Re: About Xen: maybe a reiterative question but ..

2007-10-26 Thread Subcommander l0r3zz 
On 10/26/07, Matt Rowley <[EMAIL PROTECTED]> wrote:
>
> > Some but not all. If you buy a Dell 2950 quad and load it up with 8
> > Gig. You can spend $500 on an ESX 3i license and run  10 - 15 512 MB
> > OpenBSD single processor VMs.  The difference here is that you can
> > max out the duty cycle on the box where as a single OS running on the
> > same Iron won't do that.  For ESX it's designed for you to max out
> > the hardware
>
> I think you're off on price by almost an order of magnitude (ESX runs
> about $3k per CPU socket, iirc).
> I don't disagree with your point, though; virtualizing under-utilized
> hardware can save you money and electricity.
>
> --Matt



03, 2007   |   2
Comments

The upcoming major update in VMware Infrastructure 3.x, called 3.5, and new ESX
Server 
3iwill
be available to general public in December 2007,
virtualization.info has learned. An official announcement is expected next
week.

virtualization already broke the
newsabout
new features and enhancements that will appear in VI
3.5, including ESX Server 3i integration into servers from popular OEMs like
Dell, IBM, HP. But the biggest news emerges only now: *VMware will also sell
ESX Server 3i as stand-alone product, with support for SATA storage devices,
at less than $500*.

Re: About Xen: maybe a reiterative question but ..

2007-10-26 Thread Subcommander l0r3zz 
On 10/25/07, Tom Van Looy <[EMAIL PROTECTED]> wrote:
>
> I think you forgot to count power savings here?
>
> Theo de Raadt wrote:
> > And when physical servers cost less than some vmware licenses
> > Then it is even more dumb to defend such stupid practices.
>
>
Some but not all. If you buy a Dell 2950 quad and load it up with 8 Gig. You
can spend $500 on an ESX 3i license and run  10 - 15 512 MB OpenBSD single
processor VMs.  The difference here is that you can max out the duty cycle
on the box where as a single OS running on the same Iron won't do that.  For
ESX it's designed for you to max out the hardware

X11 install packages?

2007-07-28 Thread Subcommander l0r3zz 
Noticed that the X11 install packages are no longer being built for i386 on
a daily basis.
Is there another tree that might have these or shold I just use the built
ones from 4.1 ?

Cheers.

Re: vmware: detecting real interfaces?

2007-03-03 Thread Subcommander l0r3zz 
On 3/2/07, Joseph C. Bender <[EMAIL PROTECTED]> wrote:
>
> Jacob Yocom-Piatt wrote:
> > Nick Holland wrote:
> >> exactly.
> >> This idea of using VMware (or similar) to host a firewall that
> >> protects the host operating system is something I find somewhere
> >> between amusing (because its silly) and scary (because it indicates
> >> people don't really understand, and think that a "firewall" works
> >> magic, and these people might be protecting our personal data).
> >>
> >>
> >
> > this goes without saying since any solution involving windows is, IMO,
> > turd polishing. however, i am forced to use the turd (, luke?) and would
> > rather have it wrapped in tinfoil than paper, not unlike a burrito.
> >
> While I normally agree with Nick, it all depends on
> implementation.  *grin*
>
> If you can't or don't want to change the original hardware, just
> turn
> the XP firewall on.  It'll give you about as much protection.
>
> There is an option that not many people are aware of, however.  If
> you
> have a USB/Ethernet adapter, you can have it attach as a native *USB*
> device to the VM.  I don't recall what the checkbox is under Player (I
> use Server these days for just about everything, and it's a lot more
> versatile), but it'll "pull" the device from windows and remap the USB
> I/O through to the VM.  I've used it with USB wireless and wired
> adapters with some success, even including my EVDO data card, which
> enumerates as a USB device/modem to the host system (really wierd
> CardBus implementation).
>
> Anyway, the big caveat that I've found is not all USB network
> devices
> like having this process happen to them.  The other caveat is that your
> performance won't be as good as it would be, as there's a few layers of
> I/O redirection that have to take place.  Bottom line is, there's a
> method for doing it, it just might not work as well as you want it to.
> Figured it was worth a mention anyway.



