Portable version of cwm(1)?
Has anyone done a portable version of cwm(1) from the OpenBSD tree? I just made an attempt, and it was pretty straightforward, but if someone has made a more serious attempt I would prefer to consider that. -- Aaron W. Hsu | arcf...@sacrideo.us | http://www.sacrideo.us Programming is just another word for the lost art of thinking.
Story behind PCC's removal?
So, from what I can tell, PCC has been removed from the core tree. I have not been able to find the story behind why it was moved out, except some minor mention of a lack of maintainer? Is there still any active effort to move the code base of OpenBSD away from GCC dependence? -- Aaron W. Hsu | arcf...@sacrideo.us | http://www.sacrideo.us Programming is just another word for the lost art of thinking.
Re: Multiple Monitors, xrandr, startx and startkde
On Thu, 01 Oct 2009 16:47:50 -0400, Vijay Sankar vsan...@foretell.ca wrote: If you have any insight into this please let me know. KDE may be overriding your settings with its own. When I used multiple monitors, KDE autoconfigured it using its display manager (this was for a presentation). You may want to consider seeing whether KDE understands enough to do this in your case. Aaron W. Hsu -- Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. -- C. S. Lewis
Re: Presentation tool
On Wed, 26 Aug 2009 04:17:24 -0400, Lars Nooden lars.cura...@gmail.com wrote: Also, don't underestimate the value of a single, plain HTML page. It works very well, too. The scroll bar shows how far along you are during the presentation and to publish it on the web, well it's there already. And actually, Opera has special support for Presentations in HTML mode. If you can run Opera, you might find it to be just the thing you want. http://www.opera.com/browser/tutorials/operashow/index.dml Aaron W. Hsu -- Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. -- C. S. Lewis
Re: Automated service/daemon management
Cem, From cemkay...@eticaret.com.tr Tue Jun 9 22:11:38 2009 Ooops, i would expect people (who somehow use any-bsd) to be more familir to rc.d :) I think people coming from SysV systems like Solaris or Linux will generally find rc.d more familiar, but it isn't hard to learn this system. On the other hand, classic BSD types are going to find this system easier. Slackware has an rc script like setup, but it is much closer to OpenBSD's classic style scripts compared to the rc system used by FreeBSD or other Linux distributions. If someone really wanted to implement their own management of scripts in a similar way to rc.d, one might check out the Slackware way of doing it, as it is simpler than the others, while achieving pretty much the same end. On the other hand, I like OpenBSD in part because of the way it handles these scripts, so I hope I'll continue to see the current style used for a long time into the future. :-) -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: KNF for usr.bin?
Hey Otto, Thanks for your message. From o...@drijf.net Fri Jun 5 10:56:27 2009 One other thing you need to consider: does the code in question need to be diffed with another repository, upstream or other BSD, for example. In the case of nvi it is. Whitescpae and formatting diffs make it hard to track and merge changes from other places. Okay, I went over the CVS logs and did note some patches pulled in from ... at least 1.81.5 it seems. I had thought that no patches were being pulled in since 1.79, but I guess I was wrong. So...that means no whitespace and formatting changes, but should I stick with formatting styles used in the surrounding code then, for consistency? My guess is yes. If I alter a file enough that it could benefit from reformatting, should I leave it the old style to match with the surrounding files as well? I'm a bit unclear on where that line is drawn. (From what it looks like, I'll be editing maybe one or two files significantly, but probably not more than four files or so, and I don't know whether that warrants using a newer style in those files or sticking with the old stuff.) -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
KNF for usr.bin?
Hey all, I've been planning on doing some hacking on nvi in the tree, but I wanted to play around with style(9) first. Am I correct in assuming that KNF style is preferred for all code in the tree? -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: KNF for usr.bin?
Hey Nick, Thanks for your feedback. From n...@holland-consulting.net Thu Jun 4 23:58:12 2009 when you see developers doing KNF commits, they aren't doing it as the end goal, [...] Changing the whitespace in the source code doesn't improve OpenBSD. Reading the code is what makes the improvement. If all you are doing is a mechanical KNFing, please don't. If you aren't finding OTHER errors while reading code, just keep reading, not changing. Thanks, and yes, this is advice that I have seen before. Actually, I don't want to do a mechanical KNFing, but I intend to do some work on nvi(1) and I want to familiarize myself with the code and afterwards make some changes to it. [That is, if my free time lasts.] As a part of this, I figured that I'd go ahead and KNF things while I was learning the code, and then add in my changes. I'm not so filled with free time that I would just go around KNFing things for the fun of it. ;-) If this isn't the way to go, please, do let me know. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Rewriting Addresses in SMTPD
Hello again, Is there a way in smtpd(8) yet, to do something like genericstables in sendmail? Right now, when my client sendmail sends out a mail, it rewrites the envelope and the From addresses to be valid email addresses with the domain that I want tacked on to the username. I couldn't find a way to do this in smtpd.conf(5), which seems to have aliases and virtual domain maps for receiving mail, but not sending it. If this is better done before the mail is sent to smtpd(8), is there a way to do this with mail(1)? Thanks! -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
SMTPD TLS Authentication?
Hello SMTPD Gurus, I have noticed some TLS based authentication stuff in the smtpd.conf(5) man page. I don't see more details about how it works, though. How far along is the TLS based stuff? I'd like to test smtpd with my email server on my local machine, which operates as a client to my sendmail based server remotely via TLS Authentication. Is this in their yet, or does the TLS work differently right now? Thanks! And, sorry for bugging you if this should be obvious. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
rt.fm CVS Mirror going funny?
Hey All, Has anyone else noticed issues with pulling src/sbin/ping/ping.c from anon...@rt.fm:/cvs? I get this error cvs [server aborted]: EOF while looking for end of string \ in RCS file /cvs/src/sbin/ping/ping.c,v Does anyone know what might cause this? I tried removing it and refetching it, as well as using the -C option. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Cleanup of installers
I just thought I would mention that it is nice to see some clean-up of the installation process. Now OpenBSD's installer is improving in the *right* direction. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: European orders
frantisek, technically, yes he is. north american :} Now everyone's insulted. :-D -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
smtpd authentication?
Does the recently linked in smtpd support things like certificate based authentication for relay? I am wondering if I can test it with one of my mail servers, but that server requires authenticating who can send mail from it, where the current authentication mechanism is tls certificates. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Overlay missing with intel(4)
J.C., Thanks a bunch for this really informative response... On Tue, 24 Mar 2009 18:00:24 -0400 (EDT) Aaron W. Hsu arcf...@sacrideo.us wrote: Section Module Load dbe Load dri Load extmod Load glx Load freetype EndSection The above are not necessary. They are all loaded by default. See your Xorg.0.log for details. Removed without any problems. Thanks. Section Monitor #DisplaySize 330 210 # mm Identifier Monitor0 VendorName LEN ModelName4053 Option DPMS EndSection Section Monitor #DisplaySize 330 210 # mm Identifier Monitor1 VendorName LEN ModelName4053 Option DPMS EndSection Something doesn't make sense here. The closest I've found to your description is an LCD for a laptop? LENOVO Y730 4053-2EU LAPTOP LCD PANEL 17 GLOSSY WUXGA http://www.247laptoplcd.com/servlet/the-61437/LENOVO-Y730-4053-dsh-2EU-LAPTOP/Detail or LENOVO Y730 4053-2AU LAPTOP LCD PANEL 17 GLOSSY WUXGA http://www.247laptoplcd.com/servlet/the-61436/LENOVO-Y730-4053-dsh-2AU-LAPTOP/Detail The LCD itself might be used in stand-alone displays as well as laptops, but I couldn't find one, let alone the specs for the LCD. I'm sure you're thinking, Why the hell does that matter? but sadly the display really does matter with the intel(4) driver. One of the crazy things the intel(4) driver does is query the display, and if it's a fixed resolution LCD, the driver tries to rescale the resolution you stated in your xorg.conf to what the display can actually handle. Though this new feature is required for some laptops and other LCD's to operate, it does not work very well, and it does cause problems for devices which do not need this feature present. I had no idea that they were pulling those kinds of stunts. At any rate, this is a Lenovo T500 Laptop, so yes, it has a single LCD screen. Section Device ### Available Driver options are:- ### Values: i: integer, f: float, bool: True/False, ### string: String, freq: f Hz/kHz/MHz ### [arg]: arg optional #Option NoAccel # [bool] #Option SWcursor # [bool] #Option ColorKey # i #Option CacheLines# i #Option Dac6Bit # [bool] #Option DRI # [bool] #Option NoDDC # [bool] #Option ShowCache # [bool] #Option XvMCSurfaces # i #Option PageFlip # [bool] Identifier Card0 Driver intel VendorName Intel BoardName GM45 Video BusID PCI:0:2:0 EndSection Section Device ### Available Driver options are:- snip Identifier Card1 Driver radeon VendorName ATI BoardName Mobility Radeon HD 3650 BusID PCI:1:0:0 EndSection good, you've actually got two cards in the machine. A number of dual/multi head cards can be run Zaphod Mode (i.e. two or more Device sections for a single card), but the new intel(4) driver does not support this. Actually, while there are two cards in the machine, and I can run with both of them enabled in the BIOS, it saps a lot of power. I can't seem to get good use out of the ATI one at the moment, so I've been using the Intel, with the ATI disabled in the BIOS. (II) intel(0): Selecting standard 18 bit TMDS pixel format. This is probably correct, but some newer LCD's use a 24-bit pixel format. See the LVDS24Bit option in the intel(4) man page. I tried it the other way, and 18 bit TMDS mode is most certainly the correct way. :-) Now here's my suggestion for video playback; try disabling either DDC2 or DCC (both 1 2). In your Device section you can use: Option DDC false # Both version 1 and 2 Option DDC1 false # Only version 1 Option DDC2 false # Only version 2 The above will prevent the intel(4) driver from attempting anything stupid in the way of rescaling, because without DDC the driver will no longer be able to tell what type of display is attached. You will most likely need to add a Modes line to your Display subsection to keep the intel(4) driver from running off into the weeds trying to use the *MAX* resolution. Section Screen Identifier Screen0 Device Card0 Monitor Monitor0 SubSection Display Viewport 0 0 Depth 24 Modes 1680x1050 1280x768 whatever EndSubSection EndSection NOTE: The above is just me guessing. You *need* to put the right resolutions for you display, which means you need
