Re: openbsd and the money

2006-03-24 Thread frantisek holop
hmm, on Thu, Mar 23, 2006 at 08:13:44PM +0100, frantisek holop said that
> hmm, on Thu, Mar 23, 2006 at 11:23:02AM -0700, Theo de Raadt said that
> > > it would be interesting to know about how MUCH money donated
> > > to the openbsd project you all are REALLY talking here...
> > 
> > Sad, eh.  350 donation transactions in one month.  I had no idea
> > that the OpenSSH deployment on the planet was that small.  I
> > suspected it to be much higher:
> > 
> > http://openssh.com/usage/graphs.html
> 
> i am really not entitled to judge you, except the creator
> no one is.  but answer me frankly please, do you think
> that the "legend" of your personality is helping to raise
> funds for the project?


for anybody who thought this was nothing else that my
personal attack on Theo, which it was not, i highly
recommend the slashdot reactions to see why some people
refrain from donating.  and it doesn't matter a bit
if it's true or not what they are saying.  the result
is the important.


and to everyone who thinks _only_ and _only_ and _only_
code quality is what matters, think about this:

"Anyone who has ever decided not to go back to a resturaunt
that has good food because of shitty service is in the same
boat here."

-f
-- 
millisecond:  delay between a green light and honking horn.



Re: openbsd and the money

2006-03-24 Thread Anton Karpov
I think, if we skip all the whinning, the one straight question from
Frantisek Holop which is not yet clarified is why devs makes so
cantradictory statements: "we do code FOR OURSELVES, AND if you like it, you
are free to use it" and "we THANK you with code (e.g. 'we code FOR YOU
instead of giving you sweet words')". The first one is for "losers in misc@"
and the second one is for the time when it comes to money...
in my HUMBLE opinion, such statements are pretty different...

p.s.: dont' blame me, i'm just trying to make it clear...



Re: art(4): Link change recorded where? (one short note)

2006-03-24 Thread Toni Mueller
Hello Theo,

On Fri, 17.03.2006 at 16:44:58 -0700, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> Then the entire idea is to improve the drivers to erradicate this
> special treatment that makes them believe that they should syslog
> of kernel printf us to death.  That is not the solution you want.

this is a bit confusing to me. Is "improving the drivers" or "printf us
to death" not the solution I want?

Either way, if anything is really logging someone to death, then there
are probably bigger problems than copious logging ahead. Ie, normally,
such a state transition on a WAN link should occur at a frequency of
less than once a week, but rather once or twice a year.  I can't
imagine how such infrequent events could lead to system or
administrator overload due to the volume of logged data. But then I
still may be missing something.

> Fixing this will require a framework.  Not just kernel printf.

Do you have something specific on your mind?


Best,
--Toni++



Re: Site indexing application

2006-03-24 Thread Gabriel George POPA

Frank Denis wrote:


Le Tue, Mar 21, 2006 at 02:18:10PM +0200, Gabriel George POPA ecrivait :


Frank Denis wrote:



Yes, very interesting. But I was looking for a very secure, highly 
proven solution, prepackaged for OpenBSD with Apache chrooted.



 Well, Hyper Estraier is far from being a beta project. It's an evolution
of Estraier, itself based upon Snatcher, whoose work began 6 years 
ago. The

code is very clean, it works and it's fast.

 The code of Mnogosearch (and DPsearch since it's based upon it) is 
messy and

designed in a totally insecure and unreliable way. I had a hard time last
year with it in order to add various hacks to have it work with our 
blog web

site (skyblog.com). There were many ways to get it die with segmentation
faults. And the indexer wasn't always able to resume its activity after a
crash. Plus Mnogosearch doesn't scale as well as advertised.
 OTOH, Hyper Estraier scales really well.
 
 It just needs an OpenBSD port.


I installed Hyper Estraier but now, because it is in chroot, it cannot 
find the libraries it depends on. I had this problem quite a few times
with different programs. I did not have the time to solve it (with other 
programs too). What do I do: ldconfig? This is the standard method?

ldconfig with what params? Or maybe it's better to set the LD_LIBRARY_PATH?

 
George




Re: Bank transfers for donating

2006-03-24 Thread Toni Mueller
Hello,

one more note:

On Fri, 24.03.2006 at 01:14:34 +0100, Ingo Schwarze <[EMAIL PROTECTED]> wrote:
> > So we have setup a bank account, and people can use the following
> > information for IBAN and SWIFT/BIC transfers:
> > http://www.openbsd.org/bank-donation.html
> 
> Thanks!  This is quite useful from a European point of view.

If you are a business and have trouble getting the donation into your
tax statement, then just order something from Wim and donate at the
same time.

(Background: OpenBSD is not a charity according to at least German tax
law.)


Best,
--Toni++



Re: OpenBSD and the money

2006-03-24 Thread Toni Mueller
Hello,

On Thu, 23.03.2006 at 16:26:04 -0500, Peter Fraser <[EMAIL PROTECTED]> wrote:
> To get money from the government you have to work with
> professionals consultants.  The good ones are expensive, 
> but they do work on a contingency basis.

I don't agree, generally. This whole idea seems misbegotten to me. Try
to name at least one incentive for Alberta to fund a project where the
financial benefits will largely be reaped outside of Alberta.

I don't expect OpenBSD to ever be the major taxpayer of whatever
country or state you name.


Best,
--Toni++



Re: Sendmail security problem

2006-03-24 Thread Alexey E. Suslikov

Claus Assmann wrote:


On Thu, Mar 23, 2006, Alexey E. Suslikov wrote:



All I know, sendmail.org says I can not patch versions below
8.13.5:



That's wrong. See the 8.13.6 note:

   and 8.12 are availabe at our FTP site. However, note that those
   patches do not (cleanly) apply to versions other than 8.13.5 and
   8.12.11, respectively, at least the patch for sendmail/version.c will
   fail, but that can be ignored. Moreover, these patches may not even
   work with older version as there have been other changes before.

That is, you can apply the patch and if only version.c fails,
then you can give it a try. However, sendmail.org won't provide
support for such a patched version.


what wrong?

can you trust this patched version, if even sendmail.org says "these
patches may not even work with older version"?



Re: Site indexing application

2006-03-24 Thread Gabriel George POPA

Gabriel George POPA wrote:


Frank Denis wrote:


Le Tue, Mar 21, 2006 at 02:18:10PM +0200, Gabriel George POPA ecrivait :


Frank Denis wrote:



Yes, very interesting. But I was looking for a very secure, highly 
proven solution, prepackaged for OpenBSD with Apache chrooted.




 Well, Hyper Estraier is far from being a beta project. It's an 
evolution
of Estraier, itself based upon Snatcher, whoose work began 6 years 
ago. The

code is very clean, it works and it's fast.

 The code of Mnogosearch (and DPsearch since it's based upon it) is 
messy and
designed in a totally insecure and unreliable way. I had a hard time 
last
year with it in order to add various hacks to have it work with our 
blog web

site (skyblog.com). There were many ways to get it die with segmentation
faults. And the indexer wasn't always able to resume its activity 
after a

crash. Plus Mnogosearch doesn't scale as well as advertised.
 OTOH, Hyper Estraier scales really well.
 
 It just needs an OpenBSD port.


I installed Hyper Estraier but now, because it is in chroot, it cannot 
find the libraries it depends on. I had this problem quite a few times
with different programs. I did not have the time to solve it (with 
other programs too). What do I do: ldconfig? This is the standard method?
ldconfig with what params? Or maybe it's better to set the 
LD_LIBRARY_PATH?


 
George



Oh, well, I discovered how to solve this problem:
# ldconfig 
-r
// (we notice that libraries that are used by Hyper Estrayer are not here)

# ldconfig /usr/lib /usr/local/lib /usr/X11R6/lib
# mkdir -p /var/www/var/run
# chown -R 0755 /var/www/var
# cp -Rp /var/run/ld.so.hints /var/www/var/run

That's all. Then in a browser:
http:///cgi-bin/estseek.cgi

Finally, I leart how to deal with this chrooted Apache.

  
Yours in BSDness,
   
George




Re: Locking processes/users to CPUs in SMP systems

2006-03-24 Thread Joachim Schipper
On Thu, Mar 23, 2006 at 09:48:05PM -0500, rjn wrote:
> I was just wondering, is it possible to lock a process or user to a
> specific CPU in an SMP system?
> 
> Say for example, I had a database and a web server and I wanted to
> lock each one to a CPU.  Or that I only wanted user 'johndoe' to be
> able to use a second CPU?
> 
> Thanks in advance.

AFAIK, this is not possible. However, it *is* possible to set resource
limits (see /etc/login.conf), which can be used to get similar results.

Joachim



Re: Copying stuff into chroot (was: Site indexing application)

2006-03-24 Thread Joachim Schipper
On Fri, Mar 24, 2006 at 11:06:04AM +0200, Gabriel George POPA wrote:
> Frank Denis wrote:

> I installed Hyper Estraier but now, because it is in chroot, it cannot 
> find the libraries it depends on. I had this problem quite a few times
> with different programs. I did not have the time to solve it (with other 
> programs too). What do I do: ldconfig? This is the standard method?
> ldconfig with what params? Or maybe it's better to set the LD_LIBRARY_PATH?

I use something like the following for copying stuff into chroot. Note:
this works for me, but might not do in certain corner cases.

Glue aside, use ldd to figure out which libraries are needed and copy
those.

This was just a quick hack. Being a shell script, it is also quite
inefficient - mostly due to the fact it starts lots of programs. I might
one day create a Perl implementation, which would be much faster.

Any comments are welcome, as always.

One noteworthy thing is that it attemps to synchronize directories -
notably, it will delete anything from the destination directory not
found in the source directory. One other noteworthy thing is that it
Does not clear old libraries.

## BEGIN ##
#!/bin/sh

# Syntax:
#   cpchroot file1 [file2 [file3 ...]]
#
# Copies all files, which should be given as a fully qualified path, into the
# corresponding directory relative to the current directory.
#
# As a special case, when the file being copied is a dynamically linked
# executable, also copy any libraries it depends on.
#
# Any directories required are created.
#
# When a directory is given as an argument, cpchroot is applied to all files in
# the directory, and the directory is then searched for any files that are not
# in the original

umask 022

LIBS=""
ERROR=0
TMP1=`mktemp` || exit 1
TMP2=`mktemp` || exit 1

smartcp() {
RELATIVE_BASE=`dirname "$1" | sed -e 's/^\///'`
if ! [ -e "$RELATIVE_BASE" ]; then
install -d "$RELATIVE_BASE" || ERROR=1;
fi
if [ ! -e ".$1" -o \( -f "$1" -o -h "$1" \) -a ".$1" -ot "$1" ]; then
echo "cp $1 `pwd`$1";
cp "$1" ".$1" || ERROR=1;
fi
}

exit_and_clean() {
rm $TMP1 $TMP2
exit $1
}

if [ $# -eq 0 ]; then
echo "$0 cannot be called with zero arguments" >&2;
echo "Syntax: $0 file1 [file2 [file3 ...]]" >&2;
exit_and_clean 127
fi

echo "Don't run just any script off the internet!" >&2;
if [ `id -u` -eq 0 ]; then
echo "AND ESPECIALLY NOT AS ROOT!" >&2;
fi
exit 127

for i in "$@"; do
if ! [ -e "$i" ]; then
echo "File $i not found" >&2;
exit_and_clean 2;
fi
if ! echo $i | grep '^\/' >/dev/null; then
echo "File $i not given as absolute path" >&2;
exit_and_clean 2;
fi
done

# Okay, our input is sane. Now let's get to it.
for i in "$@"; do
if [ -d "$i" ]; then
# Recursively descend into the directory
find "$i" ! -type d -print0 | xargs -0 $0;
# Remove any fluff
find "$i" | sed -e 's/^/./' | sort > $TMP1
find ".$i" | sort > $TMP2
if ! cmp $TMP1 $TMP2 >/dev/null; then
for i in `diff -u $TMP1 $TMP2 | sed -ne '1,2d' -e 
's/^+//p'`; do
echo "rm -rf $i" | sed -e "s/\.\//`pwd`/";
rm -rf $i;
done
fi
else
if file "$i" 2>/dev/null | \
  grep 'ELF.*executable.*dynamically linked' >/dev/null; then
LIBS="$LIBS `ldd \"$i\" | sed -e '1,3d' -e 's/.* //' 
2>/dev/null`";
fi
smartcp "$i"
fi
done

if [ "x$LIBS" != "x" ]; then
LIBS=`echo $LIBS | sort | uniq`
for i in $LIBS; do
smartcp "$i"
done
fi

exit_and_clean $ERROR
## EOF ##

As to the legalese: this script is hereby placed into the public domain,
so feel free to do as you please with it. I'd strongly suggest not
altering certain features when publishing it on the internet, though.

Joachim



Re: openbsd and the money

2006-03-24 Thread Grégoire Welraeds
quote from the "openbsd and the money -solutions":
[quote]
> I offer to do the administration.

