Re: Because Theo and various users told them that the projects GnoBSD and Comixwall were worthless and that they weren't contributing to OpenBSD?

[Dan Farrell]

I'd like to correct the record here, because you're Misrepresenting with a
capital "M":

Comixwall shut down beacuse Soner Tari, the guy who put it all together,
got butt-hurt after unsuccessfully trying to advertise his project on this
mailing list. Theo's apparent tough-reply was enough to make this guy
cancel his own project entirely. He literally melted down, took his toys
back home, and was never heard from again. Does that sound like a project
you would trust your home network to, much less your day-job-network?

Imagine if it were 'okay' for calomel to advertise here? If you don't
understand the question, you have some learning to do in this subject.

In light of all of this, now maybe do you think the philosophy about not
letting every tom-dick-n-harry advertising their projects here makes sense?


Very Sincerely,

Dan Farrell

On Sat, Oct 17, 2015 at 9:59 AM, français  wrote:

> I always find it amusing how OpenBSD is "audited", yet there's not one
> audit
> report on the OpenBSD website. The closest answer I've been able to find on
> the mailing list is to review all of the CVS commit logs. Yeah, that's not
> opaque in the slightest...
>
> The bigger problem with OpenBSD is it's community. In the FreeBSD world,
> you
> have PC-BSD and pfsense, both of which are generally welcomed by the
> community. With OpenBSD, there were two sister projects that tried to
> target
> a similar audience: GnoBSD and Comixwall. Comixwall was the equivalent of
> pfsense for easy router/firewall management and GnoBSD was an attempt to
> make an easy-to-use desktop. Both, however, ended up shutting down after
> Theo and various users told them that their projects were worthless and
> that
> they weren't contributing to OpenBSD.
>
> Because Theo and various users told them that their projects were worthless
> and that they weren't contributing to OpenBSD?
>
>
>
> --
> View this message in context:
>
http://openbsd-archive.7691.n7.nabble.com/Because-Theo-and-various-users-told
-them-that-the-projects-GnoBSD-and-Comixwall-were-worthless-and-t-tp280374.ht
ml
> Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Lanp equivalent web server working on OpenBSD no Apache

[Dan Farrell]

Except that you state it as something people should include as part of
their proper configuration.

Really? They should give Ted Unangst's account access to procmap?


Dan

On Mon, Feb 1, 2016 at 7:19 PM, bruce  wrote:

> I didn't, that's direct from the man page for doas.conf
>
> > On February 1, 2016 at 12:16 AM Bernd Schoeller  wrote:
> >
> >
> > On 30/01/16 21:10, bruce wrote:
> > > I've been working on this for several weeks now.
> > > Results with instructions can be seen here:
> > > http://tonyevil.zapto.org/serendipity/
> > > Any feedback welcome.
> > > httpd is too new for this to be well documented, so here is my small
> > > contribution.
> >
> > Beyond the usual problems of posting HowTos (search the list archives),
> > I find it remarkable that you give tedu access to your procmap command
> ...
> >
> > Bernd

got my 5.2 cd's today

[Dan Farrell]

Just wanted to say thank-you, and the artwork is awesome.


danno

radius authentication support for httpd

[Dan Farrell]

Hello,

Using the built-in httpd I'm wondering if it is possible to use RADIUS
authentication. I did not see a mention in the man page nor in google
searches (thought my google foo could be part of that problem).

Thank-you,

Dan Farrell

Re: Donations to OpenBSD

[Dan Farrell]

Then buy the damn CD and have it shipped to Theo.


On Wed, Aug 13, 2014 at 7:36 PM, Worik Stanton 
wrote:

> I changed the subject line
>
> On 14/08/14 10:52, Eric Furman wrote:
> > Fine, buy a T-shirt, but realize that only a small fraction of the cost
> > actually goes to OpenBSD. When you buy a CD the vast majority
> > of the cost goes to OpenBSD. Who cares whether you need the
> > CD or not. Buy if for the cool stickers. Throw the CD in the trash
> > for all I and the OpenBSD developers care.
>
> Respectfully I find that a bit offensive.  Ask me for a donation if you
> want.  But do not expect me to by an object to be manufactured, shipped
> 1/3 of the way around the globe and then I'll through it in the trash.
> Not cool at all.
>
> OpenBSD is, it seems, very cool and worth supporting.  I am
> investigating using the mechanism detailed in
> http://www.openbsd.org/bank-donation.html...
>
> Looking at https://https.openbsd.org/cgi-bin/order there seems to be no
> difference in CDs and T'Shirts in so far as where the money goes.  I do
> understand from conversations I have had that there is a difference.
>
> Lastly: IMO It is time to change.  CDs are no longer useful.  I have
> OpenBSD on a VPS so stickers are a waste of time too.  I would like to
> donate some money, but it is not easy.  I would like to know for sure
> that the money goes to the project.  For expenses or to developers, who
> spend so much time on this, to spend on whatever they want (beer, fish,
> little rubber balls...) But I will not buy things I cannot use.
>
> Worik
>
>
>
> --
> Why is the legal status of chardonnay different to that of cannabis?
>worik.stan...@gmail.com 021-1680650, (03) 4821804
>   Aotearoa (New Zealand)
>
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]

Re: syslog level and files

[Dan Farrell]

I think your complaint is answered in the blog you cite...

"rsyslog can force the pid inside the TAG to match the pid of the log
message emitter - for quite a while now. It is also easy to add additional
"trusted properties"."

Dan

On Fri, Oct 3, 2014 at 6:25 PM, Jiri B  wrote:

> On Fri, Oct 03, 2014 at 04:37:06PM -0400, sven falempin wrote:
> > Dear list,
> >
> > Why the level information of logs are not present in log files (and yes i
> > could put a certain level in a certain file but then i have to sort it
> > all..) ?
>
> Because "classic" syslog format is very free-form.
> Sorry but is this only your problem with syslog? :)
>
> There are more issues, see:
>
> - http://blog.gerhards.net/2011/11/serious-syslog-problems.html
>
> For me highest issue is one cannot trust origin of the message.
>
>   Oct  4 00:20:01 laptop1 foobar: hello world
>
> So did this message, which user, which pid?
>
> j.

Re: My OpenBSD 5.0 installation experience (long rant)

[Dan Farrell]

I agree with Holtzman's sentiment, the OP should consider himself lucky
that he hit a struggling point as early as he did, lest he hit a much
bigger "first brick wall" later down the road. Now he has the benefit of
respecting the OS while still getting a feel for it.
On Mar 7, 2012 3:21 PM, "daniel holtzman"  wrote:

> Let's all step back a moment: Leonardo is neither the first nor will he
> be the last person to be bitten by something in OpenBSD. I say we tell
> him we are sorry for his troubles, giggle a little bit, give him a
> hearty pat on the back, and shout,
>
>  "Welcome to the elite community of OpenBSD users! We're not all
>  geniuses, we don't have all the answers but we all sure as fsck like
>  a quality product and the opportunity for deep learning, especially in
>  a community of like-minded people."
>
> I think it's safe to say that _everyone_ who uses OpenBSD is necessarily
> curious by nature and understands the rigors of learning. We often
> fiddle with things and frequently make really foolish mistakes--that's
> how we learn.
>
> Leonardo will either "never, ever touch[ing] OpenBSD with a ten-foot
> pole again", or he'll become a satisfied and dedicated user. That is
> really up to him and his penchant for mastery and self-reliance. The
> opportunities for these things are huge in OpenBSD because the project
> sticks to its overriding mission, quality, in every aspect; including
> documentation.
>
> By side-effect or perhaps by design, the OpenBSD community weeds out
> those people who are not seriously dedicated. It may not welcome the
> naive and it may not hand-hold the inexperienced, but it certainly does
> not prevent the naive and inexperienced from learning. Lurk a lot. Grow
> a thicker skin. You can be sneered at and called all sorts of names. Do
> you want to work at mastering fascinating skills by some of the best in
> the industry or do you want a nice touchy-feely experience? Rarely, you
> can have both, but mostly, in real life, we have to make choices.
>
> When I first started using, and yes, "using"--like a drug (2.5 or 2.6),
> I was lucky enough to have a steady supply of old machines (i386, sparc,
> vax, ppc) and became install-happy. I'd love to show off how quickly I
> could do an install over the net. I figure that I did at least 100
> installs in my first 6 months; trying to get partitions/labels just
> right; messing things up and starting over; making a lot of mistakes.
> I've not found another OS, ever, that was so quick and easy to install.
> OpenBSD gave me the ability to learn a lot about installation that I
> wouldn't have otherwise had the patience to do. I learned a new way of
> thinking: where to "try" things and where to "do" things.
>
> So, if you've read this far, Leonardo, sorry you had problems. We _all_
> have been there and most of us go there more often than we'd like to
> admit :) Stick with it and you'll likely learn more than you can even
> fathom right now. If not, then good luck to you.
>
>
> On Mar 7, 2012, at 7:26 AM, Leonardo Sabino dos Santos wrote:
>
> > Hi,
> >
> > I want to tell you about my experience with OpenBSD.
> >
> > I'm a Linux user, but have always wanted to try OpenBSD. The last time
> > I'd tried installing it was version 4.6 and I didn't get very far.
> > That version wouldn't install on my notebook at all. The kernel
> > couldn't recognise my hard drive because of some AHCI incompatibility
> > on this notebook that I didn't have the expertise to solve, so I went
> > back to Linux for the time. Two years later, we're on version 5.0, I
> > decided to give it another try.
> >
> > So I downloaded all the package files, wrote them to a USB stick,
> > created a bootable image with GRUB, booted into the OpenBSD installer
> > and off we go. Now, this computer already had Windows 7 and Linux,
> > plus about 16 GB of unpartitioned space where OpenBSD is going. It's
> > actually the same notebook from two years ago.
> >
> > I start answering the installer's questions. Keyboard layout. Root
> > password. Configuration of network interfaces. I'm not actually paying
> > a whole lot of attention to the questions as this is just a test
> > installation and I figure I can always explore and configure the
> > system later.
> >
> > Next, the disk stuff comes up. A lot of partition information appears
> > on the screen, followed by the question:
> >
> >  Use (W)hole disk or (E)dit the MBR? [whole]
> >
> > At this point I'm actually trying to remember if there's a way to
> > scroll back the console, because some information has scrolled of the
> > screen. I try PageUp, PageDown, Ctrl-UpArrow, Ctrl-DownArrow, but
> > nothing works, so I press Enter.
> >
> > And my partition table is gone. Poof! Instantly, with no confirmation.
> > I immediately realized what had happened and rebooted. Too late. I got
> > a "No OS" message. It seems that the OpenBSD installer actually
> > overwrites the partition table the instant you press Enter.
> >
> > What sav

Re: rouge IPs / user

[Dan Farrell]

SPEWS is an excellent example of why trusting strangers on the Internet
that you can't even communicate with doesn't work.

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Nick Guenther
Sent: Friday, December 07, 2007 11:13 PM
To: OpenBSD-Misc
Subject: Re: rouge IPs / user


See, that requires trusting the other 'security experts' are actually
being honest and working for each others benefit... but that system
isn't secure, how do you distinguish 'security expert' from
'infiltrator'?
You *must* have decentralized systems/methods for this. There's no way
to combine data together, the best you can do is share techniques
which you can verify with your own logic -- except for blacklists like
SPEWS, and even then there are all sorts of politics and troubles.

-Nick

Re: openbsd game server

[Dan Farrell]

I would ask them what games they'd be interested in playing first, then
seeing if it's possible to run those games (or their functional
equivalents) on OBSD.


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of arthur
Sent: Thursday, March 20, 2008 4:32 PM
To: Openbsd Misc (E-mail)
Subject: openbsd game server

Hi All,

I am thinking about running a game server for my daughter and her
friends. Any
suggestion for a multi-user (with a gui user end). Thanks.

Arthur

Re: OpenBSD Strage Problem

[Dan Farrell]

And now you have entered the world of Peter. Welcome. Kindly check your
sanity at the door.


On BSDforums.org a few of us have tried to help him... I'm sorry, but
I've reached the conclusion that he is, well, beyond help. He doesn't
listen, and kluges and compounds his problems endlessly. Peter is what I
refer to as a "support black hole."


"A billion thanks" (a common tagline of his) if he stops requesting help
when he's not going to follow anyone's advice.


danno
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of bofh
Sent: Friday, March 14, 2008 7:28 PM
To: Peter_APIIT; misc
Subject: Re: OpenBSD Strage Problem

On Fri, Mar 14, 2008 at 7:14 PM, Peter_APIIT <[EMAIL PROTECTED]>
wrote:

> Hello all expert network administrator, i truly new to openbsd.
>
> I have some dhcp problem.


I don't know about anyone else, but I find it very rude to go ask for
help
by saying "here, go to this site, register and login and then help me"

Re: mediawiki setup

[Dan Farrell]

"Purely from a security standpoint, which is preferabe: installing the
1.9 version from packages or ports, or building the current release from

sources?"

http://www.mediawiki.org/wiki/MediaWiki

Building from source on this particular web app is pretty simplistic- so
I'd read the security updates in the "News" section of the site and
decide for yourself.


danno

Re: auto start mysql and snort OpenBSD 4.0

[Dan Farrell]

I found this from Google quite some time ago, and now run 3 snort/mysql
boxes on 3.9 and 4.0 with no probs-

http://www.nomoa.com/bsd/mysql.htm

Happy Hunting,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Daniel Ouellet
> Sent: Thursday, December 28, 2006 2:21 PM
> To: misc@openbsd.org
> Subject: Re: auto start mysql and snort OpenBSD 4.0
> 
> Edy wrote:
> > Hi
> >
> > I have googled and read on the man pages but something is missing
here.
> >
> > For example i have the following in my /etc/rc.local
> >
> > if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/safe_mysqld ]; then
> > echo -n  ' mysqld'; /usr/local/share/mysql/mysql.server start
> > fi
> >
> > if [ X"${snort}" == X"YES" -a -x /usr/local/bin/snort ]; then
> > echo -n ' snort';   /usr/local/bin/snort -D -d -i fxp0 -c
> > /etc/snort/snort.conf -u _snort -g _snort
> > fi
> >
> > and in my /etc/rc.conf.local
> > mysql=YES
> > snort=YES
> >
> > When the system rebooted, both processes are not started.
> >
> > If i were to execute example echo -n  ' mysqld';
> > /usr/local/share/mysql/mysql.server start from command line, mysql
> > started successfully.
> >
> > Any clue?
> 
> I don't know about snort, but as far as MySQL is concern, why don't
you
> do it right.
> 
> http://www.openbsdsupport.org/mysql.htm#/etc/rc.local
> 
> Then adjust it for your snort needs.
> 
> Best,
> 
> Daniel

Re: OT Was: Wanted: OpenBSD Systems Administrator

[Dan Farrell]

IMHO allowing employers to seek out OBSD admins for employment helps
further encourage OBSD use. Simply telling employers that they aren't
welcome fosters a negative attitude that, to me, doesn't encourage OBSD
use. But I could see the fine line of 'head-hunter poop' being crossed
way too easily, or this list becoming something of a want-ad list...
ugh.

So why can't there be a jobs@  or something similar? Is there a
philosophical reason it hasn't been in place already that I'm
overlooking? 

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Diana Eichert
> Sent: Wednesday, January 03, 2007 9:03 AM
> To: OpenBSD
> Subject: OT Was: Wanted: OpenBSD Systems Administrator
> 
> On Tue, 2 Jan 2007, Jack J. Woehr wrote:
> 
> > Tom Bombadil wrote:
> > > The just guy sent one single e-mail asking if a bsd user wanted a
job,
> > > which I bet many among us might be interested.
> >
> > I've certainly heard from consulting customers who got my info from
the
> > consultants page at OpenBSD ... It's hard to understand why one
can't
> > post a job req on misc ... there's a jobs@ list for apache.org and
it's
> > busy ... There's a fine line between job postings and headhunter
poop of
> > course ... Why should we chase away employers looking for experts in
our
> > slightly arcane and recondite OBSD environment?
> >
> > --
> > Jack J. Woehr
> > Director of Development
> > Absolute Performance, Inc.
> > [EMAIL PROTECTED]
> > 303-443-7000 ext. 527
> 
> See Jack ( see jack run, see jack talk ;) )
> 
> You make my point in your reply, apache.org has a jobs@ list as so do
> several other projects.  There's a reason.
> 
> As far as "slightly arcane and recondite" I disagree, I consider the
"OBSD
> environment" to be one of clarity and foresight.
> 
> In regards to "Tom Bombadil", when you stop using characters from
Tolkien
> to post I'll begin to listen.
> 
> g.day to y'all
> 
> diana

Re: OT Was: Wanted: OpenBSD Systems Administrator

[Dan Farrell]

Adam,

Allowing the infrequent 'non-poop' job offering without an insane thread
like this one is inadvertent encouragement, not tacit advocacy. It
supports a friendlier environment than, let's say, you would provide.