Overlay missing with intel(4)
AutoRepeat 500 30 (**) Option XkbRules xorg (**) Keyboard0: XkbRules: xorg (**) Option XkbModel pc105 (**) Keyboard0: XkbModel: pc105 (**) Option XkbLayout us (**) Keyboard0: XkbLayout: us (**) Option CustomKeycodes off (**) Keyboard0: CustomKeycodes disabled (II) evaluating device (Mouse0) (II) XINPUT: Adding extended input device Mouse0 (type: MOUSE) (II) evaluating device (Keyboard0) (II) XINPUT: Adding extended input device Keyboard0 (type: KEYBOARD) (II) 3rd Button detected: disabling emulate3Button -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: halt -p does not powerdown ThinkPad X200 under 4.5beta
David, On 10-Mar-2009 David Schulz wrote: ThinkPad X200 running with a recent Snapshot (Feb28-09), so 4.5 beta, oftentimes does not power down the machine when using halt -p. Sometimes it does, often enough it does not. There is a Bug Report in the Bug Tracker for a ThinkPad T20 running under 4.4, which has the exact same Problem. In the Bug Report http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6007 says that one should check again under -current, but as it shows, it still doesnt yet work. I can confirm this on a Lenovo T500 as well. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: acpithinkpad problems on thinkpad w500
rev 0x03: apic 1 int 21 (irq 11) pci3 at ppb2 bus 3 iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1 int 17 (irq 11), MIMO 3T3R, MoW, address 00:21:6a:0b:8 a:be ppb3 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: apic 1 int 23 (irq 11) pci4 at ppb3 bus 5 ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) pci5 at ppb4 bus 13 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int 16 (irq 11) uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int 17 (irq 11) uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int 18 (irq 11) ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int 19 (irq 11) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x93 pci6 at ppb5 bus 21 cbb0 at pci6 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int 16 (irq 11) Ricoh 5C832 Firewire rev 0x04 at pci6 dev 0 function 1 not configured sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: apic 1 int 18 (irq 11) sdmmc0 at sdhc0 Ricoh 5C843 MMC rev 0x11 at pci6 dev 0 function 3 not configured Ricoh 5C592 Memory Stick rev 0x11 at pci6 dev 0 function 4 not configured Ricoh 5C852 xD rev 0x11 at pci6 dev 0 function 5 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 pcib0 at pci0 dev 31 function 0 Intel 82801IEM LPC rev 0x03 ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x03: apic 1 int 16 (irq 11), AHCI 1.2 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, HITACHI HTS72201, DCDZ SCSI3 0/direct fixed sd0: 152627MB, 512 bytes/sec, 312581808 sec total cd0 at scsibus0 targ 1 lun 0: HL-DT-ST, DVDRAM GSA-U20N, HX12 ATAPI 5/cdrom removable ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x03: apic 1 int 23 (irq 11) iic0 at ichiic0 usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 aps0 at isa0 port 0x1600/31 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support uvideo0 at uhub0 port 6 configuration 1 interface 0 Chicony Electronics Co., Ltd. product 0x4807 rev 2.00/31.34 addr 2 video0 at uvideo0 ugen0 at uhub3 port 1 AuthenTec Fingerprint Sensor rev 2.00/17.03 addr 2 ugen1 at uhub7 port 2 Lenovo Integrated Smart Card Reader rev 2.00/1.00 addr 2 softraid0 at root root on sd0a swap on sd0b dump on sd0b uhub8 at uhub1 port 1 Belkin Components product 0x0304 rev 2.00/7.02 addr 2 uhidev0 at uhub8 port 3 configuration 1 interface 0 Kensington Kensington Expert Mouse rev 1.10/1.00 addr 3 uhidev0: iclass 3/1 ums0 at uhidev0: 4 buttons, Z dir wsmouse1 at ums0 mux 0 uhidev1 at uhub5 port 2 configuration 1 interface 0 Composite USB PS2 Converter USB to PS2 Adaptor v1.10 rev 1.10/0.01 addr 2 uhidev1: iclass 3/1 ukbd0 at uhidev1: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev2 at uhub5 port 2 configuration 1 interface 1 Composite USB PS2 Converter USB to PS2 Adaptor v1.10 rev 1.10/0.01 addr 2 uhidev2: iclass 3/1, 3 report ids ums1 at uhidev2 reportid 1: 3 buttons, Z dir wsmouse2 at ums1 mux 0 uhid0 at uhidev2 reportid 2: input=1, output=0, feature=0 uhid1 at uhidev2 reportid 3: input=2, output=0, feature=0 acpithinkpad0: unknown type 3 event 0x006 acpithinkpad0: unknown type 3 event 0x006 ... -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: pending/6099
Since this is pertinent to this bug, I have sent this to gnats. On 09-Mar-2009 joshua stein wrote: I came across a strange problem today. I (accidentally) opened the cd/dvd player of my thinkpad w500 laptop. Once the player is opened, it is impossible to close it, as it is immediately reopened. Dmesg is flawed with the following messages: acpithinkpad0: unknown type 3 event 0x006 Any ideas on how I can solve the problem? does the event log at the opening or closing of the drive? if you disable the acpithinkpad device (boot -c) does the drive work properly? On my Lenovo Thinkpad T500, the messages start to display quickly after I open the drive, and the messages do not wait for the drive to close. However, disabling acpithinkpad does cause the messages to disappear, but it does not change the behavior of the drive. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Thinkpad R61 support
Christiano, On 08-Feb-2009 Christiano Farina Haesbaert wrote: What about the T61 with the nvidia quadro, you think I would have problems as well ? I'm considering t61 and X40,X60 at the moment. I recently purchased a t500 from Lenovo, which is a replacement for their t61 line, I think. You may be interested to see the results that I have had, which are on the i386-laptop.html page. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Can't boot on macbook
Christiano, On 28-Jan-2009 Christiano Farina Haesbaert wrote: I can't boot the installation CD with a macbook, with the bsd.rd kernel I have the bug #5653. With bsd.mp my keyboard locks up when it asks for a root device. It's the last generation of white macbooks. Any tips ? Are you using 4.4-RELEASE or 4.4-Current? -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: emul.linux not playing well with bsd.mp
Hey Predrag, On 17-Jan-2009 Predrag Punosevac wrote: Aron Tsu that Opera was locking on bsd.mp. Thanks for the reference: this was my reply, and I still encounter it. In my experience this is more systematic problem. In the past couple of weeks, I installed several different linux binaries. Locks, hangs, even a core dumps were regularly occuring on bsd.mp kernel while applications were running rock solidly on bsd kernel. Unfortunatelly, I do not have a fix but at least I wanted to share my experience with the community. I have actually tried another application the other day built on Linux. I compared the results of FreeBSD emulation with the Linux ones, and while I could not figure how to get the Motif stuff working in FreeBSD, I did manage to get things working satsifactorily in Linux. I was testing a commercial Motif application, and it worked very well and very reliably. I have not had any crashes, but have had some font searching problems. Do you happen to have a list of programs that are not working well for you? -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
SSH X Forwarding xhost
I have read ssh(1) and xhost(1), as well as this page: http://piast.cbio.psu.edu/reference/NetworkingCD2.0/ssh/ch09_03.htm where it says: X forwarding with authentication spoofing solves all but one of the X authentication problems we raised earlier: xhost X forwarding doesn't use xhost. (By the way, make sure to disable all xhost permissions when using X forwarding, or you will undermine the X security provided by SSH.) in xhost(1) I read: + Access is granted to everyone, even if they aren't on the list (i.e., access control is turned off). and in ssh(1) I read: -X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. For this reason, X11 forwarding is subjected to X11 SECURITY ex- tension restrictions by default. Please refer to the ssh -Y op- tion and the ForwardX11Trusted directive in ssh_config(5) for more information. [...] -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. And this is where I become confused: I am connecting to my remote host through ssh using the command `ssh -X u...@host` and it works alright when I use `xhost +`, but does not work when I do `xhost +host`; ssh -X u...@host` nor when I use `xhost -; ssh -X u...@host`. When I read the web link, it tells me to disable xhost, but it does not give me a way to do that. Reading the xhost man page makes me think that `xhost +` actually disables xhost authentication rather than making xhost pre-authenticate the entire address space. This appears to be born out by the fact that ssh -X does not work when I just manually add the right xhost in; if I were wrong here, I would expect X forwarding to fail both when I used `xhost +` and when I used `xhost +host`. However, reading outsie the parentheses in the xhost man page, it makes me think that it really is authenticating all the address space, and making it possible for every client in the world to authenticate to my X server without having to use any kind of xauth authentication, which I want to avoid. The parenthetical clause seems to say something different though; it seems to say that xhost is disabled, and any client wishing to connect will now have to authenticate with a different mechanism. I have tried using ssh -Y and that works, but I am concerned about using that because of the warnings issued in ssh(1), since it appears that -Y disables all the proper security measures that -X uses. Can someone please confirm whether I am wrong or right and if wrong, what the right way to do this is? I would like to make a semi-secure connection to this remote machine somehow, and I am concerned that the use of `xhost +` is quite insecure. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Users of Opera -- Stability?
