Re: OpenBSD's webpage desing

[Sunnz Yiu]

On Jun 29, 2012 6:56 AM, frantisek holop min...@obiit.org wrote:

 hmm, on Thu, Jun 28, 2012 at 04:15:56PM -0400, Dave Anderson said that
  For dynamic content it's even simpler -- the program producing the
  content should also provide the corresponding header information.

 and it does so inside the head of the page.
 a perfectly normal and accepted practice.

it'll do it in the http header if the developer for the dynamic page knows
what they are doing.

Re: Narcicism?

[Sunnz]

2011/12/8 Ariane van der Steldt ari...@stack.nl:
 Just give up on this thread. It's a waste of my time and pointless
 discussions like this just mean people who do have something to contribute
 or who have a real question get drowned in noise like this thread.

 Each time I attempt to catch up on misc, it's threads like these that make
 me regret that attempt. Why didn't this thread die already?
 --
 Ariane


 On Dec 4, 2011, at 9:03, John Tate j...@johntate.org wrote:


Because people kept replying to it rather than just letting it die.

--
g):g.1e/h2/g   )c
f71h07e/e.9f04c
sunnz.org

Re: Better security? Haha

[Sunnz]

Nope. Was changing a iptable rule on the fly on a ubuntu server at
work yesterday. This is nothing new. The new shit is allowing programs
to talk to the firewall. This may or may not be a good thing depend on
how much control over which program may talk to it and what it can
change. I certainly won't make any conclusion til I used and tested
it.

Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Sunnz]

forget about multi-license, it is isc license and it doesn't really
make sense to make them like ms volume license.

but how hard would it be to provide an option for people to specify a
different price for buying the cd? then you can pay $1000 for a cd if
you want.

--
g):g.1e/h2/g   )c
f71h07e/e.9f04c
sunnz.org

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

[Sunnz]

e( 2011e944f22f%ffd:oPhilip Guenther guent...@gmail.com
ei
o
 On Thu, Apr 21, 2011 at 10:16 PM, Sunnz sun...@gmail.com wrote:

 but how hard would it be to provide an option for people to specify a
 different price for buying the cd? then you can pay $1000 for a cd if
 you want.

 The tax laws of the country I live in are more than enough for me to
 willingly deal with, so I won't claim any expertise in the laws of
 other countries, but are the people making these suggestions cognizant
 of the various laws and regulations that tend to surround deductible
 business expense or whatever the nearest local equivalent is? B Do you
 *really* think a pick your own price item is actually fully
 deductible in the eyes of a random local tax authority? B Really?
 Enough to stake your own fortune and business on? B Do you know the
 laws of other countries enough that your conscience lets you make that
 recommendation to people living elsewhere? B If so, wow, what are you
 doing hanging out on this list instead of making big bucks in finance?


it's a technical suggestion. it's just an option and it is up to the
individual to decide whether if it is appropriate to make use of.

mechanism, not policy.

--
g):g.1e/h2/g   )c
f71h07e/e.9f04c
sunnz.org

Re: OpenBSD-Wiki.org

[Sunnz]

e( 2011e944f19f%ffd:oWayne Oliver wayn0...@gmail.com ei
o
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 On 18 Apr 2011, at 5:22 PM, Kenny wrote:

 Due to an circumstances beyond my control, I'm not longer able to host
 / maintain /work with OpenBSD-Wiki.org. I was in the process of
 updating it when some personal issues came up.
 I'm interested in passing this off to someone else who may be
 interested. I'll help migrate it, get things back up and going -- if
 help is needed / wanted.
 I'm not subscribed to the list, so send an email to this email.

 -- Kennith (Kenny) Mann

 Hey B Kenny,

 If nobody else has offered, I will be willing to take this over.



I can help too if needed. I can run a slave dns on my openbsd server
and linux vps. And I know a few things about HTML/php/webdev and what
not.

--
g):g.1e/h2/g   )c
f71h07e/e.9f04c

Re: OpenBSD 4.9 pre-orders

[Sunnz]

nice commentary.
-- 
g):g.1e/h2/g   )c
f71h07e/e.9f04c

Re: What do you guys use against spam?

[Sunnz]

e( 2011e943f3f%ffeoJanne Johansson icepic...@gmail.com
ei
o
 2011/3/3 Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar

 On 03/03/11 03:44, Theo de Raadt wrote:
  Wrong mailing list to discuss this.
  Please take it elsewhere.

 I thought this would be the ideal place for this sort of thing.
 I did forget to mention, but the mail server is running openbsd, and
 smtpd


 It's not on topic for misc@openbsd to ask:
 How do I drive to the Colosseum from Hotel Ritz, I have an openbsd laptop
 in the passenger seat.


Though he did said it is his mail server that runs openbsd, not some
random laptop on the side.

Re: OT: Australia may allow punitive damages for security vulns

[Sunnz]

2010/6/22 mark hellewell mark.hellew...@gmail.com:
 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
 on/story-e6frfro0-1225882656490

 Illegal to run without antivirus ... disconnection of vulnerable
 computers.  A much needed kick up the arse for software makers or just
 bat-shit insane?  Coming soon...

 Mark



Well clamav is available in ports right? So I guess when needed, just
show them `man clam` or something like that to say that you do have
antivirus installed.

--
IMPORTANT: DO NOT send me Microsoft Office/Apple iWork documents.

Re: Phoronix Test Suite

[Sunnz]

2010/6/24, Ektor WetterstrC6m ektw...@gmail.com:
 filesystems (not even FFS2!),


??

Please take a look at man newfs?

--
IMPORTANT: DO NOT send me Microsoft Office/Apple iWork documents.


--
IMPORTANT: DO NOT send me Microsoft Office/Apple iWork documents.

MG editor, how to insert space instead of tab?

[Sunnz]

Just wondering if anyone know how to use no-tab-mode in the mg
editor that come in the OpenBSD base? I try to follow the man page and
do a M-x no-tab-mode but just says [No match] and doesn't do anything
till I do a C-g. Am I missing something?

-- 
IMPORTANT: This email is intended for the use of  the  individual
addressee(s)  named  above  and  may  contain information that is
confidential,  privileged  or  unsuitable  for  overly  sensitive
persons  with  low  self-esteem, no sense of humour or irrational
religious beliefs. If you are not  the  intended  recipient,  any
dissemination,  distribution  or  copying  of  this  email is not
authorised (either explicitly or implicitly) and  constitutes  an
irritating  social  faux  pas. Unless the word absquatulation has
been used in its correct context somewhere  other  than  in  this
warning, it does not have any legal or grammatical use and may be
ignored. No animals were  harmed  in  the  transmission  of  this
email,  although  the  yorkshire  terrier  next door is living on
borrowed time, let me tell you. Those of you with an overwhelming
fear  of  the unknown will be gratified to learn that there is no
hidden message revealed by reading  this  warning  backwards,  so
just ignore that Alert Notice from Microsoft: However, by pouring
a complete circle of salt around yourself and your  computer  you
can  ensure  that  no harm befalls you and your pets. If you have
received this email in error, please  add  some  nutmeg  and  egg
whites  and place it in a warm oven for 40 minutes. Whisk briefly
and   letitstandfor2hoursbeforeicing.

Re: Joomla - MySQL Problem: Could not connect to MySQL

[Sunnz]

2010/3/12 Daniel Gracia Garallar danie...@electronicagracia.com:
 Not quite a solution, I think. What about if /var/www mounts in a different
 filesystem than /var?

 Hardlinks from chrooted environments don't seem to be a wise solution
 anyway... Just IMHO.


In that case you could change the location mysqld itself uses to be
inside the chroot.

Or do you actually have a solution?

Re: Joomla - MySQL Problem: Could not connect to MySQL

[Sunnz]

2010/3/11 Jan malepa...@googlemail.com:
 I didn't notice, that httpd was still running.

 kill -TERM ID_of_httpd
 httpd -u

 solved the problem. Thank you! Everything works fine!



Now that it works we know that it was a problem with chroot. It might
be a good practice now to hardlink the mysql.sock in the chroot
directory so that you can run apache chrooted... I think you do
something like:

# mkdir -p /var/www/var/run/mysql
# ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock

Then if you shut down httpd and start it again,  you shouldn't need
-u any more.

Measuring network data?

