USB pcmcia card recommendation
Hi, Can anyone recommend a working PCMCIA-to-USB adapter for use with a Soekris net4521 OpenBSD-based access point and router? thanks in advance. marcus.
Re: openbsd fail2ban
I managed to find my old powerbook yesterday and copied the sources on a pen drive. Kinda looks like a time capsule for me. Openbsd complained about being initialized after 600+ days... As I said before, this program has worked for me. It was a single installation and only two admins... A single connection to a specific port enables ssh by adding the source IP to a white list. Another connection to other port removes the access. It could be written in a smarter way and also could have lots of features (like timing expiration) but it would be overkill for our need. enjoy! On Thu, Nov 6, 2008 at 3:49 PM, Marcus Andree [EMAIL PROTECTED] wrote: I've written a small program about 5 years ago. It was a daemon that implemented a service similar to port knocking but entirely in user level, calling pfctl by exec() system calls to insert/remove remote IP addresses in a pf table holding machines able to connect to the ssh daemon via port 22. It was a ugly hack but it worked for us. I shall have a backup copy somewhere on my powerbook at home... On Thu, Nov 6, 2008 at 3:33 PM, Charlie Clark [EMAIL PROTECTED] wrote: Hi, I have noticed that people constantly try to brute force sshd on my openbsd box, on my server I use fail2ban to prevent this and wondered if there is a similar solution for openbsd. Regards, -- Charlie Clark Network Engineer Lemon Computing Ltd Unit 9 26-28 Priests Bridge London SW14 8TA UK Tel: +44 208 878 2138 Fax: +44 208 878 2163 Email: [EMAIL PROTECTED] Site: http://www.lemon-computing.com/ Lemon Computing is a limited company registered in England Wales under Company No. 03697052 [demime 1.01d removed an attachment of type application/x-gzip which had a name of portctrl.tar.gz]
Re: How can I mount a NTFS( sharing) remote partition on openBSD?
If I understood your problem correctly, the NTFS thing plays no role here, since you need to mount a remotely exported filesystem via SMB/CIFS protocol. Sharity or sharity-light is your friend. Google for it. Also, check if you can install as NFS server on your windows machine. This may simplify your setup (or screw up everything, that's up to you). On Tue, Nov 25, 2008 at 2:06 PM, Ricardo Augusto de Souza [EMAIL PROTECTED] wrote: Hi, i need to Access a sharing on a Windows from a openBSD. I did that in the past on linux using mount -t vfat or smbclient. How can I do that on obsd 4.3 ? thanks
Re: Packet Filter: how to keep device names on hardware failure?
On Fri, Nov 7, 2008 at 11:33 AM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Fri, Nov 07, 2008 at 01:22:08PM +0100, Peter N. M. Hansteen wrote: Unless we make some other unique identifier part of the way PF evaluates rules (the MAC address comes to mind, but that too can be changed in any modern operating system), there is no quick fix, other than rewriting your rule set so it avoids 'on' criteria and other hardware specifics wherever possible. I don't see the ability to change a MAC address as a problem. Someone would need to get root access inside the router to make this change. So, since the bad guy is already root, there's not many things to be done to protect the machine... Free advice without a patch is, of course, worth the price, but: I'll take this words as mine as I discuss this matter in this message. If there was a way of recording the MAC address assigned to each interface by the kernel, then on a subsequent reboot could the kernel read that file to ensure that previously seen interfaces were assigend the same number? On Linux (Debian), interfaces are all ethx no matter what vendor. The udev system is supposed to record coresponding MAC in a persistant rules file to prevent this problem. Of course, this doesn't seem to work on some boxes for drives, so that, for example, a boot fails if a USB stick is plugged in because it may be assigned the /dev/sdx that is supposed to be the root drive. This prompts hacks of mounting with LABEL or UUID. In linux, there's a utility called ifrename. I had to use it in a massive linux installation once. The guys performing customer support were dumb enough to not learn the ethX addressing. I've used ifrename to change the names such as eth0, eth1 and eth2 to wan, lan and dmz. I really would like to have this kind of support on OpenBSD, but the NIC naming schemas of Linux and *BSD have huge differences. Perhaps pf could be configured with MAC addres instead of interface id. Sure the MAC address could be changed by the sysadmin, but does it get changed at random by the OS? One idea I had a couple years ago envolves changing the way the interface drivers are loaded in the kernel. Now, the schema is static. Probably translating it to a dynamic one could have some gains. My idea was to provide a mapping (or alias) to a network card based on its MAC address, just like ifrename on linux. One could use a file in /etc/ (say, /etc/ifrename.conf) to configure the system as follows: = # this is a comment alias_name=nic # some base string. current network drivers like rtl, wi would # be forbidden wi0=0 # numeric field, unique for each interface le0=1 00:40:a7:0b:13:70=2 = The configuration above would make your wi1 interface available as nic0, your le0 interface would be named nic1 and the interface that holds the mac address 00:40:a7:0b:13:70 would be visible as nic2 So, the following commands should be considered equal. ifconfig le0 ifconfig nic1 The feature described above would have huge collateral effects to lots of things and I can't say a patch would pass to mainstream. I also never did any research beyond this superficial layer. Just some early-morning thoughts, for what their worth. Doug.