Hey All, I wanted to check with any users here that are using the opera web browser. Can you please mention what Window Manager you use? I am trying to understand why Opera is unstable for me, but not for other people. If you can report the stability of running Opera, that would be great too. -- Aaron W. Hsu arcf...@sacrideo.us | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: atheros 5424 wireless chipset
On Thu, 20 Nov 2008 13:46:08 -0800 (PST) jimerickso [EMAIL PROTECTED] wrote: does openbsd current have support for the atheros 5424 wireless chipset? I currently have a Macbook Pro with an Atheros AR5424 chip, and it works pretty well. ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: apic 1 int 17 (irq 11) ath0: AR5424 10.3 phy 6.1 rf 10.2, WOR5_ETSIC, address 00:17:f2:50:dd:64 -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: atheros 5424 wireless chipset
On Thu, 20 Nov 2008 20:14:32 -0500 Aaron W. Hsu [EMAIL PROTECTED] wrote: On Thu, 20 Nov 2008 13:46:08 -0800 (PST) jimerickso [EMAIL PROTECTED] wrote: does openbsd current have support for the atheros 5424 wireless chipset? I currently have a Macbook Pro with an Atheros AR5424 chip, and it works pretty well. ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: apic 1 int 17 (irq 11) ath0: AR5424 10.3 phy 6.1 rf 10.2, WOR5_ETSIC, address 00:17:f2:50:dd:64 I should have mentioned that I am running -Current, but I thought that this was already in 4.4. -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Turning off sendmail
On Sat, 15 Nov 2008 18:23:24 -0500 STeve Andre' [EMAIL PROTECTED] wrote: Don't tweak system files unless you really have to. rc.conf controls a lot, and is the proper way to change how the system works. Just as an additional note, I believe these should be added to rc.conf.local and not to the main rc.conf file, which falls under the system file category that should not be modified. -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Missing security announcements
To everyone who wants security-announce to work: On Thu, 13 Nov 2008 09:29:09 -0700 Theo de Raadt [EMAIL PROTECTED] wrote: someone should take the task to send a mail via it once something arrives on the errata page. It is really easy to use that word should when it isn't you. I'll do it. I care about having security announcements sent out in a way that makes it easy for us to track without having to write out own scripts. I happen to think a mailing list is a very good way of doing this. I'm willing to put in the time to do this, since I *do* use -stable. Is security-announce an open list? If not, give me access and I'll keep it reasonably up to date, give or take a day or so of release of the Security Errata on the website, unless there is an even faster way of checking it out, such as CVS. -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Missing security announcements
On Thu, 13 Nov 2008 12:55:36 -0500 Ted Unangst [EMAIL PROTECTED] wrote: On Thu, Nov 13, 2008 at 12:35 PM, Aaron W. Hsu [EMAIL PROTECTED] wrote: Is security-announce an open list? If not, give me access and I'll keep it reasonably up to date, give or take a day or so of release of the Security Errata on the website, unless there is an even faster way of checking it out, such as CVS. It is moderated, and really, outsiders should not be posting to it because then it appears that they have some position of authority. The only person who should be posting to the list is the person who made the fix, because they are the security contact. When people reply, it is important they are talking to the right person. Okay, I can see why everyone would prefer to see the developer's sending their own fixes -- this is convenient to the users, though not to the developers. However, it is obvious that the developers do not wish to do this, have no time to bother with it, and aren't concerned at all. I don't blame them, that's perfectly legitimate. So we should get someone else to do it, because some people do care about having semi-timely security announcements on a mailing list. I also see no reason why someone announcing a security announcement that is detailed elsewhere should be required to be a developer heavily involved in the development process. The very nature of this suggests that people who meet this requirement will not have the motivation or time to do this. There is nothing wrong with having someone else assigned to the task. What you can do is monitor the list. If an erratum comes out and nothing happens for a day, email the person responsible and remind them. The person responsible is not necessarily the person who happened to commit to stable, though, it's the person who made the original fix. There's no announcements on the list because probably half the developers don't know they are supposed to make such announcements. You're implying ignorance of the developers, which I doubt. They don't care about it, and we shouldn't be nagging them about it. Instead, we should do something, rather than just being on the outside bugging them like annoying gnats. I'm offering to do the work. OpenBSD as a whole may not want me to do anything, but that's not my fault. At least I'm trying to *do* something; I don't consider nagging people who don't have time or motivation or reason to bother with such things to be an useful thing to do. -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Missing security announcements
On Thu, 13 Nov 2008 10:38:06 -0800 [EMAIL PROTECTED] (Randal L. Schwartz) wrote: Surely, it would be easier to teach that small set of people (one?) to cc the mailing list on a security announcement, rather than expect that everyone with a core commit bit be reminded to watch errata to notice when their particular contribution has been accepted as a security patch. What am I missing here? Why should developers listen to people who are just consuming resources that they are giving out for free? We don't need to teach them, we can just do the work they don't want to do to free them up for doing the work they should be doing. Why bug them? They have work to do. -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Missing security announcements
On Wed, 12 Nov 2008 21:32:57 -0600 Emilio Perea [EMAIL PROTECTED] wrote: I don't think it's a big deal since there are other ways of getting the information. Given that we usually sign up to a security-announce mailing list for good reason, if the list isn't working as intended, or there is some misunderstanding as to why the list exists, then I'd like to know explicitely, if only so that I do not rely on the list too much. -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Re: Missing security announcements
On Wed, 12 Nov 2008 21:17:46 -0700 Theo de Raadt [EMAIL PROTECTED] wrote: It does not work because noone who works on OpenBSD runs -stable. Then every few months some of you come and yell at us. Not yelling, honest; I was just curious. So, basically, no one has the time or motivation to send out updates? -- Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us Government is the great fiction, through which everybody endeavors to live at the expense of everybody else. -- Frederic Bastiat +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++
Issues with RT.FM AnonCVS
Has anyone else had trouble doing checkouts and updates from rt.fm? arcfide:27$ pwd /usr/xenocara/distrib/sets/lists/xshare arcfide:28$ sudo cvs -q -d [EMAIL PROTECTED]:/cvs up -Pd cvs [server aborted]: EOF while looking for end of string in RCS file /cvs/xenocara/distrib/sets/lists/xshare/mi,v arcfide:29$ sudo cvs -d [EMAIL PROTECTED]:/cvs \ -q up -Pd U mi arcfide:30$ What's up? Aaron Hsu
Shared Memory Extension in X
Hello All, I notice that when I launch Opera in OpenBSD it says that there is no shared memory extension enabled, but looking at my xorg.0.log I see (II) Initializing built-in extension MIT-SHM So I am wondering, is this just something that is disabled when running Linux Emulation, or is this something else? Aaron Hsu
Re: Macbook Pro Bluetooth
Hey , Thanks for the note... From [EMAIL PROTECTED] Wed Oct 8 02:01:48 2008 On 22:47 Tue 07 Oct, Aaron W. Hsu wrote: Can anyone tell me whether the Macbook Pro's USB Bluetooth Adaptor is supported? I get the following line from my dmesg: ugen0 at uhub0 port 4 Apple Computer Bluetooth rev 2.00/0.0b addr 2 Unfortunately, I don't see any ubt device, even though I have enabled it in my kernel. If the usb adaptor is not supported, what bluetooth adaptors are supported? Does anyone have any recommendations? Which kernel are you using? GENERIC has bluetooth disabled. I am using a modified kernel that is the same as GENERIC but with radeondrm enabled and the ubt line in the configuration file uncommented. Aaron Hsu
rfcomm_sppd causes hang
Hello All, I have been attempting to use rfcomm_sppd to create a serial connection to a Scribbler Robot. When I run $ rfcomm_sppd -a address -s SP it will start connecting to the robot, but then, if I let the machine timeout, it hangs the whole machine to the point where I am unable to do anything to it. This does not happen if the same process is applied to my bluetooth enabled phone. Has anyone experienced this? Aaron Hsu
Appropriate use of sendbug
Hey everyone, I can't seem to find any information outside of mail.html that indicates what should and should not be sent as a bug through sendbug(1). It was my understanding that any bugs revealed in the OS should use the sendbug(1) but I apparently am wrong. When should a problem be sent using sendbug and when should it be sent to [EMAIL PROTECTED] Should I use sendbug only when I have a fix? I have seen PRs before that were not like this, so I don't know where to draw the line. Any help in sending things to the right address would be much appreciated. Aaron Hsu
Re: Appropriate use of sendbug
Theo, Thanks for your advice . . . From [EMAIL PROTECTED] Wed Oct 8 21:38:13 2008 To: Aaron W. Hsu [EMAIL PROTECTED] cc: misc@openbsd.org Subject: Re: Appropriate use of sendbug From: Theo de Raadt [EMAIL PROTECTED] (You may be confused because you sent in a complete bug report in one PR, and then sent in a 2nd very incomplete copy of it, or through some other glitch, and I closed that 2nd one immediately). Hrm, okay, yes, I see. I guess then, I am ignorant about how to properly reply to a bug report or append more information to it. Actually, I have two analyzed PRs outstanding as well as the one opened report that I want to add information to, but don't know how. can I just send a mail to [EMAIL PROTECTED] That second PR was my attempt to append additional information to the PR after it had been sent off. I have seen PRs before that were not like this, so I don't know where to draw the line. [...] Thankfully the last week has been spent tossing a lot of that junk out. That was a great effort, and something I rather enjoyed seeing. :-) I appreciate the efforts done to clean up the bug reports. Aaron Hsu
