Re: OpenBSD's webpage desing
On Jun 29, 2012 6:56 AM, frantisek holop min...@obiit.org wrote: hmm, on Thu, Jun 28, 2012 at 04:15:56PM -0400, Dave Anderson said that For dynamic content it's even simpler -- the program producing the content should also provide the corresponding header information. and it does so inside the head of the page. a perfectly normal and accepted practice. it'll do it in the http header if the developer for the dynamic page knows what they are doing.
Re: Narcicism?
2011/12/8 Ariane van der Steldt ari...@stack.nl: Just give up on this thread. It's a waste of my time and pointless discussions like this just mean people who do have something to contribute or who have a real question get drowned in noise like this thread. Each time I attempt to catch up on misc, it's threads like these that make me regret that attempt. Why didn't this thread die already? -- Ariane On Dec 4, 2011, at 9:03, John Tate j...@johntate.org wrote: Because people kept replying to it rather than just letting it die. -- g):g.1e/h2/g )cf71h07e/e.9f04c sunnz.org
Re: Better security? Haha
Nope. Was changing a iptable rule on the fly on a ubuntu server at work yesterday. This is nothing new. The new shit is allowing programs to talk to the firewall. This may or may not be a good thing depend on how much control over which program may talk to it and what it can change. I certainly won't make any conclusion til I used and tested it.
Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)
forget about multi-license, it is isc license and it doesn't really make sense to make them like ms volume license. but how hard would it be to provide an option for people to specify a different price for buying the cd? then you can pay $1000 for a cd if you want. -- g):g.1e/h2/g )cf71h07e/e.9f04c sunnz.org
Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)
e( 2011e944f22f%ffd:oPhilip Guenther guent...@gmail.com eio On Thu, Apr 21, 2011 at 10:16 PM, Sunnz sun...@gmail.com wrote: but how hard would it be to provide an option for people to specify a different price for buying the cd? then you can pay $1000 for a cd if you want. The tax laws of the country I live in are more than enough for me to willingly deal with, so I won't claim any expertise in the laws of other countries, but are the people making these suggestions cognizant of the various laws and regulations that tend to surround deductible business expense or whatever the nearest local equivalent is? B Do you *really* think a pick your own price item is actually fully deductible in the eyes of a random local tax authority? B Really? Enough to stake your own fortune and business on? B Do you know the laws of other countries enough that your conscience lets you make that recommendation to people living elsewhere? B If so, wow, what are you doing hanging out on this list instead of making big bucks in finance? it's a technical suggestion. it's just an option and it is up to the individual to decide whether if it is appropriate to make use of. mechanism, not policy. -- g):g.1e/h2/g )cf71h07e/e.9f04c sunnz.org
Re: OpenBSD-Wiki.org
e( 2011e944f19f%ffd:oWayne Oliver wayn0...@gmail.com eio -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18 Apr 2011, at 5:22 PM, Kenny wrote: Due to an circumstances beyond my control, I'm not longer able to host / maintain /work with OpenBSD-Wiki.org. I was in the process of updating it when some personal issues came up. I'm interested in passing this off to someone else who may be interested. I'll help migrate it, get things back up and going -- if help is needed / wanted. I'm not subscribed to the list, so send an email to this email. -- Kennith (Kenny) Mann Hey B Kenny, If nobody else has offered, I will be willing to take this over. I can help too if needed. I can run a slave dns on my openbsd server and linux vps. And I know a few things about HTML/php/webdev and what not. -- g):g.1e/h2/g )cf71h07e/e.9f04c
Re: OpenBSD 4.9 pre-orders
nice commentary. -- g):g.1e/h2/g )cf71h07e/e.9f04c
Re: What do you guys use against spam?
e( 2011e943f3f%ffeoJanne Johansson icepic...@gmail.com eio 2011/3/3 Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar On 03/03/11 03:44, Theo de Raadt wrote: Wrong mailing list to discuss this. Please take it elsewhere. I thought this would be the ideal place for this sort of thing. I did forget to mention, but the mail server is running openbsd, and smtpd It's not on topic for misc@openbsd to ask: How do I drive to the Colosseum from Hotel Ritz, I have an openbsd laptop in the passenger seat. Though he did said it is his mail server that runs openbsd, not some random laptop on the side.
Re: OT: Australia may allow punitive damages for security vulns
2010/6/22 mark hellewell mark.hellew...@gmail.com: http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti on/story-e6frfro0-1225882656490 Illegal to run without antivirus ... disconnection of vulnerable computers. A much needed kick up the arse for software makers or just bat-shit insane? Coming soon... Mark Well clamav is available in ports right? So I guess when needed, just show them `man clam` or something like that to say that you do have antivirus installed. -- IMPORTANT: DO NOT send me Microsoft Office/Apple iWork documents.
Re: Phoronix Test Suite
2010/6/24, Ektor WetterstrC6m ektw...@gmail.com: filesystems (not even FFS2!), ?? Please take a look at man newfs? -- IMPORTANT: DO NOT send me Microsoft Office/Apple iWork documents. -- IMPORTANT: DO NOT send me Microsoft Office/Apple iWork documents.
MG editor, how to insert space instead of tab?
Just wondering if anyone know how to use no-tab-mode in the mg editor that come in the OpenBSD base? I try to follow the man page and do a M-x no-tab-mode but just says [No match] and doesn't do anything till I do a C-g. Am I missing something? -- IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the yorkshire terrier next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft: However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites and place it in a warm oven for 40 minutes. Whisk briefly and letitstandfor2hoursbeforeicing.
Re: Joomla - MySQL Problem: Could not connect to MySQL
2010/3/12 Daniel Gracia Garallar danie...@electronicagracia.com: Not quite a solution, I think. What about if /var/www mounts in a different filesystem than /var? Hardlinks from chrooted environments don't seem to be a wise solution anyway... Just IMHO. In that case you could change the location mysqld itself uses to be inside the chroot. Or do you actually have a solution?
Re: Joomla - MySQL Problem: Could not connect to MySQL
2010/3/11 Jan malepa...@googlemail.com: I didn't notice, that httpd was still running. kill -TERM ID_of_httpd httpd -u solved the problem. Thank you! Everything works fine! Now that it works we know that it was a problem with chroot. It might be a good practice now to hardlink the mysql.sock in the chroot directory so that you can run apache chrooted... I think you do something like: # mkdir -p /var/www/var/run/mysql # ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock Then if you shut down httpd and start it again, you shouldn't need -u any more.
Measuring network data?
Hi I am running OpenBSD as a gateway to the internet using pf to nat my LAN machines. Just wondering if there is a way to measure how much data have moved through my obsd router for a given frame of time? E.g. 300 MB today between 2pm ~ 5pm? Thanks.