[Sunnz]

Hi I am running OpenBSD as a gateway to the internet using pf to nat
my LAN machines.

Just wondering if there is a way to measure how much data have moved
through my obsd router for a given frame of time? E.g. 300 MB today
between 2pm ~ 5pm?

Thanks.

Re: can't get vesa @ 1280x800 or nv

[Sunnz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



2009/11/29 Brynet
:
 Rodrigo Amorim Bahiense wrote:
 Actually, I'm used to recommend nvidia cards (desk  laptop)
 for most people because they do support most open source systems
 (Linux, FreeBSD, OpenSolaris), which is way better than ati at least.

 ATI(..now AMD) releases full NDA-free documentation on their graphics
 chipsets, for both 2D and 3D acceleration.

 http://developer.amd.com/documentation/guides/Pages/default.aspx#open_gpu
 http://www.x.org/docs/AMD/

 They officially supported development of open source drivers, and 2
 independent drivers exist including xf86-video-ati(4) and
 xf86-video-radeonhd(4), both supported under OpenBSD with full hardware
 graphics acceleration (..DRM/DRI).


Yes they actually work here out of the box for me, 2D and 3D... but xv
doesn't work for some reason...
iEYEAREKAAYFAksfWn4ACgkQCr4UHbMMKguDLwCgxCBX+2GHylBo2clkuT66qqS5
AloAn2oWchCXM9hb3bj0n7VxBGSYHHXO
=3LOA
-END PGP SIGNATURE-

Re: pf reply-to not really working

[Sunnz]

I don't actually have any other rules at all after it, that was the
last rule and I haven't have quick anywhere...

I am keeping things as simple as possible and get things up and
running first, then I am tightening everything up.

Here's the whole of my pf.conf:

nat_if  = pppoe0
www_if  = pppoe1

set skip on {lo rl0}

match out on $nat_if inet from users  nat-to ($nat_if:0)

pass# to establish keep-state

pass in log on $www_if \
inet proto {tcp udp} \
reply-to ($www_if $www_if)

# By default, do not permit remote connections to X11
#block in on ! lo0 proto tcp to port 6000:6010

Re: pf reply-to not really working

[Sunnz]

Found a fix for it...

reply-to ($www_if ($www_if))

Got to put brackets around $www_if now.

pf reply-to not really working

[Sunnz]

I have 2 pppoe connections pppoe0 and pppoe1.

pppoe0 is my default gateway and people can access my http server via
its IP address.

But it is not working for pppoe1's IP address.

I tried the following pf rule for pppoe1:

pass in log on pppoe1 \
inet proto {tcp udp} \
reply-to (pppoe1 pppoe1)

I can see the traffic coming in from the internet but it never replies.

So I am suspecting that the http server got the http request but
couldn't do a http response?

UDP traffics seem to work fine.

Running 4.6-current.

Thanks.

Re: Multiple ssl servers on one external IP by using internal addresses?

[Sunnz]

On 2008-11-10, Damien Miller wrote:

 Source code to implement SNI is present in OpenBSD -current's OpenSSL
 but is disabled. I'll look at turning it on when OpenSSL makes a stable
 release with it enabled.

 SNI in OpenSSL is only one prerequisite though, it also need to be
 supported by Apache or whatever HTTP server you are using. The in-tree
 Apache doesn't support SNI, but perhaps apache2 in ports does.

Just wondering, how has this been going for after nearly a year?

I am guessing that -current as of October 2009 have SNI turned on
OpenSSL? Apache2 seem to support it since 2.2.12, and the -current
ports have 2.2.13... I am guess that OpenBSD-current with apache2 from
ports would be able to provide SNI functionality?

What about apache 1.3 as included in the base? Does anybody know if it
supports SNI?

Cheers.

Re: thanks for 4.6!

[Sunnz]

2009/10/23 ropers rop...@gmail.com:

 I'd like to share a few images with you.

Well if a picture worth 1024 words...

Then I got a video for you!!

http://www.youtube.com/watch?v=i71bLCtDKzk

If you don't like flash plugin:

curl
http://v20.lscache7.c.youtube.com/videoplayback?ip=0.0.0.0sparams=id%2Cexpi
re%2Cip%2Cipbits%2Citag%2Calgorithm%2Cburst%2Cfactorfexp=905700%2C900031alg
orithm=throttle-factoritag=22ipbits=0signature=C61C80608E1A7EC812C02E92B98
C81BE64F2320B.CA1663F7340A6730BA2575257A9A49CB34A2CB6Fsver=3expire=12562848
00key=yt1factor=1.25burst=40id=8bbd5b2c2b432b39
-o openbsd46.mp4

Re: Commercials for TV?

[Sunnz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



2009/6/16 ropers rop...@gmail.com:

 http://en.wikipedia.org/wiki/BBspot

 But seriously, that was surprisingly well written. BBspot's ideas
 intrigue me and I would like to subscribe to their newsletter. B :)


This is not the 1st time they mention OpenBSD.

http://www.bbspot.com/News/2008/01/top-11-reasons-you-have-not-installed-linu
x-yet.html

^^^
I was totally unexpected when I read that last one, I actually laughed!!


- --
Get my public key here:
http://www.users.on.net/~sunnz/sunnzy.gmial.asc

0ECA 728E 4501 1922 458E  5783 0ABE 141D B30C 2A0B
iEYEARECAAYFAko3lDkACgkQCr4UHbMMKgtTGgCcCFp27CKjVNkztHArZtqCPXDX
po4An0oVpCTWs8MQLWf+t2dU/bOH0Rg4
=K79I
-END PGP SIGNATURE-

RADEON(4) man page inconsistency?

[Sunnz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This link implies 3D hardware support for all of its listed hardware:

http://www.openbsd.org/cgi-bin/man.cgi?query=radeonapropos=0sektion=4manpath=OpenBSD+Currentarch=amd64format=html

While this link explicitly states certain series has no 3D support:

http://www.openbsd.org/cgi-bin/man.cgi?query=radeonapropos=0sektion=0manpath=OpenBSD+Currentarch=amd64format=html

Is there an error in the documentation or am I missing something?

- --
Disclaimer: By sending an e-mail to any of my addresses you are
agreeing that: 1, I am by definition, the intended recipient. 2, All
information in the e-mail is mine to do with as I see fit and make
such financial profit, political mileage, or good joke as it lends
itself to. In particular, I may quote it on usenet. 3, I may take the
contents as representing the views of you or your company. 4, This
overrides any disclaimer or statement of confidentiality that you may
include on your message.

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Get my public key here:
http://www.users.on.net/~sunnz/sunnzy.gmial.asc

0ECA 728E 4501 1922 458E  5783 0ABE 141D B30C 2A0B
iEYEARECAAYFAkoeiPgACgkQCr4UHbMMKgvwtgCgv4WTxTdho1PdSuWwkcpFf2ZW
RsEAnRR3/SMK6GVZ7iO8hUegrNaQQNta
=9wID
-END PGP SIGNATURE-

Re: QEMU, tun, and tap.

[Sunnz]

2009/5/27 Christopher J. Gibbons cgibb...@dragonfire.dyndns.org:

 I found this in the README.OpenBSD for QEMU to be most helpful when doing a
 similar sort of thing (plus you get the bonus of not having to run QEMU
 as root):

 $ sudo sh -c sudo -u $USER qemu -nographic -net nic -net tap,fd=3 \
 B  B  B  B  B  B  -no-fd-bootchk -hda virtual.img 3/dev/tun0
 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B ^
 Make that your tunX device.


Tried and worked like a charm!! :D README.OpenBSD for QEMU have
changed a lot, 4.3 here was a lot shorter and didn't have anything
like that, I guess I should upgrade soon!! Thanks for the tip!! :D

Edit files on the installer shell?

[Sunnz]

From my memory last time I install OpenBSD (4.3) when I use the shell
(by typing !) vi wasn't available; I ended up installing the base then
use vi by /mnt/usr/bin/vi. (Something like that!!)

I am wondering if I wanted to edit something before the installation
then what can I use to edit files? I was told that vi is almost always
available on any Unix system, does OpenBSD uses something even more
basic than that in its installer?

