Re: Why isn't OpenBSD in Google Summer of Code 2017?...
Security and correctness should never be an after-thought. Have you done any real software development? And have you ever tried to find your way through cruddy code? 999 times out of 1000 it is less painful and much more effective to rewrite from scratch. So what's the point of having that previous iteration? On 5 Apr 2017 at 13:10, Luke Small wrote: > I imagine there are some projects that need some love that are on the back > burner at the moment that could use some hacking; even if it is totally > redone later by someone that wants to refactor it for privsep and such. > On Tue, Apr 4, 2017 at 4:21 PM Theo de Raadtwrote: > > > Pete, you propose a waste of time. > > > > Everyone has the source code. Everyone can run it. Everyone can see > > the problems other people report, and the things which are not supported. > > > > Everyone already can tell what needs improving. Everyone has a brain, > > and can come up with their own goals. > > > > If they don't come up with goals, there's nothing we can write which > > will change anything. > > > > Finally, not everyone has time. It would not be time spent well making > > lists for other people who may or may not perform. > > > > > Would the devs consider compiling a list of specific improvements they'd > > like > > > to see volunteer'd upon this summer? I'd love to help especially if it > > was a > > > group effort/friendly competition. > > > > > > > > > From: owner-m...@openbsd.org on behalf of Bob > > Beck > > > > > > Sent: April 2, 2017 10:16:21 PM > > > To: Luke Small > > > Cc: openbsd-misc > > > Subject: Re: Why isn't OpenBSD in Google Summer of Code 2017?... > > > > > > We tried it for two years, it was too much effort on the part of the > > > foundation organizers mentors to deal with the bureaucracy involved, and > > we > > > didn't really see enough > > > return in terms of new developers to the project, which, frankly being > > > selfish on OpenBSD's part is the only reason for us to do it. > > > > > > Both Ken Westerback and I organized our end of it and dealt with the > > google > > > paperwork the two years we did it, Neither of us is willing to do it > > again, > > > and while I won't > > > directly speak for Ken, I would not support us spending effort on this > > when > > > there are lots of other things to do.. It just doesn't have the benefit > > for > > > OpenBSD, especially > > > in light of the effort of the volunteers necessary to participate. > > > > > > > > > > > > On Sun, Apr 2, 2017 at 8:54 AM, Luke Small wrote:
Re: Please: Is there ANY chance that Linux binaries might run again???
On 11 Mar 2017 at 15:47, ropers wrote: > On 11 March 2017 at 15:18, Stuart Hendersonwrote: > > > On 2017/03/10 23:56, ropers wrote: > > > On 10 March 2017 at 01:30, Stuart Henderson > > > wrote: > > > > > > (And unlike Linux, 32-bit OpenBSD binaries won't run on OpenBSD/ > > > amd64) > > > > > > > > > Is there a technical reason for that? > > > I'm not trying to demand anything here; just curious. > > > > > > This is NOT intended to be a "but teh Linux does X, so should we, so > > > why can't we" whine. > > > I'm merely ignorantly interested in a "what are they doing, what's > > > OpenBSD doing" kind of way. > > > > I think that even just adding basic support would be complicated and > > likely error-prone. Is there anything it would actually be useful for? > > > > Personally, I'm really just asking out of technical curiosity. > This is not about whether I'd ever actually want or feel I'd need to run > 32-bit OpenBSD binaries on OpenBSD/amd64. > > Was 32-on-64 compatibility somehow easier to achieve on the Linux side? > Or did they just keep throwing code and more code at the problem because > they felt they really, really had to have this? > It's that kind of idle curiosity. If nobody's interested in explaining or > hearing this explained, then sorry for the noise. > > If you examine a typical 64-bit Linux installation, you will notice that it contains duplicate sets of most libraries and even many of the drivers -- one x86_64 and the other i586. On disk, the packages for the latter are almost always the exact same ones as those installed on a pure 32-bit Linux. So in essence the 64-bit Linux is like two OS running simultaneously. I am guessing that this is facilitated by the Linux's micro-kernel approach -- in oversimplified terms, their kernel is little more than a traffic cop at a docking terminal and all the drivers and libraries are "modules" communicating through a rather complex but broadly accommodating API that does not discriminate 32-bit vs. 64-bit. In contrast, OpenBSD uses monolithic kernel (and unlike FreeBSD it no longer even supports LKM) where all the communication paths have been streamlined and a decision is made upfront whether they are based on 32-bit or 64-bit architecture.
