Re: No audio on auvia0 / VIA VT8233 AC97
Not 100% sure from the logs but you've got a lot of mixer channels muted, maybe PCM isn't getting amped. Also try 44100 Hz. I don't have windows available to update bios You probably don't need Windows, just a boot CD like from PE Builder, Ultimate Boot CD, etc. Intel and Dell also have some ISO images you can reuse. Is there something else I can try before getting a PCI soundcard? Update BIOS and any other firmware. -- p dmesg, pcidump, mixerctl, audioctl, and mplayer output below all came from amd64-5.1 and mplayer from packages: == OpenBSD 5.1 (GENERIC) #181: Sun Feb 12 09:35:53 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1072365568 (1022MB) avail mem = 1029746688 (982MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0720 (45 entries) bios0: vendor American Megatrends Inc. version 0210 date 09/05/2005 bios0: ASUSTeK Computer INC. A8V-MX acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices PCI0(S4) PS2K(S4) PS2M(S4) UAR1(S4) P7P8(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EHCI(S4) ILAN(S4) SLPB(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 Processor 3500+, 2200.45 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD errata 89, 97 present, BIOS upgrade may be required cpu0: apic clock running at 200MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P7) acpiprt3 at acpi0: bus 4 (P7P9) acpiprt4 at acpi0: bus 3 (P7P8) acpicpu0 at acpi0: PSS aibs0 at acpi0: RTMP RVLT RFAN acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB cpu0: Cool'n'Quiet K8 2200 MHz: speeds: 2200 2000 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 VIA K8M800 Host rev 0x00 agp at pchb0 not configured pchb1 at pci0 dev 0 function 1 VIA K8M800 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA K8M800 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA K8M800 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA K8M800 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA K8M800 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon VE rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 1 int 16 drm0 at radeondrm0 pciide0 at pci0 dev 15 function 0 VIA VT8251 SATA rev 0x00: DMA pciide0: using apic 1 int 21 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: ST380011A wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, DMA mode 2 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x90: apic 1 int 20 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x90: apic 1 int 22 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x90: apic 1 int 21 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x90: apic 1 int 23 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: apic 1 int 22 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8251 ISA rev 0x00: SMI iic0 at viapm0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL3.0 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL3.0 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x70: apic 1 int 22 ac97: codec id 0x414c4761 (Avance Logic ALC655 rev 1) audio0 at auvia0 pchb6 at pci0 dev 17 function 7 VIA VT8251 VLINK rev 0x00 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x7c: apic 1 int 23, address 00:13:d4:cc:b4:36 rlphy0 at vr0 phy 1: RTL8201L 10/100 PHY, rev. 1 ppb1 at pci0 dev 19 function 0 VIA VT8251 PCIE rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 VIA VT8251 PCIE rev 0x00 pci3 at ppb2 bus 3 ppb3 at pci2 dev 0 function 1 VIA VT8251 PCIE rev 0x00 pci4 at ppb3 bus 4 pchb7 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb8 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb9 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev
Re: No audio on auvia0 / VIA VT8233 AC97
Also try 44100 Hz. I tried but audioctl will not let me lower the Hz rate below 48000 Hz. Probably the native freq but it's strange it'd interpolate in software. Is there something else I can try before getting a PCI soundcard? Update BIOS and any other firmware. As far as I know, the BIOS is the only firmware existing on this computer. The on-board audio firmware could be embedded in the BIOS. I'm on BIOS version 210. According to http://www.asus.com/Motherboards/AMD_Socket_939/A8VMX/#download the 2 BIOS updates more recent than this one are to Support new CPUs. I wonder how accurate this info is (i.e. do they fail to mention other things the BIOS update achieves...). I'm kind of reluctant to flash the BIOS in case I brick the beast. Forthcoming technical docs are rare in my experience. Other stuff you can try: measure voltage on your minijacks (or sample from other PC), check any digital audio jumpers, make sure your AMD videocard has no audio out like HDMI, some multimedia-heavy Linux live CD. cheers, -- p
Re: No audio on auvia0 / VIA VT8233 AC97
On 5 June 2012 12:18, Brett brett.ma...@gmx.com wrote: doh! I tried that and it does not work for me. Perhaps the connector or chip is flaky, and the PCI is the way to go. I suspect it's the chipset support rather than the connector. Google suggests that it's actually a Realtek ALC653 and there were difficulties getting it working in Linux. See : https://bugtrack.alsa-project.org/alsa-bug/view.php?id=1622
Re: Large (3TB) HDD support
2012/6/1 Tyler Morgan tyl...@tradetech.net: http://www.openbsd.org/faq/faq14.html#LargeDrive That doesn't mention GPT, which is the problem with drives 2TB. https://en.wikipedia.org/wiki/GUID_Partition_Table Can OpenBSD already boot from a 4TB drive on an UEFI system? Try to buy systems that don't rely on UEFI. In the next few years, prepare to buy systems and find out they require UEFI, and then demand a refund. Prepare for it to get even worse than that. There are already a number of BIOSes out there capable of nasty (or really cool) stuff pre-OS boot. The BIOS setup page may look like a DOS relic but it doesn't mean it actually is. F.ex. prior to Vista's launch, MS demoed a fullscreen video before any boot code was actually run. UEFI has gotten more press, and given RH an opportunity to present itself as defender of freedom, but it's really an evolution of PCs running black-box code when and where it can do most harm. -- p
Re: Large (3TB) HDD support
Of course, it isn't /quite/ that simple. GPT is still fairly new, and whilst it's not too difficult to get a number of operating systems to boot from GPT, sharing a disk has a number of gotchas. Exposing dormant OpenBSD partitions to an untrusted OS is stupid unless you have no other choice like on a single-HDD laptop -- but it's unlikely to be a 3TB HDD. I think docs should actively discourage multibooting and present it as a potential risk rather than a feature so people stop bragging how many OSes they crammed on a single disk. Most live-CD firmware updates should also be done with the OpenBSD HDD unplugged. -- p
Re: apmd closes/crashes on lid close
dump xset -q and wsconsctl -a, compare working/non-working states, check for possible race condition? -- p xset dpms 5 10 15 isn't doing anything either, nor xset s 4. On Sun, Jun 3, 2012 at 11:40 PM, Robert Connolly robertconnolly1...@gmail.com wrote: Sometimes apmd crashes from a system suspend, and sometimes it does not. Sometimes xidle runs xlock, and sometimes it does not. Sometimes xlock asks for a password, and sometimes it does not. Can anyone tell me whether they have all of these working consistently and reliably? They were not working for me yesterday. This morning it all worked perfectly. Hours later, none of it worked.
Re: Large (3TB) HDD support
On Mon Jun 4 2012 08:16, Peter Laufenberg wrote: UEFI has gotten more press, and given RH an opportunity to present itself as defender of freedom I meant that sarcastically -- p
Re: Large (3TB) HDD support
On Mon Jun 4 2012 08:16, Peter Laufenberg wrote: UEFI has gotten more press, and given RH an opportunity to present itself as defender of freedom, but it's really an evolution of PCs running black-box code when and where it can do most harm. In fact, RH betrayed the OSS community It's not exactly their 1st offence :) They probably say, it's only 99 dollars, so what? $99 is too little, hopefully they'll charge a lot more so they'll break economies of scale while users scramble to avoid Win8 and possibly we'll see mobos without a mind-boggling array of environmental sensors every web browser already wired to javascript. -- p
Re: SMTP server pools at odds with the RFC?
Simon Perreault simon.perrea...@viagenie.ca writes: Not only is greylisting fine from a protocol point of view (as others have pointed out), the IETF is also well aware of it. This is about to become an RFC: http://tools.ietf.org/html/draft-ietf-appsawg-greylisting That's a marked improvement over what appeared to be the status only a few years back. I still don't quite see why they left the crucial parts of RFC5321 as ambigous as they had been in the predecessor, but a greylisting RFC on the standards track is a very welcome development. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: SMTP server pools at odds with the RFC?
Theo de Raadt dera...@cvs.openbsd.org writes: it is still false to say that greylisting wasn't permitted by the original RFC's. it was, and it is. Any reasonable interpretation (IMO) of the relevant parts of RFC5321 and RFC2821 means that greylisting is well within the protocol specs. That did however not stop people from claiming otherwise, and it was a bit disappointing back in 2008 to find that the update did not provide even clearer language. All water under the bridge soonish now, it seems. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Large (3TB) HDD support
On 4 June 2012 15:06, Christian Weisgerber na...@mips.inka.de wrote: Peter Kay syllops...@syllopsium.co.uk wrote: GPT is a foregone conclusion unless you are blind to the future. The only alternative is OS specific disk hackery, and that does no-one any favours. Well, OpenBSD/i386 (and now /amd64) has used such hackery since the very beginning and doesn't fare too badly with it. Back in the day, I used to run FreeBSD with dangerously dedicated disks that didn't have MBR partitioning at all, just a pure BSD disklabel. (FreeBSD eventually discouraged/abolished this due to some BIOSes refusing to boot disks without an MBR partition table.) Let's leave aside the boot techie stuff which I included mainly as a interesting (to me) related point. I don't have a particular issue with most of the disk hackery that OpenBSD currently performs, but the key detail is that at least under x86, powermac and sgi platforms [1] it seems to work within the boundaries of the native disk partitioning by using a custom disk format, performing custom partition labelling or using a native partition as a container for a custom format (disklabel inside MBR partition). That strategy tends to co-exist quite nicely with other tools/BIOSes/OSes that might inadvertently read the disk (with the exception of the pure BSD disklabel as you say). That's not the case with storing data outside the 2TB limit enforced by the MBR design. It seems to me it would be more sensible to stick a disklabel inside a new OpenBSD GPT partition type. All the data are successfully protected by a known standard and both the users and disk tools are happy. I'll grant that multiboot is a rare and usually inadvisable configuration (although I'd suggest it's useful on laptops sometimes), but protecting all the data on a uniboot system sounds advisable. GPT's main selling point is that it is superior to MBR if you use either as your native partitioning scheme. That doesn't apply to OpenBSD. GPT is also useful if you want different operating systems to coexist on the same disk. For OpenBSD, that's more of a grudgingly tolerated configuration and not recommended. [1] I don't have experience of the other platforms apart than sparc, and that was some time ago.