Macbook Pro Bluetooth
Hello, Can anyone tell me whether the Macbook Pro's USB Bluetooth Adaptor is supported? I get the following line from my dmesg: ugen0 at uhub0 port 4 Apple Computer Bluetooth rev 2.00/0.0b addr 2 Unfortunately, I don't see any ubt device, even though I have enabled it in my kernel. If the usb adaptor is not supported, what bluetooth adaptors are supported? Does anyone have any recommendations? Aaron Hsu
OpenBSD Road Warrior connecting to L2TP/IPSec VPN?
Hell All, I am trying to connect to my University's VPN System, with little luck, I am not sure how to even begin, though I have found Undeadly articles on IPSec in Under 4 Minutes, as well as some various tutorials and documents on connecting OpenBSD Servers to other Servers and gateways. I don't even know if this is possible, but looking at ipsec.conf, I can't see any details about how I would configure my system to connect to this VPN. Is it possible? If so, how? I've added just a basic ipsec.conf line: ike dynamic esp from any to any peer ipsec.indiana.edu psk hermanbwells But I haven't gotten much further than that. Does any one have any suggestions? The University's Guide to the VPN is: http://kb.iu.edu/data/ajrq.html Aaron Hsu
Re: Newbie some problem with OpenBSD
Hello Edd, From [EMAIL PROTECTED] Fri Sep 12 12:10:37 2008 From: Edd Barrett [EMAIL PROTECTED] To: Josh Grosse [EMAIL PROTECTED] Subject: Re: Newbie some problem with OpenBSD On Fri, Sep 12, 2008 at 1:32 PM, Josh Grosse [EMAIL PROTECTED] wrote: Upgrading by compiling source is unsupported. I don't see why that wouldn't work, just so long as you sysmerge. I do not think the point is whether it will work or not. Simply that it is not supported. If someone can manage to get it to work, fine, but it would be a bad idea to try to teach everyone how to do so, or even to provide documentation for this sort of things outside of what is already available. Just upgrade from a release. Oh, and chances are, it won't work. :-) Aaron Hsu
Duplicat Defintion of drm_i915_flip
Hello all, I've been following -current for some time now without having too much trouble, but I knew I was going to hit something at some point with compiling from source. Usually I'd just take a snapshot and start from there or some such, but I was curious whether this is really a mistake in the tree or not. I'm guessing not, but just in case, I thought I would drop it here. I attempted to compile the xenocara tree today after a fresh checkout and a working rebuild of the base today. I receive an error when trying to build driver/xf86-video-intel/src/i830_dri.c. It says that a duplicate definition of struct drm_i915_flip and drm_i915_flip_t. The duplicate definition is from i915_drm.h. I noticed that i915_drm.h is included in i830_dri.c, which is why I thought that maybe this duplicate definition is more than just a failure on my end. Can anyone verify this? I'm hoping it's just the standard kickback from following -current via cvs. Sincerely, Aaron Hsu
Re: OpenBSD WiFi tutorial
Hello Lars, From [EMAIL PROTECTED] Sat Sep 6 22:43:40 2008 From: Lars D. Nooden [EMAIL PROTECTED] To: Eric Faurot [EMAIL PROTECTED] cc: Siju George [EMAIL PROTECTED], misc misc@openbsd.org Subject: Re: OpenBSD WiFi tutorial On Sun, 7 Sep 2008, Eric Faurot wrote: There is even better: manpages. man ifconfig man insert your device name here: ral, iwi... It looks like the AR5424 is not supported: I have an Atheros AR5424, and it works fine for wireless in -current. I would expect it to work for Host AP mode as well, though I have never tried it. Aaron
Re: From address when using mail command
Hey there, I think I understand your (worked around) problem... From [EMAIL PROTECTED] Sat Aug 23 14:49:55 2008 Subject: Re: From address when using mail command Actually this was not my problem. My server is mail and web host for several small sites. I will say that the link below would have been really great to have when I was setting up sendmail. I really struggled to find any site with a complete, yet simple explanation of how to get things going. m4 works quite easily once you know how, but I really had to browse for hours to get the simple answer how to use it. Richard Toohey sent me a message suggesting an obvious answer I should have thought of, since I use it in cgi scripts anyway. Just to use sendmail directly, since mail is really just an incomplete way of accessing sendmail. I would call this more of a workaround than a solution, though it could solve the problem perfectly well for you. For me, there are actually feature in mail(1) that I use which would make sendmail inconvenient for me. If the server you are using really does service mail, then things are even easier to work with. If I understand your situation, you are saying that your local hostname is different than the main domain for which the server receives and relays mail. Generally, this is easy to work by a simple MASQUERADING setting. If you know that all mail (except local) that you want to send out should come from the main domain (whose MX records presumably point to the hostname of your server) then you just have to setup up a few MASQUERADING statements in your mc file, maybe do some settings like local_no_masquerade and you are set. Then you should be able to use just about any mail client that relies on sendmail in any similar fashion as does mail(1). I think this is probably the more robust solution, but you're free to do it with raw sendmail if you life, which is actually a solution much the same way that the GUI mail clients do (they pipe in the full headers to sendmail and give the user the option to change the From address). Aaron
Re: From address when using mail command
Hello Chris, From [EMAIL PROTECTED] Thu Aug 21 21:28:29 2008 From: Chris Bennett [EMAIL PROTECTED] Subject: From address when using mail command Everything with my sendmail and dovecot works great. But when I occasionally want to send a message using mail command, The From: address ends up as: [EMAIL PROTECTED] This is not a good address that someone can reply to. Sendmail is doing what it is supposed to here. It is sending out mail from your machine (b03ls15le.corenetworks.net) which are from user. Where does mail obtain the From address? Sendmail is attempting to send out mail from your machine, and it uses the information of your machine to identify itself. Moreover, since you are sending from account user, sendmail is also identifying your username as the user of the machine sending this mail. Reading man pages about /etc/myname file doesn't really make it clear (to me) what other contents it can have. You should leave those contents the same. Can I change it to my main server's address and not have a problem? Would this fix the mail From problem? If you did a search on this, you probably would have found out a lot more about what sendmail does and how it works. You also would have discovered some common solutions to this common misunderstanding. The reason this problem does not manifest itself when you are using other clients is probably because they either use their own smtp client to send mail to a SMART HOST, or they are changing the From header of your messages to reflect the settings of that client. Mail does not do that, but rather feeds a more spartan message to sendmail, which then inserts the relevant headers that it can derive from its configuration. I believe what you are trying to do is send mail from your machine, where your machine is not the main mail machine. In other words, another machine is the hosting mail server (not the exactly correct term). Chances are you are on a network which is not configured with an IP address which is likely to avoid the large Dynamic blacklists that many ISPs place on senders, so you don't even want to use your machine as the primary mail server. What you do want to do is use sendmail as a client to relay its non-local messages to another server which is your main mail server. Usually this server is provided by your ISP (whether your network or mail provider). The steps for this are: 1) Configure a SMART_HOST 2) [Possibly] configure authentication 3) [Possibly] configure username rewriting (2) is necessary if your SMTP server which you use to relay your mail from your machine to the rest of the world requires some kind of authentication. This is usually the case if you are using a mail provider that is different than your network provider, or if you have a separate SMART HOST outside of your network provider's mail server. (3) is required if you are going to be using a different username than the one that you are currently using. The method you choose to do this may depend on whether you need to rewrite just the username, the domain only, or both the username and the domain of the sender address. If you just need to change the domain, then usinge MASQUERADING will get the job done. If you are just doing username rewriting (you are not just doing this) you can get by with some other things. If you are doing both, then you will probably want either a combination of both MASQUERADING and GENERICS TABLES. GENERICS TABLES will allow you to map your local username to an external address. MASQUERADING will just change the domain name sendmail uses when sending out mail. There are many other options you will want to investigate. All of this must be done by choosing the right sendmail .mc configuration file, editing it appropriately, compiling it through m4 and placing it as directed into the correct location, restarting sendmail, and some possible (likely) other work. The instructions for conducting such interesting surgery on your system (it's more like putting on a little make-up than anything really serious) can be found in rather good detail in the op.txt manual for sendmail, and the configuration README in /usr/share/sendmail. In addition to this, you may be interested in a tutorial I wrote some time ago on this topic, which can be found at http://www.sacrideo.us/Sacrificum_Deo/Stuff_files/sendmail_openbsd.txt I hope this helps a little! As I mentioned, the rest is online. Aaron
Mail(1) behavior of p command?