Re: where is the image of openbsd arm ?
Is it possible to add more wired NICs to the APU? Alternatively, is there a comparably robust and OpenBSD supported low-wattage platform with at least 4 (and preferrably 5-6) NICs? Thank you. On 24 Jun 2016 at 13:37, Chris Cappuccio wrote: > li...@wrant.com [li...@wrant.com] wrote: > > > > 1) How do the APU systems go as pricing to comparable systems from > > other similar (industrial class, desktop enclosure) manufacturers? > > > > The pricing direct from PC Engines is roughly 2x to 3x the cost > of certain cheap, popular ARM boards. It's on par or lower than > the pricing of the higher end ARM boards (some of which are supported > in the armv7 port) > > > 2) How is the OpenBSD experience on the APU systems, do they have serial > > RS232 console (serial BIOS), do they expose all the hardware to OpenBSD? > > > > Everything is exposed. The serial console requires boot.conf setup, > and Bob Beck recently fixed some aggressive behaviour in the boot loader > so that it no longer prints garbage characters on the screen during > the 'set tty com0' transition. Thank you Bob for spending the time to > track this annoying behaviour down ! > > Chris
Re: text-mode gui
On 20 Dec 2015 at 17:25, Luke Small wrote: 8<-- lots of drivel snipped --->8 >... but a >normal user shouldn't have to wade through man pages to discover how to fix >... This is the crux of the issue -- linux upbringing! If you bothered to read the FAQ or scan through some message threads on the mailing lists you would know that: a) ALL users are expected to read the man pages, because b) OpenBSD deservedly prides itself on the accuracy, completelness, and readability of the documentation -- the man pages and the FAQ. If you value gooey compexity because you cannot be bothered to learn about the tool you plan to use, please go away and pick one of the many shiny toys that promise you what you want. I, for one, very much appreciate the OpenBSD way of no-nonsense, minimalist interfaces balanced with very comprehensive documentation. > > > -Luke > > On Sun, Dec 20, 2015 at 3:33 PM,wrote: > > > On Sun, 20 Dec 2015 14:03:18 -0600 Luke Small > > wrote: > > > > > I don't know the best way, but I like how there are "check-boxes", from > > > what I recall, in lynx webpages. > > > > And? Bookmarks or... direct private cumulus clouds of edible sugar, > > preferably in cyanide algae nuances with self attaching axons. > > > > > Maybe full-disk encryption and maybe home > > > folder encryption if it is available are the only remaining installer > > > > It's called a directory, which is a file, and not a drawer, and not a > > folder, neither a closet, nor a wardrobe nor even a chest. > > > > > options that you don't have to have prior specialized knowledge to > > perform, > > > that you can't do after you boot into the system. > > > > I'm sorry to break up the bubble for you but prior knowledge is a > > prerequisite and this is not exclusive to OpenBSD. Anything you can do > > in the installer can also be done after installation, except probably > > finding a list of nice check boxes in a JavaScript web page. For that > > you need to use www. > > > > > If there are other > > > things, then it may become a little less tedious for less experienced > > folks > > > to look at all the options at once, rather than having to start over. > > > > Many inexperienced folds tried OpenBSD first and did not have to become > > experienced in other complicated installers. Can you elaborate on > > this? You want a long check list, is that it? > > > > > If > > > there are any irreconcilable differences in options, JavaScript can more > > > easily display that the other changes are incompatible by changing the > > > other options back. > > > > The editor said: scratch this part, messy wording. > > > > > But maybe the OpenBSD way is about no surprises, but it > > > doesn't seem right to only be able to boot into the system in the way you > > > want, > > > > It is a cargo "principle of least astonishment" to be found in another > > set of online docs elsewhere, unrelated perhaps, no? > > > > > if you have the mindset of a Computer Scientist like us, and read the > > > right configuration webpages. > > > > Correction, man pages. They are in English, comprehensive to lower > > intermediate level readers. > > > > > Things like not having softdep mounted file > > > systems by default really tripped me up for a couple versions. > > > > There is a clear section