Yahoo! mail and OpenBSD greylisting
Hello folks, I am unable to manually whitelist yahoo! mail sender IP addresses since yahoo! does not play well with greylisting. However I can whitelist gmail, aol, hotmail, rediff and so on since they publish SPF records. Is there a way to determine the IP addresses yahoo! uses for sending mail? I can think of possibly modifying the greyscanner perl script to look for patterns and whitelist. Any ideas? Thanks. -Girish
Re: IPv6 virtual hosts
On 17:31:02 Dec 22, Henning Brauer wrote: > if you plan to look at apache2 code, make sure you're close to a > toilet. puke on the keyboard tends to be nasty. He he. I believe there is a new e-mail archival project called lucene which is written in the greatest programming language on the planet...you guessed right Java. Now that gives us enough hint about what the Apache project is all about. ;) -Girish
Re: Yahoo! mail and OpenBSD greylisting
On 09:30:48 Dec 22, Jordi Espasa Clofent wrote: > Hi Girish, > > ?Have you tried to contact with Yahoo! technical staff about it? I know you are serious , so I don't want to kid. I almost got talking to a relatively highly placed individual in yahoo! to take a look at OpenBSD greylisting. But guess what? The typical corporate response: "We do not care about open source. We will steal what we want from it without acknowledging any credit. And we are a big company with a lot of money. So we can continue the way we want." I can forward you the mildly agitating e-mail response I got from the yahoo! top gun. ;) Apropos of yahoo! breaking standards...well what can we do? -Girish
Re: Yahoo! mail and OpenBSD greylisting
On 20:40:30 Dec 22, Stuart Henderson wrote: > Oh hmm. Just grepped my mail logs and pulled out a few addresses to > check, it seems dnswl's coverage of yahoo isn't all that great (at least > not for their UK-facing outbound servers). > > And pulling their prefixes out of a bgp feed is fiddly at best, > they have at least three different AS. > I am yet to try this. > do you care to expand on this, which standards are they breaking > that are related to this? > Well we discussed long ago that there is no such thing as a standard that says that mails be retried from the same IP address. So technically speaking yahoo! does not break any standard. But I am having issues with yahoo! when greylisting is involved. It is possible that I might have misconfigured something. In case nobody else has problem with yahoo! mail then I know I have a problem instead. -Girish
Re: Running another OS under OpenBSD
On 21:50:08 Dec 25, Marco Peereboom wrote: > Right, now tell me again about strl* > Also about the kernel source. -Girish
Re: X issues with Intel HD 2000 graphics card on ASUS P8 H61 mobo
Should I dump my newly purchased hardware? ;)
-Girish
On Sat, Dec 22, 2012 at 7:56 AM, Girish Venkatachalam
wrote:
> Here is the dmesg and Xorg.
>
> Machine crashes if you run X and I have to cold reboot.
>
> --dmesg---
>
> OpenBSD 5.2 (GENERIC) #0: Thu Dec 20 16:46:58 IST 2012
> r...@latest.gayatri-hitech.com:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Pentium(R) CPU G620 @ 2.60GHz ("GenuineIntel" 686-class) 2.60
> GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,XSAVE,LAHF
> real mem = 3438231552 (3278MB)
> avail mem = 3371216896 (3215MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 10/11/11, SMBIOS rev. 2.7 @
> 0xe94b0 (94 entries)
> bios0: vendor American Megatrends Inc. version "0504" date 07/31/2012
> bios0: ASUSTeK COMPUTER INC. P8H61-M LX R2.0
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT SSDT BGRT
> acpi0: wakeup devices PS2K(S4) PS2M(S4) UAR1(S4) P0P1(S4) PXSX(S4)
> RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4)
> PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4)
> RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) GLAN(S4)
> EHC1(S4) EHC2(S4) HDEF(S4) PWRB(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 99MHz
> cpu at mainbus0: not configured
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (P0P1)
> acpiprt2 at acpi0: bus 2 (RP01)
> acpiprt3 at acpi0: bus -1 (RP02)
> acpiprt4 at acpi0: bus 3 (RP03)
> acpiprt5 at acpi0: bus -1 (RP04)
> acpiprt6 at acpi0: bus -1 (RP05)
> acpiprt7 at acpi0: bus -1 (RP06)
> acpiprt8 at acpi0: bus -1 (RP07)
> acpiprt9 at acpi0: bus -1 (RP08)
> acpiprt10 at acpi0: bus 1 (PEG0)
> acpiprt11 at acpi0: bus -1 (PEG1)
> acpiprt12 at acpi0: bus -1 (PEG2)
> acpiprt13 at acpi0: bus -1 (PEG3)
> acpiec0 at acpi0: Failed to read resource settings
> acpicpu0 at acpi0: C3, C2, C1, PSS
> acpipwrres0 at acpi0: FN00
> acpipwrres1 at acpi0: FN01
> acpipwrres2 at acpi0: FN02
> acpipwrres3 at acpi0: FN03
> acpipwrres4 at acpi0: FN04
> acpitz0 at acpi0: critical temperature is 103 degC
> acpitz1 at acpi0: critical temperature is 103 degC
> acpibat0 at acpi0: BAT0 not present
> acpibat1 at acpi0: BAT1 not present
> acpibat2 at acpi0: BAT2 not present
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: LID0
> acpivideo0 at acpi0: GFX0
> acpivout0 at acpivideo0: DD02
