Hello all,
I would like to increase some IPC values on my OpenBSD 3.9 box. These
parameters need to be changed for Squid.
When I look at the current values I receive next result
[EMAIL PROTECTED] [/etc/squid] # ipcs -Q
msginfo:
msgmax: 16384 (max characters in a message)
msgmni
On Mon, Jun 19, 2006 at 09:43:59AM +0200, Vincent Blondel wrote:
> Hello all,
>
> I would like to increase some IPC values on my OpenBSD 3.9 box. These
> parameters need to be changed for Squid.
>
> When I look at the current values I receive next result
>
> [EMAIL PROTECTED] [/etc/squid] # ipcs
On Sat, Jun 17, 2006 at 01:41:27AM +, Travers Buda wrote:
> Looks like a crappy bios (pardon the redundancy,) try
>
> boot> boot -c
>
> UKC > disable pcibios
> UKC > quit
this obviously has nothing to do w/ pcibios.
disable ipmi would be a better solution.
i think this was fixed in -current
Lawrence Horvath wrote:
Im having alittle trouble with my queues in PF i have the following in
my pf.conf
altq on tl0 cbq bandwidth 100Kb queue {all}
queue all bandwidth 100% {default}
pass out on tl0 from any to any queue all
pass in on tl0 from any to any
however i get the following:
$ sud
On Mon, Jun 19, 2006 at 10:43:10AM +0200, mickey wrote:
> On Sat, Jun 17, 2006 at 01:41:27AM +, Travers Buda wrote:
> > Looks like a crappy bios (pardon the redundancy,) try
> >
> > boot> boot -c
> >
> > UKC > disable pcibios
> > UKC > quit
>
> this obviously has nothing to do w/ pcibios.
>
On Sun, Jun 18, 2006 at 09:24:24PM +0100, poncenby wrote:
> On 17 Jun 2006, at 11:24, Joachim Schipper wrote:
>
> >On Thu, Jun 15, 2006 at 10:47:40PM +0100, poncenby wrote:
> >>quick one for you knowledgeable chaps/chapesses...
> >>
> >>If one does not have OpenBSD installed how would one obtain a
On Sun, Jun 18, 2006 at 08:49:09PM -0400, Nick Guenther wrote:
> On the other hand, realize that no one asked you in the first place,
> you provided your list voluntarily (without even being prompted by a
> single 'so?'). No one "asked you to defend" your opinion. Anyway, you
> should care why Joac
On Mon, Jun 19, 2006 at 10:29:06AM +0100, Craig Skinner wrote:
> On Mon, Jun 19, 2006 at 10:43:10AM +0200, mickey wrote:
> > On Sat, Jun 17, 2006 at 01:41:27AM +, Travers Buda wrote:
> > > Looks like a crappy bios (pardon the redundancy,) try
> > >
> > > boot> boot -c
> > >
> > > UKC > disabl
Hello,
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way. Chrooting it to /var/www/mysql would not
be secure too.
The problem could be solved creating pseudo device fo
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
> I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> but web applications could access mysql server only by network, which is
> not the most secure and fast way.
What's not secure about binding to localhost only?
---
L
On 2006/06/19 11:34, Joachim Schipper wrote:
> This has been covered over and over in the archives, but some
> highlights:
>
> fvwmthe default, in base: this is not the newest version, as
> fvwm switched to GPL. It's quite usable.
It's also lighter on system resources than some people mi
On 6/19/06, Lars Hansson <[EMAIL PROTECTED]> wrote:
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
> I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> but web applications could access mysql server only by network, which is
> not the most secure and fast way.
Wha
Ok, I also saw these values but which one correspond to those I want ?
Vincent.
[EMAIL PROTECTED] [/root] # sysctl -a |egrep 'seminfo'
kern.seminfo.semmni=10
kern.seminfo.semmns=60
kern.seminfo.semmnu=30
kern.seminfo.semmsl=60
kern.seminfo.semopm=100
kern.seminfo.semume=10
kern.seminfo.semusz=100
On Monday 19 June 2006 19:09, knitti wrote:
> protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
> if you use some php stuff (any php sutff ;) and talk to mysql, you can
> manipulate the db by sql injection.