on this in the Frequently Asked Questions. It > > is a very nice idea to read these prior or during installation on the > > other computer, or why not print out sections you best liked or thought > > useful for the upcoming installation process. > > > > > I have > > > virtualbox HDs and I had to keep backups in case Windows did something > > > funny, because I sometimes couldn't repair the file systems. > > > > Can you point where the docs say "install in a virtualbox" or any other > > virtual software brand for what it matters? > > > > > It seems like > > > something that should be an option in the installer, or a default. It > > would > > > be nice to do that with noatime and maybe an optional mfs or tmpfs > > mounted > > > /tmp folder like I have now. > > > > So you're basically proposing to rewrite the installer in JavaScript to > > add the noatime and softdep mount options, add full disk and home > > directory encryption, use the SSL tool kit and also make it like a text > > menu installer with a lot of check boxes and... web based interface, > > and be able to install in a virtual machine with memory based file > > systems? > > > > Why don't you just pick the install media of the operating system that > > offers you these nice goodies, and save yourself the rewrite. Oh, and > > then come back teach how to do it. > > > > If this seems too much to ask, just simply use the installer in OpenBSD > > as it is, and after a couple of iterations, and some (minutes/years) of > > enlightenment, you will start to appreciate the time and effort is has > > saved you and the powerful options provided without
PF tables -- anchors and scope
Can anyone confirm whether it is possible to modify a global table within an anchor? If so, what is the proper syntax for referencing it? I have a dynamic table of addresses to block declared and updated in the main body of pf.conf. I would like to update the same table using 'overload' operator within an anchor, however, I get "namespace collision" warning message and a distinctly separate table created when I try that. Interestingly, I can use global tables as the source or destination address in any rule inside an anchor, i.e. it does work in read-only mode (unless an anchor-local table is created per above). This firewall is currently running 5.6 with upgrade to 5.8 being planned for the near future. Thank you, -Jacob.
Re: Unified BSD?
yes, you are young, naïve, and 'bat crazy'/idealistic (never could find the difference between these two ;) ... but you are also quite lazy -- had you taken the time to research the history behind the forks and the current stated goals and objectives of each of these OS's, you would see why only a tiny minority of developers participate in more than one of the projects, and that despite the common ancestry and BSD philosophy, there are irreconcilable differences between all of the projects. On 12 Nov 2012 at 21:37, Robin Björklin wrote: Hi! First and foremost I'd like to present myself, I'm a young and naive junior sys admin that think people should be able to compromise and see the bigger picture and the good of the cause. Now over to the reason for my post. As all of you probably know there's a lot of buzz around Gnu/Linux these days and I'm pretty sure you couldn't care less. What I'm wondering is why the BSD community which from what I can gather isn't as big as the Linux community have decided to split their resources into several different projects/forks/distributions. To me it seems *BSD would be in a more competitive shape if all developers would get in under one roof? Am I bat crap crazy for thinking it could be good to merge the four largest BSD variants out there, take the best bits and pieces out of each and create a Unified BSD? Kind Regards, Robin Bjorklin
Re: Hi-Five OpenBSD World - New installation - Power management questions