Who the fuck are you? Nobody, that's who.
[/quote]

Usual stuff on [EMAIL PROTECTED]

Even if one does not agree with the suggestion, is that a way of
replying? The only thing it does is frustrate people, "disband" the
so-called community and eventually send people away from the project.
Code and funding have nothing to do with that.

--
Grigoire



Re: openbsd and the money -solutions

2006-03-24 Thread chefren

On 03/24/06 04:17, Theo de Raadt wrote:

http://www.digg.com/linux_unix/OpenBSD_needs_a_major_donor
http://bsd.slashdot.org/article.pl?sid=06/03/21/1555243


..


These donations from individuals are really great.  The community is
great.  Thanks a lot.

But we know this is the wrong way to fund OpenBSD, OpenSSH, and our
other subprojects in the long term, and that the Unix (and maybe even
Linux) vendors who ship OpenSSH in their products should be helping
with at least a few pennies of the millions and millions of dollars we
have saved them.


This is whining and it isn't very sure because you have no idea what 
alternatives for the free OpenSSH product would have cost.



How many vendors are shipping another SSH implimentation?


Currently there is one version that is a little better than others, good enough 
and freely available. Not that strange other people aren't interesting in 
shipping other versions.




Therefore Damien and I have just sent these two mails to a few
mailing lists:

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=114316163313701&w=2
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=114316224627520&w=2

I suspect that conversation is not over.


You need to automatically repeat the message, beg at the right places, for 
example at the FTP site, at least via http to ftp.openbsd.org no entrance 
without clicking away a "want it better? donate now" screen with paypall and 
credit card buttons.


Beg at the places where people ask you to actually hand them over a free copy of 
the software.


Demand something like $50 a year for access to the ftp.openbsd.org now!!!

+++chefren



3Ware 9500S-12

2006-03-24 Thread Michał Koc

Hello,

can someone confirm that 3Ware 9500S-12 does or does not work with 
OpenBSD ?


I'd also appreciate any suggestion about 12-channel sata raid solutions.

Regards
M.K.



copying software from the official iso

2006-03-24 Thread Gilles LAMIRAL
Hello,

Can I do a 

dd if=/dev/cdrom of=obsd.iso

and redistribute it  ?
(the audio track is away)

-- 
Au revoir,02 99 64 31 77
  06 20 79 76 06
Gilles Lamiral. France, Chavagne (35310)  08 72 27 33 66



Re: copying software from the official iso

2006-03-24 Thread Bernd Schoeller
On Fri, Mar 24, 2006 at 12:43:59PM +0100, Gilles LAMIRAL wrote:
> Hello,
> 
> Can I do a 
> 
> dd if=/dev/cdrom of=obsd.iso
> 
> and redistribute it  ?
> (the audio track is away)

http://www.openbsd.org/faq/faq3.html#ISO

*sigh*

Bernd



Re: copying software from the official iso

2006-03-24 Thread Joachim Schipper
On Fri, Mar 24, 2006 at 12:43:59PM +0100, Gilles LAMIRAL wrote:
> Hello,
> 
> Can I do a 
> 
> dd if=/dev/cdrom of=obsd.iso
> 
> and redistribute it  ?
> (the audio track is away)

Please don't, it's one of the few sources of income the project has.

As to legality, search the archives - this question is not exactly new.

Joachim



Re: copying software from the official iso

2006-03-24 Thread Tom Cosgrove
>>> Gilles LAMIRAL 24-Mar-06 11:43 >>>
>
> Hello,
>
> Can I do a 
>
> dd if=/dev/cdrom of=obsd.iso
>
> and redistribute it  ?
> (the audio track is away)

No.  Do not do this.  The CD layout (not just the song) is copyrighted.

For more information see the FAQ entry
http://www.openbsd.org/faq/faq3.html#ISO

Thanks

Tom



Re: Locking processes/users to CPUs in SMP systems

2006-03-24 Thread mickey
On Thu, Mar 23, 2006 at 09:48:05PM -0500, rjn wrote:
> I was just wondering, is it possible to lock a process or user to a
> specific CPU in an SMP system?
> 
> Say for example, I had a database and a web server and I wanted to
> lock each one to a CPU.  Or that I only wanted user 'johndoe' to be
> able to use a second CPU?

not really. even worse -- we have no cpu affinity at all (:
this is on my todo list though so maybe in 4.0 .

cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)



Re: openbsd and the money -solutions

2006-03-24 Thread Andrés Delfino
Please, stop wanting companies to support you. It doesn't work that
way. To develop an OS under a licence like the ISC has a big hole:
funding. You can't just go: Hey, you use the implementation that I
develop and give away for free, you should pay me!. If the pay you,
OK, if the don't, well, that's OK too, and more realistic.

One thing you can do, is to maintain OpenBSD free as in freedom, but
not as in free bear. The CVS access would be the same as now, but no
more FTP downloads with ISOs or install sets.



Re: copying software from the official iso

2006-03-24 Thread Anthony Howe

Joachim Schipper wrote:

On Fri, Mar 24, 2006 at 12:43:59PM +0100, Gilles LAMIRAL wrote:

Hello,

Can I do a 


dd if=/dev/cdrom of=obsd.iso

and redistribute it  ?
(the audio track is away)


Please don't, it's one of the few sources of income the project has.

As to legality, search the archives - this question is not exactly new.

Joachim


Also the CDROM distribution is protected by Copyright as indicated here:

 http://www.openbsd.org/faq/faq3.html#ISO 

The OpenBSD project does not make the ISO images used to master the 
official CDs available for download. The reason is simply that we would 
like you to buy the CD sets to help fund ongoing OpenBSD development. 
The official OpenBSD CD-ROM layout is copyright Theo de Raadt. Theo does 
not permit people to redistribute images of the official OpenBSD CDs. As 
an incentive for people to buy the CD set, some extras are included in 
the package as well (artwork, stickers etc).




I would suspect Theo would NOT let slide such blatant abuse.

--
Anthony C Howe  Skype: SirWumpusSnertSoft
+33 6 11 89 73 78 AIM: SirWumpusSendmail Milter Solutions
http://www.snert.com/ ICQ: 7116561  http://www.snertsoft.com/



Re: copying software from the official iso

2006-03-24 Thread Gabriel George POPA
Bernd Schoeller wrote:

>On Fri, Mar 24, 2006 at 12:43:59PM +0100, Gilles LAMIRAL wrote:
>  
>
>>Hello,
>>
>>Can I do a 
>>
>>dd if=/dev/cdrom of=obsd.iso
>>
>>and redistribute it  ?
>>(the audio track is away)
>>
>>
>
>http://www.openbsd.org/faq/faq3.html#ISO
>
>*sigh*
>
>Bernd
>
>  
>
It seems to me quite a dangerous discussion. Why not security updates 
for money? SuSE has made a lot of money...
I know you already discussed this, but this feature will make OpenBSD 
VERY popular. And please don't send me
your opinion with offending words. If you don't agree, just ignore me. 
But I warn you: the outcome will be the same:
binary updates on-the-fly for money. There's no other solution. The 
solution with ISO images, FTP etc. already discussed
will restrict the users and they will not be encouraged to step fw to 
OpenBSD. I will step back to FreeBSD (or GNU/Linux) if this happens.
If I will be in a commercial environment I would recommend SuSE, RedHat 
or Debian. I LOVE OpenBSD, but if such
restrictions referring to FTP appear... Now, let's solve this once and 
for all!



George



Re: openbsd and the money -solutions

2006-03-24 Thread Martin Schröder
On 2006-03-24 12:10:37 +0100, chefren wrote:
> This is whining and it isn't very sure because you have no idea what 
> alternatives for the free OpenSSH product would have cost.

They can happily use lsh.

Best
Martin
-- 
http://www.tm.oneiros.de



Re: openbsd and the money -solutions

2006-03-24 Thread mickey
On Fri, Mar 24, 2006 at 08:40:59AM -0300, Andr?s Delfino wrote:
> Please, stop wanting companies to support you. It doesn't work that
> way. To develop an OS under a licence like the ISC has a big hole:
> funding. You can't just go: Hey, you use the implementation that I
> develop and give away for free, you should pay me!. If the pay you,
> OK, if the don't, well, that's OK too, and more realistic.
> 
> One thing you can do, is to maintain OpenBSD free as in freedom, but
> not as in free bear. The CVS access would be the same as now, but no
> more FTP downloads with ISOs or install sets.

sorry dude but you are full of shit.
for example from history:
how do you think bsd was developped originally at the ucb?

cu

-- 
paranoic mickey   (my employers have changed but, the name has remained)



Re: openbsd and the money -solutions

2006-03-24 Thread Andrés Delfino
It was the unique Unix-like OS with that licence. Right now, there are
tons of other systems. Companies want to invest in Linux-based
systems, because of marketing.

On 3/24/06, mickey <[EMAIL PROTECTED]> wrote:
> On Fri, Mar 24, 2006 at 08:40:59AM -0300, Andr?s Delfino wrote:
> > Please, stop wanting companies to support you. It doesn't work that
> > way. To develop an OS under a licence like the ISC has a big hole:
> > funding. You can't just go: Hey, you use the implementation that I
> > develop and give away for free, you should pay me!. If the pay you,
> > OK, if the don't, well, that's OK too, and more realistic.
> >
> > One thing you can do, is to maintain OpenBSD free as in freedom, but
> > not as in free bear. The CVS access would be the same as now, but no
> > more FTP downloads with ISOs or install sets.
>
> sorry dude but you are full of shit.
> for example from history:
> how do you think bsd was developped originally at the ucb?
>
> cu
>
> --
> paranoic mickey   (my employers have changed but, the name has 
> remained)



Re: openbsd and the money

2006-03-24 Thread Hannah Schroeter
Hi!

On Thu, Mar 23, 2006 at 01:55:29PM -0500, Michael Hernandez wrote:
>I noticed that donations to OpenBSD "are not US tax deductible as  
>charitable contribution".

I don't actually understand what that whining about tax deduction is
about.

If tax deduction means, for example, that you get 25% of your donation
back from the tax offices, then you can just donate 75% of what you'd
donate to a tax deductable organization to OpenBSD, and the net result
for your company/corporation/... is the same, and OpenBSD at least
got *some* money.

What's the problem with that?

Kind regards,

Hannah.

PS: And what would it help the rest of the world if there were a
tax deductible foundation in the US?

PS2: If you actually need it, why don't you just *create* a foundation
"friends of OpenBSD, US", do the paperwork to make it a recognized
charity with the purpose to support OpenBSD development, e.g. by funding
people working for OpenBSD, or by funding hotel stays/travel costs for
hackatons? Then the OpenBSD project proper wouldn't have the hassles
with all the paperwork etc.



Re: openbsd and the money -solutions

2006-03-24 Thread Damien Miller
On Fri, 24 Mar 2006, chefren wrote:

> Demand something like $50 a year for access to the ftp.openbsd.org now!!!

You are suggesting that we screw the people who have contributed by far
the most to OpenBSD and OpenSSH, individual users and small organisations.

Not a very bright idea.

-d



Re: openbsd and the money -solutions

2006-03-24 Thread Damien Miller
On Fri, 24 Mar 2006, Andris Delfino wrote:

> Please, stop wanting companies to support you. It doesn't work that
> way. To develop an OS under a licence like the ISC has a big hole:
> funding. You can't just go: Hey, you use the implementation that I
> develop and give away for free, you should pay me!. If the pay you,
> OK, if the don't, well, that's OK too, and more realistic.

Even if we were to accept your pessimistic worldview that organisational
gratitude is only a myth, then it is still in companies who use
OpenBSD or OpenSSH interest to contribute - funding committed and
internally-motivated developers to improve components of your product
is far less expensive than recruiting, training, paying and providing
office space for semi-motivated staff who crank out code of varying
quality for financial reward alone.

BTW, your linkage between the license and a lack of funding is
specious, and there exist plenty of counter examples - including BSD
itself.

-d



Re: 3Ware 9500S-12

2006-03-24 Thread Shane J Pearson

Hi MichaE,

On 2006.02.24, at 10:24 PM, MichaE Koc wrote:

can someone confirm that 3Ware 9500S-12 does or does not work with  
OpenBSD ?


Based on what I last I heard, I think the most important point is  
that 3Ware the company, does not work with OpenBSD the project.



Shane



Re: Sendmail security problem

2006-03-24 Thread Alexander Bochmann
...on Thu, Mar 23, 2006 at 12:22:37PM +0100, Anthony Howe wrote:

 > I installed 8.13.6 last night from the source tar ball on two machines 
 > (one is OpenBSD 3.6, the other an old Linux box). Appears to be chugging 
 > along happily. Can't speak to the specific security issue though.

Replacing OpenBSDs sendmail with sendmail.org's version 
is a non-issue (as in "just works") on any OpenBSD version 
which ships >= 8.12. 

If in doubt, /usr/src/gnu/usr.sbin/sendmail/Makefile.inc 
contains the ENVDEFs to add to site.config.m4.

Alex.



