Re: How to trim SSD?

2024-08-14 Thread Oliver Peter 
On Wed, Aug 14, 2024 at 07:36:01PM +0200, Oliver Peter wrote:
> On Sun, Aug 11, 2024 at 11:50:53PM +0200, Kirill A. Korinsky wrote:
> > This is out of the list reply, I hope it's ok.

Oops, that mail ended up by accident on this list.
Sorry for the noise.


-- 
Oliver Peter   oli...@gfuzz.de   0x456D688F

Re: How to trim SSD?

2024-08-14 Thread Oliver Peter 
Hi Kirill!

Thanks for your mail.

On Sun, Aug 11, 2024 at 11:50:53PM +0200, Kirill A. Korinsky wrote:
> This is out of the list reply, I hope it's ok.
> 
> On Sun, 11 Aug 2024 21:44:52 +0200,
> Oliver Peter  wrote:
> > 
> > [1] Little write-up: https://hackmd.gfuzz.de/s/Qsk14kc3i (OpenBSD & Hetzner)
> >
> 
> I have no idea about trim, but I'd like to share a way which I've used on
> the same Hetzner a few times [1] where I uses TFTP boot to enforce serial
> console on boot. Unfortently, since 7.0 it's impossible to make an automatic
> instalation via answer file due to limitation of QEMU :(
> 
> Footnotes:
> [1]  
> https://kirill.korins.ky/articles/installation-of-openbsd-on-headless-server-without-kvm-or-vnc/

Nice!  According to manpage 'The dhcpleased program first appeared in
OpenBSD 6.9.' - seems like a replacement rewrite for dhclient to me and
not all features are fully ported yet.  Wonder what Florian thinks about
this, have you ever mentioned your issue to an OpenBSD developer?

Cheers


-- 
Oliver Peter   oli...@gfuzz.de   0x456D688F

Re: How to trim SSD?

2024-08-14 Thread Oliver Peter 
Hi!

Thanks for all your replies and recommendations.

On Mon, Aug 12, 2024 at 10:05:51AM +0200, Harald Dunkel wrote:
> I would recommend to allocate up to 90% of your SSD in fdisk,
> ignore the remaining 10% and don't worry about it again. The
> 10% should give the SSD firmware sufficient free space for
> wear leveling.

Sounds reasonable to me and I'll give it a try.

Thanks.


-- 
Oliver Peter   oli...@gfuzz.de   0x456D688F

How to trim SSD?

2024-08-11 Thread Oliver Peter 
Hi!

How do you guys trim your SSDs?
Or shall I ask "do you trim your SSDs at all"?

Does OpenBSD have similar functionality like
https://man.netbsd.org/blkdiscard.8 ?

I recently rented a phys. machine and installed OpenBSD on it[1], smartctl
already tells me that the disks have seen better times, that's why I am a bit
worried about wearing them out even faster without trimming:

ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE  UPDATED   
WHEN_FAILED RAW_VALUE
202 Percent_Lifetime_Remain 0x0030   075   075   001Old_age   Offline   -   
25
202 Percent_Lifetime_Remain 0x0030   078   078   001Old_age   Offline   -   
22

Cheers
Oliver


[1] Little write-up: https://hackmd.gfuzz.de/s/Qsk14kc3i (OpenBSD & Hetzner)


-- 
Oliver Peter   oli...@gfuzz.de   0x456D688F

Re: asking for help compiling dns stats collector (dsc)