Re: Large (3TB) HDD support
Can we please differentiate GPT from EFI. GPT may be part of the EFI specification, but it's a standalone piece - implementing GPT is not going to restrict anyone's freedom to do what they want with a machine. Some possibilities EFI offers are more contentious.. GPT is a foregone conclusion unless you are blind to the future. The only alternative is OS specific disk hackery, and that does no-one any favours. Single disk 2TB+ partitions will not even attract comment inside the next 5 years. Several operating systems out there can happily read GPT disks using a non EFI BIOS (provided it's not necessary to boot from it), and even in the case where it's a GPT disk with a GPT only OS (i.e OS X Intel) on a non EFI BIOS, there are workarounds to get it to boot. Of course, it isn't /quite/ that simple. GPT is still fairly new, and whilst it's not too difficult to get a number of operating systems to boot from GPT, sharing a disk has a number of gotchas. Google is your friend for details here. I can also say, having done it (and the fact it's not easily googleable) that although 'hybrid GPTs' (a GPT disk where the protective fake MBR is hacked to become a real MBR) are frowned upon (there is potential for breakage) it does work and it's even possible to hack in an extended partition (OpenBSD's Fdisk is much better than the alternatives for doing this piece of hackery). It's entirely possible to get a disk sharing OpenBSD, NetBSD, Linux, Vista Windows 7 and OS X without any of them overwriting data from the others. Just be careful. (for clarity, OS X was the only OS using a real GPT partition : everything else was on MBR, despite the fact that Windows 7/Vista SP2 x64 (not 32bit), Linux and NetBSD will boot from GPT partitions with appropriate hackery. Note that IIRC vanilla NetBSD 5.x will need a customised kernel to run from a hybrid MBR on GPT, otherwise it gets confused by the presence of a GPT header. The boot loader was the hackintosh chameleon with Windows 7's partition manager as a slave (very flexible once you get to know it. Use easyBCD))
Re: ikev2 between openbsd and windows
On Tue, May 29, 2012 at 01:55:45PM +0200, Mike Belopuhov wrote: On Wed, May 16, 2012 at 17:30 +0400, Pavel Shvagirev wrote: 2. Doesn't work EAP mode - Windows stops on Checking username and password error. Then #13803, 1931... Hi, Just to mention it for those not following source-changes@ that there was a bug in the message ID handling that prevented EAP from working correctly. The fix was committed on Friday. Cheers, Mike Hi, I still can't get it to work. I made two screenshots they are here: http://ipv4.goldflipper.net/private/iked-eap1.jpg and http://ipv4.goldflipper.net/private/iked-eap2.jpg My iked config looks like this: ikev2 win7 passive esp \ from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \ srcid 10.0.0.1 \ eap mschap-v2 \ config address 172.16.20.1 \ config name-server 212.18.3.5 \ tag $name-$id I installed the iked from the -current source on top of the 5.0 binary I believe these are the right ones because I see your recent timestamp in them: ikev2_msg.c:/* $OpenBSD: ikev2_msg.c,v 1.15 2012/05/30 09:18:14 mikeb Exp $ Any hint on what I'm doing wrong? Sorry the screenshots are in german, Fehler 13843 is Error 13843. I googled for that but wasn't any wiser after. Regards, -peter
Re: ikev2 between openbsd and windows
On Thu, May 31, 2012 at 12:28:47PM +0200, Mike Belopuhov wrote: My iked config looks like this: do you have a user specification in your iked.conf? which user are you trying to authenticate as? user specification occupies a separate line and looks like that: user username password iked can't consult the local password database or radius or any other authentication service at the moment except this internal database. Yes I do have a user entry, right at the top. I didn't think posting it was a good idea. also, have you tried w/o mschap? you need to select the Computerzertifikate verwenden radio button to turn eap off. I tried that but it had an error, which made me want to try EAP again. ikev2 win7 passive esp \ from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \ srcid 10.0.0.1 \ eap mschap-v2 \ config address 172.16.20.1 \ config name-server 212.18.3.5 \ tag $name-$id looks fine except of absent of the user specification. i'd ditch the tag though as i didn't test it but it shouldn't affect anything. Hmm. What to do... Any hint on how to debug this best? -peter
Re: (Kinda O.T.) Digital Millennium Copyright Act used to censor hardware specifications
On Thu, May 31, 2012 at 11:11, Brett wrote: Pursuant to a rights owner notice under the Digital Millennium Copyright Act (DMCA), the Wikimedia Foundation acted under the law and took down and restricted the content in question. A copy of the received notice can be Reverse engineering necessary to have open source in the brave new world? PCI spec docs (and many others) are copyrighted. Maybe they should be, maybe they shouldn't, but they are. As far as I know, the actual specs cannot be copyrighted (or it's murky), but knowing wikipedia, somebody probably copied an entire table from the doc and dropped it into the article. that's a no-no, and not something I'd find nearly as alarming as censorship. A DCMA notice is an improvement over the furious clean-up happening behind the scenes. For example: search for CIPSO, a NetLabel protocol with an IETF RFC, the word appears 1263 times in Linux kernel 3.3. No Wikipedia entry but Linux_Security_Modules links to an ex-entry... without deletion log. Try the Multi ADM link on the same page: dead again, no deletion log. Hmm, the page was last edited yesterday. Date of its most recent reference? June 2010. Second most recent? 2006. If you're lucky you can come across time travel pages: a days-old edit using future tense to refer to events years in the past. Entrusting the very definition of reality to a bunch of LSD-dropping hippies is JUST NOT RESPONSIBLE :) -- p
Re: Thinkpad T60 sticky touchpad (amd64/5.1-stable)
I have a Lenovo Thinkpad T60 amd64 laptop (dmesg below) running 5.1-stable (fresh install of -release from the CD set, then CVS update to -stable). The touchpad pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 wsmouse1 at pms0 mux 0 pms0: Synaptics touchpad, firmware 6.2 has an irritating problem in 5.1 (which was *not* present on this same machine when running 5.0-{release,stable} with X video acceleration disabled): When running X (autoconfigured with no xorg.conf), the pointer will intermittently jump to and stick at either the left side of the screen, the top of the screen, or the top left corner. (snip) Has anyone else seen this sticky touchpad problem? I've had problems with a synaptics touchpad + USB laser mouse but wasn't using the touchpad at all. It wasn't stick-related, possibly not X-related, the mouse would connect/disconnect randomly but it's an old laptop so it's possible the mouse was just drawing too much power. I haven't investigated the issue further yet. -- p
Re: OpenBSD in April's issue of the CACM
Ad hominem attacks on people they obviously know nothing about Actually it's this kind of slander that brought me to OpenBSD. While looking for an OS that didn't embrace Trusted Computing, I came across Theo's wikipedia entry which pounded on him so extensively that it raised a flag. Extra points for the stab from Linus no-lube-needed/I-can't-feel-a-thing-by-now. Without the slander I probably would have stuck with Plan 9. If you care about setting the record straight (or avoid further distortions) I suggest a short in response to section on openbsd.org, more reputable publications may pick it up and of course love being able to quote someone else criticising the powerful. Cherry on the cake would be a quip from Berners-Lee on how the Internet would look had he patented HTTP. As for ACM, I dropped my subscription a year ago cause they were wasting my time on the crapper (admittedly quality reading time:) From: Peter Laufenberg [mailto:pe...@x.com] Sent: Thursday, August 18, 2011 5:28 PM To: xx...@acm.org Subject: Re: Welcome to your second year as an ACM member! Hi, I would like to unsubscribe from ACM immediately; I understand there may be remaining months on my last credit card charge. My main motive is the wildly uneven quality of CACM articles. F.ex. the one about home networking explaining what D-H-C-P is so it can spawn a dozen pages. Thanks
Re: Plan 9 to OpenBSD (Was Re: OpenBSD in April's issue of the CACM)
I'm not sure what you mean by social but Plan 9 development from Bell is pretty slow/opaque and the rest of the community scattered and headless. I don't care for Inferno and Rob Pike unfortunately took a job at Google (why Rob, why??:-). Plan 9's file paradigm is great but their 3-button mouse UI is crap. Security-wise Plan 9 doesn't have any creds, good or bad, but hardware support without source review is worthless, i.e. you don't know where that code has been. OpenBSD's proactive about security and privacy (f.ex autoconfigprivacy to mask your MAC on ipv6 sockets), pf is unmatched, etc. The only thing I miss is an X-less framebuffer in OpenBSD even it'd support just a console and text editor. IMHO X has to die, it's a huge pile of crap. -- p Hi, Peter Laufenberg wrote on Wed, May 30, 2012 at 07:51:13AM MST: Actually it's this kind of slander that brought me to OpenBSD. While looking for an OS that didn't embrace Trusted Computing, I came across Theo's wikipedia entry which pounded on him so extensively that it raised a flag. Extra points for the stab from Linus no-lube-needed/I-can't-feel-a-thing-by-now. Without the slander I probably would have stuck with Plan 9. I have been using OpenBSD exclusively for the last 6 months and I really do prefer it (both technically and socially) to Linux (which I had used for the past 15 years) and FreeBSD (which I used to administer at work). I only started learning about Plan 9 over the past few months and I really like what I see so far. The one thing that is keeping me from trying to make more use of it is the lack of drivers for some of my hardware. I am curious about what led you to go from Plan 9 to OpenBSD. Were they technical in nature or social, or a little of both? Thanks, David
Re: realtek 8188ce not configured
Lenovo won't let me replace the Realtek 8188CE mini-pci card that came with it with another. The hardware refuses to boot with an unauthorized network card detected or somesuch error (brilliant!). What are the chances of getting this card working with obsd? :) bios-mods.com has high-wire patches to bypass the whitelist, thinkwiki.org a couple of less risky tricks but I'd just return the laptop. Some Lenovos have the closed-source Express Gate BIOS-level remote desktop, w/ GPU encoding so your system load won't even blink. -- p
Re: spamd-setup fails from cron
On Tue, May 29, 2012 at 08:24:07AM +0200, Jan Stary wrote: When I run the same command from the command line, everything goes fine. Is the cron job run in a more restricted environment? you could be hitting the 'zero minute rush', where world+dog tries to connect simultaneously. try shifting to a few minutes past the hour and see if that helps. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: More bgpd problems
On Tue, May 29, 2012 at 04:21:12PM +, Matt Hamilton wrote: I will happily supply what I can. Just let me know how. Hello, I've never used BGPd personally but perhaps I can help you get a backtrace. There is quite possibly two ways to get a backtrace. 1. Make BGPD dump core Recompile the bgpd with debugging symbols (CFLAGS+=-g, LDFLAGS+=-g). And install that. Check the directory of the _bgpd user and make the directory writeable for the _bgpd user. If after another crash a bgpd.core file pops up you got it. You can test this by sending bgpd a SIGABRT and if it didn't core something is wrong, see #2. You then type 'gdb /usr/sbin/bgpd bgpd.core' and type backtrace within gdb. Type quit to exit gdb. Keep the bgpd.core file around by saving it to another location as it should overwrite with each subsequent segfault. 2. Attach gdb to the process and wait Recompile the bgpd with debugging symbols (CFLAGS+=-g, LDFLAGS+=-g). And install that. su to root, tmux the session and from within tmux attach to the bgpd process gdb /usr/sbin/bgpd pid of bgpd once you're attached bgpd will cease running temporarily, just type continue (make sure you don't set any breakpoints). You can now wait until bgpd crashes on signal 11. gdb will break back to the debugger command line and you can type backtrace within gdb. Type quit to exit gdb. When you get to it when it crashed you can attach to the tmux session with tmux att -d and have before you the gdb command line. Even better than just a backtrace is going up and down the stack to see where the program crashed. Google for gdb commands. 3. Ask someone else who may have better Ideas. Although as you said in another post it is hard to replicate. All I seem to be able to see is that this happens during some period of network instability. It seems that there is a ripple affect that something happens and that then causes a bgpd process to die which then propagates more changes to iBGP peers and they then sometimes die as well. -Matt Cheers, -peter
Re: spamd greylisting: false positives
David Diggles da...@elven.com.au writes: So there you have it. Don't use spamd with greytrapping if your secondary MX is going to deliver a bounce. It will confuse SMTP servers into giving up. Secondary MXes that are not set up to actually receive mail for your domain is one thing (annoying, but just a simple misconfiguration), another thing you need to do is make sure the secondaries have the same or equivalent level of spam and malware protection. That's where things like spamd's syncronization options come in handy. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: spamd greylisting: false positives
In response to various tidbits that popped up in this thread, I put together some notes on setting up a sane email system, in a works for me article: http://bsdly.blogspot.com/2012/05/in-name-of-sane-email-setting-up-spamd.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Notebook
I installed VLC, and my webcam works, but my microphone does not seem to be detected at all. dmesg does not list a usb audio device. What should I do to investigate this? Is there a better application, other than VLC, for using a webcam with OpenBSD? Before you install X/KDE, etc., do a vanilla OpenBSD install and read FAQ 13 multimedia then test sound from the commandline. From past experience VLC's docs were way behind implementation (on top of being gigantic) so for debugging it may be the worst application unless you work from source code. -- p
Re: spamd greylisting: false positives