Re: openbsd and the money -solutions

2006-03-24 Thread Andrés Delfino
As I have said before, BSD was the unique Unix-like operative system
with a ISC-style license. That's why, IMHO, companies invested in it.

On 3/24/06, Damien Miller <[EMAIL PROTECTED]> wrote:
> On Fri, 24 Mar 2006, Andris Delfino wrote:
>
> > Please, stop wanting companies to support you. It doesn't work that
> > way. To develop an OS under a licence like the ISC has a big hole:
> > funding. You can't just go: Hey, you use the implementation that I
> > develop and give away for free, you should pay me!. If the pay you,
> > OK, if the don't, well, that's OK too, and more realistic.
>
> Even if we were to accept your pessimistic worldview that organisational
> gratitude is only a myth, then it is still in companies who use
> OpenBSD or OpenSSH interest to contribute - funding committed and
> internally-motivated developers to improve components of your product
> is far less expensive than recruiting, training, paying and providing
> office space for semi-motivated staff who crank out code of varying
> quality for financial reward alone.
>
> BTW, your linkage between the license and a lack of funding is
> specious, and there exist plenty of counter examples - including BSD
> itself.
>
> -d



Re: openbsd and the money -solutions

2006-03-24 Thread mickey
On Fri, Mar 24, 2006 at 09:36:01AM -0300, Andr?s Delfino wrote:
> It was the unique Unix-like OS with that licence. Right now, there are
> tons of other systems. Companies want to invest in Linux-based
> systems, because of marketing.

what are you smoking dude?
what unique?
there was not att unix and no hpux and no sunos and nothing else?
ibm did not make its own os either?
all those huge moose financed bsd at the same time because
they were interested in using shit from it.

cu

> On 3/24/06, mickey <[EMAIL PROTECTED]> wrote:
> > On Fri, Mar 24, 2006 at 08:40:59AM -0300, Andr?s Delfino wrote:
> > > Please, stop wanting companies to support you. It doesn't work that
> > > way. To develop an OS under a licence like the ISC has a big hole:
> > > funding. You can't just go: Hey, you use the implementation that I
> > > develop and give away for free, you should pay me!. If the pay you,
> > > OK, if the don't, well, that's OK too, and more realistic.
> > >
> > > One thing you can do, is to maintain OpenBSD free as in freedom, but
> > > not as in free bear. The CVS access would be the same as now, but no
> > > more FTP downloads with ISOs or install sets.
> >
> > sorry dude but you are full of shit.
> > for example from history:
> > how do you think bsd was developped originally at the ucb?
> >
> > cu
> >
> > --
> > paranoic mickey   (my employers have changed but, the name has 
> > remained)
> 

-- 
paranoic mickey   (my employers have changed but, the name has remained)



Re: Bank transfers for donating

2006-03-24 Thread Robert Waldner
On Thu, 23 Mar 2006 14:09:10 MST, Theo de Raadt writes:
>Until earlier today I was unaware that it is much easier for Europeans
>to donate via direct bank transfers.
<...>
>So we have setup a bank account, and people can use the following
>information for IBAN and SWIFT/BIC transfers:

Thanks for being pretty much the only project out there that actually
 /thinks/ about how to make donating as hassle-free as possible. It's 
 much appreciated, at least from me.

cheers,
&rw
-- 
-- Like the autumn leaves
-- wu-FTPD updates;
-- I seek warm safety.
--  - Anthony de Boer

[demime 1.01d removed an attachment of type application/pgp-signature]



Re: openbsd and the money -solutions

2006-03-24 Thread Deanna Phillips
Ryan Flannery <[EMAIL PROTECTED]> writes:

> I really hate prolonging this thread, but I'm curious about the
> following...  I've done quite bit of contract work around my area, and
> in most cases I've been able to implement OpenBSD for something.
> Whenever that's happened, I've always pushed for the company to make a
> donation.  In most cases it's worked (actually all that I can think
> of), resulting in (usually) around $500.  It's not what the larger
> companies could do, but I'm curious if other contractors try to push
> donations when they utilize openbsd/openssh.  All the companies I've
> worked with have been fairly receptive.

I work for a startup that simply would not exist without
OpenSSH.  AFAIK, they have never donated a penny, the excuse
being, "we will once we turn a profit."  But, if they do, will
they really donate?  Or will they be too busy counting the
dollars.

The recent messages by Damien and Theo are great for forwarding
to bosses and marketing and PR.  Thanks for those; that's what
I'll do with them.

That said, I think a wall of shame page on the OpenSSH site
might be a good idea: one listing all those big companies
mentioned that have never donated a dime.  Negative PR might
result in more donations than managers receiving the minor
annoyance message forwarded to them, which they'll simply delete
and forget about.

-- 
deanna



Re: openbsd and the money -solutions

2006-03-24 Thread chefren

On 03/24/06 13:54, Damien Miller wrote:

On Fri, 24 Mar 2006, chefren wrote:



Demand something like $50 a year for access to the ftp.openbsd.org now!!!



You are suggesting that we screw the people who have contributed by far
the most to OpenBSD and OpenSSH, individual users and small organisations.


 N O  N O  N O


NO!!! I have no problems with pointing to FTP/HTTP mirrors that distribute 
everything for free.


I only say: Make ftp.openbsd.org something that costs money for people who want 
to download from =there= just like the real CD's cost money while you can 
download comparable iso's for free.


And I have said that I'm willing to do the necessary administation.

+++chefren



Re: OpenBSD and the money

2006-03-24 Thread Alexander Bochmann
...on Thu, Mar 23, 2006 at 02:20:08PM -0500, Peter Fraser wrote:

 > I recognize that government grants come with red-tape, and people are
 > often disdainful of taking "hand-outs".  In this case, however, I'd
 > think the pros outweigh the cons.  Don't you have a wish-list of things
 > you'd implement or improve if you got sufficient funding?

I don't think it's a viable path for the project as 
a whole, although it may be remotely possible to get 
funding for certain development goals. It still takes 
away lots of freedoms, and needs some people who find 
fun in hacking organizational structures instead of 
coding.

The PyPy people (http://pypy.org/) had a presentation 
on how they went for EU funding, 
http://events.ccc.de/congress/2005/fahrplan/attachments/557-Paper_OpenSourceEuFundingAndAgileMethods.pdf

Start reading on page 3, "How and why EU funding", 
and maybe replace the term "sprint" with "hackathon". 

Then, have a look around here and think again...

Nah.

Alex.



FTP Issues

2006-03-24 Thread Hutger H.
Hi all,

I've got a problem running ftp through my PF firewall. That is the issue:

- I installed a new firewall (OpenBSD 3.9) in my network to connect some
users to the Internet through a new link. The users need to connect via
FTP to a server located externally (Internet), so the connections must
to pass by the PF firewall.

- The firewall is working fine, except when some of the users try to
establish a FTP connection to the outside. As soon as they connect and
try to list the directories, after a long wait, they get disconnected.
My firewall rules are showed at the end of the message.

- Analysing the firewall's traffic, I could notice that the problem
happens when the FTP server try to make a new connection back to the
client using I high port. I got some tutorials explaining how to solve
this problem using ftp-proxy and some PF rules/rdr, but none of the them
seem to work for me.

Does anyone here has an idea *how I can solve this question?

*Ps: Sorry if the question is basic ... I consider myself a PF newbie
since a I've worked until now only with Linux based firewalls.

Thanks in advance,

Hutger.

---

#--- Rules begin here

ext_if="pcn0"
int_if="pcn1"

ext_ip="172.21.28.20/32"
int_ip="192.168.1.254/32"

int_net="192.168.1.0/24"

set skip on lo
set state-policy if-bound
scrub in all

nat on $ext_if from $int_net -> $ext_ip
rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port
8021

block in all
block out all

antispoof log quick for {$ext_if,$dmz_if,$int_if} inet

# Permitindo acesso ao firewall
pass in quick on $ext_if inet proto tcp from any to $ext_ip port ssh
keep state flags S/SA

# Acessos a partir da rede local p/ Internet
pass in quick on $int_if inet proto tcp from $int_net to any modulate state
pass in quick on $int_if inet proto {udp,icmp} from $int_net to any keep
state

# Permitindo a saida de pacotes nas interfaces
pass out quick on {$ext_if,$int_if} inet proto {tcp,udp,icmp} all keep state

# FTP Proxy Inbound
pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \
user proxy flags S/SA keep state

#--- Rules end here



Re: openbsd and the money -solutions

2006-03-24 Thread mickey
On Fri, Mar 24, 2006 at 10:10:36AM -0300, Andr?s Delfino wrote:
> As I have said before, BSD was the unique Unix-like operative system
> with a ISC-style license. That's why, IMHO, companies invested in it.

they supported it because they used it for their own product.
so what has changed in 'em now?
they use it but they do not support it. they make you and me simple
folks and small companies to pay our money to make software for 'em.
and we continue doing so for at least stuff we get to use for
living has decent shit in it.

cu

> On 3/24/06, Damien Miller <[EMAIL PROTECTED]> wrote:
> > On Fri, 24 Mar 2006, Andris Delfino wrote:
> >
> > > Please, stop wanting companies to support you. It doesn't work that
> > > way. To develop an OS under a licence like the ISC has a big hole:
> > > funding. You can't just go: Hey, you use the implementation that I
> > > develop and give away for free, you should pay me!. If the pay you,
> > > OK, if the don't, well, that's OK too, and more realistic.
> >
> > Even if we were to accept your pessimistic worldview that organisational
> > gratitude is only a myth, then it is still in companies who use
> > OpenBSD or OpenSSH interest to contribute - funding committed and
> > internally-motivated developers to improve components of your product
> > is far less expensive than recruiting, training, paying and providing
> > office space for semi-motivated staff who crank out code of varying
> > quality for financial reward alone.
> >
> > BTW, your linkage between the license and a lack of funding is
> > specious, and there exist plenty of counter examples - including BSD
> > itself.
> >
> > -d
> 

-- 
paranoic mickey   (my employers have changed but, the name has remained)



Re: openbsd and the money

2006-03-24 Thread Alexander Bochmann
...on Fri, Mar 24, 2006 at 01:42:48PM +0100, Hannah Schroeter wrote:

 > I don't actually understand what that whining about tax deduction is
 > about.

My guess is that it's not about the tax deduction in 
itself (although that certainly helps), it's about 
the receipt.

Companies very much like to generate a proper paper 
trail when they hand out money, and not only for the 
tax office. So it's probably easier to get a company 
to order a few hundred CDs instead of a donation.

(On the other side, I don't know how the incoming 
donations are handled by OpenBSD, but they most 
probably are also subject to taxation somewhere.)

Alex.



Re: openbsd and the money -solutions

2006-03-24 Thread Diana Eichert
On Fri, 24 Mar 2006, mickey wrote:
SNAP
> sorry dude but you are full of shit.
> for example from history:
> how do you think bsd was developped originally at the ucb?
>
> cu
>
> --
> paranoic mickey   (my employers have changed but, the name has 
> remained)

Lot's of money flowing from the US Gov't Dept of Defense?

diana



Re: openbsd and the money

2006-03-24 Thread Alexander Bochmann
...on Fri, Mar 24, 2006 at 02:52:55PM +0100, Alexander Bochmann wrote:

 > So it's probably easier to get a company 
 > to order a few hundred CDs instead of a donation.

By the way, the golden CD signed by all core 
developers for $9000 might just be the thing 
to add to the store. :)

Alex.



Re: copying software from the official iso

2006-03-24 Thread Wijnand Wiersma
On 3/24/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote:

> It seems to me quite a dangerous discussion. Why not security updates
> for money? SuSE has made a lot of money...
> I know you already discussed this, but this feature will make OpenBSD
> VERY popular.

No, that would decrease popularity.

Wijnand
--
OpenBSD needs your help improving the softwareworld, please donate:
http://openbsd.org/donations.html

Yes big code using companies, that includes you!



Re: ARP errors with IP less interfaces and many CARP interfaces.

2006-03-24 Thread Per-Olov Sjöholm
Well. A reply post for the archives

It seems like putting real IP addresses on the physical interfaces solved the 
whole problem. Before this, a dirty workaround was to have a script with "arp 
pings" in crontab.

Conclusion:
Don't use CARP addresses only if these are connected against a Cisco HSRP 
gateway address. If you only have the CARP:s on no real IPs on each host you 
will see MAC/ARP issues. 


A little bit strange as it in general works very well with IP less interfaces 
together with CARP.


