Re: 4.8 arrival!

[Shane J. Pearson]

On 29 October 2010 12:58,  bsdmas...@hushmail.com wrote:
 Hello,

 Would you please consider uploading an iso image of your OpenBSD
 4.8 to some public tracker such as thepiratebay.org?

 If you are unfamiliar with the process of making an iso-image out
 of a CD, or if you need help with the generation and upload of the
 torrent file, I may be of some help. Just ask.

 Thanks alot, this will be of great use for poor folks like me who
 cannot afford the expensive license fees. Yes, I said it, 50CDN$ is
 very expensive. Maybe the OpenBSD Company could setup something
 like MSDNAA, for stuents to get access to the software for free?

 Anyway, I'm getting off topic.

 PS: please people, stop bottom-posting. It forces me to scroll down
 to read the latest message, and I don't like that. Show some common
 sense!

No.  Buy the CD or wait for it's release.

The irony of someone sending me this request, given what I do for a
living, is too much to take.


Again, no.  Last I heard, the CD layout is copyright.



Shane

Re: Low power OpenBSD machine

[Shane J Pearson]

2009/4/17 Marco Peereboom sl...@peereboom.us

 I work with people that run io tools against flash parts.  I still have
 to see it fail too.  Your puny little firewall will never write more to
 it than a month long stress test.  This write fatigue argument is very
 silly.


Hey!  My firewall may be puny in stature (Net5501), but he is Puffy hearted
and on the Internet he is ten feet tall!

Re: Error updating 4.2 - permission denied

[Shane J Pearson]

On 22/12/2007, at 12:47 AM, kim wrote:

Could anyone offer some help with an upgrading problem with 4.2 - 
stable?

The source tree and ports were installed from the official CD, and
upgraded with:

Update source tree:

cd /usr/src
cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_4_2 -Pd



Update ports tree:

cd /usr/ports
cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_4_2 -Pd



Rebuild the kernel:

cd /usr/src/sys/arch/i386/conf
/usr/sbin/config GENERIC
cd /usr/src/sys/arch/i386/compile/GENERIC
make clean  make depend  make



Reboot the kernel:

cd /usr/src/sys/arch/i386/compile/GENERIC
cp /bsd /bsd.old
cp bsd /bsd
reboot



Rebuild system binaries:

rm -rf /usr/obj/*
cd /usr/src
make obj
cd /usr/src/etc  env DESTDIR=/ make distrib-dirs
cd /usr/src
make build

=

When rebuilding system binaries, I get this:

/usr/src/gnu/usr.bin/binutils/gdb/observer.sh h
/usr/src/gnu/usr.bin/binutils/gdb/doc/observer.texi observer.h
/usr/src/gnu/usr.bin/binutils/gdb/observer.sh: Permission denied
*** Error code 1

Stop in /usr/src/gnu/usr.bin/binutils/obj/gdb (line 1333 of Makefile).
*** Error code 1

Stop in /usr/src/gnu/usr.bin/binutils/obj (line 21479 of Makefile).
*** Error code 1

Stop in /usr/src/gnu/usr.bin/binutils (line 81 of
/usr/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper).
*** Error code 1

Stop in /usr/src/gnu/usr.bin.
*** Error code 1

Stop in /usr/src/gnu.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src (line 73 of Makefile).

===

I have cleared the /usr/src directory and reloaded the tree from the  
CD,

and gone through the
whole process again, but get the same error.

Is this possibly an error from the CD or the CVS site?

Thank you



I am also seeing this problem. I am happy to change the perms to fix,  
however is this something that needs to be fixed at a root server?


I installed on various i386 systems, at work and home, from an  
official OpenBSD 4.2 CD. I have tried various mirrors, with the same  
errors as above.



Shane J Pearson

Re: Real men don't attack straw men

[Shane J Pearson]

On 06/01/2008, at 9:47 PM, Richard Stallman wrote:


Would you be so kind as to tell me the precise URLs where you
found those quotes?  If not, I will look for someone else who
will do that for me.


You know that saying, if you want something done right, you do it  
yourself?


I'd be adhering to that, especially in cases where I put forth such  
controversial opinion in such a public display. Such an outspoken  
person should be well informed, lest he keeps choking on his own toe  
jam.



Are you too good for Google?

http://www.google.com.au/search?q=%22Run+GNOME+in+a+VMWare+Player+in+a+Linux+virtual+machine.+site%3Atorrent.gnome.org

If you'd even bothered to go to the front page already quoted to you,  
you'd notice that that is where it is.

Re: delete deleted data

[Shane J Pearson]

On 04/01/2008, at 8:19 AM, Brad Tilley wrote:


One pass from /dev/zero is more than enough for all cases.


I agree that after a single pass of zeroes, getting anything but  
zeroes from a fully working, unaltered drive is not going to happen.


But if you remove the digital logic which masks residual signals via  
thresholds used to determine at what point a 1 is considered a 1 and a  
0 a 0, then perhaps 1's and 0's could be restored from some drives.  
Through the use of a replacement device that samples each bit with a  
bit depth greater than 1, allowing analysis to interpret what I would  
have thought would not be constant uniform samples.



I think more importantly, if it is comparatively very cheap to erase a  
drive in a paranoid manner and the leaking of that data could cost a  
fortune, then the comparatively small cost of paranoid erasure could  
be a risk worth taking.



Shane

Re: delete deleted data

[Shane J Pearson]

On 04/01/2008, at 12:21 PM, Harpalus a Como wrote:


Myth? Why are you so upset about this? It's not myth.

The techniques involved in recovering data in the manner Marco and  
the NSA,
DoD, and many others describe isn't a matter of running a simple  
software
tool. It's a long, slow, annoying process that is also costly. But  
it is
possible. Not every company or person in the forensics industry is a  
master

at their job. If they say it's not possible, perhaps it's just not
something their software package does for them? (I'm not trying to be
derogatory, but I do know a guy who does computer forensics work,  
and the
software/hardware he uses is about all he knows. He just goes  
through the

motions. Doesn't know all that much about filesystems or disks.)


I agree. Most computer forensics people I have worked with, tended to  
stick to what they considered to be standard procedures with  
standard forensics software. They were mostly ex-police with  
computing training. I personally managed to get results which other  
forensics teams could not (or would not), which I believe was because  
I was willing to use some creative techniques that they wouldn't dare  
come to court with.



As far as the data recovery industry goes, I think there are more  
frauds than experts advertising such services.



Shane

Re: OT YAG Re: delete deleted data

[Shane J Pearson]

On 06/01/2008, at 1:57 AM, Diana Eichert wrote:


Any EE worth their weight in salt understands signal processing.  I  
do believe a lot of younger engineers have grown up in the 1  0  
digital world and forget about analog.


I think the first computers I witnessed in a work place, were actually  
analog computers (Navy).


Where a mix of humans, transistors, valves, gears and three-phase  
motors/sensors, got the job done.;-)



Shane

Re: Real men don't attack straw men

[Shane J Pearson]

On 06/01/2008, at 3:28 AM, Karthik Kumar wrote:

On another hand we are not GNU/GPL and we don't mind our users  
installing
non free software if it is what they want. The FAQ is where this  
needs to

be documented for users to get their job done faster.



If you don't mind users using non-free software, you shouldn't be
putting the 'Free. ' in 'Free. Functional. Secure.'


Huh? OpenBSD is built from free software and allows users the freedom  
to do what they please, even if that means running non-free software.  
You have a strange idea of free.


An OpenBSD user exercising freedom of choice, by choosing to use some  
non-free software, does not make OpenBSD non or less free.



Shane

Re: VPN

[Shane J Pearson]

On 26/03/2007, at 6:22 PM, Siju George wrote:

Most probably you are sufferring from the PPTP problem with OpenBSD  
and PF.


This is an excerpt from his website



The last time i talked with him he said he is writing a PPTP proxy for
OpenBSD and PF just like the FTP-Proxy. So it should be available soon
:-)


Frickin works for me on OpenBSD 4.0...

http://frickin.sourceforge.net/


Shane J Pearson
shanejp netspace net au

Re: Microsoft gets the Most Secure Operating Systems award

[Shane J Pearson]

On 23/03/2007, at 3:19 AM, Lars D. Noodin wrote:


Symantic makes its living selling paper bailing cups in a leaky boat.


;-)


The media actively participates in obfuscating the issues, the
causes and
the solutions by publicizing such crap from Symantic and MS.


Yes. Symantec make their money from a long-term open wound. Symantec
then provides creative research that makes that open wound look
best. Talk about a conflict of interest.

Symantec have been trying to demonise OS X for a long while.


Shane J Pearson
shanejp netspace net au

Re: Important OpenBSD errata

[Shane J Pearson]

On 18/03/2007, at 4:25 PM, Shawn K. Quinn wrote:


On Sat, 2007-03-17 at 19:08 +0100, Karel Kulhavy wrote:

I also suggest that the list include the cumulative amount
for each donor, sorted so that the biggest donors are at the
top.


To me, this makes about as much sense as publishing a similar list for
penis size (and whatever its female equivalent would be). Money is not
the only way to contribute to a project.


I agree. The value of a dollar differs a great deal between different  
people.




Shane J Pearson
shanejp netspace net au

Re: OpenBSD-Entwickler wollten kritische Lu:cke kleinreden

[Shane J Pearson]

On 16/03/2007, at 8:56 PM, Lars Hansson wrote:


On Fri, 16 Mar 2007 10:08:02 +0100
Karel Kulhavy [EMAIL PROTECTED] wrote:


http://www.heise.de/security/news/meldung/86730


And for the majority of the worlds population that doesn't speak  
German

this says exactly what?


There is an English version linked from the bottom of that page:

http://www.heise-security.co.uk/news/86757

Although this news item looks like the typical over-hyped hysterics  
I have come to expect from journalists.



Shane J Pearson
shanejp netspace net au

Re: dmesg and fdisk do not match about usb external disk

[Shane J Pearson]

On 13/02/2007, at 8:18 PM, frantisek holop wrote:


how am i (and fdisk) supposed to make partitions on CHS boundaries
if instead of 19457/255/63 fdisk sees the disk as 152627/64/32?


What is the point in trying to align to such boundaries, when the  
physical HDD does not have 255 or 64 heads and those numbers are  
faked due to working around legacy limitations?



Shane J Pearson
shanejp netspace net au

Re: seeking hardware for hackathon

[Shane J Pearson]

On 16/01/2007, at 5:07 PM, Nikolay Sturm wrote:


the next OpenBSD Mini Hackathon will be the Filesystem Hackathon



- hardware to build a raid with 2 or more TB


Wow, this sounds really exciting.


Shane J Pearson
shanejp netspace net au

Re: Misreporting secondary SATA2 320gb hd size.

[Shane J Pearson]

Hi,

On 26/12/2006, at 4:11 PM, Merp.com Volunteer wrote:

Strange problem here, seems only to show up under OpenBSD 4.0 so  
far (verified
not a noticeable problem under Gentoo Linux 2006.1 or Suse Linux  
10.1):
2 brand new SATA2 Seagate 320 GB hard drives, completely wiped/ 
unpartitioned.

wd0 reports correctly as:
total sectors = 625142448
total free sectors = 625142448
BUT wd1 reports incorrectly as:
total free sectors = 16514001
That is a fraction of the drive.

I tried re-wiping, partitioning, etc. to no avail.


I sometimes see this sort of behaviour on freshly zeroed drives on my  
systems.