Heaven forbid this list ever become even slightly friendly, we just
might all spontaneously combust or something...

And even if a jobs@ list got 'one post every 3 years' is that a crime?
What's horrible about that? It certainly would've stopped this mostly
worthless conversation from ever starting, that's for sure.


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: Adam [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 03, 2007 1:40 PM
> To: Dan Farrell
> Cc: OpenBSD
> Subject: Re: OT Was: Wanted: OpenBSD Systems Administrator
> 
> Dan Farrell <[EMAIL PROTECTED]> wrote:
> 
> > IMHO allowing employers to seek out OBSD admins for employment helps
> > further encourage OBSD use.
> 
> misc@ is not for encouraging openbsd use, that's what advocacy@ is
for.
> 
> > So why can't there be a jobs@  or something similar? Is there a
> > philosophical reason it hasn't been in place already that I'm
> > overlooking?
> 
> For one post every 3 years?  Why can't job ads be posted on job ad
sites
> where they belong?
> 
> Adam

Re: OBSD: OS Of The Rad

[Dan Farrell]

'Hard to say'? That response means 'No, I didn't miss his point, I just
want to be a hard-ass and then not really address it.'

He praised the OpenBSD project and those responsible for it... because
it's worth praising.

Can't someone say something nice here without it being picked apart?


I will end on a nice note (call it "Leading by Example")... I agree
completely with Karl's comments... OpenBSD rocks.

Ducking,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Gabe
> Sent: Thursday, January 04, 2007 11:37 AM
> To: 'Der Engel'; misc@openbsd.org
> Subject: Re: OBSD: OS Of The Rad
> 
> Hard to say. His message had a few different themes in it.
> He spoke about his dedication to the binary machine arts, but then
> confessed
> to using an expensive machine as a "door stop"?
> 
> And, he praises the use he's gotten from OBSD and the list, but then
> jinxes
> it by questioning its direction and bringing up the issue of its
> lifecycle.
> 
> I just wanted to bring up the issue of idle time versus cpu time.
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > On Behalf Of Der Engel
> > Sent: Thursday, January 04, 2007 10:31 AM
> > To: misc@openbsd.org
> > Subject: Re: OBSD: OS Of The Rad
> >
> > Umnada,
> >
> > Did you get his point?
> >
> > On 1/4/07, Umnada Tyrolla <[EMAIL PROTECTED]> wrote:
> > > > I came here to compute, to help inanimate machines do so,
> > well. -this
> > > > list, more than any other resource (including my old favorite
> > > > google.com/bsd) got me where I was going.  The OS -how
> > long will it
> > > > last?  I hope forever.  But nothing lasts forever.  I do
> > have an old
> > > > host that's been up for 1,248 days without reboot, i'm
> > sure there are
> > > > those on this list with longer.
> > >
> > > First of all, not everyone likes to share how long, but
> > thanks. Secondly, I
> > > think it's not the duration of up-time but rather cpu usage
> > time which says
> > > what kind of machine you have.
> > >
> > > You know what I mean? CPU usage (on a user machine, not
> > some bragbox) says
> > > what kind of software and hardware stresses have been
> > going. I've got over
> > > 5,961,600 seconds of cpu usage on this machine. And it's not all
pf,
> > > spamassassin and mplayer. Not all.

snort bpf file problems

[Dan Farrell]

I'm running Snort 2.4.5 (the pkg) on OpenBSD 4.0 and I use a bpf filter
file to have Snort ignore certain hosts altogether.

The command I'm using is 'snort  -D -i dc1 -F bpfile'

When I have the single line of-

not host 192.168.1.69

Snort runs fine. But when I lengthen the bpf filter file to-

not host 192.168.1.69
and not host 10.1.1.1
and not host 4.2.2.2
... 60 more addresses ...
and not host 6.6.6.6

Snort chokes with the following error-

snort: FATAL ERROR: OpenPcap() setfilter: BIOCSETF: Invalid
argument

The BPF file I'm using is one I pulled from another snort installation I
have running on -gasp- Fedora (I mention this because it has no problems
parsing the same file.) Is there a way to have multiple entries in the
BPF file that I'm missing... am I using the wrong syntax (is there an
alternative to 'and not host' that I need to use)?


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

snort bpf file problems

[Dan Farrell]

I'm reposting this as its own new post because J.C. Roberts pointed out
how my laziness screws up threads... 


I'm running Snort 2.4.5 (the pkg) on OpenBSD 4.0 and I use a bpf filter
file to have Snort ignore certain hosts altogether.

The command I'm using is 'snort  -D -i dc1 -F bpfile'

When I have the single line of-

not host 192.168.1.69

Snort runs fine. But when I lengthen the bpf filter file to-

not host 192.168.1.69
and not host 10.1.1.1
and not host 4.2.2.2
... 60 more addresses ...
and not host 6.6.6.6

Snort chokes with the following error-

snort: FATAL ERROR: OpenPcap() setfilter: BIOCSETF: Invalid
argument

The BPF file I'm using is one I pulled from another snort installation I
have running on -gasp- Fedora (I mention this because it has no problems
parsing the same file.) Is there a way to have multiple entries in the
BPF file that I'm missing... am I using the wrong syntax (is there an
alternative to 'and not host' that I need to use)?


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: Merchandise idea: OpenBSD mug

[Dan Farrell]

If the project ever does market a mug, maybe it could say-

"OpenBSD. Free, Functional & Secure" on one side and 

"RTFM" on the other.

Lol, 

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Otto Moerbeek
> Sent: Friday, January 12, 2007 12:01 PM
> To: Martin Toft
> Cc: misc@openbsd.org
> Subject: Re: Merchandise idea: OpenBSD mug
> 
> On Fri, 12 Jan 2007, Martin Toft wrote:
> 
> > Hi,
> >
> > I think it would be awesome, if it was possible to buy an OpenBSD
mug
> > from the online ordering system at www.openbsd.org. I would
definitely
> > buy one together with the 4.1 cd-set.
> >
> > I imagine the mug with Cartoon Puffy on the one side and the OpenBSD
> > logo on the other side (see http://www.openbsd.org/art4.html if you
> > don't know what I'm babbling about). Of course, that's just how I
> > imagine the mug :)
> >
> > Yes, I know places like cafepress, thinkgeek, and spreadshirt.de,
and
> > please, you should only take this mail for what it is - a
merchandise
> > idea! I don't need people telling me to go to one of the other
places to
> > design my own mug.
> >
> > Regards,
> > Martin
> 
> Wow, nobody ever thought of that before  You could at leats have
> searcghed the archives to see if your idea is new.
> 
> Here's one post form a arther long thread.
> 
> http://archives.neohapsis.com/archives/openbsd/2002-10/1147.html
> 
>   -Otto

Re: Merchandise idea: OpenBSD mug

[Dan Farrell]

Wow, now that's an idea-- I'd happily drink Blanche de Chambly from an
OBSD pint glass any day.


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Greg Thomas
> Sent: Friday, January 12, 2007 1:21 PM
> To: OpenBSD
> Subject: Re: Merchandise idea: OpenBSD mug
> 
> On 1/12/07, Tom Beard <[EMAIL PROTECTED]> wrote:
> > Otto Moerbeek wrote:
> > > Wow, nobody ever thought of that before  You could at leats
have
> > > searcghed the archives to see if your idea is new.
> > That was over three years ago, surely there's nothing wrong with
> > bringing an old idea back up for reconsideration?
> >
> > Personally I think that a mug would be a good idea.  I can hardly
wear a
> > 'cute' t-shirt to work, but I can fill my OpenBSD mug with coffee
and
> > put it on my desk.
> >
> 
> Since this subject has been brought up again I think a mug is a great
> idea.  But I'm still holding out hope for an Official OpenBSD pint
> glass to drink my Stone Ruination IPA from.
> 
> Greg

Re: mysql + phpmyadmin

[Dan Farrell]

If you are running the phpmyadmin locally with the mysql server, and you
are using the socket, not tcp, as your connection to the db server, then


ps aux | grep mysql

should reveal a 

--socket=/path/to/socket

Then in the phpmyadmin config.inc.php file you would place the
following-

$cfg['Servers'][$i]['host']  = 'localhost'; 
$cfg['Servers'][$i]['port']  = '';  
$cfg['Servers'][$i]['socket']= '/path/to/socket';  
$cfg['Servers'][$i]['connect_type']  = 'socket';   
$cfg['Servers'][$i]['extension'] = 'mysql'; 
$cfg['Servers'][$i]['compress']  = FALSE;   

Keep in mind that if running phpmyadmin in a chrooted apache then it
will perceive the /var/www/ as the root of it's directory structure. In
one of my particular setups, I created '/var/www/var/run/mysql.sock' as
the place the mysql socket is created, and then the socket path (the
'/path/to/socket' shown above) according to phpmyadmin is
'/var/run/mysql.sock'.

Otherwise, if you are using tcp to establish the db connection instead
of the local socket (['connect_type'] = 'tcp';), then in the ['port']
section you would list '3306' (or whatever port you have it running on.)


Then of course you could try telnetting to localhost on 3306 to see if a
connection is established. You should get something similiar this-

# telnet localhost 3306
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
8
5.0.18-log2wxwm;~+X,X35Qv">UpS/1Connection closed by foreign host.

If you don't, then perhaps your local firewall or hosts.allow file isn't
properly configured to allow a connection from localhost itself (just a
guess.)

Hope this helps,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Jeroen Massar
> Sent: Tuesday, January 16, 2007 8:23 PM
> To: Der Engel
> Cc: misc@openbsd.org
> Subject: Re: mysql + phpmyadmin
> 
> Der Engel wrote:
> > Hi,
> >
> > Installed mysql+phpmyadmin on OBSD 4.0, when doing
> > http://host/phpMyAdmin/index.php i get the following error:
> >
> > #2002 - The server is not responding (or the local MySQL server's
> > socket is not correctly configured)
> >
> > I can connect remotely just fine using mysql query browser tool,
> > anyone have had this problem? any ideas on how to resolve it?  I
tried
> > #httpd -u but same error.
> 
> When using a socket device, check permissions of the MySQL socket and
> the path leading up to it. When using a network socket, check if you
can
> telnet into it.
> 
> Also note that Apache (you only mentioned httpd) might be in a chroot
or
> running as a different user than what you expect it to be.
> 
> and of course check firewall rules etc.
> 
> Greets,
>  Jeroen
> 
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]

Re: Using old thin clients as a BGP testbed

[Dan Farrell]

I'm in the same position as yourself and I've been in testing and
production with a set of old Compaq PII-450 workstations with 192 MB RAM
apiece... they run like a charm with four full tables, with plenty of
RAM left over. One of them actually died on me, and I've been lazy about
pulling out one of the other five identical models I have in storage to
replace it.

It took 10 minutes each to load OBSD on the two and another 40 minutes
putting the configuration together (that part's dependent on your OBGP,
CARP, and general BGP skills) and voila... nice little routeservers.


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Richard Wilson
> Sent: Wednesday, January 24, 2007 8:47 AM
> To: misc@openbsd.org
> Subject: Using old thin clients as a BGP testbed
> 
> I work for a small hosting company, and the boss says he wants to
start
> doing BGP for our upstream connection. This means I've got to learn
BGP.
> At least I've managed to persuade him to buy me an O'Reilly book :-)
> However, the other thing I demanded was a test network of some kind.
BGP
> is one of the few things where, if I get it wrong, I could mess up
other
> people's stuff as well as my own. He said fine, here's a few pennies
to
> do it with. Not nearly enough to buy even a couple of crap machines
off
> ebay.
> 
> Then, an idea occured to me. We have half a dozen old HP t5125[0] thin
> clients, which have been unused since we upgraded our desktops to
proper
> boxes. The plan: get half a dozen 512MB USB sticks, install 4.0 on
them,
> boot off them, and bing! One test network. They're only 400MHz
machines
> with 128MB of RAM, but I think they'll do for playing with routing,
BGP
> et al, given what you can acieve with a Soekris.
> 
> My questions: Am I on a hiding to nothing here? Am I missing anything
> obvious? I plan to use the vlan driver to pretend to have more than
one
> ethernet interface, with them all plugged in to a cheapo 8 port
switch.
> Am I right in thinking that the dumb switch will just pass vlan tagged
> packets through without poking them, or am I going to encounter
issues?
> 
> I don't mind poking at things and playing round till it works, but
given
> the possibility of vlans not working over dumb switches, I figured I'd
> ask if I was on a hiding to nothing before I started.
> 
> Also, if anyone has any suggestions or comments, I'm all ears :-)
> 
> 
> [0]
>
http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/12454-321959-89307-338927-
> 89307-472257.html
> --
> 
> Richard 'Dave' Wilson
> Systems Administrator
> 
> Senokian Solutions Ltd.
> Business Innovation Centre,
> Binley Business Park, Coventry,
> United Kingdom
> CV3 2TX
> T: +44 (0)24 76 233 400
> DDI: +44 (0)24 76 233 416
> F: +44 (0)24 76 233 401

Re: OpenBGPD in ISP-Planet's article

[Dan Farrell]

hehehe I just realized I'm the DF that posted that originally... I
thought that all sounded too familiar! LOL. So if you disagree with the
points in that post, you can aim directly at me. 

I've been mentioning OpenBGPD for awhile on the isp-wireless list, it's
nice to see the word getting out.


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Alexey Suslikov
> Sent: Wednesday, January 24, 2007 4:14 AM
> To: misc@openbsd.org
> Subject: OpenBGPD in ISP-Planet's article
> 
> >OpenBGPD/OpenBSD: Free OpenBSD-based EGP/IGP routing platform.
> >Solid, secure, free, and very scalable. Again, you're operating
without
> >vendor support. Non-standard of BGP functionality (modeled after PF).
> >Awesome integration with CARP and PF, makes for great firewalls,
routers
> >and route servers. If you are system administrator and appreciate
Unix,
> >you will fall in love with OpenBGPD. If you are a Linux admin, you
will
> be
> >surprised at the lack of learning curve involved. Community support
is
> >actually pretty good.
> 
> http://www.isp-planet.com/equipment/2007/routers_bol.html

Re: Dummy Interface In OpenBGPd

[Dan Farrell]

- You likely want to use the lo0 interface for this (although I suppose
lo1 will suffice, but lo0 is the 'standard' loopback address (don't beat
me up about my use of the word 'standard'))

- Stop using the term 'dummy' in reference to any interface. There is no
such thing. You are referring to the loopback interface, the interface
that doesn't actually bind to a particular physical network interface on
your box. Take a hint- Henning is getting annoyed with you... that can't
help you in any way.

- Using the loopback interface for peering sessions has been prescribed
by many for many years now because it allows EBGP sessions assigned to
it to persist even if one or more physical interfaces drops. However, in
reality, I have found that this is usually disastrous. You normally
don't want the peer session to outlast the production circuit the routes
are intended to traverse, or you risk receiving routes that lead to
nowhere, and that's always bad. The most common use I can think of for
proper use of loopback interfaces for BGP peering is for IBGP sessions,
not EBGP sessions. I'll ask what are you intending to use it for,
because your previous statements are not clear ("What i want to
accomplish and wanted to do is to be able to use such an interface when
all the NIC on my machines are alloted for BGP").

If someone else here has a different philosophy regarding BGP peers
configured on loopbacks, share it.

Ducking,

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Wednesday, February 07, 2007 5:54 PM
To: misc@openbsd.org
Subject: Re: Dummy Interface In OpenBGPd

The thing is, after I creatd /etc/hostname.lo1 as stated and I tring to
ping it from other devices
within that network, it is not reachable. I put network 10.83.66.128/32
in my /etc/bgpd.conf but
still I can only ping this interface from that host it is put in but not
from the other host.

Some hints? Should I manually add a route to it in the kernel routing
table?