/Per-Olov


On Tuesday 21 March 2006 18.19, you wrote:
> Hi misc
>
>
> We have a firewall pair (A1 and B1) that is connected to the Internet by
> talking to two Cisco routers that uses HSRP (A2 and B2). A small /28
> network connect it all together. A1 and B1 has a gw to the HSRP address on
> the Cisco routers (A2 and B2). So my end is CARP and the other end (my
> outgoing gateway) is Cisco HSRP...
>
> This is the overview config for the BSD firewall pair:
> OpenBSD 3.8-STABLE (from late mars). All NIC:s are dual Intel server NIC:s
> (em). GW in both servers are 1.
> The outside switch is a brand new HP procurve gig switch.
> A1 - No external IP
> B1 - No external IP
> external carp0 - IP 2
> external carp1 - IP 3
> external carp 26 - IP 7
> external carp 27 - IP 9
> external carp 28 - IP 13
> external carp 29 - IP 14
> The carp master/backup failover works ok.
>
>
> This is the config I know for the cisco router pair:
> A2 - IP 5
> B2 - IP 6
> HSRP IP - 1
> All our public IP ranges are routed from the cisco switches to carp IP 2
> and 3 on the BSD firewalls.
>
>
>
> Two times I have seen the following. I couple of hundreds of these show up.
> And then then it took 4 hours and a new storm of these in the messages
> log... Mar 21 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on
> carp0 by 00:0a:8a:45:ed:00 on carp29 Mar 21 10:42:15 A1 /bsd: arp: attempt
> to add entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp28 Mar 21
> 10:42:15 A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by
> 00:0a:8a:45:ed:00 on carp27 Mar 21 10:42:15 A1 /bsd: arp: attempt to add
> entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp26 Mar 21 10:42:15
> A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by
> 00:0a:8a:45:ed:00 on carp1 Mar 21 10:42:17 A1 /bsd: arp: attempt to add
> entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp29 Mar 21 10:42:17
> A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by
> 00:0a:b7:24:b3:00 on carp28 Mar 21 10:42:17 A1 /bsd: arp: attempt to add
> entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp27 Mar 21 10:42:17
> A1 /bsd: arp: attempt to add entry for x.x.x.x.6 on carp0 by
> 00:0a:b7:24:b3:00 on carp26 Mar 21 10:42:17 A1 /bsd: arp: attempt to add
> entry for x.x.x.x.6 on carp0 by 00:0a:b7:24:b3:00 on carp1 Mar 21 10:43:15
> A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by
> 00:0a:8a:45:ed:00 on carp29 Mar 21 10:43:15 A1 /bsd: arp: attempt to add
> entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp28 Mar 21 10:43:15
> A1 /bsd: arp: attempt to add entry for x.x.x.x.5 on carp0 by
> 00:0a:8a:45:ed:00 on carp27 Mar 21 10:43:15 A1 /bsd: arp: attempt to add
> entry for x.x.x.x.5 on carp0 by 00:0a:8a:45:ed:00 on carp26
>
>
> And when the above happens all traffic to the internet stops for a while.
> But before, between and after these four hour storms everything worked
> perfect
>
>
> I have double checked overlapping networks - no errors...
> I have checked CVS for possible fixes of carp and em - nothing found...
> I have double checked my carp configs that I have done many of before -
> nothing found...
>
>
>
> Do I for any reason have to add IP:s to the A1 and B1 OpenBSD firewalls and
> avoid using just the carp addresses?
>
> These BSD servers replace two Linux machines with iptables and VRRP. The
> old setup did not have these issues. But Linux with VRRP inherited the
> physical MAC which is not true for the carp interfaces... We probably have
> to revert to Linux (no no no no arrgghhh) if we don't find this problem
> fast. This as we cannot have problems like this with 70 Mbit throughput and
> 25000 sessions
>
>
>
>
> Any clues?
> Cisco or OpenBSD errors? Or maybe brain damage of the configurator ;-)
>
> Thanks in advance
> Per-Olov

-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE



Re: Sendmail security problem

2006-03-24 Thread Stuart Henderson
On 2006/03/24 14:12, Alexander Bochmann wrote:
> ...on Thu, Mar 23, 2006 at 12:22:37PM +0100, Anthony Howe wrote:
> 
>  > I installed 8.13.6 last night from the source tar ball on two machines 
>  > (one is OpenBSD 3.6, the other an old Linux box). Appears to be chugging 
>  > along happily. Can't speak to the specific security issue though.
> 
> Replacing OpenBSDs sendmail with sendmail.org's version 
> is a non-issue (as in "just works") on any OpenBSD version 
> which ships >= 8.12. 
> 
> If in doubt, /usr/src/gnu/usr.sbin/sendmail/Makefile.inc 
> contains the ENVDEFs to add to site.config.m4.

The patch is in 3.8-stable now, and -current has 8.13.6, so
people following either of these just need to update.



Re: FTP Issues

2006-03-24 Thread Camiel Dobbelaar
On Fri, 24 Mar 2006, Hutger H. wrote:
> - Analysing the firewall's traffic, I could notice that the problem
> happens when the FTP server try to make a new connection back to the
> client using I high port. I got some tutorials explaining how to solve
> this problem using ftp-proxy and some PF rules/rdr, but none of the them
> seem to work for me.

ftp-proxy has changed in 3.9, and your tutorial applies to the old
one.  See the configuration section in the ftp-proxy(8) manpage.  (you 
need to setup a few anchors)

--
Cam



Re: OpenBGPd success & question

2006-03-24 Thread Claudio Jeker
On Thu, Mar 23, 2006 at 02:44:46PM +0100, Marcel Prisi wrote:
> Claudio Jeker a icrit :
> 
> >This is not possible in OpenBGPD. I'm not even sure why we should add
> >something like that. Could you please tell me why you need to change
> >localpref depending on the path length?
> >The BGP decision process checks this:
> >1) nexthop state (reachable or not)
> >2) localpref
> >3) as path lenght
> >4) origin
> >5) MED
> >6) EBGP vs. IBGP
> >7) OpenBGPD special weight
> >8) nexthop costs (not implemented in OpenBGPD as there is no cost stored
> >in the routing table)
> >9) route age if route-age evaluation is enabled
> >10) BGP Id
> >11) IP
> >
> >As you can see the AS Path length is compared right after the localpref so
> >twisting the localpref depending on the AS Path lenght does not change
> >that much.
> > 
> >
> The trouble we have is that we have two upstreams with different bandwidth.
> 
> The one with the smallest bandwidth has better routes, so close to all 
> traffic goes through it, which is not optimal.
> 
> We already kind of solved inbound traffic using prepending & communities.
> 
> We modified "local pref" for the outgoing traffic, but now all traffic 
> goes through the other upstream, and nothing more through the smallest 
> one, which is still not optimal.
> 
> What I wanted is to force some kind of discrimination so that smaller 
> AS-paths go through one, and bigger through the other, so that I have an 
> arbitrary way to balance between the two upstreams.
> 

Normaly you prepend some AS to the smaller link to make the pathes comming
from that link more or less equal length with the other one.
You may additionally classify the prefixes by communities but that only
works if your uplink provider is setting them with some useful value.
There are some other tricks like tagging the uplinks of your uplink
provider. But your right we need AS path regex support...

> I may try using "prefixlen" insted ... would something like
> 
> match prefixlen > 16 set localpref +10
> 

This will not make you happy. Prefixlen is not a good discriminator you
may select the worst path and end up with non optimal routing.

One important thing about traffic engineering is to know your traffic.

-- 
:wq Claudio



Re: FTP Issues

2006-03-24 Thread Nils.Reuvers
Read man pf.conf and ftp-proxy

# for proxying with ftp-proxy(8) running on port 8021.
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

pass  in on $ext_if inet proto tcp from any to $ext_if \
   user proxy keep state

Ofcourse you have to enable ftp-proxy in inetd:
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy

You WONT need:
# FTP Proxy Inbound
pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \
user proxy flags S/SA keep state

Good luck.

Nils

-Original Message-
From: Hutger H. [mailto:[EMAIL PROTECTED] 
Sent: vrijdag 24 maart 2006 14:38
To: misc@openbsd.org
Subject: FTP Issues

Hi all,

I've got a problem running ftp through my PF firewall. That is the
issue:

- I installed a new firewall (OpenBSD 3.9) in my network to connect some
users to the Internet through a new link. The users need to connect via
FTP to a server located externally (Internet), so the connections must
to pass by the PF firewall.

- The firewall is working fine, except when some of the users try to
establish a FTP connection to the outside. As soon as they connect and
try to list the directories, after a long wait, they get disconnected.
My firewall rules are showed at the end of the message.

- Analysing the firewall's traffic, I could notice that the problem
happens when the FTP server try to make a new connection back to the
client using I high port. I got some tutorials explaining how to solve
this problem using ftp-proxy and some PF rules/rdr, but none of the them
seem to work for me.

Does anyone here has an idea *how I can solve this question?

*Ps: Sorry if the question is basic ... I consider myself a PF newbie
since a I've worked until now only with Linux based firewalls.

Thanks in advance,

Hutger.

---

#--- Rules begin here

ext_if="pcn0"
int_if="pcn1"

ext_ip="172.21.28.20/32"
int_ip="192.168.1.254/32"

int_net="192.168.1.0/24"

set skip on lo
set state-policy if-bound
scrub in all

nat on $ext_if from $int_net -> $ext_ip
rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port
8021

block in all
block out all

antispoof log quick for {$ext_if,$dmz_if,$int_if} inet

# Permitindo acesso ao firewall
pass in quick on $ext_if inet proto tcp from any to $ext_ip port ssh
keep state flags S/SA

# Acessos a partir da rede local p/ Internet pass in quick on $int_if
inet proto tcp from $int_net to any modulate state pass in quick on
$int_if inet proto {udp,icmp} from $int_net to any keep state

# Permitindo a saida de pacotes nas interfaces pass out quick on
{$ext_if,$int_if} inet proto {tcp,udp,icmp} all keep state

# FTP Proxy Inbound
pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \
user proxy flags S/SA keep state

#--- Rules end here



=
A disclaimer applies to this email and any attachments. 
Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this 
disclaimer.



Re: FTP Issues

2006-03-24 Thread David Hill
On Fri, Mar 24, 2006 at 10:38:13AM -0300, Hutger H. wrote:
> Hi all,
> 
> I've got a problem running ftp through my PF firewall. That is the issue:
> 
> - I installed a new firewall (OpenBSD 3.9) in my network to connect some
> users to the Internet through a new link. The users need to connect via
> FTP to a server located externally (Internet), so the connections must
> to pass by the PF firewall.
> 
> - The firewall is working fine, except when some of the users try to
> establish a FTP connection to the outside. As soon as they connect and
> try to list the directories, after a long wait, they get disconnected.
> My firewall rules are showed at the end of the message.
> 
> - Analysing the firewall's traffic, I could notice that the problem
> happens when the FTP server try to make a new connection back to the
> client using I high port. I got some tutorials explaining how to solve
> this problem using ftp-proxy and some PF rules/rdr, but none of the them
> seem to work for me.
> 
> Does anyone here has an idea *how I can solve this question?
> 
> *Ps: Sorry if the question is basic ... I consider myself a PF newbie
> since a I've worked until now only with Linux based firewalls.
> 
> Thanks in advance,
> 
> Hutger.
> 
> ---
> 
> #--- Rules begin here
> 
> ext_if="pcn0"
> int_if="pcn1"
> 
> ext_ip="172.21.28.20/32"
> int_ip="192.168.1.254/32"
> 
> int_net="192.168.1.0/24"
> 
> set skip on lo
> set state-policy if-bound
> scrub in all
> 
> nat on $ext_if from $int_net -> $ext_ip
> rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port
> 8021
> 
> block in all
> block out all
> 
> antispoof log quick for {$ext_if,$dmz_if,$int_if} inet
> 
> # Permitindo acesso ao firewall
> pass in quick on $ext_if inet proto tcp from any to $ext_ip port ssh
> keep state flags S/SA
> 
> # Acessos a partir da rede local p/ Internet
> pass in quick on $int_if inet proto tcp from $int_net to any modulate state
> pass in quick on $int_if inet proto {udp,icmp} from $int_net to any keep
> state
> 
> # Permitindo a saida de pacotes nas interfaces
> pass out quick on {$ext_if,$int_if} inet proto {tcp,udp,icmp} all keep state
> 
> # FTP Proxy Inbound
> pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \
> user proxy flags S/SA keep state
> 
> #--- Rules end here
>

man 8 ftp-proxy

- David



OpenBSD greatest challenge

2006-03-24 Thread Bruno Carnazzi
   Hi misc,

I'm a young sysadmin who really enjoy using free OSes, and especially
OpenBSD, for his technical excellence, no doubt about that. I use
OpenBSD for about 1 year, so I start to understand the way of thinking
of the community, through misc@ reading. I take a lot of pleasure with
OpenBSD, but I'm a bit disturbing about his community and funding
process...

How can an Open-Source project be fund ? In my mind I only see 3
source of money :
   * Community funding
   * Public funding (public research subvention...)
   * Corporation funding (these who resell OpenSSH, for example)

I think the best (technically and ideologically speaking) funding
process is BY the community. It's the only way I see to stay free
(libre, en frangais).

People should realize that Free Software is not "free as in beer". So,
this idea need to be spread and understand. The technical superiority
is already here.

So, if the community can fund an Open-Source project, how can it be ?
I don't think the approach "We are coding OpenBSD for us, and if you
like it, you can use it." is really satisfaying. This does not stick
enough with the community, and so, people are not incitate to donate
as they don't always see the interest.