Re: openbsd fail2ban
I've written a small program about 5 years ago. It was a daemon that implemented a service similar to port knocking but entirely in user level, calling pfctl by exec() system calls to insert/remove remote IP addresses in a pf table holding machines able to connect to the ssh daemon via port 22. It was a ugly hack but it worked for us. I shall have a backup copy somewhere on my powerbook at home... On Thu, Nov 6, 2008 at 3:33 PM, Charlie Clark [EMAIL PROTECTED] wrote: Hi, I have noticed that people constantly try to brute force sshd on my openbsd box, on my server I use fail2ban to prevent this and wondered if there is a similar solution for openbsd. Regards, -- Charlie Clark Network Engineer Lemon Computing Ltd Unit 9 26-28 Priests Bridge London SW14 8TA UK Tel: +44 208 878 2138 Fax: +44 208 878 2163 Email: [EMAIL PROTECTED] Site: http://www.lemon-computing.com/ Lemon Computing is a limited company registered in England Wales under Company No. 03697052
Re: openbsd fail2ban
You'd be free to do whatever you want with it. I'll see I can find the source. I'm pretty sure there's a copy on my old powerbook. It was written for linux and openbsd and we used for an ad-hoc authentication method to manage a remote machine over the unsecure internet. Never did any security auditing on the code, but I don't think there's anything wrong with it. There was one or two things that I'd like to have the time to implement, like privilege separation but that's all. But, as I said before, it is a ugly hack... :) On Thu, Nov 6, 2008 at 3:57 PM, Charlie Clark [EMAIL PROTECTED] wrote: Hi Marcus, If you come across this program again would I be able to steal it off of you, it will implement it as suggested before using pf state table tracking but your program sounds very interesting and I would still like to see it. Thank you everyone for your answers. Thanks, Charlie Marcus Andree wrote: I've written a small program about 5 years ago. It was a daemon that implemented a service similar to port knocking but entirely in user level, calling pfctl by exec() system calls to insert/remove remote IP addresses in a pf table holding machines able to connect to the ssh daemon via port 22. It was a ugly hack but it worked for us. I shall have a backup copy somewhere on my powerbook at home... On Thu, Nov 6, 2008 at 3:33 PM, Charlie Clark [EMAIL PROTECTED] wrote: Hi, I have noticed that people constantly try to brute force sshd on my openbsd box, on my server I use fail2ban to prevent this and wondered if there is a similar solution for openbsd. Regards, -- Charlie Clark Network Engineer Lemon Computing Ltd Unit 9 26-28 Priests Bridge London SW14 8TA UK Tel: +44 208 878 2138 Fax: +44 208 878 2163 Email: [EMAIL PROTECTED] Site: http://www.lemon-computing.com/ Lemon Computing is a limited company registered in England Wales under Company No. 03697052 -- Charlie Clark Network Engineer Lemon Computing Ltd Unit 9 26-28 Priests Bridge London SW14 8TA UK Tel: +44 208 878 2138 Fax: +44 208 878 2163 Email: [EMAIL PROTECTED] Site: http://www.lemon-computing.com/ Lemon Computing is a limited company registered in England Wales under Company No. 03697052
Re: maybe OT 4 year anniversay of Chuck Yerkes death
I sorely miss his clever and funny comments. This list isn't the same without him. Rest in peace, Chuck. Or should I say hack in peace? :) On Wed, Aug 27, 2008 at 7:32 PM, Diana Eichert [EMAIL PROTECTED] wrote: I don't think it's off topic but others might. I'm writing this post to remember Chuck Yerkes, a long time contributor to the [EMAIL PROTECTED] list. http://www.sage.org/about/yerkes.html Chuck died 4 years ago today while riding his motorcycle. http://web.archive.org/web/20041012235249/http://www.contracostatimes.com/mld/cctimes/news/9511974.htm http://marc.theaimsgroup.com/?l=openbsd-miscm=109385676632581w=2 Just wanted to remember you Chuck, take it easy wherever you are. diana
Re: question about raidframe getting stuck
snip Almost every RAID system out there handles the sudden removal of a disk from the system pretty well. Why? Because it's EASY to create that failure mode. Problem is, in 25 years in this business, I don't recall having seen a hard disk fall out of a computer as a mode of actual failure (I did see a SCSI HBA fall out of a machine once, but that's a different story). snip I had seen that disk-suddenly-out-of-computer failure once. Coincidently enough, it was an OpenBSD system configured only for NAT, about 6 years ago. The IDE hard disk failed sometime at night. When we arrived on the next day at office. Everything was working flawlessly until someone ssh'ed to that machine. My guess is something has gone awry when the syslog went to write that new connection and suddenly the OS discovered that was no HD present. Surprisingly enough, the onboard IDE controller survived, but after installing the new disk, we found the parallel IDE cable faulty and it had to be replaced also. It was not a RAID system though... snip
Re: This is what Linus Torvalds calls openBSD crowd
Don't forget some amoebas wearing suits and t-shirts with a penguin stamp. agreed. I barely can wait to see Ty Semaka artwork for 4.4. Definitively it should include monkeys. And amoebas too. I agree, monkeys should definitely be somehow incorporated into the artwork for the next release.
Re: This is what Linus Torvalds calls openBSD crowd
snip I may completely disagree with him, but I'm not going to invest in a flame fest over his comments. snip Being here when Stallman started the last flame nuclear holocaust war, I feel a weird sense of deja-vu right now.
Re: GPL version 4
On Wed, Jul 16, 2008 at 3:06 PM, Morton Harrow [EMAIL PROTECTED] wrote: Dear gentlemen (and included list-members), Let me first introduce myself. My name is Morton Harrow, senior GNU/Linux Hmmm... something is telling me this message won't have a happy end. consultant in the London metropolitan area. I have been around in the Open Source world since the early beginning. I am very happy with the spirit and Oh, yeah! Since BSD tapes were distributed or earlier, when Ken Thompson was mailing UNIX source code and handwriting the package labels himself? efforts of the Free Software Foundation (FSF). Eeekkk!!! As the name mentions free , one would think this organisation embraces real freedom. I can't help but feel that the FSF has made a mistake with the release of the third version of the GPL (GPLv3). This license restricts the freedom and usage of open source software for governments, companies and end-users alike. Wow!!! Free software isn't free after all Stop the presses Put this story close to the Extra! Extra!! Moore law is still valid! headline. Linking from other software which is not regarded by the FSF as free software, is not allowed by this license. I can't help but wonder if this is the freedom the FSF intensions. Real free should be that users are allowed link any software against GPL licensed software, without restrictions. But the current freedom restricts the spirit of Richard M. Stallman's original vision on a free world. Now it's getting serious!!! We propose to release as soon as possible, version 4 of the General Public License. Hey!! I have a suggestion! This is so radically new!!! How about naming this version 4 of the GPL as something entirely different, like, say BSD??? I'm having a seizure right now. Can't keep the reading. snip
Re: This is what Linus Torvalds calls openBSD crowd
http://article.gmane.org/gmane.linux.kernel/706950 Again a mis representation in pulic? To me, security is important. But it's no less important than everything *else* that is also important! I.e. there are no shades of gray in import hence importance is black-and-while. H... IMO, this isn't the worst sentence on linus' interview. He has the right to think anything about everything. He has even the right to be plain wrong. But he should _not_ say this about anyone: I think the OpenBSD crowd is a bunch of masturbating monkeys (...) What's the point here? If he places security in second place, that's fine. But don't say people who _do_ think like that is a bunch of bastards.