2016-02-25 Thread Oliver Peter 
erence to `__inet_pton'
> >>collect2: ld returned 1 exit status
> >>*** Error 1 in /root/dsc/l/dsc-201502251630/collector/dsc (Makefile:65
> >>'dsc')
> >>
> >>For example text around query_classification_index.c:71 reads like this
> >>
> >>static int
> >>a_for_a(const dns_message * m)
> >>{
> >> struct in_addr a;
> >> if (m->qtype != T_A)
> >> return 0;
> >> if (inet_aton(m->qname, &a))
> >> return CLASS_A_FOR_A;
> >> return 0;
> >>}
> >>
> >>I would be very thankful if you could point to me how to solve it and
> >>progress from here to ./dsc binary.
> >>
> >>
> >>Imre
> >>
> >>PS I searched ports collection for similarities and actually found file
> >>
> >>/usr/ports/pobj/dnstop-20140915/dnstop-20140915/inX_addr.c
> >>
> >>which is very similar to
> >>
> >>/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c
> >>
> >>and has some inet_* funtsions in it. dnstop from ports compiles and
> >>runs fine. So i think i must be missing something obvious here. Needless
> >>to say i cant compile and read source but still i try to be attentive to
> >>your answer! :)
> >>
> >>
> >
> >You're going to need some things like
> >
> >(cflags/cxxflags)
> >-nostdinc -I/usr/local/include/bind -I/usr/include -I/usr/local/include
> >
> >(ldflags)
> >-L/usr/local/lib/libbind -Wl,-rpath,/usr/local/lib/libbind
> >
> >It may still not work, the BIND resolver and the system resolver have
> >conflicts in some areas. Some programs work like this, but it's more
> >luck than anything else.
> >
> >Alternatively try looking at old versions, they have some code to
> >support OpenBSD's resolver, but it's not clear whether it was
> >unfinished, or whether it used to work and got broken with updates.
> 
> Thank you for the answer, i tried like this and with every dsc .tgz listed
> 
> # ./configure CFLAGS="-nostdinc -I/usr/local/include/bind -I/usr/include
> -I/usr/local/include" LDFLAGS="-L/usr/local/lib/libbind
> -Wl,-rpath,/usr/local/lib/libbind"
> 
> but got same result. I decided to write to dsc-users list and referred to
> here, and good people there reacted and said they will soon look at it and
> most probably can sort it out
> 
> https://lists.dns-oarc.net/pipermail/dsc-users/2016-February/05.html
>
> I am in no position to expect a solution but of course i would be glad if
> one comes along. I will let know how it goes.

[oliver@daphne] ~/dsc/collector/dsc $ svn diff
Index: inX_addr.c
===
--- inX_addr.c  (revision 2210)
+++ inX_addr.c  (working copy)
@@ -3,7 +3,7 @@
 #include 
 #include 
 #include 
-#include 
+#include "/usr/include/arpa/inet.h"
 #include 
 
 #include "inX_addr.h"
Index: query_classification_index.c
===
--- query_classification_index.c(revision 2210)
+++ query_classification_index.c(working copy)
@@ -4,6 +4,7 @@
 #include 
 #include 
 #include 
+#include "/usr/include/arpa/inet.h" 
 
 /* OpenBSD does not have nameser_compat.h */
 #ifdef __OpenBSD__
[oliver@daphne] ~/dsc/collector/dsc $ file dsc
dsc: ELF 64-bit LSB shared object, x86-64, version 1

/usr/local/include/bind/arpa/inet.h might be causing that conflict,
patch above works for me but still sucks.


-- 
Oliver PETER   oli...@gfuzz.de   0x456D688F

Re: AMD64 packages

2014-12-11 Thread Oliver Peter 
On Thu, Dec 11, 2014 at 11:59:55AM +0100, FRIGN wrote:
> Btw, now that the topic has come up. Is there a way to view the
> diffs quickly on a source- or port-change?

Not official and not instantly updated:
http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-ports/log/

--
Oliver PETER   oli...@gfuzz.de   0x456D688F

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: 5.6 arrived

2014-10-28 Thread Oliver Peter 
On Mon, Oct 27, 2014 at 08:13:51PM +0100, Harald Dunkel wrote:
> On 10/27/14 19:44, Theo de Raadt wrote:
> >> How is the current install56.iso in pub/OpenBSD/snapshots/amd64/ on
> >> the mirrors related to the shipped 5.6 CDs?
> >
> > From the ftp site:
> >
> > -rw-r--r--   1 root  wheel 58741116 Oct 27 01:42 base56.tgz
> >
> > That is around 11 hours ago.  Probably a bit newer than what people
> > will find on their CDs.
> >
>
> Sure, but is this still 5.6 (some kind of "stable-5.6" iso)? Hopefully
> there are just minor differences?

