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJAMKT
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAMKT
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
image002.jpg]

Re: wifi firmware for lenovo thinkpad E420

[Henning Brauer]

* Siju George sgeorge@gmail.com [2012-05-08 10:54]:
 On Fri, May 4, 2012 at 5:39 PM, Stuart Henderson s...@spacehopper.org wrote:
  Realtek 8188CE rev 0x01 at pci4 dev 0 function 0 not configured
  urtwn(4) is for USB-attached devices, your wlan controller is an
  unsupported PCIE device.
 Any idea if it will get supported in the near future
 Is this a class of device for which no documentation is available or 
 something?

I have one of these somewhere - basically, all that is needed is a pci
attachment for the existing urtwn. shouldn't be too hard, but as usual
- somebody has to do it.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: CARP and OSPF interaction on boot

[Henning Brauer]

* Matt Hamilton ma...@netsight.co.uk [2012-05-04 11:22]:
 I know that OSPF can be configured to demote the carp group until it
 has at least one active neighbor, but this is too late. The carp
 interface is brought up on boot before the ospfd is started.

carp is demoted until rc is finished, and you start ospfd from rc
(.local, .d/ospfd, whatever), right? so that should just work.

 Anyone know of a good way to solve this? I'm guessing something along
 the lines of demote the carp group *before* the carp interfaces are
 brought up (is that even possible?) and then remove the demotion once
 OSPF has stabalised. I don't see a nice clean place in the startup
 process to do this though unless I hack /etc/netstart or similar which
 I don't want to do.

as said, carp is demoted (to 128) until rc is done.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Licitaciones Públicas para PEMEX

[Lic.Blanca Solis]

[IMAGE]
Pms de Mixico prestigiada firma de Capacitacisn presenta:
Licitaciones Pzblicas para PEMEX, CFE y Salud
Un programa diseqado para brindar soluciones contundentes a obstaculos
que se puedan enfrenta en sus procesos de Licitaciones.
28 de Mayo en Mixico D.F. !Reciba la informacisn completa de este
programa!

Por favor responda este e-mail con los datos siguientes y en breve
recibira temario del evento, reseqa del expositor y precio de Inversisn.
Empresa
Nombre
Telifono
Email
Nzmero de Interesados
Si lo prefiere comunmquese a los telifonos donde con gusto uno de
nuestros ejecutivos le atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas
Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la
STPS Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.Este Mensaje ha sido
enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un
usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJALICITACIONES

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJALICITACIONES
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
imagelicitaciones003.jpg]

Re: Sendmail at home

[Daniel Melameth]

On Thu, May 10, 2012 at 11:30 AM, Laurence Rochfort
laurence.rochf...@gmail.com wrote:
 I want to setup sendmail so that I can send mail from my home network.

 I have no experience with sendmail outside a corporate environment where
 DNS makes everything happen automagically.

 I have a Gmail account. Is sending via Gmail possible or sensible?

 Any advice would be appreciated.

If your needs are simple, I'd recommend smtpd over sendmail--and
getting smtpd to relay via Gmail, if that's what you plan to do, is
far more simple than coaxing sendmail to do this.

Re: OT: SSH not secure?

[Daniel Bolgheroni]

On Wed, May 09, 2012 at 02:35:42PM -0300, Christiano F. Haesbaert wrote:
 
 That's because you need to buy AutoBucket.

Made my day.

routeuvm_fault panic while starting LDPd

[Rafael Zalamena]

While I was configuring a new ALIX to my MPLS setup a panic ocurred
while starting LDPd daemon.

Steps:
1. Configure all interfaces using /etc/hostname.*, then run 'sh
/etc/netstart'
2. Configure ospfd.conf, then start it: ospfd -dv 
3. Configure ldpd.conf, then start it: ldpd -dv
4. Panic

I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD
5.1-release on all 3 ALIX now, it happened while I was setting up the
last ALIX connected to the other two.

p.s. note the scrambled print output of LDPd before dying.


dmesg
===
OpenBSD 5.1 (GENERIC) #160: Sun Feb 12 09:46:33 MST 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
586-class) 499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem  = 267976704 (255MB)
avail mem = 253497344 (241MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
address 00:0d:b9:27:ba:f4
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
address 00:0d:b9:27:ba:f5
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15,
address 00:0d:b9:27:ba:f6
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3,
32-bit 3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: CF 2GB
wd0: 1-sector PIO, LBA, 1919MB, 3931200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12,
version 1.0, legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (836cbae3546bb201.a) swap on wd0b dump on wd0b
WARNING: / was not properly unmounted
clock: unknown CMOS layout