David Diggles da...@elven.com.au writes: Or did you mean, this breaks spamlogd, rather? pass in on egress proto tcp from any to egress \ port smtp rdr-to 127.0.0.1 port spamd synproxy state This is what it was. The logging is on now. The important ones to log are the rules that pass smtp traffic from the members of the spamd-white table (and nospamd if you're using that) plus the one that passes smtp traffic from your real mail server to elsewhere. See the spamd and spamlogd man pages, it's explained there. But why are you synproxying for spamd? - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: spamd greylisting: false positives
David Diggles da...@elven.com.au writes: But why are you synproxying for spamd? Why shouldn't I? The synproxy was added way back as a way to protect back ends that were less intelligent about connection setup and IIRC even had one or more known SYN-related vulnerabilities, so we had a way to only pass valid, completed connections. In relation to spamd, it doesn't add any security, but carries with it the slight overhead of the syn proxying. These guys do in their example. https://calomel.org/spamd_config.html I'd ask them the same question. It rarely if ever makes sense to pile on options just because they're available. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: German Government claims to be able to break PGP and SSH
Peter Laufenberg open...@laufenberg.ch wrote: My German's rusty but the follow-up article quoting Symantec mentions spyware/keylogging, which has been the traditional technique used in in the past. But that's for targeted surveillance. They still cast a wide net: on ccc.de there's a detailed report of one target wanking to phone-sex. The original article refers to a bulk grep of 16,400 search terms over 37 million e-mail messages. I just read the PDF, in 2010 they dumped a raw IP stream from which they extracted individual emails (90% spam) in which they searched for words like bomb. High-tech stuff. The one-sentence answer about PGP has so many qualifiers that only an idiot would read it as a blanket success claim, the gov official was probably puzzled by the question's half-pregnant formulation. Golem seem to have buried their story in an embarrassed rush; whoever came up with the title must be flipping BratwCrste right now. -- p
Re: German Government claims to be able to break PGP and SSH
car + eimer? ay carambas?!! Autoeimer, with unlimited strcat() known to overflow students' brains. Yes the Bundestrojaner. I pictured a fat politician's soggy condom on the back of his doggy-style mistress: one for the country! Mild stuff considering German pr0n culture. -- p On Thu, May 24, 2012 at 10:13 PM, Stuart VanZee stua...@datalinesys.com wrote: What do you guys think about the reliability of the news (unfortunatelly in German only) on www.golem.de My German's rusty but the follow-up article quoting Symantec mentions spyware/keylogging, which has been the traditional technique used in in the past. -- p Quick, someone, how do you say autobucket in German! s
Re: German Government claims to be able to break PGP and SSH
What do you guys think about the reliability of the news (unfortunatelly in German only) on www.golem.de My German's rusty but the follow-up article quoting Symantec mentions spyware/keylogging, which has been the traditional technique used in in the past. -- p
Re: Upgrading OpenBSD
Outstanding point. The thing is this: With MS PHP is clearly distinct from the OS. I go get it from php.org. With BSD I must rely on the package system. This is taking up a lot of ink; is this a genuine enquiry or a provocation? Search for Extraneous entries for Visual C++ Standard hotfixes and ponder the litany of known issues. -- p
Re: chromium can't start since two snapshots
Mihai Popescu mih...@gmail.com writes: I confirm this is happening on i386 too, but I removed the entire chromium folder and cache. OK, it needs to reconfigure the options ... Here, on amd64, removing only the .config/chromium/SingletonLock did the trick. It would have taken me a while to infer that from the error message, though ;) - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
A totally meaningless statistics that may serve to cheer you up
It seems that with a boost from the recent http://undeadly.org mention, the online version of my PF tutorial sped past 120,000 unique visitors total, with peter@nerdhaven:~$ grep peter/pf /var/log/httpd/home.nuug.no_log | awk '{print $1}' | sort | uniq |wc -l 121150 (total # of unique ip addresses/host names hitting somewhere under http://home.nuug.no/~peter/pf/, with http://home.nuug.no/~peter/pf/newest/ the likely main contributor recently) and just to produce a meaningless statistic, peter@nerdhaven:~$ grep -c peter/pf /var/log/httpd/home.nuug.no_log 1916849 for raw # of hits to somewhere in that tree. Here's hoping this produced at least some CD sales and perhaps the odd book sale. - Peter PS Do get your EuroBSDCon submission in, tomorrow's the deadline -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: greylisting and blacklisting rules in pf.conf
ager39...@mypacks.net writes: What rules should I have in pf.conf for both greylisting and blacklisting? I'd like to blacklist those site that got spam through the greylisting. Unless you explicitly start spamd in blacklisting-only mode, it will greylist. The spamd related rules I have in a typical pf.conf are table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in log on egress proto tcp to port smtp rdr-to 127.0.0.1 port spamd queue spamd pass in log on egress proto tcp from nospamd to port smtp pass in log on egress proto tcp from spamd-white to port smtp pass out log on egress proto tcp to port smtp it's possible you will find my tutorial and slides over at http://home.nuug.no/~peter/pf/ helpful, and you'll find some spamd-related field notes via the blogspot link in my .signature - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: IPs in the facebook.com domain accessing OpenSBD firewall
I wonder if these machines in the facebook.com domain are infected with some malware bots? Facebook *is* a malware bot:) Let the request through and log what it tries to do next, this could be quite a story. -- p
Unuseful error message in BIND 9.4.2-P2
I am putting up OpenBSD 5.1 for the first time and I am getting May 17 11:36:59 mail named[6539]: starting BIND 9.4.2-P2 May 17 11:37:00 mail named[6539]: command channel listening on 127.0.0.1#953 May 17 11:37:00 mail named[6539]: running May 17 11:37:00 mail named[6539]: /usr/src/usr.sbin/bind/lib/isc/unix/socket.c:1218: unexpected error: May 17 11:37:00 mail named[6539]: internal_send: 192.168.209.2#53: Message too long May 17 11:37:00 mail named[6539]: /usr/src/usr.sbin/bind/lib/isc/unix/errno2result.c:111: unexpected error: May 17 11:37:00 mail named[6539]: unable to convert errno to isc_result: 40: Message too long May 17 11:37:00 mail named[6539]: zone 254.168.192.IN-ADDR.ARPA/IN: expired May 17 11:37:00 mail named[6539]: zone xxx.xxx/IN: expired May 17 11:37:00 mail named[6539]: /usr/src/usr.sbin/bind/lib/isc/unix/socket.c:1218: unexpected error: May 17 11:37:00 mail named[6539]: internal_send: 192.168.209.2#53: Message too long May 17 11:37:00 mail named[6539]: /usr/src/usr.sbin/bind/lib/isc/unix/errno2result.c:111: unexpected error: May 17 11:37:00 mail named[6539]: unable to convert errno to isc_result: 40: Message too long I have hid the domain name with xxx.xxx. I am building the system as a firewall and the eithernet card with sub network 192.168.209/24 has nothing plugged in. I expect the error will go away the master dns server does actually exist.
Re: Thank you for an awsome product...
if you ssh from Windows try Bitvise Tunnelier instead of putty. If you ssh from *nix... just use ssh. -- p Hello, And thank you for an awsome product...I am a novice, (just starting out in the linux/unix/bsd world), been a windows server guy and 3d modeler/animator, graphic artist for the last 20 years.I was always afraid of unix, until recently, I purchased two sun netra x1's, a V100, a V20z from ebay cheap with the hopes of learing this new world (for me anyway's) and setting up a inexpensive render farm. Being completely new to UNIX, I have learned LOM on these systems, and have successfully installed openBSD on these systems with little trouble. I of course did my homework on google, and there is a great deal of information on what to do. Trial and error, but I have learned so much in the last couple of weeks. I can remote into these systems with puTTY now that the network is setup. I would like to add, this was the only OS that installed on my SPARC IIe systems without any issues! I tried netBSD, freeBSD, and some other crap, and all error out before install starts. Solaris 11 Express installed fine, (for me a major learning curve) but I learned from google forums. Unfortunatley, solaris 11 finale release does not run on older architectures, and was removed. But I found you guys! I just want to express my grattitude for all of your efforts, and when I can afford it, I will make some donations to help, (only working part time at the moment) I am really excited to have accesss to all of the low cost older servers and be able to implement them into a working secure environment! I love it!!! Thanks again for all of your hard work, I am sold, and will continue to learn this, I am not affraid of Unix anymore! Michael J. Summerfield Cocoa Florida Graphic Artist - 3D Modeler - 3D Content Provider http://www.turbosquid.com/Search/Artists/imagetek?referral=imagetek
Re: ikev2 between openbsd and windows
On Mon, May 14, 2012 at 12:53:34PM +0200, Mike Belopuhov wrote: 4) Install the server certificate on the server: ikectl ca vpn certificate 10.1.0.1 install 5) To export the client certificate in a ZIP'ed PFX format, you need to install zip utility (pkg_add -i zip). ikectl ca vpn certificate 10.5.0.1 export Does the .tgz file need to be extracted at all on the server? I've tried and tried for too long and my certificates are out of sync I think, is there a command to delete everything and just keep the original blank iked structure so that one can start over without old certificates in the way? 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates by doubleclicking on them. Make sure that certificates are valid in the MMC Certificates Snap-In. This gave me a huge headache. I tried using MMC (as administrator and other user) but my vpn client stayed at 13806 error. Perhaps VPN wasn't meant for people like me. 7) Configure iked to do RSA auth w/o EAP (for the start): ikev2 win7 passive esp \ from 192.168.0.0/24 to 192.168.1.0/24 local any peer any \ srcid 10.1.0.1 \ config address 192.168.1.100 \ config name-server 192.168.0.1 Here, 192.168.0.0/24 is a network client is getting access to, 192.168.1.0/24 is a DHCP-like network from which client is getting an ip address (192.168.1.100 specifically). Please note, that the code to turn this awkwardness into real (DHCP-like) address pool specification is not written yet. Note that srcid has to match the host that the certificate is issued to, otherwise windows will refuse to connect. Once you do that you can load iked and see that it hooks up the server certificate (in the iked -dvv output that is). 7) Now on the windows box, go to the Network Connections Center and create an IKEv2 VPN connection with the client. Make sure to check the Certificate radio button on the Security tab in the connection properties, so that you won't do EAP. 8) Start the connection. 9) Profit!!! PS. If someone thinks that this might be turned into some sort of a howto or FAQ entry or whatever, please feel free to reuse any piece of text. Attribution is welcomed but not required. Would love to write something if it worked considering I've struck out so many times with this. -peter
Re: stresstest + safest crashlog?
On May 13 17:47:55, Petah wrote: I've had a bunch of crashes freezing one PC to such an extent I couldn't recover any log, You mean, after a reboot? Ctrl-alt-del won't reboot (pc has no X), I have to keep powerbutton down 5 secs. There's one post-reboot log entry unrelated to the panic message I got on screen; the sys drive is an SSD, which may account for the volatility, panic occured while doing a chrooted rsync on the 2nd HDD. Keyboard input seems flaky, tried a bunch. If you can exit to ddb, the extraction of information (dmesg, panic, etc) is easy. man 8 crash man 4 ddb man 8 savecore thx I'll check those, -- p switch tty, ssh from outside and the machine has no serial port. What's the surest way to get a crashlog? syslog to a 2nd PC, a USB key with log-cow, buy a PCI serial port card? Is there a stress script that can be run on a crashtest dummy PC? thx, -- p
Re: a live cd/dvd?
Can you please let us know how you run it, and which packages you needed? The one at www.linux-speakup.org is a kernel module, and it isn't obvious how you use this with OpenBSD. On 2012 May 12 (Sat) at 03:48:35 -0700 (-0700), Eric Oyen wrote: :since when? h. let me think since about OpenBSD 4.2 or so. and yes, I :still need some visual assistance when doing an install/upgrade. : :also, to answer another poster's question: I use speakup from a linux source :package (with the proper line in sysctl.conf enabled for linux binaries. :getting speakup to compile required that I also install a number of packages :not currently in the ports tree. lets just say that it is a real headache. : :now, orca for X using XFCE works ok. it only requires the GTK dependencies, :python 5, some misc dependencies (almost all of which can be found in the :ports tree. still, I don't like using X as it can be a little less than :intuitive for us blind users. : :still, given the number of access avenues we can use (serial port redirect, :virtual framebuffer devices that can be remotely connected to, cheap sound :devices and the like) a number of good possibilities can be taken advantage :of. : :I have had chance to start trouble shooting the raw source code for speakup :and I know what the headache it has: sloppy code and failed documentation. :considering the time it takes to get that binary working, I am opting for a :more hardware solution and get a network capable framegrabber device and run a :lane cable from it to a dedicated lane port on my OS X machine. $234 will get :me one next month. now, if there were a device/brain interface, then I could :see the words in my braincase without the additional distractions of sound. :still, it would be glorious to be able to interface in a way thought possible. : :I wish I could be able to plug right into my brain and show what it has been :missing. : :as for my feat: I installed and hop it works.4.5 openbsd -- Baruch's Observation: If all you have is a hammer, everything looks like a nail.