Thanks!!! :D

-- 
Disclaimer: By sending an e-mail to any of my addresses you are
agreeing that: 1, I am by definition, the intended recipient. 2, All
information in the e-mail is mine to do with as I see fit and make
such financial profit, political mileage, or good joke as it lends
itself to. In particular, I may quote it on usenet. 3, I may take the
contents as representing the views of you or your company. 4, This
overrides any disclaimer or statement of confidentiality that may be
included on your message.

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Get my public key here:
http://www.users.on.net/~sunnz/sunnzy.gmial.asc

0ECA 728E 4501 1922 458E  5783 0ABE 141D B30C 2A0B

Re: QEMU, tun, and tap.

[Sunnz]

And I have pass quick on {tun0 tun1 tun2} in pf.conf, so it is not the
firewall blocking it.

QEMU, tun, and tap.

[Sunnz]

So I got QEMU networking to work somewhat, I have manually created a
link0 nic called tun0, which worked with QEMU:

tun0: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500
lladdr 00:bd:64:11:95:01
inet6 fe80::2bd:64ff:fe11:9501%tun0 prefixlen 64 scopeid 0x8
inet 10.7.7.1 netmask 0xff00 broadcast 10.7.7.255

An IP address 10.7.7.8 was statically set in the guest OS and I were
able to ping and ssh 10.7.7.1 from the guest OS.

However I want to use tun2 instead: (I have other use for tun0)

tun2: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500
lladdr 00:bd:07:aa:be:09
inet6 fe80::2bd:7ff:feaa:be09%tun8 prefixlen 64 scopeid 0x16
inet 10.8.8.1 netmask 0xff00 broadcast 10.8.8.255

Which I pass the following to QEMU:

-net nic -net tap,ifname=tun2,script=no,downscript=no

But it doesn't work as my expectation at all!!

I statically set the IP address of the guest to 10.8.8.8 but I cannot
ping or ssh 10.8.8.1.

But if I set it to 10.7.7.8, then I could ping and ssh 10.7.7.1, as if
it is still using tun0!!

And I have pass quick on {tun0 tun1} in pf.conf, so it is not the
firewall blocking it.

It seems as if QEMU is stuck with tun0? Is my configuration wrong or something?
-- 
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Re: Edit files on the installer shell?

[Sunnz]

2009/5/26 Otto Moerbeek o...@drijf.net:
 On Tue, May 26, 2009 at 08:49:45AM -0400, William Boshuck wrote:


 ed(1) is in /bin, but sed(1) is in /usr/bin;
 so you wouldn't always have sed handy, right?

 sed is on the install media, that was the question.


Nice to know anyway, thanks guys!! :D

-- 
Disclaimer: By sending an e-mail to any of my addresses you are
agreeing that: 1, I am by definition, the intended recipient. 2, All
information in the e-mail is mine to do with as I see fit and make
such financial profit, political mileage, or good joke as it lends
itself to. In particular, I may quote it on usenet. 3, I may take the
contents as representing the views of you or your company. 4, This
overrides any disclaimer or statement of confidentiality that you may
include on your message.

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Get my public key here:
http://www.users.on.net/~sunnz/sunnzy.gmial.asc

0ECA 728E 4501 1922 458E  5783 0ABE 141D B30C 2A0B

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Sunnz sun...@gmail.com:
 So in summary, the following was done:

 - Setup sendmail such as the sendmail that came with OpenBSD or use
 some other agent like Postfix such that you can do a `dmesg | mail -s
 Sony VAIO 505R laptop, apm works OK dm...@openbsd.org` on the
 command line.

 - Install femail-chroot from package, this places a binary called
 femail in /var/www/bin/

 - Change sendmain_path in php.ini. This defaults to sendmail -t -i.
 Change it to /bin/femail -t -i

 - cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/;
 femail itself does not use or need sh. whatever invokes it might need
 it., Henning Brauer.


Oh I almost forgot, need resolv.conf in /var/www/etc as well.

Cheers.

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 T. Ribbrock emga...@gmx.net:

 I doubt you need to copy sh *and* ksh. sh only (which, as far as I can
 see, is the same binary as ksh, anyway) should suffice.

Yup they look the same.

$ sha1 /bin/*sh
SHA1 (/bin/csh) = 78de2a795d3888bcaf60ed747293d5a0853f065b
SHA1 (/bin/ksh) = 636a98c38306f607707622ca1fa9052e6293d44e
SHA1 (/bin/rksh) = 636a98c38306f607707622ca1fa9052e6293d44e
SHA1 (/bin/sh) = 636a98c38306f607707622ca1fa9052e6293d44e

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Sending email in Apache chroot?

[Sunnz]

I have set up mail and femail and they both works, just not in a chroot.

Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail
m...@myaddress.com` and both of then successfully sent an email to
myself.

But it doesn't work with Apache in the chroot. I was using a PHP script.

femail-chroot is installed by pkg_add -iv femail-chroot.

I also tried the following:

`chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but

`chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com`
doesn't work, it says:

femail: non-recoverable failure in name resolution

I run out of ideas now, what needs to be done?

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Joe Barnett joe.barn...@mr72.com:

 Many moons ago I had the same situation with mini-sendmail-chroot.
 Installing mail (?) and sh in the chroot seemed to clear everything
 up--though I am not sure if that is the optimal solution.

I am also trying mini-sendmail-chroot.

`chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com`

Does actually work but in PHP still doesn't. And I have updated
sendmail_path in php.ini.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Sunnz sun...@gmail.com:

 I am also trying mini-sendmail-chroot.

 `chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com`

 Does actually work but in PHP still doesn't. And I have updated
 sendmail_path in php.ini.


Err this is so weird... now it doesn't work any more even on the
command line, mini_sendmail now says /bin/mini_sendmail: unexpected
response 550 to RCPT TO command when I run that command.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Henning Brauer lists-open...@bsws.de:
 * Sunnz sun...@gmail.com [2009-01-20 17:48]:
 Ok so I have copied /etc/resolv.conf to /var/www/etc/...

 Now it says:

 femail: rcpt to chr...@civicquire.net refused by server

 refused by server not enough of a hint?


Well the same address and everything worked without chroot, so I am
not sure what is needed inside of the chroot to make this work.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Henning Brauer lists-open...@bsws.de:
 * Sunnz sun...@gmail.com [2009-01-20 17:48]:
 Ok so I have copied /etc/resolv.conf to /var/www/etc/...

 Now it says:

 femail: rcpt to chr...@civicquire.net refused by server

 refused by server not enough of a hint?


Ok my mistake, I mis-spelt the e-mail address. (DOH!)

So this command works now:

chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com

However it still doesn't work from within Apache/PHP... I even called
phpinfo() in a PHP script and examined what sendmail_path it set to,
it is indeed /bin/femail -t -i...

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Sunnz sun...@gmail.com:
 2009/1/21 Henning Brauer lists-open...@bsws.de:
 * Sunnz sun...@gmail.com [2009-01-20 17:48]:
 Ok so I have copied /etc/resolv.conf to /var/www/etc/...

 Now it says:

 femail: rcpt to chr...@civicquire.net refused by server

 refused by server not enough of a hint?


 Ok my mistake, I mis-spelt the e-mail address. (DOH!)

 So this command works now:

 chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com

 However it still doesn't work from within Apache/PHP... I even called
 phpinfo() in a PHP script and examined what sendmail_path it set to,
 it is indeed /bin/femail -t -i...


Ok I noticed that the mail() function in PHP returns false, so it has
something to do with PHP itself I guess? However I were not able to
get PHP to print out any errors, so I am lost again here...
display_errors is On in php.ini...

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

2009/1/21 Amitabh Kant amitabhk...@gmail.com:
 Hi

 See if this link is of any use to you.

 http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/15/343352/thread


 With regards

 Amitabh


Oh thank you very much this has solved the final piece of the
puzzle!!! It all works now!! Thanks again!!



-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Sending email in Apache chroot?

[Sunnz]

So in summary, the following was done:

- Setup sendmail such as the sendmail that came with OpenBSD or use
some other agent like Postfix such that you can do a `dmesg | mail -s
Sony VAIO 505R laptop, apm works OK dm...@openbsd.org` on the
command line.

- Install femail-chroot from package, this places a binary called
femail in /var/www/bin/

- Change sendmain_path in php.ini. This defaults to sendmail -t -i.
Change it to /bin/femail -t -i

- cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/;
femail itself does not use or need sh. whatever invokes it might need
it., Henning Brauer.