For me, the OpenBSD greatest challenge is to become one with a larger
community without conceding anything to his legendary technical
excellence. It can be done with some additionnal mailing-list (maybe,
a junior@ ? :), involving more developper in some
high-quality-and-user-friendly-functionnalities-that-non-kernel-hackers-can-use-and-understand,
and probably lots of other things. Be closer with the community. It IS
the value of an Open-Source project.

And people interested in open-source software should be conscious that
nobody can live without money, and that a software is free after it
has been payed. It is the price to pay to see great projects living
and prospering.

Understand & Donate.

Best regards, and excuse my poor english.

Bruno.



Re: openbsd and the money -solutions

2006-03-24 Thread Andrés Delfino
Don't do that, that is extortion. If you don't want to make OpenBSD
free-as-in-freedom, but not free-as-in-beer; well, there is another
thing that might help. Companies will only donate if they gain
something, not just code, I'm talking about money.

I'm not a legal guy, but: isn't there a way to make companies gain
some money if the donate to us? Like a tax-exempt or something?

On 3/24/06, Deanna Phillips <[EMAIL PROTECTED]> wrote:
> Ryan Flannery <[EMAIL PROTECTED]> writes:
>
> > I really hate prolonging this thread, but I'm curious about the
> > following...  I've done quite bit of contract work around my area, and
> > in most cases I've been able to implement OpenBSD for something.
> > Whenever that's happened, I've always pushed for the company to make a
> > donation.  In most cases it's worked (actually all that I can think
> > of), resulting in (usually) around $500.  It's not what the larger
> > companies could do, but I'm curious if other contractors try to push
> > donations when they utilize openbsd/openssh.  All the companies I've
> > worked with have been fairly receptive.
>
> I work for a startup that simply would not exist without
> OpenSSH.  AFAIK, they have never donated a penny, the excuse
> being, "we will once we turn a profit."  But, if they do, will
> they really donate?  Or will they be too busy counting the
> dollars.
>
> The recent messages by Damien and Theo are great for forwarding
> to bosses and marketing and PR.  Thanks for those; that's what
> I'll do with them.
>
> That said, I think a wall of shame page on the OpenSSH site
> might be a good idea: one listing all those big companies
> mentioned that have never donated a dime.  Negative PR might
> result in more donations than managers receiving the minor
> annoyance message forwarded to them, which they'll simply delete
> and forget about.
>
> --
> deanna



Re: 3Ware 9500S-12

2006-03-24 Thread Michał Koc

Shane J Pearson napisaE(a):

Hi MichaE,

On 2006.02.24, at 10:24 PM, MichaE Koc wrote:

can someone confirm that 3Ware 9500S-12 does or does not work with 
OpenBSD ?


Based on what I last I heard, I think the most important point is that 
3Ware the company, does not work with OpenBSD the project.



Shane



Yes, I know, but actually I've no choices for 12-channel sata raid ( 
forget about adaptec.)


I've go one machine running 3Ware 7506-4LP without any problems and with 
great performance,

but I need more.

regards
M.K.



Re: FTP Issues

2006-03-24 Thread Florin Iamandi
Hutger H. dixit (2006-03-24, 15:21:13):

> - I installed a new firewall (OpenBSD 3.9) in my network to connect some
> users to the Internet through a new link. The users need to connect via
> FTP to a server located externally (Internet), so the connections must
> to pass by the PF firewall.

If you're already running 3.9 then you should check 
http://openbsd.org/faq/current.html#20051116

-- 
Florin Iamandi (Slippery)
Reason is the first victim of emotion. -- Scytale, Dune Messiah



Re: openbsd and the money -solutions

2006-03-24 Thread mickey
On Fri, Mar 24, 2006 at 06:43:27AM -0700, Diana Eichert wrote:
> On Fri, 24 Mar 2006, mickey wrote:
> SNAP
> > sorry dude but you are full of shit.
> > for example from history:
> > how do you think bsd was developped originally at the ucb?
> >
> > cu
> >
> > --
> > paranoic mickey   (my employers have changed but, the name has 
> > remained)
> 
> Lot's of money flowing from the US Gov't Dept of Defense?

and big companies...

cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)



Re: copying software from the official iso

2006-03-24 Thread Andrew Smith
I thought my 'take' on the idea of the CDs was more commonplace. I will
clarify it for consideration.

The actual content of the CD is secondary in importance to many people
purchasing it. People purchase the CD to support OpenBSD but with the added
advantage that there is useful stuff for the popular architectures on the
CD.

If you favour an architecture such as the Zaurus (I'm not sure if this
changes with the 3.9 release) then the CD isn't going to be your
installation medium for the Zaurus since those binaries are only available
from snapshots.

OpenBSD is freely available in release form from many mirror sites. It is
also very easy to implement security patches to source and because the
patches are provided in short form they can be scrutinised easily against
change or damage - these factors are important to the community. The current
theme is to strive against the BLOB and whilst distributing binaries for
OpenBSD isn't necessarily that bad if they can be verified and validated as
trusted official builds, the community in general seems to favour source
distributions.

As far as copying the CDs go... don't. From a legal perspective it's wrong
but most importantly from a moral perspective it's really bad - if you want
to see OpenBSD continue and progress encourage people to buy CDs as a
tangible asset to help fund it if they feel that making a simple
contribution is too difficult.

There is actually nothing legally wrong with you building your own binary
distribution CDs with your own layout... you could sell them, you could
withhold the source. The license allows you the freedom to do this. If,
however, you end up making any money then consider funding the OpenBSD
project for the future sake of the business you just started. - OpenBSD is
not a business but a project - nevertheless it requires a lot of effort and
expense and does need funding.

-Andy

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Wijnand Wiersma
Sent: 24 March 2006 14:19
To: Gabriel George POPA; misc@openbsd.org
Subject: Re: copying software from the official iso

On 3/24/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote:

> It seems to me quite a dangerous discussion. Why not security updates
> for money? SuSE has made a lot of money...
> I know you already discussed this, but this feature will make OpenBSD
> VERY popular.

No, that would decrease popularity.

Wijnand
--
OpenBSD needs your help improving the softwareworld, please donate:
http://openbsd.org/donations.html

Yes big code using companies, that includes you!



Re: FTP Issues

2006-03-24 Thread Per-Olov Sjoholm
On Friday 24 March 2006 14:38, you wrote:
> Hi all,
>
> I've got a problem running ftp through my PF firewall. That is the issue:
>
> - I installed a new firewall (OpenBSD 3.9) in my network to connect some
> users to the Internet through a new link. The users need to connect via
> FTP to a server located externally (Internet), so the connections must
> to pass by the PF firewall.
>
> - The firewall is working fine, except when some of the users try to
> establish a FTP connection to the outside. As soon as they connect and
> try to list the directories, after a long wait, they get disconnected.
> My firewall rules are showed at the end of the message.
>
> - Analysing the firewall's traffic, I could notice that the problem
> happens when the FTP server try to make a new connection back to the
> client using I high port. I got some tutorials explaining how to solve
> this problem using ftp-proxy and some PF rules/rdr, but none of the them
> seem to work for me.
>
> Does anyone here has an idea *how I can solve this question?
>
> *Ps: Sorry if the question is basic ... I consider myself a PF newbie
> since a I've worked until now only with Linux based firewalls.
>
> Thanks in advance,
>
> Hutger.
>
> ---
>
> #--- Rules begin here
>
> ext_if="pcn0"
> int_if="pcn1"
>
> ext_ip="172.21.28.20/32"
> int_ip="192.168.1.254/32"
>
> int_net="192.168.1.0/24"
>
> set skip on lo
> set state-policy if-bound
> scrub in all
>
> nat on $ext_if from $int_net -> $ext_ip
> rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port
> 8021
>
> block in all
> block out all
>
> antispoof log quick for {$ext_if,$dmz_if,$int_if} inet
>
> # Permitindo acesso ao firewall
> pass in quick on $ext_if inet proto tcp from any to $ext_ip port ssh
> keep state flags S/SA
>
> # Acessos a partir da rede local p/ Internet
> pass in quick on $int_if inet proto tcp from $int_net to any modulate state
> pass in quick on $int_if inet proto {udp,icmp} from $int_net to any keep
> state
>
> # Permitindo a saida de pacotes nas interfaces
> pass out quick on {$ext_if,$int_if} inet proto {tcp,udp,icmp} all keep
> state
>
> # FTP Proxy Inbound
> pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \
> user proxy flags S/SA keep state
>
> #--- Rules end here


It seems like:
* You specify "from" but no hosts
* You specify ftp-data as source port. But if I think it will only come from 
port 20 if the source have the rights to open ports below 1024. So I don't 
think you would really know that the source really uses port 20 as source 
port.

And you could limit to the use of only incoming high ports...

So how about a change in your ruleset..
pass in on $ext_if inet proto tcp from any to ($ext_if)  port { >=1024 } user 
proxy flags S/SA keep state


/Per-Olov
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE



Re: OpenBGPd success & question

2006-03-24 Thread Marcel Prisi

Claudio Jeker a icrit :


Normaly you prepend some AS to the smaller link to make the pathes comming

from that link more or less equal length with the other one.
You may additionally classify the prefixes by communities but that only
works if your uplink provider is setting them with some useful value.
There are some other tricks like tagging the uplinks of your uplink
provider. But your right we need AS path regex support...

 

Wow ... is it possible for the 3.9 release ? I unfortunately had my last 
C course some 6 years ago and did not practice much ... I wish I could 
help.


As the AS-path length is already a test made somewhere in the way, I 
suppose it is should not be too risky to add it ?



I may try using "prefixlen" insted ... would something like

match prefixlen > 16 set localpref +10

   



This will not make you happy. Prefixlen is not a good discriminator you
may select the worst path and end up with non optimal routing.

 

You are right, it is not a good discriminator, but I fear I have no 
other choice now ?



One important thing about traffic engineering is to know your traffic.

 


Certainly, but this is a new install ... it will take some time :-)

Thanks for your work.

--
:: Marcel Prisi - Technical Manager
--- - - -  -   - -   -

virtua.ch
web solutions

Chemin de Clamogne 27
CH - 1170 Aubonne

T. +41 21 821 15 20
F. +41 21 821 15 21 



Re: openbsd and the money -solutions

2006-03-24 Thread Brian
--- Deanna Phillips <[EMAIL PROTECTED]> wrote:


> That said, I think a wall of shame page on the OpenSSH site
> might be a good idea: one listing all those big companies
> mentioned that have never donated a dime.  Negative PR might
> result in more donations than managers receiving the minor
> annoyance message forwarded to them, which they'll simply delete
> and forget about.

Too bad openSSH couldn't just require a license fee for openSSH to
be included in OS's besides openBSD that are sold for money.  This would
include corporate use as well.  So if IBM wanted to include openSSH
in one of its products sold to someone, they would have to pay openSSH
to include it in their product or kick back to the openSSH team some percentage
of the revenue generated by that product.  

Of course, the license would have to be written so the openSSH team is not
obligated to do support.  If IBM wanted their employees to use openSSH, they
would have to pay a site license fee.  Of course, home users (non-business) and
universities would be excluded.
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



Re: openbsd and the money -solutions

2006-03-24 Thread Diana Eichert
On Fri, 24 Mar 2006, mickey wrote:

> On Fri, Mar 24, 2006 at 06:43:27AM -0700, Diana Eichert wrote:
SNIP
> > Lot's of money flowing from the US Gov't Dept of Defense?
>
> and big companies...

sorry Mickey, but I've been involved with DOD & DOE ( and it's
predecessors) for almost 25 years.

UC get's a large amount of it's research funding from the US Gov't.  Now
the do-gooder liberals in California may want you to think it's for basic
research, but I can guarantee you DOD & DOE don't spend US tax payer $$
unless there is some return in support of defense and nuclear physics
work.

diana



Re: OpenBGPd success & question

2006-03-24 Thread Claudio Jeker
On Fri, Mar 24, 2006 at 04:30:50PM +0100, Marcel Prisi wrote:
> Claudio Jeker a icrit :
> 
> >Normaly you prepend some AS to the smaller link to make the pathes comming
> >
> >from that link more or less equal length with the other one.
> >You may additionally classify the prefixes by communities but that only
> >works if your uplink provider is setting them with some useful value.
> >There are some other tricks like tagging the uplinks of your uplink
> >provider. But your right we need AS path regex support...
> >
> Wow ... is it possible for the 3.9 release ? I unfortunately had my last 
> C course some 6 years ago and did not practice much ... I wish I could 
> help.

Nope the 3.9 CDs are shipped in the next days unless someone comes up with
time travel it will be impossible. I hope it makes 4.0.

> As the AS-path length is already a test made somewhere in the way, I 
> suppose it is should not be too risky to add it ?

AS path regex support is different to checking the AS-path length.
The first one is complex the latter is simple.