Re: can't get vesa @ 1280x800 or nv
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 2009/11/29 Brynet : Rodrigo Amorim Bahiense wrote: Actually, I'm used to recommend nvidia cards (desk laptop) for most people because they do support most open source systems (Linux, FreeBSD, OpenSolaris), which is way better than ati at least. ATI(..now AMD) releases full NDA-free documentation on their graphics chipsets, for both 2D and 3D acceleration. http://developer.amd.com/documentation/guides/Pages/default.aspx#open_gpu http://www.x.org/docs/AMD/ They officially supported development of open source drivers, and 2 independent drivers exist including xf86-video-ati(4) and xf86-video-radeonhd(4), both supported under OpenBSD with full hardware graphics acceleration (..DRM/DRI). Yes they actually work here out of the box for me, 2D and 3D... but xv doesn't work for some reason... iEYEAREKAAYFAksfWn4ACgkQCr4UHbMMKguDLwCgxCBX+2GHylBo2clkuT66qqS5 AloAn2oWchCXM9hb3bj0n7VxBGSYHHXO =3LOA -END PGP SIGNATURE-
Re: pf reply-to not really working
I don't actually have any other rules at all after it, that was the last rule and I haven't have quick anywhere... I am keeping things as simple as possible and get things up and running first, then I am tightening everything up. Here's the whole of my pf.conf: nat_if = pppoe0 www_if = pppoe1 set skip on {lo rl0} match out on $nat_if inet from users nat-to ($nat_if:0) pass# to establish keep-state pass in log on $www_if \ inet proto {tcp udp} \ reply-to ($www_if $www_if) # By default, do not permit remote connections to X11 #block in on ! lo0 proto tcp to port 6000:6010
Re: pf reply-to not really working
Found a fix for it... reply-to ($www_if ($www_if)) Got to put brackets around $www_if now.
pf reply-to not really working
I have 2 pppoe connections pppoe0 and pppoe1. pppoe0 is my default gateway and people can access my http server via its IP address. But it is not working for pppoe1's IP address. I tried the following pf rule for pppoe1: pass in log on pppoe1 \ inet proto {tcp udp} \ reply-to (pppoe1 pppoe1) I can see the traffic coming in from the internet but it never replies. So I am suspecting that the http server got the http request but couldn't do a http response? UDP traffics seem to work fine. Running 4.6-current. Thanks.
Re: Multiple ssl servers on one external IP by using internal addresses?
On 2008-11-10, Damien Miller wrote: Source code to implement SNI is present in OpenBSD -current's OpenSSL but is disabled. I'll look at turning it on when OpenSSL makes a stable release with it enabled. SNI in OpenSSL is only one prerequisite though, it also need to be supported by Apache or whatever HTTP server you are using. The in-tree Apache doesn't support SNI, but perhaps apache2 in ports does. Just wondering, how has this been going for after nearly a year? I am guessing that -current as of October 2009 have SNI turned on OpenSSL? Apache2 seem to support it since 2.2.12, and the -current ports have 2.2.13... I am guess that OpenBSD-current with apache2 from ports would be able to provide SNI functionality? What about apache 1.3 as included in the base? Does anybody know if it supports SNI? Cheers.
Re: thanks for 4.6!
2009/10/23 ropers rop...@gmail.com: I'd like to share a few images with you. Well if a picture worth 1024 words... Then I got a video for you!! http://www.youtube.com/watch?v=i71bLCtDKzk If you don't like flash plugin: curl http://v20.lscache7.c.youtube.com/videoplayback?ip=0.0.0.0sparams=id%2Cexpi re%2Cip%2Cipbits%2Citag%2Calgorithm%2Cburst%2Cfactorfexp=905700%2C900031alg orithm=throttle-factoritag=22ipbits=0signature=C61C80608E1A7EC812C02E92B98 C81BE64F2320B.CA1663F7340A6730BA2575257A9A49CB34A2CB6Fsver=3expire=12562848 00key=yt1factor=1.25burst=40id=8bbd5b2c2b432b39 -o openbsd46.mp4
Re: Commercials for TV?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 2009/6/16 ropers rop...@gmail.com: http://en.wikipedia.org/wiki/BBspot But seriously, that was surprisingly well written. BBspot's ideas intrigue me and I would like to subscribe to their newsletter. B :) This is not the 1st time they mention OpenBSD. http://www.bbspot.com/News/2008/01/top-11-reasons-you-have-not-installed-linu x-yet.html ^^^ I was totally unexpected when I read that last one, I actually laughed!! - -- Get my public key here: http://www.users.on.net/~sunnz/sunnzy.gmial.asc 0ECA 728E 4501 1922 458E 5783 0ABE 141D B30C 2A0B iEYEARECAAYFAko3lDkACgkQCr4UHbMMKgtTGgCcCFp27CKjVNkztHArZtqCPXDX po4An0oVpCTWs8MQLWf+t2dU/bOH0Rg4 =K79I -END PGP SIGNATURE-
RADEON(4) man page inconsistency?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This link implies 3D hardware support for all of its listed hardware: http://www.openbsd.org/cgi-bin/man.cgi?query=radeonapropos=0sektion=4manpath=OpenBSD+Currentarch=amd64format=html While this link explicitly states certain series has no 3D support: http://www.openbsd.org/cgi-bin/man.cgi?query=radeonapropos=0sektion=0manpath=OpenBSD+Currentarch=amd64format=html Is there an error in the documentation or am I missing something? - -- Disclaimer: By sending an e-mail to any of my addresses you are agreeing that: 1, I am by definition, the intended recipient. 2, All information in the e-mail is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3, I may take the contents as representing the views of you or your company. 4, This overrides any disclaimer or statement of confidentiality that you may include on your message. () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Get my public key here: http://www.users.on.net/~sunnz/sunnzy.gmial.asc 0ECA 728E 4501 1922 458E 5783 0ABE 141D B30C 2A0B iEYEARECAAYFAkoeiPgACgkQCr4UHbMMKgvwtgCgv4WTxTdho1PdSuWwkcpFf2ZW RsEAnRR3/SMK6GVZ7iO8hUegrNaQQNta =9wID -END PGP SIGNATURE-
Re: QEMU, tun, and tap.
2009/5/27 Christopher J. Gibbons cgibb...@dragonfire.dyndns.org: I found this in the README.OpenBSD for QEMU to be most helpful when doing a similar sort of thing (plus you get the bonus of not having to run QEMU as root): $ sudo sh -c sudo -u $USER qemu -nographic -net nic -net tap,fd=3 \ B B B B B B -no-fd-bootchk -hda virtual.img 3/dev/tun0 B B B B B B B B B B B B B B B B B B B B B B B B ^ Make that your tunX device. Tried and worked like a charm!! :D README.OpenBSD for QEMU have changed a lot, 4.3 here was a lot shorter and didn't have anything like that, I guess I should upgrade soon!! Thanks for the tip!! :D
Edit files on the installer shell?
From my memory last time I install OpenBSD (4.3) when I use the shell (by typing !) vi wasn't available; I ended up installing the base then use vi by /mnt/usr/bin/vi. (Something like that!!) I am wondering if I wanted to edit something before the installation then what can I use to edit files? I was told that vi is almost always available on any Unix system, does OpenBSD uses something even more basic than that in its installer? Thanks!!! :D -- Disclaimer: By sending an e-mail to any of my addresses you are agreeing that: 1, I am by definition, the intended recipient. 2, All information in the e-mail is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3, I may take the contents as representing the views of you or your company. 4, This overrides any disclaimer or statement of confidentiality that may be included on your message. () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Get my public key here: http://www.users.on.net/~sunnz/sunnzy.gmial.asc 0ECA 728E 4501 1922 458E 5783 0ABE 141D B30C 2A0B
Re: QEMU, tun, and tap.
And I have pass quick on {tun0 tun1 tun2} in pf.conf, so it is not the firewall blocking it.
QEMU, tun, and tap.
So I got QEMU networking to work somewhat, I have manually created a link0 nic called tun0, which worked with QEMU: tun0: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 lladdr 00:bd:64:11:95:01 inet6 fe80::2bd:64ff:fe11:9501%tun0 prefixlen 64 scopeid 0x8 inet 10.7.7.1 netmask 0xff00 broadcast 10.7.7.255 An IP address 10.7.7.8 was statically set in the guest OS and I were able to ping and ssh 10.7.7.1 from the guest OS. However I want to use tun2 instead: (I have other use for tun0) tun2: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 lladdr 00:bd:07:aa:be:09 inet6 fe80::2bd:7ff:feaa:be09%tun8 prefixlen 64 scopeid 0x16 inet 10.8.8.1 netmask 0xff00 broadcast 10.8.8.255 Which I pass the following to QEMU: -net nic -net tap,ifname=tun2,script=no,downscript=no But it doesn't work as my expectation at all!! I statically set the IP address of the guest to 10.8.8.8 but I cannot ping or ssh 10.8.8.1. But if I set it to 10.7.7.8, then I could ping and ssh 10.7.7.1, as if it is still using tun0!! And I have pass quick on {tun0 tun1} in pf.conf, so it is not the firewall blocking it. It seems as if QEMU is stuck with tun0? Is my configuration wrong or something? -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Edit files on the installer shell?