Yes, this "sort of works",  USB support is so-so  un the Server and
Workstation product.  I would say that
it is more "experimental" then supported, but I believe it is officially
supported.  THere is one important problem
however,  if the Guest OS looses "focus" , i.e. you suspend it or even run
another guest OS that does some USB operation, then the Host OS will "grab"
the usb controller and your guest most likly won't getr it back (it doesn't
know that it was taken away;)




--
> Joseph Bender
> Bendorius Consulting
> jcbender at bendorius com

Quick n Easy template system?

2007-02-28 Thread Subcommander l0r3zz 
All,

I'm making a Vmware Virtual Appliance using OpenBSD so one can leverage
goodies like pf, bgpd, ipsec, carp, etc in the
VM universe.  What should I use to create the few config web pages (these
can be easily turned off once configuration is
complete.  I'd like to use something that works with the installed Perl and
Apache. The pages don't have to be beautiful
but I have a lot to make so I want to be able to layout a lot of forms
quickly.


Any suggestions?

As I said, this is NOT an interface that will be used all the time, just in
setting up the VM, after that, the user can disable it if
they so desire to alleviate any security concerns.

Re: vmware: detecting real interfaces?

2007-02-28 Thread Subcommander l0r3zz 
On 2/28/07, Nick Holland <[EMAIL PROTECTED]> wrote:
>
> Guido Tschakert wrote:
> ...
> > Hi,
> > yes finally you must go outside, this is done with the bridged
> interface.
> > The question is (I don't have the complete answer, but a strange
> feeling):
> > How secure is your windows with a network interface enabled and nothing
> > on it configured.
> >
> > guido
>
> exactly.
> This idea of using VMware (or similar) to host a firewall that
> protects the host operating system is something I find somewhere
> between amusing (because its silly) and scary (because it indicates
> people don't really understand, and think that a "firewall" works
> magic, and these people might be protecting our personal data).
>
> By the time a packet has made it to your VMware firewall, you have
> gone through the host OS.  You are assuming the host OS's network
> support is secure.  You are assuming the VMware virtualization code is
> secure.  You are assuming that the VM can't be compromised by an
> exploited host OS.





> The vmware code runs as a set of processes on the Hosted OS so I really
shouldn't have to say more.

Add to this the fact that the  .vmdk files which are your virtual disks ARE
NOT encrypted and are writeable by anyone
who has  enough privs on the Host OS.  Now when it comes to the ESX products
Virtual Infrastructure , things are a little better out of the box but not
much.  The vmdk files and the vmx files usually reside on some type of
datastore (SAN) as of now, theey are not encrypted.  Become SANmaster by
hook or by crook... well, you get the idea.

Re: gettext-0.14.6 broken in current?

2007-02-28 Thread Subcommander l0r3zz 
On 2/28/07, Christian Weisgerber <[EMAIL PROTECTED]> wrote:
>
> Subcommander l0r3zz <[EMAIL PROTECTED]> wrote:
>
> > When I build any package that needs the latest release of gettext,
> gettext
> > blows up on the final install from the built package...
>
> Somebody else also reported this to me.  There's nothing wrong with
> the gettext port, but you C++ compiler is broken.  (The autoconf
> test for namespace support fails, causing the C++ parts of gettext
> not to be built.)
>
> How you guys managed to screw up c++, I don't know.





I loaded this machine from a snapshot of Jan 11 th.
So how do I fix it? Recompile gcc or is it that autoconf is the problem?
looking at my pkg_info I have 3 versions of autoconf installed...
2.13p0
2.57p0
2.59p1

--
> Christian "naddy" Weisgerber  [EMAIL PROTECTED]

Re: vmware: detecting real interfaces?