Within disklabel, I use D to set default values and then b to set  
the OpenBSD disk boundaries. Since I dedicate drives for OpenBSD,  
that's from the beginning, to the end *.


This has always fixed that problem for me.


Shane J Pearson
shanejp netspace net au

Re: Commands don't work after rm -rf /*

[Shane J Pearson]

On 06/12/2006, at 12:14 PM, Bryan Irvine wrote:

It's the anti-unix newbie avoidance system.  I propose a source  
change to rm
that *after* it has completed removing / it then displays a dialog  
that the

system would prefer it if you ran windows millennium.  ;)


Oh man, that's low. I can understand being sentenced to Windows, but  
ME? That's harsh.

Re: network with pabx

[Shane J Pearson]

On 30/11/2006, at 10:20 PM, [EMAIL PROTECTED] wrote:

guys i want to hear some comments / suggestions from you. we are  
planning
to network a company. using a cat5e, the 2 pairs(4 wires) will be  
using

for LAN and the remaining 2 pairs(4 wires) will be use for pabx.


1000BASE-T requires all 4 pairs.

Will this thread be involving OpenBSD?


Shane

Re: Which tools the OpenBSD developers are using?

[Shane J Pearson]

On 29/11/2006, at 11:43 AM, Zoong PHAM wrote:


On Tuesday, 28 November 2006 at 18:12:48 -0500, Jim Razmus wrote:

* Diana Eichert [EMAIL PROTECTED] [061128 18:09]:

I use a soldering iron, dremel tool, sheet metal/plastic nibbler and
solder wick.


I am low budget developer so I use chopsticks, sushi and tap water.


I hope you don't eat fugu! That would be blasphemy!


Shane J Pearson
shanejp netspace net au

Re: Which tools the OpenBSD developers are using?

[Shane J Pearson]

On 29/11/2006, at 2:05 PM, Darrin Chandler wrote:


C'mon! Stick to the real topic!

I love tail, personally. When that doesn't do it, then head usually
works.


Careful doing that in a public forum. If you get caught, your GF/wife  
might use split on you.



Shane J Pearson
shanejp netspace net au

Re: Small patch for faq4.html

[Shane J Pearson]

On 22/11/2006, at 10:27 PM, Karel Kulhavy wrote:

I have ordered, because perceived OpenBSD as cool at that time. Now  
I don't see

OpenBSD as cool anymore. The motivation for buying more is away.


I am considering switching back to Gentoo on next major problem  
because the

illusion of friendliness holding me to OpenBSD is away.


Cya.

Re: Best nic/driver combination

[Shane J Pearson]

Hi Pedro,

On 16/11/2006, at 11:48 AM, pedro la peu wrote:


I can easily get some Realtek 8169 based (not 8139!) re cards, some
Intel gbit em (they seem less stable than fxp ?), and probably  
some sk

(SMC 9452TX).


I have been using sk(4) as my Gigabit card of choice with great  
success for
some time now. In fact, I don't bother looking for anything else. I  
pump lots
of Gigs through them daily with never a hitch, on old PIII junkware  
PC's.


There are probably alternatives with better maximum performance,  
I've never
needed to find out. The fact that they cost new about the same as  
two packs

of cigarettes (in the UK) is a pretty convincing bonus.


Yes, sometimes I feel like I should buy them in bulk. I am afraid  
that one day the chip-set will disappear for another cheap yet  
inferior one. And the vendors won't mention anything on the box.


I can't get D-Link DGE-530T Rev B1 cards to work in Sun U5's and  
U10's, yet the Rev A1 cards work fine. I think the move to Rev B1 has  
caused the cards to only work in PCI 2.2 slots and not older PCI 2.1.  
Even though the printing on the box of Rev B1 cards still claims that  
it will work in PCI 2.1 slots.


All I seem to be able to source now are the Rev B1 cards (which  
incidentally work fine in a Blade 150). Since they're so cheap, how  
long until a vendor like D-Link changes the chipset and then just  
ship a different Windows driver CD?


If I had the money at the moment, I'd buy them in bulk so I have some  
for myself and my customers. I realise there are other sk options,  
but since they can be so cheap, I fear they will change.


Can anyone recommend a cheap sk which is still capable of working in  
a PCI 2.1 slot? I was hoping to switch from fxp to sk in my 5  
interface Sun U10 firewall at home, but I only have 2 sk's (out of a  
desired 4) which work in it.




Shane J Pearson (hoping to see some affordable 4 interface sk NIC's)
shanejp netspace net au

Re: video hardware determination

[Shane J Pearson]

Hi Michael,

On 09/11/2006, at 2:08 PM, Michael Hernandez wrote:

Is that expected behavior? Of course not... and for the record, no  
it doesn't work with the
same automagic goodness on the evo at work (I think it's the card  
in the evo, the monitor
is exactly the same as the one I have at home) but if you haven't  
tried to just run X without

any config file... give it a go! You might get a pleasant surprise!


For a long time now (many releases ago) I have noticed that often  
after a fresh install of OpenBSD, I can type startx as the first  
thing after logging in for the first time... and X just comes up.



Shane J Pearson
shanejp netspace net au

error in if_em.c building -stable kernel on sparc64

[Shane J Pearson]

 at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003  
ipl 39 not configured

clock1 at ebus0 addr 0-1fff: mk48t59
flashprom at ebus0 addr 0-f not configured
audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f,  
722000-722003 ipl 35 ipl 36: nvaddrs 0

audio0 at audioce0
hme0 at pci1 dev 1 function 1 Sun HME rev 0x01: ivec 0x7e1, address  
08:00:20:ff:b5:f1

nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1
vgafb0 at pci1 dev 2 function 0 ATI Mach64 GP rev 0x5c
wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0
pciide0 at pci1 dev 3 function 0 CMD Technology PCI0646 rev 0x03:  
DMA, channel 0 configured to native-PCI, channel 1 configured to  
native-PCI

pciide0: using ivec 0x7e0 for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: LITE-ON, LTR-52246S, 6S0F SCSI0 5/ 
cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
ppb1 at pci0 dev 1 function 0 Sun Simba PCI-PCI rev 0x13
pci2 at ppb1 bus 2
siop0 at pci2 dev 1 function 0 Symbios Logic 53c875 rev 0x14: ivec  
0x7d0, using 4K of on-board RAM

scsibus1 at siop0: 16 targets
sd0 at scsibus1 targ 0 lun 0: FUJITSU, MAU3036NP, 0104 SCSI3 0/ 
direct fixed
sd0: 35068MB, 49158 cyl, 2 head, 730 sec, 512 bytes/sec, 71819496 sec  
total
siop1 at pci2 dev 1 function 1 Symbios Logic 53c875 rev 0x14: ivec  
0x7d1, using 4K of on-board RAM

scsibus2 at siop1: 16 targets
pcons at mainbus0 not configured
No counter-timer -- using %tick at 440MHz as system clock.
root on sd0a
siop0: target 0 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers
rootdev=0x700 rrootdev=0x1100 rawdev=0x1102


Any pointers to where I am going wrong, or how I can fix this, would  
be very appreciated.



Shane J Pearson
shanejp netspace net au

Re: error in if_em.c building -stable kernel on sparc64

[Shane J Pearson]

Hello,

On 08/11/2006, at 11:01 AM, Jason LaRiviere wrote:


Shane J Pearson wrote:

Hello,

I am getting an error in if_em.c when trying to build a -stable  
kernel

on sparc64.  It stops with this error:

/usr/src/sys/dev/pci/if_em.c: In function `em_rxeof':
/usr/src/sys/dev/pci/if_em.c:2446: error: structure has no member  
named

`align_buf_len'


The correct header file seems to have been committed. You should  
cvs up

and try again.


I have updated and the new -stable GENERIC compiles and boots fine.

Thanks Theo, Brad and the others who gave me the heads up.


Shane J Pearson
shanejp netspace net au

Re: How to take two screenshots?

[Shane J Pearson]

Hi Girish,

On 05/11/2006, at 6:39 PM, Girish Venkatachalam wrote:

   I have setup a multiboot machine with 4 OSes,  
gentoo,NetBSD,OpenBSD(but of course :-) and FreeBSD on a single  
hard disk.


   Now I want to do two things.

   a) Take a screenshot of the grub splash screen at bootup

   b) Take a screenshot of the wdm screen

   Can you guys help out?


You could run a setup like this within VMware Workstation and then  
take screenshots of the VMware window.


You can point VMware at a real raw disk (the one you have already  
installed to), instead of a disk image. If that does not work for  
you, you might have better luck starting from a clean VMware disk  
image and re-installing those OS' within it. Since the VMware machine  
will likely have different hardware.



Shane J Pearson
shanejp netspace net au

Re: m-o-o-t - some decisions

[Shane J Pearson]

On 21/10/2006, at 1:38 PM, Peter Fairbrother wrote:


[5] stored data.Later   I'm too drunk   now:)


Can't wait. Somehow I think this thing they call a moment of  
clarity is highly over rated.



Shane J Pearson
shanejp netspace net au

Re: pppoe slow on openbsd

[Shane J Pearson]

On 20/10/2006, at 12:59 PM, Chris wrote:


So just I am Asking kindly again after 5 years.


No you aren't.

Regardless of where the pppoe implementation is broken, have you  
considered DSL MODEM/routers with half-bridge mode? You can get them  
to take care of the PPPoE/A and then they just pass the IP traffic  
through to your OpenBSD firewall/router. The MODEMs you have now  
might already be capable of doing that for you. BTW, the MODEM does  
not perform NAT, so your firewall will still face the bare Internet.


PS, you are really rude.


Shane J Pearson
shanejp netspace net au

Re: bsdstats.org WOW

[Shane J Pearson]

On 19/10/2006, at 11:28 AM, Constantine A. Murenin wrote:


OpenBSD seems to lead in most sampled countries, though...

Although it is a bit strange that the UK, Russia and Japan are missing
from Top 10...


Yes, I thought Russia would be up there.

http://www.google.com/trends?q=OpenBSD


Shane J Pearson
shanejp netspace net au

Re: update to -stable

[Shane J Pearson]

Hi Shohrukh,

On 19/10/2006, at 1:11 PM, Shohrukh Shoyokubov wrote:


I updated to -stable as described in FAQ and everything worked from
the first run. I can't believe everything works. Usually this kind of
updates make a lot of problems, but not with OBSD. Well done OBSD  
team!


That's what happens when you use a system which is developed well and  
as a whole.


You can get used to that with OpenBSD. Enjoy!


Shane J Pearson
shanejp netspace net au

Re: pfctl

[Shane J Pearson]

Alexander,

On 13/10/2006, at 9:12 PM, Alexander Belikov wrote:


I want to fix a problem on one of my servers. The problem is 2 admins
1 server :( Both of us have a root access to it. It was a will of our
Top Managment..


This is not an OpenBSD issue.

Management needs to appoint one of you to be senior over the other.  
This way both of you could even still have root access if need be,  
but one of you calls the shots as far as policy goes at that level.  
If management won't do that, you'll need to deal with the problem  
until you can find a job elsewhere where management have a clue. If  
you need to spend a lot of time managing management and the problems  
they create, then it might be better for your career and sanity to  
move on.



Shane J Pearson
shanejp netspace net au

Re: RMS vs TdR (WAS: Re: OLPC)

[Shane J Pearson]

Breen,

On 13/10/2006, at 1:20 AM, Breen Ouellette wrote:

Hmm. Let's see. Jack's original post is listed in its entirety  
below. I do not see any quotes around the word interesting. If you  
read it then you may agree that his meaning is obvious, you may not.


