Re: About Xen: maybe a reiterative question but ..
On 10/25/07, Tom Van Looy [EMAIL PROTECTED] wrote: I think you forgot to count power savings here? Theo de Raadt wrote: And when physical servers cost less than some vmware licenses Then it is even more dumb to defend such stupid practices. Some but not all. If you buy a Dell 2950 quad and load it up with 8 Gig. You can spend $500 on an ESX 3i license and run 10 - 15 512 MB OpenBSD single processor VMs. The difference here is that you can max out the duty cycle on the box where as a single OS running on the same Iron won't do that. For ESX it's designed for you to max out the hardware
Re: About Xen: maybe a reiterative question but ..
On 10/26/07, Matt Rowley [EMAIL PROTECTED] wrote: Some but not all. If you buy a Dell 2950 quad and load it up with 8 Gig. You can spend $500 on an ESX 3i license and run 10 - 15 512 MB OpenBSD single processor VMs. The difference here is that you can max out the duty cycle on the box where as a single OS running on the same Iron won't do that. For ESX it's designed for you to max out the hardware I think you're off on price by almost an order of magnitude (ESX runs about $3k per CPU socket, iirc). I don't disagree with your point, though; virtualizing under-utilized hardware can save you money and electricity. --Matt 03, 2007 | 2 Commentshttp://www.virtualization.info/2007/10/vmware-infrastructure-35-and-esx-server.html#comments The upcoming major update in VMware Infrastructure 3.x, called 3.5, and new ESX Server 3ihttp://www.virtualization.info/2007/09/vmware-announces-esx-server-3i-for.htmlwill be available to general public in December 2007, virtualization.info has learned. An official announcement is expected next week. virtualization already broke the newshttp://www.virtualization.info/2007/08/vmware-infrastructure-35-beta-2-feature.htmlabout new features and enhancements that will appear in VI 3.5, including ESX Server 3i integration into servers from popular OEMs like Dell, IBM, HP. But the biggest news emerges only now: *VMware will also sell ESX Server 3i as stand-alone product, with support for SATA storage devices, at less than $500*.
X11 install packages?
Noticed that the X11 install packages are no longer being built for i386 on a daily basis. Is there another tree that might have these or shold I just use the built ones from 4.1 ? Cheers.
Re: vmware: detecting real interfaces?
On 3/2/07, Joseph C. Bender [EMAIL PROTECTED] wrote: Jacob Yocom-Piatt wrote: Nick Holland wrote: exactly. This idea of using VMware (or similar) to host a firewall that protects the host operating system is something I find somewhere between amusing (because its silly) and scary (because it indicates people don't really understand, and think that a firewall works magic, and these people might be protecting our personal data). this goes without saying since any solution involving windows is, IMO, turd polishing. however, i am forced to use the turd (, luke?) and would rather have it wrapped in tinfoil than paper, not unlike a burrito. While I normally agree with Nick, it all depends on implementation. *grin* If you can't or don't want to change the original hardware, just turn the XP firewall on. It'll give you about as much protection. There is an option that not many people are aware of, however. If you have a USB/Ethernet adapter, you can have it attach as a native *USB* device to the VM. I don't recall what the checkbox is under Player (I use Server these days for just about everything, and it's a lot more versatile), but it'll pull the device from windows and remap the USB I/O through to the VM. I've used it with USB wireless and wired adapters with some success, even including my EVDO data card, which enumerates as a USB device/modem to the host system (really wierd CardBus implementation). Anyway, the big caveat that I've found is not all USB network devices like having this process happen to them. The other caveat is that your performance won't be as good as it would be, as there's a few layers of I/O redirection that have to take place. Bottom line is, there's a method for doing it, it just might not work as well as you want it to. Figured it was worth a mention anyway. Yes, this sort of works, USB support is so-so un the Server and Workstation product. I would say that it is more experimental then supported, but I believe it is officially supported. THere is one important problem however, if the Guest OS looses focus , i.e. you suspend it or even run another guest OS that does some USB operation, then the Host OS will grab the usb controller and your guest most likly won't getr it back (it doesn't know that it was taken away;) -- Joseph Bender Bendorius Consulting jcbender at bendorius com
Re: vmware: detecting real interfaces?