Re: Watchdog timeout reset in 5.1 on intel nic:s
I've had the same problem with a KVM, maybe worth a note in the install docs? -- p On May 11, 2012, at 19:05, Per-Olov Sjvholm p...@incedo.org wrote: On 11 maj 2012, at 11:16, Stuart Henderson wrote: On 2012/05/11 01:15, Garry Dolley wrote: On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote: In gmane.os.openbsd.misc, Garry Dolley wrote: On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote: On 2012-05-08 19:08, Per-Olov Sjvholm wrote: It says em1: watchdog timeout -- resetting aol I saw the same on an amd64 VPS from arpnetworks.com. Network was not functional. Backed out. Did not investigate further. /aol Simon I had another customer on amd64 report this problem today. Not sure what the solution is. I'm recommending either downgrade to 5.0 or use i386 arch for now. If possible, tracking down the commit which broke it, or at least narrow it to a reasonably small date range, would help. I have an archive of snapshot kernels if you want to work through them rather than cvs checkouts, contact me if you'd like access to them. Guys, I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. I also have been trying several -current kernels. As of: OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012 I don't see any em0 timeouts. I will continue to try newer ones and report back here... Hmm - Mar 28 is already after 5.1 was released. Could somebody seeing the problem (sperreault?) please send a dmesg from a kernel showing the problem? Hi Stuart Here is a dmesg on 4.9 where it's working and on 5.1 when it's not working. http://www.incedo.eu/~sjoholmp/misc_internet_links/timer_problem_openbsd/ Note that both are virtual OpenBSDs running on the exact same KVM host version and use the same bios etc. Regards P-O -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 I had this once back in the day, not sure which release but it was mid-4-point-something. It turned out to be the presence of my external real-hardware (IO-GEAR) KVM switch's - internal - USB HUB monkeying detection of the upstream real USB keyboard. Once a keyboard was direct connected, then everything was fine. Perhaps your real- and/or pseudo- hardware (and firmware/bios) chain is impairing similarly. Good luck,
block return on bridge(4)
Hello, From man pf.conf: Options returning ICMP packets currently have no effect if pf(4) operates on a bridge(4), as the code to support this feature has not yet been implemented. Just wondering, will this be implemented? If I understand correctly, if block return is set on a bridging firewall TCP RST will be sent out when TCP is blocked, but nothing is sent out when UDP or any other protocol is blocked. Right? Thanks, Peter Hallin, Lund University
Re: Sendmail at home
Laurence Rochfort laurence.rochf...@gmail.com writes: I want to setup sendmail so that I can send mail from my home network. Shouldn't be too hard, but make sure you get your mail server machine a static IP address *and* a correct DNS entry, complete with reverse resolution. Largish chunks of the net will simply drop SMTP traffic from hosts without correct reverse on the floor. And then of course you get to poke into all the pleasures of striving to keep your inbox relatively sanitary - spamd, spamassassin, clamd etc come to mind. All the necessary tools are ither in base or within easy reach as packages. Do remember to read the supplied documentation and config file comments properly, and you'll get there. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
keyboard question
Hi, I have a USB Keyboard that when I unplug it and plug it back in it doesn't come back as recognized by the system. So I have to log in from the net- book and reboot. Is this common to all OpenBSD workstations or just mine? Here is some info: jupiter$ dmesg|grep -i nova uhidev0 at uhub6 port 1 configuration 1 interface 0 NOVATEK USB Keyboard rev 1.10/1.12 addr 2 uhidev1 at uhub6 port 1 configuration 1 interface 1 NOVATEK USB Keyboard rev 1.10/1.12 addr 2 I noticed it shows up twice in dmesg here.. but not in usbdevs: jupiter$ usbdevs addr 1: EHCI root hub, Intel addr 1: EHCI root hub, Intel addr 2: product 0x0819, Logitech addr 1: UHCI root hub, Intel addr 1: UHCI root hub, Intel addr 1: UHCI root hub, Intel addr 1: UHCI root hub, Intel addr 2: EPSON Scanner, EPSON addr 1: UHCI root hub, Intel addr 2: USB Keyboard, NOVATEK addr 3: USB-PS/2 Optical Mouse, Logitech addr 1: UHCI root hub, Intel Here is a dmesg: OpenBSD 5.1 (GENERIC.MP) #207: Sun Feb 12 09:42:14 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8579973120 (8182MB) avail mem = 8337412096 (7951MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf06f0 (79 entries) bios0: vendor American Megatrends Inc. version 0805 date 02/24/2010 bios0: ASUSTeK Computer INC. P6T SE acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET OSFR SSDT acpi0: wakeup devices NPE2(S4) NPE4(S4) NPE5(S4) NPE6(S4) NPE8(S4) NPE9(S4) NPEA(S4) P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) NPE1(S4) NPE3(S4) NPE7(S4) GBE_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 3368.06 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu3: 256KB 64b/line 8-way L2 cache cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu4: 256KB 64b/line 8-way L2 cache cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu5: 256KB 64b/line 8-way L2 cache cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu6: 256KB 64b/line 8-way L2 cache cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF cpu7: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec8a000, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (NPE2) acpiprt2 at acpi0: bus -1 (NPE4) acpiprt3 at acpi0: bus -1
FYA: problem with a few mirrors + SHA256 question + rsync + missing package signings
FYA (I have to post here, because I can't find e-mail address to these mirrors): - # having install50.iso ftp://ftp2.eu.openbsd.org/pub/OpenBSD/5.1/amd64/install50.iso # not having 5.1 ftp://ftp.arcane-networks.fr/pub/OpenBSD/5.1/amd64/ ftp://ftp.irisa.fr/pub/OpenBSD/5.1/amd64/ ftp://ftp.bytemine.net/pub/OpenBSD/5.1/amd64/ ftp://mirror.yongbok.net/pub/OpenBSD/5.1/amd64/ ftp://ftp.piotrkosoft.net/pub/OpenBSD/5.1/amd64/ ftp://ftp.lambdaserver.com/pub/OpenBSD/5.1/amd64/ Question#1: What is the /pub/OpenBSD/5.1/packages/amd64/SHA256? Can anyone tell? - # wget -q 'ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/packages/amd64/SHA256' -O - | grep curl-7.24.0.tgz SHA256 (curl-7.24.0.tgz) = sRgMosGh+e8luNn+WJhufPBEKVaN0CU+jn/VbQZkBuk= # wget -q 'ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/packages/amd64/curl-7.24.0.tgz' # cksum -a cksum curl-7.24.0.tgz 2242721359 659163 curl-7.24.0.tgz # cksum -a md4 curl-7.24.0.tgz MD4 (curl-7.24.0.tgz) = 539aa5a88ca01d8e9fc344be89ed3ec2 # cksum -a md5 curl-7.24.0.tgz MD5 (curl-7.24.0.tgz) = 4d7c00292dfb35a3a791f08e677d30e2 # cksum -a rmd160 curl-7.24.0.tgz RMD160 (curl-7.24.0.tgz) = 8b9fcbbb4b8a4de4db922e70062a529035b29618 # cksum -a sha1 curl-7.24.0.tgz SHA1 (curl-7.24.0.tgz) = 8f04f07cffc3f54b17210c50423e9e1c92aa9985 # cksum -a sha256 curl-7.24.0.tgz SHA256 (curl-7.24.0.tgz) = b1180ca2c1a1f9ef25b8d9fe58986e7cf04429568dd0253e8e7fd56d066406e9 # cksum -a sha384 curl-7.24.0.tgz SHA384 (curl-7.24.0.tgz) = bf93674e1807d9c8181065f79e268845ae145e01f419bb487362aacb0bf00cf1a2553c809ba3d 9d83b8caa0631cb71aa # cksum -a sha512 curl-7.24.0.tgz SHA512 (curl-7.24.0.tgz) = a12eb464625ae9a44c8ce441040081b96e04fa708fc06be8337d9e556caa5b2290748be35fcc3 7bd2c7ba6bcbc8deddffc91fdbca3040e979d42129b80fa09c8 # cksum -a sum curl-7.24.0.tgz 23485 644 curl-7.24.0.tgz # cksum -a sysvsum curl-7.24.0.tgz 65416 1288 curl-7.24.0.tgz # Question#2: Can rsync work with ssh? Or just rsync? - rsync -v -e ssh rsync://ftp5.eu.openbsd.org/OpenBSD/5.1/packages/amd64/SHA256 . u...@ftp5.eu.openbsd.org's password: Question#3: Why are package signings missing? - Why aren't the packages from ex.: ftp2.eu.openbsd.org/pub/OpenBSD/5.1/packages/amd64/ signed? Would it be a big deal to give out a few extra commands? :O :\ AFAIK pkg_add checks the keys of the downloaded packages if the package is signed (FIXME). Thank you for your attention Have a nice day!
Re: kqemu in 5.1
Could there be a KVM for OpenBSD? I have been wondering for a while if the answer is an absolute no because it could never be trustworthy enough, not likely to happen because of lack of interest, or somewhere in between. Peter Ericson On 04/05/2012, at 8:28 PM, Weldon Goree wel...@b.rontosaur.us wrote: On 05/04/12 06:12, Jes wrote: Hi all: I can't find kqemu between snapshots packages, ports, or even in 5.1 packages. I think I've read something about kqemu is deprecated in newer versions of qemu (1.0.1) Is this correct? Because performance without kqemu is horrible. Any solution? Yes, it was killed upstream since Linux now comes with its own hypervisor (KVM). AFAIK OpenBSD currently does not have a working hypervisor since it also can't be dom0 on xen until such time as xen stops randomly overwriting register contents at unpredictable times. So, as of now, any virtualization will have to be of the plain qemu or bochs variety. Sorry. Best, Weldon
Re: AR5212
Just like everything in OpenBSD, there needs to be people with the desire and time to make them work. We welcome any and all contributions. On 2012 May 02 (Wed) at 12:40:05 +0400 (+0400), Pavel Shvagirev wrote: :Hi everyone : :Seems like there were no progress for making AR5212-based Atheros :Wireless cards 802.11g/n capable. Is there any hope for it in the future? : -- Yeah, but you're taking the universe out of context.
Re: pfsync changes in current?
On 2012 May 02 (Wed) at 12:09:52 +0300 (+0300), Kapetanakis Giannis wrote: :On 27/04/12 12:58, Kapetanakis Giannis wrote: : :Hi, : :After upgrading today to latest -current (i386) :(f1) OpenBSD 5.1-current (GENERIC.MP) #252: Tue Apr 24 15:58:54 MDT 2012 :(f2) OpenBSD 5.1-current (GENERIC) #209: Tue Apr 24 15:50:09 MDT 2012 : :I still have the same problem. :When the primary firewall reboots, It becomes MASTER on the carp :interfaces :before the pfsync bulk transfer ends: : : : : :This might be related. I've seen it on the 5.1 announcement: : : o Many pfsync(4) fixes and improvements including jumbo frames and : automatically requesting a bulk update after a physical interface : comes online. : : :When the secondary firewall is MASTER and sees link-up on the :dedicated network interface to the primary firewall (which is :booting) it issues pfsync bulk transfer start thus a carpdemote on :carp and pfsync groups. : :So when the primary firewall comes online it takes over before even :his bulk transfer ends. : No, that is not what that feature does. When pfsync starts any sort of bulk update, it will increase the carp demotion counter which makes it refuse MASTER. Only when the bulk update finishes (or times out), will it decrease the carp demote counter, which will allow it to take MASTER, subject to the normal rules. :Giannis : -- Never offend people with style when you can offend them with substance. -- Sam Brown, The Washington Post, January 26, 1977
intel h61 sata ahci problem
hi, I got a new Intel dh61ag board, with onboard sata provided through the h61 chipset. When booting with the controller set to ahci, obsd does not find any disks. trying to install 5.0/amd64, I see : ahci0 at pci0 dev 31 function 2 Intel 6 Series AHCI rev 0x05: msi, unable to reset controller and no drives are detected. I can boot in IDE-mode, but performance is dreadful, I get 1MB/s rsyncing from wd0 to wd1, and the machine spends 97% cpu at handling interrupts. Any advice ? Will 5.1 have better support ? -- CUL8R, Peter.
Re: intel h61 sata ahci problem
hi, ahci0 at pci0 dev 31 function 2 Intel 6 Series AHCI rev 0x05: msi, unable to reset controller disregard, I thought I had the latest BIOS, but I didn't. updating it fixed all of my problems. on to installing... -- CUL8R, Peter.