I replied to this...

http://marc.theaimsgroup.com/?l=openbsd-miscm=116050963816462w=2

So yes, I posted an abrasive message to the list in an attempt to  
curb such discussion from taking place again.


You posted an abrasive message to prevent a flame war? Nice work.

Where your particular misunderstanding seems to come into play is  
where you see Jack reference his earlier message, the one posted  
below, by quoting the word interesting. He was not implying anything.


He can speak for himself, which is why I asked him. He said  
'interesting' a few times, so I was intrigued by that. Even Bob Beck  
asked 'How so?...'.



You either missed part of the thread or were fishing for an argument.


Actually, you missed part of the thread. The part I was actually  
replying to.


PS - I would avoid bringing up donations as a way of indicating  
that you are supporting the project. If you dig back in the lists  
you will find a post I made to another list, ports@ maybe, asking a  
question with the request that replies be sent to my email as well  
as the list, as I was not subscribed to that list. I got slammed  
for not supporting the project by participating in the list. I  
replied that I participate in misc@ instead because I can actually  
be useful there (sometimes) and that I donate to the project. I was  
then accused by several parties of attempting to buy help by  
bringing up my donations, when I was merely trying to indicate that  
I *DO* support the project in the ways available to me, as you did  
above.


Two different situations. I am obviously not trying to buy support. I  
was merely trying to make my honest intentions known. When I make a  
donation, it is for real. I don't want or expect anything in return  
for it. That's why it is a donation. Mentioning that I have donated  
was just to show that I do actually care about OpenBSD and am most  
likely therefore not trolling for flames.


In fact, for the cost of a $300 (.au) SCSI card, I don't feel that  
would be payment enough for even a single day for a single developer,  
for what they do with their skills. I wouldn't dare expect anything  
in return. I am merely grateful for what I get.


I hope this is the end of this ridiculous waste of time. A single,  
pro-OpenBSD, throw away comment should not have come to this.



Shane J Pearson
shanejp netspace net au

Re: RMS vs TdR (WAS: Re: OLPC)

[Shane J Pearson]

Breen,

I am replying to this in full because I want my intentions known.  
I'll leave it at this.


On 12/10/2006, at 2:58 AM, Breen Ouellette wrote:


Jack J. Woehr wrote:

On Oct 10, 2006, at 5:38 PM, Shane J Pearson wrote:


By interesting, you mean one is well meaning, but a little  
kooky  and not always in touch with reality and the other is  
focused and  committed to maintaining some sanity in the world of  
computing?




No, I didn't mean that. I meant that both gentlemen are personal   
friends of mine
and that the contrast between these two giants of free and open   
source software

could hardly be more striking.


Obviously there are elements trying to start an RMS/GNU versus TdR/ 
BSD holy war.


If you are referring to me, you are right off the mark. I never  
mentioned GNU or BSD and had no intention of starting anything. It  
was just a throw-away comment in support of the OpenBSD leadership.


If you don't find it interesting that two men could take a stand  
for free and open ideals, and yet interpret those ideals so  
differently, then fine, it isn't interesting to you.


I never said it was not interesting.

If you don't like RMS (or TdR for that matter) or his version of  
free and open ideals, then fine, you have the right to feel that  
way in most locales. I'm not particularly fond of RMS' views and  
ideas myself.


I very much respect both, but lean towards Theo's ideals and line of  
practical thinking, which is always very thought provoking for me.  
But that is just me. I wouldn't waste time trying to start a flame  
war, because this is just my opinion and I don't want to waste misc@  
users time.


I do now see that I probably just should have kept my opinion to  
myself, because it could be misinterpreted and was probably not worth  
mentioning.


But when you reply to the original poster's message feigning that  
you don't understand his point, well, then you come across as  
stupid. An inquisitive child could understand the difference  
between these two mens' views, and understand that some people  
might find it interesting.


Who are you referring to with this? Am I the stupid person for  
finding a vague comment to be vague? If I don't ask, then I can only  
make assumptions with something like:


'...um... interesting'

And my comment was mostly meant in jest.

Really, truly stupid. And willing to share it with the rest of the  
world on a public mailing list, no less! Brilliant!


I, when confronted with a vague comment, ask a question for  
clarification. Which admittedly was meant more of a humorous,  
rhetorical question.


Whereas you, confronted with something also vague (to a lesser  
extent), choose to read a LOT into it and then go on the attack,  
publicly with a tirade against a bunch of incorrect assumptions.


So which is more stupid?

If you want to start a holy war about the merits of these two  
positions then start a thread, preferably somewhere else, and howl  
into the wind. Nobody cares. We've all made up our minds about  
which side of the fence we are on. You aren't going to change my  
mind, or anyone else's. You are only making yourselves out to be a  
bunch of idiots.


I think you have rather made quite the arse of yourself, Breen. I can  
now see the danger of a holy war erupting from my oversight, but  
mostly due to presumptuous people like you, who shoot first then ask  
questions later.


This sure doesn't help the image of the OpenBSD user base at all.  
When we aren't taken seriously it is, in part, because of childish  
melodrama like this thread.


Frankly, I don't much worry about the perception of the OpenBSD user  
base, because I think any negative perceptions towards it as a whole  
would be unfounded. There are idiots in every user camp. However this  
user camp makes up for them and then some, with some really helpful  
decent people on the list.


I just temporarily put them on my twit list. But in the past 7 years  
or so, I've only put ONE person from misc@ in my twit list and I've  
since taken them off, now that they've become more reasonable.


PS - Jack, some friendly advice, you are only encouraging them each  
time you reply. They obviously don't care about why you find  
interest in this subject. They only want to find a way to link you  
to RMS and then trash you.


You find a lot of things obvious for a guy who is so presumptuous.

For the record, I respect the intentions of RMS and I highly respect  
the intentions and practical thinking of Theo, the OpenBSD project,  
the developers and much of the user base. I've been enjoying OpenBSD  
since 2.5 and I try to buy OpenBSD items and donate whenever I am  
financially able. I tried to donate brand new SCSI disks when Theo  
asked for them for the older machines and I purchased a brand new  
SCSI card for an Aussie developer and had it sent to him, while I was  
mostly unemployed with small funds. My intentions are honourable  
here. I messed up by touching

Re: OLPC

[Shane J Pearson]

Hello Jack,

On 11/10/2006, at 5:35 AM, Jack J. Woehr wrote:


Because they're both very strong personalities, both of whom I've met
personally and whom I've interviewed for Dr. Dobb's Journal, and I  
find

the contrast between them ... um ... interesting.


By interesting, you mean one is well meaning, but a little kooky  
and not always in touch with reality and the other is focused and  
committed to maintaining some sanity in the world of computing?



Shane J Pearson
shanejp netspace net au

Re: Launching the Internet

[Shane J Pearson]

James,

On 16/09/2006, at 8:32 AM, dilbert wrote:

My question is simple- I'm a relative newbie at BSD so please bear  
with me.
I'm trying to launch the internet; so I open a terminal and go  
percent sign

'Internet' at the prompt

ie: %internet

and it doesn't work. What gives??!!


It appears from my end that you are trying to use the internets in  
big truck mode. Please remember, the internets big truck mode has  
been deprecated. You should now be using the internets in series of  
tubes mode.


Your leaf node is currently blocking the internets. As a result, my  
internets are currently blocked also. Did you remember to prime the  
percent commands with the appropriate tilde-hash-bang flush commands  
first? To force the blockage out? /usr/bin/plunger and /dev/caustic- 
soda might be able to help you also.


Please %man afterboot before doing anything else.

You are probably also blocking the OpenBSD developers internets, in  
which case they will not be able to perform CVS commits. Please  
hurry, as this may push back the release date of OpenBSD 4.0! I hope  
this DoS vulnerability will be addressed in OpenBSD 4.0.


We users are counting on you James. You are our only hope.


Shane J Pearson

Re: preferred hardware platform

[Shane J Pearson]

Hi Joachim,

On 09/09/2006, at 10:02 AM, Joachim Schipper wrote:


And seriously, how does one manage to fill a TB of data?


video, lossless-compressed music, backups from a bunch
of machines, none of our business really (-:


I'll grant you the latter, but still... well, let's just say that that
40 GB tapedrive I mentioned is plenty for backing up everything I  
admin.


Just imaging my girlfriends Thinkpad comes out to greater than 40GB  
(compressed image size). Then there are all my machines and files.


I like to have both recent user file backups and also relatively  
recent (monthly) whole disk image backups to quickly recover from a  
failed disk. Re-installing Windows anything or even Mac OSX to a much  
lesser extent, is a pain in the bum.



Shane J Pearson
shanejp netspace net au

Re: Serial Console and /etc/ttys

[Shane J Pearson]

On 08/09/2006, at 5:21 AM, Woodchuck wrote:


I used to do this with an Ohmmeter with a paperclip soldered to each
lead.  Sometimes I'd bribe a hardware guy with doughnuts to use his
oscilloscope.


Some people might find that when soldering a wire to a paperclip,  
that they get a bead of solder *around* the paperclip, with the bead  
of solder having wet the wire nicely, but then get no connection at  
all between the wire and paperclip. Between the solder and paperclip,  
you might just get an insulating tube of cooled, hardened flux,  
preventing the connection.


I'd rather use solid core wire which is thick enough to poke into the  
holes.



Shane J Pearson
shanejp netspace net au

Re: ambiguities around burning CD

[Shane J Pearson]

Hi Karel,

On 06/09/2006, at 6:13 AM, Karel Kulhavy wrote:

So the possible values for dev= according to this documentation  
are so far

dev=0,0,0
dev=/dev/cd0a:0,0,0
dev=/dev/cd0c:0,0,0
dev=/dev/rcd0a:0,0,0


I use:

cdrecord dev=/dev/rcd0c
  ^   ^
Which works fine for me.


Shane

Re: DVD to distribute OpenBSD Packages (Re: about signing OpenBSD packages)

[Shane J Pearson]

Hi Joachim,

On 01/09/2006, at 11:11 PM, Joachim Schipper wrote:


Now *that* would suck. Most of my i386 boxes won't read a DVD, and I'm
fairly certain that getting a sparc to read a DVD isn't as easy as
making a i386 do the same.


I have a Lite-On DVD-ROM drive temporarily hanging off a Sun Ultra 5  
which is running 3.9-stable as of ~ 25th Aug (while I tinker with  
making bootable sparc64 CDR's). Intrigued by your comment, I popped a  
Solaris 9 DVD into the drive and mounted it as -t cd9660. It mounted  
and I can see files. Same deal for a DVD movie (UDF?).



Shane

Re: WPA support / creating a cf image

[Shane J Pearson]

On 2006.08.03, at 10:41 PM, Ryan Corder wrote:


First, get past the notion of secure wireless...it doesn't
exist.  The best solution for a more secure wireless network
is for you to implement a WEP-encrypted environment and establish
a VPN over it.


What about an open wireless network, which does not allow anything to  
be routed out of the OpenBSD WAP unless it is authpf authorised. Then  
only VPN traffic.


This couldn't be considered secure enough?


Shane

Re: hard drive problem

[Shane J Pearson]

Travers,

On 2006.08.01, at 11:23 AM, Travers Buda wrote:


On Mon, 31 Jul 2006 20:10:23 -0400
Chris [EMAIL PROTECTED] wrote:



If all is
lost, you can wipe the disk with BCWipe (www.jetico.com) then test
again with Spinrite.  This has recovered several disks for me.