If the difference between release and snapshot is too confusing for
you, you should probably just stay with release.  If you need releases
on time you should order a CD set next time.

Any please don't try to install a current 5.6 snapshot and use it like
it was a 5.6 release.  Please don't do that.


--
Oliver PETER   oli...@gfuzz.de   0x456D688F

[demime 1.01d removed an attachment of type application/pgp-signature]

FAQ / geektools RFC / diff

2014-06-03 Thread Oliver Peter 
Links in FAQ seem to be dead:

Index: faq8.html
===
RCS file: /cvs/www/faq/faq8.html,v
retrieving revision 1.252
diff -u -r1.252 faq8.html
--- faq8.html   3 May 2014 13:14:30 -   1.252
+++ faq8.html   27 May 2014 08:13:23 -
@@ -1158,7 +1158,7 @@
 
 What is going on:
 From a workstation behind the NAT of the gateway with an 
-http://www.geektools.com/rfc/rfc1918.txt";>unregistered IP 
+http://tools.ietf.org/html/rfc1918";>unregistered IP 
 address of 192.168.1.35, the user uses 
 http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1";>ssh
 to access the gateway system.  The 
Index: pf/nat.html
===
RCS file: /cvs/www/faq/pf/nat.html,v
retrieving revision 1.46
diff -u -r1.46 nat.html
--- pf/nat.html 1 May 2014 15:03:50 -   1.46
+++ pf/nat.html 27 May 2014 08:13:25 -
@@ -64,13 +64,13 @@
 IP addresses assigned to you by your Internet Service Provider is less
 than the total number of computers that you wish to provide Internet
 access for. NAT is described in
-http://www.geektools.com/rfc/rfc1631.txt";>RFC 1631,
+http://tools.ietf.org/html/rfc1631";>RFC 1631,
 "The IP Network Address Translator (NAT)."
 
 
 NAT allows you to take advantage of the reserved address blocks
 described in
-http://www.geektools.com/rfc/rfc1918.txt";>RFC 1918,
+http://tools.ietf.org/html/rfc1918";>RFC 1918,
 "Address Allocation for Private Internets."
 Typically, your internal network will be setup to use one or more of
 these network blocks. They are:
Index: pf/shortcuts.html
===
RCS file: /cvs/www/faq/pf/shortcuts.html,v
retrieving revision 1.34
diff -u -r1.34 shortcuts.html
--- pf/shortcuts.html   1 May 2014 15:03:50 -   1.34
+++ pf/shortcuts.html   27 May 2014 08:13:25 -
@@ -126,7 +126,7 @@
 
 Using Lists
 Let's look at a good set of rules to have in your ruleset to handle
-http://www.geektools.com/rfc/rfc1918.txt";>RFC 1918
+http://tools.ietf.org/html/rfc1918";>RFC 1918
 addresses that just shouldn't be floating around the Internet,
 and when they are, are usually trying to cause trouble:
 


-- 
Oliver PETER   oli...@gfuzz.de   0x456D688F

Re: Unbound in base

2012-02-14 Thread Oliver Peter 
On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote:
> 14 QP5P2QP0P;Q 2012, 12:59 P>Q Gregory Edigarov
:
> > On Tue, 14 Feb 2012 08:09:16 +
> > Peter van Oord van der Vlies  wrote:
> >
> > > Hello,
> > >
> > > Why replacing bind ?
> >
> > Because bind is full of security related bugs and a bloatware.
>
> Oh come on!
> They say about the same thing about sendmail for years (decades already?).
> Still it is in the base.

smtpd(8) is underway. Also there is no proper MTA implementation out
there served under the BSD license (i.e. Postfix has IBM license).