Re: all freezes when I move windows in twm
On 2012 Apr 23 (Mon) at 17:35:19 +0400 (+0400), Alexei Malinin wrote: :ropers wrote: : 2012/4/23 Alexei Malinin alexei.mali...@mail.ru: : : I tried OpaqueMove option in my .twmrc - it helped to eliminate : freezing during moving of windows. : : But freezing still occurs under the following conditions: : 1) I create an xterm window with undefined geometry resourse, : 2) twm draws the window outline and waits until I place it : to somewhere on the screen, : 3) xmms sound stops during the above twm waiting. : : PS. Also I noticed that xmms sound was twitching when :I was reading e-mail with SeaMonkey :( : : When you say you're still having the problem under those conditions : and with SeaMonkey - is that with -CURRENT now? Or what version? (If : it's not -CURRENT, try that next.) : : :the problem is on i386 OpenBSD-4.9, :my next step will be to check the problem with upcoming OpenBSD-5.1... : -current != 5.1. 5.1 should have the same behaviour as what you are seeing right now. -current has rthreads enabled, which is a 1:1 threading mechanism, and will allow better threading behaviour. fwiw, -current is what 5.2 will become. -- You don't sew with a fork, so I see no reason to eat with knitting needles. -- Miss Piggy, on eating Chinese Food
Re: Kernel roughing in tool
Otto Moerbeek o...@drijf.net writes: And as explained in FAQ section 5.6, there are many more reasons not to do it. and amplified by 5.7 It is assumed you have read the above[Section 5.6], and really enjoy pain. before it proceeds to a description of how you would go about customizing. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Help to compile
On Sat, Apr 07, 2012 at 06:13:07PM +, Morten B. Christensen wrote: Dear OpenBSD friends, Is somebody (with programming experience) willing to compile a small DNS server for me? The source code is a single .c file but my lack of skills is annoying :-( The link to Microdns is here http://samiam.org/software/microdns.html It is basically an app that gives the same ip out to any query - very easy instead of taming the beast bind. The usage is for an http catch-all walled garden. Thanks in advance Morten Bech Christensen Interesting little server. I think someone who does a little bit of packetry (very small packet about 4 bytes in length) can find out what the person queried before him, so it leaks some data. Perhaps I can turn you on to my dns server called wildcarddnsd. http://wildcarddns.sourceforge.net I developed this daemon on openbsd from the start. Granted it's a little more code than microdns but may not leak like that. Cheers, -peter
ALTQ and VLAN interfaces
Hi All, I have the following OpenBSD multi-tenant firewall setup: | +-+---+++---+---+ | | vlan10 |||vlan11 | | | | 195.188.200.a |--(em0)--| 195.188.201.a | | | | 195.188.200.b | | 195.188.201.b | | | | rdomain 1 | | rdomain 2 | | | +---+ +---+ | | | | +---+ +---+ | | |vlan160| |vlan161| | | | 10.1.160.1 |--(em1)--| 10.1.160.1 | | | | rdomain 160 ||| rdomain 161 | | +-+---+++---+---+ | vlan10 and vlan11 represent the PUBLIC side of the firewall and each vlan has a separate rdomain. A customer could be assigned IP addresses from both vlan10 and vlan11. Traffic from vlans 160 and 161 is then natted out of vlan10 and vlan11 using pf rules (and vice-verse, with some tagging). vlan160 and vlan161 represent the customer side of the firewall, ip addresses on this side can only be rfc1918, but can be the same subnets in each vlan (hence separate rdomains). What I'd like to be able to do is queue traffic as it leaves the firewall, both north and south, but I'm unsure as to where to enable altq. Should I do: # out being out of em0 altq on em0 cbq bandwidth 300Mb queue { INT_em0, queue1_out, queue2_out } queue INT_em0 bandwidth 100Mb cbq(default) queue queue1_out bandwidth 100Mb cbq(ecn) queue queue2_out bandwidth 100Mb cbq(ecn) # Using pass in to keep state for packets coming back out of vlan10 pass in on vlan10 from any to 195.188.200.a queue queue1_out pass in on vlan10 from any to 195.188.200.b queue queue2_out # in being out of em1 altq on em1 cbq bandwidth 300Mb queue { INT_em1, queue1_in, queue2_in } queue INT_em1 bandwidth 100Mb cbq(default) queue queue1_in bandwidth 100Mb cbq(ecn) queue queue2_in bandwidth 100Mb cbq(ecn) # Using pass in to keep state for packets coming back out of vlan160 or vlan161 pass in on vlan160 from any to any queue queue1_in pass in on vlan160 from any to any queue queue2_in or should I do: altq on vlan10 cbq bandwidth 300MB queue { INT_vlan10, queue1_out, queue2_out } queue INT_vlan10 bandwidth 100Mb cbq(default) queue queue1_out bandwidth 100Mb cbq(ecn) queue queue2_out bandwidth 100Mb cbq(ecn) # Using pass in to keep state for packets coming back out of vlan10 pass in on vlan10 from any to 195.188.200.a queue queue1_out pass in on vlan10 from any to 195.188.200.b queue queue2_out # in being out of vlan160 altq on vlan160 cbq bandwidth 100Mb queue { INT_vlan160 } queue INT_vlan160 bandwidth 100Mb cbq(default) # Using pass in to keep state for packets coming back out of vlan160 or vlan161 pass in on vlan160 from any to any queue queue1_in pass in on vlan160 from any to any queue queue2_in With altq statements for each vlan interface. Ideally I'd want to do altq on the vlan parent interface. Thanks, Peter
Re: hi...
don't respond to the spammer, idiot. On 2012 Mar 15 (Thu) at 21:49:56 +0100 (+0100), Francois Pussault wrote: :When it will be 200% discount free shipping it then only be interesting : :morron spammer -- When you have an efficient government, you have a dictatorship. -- Harry Truman
Re: Which automake and autoconfig versions to compile NTOP v4?
On 2012 Mar 12 (Mon) at 00:44:15 + (+), Kaya Saman wrote: :Would it not just be easier and cleaner to create a new list for :newbies? That way the more advanced stuff could be taken care of on :this list and only people willing to help others could post useful :comments and help on the other list. This mailing list does exist. I've been running it (in a very lazy fasion) since 2002. You can sign up for it at http://mailman.theapt.org/listinfo/openbsd-newbies -- We can predict everything, except the future.
Re: Which high end multichannel audio interfaces work?
On 2012 Mar 10 (Sat) at 10:07:25 +0100 (+0100), Jan Stary wrote: :On Mar 09 18:17:50, Jochen Fabricius wrote: : I want to build a very flexible PC based digital crossover solution, : :What's a digital crossover solution? : Ok, seriously. If you do not know what someone is talking about, please do not send noise to the mailing list. I took your exact quote, put it in google, and found relevant answers in *every* *single* *link* on the first few pages. Heck, even the previews had relevance. -- Old age is the most unexpected of things that can happen to a man. -- Trotsky
Re: Request for a new list: trolling
0xAAA 0x...@online.de writes: My suggestion: We create a new list, eg. trolling or smalltalk where other users can discuss about senseless questions. Wouldn't it be even better if we headed them off with a web forum or even a facebook group? - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pfsync changes in current?
On 2012 Mar 07 (Wed) at 15:58:21 +0200 (+0200), Kapetanakis Giannis wrote: :Hi, : :I'm running a setup of Active/backup firewalls with carp/pfsync :successfully for the last year. : :Today I've upgraded the primary firewall to the latest snapshot (12 Feb), :and as soon as the firewall booted it became MASTER before pfsync :bulk transfer completed. : :Mar 7 15:42:04 echidna /bsd: carp: pfsync0 demoted group carp by 1 :to 133 (pfsync bulk start) :Mar 7 15:42:04 echidna /bsd: carp: pfsync0 demoted group pfsync by 1 :to 1 (pfsync bulk start) :Mar 7 15:42:04 echidna /bsd: carp: pfsync0 demoted group carp by -1 :to 128 (pfsyncdev) :Mar 7 15:42:04 echidna /bsd: carp: pfsync0 demoted group pfsync by :-1 to 0 (pfsyncdev) : :At this point carp group is also automatically demoted to 0-zero and :it takes over as MASTER. Can you show this piece from the logs? Do you have additional logs? How are the interfaces connected, do you have a dedicated link for the pfsync traffic? Can you also share your ruleset? :I manually did ifconfig -g carp carpdemote to force it to SLAVE :in order for pfsync bulk transfer to complete and don't loose active :connections. : :Mar 7 15:46:11 echidna /bsd: carp: pfsync0 demoted group carp by -1 :to 0 (pfsync bulk done) :Mar 7 15:46:11 echidna /bsd: carp: pfsync0 demoted group pfsync by :-1 to 0 (pfsync bulk done) : :Secondary firewall is running 5.0 GENERIC#96 i386 from 21 Nov 2011. :Can it be a mis-communication between the 2 firewalls due different :versions? : :regards, : :Giannis : -- Perfect day for scrubbing the floor and other exciting things.
Re: Snappy Answers to Stupid Questions - WTF?
On Fri, Mar 09, 2012 at 08:28:37AM +0100, Fredrik Staxeng wrote: Do you want users at all? Or was Linus right? well, we *do* prefer those who come with a sense of humor. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: current releases not updated?
On Wed, Mar 07, 2012 at 09:07:32AM +0100, Didier Wiroth wrote: In the past current os packages were updated more often, is there a reason why packages are (somewhat old) or are there some changes in current update behavior? There was a similar pause in production of snapshots and their packages around release-cutting time about half a year ago too. I'd expect snapshot updates to resume soonish, but I have no firm dates or actual officialish info. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: My OpenBSD 5.0 installation experience (long rant)
On Wed, Mar 07, 2012 at 01:26:41PM +0100, Leonardo Sabino dos Santos wrote: Next, the disk stuff comes up. A lot of partition information appears on the screen, followed by the question: Use (W)hole disk or (E)dit the MBR? [whole] At this point I'm actually trying to remember if there's a way to scroll back the console, because some information has scrolled of the screen. I try PageUp, PageDown, Ctrl-UpArrow, Ctrl-DownArrow, but nothing works, so I press Enter. the OpenBSD installer looks somewhat simplistick, but it's quite consistent in its chosen conventions, such as displaying the default action in square brackets and pressing Enter to accept the entered or displayed value. or the TL;DR version: you said you wanted to use the whole disk for OpenBSD, so of course it took you seriously. I joined this mailing list just to tell you this: Right now, I feel like never, ever touching OpenBSD with a ten-foot pole again. The best advice you'll ever get about this paricular situation is to read the FAQ (http://www.openbsd.org/faq/), with particular attention to part 4 (the installation part) and perhaps http://www.openbsd.org/faq/faq4.html#Multibooting for the various multiboot options. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: My OpenBSD 5.0 installation experience (long rant)
On 2012 Mar 07 (Wed) at 13:26:41 +0100 (+0100), Leonardo Sabino dos Santos wrote: ... :I'm not actually paying :a whole lot of attention to the questions as this is just a test :installation and I figure I can always explore and configure the :system later. : You should always pay attention to an *installation* program. Especially one that installs an *OS*, which is likely to erase your drive. :Next, the disk stuff comes up. A lot of partition information appears :on the screen, followed by the question: : : Use (W)hole disk or (E)dit the MBR? [whole] : :At this point I'm actually trying to remember if there's a way to :scroll back the console, because some information has scrolled of the :screen. I try PageUp, PageDown, Ctrl-UpArrow, Ctrl-DownArrow, but :nothing works, so I press Enter. : :And my partition table is gone. Poof! Instantly, with no confirmation. The confirmation was the part that you quoted. Sorry, but you *do* need to read what the installation program tells you. That is the entire point of having instructions on the screen. -- I really hate this damned machine I wish that they would sell it. It never does quite what I want But only what I tell it.
Re: My OpenBSD 5.0 installation experience (long rant)
Dmitrij D. Czarkoff czark...@gmail.com writes: OpenBSD installer should be tuned so that hitting [Enter] all the way gets you to a bootable system without side effects My typical install is almost all hitting Enter (with a couple of obvious exceptions9, and it ends with a bootable and very usable system. But then I tend to want OpenBSD as the main or only system. Multiboot setups like the one the OP wanted requires a bit of paying attention and is risky in general. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Any experience with AMD Fusion?
I have a Lenovo e205, with the AMD Fusion CPU. no 2d accel, no Xv. other than that, I haven't noticed any probems. On 2012 Mar 06 (Tue) at 20:34:23 +0100 (+0100), Dmitrij D. Czarkoff wrote: :Hi! : :I consider buying Lenovo ThinkPad E325. Among other hardware it features :AMD Fusion E450 APU with Evergreen graphics. : :AFAIK, on linux it is already supported, but the radeon(4) doesn't list :AMD's HD5xxx series, so I wanted to ask: : :*Did anyone have any experience with this hardware under OpenBSD? : :*What should I expect from it (2D acceleration, Xv, UVD support)? : :-- :Dmitrij D. Czarkoff : -- The earth is like a tiny grain of sand, only much, much heavier.