Hello all, I am trying to use the mail(1) p command. According to the help that is printed out when running the program, it seems that the p command should pipe the message out to LPR and print it. However, it just prints the message out to standard output. Is this a bug in the program or the documentation? Or, am I missing something? Sincerely, Aaron Hsu -- +++ ((lambda (x) (x x)) (lambda (x) (x x))) +++ Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us Scheme Programming is subtle; subtlety can be hard. +++
radeonhd + radeondrm + ATI Radeon Mobility X1600?
Just a simple question, does radeonhd with radeondrm and an ATI Radeon Mobility X1600 work? radeonhd works just fine, but the acceleration doesn't seem to be working. Reading the other thread, it seems that I should expect it to work, with no configuration necessary, but I get slightly different results: $ dmesg | grep -i drm radeondrm0 at vga1 info: [drm] ATI Mobility Radeon X1600 (unit 0) info: [drm] Initialized radeon 1.29.0 20080613 $ grep -i DRI /var/log/Xorg.0.log (--) checkDevMem: using aperture driver /dev/xf86 (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) X.Org Video Driver: 2.0 X.Org XInput driver : 2.0 ABI class: X.Org Video Driver, version 2.0 (II) dri will be loaded. This was enabled by default and also specified in the config file. (II) LoadModule: dri (II) Loading /usr/X11R6/lib/modules/extensions//libdri.so (II) Module dri: vendor=X.Org Foundation (II) Loading extension XFree86-DRI (II) Loading /usr/X11R6/lib/modules/drivers//radeonhd_drv.so Module class: X.Org Video Driver ABI class: X.Org Video Driver, version 2.0 Module class: X.Org XInput Driver ABI class: X.Org XInput driver, version 2.0 Module class: X.Org XInput Driver ABI class: X.Org XInput driver, version 2.0 (II) RADEONHD: X driver for the following AMD GPG (ATI) graphics devices: ABI class: X.Org Video Driver, version 2.0 (II) AIGLX: Screen 0 is not DRI capable Aaron Hsu
Securely tunneling POP3 using only base?
Hey All, I am reading through some of the documentation on SSH and popa3d, and I am not quite sure how to configure my mail server for secure POP3 that other clients can use without using additional tools such as stunnel. I am reading the ssh(1) man page, and I actually found some interesting things in the fetchmail(1) page, but that's not base. If I just wanted to setup a secure email server using only what's in base to provide secure POP3 to clients, can someone provide some hints? It seems like I can easily do this client-side, by using tcp forwarding and ssh, and with fetchmail I can automate this using the preconnect keyword, but I do not see a way to do all the securing on the server side, so that if someone, say, on Windows wants to use my server, they can just use a secure connection from one of the common email clients available on that platform. Is there a way to do this with only the tools and software in base? Sincerely, Aaron Hsu
Duplicate Calendar Entries
Hey Everyone, I have been using calendar(1) and finding it quite convenient, but for some reason, I have started to receive duplicate emails every day from daily(8) that appear to be identical except for some minor time stamp variations. I can duplicate this event by calling `sudo calendar -a` manually. I did a quick web search and browsed the man page for calendar, but I do not seem to see anything that is going wrong. I am running 4.4-current (last checked out a day or so ago). I thought that maybe it had something to do with aliases, but normal mail sent to my user does not do this. Can anyone identify the issue? Sincerely, Aaron Hsu -- +++ ((lambda (x) (x x)) (lambda (x) (x x))) +++ Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us Scheme Programming is subtle; subtlety can be hard. +++
Re: This is what Linus Torvalds calls openBSD crowd
Hrm . . . From: Siju George [EMAIL PROTECTED] To: misc misc@openbsd.org Subject: This is what Linus Torvalds calls openBSD crowd http://article.gmane.org/gmane.linux.kernel/706950 Just to be clear: The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, [1] Sincerely, Aaron Hsu [1] http://www.openbsd.org/security.html -- +++ ((lambda (x) (x x)) (lambda (x) (x x))) +++ Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us Scheme Programming is subtle; subtlety can be hard. +++
Re: OT: Mail was Re: Changing From headers in mail on a whim?
Hey Richard, I agree with you... From: Richard Toohey [EMAIL PROTECTED] Subject: Re: OT: Mail was Re: Changing From headers in mail on a whim? On 19/06/2008, at 1:04 PM, Aaron W. Hsu wrote: I was wondering if you guys could clarify something for me. I looked heirloom mailx (nail) very carefully and it looks like mail on steroids. [...] I do not think there is any reason to expect base to have all the features that you need when you first get started, unless the features that you need a sufficiently general that they are going to apply to a wide variety of users. I can't see the above recommendations as sufficiently general, even though I would in fact use something like fetchmail and metamail. I really think that you are only talking about adding metamail and fetchmail, which can be used together with sendmail, spamassassin and mail to accomplish the above goals. But - moving back to your original email, and being able to edit From: - it does look as though Heirloom does provide code that might be applied to base if so desired (I will have a look myself at doing so for learning.) [...] ~H Edit the message header fields 'From:', 'Reply-To:', 'Sender:', and 'Organization:' in the same manner as described for ~h. The default values for these fields originate from the from, replyto, and ORGANIZATION variables. If this tilde command has been used, changing the variables has no effect on the current message anymore. I think it would be interesting to see about adding some simple options in from something like Heirloom to accomplish these goals. The ~H option seems like a good one to add. In fact, maybe it isn't so hard to add this? Sincerely, Aaron Hsu -- +++ ((lambda (x) (x x)) (lambda (x) (x x))) +++ Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us Scheme Programming is subtle; subtlety can be hard. +++
Re: OT: Mail was Re: Changing From headers in mail on a whim?