And? This has nothing to do with
> On Behalf Of Marc Espie
> On Mon, Jun 19, 2006 at 09:43:59AM +0200, Vincent Blondel wrote:
> > Hello all,
> >
> > I would like to increase some IPC values on my OpenBSD 3.9
> box. These
> > parameters need to be changed for Squid.
> >
> > When I look at the current values I receive next result
> I'm still not clear on exactly why a domain socket is more secure than a
> localhost tcp socket. Faster? Sure, but probably not by an amount that
> matters. More secure? I really don't see how in this case.
Okay, why we should it listen to unneded port? Somebody could insensibly
redirect packets
Hello everybody,
Tec-Note: OpenBSD-3.9 STABLE on amd64
The -ui Switch for pkg_add is a realy "wonderfull" development but it
needs updated Packages at the FTP.
Just some examples from Software updated using Ports:
Candidates for updating clamav-0.88.2 -> clamav-0.88
Candidates for updating cups-
> I am not sure as I have not tried it, but I think mySQL creates its unix
> socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would access mysql
data?
On Mon, 19 Jun 2006 13:09:20 +0200
knitti <[EMAIL PROTECTED]> wrote:
> On 6/19/06, Lars Hansson <[EMAIL PROTECTED]> wrote:
> > On Monday 19 June 2006 18:12, Martynas Venckus wrote:
> > > I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> > > but web applications could acce
Martynas Venckus wrote:
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would access mysql
data?
Can you elaborate on this? I don't get it.
On Mon, 19 Jun 2006 13:12:20 +0300 (EEST)
"Martynas Venckus" <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
> but web applications could access mysql server only by network, which is
> not the most secure and fast way. Chrooting i
On 6/18/06, Han Boetes <[EMAIL PROTECTED]> wrote:
Nick Guenther wrote:
> You are angry, understandably.
Why do you assume I am angry? I am not. Don't you know how uncivil
it is to make assumptions on other peoples emotions?
> You've put a lot of work into your system and now you're being
> tol
On Mon, 19 Jun 2006 15:06:53 +0300 (EEST)
"Martynas Venckus" <[EMAIL PROTECTED]> wrote:
> > I am not sure as I have not tried it, but I think mySQL creates its unix
> > socket *before* it calls chroot() [or can be very easily fixed anyways].
>
> No it can't create socket before chroot(), then how
Dear All,
Everything is working now: caching DNS server, pf, dhcp, and
tinyproxy.
For the record, these really were my friends:
1. pfctl -g -s rules | grep '^@'
2. tinyproxy compiled with --enable-debug
3. this list (awe shucks!)
Tinyproxy.conf ended up being the culprit but not without a
Nick,
I think you may be correct in your assumption that the HP Kayak implementation
of the AIC 7880 is a bit flaky. I enabled drive-powered termination and even
swapped the drive out for another of a different type, but the problem
remained.
There are no additional terminators in the chain apart
Hi all,
I've been having a headache using the round-robin with the
sticky-address option. I do have two exit links, and I'm doing load
balancing with the round-robin on the outgoing packets from the internal
net and from my other 2 dmz's. This setup works perfectly with some
exceptions. Th
On 2006/06/19 13:55, [EMAIL PROTECTED] wrote:
> Tec-Note: OpenBSD-3.9 STABLE on amd64
>
> The -ui Switch for pkg_add is a realy "wonderfull" development but it
> needs updated Packages at the FTP.
>
> Just some examples from Software updated using Ports:
> Candidates for updating clamav-0.88.2 ->
Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
Hi all,
[.. cut ..]
Then, when i putted the sticky-address in the main firewall, strange
things happened. The source-tracking states were created, but the
machines, sometimes, were directed to the other link, not the one in the
source-track.
Berk D. Demir wrote:
> Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
>> Hi all,
>> [.. cut ..]