The New Secure Operating System

[Sunnz]

The secure operating system standard will never be the same now that a
National Security Agency-certified OS has gone commercial, but few
mainstream enterprises today need an airtight OS tuned to run on
fighter jets. And many organizations aren't properly securing their
existing commercial OSes, anyway, security experts say.

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=212201490

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: The New Secure Operating System

[Sunnz]

2008/12/10 Adriaan [EMAIL PROTECTED]:
 Oh my god.  Let me migrate everything to this new secure OS immediately!


 Yea, you should  run this new secure OS under Xen or Vmware for even
 more security ;)

 =Adriaan=


Hmm I don't know... they claim that Linux, Windows and VMware aren't
secure, they haven't mentioned Xen though I would think it would be in
the same boat as VMware.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. Note that all disclaimers on the Internet are of zero legal
effectiveness however.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: OpenBSD 4.4 released, Nov 1. Enjoy!

[Sunnz]

2008/11/2 James R. Campbell [EMAIL PROTECTED]:
 Thanks for all of your hard work!  I really enjoyed the song in this release
 also.

Haha, may the source be with you!!

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness
however. http://www.goldmark.org/jeff/stupid-disclaimers/

Re: PF Queue on a GROUP of nics?

[Sunnz]

2008/10/6 Girish Venkatachalam [EMAIL PROTECTED]:
 No need to add a bridge.

 You are looking for ifconfig(8). Look for interface groups and you are
 done.

 -Girish



Oh, so just apply altq rules to the appropieate group and it will work?

That sounds great!! Thanks!!

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: PF Queue on a GROUP of nics?

[Sunnz]

Ahhh ok... so what do I need to do this, group, bridge, or something else?

2008/10/7 Henning Brauer [EMAIL PROTECTED]:
 * Sunnz [EMAIL PROTECTED] [2008-10-06 07:44]:
 Is it possible?

 no. groups don't have any queues to play queue tricks on.

 --
 Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
 BS Web Services, http://bsws.de
 Full-Service ISP - Secure Hosting, Mail and DNS Services
 Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam





-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness.
http://www.goldmark.org/jeff/stupid-disclaimers/

PF Queue on a GROUP of nics?

[Sunnz]

Is it possible?

Say I have a few nics of the same group... dc0 dc1 dc2 dc3... which
all belong to a group dc.

And say if I wanted to limit the overall bandwidth for the group... so
say at any point in time the overall outgoing bandwidth of the group
dc will not be over 100mbp.

Would it work if I just apply altq to dc in pf?

Or do I need to bridge it... this is where I have no ideas... but say
I add a bridge0 that contains dc0 dc1 dc3 dc2, and apply altq to
bridge0 in pf.

Regards,
Sunnz.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: New tcp stack attack

[Sunnz]

2008/10/2 Peter J. Philipp [EMAIL PROTECTED]:

 I listened to the podcast and got the idea that the socket is in ESTABLISHED
 state (so after 3 way handshake) and they
 mention that a packets PCB resources have timers, and that is what they
 exploit.  Perhaps you establish the session and
 send an HTTP request (pretend it's http) and never ACK the answer that gets
 repeated based on the internal timers.  It seemed to me they say that some
 stop repeating their content and just die.
 -p


I have just listened to the interview as well.

They said that they have looked at the source tree of Linux, at their
Timer code in the TCP stack. The Linux source code indeed have a
comment saying there are states that are bad and the Linux kernel
would try to avoid. So the sockstress program was written to work the
other way around, to try to get into that bad state as much as
possible, and it managed to bring down Linux systems.

They then run the same attack against a Windows machine, and it had
the same effect as well, so it really seem like a problem in the TCP
protocol.

In the article it is said that BSD are vulnerable as well, they didn't
mention if it was Free or Net or Open...

So I guess the question is if OpenBSD have such state in its TCP
stack, maybe a code auditing session (whenever it is done next, the
next Hackathon?) can look at something like that in the OpenBSD
kernel... or maybe the dev already saw this kind of problem and have
harden the TCP stack for OpenBSD?

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness.
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Can one dd to /dev/rwd0c?

[Sunnz]

2008/9/21 Pierre Riteau [EMAIL PROTECTED]:

 Sunnz says he's running off an install CD so he should not run into
 problems related to securelevel. I guess he's root too.

It is just the official OpenBSD 4.3 CD that I brought, which on start
up it asks Install/Upgrade/Shell. I am just using Shell from there.


 Sunnz, you don't say exactly what error dd reports. Have you created
 the arandom character device file? It is not available by default on
 the install CD.


If I could I would recreate the error... but somehow it works just now
when I attempt that once again!!!

From my vague memory the error dd throws earlier today was something
like invalid argument... I press the UP key to ge the exact
command I entered, removed the 'r' in rwd0 and that worked.

BTW I was able to do a `cat /dev/arandom` on the install CD...

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, like all disclaimers on the
net, there are no effective legal binding on your part and disclaimers
can be ignored. For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Can one dd to /dev/rwd0c?

[Sunnz]

2008/9/21 Johan StrC6m [EMAIL PROTECTED]:


 If you just want to erase the disk securely and don't really need to run
 OpenBSD, check out http://www.dban.org/

 --
 Johan


Oh I just thought that I have OpenBSD CD lying around, but thanks that
seem like a good tool for my personal utility kit. :D

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, like all disclaimers on the
net, there are no effective legal binding on your part and disclaimers
can be ignored. For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Can one dd to /dev/rwd0c?

[Sunnz]

The original question was really asking where to write to, that is,
rwd0c vs. wd0c; the source that was used in the example
(urandom/arandom) wasn't any kind of true random entropy anyway,
AFAIK, they are non-blocking pseudo-random stuff that the kernel
spills out...

I mean, as far as usability goes, it is just a matter of typing
if=/dev/urandom vs. if=/dev/zero, virtually no extra work needs to be
done by the human... and as far as the computational difference, I
think the delay for using pseudo random source is negligible when
people are probably have to leave this thing running overnight anyway.

So I don't see any big fuss about which source to use here, surely no
one is asking what's the best entropy to be used, but just how to
actually write to every bit of the hard drive.

Can one dd to /dev/rwd0c?

[Sunnz]

OK I am trying to completely erase the data of a hard disk so I though
I can just do `dd if=/dev/arandom of=/dev/rwd0c` as to my
understanding that is the entire hard disk (slice c) of wd0 in 'raw'
mode?

But that dd refuse to do it.

So now I am doing the same thing but to wd0c instead. Is this any
worse? This is the character device right? Does that mean dd won't
write random bits as low as going to the raw device?

This is running off a OpenBSD 4.3 CD, there are no intention to
actually destroy the hard disk in any way, just erasing the data off
the hard disk so that it can be reused, re-sold, whatever. The data
are not some military top secret, but it is interesting to know of
what can be done in a home/small office environment when it comes to
erasing the hard drive.

Thanks.

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, like all disclaimers on the
net, there are no effective legal binding on your part and disclaimers
can be ignored. For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Kaminsky's DNS bug: PF workaround

[Sunnz]

2008/7/20 Mark Shroyer [EMAIL PROTECTED]:

 http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html

 The configuration line in question:

nat on $WAN_IF inet proto { tcp, udp } from a.b.c.d to any \
port 53 - a.b.c.d

 Or, if you have a dynamic IP address on a cable modem, etc.:

nat on $WAN_IF inet proto { tcp, udp } from ($WAN_IF) to any \
port 53 - ($WAN_IF)


Hey I was trying this today... however I have bind on the OpenDNS
router that is doing nat itself, so do you know if that would work at
all?

My OpenDNS router is connected directly to the internet.

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, like all disclaimers on the
net, there are no effective legal binding on your part and disclaimers
can be ignored. For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Kaminsky's DNS bug: PF workaround

[Sunnz]

2008/9/9 Stuart Henderson [EMAIL PROTECTED]:

 Yes.

 But the patch is now available. You should just patch instead.



Yea but I wonder why PF isn't working here.

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

2008/9/3 Toni Mueller [EMAIL PROTECTED]:
 Hi,

 On Tue, 02.09.2008 at 22:20:26 +1000, Sunnz [EMAIL PROTECTED] wrote:
 [Tue Sep  2 22:14:29 2008] [notice] child pid 29398 exit signal
 Segmentation fault (11)
 ... some more clipped

 try to have a compiler run. SEGVs are often the sign of bad RAM.
 So you may want to swap at least disks and memory in your box.