Hey Predrag, Since I'm the one that brought up this issue, I figure that I could comment on your suggestion... I was wondering if you guys could clarify something for me. I looked heirloom mailx (nail) very carefully and it looks like mail on steroids. One of the reasons that I personally stop using mail long time ago was that I could not attach the files to it. I looked the man pages for mail from the base and it seems that is still the case. Am I wrong? That is the deal breaker for me. Would it be possible in the light of the fact that some of the original ATT code and more recent versions of mailx are now released (I am not sure under which license) to add this feature to mail from the base. Even though I was curious about the flexibility of mail in base, I do wish to avoid feature creep as much as anyone else. For one thing, using mail, you can attach files rather easily with the addition of the metamail package from ports. It might be interesting to have MIME support added into the base mail(1) but I think it isn't strictly necessary since this can be accomplished with a simple dedicated program doing it outside of mail(1). Secondly, nail has native abilities to fetch the mail from imap server using SSL as well as to connect to MTA via smtp and use SSL again. Haha, okay, now we're going a little over the top, imo. Not that I can't see why we might find this useful, but I don't see any reason to bloat mail for adding smtp support when sendmail is where that should be handled. If one is going to use mail, is it that hard to ask them to configure sendmail according to their wishes? I've always done that in the past, and it has worked great. Also, enough people do not use IMAP (such as myself) that it seems like way too much feature creep to throw that in mail. Not to mention, it does seem like it fits with the whole mail paradigm of doing things, where we pipe out a lot of things to other programs for handling, and then we deal with them locally on this end. If we added IMAP, we would need a way for this to be done on the server to some extent, and that's a little much. It also has built in bayesian filter. My understanding that mail from base doesn't have those capabilities. I think we can handle spam filtering pretty well using spam assassin or other controls used directly on sendmail, and that would work well if you are using mail. Now OpenSSH could circumvent above deficiencies of mail but my question is there are tool in the base which can fetch (like fetch mail from ports or similar perl module) messages from the remote mailboxes on imap servers. I do not know of any right now, but I think the better way of handling this deficiency in base (if it can be considered a deficiency, since this isn't something that servers would need, or that many users would need), would be to add just that program to deal with fetching mail, like fetchmail. However, I'd say that this isn't worth throwing in base, because not so many people are going to find it useful. Obviously one can use nail, mutt, alpine or gazzilion of other light weight GUI mail clients to accomplish above but how to do that only with tools from the base? I do not think there is any reason to expect base to have all the features that you need when you first get started, unless the features that you need a sufficiently general that they are going to apply to a wide variety of users. I can't see the above recommendations as sufficiently general, even though I would in fact use something like fetchmail and metamail. I really think that you are only talking about adding metamail and fetchmail, which can be used together with sendmail, spamassassin and mail to accomplish the above goals. Just thoughts from someone who tends to stick with base. Sincerely, Aaron Hsu
Re: font size with xenocara -current
Hey Nicolas, From: Ihar Hrachyshka [EMAIL PROTECTED] Subject: Re: font size with xenocara -current On Tue, 2008-06-17 at 11:54 +0200, Nicolas Letellier wrote: On Tue, 17 Jun 2008 12:42:37 +0300 Ihar Hrachyshka [EMAIL PROTECTED] wrote: Try to manually specify -dpi XX, f.e. -dpi 96 in your 'xserveropts' in 'startx' script. I don't know which dpi I must use. dpi 96 returns the same size font. Why must I specify it, now? I suggested this because I fixed my huge fonts (really huge, ~ half a screen) issue this way. The thing is that Xorg sometimes doesn't correctly detect dots-per-inch value (dpi it is) and shows fonts of the wrong size. DPI values that I have seen working before would include 72 and 100 DPI. YMMV but those are pretty common. Sincerely, Aaron Hsu -- Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us ((lambda (x) (x x)) (lambda (x) (x x)))
Changing From headers in mail on a whim?
Hey all, I was looking at mail(1) and wondering if there was any way to get control over the other headers? I haven't checked the source yet, but I couldn't find any documentation on adjusting the from headers on a whim in mail. I send mail to some people from differing addresses, and I'd prefer to be able to do this easily in mail when I need to. I am find with doing a little sendmail magic if that's what is required. Unfortunately, the information I found on the web assumed a mail version that had slightly more options than does the OpenBSD version. Sincerely, Aaron Hsu -- +++ ((lambda (x) (x x)) (lambda (x) (x x))) +++ Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us Scheme Programming is subtle; subtlety can be hard. +++
Re: Changing From headers in mail on a whim?
Hey Richard, Thanks for the suggestions... Any problem just using sendmail? Maybe I missed your point entirely. $ sendmail -t [EMAIL PROTECTED] Actually, this does help me some, because that will allow my to compose a new message using sendmail. However, this does not help me in actually doing much of the composing for replies to emails and such. Mail allows me to do some minor editing with the ~ commands, and also sets things up so that I can write an email and incorportate arbitrary files and messages into it. This is slightly more convenient than the sendmail raw format. Of course, I could just compose the message in an editor, piping out the information I need and then finally sending it with sendmail, but this isn't the ideal way. :-) I was wondering if there was a way to do it without going through all that hubbub. Sincerly, Aaron Hsu -- +++ ((lambda (x) (x x)) (lambda (x) (x x))) +++ Email: [EMAIL PROTECTED] | WWW: http://www.sacrideo.us Scheme Programming is subtle; subtlety can be hard. +++
Re: developer laptop choices
Hey Stuart, From: Stuart Henderson [EMAIL PROTECTED] On 2008-06-16, Han Boetes [EMAIL PROTECTED] wrote: When I was at the latest eurobsdcon I noticed that all laptops were either macbooks or lenovos. eurobsdcon + macbooks - freebsd developers, right? :) Despite some rather unfortunate problems that creep up now and then, I have to admit that my experiences using Macs on OpenBSD has consistently improved over the years. I would say support is much better now than it was when I first tried out some laptops. Still, I would like to be able to run at native resolution sometime, although, I guess people are working on that right now, from what I understand. -- Aaron Hsu [EMAIL PROTECTED]
Re: Printing with apsfilter
Predrag, [EMAIL PROTECTED] said: As LPD is good enough itself to set the plain text to printer I want to see what is the easiest way to tell printer how to understand ps files If that could be done with build in filter in LPD or the one that come with base installation (I have to read more about this) then everything else would be irrelevant and unnecessary. I could just edit printcup file by hand and have the same or better functionality than with CUPS. There used to be an article on the web about dealing with LPD printcap files and setting up filters. I used it to set up one of my HP printers. The process is really quite simple if you know what your printer's magic incantations are. However, that is sometimes hard to discover. All APSFilter does is create the relevant files and entries, and then has its own script for filtering. This can be done by hand, as well. The easiest way to do all this is probably by have APSFilter make the filter script for you, but if you just add a filter script for PS files (man printcap) in your entries, then if you pass a postscript file to the printer, it's all good. :-) Normally, if you have a non-postscript native printer, you may have to tell the filter to run some program like Ghostscript on the file to convert it to the native format for the printer. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OBSD on MacBook
[EMAIL PROTECTED] said: On 11/4/07, Koh Choon Lin [EMAIL PROTECTED] wrote: Anyone has a success story on installing OBSD on MacBook or MB Pro? This is on my todo list. I have a macbook which is significantly different than a macbook pro. When you get to it, I might be interested in integrating this together with my already existant page which I am in the process of updating. It only covers 4.1 so far with a Macbook Pro Core Duo, so I'd like to get more information onto the page. http://www.aaronhsu.com/AaronHsu.com/OpenBSD%20-%20Macbook%20Pro.html -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OBSD on MacBook
[EMAIL PROTECTED] said: X only works with the VESA driver at 1024x768 (yuck). I have a MB Pro that is dual booting and I get a much better resolution. I get 1400x1050 I believe. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OBSD on MacBook
On Sun, Nov 04, 2007 at 12:58:46PM -0600, Aaron W. Hsu wrote: | [EMAIL PROTECTED] said: | X only works with the VESA driver at 1024x768 (yuck). | | I have a MB Pro that is dual booting and I get a much better resolution. I get | 1400x1050 I believe. I'm very interested in knowing how you configured X to run at that resolution (I think you mean 1440x900, since this is the resolution of the built-in LCD for the 15 MBP). Could you post your xorg.conf ? I am using, actually, the default xorg.conf that comes with the system. I am using an ACPI enabled GENERIC.mp kernel. And, I mean, literally, 1440x1050. I am running on a 17 Macbook Pro, and the BIOS seems to have an entry for that. Unfortunately, as you know, this is not the native resolution. Everything on my screen is actually stretched out widely. :-) -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Wireless problems.
Hey David, [EMAIL PROTECTED] said: Is it possible to specify an SSID to access at the exclusion of others? If you read hostname.if(5), you'll see that you can pass any options that are valid for the device using this file. I believe ifconfig(8) provides more information on the options. e.g.-- dhcp nwid something Is this what you meant? -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Wireless problems.
David, [EMAIL PROTECTED] said: The nwid is the user friendly SSID (e.g. myap) and the bssid is the MAC address of the AP. Maybe that's why you wrote: e.g.-- dhcp nwid something :] I've always used the nwid instead of the SSID, so, yes, I used nwid because it's a habit with me. :-) -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Odd FFS behavior
I have experienced similar behaviour, except that, with me, after I do an archive extraction, or a file concatenation of many files, while the file system only shows one set of files, additional files which were deleted after the extraction, continue to be listed as existing when I try to do operations on the directory as a whole. $ cp -R dir new/ Failure! Cannot copy some non-existent file. $ cp -R dir/*.x new/ Works. It is very strange. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: : cp(1) bug ?