Re: OT: App to get detailed http measurements
http_load may be of help. I've used it a few times before. Had to do some enhancements to the source code, enabling it to deal better with dynamic pages. http://www.acme.com/software/http_load/ On Sat, Jun 14, 2008 at 7:55 AM, Mikolaj Kucharski [EMAIL PROTECTED] wrote: Hi, This is off topic, but does anyone know preferably commandline utility with which I could test HTTP server? What interests me is repeated connections and stats how long it took dns resolv, tcp connect, send request and finaly download of data. Really appreciate any tips. Thanks. -- best regards q#
Re: Editing C with...
There's some doubt if someone will achieve a valid OpenBSD binary. Also, the program may be subject to virus and trojan horses on its way to an OpenBSD system. :) 2008/5/9 David Gwynne [EMAIL PROTECTED]: copy con program.exe
Re: How to filter based on application protocol being used
snip Snort may also be of interest here. You can do it using open-source software as Bro (http://bro-ids.org), it's an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro has the DPD (dynamic protocol detection) feature and can reports (confirmed) uses of protocols on non-standard ports. Please see : http://www.icir.org/robin/papers/usenix06.pdf for more informations about this. Last thing, it builds and works perfectly on OpenBSD. :-) With regards, Jean-Philippe.
Re: MS and OpenBSD interportability, a lil list with patented and non patented protocols
snip So if you think it would be handy if you could remotely shutdown your whole network from the Firewall you may could code the daemon right now 'course the protocol itself is not patented. snip Probably the windows machines lying on the network are already shutting down to apply hourly security fixes. This argument about integration with MS code is leading OpenBSD to nowhere, IMO. I like pf, I like the developers decision for correctness, and I like the way engineers and coders created and enhanced UNIX. Why to mess something that's working properly for 20+ years for the sake of integration? If MS had a minimal interest on integration, they should have read implemented POSIX in a useful manner on their OS at least one decade ago. Now, all I can say is MS can keep its code for itself. My choice is clear.
Re: [OT] need 32MB and 64 MB 72-pin SIMMS
http://www.ebay.com I wonder if anyone knows of a source for such old memory. I'm near Kingston, Ontario, Canada.
Re: the death of the oldest OpenBSD system on the net...
snip back in time (but not to long ago), I served 3000 email accounts for a Swiss multinational insurance company on a P133 with 32MB RAM. That is no big deal, however. sendmail and any Unix like system can handle that without problem. Agreed. People nowadays seem to wrongly associate email with Exchange Server bloatware. Give those gigs of RAM and disk space to a lightweight UNIX distro, fasten your seatbelts and prepare to take off. It's amazing how little knowledge tech workers have about network protocols...
Re: the death of the oldest OpenBSD system on the net...
I've just finished a small argument with some colleages here at work. They just couldn't believe a Pentium 133 was serving a hundred e-mail accounts... Even in death we can count on OpenBSD to show how things should be done. RIP. On Sun, Mar 16, 2008 at 9:23 AM, Alexander Bochmann [EMAIL PROTECTED] wrote: ...was rather unspectacular: Hardware failiure. The system's name was base, originally installed with OpenBSD 2.3 on Jun 12, 1998: -rw-r--r-- 1 root wheel 5 Jun 12 1998 etc/myname It ran the OpenBSD 2.3 kernel and most of the userland until it stopped responding about three weeks ago and couldn't be resurrected. Small hardware problems had happened before, as with most systems that have been running uninterrupted for nearly 10 years, but this time I decided against getting it up again: Running modern software had gotten a real chore (never managed to backport OpenSSH, for example, so it still had the last version of the old ssh.com daemon (1.2.32?). (Well, that, and the 2.3 GENERIC kernel reliably shot down the VMWare session I tried to get it running in.) Good old internet software like sendmail or bind never were a problem though, even in their most recent versions (which may or may not be a compliment, depending on your point of view). To my knowlege, the system never was hacked - despite running software like qpop 2.53 or really, really old versions of apache and php. (I sometimes found core files, but I guess the system was just too obscure to be a valid target for any type of automated attack.) base had lots of old stuff still lying around, like an emergency netboot environment for the sun3/160 that it had replaced as main server for infra.de back at the time, an Amanda client for my old employer's network backup system that's long gone, or the configuration for half a dozen UUCP feeds which have lost their peers ages ago. Gone are the days when 32MB RAM was a lot, a stripped down OpenBSD kernel had a whopping 1MB, and a handful of blacklists got rid of almost all of the spam. -rwxr-xr-x 1 root wheel1056157 Jul 31 2002 /bsd Alex.
Re: sftp: Umlauts and Spaces in filenames
From someone who speaks a native language with several extended characters: even non-unix systems (has Windows earned the system status already?) sucks with weird file names. snip That should work.. but, spaces and extended characters are so unclean in the Unix world, it was never designed to use them.