First the caveats: I am long time OpenBSD user, but not a developer. The original post was extremely long, and as I wanted to embed my comments next to the original content they belong to, I also snipped some irrelevant sections. On 11 Apr 2012 at 22:14, Michael Davies wrote: Hello OpenBSD World!!! Long time Linux user who has recently been looking closely at OpenBSD ...[snipped] without any problems. I used these package options: -x* then -game* I have deployed many servers using the same selection with no ill effect. However, a growing number of ports and packages has various x* dependencies; and as Theo just recently pointed out on this ML, the recommended and the only fully supported system configuration is with everything installed. (removing these packages from the install - it's a NAS I'm creating here). I had no problem setting up my static network address etc. etc. I will install rsync via pkg_add later. However, I have been trying to find out how OpenBSD handles ACPI/APM Power Management and disk hibernation. I have read quite a bit: 1) Michael Lucas' Absolute OpenBSD (2004) Was highly rated at the time, but that was 16 releases ago... 2) Secure Architectures with OpenBSD (2004) ditto; good for concepts overview, but most implementation details have changed quite radically. 3) Michael Lucas' Absolute BSD (for FreeBSD) (2002) old and mostly irrelevant -- the OpenBSD kernel is very different from FreeBSD, and much of the stuff that FreeBSD chooses to import is either dated or lacks the necessary kernel support (or both, as for example the PF code). 4) Calomel - you know the one too bad -- now you have to UNread it; seriously, according to core developers it is ALL wrong. 5) I've tried to search the archived dialogues on Old Nabble (Difficult) I have observed that when the developers refer to an old posting they use http://marc.info/ almost exclusively. 6) I've searched Daemon Forums 7) I've read the FAQ - Always the last place I look ;-) When it comes to OpenBSD, the FAQ should be your first stop, closely followed by the man pages. Official documentation is a source of pride for the project -- documentation errors, even silly little typos, are treated as seriously as any other bug. This is what I feel I have learned: 1) Advanced Power Management on OpenBSD is handled by apmd. I know that because enabling it through /etc/rc.conf, rebooting and then issuing zzz puts the PC to sleep. When I tap a key - it wakes up again (exactly where I left it). GREAT! 2) apmd does not automatically hibernate my disk (unless I am missing something) - but it is possible that there are ports (I've read about these for FreeBSD) which might handle disk hibernation: spindown and diskidle 3) I read somewhere that there is a danger in suspending/hibernating the disk security wise - but haven't found a full explanation (Is RAM dumped to disk unencrypted, perhaps?). That would explain why a program to hibernate the disk isn't included in the default install of OpenBSD. Unfortunately - searching the OpenBSD mailing lists I have subscribed too is darn awkward (compared to some other fora - I know some issue 'tarred' archives that can be imported into an e-mail client - ever considered it? :-) ). SO... I've come to the fount of all knowledge to seek guidance on the following: 1) Beyond apmd, is there a default handler of disk hibernation install-ed/able via default OpenBSD? 2) To use apmd, do I need to maintain a swap partition? Indeed, should I ALWAYS maintain a swap partition on this simple setup (which is running fine)? I was hoping to get away without one (currently b: is undefined). Are you really hurting for space that much? Unlike linux, OpenBSD will not access the swap unless absolutely necessary. However, once again, having no swap defined is neither standard nor fully supported setup. Moreover, swap partition is where the system dumps core during panic. I found it beneficial to have some swap space defined even when disk capacity is an issue, and nowhere is it written that it needs to be big (not even equal to RAM size). 3) If spindown or diskidle exist in the packages/ports - would installing these provide me with a disk hibernation facility for OpenBSD? 4) Is there another way to manage the PC('NAS') using OpenBSD to minimize power while the 'NAS' is available 24/7? apm(8) -C does a pretty good job of dynamically reducing CPU power waste and atactl(8) should help you configure the built-in functions of your hard drive. Keep in mind that full system hibernation (aka suspend to disk) is not compatible with 24/7 availability as you will have to issue an explicit wake-on-lan and wait for it to become available. OTOH, a modern system, especially one based on Atom processor and a laptop SATA drive, does a darn good job of minimizing power waste without completely shutting down. Personally this is how I built my
Re: apache ssl behind nat problems