Date: Fri, 19 Oct 2007 20:12:26 +0200 From: Paul de Weerd [EMAIL PROTECTED] Subject: Re: : cp(1) bug ? On Fri, Oct 19, 2007 at 01:52:03PM -0400, Douglas A. Tutty wrote: | Conceptually, though, why can't cp look at the source directory and take a | snapshot, a to-do-list, of everything it has to copy, then do it? That | way, any recursion would be completed before the target directory | appeared in the source directory. With only an -R (no -H -L or -P), it | should copy links as links which should avoid loops. What will you do if the underlying directory structure has tons and tons of files and subdirectories ? First traverse this entire tree, keeping it all in memory ? Sounds pretty expensive. I believe that it is only necessary to do one directory read ahead in order to avoid the recursive loop. (I just took a quick look at the cp source in OpenBSD, so, correct me if I am wrong.) $ cp source1 ... sourceN directory We can read the contents of source1 if source1 is a directory, then create a directory in directory and copy the contents of source1 into it, and then repeat. This should not cause an endless loop. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: cp(1) bug ?
From: Tom Van Looy [EMAIL PROTECTED] Date: Fri, 19 Oct 2007 20:21:56 + Subject: Re: cp(1) bug ? it shall do nothing more with source_file and shall go on to any remaining files. Doesn't this mean that cp should not do anything when, for example, the following command is run? $ cp -R foo foo/ -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Brother HL-5250DN printer w/OpenBSD
Date: Tue, 16 Oct 2007 02:26:06 -0700 From: Pawel Veselov [EMAIL PROTECTED] Subject: Re: Brother HL-5250DN printer w/OpenBSD On 10/16/07, Predrag Punosevac [EMAIL PROTECTED] wrote: Forgive me for saying this but I just do not get it. Why did you need to use Linux compatibility layer when CUPS is OpenBSD packages? The processing filter for the printer is a pre-compiled Linux binary. The GPL license is because of Brother CUPS and LPD drivers. I know that you may not like this option, but I just thought I would throw this out there. I always prefer to use the native LPD daemon when I can, since it is already installed, and it is relatively easy to configure. It doesn't require keeping track of strange drivers and CUPS installations. Looking in the Linux Printing database [1], it seems to me that you don't need to use the provided binary blob for your printer. I have a Brother HL-2070n which I had some issues configuring just a while ago, and I imagine that these printers are similar in their setup. I actually broke down the scripts provided by Brother for their Linux drivers, and found out what I needed to know. There are a variety of Free drivers out there that will allow you to print nicely on your Brother. I am using the pxlmono driver with my networked Brother printer, and it works like a charm. It is easy to set up. I use APSFilter to do the configuration. I highly recommend it. You can avoid having to install CUPS at all, unless you like CUPS. The only gotcha to remember is that instead of doing a network based installation using APSFilter, you have to specify a file (usb/parallel) setup, and then give the IP and port of the printer instead of a device ([EMAIL PROTECTED]) [2]. This should be the easier way to get everything working, and it feels more OpenBSD-ish to me. [1] http://www.linuxprinting.org [2] printcap(5); note section FILTERS and the lp entry. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: How do I configure sendmail?
Date: Tue, 16 Oct 2007 17:17:36 +0200 From: =?ISO-8859-1?Q?Samuel_Mo=F1ux?= [EMAIL PROTECTED] Subject: Re: How do I configure sendmail? 2007/10/16, Sunnz [EMAIL PROTECTED]: Hi, I have read the man pages of afterboot, sendmail, and also looked at /usr/share/sendmail/README. I also have tried to google, and are now confused then ever. Look at Providing SMTP AUTH Data when sendmail acts as Client section in that file. I think its all what you need. Are you sure that this is everything he needs? From my experience with OpenBSD's Sendmail configuration, he needs SASL to authenticate to his smtps server. Normally, this would be a simple, compiled in option on most sendmails, and then, he could follow the instructions in the README file for setting up his configuration. (BTW, Sunnz, there are some good tutorials dedicated to just this if you don't understand the file format of the access file.) However, when I tried to do this at first, with my SASL enabled Slackware mail server, I ran into trouble. For some reason, my OpenBSD sendmail did not have the capacity to authenticate using SASL and normal SMTP AUTH. I was led to believe that this was the way sendmail was compiled on OpenBSD, and that I would need to recompile sendmail with new options to get the needed SMTP AUTH functionality. Is this true? In the end, I solved the problem by adding pure STARTTLS based certificate authentication on my server and added my client's certs to the list of allowable relayers. I like this way of working, but this also means that Sunnz can't use this model, because he doesn't have access to the configuration on his ISP's servers, obviously. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: How do I configure sendmail?
Sunnz, So does sendmail supports smtp over ssl? When I restart sendmail I got something like: 554 5.3.5 /etc/mail/localhost.cf: line 239: service smtps unknown Did you check whether that service is actually defined in /etc/services? I don't know if sendmail uses that file, but I would expect it to use it for something like this. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Cisco 3002 VPN client to OpenBSD?
I highly recommend that you don't go with the routers, and just do your own work, mostly because it's a pain. On the other hand, vpnc is ported to OpenBSD and it works. You can see some of the issues relating to this when you check out the ports@ list where you can find some of the discussions about porting a newer version of vpnc to OpenBSD. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Does OpenBSD support Hebrew?
I am willing to guess that with something like Hebrew, OpenBSD has all the necessary support for the system, but, most common applications do not have support for the right-to-left way of writing. There should be no problem actually getting file names into hebrew form, because that should just be an encoding issue, and you need the right fonts to be able to display Hebrew glyphs. On the other hand, not all applications are going to support filenames written like that, and even less applications are going to know how to write Hebrew. If you use Emacs, I am fairly confident that you can get hebrew working on it, for basic editing and all the good stuff. KDE and some of the others may have input editors that will allow you to do things on their level, but overall, you'll have to very carefully pick and choose applications, because you won't find blankent compatibility. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: sudo wheel group
Chris, Thanks for the message... Chris So what's the ideal way to do things? Of course, the ``ideal'' way to do anything really depends on what you want to do. It would help if you could give us some more details about what you are trying to do on the grand scheme of things, so that we could understand what's really necessary and what is not. Usually, there are a specific number of administrators who require privileges to work on the system. They are expected to be knowledgeable and competent staff who will select good passwords and enforce the security of their own accounts. These people will often be given a special group and an entry in the sudoers file to allow them to do what they need to do. Then, there is often another class of users for workstation setups, where there may be less than competent end-users trying to use the system. They are almost guaranteed to never have to run privileged commands if everything is done right. On the other hand, there could be exceptions, and as such, such users may be given very select commands to run for very specific instances. Again, this is just a common case, we need to know more information about your own individual case in order to advise a better way of doing things. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: sudo wheel group
What exactly are you trying to enable users to do? The fact that you need to provide normal users with these kind of privileges indicates a possible flaw in your overall scheme. You may find that, after careful reconsideration, there are precious few commands that you would actually have to allow the users to run with superuser privileges. In other words, what problems are you trying to solve that require root privileges? -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OpenBSD Install Goal
Just to share my personal experiences with the OpenBSD Installer, I thought I would add to this thread. I was a Free OS's *nix newbie trying to get around. At first, I tried Beta Stampede Linux, but it couldn't handle the hardware on my laptop. I could not figure out how to fix it, and it took me hours to read and guess about how it was supposed to boot up. Then I tried a Suse disc that someone gave me. Seemed to install great, except for the fact that it *didn't* work afterwards, and I couldn't figure out what on earth was going on. So, then Mandrake, but that just plain didn't work. Enter OpenBSD. I read a few docs, that take maybe half an hour to an hour, figure out a partition scheme, install. First try, first settings, system boots, and works: I am an OpenBSD fan since. Hardware was all recognized, the boot worked without bugging up with X (at that time my graphics card was a bit weird), and my media drives were all easily detected. Does it get any easier? -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
Re: Running 4.2? [was Re: CD files - order question]
Pau, Thanks for your note... [EMAIL PROTECTED] said: Well, if you want to try the vry lastest drivers of X then you'll have to ask for them explicitly and do it all by yourself There's one driver that I do want from that, and that's the ATI driver for the X1600 chipsets. However, at the time, I don't really have the ability to deal with random bugs, as I'm already up to my eyeballs in other things. ;-) Believe it or not, I due notice some stability differences between -CURRENT and -STABLE on the whole. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
Re: Problem with setting up printer
Greg, Thanks for your note... On 9/9/07, Aaron W. Hsu [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] said: This is all I have in my printcap, works fine if I use rp from apps or with postcript files, and rptext for plain text files. Did you have to do anything special on the printer configuration? I am so sorry. I have a 2070 at work and a 5250 at home where I use OpenBSD. AFAIK the 2070 is PCL6 only (I only use it with Windows). I thought I would mention that I now have a theory about how I can fix this problem. I took a look again at the APSFilter generated printcap entries, and I believe I've located a problem in the way it operates. :-) In order to send the printer the right format of file, it relies on the `if' field, which is only used for rm == localhost or lp being used instead. I haven't had a chance to test this hypothesis yet, so I'll provide some more feedback when I do, but this might be a good thing to keep in mind when adding printers that are based on the networks. Is there a way to define a filter for a remote printer? I plan to test my ideas by raw dumping the output of a PCL file (which I know the 2070n can read) to the printer using netcat. I'll report back when I have results. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
Re: Strange Lock-ups with Opera?