On 2/28/07, Guido Tschakert [EMAIL PROTECTED] wrote: Jacob Yocom-Piatt wrote: i am forced to use windows at work and am trying to get a vmware openbsd VM to recognize the non-virtual interfaces, so as to have openbsd as the router for the windows system. this is using the free vmplayer v1.0.3. i've read and followed http://www.cs.drexel.edu/~vp/VirtualFirewall/ and can only see the pcn0 interface under the VM (which is 3.8-release, btw) after following the suggestions contained therein. any clues about getting the VM to recognize the real physical interfaces would be great. cheers, jake Hello Jacob, some time ago there was an article in the german magazin ct' where they described the same situation as you have (with the different that they use ipcop (a linux firewall distro) instead of lovely openbsd to do the job). You need the following in your vmware-config: the real network card has to be used in bridged mode poimting to your virtual pcn0 interface. This is the external interface of your firewall pointing to the evil internet. Do not configure this card under windows (Sorry at the moment I don't know if you can easily disable the card in WIndows, but I may have a look in the article if you want) This particular vmware product relies on the drivers of the host operating system to send packets to the outside world so if you disable the interface in windows, you also disable any virtuals nics that are bound to this interface. Next you need a virtual network beetween your virtual machine and your host. Then you have a second nic in your Windows System (vmware virtual something) and a second nic in your OpenbSD which points to your internal (virtual) network. Fine, but ultimately you must go outside. All vmware virtual mahines are standardized around this particular network interface, it is what enables us to do things like VMotion in the Enterprise products. So, unlike Xen, vmware VMs do not see the PCI buss or any other particulars of your underlying hardware.
Re: gettext-0.14.6 broken in current?
On 2/28/07, Christian Weisgerber [EMAIL PROTECTED] wrote: Subcommander l0r3zz [EMAIL PROTECTED] wrote: When I build any package that needs the latest release of gettext, gettext blows up on the final install from the built package... Somebody else also reported this to me. There's nothing wrong with the gettext port, but you C++ compiler is broken. (The autoconf test for namespace support fails, causing the C++ parts of gettext not to be built.) How you guys managed to screw up c++, I don't know. I loaded this machine from a snapshot of Jan 11 th. So how do I fix it? Recompile gcc or is it that autoconf is the problem? looking at my pkg_info I have 3 versions of autoconf installed... 2.13p0 2.57p0 2.59p1 -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: vmware: detecting real interfaces?
On 2/28/07, Nick Holland [EMAIL PROTECTED] wrote: Guido Tschakert wrote: ... Hi, yes finally you must go outside, this is done with the bridged interface. The question is (I don't have the complete answer, but a strange feeling): How secure is your windows with a network interface enabled and nothing on it configured. guido exactly. This idea of using VMware (or similar) to host a firewall that protects the host operating system is something I find somewhere between amusing (because its silly) and scary (because it indicates people don't really understand, and think that a firewall works magic, and these people might be protecting our personal data). By the time a packet has made it to your VMware firewall, you have gone through the host OS. You are assuming the host OS's network support is secure. You are assuming the VMware virtualization code is secure. You are assuming that the VM can't be compromised by an exploited host OS. The vmware code runs as a set of processes on the Hosted OS so I really shouldn't have to say more. Add to this the fact that the .vmdk files which are your virtual disks ARE NOT encrypted and are writeable by anyone who has enough privs on the Host OS. Now when it comes to the ESX products Virtual Infrastructure , things are a little better out of the box but not much. The vmdk files and the vmx files usually reside on some type of datastore (SAN) as of now, theey are not encrypted. Become SANmaster by hook or by crook... well, you get the idea.
Quick n Easy template system?
All, I'm making a Vmware Virtual Appliance using OpenBSD so one can leverage goodies like pf, bgpd, ipsec, carp, etc in the VM universe. What should I use to create the few config web pages (these can be easily turned off once configuration is complete. I'd like to use something that works with the installed Perl and Apache. The pages don't have to be beautiful but I have a lot to make so I want to be able to layout a lot of forms quickly. Any suggestions? As I said, this is NOT an interface that will be used all the time, just in setting up the VM, after that, the user can disable it if they so desire to alleviate any security concerns.
Re: vmware: detecting real interfaces?
and can only see the pcn0 interface under the VM (which is 3.8-release, btw) after following the suggestions contained therein. any clues about getting the VM to recognize the real physical interfaces would be great. Unfortunately there is no way to get at the actual physical nics from a guest OS. Sorry.
gettext-0.14.6 broken in current?