2007-02-28 Thread Subcommander l0r3zz 
On 2/28/07, Guido Tschakert <[EMAIL PROTECTED]> wrote:
>
> Jacob Yocom-Piatt wrote:
> > i am forced to use windows at work and am trying to get a vmware openbsd
> > VM to recognize the non-virtual interfaces, so as to have openbsd as the
> > router for the windows system. this is using the free vmplayer v1.0.3.
> >
> > i've read and followed
> >
> > http://www.cs.drexel.edu/~vp/VirtualFirewall/
> >
> > and can only see the pcn0 interface under the VM (which is 3.8-release,
> > btw) after following the suggestions contained therein. any clues about
> > getting the VM to recognize the real physical interfaces would be great.
> >
> > cheers,
> > jake
> >
> >
>
> Hello Jacob,
>
> some time ago there was an article in the german magazin ct' where they
> described the same situation as you have (with the different that they
> use ipcop (a linux firewall distro) instead of lovely openbsd to do the
> job).
>
> You need the following in your vmware-config:
> the real network card has to be used in bridged mode poimting to your
> virtual pcn0 interface. This is the external interface of your firewall
> pointing to the evil internet. Do not configure this card under windows
> (Sorry at the moment I don't know if you can easily disable the card in
> WIndows, but I may have a look in the article if you want)



This particular vmware product relies on the drivers of the host operating
system to send packets to the outside world so if you disable the interface
in windows, you also disable any virtuals nics that are bound to this
interface.



Next you need a virtual network beetween your virtual machine and your
> host. Then you have a second nic in your Windows System (vmware virtual
> something) and a second nic in your OpenbSD which points to your
> internal (virtual) network.


Fine, but ultimately you must go outside.  All vmware virtual mahines are
"standardized" around this particular network interface, it is what enables
us to do things like VMotion in the Enterprise products.  So, unlike Xen,
vmware VMs  do not see the PCI buss or any other particulars of your
underlying hardware.

gettext-0.14.6 broken in current?

2007-02-27 Thread Subcommander l0r3zz 
Hi all,

When I build any package that needs the latest release of gettext, gettext
blows up on the final install from the built package...

this is current Feb 24...
# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd4.1/3.3.5/specs
Configured with:
Thread model: single
gcc version 3.3.5 (propolice)

-
building package for gettext-0.14.6
Create /usr/ports/packages/i386/all/gettext-0.14.6.tgz
Switching to /usr/ports/devel/gettext/pkg/PFRAG.shared
Error in package: "/usr/ports/devel/gettext/w-gettext-0.14.6
/fake-i386//usr/lo
cal/lib/libasprintf.so.1.0" does not exist
Error in package: "/usr/ports/devel/gettext/w-gettext-0.14.6
/fake-i386//usr/lo
cal/include/autosprintf.h" does not exist
Error in package: "/usr/ports/devel/gettext/w-gettext-0.14.6
/fake-i386//usr/lo
cal/info/autosprintf.info" does not exist
Error in package: "/usr/ports/devel/gettext/w-gettext-0.14.6
/fake-i386//usr/lo
cal/lib/libasprintf.a" does not exist
Error in package: "/usr/ports/devel/gettext/w-gettext-0.14.6
/fake-i386//usr/lo
cal/lib/libasprintf.la" does not exist
Error in package: "/usr/ports/devel/gettext/w-gettext-0.14.6
/fake-i386//usr/lo
cal/share/doc/libasprintf/autosprintf.html" does not exist
===>  Cleaning for gettext-0.14.6
rm -f /usr/ports/packages/i386/all/gettext-0.14.6.tgz/usr/ports/packages/i386
/ftp/gettext-0.14.6.tgz /usr/ports/packages/i386/cdrom/gettext-0.14.6.tgz
*** Error code 1

Stop in /usr/ports/devel/gettext (line 1373 of
/usr/ports/infrastructure/mk/bs
d.port.mk).
*** Error code 1

Stop in /usr/ports/devel/gettext (line 1861 of
/usr/ports/infrastructure/mk/bs
d.port.mk).
*** Error code 1

--



Any ideas?

Re: vmware: detecting real interfaces?

2007-02-27 Thread Subcommander l0r3zz 
> and can only see the pcn0 interface under the VM (which is 3.8-release,
> btw) after following the suggestions contained therein. any clues about
> getting the VM to recognize the real physical interfaces would be great.



Unfortunately there is no way to get at the actual physical nics from a
guest OS. Sorry.

Multiple src trees?