Unbound (and also nsd) is a good and lightweight alternative to
sendmail using the BSD license.  License stuff is more important than
it sounds.

IMO the separate development of a resolver (unbound) and an authoritive
nameserver (nsd) is better than having all functionality within one
server (named).

--
Oliver PETER   oli...@opdns.de   0x456D688F

Re: Minimally painful mail client for "rich" (spit!) messages

2011-02-09 Thread Oliver Peter 
On Wed, Feb 09, 2011 at 05:38:38PM +0100, Peter N. M. Hansteen wrote:
> During recent months I've joined some mailing lists with fairly good
> signal to noise ratio on a specific topic, the only snag being that a
> distressingly large number of otherwise sane messages have been
> written using mail clients (fsvo) that by default bury the content in
> "rich" formatting that makes it hard for old-style mail readers to
> cope.
> 
> Telling people off for their choice of mail clients is not an option
> (some at least have had that choice made for them), so as a workaround
> I probably need to start looking around for a mail client that will
> make reading Outlook and peers' output less painful.
> 
> Does such a beast exist, preferably among OpenBSD packages (as in, it
> has to run on OpenBSD, but I can build locally if needs be)? 
> 
> I've tried and hated both Evolution and Thunderbird, but surely there
> must be other choices?

Peter, does mutt (ports/mail/mutt/snapshot I recommend) count as 'old-style'
mail reader, too?  If so, it feels very modern to me and also is my choice
for 'heavy' mail reading.
If you are looking for some graphical client you may want to give clawsmail
a try (mail/claws-mail).

Re: Cannot boot into bsd.rd 4.8

2011-02-07 Thread Oliver Peter 
On Mon, Feb 07, 2011 at 04:56:28PM +0200, Tomas wrote:
> Hey there all on the misc,
> 
> I am having problems booting into bsd.rd on my machine. Currently the
> machine holds OpenBSD 4.4 Generic and is working fine. But now I've decided
> to upgrade it (I will be doing a clean install) to version 4.8. So I've
> downloaded bsd.rd (4.8) into the machine and tried to boot into it, but the
> machine restarts itself in the middle of booting it. Can someone please
> point me into the right direction how can I resolve this?
> 
> Here is the dmesg from it running 4.4:

Hey Tomas, provide the 4.8 dmesg if you can - or take a picture of the
screen, upload it and share the link with the list.

Re: DNSSEC validating resolver

2011-01-24 Thread Oliver Peter 
On Mon, Jan 24, 2011 at 07:52:59AM -0500, Josh Smith wrote:
> On Monday, January 24, 2011, Henning Brauer  wrote:
> > * Oliver Peter  [2011-01-24 11:56]:
> >> The tcp option in resolv.conf might be reasonable for a single workstation
> >> but due to the protocol overhead not appropriate for larger networks / many
> >> clients.
> > people keep claiming this bullshit. remains bullshit.
>
> I agree the tcp option in resolv.conf looks great and I'll be enabling
> it on my obsd clients but, correct me if I am wrong, this will do
> little to help protect the non obsd clients using my recursive
> resolvers.

resolv.conf has nothing to do with the resolver daemons behaviour.
You can configure your network's resolver (bind, unbound, etc) to use TCP only.

Re: DNSSEC validating resolver

2011-01-24 Thread Oliver Peter 
On Mon, Jan 24, 2011 at 01:33:53PM +0100, Henning Brauer wrote:
> * Oliver Peter  [2011-01-24 11:56]:
> > The tcp option in resolv.conf might be reasonable for a single workstation
> > but due to the protocol overhead not appropriate for larger networks / many
> > clients.
> 
> people keep claiming this bullshit. remains bullshit.

The more I think about it...  The only tcp connection you establish is from
the host in question (i.e. workstation) to the resolver.
The resolver then decides how to query the authoritative nameserver (udp/tcp),
right?  Aye?