> On Wed, Feb 07, 2007 at 12:07:56PM -, [EMAIL PROTECTED] wrote:
>> Does that categorically mean there is no way, as of the moment, in
>> openbgp to use a dummy interface just like in Quagga?
>>
>
> There are no dummy interfaces. If you like to use a loopback interface
> create one.
>
> # cat > /etc/hostname.lo1
> inet 10.83.66.128 255.255.255.255 NONE
> # sh /etc/netstart lo1
>
> That's it. You have a loopback address that can be used in bgpd.
>
> neighbor 10.83.66.164 {
>   remote-as 65123
>   local-address 10.83.66.128
> }
>
> I guess that's what you are looking for. bgpd does not realy care
about
> interfaces. Interfaces and their link state are only used to figure
out
> the availability of nexthops.
>
> Btw. for ospfd you can use "interface lo1" to reliably redistribute
the
> loopback address.
>
> --
> :wq Claudio
>
>> > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-02-07 12:31]:
>> >> As I read the openbgpd documentation, there is not a single point
wherein in the examples a
>> >> dummy
>> >> interface is being used. Is a dummy interface supported in
OpenBGP?
>> >
>> > -vvv :)
>> >
>> > from bgpd's perspective, an interface is an interface, mostly.
>> >
>> > --
>> > Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
>> > BS Web Services, http://bsws.de
>> > Full-Service ISP - Secure Hosting, Mail and DNS Services
>> > Dedicated Servers, Rootservers, Application Hosting - Hamburg &
Amsterdam

Re: Migrate to OpenBSD + OpenBGP

[Dan Farrell]

If you are new to OpenBSD and OpenBGP then I would-

a) setup a test box not in your production path
b) request your providers set up second peer sessions each, with each
'second session' going to the test box
c) get comfy with OpenBSD and OpenBGP with those two full tables from
your peers, just like you will in future production.

d) throw a second test box in the mix, migrate one of the 'second
sessions' to that box.
e) mess around with CARP on the inside connections of these boxes to
your LAN

The nice thing about this path is the flexibility and non-intrusion into
your current production network while you get over your own learning
curve.

One possibility on your topology- consider a front-end router to each
provider (can be whatever type) and then put your two OBGPD boxes behind
them in a CARP setup and have your providers multihop their sessions to
that CARP address... now you can have BGP redundancy! Then continue
CARPing on the back end... now you have no single point of failure (in
that part of the topology.)

We've been testing that very setup (and actually placing the two OBGPD
route servers in two separate locations connected by Metro Ethernet) and
it has worked in testing flawlessly. We actually let the edge routers
peer (via IBGP obviously) with the CARP BGP address for next hop
forwarding (some of our edge routers have more than one upstream
connection)... each edge router gets one table from one inside peer,
making it's configuration/maintenance much simpler. You just make the
BGP config changes on the OBGPD box, and you don't have to change
anything in the edge routers...

Anyone else doing this or something similar?

Danno

Danno.appliedi.net/drupal/

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Friday, March 02, 2007 3:16 AM
To: OpenBSD misc
Subject: Migrate to OpenBSD + OpenBGP

Hello to everyone in the list,
I run small ISP. Currently I use Debian + Quagga Box for my BGP
sessions.
It is a single box with tow full feeds (approximately 200K prefixes)
from tow ISPs and tow sessions from the same ISPs with local prefixes
(approximately 2,5K prefixes). The same box is doing traffic shaping,
firewall and so on for DMZ and clients. The clients are only connected
by Metro Ethernet links.
If I do not describe the current situation well please let me know, I
will give more details.
I plan to change this setup with OpenBSD + OpenBGP boxes, one for each
ISP with IBGP between them and third box for firewall and client
connections, possibly the third box would be duplicated by another box
with CARP. I am looking for the best redundancy I could get.
However I may be wrong in my plan...
As I am absolute beginner with OpenBSD I would be very happy for any
ideas, advises or practical examples.
Thank you very much,
Ivo

Re: taking over a LAN I didn't set up

[Dan Farrell]

Documentation will save you.

If you are unfamiliar with networking and you are moving, you are well
served to take some digital pics of the setup (specifically the back of
the boxes and which cables are going where) and take notes of them...
and label the cables (if they aren't already.) Draw a diagram of your
network.

The good thing about a LAN is that in most cases it is a relatively
simple thing... only a few elements at that. So relax, most of the
difficult parts of TCP/IP and networking aren't relevant to most LAN
users.

Jack is right, the FAQ is a great resource. It is very straight forward.
Don't merely feel free to consult it... actually use it.

You will likely post more questions here. Using the FAQ, searches of
prior posts, and Googling as references in your posts will greatly
improve your chances of receiving a respectful answer here... it's a
nice discipline builder.

Good luck. If you are truly determined to learn this, you will also
learn to enjoy it... it's fun.

Danno



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Jack J. Woehr
Sent: Monday, March 05, 2007 6:24 PM
To: mrs borhtej
Cc: misc@openbsd.org
Subject: Re: taking over a LAN I didn't set up

On Mar 5, 2007, at 2:52 PM, mrs borhtej wrote:

>
> Unfortunately, I didn't have him show me what's what while he was
> still
> able, and I have only used this OS as a desktop user. I CANNOT go
> back to
> Windows. He unplugged his mail and webservers before he passed
> away, and I
> need to know how in the world do I figure out what's what with this
> LAN?
>

1. Every basic thing you need to know about setting up and
maintaining an
OpenBSD-managed LAN is documented in the OpenBSD FAQ q.v.

2. The three basic things about a typical OpenBSD-managed LAN are:
a. IP setup of both the OpenBSD box and the LAN ('ifconfig'
etc.)
b. Packet filtering and Network Address Translation ('pf' etc.)
c. Name services ('bind').

Also, you might have DHCP in the mix to give other boxes on the LAN
their IP addresses as needed instead of allocating them permanently.

Read about those in the FAQ, compare to what you see in your setup,
make yourself a map of your LAN with all the boxes and their IP
addresses, and you can probably keep it running for some time to come!

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Router performance on OpenBSD and OpenBGPD

[Dan Farrell]

Yeah that's what I was thinking... you not only eliminate a single point
of failure, but you also split your pps throughput requirements in half.

Danno
Danno.appliedi.net/drupal/


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Martin Toft
Sent: Saturday, February 24, 2007 10:52 AM
To: misc@openbsd.org
Subject: Re: Router performance on OpenBSD and OpenBGPD

On Thu, Feb 22, 2007 at 01:03:30PM -0800, Karsten McMinn wrote:
> On 2/21/07, Alex Thurlow <[EMAIL PROTECTED]> wrote:
> > Oops, forgot that part.  At 325Mbps, we do about 60,000pps, so that
> > puts us at about 360,000pps needed for 2Gbps.
>
> You'll have a hard time finding benches for that. To date, the best
> reported is 150k pps which was on the intel E7520 chipset. That was
> using em drivers. You're safest best for the most performance possible
> would likely be using the intel 5000 chipset (i.e. SuperMicro X7DB*
> motherboards) coupled with SysKonnect SK-9S* line of network cards.
> Its probably a safe bet that you'll be capable of 200K pps, but beyond
> that is anyones guess.

Assuming correct choice of hardware can get you half way to the goal,
wouldn't it be an idea to buy two or more machines and use CARP
loadbalancing? Or isn't this possible when we are talking BGP?

Regards,
Martin

Re: No Blob without Puffy

[Dan Farrell]

I thought it was free as in beer, but because of the blobs, not
necessarily free as in you can do whatever you want with it...

Because what can you do with a blob? Are you allowed to use a blob
anywhere you want, in any situation? Are you allowed to crack open a
blob and use parts of its code to re-write your own software/drivers?
Are you even allowed to have documentation regarding a blob? These are
all defined by license restrictions... that restrict your freedom
concerning the use of the blob.

So IMHO "Free"BSD is only free to obtain... but not fully 'free' to use
in any way you want.

Please follow the simple formula-

License Restriction = Not Free.

You've been so involved in this discussion I thought you wouldn't need
this simplistic review... or maybe you're just trolling.


Danno


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Karel Kulhavy
Sent: Monday, March 19, 2007 10:27 AM
To: OpenBSD
Subject: Re: No Blob without Puffy

On Mon, Mar 19, 2007 at 11:35:14AM +0100, Henning Brauer wrote:
> * SW <[EMAIL PROTECTED]> [2007-03-19 03:21]:
> > Free as in FreeBSD
>
> ahh, I finally get it.
>
> dry like water
> hot like ice
> free like freebsd

FreeBSD is released under BSD licence and therefore is free software,
see
http://en.wikipedia.org/wiki/Free_software

CL<
>
> --
> Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg &
Amsterdam

Re: No Blob without Puffy

[Dan Farrell]

Yeah but what die is he rolling? I'm tired of rolling a six-sided die
against blobs and hobgoblins when all the level 23 developer-clerics are
using a 20-sided die... simply not fair!!!


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Marco Peereboom
Sent: Monday, March 19, 2007 11:00 AM
To: Jason George
Cc: misc@openbsd.org
Subject: Re: No Blob without Puffy

Not if he makes his saving throw!  I bet you he has a cloak of infinite
karma too.  So not hit-points lost!

On Mon, Mar 19, 2007 at 01:57:58AM +, Jason George wrote:
> >Hi,
> >
> >this is the conversation I had with Theo:
>
>
> You just made private emails public, almost certainly without the
permission
> of the other parties involved.
>
> Please deduct any and all karma points you thought you had.

Re: DNS, bind9, and other

[Dan Farrell]

Are you looking to make the DNS server a caching-only DNS server or are
you going to have be authoritative for a domain (or set of domains?) (If
you don't know the answer to this question then any 'examples' are going
to be lost on the ignorant... no offense, you should understand this
before delving further if you are truly going to take responsibility for
it.)

My guess is that you are looking for a simple caching-only DNS server...
but this page lists a variety of different examples with lots of
notation-

http://www.zytrax.com/books/dns/ch6/


Here's another from my Google query ;) -

http://www.isc.org/sw/bind/arm94/Bv9ARM.ch03.html   - from the
people that wrote the software, and the page that the openbsd named man
page is referring to. The rest of the manual is pretty nifty, too.


Next time, friend, please do your own Googling first,

danno



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of JOHN LUCKEY
Sent: Monday, March 19, 2007 10:34 AM
To: misc openBSD
Subject: DNS, bind9, and other

Anyone have or know of a good beginner's tutorial on how to
setup/configure a openBSD box to do DNS on a local network?
The more concrete/cookbook the examples, the better.

TIA
John

Re: No Blob without Puffy

[Dan Farrell]

Wikipedia's wrong?!?!?!?!?!?!

What about the term 'truthiness'? Don't tell me Wikipedia's wrong about
that, too?

;)

danno



ps-

2006-03-01
The Colbert Report, episode 58
Arianna Huffington challenges host Stephen Colbert on his claim that he
had coined the word "truthiness". She cited Wikipedia, claiming that he
had merely "popularized" the term.

Regarding her source, Colbert, in character, responded: "Fuck them."[2]


First non-news nationally-broadcast television program to cite Wikipedia
in a debate.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Timo Schoeler
Sent: Monday, March 19, 2007 12:17 PM
To: Karel Kulhavy
Cc: misc@openbsd.org
Subject: Re: No Blob without Puffy

In epistula a Karel Kulhavy <[EMAIL PROTECTED]> die horaque Mon, 19
Mar 2007 15:27:29 +0100:

> On Mon, Mar 19, 2007 at 11:35:14AM +0100, Henning Brauer wrote:
> > * SW <[EMAIL PROTECTED]> [2007-03-19 03:21]:
> > > Free as in FreeBSD
> >
> > ahh, I finally get it.
> >
> > dry like water
> > hot like ice
> > free like freebsd
>
> FreeBSD is released under BSD licence and therefore is free software,
> see http://en.wikipedia.org/wiki/Free_software
>
> CL<

ah, then Wikipedia's definition of 'free' is wrong.

The US is a democracy, isn't it? does the majority back the Iraq
invasion? :)

FreeBSD may be -- as GNU/Linux -- 'free as in beer', you can get it
(almost) for free (you have to pay your DSL line/electricity to
download it, or media and shipping, etc).

But try to brew your own beer -- then GNU/Linux and FreeBSD biogenetic
engineers will teach you what 'freedom' is.

SCNR

Re: No Blob without Puffy

[Dan Farrell]

I second that.

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of chefren
Sent: Monday, March 19, 2007 7:34 PM
To: misc@openbsd.org
Subject: Re: No Blob without Puffy

On 3/19/07 4:48 PM, Marco Peereboom wrote:
> You are so uninformed that it isn't even funny to pick on you.

Karel clocks on the wrong edge and is by far the worst educated
asocial asshole I have met on this list.

+++chefren

Re: Can OpenBSD do what BusyBox does?

[Dan Farrell]

I think that's the question... is OBSD compiled for the various common
linksys/netgear/etc. hardware architectures?


I believe the answer is no.

If I'm misunderstanding this completely please correct...


But it would be great if it did... wish I had the skills to do it.


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Nick !
Sent: Wednesday, March 21, 2007 8:40 AM
To: Sunnz; OpenBSD-Misc
Subject: Re: Can OpenBSD do what BusyBox does?

On 3/21/07, Sunnz <[EMAIL PROTECTED]> wrote:
> Their project page: http://www.busybox.net
>
> The interesting thing is that today I found out that my wireless
> router is actually running BusyBox, an OS based on the Linux kernel,
> and its firewall was actually the usual iptable found on many Linux
> desktops/servers.
>
> I doubt if OpenBSD can be replace it on the router... but if you has
> done so it be cool to know how you made it work.

OpenBSD is used for embedded systems all the time. The most common
platform is called the Soekris. You can get them from Wim:
http://www.kd85.com/

Many consumer routers these days run linux, but they have special
proprietary firmware-handling. Some have been figured out (e.g. that
Netgear WGRT-something) and people regularly hack on them. What do you
know about your router? If it has a firmware upgrade page you might be
able to create an OpenBSD image and load it. On the other hand, it
might not work like that at all and doing so could equally (actually,
more) likely brick the box.

-Nick

Re: Daylight savings fix with OpenNTPD

[Dan Farrell]

I'm using the EST timezone (as reported in 'date') and yet I'm still an
hour behind... much like you...

NTPD is running and syncing up with pool.ntp.org.

And in looking further Bob's right (as usual)... I'm not using the
correct timezone setting.

I had to change that to the 'correct' EST setting...

zic -I EST5EDT


Perhaps you need to do something similar? I got this from-

http://archives.neohapsis.com/archives/openbsd/2005-08/0756.html


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Bob Beck
Sent: Tuesday, March 20, 2007 3:44 PM
To: Bray Mailloux
Cc: misc@openbsd.org
Subject: Re: Daylight savings fix with OpenNTPD

* Bray Mailloux <[EMAIL PROTECTED]> [2007-03-20 13:33]:
> Have a patch been issued?

Yes. see the errata page

> It might just be the time servers, but date is
> reporting 11:04:31 when it is 12:05.

It aint the time servers they report in UCT.

Your timezone is wrong

-Bob

Re: Can OpenBSD do what BusyBox does?

[Dan Farrell]

Yep... but variety is good... Soekris gets good marks but they're not the only 
one that can run this--



http://www.axiomtek.com/products/ListProductType.asp?ptype1=5&ptype2=1





If there are other tested products that work well, it would be nice to see them 
listed in this thread...



danno



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sunnz

Sent: Wednesday, March 21, 2007 9:44 AM

To: Misc OpenBSD

Subject: Re: Can OpenBSD do what BusyBox does?



Thanks for the replies.



I guess I was a bit too excited when logging into my router (Open

Networks 624W) and checking out what it is running on and stuff.

(uname, arch, etc...) And find out it is BusyBox and is mips arch.



So BusyBox doesn't actually have a kernel, but a binary to be run on

the firmware on the router. I just thought if it is GPL then it means

they (Open Networks) must release the source for accessing the network

interface or whatever... ~_~



But yea, thanks for suggesting Soekris, it seems like a good

replacement for the blobed router I have now... so do kd85.com like...

sells boxes that already has OpenBSD installed? Some of the boards

have 3.3V PCI connector, so I can like plug a PCI Wifi card into it? I

want to set-up a wireless router since that's the thing I am trying to

replace.

Re: An introduction of sorts

[Dan Farrell]

Being prepared to be in the community is the best way to make the
entrance smoother...