Wipe it with dd if=/dev/zero of=/dev/rwd0c count=10


You suggest only wiping the first 5k bytes of a drive?

Re: Using dd(1) to duplicate a hard drive

[Shane J Pearson]

Hi Chris,

On 2006.08.01, at 2:00 PM, Chris Zakelj wrote:


Went back about two years in the MARC archives with the terms 'copy
drive' (oddly enough, 'dd' itself wouldn't work), and got plenty of
linux examples on Google (that pretty much say what I propose anyway)
but no luck... I'm hoping to find a faster way to create an image  
of one

drive (a Samsung MP0402H, 40G notebook, to be specific) onto an
identical drive than using:

# dd if=/dev/rwd0c of=/dev/rwd1c bs=1m

Hardware to be used in the copy is an i586/166, Intel 430VX  
chipset.  I
vaguely recall hearing that placing the drives on separate IDE  
channels

would help, but any and all other pointers, cluesticks, and proddings
are welcome.


Do you have lots of drives to clone like this? This thread could take  
longer than the copying of a drive.


I occasionally dd copy my 100GB laptop drive to an external firewire  
drive, using a FreeBSD install CD [1]. Only takes about 1 hour  
including compressing with gzip.


Backup:
dd bs=64k if=/dev/{raw_drive} | gzip | split -b 50m - backup.dd.gz.

I split the files into 50m chunks because they fit well on CD's and  
DVD's and I don't have problems trying to burn or copy the files to  
something which has file size limits.



Restore:
gzcat backup.dd.gz.* | dd bs=64k of=/dev/{raw_drive}


If you want, you can always substitute the raw_drive for a slice and  
just backup slices.



Shane

[1] Only using FreeBSD for this because it supported the new ATA and  
firewire chipsets on my VAIO. ; )

Re: looking for clue

[Shane J Pearson]

Why people give life to a thread which starts like this is beyond me...

 Hi I'm looking for clue.  Does anyone have any?

Please stop. The most effective response at the beginning would have  
been silence.

Re: USB keyboards / encryption

[Shane J Pearson]

Hi Tony,

On 2006.07.10, at 12:17 PM, Tony Abernethy wrote:


Security is a process
Slogan for snake-oil?


I would prefer, Security is an ongoing process.

Something which you can't just buy and be done with and something  
which does not end.



Shane

Re: hints for scanning msdosfs patters?

[Shane J Pearson]

Hello Vladas,

On 2006.07.06, at 9:56 PM, vladas wrote:


I have fd up the first 10Mb of the 3Gb fat disk
(not partition, the whole 3Gb disk) full of windoze
shit. Then, due to time limits, made some of sort
of backup of the mess with dd and put Puffy into
that disk (dedicated install). The problem is that
management needs some of that stuff back ...

I would be grateful if anybody could give any hints
on how to grep the 3Gb backup image for any msdosfs
patterns so that I could get at least some of the
individual files back. Sorry for asking it like that
instead of just reading mount_msdos src silently
- maybe someone had this before..

I am posting this to misc@ because Puffy is the
only OS I run.


Do you have access to a Windows machine? The best file recovery  
applications for FAT file systems I have found, are Windows apps,  
oddly enough.


I have had great success with Get Data Back. It is comparatively  
very cheap yet was the best I have tried even amongst file recovery  
apps costing thousands. They sell the FAT and NTFS versions  
separately. In fact it finds files from multiple old file-systems  
which even the Forensic Tool Kit does not find. I have used GDB ($ 
$) to compliment FTK () in the past.


Last time I tried GDB, I believe it accepted images as one large  
image, or images broken up into portions, but with the limitation  
that the portions must be 688,128,000 bytes in size. If you need to  
run GDB on a system limited to 2GB files, then use split(1) to break  
the big dd image into the size GDB needs. The standard suffix split  
uses is fine for GDB.


Run GDB against the files, answer a few simple questions and after a  
while you might find a file listing of the old files, ready to be  
copied off.


BTW, GDB *can* get data back even if both FAT's are completely gone  
(it has for me).


http://www.runtime.org/gdb.htm

BTW, I have no affiliation with Runtime. It just saved my bacon once  
under a pretty bleak situation (girlfriends data! Yikes). I've since  
recommended it to others who also found it to get their data back. A  
friend of mine had a motherboard die, he was using the motherboards  
built in IDE RAID 0. I told him about GDB, I thought he tried it  
and it worked for him. But I've since noticed that Runtime now has  
recovery software specifically for disks used in a RAID, which might  
have been what he used. Regardless, Runtime even got his files back.


Good luck,


Shane

Re: hints for scanning msdosfs patters?

[Shane J Pearson]

Hi Nick,

On 2006.07.07, at 2:51 PM, Nick Guenther wrote:


I've used R-Studio and it works quite well (and quickly so long as you
keep your computer out of screensavers and things). It's somewhat
expensive at 100$. It works by just scanning the disk for signatures
of files, and is usually able to recover a lot.

http://www.r-studio.com/


$100 seems cheap to me for something which works, given the  
desperation when it's needed. Seems like a small tax on people who  
don't keep decent backups. Like me, once upon a time.   ; )


I've been wanting to try R-Studio, since it has FFS support. I'll  
switch to it if it's as good as GDB.



Shane

Re: Where to start studying OpenBSD networking code

[Shane J Pearson]

Hi Joakinen,

On 2006.06.28, at 11:24 PM, joakinen wrote:

Is there any diagram of how every piece of code retales to the  
others?


I don't know how relevant it is to OpenBSD, if at all, but I seem to  
remember getting a BSD TCP/IP network stack diagram poster with the  
boxed set of TCP/IP Illustrated (1-3).



Shane

Re: lightweight openbsd

[Shane J Pearson]

Eliah,

On 2006.06.27, at 12:08 PM, Eliah Kagan wrote:


On 6/26/06, Damien Miller wrote:

just please don't bug people on OpenBSD lists about private hacks
like this.


I, for one, find discussion about private hacks like this to be
valuable. And I think it falls under the heading of, Miscellaneous
discussion about OpenBSD, which happens to be the official
description for this list.


Except that a private hacking apart of OpenBSD leaves something which  
is no longer OpenBSD and thus not pertinent to this list.


The resulting discussion is due to the breakage's, not OpenBSD and is  
just going to waste the time of people interested in the real thing.


If there was enough interest in a whittled down OpenBSD, then they  
could make their own list.



Shane

Re: Pulled out an old song..

[Shane J Pearson]

Hi Jason,

On 2006.06.16, at 6:05 PM, Jason Stubbs wrote:

Very interesting article. However, I still don't see how ripped  
audio might change on each ripping.


CD audio data was designed to be constantly streamed. Read into a  
FIFO buffer, which in turn is read from a DAC with quartz precision.  
The disc spinning speed does not need to be constantly accurate since  
the FIFO employs low and high watermarks. This causes the disc to be  
constantly sped up and slowed down with the result being a duty cycle  
of slower and faster spinning which averages out to the correct spin  
speed. This is to keep data in the FIFO, but never completely filled  
or allowed to empty.


Without the FIFO, this would not be acceptable since the sound would  
speed up and slow down and pitch would suffer. As a result CD's would  
need to spin very accurately and this would be a lot harder and more  
expensive to do and not be able to match the accuracy allowed with a  
FIFO. These particular FIFO's can be written to, read from and  
provide watermark signals independently at differing speeds, without  
either blocking any other.


This constant streaming design is perfect for what CD audio was  
designed for: to play audio CD's in audio CD players.  ; )


CD audio data was not designed to allow stopping and starting with  
the expectation that the data will marry bit perfect without any  
redundancy or loss. When you press pause/play on a CD player, it is  
unlikely that you are going to notice a small portion of data loss or  
a small portion of music which already played, so the limited  
addressing (not block perfect) is acceptable in the intended  
application. However, if you could capture each portion and then play  
them one after the other without the pause, you are likely to notice  
a stutter (redundancy occurs) and/or a click/pop (redundancy or loss  
occurs).


Since computers like to work in portions, ripping audio from a CD can  
cause the requests to start and stop, instead of constantly stream.  
But the format is not designed to gracefully handle that. This can  
cause errors (repeated data or lost data) which differ with each rip,  
due to conditions not necessarily being the same each time (and of  
course a single bit error will cause a different hash).


This is why CD paranoia exists. CD paranoia reads back a little with  
each new portion of the stream read and then tries to find where the  
overlapping data at the end of the previous stream matches the  
beginning of the new stream. It then joins them so that there should  
hopefully be no repeated or lost data, discarding the redundant data  
in the process. The use of CD paranoia will increase the chances of  
getting the same hash from a rip, but it can only do the best with  
what it is given from the drive under variable conditions.


Also, CD audio data has weaker error detection/correction than CDROM  
data, so marginal reads have a greater chance of giving differing  
results. Combine the random nature of noise with marginal data and  
weak error detection and that noise can colour the output in an  
unpredictable fashion which is not constantly repeatable.


It would not surprise me if you could get exact same hashes on  
subsequent rips, but it also would not surprise me if you did not.



Shane

Re: system lock-up - RTFM?

[Shane J Pearson]

Hi Breen,

On 2006.06.07, at 4:39 AM, Breen Ouellette wrote:


Of course not. It doesn't even tell you if your memory is bad.


It can if you use it to identify a potentially faulty module and then  
move that module to another slot or machine and the problem follows  
the module (as reported by memtest86), instead of following the  
machine or original problem slot.


I have a faulty DDR2 SODIMM in my laptop which memtest86 shows to  
fail in the same place every single time. This machine has 2 SODIMMS.  
If I swap their positions in the memory slots in my laptop, memtest86  
shows the errors follow the module to the other slot, while showing  
the original potentially faulty slot to be fine. Same deal if I swap  
the memory between my laptop and my girlfriends. Problem follows module.


I take that as memtest86 being able to tell me that my memory is bad.  
It's the same as with many tools. As you already alluded to, you can  
get more accurate measurements with more thorough testing process.  
But as far as I am concerned, memtest86 can be used to identify bad  
memory.



Shane

Re: one drive in a raid 0 failed, can I save any data?

[Shane J Pearson]

Hi John,

On 2006.06.02, at 1:57 AM, John Brahy wrote:

For a couple weeks I was running without backups and one of the  
drives died.

Is there a way to recover any of the data from the drives?


How dead is the drive and how desperate are you?

I have imaged a clients ide drive which was doing the spin-up and  
keep spinning for a few minutes and then spin-down, thing. The slow  
disk death where you get excited about copying your data, then it  
dies mid-copy, you try lots of times to copy, it does the same thing  
each time and then the drive eventually never spins up again.


What I did in that case, was image with Ghost and when the drive  
spins-down, pull the power plug on the drive alone, then plug it back  
in to get a few more minutes of copying. Keep doing that until the  
whole drive is imaged. Thankfully, this worked perfectly for me.


I only mention Ghost because I have only tried this with Ghost and  
Ghost did actually tolerate this abuse and patiently waited for the  
drive to become responsive again and then continued. I don't know if  
this would work with other imaging type software. Seems scary, so I  
suppose if you want to try this you should do it on an expendable PC  
or perhaps an external enclosure. Ghost has a forensic option where  
it copies all data regardless of partition types and file-systems,  
which you'll need in this case since Ghost knows nothing about FFS  
and even if it did, it's striped.


If you manage to get a full image, get an exact same drive and  
restore the image to it, then you might get lucky.