2009/5/26 Otto Moerbeek o...@drijf.net: On Tue, May 26, 2009 at 08:49:45AM -0400, William Boshuck wrote: ed(1) is in /bin, but sed(1) is in /usr/bin; so you wouldn't always have sed handy, right? sed is on the install media, that was the question. Nice to know anyway, thanks guys!! :D -- Disclaimer: By sending an e-mail to any of my addresses you are agreeing that: 1, I am by definition, the intended recipient. 2, All information in the e-mail is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3, I may take the contents as representing the views of you or your company. 4, This overrides any disclaimer or statement of confidentiality that you may include on your message. () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Get my public key here: http://www.users.on.net/~sunnz/sunnzy.gmial.asc 0ECA 728E 4501 1922 458E 5783 0ABE 141D B30C 2A0B
Re: Sending email in Apache chroot?
2009/1/21 Sunnz sun...@gmail.com: So in summary, the following was done: - Setup sendmail such as the sendmail that came with OpenBSD or use some other agent like Postfix such that you can do a `dmesg | mail -s Sony VAIO 505R laptop, apm works OK dm...@openbsd.org` on the command line. - Install femail-chroot from package, this places a binary called femail in /var/www/bin/ - Change sendmain_path in php.ini. This defaults to sendmail -t -i. Change it to /bin/femail -t -i - cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/; femail itself does not use or need sh. whatever invokes it might need it., Henning Brauer. Oh I almost forgot, need resolv.conf in /var/www/etc as well. Cheers.
Re: Sending email in Apache chroot?
2009/1/21 T. Ribbrock emga...@gmx.net: I doubt you need to copy sh *and* ksh. sh only (which, as far as I can see, is the same binary as ksh, anyway) should suffice. Yup they look the same. $ sha1 /bin/*sh SHA1 (/bin/csh) = 78de2a795d3888bcaf60ed747293d5a0853f065b SHA1 (/bin/ksh) = 636a98c38306f607707622ca1fa9052e6293d44e SHA1 (/bin/rksh) = 636a98c38306f607707622ca1fa9052e6293d44e SHA1 (/bin/sh) = 636a98c38306f607707622ca1fa9052e6293d44e -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Sending email in Apache chroot?
I have set up mail and femail and they both works, just not in a chroot. Basically I can do `mail m...@myaddress.com` or `/var/www/bin/femail m...@myaddress.com` and both of then successfully sent an email to myself. But it doesn't work with Apache in the chroot. I was using a PHP script. femail-chroot is installed by pkg_add -iv femail-chroot. I also tried the following: `chroot -g www -u www / /var/www/bin/femail -t -i m...@myaddress.com` works, but `chroot -g www -u www /var/www/ /bin/femail -t -i m...@myaddress.com` doesn't work, it says: femail: non-recoverable failure in name resolution I run out of ideas now, what needs to be done? -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Joe Barnett joe.barn...@mr72.com: Many moons ago I had the same situation with mini-sendmail-chroot. Installing mail (?) and sh in the chroot seemed to clear everything up--though I am not sure if that is the optimal solution. I am also trying mini-sendmail-chroot. `chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com` Does actually work but in PHP still doesn't. And I have updated sendmail_path in php.ini. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Sunnz sun...@gmail.com: I am also trying mini-sendmail-chroot. `chroot -g www -u www /var/www/ /bin/mini_sendmail -t -i m...@myaddress.com` Does actually work but in PHP still doesn't. And I have updated sendmail_path in php.ini. Err this is so weird... now it doesn't work any more even on the command line, mini_sendmail now says /bin/mini_sendmail: unexpected response 550 to RCPT TO command when I run that command. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Henning Brauer lists-open...@bsws.de: * Sunnz sun...@gmail.com [2009-01-20 17:48]: Ok so I have copied /etc/resolv.conf to /var/www/etc/... Now it says: femail: rcpt to chr...@civicquire.net refused by server refused by server not enough of a hint? Well the same address and everything worked without chroot, so I am not sure what is needed inside of the chroot to make this work. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Henning Brauer lists-open...@bsws.de: * Sunnz sun...@gmail.com [2009-01-20 17:48]: Ok so I have copied /etc/resolv.conf to /var/www/etc/... Now it says: femail: rcpt to chr...@civicquire.net refused by server refused by server not enough of a hint? Ok my mistake, I mis-spelt the e-mail address. (DOH!) So this command works now: chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com However it still doesn't work from within Apache/PHP... I even called phpinfo() in a PHP script and examined what sendmail_path it set to, it is indeed /bin/femail -t -i... -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Sunnz sun...@gmail.com: 2009/1/21 Henning Brauer lists-open...@bsws.de: * Sunnz sun...@gmail.com [2009-01-20 17:48]: Ok so I have copied /etc/resolv.conf to /var/www/etc/... Now it says: femail: rcpt to chr...@civicquire.net refused by server refused by server not enough of a hint? Ok my mistake, I mis-spelt the e-mail address. (DOH!) So this command works now: chroot -g www -u www /var/www/ /bin/femail -v -t -i m...@myaddress.com However it still doesn't work from within Apache/PHP... I even called phpinfo() in a PHP script and examined what sendmail_path it set to, it is indeed /bin/femail -t -i... Ok I noticed that the mail() function in PHP returns false, so it has something to do with PHP itself I guess? However I were not able to get PHP to print out any errors, so I am lost again here... display_errors is On in php.ini... -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
2009/1/21 Amitabh Kant amitabhk...@gmail.com: Hi See if this link is of any use to you. http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/15/343352/thread With regards Amitabh Oh thank you very much this has solved the final piece of the puzzle!!! It all works now!! Thanks again!! -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Sending email in Apache chroot?
So in summary, the following was done: - Setup sendmail such as the sendmail that came with OpenBSD or use some other agent like Postfix such that you can do a `dmesg | mail -s Sony VAIO 505R laptop, apm works OK dm...@openbsd.org` on the command line. - Install femail-chroot from package, this places a binary called femail in /var/www/bin/ - Change sendmain_path in php.ini. This defaults to sendmail -t -i. Change it to /bin/femail -t -i - cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/; femail itself does not use or need sh. whatever invokes it might need it., Henning Brauer.
The New Secure Operating System
The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say. http://www.darkreading.com/security/management/showArticle.jhtml?articleID=212201490 -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: The New Secure Operating System
2008/12/10 Adriaan [EMAIL PROTECTED]: Oh my god. Let me migrate everything to this new secure OS immediately! Yea, you should run this new secure OS under Xen or Vmware for even more security ;) =Adriaan= Hmm I don't know... they claim that Linux, Windows and VMware aren't secure, they haven't mentioned Xen though I would think it would be in the same boat as VMware. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: OpenBSD 4.4 released, Nov 1. Enjoy!
2008/11/2 James R. Campbell [EMAIL PROTECTED]: Thanks for all of your hard work! I really enjoyed the song in this release also. Haha, may the source be with you!! -- This e-mail may be confidential. You may not copy, forward or use any part. All disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: PF Queue on a GROUP of nics?
2008/10/6 Girish Venkatachalam [EMAIL PROTECTED]: No need to add a bridge. You are looking for ifconfig(8). Look for interface groups and you are done. -Girish Oh, so just apply altq rules to the appropieate group and it will work? That sounds great!! Thanks!! -- This e-mail may be confidential. You may not copy, forward or use any part. All disclaimers on the Internet are of zero legal effectiveness. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: PF Queue on a GROUP of nics?