Re: OpenBSD 5.0 Trunk with Netgear Managed Switch
If it is a bug, I wouldn't know where to begin to try and solve it, but am willing to do whatever to help figure it out. On Sat Mar 3 19:05:39 2012, Christian Weisgerber na...@mips.inka.de wrote: Peter Erickson redlam...@gmail.com wrote: without any problems when using a trunk so I'm pretty confident that the switch is configured properly, but am confused about why the trunk interface will work on a net5501 and not a net6501. The only thing I can thing of at this point is the net6501 is using the em driver with 4x Intel 82574IT Gigabit Ethernet ports and the net5501 is using the vr driver with 4 VIA VT6105M 10/100 Mbit Ethernet ports, but not sure why it would matter. Those vr's don't have hardware VLAN tagging support, but the em's do. That shouldn't matter, but maybe there is a bug in that area. Hmmm. -- Christian naddy Weisgerber na...@mips.inka.de
OpenBSD 5.0 Trunk with Netgear Managed Switch
I have a soekris net6501 running obsd 5.0 and am having problems creating a trunk interface between it and a Netgear GSM7228PS managed switch. The switch is configured such that ports 23 and 24 are in a LAG group and all traffic from vlan id's 2 and 3 should leave the lag tagged. After creating the trunk and vlans on the net6501, I'm finding that all traffic traveling through the switch is not properly tagged even though traffic from the net6501 is. If I remove the lag on the switch and create the vlans on a single interface, everything works as expected. Based on that, I thought it was a netgear issue and contacted them. After hours of trouble shooting with no luck, I just happened to take the same 5.0 image and run it on a soekris net5501. This worked without any problems when using a trunk so I'm pretty confident that the switch is configured properly, but am confused about why the trunk interface will work on a net5501 and not a net6501. The only thing I can thing of at this point is the net6501 is using the em driver with 4x Intel 82574IT Gigabit Ethernet ports and the net5501 is using the vr driver with 4 VIA VT6105M 10/100 Mbit Ethernet ports, but not sure why it would matter. Any help in identifying the problem would be appreciated. This is how I created the interfaces... the only difference between how I configured the net6501 and the net5501 was that the net5501 uses the vr driver as opposed to the em. # ifconfig trunk0 trunkproto lacp trunkport em2 trunkport em3 up # ifconfig vlan2 inet 172.16.2.253 netmask 255.255.255.0 \ vlan 2 vlandev trunk0 # ifconfig em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c4 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.3.254 netmask 0xff00 broadcast 172.16.3.255 inet6 fe80::200:24ff:fece:69c4%em0 prefixlen 64 scopeid 0x1 em1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c5 priority: 0 media: Ethernet autoselect (none) status: no carrier em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::200:24ff:fece:69c4%em2 prefixlen 64 scopeid 0x3 em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::200:24ff:fece:69c4%em3 prefixlen 64 scopeid 0x4 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:00:24:ce:69:c6,4044,,), (8000,c4:3d:c7:92:59:41,01A3,,)] trunkport em3 active,collecting,distributing trunkport em2 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet6 fe80::200:24ff:fece:69c6%trunk0 prefixlen 64 scopeid 0x8 vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 vlan: 2 priority: 0 parent interface: trunk0 groups: vlan status: active inet6 fe80::200:24ff:fece:69c6%vlan2 prefixlen 64 scopeid 0x9 inet 172.16.2.253 netmask 0xff00 broadcast 172.16.2.255
Re: OpenBSD 5.0 Trunk with Netgear Managed Switch
Yes to both... From the Netgear's perspective, the LAG looks good. It's up and both interfaces are full-duplex. On Sat Mar 3 14:21:36 2012, Dan Shechter dans...@gmail.com wrote: Do you see the LAG up on the netgear? Do you see the links on the netgear as FD? Best regards, Dan On Sat, Mar 3, 2012 at 8:25 PM, Peter Erickson redlam...@gmail.com wrote: I have a soekris net6501 running obsd 5.0 and am having problems creating a trunk interface between it and a Netgear GSM7228PS managed switch. The switch is configured such that ports 23 and 24 are in a LAG group and all traffic from vlan id's 2 and 3 should leave the lag tagged. After creating the trunk and vlans on the net6501, I'm finding that all traffic traveling through the switch is not properly tagged even though traffic from the net6501 is. If I remove the lag on the switch and create the vlans on a single interface, everything works as expected. Based on that, I thought it was a netgear issue and contacted them. After hours of trouble shooting with no luck, I just happened to take the same 5.0 image and run it on a soekris net5501. This worked without any problems when using a trunk so I'm pretty confident that the switch is configured properly, but am confused about why the trunk interface will work on a net5501 and not a net6501. The only thing I can thing of at this point is the net6501 is using the em driver with 4x Intel 82574IT Gigabit Ethernet ports and the net5501 is using the vr driver with 4 VIA VT6105M 10/100 Mbit Ethernet ports, but not sure why it would matter. Any help in identifying the problem would be appreciated. This is how I created the interfaces... the only difference between how I configured the net6501 and the net5501 was that the net5501 uses the vr driver as opposed to the em. # ifconfig trunk0 trunkproto lacp trunkport em2 trunkport em3 up # ifconfig vlan2 inet 172.16.2.253 netmask 255.255.255.0 \ vlan 2 vlandev trunk0 # ifconfig em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c4 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.3.254 netmask 0xff00 broadcast 172.16.3.255 inet6 fe80::200:24ff:fece:69c4%em0 prefixlen 64 scopeid 0x1 em1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c5 priority: 0 media: Ethernet autoselect (none) status: no carrier em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::200:24ff:fece:69c4%em2 prefixlen 64 scopeid 0x3 em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::200:24ff:fece:69c4%em3 prefixlen 64 scopeid 0x4 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:00:24:ce:69:c6,4044,,), (8000,c4:3d:c7:92:59:41,01A3,,)] trunkport em3 active,collecting,distributing trunkport em2 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet6 fe80::200:24ff:fece:69c6%trunk0 prefixlen 64 scopeid 0x8 vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:69:c6 priority: 0 vlan: 2 priority: 0 parent interface: trunk0 groups: vlan status: active inet6 fe80::200:24ff:fece:69c6%vlan2 prefixlen 64 scopeid 0x9 inet 172.16.2.253 netmask 0xff00 broadcast 172.16.2.255 -- Peter Erickson redlam...@gmail.com
EuroBSDCon 2012 Call For Proposals
EuroBSDcon 2012 === EuroBSDcon is the European technical conference for users and developers on BSD-based systems. The EuroBSDcon 2012 conference will be held in Warsaw, Poland from Thursday 18 October 2012 to Sunday 21 October 2012, with tutorials on Thursday and Friday and talks on Saturday and Sunday. Call for Proposals -- The EuroBSDcon conference is inviting developers and users of BSD-based systems to submit innovative and original papers not submitted to other European conferences on BSD-related topics. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes. Call for Tutorial Proposals --- The EuroBSDcon conference is inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Submission address -- Proposals should be submitted by email to submiss...@eurobsdcon.org. Important dates --- The EuroBSDcon conference is accepting abstracts and tutorial proposals until 20 May 2012. Other important dates will be announced soon at the conference website http://2012.eurobsdcon.org/.
Re: Router project on OpenBSD questions
On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote: :OpenBSD is not perfect too, it would be nice that pflow handles ipv6 pflow now handles ipv6 (in 5.1) :and the support of one year is a bit short. But nothing is perfect. If you need support for longer than a year, you will need to contact a vendor offering openbsd support. -- Fights between cats and dogs are prohibited by statute in Barber, North Carolina.
Re: pgt firmware ...
NO! For the love of everything holy, don't fucking use wget. the built-in ftp(1) client can download from http servers. and, do NOT just extract the files. we have package tools for a reason. EITHER: a) pkg_add http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2.tgz OR b) ftp http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2.tgz pkg_add ./pgt-firmware-1.2.tgz Anything else is stupid. On 2012 Feb 26 (Sun) at 18:21:31 +0400 (+0400), Wesley M. wrote: :Try this : :add wget package using pkg_add -vi wget :wget http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2p2.tgz :Then extract this in /etc/firmware. :Halt your machine, Remove your network card, and now plug the new card, :boot : :Hope that it will help. : :Wesley. : : :On Mon, 27 Feb 2012 00:02:28 +1030, David Walker :davidianwal...@gmail.com wrote: : Thanks Wesley. : : I forgot about that. : I was going from man pgt which says: : FILES : : A prepackaged version of the firmware, designed to be used with : pkg_add(1), can be found at: : : http://firmware.openbsd.org/firmware/pgt-firmware-1.2.tgz : : The problem I have is that fw_update doesn't accept arguments and I : need the adjacent pcmcia slot for the ethernet card and they are both : bulky cards. : I need to remove the conexant card to insert the ethernet card to : access the network and then fw_update reports there are no devices to : update - the conexant card is no longer attached. : :] : : If you can think of a way to run this locally it'd be great. : : On 26/02/2012, Wesley M. open...@e-solutions.re wrote: : try fw_update (provided in OpenBSD 5.0) : : Wesley. : : On Sun, 26 Feb 2012 17:51:03 +1030, David Walker : davidianwal...@gmail.com wrote: : Hi. : : I'm trying to do: : pkg_add http://firmware.openbsd.olg/firmware/pgt-firmware-1.2.tgz : : I get this: : parsing pgt-firmware-1.2.tgz : Bad pkg_db: No such file or directory at : /usr/libdata/perl5/OpenBSD/PackageInfo. : pm line 63. : : Do I need to add perl manually? : : Best wishes. : -- Cleaning your house while your kids are still growing is like shoveling the walk before it stops snowing. -- Phyllis Diller
Re: Unbound in base
Hello, Why replacing bind ? Kind Regards Peter - Oorspronkelijk bericht - Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl] Verzonden: Monday, February 13, 2012 10:35 PM Aan: misc@openbsd.org misc@openbsd.org; t...@openbsd.org t...@openbsd.org Onderwerp: Unbound in base Hello, After some recent discussions [1, 2] on the topic of unbound in base, and (more important) really liking the idea of an alternative for BIND in base, I made a start with fitting the different pieces of the puzzle. What is finished: 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of relevant Makefile wrappers. Wrapper script also compiles and installs drill; 2.) Testing (read: does it compile and work) on AMD64. Stuart Henderson had some good remarks on integrating the above [3]. What do you guys think of the following: What to do with the BIND tools (dig/host/nslookup)? Unbound offers drill. From drill.1: The name drill is a pun on dig. With drill you should be able get even more information than with dig.. Proposal therefore is to replace the BIND tools with drill. Do we run unbound-anchor automatically? if so, how do we handle possibly not having working DNS at that time to resolve data.iana.org (http://data.iana.org) (http://data.iana.org)? From unbound-anchor.8 I understand that unbound-anchor can be run from the command line, or run as part of startup scripts _before_ the actual (unbound) DNS server is started. So there is no need for DNS. Proposal therefor is to run unbound-anchor automatically before starting the unbound daemon (rc_pre in unbound rc-script). How and when do we automatically generate unbound-control keys? if so, where should that be done? b From unbound-control.8: The script unbound-control-setup generates these control keys in the default run directory. If you change the access control permissions on the key files you can decide who can use unbound-control. Run the script under the same username as you have configured in unbound.conf or as root, so that the daemon is permitted to read the files, for example with: sudo -u unbound unbound-control-setup. If you have not configured a username in unbound.conf, the keys need read permission for the user credentials under which the daemon is started. The script preserves private keys present in the directory. After running the script as root, turn on control-enable in unbound.conf. The unbound-control-script can be called from rc-make_keys(). The knob 'control-enable' can be set as default. After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to large to send to this list. if anyone feels like looking at the workbdo not hesitate to mail me. Again, what do you guys think? Kind regards, BjC6rn [1] http://marc.info/?l=openbsd-miscm=132205020820910w=2 [2] http://marc.info/?l=openbsd-techm=132573371521516w=2 [3] http://marc.info/?l=openbsd-miscm=132217547525487w=2
Re: Keeping installed ports up-to-date
On Tue, Feb 14, 2012 at 07:06:26PM +1030, Giridhari wrote: whatbs the correct procedure for keeping ports that are installed up to date when the system is updated with CVS? Use packages. Set your PKG_PATH to something appropriate - since I'm based in northern Europe, the .profile for a i386 box of mine contains this line: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/`uname -m`/ then use pkg_add -vui or similar to fetch and install updated packages that may be available. Only very rarely does it make sense to build packages locally. Also the FAQ is your best friend, in this case specifically part 15 - http://www.openbsd.org/faq/faq15.html - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Unbound in base
On 2012 Feb 14 (Tue) at 13:23:01 +0400 (+0400), Mo Libden wrote: :14 QP5P2QP0P;Q 2012, 12:59 PQ Gregory Edigarov g...@bestnet.kharkov.ua: : On Tue, 14 Feb 2012 08:09:16 + : Peter van Oord van der Vlies peter.vanoordvandervl...@itisit.nl wrote: : : Hello, : : Why replacing bind ? : : Because bind is full of security related bugs and a bloatware. : :Oh come on! :They say about the same thing about sendmail for years (decades already?). :Still it is in the base. Did you notice that there is lots of work being done to replace sendmail? Yes, there is an interest in replacing bind (and sendmail). However, we are doing it slowly and cautiously, to ensure we do not make the situation worse. -- Any sufficiently advanced technology is indistinguishable from a rigged demo.