Re: DNSSEC validating resolver

2011-01-24 Thread Oliver Peter 
On Sun, Jan 23, 2011 at 08:06:09PM +, Kevin Chadwick wrote:
> On Sat, 15 Jan 2011 06:28:51 -0500
> Josh Smith  wrote:
> > 
> > I've got to say I'm suprised the dns server in the base system of the
> > worlds most secure OS is not able to validate dnssec responses
> > 
> 
> Actually there is much debate about how much security dnssec adds,
> atleast currently. OpenSSL even, has had it's bugs. It is clear however
> that it makes Denial Of Service attacks much easier. The tcp resolv.conf
> option (quite possibly unique to OpenBSD) can already add much security
> to your resolving too. I imagine DNSSEC has very little to do with the
> unbound import. 

The tcp option in resolv.conf might be reasonable for a single workstation
but due to the protocol overhead not appropriate for larger networks / many
clients.

> I am certainly not saying don't use DNSSEC but you need to bear in mind
> the consequences. DNSSEC was known to need revising when it was rolled
> out, but I believe was implemented to give it many kicks in the
> direction of getting it right as throwing millions of dollars at it,
> wasn't ironing much out.
> 
> Any axe murderer's out there? ;-)

DNS looks trivial in the first place but it isn't.
Please keep in mind that DNS is hidden in almost all common network
services so you want to make and keep your DNS queries and responses 
as secure as possible.

Re: DNSSEC validating resolver

2011-01-17 Thread Oliver Peter 
On 1/15/11 12:28 PM, Josh Smith wrote:
> I've got to say I'm suprised the dns server in the base system of the
> worlds most secure OS is not able to validate dnssec responses

pkg_add unbound and you're done.  If you think you are that smart to use
DNSSEC, then you should also be that smart to run that command.

Or better re-phrase the question:
  "Why did ISC make it so complicated to import the latest stable
  release of their nameserver software into OpenBSD base?"

Re: DNSSEC validating resolver

2011-01-14 Thread Oliver Peter 
On 1/14/11 10:06 AM, Martin Schrvder wrote:
> 2011/1/14 Chris Cappuccio :
>> > nsd is already part of the tree and unbound will join it at some point to
>> > replace bind.  they are well documented, fairly easy to use, and unbound is
>> > available through ports. use it.
> But a DNSSSEC validiating resolver should be in base, not ports.

>From what I've heard that's already the plan:
http://old.nabble.com/Re:-Testing-NSD-p29509010.html

Re: insecure scheduler in OpenBSD 4.7

2010-10-12 Thread Oliver Peter 
On Tue, 12 Oct 2010 13:57:20 +0200
Alexandre Ratchov  wrote:

> > It is not secure. One user script or program may load CPU and
> > database or another servers lost speed in disk operations.
> > This is hole for DOS attacks in OpenBSD design.  
> 
> Yeah, this is an attack root can do by renicing a cpu bound process,
> but ``rm -rf /'' is much easier, isn't it?

"If you aim the gun at your foot and pull the trigger, it's
UNIX's job to ensure reliable delivery of the bullet to
where you aimed the gun (in this case, Mr. Foot)."
-- Terry Lambert

Re: FreeBSD isn't Free

2010-10-06 Thread Oliver Peter 
On Tue, 05 Oct 2010 23:22:03 -0600
Theo de Raadt  wrote:

> Just for fun.

"Stop wasting your time reading people's licenses.",
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/theo.c.diff?r1=1.77;r2=1.78

Eh? :)

Re: My trouble with BIND.

2010-09-25 Thread Oliver Peter 
On Sep 25, 2010, at 8:44 PM, Oliver Peter wrote:

> You should have a look at dig(1).
> i.e.
>   dig @127.0.0.1 example.com A

Ah, and there's also:

net/ldns/drill
drill is a tool ala dig from BIND. It was designed
with DNSSEC in mind and should be a useful
debugging/query tool for DNSSEC.

~ollie

Re: My trouble with BIND.