Re: [OT] beefy steel cases
Hi, Doug. My suggetion is: - start with good, standard but not-so-bulky case; - build a cage around the commercial grade, made from thick sheets of steel; - do lots of small, tiny drills on the external cage, for proper ventilation; - do a couple of larger holes for cables and wires on the back; - put a thermometer sensor inside, with a display on the outside, for proper temparature monitoring, just in case you need more holes; You should end with far better protection than those provided by more expensive devices. The small holes won't let pass much EM energy thru them. The larger ones can be concealed by walls and you may point them to safer areas. They'll be blocked by the cage itself and should cause little to none side effects on areas of interest. You can hire someone or a company to do some bending or soldering if needed. Best regards to you and your wife. On Mon, Feb 11, 2008 at 11:35 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Mon, Feb 11, 2008 at 12:37:59PM -0700, Steve B wrote: I have one of these, http://calpc.com/catalog/mid_tower.html, and its quite beefy. I wonder if you could measure two things for me: 1. The thickness of the steel panels (not of any structural frame). I'm comparing these with norco cases which are made of 1.2 mm steel, so a normal metric ruler and an eyeball would suffice. 2. The size of the vent holes. The mid tower chassis page doesn't have alternate views. The 4U rackmount case has a rear photo. The vents look like brickwork: more vent than metal. The dimensions of the holes and the metal between them is critical. If you could give me the three measurements, again to the nearest 0.2 mm. -- vent-hole lenght: -- vent-hole height: -- metal between vent-holes: Thank you. Doug.
Re: low-MHz server
Douglas, I'm really sorry about you wife's health problems. I was unaware about this condition and, as a matter of fact, will relay some of the information passed along this thread to my own wife (she is a trained doctor). Maybe she provide additional insights that could improve your wife's conditions. Back to the technicalities... You are in need of a system capable of meeting the following requirements: - lower CPU (Pentium-class machine or similar) - low noise - low power requirements - memory and disc: more is always better - network: 100Mbits should be enough, wifi is not recommended - and, of course, able to run OpenBSD :) So, my best guess would fall into an embedded device. I had made some searches for embedded or single/small board computers in the past and a few links were present on my bookmarks lists. As you an see, there is other companies beyond soekris that can make really useful stuff. Some equipment have connectors for both IDE HDD and compact flash cards and their small footprint can help in building EF shields less bulky. Hope this helps. Best regards for you and your wife. Marcus. http://www.axiomtek.com/products/ListProductType.asp?ptype1=0ptype2=1 http://www.orbitmicro.com/global/35ecxembeddedcompactextendedtechnologyembeddedboards-c-79_191_196.html http://versalogic.com/Products/ http://www.pcengines.ch/platform.htm http://www.extremetech.com/article2/0,1697,2194852,00.asp http://www.zonbu.com/home/index.htm snip
Re: low-MHz server
The condition your wife is subject to, IMO, is _very_ unusual and deserves better study... I'm increasing the off-topicness of this thread, but Daniel is right. If your wife is more sensitive to higher frequencies, it should be more easier to isolate her from electromagnetic fields. Lower frequency radiation, like the 50 or 60hz coming from our electrical power networks is more capable of penetrating metallic (or other conductive material) sheets. So, it's probably more likely that she's sensitive to other classes of electrical devices, which should be given more attention... One thing that can be an issue is tje fact of digital circuits running at higher speed (gigahertz range) tends to consume more electrical power, raising the amperage running in your electrical wires, and, subsequently, the 50 or 60hz electrical field in close range. The digital watch clock is puzzling: surely the quartz cristal inside nearly every digital clock isn't in the gigaherts range AND they consume very low power... The proximity to her body can be a factor... On 1/30/08, Daniel A. Ramaley [EMAIL PROTECTED] wrote: On Wednesday 30 January 2008 12:35, Douglas A. Tutty wrote: My wife is sensitive to what she describes as electromagnetic fields. She gets headaches and other pains when exposed to equipment: the higher the frequency, the worse her symptoms. Rather than trying to find obsolete equipment that runs at a low frequency, would it be possible to build a Faraday cage around your computer? Has your wife had her sensitivity examined by medical professionals? Is it a physical problem or a psychosomatic condition? How does she react to fluorescent lights? Incandescents? How about driving near a radio transmission tower? Or for that matter, even being in a modern car? If there is an electronic device turned on in the next room but she is not aware of it, does she still experience pain? I don't need answers to these questions, but if there is a medical solution to your wife's sensitivity that might be easier than trying to banish all electronics. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Developers: First Reply Gets My Copy Of /On Bullshit/
Man, that's the best thing I've got on misc@ in the last two or three days. On 12/14/07, Breen Ouellette [EMAIL PROTECTED] wrote: snip For everyone else, we are all lucky enough to be able to access the full text at the following link: http://web.archive.org/web/20031204195648/www.jelks.nu/misc/articles/bs.html snip
Re: Real men don't attack straw men
On 12/12/07, ropers [EMAIL PROTECTED] wrote: On 12/12/2007, ropers [EMAIL PROTECTED] wrote: On 12/12/2007, Richard Stallman [EMAIL PROTECTED] wrote: As a last question. Will gNewSense become non-free if I start a ports-like software install package project for it? If your install package has ports for non-free software, then it would promote non-free software. If it were included in or recommended by gNewSense, then gNewSense would promote non-free software. I trust they wouldn't do that, because their policies are not to do that. And I repeat again: The OpenBSD ports tree is *neither included in nor recommended* by OpenBSD. OpenBSD *Does. Not. Do. That.* because OpenBSD's policies are not to do that. And if people chose to use the ports tree anyway, despite what was recommended, and chose to use it to install unfree software, despite the fact that hints are there that note unfree software as such, then that is their own fault. People should take responsibility for their own choices. OpenBSD is an operating system, not a nanny. Agreed. It is now clear that Richard Stallman is not recommending the OpenBSD distribution (ports + kernel + base), not only the kernel itself. I can understand the reason for bashing OpenBSD but I can't share the same view, since - ports lives in user space - users aren't required to use/install ports - ports itself is free, despite poiting to some non-free software If an entire distribution can be tainted by non-free third-party software being ported, what to say about other issues, such as LGPL'ed code that, in fact, promotes non-free software just by being linked to it?