The OpenBSD Community Preparedness Kit-

-Read the faq.
-Read undeadly.org
-Rtfm and Google prior to posting questions... show that you've done
your homework.
-Have thick skin


Any additions are welcome, provided they work, they're secure, and
they're truly free.


danno




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Bray Mailloux
Sent: Wednesday, March 21, 2007 12:15 PM
To: misc@openbsd.org
Subject: An introduction of sorts

The name's Bray. So far, I've been a windows technician for a little
under a year. My first computer was a Mac SE which resided in my mothers

room, it had a Shareware version of Carbon Copy and proved somewhat
entertaining.
The name OpenBSD has floated around my vernacular for some time, but
only in reference to types of operating systems or whenever someone
mentioned "open-source." To be Frank, (you can be Jim), I'm a new kid on

the block and would like to be introduced to the community in a formal
sense; which is why I'm writing this letter in hopes of become embedded
in the community as opposed to another face in the crowd.
Anyhow, its nice to meet you all and I would shake your hand but that
appears impossible as I cannot yet fax or email my hand.

Bray (\/).
[EMAIL PROTECTED]

Re: Microsoft gets the Most Secure Operating Systems award

[Dan Farrell]

On 3/23/07, Darren Spruell <[EMAIL PROTECTED]> wrote:
> On 3/23/07, chefren <[EMAIL PROTECTED]> wrote:
> > p.s. Maybe I was too harsh against Karel?
>
> Survey says:
>
> No.
>
> DS
>
>

> I agree :)
> Marius

I'll bottom post just this once to add to this list of agreement.

danno

Re: manual install mrtg

[Dan Farrell]

I wrote a really bare-bones installation guide for manual installation
of MRTG here...

http://danno.appliedi.net/drupal/?q=node/13

This is for a Virtual Private Server running Fedora Core2, but oddly
enough, I think the same steps apply.

If it doesn't work for you, complain in silence. If it does work for
you... wonderful!

Danno


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Monday, April 02, 2007 12:01 PM
To: misc@openbsd.org
Subject: manual install mrtg

guys you have some idea where could i get on how to manully install
mrtg?
except from google ;) coz i've been searching that already for several
days but i have no luck. i found that tutorial once at bsdvault but that
site is already not available.

Re: dmesg for Asus Striker Extreme Motherboard w/ unknown product

[Dan Farrell]

I'm just curious... why would you use such an expensive video card in an
OBSD system?


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Sam Fourman Jr.
Sent: Thursday, April 05, 2007 2:52 AM
To: OpenBSD-Misc
Subject: dmesg for Asus Striker Extreme Motherboard w/ unknown product

Hello misc@

here is a dmesg of my new system,

This post is to let the developers know about the unknown product (not
sure why it repeats so many times) I asume it is my Video Card

There is a single Nvidia 8800 GTS Video Card in this system

also on the Logitech G15 Keyboard keyboard the decimal key on the
Number pad does not work, it just  spits out escape charters instead.

Thank you again

Sam Fourman Jr.

OpenBSD 4.1-current (GENERIC.MP) #1248: Tue Mar 27 13:48:13 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
2.14 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST
,TM2,CX16,xTPR
real mem  = 2145939456 (2095644K)
avail mem = 1951256576 (1905524K)
using 4278 buffers containing 107421696 bytes (104904K) of memory
User Kernel Config
UKC> enable acpi
389 acpi0 enabled
UKC> quit
Continuing...
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 12/20/06, BIOS32 rev. 0 @
0xf1dd0, SMBIOS rev. 2.4 @ 0xf (77 entries)
bios0: ASUSTeK Computer INC. StrikerExtreme
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xd8b4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd760/336 (19 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 19 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 7 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #8 is the last bus
bios0: ROM list: 0xc/0xc400 0xd/0x4000!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP HPET MCFG APIC
acpitimer at acpi0 not configured
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 267 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz ("GenuineIntel" 686-class)
2.14 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST
,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (HUB0)
acpibtn at acpi0 not configured
acpitz at acpi0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor "NVIDIA", unknown product 0x03a1
rev 0xa2
vendor "NVIDIA", unknown product 0x03ac (class memory subclass RAM,
rev 0xa1) at pci0 dev 0 function 1 not configured
vendor "NVIDIA", unknown product 0x03aa (class memory subclass RAM,
rev 0xa1) at pci0 dev 0 function 2 not configured
vendor "NVIDIA", unknown product 0x03a9 (class memory subclass RAM,
rev 0xa1) at pci0 dev 0 function 3 not configured
vendor "NVIDIA", unknown product 0x03ab (class memory subclass RAM,
rev 0xa1) at pci0 dev 0 function 4 not configured
vendor "NVIDIA", unknown product 0x03a8 (class memory subclass RAM,
rev 0xa2) at pci0 dev 0 function 5 not configured
vendor "NVIDIA", unknown product 0x03b5 (class memory subclass RAM,
rev 0xa1) at pci0 dev 0 function 6 not configured
vendor "NVIDIA", unknown product 0x03b4 (class memory subclass RAM,
rev 0xa1) at pci0 dev 0 function 7 not configured
vendor "NVIDIA", unknown product 0x03ad (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 0 not configured
vendor "NVIDIA", unknown product 0x03ae (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 1 not configured
vendor "NVIDIA", unknown product 0x03af (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 2 not configured
vendor "NVIDIA", unknown product 0x03b0 (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 3 not configured
vendor "NVIDIA", unknown product 0x03b1 (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 4 not configured
vendor "NVIDIA", unknown product 0x03b2 (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 5 not configured
vendor "NVIDIA", unknown product 0x03b3 (class memory subclass RAM,
rev 0xa1) at pci0 dev 1 function 6 not configured
vendor "NVIDIA", unknown product 0x03b6 (class memory subclass RAM,
rev 0xa1) at pci0 dev 2 function 0 not configured
vendor "NVIDIA", unknown product 0x03bc (class memory subclass RAM,
rev 0xa1) at pci0 dev 2 function 1 not configured
vendor "NVIDIA", unknown product 0x03ba (class memory subclass RAM,
rev 0xa1) at pci0 dev 2 function 2 not configured
ppb0 at pci0 dev 3 function 0 vendor "NVIDIA", un

Re: bcw(4) is gone

[Dan Farrell]

I read the whole thread at gmane and I'm disgusted that a Linux
developer would turn on a BSD developer like that, but I'm not
surprised.

Theo makes the point that Buesch and Co. are treating Marcus like a
thief. They all deny it (claiming they want to help Marcus and the
situation), but then they show their true colors when Buesch himself
says-

"The way OpenBSD folks used our code was a complete lack of respect
for us. Fullstop."


That clearly exposes that Buesch thinks Marcus didn't make a 'mistake',
but did something on purpose... like a --thief--.


Buesch cc'd a large part of the community on his initial email, which
itself was rude. Why?

Because Buesch clearly thinks he and his driver are more important than
treating Marcus like a human being, and the chance to look important via
controversy just couldn't be resisted. This is Buesch's big moment! His
15 minutes of fame! And unfortunately, it worked.


That, to me, means Buesch is an asshole. He made more of a name for
himself in this bullshit fight then he would've for just being the
author of the GPL driver. He did it at the expense of Marcus, he did it
on purpose, and that is wrong. Plain and simple. 'Fullstop'.

Anyone that tries to handle an issue like Buesch has handled this one is
just trying to ham it up in the public spotlight. Theo rightly came to
Marcus' defense because that's Theo's job. Theo gains nothing from this
except the understanding amongst OBSD devs that anyone that develops for
OBSD won't be left in the cold when this shit happens. Kudos to you,
Theo.


danno

Re: bcw(4) is gone

[Dan Farrell]

I see the issue simply as a disingenuous effort by a Linux dev to shame
and OBSD dev for the purposes of self-promotion. And shamefully, and at
the expense of Marcus, it worked.

Marcus can't really go after Buesch the way a corporation could (and
would), and knowing this, Buesch seized the opportunity and ran it up
the flagpole.


'Inhuman' is not an outrageous term for him; unless, of course, it is
considered 'human' to take advantage of a situation the way Buesch did.
I


Danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Douglas Allan Tutty
Sent: Friday, April 06, 2007 12:15 PM
To: misc@openbsd.org
Subject: Re: bcw(4) is gone

On Fri, Apr 06, 2007 at 09:46:28AM -0500, Marco Peereboom wrote:

> What you people seem to miss in the whole discussion here is that
Linux
> people contact vendors IN PRIVATE if they find GPL violations yet a
> valuable member of the open source community does not get the same
> courtesy.  Only bad things happen when one looks at Linux code.  This
is
> yet another example of it.  This also underscores once more that Linux
> as a community is dead.
>

This should have been handled in private in a respectful manner.  The
two parties could have quickly released an agreed statement of facts
that left the public clear that a mistake had been made in uploading
something to the cvs under the wrong licence.  My guess (I'm no lawyer)
is that if the GPL people started out with a public accusation like this
towards a corporation, then they would be facing a slander and lible
suit.

L2 frame crc errors

[Dan Farrell]

Hello,



I'm looking for a way to view L2 frame CRC errors on an interface. I've
scoured netstat, but found nothing (from what I've seen it's all Layer 3
anyway).



I googled and came up rather empty ("FCS error openBSD", "ethernet frame
CRC errors openbsd", etc.) .



The purpose for this is to deduce duplex-mismatch problems on Fast
Ethernet interfaces where you only have visibility/control over one side
of the Ethernet connection.



If there is no way to specifically view counters like this are there
other counters (or a combination of counters) I can look to that would
definitively show a duplex-mismatch situation (as in no false-positives)
? I know there are error counters in "netstat -i" but are those always
going to mean there is a duplex mismatch problem (it just seems there's
a lack of detail there so those errors could result from a variety of
issues)? Is there anything to be gleaned from a "netstat -s" to show
this also?



I appreciate any suggestions,





Dan Farrell

Applied Innovations Corp.

[EMAIL PROTECTED]

how to view Ethernet frame CRC errors

[Dan Farrell]

Hello,

I'm looking for a way to view L2 frame CRC errors on an interface. I've
scoured netstat, but found nothing (from what I've known of it it's all
Layer 3 anyway).

I googled and came up rather empty ("FCS error openBSD", "ethernet frame
CRC errors openbsd", etc.) .

The purpose for this is to deduce duplex-mismatch problems on Fast
Ethernet interfaces where you only have visibility/control over one side
of the Ethernet connection.

If there is no way to specifically view counters like this are there
other counters (or a combination of counters) I can look to that would
definitively show a duplex-mismatch situation (as in no false-positives)
? I know there are error counters in "netstat -i" but are those always
going to mean there is a duplex mismatch problem (it just seems there's
a lack of detail there so those errors could result from a variety of
issues)? Is there anything to be gleaned from a "netstat -s" to show
this also?


I appreciate any suggestions,


Dan Farrell
Applied Innovations Corp.
[EMAIL PROTECTED]

Re: Serial Port Network

[Dan Farrell]

I agree with Marcus's comments... unless there's some reason you haven't
mentioned yet that's preventing you, you should likely get some 10Mbps
nic's.

The file xfer rate for anything of 'today's size' would take forever
over the serial connection... but remote management via the serial
connection would be fine (via tip)... especially if the boxes aren't
right next to each other to swap the kvm.


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Marcus Watts
Sent: Tuesday, April 10, 2007 1:19 AM
To: Don Smith
Cc: misc@openbsd.org
Subject: Re: Serial Port Network

Don Smith <[EMAIL PROTECTED]> writes:
> I have 2 older desktop computers (old Pentium 1 processors), ...

slip or ppp.  You won't be doing much file sharing this way though,
unless you're *very* patient.

usb doesn't do peer<->peer networking, so I don't see what
good that does you.

You'd be *much* better off buying a brace of ethernet cards.
ISA <-> 10 megabits cards should be nearly free.  You'll also
have to score some thin-net cable and terminators.  Alternatively,
you can get twisted pair cards.  If you have PCI bus machines you
can do better, but that probably postdates your machines.

You probably don't need a console except for maintenance.
You can just swap monitors for that.  You could set up a serial
console & tip, but it's not worth it unless you have some other
reason you want it.  You probably don't want to run ppp on your
console port.

-Marcus

Re: how to view Ethernet frame CRC errors

[Dan Farrell]

Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
interface?

Thanks,

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dan Farrell
Sent: Monday, April 09, 2007 11:02 AM
To: misc@openbsd.org
Subject: how to view Ethernet frame CRC errors

Hello,

I'm looking for a way to view L2 frame CRC errors on an interface. I've
scoured netstat, but found nothing (from what I've known of it it's all
Layer 3 anyway).

I googled and came up rather empty ("FCS error openBSD", "ethernet frame
CRC errors openbsd", etc.) .

The purpose for this is to deduce duplex-mismatch problems on Fast
Ethernet interfaces where you only have visibility/control over one side
of the Ethernet connection.

If there is no way to specifically view counters like this are there
other counters (or a combination of counters) I can look to that would
definitively show a duplex-mismatch situation (as in no false-positives)
? I know there are error counters in "netstat -i" but are those always
going to mean there is a duplex mismatch problem (it just seems there's
a lack of detail there so those errors could result from a variety of
issues)? Is there anything to be gleaned from a "netstat -s" to show
this also?


I appreciate any suggestions,


Dan Farrell
Applied Innovations Corp.
[EMAIL PROTECTED]

Re: how to view Ethernet frame CRC errors

[Dan Farrell]

If I'm not mistaken ethtool is not written for OBSD.

danno

-Original Message-
From: Alex Thurlow [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 10, 2007 11:59 AM
To: Dan Farrell
Cc: misc@openbsd.org
Subject: Re: how to view Ethernet frame CRC errors

I haven't used it on OpenBSD, but on linux, ethtool can give you a good
bit of information on an ethernet connection.

    -Alex

Dan Farrell wrote:
> Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
> interface?
>
> Thanks,
>
> danno
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Dan Farrell
> Sent: Monday, April 09, 2007 11:02 AM
> To: misc@openbsd.org
> Subject: how to view Ethernet frame CRC errors
>
> Hello,
>
> I'm looking for a way to view L2 frame CRC errors on an interface.
I've
> scoured netstat, but found nothing (from what I've known of it it's
all
> Layer 3 anyway).
>
> I googled and came up rather empty ("FCS error openBSD", "ethernet
frame
> CRC errors openbsd", etc.) .
>
> The purpose for this is to deduce duplex-mismatch problems on Fast
> Ethernet interfaces where you only have visibility/control over one
side
> of the Ethernet connection.
>
> If there is no way to specifically view counters like this are there
> other counters (or a combination of counters) I can look to that would
> definitively show a duplex-mismatch situation (as in no
false-positives)
> ? I know there are error counters in "netstat -i" but are those always
> going to mean there is a duplex mismatch problem (it just seems
there's
> a lack of detail there so those errors could result from a variety of
> issues)? Is there anything to be gleaned from a "netstat -s" to show
> this also?
>
>
> I appreciate any suggestions,
>
>
> Dan Farrell
> Applied Innovations Corp.
> [EMAIL PROTECTED]

Re: how to view Ethernet frame CRC errors

[Dan Farrell]

Thank-you very much!

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Claudio Jeker
Sent: Tuesday, April 10, 2007 12:32 PM
To: misc@openbsd.org
Subject: Re: how to view Ethernet frame CRC errors

On Tue, Apr 10, 2007 at 11:39:18AM -0400, Dan Farrell wrote:
> Another shot--- Anyone know how to see L2 CRC errors on an Ethernet
> interface?
>

The best thing you get is Ierrs and Colls from netstat -i output. This
should include the CRC errors. OpenBSD does not account L2 CRC errors in
a
seprarate counter -- on some cards it is hard to get that info.

Almost all Ierrs are HW related (DMA errors, CRC errors, short frames,
oversized frames, jadda jadda jadda).
For duplex missmatch issues the input error counter and the collision
counter are good indicators.
--
:wq Claudio


> Thanks,
>
> danno
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Dan Farrell
> Sent: Monday, April 09, 2007 11:02 AM
> To: misc@openbsd.org
> Subject: how to view Ethernet frame CRC errors
>
> Hello,
>
> I'm looking for a way to view L2 frame CRC errors on an interface.
I've
> scoured netstat, but found nothing (from what I've known of it it's
all
> Layer 3 anyway).
>
> I googled and came up rather empty ("FCS error openBSD", "ethernet
frame
> CRC errors openbsd", etc.) .
>
> The purpose for this is to deduce duplex-mismatch problems on Fast
> Ethernet interfaces where you only have visibility/control over one
side
> of the Ethernet connection.
>
> If there is no way to specifically view counters like this are there
> other counters (or a combination of counters) I can look to that would
> definitively show a duplex-mismatch situation (as in no
false-positives)
> ? I know there are error counters in "netstat -i" but are those always
> going to mean there is a duplex mismatch problem (it just seems
there's
> a lack of detail there so those errors could result from a variety of
> issues)? Is there anything to be gleaned from a "netstat -s" to show
> this also?
>
>
> I appreciate any suggestions,
>
>
> Dan Farrell
> Applied Innovations Corp.
> [EMAIL PROTECTED]

Re: Why Linus Torvalds won't donate to OpenSSH

[Dan Farrell]

Seriously... this is a troll.