Ohh it is that bad? I did swap the offending disk but not the RAM...

So what do you mean by have a compiler run? To compile something? What's SEGV?

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

Ahh I see, so how does memtest to compare to something like building
the userland?

From above post it seem like should there be any problem then building
the userland may crash the machine... so I'd get some backup plan
going just in case something does break.

So there was a SEGV in the child threads... I did notice a binary
file, httpd.core, that would have been created by the httpd process,
right?

Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

I have no ideas what's going on here... apache always worked, I
haven't changed any settings, just restarted the computer and it just
doesn't start.

When I type in httpd as root it says:

Syntax error on line 175 of /var/www/conf/httpd.conf:
Invalid command 'MaxCPUPerChild', perhaps mis-spelled or defined by a
module not included in the server configuration

I have also downloaded the default httpd.conf from OpenBSD CVSWEB for
release 4.2, the release of OpenBSD I am running now. The same message
appears.

Any ideas??

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

The offending options if 0 by the way, here's the relevant area...

I have never changed anything in that area... the default
configuration httpd.conf from cvsweb for 4.2release does not work
neither:

#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.  The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources.  On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.
#
MaxRequestsPerChild 0

#
# MaxFOOPerChild: these directives set the current and hard rlimits for
# the child processes. Attempts to exceed them will cause the the OS to
# take appropriate action. See the setrlimit(2) and signal(3).
#
MaxCPUPerChild 0
MaxDATAPerChild 0
MaxNOFILEPerChild 0
MaxRSSPerChild 0
MaxSTACKPerChild 0

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

On a deeper Google investigation, I can't find the MaxCPUPerChild in
the standard apache manual:

http://httpd.apache.org/docs/1.3/mod/core.html#maxfooperchild

As oppose to:

http://loki.homeunix.net/manual/mod/core.html#maxfooperchild

And Google comes along with a lot of BSD mailing list with
MaxFOOPerChild patch, so my impression is that this is a feature added
to apache by BSD dev's?

Again this is with default configuration... apache has worked before
with default config... it is so weird...

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

This is getting really weird...

Looking up httpd -L:

MaxCPEPerChild (http_core.c)
Maximum amount of CPU time a child can use (rlimit).
Allowed in *.conf only outside Directory, Files or Location

So it is CPE, not CPU?

Ok I gave that a go... `httpd` doesn't complain now, but I despite it
is running, when I try to visit the site in my browser the child
dies... this is the last few entries in error_log:

[Tue Sep  2 22:09:08 2008] [notice] Apache configured -- resuming
normal operations
[Tue Sep  2 22:09:08 2008] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Tue Sep  2 22:14:29 2008] [notice] child pid 29398 exit signal
Segmentation fault (11)
[Tue Sep  2 22:14:29 2008] [notice] child pid 23690 exit signal
Segmentation fault (11)
[Tue Sep  2 22:14:30 2008] [notice] child pid 19827 exit signal
Segmentation fault (11)
[Tue Sep  2 22:14:30 2008] [notice] child pid 20595 exit signal
Segmentation fault (11)
[Tue Sep  2 22:14:30 2008] [notice] child pid 22510 exit signal
Segmentation fault (11)
[Tue Sep  2 22:14:30 2008] [notice] child pid 20523 exit signal
Segmentation fault (11)
[Tue Sep  2 22:14:31 2008] [notice] child pid 13631 exit signal
Segmentation fault (11)
[Tue Sep  2 22:15:15 2008] [notice] child pid 8973 exit signal
Segmentation fault (11)

The times it has Seg fault is when I was trying to load a page.

httpd -DSSL doesn't work, it crashed with yet another Segmentation fault.

And this not the first time I try to run a web server, it just been up
there for at least 6 months... how can it just go weird like this?

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

Ok I am totally lost... googling MaxCPEPerChild gives no result,
while MaxCPUPerChild gives lots of OpenBSD httpd.conf file with the
exact same conf I have,
http://kerneltrap.org/mailarchive/openbsd-misc/2008/6/16/2138454 where
MaxCPUPerChild 0...

Re: Can't start Apache... MaxCPUPerChild is invalid??

[Sunnz]

Wow you guys are exactly right, just did a sha1 sum of a copy of httpd
from my backup, it is indeed different.

Using my backup disk now... I have tried to just copy httpd over, but
no dice... using the backup disk does work now.

This is very surprising, as I have never seen a real disk failure in
my life! So thank you very much for the heads up, I'll put up more of
what happened tomorrow. :D

Re: atheros - just curious, ot

[Sunnz]

2008/7/29 Eric Furman [EMAIL PROTECTED]:
 Who can we write to at atheros to tell them I will never
 ever purchase one of their products?


http://www.atheros.com/contact/index.html

Might work, you get e-mail, postal, and phone numbers to contact them with.

Thinkpad G40 anyone?

[Sunnz]

Just wondering if anyone has OpenBSD running on a G40, I have been
considering to pick up a second hand one for experiemental with
OpenBSD, trying out new code and stuff... it would be nice to know
that at least its wired network port works...

I tried to search on the ibm web site but all it says is 10/100
Ethernet installed on systems via the system board so if anyone who
owns one can make some recommendation that would be great.

Thanks.

Sunnz.

Re: Thinkpad G40 anyone?

[Sunnz]

2008/7/27 David Vasek [EMAIL PROTECTED]:
 On Sun, 27 Jul 2008, Sunnz wrote:

 Just wondering if anyone has OpenBSD running on a G40, I have been
 considering to pick up a second hand one for experiemental with
 OpenBSD, trying out new code and stuff... it would be nice to know
 that at least its wired network port works...

 I tried to search on the ibm web site but all it says is 10/100
 Ethernet installed on systems via the system board so if anyone who
 owns one can make some recommendation that would be great.

 I have never met a G40 in person, but based on available documentation it
 should be equipped with a Broadcom BCM5901, which is supported by bge(4).


Ohh I see thanks for the heads up.


-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, this text has no effective
legal binding on your part, there is no obligation to abide any or all
parts of this. Treat it with the same level of care as any other
pretending-to-be-law-speaking-but-not-really texts attached to e-mail
messages you normally find on any other e-mails. For more information
about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: This is what Linus Torvalds calls openBSD crowd

[Sunnz]

I guess Linus lost his ability to masturbate for a long time huh?


-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, this text has no effective
legal binding on your part, there is no obligation to abide any or all
parts of this. Treat it with the same level of care as any other
pretending-to-be-law-speaking-but-not-really texts attached to e-mail
messages you normally find on any other e-mails. For more information
about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Can you contribute code under anonymous under ISC License?

[Sunnz]

Well if you prove that you wrote it then that would defeat the purpose
of releasing it under the name of anonmyous would you?

One would be violating the copyright law regardless what name the said
code is released under right? I mean, a third party won't be able to
claim that they are the anonymous person unless they provide evidence,
otherwise they can't change the license or do anything not permitted
by the license, right?

Re: Can you contribute code under anonymous under ISC License?

[Sunnz]

2008/6/24 Theo de Raadt [EMAIL PROTECTED]:
 Hi, just wondering what's your opinion on this...

 If one were to release some code under an ISC or BSD-like 2 clause
 license, but under the name of anonymous, would it effectively as if
 it was released as public domain?

 I guess the actually question you wanted to as was:

  Does OpenBSD accept anonymous code?

 No.  OpenBSD does not.  We don't do a dumb thing like that.



Well, actually I was just curious, so that's no for OpenBSD... I am
interested to know what is the general case as well. It is nothing
major, it is not like I want to make a killer app under anonymous or
something. :p

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, this text has no effective
legal binding on your part, there is no obligation to abide any or all
parts of this. Treat it with the same level of care as any other
pretending-to-be-law-speaking-but-not-really texts attached to e-mail
messages you normally find on any other e-mails. For more information
about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Can you contribute code under anonymous under ISC License?

[Sunnz]

Hi, just wondering what's your opinion on this...

If one were to release some code under an ISC or BSD-like 2 clause
license, but under the name of anonymous, would it effectively as if
it was released as public domain?