Re: Real men don't attack straw men
On 12/12/07, Rodrigo V. Raimundo [EMAIL PROTECTED] wrote: On Wednesday 12 December 2007 06:37, Richard Stallman wrote: However, if distribution D includes this easier way to install in its ports system, by doing so distribution D endorses it and takes on the ethical responsibility for it. Using the same argument I can say that gcc isn't ethical because it allows compilation of non-free software. I don't see this as a valid point. Stallman talks about endorsement. By what I've understood of his vision, when OpenBSD team decided to aggregate a functionality called ports, they endorsed everything living in ports tree, even if it's non-free software. Such endorsement had the ability to taint the entire distribution, so it was labeled as non recommended. At this point, we start to disagree. Ports is a userland feature, not a kernel one. So, to abid to his pinciples, he decided to broad the tainting thing to the entire distribution (kernel, base, ports, etc). I just don't see this as a fair thing. A possible solution would be to segregate ports from the distribution itself. Maybe creating an openbsd.com website, hosting the ports system, and making clear that openbsd.com is not affiliated anyway to openbsd.org (which would host the kernel space apps and code). This could move the tainted code to outside the distribution. Stallman would have to point his arguments to the individuals themselves. Also, since we're talking about BSD licensing here, this entire solution should be considered an absurd and a waste of resources. I'll let this thread rest now. Nothing new to gain here.
Re: Real men don't attack straw men
Sir, please check my inline comments. On 12/11/07, Richard Stallman [EMAIL PROTECTED] wrote: Is the list at: http://www.gnu.org/links/links.html#FreeGNULinuxDistributions the list of operating systems that meet your criteria? It appears that gNewSense includes LAME in binary format, and BLAG recommends it at https://wiki.blagblagblag.org/Lame in much the same way OpenBSD does. ISTR LAME is free software, but I will double-check. In fact, BLAG suggests other unfree programs, such as unrar (https://wiki.blagblagblag.org/Unrar), even noting that the software is non-free. What is the license of Unrar? I will try to access that page, but I cannot access an https page except by asking someone to get it for me. I will see if it works with plain http:. I don't think anyone is particularly upset that OpenBSD isn't among the software you recommend, but to claim that OpenBSD includes non-free software in its ports collection (using your definition of free) while claiming that gNewSense meets your criteria is disingenuous at best. At best, it's an accurate statement. At worst, the gNewSense developers made a mistake, and will correct it. My main basis for judging any distro is the policies it has adopted. I just can't follow this. Let's see what's written in the OpenBSD ports page (http://www.openbsd.org/ports.html): Motivation OpenBSD is a fairly complete system of its own, but still there is a lot of software that one might want to see added. However, there is the problem of where to draw the line as to what to include, as well as the occasional licensing and export restriction problems. As OpenBSD is supposed to be a small stand-alone UNIX-like operating system, some things just can't be shipped with the system. So, an operating system can born free (free as in speech, in the GNU sense) and then, become non-free just because some users decided to create a way to ease installations of software that just can't be shipped with the system? Despite some OpenBSD kernel developers are also port mantainers, I'd believe that the vast majority of the latter don't do kernel programming, so IMO, they could be labeled as users (since they're working in user space). Everyone makes mistakes, and well-intentioned people fix their mistakes. So if someone finds a non-free program in gNewSense, or in OpenBSD, in violation of the distro's policies, that's no disaster. I trust the developers will remove it once they find out. Well, it seems that we have the following pattern: - gNewSense, if someone finds a non-free program in it, that's no disaster - anything else, if someone finds a non free program in it, that's surely a disaster Please, sir, clarify On the other hand, if a distro's policies say something is allowed, then it isn't a mistake, and I can't expect it to be fixed. That's what gives me stronger concern. The presence of non-free programs in the OpenBSD ports system is not a mistake, it's intentional. As a last question. Will gNewSense become non-free if I start a ports-like software install package project for it? Thanks in advance.
Re: About non-free software in OpenBSD
After reading the pearls of human thought described below, I've just chmod 000 {L,z}505 This guy's just too smart and he's able to see things no one can Better spend my time on a copy of Solitaire that came free on my windows machine. :) I do not agree 100% with Stallman. I've met with him once. He's a visionary man, but I myself do not share all of his visions... He wrote emacs. He wrote gcc. He even suggested the BSD team to do a cooperative work over the Internet 10 years ago or so... What did you do, L505? Do I have something against GNU? Did they catch me and am I trying to get back at them? Absolutely not. I have never had trouble with GNU and never spoken to the foundation about any issues. The reason I am pointing this out is simply because I have common sense and I am a philosopher myself. As a philosopher myself, I find their philosophies make no sense and have no merit. In fact, I feel sorry for Richard Stallman because I know what he is trying to do with his license and I know what he is intending with it. He just isn't as smart as me.. I speak truth, Richard speaks nonsense. I am smarter than him. On 12/10/07, L [EMAIL PROTECTED] wrote: Lars NoodC)n wrote: In regards to RMS, I have yet to see critique of his ideas, especially n the mainstream media. Some infamous 'mainstream media' critique: snip
Re: OpenBSD4.1 IPSEC - transport_send_messages: giving up on exchange
We've got similar problems about a year ago, when we deployed a massive installation of vpn/ipsec clients based on isakmpd. When testing the client robustness to a series of events, like physically disconnecting network cables, simulating power failures and such, we saw the same pattern. Our solution was to use an external program to send simple icmp packets to our internal network and restart isakmpd once detecting the tunnel is down. A web search has showed us that tunnel recreation is complex and frequently involves non-standard implemmentations. Sometimes, this process fails and it should be considered an external watchdog to be on the safe side. So we cooked an in-house solution using monit to restart isakmpd in case of failure. Obviously you'll need to define a simple set of rules to classify a connection as failed. snip Okey, all vpn comes up normally but.. the problem is: At random time, the tunnel turn down and dont come up again ! snip
Re: netstat question
Connections listed as in close_wait state weren't closed in full sync and may have data still waiting to be processed. snip but what does it mean when a connection in CLOSE_WAIT has packets in the Recv-Q? how can that be? -f -- what we do not understand we do not possess. -- goethe
Re: lost root account
Boot your machine in single user mode (boot -s) and use plain vi and pwd_mkdb soon after that. There's no need to use vipw when running in boot -s. On Nov 19, 2007 5:18 PM, Jumping Mouse [EMAIL PROTECTED] wrote: Hi there, I have inherited an openBSD machine with no root account. When I boot up in single user mode boot -s and do a cat /etc/master.passwd | root the only thing I get is: daemon:*:1:1::0:0:The devil himself:/root:/sbin/nologin I can't seem to make changes to the master.passwd account by using vipw in single usermode. I get a message that the file is locked or busy. Can anyone help in what I can do next? How can I add the root account back to the master.passwd file. thanks. Express yourself instantly with MSN Messenger! MSN Messenger http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: altroot is not mentioned in FAQ [diff]
snip 20G disks don't really exist anymore. shouting O RLY? /shouting I always thought my 20 Gig HDD was the largest of my eight drives. Are you saying it's Schroedinger's hard drive? What about the others? My 200 MB would like to have a little word with you, and it doesn't look like it's particularly amused. H /me thinks time has arrived to get my old Apple ][c from the locker and start an Apple2BSD Project... Let's see what can be done with 128kb of RAM, 8-bit 6502 processor and no HDD. Also, let's remember that old computers NEVER end up in the so-called developing world. People there would NEVER use old computers, right? /me lives in the so-called developing world. Never knew anyone who have bought an old computer from the so called 1st world and set up a desktop machine or even a production server... People here who are crazy enough to install OpenBSD on a very, very old computer are more perfectly able to do this talk... Otherwise, they would have upgraded their Win9X to WinXP by financing a new system. Let them buy new ones! Oh, and let them eat cake, too. That's great!!! I love cakes!