This is like electronic insurgency designed to get OBSD supporters in
another huff with the Linux world... hasn't bcw(4) provided enough for
that purpose?

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Martin
Sent: Wednesday, April 11, 2007 8:44 AM
To: Kernel Monkey
Cc: Damien Miller; misc@openbsd.org
Subject: Re: Why Linus Torvalds won't donate to OpenSSH

On Wednesday 11 April 2007 03:06, Kernel Monkey wrote:
> On 4/10/07, Damien Miller  wrote:
> > Two points:
> >
> > 1. Please don't post private email. (Apologies if you obtained his
> >   permission to post).
> >
> > 2. Who really cares? I'd much rather see contibutions from companies
who
> >   ship OpenSSH in their products and list "SSH support" as a feature
on
> >   their glossy brochures than shaking down other free software
> > developers.
> >
> > -d
>
> No, not my email. I saw it posted on another site. Sorry.


Well stop lying (and trolling) then !!!

You said:-

I recently wrote Linus Torvalds asking why I don't see his name listed
on the OpenBSD donations page (http://www.openbsd.org/donations.html),
since I figured he uses OpenSSH.

This was the reply I got back:

> From: Linus Torvalds <[EMAIL PROTECTED]>
> Tue, 10 Apr 2007 14:29:56 -0700 (PDT)
>
> I suspect that OpenSSH would get more funding if it was directed
directly
> to OpenSSH, and not OpenBSD, which almost nobody is interested in.
>
> As it is, how much of any money actually goes to OpenSSH development,
> rather than everything else?
>
>Linus


I thought the reply was funny.

Re: scp problem with remote filename escaping

[Dan Farrell]

Wow.

Seriously, I think the real 'bug' is your file naming conventions.

Who would anyone specifically want to name a file with a space in it...
and if breaks on scp, where else will that screwy naming convention
break as well?

I'm sure you'll give some really good reason why the files have to be
named that way...


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Karel Kulhavy
Sent: Wednesday, April 11, 2007 3:47 PM
To: OpenBSD
Subject: scp problem with remote filename escaping
Sounds like a bug to me - the escaping for the remote shell is not being
done
correctly?

Re: undeadly.org down?

[Dan Farrell]

Agreed. I tested the nameservers responsible for hosting that domain as
well at the time of the 'outage' and they responded just fine.

Jason's right, please research your responses before posting to avoid
misinformation.


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Jason Dixon
Sent: Thursday, April 12, 2007 7:18 AM
To: Christophe Lucas
Cc: OpenBSD Misc
Subject: Re: undeadly.org down?

On Apr 12, 2007, at 4:44 AM, Christophe Lucas wrote:

> jared r r spiegel ([EMAIL PROTECTED]) wrote:
>> On Wed, Apr 11, 2007 at 11:48:04PM -0400, Jason Dixon wrote:
>>>
>>> Unfortunately, it's the middle of the night
>>> where he's at, probably dreaming of anything but missing NS
>>> records.  :)
>>
>>   needs more benzedrine :(
>
> Hi guys,
>
> INSOMNIA.BENZEDRINE.CX is down. The problem is here.

Wrong.  I tested insomnia numerous times and it resolved fine.  I got
a response from Daniel that confirms what I reported.  It was a
registration issue and has already been fixed.

P.S.  People, quit spreading misinformation.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: scp problem with remote filename escaping

[Dan Farrell]

>Bug is when behaviour is different from documentation. What is the
behaviour
>and what is the documentation in the case of "my file naming
conventions"?

Wait, so every time documentation is inaccurate or incomplete or simply
not to your liking, you're going to call it a bug (of the application no
less!)? Talk about crying wolf.


danno

Re: Routerboards (was: Re: Routerboard 532 Bounty)

[Dan Farrell]

Look up Axiomtek, they've been good to us. We've used their Via C7
platform on some PFSense firewalls.

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Bret Lambert
Sent: Thursday, April 12, 2007 10:44 AM
To: [EMAIL PROTECTED]
Subject: Routerboards (was: Re: Routerboard 532 Bounty)

On Wed, 2007-04-11 at 12:15 -0600, Chris Kuethe wrote:
> I sent a couple of emails - "hey, this sounds like a nice plan, tell
> me more" - and never heard back one way or the other. *shrug* I have a

That's unfortunate; they looked like neat little boxes.

My curiosity was piqued, and I started looking around, and found
embeddedplanet.com, but that seems to be aimed more at commercial system
developers than end-users.

So, a question to the list: besides soekris and WRAP boards (and the
specific board that began the thread), what tiny, non-PC machines are
out there and useful?

I know that this is straying somewhat off-topic (as it's not
OpenBSD-scpecific), but, by god, now I have a burning need to know.

TIA

- Bert

Re: scp problem with remote filename escaping

[Dan Farrell]

A bug of what though? He, in fact, did say it was a bug of the
application, but because he felt the documentation was incomplete.

" All the more without an encoding which depends on where the file
actually lies.
Sounds like a bug to me - the escaping for the remote shell is not being
done correctly?"

He's not referring to the documentation as the bug, but rather the
application itself, but he derived that from his problem with the
documentation.

If the bug is in the documentation, fine... but address it as such, not
as an accusation of the application itself (which others have
subsequently proven works correctly for what he was attempting to
achieve.)

I'm done splitting hairs,

danno


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Matthew R. Dempsky
Sent: Thursday, April 12, 2007 11:59 AM
To: OpenBSD
Subject: Re: scp problem with remote filename escaping

On Thu, Apr 12, 2007 at 10:44:52AM -0400, Dan Farrell wrote:
> Wait, so every time documentation is inaccurate or incomplete or
simply
> not to your liking, you're going to call it a bug

``incorrect documentation is a bug''
 --http://www.openbsd.org/papers/opencon06-culture.pdf

> (of the application no less!)?

He never said it was the application's fault, just that `file1',
`file2', ... are shell expanded by the remote host, but the
documentation does not point this out.

How about something like below?  (I don't love the wording, but
hopefully it's a start.)

Index: scp.1
===
RCS file: /cvs/src/usr.bin/ssh/scp.1,v
retrieving revision 1.40
diff -u -r1.40 scp.1
--- scp.1   18 Jul 2006 07:56:28 -  1.40
+++ scp.1   12 Apr 2007 15:47:32 -
@@ -58,6 +58,8 @@
 .Pp
 Any file name may contain a host and user specification to indicate
 that the file is to be copied to/from that host.
+The file name component of such an argument is also passed
+to the specified host's login shell for expansion and splitting.
 Copies between two remote hosts are permitted.
 .Pp
 The options are as follows:

Re: a question kinda pff topic

[Dan Farrell]

Before committing to wood, have a look at this implementation... it's
cheap.

http://www.engadget.com/2006/04/11/how-to-rackmount-your-gear-for-cheap/

danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dave
Sent: Thursday, April 12, 2007 11:38 AM
To: [EMAIL PROTECTED]
Subject: a question kinda pff topic

I have a question not about the software but where you put your network
stuff
has any one built there own rack out of wood I am looking at building my
own.

Re: a question kinda pff topic

[Dan Farrell]

http://cgi.ebay.com/StarTech-com-DuraRak-42U-42-Enclosed-Rack-RK4242BK_W
0QQitemZ220101704596QQihZ012QQcategoryZ20316QQrdZ1QQcmdZViewItem


danno


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Jonathan A. Lindsey
Sent: Thursday, April 12, 2007 3:47 PM
To: Dave
Cc: [EMAIL PROTECTED]
Subject: Re: a question kinda pff topic

I'd just go buy one locally off the inet.  If you use a wooden box, with

wooden rails; please excuse my ignorance; it would be easy to damage the

wooden rails with screws and what not, if you end up taking things in
and out of your rack.  If you use metal rails then your going to end up
paying over 100 bucks which you can go on ebay and get a cabinet 42U for

locally.
-Jonathan

Dave wrote:
> I have a question not about the software but where you put your
network stuff
> has any one built there own rack out of wood I am looking at building
my own.

Re: radeon driver in -current Xorg 7.2?

[Dan Farrell]

So the word is that -generic- won't support 3d because it doesn't have
DRM, but you could always have an OpenBSD kernel with DRM compiled in?
Just want to be sure.

And I thought, Ted, that you had been working on DRM for OpenBSD, but I
couldn't find much about it. Do I have my facts straight?


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Ted Unangst
Sent: Tuesday, April 24, 2007 12:08 AM
To: Matthew Szudzik
Cc: misc@openbsd.org
Subject: Re: radeon driver in -current Xorg 7.2?

On 4/23/07, Matthew Szudzik <[EMAIL PROTECTED]> wrote:
> > Those man pages are from X.org.  X.org supports 3d acceleration on
> > some (older) graphics cards but only 2d on some (newer) others.
> >
> > OpenBSD does not support 3d acceleration on any cards.
>
> Shouldn't this be considered a documentation bug?  Even though the man
> page
>
>  http://www.openbsd.org/cgi-bin/man.cgi?query=radeon
>
> is written by X.org, one might argue that changes to the man page
should
> be part of the process of porting X to OpenBSD.

the radeon driver does support 3d.  if you have a kernel with drm, it
will try to use it.

Re: ospfd and new interfaces

[Dan Farrell]

OpenOSPFD 4.1:

* Reload support added. It is no longer needed to restart ospfd
after a configuration change.


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Paul Civati
Sent: Tuesday, May 01, 2007 1:54 PM
To: misc@openbsd.org
Subject: ospfd and new interfaces

With ospfd running I create new vlan and carp interfaces and assign
IP addresses.

Currently, unless I restart ospfd these are not picked up.

(This is on 4.0 release).

My requirement is for a scripted/automated set-up to create new
interfaces as required, obviously it would be much nicer not to
have to completely restart ospfd when I do this.

Is it feasible that ospfd could be made to pick up these new
interfaces dynamically, or be able to signal one of the
processes to look for interface changes?

-Paul-

Linux and Novell article in Linux Journal

[Dan Farrell]

At the link below from the Linux Journal, Glyn Moody states that the
GNU/Linux Community should wish Novell well, as it may be the first
domino to fall. In the comments section I mentioned there's a least one
project that has nothing to fear ;)  ...

http://www.linuxjournal.com/node/1000232#comment-250697


Gotta get the word out,


Dan Farrell
Applied Innovations Corp.
[EMAIL PROTECTED]

Re: Kuro5hin: OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD

[Dan Farrell]

It's funny you mention that the 'author' shat himself considering
another blog he contributes to--

http://thepooblog.blogspot.com/


Apparently he's full of shit on many fronts...



danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Monday, August 06, 2007 3:02 AM
To: J.C. Roberts
Cc: chefren; misc@openbsd.org
Subject: Re: Kuro5hin: OpenBSD Founder Theo deRaadt Has Conflict of
Interest With AMD

"J.C. Roberts" <[EMAIL PROTECTED]> writes:

> At the moment, the blogspot page reads:
>
>   SUNDAY, AUGUST 05, 2007
>   I have removed the most recent entry to this weblog on account
of
>   outrageous remarks made by Theo deRaadt in response to it and
also
>   due to a legal threat from AMD. Thank you for your attention.

So AMD rattled their sabers and the troll shat itself. Well, at least
that's possibly over then.  I just don't get what it is makes some
people do stupid stuff like this.

Ow hell, nevermind. There's a fresh snapshot to be taken in :)

- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Max 2 ISP bandwith with OpenBSD 3.9

[Dan Farrell]

What do you mean... 'How to Max Bandwidth for Both isp' ?


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of sonjaya
Sent: Monday, June 05, 2006 8:07 AM
To: misc@openbsd.org
Subject: Max 2 ISP bandwith with OpenBSD 3.9

Dear all

 I have 2 connection ISP ( let's say ISP-A and ISP-B ).
 My Question :
 How to Max Bandwith for Both isp , may be :
 - Redudant ( for proxy server )
 - Fail over  ( for GateWay and MX server )
 - Load Balancing ( For Web Server and Mail server )

Of course all using OpenBSD 3.9 and i don't have ASN number n BGP only
IP .



-sonjaya-

Re: ip address ?

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Chris 'Xenon' Hanson
> Sent: Thursday, June 08, 2006 4:28 PM
> To: misc
> Subject: Re: ip address ?
> 
> Joachim Schipper wrote:
> >> my openbsd machine is conected to a windows machine. the windows
> machine has
> >> a wireless connection and gets its ip using dhcp. the openbsd
machine
> gets
> >> its ip from the windows machine also by using dhcp on boot.
> >>
> >> is there a way to automatically retrieve the ip address of the
windows
> >> machine and set up DISPLAY variable in the login script on openbsd
> machine?
> >> also, how to handle ip renewals?
> 
>I wonder if you could misuse traceroute to do this somehow?
Traceroute
> to a known
> "outside" host that you know will have to traverse the Windows
gateway,
> with a low
> max-hops value, and then parse the output of traceroute to see what
the
> n'th hop was.
> 
> --
>   Chris 'Xenon' Hanson | Xenon @ 3D Nature |
http://www.3DNature.com/
>   "I set the wheels in motion, turn up all the machines, activate the
> programs,
>and run behind the scenes. I set the clouds in motion, turn up
light
> and sound,
>activate the window, and watch the world go 'round." -Prime Mover,
> Rush.


Or a twist I use when connecting locally to machines whose IP address I
don't know-- assign a dummy address to the MAC (which never changes)
then connect to that address.

Not sure how practical a solution that would be for you, but then
perhaps connecting to the FQDN of the windows box, as opposed to the IP
address, and let DNS figure out what that address is... maybe that would
work? Or am I missing something?

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: named on udp ports only

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Constantine A. Murenin
> Sent: Tuesday, June 20, 2006 11:44 AM
> To: Gilles Chehade
> Cc: misc@openbsd.org
> Subject: Re: named on udp ports only
> 
> On 20/06/06, Gilles Chehade <[EMAIL PROTECTED]> wrote:
> > On Tue, 20 Jun 2006 16:28:28 +0100
> > "Constantine A. Murenin" <[EMAIL PROTECTED]> wrote:
> >
> > > On 20/06/06, Gilles Chehade <[EMAIL PROTECTED]> wrote:
> > > > On Tue, 20 Jun 2006 16:07:25 +0100
> > > > "Constantine A. Murenin" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > I'm running an sshd on port 53 (domain) as there is some
> > > > > convenient wireless hot-spot that allows for both udp and tcp
> > > > > connection on this port without any authentication. :)
> > > > >
> > > > > (Yes, there is not even a need for NSTX!)
> > > > >
> > > > > How do I tell my named(8) to only listen on udp ports, and
leave
> > > > > tcp ports for sshd(8)? Is this at all possible with named.conf
> > > > > alone? I've glanced through named.conf(5), but didn't find the
> > > > > desired option there...
> > > > >
> > > > > Thanks,
> > > > > Constantine.
> > > > >
> > > >
> > > > can't you just use PF to redirect ?
> > >
> > > I was thinking about that, but I wanted to make it more "proper".
:)
> > >
> >
> > well, you are trying to do something quite disgusting, pf is
probably
> > the most elegant way to do that ;)
> 
> The machine in question doesn't run pf, and the DSL router that it is
> connected to doesn't have the option to change ports... :(
> 
> So I'd like to settle this with named alone. :)
> 
> Thanks,
> Constantine.


Correct me if I'm wrong (and I usually am) but I thought DNS (and named
specifically) only used tcp connections for zone transfers. 

If you only allow resolution and not zone transfers, named should only
communicate via UDP... no need for nasty pf work.



Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: Nagios and Apache

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Spruell, Darren-Perot
> Sent: Friday, June 23, 2006 3:22 PM
> To: Misc OpenBSD
> Subject: Re: Nagios and Apache
> 
> From: [EMAIL PROTECTED]
> > I've installed and configured nagios, and I can open the start page
> > with no problems. But I don't have access to the links that monitor
> > services, such as Tatical Overview. At apache log I have the
following
> > error messages:
> >
> > [Fri Jun 23 15:42:51 2006] [error] (13)Permission denied: exec of
> > /cgi-bin/nagios/tac.cgi failed
> > [Fri Jun 23 15:42:51 2006] [error] [client 127.0.0.1] Premature end
of
> > script headers: /cgi-bin/nagios/tac.cgi
> >
> > My httpd.conf is how it follows:
> >
> > ScriptAlias /cgi-bin/nagios "/var/www/cgi-bin/nagios"
> >
> > 
> > #  SSLRequireSSL
> >Options ExecCGI
> >
> >AuthName "Nagios Access"
> >AuthType Basic
> >AuthUserFile /var/www/nagios/htpasswd.users
> >Require valid-user
> >
> >Order deny,allow
> >Deny from all
> >Allow from 127.0.0.1
> > 
> >
> > Alias /nagios "/var/www/nagios"
> >
> > 
> > #  SSLRequireSSL
> >Options ExecCGI
> >Options None
> >AllowOverride None
> >
> >AuthName "Nagios Access"
> >AuthType Basic
> >AuthUserFile /var/www/nagios/htpasswd.users
> >Require valid-user
> >
> >Order deny,allow
> >Deny from all
> >Allow from 127.0.0.1
> > 
> >
> > My apache server runs using the chroot feature. Could please anyone
> > tell me what's going wrong?
> 
> My config matches yours, except for the Allow directive.
> 
> you are accessing things from 127.0.0.1?

That was my concern... you could try the actual ip or possibly
'localhost'?

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: Nagios and Apache

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Peter Blair
> Sent: Friday, June 23, 2006 4:02 PM
> To: Joco Salvatti
> Cc: Misc OpenBSD
> Subject: Re: Nagios and Apache
> 
> Obvious, but ensure that /var/www/cgi-bin/nagios is a valid directory
> from the perspective of your chroot'd server.
> 

I would say that it is a valid directory... it was on my installation. Isn't 
/var/www/cgi-bin a valid chroot directory by definition?

> Another caveat is to ensure that the named pipe is accessable to both
> the nagios executable, and to the chroot'd cgi's (once they start
> working that is).  Nagios references the pipe via absolute naming, so
> you may have to 'break' things a bit and create a symlink under your
> chroot directory of "/usr/local/nagios/rw/nagios.cmd" that points to
> the actual pipe.
> 
> Also, try turning off chroot to see if that helps.  That will at the
> least tell you if it's a visibility issue or not.
> 

I think if you turn off chroot then the other parts of the program that depend 
on the chroot'd directory structure will break when you un-chroot it... right?



Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: News From HiFn

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Lars Hansson
> Sent: Saturday, July 01, 2006 8:19 AM
> To: misc@openbsd.org
> Subject: Re: News From HiFn
> 
> > Don't; just drop it and act like a man. "No, Theo needs an apology
> > because his feelings are hurt." Holy shit, you sound like my sister
and
> > her bitch friends.
> 
> Good thing you have better things to do in your life than to write
long
> tiresome letters on Theo's "attitude". Oh wait...
> 
> ---
> Lars Hansson

And yet, in his long-winded exasperated way, he's right. No one likes a
whiner, especially in Theo's position.

I had respect for Theo before the American comment. It was unnecessary,
out of line, and damaging to the OBSD effort as a whole. You couldn't
make your point without getting ugly, eh?

Showing pride and emotion for your cause is honorable- showing hatred
reveals your smallness. How embarrassing. 

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

'the first man to raise his fists is the first man to run out of ideas'

Re: News From HiFn

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Jacob Yocom-Piatt
> Sent: Tuesday, July 11, 2006 11:38 AM
> To: misc@openbsd.org
> Subject: Re: News From HiFn
> 
> >And yet, in his long-winded exasperated way, he's right. No one likes
a
> >whiner, especially in Theo's position.
> >
> 
> nobody may like the whiner, but that makes the whiner no less correct.
> 
> >I had respect for Theo before the American comment. It was
unnecessary,
> >out of line, and damaging to the OBSD effort as a whole. You couldn't
> >make your point without getting ugly, eh?
> >
> 
> i am myself american and feel that theo's comment about praising the
> company is
> spot on. corporations should not be praised for responding to their
> customers'
> complaints, the complainers, a.k.a. the whiners, should be the ones
> praised, for
> without them the corporation would have shot itself in the foot. this
> whole
> attitude is propagated by merit of the "peonified" US consumer who
only
> wishes
> they could be acknowledged, much less praised, by large corporations.
> 
> the only thing that is large scale and grassroots here in the US is
grass
> that
> is fertilized by large corporations. go figure. get long natural gas
> because
> this isn't going to end anytime soon ;).
> 
> >Showing pride and emotion for your cause is honorable- showing hatred
> >reveals your smallness. How embarrassing.
> >
> 
> or your short-sightedness and "patriotism".
> 
> >Dan Farrell
> >Applied Innovations
> >[EMAIL PROTECTED]
> >
> >'the first man to raise his fists is the first man to run out of
ideas'

I didn't have a problem with his actual argument per se... it was the
delivery. 

Insulting rhetoric has no place in a civilized debate. I actually agreed
with him, until he thought that all of this is just 'American.' It's
actually 'capitalistic', and America isn't the only country in on that
game.

In short, a more mature attitude in presenting arguments would serve to
promote OpenBSD... it's not a punk solution, and deserves more than a
punk response to problem situations.

No wonder OpenBSD has such difficulty in raising money or respect in the
industry it was meant to operate in. And that's a sad statement-- it's a
damn good product.

Re: Forward IP to remote location

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Nguyen Manh Thang
> Sent: Friday, July 21, 2006 6:00 AM
> To: misc@openbsd.org
> Subject: Forward IP to remote location
> 
> Hi,
> I'm trying to forward one or more IP addresses from one location to
> another. Location A has xxx.xxx.xxx.96/27 IP addresses. In Location A
> there
> is a CISCO Router, but I don't have access to this router. Location B
is
> connected to the Internet using cable modem. The IP address  that
comes to
> the server in location B is 10.1.70.40, as you can see this is not
ratable
> IP address. Is there a way to run HTTP server at Location B using one
of
> the IP address in Location A?
> 
> Thank you,
> 
> Rossen
> 
> 
>

--
> ---
> ---
> 
> I have the same your question. You not do yet?
> 
> pls lead me do.
> thanks
> manh thang

Maybe I'm missing something, but... Nope.

When a surfer to your site wants to go xxx.xxx.xxx.98 they will go to
location A, not to whatever cable modem location site A is at. The only
way to make certain IP addresses appear to be coming from locations they
weren't intended to come from (and have actual two-way communication) is
as a result of hacking one or more networks.

If this kind of thing worked, people would be hijacking websites left
and right. 


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: Forward IP to remote location

[Dan Farrell]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Marcus Watts
> Sent: Friday, July 21, 2006 4:21 PM
> To: misc@openbsd.org
> Subject: Re: Forward IP to remote location
> 
> Various wrote:
> > Subject: Re: Forward IP to remote location
> > Date: Fri, 21 Jul 2006 15:47:24 -0400
> > Message-ID:
> <[EMAIL PROTECTED]>
> > From: "Dan Farrell" <[EMAIL PROTECTED]>
> > To: "Nguyen Manh Thang" <[EMAIL PROTECTED]>,

> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf
> > Of
> > > Nguyen Manh Thang
> > > Sent: Friday, July 21, 2006 6:00 AM
> > > To: misc@openbsd.org
> > > Subject: Forward IP to remote location
> > >
> > > Hi,
> > > I'm trying to forward one or more IP addresses from one location
to
> > > another. Location A has xxx.xxx.xxx.96/27 IP addresses. In
Location A
> > > there
> > > is a CISCO Router, but I don't have access to this router.
Location B
> > is
> > > connected to the Internet using cable modem. The IP address  that
> > comes to
> > > the server in location B is 10.1.70.40, as you can see this is not
> > ratable
> > > IP address. Is there a way to run HTTP server at Location B using
one
> > of
> > > the IP address in Location A?
> > >
> > > Thank you,
> > >
> > > Rossen
> > >
> > >
> > >
> >

> > --
> > > ---
> > > ---
> > >
> > > I have the same your question. You not do yet?
> > >
> > > pls lead me do.
> > > thanks
> > > manh thang
> >
> > Maybe I'm missing something, but... Nope.
> >
> > When a surfer to your site wants to go xxx.xxx.xxx.98 they will go
to
> > location A, not to whatever cable modem location site A is at. The
only
> > way to make certain IP addresses appear to be coming from locations
they
> > weren't intended to come from (and have actual two-way
communication) is
> > as a result of hacking one or more networks.
> >
> > If this kind of thing worked, people would be hijacking websites
left
> > and right.
> >
> >
> > Dan Farrell
> > Applied Innovations
> > [EMAIL PROTECTED]
> 
> There's at least 3 ways to do this.  2 of them require physical
> presence at the "bounce" site.  The 3rd requires some form of
> "trusted" access.
> 
> Way #1 -- at location A, allocate an IP address and install a bridge.
> The bridge should route all traffic for that IP address to location B,
> possibly via some form of vpn or tunneling.  At location B, attach
> the web server to the other end of the bridge & give it the assigned
> IP address.  You might find it convenient to do some form of NAT
somewhere
> in here to map addresses.
> 
> Way #2 - at location A, install a proxy squid server, and sshd.
> On the web server at location B, make an ssh connection to the squid
> server
> that will forward remote connections from a given port to the web
server
> on the local host.  Now teach the proxy squid server to talk to the
> designated port that will forward via ssh to the remote server.
> You don't need the proxy squid server if you can stand using
> a non-standard port number >2048 in your URLs, or if you're
> willing to make your sshd connection as root and forward 80.
> 
> Way #3 - the CISCO router at location A probably has some means of
> acquiring routing information.  Supply it routing information that
will
> route data to for the designated location A IP address to location B.
> You'll need to convince each intermediate point between A and B to
> cooperate.  If you can't establish such a path to B, you'll need
> need to acquire some location C where you can have physical presence
> and a routable path back to A.  From location C you can of course use
> #1,#2 to reach B.  Unless you *really* value the routable IP address
at
> location A, AND you can convince the folks at location A to let you do
> this, you're probably better off not doing this.
> 
> Common factors to all of these:
> 
> yes you can use openbsd for all the pieces.
>   (I'm not sure openbsd has any other specific
>   connection to this problem.)
> you need some way to route incoming connections
>   to something at location B.  If you can't directly
>   accept incoming connections on something at location
>   B then you

RE: AS path prepending [OpenBGPD]

[Dan Farrell]

> neighbor $slowjoe {
> remote-as   
> descr "slowjoe"
> set localpref 100
> set weight 45
> announce   self
> announce IPv6   none
> tcp md5sig passwd x
> prepend-self 2
> }
> 
> ... right ?
> 
> 
> And while I'm at it:
> - if I wan't to make sure that $slowjoe is chosen as a last resort,
how
> many times (0-9) should I prepend ?

See the combined explanation below...

> - in short, how will the 'prepend-[self|neighbor]' attributes affect
the
> 'localpref' and/or 'weight' ?

It's my understanding that prepending excludes the 'weight'
decision-making so long as the paths being compared are no longer of
equal as-path length... so to answer your question 'how many times
should I prepend' I'd answer... 'as many times until the $slowjoe
as-path appears longer than the other carrier as-paths.' Keep checking a
looking glass (preferably $slowjoe's if they have one) for $slowjoe's
announcements of your blocks to be sure.

> - In contrast to 'prepend-self' when should the 'prepend-neighbor'
> attribute be used ?

It's also my understanding that if you are looking to make $slowjoe your
backup peer, then you could use 'prepend-self' for your outgoing
announcements, and 'prepend-neighbor' for their incoming announcements.
The former would make reachability to you via $slowjoe less attractive
than via other carriers you have, and the latter makes the routes you
receive from $slowjoe less attractive than routes you received from
other carriers... so imho, use both.

> 
> Thank you in advance.
> 
> /per
> [EMAIL PROTECTED]

If I'm wrong about these statements, please let me know... 

Re: Looking for general info on OpenBSD

[Dan Farrell]

> And dammit don't top post. You're using outlook aren't you? God, fuck
> outlook. Fuck outlook and it's shitty non-standard "look let's pretend
> the reply button is the forward button" design. And then that forces
> you into top posting because otherwise it looks like the way the
> message looks now.
> 
> Have a nice day,
> -Nick


I'm forced to use Outlook at work (don't get me started, I hate it), as
I'm sure a few others here are... I've tried a few crappy add-ons that
will reverse the top-posting nature of Outlook, and they have all
failed. If anyone knows an actual working tool to fix this crappy nature
of Outlook I would be most appreciative.

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: Looking for general info on OpenBSD

[Dan Farrell]

> Dan, is it possible for you to use a different mail server than your
> work's
> Exchange platforms?  POP/IMAP and SMTP elsewhere?  Yahoo, hotmail, or
> gmail?

It is entirely possible as far as this list is concerned-- I suppose I
have been avoiding this because I wanted have my cake and eat it, too...
it's nice being able to see all email directed at you in one mailbox.

As far as being able to not use my company's exchange server for company
email... nah, can't get away from it... it's like the school bully that
keeps picking on you... I just can't shake it.

Well, apparently until magic occurs, I will continue to manually edit
each response to this list... that's okay, it's kinda good in that it
forces me to proof what I wrote anyway (not that this list is
unforgiving or anything ;) )

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]

Re: Why no compiler on prod system

[Dan Farrell]

> It's still a valid concern. If someone's going to try to break into
your
> system and do nefarious deeds, you should be trying to make them work
for
> it as much as possible.
> 
> Physical security standards recommending not leaving toolboxes outside
> your backdoor so that a thief won't take your crowbar and pry your
> deadbolt lock out of the door jam. If the bastard's going to break in
> through the back door, at least make him bring his own tools with him.
> 
> PG

Though I see the point you're making I don't think the analogy
translates perfectly--- the 'toolbox' in this case is by nature 'inside
the house' ... 'locked up'... where it should be, not 'outside the
house'.

Could this be a 'best practices' discussion? From that perspective, you
certainly don't want to leave extraneous crap lying around your system,
for sure, but as Nick pointed out earlier, you don't want to cut off
your nose to spite your face... you want to be able to flexibly update
your system when security patches are released, otherwise you're
'putting everything inside, locking the door, but leaving all the
windows open.' 

And no, I'm not sure why I'm putting quote marks around all this
'stuff'. It's freaking 'contagious'.

'Dan Farrell'
Applied Innovations
[EMAIL PROTECTED]

Re: ksh vs bash

[Dan Farrell]

> - When using tab completion, and you press tab two times to get a list
> of possibilities, ksh doesn't use less/more to present the
possibilities
> (i.e. they just scroll by and I have to use shift+page-up).
> 

Less/more works just fine for me in ksh... or maybe I installed
something I've forgotten about to add this functionality?

# cat /var/www/conf/httpd.conf | less

Works.

Dan Farrell

RE: BGP router now running desperately low on memory [epilogue]

[Dan Farrell]

1) Burn media converters no matter what-- they are EVIL. I've used many
from 3 different manufacturers, and they are, as a whole, horrible. They
aren't just regularly poor performers, but their reliability is crap.

2) Your issue (prima facie) sounds like a classic duplex mismatch issue
between the copper side of one the IMC's and its connecting device...
most likely the provider side (since you don't have control over it.)
Short Frames, CRC, and alignment errors are the classic signs of a
duplex mismatch between devices. If you don't control the provider's
IMC, then that's probably where the problem lies.

You stated that you performed a lot of testing over the circuit and you
have no testing ability on the provider side, If you could test the
'circuit' without the BGP session (with something like Iperf or MTR (MTR
xxx.xxx.xxx.xxx -i .03 for rapid packet rate) I think you could confirm
the duplex mismatch issue with loads of errors on these two tests, prior
to accepting the fiber circuit... but I would still take the fiber
circuit. One day one of those IMC's will burn out or flake, and you'll
have a outage.