2010-09-25 Thread Oliver Peter 
Hey David,

On Sep 25, 2010, at 11:42 AM, David Walker wrote:

> First off a small oddity (it could be pebkac).
> It appears my named.conf is okay and so are my master files.
> If I do a ...
> nslookup example.com 127.0.0.1
> ... I get a result returned that looks as per normal wth the IP
> address I set in the master file.
> If I do interactive mode and try likewise, nslookup sits there and does
nothing.
> I've tried appending a dot, using localhost instead of 127.0.0.1 and
> various combinations thereof.
> Am I missing something?

You should have a look at dig(1).
i.e.
dig @127.0.0.1 example.com A

Which will query your local service for the A record
of example.com.  Replace 'A' with 'any' to retrieve
all RRs, typically A, SOA, NS and MX.

nslookup shouldn't be the tool of choice when debugging
DNS issues.

Cheers
~ollie

Re: OT: Have you hugged your local OpenBSD dev lately?

2009-11-20 Thread Oliver Peter 
On Wed, 18 Nov 2009 16:05:04 -0800
Bryan  wrote:

> So glad we don't have these kinds of issues...
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=534047

And finally...

https://www.redhat.com/archives/fedora-devel-list/2009-November/msg01445.html

Good fun though.

-- 
Oliver PETER email: oli...@peter.de.com ICQ# 113969174
"I'm just a simple man trying to make my way in the universe."
-- Jango Fett

Re: OT: Laptop advice. SSD costs.

2009-09-14 Thread Oliver Peter 
On Mon, Sep 14, 2009 at 02:37:39PM +, Christian Weisgerber wrote:
> Edd Barrett  wrote:
...
> > b) Any other comments?
> 
> I don't think there is any SSD available that (1) can be fitted
> into an X40/X41, (2) is available in 64 GB or more, and (3) has
> reasonable performance for small random writes.

http://cgi.ebay.co.uk/KingSpec-1-8-IDE-SSD-MLC-64GB-work-in-IBM-X40-X41-X41T_W0QQitemZ370224035188QQcmdZViewItemQQptZDE_Elektronik_Computer_Computer_Festplatten?hash=item5633127574&_trksid=p3286.c0.m14&_trkparms=65%3A12|66%3A2|39%3A1|72%3A1229|240%3A1318|301%3A1|293%3A1|294%3A50

No idea about the performance regarding small files and
and the sender looks dodgy[1] to me but the price seems
to be "alright".

[1] "NO TAXES OR IMPORT DUTIES IF YOU BUY FROM US AS THEY ARE MARKED AS GIFTS"

-- 
Oliver PETER email: oli...@peter.de.com ICQ# 113969174
"I'm just a simple man trying to make my way in the universe."
-- Jango Fett

Re: pf to block against DDoS?

2008-09-04 Thread Oliver Peter 
On Thu, Sep 04, 2008 at 09:23:09PM +0200, Redd Vinylene wrote:
> Hello hello!
> 
> I was quite shocked today when I heard I could use pf to block against DDoS
> attacks, using Stateful Tracking Options,
> http://www.openbsd.org/faq/pf/filter.html#stateopts.
> 
> But does anybody have any nice setups of this they'd want to share?
> 
> Much obliged, and thanks.

... nice cross-post.

I can recommend reading through this as well:
  http://www.bgnett.no/~peter/pf/en/bruteforce.html

-- 
Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174
"If it feels good, you're doing something wrong."
  -- Coach McTavish

Re: openbsd mobile question?

2006-10-16 Thread Oliver Peter 
Hi Jay,

On Mon, Oct 16, 2006 at 06:13:59PM +0800, Jay Jesus Amorin wrote:
> hi,
> 
> does openbsd 4.0 supports intel ac'97 modem and intel ipw2200 on laptop?
> 
> guys, any ideas?