Re: OpenBSD kernel janitors
Agreed I needed to peek OpenBSD code a couple months ago and found it extremely readable. Doing simple tasks can be a better path leading to new kernel engineers. Just posting your task list on this list isn't a commitment to coach new developers, but can provide a solid material to start coding. Obviously patches will be subject to peer review. Even if a patch isn't approved, the coder should have learned something new and useful. On 10/30/07, n0g0013 [EMAIL PROTECTED] wrote: On 30.10-20:26, Miod Vallat wrote: [ ... ] That's when you need as much support as possible. And that's the kind of support I, as an individual, can not provide. i believe the task list itself would be positive , even if not much happens around it. they are good for the community as well as the codebase. you are not commiting yourself to mentoring and tutoring every idiot who wants a crack at the kernel, you're simply saying, look if you think you're good enough to do the work, here are some things that i know, from my experience, need done. the learning and effort comes from interested parties. this sort of delegation does work in other projects, perhaps if we have a good list we can figure out how to make it work here too. -- t t w
Re: OpenBSD kernel janitors
snip as opposed to a majority of people who talk and not code anything? here is a solution for you -- read http://openbsd.org/query-pr.html and start fixing those. pretty simple solution if you get no bugs of your own. cu -- Good point. I was wondering what to do next, once/if I can finish fixing a wi driver issue... Let me raise one question... There are quite a few books written about how certain things work on a kernel level, but they're for other operating systems. If we had such documentation, even if it isn't kept up-to-date, it would be a start point. As I stated in an earlier message, OpenBSD code is very, very readable. It could be used in lots of college classes around the world. A book could provide an additional way to fund the project. Obviously, it is not an easy task, particularly from the commercial side. Deals would have to be made and they tend to be more attractive to the publisher side
Re: QEMU /dev/tun issue with tun device number 3 (more than 4 guests)
On 10/25/07, Michael [EMAIL PROTECTED] wrote: Hi, I've tried to run 5 QEMU guests simultanously but when trying to start the 5th I'll get the following error message: warning: could not open /dev/tun7 (No such file or directory): no virtual network emulation Could not initialize device 'tap' I have no idea why it looks for /dev/tun7 but after that I cd'ed to /dev and issued the command ./MAKEDEV tun4 but now I get the following message when starting qemu: snip Maybe you'll have to compile a new kernel. There's an options(4) option called tun. I had to add something like pseudo-device tun 16 on a kernel config file once. If I remember correctly, the default is the kernel to allocate 4 tun channels. That would explain why it's failing in the 5th QEMU guest. Don't forget that customized kernels aren't supported.
Re: QEMU /dev/tun issue with tun device number 3 (more than 4 guests)
comments inline. On 10/25/07, Michael [EMAIL PROTECTED] wrote: Hi, thanks for your fast answer. Marcus Andree schrieb: Maybe you'll have to compile a new kernel. There's an options(4) option called tun. I had to add something like pseudo-device tun 16 I read something while googling for this issue that you had to add something like that for older versions of OpenBSD like before 3.6 or even 3.4. Yep. It was some time ago ;) on a kernel config file once. If I remember correctly, the default is the kernel to allocate 4 tun channels. That would explain why it's failing in the 5th QEMU guest. Don't forget that customized kernels aren't supported. Well, more than 4 tun interfaces ARE working ... if I create /dev/tun4 or higher manually with (cd /dev; ./MAKEDEV tun4) and also manually add tun4 to the bridge (brconfig bridge0 add tun4 up) ... but QEMU does that for tun0 - tun3 on its own ... its just not working for more than the first four interfaces. By stating that the interfaces ARE working, you mean that they not only exist but the bridges are correctly configured and functional, right? If more than 4 tun devices work properly on the openbsd-side, then this thing should be a qemu issue, be it fixable from an external shell script or not. Btw, would something like ![ -c /dev/tun4 ] || (cd /dev; ./MAKEDEV tun4) work inside a /etc/hostname.tun4 file, just to make sure the device exists? I'd prefer to work directly with mknod than cd'ing to /dev and firing up MAKEDEV to create just one character device. Michael
Re: Cyrus IMAP performance problems [Long]
snip Got similar problems with imap once, a long time ago... Had to switch from mailbox format to maildir
Re: How can i boot a bsd.rd from windows 2000 ?