>> Then, when i putted the sticky-address in the main firewall, strange
>> things happened. The source-tracking states were created, but the
>> machines, sometimes, were directed to the other link, n
> On 2006/06/19 13:55, [EMAIL PROTECTED] wrote:
>> Tec-Note: OpenBSD-3.9 STABLE on amd64
>>
>> The -ui Switch for pkg_add is a realy "wonderfull" development but it
>> needs updated Packages at the FTP.
>>
>> Just some examples from Software updated using Ports:
>> Candidates for updating clamav-0.
Then you might tell me why, even with a source track entry set directing
traffic from one internal ip to one specific gateway, the packets
sometimes are redirected to the other gateway?
Because source tracking entries lives with state entries. As soon as the
state between the peers expire, your
> It`s not so easy to update all machines using the ports
> Easy == like pkg_add -ui :-/
I love the OpenBSD package/ports system. 3 developments that I
discovered recently:
1. pkg_add -ui, but it has deficiencies (such as no -stable packages for
sparc64)
2. /usr/ports/infrastructure/build/out
On 6/19/06, Alexander Hall <[EMAIL PROTECTED]> wrote:
Lawrence Horvath wrote:
> Im having alittle trouble with my queues in PF i have the following in
> my pf.conf
>
>
> altq on tl0 cbq bandwidth 100Kb queue {all}
> queue all bandwidth 100% {default}
> pass out on tl0 from any to any queue all
>
On Mon, 19 Jun 2006 15:04:06 +0300 (EEST) "Martynas Venckus" <[EMAIL
PROTECTED]> wrote:
> > I'm still not clear on exactly why a domain socket is more secure than a
> > localhost tcp socket. Faster? Sure, but probably not by an amount that
> > matters. More secure? I really don't see how in this
Hello!
On Mon, Jun 19, 2006 at 08:54:22AM -0700, Lawrence Horvath wrote:
>[...]
>$ sudo pfctl -ef /etc/pf.conf
>Password:
>/etc/pf.conf:39: syntax error
>/etc/pf.conf:41: syntax error
>/etc/pf.conf:43: syntax error
>pfctl: Syntax error in config file: pf rules not loaded
>$
>39: altq on tl0 cbq
Sebastian: you screwed up the attributions. That makes things (more)
confusing. Fix your MUA.
On Mon, Jun 19, 2006 at 05:10:21PM +0200, [EMAIL PROTECTED] wrote:
> > You can do this the other way round, and make ports use packages
> > where possible; see FETCH_PACKAGES in bsd.port.mk(5).
>
> Bad i
Will Maier [2006-06-19, 11:04:00]:
> Yes, they are. Packages are built for stable, too, if security
> updates are backported to the stable ports tree. What's the problem
> here?
note that due to lack of resources, updated -stable packages are only
built for the i386 platform.
you can build your o
Berk D. Demir wrote:
> Because source tracking entries lives with state entries. As soon as the
> state between the peers expire, your source tracking entry also
> disappears by default.
> Setting the time out "src.track" to any value other than zero (0) (whic
> is the default value) will tell the
On Mon, Jun 19, 2006 at 05:10:21PM +0200, [EMAIL PROTECTED] wrote:
> Or, the other solution, would be enable pkg_add -ui (maybe with another
> argument to use Ports) using the Port-system to update.
The interface will use PKG_PATH. After all, using ports is just another
kind of url, similar to ftp
On 6/19/06, Lars Hansson <[EMAIL PROTECTED]> wrote:
On Monday 19 June 2006 19:09, knitti wrote:
> protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
ouch, snafu. sorry, I misunderstood. I don't think there's
any practical security differe
Dear all,
Historically, Berkeley Software Distribution (BSD) was one of the first
reimplementation of the UNIX AT&T platform and it later became one of
the key components of the Open Source movement. BSD has been the base
for many different operating systems, most notably FreeBSD, NetBSD,
OpenBSD,
Okay, everything works like a charm.
I chrooted mysql using chroot(8), than created pseudo file, and 2 vnode
disks.