> >>I may try using "prefixlen" insted ... would something like
> >>
> >>match prefixlen > 16 set localpref +10
> >>
> >
> >This will not make you happy. Prefixlen is not a good discriminator you
> >may select the worst path and end up with non optimal routing.
> >
> You are right, it is not a good discriminator, but I fear I have no 
> other choice now ?
> 

As I said you should work with prepend-neighbor to make incomming AS path
of the less prefered provider longer. By makeing all aspath from the
neighbor longer you move more traffic to your primary link.
Normaly a set prepend-neighbor 1 is already enough.

> >One important thing about traffic engineering is to know your traffic.
> >
> Certainly, but this is a new install ... it will take some time :-)
> 

-- 
:wq Claudio



Re: Sendmail security problem

2006-03-24 Thread Joachim Schipper
On Fri, Mar 24, 2006 at 02:14:50PM +, Stuart Henderson wrote:
> On 2006/03/24 14:12, Alexander Bochmann wrote:
> > ...on Thu, Mar 23, 2006 at 12:22:37PM +0100, Anthony Howe wrote:
> > 
> >  > I installed 8.13.6 last night from the source tar ball on two machines 
> >  > (one is OpenBSD 3.6, the other an old Linux box). Appears to be chugging 
> >  > along happily. Can't speak to the specific security issue though.
> > 
> > Replacing OpenBSDs sendmail with sendmail.org's version 
> > is a non-issue (as in "just works") on any OpenBSD version 
> > which ships >= 8.12. 
> > 
> > If in doubt, /usr/src/gnu/usr.sbin/sendmail/Makefile.inc 
> > contains the ENVDEFs to add to site.config.m4.
> 
> The patch is in 3.8-stable now, and -current has 8.13.6, so
> people following either of these just need to update.

I am pretty certain a fix was imported for 3.7-stable, too.

Joachim



Re: openbsd and the money -solutions

2006-03-24 Thread Deanna Phillips
"Andris Delfino" <[EMAIL PROTECTED]> writes:

> Don't do that, that is extortion. 

Well, it needn't be so severe.  It could simply be an addition
to the users page ( http://www.openssh.org/users.html ) with
parenthetical notes such as:

( has donated to the project --  thank you. )

next to those that have, and either a mild admonition or glaring
emptiness next to the others.

-- 
deanna



DC, SATA ok nowadays?

2006-03-24 Thread Toni Mueller
Hi,

I'm trying to get an idea about the next machine I'm going to purchase.
So far, I'm aiming at some Opteron box (AMD 270 HE Dual-Core CPU? - DC
series being claimed the only ones left having 940 sockets), possibly
with SATA drives this time. The vendor I asked so far suggested using
3ware controllers, but I think I remember seeing posts about both SATA
problems in general, and 3ware problems in particilar. I was perusing
Google and MARC to find some of them again. What I don't know if these
things have matured enough to be relied upon, and also I don't know if
this technology is good enough to rely on... or if this is only a new
way of selling overpriced crap.

If you have any recommendations about such a box, which should work as
a generic server (reliability and durability is more important than
speed or the last few Euros in price this time), I'll be glad to hear
them!

Thank you!


Best,
--Toni++



Re: openbsd and the money

2006-03-24 Thread Pedro Timóteo

Alexander Bochmann wrote:

..on Fri, Mar 24, 2006 at 02:52:55PM +0100, Alexander Bochmann wrote:

 > So it's probably easier to get a company 
 > to order a few hundred CDs instead of a donation.


By the way, the golden CD signed by all core 
developers for $9000 might just be the thing 
to add to the store. :)


Alex.
  

Or, like someone suggested a couple of weeks ago:

"OpenBSD Enterprise Edition": it's exactly the same software, but comes 
on 20 (mostly empty) CDs, and costs 100 times as much. :)


A bit more seriously, some PHBs would actually like that - they feel 
much more comfortable when using something ridiculously expensive, 
because it doesn't feel so "cheap". Stupid, of course... but then, we're 
talking pointy-haired bosses here.




NIC question (SysKonnect)

2006-03-24 Thread Ed Vazquez
I hope that I'm just missing the obvious whilst looking for Zebras...

OpenBSD 3.8 and 3.9-current.

i386 architecture, GENERIC kernel build.

SysKonnect SK-9D21 10/100/1000 Copper NIC.

Per the  page, this
should be the Broadcom BCM570x driver (bge).

However, on boot, the dmesg reports:

unknown vendor 0x14bc product 0xd002 (class network subclass
miscellaneous, rev 0x01) at pci0 dev 12 function 0 not configured

Driver lines:

bge*at pci? # Broadcom BCM570x (aka Tigon3)
bmtphy* at mii? # Broadcom 10/100 PHYs
brgphy* at mii? # Broadcom Gigabit PHYs

are "on" by default, so it _should_ be working...

I double-checked by swapping this card into my WinBox (yes yes, but
commercial reality is what it is and I have to support the Redmond
Beast on occasion), and it detected as a SK-9D21 and the SysKonnect
drivers are installable and pass traffic.

Silk-screen identification on the card also marks this as a
"SK-9D21" device.

Help?  Can I provide better data (let me know how)?

Thanks,

-- 
Ed V.

IBM: Incredibly Bullying Menace



Re: openbsd and the money -solutions

2006-03-24 Thread Ryan Fox
(I'm so sorry that I'm continuing this thread...)

There is quite a conflict between the core developers that don't wish to 
spend their time nicely holding newbies' hands (frankly, I don't want 
them to spend their time on that either),  and the touchy-feely people 
that think OpenBSD would progress further by not flaming to oblivion 
every new user that haplessly posts an uninformed question to [EMAIL PROTECTED]

Both sides are right.

Why don't we have separate lists?  One for general questions, and gently 
guiding new users to the FAQ and man pages?  It can be all fuzzy and 
warm; a place for pleasantries. And a separate list for more experienced 
users that want to dwell in the lair of dragons.  Posters get access to 
the top people to help resolve issues, but asking a dumb question will 
get them ignored (at best).

I think this would be very beneficial to OpenBSD.  New, dumb users don't 
take up developer time, and don't get the insults that come with it.  I 
really think we have the separate lists now, with misc@ and [EMAIL PROTECTED]  
The 
description for misc is "General user questions and answers. This is the 
most active list, and should be the "default" for most questions."  This 
seems like the newbie list to me.  And tech@ is "Discussion of technical 
topics for OpenBSD developers and advanced users. This is *not* a "tech 
support" forum, do not use it as such. OpenBSD developers will often 
make patches to implement new features and other important changes 
available for public testing through this list."  Wonderful!

Powers that be, what say you?

Ryan Fox

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of rfox.22208DEFANGED-vcf]



Re: openbsd and the money

2006-03-24 Thread Hannah Schroeter
Hi!

On Fri, Mar 24, 2006 at 02:52:55PM +0100, Alexander Bochmann wrote:
>...on Fri, Mar 24, 2006 at 01:42:48PM +0100, Hannah Schroeter wrote:

> > I don't actually understand what that whining about tax deduction is
> > about.

>My guess is that it's not about the tax deduction in 
>itself (although that certainly helps), it's about 
>the receipt.

>Companies very much like to generate a proper paper 
>trail when they hand out money, and not only for the 
>tax office. So it's probably easier to get a company 
>to order a few hundred CDs instead of a donation.

At least here in Europe, you *do* get a paper trail if you use
bank money transfers. Just as OpenBSD have setup it now (which
is definitely a good move; if there's an account in Germany,
I'll seriously consider doing an automated periodical donation,
small, but regular, dunno whether that also works for non-German
Euro zone bank accounts as target though, if not, then single
manual donations have to do for me).

>[...]

Kind regards,

Hannah.



Re: openbsd and the money -solutions

2006-03-24 Thread Stuart Henderson
On 2006/03/24 11:20, Ryan Fox wrote:
> Why don't we have separate lists?  One for general questions, and gently 
> guiding new users to the FAQ and man pages?

Like misc@ and http://mailman.theapt.org/listinfo/openbsd-newbies, you mean?



Re: openbsd and the money -solutions

2006-03-24 Thread Hannah Schroeter
Hi!

On Fri, Mar 24, 2006 at 11:20:19AM -0500, Ryan Fox wrote:
>Why don't we have separate lists?  One for general questions, and gently 
>guiding new users to the FAQ and man pages?  It can be all fuzzy and 
>warm; a place for pleasantries. And a separate list for more experienced 
>users that want to dwell in the lair of dragons.  Posters get access to 
>the top people to help resolve issues, but asking a dumb question will 
>get them ignored (at best).

There *is* already a newbies list IIRC.

I'm not on it, how much traffic is it (I just figured that'd be a way to
help the project, too, in some way, to be there and answer questions
occasionally)?

>[...]

Kind regards,

Hannah.



Re: openbsd and the money

2006-03-24 Thread Jason Dixon

On Mar 24, 2006, at 10:13 AM, Pedro Timsteo wrote:


Alexander Bochmann wrote:

..on Fri, Mar 24, 2006 at 02:52:55PM +0100, Alexander Bochmann wrote:

 > So it's probably easier to get a company  > to order a few  
hundred CDs instead of a donation.


By the way, the golden CD signed by all core developers for $9000  
might just be the thing to add to the store. :)


Alex.


Or, like someone suggested a couple of weeks ago:

"OpenBSD Enterprise Edition": it's exactly the same software, but  
comes on 20 (mostly empty) CDs, and costs 100 times as much. :)


A bit more seriously, some PHBs would actually like that - they  
feel much more comfortable when using something ridiculously  
expensive, because it doesn't feel so "cheap". Stupid, of course...  
but then, we're talking pointy-haired bosses here.


Been there, done that.

http://marc.theaimsgroup.com/?l=openbsd-misc&w=2&r=1&s=enterprise 
+bundle+dixon&q=b


Tons of positive responses, not a single order was placed.  Talk is  
cheap.



--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



Re: openbsd and the money

2006-03-24 Thread Greg Thomas
On 3/24/06, frantisek holop <[EMAIL PROTECTED]> wrote:
>
> "Anyone who has ever decided not to go back to a resturaunt
> that has good food because of shitty service is in the same
> boat here."
>

Everyone uses OpenSSH so that's a stupid analogy or everyone's a hypocrite.

Anyway, the service is fine here.   I can get OpenSSH/OpenBSD served
whenever I want and when there's something wrong with my dish it gets
fixed quickly.  What more can I ask for?

Greg



Re: Bank transfers for donating

2006-03-24 Thread Mike Shaw
As an experiment, I'm going to donate a nice, large sum via this
method.  Somewhere in the process we'll toss a label of "military
grade encryption".

I've calculated out the costs, and when you add up the resulting free
room and board...it actually results in a profit.

-Mike

On 3/23/06, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> Until earlier today I was unaware that it is much easier for Europeans
> to donate via direct bank transfers.  Apparently bank transfers,
> compared to paypal or credit card transactions, are more reliable,
> more secure, and very inexpensive.  (Between countries in the Euro zone
> they may not cost more than a national bank transfer would).



Re: OpenBGPd success & question

2006-03-24 Thread Karl Austin

Claudio Jeker wrote:

But your right we need AS path regex support...
  
Funny you should mention that, I've just been speaking with Henning 
about the exact same thing - Although more for classifying routes on 
ingress than for pure TE alone.


Cheers,

Karl



Re: NIC question (SysKonnect)

2006-03-24 Thread Stuart Henderson
On 2006/03/24 09:24, Ed Vazquez wrote:
> unknown vendor 0x14bc product 0xd002 (class network subclass
> miscellaneous, rev 0x01) at pci0 dev 12 function 0 not configured

That sounds like a PCI ADSL card (14bc=Globespan).

> Help?  Can I provide better data (let me know how)?

_Complete_ dmesg.



Re: openbsd and the money

2006-03-24 Thread Theo de Raadt
>  > So it's probably easier to get a company 
>  > to order a few hundred CDs instead of a donation.
> 
> By the way, the golden CD signed by all core 
> developers for $9000 might just be the thing 
> to add to the store. :)

After it costs $8500 to get it Fedex'd back and forth all over the
world to ensure that all the developers get to sign it?

Boy you guys are sure clever  thanks for another idea we can
throw in the trash can.

That said, when 4.0 comes out there will likely be an audio CD made of
all 11 of the songs, with artwork to match, sold seperately.



Re: openbsd and the money -solutions

2006-03-24 Thread Ted Unangst
On 3/24/06, chefren <[EMAIL PROTECTED]> wrote:
> Demand something like $50 a year for access to the ftp.openbsd.org now!!!

great idea.  that's $50 from ibm, $50 from sun, $50 from redhat, and
$50 from apple.  $200 sounds about right to cover all the expenses.

in case the project ends up using a little more than $200 for
electricity this year, you'll cover the spread, right?



Re: openbsd and the money

2006-03-24 Thread Theo de Raadt
>  > I don't actually understand what that whining about tax deduction is
>  > about.
> 
> My guess is that it's not about the tax deduction in 
> itself (although that certainly helps), it's about 
> the receipt.
> 
> Companies very much like to generate a proper paper 
> trail when they hand out money, and not only for the 
> tax office. So it's probably easier to get a company 
> to order a few hundred CDs instead of a donation.