Ahhh ok... so what do I need to do this, group, bridge, or something else? 2008/10/7 Henning Brauer [EMAIL PROTECTED]: * Sunnz [EMAIL PROTECTED] [2008-10-06 07:44]: Is it possible? no. groups don't have any queues to play queue tricks on. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam -- This e-mail may be confidential. You may not copy, forward or use any part. All disclaimers on the Internet are of zero legal effectiveness. http://www.goldmark.org/jeff/stupid-disclaimers/
PF Queue on a GROUP of nics?
Is it possible? Say I have a few nics of the same group... dc0 dc1 dc2 dc3... which all belong to a group dc. And say if I wanted to limit the overall bandwidth for the group... so say at any point in time the overall outgoing bandwidth of the group dc will not be over 100mbp. Would it work if I just apply altq to dc in pf? Or do I need to bridge it... this is where I have no ideas... but say I add a bridge0 that contains dc0 dc1 dc3 dc2, and apply altq to bridge0 in pf. Regards, Sunnz. -- This e-mail may be confidential. You may not copy, forward or use any part. All disclaimers on the Internet are of zero legal effectiveness. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: New tcp stack attack
2008/10/2 Peter J. Philipp [EMAIL PROTECTED]: I listened to the podcast and got the idea that the socket is in ESTABLISHED state (so after 3 way handshake) and they mention that a packets PCB resources have timers, and that is what they exploit. Perhaps you establish the session and send an HTTP request (pretend it's http) and never ACK the answer that gets repeated based on the internal timers. It seemed to me they say that some stop repeating their content and just die. -p I have just listened to the interview as well. They said that they have looked at the source tree of Linux, at their Timer code in the TCP stack. The Linux source code indeed have a comment saying there are states that are bad and the Linux kernel would try to avoid. So the sockstress program was written to work the other way around, to try to get into that bad state as much as possible, and it managed to bring down Linux systems. They then run the same attack against a Windows machine, and it had the same effect as well, so it really seem like a problem in the TCP protocol. In the article it is said that BSD are vulnerable as well, they didn't mention if it was Free or Net or Open... So I guess the question is if OpenBSD have such state in its TCP stack, maybe a code auditing session (whenever it is done next, the next Hackathon?) can look at something like that in the OpenBSD kernel... or maybe the dev already saw this kind of problem and have harden the TCP stack for OpenBSD? -- This e-mail may be confidential. You may not copy, forward or use any part. All disclaimers on the Internet are of zero legal effectiveness. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Can one dd to /dev/rwd0c?
2008/9/21 Pierre Riteau [EMAIL PROTECTED]: Sunnz says he's running off an install CD so he should not run into problems related to securelevel. I guess he's root too. It is just the official OpenBSD 4.3 CD that I brought, which on start up it asks Install/Upgrade/Shell. I am just using Shell from there. Sunnz, you don't say exactly what error dd reports. Have you created the arandom character device file? It is not available by default on the install CD. If I could I would recreate the error... but somehow it works just now when I attempt that once again!!! From my vague memory the error dd throws earlier today was something like invalid argument... I press the UP key to ge the exact command I entered, removed the 'r' in rwd0 and that worked. BTW I was able to do a `cat /dev/arandom` on the install CD... -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, like all disclaimers on the net, there are no effective legal binding on your part and disclaimers can be ignored. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Can one dd to /dev/rwd0c?
2008/9/21 Johan StrC6m [EMAIL PROTECTED]: If you just want to erase the disk securely and don't really need to run OpenBSD, check out http://www.dban.org/ -- Johan Oh I just thought that I have OpenBSD CD lying around, but thanks that seem like a good tool for my personal utility kit. :D -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, like all disclaimers on the net, there are no effective legal binding on your part and disclaimers can be ignored. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Can one dd to /dev/rwd0c?
The original question was really asking where to write to, that is, rwd0c vs. wd0c; the source that was used in the example (urandom/arandom) wasn't any kind of true random entropy anyway, AFAIK, they are non-blocking pseudo-random stuff that the kernel spills out... I mean, as far as usability goes, it is just a matter of typing if=/dev/urandom vs. if=/dev/zero, virtually no extra work needs to be done by the human... and as far as the computational difference, I think the delay for using pseudo random source is negligible when people are probably have to leave this thing running overnight anyway. So I don't see any big fuss about which source to use here, surely no one is asking what's the best entropy to be used, but just how to actually write to every bit of the hard drive.
Can one dd to /dev/rwd0c?
OK I am trying to completely erase the data of a hard disk so I though I can just do `dd if=/dev/arandom of=/dev/rwd0c` as to my understanding that is the entire hard disk (slice c) of wd0 in 'raw' mode? But that dd refuse to do it. So now I am doing the same thing but to wd0c instead. Is this any worse? This is the character device right? Does that mean dd won't write random bits as low as going to the raw device? This is running off a OpenBSD 4.3 CD, there are no intention to actually destroy the hard disk in any way, just erasing the data off the hard disk so that it can be reused, re-sold, whatever. The data are not some military top secret, but it is interesting to know of what can be done in a home/small office environment when it comes to erasing the hard drive. Thanks. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, like all disclaimers on the net, there are no effective legal binding on your part and disclaimers can be ignored. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Kaminsky's DNS bug: PF workaround
2008/7/20 Mark Shroyer [EMAIL PROTECTED]: http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html The configuration line in question: nat on $WAN_IF inet proto { tcp, udp } from a.b.c.d to any \ port 53 - a.b.c.d Or, if you have a dynamic IP address on a cable modem, etc.: nat on $WAN_IF inet proto { tcp, udp } from ($WAN_IF) to any \ port 53 - ($WAN_IF) Hey I was trying this today... however I have bind on the OpenDNS router that is doing nat itself, so do you know if that would work at all? My OpenDNS router is connected directly to the internet. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, like all disclaimers on the net, there are no effective legal binding on your part and disclaimers can be ignored. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Kaminsky's DNS bug: PF workaround
2008/9/9 Stuart Henderson [EMAIL PROTECTED]: Yes. But the patch is now available. You should just patch instead. Yea but I wonder why PF isn't working here.
Re: Can't start Apache... MaxCPUPerChild is invalid??
2008/9/3 Toni Mueller [EMAIL PROTECTED]: Hi, On Tue, 02.09.2008 at 22:20:26 +1000, Sunnz [EMAIL PROTECTED] wrote: [Tue Sep 2 22:14:29 2008] [notice] child pid 29398 exit signal Segmentation fault (11) ... some more clipped try to have a compiler run. SEGVs are often the sign of bad RAM. So you may want to swap at least disks and memory in your box. Ohh it is that bad? I did swap the offending disk but not the RAM... So what do you mean by have a compiler run? To compile something? What's SEGV?
Re: Can't start Apache... MaxCPUPerChild is invalid??
Ahh I see, so how does memtest to compare to something like building the userland? From above post it seem like should there be any problem then building the userland may crash the machine... so I'd get some backup plan going just in case something does break. So there was a SEGV in the child threads... I did notice a binary file, httpd.core, that would have been created by the httpd process, right?
Can't start Apache... MaxCPUPerChild is invalid??
I have no ideas what's going on here... apache always worked, I haven't changed any settings, just restarted the computer and it just doesn't start. When I type in httpd as root it says: Syntax error on line 175 of /var/www/conf/httpd.conf: Invalid command 'MaxCPUPerChild', perhaps mis-spelled or defined by a module not included in the server configuration I have also downloaded the default httpd.conf from OpenBSD CVSWEB for release 4.2, the release of OpenBSD I am running now. The same message appears. Any ideas??
Re: Can't start Apache... MaxCPUPerChild is invalid??