Hi all, When I build any package that needs the latest release of gettext, gettext blows up on the final install from the built package... this is current Feb 24... # gcc -v Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd4.1/3.3.5/specs Configured with: Thread model: single gcc version 3.3.5 (propolice) - building package for gettext-0.14.6 Create /usr/ports/packages/i386/all/gettext-0.14.6.tgz Switching to /usr/ports/devel/gettext/pkg/PFRAG.shared Error in package: /usr/ports/devel/gettext/w-gettext-0.14.6 /fake-i386//usr/lo cal/lib/libasprintf.so.1.0 does not exist Error in package: /usr/ports/devel/gettext/w-gettext-0.14.6 /fake-i386//usr/lo cal/include/autosprintf.h does not exist Error in package: /usr/ports/devel/gettext/w-gettext-0.14.6 /fake-i386//usr/lo cal/info/autosprintf.info does not exist Error in package: /usr/ports/devel/gettext/w-gettext-0.14.6 /fake-i386//usr/lo cal/lib/libasprintf.a does not exist Error in package: /usr/ports/devel/gettext/w-gettext-0.14.6 /fake-i386//usr/lo cal/lib/libasprintf.la does not exist Error in package: /usr/ports/devel/gettext/w-gettext-0.14.6 /fake-i386//usr/lo cal/share/doc/libasprintf/autosprintf.html does not exist === Cleaning for gettext-0.14.6 rm -f /usr/ports/packages/i386/all/gettext-0.14.6.tgz/usr/ports/packages/i386 /ftp/gettext-0.14.6.tgz /usr/ports/packages/i386/cdrom/gettext-0.14.6.tgz *** Error code 1 Stop in /usr/ports/devel/gettext (line 1373 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 Stop in /usr/ports/devel/gettext (line 1861 of /usr/ports/infrastructure/mk/bs d.port.mk). *** Error code 1 -- Any ideas?
Multiple src trees?
Is it possible to build and maintain multiple source trees using a single platform? In otherwords, I have an OBSD build hosts that runs say a stable release (with the occasional patch) but I want to build some different kernels and userlands for different platforms. I know how to handle the seperate kernels easy enough, but suppose I want to create seperate releases? In particular I want to build sendmail differently for each product, and I have different versions of the install scripts that create digital certificates and stuff for the MailDroid install CDs I also have different builds for the gateways, APs, firewalls, etc. For these I want to track current. I don't want to modify the stable systems's apps by doing my rebuilds, how do I handle this? I suppose I could build a different VM under Vmware for each product but is there a better way? Thanks in advance.
Power Management on Thinkpads (T42p) under X11
Greetz, What do people use to do power management on their thinkpads? I've google openbsd.org and can't seem to find any tools that work on the desktop. I run Gnome and it seems that i want gnome-power, but it doesn't seem to be incuded in the pors tree. I'm mostly interested in knowing how much time I have till my battery dies. (Not fun when your in the middle of a compile ) Thanks, l0r3zz
Re: binutils port
Well, I need this too, if you are trying to compile something like L4 (to use OpenBSD as a development environment for embedded systems that don't use the OpenBSD kernel) you need a separate binutils, for example, to build Kenge (An L4:pistachio development environment) you need the gnu nm and ld utilities which is different from the one supplied by OpenBSD. My taret hardware is a soekris that is not running OpenBSD, I'd like to use OpenBSD and not Linux as my development platform, that's all. geoffw On 3/20/06, Ted Unangst [EMAIL PROTECTED] wrote: On 3/20/06, Niklaus [EMAIL PROTECTED] wrote: 1) I was trying to install binutils2.16 from source and it didn't make it 2) So how do i build binutils 2.16 from source and what is target . Why 3)I wanted to build gcc without propolice gcc-3.4.6. So what is the target 6) I saw from the CVS that binutils 2.15 , someone had added a target obsd . is there a reason why you want all this? is there a problem you are trying to solve?
Trying to Compile L4-Kenge on current
I got it in my mind that I would use OpenBSD as my development system to do L$ (Microkernel ) work. But I'm having a problem with the binutils tools. Fisrst I needed the GNU nm utility (because the SCons environment executes an nm --radix=d varient ). Now I'm having problems with the linker. I figured the eassy way out was to download the recent binutils and configure it toload its binaries in /usr/local/gnu. But it seems like i[3-7]86 for openbsd is not supported. Hmm, anyone know a work around? My target systems are barebones hardware (soekris boxes) so I don't mind setting up a cross-compiled situation. When I load this environment on the L word, (RHES4) everything compiles perfectly. What binary format does curret use? ELF right? l0r3zz
OT: OpenBSD on IBM/lenovo T42 or T43, Z series?
If anyone out there is running OpenBSD 3.8 or current with X-windows on any of the above could you let me know? I've searched the archives and the laptop pages and don't see any mention of these particular models. I'd like to make sure I can run OpenBSD before I buy.
OpenBSD PF IP Fragment Remote Denial Of Service
This came across security focus and I haven't seen it mentioned here. THey claim 3.8 is vulnerable, anybody know anything? l0r3zz 06.4.12 CVE: CVE-2006-0381 Platform: BSD Title: OpenBSD PF IP Fragment Remote Denial Of Service Description: PF is a packet filtering package that is integrated into the operating system's kernel. OpenBSD's PF is susceptible to a remote denial of service vulnerability. This issue is due to a flaw in affected kernels that results in a kernel crash when attempting to normalize IP fragments. For a list of vulnerable versions, see the reference below. Ref: http://www.securityfocus.com/bid/16375