Re: pf.conf comment lines

[Sunnz]

2008/6/14 Philip Guenther [EMAIL PROTECTED]:


 Sadly, this varies among languages and file-formats.  You just have to
 know how the one you're working in behaves.


So, when in doubt, comment every line that needs to be comment out,
should work in almost all cases?

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. Note, this text has no effective
legal binding on your part. There is no obligation to abide any or all
parts of this, just as any texts appended to e-mail on rest of the
Internet. For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Is NV supposed to be SLOW?

[Sunnz]

2008/5/4 Marco Peereboom [EMAIL PROTECTED]:
 It is in this thread:
  http://marc.info/?l=openbsd-miscm=120926655909874w=2


Thanks for the link, so nv itself is developed by nVidia themselves
and is written to be obscure too... that's another reason for me to
chuck away my nVidia card!!

2008/5/4 Benoit Chesneau [EMAIL PROTECTED]:

  radeonhd work particularly well: fast display without any dri/drm
  acceleration yet. Intel is also a good choice when you need
  opensources blob free drivers.


So what is the state of radeonhd like? It is another nv like driver,
you know, OOS obscured open source driver, or a truly supported with
docs and stuff? And what does Intel uses... if I go Intel does that
mean I would need to get a whole new motherboard... because as far as
I know of, they do not yet build delicated graphics card... of course
Intel boards can be used to build new machines, but then again that
would support Intel cpu only, right?

What about via? I have heard that they will be making oss graphic cards?

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Is NV supposed to be SLOW?

[Sunnz]

2008/5/5 Marco Peereboom [EMAIL PROTECTED]:
 My previous laptop was radeonhd and I might go back to it until noveau
  is in enough shape.  Only after coming from radeonhd to go nvidia made
  me realize how much better the driver is.


I see... I take it that you are running -current? Looking at the
cvs-web, it seems like you need at least 4.3-release, and looking at
wiki.x.org, it seems like only -current has the decent radeonhd driver
with 2D acceleration (driver version 1.2.1, for R5xx/RS6xx, both XAA
and EXA.)... whatever XAA and EXA means?

Re: upgrade 4.2 (i386) - 4.3 (amd64)

[Sunnz]

2008/5/2 Marten Rizwan [EMAIL PROTECTED]:
 Hello misc@,
  I could obviously do a clean install, but it
  would take little more effort to complete.



It is probably true the other way around...

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: How to HIDE OpenBSD as user-agent?

[Sunnz]

2008/4/30 macintoshzoom [EMAIL PROTECTED]:
  
  # block nmap OS detection scans somewhat (-O)
  block in quick proto tcp flags FUP/WEUAPRSF
  block in quick proto tcp flags WEUAPRSF/WEUAPRSF
  block in quick proto tcp flags SRAFU/WEUAPRSF
  block in quick proto tcp flags /WEUAPRSF
  block in quick proto tcp flags SR/SR
  block in quick proto tcp flags SF/SF
  

  Any tips for a full pf.conf settings ?


Well since the OP wanted to block ALL user agents from absolutely
everywhere and don't mind security by obscurity, may I suggest the
following:

block in quick all
block out quick all

That's as secure as you can get by going for obscurity, without
turning off the computer!

Re: OpenBSD 4.3 released May 1, 2008

[Sunnz]

My little YouTube summary:

http://au.youtube.com/watch?v=uPTcnzgseaQ

Mhuahuahuahauha... ha...

Is NV supposed to be SLOW?

[Sunnz]

I am just wondering if the NV driver for nVidia cards are supposed to
be slow, for just the desktop? That is, no 3D.

I am currently running Xfce Desktop on 4.2-release, just surfing the
web and stuff, nothing heavy... and Desktop switching, maximising
windows, and stuff takes unusually long time... of course I would not
expect the same performance with the binary blob driver on Linux, but
by a long time I mean it takes 5 - 30 seconds freeze to do
anything... maximising a window takes 5 - 10 seconds, while switching
desktop spaces takes 20 - 30 seconds, depends on how many windows are
on that space.

For non-drawing purpose, it is all very fast, minimise is very quick,
switching to an empty desktop space is an instant. So I guess it may
be the window manager, xfwm4?

So yea I am wondering if this is normal for xfce on nVidia cards...
like if it is xfce's problem, or X Windows, or driver??

Thanks.

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Is NV supposed to be SLOW?

[Sunnz]

2008/5/4 Jacob Meuser [EMAIL PROTECTED]:

  well, WHICH nVidia card?  don't you think that might matter?  any clues
  in your /var/log/Xorg.0.log?

  the following machine uses the nv driver, and I don't see what you describe
  under either blackbox or kde.



Well I am suspecting it is a combination of nv driver AND the window
manager used in Xfce4... that's why I want to ask if it happens purely
on nv driver, and in that case, I might have to go for ATi as
suggested by others.

But since your machine is good with blackbox/kde, I'll try them out
and see... so thanks for your reply!

Re: Is NV supposed to be SLOW?

[Sunnz]

Ok I am using blackbox instead of xfwm4 now... still running on Xfce
but no more delays in anything. :)

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: How to HIDE OpenBSD as user-agent?

[Sunnz]

2008/5/4 Alexander Schrijver [EMAIL PROTECTED]:

  

  I think unplugging the network cable(s) would be more secure.


What if the OP is on wireless? (Using WEP too! :O). I suggest they
have the block all rules anyway, just to be safe... ya know, in case
of a thunder storm, kids may not want to go outside, and start doing
crazy things inside, such as plugging the network cable back in...

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Is NV supposed to be SLOW?

[Sunnz]

2008/5/4 Marco Peereboom [EMAIL PROTECTED]:
 Yes.  NVIDIA refuses to make a useful open source driver.  It is barely
  functional and it generally sucks really really bad.  Stay away from
  NVIDIA when doing open source.

Yes I know about this binary blob. Even FreeBSD users are forced to
use i386 on an AMD64 system just to use their damn blob.

Actually I used to run Linux on this computer so I can play with the
3D Compiz and stuff... but I just decided to switch to OpenBSD anyway,
because I think in the long term, running a blob free system is the
way to go.

But economically-wise, I would like to keep as many current hardware
as possible... because I thought the NV driver would at least have
good 2D support for getting through working with a simple desktop
environment, such as Xfce4.

In the end I guess it just boils down to the question that many people
have asked before... are there any down-to-Earth, non-fancy graphics
card you can get these days that works well with OSS, when you just
want a speedy desktop and don't particularly care about the 3D Compiz
stuff... is ATi really the way to go, if you just want a straight
forward desktop? Have ATi (or anyone) really got their docs going
without NDA, and are there actually exists drivers for them in the
latest release of OpenBSD. (4.3-release)

I mean, while I do want to keep as much hardware as possible, I can
still afford to buy one or two components, if they are actually truly
supporting OSS, it is a form of voting with my wallet I guess.

Text to Speech?

[Sunnz]

Hi,

Just wondering if anyone uses a screen reader?

I used to use espeak on Linux because it is 1, cli, 2, you can just
copy and paste a bunch of text to stdin and it will speak it, 3, it is
very easy to adjust the speed on the command line just --speed 200 or
something. 4, use voices from cepstral their voice cost $30 and it is
worth the money.

Are there anything like that in the OpenBSD ports?

Thanks.

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: 4.2 Errata 006 failed to compile.

[Sunnz]

2008/4/2, Josh Grosse [EMAIL PROTECTED]:


  Looking at the patch 006 instructions, I note that it suggests you do a make
  build but I believe that will only work if you've already built Xenocara 
 from
  source before.   If you look at the man page for release(8) or the
  /usr/src/xenocara/README file, you will see you should issue make bootstrap
  and make obj before executing the make build.

  That might work.  If it does, let misc@ know that the patch documentation
  needs those two commands added.



Yes you are right, doing

make bootstrap
make obj
make build

Successfully compiled today. This on a 4.2-release system that has
never compiled Xencara before.

This is reposted back to misc. Thanks for the help everyone!

4.2 Errata 006 failed to compile.

[Sunnz]

I am not sure what I did wrong, I simply followed the instruction in
006_xorg.patch today

cd /usr/src/xenocara # Assuming Xenocara is in /usr/src/xenocara
patch -p0  006_xorg.patch
make build

Thought I did not have xenocara till today, I just grabbed from my
local mirror when I need to apply the patch and recompile it.