The offending options if 0 by the way, here's the relevant area... I have never changed anything in that area... the default configuration httpd.conf from cvsweb for 4.2release does not work neither: # # MaxRequestsPerChild: the number of requests each child process is # allowed to process before the child dies. The child will exit so # as to avoid problems after prolonged use when Apache (and maybe the # libraries it uses) leak memory or other resources. On most systems, this # isn't really needed, but a few (such as Solaris) do have notable leaks # in the libraries. # MaxRequestsPerChild 0 # # MaxFOOPerChild: these directives set the current and hard rlimits for # the child processes. Attempts to exceed them will cause the the OS to # take appropriate action. See the setrlimit(2) and signal(3). # MaxCPUPerChild 0 MaxDATAPerChild 0 MaxNOFILEPerChild 0 MaxRSSPerChild 0 MaxSTACKPerChild 0
Re: Can't start Apache... MaxCPUPerChild is invalid??
On a deeper Google investigation, I can't find the MaxCPUPerChild in the standard apache manual: http://httpd.apache.org/docs/1.3/mod/core.html#maxfooperchild As oppose to: http://loki.homeunix.net/manual/mod/core.html#maxfooperchild And Google comes along with a lot of BSD mailing list with MaxFOOPerChild patch, so my impression is that this is a feature added to apache by BSD dev's? Again this is with default configuration... apache has worked before with default config... it is so weird...
Re: Can't start Apache... MaxCPUPerChild is invalid??
This is getting really weird... Looking up httpd -L: MaxCPEPerChild (http_core.c) Maximum amount of CPU time a child can use (rlimit). Allowed in *.conf only outside Directory, Files or Location So it is CPE, not CPU? Ok I gave that a go... `httpd` doesn't complain now, but I despite it is running, when I try to visit the site in my browser the child dies... this is the last few entries in error_log: [Tue Sep 2 22:09:08 2008] [notice] Apache configured -- resuming normal operations [Tue Sep 2 22:09:08 2008] [notice] Accept mutex: sysvsem (Default: sysvsem) [Tue Sep 2 22:14:29 2008] [notice] child pid 29398 exit signal Segmentation fault (11) [Tue Sep 2 22:14:29 2008] [notice] child pid 23690 exit signal Segmentation fault (11) [Tue Sep 2 22:14:30 2008] [notice] child pid 19827 exit signal Segmentation fault (11) [Tue Sep 2 22:14:30 2008] [notice] child pid 20595 exit signal Segmentation fault (11) [Tue Sep 2 22:14:30 2008] [notice] child pid 22510 exit signal Segmentation fault (11) [Tue Sep 2 22:14:30 2008] [notice] child pid 20523 exit signal Segmentation fault (11) [Tue Sep 2 22:14:31 2008] [notice] child pid 13631 exit signal Segmentation fault (11) [Tue Sep 2 22:15:15 2008] [notice] child pid 8973 exit signal Segmentation fault (11) The times it has Seg fault is when I was trying to load a page. httpd -DSSL doesn't work, it crashed with yet another Segmentation fault. And this not the first time I try to run a web server, it just been up there for at least 6 months... how can it just go weird like this?
Re: Can't start Apache... MaxCPUPerChild is invalid??
Ok I am totally lost... googling MaxCPEPerChild gives no result, while MaxCPUPerChild gives lots of OpenBSD httpd.conf file with the exact same conf I have, http://kerneltrap.org/mailarchive/openbsd-misc/2008/6/16/2138454 where MaxCPUPerChild 0...
Re: Can't start Apache... MaxCPUPerChild is invalid??
Wow you guys are exactly right, just did a sha1 sum of a copy of httpd from my backup, it is indeed different. Using my backup disk now... I have tried to just copy httpd over, but no dice... using the backup disk does work now. This is very surprising, as I have never seen a real disk failure in my life! So thank you very much for the heads up, I'll put up more of what happened tomorrow. :D
Re: atheros - just curious, ot
2008/7/29 Eric Furman [EMAIL PROTECTED]: Who can we write to at atheros to tell them I will never ever purchase one of their products? http://www.atheros.com/contact/index.html Might work, you get e-mail, postal, and phone numbers to contact them with.
Thinkpad G40 anyone?
Just wondering if anyone has OpenBSD running on a G40, I have been considering to pick up a second hand one for experiemental with OpenBSD, trying out new code and stuff... it would be nice to know that at least its wired network port works... I tried to search on the ibm web site but all it says is 10/100 Ethernet installed on systems via the system board so if anyone who owns one can make some recommendation that would be great. Thanks. Sunnz.
Re: Thinkpad G40 anyone?
2008/7/27 David Vasek [EMAIL PROTECTED]: On Sun, 27 Jul 2008, Sunnz wrote: Just wondering if anyone has OpenBSD running on a G40, I have been considering to pick up a second hand one for experiemental with OpenBSD, trying out new code and stuff... it would be nice to know that at least its wired network port works... I tried to search on the ibm web site but all it says is 10/100 Ethernet installed on systems via the system board so if anyone who owns one can make some recommendation that would be great. I have never met a G40 in person, but based on available documentation it should be equipped with a Broadcom BCM5901, which is supported by bge(4). Ohh I see thanks for the heads up. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, this text has no effective legal binding on your part, there is no obligation to abide any or all parts of this. Treat it with the same level of care as any other pretending-to-be-law-speaking-but-not-really texts attached to e-mail messages you normally find on any other e-mails. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: This is what Linus Torvalds calls openBSD crowd
I guess Linus lost his ability to masturbate for a long time huh? -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, this text has no effective legal binding on your part, there is no obligation to abide any or all parts of this. Treat it with the same level of care as any other pretending-to-be-law-speaking-but-not-really texts attached to e-mail messages you normally find on any other e-mails. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Can you contribute code under anonymous under ISC License?
Well if you prove that you wrote it then that would defeat the purpose of releasing it under the name of anonmyous would you? One would be violating the copyright law regardless what name the said code is released under right? I mean, a third party won't be able to claim that they are the anonymous person unless they provide evidence, otherwise they can't change the license or do anything not permitted by the license, right?
Re: Can you contribute code under anonymous under ISC License?
2008/6/24 Theo de Raadt [EMAIL PROTECTED]: Hi, just wondering what's your opinion on this... If one were to release some code under an ISC or BSD-like 2 clause license, but under the name of anonymous, would it effectively as if it was released as public domain? I guess the actually question you wanted to as was: Does OpenBSD accept anonymous code? No. OpenBSD does not. We don't do a dumb thing like that. Well, actually I was just curious, so that's no for OpenBSD... I am interested to know what is the general case as well. It is nothing major, it is not like I want to make a killer app under anonymous or something. :p -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, this text has no effective legal binding on your part, there is no obligation to abide any or all parts of this. Treat it with the same level of care as any other pretending-to-be-law-speaking-but-not-really texts attached to e-mail messages you normally find on any other e-mails. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Can you contribute code under anonymous under ISC License?
Hi, just wondering what's your opinion on this... If one were to release some code under an ISC or BSD-like 2 clause license, but under the name of anonymous, would it effectively as if it was released as public domain?
Re: pf.conf comment lines
2008/6/14 Philip Guenther [EMAIL PROTECTED]: Sadly, this varies among languages and file-formats. You just have to know how the one you're working in behaves. So, when in doubt, comment every line that needs to be comment out, should work in almost all cases? -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Is NV supposed to be SLOW?