These are not people who want to give.  They want to give
without giving.  They simply want to focus their money into
being a writeoff, which means that our taxation systems
increasingly place more and more of a burden on individuals,
and less of a burden on companies.

> (On the other side, I don't know how the incoming 
> donations are handled by OpenBSD, but they most 
> probably are also subject to taxation somewhere.)

They are not taxed -- there is no tax on a gift.  In 10 years
of receiving donations we have never paid a cent to in tax
on them, because someone else somewhere in the world already
gave them to us post-tax.  Again -- there is no tax on gifts.



Re: openbsd and the money

2006-03-24 Thread Stuart Henderson
On 2006/03/24 15:13, Pedro Timsteo wrote:
> Or, like someone suggested a couple of weeks ago:
> 
> "OpenBSD Enterprise Edition": it's exactly the same software, but comes 
> on 20 (mostly empty) CDs, and costs 100 times as much. :)

Same CD set, booklet turned around to display a boring
alternative cover printed on the back for the people that
like that sort of thing...



Re: openbsd and the money -solutions

2006-03-24 Thread Greg Thomas
On 3/24/06, Ryan Fox <[EMAIL PROTECTED]> wrote:
>
> There is quite a conflict between the core developers that don't wish to
> spend their time nicely holding newbies' hands (frankly, I don't want
> them to spend their time on that either),  and the touchy-feely people
> that think OpenBSD would progress further by not flaming to oblivion
> every new user that haplessly posts an uninformed question to [EMAIL 
> PROTECTED]

Now the discussion has drifted away from the subject of financing.

>
> Both sides are right.
>
> Why don't we have separate lists?  One for general questions, and gently
> guiding new users to the FAQ and man pages?

This has been discussed ad infinitum.  There are 3 lists, misc, tech,
and openbsd-newbies:

http://undeadly.org/cgi?action=article&sid=20040319073626

Greg



Re: openbsd and the money -solutions

2006-03-24 Thread David Terrell
On Thu, Mar 23, 2006 at 08:17:42PM -0700, Theo de Raadt wrote:
> > http://www.digg.com/linux_unix/OpenBSD_needs_a_major_donor
> > http://bsd.slashdot.org/article.pl?sid=06/03/21/1555243
> > 
> > No one seems to care (unless donations have shot up and Theo, et. al.
> > haven't mentioned it)
> 
> >From what I see, we have received a mini flood of donations, which
> means there will soon be a drought.  It is already slowing down a lot.
> In the end, it will not be enough, unless there is another "funding
> drive" just like this in another 6 months.
> 
> If I can try to estimate the situation, having seen how it works
> before.. hold onto your seats, this is confusing:
> 
> In the end, 50% of what we have gotten we would have received anyways
> from nice donators over the coming 6 months.  So we will have received
> about twice as much as normal, but just sooner.  Of course, since this
> rush was driven by a press deluge on this issue (just check
> news.google), people will very quickly forget, and not wish to help us
> again quite as soon.  As I said, it is already slowing down.  There
> are a finite number of people who can be reached directly via even
> these information forums...

One thing you can do is extend the conversation, politely, to your
local LUG/BUG/UUG mailing list (which I imagine many of us are on.)
Some of them will have seen it on slashdot, but many won't.  Bringing in
new donors and interested people in OpenSSH will help more than us all
chipping in what we would have already (full disclosure:  I'm a lapsed
CD buyer who right now placed his first CD order in a couple years).

-- 
David Terrell
[EMAIL PROTECTED]
http://meat.net/



Re: openbsd and the money -solutions

2006-03-24 Thread Spruell, Darren-Perot
From: [EMAIL PROTECTED]
> > That said, I think a wall of shame page on the OpenSSH site
> > might be a good idea: one listing all those big companies
> > mentioned that have never donated a dime.  Negative PR might
> > result in more donations than managers receiving the minor
> > annoyance message forwarded to them, which they'll simply delete
> > and forget about.
> 
> Too bad openSSH couldn't just require a license fee for openSSH to
> be included in OS's besides openBSD that are sold for money.
> This would
> include corporate use as well.  So if IBM wanted to include openSSH
> in one of its products sold to someone, they would have to pay openSSH
> to include it in their product or kick back to the openSSH 
> team some percentage
> of the revenue generated by that product.

Complicating licensing and reducing freedom obviously don't fit project
goals. 

Better approach. How about said companies belly up and support the group
that enables them (in part) to enjoy the financial success they have? 

You shouldn't *have* to levy a license against somebody to get them to show
some appreciation. Call it the moral right thing, or social responsibility,
or whatever. It's not about paying for services or products. If that was the
goal, don't you think that would have been put in place up front and called
OpenSSH ClosedSSH and sold commercially? Ditto for OpenBSD? 

What is lacking is the symbiotic relationship that the corporations that are
in a place to support the project don't currently care to engage in. For
these companies, a parasitic approach is appropriate and they will simply
take from the project (which, yes, they are entitled to because of the free
licensing, BUT...) and never *give* back. This is parasitic. These
organizations need to step up and enable the project that enables them.
Leveraging licensing against them shouldn't be (and isn't) required. Period.
A little goodwill, or charity, or responsibility or logic may be.
 
> Of course, the license would have to be written so the 
> openSSH team is not
> obligated to do support.

Yet amazingly, the current license already is. YOU'RE FIXING THE WRONG
PROBLEM. The problem to fix is _why don't the moneybag corporations
contribute to the project that enables them to be successful?_ That problem
is not fixed by compromising values and convoluting licensing. And its not
fixed by bludgeoning them with a license clause. You're coming back to the
realm of commercial software again.

> If IBM wanted their employees to 
> use openSSH, they
> would have to pay a site license fee.  Of course, home users 
> (non-business) and
> universities would be excluded.

Sounds convoluted.

DS



Re: NIC question (SysKonnect)

2006-03-24 Thread Ed Vazquez
Stuart Henderson wrote:
> On 2006/03/24 09:24, Ed Vazquez wrote:
>> unknown vendor 0x14bc product 0xd002 (class network subclass
>> miscellaneous, rev 0x01) at pci0 dev 12 function 0 not configured
> 
> That sounds like a PCI ADSL card (14bc=Globespan).
> 
>> Help?  Can I provide better data (let me know how)?
> 
> _Complete_ dmesg.
> 

OK, here's the full dmesg from 3.9-current (which is what I
installed this morning...), I should have included it earlier, so my
apologies for the oversight.

Yes, there's a ADSL card in there that I haven't configured yet, so
maybe I'm mistaking it for the SysKonnect (which isn't appearing in
dmesg or ifconfig -a at all now that I look at it with the above
information).  When I plug a network cable into the SysKonnect, I
get the standard line/activity lights, so I know it's getting
voltage from the PCI bus and the switch reports the line as
"active".  The Winbox testing seems to indicate that the card is
functional as well.

There is an Adaptec card in place, but I'm having the commonly
reported "tx underrun" issue which is why I'm trying to replace it
with the SysKonnect.

# ifconfig -a
lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
sf0: flags=8843 mtu 1500
lladdr 00:00:d1:ee:cc:45
groups: egress
media: Ethernet autoselect (none)
status: active
inet6 fe80::200:d1ff:feee:cc45%sf0 prefixlen 64 scopeid 0x1
inet 192.168.0.36 netmask 0xffc0 broadcast 192.168.0.63
sf1: flags=8802 mtu 1500
lladdr 00:00:d1:ee:cc:46
media: Ethernet autoselect (none)
status: no carrier
sf2: flags=8802 mtu 1500
lladdr 00:00:d1:ee:cc:47
media: Ethernet autoselect (none)
status: no carrier
sf3: flags=8802 mtu 1500
lladdr 00:00:d1:ee:cc:48
media: Ethernet autoselect (100baseTX)
status: active
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 1460
enc0: flags=0<> mtu 1536

# cat /var/run/dmesg.boot
OpenBSD 3.9-current (GENERIC) #0: Fri Mar 17 11:21:52 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache)
351 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 536387584 (523816K)
avail mem = 482525184 (471216K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(57) BIOS, date 10/11/00, BIOS32 rev. 0 @
0xfb230
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xb6a4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdcd0/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 3 5 10 11
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB ISA" rev
0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000
cpu1 at mainbus0: (uniprocessor)
cpu1: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache)
351 MHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64 GZ" rev 0x7a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 12982MB, 26588016 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev
0x01pci_intr_map: no mapping for pin D
: couldn't map interrupt
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMI
iic0 at piixpm0
iic0: addr 0x2d 00=02 01=4d 02=4f 03=d4 04=6a 05=96 06=18 07=02
08=ab 09=8f 0a=05 0b=61 0c=56 0d=bd 0e=25 0f=54 10=21 11=55 12=87
13=8c 14=46 15=17 16=25 17=e8 18=3d 19=2d 1a=21 1b=22 1c=04 1d=b2
1e=00 1f=00 20=7d 21=00 22=d8 23=bf 24=bf 25=ba 26=c0 27=18 2b=f1
2c=83 2e=00 2f=06 30=3e 31=04 32=27 33=04 34=17 35=20 36=01 37=10
38=12 39=32 3a=29 3b=f0 3c=4c 3d=42 3e=05 3f=10 40=05 41=cf 42=1f
45=ef 46=7f 47=f0 48=2d 49=40 4a=00 4b=40 4c=40 4d=40 4e=05 4f=00
50=05 51=00 52=00 55=ef 56=7f 57=f0 58=2d 59=40 5a=40 5b=40 5c=40
5d=40 5e=40 5f=00 60=7d 61=00 62=d8 63=bf 64=bf 65=ba 66=c0 67=18
6b=f1 6c=83 6e=00 6f=06 70=3e 71=04 72=27 73=04 74=17 75=20 76=01
77=10 78=12 79=32 7a=29 7b=f0 7c=4c 7d=42 7e=05 7f=10 80=02 81=4d
82=4f 83=d4 84=6a

Re: openbsd and the money -solutions

2006-03-24 Thread Spruell, Darren-Perot
From: [EMAIL PROTECTED] 
> Why don't we have separate lists?  One for general questions, 
> and gently 
> guiding new users to the FAQ and man pages?  It can be all fuzzy and 
> warm; a place for pleasantries. And a separate list for more 
> experienced 
> users that want to dwell in the lair of dragons.  Posters get 
> access to 
> the top people to help resolve issues, but asking a dumb 
> question will 
> get them ignored (at best).

And a quick Google search reveals that this is a.) a dead horse, b.) already
in place:

http://mailman.theapt.org/listinfo/openbsd-newbies

DS



Re: Site indexing application

2006-03-24 Thread Bryan Irvine
On 3/21/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote:
> Hello misc,
>
>I must install a search facility for my site. Do you know what is the
> most appropriate (Harvest, ht://Dig, Nutch?). I've used Nutch (from
>  Apache.org) before on my old Slackware 10.1 machine and I didn't like
> it very much (a lot of things to be done by hand). I'm asking that
>  because I know the chroot(2) facility that Apache has on OpenBSD can
> cause a lot of trouble.

ht://Dig works well for a quick'n'dirty solution.  For something more
in-depth have a look at lucene, (I think it's been taken over by
apache now as well).

--Bryan



Re: OpenBSD and the money

2006-03-24 Thread Michael Favinsky
On a more productive note...

>From the Donations page:

Simply send a donation cheque in CDN/US/EUR funds made out to Theo de Raadt,
since
cheques made out to "OpenBSD" cannot be cashed.

This creates a problem for companies that want to make donations. I think we
all agree we'd rather see larger donations from companies / corporate
entities than the revenue brought in from a T-shirt or a small individual
donation.

However, most companies are either unwilling or unable to cut a check to
"Some guy in Canada." Writing a check to Theo de Raadt in Canada is
logistically either very difficult or simply impossible. We have to get
approvals, PO's, go through accounting departments, etc. Imagine having to
explain to some beancounter that you have to send some guy in a foreign land
a personal check. We want to donate, our direct management agrees, but
getting it through accounting is impossible given these circumstances.

There are some things that would help companies/corporations donate to
OpenBSD.

1) Create a DBA (Doing Business As) or some other functional entity named
"OpenBSD" that can have a check written to it. It's a lot easier to get a
check written to a business than to an individual.

2) Lots of companies can't send money out until they "get a bill." There
needs to be some way to generate a "donation invoice" that can be taken to
accounting. We need to be able to present our accounting departments with
paperwork that says something to the effect of "We owe OpenBSD $1000."


-Original Message-
From: Theo de Raadt [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 23, 2006 11:52 AM
To: Peter Fraser
Cc: misc@openbsd.org
Subject: Re: OpenBSD and the money 

We have nowhere to start.  Alberta does not care about what we do.
This is an oil place, not a IT place.



Re: openbsd and the money

2006-03-24 Thread Oliver Peter
On Fri, Mar 24, 2006 at 10:29:19AM -0700, Theo de Raadt wrote:
> That said, when 4.0 comes out there will likely be an audio CD made of
> all 11 of the songs, with artwork to match, sold seperately.