Another thing I have seen successfully done when a drive would not  
spin-up at all, was a PCB swap from an exact same drive (model/ 
firmware). If you try this, image the drive and then restore to  
another disk. Since when I saw this done, the newly fixed drive with  
different PCB died only days later in the same way. As if something  
inside the drive killed something on the outer PCB.


Good luck, I hope you have some option.


Shane

Re: Linksys support... hmm

[Shane J Pearson]

Hi Lasse,

On 2006.04.30, at 8:38 PM, Lasse Bach wrote:

I also need to know if v5 of the WMP54G uses a Ralink Technology  
RT25x0 chip?


Are you unable to avoid it?


Maybe someone on the mailing list can provide me with an answer to:
2. Why are such information not available to their customers?


Because they suck (the company).


I wonder if a PCI-minipci card with a minipci RT25x0 based card  
might be good for you?


From RAL(4):

The following Mini PCI adapters should work:

 Amigo AWI-922W.  Billionton MIWLGRL.  Gigabyte GN-WIKG.  MSI  
MP54G2.  MSI

 MS-6833.  Tonze PC-620C.  Zinwell ZWX-G360.


Shane

Re: pf firewall question

[Shane J Pearson]

On 2006.04.30, at 11:34 PM, S t i n g r a y wrote:


enterprise firewall what is the diffrence between pf 
MS ISA / cisco pix or checkpoint ?
performance ? stability or features ?


Marketing which is designed to put a fright into people who have  
responsibility for systems and data which are not theirs. That  
marketing then takes the frightened IT manager and gives them the  
warm fuzzies by talking about enterprise level support, SLA's,  
industry standards, well chosen (and seemingly bogus) TCO case  
studies and sometimes horror stories of people who did not choose to  
use them.


It is all bullshit though. Because all that is designed to get your  
money and the enterprise systems cost in a big way... then they start  
talking about on-going support.


I've worked in some places which had 5 figure (AU) support contracts  
for firewall, IDS, etc and the systems were flakey (reboot every few  
days to weeks!), the phone support was shit and the people that came  
out were clueless.


The difference is marketing targeted to the people that matter to the  
vendor. The easily frightened managers and not the nerdy types who  
would rather put together a couple of decent quality machines with  
OpenBSD, pf and CARP, etc.



Shane

Re: OU812

[Shane J Pearson]

On 2006.04.29, at 4:43 PM, Greg Thomas wrote:


Wow, I guess we had to be there.


Something like that. With only a few sleeps to go, some people are  
feeling silly for Puffy.


It seems that a little silliness helps to fight against the sad  
seriousness of what OpenBSD is up against...


http://www.openbsd.org/lyrics.html

Re: Sun 220R, cdrom problem

[Shane J Pearson]

For the archives (until Sun moves things around again)...

On 2006.02.12, at 7:50 PM, Brad wrote:


I just thought I should point out the fact that some
Sun systems need firmware updates. The 220R specifically
needed an update on the system that was used for the
initial OpenBSD/sparc64 port, I do not know the details
as to why that was necessary.

Unfortunately with the change in licensing of Solaris and
the way Sun supports Solaris and their systems you can no
longer download these updates from the SunSolve FTP site
without a support contract. I do not know if its possible
to find these updates elsewhere.


It seems that the patches for these machines are still publically  
available.

I patched a U60 recently and found this:

ftp://patches.sun.com/patchroot/all_unsigned/


Since it is a large list of patches, here are links to the latest  
versions available at that ftp for the OpenBSD supported machines:


Blade 100/150   79
ftp://patches.sun.com/patchroot/all_unsigned/79-10.zip
ftp://patches.sun.com/patchroot/all_unsigned/79-10.README

Enterprise 220R 106455  
ftp://patches.sun.com/patchroot/all_unsigned/106455-11.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/106455-11.README

Enterprise 250  106503  
ftp://patches.sun.com/patchroot/all_unsigned/106503-09.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/106503-09.README

Enterprise 420R 109082  
ftp://patches.sun.com/patchroot/all_unsigned/109082-05.zip
ftp://patches.sun.com/patchroot/all_unsigned/109082-05.README

Enterprise 450  106122  
ftp://patches.sun.com/patchroot/all_unsigned/106122-11.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/106122-11.README

Enterprise 3x00/4x00/5x00/6x00  103346  
ftp://patches.sun.com/patchroot/all_unsigned/103346-30.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/103346-30.README

Netra T1 200111991  
ftp://patches.sun.com/patchroot/all_unsigned/111991-07.zip
ftp://patches.sun.com/patchroot/all_unsigned/111991-07.README

Netra X1111952  
ftp://patches.sun.com/patchroot/all_unsigned/111952-03.zip
ftp://patches.sun.com/patchroot/all_unsigned/111952-03.README

Ultra 1 104881  
ftp://patches.sun.com/patchroot/all_unsigned/104881-09.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/104881-09.README

Ultra 1E104288  
ftp://patches.sun.com/patchroot/all_unsigned/104288-09.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/104288-09.README

Ultra 2 104169  
ftp://patches.sun.com/patchroot/all_unsigned/104169-08.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/104169-08.README

Ultra 5/10  106121  
ftp://patches.sun.com/patchroot/all_unsigned/106121-18.zip
ftp://patches.sun.com/patchroot/all_unsigned/106121-18.README

Ultra 30105930  
ftp://patches.sun.com/patchroot/all_unsigned/105930-06.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/105930-06.README

Ultra 60106455  
ftp://patches.sun.com/patchroot/all_unsigned/106455-11.tar.Z
ftp://patches.sun.com/patchroot/all_unsigned/106455-11.README

Ultra 80109082  
ftp://patches.sun.com/patchroot/all_unsigned/109082-05.zip
ftp://patches.sun.com/patchroot/all_unsigned/109082-05.README


Shane J Pearson

Re: Port collection missing...

[Shane J Pearson]

On 2006.04.29, at 2:04 AM, S t i n g r a y wrote:


Well i just installed my First OpenBSD BOX :) feels
good !!! but to install packages i cannot find ports
collection in /usr how can i get them ? i am using 3.7
version.


You have chosen to use 3.7 just days before it will be unsupported  
due to the 3.9 release date coming up (1st May).


You might be better off re-installing 3.8 or waiting for 3.9.

Re: OpenBSD 3.9 stable from cvs

[Shane J Pearson]

On 2006.04.14, at 11:05 PM, Srebrenko Sehic wrote:

Well, I wonder how people who pre-orded their CDs, got them,  
installed 3.9-RELEASE and run Sendmail are going to patch their  
systems?


Use the source code from the CD's themselves and then download the  
patch from

http://www.openbsd.org/errata.html and apply?

Re: PPPoA and OpenBSD

[Shane J Pearson]

Hi Dave,

On 2006.04.09, at 7:03 PM, Dave Harrison wrote:

Is it not possible to configure in a way similar to a ppp  PPPoE  
setup ??


I have a modem that I'm connecting to via ethernet, then it plugs  
into the phone

line.


Does your MODEM have a half bridge mode? My DSL MODEM/router employs  
a half bridge mode, but calls it MODEM mode. With that mode, you  
can have the MODEM log in to your ISP and deal with PPPoE or PPPoA  
and then the MODEM just passes the IP traffic to its ethernet port.  
In that mode you can leave the MODEM/routers DHCP server switched on  
and your connected machine will get the IP assigned from your ISP  
through the MODEM.


I used to use PPPoE with my provider in Australia, but tried PPPoA  
using this method and it works great. I wanted to try PPPoA because I  
was having some stability issues with PPPoE, however the problem  
turned out to be the MODEM. I stuck with PPPoA because I can use an  
MTU of 1500. The MODEM deals with the logging in and PPPoA and my  
firewall just sees the IP traffic without any NAT being done in the  
MODEM.


Maybe this a possible solution for you?


Shane

Re: laptops needed

[Shane J Pearson]

Gustavo,

On 2006.04.10, at 10:13 AM, Gustavo Rios wrote:


Excuse gentleman,

but i don't see any rationale behind  that tense:

  one could argue that people who live in such places should

not have computers)


I believe that's humour.

Who wants to code when you've got island life outside? Palm trees,  
fishing, swimming, bikinis, seafood, etc. I think drinking beer under  
a palm tree beats drinking beer at a keyboard any day.


Also, maybe from Theo's perspective, I've heard tell that it can get  
pretty cold in Canada.

Re: Music made with OpenBSD

[Shane J Pearson]

Hi Alexandre,

On 2006.04.02, at 8:32 AM, Alexandre Ratchov wrote:

for the last step i used another box (pentium III at 550MHz), since  
the

first one died.


A PC died in the making of that song? I hope you will dedicate that  
song to him/her.


Great music BTW. Watch out Ty!   ; )


Shane

Re: 3Ware 9500S-12

[Shane J Pearson]

Hi MichaE,

On 2006.02.24, at 10:24 PM, MichaE Koc wrote:

can someone confirm that 3Ware 9500S-12 does or does not work with  
OpenBSD ?


Based on what I last I heard, I think the most important point is  
that 3Ware the company, does not work with OpenBSD the project.



Shane

Re: openbsd and the money

[Shane J Pearson]

On 2006.03.24, at 5:23 AM, Theo de Raadt wrote:


http://openssh.com/usage/graphs.html


Wow, no wonder ssh.com spouts so much FUD. They are quickly  
converging on extinction.

Re: Reminder about the X Aperture

[Shane J Pearson]

Hi Theo,

On 2006.03.14, at 9:41 PM, Theo de Raadt wrote:


Well, recently we have changed our minds, because we still feel that
the aperture is too dangerous.  And the vendors keep finding creative
ways to squeeze more and more evil into their video cards!

Please be aware that other operating systems don't even have an
aperture device, because they simply let root processes talk to the
video cards (via /dev/mem).  Their X servers also run entirely as
root, while ours is now privilege seperated and running jailed as user
_x11.  Even so, our privilege seperated X server is talking directly
to the IO registers of a video card with much evil in it.  And many
newer video cards are very smart, capable, and thus dangerous. So we
have concerns.


Are these new programable cards capable of reading main memory, which  
OpenBSD would not be able to prevent if machdep.allowaperture were  
set to something other than 0?



Shane

Re: Reminder about the X Aperture

[Shane J Pearson]

Thanks Theo,

On 2006.03.15, at 5:22 AM, Theo de Raadt wrote:


Are these new programable cards capable of reading main memory, which
OpenBSD would not be able to prevent if machdep.allowaperture were
set to something other than 0?


Yes, they have DMA engines.  If the privilege seperate X server has a
bug, it can still wiggle the IO registers of the card to do DMA to
physical addresses, entirely bypassing system security.


Wow. As if running a binary blob was not bad enough, video card  
binary blobs are suddenly found to be all-powerful.



Shane

Re: Pre-orders for our releases.

[Shane J Pearson]

On 2006.03.10, at 1:29 AM, Craig wrote:


When the new edition of Artymiak's pf book comes out, I'll get that
through Wim, also.


Anyone heard any news about Jacek's new book? It's supposed to be put  
out by O'reilly still? I've been eagerly awaiting it.



Shane

Re: Sun Ultra 1 and Ultra 5

[Shane J Pearson]

Hello Gustavo,

On 2006.03.04, at 2:51 AM, Gustavo Rios wrote:


These machine are very old, and hardware documentation has been lost.
It has a serial port, doesn't it?


Sun Ultra 1 Service Manual:

http://www.sun.com/products-n-solutions/hardware/docs/pdf/ 
802-3819-10.pdf



Sun Ultra 5/10 Service Manual:

http://docs.sun.com/app/docs/doc/805-0423-12?q=Ultra+5

I don't know if these are the latest versions.