2008/5/4 Marco Peereboom [EMAIL PROTECTED]: It is in this thread: http://marc.info/?l=openbsd-miscm=120926655909874w=2 Thanks for the link, so nv itself is developed by nVidia themselves and is written to be obscure too... that's another reason for me to chuck away my nVidia card!! 2008/5/4 Benoit Chesneau [EMAIL PROTECTED]: radeonhd work particularly well: fast display without any dri/drm acceleration yet. Intel is also a good choice when you need opensources blob free drivers. So what is the state of radeonhd like? It is another nv like driver, you know, OOS obscured open source driver, or a truly supported with docs and stuff? And what does Intel uses... if I go Intel does that mean I would need to get a whole new motherboard... because as far as I know of, they do not yet build delicated graphics card... of course Intel boards can be used to build new machines, but then again that would support Intel cpu only, right? What about via? I have heard that they will be making oss graphic cards? -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Is NV supposed to be SLOW?
2008/5/5 Marco Peereboom [EMAIL PROTECTED]: My previous laptop was radeonhd and I might go back to it until noveau is in enough shape. Only after coming from radeonhd to go nvidia made me realize how much better the driver is. I see... I take it that you are running -current? Looking at the cvs-web, it seems like you need at least 4.3-release, and looking at wiki.x.org, it seems like only -current has the decent radeonhd driver with 2D acceleration (driver version 1.2.1, for R5xx/RS6xx, both XAA and EXA.)... whatever XAA and EXA means?
Re: upgrade 4.2 (i386) - 4.3 (amd64)
2008/5/2 Marten Rizwan [EMAIL PROTECTED]: Hello misc@, I could obviously do a clean install, but it would take little more effort to complete. It is probably true the other way around... -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: How to HIDE OpenBSD as user-agent?
2008/4/30 macintoshzoom [EMAIL PROTECTED]: # block nmap OS detection scans somewhat (-O) block in quick proto tcp flags FUP/WEUAPRSF block in quick proto tcp flags WEUAPRSF/WEUAPRSF block in quick proto tcp flags SRAFU/WEUAPRSF block in quick proto tcp flags /WEUAPRSF block in quick proto tcp flags SR/SR block in quick proto tcp flags SF/SF Any tips for a full pf.conf settings ? Well since the OP wanted to block ALL user agents from absolutely everywhere and don't mind security by obscurity, may I suggest the following: block in quick all block out quick all That's as secure as you can get by going for obscurity, without turning off the computer!
Re: OpenBSD 4.3 released May 1, 2008
My little YouTube summary: http://au.youtube.com/watch?v=uPTcnzgseaQ Mhuahuahuahauha... ha...
Is NV supposed to be SLOW?
I am just wondering if the NV driver for nVidia cards are supposed to be slow, for just the desktop? That is, no 3D. I am currently running Xfce Desktop on 4.2-release, just surfing the web and stuff, nothing heavy... and Desktop switching, maximising windows, and stuff takes unusually long time... of course I would not expect the same performance with the binary blob driver on Linux, but by a long time I mean it takes 5 - 30 seconds freeze to do anything... maximising a window takes 5 - 10 seconds, while switching desktop spaces takes 20 - 30 seconds, depends on how many windows are on that space. For non-drawing purpose, it is all very fast, minimise is very quick, switching to an empty desktop space is an instant. So I guess it may be the window manager, xfwm4? So yea I am wondering if this is normal for xfce on nVidia cards... like if it is xfce's problem, or X Windows, or driver?? Thanks. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Is NV supposed to be SLOW?
2008/5/4 Jacob Meuser [EMAIL PROTECTED]: well, WHICH nVidia card? don't you think that might matter? any clues in your /var/log/Xorg.0.log? the following machine uses the nv driver, and I don't see what you describe under either blackbox or kde. Well I am suspecting it is a combination of nv driver AND the window manager used in Xfce4... that's why I want to ask if it happens purely on nv driver, and in that case, I might have to go for ATi as suggested by others. But since your machine is good with blackbox/kde, I'll try them out and see... so thanks for your reply!
Re: Is NV supposed to be SLOW?
Ok I am using blackbox instead of xfwm4 now... still running on Xfce but no more delays in anything. :) -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: How to HIDE OpenBSD as user-agent?
2008/5/4 Alexander Schrijver [EMAIL PROTECTED]: I think unplugging the network cable(s) would be more secure. What if the OP is on wireless? (Using WEP too! :O). I suggest they have the block all rules anyway, just to be safe... ya know, in case of a thunder storm, kids may not want to go outside, and start doing crazy things inside, such as plugging the network cable back in... -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Is NV supposed to be SLOW?
2008/5/4 Marco Peereboom [EMAIL PROTECTED]: Yes. NVIDIA refuses to make a useful open source driver. It is barely functional and it generally sucks really really bad. Stay away from NVIDIA when doing open source. Yes I know about this binary blob. Even FreeBSD users are forced to use i386 on an AMD64 system just to use their damn blob. Actually I used to run Linux on this computer so I can play with the 3D Compiz and stuff... but I just decided to switch to OpenBSD anyway, because I think in the long term, running a blob free system is the way to go. But economically-wise, I would like to keep as many current hardware as possible... because I thought the NV driver would at least have good 2D support for getting through working with a simple desktop environment, such as Xfce4. In the end I guess it just boils down to the question that many people have asked before... are there any down-to-Earth, non-fancy graphics card you can get these days that works well with OSS, when you just want a speedy desktop and don't particularly care about the 3D Compiz stuff... is ATi really the way to go, if you just want a straight forward desktop? Have ATi (or anyone) really got their docs going without NDA, and are there actually exists drivers for them in the latest release of OpenBSD. (4.3-release) I mean, while I do want to keep as much hardware as possible, I can still afford to buy one or two components, if they are actually truly supporting OSS, it is a form of voting with my wallet I guess.
Text to Speech?
Hi, Just wondering if anyone uses a screen reader? I used to use espeak on Linux because it is 1, cli, 2, you can just copy and paste a bunch of text to stdin and it will speak it, 3, it is very easy to adjust the speed on the command line just --speed 200 or something. 4, use voices from cepstral their voice cost $30 and it is worth the money. Are there anything like that in the OpenBSD ports? Thanks. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: 4.2 Errata 006 failed to compile.
2008/4/2, Josh Grosse [EMAIL PROTECTED]: Looking at the patch 006 instructions, I note that it suggests you do a make build but I believe that will only work if you've already built Xenocara from source before. If you look at the man page for release(8) or the /usr/src/xenocara/README file, you will see you should issue make bootstrap and make obj before executing the make build. That might work. If it does, let misc@ know that the patch documentation needs those two commands added. Yes you are right, doing make bootstrap make obj make build Successfully compiled today. This on a 4.2-release system that has never compiled Xencara before. This is reposted back to misc. Thanks for the help everyone!
4.2 Errata 006 failed to compile.
I am not sure what I did wrong, I simply followed the instruction in 006_xorg.patch today cd /usr/src/xenocara # Assuming Xenocara is in /usr/src/xenocara patch -p0 006_xorg.patch make build Thought I did not have xenocara till today, I just grabbed from my local mirror when I need to apply the patch and recompile it. The patch itself was applied fine, it is just not compiled... make build failed. This is where the error begins: cc -L/usr/src/xenocara/lib/expat/xmlwf/../obj -o xmlwf xmlwf.o xmlfile.o codepage.o unixfilemap.o -lexpat /usr/bin/ld: cannot find -lexpat collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/src/xenocara/lib/expat/xmlwf (line 95 of /usr/share/mk/bsd.prog.mk). *** Error code 1 Stop in /usr/src/xenocara/lib/expat. *** Error code 1 Stop in /usr/src/xenocara/lib/expat (line 133 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/src/xenocara/lib. *** Error code 1 Stop in /usr/src/xenocara. # ld ld: no input files I am running OpenBSD 4.2 AMD64 release. I haven't used OpenBSD for that long... this is the first time I tried to learn about applying errata patches (for the sake of learning) and I might have made come common mistakes. And this might sound stupid... X was running when I was recompiling Xenocara, could that be the cause? I don't know I haven't thought of that till now... I will probably try that as soon as my next reboot. (got a few things running at the moment.) Thanks. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. If you have received this message in error, please delete it from your system and notify the sender immediately by return e-mail. The sender does not accept liability for any errors, or, omissions. Note, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail messages on rest of the Internet. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: 4.2 Errata 006 failed to compile.