That's the best answer so far But, personally, I believe it can be done without programming and hacking OpenBSD installation program to work in the same way as Ubuntu install.exe Here's how I thing it _might_ work. The point is to use a bootable linux partition to bridge from !OpenBSD to OpenBSD++. :) 1) get some grub-bootable disk space by either repartitioning your HD or using an external disk 2) Repartition the extra disk space in three different partitions. You may need to install a 4th or 5th, depending on your virtual memory needs. Let's call these partitions part1, part2 and part3 hereafter. 3) install a small/minimal Linux distro on partition part1 that can be done from within windows. Ubuntu install.exe is a valid choice. The real limit is your available disk space. 3a) That Linux distro must install a decent boot loader, capable of booting Linux and Windows so far 4) Start Linux. Remember that empty partition called part2? Use a disk setup program (maybe fdisk), from Linux to do the following: 4a) Set part2 to be a valid OpenBSD partition, by changing the partition code number 4b) Set part3 to be a valid OpenBSD/Linux data exchanging partition. Maybe a FAT32 will do the job. Can't remember if Linux is able to read/write to ffs partitions 5) Copy OpenBSD installation set to part3 6) Hack grub or the decent boot loader to point to a valid bsd.rd image located on part3. Can't say if this will work... 7) Reboot the computer. Chose grub to fire up bsd.rd 8) If you can start bsd.rd, follow the install procedure by using the install files on part3. At the end, you'll have a completely bootable OpenBSD partition and can reslice your drive to claim unused disk space (the Linux partition, for instance), maybe using some space to add a decent swap area to OpenBSD. If you can't attach an external drive, can't say how you could repartition your main hard drive... Finally, despite presenting us a good technical problem waiting for some clever solution, you really should not rely on a portable that can't boot to anything if the main drive is busted. On 10/10/07, ropers [EMAIL PROTECTED] wrote: On 10/10/2007, Christopher Bianchi [EMAIL PROTECTED] wrote: Nick Guenther ha scritto: On 10/10/07, Christopher Bianchi [EMAIL PROTECTED] wrote: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? I've tried google, but nothing :-( Thanks for the attention Can your BIOS boot from the network (PXE)? If you can set up a PXE server with pxeboot as the boot image then you can boot that way. Alternatively you can pull out the hard drive, plug it into a different computer or a USB-to-IDE converter, install there, and then put it back. -Nick Thanks for the attention Nick, but 1) i can't boot from pxe ( damn Sharp ) and 2) i wish an elegance solution without pull out the hard disk. Thanks DISCLAIMER: I'm talking out my arse here, and I don't know if what you're hoping to do is even possible. That said, here are my thoughts on the matter: (1) The only way to hand off control from one operating system to another operating system is to make a program run exclusively (not preemptively multitasked ( http://en.wikipedia.org/wiki/Preemption_%28computing%29#Pre-emptive_multitasking )) and with full access to the entire computer, including all of the memory (ie. outside of memory protection ( http://en.wikipedia.org/wiki/Memory_protection )). (a) To use unix terminology, you would need to start the system in single user mode ( http://en.wikipedia.org/wiki/Single_user_mode ), and then you would need a program that can load the OpenBSD kernel and hand off control to it. In some very rare cases, programs like this do exist. I remember (unsuccessfully) trying to install NetBSD on an old Apple PowerBook 145B many moons ago. Because the firmware (ie. the BIOS) of this Motorola 68K based laptop did not support loading a non-Apple OS, the solution there was to load Mac OS 6 or 7.whatever, and then run a Mac OS program that would seize control of the entire machine and load NetBSD. (This would have worked, except that my machine had too little RAM and HDD space.) The old Mac OS was not a proper preemtive multitasking OS w/ memory-protection; and writing a program to load another OS from it was only possible because of these limitations. Windows 2000 however is built on NT (OS/2) technology and has memory protection and preemtive multitasking. No a program like that old NetBSD boot loader cannot exist for
Re: How can i boot a bsd.rd from windows 2000 ?
Once upon a time there was a program called loadlin... I've used it a couple times. It was quite annoying when, by mistake, double clicked somewhere and, without further warning, a Linux distro was booting right in front of me. snip Wasn't there, in the last century, a tool for windows to boot a linux kernel (yeah, I know this is OpenBSD) from windows, but I guess that was with win-dos. snip
Re: How can i boot a bsd.rd from windows 2000 ?
Cool. Didn't noticed a version of grub that runs on windows. snip See: http://www.geocities.com/lode_leroy/grubinstall/ snip
Re: Transparent Firewall with NAT
You _may_ be able to apply the following setup (borrowing from someone else's design :-) : inside box (1) firewall/bridge doing nat (2)- default gateway internet if1 if2 Let's just suppose that if2 has the ip address IP2 configured. 1 - set interface if1 to brigde interface if2. 2 - your fw/bridge computer has a default route to a gateway that can forward packets to the net 3 - do not assign an IP address to if1 4 - do your pf home lesson to NAT computers from the inside network, using external IP2 address 5 - somehow, the computers from your inside network should be set to use IP2 as default gateway. 5 a) This implies that IP2 lies in the same net address you're using on your inside network. 5 b) Or you have a static route pointing to IP2 on each inside network computer. This implies that each computer on this net segment can talk directly to your default gateway that handles internet connections. To limit this communication and enforce all clients to set your bridge/fw host as default gateway, you should create a working filter ruleset. 6 - optionally, you may want the bridge to replicate only the IP protocol
Re: partition layout
On 10/4/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Wed, Oct 03, 2007 at 07:46:01PM -0400, Nick Holland wrote: Douglas A. Tutty wrote: Hello all, I have a 486DX4-100 with 32 MB ram. I bought an 8 GB drive to put in my P-II and it won't boot it so I've put in in the 486 along with a 1 GB drive. snip a very intertesting, educative and long discussion about using an old 486 with an ISA bus as a desktop machine If you're trying to install OpenBSD on a 486 machine just to keep your proficience levels, why not just virtualize it on whatever is the OS that will boot the P-II? I have a vmware image running quite comfortably on my desktop at work.
Re: Venezuala Change to GMT -4:30
Please, post a copy of this message to our (Brazilian) government. We're telling them the same thing for years. But, for whatever is the reason, they insist to defy nature and often change DST arrival every couple years. On 10/3/07, Constantine A. Murenin [EMAIL PROTECTED] wrote: On 03/10/2007, Julian Bolivar [EMAIL PROTECTED] wrote: In this month Caracas/Venezuela change to GMT -4:30, anyone know if this change will be included in the next openbsd release? Any country that changes the timezones without an advance notice is asking for an IT disaster. The whole story with various governments changing timezones out of the blue is getting a bit old now, and affected people should complain to their governments about the problem, not to the developers of the UNIX operating systems that already have a well-defined mechanism for effectively dealing with the timezones. C.