[EMAIL PROTECTED] said: only in dual-CPU mode This is very interesting to me, as I am running using the MP kernel as well. I am doing so because I have a Dual Core system, but, maybe there is not that big of a performance gain? -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
[FIXED] Re: Problem with setting up printer
Alright, I figured out how to make this printer work finally, and I thought I would summarize the work I did for the list in hopes that it will help anyone else who is having similar problems: Printer: Brother HL-2070N connected over static IP on an ethernet line. Problem: When sending jobs to the printer, the text is read as plain text, instead of PostScript/PCL and is printed in a stair-cased manner, with many blank pages following. Diagnosis: The 2070n needs to be send the data in a binary PCL format, for best results. Doing this can be annoying if you have to set up the stuff on your own. There is a closed source binary linux driver for the brother that is distributed by Brother, but this is not going to work here. However, there are a few drivers that do create the proper output, including hl1250 and pxlmono. Solution: APSFilter with a workaround. When I initially tried to use APSFilter to send data to the printer, I chose as my device, network, and configured it accordingly, thinking that this was the right way to do it. While this is the `right' way, it does not work. The problem comes from the fact that APSFilter needs to process the file through its own filter first to be able to convert any given input into the correct pxlmono PCL6 output. It does this by adding an if entry to the printcap entry for your printer. However, when a remote printer is added, APSFilter uses rm and rp to configure it. The unfortunate problem is that `if' is not used at all when rm != localhost of the lpd daemon. This means that the file was not being processed by APSFilter. To fix this, there is an alternative format for the normal printer entry that one can use. When setting up the printer, select the APSFilter option 1 (Parallel/USB) instead of 3 (Network). Then, instead of entering the path to a device file, enter locator for the printer instead. By default on the 2070n, the printer listens on port 9100. So, I entered [EMAIL PROTECTED] as the filename. APSFilter complained, but I told it to go ahead. After finishing setup as I see fit and restarting LPD, everything works like a charm. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
Re: Problem with setting up printer
Thanks for this, [EMAIL PROTECTED] said: rp|remote line printer|brother:\ :lp=:rm=brother:rp=POSTSCRIPT_P1:sd=/var/spool/output:lf=/var/log/ lpd-errs: This does not work for Postscript files or files sent from my applications. For some reason it seems like it does not recognize the file as postscript or something. rptext|remote text printer:\ :lp=:rm=brother:rp=TEXT_P1:sd=/var/spool/output:lf=/var/log/lpd-errs: This works when printing text files. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;))
Re: What do you use for MIME email?
On Wed, Jul 26, 2006 at 10:47:17AM -0400, Matthew P Szudzik wrote: My understanding is that Mail (equivalently mail or mailx) is the only email client that is in the OpenBSD default install. But Mail does not handle MIME-encoded messages, so I was wondering what most people use to read and send them. I use Mutt, but have in the past used nmh (excellent), Gnus, and Sylpheed. Do you download metamail and/or mpack from ports? Do you use a different email client like nail, nmh, or pine? IIRC, there is a solution to reading MIME messages with Mail, but I do forget the precise method. Why isn't there a MIME encoding/decoding solution in the default install? (Or maybe there is, but I'm ignorant of it?) Why would you want a MIME encoding solution in the default installation? I mean, really, what do a large majority of systems need MIME for? I would guess most people who use MIME are end-users who want much more than the average Mail interface. It's just not a practical idea to put that extra overhead for such a little benefit. There are very adequate solutions in Ports, and they are easy to install. Server systems running lean and mean will likely have no use whatsoever for a MIME-enabled mail client. Plus, there is, for me, that little sense of tradition that says you don't want to see Pine or Mutt as the default mail client anyways on a UNIX system. It's like always making sure ed is around. :-) -- Aaron Hsu [EMAIL PROTECTED] http://www.aaronhsu.com XMPP/Jabber/GTalk: [EMAIL PROTECTED] | ICQ: 153114301 AIM/Yahoo: NoorahAbeer | MSN: [EMAIL PROTECTED]
Re: What do you use for MIME email?
On Wed, Jul 26, 2006 at 07:13:06PM +0200, Paul de Weerd wrote: On Wed, Jul 26, 2006 at 10:47:17AM -0400, Matthew P Szudzik wrote: | My understanding is that Mail (equivalently mail or mailx) is the only | email client that is in the OpenBSD default install. But Mail does not | handle MIME-encoded messages, so I was wondering what most people use to | read and send them. | | Do you download metamail and/or mpack from ports? | Do you use a different email client like nail, nmh, or pine? Check out mutt, it's in packages and it's very nice. I don't know nail or nmh, but it doesn't have the downsides of pine so I'd definitely prefer mutt over pine. Yes, I am a mutt user, so I'm biased. Please take that into consideration ;) You should probably try out a couple of different solutions and settle with what you like best. Speaking from all sides here's my layout of the MIME capable readers: - Mutt Excellent IMAP/PGP support, which is why I currently use it. - Gnus Configurable like nothing I have ever seen before, also excellent PGP and IMAP support, but YMMV since it's Emacs. - NMH Great little client if you work at a command line a lot, since each piece is a unique program, making it easy to intersperse commands and mail commands. MIME support is good, but can be clumsy if you don't understand how it does it (kind of like the commands interface). - Sylpheed Nice GUI, seems small enough, but, it's a GUI, so . . . yeah. :-) Good IMAP support. - Thunderbird Nice for the masses, does things that it does fairly well, but feels larger than necessary. PGP support is good through and extension. - Mailx This *is* a good program, but handling MIME is a bit strange IIRC. -- Aaron Hsu [EMAIL PROTECTED] http://www.aaronhsu.com XMPP/Jabber/GTalk: [EMAIL PROTECTED] | ICQ: 153114301 AIM/Yahoo: NoorahAbeer | MSN: [EMAIL PROTECTED]
Re: What do you use for MIME email?
On Wed, Jul 26, 2006 at 11:31:39AM -0600, Lyndon Nerenberg wrote: Why would you want a MIME encoding solution in the default installation? I mean, really, what do a large majority of systems need MIME for? 1) Character set support. These days I suspect the number of Unix users who can live completely within the US-ASCII glyph set are in the minority. Again, I doubt that an MUA having this functionality is really going to be in high demand on the large majority of firewalls, web servers, mail servers, or other such servers which are not meant to be the end point to reading mail. Of course, that does not mean that it is not useful, but I do believe this means it is outside the scope of the default installation, which, to my understanding, is to be a minimal installation with minimal feature-set and minimal problem points. 2) PGP/MIME and S/MIME. Even without doing crypto processing, MIME lets the MUA display only the human readable parts without contortions. Again, I don't see this as applicable to the problem that ought to be solved by the default installation of OpenBSD. The purpose of the default base installation is not be be a full on installation designed to fit every users need, but the smallest basic set of generally useful functions that allows for easy expansion and addition. Under this notion, it seems easier and more productive to relegate such additional features to packages and Ports. MIME has been around for 14 years. There's no excuse for any MUA not to be able to deal with it at least minimally. In the case of /usr/bin/Mail that means recognizing content types and only displaying text/* sections when printing to the screen. It doesn't *have* to be complicated. It would still represent an unnecessary additional effort for an arguably minimal amount of gain for the developer's purposes, imo. Of course, this is not to say that I have anything really great to say here. I am not an official developer, and I don't really have that much clout around here, so I can't really say. What I can say is that if I had the choice, I would not put in an MUA that supported MIME for just the reasons you have expressed here, even though I use OpenBSD as a Desktop Development Workstation and I deal and use PGP, MIME, and my mail client on a daily basis. -- Aaron Hsu [EMAIL PROTECTED] http://www.aaronhsu.com XMPP/Jabber/GTalk: [EMAIL PROTECTED] | ICQ: 153114301 AIM/Yahoo: NoorahAbeer | MSN: [EMAIL PROTECTED]