2006-10-20 Thread Subcommander l0r3zz 
Is it possible to build and maintain multiple source trees using a single
platform?

In otherwords, I have an OBSD build hosts that runs say a stable release
(with the occasional patch) but
I want to build some different kernels and userlands for different
platforms. I know how to handle the seperate
kernels easy enough, but suppose I want to create seperate releases?  In
particular I want to build sendmail
differently for each product, and I have different versions of the install
scripts that create digital certificates and stuff for the MailDroid install
CDs

I also have different builds for the gateways,  APs, firewalls, etc.  For
these I want to track current.
I don't want to modify the stable systems's apps by doing my rebuilds, how
do I handle this?
I suppose I could build a different VM under Vmware for each product but is
there a better way?

Thanks in advance.

Power Management on Thinkpads (T42p) under X11

2006-09-18 Thread Subcommander l0r3zz 
Greetz,
What do people use to do power management on their thinkpads?
I've google openbsd.org and can't seem to find any tools that work on the
desktop.
I run Gnome and it seems that i want gnome-power, but it doesn't seem to be
incuded in the pors tree.

I'm mostly interested in knowing how much time I have till my battery dies.
(Not fun when your in the middle of a compile )


Thanks,


l0r3zz

Soekris wierdness on boot up of current w 1G SanDisk Ultra II

2006-09-17 Thread Subcommander l0r3zz 
This is a net4801-50 with a 1G SanDisk Ultra II...
The system booted but did get DMA errors on the "disk"
any Ideas?
(this is not a GENERIC kernel but one based on the flashdist settings)






comBIOS ver. 1.28  20050529  Copyright (C) 2000-2005 Soekris Engineering.

net4801

0128 Mbyte MemoryCPU Geode 266 Mhz

Pri Mas  SanDisk SDCFH-1024  LBA Xlt 993-32-63  1001 Mbyte

Slot   Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1Base2   Int
---
0:00:0 1078 0001 0600 0107 0280 00 00 00  
0:06:0 100B 0020 0200 0107 0290 00 3F 00 E101 A000 10
0:07:0 100B 0020 0200 0107 0290 00 3F 00 E201 A0001000 10
0:08:0 100B 0020 0200 0107 0290 00 3F 00 E301 A0002000 10
0:18:2 100B 0502 01018001 0005 0280 00 00 00  
0:19:0 0E11 A0F8 0C031008 0117 0280 08 38 00 A0003000  11

 1 Seconds to automatic boot.   Press Ctrl-P for entering Monitor.
Using drive 0, partition 3.
Loading.
probing: pc0 com0 com1 pci mem[639K 127M a20=on]
disk: hd0+
>> OpenBSD/i386 BOOT 2.10
switching console to com0
>> OpenBSD/i386 BOOT 2.10

com0: 9600 baud
boot>
booting hd0a:/bsd: 2398616+268216 [52+126672+114163]=0x2c5fbc
entry point at 0x200120

[ using 241260 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 4.0 (DroidOS) #5: Sun Sep 17 16:00:48 PDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/DroidOS
cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC"
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133787648 (130652K)
avail mem = 118575104 (115796K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00
sis0 at pci0 dev 6 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq
10, address 00:00:24:c1:c8:60
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 7 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq
10, address 00:00:24:c1:c8:61
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 8 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq
10, address 00:00:24:c1:c8:62
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 "NS SC1100 ISA" rev 0x00
gpio0 at gscpcib0: 64 pins
"NS SC1100 SMI" rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 "NS SCx200 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 4-sector PIO, LBA, 977MB, 2001888 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
geodesc0 at pci0 dev 18 function 5 "NS SC1100 X-Bus" rev 0x00: iid 6
revision 3 wdstatus 0
ohci0 at pci0 dev 19 function 0 "Compaq USB OpenHost" rev 0x08: irq 11,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
isa0 at gscpcib0
isadma0 at isa0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1:
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask fbe7 netmask ffe7 ttymask ffe7
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
wd0(pciide0:0:0): timeout
type: ata
c_bcount: 8192
c_skip: 0
pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0a: device timeout reading fsbn 128 of 128-143 (wd0 bn 191; cn 0 tn 3 sn
2), retrying
wd0(pciide0:0:0): timeout
type: ata
c_bcount: 8192
c_skip: 0
pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21
wd0: transfer error, downgrading to PIO mode 4
wd0(pciide0:0:0): using PIO mode 4
wd0a: device timeout reading fsbn 128 of 128-143 (wd0 bn 191; cn 0 tn 3 sn
2), retrying
wd0: soft error (corrected)
/dev/rwd0a: file system is clean; not checking
mfs: mounting /tmp...
Warning: inode blocks/cyl group (12) >= data blocks (8) in last
cylinder group. This implies 256 sector(s) cannot be allocated.
mfs: populating /tmp...
databases: dev
securelevel: kern.securelevel: 0 -> 1
watchdog: kern.watchdog.period: 0 -> 32
watchdog: kern.watchdog.auto: 1 -> 1
ip