Hi Nigel, The SSL certificate itself does not have any part in this problem as it never gets that far in the process. As I wrote previously, the TCP handshake never completes -- e.g. netstat co. never see a connection in any kind of state. I did try the suggested openssl command as well as lynx, wget, w3m, ... and none of them emit any errors, just timed out. And of course, there are no errors (or connection traces) in the apache logs either :-( On 12 Jul 2011 at 1:55, Nigel Taylor wrote: Hi, One guess would be the SSL certificate is for your internal hostname, not your external hostname. Those connecting to the external hostname, reject the connection because the hostname doesn't match the certificate. To use both internal and external names you have to create certificate under one name and include alternative names / ip addresses in the certificate. Internally on my local network I refer to the my server by it's external name. With a pf rule . pass in log quick on $int_if inet proto tcp from any to $webext port https rdr-to 127.0.0.1 port https . If I connect to the internal name / ip address, I get an untrusted connection response, because I haven't added the alternatives. Look in /var/www/logs, . [Tue Jul 12 01:14:16 2011] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] [Tue Jul 12 01:14:19 2011] [error] mod_ssl: SSL handshake failed (server new.host.name:443, client 192.168.202.23) (OpenSSL library error follows) [Tue Jul 12 01:14:19 2011] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] . Try connecting with tools like openssl, gnutls openssl s_client -connect host:port . SSL handshake has read 2617 bytes and written 388 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA . Regards Nigel Taylor On 07/11/11 22:57, Jacob L. Leifman wrote: Environment: - OpenBSD 4.9, stock (base) apache with self-signed certificate - behind a SOHO NAT router (with relevant in-bound redirects) Problem: non-local SSL connections never complete the handshake (verified while monitoring the interface with tcpdump, see below) During troubleshooting I was able to eliminate a few suspects: - Regular un-encrypted HTTP (port 80) works every time; - https:// from the same LAN (i.e. no NAT) always works; - SSH always works (whether local or remote); - PF seems to have no bearing -- no difference in behavior whether enabled, enabled with pass in quick for the remote test host, or even altogether disabled. Unfortunately, I cannot eliminate the NAT device and need to find a way to work with it. All clues(ticks) are appreciated, -Jacob. Sanitized tcpdump -netttvv log: Jul 11 17:26:39.589073 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840mss 1452,sackOK,timestamp 3005841692 0,nop,wscale 0 (DF) (ttl 45, id 30330, len 60) Jul 11 17:26:39.590087 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359378 3005841692 (DF) (ttl 64, id 5701, len 64) Jul 11 17:26:42.584962 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840mss 1452,sackOK,timestamp 3005841992 0,nop,wscale 0 (DF) (ttl 45, id 30331, len 60) Jul 11 17:26:42.585565 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359384 3005841992 (DF) (ttl 64, id 52775, len 64) Jul 11 17:26:42.589685 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359384 3005841992 (DF) (ttl 64, id 3806, len 64) Jul 11 17:26:48.584959 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840mss 1452,sackOK,timestamp 3005842592 0,nop,wscale 0 (DF) (ttl 45, id 30332, len 60) Jul 11 17:26:48.585435 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359396 3005842592 (DF) (ttl 64, id
Re: apache ssl behind nat problems
On 11 Jul 2011 at 20:59, Paul Suh wrote: On Jul 11, 2011, at 5:57 PM, Jacob L. Leifman wrote: Environment: - OpenBSD 4.9, stock (base) apache with self-signed certificate - behind a SOHO NAT router (with relevant in-bound redirects) Problem: non-local SSL connections never complete the handshake (verified while monitoring the interface with tcpdump, see below) During troubleshooting I was able to eliminate a few suspects: - Regular un-encrypted HTTP (port 80) works every time; - https:// from the same LAN (i.e. no NAT) always works; - SSH always works (whether local or remote); - PF seems to have no bearing -- no difference in behavior whether enabled, enabled with pass in quick for the remote test host, or even altogether disabled. Unfortunately, I cannot eliminate the NAT device and need to find a way to work with it. *snip* Jacob, A few things to try: 1) Try a non-OpenBSD server on the inside, just to see if the problem is specific to OpenBSD or occurs with other server types. good idea. I will try it as soon as I can which will not be for a few days. 2) Try using