Panic log
===
# ldpd -dv
startup
kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) - e
 0.0.0.0/0
kernkel add route 10.e0.3.0/24
kernelr add route 10.0.n4.0/24
kernel aedd route 10.0.10l.3/32
kernel ad:d route 192.168. 3.0/24
page fault trap, code=0
Stopped at  ifaof_ifpforaddr+0x26:  movl0x14(%edx),%edx
ddb ps
  PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
 16045  30155  30155  0  2   0ldpd
 1701  30155  30155 98  2   0ldpd
*30155  14149  30155  0  7   0ldpd
 6371  1   6371  0  30x80  mfsidlmount_mfs
 18560  1  18560  0  30x80  mfsidlmount_mfs
 6132  1   6132  0  30x80  mfsidlmount_mfs
 14149  1  14149  0  30x88  pause ksh
 29893  1  29893  0  30x80  selectcron
 22780  1  22780 99  30x80  poll  sndiod
 10370  1  10370  0  30x80  selectinetd
 32428  1  32428  0  30x80  selectsendmail
 6797  1   6797  0  30x80  selectsshd
 23494  10445  10445 74  30x80  bpf   pflogd
 10445  1  10445  0  30x80  netio pflogd
 5239   9662   9662 73  20x80syslogd
 9662  1   9662  0  30x80  netio syslogd
   13  0  0  0  30x100200  aiodoned  aiodoned
   12  0  0  0  30x100200  syncerupdate
   11  0  0  0  30x100200  cleaner   cleaner
   10  0  0  0  30x100200  reaperreaper
9  0  0  0  3 

Re: routeuvm_fault panic while starting LDPd

[Rafael Zalamena]

On Thu, May 10, 2012 at 8:19 PM, Rafael Zalamena rzalam...@gmail.com wrote:
 While I was configuring a new ALIX to my MPLS setup a panic ocurred
 while starting LDPd daemon.

 Steps:
 1. Configure all interfaces using /etc/hostname.*, then run 'sh /etc/netstart'
 2. Configure ospfd.conf, then start it: ospfd -dv 
 3. Configure ldpd.conf, then start it: ldpd -dv
 4. Panic

 I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD
 5.1-release on all 3 ALIX now, it happened while I was setting up the
 last ALIX connected to the other two.


ospfd.confEOF
router-id 10.0.10.3

area 0.0.0.0 {
interface vr1
interface vr2
interface lo1
}
EOF

ospfd.confEOF
router-id 10.0.10.3

interface vr1
interface vr2
EOF

Re: OT: SSH not secure?

[Lars Hansson]

On Thu, May 10, 2012 at 12:32 AM, Weldon Goree wel...@b.rontosaur.us wrote:
 Right... because AutoSFTP and AutoSSH do not allow an administrator to
 tamper with *them* at all?

I guess it's because they have Anti-Trojan capabilities so
presumably the binaries will detect if they have been tampered with.
Of course, you need to trust that the closed source blob that is
AutoSSH/AutoSFTP a) actually works like that and b) isn't in itself
malicious.
Some might say that's a bit of a conundrum

Cheers,
Lars

4.4 m68k packages?

[David Diggles]

Were there ever 4.4 m68k packages? I can only find 4.3 packages for m68k on ftp 
sites.

Or, is it possible to cross compile for m68k arch on i386?  Or if I can't 
compile 4.4 packages either cross compile, or on the SE/30 itself, I will 
downgrade the SE/30 to 4.3  The Quadra 700 I was using to do compiles, has 
finally died.

Re: OT: SSH not secure?

[Steve Shockley]

On 5/9/2012 12:32 PM, Weldon Goree wrote:

only our AutoSSH and AutoSFTP can detect
truss/tusc/strace and dtrace attack, and detect Trojan Horse attack.


See, now we know why people keep asking for dtrace in OpenBSD, it's to 
get our passwords.  I knew it was a trap!

Re: strange lockups

[Adam Jacob Muller]

On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote:

Please see
   http://www.openbsd.org/faq/faq2.html
and
   http://www.openbsd.org/report.html

Regards.

Hi,

I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems 
query-pr page is broken?).


In any event, this is the ddb output of ps/show registers.

I'm fairly reliably able to reproduce this, if there is any more 
information I can gather, let me know.