2008/4/2, xSAPPYx [EMAIL PROTECTED]: Take a quick look in the archives talking about expat. It was in xbase for the 4.2 release, is moving to base IIRC, and it looks like you dont have it installed:/usr/bin/ld: cannot find -lexpat I am fairly sure that I had both base and xbase installed... Under a quick search for expat I can find these files: /usr/X11R6/include/expat.h /usr/X11R6/include/expat_external.h /usr/X11R6/lib/libexpat.a /usr/X11R6/lib/libexpat.so.8.0 /usr/X11R6/lib/libexpat_pic.a I take a peek at xbase.tgz, seems like I already had them in my system. It does not seem like installing xbase over the existing xbase will do anything. Thanks.
Possible daytime saving bug?
Hello, Running 4.2 here, and it seems like OpenBSD is one week early can it comes to turning off daylight saving time, it is already one hour slow and this should only happen next week. I looked at the errate for 4.2 but no such fix. There was one for the U.S. in 4.0. But here this is Australia/Canberra. So is this a bug or is there someone fixing this now? Or how can I fix this myself? Thanks. -- This e-mail may be confidential. It may also be legally privileged. You may not copy, forward, distribute, disclose, or, use any part of it. If you haveb(received this message in error, please delete it and all copies from your systemb(and notify the sender immediately by return e-mail. Internet communicationsb(cannot be guaranteed to be timely, secure, error, or, virus-free. The sender do not accept liability for any errors, or, omissions. Nevertheless, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet.
Re: Possible daytime saving bug?
Right, this is fix up on my machine by editing the /usr/src/share/zoneinfo/datfiles/australasia file... I am not sure if I had a diff or not... I had `ci -l` the original file then `ci` again once it is done. It is only 3 lines of change anyway...
Re: Possible daytime saving bug?
2008/3/31, Edwards, David (JTS) [EMAIL PROTECTED]: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sunnz Sent: Monday, 31 March 2008 7:30 PM To: OpenBSD Misc Subject: Possible daytime saving bug? Hello, Running 4.2 here, and it seems like OpenBSD is one week early can it comes to turning off daylight saving time, it is already one hour slow and this should only happen next week. I looked at the errate for 4.2 but no such fix. There was one for the U.S. in 4.0. But here this is Australia/Canberra. So is this a bug or is there someone fixing this now? Or how can I fix this myself? Not a bug, unless it's a political one.. You need to update your timezone info. I used the instructions from here with some munging: http://www.twinsun.com/tz/tz-link.htm Thank you very much Dave, this is very helpful. I thought that the zoneinfo is part of the base system, and should be updated accordingly with an errata? I thought that because I saw an errata in 4.0 for US DST.
Re: PC Camera?
Hey guys, thanks for the replies... remember that my original intend was to build a cheap home monitoring/surveillance system using free open source softwares and OpenBSD just come to mind naturally... I mean, the goal is the capture live footage of your own house, who doesn't want it to be as secure as it can be!! So at least to me, things like Skype would be nice to communicate with your friends overseas... but I believe there are a lot more that can be done with webcams... from one of the previous post we can see there is a difference between a web cam and a camcorder in terms of size, cost, etc... web cam support can be a huge saving if you were to deploy a series of home monitoring/surveillance systems for your friends and neighbours. Also, web cams are a lot more easier to get hold of than camcorders, just imagine that you can just get a bunch of cheap stuff from a garage sale and build an ultra secure surveillance system out of it!! Besides I am merely asking for the current state of web cam support in OpenBSD... if there are things that are simply missing I like to know if someone is working on it or not... I am starting to learn about digital designs and hopefully, OS implementation soon... writhing a web cam driver may be a good way to learn about this and also as a way to contribute the OpenBSD hardware support... of course, I cannot make any actual promise. Well, perhaps the OpenBSD dev's may not want OpenBSD to bloat like Mac and have dozens of things everywhere, but more support for hardware should be always good, without hardware you can't do much no matter how good your OS is... after all, that's the whole point of an OS, right? -- This e-mail may be confidential. It may also be legally privileged. You may not copy, forward, distribute, disclose, or, use any part of it. If you haveb(received this message in error, please delete it and all copies from your systemb(and notify the sender immediately by return e-mail. Internet communicationsb(cannot be guaranteed to be timely, secure, error, or, virus-free. The sender do not accept liability for any errors, or, omissions. Nevertheless, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet.
Re: PC Camera?
2008/3/25, Lars NoodC)n [EMAIL PROTECTED]: Sunnz wrote: ... things like Skype would be nice to communicate ... *Like* skype but *not* actually skype itself, please. Skype is neither open source nor open protocol. Two strikes. It's got a rather bad security history. Three strikes. Try for FOSS programs, but if you can't do that, then at least use an open protocol so that those in your social network can at least choose. SIP is one such protocol. It's not in any stretch of the imagination a priority for me, but not something I can help with except maybe for testing. If you get that far, I'll try it. A web cam would be a nice addition to an embedded system or a desktop. Regards, -Lars Things like Skype, as in, application level software that makes use of a web cam with a working driver, that you use to communicate with your friends overseas or something. -- This e-mail may be confidential. It may also be legally privileged. You may not copy, forward, distribute, disclose, or, use any part of it. If you haveb(received this message in error, please delete it and all copies from your systemb(and notify the sender immediately by return e-mail. Internet communicationsb(cannot be guaranteed to be timely, secure, error, or, virus-free. The sender do not accept liability for any errors, or, omissions. Nevertheless, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet.
PC Camera?
Well well, I am basically interested to set up a home monitoring system with a PC, OpenBSD, and a Webcam... PC and OpenBSD I had it going, but what about the webcam? Are there much webcam support for it? I have plugged in my old webcam in to the USB port just to see what gives... it reports the ugen0 device, Vimicro Corp. PC Camera, rev 1.10/1.00, addr 10... if it got this far instead of being not configured, does it mean it has some support for it? What should I do next? Thanks.
Re: PC Camera?
2008/3/23, Girish Venkatachalam [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22:59:31 Mar 23, Sunnz wrote: Well well, I am basically interested to set up a home monitoring system with a PC, OpenBSD, and a Webcam... PC and OpenBSD I had it going, but what about the webcam? Are there much webcam support for it? I have plugged in my old webcam in to the USB port just to see what gives... it reports the ugen0 device, Vimicro Corp. PC Camera, rev 1.10/1.00, addr 10... if it got this far instead of being not configured, does it mean it has some support for it? What should I do next? What should you do next? Wait for webcam support to be added. Short of that I have no other advice. Perhaps one of these days someone will do it. I too want this. If it comes to it I might do it but don't count on it. - -Girish - -- unix soi qui mal y pense UNIX to him who evil thinks +--+ | GnuPG key : 0x48E0DA0A | http://wwwkeys.nl.pgp.net| | Fingerprint: B9AF 854C 154F DB3D BF33 2C2D 0FDF 3BAD 48E0 DA0A | +--+ iD8DBQFH5k5XD987rUjg2goRAn5bAJ9+v0od4wC/3C0o01r2TGQoGQm1lQCdGVe5 1X9o34I8SYPgcOUQuWexaDM= =durj -END PGP SIGNATURE- Ah, I guess my question is, what is missing link here... like... do we need driver for this to function? Do we need documentation to webcams so dev can write driver for it... or is a port missing that can actually take videos? -- This e-mail may be confidential. It may also be legally privileged. You may not copy, forward, distribute, disclose, or, use any part of it. If you haveb(received this message in error, please delete it and all copies from your systemb(and notify the sender immediately by return e-mail. Internet communicationsb(cannot be guaranteed to be timely, secure, error, or, virus-free. The sender do not accept liability for any errors, or, omissions. Nevertheless, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet.