openssl s_client -connect hostname:443 from the outside and see what kind of error message you get back. did that (as well as lynx and some others) -- there are no error message, just times out. 3) Try connecting from the outside using wget or curl and see what kind of error message you get back. see just above. FWIW, I'm guessing that the problem is at the router. The packet trace is showing a TCP SYN coming from the client, followed correctly by a SYN-ACK going back from the server. The client should send an ACK packet back, but instead it waits several seconds (i.e., timeout) then sends another TCP SYN, which would be what happens when the client does not receive the SYN-ACK from the server. Can you get a packet trace from the outside interface of the router? I believe you are right; or at the very least it is some kind of weird interaction with the router. Unfortunately, this is a consumer DSL device with no packet capture/trace capability. Hope this helps. some more leads to chase ;-) --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
apache ssl behind nat problems
Environment: - OpenBSD 4.9, stock (base) apache with self-signed certificate - behind a SOHO NAT router (with relevant in-bound redirects) Problem: non-local SSL connections never complete the handshake (verified while monitoring the interface with tcpdump, see below) During troubleshooting I was able to eliminate a few suspects: - Regular un-encrypted HTTP (port 80) works every time; - https:// from the same LAN (i.e. no NAT) always works; - SSH always works (whether local or remote); - PF seems to have no bearing -- no difference in behavior whether enabled, enabled with pass in quick for the remote test host, or even altogether disabled. Unfortunately, I cannot eliminate the NAT device and need to find a way to work with it. All clues(ticks) are appreciated, -Jacob. Sanitized tcpdump -netttvv log: Jul 11 17:26:39.589073 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840 mss 1452,sackOK,timestamp 3005841692 0,nop,wscale 0 (DF) (ttl 45, id 30330, len 60) Jul 11 17:26:39.590087 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359378 3005841692 (DF) (ttl 64, id 5701, len 64) Jul 11 17:26:42.584962 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840 mss 1452,sackOK,timestamp 3005841992 0,nop,wscale 0 (DF) (ttl 45, id 30331, len 60) Jul 11 17:26:42.585565 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359384 3005841992 (DF) (ttl 64, id 52775, len 64) Jul 11 17:26:42.589685 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359384 3005841992 (DF) (ttl 64, id 3806, len 64) Jul 11 17:26:48.584959 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840 mss 1452,sackOK,timestamp 3005842592 0,nop,wscale 0 (DF) (ttl 45, id 30332, len 60) Jul 11 17:26:48.585435 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359396 3005842592 (DF) (ttl 64, id 4014, len 64) Jul 11 17:26:48.590024 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359396 3005842592 (DF) (ttl 64, id 59349, len 64) Jul 11 17:27:00.584563 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840 mss 1452,sackOK,timestamp 3005843792 0,nop,wscale 0 (DF) (ttl 45, id 30333, len 60) Jul 11 17:27:00.584880 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359419 3005843792 (DF) (ttl 64, id 4439, len 64) Jul 11 17:27:00.590727 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359419 3005843792 (DF) (ttl 64, id 17093, len 64) Jul 11 17:27:24.585829 00:0f:b5:ww:ww:ww 00:01:03:zz:zz:zz 0800 74: a.b.c.d.37325 192.168.x.y.443: S [tcp sum ok] 2560292710:2560292710(0) win 5840 mss 1452,sackOK,timestamp 3005846192 0,nop,wscale 0 (DF) (ttl 45, id 30334, len 60) Jul 11 17:27:24.586302 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359467 3005846192 (DF) (ttl 64, id 12052, len 64) Jul 11 17:27:24.592057 00:01:03:zz:zz:zz 00:0f:b5:ww:ww:ww 0800 78: 192.168.x.y.443 a.b.c.d.37325: S [tcp sum ok] 1786229842:1786229842(0) ack 2560292711 win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1751359467 3005846192 (DF) (ttl 64, id 15080, len 64) Obligatory dmesg: OpenBSD 4.9 (GENERIC) #671: Wed Mar 2 07:09:00 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 848 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR, SSE real mem = 267915264 (255MB) avail mem = 253403136 (241MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/21/04, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf6ef0 (60 entries) bios0: vendor
Re: It is 2010. Still no 3GB support by default?