Re: Unbound in base
On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote: 14 QP5P2QP0P;Q 2012, 12:59 PQ Gregory Edigarov g...@bestnet.kharkov.ua: On Tue, 14 Feb 2012 08:09:16 + Peter van Oord van der Vlies peter.vanoordvandervl...@itisit.nl wrote: Hello, Why replacing bind ? Because bind is full of security related bugs and a bloatware. Oh come on! They say about the same thing about sendmail for years (decades already?). Still it is in the base. smtpd(8) is underway. Also there is no proper MTA implementation out there served under the BSD license (i.e. Postfix has IBM license). Unbound (and also nsd) is a good and lightweight alternative to sendmail using the BSD license. License stuff is more important than it sounds. IMO the separate development of a resolver (unbound) and an authoritive nameserver (nsd) is better than having all functionality within one server (named). -- Oliver PETER oli...@opdns.de 0x456D688F
Re: Compiling R from source
Including missing headers is completely the correct fix, please submit the patches to the upstream author. On 2012 Feb 06 (Mon) at 10:01:49 + (+), Zi Loff wrote: :I managed to compile R-2.14.0 and .1 from source on OpenBSD 5.0 (i386). : :Make failed because that two of the tre source files require stdint.h :(for WCHAR_MAX definition) but don't include it. I managed to build R by :inserting :#include stdint.h :on src/extra/tre/tre-compile.c and src/extra/tre/tre-parse.c : :I know this is an ugly hack, and fiddling with the sources seldom is a :good idea, but it got the job done... : :There are some additional issues with the Cairo graphics device, :-pthread as a LDFLAG and some of the tests that configure runs, but I'm :still working on that. I'll share my findings when I have more concrete :answers (later today, hopefully). : : : :On 02/03/12 12:02, Richard Thornton wrote: : Using OpenBSD 5 on an old sparc 64 sun blade, I am trying to compile R from : source, downloaded from the cran-r website; : The ./configure works, but make always fails. I realize that there is a R : package available already but it is a 2008 version, and it has terrible : graphics, anyone have a more recent port for sparc64? : -- One planet is all you get.
Re: sendmail TLS errors
Thanks, particularly for the Try_TLS:rci.rcimx.net NO If fact I had to use Try_TLS:rcimx.net NO Try_TLS:securence.com NO To get all the ones that I know about -Original Message- From: Philip Guenther [mailto:guent...@gmail.com] Sent: Saturday, February 04, 2012 1:53 AM To: Peter Fraser Cc: misc@openbsd.org Subject: Re: sendmail TLS errors On Sat, Jan 28, 2012 at 1:59 PM, Peter Fraser p...@thinkage.ca wrote: I am getting the following errors, with sendmail (Openbsd 5.0 and errors were there for 4.9 as well) ... Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list:/usr/src/lib/libssl/ssl/../src/ssl/t1_lib.c:1470: ... From peering around with google these seem to come from an error in ssl. I assume that it is edgewave.com.mx1.rci.rcimx.net that has the error, not OpenBSD 5.0 but none the less I cannot send email to this site, with TLS enabled. This was a bug in the EC point extension support in OpenSSL versions before 1.0.0c, including the version in OpenBSD 5.0. It's fixed in the version of OpenSSL that's been imported since then for OpenBSD 5.1. It my surprise I found that not configuring TLS on sendmail.mc only turns it off for receiving not sending. That's true. There's a fundamental asymmetry to SSL/TLS, where servers have to be configured with certs and such but clients require nothing. My reading of the history of the design of SSL is that that was intentional. So, how do you turn TLS client support off completely in sendmail? The easiest method is probably to use LOCAL_TRY_TLS in your .mc file to define a try_tls ruleset that always returns NO. The only way I can find to turn it off for sending is by adding Try_TLS:edgewave.com.mx1.rci.rcimx.net NO Try_TLS:edgewave.com.mx2.rci.rcimx.net NO Try_TLS:edgewave.com.mx3.rci.rcimx.net NO Try_TLS:edgewave.com.mx4.rci.rcimx.net NO to sendmail's map access database. That looks correct. You could also apply that to the entire rci.rcimx.net domain with a single entry: Try_TLS:rci.rcimx.net NO It would have been nice if sendmail falls back to a none TLS connection if the handshake occurs. Well, the handshake also fails whenever an attackers interferes with the connection. A revert to insecure when attacked behavior makes you secure except when it matters. Philip Guenther
sendmail TLS errors
I am getting the following errors, with sendmail (Openbsd 5.0 and errors were there for 4.9 as well) Jan 28 16:34:48 mail sm-mta[24871]: starting daemon (8.14.5): SMTP+queueing@00:30:00 Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list:/usr/src/lib/libssl/ssl/../src/ssl/t1_lib.c:1470: Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:14092113:SSL routines:SSL3_GET_SERVER_HELLO:serverhello tlsext:/usr/src/lib/libssl/ssl/../src/ssl/s3_clnt.c:945: Jan 28 16:34:51 mail sm-mta[372]: ruleset=tls_server, arg1=SOFTWARE, relay=edgewave.com.mx1.rci.rcimx.net, reject=403 4.7.0 TLS handshake failed. From peering around with google these seem to come from an error in ssl. I assume that it is edgewave.com.mx1.rci.rcimx.net that has the error, not OpenBSD 5.0 but none the less I cannot send email to this site, with TLS enabled. It my surprise I found that not configuring TLS on sendmail.mc only turns it off for receiving not sending. The only way I can find to turn it off for sending is by adding Try_TLS:edgewave.com.mx1.rci.rcimx.net NO Try_TLS:edgewave.com.mx2.rci.rcimx.net NO Try_TLS:edgewave.com.mx3.rci.rcimx.net NO Try_TLS:edgewave.com.mx4.rci.rcimx.net NO to sendmail's map access database. The addresses belong to a email company that handles email for a other companies. I know of 5 companies that I cannot send to. You can try this yourself by sending email to x...@redcondor.com The email doesn't exist but the connection is dropped before anyone discovers that xxx is not valid. It would have been nice if sendmail falls back to a none TLS connection if the handshake occurs. As it is I have to watch the maillog to identify which mail is being blocked and adding the resulting address the access map
Re: Starting out
Jannik Pruitt pruttel...@googlemail.com writes: I got my netier xl 1000 runing now. It has full network and I can ssh to and from. X does come up. excellent, you're on your way to several good and interesting experiences! What I want to do now is put a better terminal in. A small office suite either console or X based or both. And I want to install a web browser I'm not quite sure what your criteria are for any of these. The best advice I can offer is to explore what the package system has to offer. Read the man pages, man 7 packages might be appropriate, or you could try browsing eg http://openports.se/ and see what strikes you as appealing. Also, a web search on OpenBSD + whatever will hopefully turn up useful references for whatever, likely from the archives of openbsd-misc. I know that Open BSD is not really a desk top system. wut? it's been my main desktop since quite a while back (2005ish if memory serves -- I was on FreeBSD or Linuxes until I came to my senses). But its so low in installed space That it is. I think the numbers from the pix in my old blog post http://bsdly.blogspot.com/2010/01/goodness-of-men-and-machinery.html are still in the ballpark (except the compNN.tgz set, which shrunk to sixtyish megs compressed by weedning out irrelevancies soon after) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
5.1-beta compiler warning confuses me
Hi, I have a vm that I upgraded to 5.1-beta last week some time. One of my software's is getting a compiler warning now that it didn't get in 5.0. --- cc -Wall -g -I/usr/local/include/db4 -c reply.c reply.c: In function 'create_anyreply': reply.c:2975: warning: array size (2) smaller than bound length (4) reply.c:2975: warning: array size (2) smaller than bound length (4) cc -Wall -g -I/usr/local/include/db4 -c additional.c --- The line of code looks like this: --- memcpy((char *)answer-rdata, (char *)sd-a[pos++ % mo d], sizeof(in_addr_t)); --- The entire file can be found at sourceforge cvs repo here: http://wildcarddns.cvs.sourceforge.net/viewvc/wildcarddns/wildcarddnsd/reply.c?view=log What could cause this? And how do I fix my code to get rid of this warning? Thanks for any help, -peter
Re: 5.1-beta compiler warning confuses me
On Thu, Jan 26, 2012 at 07:03:39PM +0100, Otto Moerbeek wrote: http://wildcarddns.cvs.sourceforge.net/viewvc/wildcarddns/wildcarddnsd/reply.c?view=log Which revision are you using? -Otto Hi Otto, I'm at HEAD with this, it requires berkeley db 4.6 (or higher) if you are wanting to compile this. -peter What could cause this? And how do I fix my code to get rid of this warning? Thanks for any help, -peter
Re: 5.1-beta compiler warning confuses me
On Thu, Jan 26, 2012 at 07:22:37PM +0100, Otto Moerbeek wrote: cc -Wall -g -I/usr/local/include/db4 -c reply.c reply.c: In function 'create_anyreply': reply.c:2975: warning: array size (2) smaller than bound length (4) reply.c:2975: warning: array size (2) smaller than bound length (4) cc -Wall -g -I/usr/local/include/db4 -c additional.c some cut 2553 struct answer { 2554 u_int16_t type; /* 0 */ 2555 u_int16_t class;/* 2 */ 2556 u_int32_t ttl; /* 4 */ 2557 u_int16_t rdlength; /* 8 */ 2558 char rdata[0]; /* 10 */ 2559 } __packed; Since rdate is an array, there's at least a redundant . Zero sized arrays are actually not legal and a gnu extension. With ANDSI C, use [1] but note it changes the size of the struct), and with C99 use []. -Otto When I changed it to char rdata[4]; on line 2558 like you pointed me to the message disappeared. Now correct me if I'm wrong, __packed or __attribute__((packed)) which I throw out due to some code example eons ago, should have packed the struct below a 2 byte boundary or something. Is this functionality gone now? Because when I do rdata[4], the size of the struct should be 14 bytes which lies on a 2 bytes boundary. Thankfully my code is forgiving on an rdata[4]. At least at first sight. Thank you for solving my problem! (Thanks to Christiano too!) -peter
Re: OpenBSD 4.4
R0me0 *** knight@gmail.com writes: I'm running a full patched OpenBSD 4.4 with very complex setup, and I'm planning an upgrade to 5.0. That's a seriously long jump, but then again, that upgrade may very well be a blessing in disguise -- an opportunity to identify what parts of your complex setup are actually just cascades of accidents that followed quasi-logically from other earlier accidents (no worries, this should sound familiar to most of the people who've been around for a while) and what actually matters and needs to be that way for a reason. Do take the time for proper preparations, though: at the very least read through the upgrade steps for each of the versions, starting from http://www.openbsd.org/faq/upgrade45.html and proceeding through http://www.openbsd.org/faq/upgrade50.html. The only *supported* method is to go through all of those upgrade steps, but you might find it easier to back up your data and config, do a clean install, restore data and then introduce those configuration elements that are in fact essential or at least useful for your particular environment. At this moment, if I execute nmap 10.20.0/16, I have a dbg . I've limited the number of max connections and connections per seconds, that solved the problem. When dbg occurs, I cannot do a trace because it completely hangs. Others have offered as useful input as can be had on those. Good luck with the upgrade! All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
youtube works, thanks!