Here you can find a great documenation about your ipw2200:
http://damien.bergamini.free.fr/ipw/ipw-openbsd.html

Have fun.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: licq icqnd

2006-06-07 Thread Oliver Peter 
Hello Artyom,

On Thu, Jun 08, 2006 at 12:13:12AM +0300, [EMAIL PROTECTED] wrote:
> Silly problem but I can't get it to work :(
> Installed from sources licq and icqnd plugin for it. And when I try to
> start it this way: licq -p icqnd
> I always receive error that it was unable to load the plugin. Anybody has
> licq working with icqnd?

I can not imagine there's someone here who can/will help you.
Your problem is not OpenBSD specific enough.

Try it here:
http://sourceforge.net/mail/?group_id=254

Good luck.

--
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: upgrade halted

2006-04-19 Thread Oliver Peter 
On Wed, Apr 19, 2006 at 04:22:06PM +0200, Jasper Bal wrote:
> After nummerous advices on the list that I should upgrade, I decided to 
> try remote upgrading.

AFAIK you're running an 3.6 system, right? Did you directly go from
3.6 to 3.9?
 
> Reboot on the new kernel: This might be a tempting step to skip, but it 
> should be done now, as usually, the new kernel will run old userland 
> apps (such as the soon to be important reboot!), but often a new 
> userland will NOT work on the old kernel.

That's right.
 
> something went wrong. I issued a reboot. And when the system came back 
> up, SSH didn't recognize any of my passwords. All the services seem to 
> be running though. I even have unchrooted access through FTP. I'm in 
> wheel group but have no access as root with FTP. 

root isn't able to login via ftp. Generic.

> Any hints? Did I do something wrong? Is there a fix? Or do I have to 
> travel 400 km?

Have you got a chance to connect via a serial terminal?

Please give us further informations how you did the update.
old version, new version, source update, generic kernel etc.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: time is always 10 minutes fast!

2006-04-18 Thread Oliver Peter 
Hi,

On Tue, Apr 18, 2006 at 11:07:17AM -0400, Jerome Santos wrote:
> Hi there I've been trying to sync my system time using ntpd. I followed the
> FAQ on how to do this but it always seems that my time is 10 minutes fast.
> 
> my /etc/ntpd.conf:
[...]
> #sync to a single server
> server 0.north-america.pool.ntp.prg
  ^^^ :)
Could you please provide us the output of 'ls -l /etc/localtime' and
the output of rdate? Maybe this can help us to resolve the problem.

Bye
Ollie

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: First OpenBSD 3.9 CD in Europe

2006-04-05 Thread Oliver Peter 
Hope this is OK to place this commercial:

Watch this nice and complete OpenBSD fan set from ixsoft:
http://www.ixsoft.de/cgi-bin/web_store.cgi?ref=Products/de/OOOB0390BU.html

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: Problem netbooting a Sun SS1

2006-03-31 Thread Oliver Peter 
Hi Robert,

On Fri, Mar 31, 2006 at 06:44:12PM +0200, Robert Waldner wrote:
> On Fri, 31 Mar 2006 18:03:56 +0200, Oliver Peter writes:
> >> root addr=192.168.1.1 path=/data/cdimages/OpenBSD/root
> >Is 192.168.1.1:/data/cdimages/OpenBSD/root mountable via NFS/udp from 
> >192.168.1.167 - there you have to place the bootkernel.
> 
> Yes, I tested this with my notebook set to 192.168.1.167. There's also 
>  not a single NFS-packet to be seen on the network when booting the 
>  SS1.

You're right - it seems that the link to the device is not set
properly at the firmware.

> Can't open network device `le(0,0,0)'
I hope there (or on [EMAIL PROTECTED]) is someone who can help you
to fix it. Maybe google will help, too.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: Problem netbooting a Sun SS1

2006-03-31 Thread Oliver Peter 
On Fri, Mar 31, 2006 at 05:41:03PM +0200, Robert Waldner wrote:
> root addr=192.168.1.1 path=/data/cdimages/OpenBSD/root

Is 192.168.1.1:/data/cdimages/OpenBSD/root mountable via NFS/udp from 
192.168.1.167 - there you have to place the bootkernel.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: security hole in sendmail

2006-03-31 Thread Oliver Peter 
On Thu, Mar 30, 2006 at 05:08:11PM -0700, Peter Valchev wrote:
> A race condition exists in sendmail's handling of asynchronous signals.
> A remote attacker may be able to execute arbitrary source code with the
> privileges of the user running sendmail, typically root.