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Per Engelbrecht
> Sent: Wednesday, September 20, 2006 11:06 AM
> To: misc@openbsd.org
> Subject: Re: BGP router now running desperately low on memory
[epilogue]
> 
> Hi all,
> 
> Just to make sure nobody's sitting and wondering what happened with
this
> thread, then here's a final mail with a short description of what's
> cooking right now and what was boiling back then.
> 
> Below you'll find:
> - case
> - situation
> - conclusion
> - physical connection
> - hardware
> - a few tips
> 
> 
> ##
> Case: #
> ##
> When I added another bgp peer to my router the overall network/routing
> performance on the server was brought to an almost staggering halt
until
> I downed the bgp session again.
> 
> 
> ##
> Situation: #
> #
> At first I had warp-speed on the wire and all tests on the connection
> (*) seemed okay.
> Trivialities like speed-, duplex-, mtu settings etc. was agreed upon
> before the connections was established.
> The time elapsed from initiating the BGP session to severe performance
> degradation was <2 minutes and if I did not down the BGP session
within
> the next minute (literally) then routing and network performance would
> drop like a piano out of the sky. In short I was using all mbuf
(Kbytes
> allocated to network >97%).
> Raising kern.maxclusters stepwise gave me a short lived break until I
> reached a given point (see tips below). Above that I gained nothing
and
> stopped raising it any further.
> 
> The new carrier had a lot of alignment errors (CRC/FCS) and packet
size
> problems (Jabbers/rxOversizedPkts) in their log / on "their" side. We
> both had heavy packelosses after these few minutes.
> 'tcpdump' did not reveal any significant signs of a sick connection on
> my side.
> A lot of testing has been done since. The connections however, is
still
> not running but adjustments on the peers side and replacements on the
> connection itself has raised the "panic-threshold" from <2min. to
around
> 18min. before disaster strikes.
> 
> 
> 
> Conclusion: #
> ###
> I'll receive a fiber directly to my front door from the new peer
shortly
> i.e. we'll bypass the copper-fiber-copper connection. I don't like not
> being able to pinpoint the problem before moving on, but I have no way
> of seeing what's going on on the "other side". I have an idea that the
> Cisco box and the converters do not like each other, but again it's
only
> a guess.
> 
> What I do know is that an error-prone connection combined with a well
> connected BGP peer, can jeopardize an entire bgp routers performance.
> BGP can not "see" how well the connection is runing - it can only see
> link and link = traffic = congestion.
> 
> I can not claim to have found the 'holy grale' in BGP troubleshooting
> but I can rightfully claim that I've eliminated my OpenBGPD as source
of
> error (both as i386 and amd64) and I can also rightfully claim to have
> found a few settings that actually makes a difference.
> If the carrier find the problem and inform me, I will of course inform
> all of you as well.
> 
> 
> 
> ##
> Physical connection: #
> ##
> We are terminating with this carrier in a FE port but due to the
> distance between them and us at the datacenter location, a FDDI
> connec

Re: bgpd best external route

[Dan Farrell]

I take it you've already adjusted your holdtimes?

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Tom Beard
> Sent: Monday, September 25, 2006 2:18 PM
> To: misc@openbsd.org
> Subject: bgpd best external route
> 
> Is there any way to mimic the behaviour of the Juniper
> "advertise-best-external-to-internal" function within OpenBGPd?
> 
> I currently have a setup of 4 OpenBSD routers, two with eBGP sessions
to
> upstreams and peers, and a full mesh of iBGP sessions between these
and
> the two internal routers.  This all works well normally, however I
would
> like to see a full view of the routing table passed to each internal
> peer, not just the routes originating locally so as to minimise the
> convergence time in the event of an outage on one router/provider.
> 
> If what I've just written is complete rubbish then please accept my
> apologies.
> 
> Tom

Re: bgpd best external route

[Dan Farrell]

I'm not sure though... doesn't he want what the external peers sent to
his border routers, not just what the border routers decided were the
best routes?

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Eric Stockwell
> Sent: Wednesday, September 27, 2006 4:19 PM
> To: Tom Beard
> Cc: misc@openbsd.org
> Subject: Re: bgpd best external route
> 
> Sounds like the behavior you are looking for is route reflection.
> 
> Eric
> 
> 
> 
> Tom Beard wrote:
> > Henning Brauer wrote:
> >
> >> i honestly don't understand your problem ;(
> >>
> > I get told that a lot ;)
> >
> > Our two border routers (I'll call them B1 & B2) both have full views
> > made up of various transit & peering connections.  They have iBGP
> > peerings with each other and also with both of the access routers
(I'll
> > call them A1 & A2).  Under normal circumstances the access routers
see
> > ~180,000 prefixes from B1 and ~12,000 prefixes from B2.  If for some
> > reason B1 loses external connectivity, there is about a 2 minute
time
> > frame where A1 & A2 only have partial connectivity as B2 loses the
> > routes from B1 and then starts advertising more of it's own external
> routes.
> >
> > JunOS has an option that allow you to tell B1 & B2 to advertise a
full
> > table of routes to all iBGP peers so in the example of B2, it might
have
> > selected routes via B1 as active, however it will still advertise a
full
> > table of it's own best external routes.  This means that should B1
lose
> > connectivity, A1 and A2 already have a full route view from B2 and
don't
> > need to wait to it to re-converge.
> >
> > I'm not convinced that made much more sense.  Perhaps I'm making the
> > whole issue overly complicated?
> >
> > Tom

Re: Xen?

[Dan Farrell]

And I believe he was speaking about making it a guest OS... any
plans/timeframe on making it a host?

Dan Farrell


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> James Blasius
> Sent: Thursday, September 28, 2006 12:08 PM
> To: OpenBSD - misc
> Subject: Xen?
> 
> I listened to Christoph Egger's podcast on openbsd + xen. Yowza. Is
this a
> 4.1 timeframe item?
> 
> --
> James C. Blasius
> [EMAIL PROTECTED]

Re: Oldest Server you run

[Dan Farrell]

# sysctl hw
hw.machine=i386
hw.model=Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache)
hw.ncpu=1
hw.byteorder=1234
hw.physmem=200908800
hw.usermem=200519680
hw.pagesize=4096
hw.disknames=wd0,cd0
hw.diskcount=2
hw.cpuspeed=448


I run OpenBGPD on it with 4 full peers as a route server.

And it's awesome!

Dan Farrell


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Falk Husemann
> Sent: Thursday, October 12, 2006 2:55 PM
> To: misc@openbsd.org
> Subject: Oldest Server you run
> 
> Hello List!
> We're trying to put an old server to good use again and would like to
> know what's exactly the oldest machine running OpenBSD?
> 
> 
> As machine we defined something with processor, ram, network, hard
> disk and a connection to the internet. So no Newton or toaster (at
> least not if there's no disk being toasted).
> 
> 
> Thank you in advance,
> Falk

Re: Failover routers with OpenBGPD and independent BGP sessions

[Dan Farrell]

To me it seems that even having the IBGP session won't help the OP's
particular issue (though he should have it anyway for other reasons)...
as the peer session goes down, the routes from it go down with it, and
IBGP withdraws those announcements. Nothing gets held over. Maybe
establishing a second peering session with each provider will help in
your redundancy- that's what I currently do, and yes, it has come in
handy.

I'm one week away from implementing OpenBGPD as route servers for
maximum BGP redundancy. Here's my plan, maybe you can take something
away from it for your own solution for redundancy-

I have multiple egress points in my network (separate physical
datacenters (DC's) with their own carriers, with the DC's linked
together via Layer2 fiber access.) I use OpenBGPD as a route server (RS)
at each DC to feed my edge routers a custom single table via IBGP
(meaning the RS's are making the real EBGP multihop peerings with my
carriers), making the edge routers essentially just packet forwarders. 

The DC's have layer2 access to each other, so I will populate each DC
with an RS with CARP (in a VLAN) so the edge routers (and the carriers)
only see one RS at a time, but multiple RS's are on standby. If a DC,
edge router, RS, carrier, or Layer2 connections between the DC's fail,
the RS's will be able to recover and continue to peer- either with
everyone, or just their closest edge router and carriers (each DC has
its own separate address blocks, so a split situation won't be a
conflict.) 

As an extra step of redundancy against the RS's, I can have those edge
routers form EBGP sessions with their directly connected peers, but only
announcing a basic set of our prefixes (not individual /24's like the
OpenBGPD RS's do for better traffic engineering, and only accepting a
default route.) That way, if the entire redundant OpenBGPD router server
model fails (which I doubt will happen), I still have basic routing with
my carriers. 


Dan Farrell


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Stuart Henderson
> Sent: Friday, October 13, 2006 6:45 AM
> To: misc@openbsd.org
> Subject: Re: Failover routers with OpenBGPD and independent BGP
sessions
> 
> On 2006/10/13 11:24, Ronnie Garcia wrote:
> > >I have been recommended by our ISPs that I should also advertise
> > >routes between the routers, so that if one's BGP session fails, it
can
> > >route packets to the other for a cleaner failover. I have not
managed
> > >to get this configuration working.
> >
> > Yes you should, this is called iBGP. All of your BGP routers should
have
> > a iBGP session with all of the others, in a full mesh (unless you
are
> > using a route reflector).
> 
> OP has already done that in the config file, the problem is how to
> add a route so the other provider's router can be reached. Normally
the
> provider's router is listed in the IBGP announcement so unless this is
> overwritten in the IBGP announcements (by 'set nexthop) you need to
have
> a route to the provider's router (static or OSPF).
> 
> From the sample config I guess OP may not realise that 'set nexthop'
is
> on announcements, it doesn't overwrite the nexthop on incoming routes.
> Any confusion with the action of 'set' attributes, use bgpd -nv which
> demonstrates clearly how they apply.
> 
> On 2006/10/12 14:05, X Y wrote:
> >  I use depend on carp0 ... carp3 on the master router
> > (chosen via advskew) to drop that session if it fails,
> 
> 'depend on carp' is mostly for where you have a peer session running
> from a carp address (e.g. if you're at an IXP where you are only
> allowed one IP address and want to connect two routers). It is used
> to hold the backup router in IDLE in normal conditions, and
> immediately connect when it becomes master. I'm not sure this is
> what you are intending to do?
> 
> It might help to see some 'sh ip bgp d '.

Re: Sun BlackBox

[Dan Farrell]

I can only think of three reasons off the top of my head to use these...

Disasters, Disasters, Disasters.

Once a datacenter in a disaster situation starts reaching the critical
point (like Zipa in N.O. during Katrina, or Verio in Boca Raton during
Wilma), with no fuel relief in sight, these things will become very
attractive. Simply plop this in another city, transfer your content, and
you're done. Of course, nothing's that easy (I'm oversimplifying ad
nauseum), but I bet Zipa would've paid full list price for one or two of
these puppies and given it a go.

Dan Farrell
tpb

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> stuartv
> Sent: Wednesday, November 01, 2006 2:03 PM
> To: [EMAIL PROTECTED] Org (E-mail)
> Subject: Re: Sun BlackBox
> 
> >On 11/1/06, Chris Cameron <[EMAIL PROTECTED]> wrote:
> >>
> >>
> >> On Wed, 2006-11-01 at 14:55 -0300, Gustavo Rios wrote:
> >> > Dear list members,
> >> >
> >> > While visiting sun blackbox home page, i saw they have a new
project
> >> > called blackbox. But i don't know whether openbsd could be used
> within
> >> > it.
> >> >
> >> > Gustavo Rios
> >>
> >> Do you plan to need a trailer full of Sun hardware?
> >>
> >>
> >> They're just normal Sun machines in a trailer.
> >
> >Why would you ever want a trailer of computers? So you can go RV'ing
> >and still hack?; get a double degree in Hick/Nerdism?
> >
> >-Nick
> >
> 
> I'm in Florida where each year we never know if a Hurricane will hit
> or not.  A trailer like this would be nice to have if your building
> gets blown/washed away.  The only problem is where to put it.  If it
> is so bad that your building is gone I don't think a trailer would
> fare any better.
> 
> stuart

Re: proposed patch for ifconfig(8) man page

[Dan Farrell]

Doesn't the issue with documentation/examples/links in man pages have a
lot to do with the target audience? I always thought that the man pages
were there for people with a certain amount of technical acumen relative
to BSD, while absolute beginners were better of with HOWTO guides (which
can ease them into the appropriate use of the man pages.)


If the man pages are intended to satisfy all users regardless of skill
level, I think you will find many people will always be left
unsatisfied.


Dan Farrell


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Bob Beck
> Sent: Tuesday, November 07, 2006 1:42 PM
> To: misc@openbsd.org
> Subject: Re: proposed patch for ifconfig(8) man page
> 
> * Jason McIntyre <[EMAIL PROTECTED]> [2006-11-07 11:25]:
> > On Tue, Nov 07, 2006 at 06:52:19PM +0100, Igor Sobrado wrote:
> > >
> > > Can I suggest adding atalk(4), inet6(4), ipsec(4), pf(4),
pflog(4),
> > > eon(5), hostapd(8), and tcpdump(8) to the "SEE ALSO" section of
> > > ifconfig(8)?  I think that, as these manual pages are being cited
> > > in the ifconfig(8) manual page, they should be added to this
section.
> > >
> > > Just want to check the opinion on this change before submitting a
PR.
> > >
> > > The proposed patch is added to this message.
> > >
> >
> > once upon a time i was inclined to go by the rule that if a man page
> > referred to another, it should be listed in the SEE ALSO. i no
longer
> > think that though, since invariably i see overly large SEE ALSO,
most of
> > which is ignored anyway. so now my personal opinion is somewhere
along
> > the lines of "if reading this man page will help the reader
understand
> > this man page, i should include it in SEE ALSO".
> >
> > i am now sorely tempted to kill about 2/3 of the references in SEE
ALSO,
> > rather than actually add to it. it is much more important that stuff
> > which uses ifconfig(8) (the various interfaces and so on) all point
to
> > ifconfig(8), rather than the other way round.
> >
> > we do not have an eon(5) man page, btw, but there was a fine piece
of
> > vinyl called "void dweller" which eon released about 15 years ago...
> > start the machine!
> >
> 
> 
>   I hear you in general jmc, but ifconfig is a bit of an odd duck.
> 
>   To give you an example. let us answer the simple question of
"how do
> I join wireless network "bob"" - the answer from the lists is "use
> ifconfig" - ok, so if I read the man page for ifconfig, there is
> notably no examples of doing this, however, for example, there are
> examples of doing in in wi(4) - and very similar examples in ath(4)
> Similarly, the same examples are repeated in ral(4).. See what I mean?
> you really do need those "see also" entries as a dummy to be able to
> find a reasnoable example in the man pages at the moment. and I am a
> firm believer in the man page should have real examples - failing that
> we end up with linux faq's. Unfortunately ifconfig is probably the
> nastiest example of a man page to have this discussion with. Should
> we be re-coalescing those examples back into ifconfig(8)?
> 
>   The core problem is simple - a user will be told "use ifconfig"
> to do something not "use ath" - so they start at the ifconfig(8)
point.
> What's the best way to make that as painless as possible?
> 
>   -Bob

Re: openbsd on cisco hardware?

[Dan Farrell]

I agree completely... for less than the cost of a frac-ds3 you can get
10 or 100 Mbps Metro Ethernet circuits from various US RBOCS (I use
Bellsouth as an example, not sure who the RBOC in Chicago is.) Most of
them allow upgrading to 1Gig. We use a few of them and they are great...
we're never going back to DSx or OCx circuits unless absolutely
necessary.


Dan Farrell


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Jeffrey C. Ollie
> Sent: Monday, November 13, 2006 8:43 PM
> To: misc@openbsd.org
> Subject: Re: openbsd on cisco hardware?
> 
> On Mon, 2006-11-13 at 15:12 -0600, Jacob Yocom-Piatt wrote:
> >
> > bingo! i wanted to see if i could use a 2620 i had laying around for
its
> T1
> line
> > card and this is why i didn't expect it to be possible.
> >
> > the ISP here at work supplies a couple T1 lines which terminate into
> 1721s
> and
> > i'd very much like to remove all cisco gear from the network. there
are
> cisco
> > 7200s as edge routers at the ISP. anybody got advice on the cheapest
way
> to
> > connect to such routers? the sangoma, accoom, etc. cards are pretty
> pricey.
> 
> The cheapest way that I can think of would be to get your ISP to
provide
> you some sort of Metro Ethernet or Ethernet over TDM solution.  That
way
> your interface to the Internet is an Ethernet port and it's the ISP's
> responsibility to deal with T1 circuits or whatever.
> 
> Jeff
> 
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]

Re: Which tools the OpenBSD developers are using?

[Dan Farrell]

> ps. Two items regarding the AK47.  I've heard that the majority of
these
> are being produced illegally (manufacturer didn't get the required
> license from the Soviet inventor) and that, besides the gun barrel,
most
> parts can be stamped out of sheet metal instead of having to be
machined.


Almost sounds like open-source weaponry... 


Dan Farrell

Re: mini router based on openbsd

[Dan Farrell]

We used an Axiomtek 4100 ... a slightly similar setup with 1GB CF, four
Ethernet ports, Via C3 800mhz processor, and up to 384 MB RAM. A sweet
little snort sensor it is...