Shane

Re: SMP process control

[Shane J Pearson]

On 2006.02.27, at 1:45 PM, Sgt. Stedenko wrote:

Also, have there been any efforts into Ethernet device polling in  
the bge
drivers? On a gigabit network the interrupts are eating a large  
portion of

the cpu0 and thought it might help the situation.


http://marc.theaimsgroup.com/?l=openbsd-miscm=114064960816689w=2

Re: Utilisation of free memory as disc cache: tweaking is required?

[Shane J Pearson]

Hi Hannah,

On 2006.02.20, at 11:21 PM, Hannah Schroeter wrote:

Just one effect you have to care for, on Linux (which *has* a  
unified

VM/buffer cache system) we mkdir many directories (e.g. hashed buckets
like squid uses them, just a few more, 256 * 256, to be precise).  
It was

quite long (at least into the Linux 2.4 series) that that worked like
this: mkdir completed quite fast until the memory was filled with  
dirty

blocks, then the box *hung* completely until all the dirty blocks were
actually written to disk. This isn't acceptable. And it's not  
acceptable

for something like grep foo (a list of names of long files) pages out
every program.


The Linux UBC doesn't seem to perform very well either. Assuming I  
tested this correctly, I wrote a simple script to read a large file  
(larger than half available RAM but less than total available), over  
and over again (hundreds of times) just to /dev/null. NetBSD and  
FreeBSD read the file from disk once, as noted from the activity  
light and then flew through the remaining re-reads super fast from  
RAM (FreeBSD being the faster of the two). I expected this behaviour  
from Linux, but instead Linux constantly read the file from disk  
_extremely_ slowly (found on various Linux distros). Much much slower  
than OpenBSD which also read the file from disk each time.


Is OpenBSD way too different now from NetBSD to port their UBC code?


Shane J Pearsonshanejp netspace net au

Re: network distributed storage with windows?

[Shane J Pearson]

Hi,

On 2006.02.16, at 6:58 PM, A Rossi wrote:


My apologies to those of you who use console-based mail clients. I'm
still trying to figure out how to get Thunderbird to wrap my text  
at 72

characters. Yes, I know about the setting under Tools  Options, but
that doesn't seem to be working correctly...


I use this marker in my sig and newline manually in Apple Mail because
I haven't found out how to make Apple Mail wrap at 72.

Shane J Pearsonshanejp netspace net au   -|

Re: network distributed storage with windows?

[Shane J Pearson]

On 2006.02.17, at 1:37 AM, Shane J Pearson wrote:


I use this marker in my sig and newline manually in Apple Mail because
I haven't found out how to make Apple Mail wrap at 72.


For any OSX Mail and OpenBSD users who I might have led astray here,  
forget I said this. Someone pointed out to me off list that OSX Mail  
supports x-flow and thus manually wrapping is not needed.



Shane

Re: network distributed storage with windows?

[Shane J Pearson]

Hi,

On 2006.02.16, at 12:53 PM, A Rossi wrote:


He asked me if I could partition all of his workstation computers
(running windows XP Professional SP2) with a windows partition, and a
hidden partition which occupies most of the disk, that is accessible
over the network to OpenBSD (actually he asked for FreeBSD, but I will
change his mind...) to back up his server.


Years ago while working for an educational institution, I cobbled
together some programs to allow some classroom machines to be brought
back to SOE automatically every night after classes, as long as the
machines were switched off at the end of the day.

I used the automatic power ON feature on the PC's to switch them ON
automatically at 11pm, and then Smart Boot Manager, which has boot
schedule features which could be configured to automatically boot a
hidden DOS partition if the PC's were booted at around that time. That
hidden DOS partition would then run Ghost to restore the WinNT partition
to SOE. Once that was done I had a small util power the machines OFF.
Smart Boot Manager can be configured with a boot delay of zero seconds,
so the staff should never see it.

One thing you might be able to do, is if those PC's have the auto power
ON feature, use smart boot manager to do much the same, but boot OpenBSD
instead and maybe run Samba to receive those backups. Then have OpenBSD
power those PC's off before work begins the next morning. Maybe rsync
or Unison would be better.


Having said all that, you really should be convincing him that a real
backup scheme should be employed. That is dodgy. The backups could be
corrupted through a multitude of ways or copied by a savvy malicious
staff member. What if there is a fire?


Shane J Pearsonshanejp netspace net au   -|

Re: higher resolution on tty

[Shane J Pearson]

Hi JCR,

On 2006.02.13, at 10:27 AM, J.C. Roberts wrote:

I know of no hardware query to determine supported character  
modes and

when I think about it, the task might actually be impossible; your
system graphics/video/framebuffer card may support some character  
mode
that your monitor/terminal does not support. Since there is no feed  
back


Aren't character modes built into displays a thing of older displays and
terminals? I thought that when a modern video card is in a text mode, it
is actually rendering bitmapped text characters to a bitmapped frame
buffer, which then gets sent to the display like any other image at that
given resolution?

But this resolution is limited to that which the card uses and going
beyond that would require a software controlled text to high-res
frame buffer?


Shane J Pearsonshanejp netspace net au   -|

Re: X11 exploit info

[Shane J Pearson]

Hi Craig,

On 2006.02.13, at 10:31 PM, Craig M wrote:


However, it has raised my suspicions to a higher level. The book is
copyrighted in 2003, long before I subscribed to this list and maybe
even heard of OpenBSD really. Thing is, why would somebody who has
assisted in the writing of this excellent book, be posting such
troll-like pieces to this list?


I've always found Dave to be polite and even in the face of this recent
abuse, which seems excessive to me. I don't think Dave intends to be
coming off as a troll. He's maybe just feeling a little paranoid at the
moment since he has apparently become the victim of a hacker.

I wonder if Dave is finding himself torn between asking questions here
to people he respects a great deal and not wanting to ask because of the
responses he has been getting?


Shane J Pearsonshanejp netspace net au   -|

Re: PF or BPF

[Shane J Pearson]

Hi Dave,

On 2006.02.14, at 12:53 PM, Dave Feustel wrote:


Marco,

I would like to add that I appreciate the work you and the rest of the
crew are doing to develop OpenBSD.


It might be best in the future to first outline what you've done to
research your questions and then ask the question. Otherwise people will
think you've done nothing and the thread will start with flames.

Leaving us hanging with the X vulnerabilities and providing no details
is not a good way to start with that either. Persisting with that
behaviour after people have asked for details would only fan the flames.

If you gave details in the first post, people here qualified to answer
could have put that to rest quickly and you would not be building up a
reputation.

Bye for now,


Shane J Pearsonshanejp netspace net au   -|

MS Security VP Mike Nash remarks on MS vs OpenBSD security.

[Shane J Pearson]

What an incredible load of tripe!...

From:http://interviews.slashdot.org/article.pl?sid=06/01/26/131246

~~~
OpenBSD
by hahiss

How is it that OpenBSD is able to be so secure by design with so few
resources and yet all of Microsoft's resources cannot stem the tide of
security problems that impact everyone, including those of us who do not
use Microsoft programs?

Nash: First, I should say that OpenBSD includes a relatively small
subset of the functionality that is included in Windows. You could argue
that Microsoft should follow the same model for Windows that the OpenBSD
Org follows for their OS. The problem is that users really want an OS
that includes support for rich media content and for hardware devices,
etc. So while OpenBSD has done a good job of hardening their kernel,
they don't seem to also audit important software that are used commonly
by customers, such as PHP, Perl, etc. for security vulnerabilities. At
Microsoft we're focusing on the entire software stack, from the Hardware
Abstraction Layer in Windows, all the way through the memory manager,
network stack, file systems, UI and shell, Internet Explorer, Internet
Information Services, compilers (C/C++, .NET), Microsoft Exchange,
Microsoft Office, Microsoft SQL Server and much, much more. If a
software company's goal is to secure customers, you have to secure the
entire stack. Simply hardening one component, regardless of how
important it is, does not solve real customer problems.

Second, it is not completely accurate to say that OpenBSD is more
secure. If you compare vulnerability counts just from the last 3 months,
OpenBSD had 79 for November, December and January compared to 11 for
Microsoft (and that includes one each for Office and Exchange - so
really 9 for all versions of Windows). I encourage you to look at the
numbers reported at the OpenBSD site to verify that this is true.
~~~


Shane J Pearsonshanejp netspace net au   -|

IBM admits that Puffy is the best defense!

[Shane J Pearson]

Howdy,

http://www-8.ibm.com/e-business/au/operations/businesses.shtml? 
ca=auhomepageme=odbmet=051209defence


; )


Shane

Re: OpenBSD VMWare image too popular

[Shane J Pearson]

Julien,

On 09/01/2006, at 1:10 PM, Julien Bonastre wrote:


The guy is delusional and has NO basis for his argument.


I think your response here (along with the rest) is exaggerated.

Don't worry mate, you've got your head screwed on right. This guy  
Graham still goes to work in a horse and carriage, and whilst I'd  
love to be back in the ages, unfortunately evolution has caught up  
with us..


Look again Julien. Graham said:

If it's that popular it's worth setting up a torrent!


I assume your overly enthusiastic rant was supposed to be directed to
Bob? Who I think does not like the thought of running some random,
binary only, already installed, take it as it is, disk image of OpenBSD.

If someone where to go to the trouble of testing the integrity of every
single file in that disk image, they probably would be expending more
effort than doing the install itself. Yeah, okay, it is good for the
VMware player, which only plays existing images. Some people may get
something out of the image and that is great. But like Bob, I'll pass.
I don't think anyone should be flamed for not wanting it though.

Just because Bittorrent can be used to share data while keeping the
integrity of the original file intact, does not mean that you can't
share dodgy shit with it.

I'm not saying that this VMware image *is* dodgy, BTW. What I am saying
is that Bob and others most likely need trust to be earned and that
trust does not just come in an instant. I'm not talking about Bittorrent
here either, I'm talking about the VMware image.


Shane J Pearson

Re: RAID on AAA-131U2

[Shane J Pearson]

On 29/12/2005, at 8:01 PM, RedShift wrote:


I've set up a RAID 0 set on two 9 GB SCSI disks, using an Adaptec
AAA-131U2 controller. However, when I want to install OpenBSD on it, I
get asked for which disk should be the root disk. Ofcourse, I see two
disks, sd0 and sd1. This probably means that the hardware RAID on the
AAA-131U2 isn't supported, as I see the same with linux. Will it ever
be supported?


I think you might be asking the wrong people.

Try asking Adaptec if they are confident enough in their own products
to back them up with open documentation.


Shane

Re: UltraSparc documentation

[Shane J Pearson]

Craig,

On 08/12/2005, at 11:05 AM, Craig Skinner wrote:

I'm going to be buying some hardware for offiste colos next year  
and was

thinking of getting some used Netras.


The Sparc64 support page: http://www.openbsd.org/sparc64.html

Shows various Netra machines as being supported.


Shane

Re: openbsd web site design proposals (from HOTO write bad docs)

[Shane J Pearson]

On 29/11/2005, at 4:47 AM, frantisek holop wrote:

hmm, on Mon, Nov 28, 2005 at 05:32:54PM +0100, Otto Moerbeek said that


It's even a FAQ: http://www.openbsd.org/faq/faq8.html#wwwnotstd


doesn't mean it's right, does it?


The OpenBSD project does not fix the broken browsers which visit the
site, so they fix the site instead, when required.