Then mount {vnode disk} /{chroot path}/var/run/mysql && mount -f {vnode2
disk} /var/www/var/run/mysql.
Hi,
I have some troubles with a Cisco-Linksys Wireless-G ProtableUSB
Adapter, rev 2.00/0.04, addr 2, MAC/BBP RT2571 (rev 0x03), RF RT2526
After some hours the card go down or the computer crash (kernel panic)
- In dmesg i have this if i don't use the card :
ehci_sync_hc: tsleep() = 35
ehci_sync_
I was wondering if anyone knew why there had been two versions of
001_sendmail.patch for 3.9.
When the patch was first released, I downloaded it and updated some of
my systems. This was the patch I downloaded:
http://erdelynet.com/downloads/3.9/001_sendmail.patch-ver1
The file from when 001
Hi all,
I'm trying to apply the latest patch for sendmail and on my "make", I get
the following error:
cc -O2 -pipe -DSTARTTLS -DMILTER -DFAST_PID_RECYCLE -D_FFR_USE_SETLOGIN
-DSM_OMIT_BOGUS_WARNINGS -DNEWDB -DMAP_REGEX -DNETINET6 -DNEEDSGETIPNODE
-DSM_CONF_SHM -DNIS -DTCPWRAPPERS
-I/usr/src/gnu
Monah Baki wrote:
Hi all,
I'm trying to apply the latest patch for sendmail and on my "make", I get
the following error:
cc -O2 -pipe -DSTARTTLS -DMILTER -DFAST_PID_RECYCLE -D_FFR_USE_SETLOGIN
-DSM_OMIT_BOGUS_WARNINGS -DNEWDB -DMAP_REGEX -DNETINET6 -DNEEDSGETIPNODE
-DSM_CONF_SHM -DNIS -DTCPWRA
PILAR - CAPITAL (y Gran Buenos Aires)ENCOMIENDAS - SOBRES MINI-FLET -
TRAMITES VARIOSMERCADERIA, CAJAS, MUEBLES, ETCServicio puerta a puerta.
Pilar a Capital dde. $ 20.- (puerta a puerta): Consultar otras zonas: Lujan
- Gral Rodriguez y mas Absoluta confianza. Servicio especial a comercios
y countr
On 6/15/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi, I have tried to follow the source code and and have been unable to add a
variable.
Is there a step by step guide any where?
I want to have a counter (int) and an array[1000] of bytes.
you probably want two sysctls. one using sysct
I have a Soekris net4801 box running as a firewall for a friend of mine that
runs a small business (about 5 employees). The ruleset is quite simple in
that he does not run any internal servers, so I pretty much block all
inbound traffic and allow all traffic back out. For inbound traffic I have
t
Peter Bako wrote:
I have a Soekris net4801 box running as a firewall for a friend of mine that
runs a small business (about 5 employees). The ruleset is quite simple in
that he does not run any internal servers, so I pretty much block all
inbound traffic and allow all traffic back out. For inbo
RGS
Componentes VEA LAS OFERTAS EN COMPUTACION Y ELECTRONICA
Monitores - Camaras Digitales - MP3 - MP4 - DVD's - Memorias
ENVMOS AL INTERIOR DEL PAMS
Uruguay 390 Cap. Fed. Tel./Fax 011 - 4371-8594
Contactese: [EMAIL PROTECTED]
COMPUTACION - Junio 2006
Codigo Fabricante Producto Dolares
Kits'
Hello misc@,
I stumbled across a problem with all X terminal emulators in OpenBSD
(that is xterm and aterm, eterm and rxvt from ports).
None of the above seems to support 256 colors. I tried various
combinations of $TERM (xterm, xterm-color, xterm-xfree86,
xterm-256color) with all the terminals, r
On Mon, Jun 19, 2006 at 08:39:05PM -0700, Peter Bako wrote:
>
> However I've noticed that if more than one or two people are getting email
> from their ISP (standard pop3), then the third person to try to get email
> will get an error that the server could not be reached.
- tcpdump on the soekri
53 matches
Mail list logo