We put in an IDE HD that we think was eventually responsible for killing
the weak power supply (can't recall the wattage, but sure it's in the
same basic range as other similar devices.)

Fft,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Andrey Shuvikov
> Sent: Thursday, December 07, 2006 9:56 AM
> To: misc@openbsd.org
> Subject: Re: mini router based on openbsd
> 
> I'm in the process of installing OpenBSD on a regular PC. It's PChips
> M787CL+
> motherboard with VIA C3 Samual 2 CPU, which I run with passive heat
sink,
> so
> no fan here. I use DC-DC converter as power supply so no fan here
either.
> And when I replace (as I plan to) a harddrive with compact flash card
> (using
> IDE-CF adapter) it will be completely noiseless. Maybe it's not
exactly
> what
> are you looking for but if the noise is the main problem... In
addition
> you
> can use regular keyboard and monitor, regular PCI cards (for wireless,
> etc)
> and pre-populate flash card using cardreader, so no need for remote
> booting.
> 
> Andrey

Re: Good GigE 8-port switch?

[Dan Farrell]

DLink and 3com are good managed switches you should check out.

As you can see by the past comments, getting your exact port density
might not be such an issue compared to the choice of manufacturer.

Dlink used to be a Linksys-like manufacturer (and to a large degree
still is) but they have made significant headway in managed and
carrier-grade switches. The Miami NAP uses them for their client
connections.

3Com simply has been doing this for years. They were (imho) made to look
bad in the past few years as multiple startups ate their lunch and had
better management tools, but lately 3com has been making a comeback, and
their gear is steady.

Buying networking gear from a company that doesn't specialize in it
(like Dell) ... well, you're just asking for it. 

If you want my top selection for switching and routing gear, however, it
would have to be Riverstone. If you can find used Riverstone to buy I'd
go so far as to write your first configuration for you... it's that
good.

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of bofh
Sent: Wednesday, May 10, 2006 4:14 PM
To: Open BSD
Subject: Re: Good GigE 8-port switch?

On 5/10/06, Axton <[EMAIL PROTECTED]> wrote:
>
> What kind of problems did you experience with the Dell Powerconnect.
> I use a 3024 (2 GBIC - 24 10/100) and have not experienced any
> troubles with it.


Strange and unusual issues, besides the  typical  switch just dying.
Check
Dell's own forums for some of the issues and screams (again, it was 2
years
ago, and models/firmware may have changed).  Some network issues
(servers
unreachable by some clients, etc), could only be fixed by restarting the
switch.

Re: FYI, 1and1 hosting fun (ip subnet zero)

[Dan Farrell]

Geez network setups just shouldn't be that strained... I mean, what
happened to hooking up a server with a /30 connection to the nearest
router? Am I missing something? 

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Thursday, May 11, 2006 11:02 AM
To: misc@openbsd.org
Subject: Re: FYI, 1and1 hosting fun (ip subnet zero)

*cut*

Once I set up a Serve rat a very moronic and clueless Hoster (Strato)
wich
used/uses the same Setup.
Depends on their Network you may wanna try 255.255.0.0 or 255.255.255.0.
:)

fxp0: flags=8843 mtu 1500
lladdr 00:00:aa:77:cc:22
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 81.169.x.x netmask 0x broadcast 81.169.255.255

As you can see it works. So it should work on 1&1 and other Hosters too.


Btw: Do not use STRATO. Their Support is somewhat poor, their tecnicans
are clueless and they block you if their "Fail-Over"-Fails and blame you
for getting a DDoS and tell you to stop it (crazy or.. I eman IF you get
DDoSed how should YOU be able to stop it?).
Just mofu* idiots.. realy.
I hope you`ll be happy at 1&1. :)

Kind regards,
Sebastian

Re: FYI, 1and1 hosting fun (ip subnet zero)

[Dan Farrell]

Oh, uh, really? Had no idea 1and1 was quite large ;)

If that's what they're worried about, then they could use private
vlans...

http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support
_sub-protocol_home.html

http://www.riverstonenet.com/support/configdb/0026.html

Now THAT's a good thing (with ACL's of course to cover things.)

This way the client doesn't have to do anything, and they conserve
address space...

Of course, let's say the vendor offers the /30 connection for a slightly
increased rate? You think this customer would've said yes? I betcha they
would've.

Then there's the annual 'cost' of IP addressing... $2500 for a /19?
$4500 for a /16? For a company that size, I'm just not sure what the
fuss over the expense is ... that should be a drop in the bucket for
them.

So what do they get instead? Support staff tied up with this client, and
the same unhappy client trashing them on this mailing list. Good job,
1and1 !!!


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: Stuart Henderson [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 11, 2006 2:59 PM
To: Dan Farrell
Cc: misc@openbsd.org
Subject: Re: FYI, 1and1 hosting fun (ip subnet zero)

On 2006/05/11 13:28, Dan Farrell wrote:
> Geez network setups just shouldn't be that strained... I mean, what
> happened to hooking up a server with a /30 connection to the nearest
> router? Am I missing something? 

These are, uh, quite large operations, and if there's a way to reduce
IP address use by 3/4 without putting a bunch of customers in the same
subnet that's probably a good thing.

Re: FYI, 1and1 hosting fun (ip subnet zero)

[Dan Farrell]

Not quite... but you have the right idea.

A 'vanilla' VLAN created for an IP network will allow L2 communications
between the hosts in the shared VLAN, given that they exist in the same
IP subnet.

A private VLAN, on the other hand, sees all of the hosts in the same
VLAN and IP subnet, but makes restrictions on what hosts in the VLAN can
talk to each other, restricting direct L2 traffic that gets transmitted
from one host to the other via the switch.

The 'nutshell' response is that private VLANs are like ACL's for
VLANS... you restrict/all communications between hosts that would
otherwise have unrestricted L2 access to each other.

You get the benefit of IP usage conservation with the power of separate
VLANs.

It's been a long evening, so if muddled things even further I
apologize...



Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Lars Hansson
Sent: Friday, May 12, 2006 12:26 AM
To: misc@openbsd.org
Subject: Re: FYI, 1and1 hosting fun (ip subnet zero)

On Friday 12 May 2006 02:58, Stuart Henderson wrote:
> These are, uh, quite large operations, and if there's a way to reduce
> IP address use by 3/4 without putting a bunch of customers in the same
> subnet that's probably a good thing.

Wouldnt that be what VLAN's are for?

---
Lars Hansson

Re: laptops needed

[Dan Farrell]

"I think drinking beer under a palm tree beats drinking beer at a
keyboard any day."

Why not drink a beer under a palm tree while at the keyboard? 

Living in South Florida I have had the good luck to have many an
opportunity to do this... and I must say... it's pretty satisfying!

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of John Kintaro Tate
Sent: Friday, May 12, 2006 7:25 AM
To: Shane J Pearson
Cc: [EMAIL PROTECTED]
Subject: Re: laptops needed

On 4/10/06, Shane J Pearson <[EMAIL PROTECTED]> wrote:
>
> Gustavo,
>
> On 2006.04.10, at 10:13 AM, Gustavo Rios wrote:
>
> > Excuse gentleman,
> >
> > but i don't see any rationale behind  that tense:
> >
> > "  one could argue that people who live in such places should
> >> not have computers)"
>
> I believe that's humour.
>
> Who wants to code when you've got island life outside? Palm trees,
> fishing, swimming, bikinis, seafood, etc. I think drinking beer under
> a palm tree beats drinking beer at a keyboard any day.
>
> Also, maybe from Theo's perspective, I've heard tell that it can get
> pretty cold in Canada.
>
>
I live in Australia, there are beautiful national parks and great
weather
outside, but im not going anywhere unless the girlfriend asks.

--
"There is only one God who creates the universe. This God is my Brain.
As
the driver of this Brain I have created a universe in which there are
innumerable other Gods of equal post-hive autonomy with whom I seek to
interest. And my universe was, itself, created by a Higher Level of
DivinityDNA, whose mysteries and wonders I seek to understand and
harmonize
with." - Dr. Timothy Leary, Beware Of Monotheism.

http://deoxy.org/bom.htm

Re: Manually "naming" Multiple NICs

[Dan Farrell]

I think the following tip is worth repeating-

"I still recommend writing the last few digits of the MAC addr on the
spine of the NIC"

Such a simple thing to do, and it will save a lot of time and
confusion...

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Nick Holland
Sent: Thursday, May 11, 2006 7:44 PM
To: misc
Subject: Re: Manually "naming" Multiple NICs

[EMAIL PROTECTED]@mgEDV.net wrote:

[you edited out discussion of *USB* devices]

>> Normally these devices come up in the same order each time.
>>
>> It is not gauranteed, unfortunately, because device bring up can
>> race against other devices.  I've seen it be non-deterministic.
>>
> 
> me, too. especially, if you plug in another nic on pci between 2
> other nics. this is really confusing the box. also take care for
> your bios interrupt settings - if you have a lot of traffic, it
> sometimes can be smart to put all the nics on the same interrupt.

You creatively edited out the part that clearly indicated the topic
of the part you quoted was USB devices, not PCI.

PCI devices come up very predictably, if you understand how it works.
Nothing is confusing to the box at all.  YOU may be confused, but
the box is quite sure of what it is doing. :)

A little experimentation (which everyone should do before putting a
box into production) will make it very clear.  Assuming you have all
the same kind of NIC, it goes by slot number.  Yes, if you stuff a
card between two other cards, yes, the cards are EXPECTED to change
IDs, I can't think of anything else I would want it to do (being that
I really hate it when software or hardware tries to make guesses about
what I was intending).  If that isn't what you want, first move one
of the existing cards, then add the new card to the vacated slot.

I still recommend writing the last few digits of the MAC addr on the
spine of the NIC, as some machines number their slots in a curious
way.  A Dell GX1 will number its slots something like "2 3 4 0 1".
BUT...if you blow a NIC, pull one out and put a spare in, all stays
as it was.  If you change it out for a different type of NIC, things
will change, but you can easily predict what they will end up being,
and if you don't understand what is going on, dmesg and the label I
suggested putting on the card will clear it all up. :)

If you pull the NICs out of one machine and drop in another, you
have to take a little care to make sure you know where they end up,
but again, once you know where they are, they stay put, and you can
replace them and know what will end up happening predictively.



Michael Schmidt wrote:
> Please allow a silly question: What4s the reason for "put all the 
 > nics on the same interrupt" if one has a lot of traffic?

First, you start messing with your BIOS at that level, you are more
likely to break things than improve things.  The way people usually
shoot themselves in the foot is by forgetting that PCI was designed
to share interrupts, and trying to use the old ISA logic of "each
device on its own IRQ".

Here is a massively over-simplified explaination of what happens:
Let's say you have five PCI devices which could trigger interrupts.
Again, the PCI bus was designed to share IRQs, so when an IRQ comes
through, the first thing that happens is you have to push a bunch of
stuff off to the stack before servicing the IRQ, then you have to
identify which device fired off the IRQ before you can do anything
about it.

If a lot of IRQs are happening, so the next is often coming in before
the previous one was finished, there are two ways things could happen:
   1) You return to what you were doing before the IRQ came in, but
then the IRQ fires again, sending you back to the IRQ service routine.
(this is how unshared ISA IRQs were handled)
   2) BEFORE returning, you check to see if any other device needs to be
serviced, which is possible if they are sharing the same IRQ channel.
In fact, if you are sharing the same IRQ, you have to do this.

Hopefully, it is moderately clear that you save two IRQ-caused context
switches by staying in the IRQ service routine and looking for more
work to do.  The more additional IRQs that come in, the more potential
savings.  This is possible if you are sharing IRQs.  IRQs are costly
things when it comes to processor time.

Reality check #1:
   This only matters on HIGHLY loaded systems, where IRQs are stacking
up. If your system is this loaded and you have less than the best HW,
you can probably get better gains by selecting different hardware.  A
machine which has multiple PCI buses or higher-quality NICs will
probably give you a MUCH larger benefit than IRQ sharing.  My wild-a**ed
guess of what IRQ sharing would do for you would be at most a few
percentage points, not enough that anyone would eve

Re: vlan router problems

[Dan Farrell]

Depending on the switch vendor it may be also be referred to as PVST
(per-vlan-spanning-tree.)

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Philip Guenther
Sent: Tuesday, May 16, 2006 3:38 PM
To: Raja Subramanian
Cc: misc@openbsd.org
Subject: Re: vlan router problems

On 5/16/06, Raja Subramanian <[EMAIL PROTECTED]> wrote:
...
> In my current setup it seems that my switch does not permit
> the same MAC ID (of my router NIC) to appear on different
> VLANs.  So long as I have only one vlan interface up at any
> given time, everything works perfectly.

Right.  The 802.1Q spec for ethernet vlans did not specify whether the
spanning tree was per-VLAN or shared among them.  As a result, many
(most?) vendors just used a single tree, which breaks setups where the
(active) port to use for a given device can vary by VLAN.  Check the
documentation, particularly the documentation for the firmware
patches, for a configuration switch that enables something like
"spanning tree per VLAN" and enable it.

(I recall hitting this back in, uh, 1999 or so while working with a
bunch of 3com switches at a previous job.  3com ended up releasing
firmware upgrades that added such a configuration option, but man was
it frustrating trying to figure out why it wasn't working.  The
doubly-connected device would only be able to see the first VLAN that
it sent out on...)


Philip Guenther

Re: xmms does not run smoothly

[Dan Farrell]

I think the original reply had the right idea.

Look at
http://kerneltrap.org/node/5186

to quote-

"Currently the only program that Ted has gotten fully working with the
new library is xmms. Comparing the new library to the old, Ted
commented, 'when xmms was playing, you could scroll the playlist which
would cause the program to read mp3 headers from 100 different files and
your music would start skipping. It doesn't do that anymore.'"

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Antoine Jacoutot
Sent: Sunday, May 21, 2006 3:04 AM
To: Martin Toft
Cc: misc@openbsd.org
Subject: Re: xmms does not run smoothly

On Sun, 21 May 2006, Martin Toft wrote:
> Actually, I already use the option "read info on load", so I do not 
> experience freezes when scrolling my playlist. However, the freezes
appear 
> frequently anyway, e.g. when xmms opens a dialog that reads directory 
> information from the disk, and therefore still annoys me. I suspect
"my 
> version" of the problem is a bit different from what other people
report, 
> since the execution of heavy programs, such as Mozilla Firefox and 
> Thunderbird, also disturbs xmms and causes short lags in the sound.

I've been experiencing the exact same problem you describe. I've never 
looked for a solution though since I always took OpenBSD for a server 
operating system. I have a Linux box lying around for when I want to 
listen to music, play videos...

Maybe the new kernel threads will make the problem go away, I have no 
idea.

Regards,

-- 
Antoine

Re: (no subject)

[Dan Farrell]

C'mon guys... she's got a webcam!!

Lol,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
ps- I didn't know the mailing list allowed mail with no subject... but
I'm definitely not a good anti-spam expert, so what do I know...


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Thursday, June 01, 2006 2:35 PM
To: misc@openbsd.org
Subject: (no subject)

Ciao  ,
Hey! I have been trying to get in touch with you. I finally got a cam so
you can see me when we talk.
http://ca.geocities.com/kellyluvsmhec/cam.html

Re: dynamic dns update

[Dan Farrell]

Google is your friend. Maybe you should ask Google first.

If you think I'm being rude, read this

http://www.catb.org/~esr/faqs/smart-questions.html#rtfm


cheers!


Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of riwanlky
Sent: Friday, June 02, 2006 9:51 AM
To: misc@openbsd.org
Subject: dynamic dns update

Hi,

I will like to know if OpenBSD have the capability to update my dynamic
ip 
to www.dyndns.org.

I am currently running myDYNIPPRO on Windows to update my dynamic ip. I
want to
move to OpenBSD. I had currently running sendmail, popa3d, mrtg, mySQL
on the
machine.

Thanks and best regards,
Riwan

Re: Windows to "copy" open bsd

[Dan Farrell]

What's the point of any portion of this thread? The subject matter is
complete hearsay, and so far, no one (including captain fucktrust) has
had any relevant input.

If you want to discuss windows, I'm sure there's a ton of mailing lists
out there...

Can't we all just get along ... and let this thread die a quiet death?


danno

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Eric Pancer
Sent: Friday, June 02, 2006 4:18 PM
To: akonsu
Cc: misc@openbsd.org
Subject: Re: Windows to "copy" open bsd

On Fri, 2006-06-02 at 12:58:43 -0700, akonsu wrote...

>  no way. trust me. ;)

Who the fuck are you to trust?