The patch itself was applied fine, it is just not compiled... make build failed.

This is where the error begins:

cc  -L/usr/src/xenocara/lib/expat/xmlwf/../obj  -o xmlwf xmlwf.o
xmlfile.o codepage.o unixfilemap.o -lexpat
/usr/bin/ld: cannot find -lexpat
collect2: ld returned 1 exit status
*** Error code 1

Stop in /usr/src/xenocara/lib/expat/xmlwf (line 95 of
/usr/share/mk/bsd.prog.mk).
*** Error code 1

Stop in /usr/src/xenocara/lib/expat.
*** Error code 1

Stop in /usr/src/xenocara/lib/expat (line 133 of
/usr/X11R6/share/mk/bsd.xorg.mk).
*** Error code 1

Stop in /usr/src/xenocara/lib.
*** Error code 1

Stop in /usr/src/xenocara.
# ld
ld: no input files

I am running OpenBSD 4.2 AMD64 release.

I haven't used OpenBSD for that long... this is the first time I tried
to learn about applying errata patches (for the sake of learning) and
I might have made come common mistakes. And this might sound stupid...
X was running when I was recompiling Xenocara, could that be the
cause? I don't know I haven't thought of that till now... I will
probably try that as soon as my next reboot. (got a few things running
at the moment.)

Thanks.

-- 

This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail messages on rest of the
Internet. For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Re: 4.2 Errata 006 failed to compile.

[Sunnz]

2008/4/2, xSAPPYx [EMAIL PROTECTED]:
 Take a quick look in the archives talking about expat. It was in xbase
  for the 4.2 release, is moving to base IIRC, and it looks like you
  dont have it installed:/usr/bin/ld: cannot find -lexpat




I am fairly sure that I had both base and xbase installed...

Under a quick search for expat I can find these files:

/usr/X11R6/include/expat.h
/usr/X11R6/include/expat_external.h
/usr/X11R6/lib/libexpat.a
/usr/X11R6/lib/libexpat.so.8.0
/usr/X11R6/lib/libexpat_pic.a

I take a peek at xbase.tgz, seems like I already had them in my
system. It does not seem like installing xbase over the existing xbase
will do anything.

Thanks.

Possible daytime saving bug?

[Sunnz]

Hello,

Running 4.2 here, and it seems like OpenBSD is one week early can it
comes to turning off daylight saving time, it is already one hour slow
and this should only happen next week.

I looked at the errate for 4.2 but no such fix. There was one for the
U.S. in 4.0. But here this is Australia/Canberra.

So is this a bug or is there someone fixing this now? Or how can I fix
this myself?

Thanks.

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

Re: Possible daytime saving bug?

[Sunnz]

Right, this is fix up on my machine by editing the
/usr/src/share/zoneinfo/datfiles/australasia file...

I am not sure if I had a diff or not... I had `ci -l` the original
file then `ci` again once it is done. It is only 3 lines of change
anyway...

Re: Possible daytime saving bug?

[Sunnz]

2008/3/31, Edwards, David  (JTS) [EMAIL PROTECTED]:
  -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
   On Behalf Of Sunnz
   Sent: Monday, 31 March 2008 7:30 PM
   To: OpenBSD Misc
   Subject: Possible daytime saving bug?
  
   Hello,
  
   Running 4.2 here, and it seems like OpenBSD is one week early can it
   comes to turning off daylight saving time, it is already one hour slow
   and this should only happen next week.
  
   I looked at the errate for 4.2 but no such fix. There was one for the
   U.S. in 4.0. But here this is Australia/Canberra.
  
   So is this a bug or is there someone fixing this now? Or how can I fix
   this myself?


 Not a bug, unless it's a political one..


  You need to update your timezone info.

  I used the instructions from here with some munging:
  http://www.twinsun.com/tz/tz-link.htm


Thank you very much Dave, this is very helpful. I thought that the
zoneinfo is part of the base system, and should be updated accordingly
with an errata? I thought that because I saw an errata in 4.0 for US
DST.

Re: PC Camera?

[Sunnz]

Hey guys, thanks for the replies... remember that my original intend
was to build a cheap home monitoring/surveillance system using free
open source softwares and OpenBSD just come to mind naturally... I
mean, the goal is the capture live footage of your own house, who
doesn't want it to be as secure as it can be!!

So at least to me, things like Skype would be nice to communicate with
your friends overseas... but I believe there are a lot more that can
be done with webcams... from one of the previous post we can see there
is a difference between a web cam and a camcorder in terms of size,
cost, etc... web cam support can be a huge saving if you were to
deploy a series of home monitoring/surveillance systems for your
friends and neighbours. Also, web cams are a lot more easier to get
hold of than camcorders, just imagine that you can just get a bunch of
cheap stuff from a garage sale and build an ultra secure surveillance
system out of it!!

Besides I am merely asking for the current state of web cam support in
OpenBSD... if there are things that are simply missing I like to know
if someone is working on it or not... I am starting to learn about
digital designs and hopefully, OS implementation soon... writhing a
web cam driver may be a good way to learn about this and also as a way
to contribute the OpenBSD hardware support... of course, I cannot make
any actual promise.

Well, perhaps the OpenBSD dev's may not want OpenBSD to bloat like Mac
and have dozens of things everywhere, but more support for hardware
should be always good, without hardware you can't do much no matter
how good your OS is... after all, that's the whole point of an OS,
right?

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

Re: PC Camera?

[Sunnz]

2008/3/25, Lars NoodC)n [EMAIL PROTECTED]:
 Sunnz wrote:
   ... things like Skype would be nice to communicate ...

  *Like* skype but *not* actually skype itself, please.

  Skype is neither open source nor open protocol.  Two strikes.  It's got
  a rather bad security history.  Three strikes.

  Try for FOSS programs, but if you can't do that, then at least use an
  open protocol so that those in your social network can at least choose.
   SIP is one such protocol.

  It's not in any stretch of the imagination a priority for me, but not
  something I can help with except maybe for testing.  If you get that
  far, I'll try it.  A web cam would be a nice addition to an embedded
  system or a desktop.

  Regards,

 -Lars


Things like Skype, as in, application level software that makes use of
a web cam with a working driver, that you use to communicate with your
friends overseas or something.

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

PC Camera?

[Sunnz]

Well well, I am basically interested to set up a home monitoring
system with a PC, OpenBSD, and a Webcam... PC and OpenBSD I had it
going, but what about the webcam? Are there much webcam support for
it?

I have plugged in my old webcam in to the USB port just to see what
gives... it reports the ugen0 device, Vimicro Corp. PC Camera, rev
1.10/1.00, addr 10... if it got this far instead of being not
configured, does it mean it has some support for it?

What should I do next?

Thanks.

Re: PC Camera?

[Sunnz]

2008/3/23, Girish Venkatachalam [EMAIL PROTECTED]:
 -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1


  On 22:59:31 Mar 23, Sunnz wrote:
   Well well, I am basically interested to set up a home monitoring
   system with a PC, OpenBSD, and a Webcam... PC and OpenBSD I had it
   going, but what about the webcam? Are there much webcam support for
   it?
  
   I have plugged in my old webcam in to the USB port just to see what
   gives... it reports the ugen0 device, Vimicro Corp. PC Camera, rev
   1.10/1.00, addr 10... if it got this far instead of being not
   configured, does it mean it has some support for it?
  
   What should I do next?


 What should you do next?

  Wait for webcam support to be added. Short of that I have no other
  advice.

  Perhaps one of these days someone will do it.

  I too want this. If it comes to it I might do it but don't count on it.

  - -Girish

  - --
  unix soi qui mal y pense

  UNIX to him who evil thinks

  +--+
  | GnuPG key  : 0x48E0DA0A  |  http://wwwkeys.nl.pgp.net|
  | Fingerprint:  B9AF 854C 154F DB3D BF33  2C2D 0FDF 3BAD 48E0 DA0A |
  +--+
  iD8DBQFH5k5XD987rUjg2goRAn5bAJ9+v0od4wC/3C0o01r2TGQoGQm1lQCdGVe5
  1X9o34I8SYPgcOUQuWexaDM=
  =durj
  -END PGP SIGNATURE-



Ah, I guess my question is, what is missing link here... like... do we
need driver for this to function? Do we need documentation to webcams
so dev can write driver for it... or is a port missing that can
actually take videos?