WiFi selection script

2006-08-01 Thread Subcommander l0r3zz 
Anybody have a script or program (X app?) that I can give a non-programmer
so they can easily select from a list of the available WiFi networks that
ifconfig -M puts out?

thanks.

Re: binutils port

2006-03-21 Thread Subcommander l0r3zz 
Well, I need this too, if you are trying to compile something like L4 (to
use OpenBSD as a development environment for embedded systems that don't use
the OpenBSD kernel) you need a separate binutils, for example, to build
Kenge (An L4:pistachio development environment) you need the gnu nm  and ld
utilities which is different from the one supplied by OpenBSD. My taret
hardware is a soekris that is not running OpenBSD, I'd like to use OpenBSD
and not Linux as my development platform, that's all.

geoffw


On 3/20/06, Ted Unangst <[EMAIL PROTECTED]> wrote:
>
> On 3/20/06, Niklaus <[EMAIL PROTECTED]> wrote:
> >  1)  I was trying to install binutils2.16 from source and it didn't make
> it
> > 2) So how do i build binutils 2.16 from source and what is target . Why
> > 3)I wanted to build gcc without propolice gcc-3.4.6. So what is the
> target
> > 6)  I saw from the CVS that binutils 2.15 , someone had added a target
> obsd  .
>
> is there a reason why you want all this?  is there a problem you are
> trying to solve?

Trying to Compile L4-Kenge on current

2006-03-08 Thread Subcommander l0r3zz 
I got it in my mind that I would use OpenBSD as my development system to do
L$ (Microkernel ) work.
But I'm having a problem with the binutils tools.  Fisrst I needed the GNU
nm utility (because the SCons environment executes an nm --radix=d varient
).  Now I'm having problems with the linker. I figured the eassy way out was
to download the recent binutils and configure it toload its binaries in
/usr/local/gnu.

But it seems like i[3-7]86 for openbsd is not supported.  Hmm, anyone know a
work around?

My target systems are barebones hardware (soekris boxes)  so I don't mind
setting up a "cross-compiled" situation.

When I load this environment on the "L" word, (RHES4) everything compiles
perfectly.

What binary format does curret use? ELF right?


l0r3zz

OT: OpenBSD on IBM/lenovo T42 or T43, Z series?

2006-02-14 Thread Subcommander l0r3zz 
If anyone out there is running OpenBSD 3.8 or current with X-windows on any
of the above
could you let me know? I've searched the archives and the laptop pages and
don't see any mention
of these particular models. I'd like to make sure I can run OpenBSD before I
buy.

OpenBSD PF IP Fragment Remote Denial Of Service

2006-01-31 Thread Subcommander l0r3zz 
This came across security focus and I haven't seen it mentioned here.
THey claim 3.8 is vulnerable, anybody know anything?

l0r3zz




06.4.12 CVE: CVE-2006-0381
Platform: BSD
Title: OpenBSD PF IP Fragment Remote Denial Of Service
Description: PF is a packet filtering package that is integrated into
the operating system's kernel. OpenBSD's PF is susceptible to a remote

denial of service vulnerability. This issue is due to a flaw in
affected kernels that results in a kernel crash when attempting to
normalize IP fragments. For a list of vulnerable versions, see the
reference below.

Ref: http://www.securityfocus.com/bid/16375