-=[~]=- -=[Thu May 10]=- -=[21:30:46]=-
[root@charon]# ifconfig em2 up
-=[~]=- -=[Thu May 10]=- -=[21:30:49]=-
[root@charon]# uptime
 9:30PM  up 2 mins, 1 user, load averages: 1.38, 0.50, 0.19
-=[~]=- -=[Thu May 10]=- -=[21:30:52]=-
[root@charon]# ifconfig em3 up



^EB^EStopped at  Debugger+0x5:   leave
ddb  show panic
the kernel did not panic
ddb  ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
*31458   2782  31458  0  7   0ifconfig
  2782  1   2782  0  30x80  wait  bash
  9835  1   9835  0  30x80  ttyin getty
 28249  1  28249  0  30x80  ttyin getty
  1429  1   1429  0  30x80  ttyin getty
 12859  1  12859  0  30x80  ttyin getty
 15689  1  15689  0  30x80  ttyin getty
 21720  1  21720  0  30x80  selectcron
 22103  15791  15791  0  30x80  nanosleep perl
 15791  1  15791  0  30x80  poll  collectd
 17486   1711   1711 77  30x80  poll  dhcpd
 32181  15104  27517 90  30x80  kqreadospf6d
 22133  15104  27517 90  30x80  kqreadospf6d
  4380  27517  27517  0  30x80  piperdtee
 15104  27517  27517  0  20x80ospf6d
 27517  11636  27517  0  30x88  pause sh
  7865  22621   4001 83  30x80  poll  ntpd
 22621   4001   4001 83  30x80  poll  ntpd
 11636  1  11636  0  30x80  selectscreen
  1711  22145   1711 77  30x80  poll  dhcpd
  4001  26301   4001  0  30x80  poll  ntpd
 22145  1  22145  0  30x80  selectscreen
 20753  11069  20753  0  30x80  netconphp
 11069  1  11069  0  30x80  selectscreen
 26301  1  26301  0  30x80  selectscreen
 23181  1  23181556  30x80  selectnrpe
 13812  30502  30502 91  20x80snmpd
 30502  23345  30502  0  30x80  kqreadsnmpd
 24114   6566  24114  0  30x80  nanosleep php
 24896  12320  24896  0  30x80  nanosleep php
 30324  26717  30324  0  30x80  nanosleep php
 23345  1  23345  0  30x80  selectscreen
  2939  17720   2939  0  30x80  nanosleep php
 26717  1  26717  0  30x80  selectscreen
 12320  1  12320  0  30x80  selectscreen
  6566  1   6566  0  30x80  selectscreen
 17720  1  17720  0  30x80  selectscreen
 20349  31546  20349  0  30x80  poll  syslog-ng
 31546  1  13174  0  30x80  wait  syslog-ng
 22116  1  22116 99  30x80  poll  sndiod
 12536  1  12536  0  30x80  selectinetd
 21142  13495  13495507  30x80  kqreadqmgr
 16697  13495  13495507  30x80  kqreadpickup
 13495  1  13495  0  30x80  kqreadmaster
 17383  15889  15889 75  30x80  poll  bgpd
  2491  15889  15889 75  30x80  poll  bgpd
 15889  1  15889  0  20x80bgpd
 30554  15678  15678 90  30x80  kqreadospf6d
 19811  15678  15678 90  30x80  kqreadospf6d
 15678  1  15678  0  20x80ospf6d
 29524  1  29524  0  30x80  selectsshd
 26501   5231   5231 70  30x80  selectnamed
  5231  1   5231  0  30x80  netio named
 21867  29781  29781 74  30x80  bpf   pflogd
 29781  1  29781  0  30x80  netio pflogd
  9811   2867   2867 73  30x80  poll  syslogd
  2867  1   2867  0  30x80  netio syslogd
11  0  0  0  30x100200  aiodoned  aiodoned
10  0  0  0  30x100200  syncerupdate
 9  0  0  0  30x100200  cleaner   cleaner
 8  0  0  0  30x100200  reaperreaper
 7  0  0  0  30x100200  pgdaemon  pagedaemon
 6  0  0  0  30x100200  bored crypto
 5  0  0  0  30x100200  pftm  pfpurge
 4  0  0 

Re: 4.4 m68k packages?

[David Diggles]

Nevermind, I'll make things easy on myself, and downgrade it to 4.2 - the most 
recent with a fairly complete set of m68k packages. :-)

On Fri, May 11, 2012 at 07:57:11AM +1000, David Diggles wrote:
 Were there ever 4.4 m68k packages? I can only find 4.3 packages for m68k on 
 ftp sites.
 
 Or, is it possible to cross compile for m68k arch on i386?  Or if I can't 
 compile 4.4 packages either cross compile, or on the SE/30 itself, I will 
 downgrade the SE/30 to 4.3  The Quadra 700 I was using to do compiles, has 
 finally died.

オプトイン確認メール

[オプトインメール確認]

色々な最新情報メールを配信しております。
今後、最新情報をお送りさせて頂くにあたり最終確認を行っております。
お手数をお掛け致しますが、今後最新情報メールを
希望されない方はこちらまで「希望しない」とご連絡ください。