Excuse my question - I don't want to attack our loved project but does
that mean that we've got a second remote hole? Don't kick my ass.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: C Compiler Prob

2006-03-30 Thread Oliver Peter 
On Thu, Mar 30, 2006 at 02:53:44PM +0200, oliver simon wrote:
> Seems it has a bug in 3.8 and sparc64. Just need it for proxying
> purposes, and exactly that does not work while I tried exactly the same
> config on a x86 Test-Machine. See my problem some days ago, where nobody
> seemed to have any knowledge about ...

Addition:
I would like to ask you to send a short report when you have compiled
it with the standard openbsd-gcc.
Furhter it would be interesting if you have the same proxy problem
with apache2.

Thanks.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: C Compiler Prob

2006-03-30 Thread Oliver Peter 
On Thu, Mar 30, 2006 at 02:53:44PM +0200, oliver simon wrote:
> Hi namesake,

Hee =)
 
> > Why don't you use the gcc which is already shipped with openbsd?
> Did not find it ... now I know where to look .. comp38.tgz ...

Do your homework:
http://openbsd.org/faq/faq4.html#FilesNeeded

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: C Compiler Prob

2006-03-30 Thread Oliver Peter 
On Thu, Mar 30, 2006 at 02:17:24PM +0200, oliver simon wrote:
> @Oliver: Could you please provide us your CFLAGS?
> 
> Nothing specific set .. only in the myconfigure.sh I do
> 
> export CC=egcc
> export CPPFLAGS="-I \
> /usr/local/lib/gcc/sparc64-unknown-openbsd3.8/3.4.4/include/"

You really enjoy pain, right?
Why don't you use the gcc which is already shipped with openbsd?
Why don't you use the apache which is already shipped with openbsd?

I can not imagine that there is someone here who wants to support you.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: C Compiler Prob

2006-03-30 Thread Oliver Peter 
On Thu, Mar 30, 2006 at 12:49:29PM +0200, oliver simon wrote:
> checking for C compiler default output file name... configure: error: C
> compiler cannot create executables

Could you please provide us your CFLAGS?

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: Openbsd PF Book

2006-03-26 Thread Oliver Peter 
On Sun, Mar 26, 2006 at 07:15:07PM +0200, Oliver Peter wrote:
> On Sun, Mar 26, 2006 at 05:26:55PM +, Qwerty wrote:
> > Hi All, Could anyone please tell me if the book "Building firewalls with
> > OpenBSD and PF" (found at Amazon), would still be applicable today, or is
> > it a bit outdated. Thank You Danny 
> 
> I don't know this book but IMO you don't have to buy a book after reading
> (and of course understanding) the manpages and docs at
> http://openbsd.org/faq/pf/index.html - you will need no pf-book anymore.

After I have read your mail more exaclty I saw that this wasn't your
question. Sorry for that.
 
-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."

Re: openbsd and the money

2006-03-24 Thread Oliver Peter 
On Fri, Mar 24, 2006 at 10:29:19AM -0700, Theo de Raadt wrote:
> That said, when 4.0 comes out there will likely be an audio CD made of
> all 11 of the songs, with artwork to match, sold seperately.

The songs are great - but like open{bsd,ssh} already at the public ftp
servers. I don't think that there will be so many dudes who will pay
for 9 old and only 2 new songs about 20-30 USD - even the artwork is
great as usual. Such a production will not cover the original costs.

Maybe our friends of humppa.com will make a "Humppa OpenBSD Support
Tour 2006" or add them to the 11 OpenBSD songs.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."