-- 
This e-mail may be confidential. It may also be legally privileged.
You may not copy, forward, distribute, disclose, or, use any part of
it. If you haveb(received this message in error, please delete it and
all copies from your systemb(and notify the sender immediately by
return e-mail. Internet communicationsb(cannot be guaranteed to be
timely, secure, error, or, virus-free. The sender do not accept
liability for any errors, or, omissions. Nevertheless, this text has
no effective legal binding on your part. There is no obligation to
abide any or all parts of this, just as any texts appended to e-mail
on rest of the Internet.

Re: Samba(SMB) or Netatalk(AFP)?

[Sunnz]

My environment... I am not sure what kind of description is needed...
but computers need to be first to authenticate and get an IP from
OpenVPN before they can send any packets through the network... so I
suppose I don't really need additional security from NFS?

I still don't understand how the uid/gid thing works... are there any
document about it? Last time I had NFS I had to keep ssh into the file
server and change gid... so I guess I probably have not used it
correctly? I never have heard of NIS... but how would that work with
laptops, which are suppose to be portable and move between different
networks everyday, that is, home, school and work for me.

Re: Samba(SMB) or Netatalk(AFP)?

[Sunnz]

2008/3/11, Karl Karlsson [EMAIL PROTECTED]:

  Just use the same uid/gid on the client as you have in your export file.
  As simple as that.




But... the user account on the clients already has their own
uid/gid... do I have to make new accounts? Or am I missing something?

Re: Samba(SMB) or Netatalk(AFP)?

[Sunnz]

Oh, so you need to change the user id on the client computers to use
NFS properly... that seems kind of like a hack... is that the usual
way NFS is used? What if there are multiple accounts on the client
that you like to share?

Samba(SMB) or Netatalk(AFP)?

[Sunnz]

Basically I want to set up a network share on my OpenBSD box which my
Mac laptops and Linux laptops can access to.

Smb seems kind of weird in a environment with no M$ systems... however
this is probably what I am most familiar with because I did it in the
past on OpenBSD and it was a breeze to set up.

I also tried out NFS in the past on OpenBSD. Got it to work but I
don't really understand how it works. There aren't any form of
authentication, just a list of IP that has access to it... which
always seemed weird to me... that it uses whatever permission on the
OpenBSD on the laptop, which doesn't really work out... like the group
users can have a very different gid on Linux than on Mac. Maybe I am
not using it correctly or understood how it is supposed to work?

So now I am looking at AFP via Netatalk, which seem to be Unix like
enough but have password authentication like Smb, and some suggested
that it would have good performance with Mac... and Linux has support
for it through FUSE... however I have no experience with it... is it
good or not?

So I can't decide what to do at this moment... I'll most likely are
going to try out netatalk... but if you have a similar environment,
like one without much concern for M$, please suggest what would you do
for file sharing, and why thanks a lot!!

Re: PCI Gigabit card suggestion?

[Sunnz]

Thanks for the suggestions guys, I'll be getting a DLink DGE-530T
sk(4) tomorrow, will be how it goes!

PCI Gigabit card suggestion?

[Sunnz]

Hi I have been looking at:

http://www.openbsd.org/cgi-bin/man.cgi?query=gigabitapropos=1sektion=0manpath=OpenBSD+4.2arch=amd64format=html

However I am very puzzled... can someone please tell me which chipset
you found that worked the best for you and if possible, which model of
the brand you have brought after all? I am kind of scared of the bugs
and caveat sections in some of the drivers... are they a show stopper
at all?

But yea I'll need to buy a new PCI Gigabit Ethernet anyway so why not
go for the best supported one?

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: PCI Gigabit card suggestion?

[Sunnz]

Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was
wondering which brand/model are best supported by OpenBSD... in terms
of documentaion by the vendor and performance by the device.

Thanks.

Re: ports.openbsd.nu

[Sunnz]

2008/2/11, Fredrik Carlsson [EMAIL PROTECTED]:

 Edd Barrett vext01 at gmail.com writes:

 The owner forgot to renew it and I can't reach him, so the site has moved
 to
 http://openports.se

 Regards
 Fredrik Carlsson


Since it is not renewed is it possble for someone else to take over it?
I'll take it and redirect it to the new url if that's the case.

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Concurrecnt PPPoE(4)?

[Sunnz]

So, as per my understanding so far, packets are routed correctly from
internet to pppoe0, but responses from pppoe0 are going through pppoe1
which is wrong...

So...

1) internet packets  pppoe0 got through correctly and worked.

2) pppoe0 response  pppoe1 wrong and dropped by the ISP.

And I need to change 2) to...

3) pppoe0 response  pppoe0

Or am I terribly wrong?

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/20, Jussi Peltola [EMAIL PROTECTED]:
 On Sun, Jan 20, 2008 at 07:13:02AM +0200, Jussi Peltola wrote:
  On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote:
 
   pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \
   from any to pppoe0
  I don't think that will work. Anyone trying to reach pppoe0 will not get
  routed out on pppoe1.
 Hmm, actually that rule is almost correct, and I ended up getting confused...

 What you probably mean is:
 pass out on pppoe1 route-to (pppoe0 pppoe0:peer) from pppoe0 to any
  

Hey, I have tried the following:

reply-to:
1)
pass in on pppoe0 reply-to pppoe0 from any to pppoe0

It just works, both traceroute, ping, and ssh

route-to
2)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any

3)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any

4)
pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
pass in  on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0
pass in  on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0

2) 3) and 4) works with traceroute and ping from the outside, but not ssh.

So, do I need to use some kind of packet management with tag to get
route-to to work? Or would using reply-to suffice?

What I am worried about is this section from pf.conf(5):

 reply-to
   The reply-to option is similar to route-to, but routes packets that
   pass in the opposite direction (replies) to the specified inter-
   face.  Opposite direction is only defined in the context of a state
   entry, and reply-to is useful only in rules that create state.  It
   can be used on systems with multiple external connections to route
   all outgoing packets of a connection through the interface the in-
   coming connection arrived through (symmetric routing enforcement).

Opposite direction is only defined in the context of a state entry,
and reply-to is useful only in rules that create state. - as far as I
know of, only TCP connections has states, but not UDP... so what I am
worried about is that reply-to does not work with UDP connections? I
don't have a UDP service to test this out now, but I probably will
have some UDP service in the future.
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/21, Sunnz [EMAIL PROTECTED]:
 route-to
 2)
 pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any

 3)
 pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
 pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any

 4)
 pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any
 pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any
 pass in  on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0
 pass in  on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0

 2) 3) and 4) works with traceroute and ping from the outside, but not ssh.

Oh, what was I thinking!! it should be like

pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any
  ^^

Right?

Ok I just tested that one out as well... does not work neither... (with 2,3,4)

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Concurrecnt PPPoE(4)?

[Sunnz]

2008/1/21, Jussi Peltola [EMAIL PROTECTED]:
 pf keeps state on UDP (and ICMP) just fine.

 --
 Jussi Peltola



Oh I see, that's very nice, thanks for all the help everyone!

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)

[Sunnz]

2008/1/19, bofh [EMAIL PROTECTED]:
 On Jan 18, 2008 4:28 PM, Ted Unangst [EMAIL PROTECTED] wrote:

  On 1/18/08, Sunnz [EMAIL PROTECTED] wrote:
   From what I understand, if foo isn't the last hard link to the file,
   and `rm foo` will NOT delete the file...
 
  what does it matter if somebody keeps a link to it?  if you have idiot
  users who insist on using broken software, you have bigger problems.
  what if they download the old version and compile it themselves?


 I think he means sshd.  And it really doesn't matter, once you make install,
 you'll overwrite the vulnerable copy with the new one, and all the hardlinks
 won't matter, because they'd be linked to the new file.


Nice, that's interesting to know.

 If you're worried about someone writing a program that'll walk the entire
 drive and find all the sectors that were in use, and attempt to string them
 together - think about it for a while, is this truly a problem for you?  If
 it is, either hire someone (or convince someone) to write a program to wipe
 this out for you, or choose another OS where such a program exist.


Nope. It is not so about worrying... really, I am more curious about
if such thing script/program exist or not, or what the security
implication are all about - after reading all those delete free space
threads.