My first programming primer (Fortran ... them days) had a very concise delineation of the difference between neat programming and the much more common alternative -- given a big enough engine, even brick will fly. I never cared for the american muscle cars but was always fascinated with the slick european sports cars. I guess that is the same attraction I have for OpenBSD. I also find that the currently popular obsession with CPU cores, GHz and GBs is nothing more than the computer version of the muscle car. (yes, I am aware that there are specialized applications that do require the use of a monster-sized dump truck with an engine to match, but in reality how many places have a genuine need of a database that even with fully optimized design requires that much physical RAM?) On 8 Jun 2010 at 1:43, Dexter Tomisson wrote: No, 640k ought to be enough for anybody On 7 June 2010 22:12, Bret S. Lambert bret.lamb...@gmail.com wrote: On Mon, Jun 07, 2010 at 09:52:50PM +0300, Dexter Tomisson wrote: It's the future, where's my goddamn flying car?
Re: Question about webmail for users who are not busy on ports prep for 4.6
So far this thread has focused on the various IMAP based solutions and the merits of the many alternate components to such. Keying off some comments in the OP (below) I would like to point out that there _is_ an OpenBSD package openwebmail-2.51p1.tgz for a non-IMAP webmail. A few of the things that I like about this solution are: - it is written entirely in perl (no php or other non-base prereqs) - it works well when deployed on the mail server or over POP3 - its interface is very clean yet fairly feature rich - it is browser agnostic and renders decently even on mobiles Again, I bring this up only because it seems to me that the original goal was a simple non-IMAP solution and this suggestion should be taken completely independent of the rest of this thread -- IMAP adds capabilities and complexities that make any comparison of solutions with and without it mostly invalid. On 4 Jul 2009 at 20:05, Rod Whitworth wrote: I have been running email for a couple of small domains for a few years using Postfix and Teapop on OpenBSD. No complaints. I have scripted user addition with passwords etc etc. Now somebody (important of course) wants webmail. I went hunting. About the only webmail server I found that did not need an imapd was sqwebmail and we don't have a port for that. Yes, I could have a crack at making a port but that, given a lng absence from C for me and also that it doesn't look really modern, sounded like it would be loading myself with a pressure job. So looking at others needing imap showed me RoundCube. Pretty snazzy looks, renders all that fancy junk that seems to be all the go now and we have a package for it. So which imap? Dovecot looked like a candidate. It can use sqlite as does Roundcube and I know it can do authentication for Postfix so it looked like a suitable candidate. Then I found out that Roundcube uses sqlite and Dovecot uses sqlite3. I don't think I want to have to synch two databases all the time. Does anybody know what combination works well with nothing as silly as mismatched db versions? Maybe there is a way to get Roundcube (the component I'd like to keep) to compile with sqlite3 but I haven't seen a hint that that is supported, and whilst I do more research I'd like to hear from someone who has invented the wheel I'm working on. Thanks, *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: Partition confusion
On 6 Jun 2009 at 12:11, Donald Allen wrote: On Sat, Jun 6, 2009 at 11:49 AM, Lars Noodenlars.cura...@gmail.com wrote: Can't the legacy system be modified to work with FFS or EXT2? Hi -- Are you addressing that question to me? If so, I'm really not sure I understand your question. What do you mean by the legacy system? If so, are you suggesting that perhaps XP can be modified to work with FFS or ext2? The answer to that, I believe, is no. While proudly not a Windows expert, I believe XP supports only Microsoft filesystems -- ntfs, fat and fat32. It is common to use the term legacy system to refer to proprietary OS including/especially Micro$oft Windows. And since I learned more than I ever cared about Windows XP, it _can_ be made to support much more than what is provided by Microsoft. In particular, there are a few stable and open source drivers to allow XP to access Linux ext2/3 filesystems. There is also a FOSS driver for FFS but it has not been updated in a long time and in my experience did not work too well with OpenBSD. As I said in my previous post, pscp and another machine present a simple workaround for this issue. I've got multiple machines, I rsync my home directory from one to the other when I have occasion to use something other than my primary machine, and so it's a simple matter to pscp file from the Windows filesystem to another machine running OpenBSD or Linux (which I run on my old TP 600x, on which OpenBSD doesn't fare too well, discussed in an earlier thread). This is needed very rarely (typically only when I travel and get on the network via wifi, which I do with Windows, just because it's easier) and so it's probably not worth bothering to build a kernel to add ntfs support. /Don -Lars