Re: Samba(SMB) or Netatalk(AFP)?
My environment... I am not sure what kind of description is needed... but computers need to be first to authenticate and get an IP from OpenVPN before they can send any packets through the network... so I suppose I don't really need additional security from NFS? I still don't understand how the uid/gid thing works... are there any document about it? Last time I had NFS I had to keep ssh into the file server and change gid... so I guess I probably have not used it correctly? I never have heard of NIS... but how would that work with laptops, which are suppose to be portable and move between different networks everyday, that is, home, school and work for me.
Re: Samba(SMB) or Netatalk(AFP)?
2008/3/11, Karl Karlsson [EMAIL PROTECTED]: Just use the same uid/gid on the client as you have in your export file. As simple as that. But... the user account on the clients already has their own uid/gid... do I have to make new accounts? Or am I missing something?
Re: Samba(SMB) or Netatalk(AFP)?
Oh, so you need to change the user id on the client computers to use NFS properly... that seems kind of like a hack... is that the usual way NFS is used? What if there are multiple accounts on the client that you like to share?
Samba(SMB) or Netatalk(AFP)?
Basically I want to set up a network share on my OpenBSD box which my Mac laptops and Linux laptops can access to. Smb seems kind of weird in a environment with no M$ systems... however this is probably what I am most familiar with because I did it in the past on OpenBSD and it was a breeze to set up. I also tried out NFS in the past on OpenBSD. Got it to work but I don't really understand how it works. There aren't any form of authentication, just a list of IP that has access to it... which always seemed weird to me... that it uses whatever permission on the OpenBSD on the laptop, which doesn't really work out... like the group users can have a very different gid on Linux than on Mac. Maybe I am not using it correctly or understood how it is supposed to work? So now I am looking at AFP via Netatalk, which seem to be Unix like enough but have password authentication like Smb, and some suggested that it would have good performance with Mac... and Linux has support for it through FUSE... however I have no experience with it... is it good or not? So I can't decide what to do at this moment... I'll most likely are going to try out netatalk... but if you have a similar environment, like one without much concern for M$, please suggest what would you do for file sharing, and why thanks a lot!!
Re: PCI Gigabit card suggestion?
Thanks for the suggestions guys, I'll be getting a DLink DGE-530T sk(4) tomorrow, will be how it goes!
PCI Gigabit card suggestion?
Hi I have been looking at: http://www.openbsd.org/cgi-bin/man.cgi?query=gigabitapropos=1sektion=0manpath=OpenBSD+4.2arch=amd64format=html However I am very puzzled... can someone please tell me which chipset you found that worked the best for you and if possible, which model of the brand you have brought after all? I am kind of scared of the bugs and caveat sections in some of the drivers... are they a show stopper at all? But yea I'll need to buy a new PCI Gigabit Ethernet anyway so why not go for the best supported one? -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: PCI Gigabit card suggestion?
Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was wondering which brand/model are best supported by OpenBSD... in terms of documentaion by the vendor and performance by the device. Thanks.
Re: ports.openbsd.nu
2008/2/11, Fredrik Carlsson [EMAIL PROTECTED]: Edd Barrett vext01 at gmail.com writes: The owner forgot to renew it and I can't reach him, so the site has moved to http://openports.se Regards Fredrik Carlsson Since it is not renewed is it possble for someone else to take over it? I'll take it and redirect it to the new url if that's the case. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Concurrecnt PPPoE(4)?
So, as per my understanding so far, packets are routed correctly from internet to pppoe0, but responses from pppoe0 are going through pppoe1 which is wrong... So... 1) internet packets pppoe0 got through correctly and worked. 2) pppoe0 response pppoe1 wrong and dropped by the ISP. And I need to change 2) to... 3) pppoe0 response pppoe0 Or am I terribly wrong?
Re: Concurrecnt PPPoE(4)?
2008/1/20, Jussi Peltola [EMAIL PROTECTED]: On Sun, Jan 20, 2008 at 07:13:02AM +0200, Jussi Peltola wrote: On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote: pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ from any to pppoe0 I don't think that will work. Anyone trying to reach pppoe0 will not get routed out on pppoe1. Hmm, actually that rule is almost correct, and I ended up getting confused... What you probably mean is: pass out on pppoe1 route-to (pppoe0 pppoe0:peer) from pppoe0 to any Hey, I have tried the following: reply-to: 1) pass in on pppoe0 reply-to pppoe0 from any to pppoe0 It just works, both traceroute, ping, and ssh route-to 2) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any 3) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any 4) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any pass in on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0 pass in on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0 2) 3) and 4) works with traceroute and ping from the outside, but not ssh. So, do I need to use some kind of packet management with tag to get route-to to work? Or would using reply-to suffice? What I am worried about is this section from pf.conf(5): reply-to The reply-to option is similar to route-to, but routes packets that pass in the opposite direction (replies) to the specified inter- face. Opposite direction is only defined in the context of a state entry, and reply-to is useful only in rules that create state. It can be used on systems with multiple external connections to route all outgoing packets of a connection through the interface the in- coming connection arrived through (symmetric routing enforcement). Opposite direction is only defined in the context of a state entry, and reply-to is useful only in rules that create state. - as far as I know of, only TCP connections has states, but not UDP... so what I am worried about is that reply-to does not work with UDP connections? I don't have a UDP service to test this out now, but I probably will have some UDP service in the future. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Concurrecnt PPPoE(4)?
2008/1/21, Sunnz [EMAIL PROTECTED]: route-to 2) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any 3) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any 4) pass out on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from pppoe0:0 to any pass out on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from pppoe1:0 to any pass in on pppoe1 route-to (pppoe0 (pppoe0:0)) inet from any to pppoe0:0 pass in on pppoe0 route-to (pppoe1 (pppoe1:0)) inet from any to pppoe1:0 2) 3) and 4) works with traceroute and ping from the outside, but not ssh. Oh, what was I thinking!! it should be like pass out on pppoe1 route-to (pppoe0 (pppoe0:peer)) inet from pppoe0:0 to any ^^ Right? Ok I just tested that one out as well... does not work neither... (with 2,3,4) -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Concurrecnt PPPoE(4)?
2008/1/21, Jussi Peltola [EMAIL PROTECTED]: pf keeps state on UDP (and ICMP) just fine. -- Jussi Peltola Oh I see, that's very nice, thanks for all the help everyone! -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: So, is there a sure way to delete a file? (Was Re: UNIX way of undeleting files?)
2008/1/19, bofh [EMAIL PROTECTED]: On Jan 18, 2008 4:28 PM, Ted Unangst [EMAIL PROTECTED] wrote: On 1/18/08, Sunnz [EMAIL PROTECTED] wrote: From what I understand, if foo isn't the last hard link to the file, and `rm foo` will NOT delete the file... what does it matter if somebody keeps a link to it? if you have idiot users who insist on using broken software, you have bigger problems. what if they download the old version and compile it themselves? I think he means sshd. And it really doesn't matter, once you make install, you'll overwrite the vulnerable copy with the new one, and all the hardlinks won't matter, because they'd be linked to the new file. Nice, that's interesting to know. If you're worried about someone writing a program that'll walk the entire drive and find all the sectors that were in use, and attempt to string them together - think about it for a while, is this truly a problem for you? If it is, either hire someone (or convince someone) to write a program to wipe this out for you, or choose another OS where such a program exist. Nope. It is not so about worrying... really, I am more curious about if such thing script/program exist or not, or what the security implication are all about - after reading all those delete free space threads.