Hi, I noticed today by accident that the videos on Youtube work. They are HTML5. The sound I made happen by by starting aucat -l. Is this old news or am I dreaming? -peter
Re: OpenBSD 5.0-current (GENERIC) #65: Thu Nov 3 00:58:36 MDT 2011
This is not -current, this is -release. This PKG_PATH will not work with 5.0-current. On 2012 Jan 19 (Thu) at 18:16:59 +0100 (+0100), Francois Pussault wrote: :Hi, : :I use this : :# echo $PKG_PATH :ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/sparc64/ : : : : From: Richard Thornton thornton.rich...@gmail.com : Sent: Thu Jan 19 17:50:08 CET 2012 : To: misc misc@openbsd.org : Subject: OpenBSD 5.0-current (GENERIC) #65: Thu Nov 3 00:58:36 MDT 2011 : : : Is this the most recent current version for sparc64 and does this imply : that I have the true current kernel running, thus my PKG_PATH should be : set to pull for the current set of packages? : : : :Cordialement :Francois Pussault :3701 - 8 rue Marcel Pagnol :31100 ToulouseB :FranceB :+33 6 17 230 820 B +33 5 34 365 269 :fpussa...@contactoffice.fr : -- You may easily play a joke on a man who likes to argue -- agree with him. -- Ed Howe
Re: locate weirdness
On 2012 Jan 18 (Wed) at 10:15:34 -0600 (-0600), L. V. Lammert wrote: :Running the find separately identified the file system problem, and :it was easily fixed as a result. So, what was the actual problem? Permissions? -- There are two types of people in this world, good and bad. The good sleep better, but the bad seem to enjoy the waking hours much more. -- Woody Allen
Re: mailserv project
On 2012 Jan 17 (Tue) at 09:17:35 -0500 (-0500), Nico Kadel-Garcia wrote: :On Mon, Jan 16, 2012 at 9:32 AM, Nick Holland :n...@holland-consulting.net wrote: : On 01/16/12 02:09, Wesley M. wrote: : On Mon, 16 Jan 2012 07:40:57 +0100, Tomas Bodzar tomas.bod...@gmail.com : wrote: : There's sendmail in base system and there's ongoing work on smtpd by : OpenBDS devs (other components are in ports). Anyway you're welcome to : start port see http://www.openbsd.org/faq/ports/index.html : : : It is not an other MTA. : It is a script with config files, it installs a secure mail server : (Administration using a Web interface) : Postfix+Nginx+Spamd+Spamassassin+Dovecot+Roundcube+sql database : Actually works on OpenBSD 4.8 / 4.9 : : It doesn't work on OpenBSD 5.0 : There's a lot of changes like Nginx/Dovecot/php : : If someone can update the work : http://[cobwebsite deleted]/ : : Ah, sounds like you found a good reason NOT to use projects like this. : Do this, do that, download this, run that, *poof!* you have a mail : server with no idea what you are doing! : :Be nice to tne newbs! Showing them a well written tool, especially a :configuration interface, that they can follow the workflow of is :priceless to a busy admin or a busy programmer. : Except, it ISN'T a well written tool. It is horrifically bad. And the intention is not to teach, but to click-and-forget, which is dangerous at best. -- Draft beer, not people
Re: No schizophrenia
Omg, this one is still going on? Please stop filling those Internet tubes with useless attempts to argument with a troll. You'd never win. And this whole topic... Waste of time... Peter On Jan 11, 2012 12:24 AM, John Tate j...@johntate.org wrote: Just an idiot, Jan Stary, who turned the sentence 7 years of FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and less faith in minds like hers. What an embarrassment... oh dear. She should learn to read. I'm back, healthy as can be. I had a nice holiday. I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU John Tate -- www.johntate.org
Re: PF Snort tutorial
Wesley M. open...@e-solutions.re writes: Perhaps, this can be helpful ;-) http://www.procyonlabs.com/guides/openbsd/snort/ It's possible it's quite valid for the Snort parts, but unfortunately this HOWTO shows several of the features typical of docs maintained by people who are not, in fact, terribly familiar with OpenBSD: first off, consider the statement One thing a lot of people overlook is patching their OpenBSD system(s). This is because it is a major pain in the ass. Show of hands, how many of people here agree with that statement? Next, the only part of the system he considers important enough to patch is the kernel. (OpenBSD has patches for all parts of the base system, the only patch so far for 4.9 is for bind, not the kernel). He then moves on to rebuild all packages locally from the ports tree, but there are no indications that he builds special flavors that are not already available as downloadable packages. And finally, he then proceeds to download -- to /usr/src of all places -- the source archives for Snort and supporting software (which may or may not be due to some appropriate reason such as the packages (aka ports) lagging behind upstream), builds and installs them. All this while working as root (not a sudo in sight, but this may be one of my grumpier nights). If you find this is a useful document, it would be a very smart move to prod its author to check that the information is still up to date and to make any changes that are necessary for OpenBSD 5.0. It's only been two months, but even busy and forgetful people who take an active interest *should* be able to find the time for keeping their stuff up to date. As others have said here earlier, any document that claims to be about OpenBSD and does not live somewhere on http://www.openbsd.org/ should be treated with caution, one of the things to look out for is some basic familiarity with OpenBSD such as the points (possibly minor) I pointed out earlier. Cheers, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: CF Card setup
Jannik Pruitt pruttel...@googlemail.com writes: ifconfig says lo0 (up loop back running multicast mtu 33196 R10 Media enthernet auto (This is normally the IP address I think but there is not one) Enco - also active PFlog0 also active I assume R10 is actually rl0, indicating that the Ethernet card is a Realtek based part (see man rl). You need to put together a valid config file for that one, /etc/hostname.rl0, with appropriate contents using your favorite text editor (mg and vi are in the base system). Reading at least man hostname.if and http://www.openbsd.org/faq/faq6.html is a really good idea at this point. Most likely you need a file that consists of a single line, either dhcp for a simple dhcp setup, or for a fixed address and a specific link speed something like (lifted from man hostname.if) inet 10.0.0.1 255.255.255.0 10.0.0.255 description Bob's uplink in which case you will also need to add useful content to /etc/resolv.conf (and likely /etc/hosts) for name resolution to work plus possibly a few other wrinkles such as enabling forwarding if it's a gateway you're building, and so on. The best place to start is to read the relevant parts of the FAQ and the man pages. OpenBSD documentation is both accessible and useful, and if you're still stuck some of us have written supplementary docs that are not that hard to find. Or come back here, reasonable questions usually generate somewhat useful answers. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: CF Card setup
pe...@bsdly.net (Peter N. M. Hansteen) writes: for a simple dhcp setup, or for a fixed address and a specific link speed something like (lifted from man hostname.if) inet 10.0.0.1 255.255.255.0 10.0.0.255 description Bob's uplink actually that does not specify a line speed, but the man pages will tell you how to do that too :) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)
there is an excellent blog called www.openbsd.org/faq/. Check out the advice there. It's pretty awesome. On 2011 Dec 20 (Tue) at 07:49:11 -0500 (-0500), Richard Thornton wrote: :I used the advice from the blog called gab software. Perhaps he was wrong. I am willing to reinstall. I have no personal data to lose on this old box. : :Nick Holland n...@holland-consulting.net wrote: : :On 12/19/11 14:39, Stuart Henderson wrote: : On 2011-12-19, Richard Thornton thornton.rich...@gmail.com wrote: : Do a simple clean 5.0 install. One would assume any browser package in the : packages folder would install. None do for me on sparc, but with a clean : 4.9 install all 4.9 packages install. I am not a Unix specialist by any : means but I do know how to type pkg_add . : : Please send a mail to ports@ detailing exactly what you are doing (what : you're typing, what PKG_PATH is set to if you're using it, the contents : of /etc/pkg.conf if you're using that) and what output you see. : : This is the first I've heard of any major problem with 5.0 release : packages on any arch, if there is a problem obviously we need to know : what went wrong so we can avoid it happening in future, but before : digging into that we need to first rule out incorrect procedure. : :Don't bother, he's doing something very wrong. This is a PEBKAC :diagnostic issue, not an OpenBSD issue. : :Just happened to have a blade100 (the machine he named) sitting here, :just loaded it up, but not into production yet, so blew it away (it was :at -current, of course) and did exactly what he said: : :* simple 5.0 install from CD (only non-default was to use ntpd) :* set PKG_PATH to my local mirror :* pkg_add xxxterm :* pkg_add firefox36 (didn't seem to be newer ones for sparc64) :* pkg_add dillo :* pkg_add conkeror :* pkg_add midori :* pkg_add kazehakase :* pkg_add links+2.2p2 :* pkg_add elinks :* pkg_add w3m-0.5.3 :* pkg_add links FINALLY! an error! conflict with links+. Package :management system worked fine :) : :Other than links after links+, all installed fine. : :Starting them all at the same time on a blade100 with only 512M RAM was :not my most productive move, but they all seemed to be trying to work, :until something ran out of something and X blew me back to a command :prompt :) : :(I gotta play with some of these alternate browsers) : :Personally, I think he's screwing up between sparc and sparc64. He's :being VERY sloppy with the platform name_s_ in his posting, so I suspect :it is safe to assume he's doing that elsewhere. : :Nick. : -- Drew's Law of Highway Biology: The first bug to hit a clean windshield lands directly in front of your eyes.
Re: Upgrading AMD64 4.9-stable to 5.0
Richard Thornton thornton.rich...@gmail.com writes: I upgraded my sun blade 100 from 4.9 to 5.0; no issues but, it appears that the packages in 4.9 are not always upgradeable to those in 5.0 and most packages in 5.0 fail to install due to library dependencies. This sounds suspicously like you're mixing base and packages releases in some sort of unsupported combination. A wild guess -- trying to upgrade the packages not to 5.0, but rather packages matching a snapshot, perhaps? one would assume all 5.0 packages are created using the dev tools from 5.0 but this does not seem to be true. Once again, do not attempt to install packages built on and intende for -current on a system running -stable. I do not have time to track down all these issues, so for me openbsd will always remain a fun toy, but no better. Please go back and check what you did leading up to those errors. This sounds like the result of some fairly basic mistake, like trying to install -current packages on -stable. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Setting up access point multiple radios
I'm looking at rebuilding my OpenBSD firewall to include a wireless access point using a discrete card rather than an external access point. Can I just verify : athn(4) is a decent choice, but the docs are a bit out of date (CVS commits and comments seem to suggest power saving has been fixed, and later chipsets such as 9002/9003 are now supported?) Does OpenBSD support simultaneous 802.11a and 802.11b/g in a dual band card? I imagine the answer is 'no' (can't see how it's possible in ifconfig) - which makes the card I was previously considering (the JJPlus MR9 http://www.jjplus.com/?page_id=359) unrealistic. Thinking of the TL-WN951N (AR5008-3NG chipset) instead : http://www.cclonline.com/product/39855/TL-WN951N/Wireless-Adapters/TP-Link-300Mbps-Wireless-N-PCI-Adapter/NET1196/ Assuming the answer is no, any recommendations for an 802.11a AP capable card? I'm guessing 802.11n is some way off. Cheers! PK
Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64
Google is informative. It depends on your stepping. Try it and find out. Wikipedia says 'AMD64 supported by: all models with an OPN ending in BX and CV' and 'E6 stepping or later' If you don't have an OS installed, a boot disk with a CPU information tool would help. On 12/12/2011, sc...@web.de sc...@web.de wrote: Hallo! I took the subjectline from INSTALL.amd64. I hope this is also the right ISO for other AMD processors, not amd64. I have a Sempron 3000+ with 754 sockel, but I am not sure if it supports amd64 instructions. Rod.
Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64
On 12 December 2011 21:29, Henning Brauer lists-open...@bsws.de wrote: * sc...@web.de sc...@web.de [2011-12-12 16:06]: BTW: the ethernet on the motherboard (Asus K8U-X) does not work. Acer Labs M5263 LAN rev 0x40 at pci0 dev 13 function 0 not configured indeed. never heard of it, might be as simple as a missing pcidevs entry and driver matching code entry, might require a new driver from scratch. or something in between. Score one for 'something in-between', but at least the work has been done on another BSD. http://lists.freebsd.org/pipermail/freebsd-stable/2011-October/064346.html PK
Re: Mplayer vo on loongson, change resolution
No, the loongson does not support this yet. On 2011 Dec 08 (Thu) at 21:34:07 +0400 (+0400), alies wrote: :Hello : :What mplayer -vo I need to use for best performance in loongson Yeeloong netbook? Can I use full fullscreen in mplayer? :What about sdl games (quake, doom etc), can I change resolution? : -- All progress is based upon a universal innate desire on the part of every organism to live beyond its income. -- Samuel Butler, Notebooks
Re: OpenBSD PF tables
Yes, tables in PF only support IP addresses. On 2011 Dec 08 (Thu) at 22:11:19 +1100 (+1100), John Tate wrote: :At the moment I am working on doing some things as tables. I want tables to :hold the ports, but it appears perhaps they can only hold IP addresses. The :following tables do not work from line 10-11... -- Renning's Maxim: Man is the highest animal. Man does the classifying.
Re: OpenBSD PF tables
On Thu, Dec 08, 2011 at 10:21:14PM +1100, John Tate wrote: Is there a way to control ports on a filter from the command line? I guess I just have manually adding and deleting rules. the cycle $ sudo mg /etc/pf.conf $ sudo pfctl -vf /etc/pf.conf doesn't take terribly long to begin with, but you could possibly achieve what you want by putting your rules inside anchors and then do whatever manipulations you want to rules in the anchors from the command line. man pf.conf and man pfctl are your friends. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD PF tables
On Thu, Dec 08, 2011 at 10:11:19PM +1100, John Tate wrote: I have sucessfully got an OpenBSD machine to connect via ADSL and forward packets, I am gradually upgrading my pf.conf. I am having trouble with this configuration (ignore some obvious bugs related to table names where tables are defined and the rules I have seen them). what are those obvious bugs? please describe in detail. At the moment I am working on doing some things as tables. I want tables to hold the ports, but it appears perhaps they can only hold IP addresses. The following tables do not work from line 10-11... from man pf.conf: TABLES Tables are named structures which can hold a collection of addresses and networks. Lookups against tables in pf(4) are relatively fast, making a single rule with tables much more efficient, in terms of processor usage and memory consumption, than a large number of rules which differ only in IP address (either created explicitly or automatically by rule expansion). table etcpserv { 22 } table itcpserv { 22, 53 } this is what macros are for: etcpserv = { 22 } itcpserv = { 22, 53 } Other parts of your config uses tables correctly. You may want to browse the PF faq, with http://home.nuug.no/~peter/pf/en/ or the book it spawned (http://www.nostarch.com/pf2.htm) as a useful supplement. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Short adsuck guide (local resolver setup)
On 2011 Dec 05 (Mon) at 17:32:48 + (+), Stuart Henderson wrote: :On 2011-12-05, ?ime Ramov s...@ramov.com wrote: : Great job on your video! Too bad I can only enjoy it at work where I have : flash installed :( : : :there are various ports/packages which can fetch these: : :get_flash_videos :youtube-dl :yt : also, www.youtube.com/html5 -- Honesty is the best policy, but insanity is a better defense.