Re: To whom can I direct email for artwork use permission pls?
Theo is the copyright holder of the CD directory structure used by the install CDs. If someone wanna sell a CD (or DVD) legally, s/he will have to: - get a written permission from Theo or - code an entirely new installation procedure snip I say: make your OpenBSD DVDs, sell them cheaply, and just don't use the official artwork. Don't be misguided by what has been said here. OpenBSD is genuinely *free*. That means you can use it for whatever you like. There's nothing in any way immoral from selling it, whether or not you make a profit. If Theo or the other contributors didn't want you to have the freedom to do that, they wouldn't release their work under the BSD licence. snip
wi driver: maximal output power question
Dear all, First, let me say a big hello to everyone here. I've been out of this list for almost three years... Just came back less than a week ago and Chuck Yerkes is sorely missing... I don't know if this question will be better answered here or on [EMAIL PROTECTED] After reading an email about power management on ral devices, took a look in the following piece of code, from if_wi.c. It seems to suggest that power output, using wi devices, is limited. Anything greater than 20dBm will be treated as 20dBm. I'm waiting the arrival of some senao cards, capable of 200mW (23dBm) output. Is the wi driver capable of handling this amount of power? STATIC int wi_set_txpower(struct wi_softc *sc, struct ieee80211_txpower *txpower) { u_int16_t cmd; u_int16_t power; int8_t tmp; int error; int alc; if (txpower == NULL) { if (!(sc-wi_flags WI_FLAGS_TXPOWER)) return (EINVAL); alc = 0;/* disable ALC */ } else { if (txpower-i_mode == IEEE80211_TXPOWER_MODE_AUTO) { alc = 1;/* enable ALC */ sc-wi_flags = ~WI_FLAGS_TXPOWER; } else { alc = 0;/* disable ALC */ sc-wi_flags |= WI_FLAGS_TXPOWER; sc-wi_txpower = txpower-i_val; } } /* Set ALC */ cmd = WI_CMD_DEBUG | (WI_DEBUG_CONFBITS 8); if ((error = wi_cmd(sc, cmd, alc, 0x8, 0)) != 0) return (error); /* No need to set the TX power value if ALC is enabled */ if (alc) return (0); /* Convert dBM to internal TX power value */ if (sc-wi_txpower 20) power = 128; else if (sc-wi_txpower -43) power = 127; else { tmp = sc-wi_txpower; tmp = -12 - tmp; tmp = 2; power = (u_int16_t)tmp; } /* Set manual TX power */ cmd = WI_CMD_WRITE_MIF; if ((error = wi_cmd(sc, cmd, WI_HFA384X_CR_MANUAL_TX_POWER, power, 0)) != 0) return (error); if (sc-sc_ic.ic_if.if_flags IFF_DEBUG) printf(%s: %u (%d dBm)\n, sc-sc_dev.dv_xname, power, sc-wi_txpower); return (0); }
wi maximal power
Dear all, First, let me say a big hello to everyone here. I've been out of this list for almost three years... Just came back less than a week ago and Chuck Yerkes is sorely missing... I don't know if this question will be better answered here or on [EMAIL PROTECTED] After reading an email about power management on ral devices, took a look in the following piece of code, from if_wi.c. It seems to suggest that power output, using wi devices, is limited. Anything greater than 20dBm will be treated as 20dBm. I'm waiting the arrival of some senao cards, capable of 200mW (23dBm) output. Is the wi driver capable of handling this amount of power? STATIC int wi_set_txpower(struct wi_softc *sc, struct ieee80211_txpower *txpower) { u_int16_t cmd; u_int16_t power; int8_t tmp; int error; int alc; if (txpower == NULL) { if (!(sc-wi_flags WI_FLAGS_TXPOWER)) return (EINVAL); alc = 0;/* disable ALC */ } else { if (txpower-i_mode == IEEE80211_TXPOWER_MODE_AUTO) { alc = 1;/* enable ALC */ sc-wi_flags = ~WI_FLAGS_TXPOWER; } else { alc = 0;/* disable ALC */ sc-wi_flags |= WI_FLAGS_TXPOWER; sc-wi_txpower = txpower-i_val; } } /* Set ALC */ cmd = WI_CMD_DEBUG | (WI_DEBUG_CONFBITS 8); if ((error = wi_cmd(sc, cmd, alc, 0x8, 0)) != 0) return (error); /* No need to set the TX power value if ALC is enabled */ if (alc) return (0); /* Convert dBM to internal TX power value */ if (sc-wi_txpower 20) power = 128; else if (sc-wi_txpower -43) power = 127; else { tmp = sc-wi_txpower; tmp = -12 - tmp; tmp = 2; power = (u_int16_t)tmp; } /* Set manual TX power */ cmd = WI_CMD_WRITE_MIF; if ((error = wi_cmd(sc, cmd, WI_HFA384X_CR_MANUAL_TX_POWER, power, 0)) != 0) return (error); if (sc-sc_ic.ic_if.if_flags IFF_DEBUG) printf(%s: %u (%d dBm)\n, sc-sc_dev.dv_xname, power, sc-wi_txpower); return (0); }
Re: Blocking many accesses to ssh port from single IP
snip Tonight I got 800+ attempts from the same IP. I played with manually blocking the IP, but it was over before I got the firewall rules written and looked over them twice. Is there any way to block/limit the number of connections to a port in a given time period? I was getting around 5 connects per second from the same IP/PORT (in Hungary :-( ). snip Well, we've got a different solution to this same problem. A custom daemon was written in C and is being executed on the server machine. Everytime a user/client needs to SSH from a uncommon place, not beloging to a local sshable client table, the user needs to connect to a the specific port on which the daemon is listening to. The server then adds the remote IP to the sshable pf table. Once the user finishes the job, a new connection is made to another port and the server removes the remote IP from the pf table. It's a bit weird, but we completely solved this annoying problem of dictionary attacks. Since no data travels on the wire (the daemon closes the connection right after accepting it), it is fairly secure.