I think it is just as likely that the site could be made 100%
compliant and then a future browser is further broken in some way,
requiring another fix to the site.

So why not just address an issue when it actually becomes one? Seems
practical to me.


Shane J Pearson

Re: openbsd web site design proposals (from HOTO write bad docs)

[Shane J Pearson]

Hi Nick,

On 29/11/2005, at 4:36 AM, Nick Holland wrote:

Unfortunately, I care about the work I do.  I do read (or at least  
skim)
every message (ok, almost every...I've started an ignore list of  
people

who warrent not ever giving a response to) that goes through misc@,
looking for a tidbit that might really be significiant.


It's funny you should mention this. Just recently, for the first time in
about 14 years, I was provoked into starting a Twit List due to some
complete fool in this list. It seems I have some updating to do.

I mostly read misc@ for the interesting discussions, however there has
been an annoying amount of worthless chest beating lately. Like a
gorilla, it seems to be all show.


Shane J Pearson

Re: OT: Quad Ethernet cards feedback on OpenBSD

[Shane J Pearson]

Hi Johan,

On 17/11/2005, at 9:48 PM, Johan P. Lindstrvm wrote:


The D-Link cards are bad and do not work well under OpenBSD (pre 3.8
I haven't used them with 3.8). You should avoid them.



the D-Link Card DFE-580TX works under OpenBSD, but their greatest
advantage is that they are cheap (around 100 Euro in Germany).
Don't expect to much performance.


I do not agree, I have 10 or 12 D-Link DGE-530T running 3.7 atleast  
since CD
release time and no issues what so ever, they are attached as sk(4)  
devices
and I couldn't be a happier camper. Though that is most likely due  
to the
chipset, not D-Link as a brand. These cards are very cheap, some 20  
euros a
pop in here in Sweden. Browse the OpenBSD metastore and/or the  
manual pages,

em(4) and sk(4) should get you started on your quest.



He was talking about the 4 port DFE-580TX, which I have seen other
people complain about in the past.

Completely different to the DGE-530T.


Shane J Pearson

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Shane J Pearson]

J,

On 16/11/2005, at 1:20 AM, J Moore wrote:


It *is* an inaccurate statement of what ntpd is doing to the system's
time. ntpd is your product - if you're happy with this little flaw,  
then

that's fine - leave it as is. But again, The emperor has no clothes!


The word adjusting does not imply an instantaneous action or
completed action, because the ing on the end implies that the process
is still taking place. If the line said adjusted by, then you would
have a point. But it doesn't, so you don't.

It seems that Henning's English is better than yours.

Can this be dropped now? Or do you need to continue making a big deal
out of nothing?


Shane J Pearson

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Shane J Pearson]

J,

On 15/11/2005, at 9:42 AM, J Moore wrote:

Prior discussions notwithstanding, the fact is that the log  
messages are

misleading. I *understand* now... if the log messages were written
differently, I never would've had to ask.


Reasonable person scenario:

o Notice odd ntpd log entries.
o #man ntpd
o Notice SECOND paragraph says:

ntpd uses the adjtime(2) system call to correct the local system
time without causing time jumps.  Adjustments larger than 128ms
are logged using syslog(3).  The threshold value is chosen to
avoid having local clock drift thrash the log files.

o Crisis averted.

I don't know who Henning is, and I don't know what he voted no  
to, but

if he voted against a clear log message, then he voted yes to
confusion.


Come on. You've been haunting these lists for long enough to know who
Henning is. Cut the theatrics.


Shane J Pearsonshanejp netspace net au   -|

Re: OT: Compact Flash Longevity; was Re: dd image file to compact flash takes very long

[Shane J Pearson]

On 09/11/2005, at 6:38 AM, Alexander Hall wrote:


Has anyone else out there been brave enough to go rw on their CF
cards?  Results?



I have been brave (read: lazy) enough to keep my Soekris running  
with a single root partition mounted r/w on my (home) gateway  
Soekris box since i got it for my birthday in June (how pleased I  
was to see 3.7 pre-installed on the CF - thanks Wim :) ). No  
massive traffic, but I expect it to log stuff quite regularly (i  
just noticed the pflog adding in general at least one packet per  
minute).


I have a Sandisk Ultra II 1GB in my Sun Ultra 10 firewall which has been
r/w for a little more than 6 months now. Nothing special as far as
logging goes yet. No problems. Took the plunge after Henning pointed out
the Sandisk longevity calculations document.


Shane J Pearson

Re: OT: 10 things i hate most on unix

[Shane J Pearson]

On 07/11/2005, at 1:17 PM, [EMAIL PROTECTED] wrote:


Everything is a stream of bytes.


Reminds me of that saying which goes something like...

How do you eat an elephant? One mouthful at a time.


Microsoft tries to put the whole elephant in its mouth all at once, then
dies choking on it. Then the elephant it blamed.


Shane J Pearson

Re: OT: 10 things i hate most on unix

[Shane J Pearson]

On 06/11/2005, at 3:32 PM, Damien Miller wrote:


Don't bother giving the publication the benefit of the page
impressions.


If anyone still wants to read it, but wish to avoid the adverts, this is
the printer friendly version:

http://www.informit.com/articles/printerfriendly.asp?p=424451

Re: OpenBSD CDROM layout definition, Copyright Infringement.

[Shane J Pearson]

Hi Nick,

On 05/11/2005, at 11:09 AM, Nick Holland wrote:


If you publish a book, and I duplicate it in every way EXCEPT that I
change one character in one location, or the color of the cover, or
insert a page with the text, THIS PAGE INTENTIONALLY LEFT (almost)
BLANK, I can argue that it is a different book (different md5!),  
but I

suspect you would feel cheated, and the courts would probably agree.


I believe a lawyer friend of mine would refer to this situation as the
two being substantially similar. However the legal copyright sense
of substantially similar can be _ridiculously_ miniscule.


Shane J Pearson

Re: preventing OS fingerprint

[Shane J Pearson]

Hi Damien,

On 04/11/2005, at 9:56 AM, Damien Miller wrote:

why care? fingerprinting is such a non-issue, and spending effort  
to avoid it is just security through obscurity.


Ignoring whether blocking NMAP scans is effective or not...

I agree that it is not good to rely on obscurity. But I don't see
anything wrong with obscuring a detail which people don't need to know.

What do you have to gain and what do you have to loose from holding
that info back? And what do you have to gain and what do you have to
loose from advertising it?

If someone wants to know what you are running, to ease their attack.
Then why not make it a little harder for them? That extra time could
help you or a process detect the random attacks and work against the
attacker.

Not that there is much likelihood of a patched OpenBSD getting rooted
though. Conversely, I guess advertising OpenBSD could make them go away.
; )


Shane J Pearson

Re: a truly openbsd day

[Shane J Pearson]

Hi Uwe,

On 01/11/2005, at 10:36 PM, Uwe Dippel wrote:


Seconded. I still keep thinking that an initial install isn't sooo
difficult. Rather simple, that is.
But when I look at our desktops ( 500), who'll ever do the upgrade  
once

per 6 months (or a larger upgrade once per 12 months) ?


Are a large chunk of those 500 mostly the same config but with different
user data in /home?


Let's be realistic, there is no way to ftp... patch... make... pkg_add
-u... manually on a larger number of systems.


If you have a large number of desktops which are identical in
configuration, then would it not be possible to have a staging desktop
machine(s) which you bring up to date with patches and then have its
binaries served to the appropriate desktops as need be? Perhaps you
could even spread the rollout to the desktops out with different
machines checking for updates on different days of the week. So as to
minimize load on the staging desktop and also minimize potential damage.

Or am I missing something which makes this impractical or impossible?


Fork is no solution, as far as I can see. Just the opposite is needed.


Absolutely.


Shane J Pearson

Re: Make a backup

[Shane J Pearson]

Hello Abel,

On 31/10/2005, at 10:23 PM, Abel Talaversn Estevez wrote:

If I make the backup with 'dd if=/dev/wd0c of=/image bs=512' the  
image is a
file of about 2 GB because the hard disk is of 40 GB. But with a  
'du -sh /' I

can see that all files are only 221 MB.


The file is probably 2GB because that is the largest a single file can
be on the file system you are saving it to.

How could I do it to achieve a smaller image? The last option is  
using 'tar'

but I prefer to have an image. Is it possible?


To save file system images from BSD's, I use:

dd bs=64k if=/dev/ | gzip | split -b 640m - backup.dd.gz.

This gives me 640 MByte chunks of a gzip compressed image of /dev/
The files start with the suffix .aa and increment alphabetically like:
.ab .ac etc.


To restore I use:

cat backup.dd.gz.* | gunzip | dd bs=64k of=/dev/


I choose 640 Mbyte chunks, because they seem to be a good compromise for
a size which fits well on both CDR's (1) and DVDR's (7), without too
much waste.

I choose a block size of 64kb because it seems to provide the fastest
transfer rates for me. Testing this now, using a 512 byte block size I
get about 3Mb/s regardless of whether gzip is being used or not. But
using a block size of 64kbyte I get rates which range from 10-36Mb/s,
depending on how compressible the data on the disk is. 36MB/s seems
to be the fastest rate this disk can sustain.

I fill Unix file systems with a big file full of zeroes and then delete
that file, so that gzip can do a good job with areas of the file system
which held old less-compressible data. For Windows file systems I use
Eraser to do the same.

http://www.tolvanen.com/eraser/


Shane J Pearson

Re: Sun Ultra 5 as a firewall?

[Shane J Pearson]

Hey Joe (where are you goin' with that OpenBSD CD in your hand?),   ; )

On 10/10/2005, at 11:02 AM, Joe S wrote:

 After doing my own tests, I found that the Ultra 5 was too slow to  
 perform near wire-speed throughput.

 TEST 1 - Sun Ultra 5 360MHz
 dc0 and dc1 are Phobos 430TX quad nic, PCI card
 [  4]  0.0-10.0 sec  42.1 MBytes  35.3 Mbits/sec


 TEST 2 - Supermicro, Intel P4 3GHz
 em0 and em1 Intel PRO/1000CT (82547EI), onboard nics
 [  4]  0.0-10.0 sec  96.1 MBytes  80.7 Mbits/sec

Your Ultra 5 iperf results were so far off my 333MHz Ultra 10
firewall, that I decided to do some testing with my 360MHz Ultra 5.

I previously thought the 360MHz had 512kbyte of L2 cache, but it's
actually 256kbyte in my U5 and it seems there is a 256k 360MHz (for
the U5) and also a 2Mbyte 360MHz (for the U10). I thought that maybe
that much more L2 would be much better for pf than a few extra MHz.

The end point machines running iperf are FreeBSD 5.4 RELEASE. One is
a 2.13GHz Pentium M Sony notebook with a GigE Realtek and the other is
an AMD XP 2800+ desktop with an fxp. Nothing else changed except for
the CPU module.


Here are the results:

Direct crossover connection: 94.1 Mbits/sec.
360MHz in the Ultra 5:   pf OFF: 67.2 Mbits/sec   pf ON: 47.3 Mbits/sec.
333MHz in the Ultra 5:   pf OFF: 77.0 Mbits/sec   pf ON: 74.0 Mbits/sec.


Seems like that little 256k L2 in the 360 hurts pf performance badly.

According to http://sunsolve.sun.com/handbook_pub/Systems/U5/spec.html
you can put a 333MHz or 400MHz CPU with 2Mbyte L2 in the Ultra 5. I've
seen these on Ebay.