The songs are great - but like open{bsd,ssh} already at the public ftp
servers. I don't think that there will be so many dudes who will pay
for 9 old and only 2 new songs about 20-30 USD - even the artwork is
great as usual. Such a production will not cover the original costs.

Maybe our friends of humppa.com will make a "Humppa OpenBSD Support
Tour 2006" or add them to the 11 OpenBSD songs.

-- 
Oliver Peter, email: [EMAIL PROTECTED], ICQ# 113969174
"Worker bees can leave. Even drones can fly away. The Queen is their slave."



Re: openbsd and the money

2006-03-24 Thread Jason Dixon

On Mar 24, 2006, at 1:48 PM, Kevin wrote:

We can (and do) have the company purchase one copy of each release  
CD set.

I might be able to convince them to go for Jason Dixon's offer (if
it's still valid), though it might need a little polishing to be
buzzword-compliant.


If there is interest, the offer is still valid.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



how do I make the history file created by ksh readable?

2006-03-24 Thread Bryan Brake
I am taking an "Intro to UNIX" class at school. 
The teacher has asked that we send him a copy of 
our .history files to show what steps we used to 
complete certain assignments.  I was able to setup 
the history in my .profile by reading ksh(1), but 
after I rebooted and issued a few commands, I 
looked at the .hist file I created, but it 
doesn't look the way I expected.


It looks like this:

<.hist10512


This is all on one line.

I can decode it well enough.  There is gibberish, 
then a letter (A,B,C, etc), then the command I put 
in.


Is there a way to configure ksh to make the 
commands display one command per line, or will I 
have to edit it manually.


I use bash on other machines, and .bash_history 
has each command on one line.  I realize ksh isn't 
the same.  Maybe I should build bash from ports...


Thanks for the help.  I love OpenBSD...
Bryan



Re: openbsd and the money

2006-03-24 Thread Kevin
On 3/24/06, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> These are not people who want to give.  They want to give
> without giving.  They simply want to focus their money into
> being a writeoff, which means that our taxation systems
> increasingly place more and more of a burden on individuals,
> and less of a burden on companies.

Corporations are not people,  a corporation exists to "maximize
shareholder value", thus writeoffs.

As an employee of a corporation, my options for directing funding
towards OpenBSD are limited -- I can't ask finance write a check for a
pseudorandom dollar amount to "Theo De Raadt".

My department has budgets for hardware, software, support, salary,
consulting, but no category for "I just want to give".

We can (and do) have the company purchase one copy of each release CD set.
I might be able to convince them to go for Jason Dixon's offer (if
it's still valid), though it might need a little polishing to be
buzzword-compliant.


> They are not taxed -- there is no tax on a gift.

And with gifts to a 501(c)(3). my employer will match $2 for every $1
donated, up to $500.  A lot of "free" money is being left on the table
right there.

OTOH, were I to found a 501(c)(3) "OpenBSD Foundation", the strict
"conflict of interest" policy would almost certainly prohibit me from
soliciting any donations from my employer.

Kevin



Re: how do I make the history file created by ksh readable?

2006-03-24 Thread Otto Moerbeek
On Fri, 24 Mar 2006, Bryan Brake wrote:

> I am taking an "Intro to UNIX" class at school. The teacher has asked that we
> send him a copy of our .history files to show what steps we used to complete
> certain assignments.  I was able to setup the history in my .profile by
> reading ksh(1), but after I rebooted and issued a few commands, I looked at
> the .hist file I created, but it doesn't look the way I expected.
> 
> It looks like this:
> 
> < PROTECTED]@^Bls [EMAIL PROTECTED]@[EMAIL PROTECTED]@^Cvi .hist10512
> 
> This is all on one line.
> 
> I can decode it well enough.  There is gibberish, then a letter (A,B,C, etc),
> then the command I put in.
> 
> Is there a way to configure ksh to make the commands display one command per
> line, or will I have to edit it manually.
> 
> I use bash on other machines, and .bash_history has each command on one line.
> I realize ksh isn't the same.  Maybe I should build bash from ports...
> 
> Thanks for the help.  I love OpenBSD...
> Bryan

ksh uses a binary format for the history file.

To get a human-readable history, use "history > file".

-Otto



Re: how do I make the history file created by ksh readable?

2006-03-24 Thread Adam
On Fri, 24 Mar 2006 11:44:26 -0800 Bryan Brake <[EMAIL PROTECTED]> wrote:

> Is there a way to configure ksh to make the 
> commands display one command per line, or will I 
> have to edit it manually.

Just type "history" and it will display it nicely for you.

Adam



Re: how do I make the history file created by ksh readable?

2006-03-24 Thread Steve Tornio

Bryan Brake wrote:
I am taking an "Intro to UNIX" class at school. The teacher has asked 
that we send him a copy of our .history files to show what steps we used 
to complete certain assignments.  I was able to setup the history in my 
.profile by reading ksh(1), but after I rebooted and issued a few 
commands, I looked at the .hist file I created, but it doesn't look 
the way I expected.


Does it have to be a .history file?  Way back when I took classes, we 
used script(1), which has the benefit of a fixed start and end point, as 
well as providing the screen output of the command results.


Example typescript file:

Script started on Fri Mar 24 14:05:04 2006
$ echo "howdy"
howdy
$ exit

Script done on Fri Mar 24 14:05:14 2006



Re: how do I make the history file created by ksh readable?

2006-03-24 Thread Bryan Brake

Adam wrote:

On Fri, 24 Mar 2006 11:44:26 -0800 Bryan Brake <[EMAIL PROTECTED]> wrote:

Is there a way to configure ksh to make the 
commands display one command per line, or will I 
have to edit it manually.


Just type "history" and it will display it nicely for you.

Adam

Many thanks to Adam, Otto, and Steve.  I will have 
to take a look at this "history" command more 
thoroughly...


Bryan



Re: openbsd and the money

2006-03-24 Thread Diana Eichert
On Fri, 24 Mar 2006, Kevin wrote:
SNIP
> We can (and do) have the company purchase one copy of each release CD set.
> I might be able to convince them to go for Jason Dixon's offer (if
> it's still valid), though it might need a little polishing to be
> buzzword-compliant.

Jason't offer is still available per an e-mail conversation I just had
with him.  You can't ask for much more than what Jason offered.
http://www.dixongroup.net/openbsd_bundle_tos.html

diana



Re: how do I make the history file created by ksh readable?

2006-03-24 Thread Matthias Kilian
On Fri, Mar 24, 2006 at 11:44:26AM -0800, Bryan Brake wrote:
> Is there a way to configure ksh to make the 
> commands display one command per line, or will I 
> have to edit it manually.

Just redirect the output of fc -nl to a file.

Ciao,
Kili

-- 
tabs are holier than spaces
-- Theo de Raadt



Re: Broadcom BCM5701 NICs: Only ICMP, no TCP/UDP?

2006-03-24 Thread Nick Guenther
On 3/23/06, Alexander Neumann <[EMAIL PROTECTED]> wrote:
> Hi,
>
> * Ted Unangst <[EMAIL PROTECTED]> wrote:
> > On 3/23/06, Alexander Neumann <[EMAIL PROTECTED]> wrote:
> > > I tried to install OpenBSD 3.8 on a box with two Gigabit 3Com cards with
> > > Broadcom BCM5701 chipset. I set up networking, configured the ip address,
> > > set the default route, put the nameserver into the resolv.conf file. 
> > > Pinging
> > > the nameserver works, resolving dns names and doing anything over tcp or 
> > > udp
> > have you tried something like ftp to the gateway?  i think it's
> > unlikely a nic could somehow only work with icmp.
>
> Today I was able to send and receive some data with netcat, but still no
> ftp, no dns. Any further ideas?
>

Keep going with netcat. What commands did you use exactly? Using
netcat proves that it TCP and UDP do in fact work, so this would seem
to be some other problem. My best guess is a firewall is blocking you.
In your favourite scripting language, try
i=0
while 1:
  i+=1
  system("echo $i | nc host $i")
  system("echo $i | nc -u host $i")

And have another script on the other side listening.

-Nick



Re: openbsd and the money -solutions

2006-03-24 Thread James Mackinnon

Hey

I don't usually say much on the mailing list, but if I could make just 1 
suggestion, offer CD's, posters and BSDWare VIA Paypal payments.


I know myself, I dumped my credit cards because, well, I like to spend, But 
I have replaced that with my paypal usage and would use paypal to purchase 
BSD stuff for sure..


I love BSD, I sell the idea of openBSD to everyone I talk to and have 
recently sat in a business meeting and during this, I have worked on 
convincing a company that has ISA server running to replace that junk with 
OpenBSD PF/ISAKMPD because it blows the doors off of ISA in performance and 
rebuild time and is much more flexable in tools available and well, its not, 
ISA  :)


I get my company to buy the a CD set every 6 months, I'm a little behind on 
3.9 (I never purchase right away)  so I will get that hashed out First of 
next week and get it ordered up..


If you do offer paypal for the stuff above, I will buy more frequently as to 
do my part to help support the System I trust with my systems/network 
security.


I will send a donation now as well as I can do that VIA paypal (won't be 
large, but it will be a donation)


Anyhow, Just wanted to mention that. It might go on deaf ears, but I'm just 
trying to offer a suggestion that would possibly get more orders with little 
work on setting it up.


NOTE: If someone already suggested this, and it got slammed down or 
something, I'm sorry, I have read as much of the postings I can so I might 
have missed some.


James Mackinnon
Devantec Solutions

- Original Message - 
From: "Theo de Raadt" <[EMAIL PROTECTED]>

To: <[EMAIL PROTECTED]>
Cc: 
Sent: Thursday, March 23, 2006 7:02 PM
Subject: Re: openbsd and the money -solutions



I did not mean to step on another sacred cow - I really only wanted to
suggest redirecting this thread toward workable solutions.


The problem is that many of the "workable solutions" people are
suggesting are completely ridiculous.

They are in the catagory of "Cater to me, the entire world is just
like me" when we know is not true.

Now please, you are keeping many of us from the source code.




Re: openbsd and the money

2006-03-24 Thread Jason Dixon

On Mar 24, 2006, at 3:14 PM, Diana Eichert wrote:


On Fri, 24 Mar 2006, Kevin wrote:
SNIP
We can (and do) have the company purchase one copy of each release  
CD set.

I might be able to convince them to go for Jason Dixon's offer (if
it's still valid), though it might need a little polishing to be
buzzword-compliant.


Jason't offer is still available per an e-mail conversation I just had
with him.  You can't ask for much more than what Jason offered.
http://www.dixongroup.net/openbsd_bundle_tos.html


Or the main page at http://www.dixongroup.net/?q=openbsd.


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



Re: openbsd and the money -solutions

2006-03-24 Thread Steve Tornio

James Mackinnon wrote:

If you do offer paypal for the stuff above, I will buy more frequently 
as to do my part to help support the System I trust with my 
systems/network security.


I will send a donation now as well as I can do that VIA paypal (won't be 
large, but it will be a donation)


It's your lucky day.  From http://www.openbsd.org/orders.html#cshop

Other payment methods:

* PayPal: Payments may be sent to [EMAIL PROTECTED] If you 
know the total, including shipping, like for single CD sets (see mail 
order costs below or ask us), just place a web order, select payment 
method "pre-arranged", and put a note in the comments section of the 
order that payment is being made by PayPal. Pay in either US dollars, 
Canadian dollars or Euros.




Re: openbsd and the money

2006-03-24 Thread eric
On Fri, 2006-03-24 at 15:59:31 -0500, Jason Dixon proclaimed...

> Or the main page at http://www.dixongroup.net/?q=openbsd.
 

What about a "gold" bundle that is $1000 or more? I mean, money is just
water to most corporations. If there's a legit product, hell, they pay
anything for it.



Re: Site indexing application

2006-03-24 Thread Karsten McMinn
On 3/24/06, Gabriel George POPA <[EMAIL PROTECTED]> wrote:
>
> Frank Denis wrote:
> I installed Hyper Estraier but now, because it is in chroot, it cannot
> find the libraries it depends on. I had this problem quite a few times
> with different programs. I did not have the time to solve it (with other
> programs too). What do I do: ldconfig? This is the standard method?
> ldconfig with what params? Or maybe it's better to set the
> LD_LIBRARY_PATH?


ldd normally will  take care of most of those types of issues.

swish-e isn't bad for search/indexing.



Re: NIC question (SysKonnect)

2006-03-24 Thread Stuart Henderson
On 2006/03/24 10:25, Ed Vazquez wrote:
> OK, here's the full dmesg from 3.9-current (which is what I
> installed this morning...), I should have included it earlier, so my
> apologies for the oversight.

> 0x01pci_intr_map: no mapping for pin D
> : couldn't map interrupt

Did you notice this? I'd suggest either trying the nic in another
PCI slot, or disabling any unnecessary onboard devices in the BIOS
configuration. If you don't need the ADSL card there (seeing as
it's unsupported, probably not unless you dual-boot) that would
be a good candidate to remove too.

hth...



  1   2   >