I'm using a U10 for the extra PCI slot allowing me to have the 5 NICS
I need for my current desired config. The U10 apparently can also go
to 440MHz with 2Mbyte L2. I wonder if the U5 could take this anyway?
I currently am only using 1 memory bank in my U10 and U5. I'd be
curious to see if these numbers change using both banks interleaved.


Shane J Pearson

Re: Sun Ultra 5 as a firewall?

[Shane J Pearson]

Hi Matthew,

On 11/10/2005, at 7:03 AM, Matthew Weigel wrote:


Have you considered a multi-port card...?


I did. I was hoping to find a quad port fxp, but couldn't find one. I
know of the quad port dc's, but I've heard a few times of problems
with them. Since I already had an Ultra 10, I just ordered a 5 pack of
cheap fxp's (so I have one a spare too).

I know I've got an Ultra5's 400MHz processor in my Ultra10, and it  
works

fine.

A quick Google turned up
http://docs.sun.com/app/docs/doc/805-7763-12/6j7a690su?a=view too.


Thanks for that. I looked at a few docs at sun.com which showed
conflicting info about the CPU modules the U5 could take. I thought I
had seen somewhere once that the U5 could take the 440, but I couldn't
seem to find it this time. I will be avoiding the 256k and 512k L2
cache UltraSPARC's from now on. 256k L2 and the awful IDE
performance make this little U5 pretty slow as a desktop.

I'd like something nice and quick to compile OpenBSD sparc64. My
300MHz macppc is WAY faster than my U10, out of interest. Would
people recommend a U60 or U80? Having the decent L2 caches which
they can come with? Are they much quicker than Blade 100/150's?

Thanks,


Shane J Pearson

Re: RAID cards in sparc64 hardware?

[Shane J Pearson]

Hi Bob,

On 11/10/2005, at 7:29 AM, Bob Ababurko wrote:


in reading the thread about running pf on an ultra 5, I saw that  
people were running fxp NICs in them.  I started thinking about the  
possibility of running a Mylex Acceleraid 250 or any other RAID  
controller that OpenBSD supports in an Ultra5.


http://www.openbsd.org/sparc64.html

I asked this a few years ago and the most interesting answer I got was
to use a supported SCSI card and an external SCSI cage which performs
the RAID and setup itself.

I have been caught up in thinking that these nics and RAID  
controllers needed to be run in i386 hardware.  So I just tested  
out my realtek NICs, and they work in the sparc64, what about RAID  
controllers that I have always associated with PC's?


You may find some SCSI cards which come installed in Sun machines
actually have the x86 centric built in firmware utilities, which you
should find work if you plug them into an x86 PC. Seems they are just
re-badged OEM boards. I got an LSI SCSI controller in the U5 I got off
Ebay (which was a nice bonus because it was not listed as having it),
which has the firmware setup program you expect when using cards in x86
PC's.


Shane J Pearson

Re: Sun Ultra 5 as a firewall?

[Shane J Pearson]

On 11/10/2005, at 7:54 AM, Matthew Weigel wrote:


Why not look at quad-port GigE cards?  I know for sure em(4) has  
available

quad-port cards.


I will for the future.


It doesn't make it any faster as a server, either. ;-)

I've got an Ultra-Wide or Ultra2 SCSI card in my Ultra 10, and it  
seems to
make a world of difference; the IDE controller is only used for the  
DVD

drive.


Yeah I've heard that using SCSI in U5/U10's makes them run like whole
new machines. An old PII 300 I had gets about double the transfer rates
over the U10 with the same old 20G drive. Both running OpenBSD at the
time.


I think the U60/80 would be overkill, since you won't get the extra
processors... and I'm not sure how much the extra cache will help.   
Cache

isn't always a winning way to go faster; it's only useful while
instructions and data that get cached get accessed multiple times.   
Once

your cache gets large enough, adding more doesn't accomplish anything.


I'll hold off on that E5500 purchase then.   ; ) I had thought that 4Mb
L2 would be beneficial for making release.

U5's and 10's are so cheap at the moment on Ebay. I picked up the U5 for
about $40 Aussie. I've seen U60's go pretty cheap too. I don't mind
overkill if the price is right (except when overkill is 25 amps, 3 phase
at 3.5kW, putting out more heat than your typical central heating).  ; )


Shane J Pearson

Re: dual DVI graphics card

[Shane J Pearson]

Hi Aaron,

On 07/10/2005, at 7:37 AM, Aaron Glenn wrote:


I wasn't clear enough in my original post. I'm looking to run
1920x1200 on two DVI monitors; and I'd like some sort of OpenGL
hardware acceleration support, however minor. None of the ATi chipsets
currently support 1920x1200 on two DVI monitors.


My Sony Laptop has an ATI Radeon X600 Mobility which has a 1920x1200 LCD
and a DVI on the docking station which I can seemingly set to 1920x1200
(even all the way up to 2048x1536).

I would have thought the internal connection to the LCD would be
equivalent to DVI at least?


Shane

Re: USB to RS232

[Shane J Pearson]

For anyone who might have a Nokia DKU-5 USB-Phone cable. Mine is a
Chinese copy, however is recognised as a Prolific PL2303 USB-Serial
adaptor and might be able to be hacked into use as a USB-RS232 cable.

I only paid about $20 Aussie and would like to put some 9-pin
connectors towards the phone end of the cable to allow dual use.

Bear in mind that I don't know if a genuine Nokia DKU-5 cable also
works in this fashion, because this cheapo DKU-5 is not a drop-in
replacement for the genuine Nokia and requires its own driver in XP
distinct from the Nokia driver. In other words, the real DKU-5 might
not be recognised as a serial adaptor in any BSD.


On 07/10/2005, at 10:23 PM, Rod.. Whitworth wrote:


Mine cost $AUD30 inc GST and I got change. Go figure.



Shane J Pearson

Re: dual boot XP , Openbsd

[Shane J Pearson]

Hi Roelof,

On 09/10/2005, at 3:02 AM, Roelof Wobben wrote:


When install Openbsd after XP i get a problem regarding the install
instructions.


You need to be specific if you want people to be capable of helping you.

But when i first install Openbsd and then XP i think XP is not  
working well

because i heard that XP wants to have the first partition.


XP does not have to have the first partition, although it does like to
see the partitions numbered sequentially in the partition table in the
order the partitions are actually found on the disk. This won't bite you
until you run Disk Management in XP, when it will change the partition
table numbering to be sequential without even asking you.

If you have XP in the first partition (1st on disk and as the 1st in the
partition table), then installing OpenBSD to the 2nd should not cause a
problem. I use Smart Boot Manager to choose between XP and OpenBSD.

If you have XP in the first partition (1st on disk and as the 1st in the
partition table), but it is near the end of the disk and you will be
installing OpenBSD in free space before that partition, but as partition
2, then XP will no longer be able to find system files at boot time
because it is brain dead and counts partitions as where they actually
are on the disk, instead of where the partition table says the
appropriate partition is. Edit boot.ini to fix this. If you run Disk
Management at some stage in the future, Microsoft will ruin your day
again and you might wonder what the hell happened (it will re-order the
partition table to be reflect what partitions are found on disk in the
order that they are found).

If you create an unused partition 1 at the beginning of the disk, and
then install XP after that in partition 2, you might be able to later
install OpenBSD in partition 1 without any further trouble. I can't
remember if the XP installer allows installing to a partition other
that the first, but it can certainly be changed later.

None of my dual boot OpenBSD/XP or FreeBSD/XP machines have XP in the
first partition.


Shane J Pearson

Re: Sun Ultra 5 as a firewall?

[Shane J Pearson]

Hi Joe,

On 08/10/2005, at 6:28 AM, Joe S wrote:

Is anyone on the list running an Ultra 5 as firewall? I would like  
to move my firewall from an overpowered P4-3GHz box to a Sun Ultra  
5 360MHz.


My main concern is wondering if the Ultra 5 is slow enough to  
become a bottleneck from one interface to another interface.  
However, I know some of you run Soekris boxen and 486's for  
firewalls, so I may be just fine.


My firewall is a Sun Ultra 10, which uses the same mainboard as the
Ultra 5. Mine is the 333MHz 2Mb L2 cache model with 128Mb RAM. I have 4
fxp's in addition to the built in hme.

Between fxp's, with FreeBSD 5.4-RELEASE i386 at both end points of an
iperf test, I get about 66Mbit/s with pf ON and about 76Mbit/s with pf
OFF. My ruleset is pretty bare at the moment and I just did an iperf -s
at one end and an iperf -c $IP at the other.

At one end the NIC is a GigE Realtek. So this was using:
fxp---fxp|fxp---realtek GigE

I don't know if having an fxp in place of that Realtek would have been
better. I've heard the GigE Realteks are actually not too bad as
compared with what you could expect from their older rl abominations.

I also have an Ultra 5 with I think a 360MHz 512k L2 cache CPU lying
around doing nothing at the moment. I might test it too as I'd like
to know whether the MHz or cache size matters more here.

Shane J Pearson

Re: looking for reliable USB printer

[Shane J Pearson]

Marc,

On 05/10/2005, at 5:39 AM, Daniel Martini wrote:


I bought a Kyocera FS-1010 in July 2004 for 249,- EUR. Probably one  
of the

cheapest blackwhite Laser Printers having native PostScript (actually
KPDL2, Kyoceras PostScript dialect). Works flawlessly up to now.  
Plug in


I know you are looking for USB, however if you are avoiding printers  
with

a network connection because they tend to be expensive, then...

I have not tried the USB functionality, however I have a Kyocera
FS-1020DN. My FS-1020DN also does postscript (in the printer), plus
duplex, came with an internal 10/100 print server and does 20 A4 ppm. I
have always just printed through the network. The duplex functionality
half ejects the paper and brings it back through the printer, so the
speed is more than halved when doing duplex printing.

It is not a dodgy GDI Win printer.

It seems cheap to me considering these features. Doing a quick search,
I find these brand new at around $630 Australian and 450 Euros at
French stores.


Shane J Pearson

Re: Something hosing my msdos/FAT32 file system

[Shane J Pearson]

Hi Jan,

On 29/09/2005, at 4:14 PM, Jan Johansson wrote:


Let me then tell you how Windows XP flushed my USB drive to
bitheaven because i used fdisk to make a normal partition table
on it.


XP has stuffed me up too on occasion. I try to stay well away from
2000/XP Disk Manager. (Is that what it's called?)

From memory, if your partitions are not in sequential order (2,1,3,4  
for

example) and you then run Disk Manager, it fixes the situation, but
what you end up with is Windows partitions that are okay, but any non
MS partitions are hosed. Why they can't just leave a working config
alone is beyond me.

Another thing that has annoyed me in the past, is that the boot loader
for XP at least (I think possibly also 2k), does not count partition
numbers from what the partition table states, but actually where they
appear on disk. If I have a blank area reserved as a future partition 2
at the beginning of the disk and Windows has partition 1 after that, if
I later use the blank area say for OpenBSD as partition 2, I think I am
safe because the partition number for Windows has not changed. Think
again, Windows no longer boots. So I have to fix it by changing the
boot.ini entry. Then one day if I accidentally run the disastrous
Disk Manager, I am stuffed once again.

Also, I always safely remove my USB storage devices and wait for the
access light to go out and every now and then I suffer from lost files
or sometimes even entire file systems. MS provides some crazy
situations with their own systems.

I agree that MS is hardly a role model for this sort of stuff.

BTW, I have not noticed any problems with -t msdos. Maybe I don't use
it often enough.

Bye for now,


Shane J Pearson