> bios0: ROM list: 0xc/0xe400
> cpu0: Enhanced SpeedStep 2595 MHz: speeds: 2600, 2500, 2400, 2300,
> 2200, 2100, 2000, 1900, 1800, 1700, 1600 MHz
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
> ppb0 at pci0 dev 1 function 0 "Intel Core 2G PCIE" rev 0x09: apic 2 int 16
> pci1 at ppb0 bus 1
> vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> intagp0 at vga1
> agp0 at intagp0: aperture at 0xe000, size 0x1000
> inteldrm0 at vga1: apic 2 int 16
> drm0 at inteldrm0
> "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
> ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x05: apic 2 int 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x05: msi
> azalia0: codecs: Realtek/0x0887
> audio0 at azalia0
> ppb1 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb5: apic 2 int 16
> pci2 at ppb1 bus 2
> ppb2 at pci0 dev 28 function 2 "Intel 6 Series PCIE" rev 0xb5: apic 2 int 18
> pci3 at ppb2 bus 3
> re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06:
> RTL8168E/8111E-VL (0x2c80), apic 2 int 18, address 30:85:a9:b1:6f:af
> rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 5
> ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x05: apic 2 int 23
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> pcib0 at pci0 dev 31 function 0 "Intel H61 LPC" rev 0x05
> pciide0 at pci0 dev 31 function 2 "Intel 6 Series SATA"
Re: X issues with Intel HD 2000 graphics card on ASUS P8 H61 mobo
On Tue, Dec 25, 2012 at 12:58 AM, Beni wrote: > I think you ran into the known sandy bridge problem. It the X server > fails it wont be able to resume to a console. So all you get is a black > screen. Yes. That is what I got even after the config you suggested. # X -config xorg.conf.new Same result. > > You need to fix your Xorg configuration. What command did you use to > start X? This > > (EE) Unable to locate/open config file: "/roo /xorg.conf.new" > > looks like you try to use a nonexistent config file. Try to provide a > /etc/X11/xorg.conf which sets the graphics device to the intel driver: > > Section "Device" > Identifier "Intel" > Driver "intel" > EndSection I did. > > Section "Screen" > > Identifier "Default Screen" > > Device"Intel" > > DefaultDepth 24 > > SubSection "Display" > > Depth 24 > > Modes "1920x1080" "1024x768" "640x480" > > EndSubSection > > EndSection > > > Hope this helps. > > Beni Thanks for your effort. But it did not work. I did exactly as you suggested. If I try and # X -configure it segfaults. This is for your info. -Girish
Re: X issues with Intel HD 2000 graphics card on ASUS P8 H61 mobo
On Wed, Dec 26, 2012 at 12:00 AM, Beni wrote: > > Yep, this sounds exactly like the problem I ran into. The -configure option > segfaults before it writes a working configuration. So you need to write it > yourself. Using the xorg.conf.new file wont work because I doesn't come into > existence. No in my case xorg.conf.new is written but the segfault happens *after* it is written. > Make sure you change the resolutions in the Xorg file to something supported > by your monitor. And depending on the monitor you might need a monitor > section in your Xorg. This takes quite some fiddling to get the settings > right for your hardware and whenever it doesn't work you need to reboot > because you cant switch back to the console. > Well the keyboard stops working and I am sure the whole machine is hung, I even suspect a kernel panic; anyway this does not logically make sense. Monitor resolution change cannot undo a kernel panic... > Maybe you could post a Xorg log where you don't provide a non existent > config file. Does it segfault then, too? It didn't for me. > I started with: # X -config xorg.conf.new and it won't segfault but kernel panic. ;) segfault is better since you get the machine to work with. Not with xdm or X in which case the machine just hangs. > What I didn't try yet but I'm considering it: Compiling and installing > current. Because the whole switching-back-to-console thing is said to be > fixed there. (Can't give you the link right now - I'm on very slow rural > area mobile web) I got the upstream current source thro' CVSup but the Xenocara compile would break. Perhaps I am doing something wrong. I am going to switch back to -stable and get a backtrace to Mathieu. -Girish -- Gayatri Hitech http://gayatri-hitech.com
Re: Best postscript printer with network support?
I mean to print with a2ps on TCP port 515 with LPD... On Thu, Dec 27, 2012 at 4:28 PM, Girish Venkatachalam wrote: > I want to print from my OpenBSD machines on the ethernet LAN. > > I asked HP and Epson but did not get a good response. I want to avoid HP. > > I want basic printing with Postscript ability over the network. > > Also good value for money. I don't think I should spend more than 300$. > > Are there any recommendations? > > Or can we make do with HP's PCL on port 9100? > > Will this work well on OpenBSD? > > -Girish > > -- > Gayatri Hitech > http://gayatri-hitech.com -- Gayatri Hitech http://gayatri-hitech.com
Re: serial over USB
Also try turning off hardware flow control On Thu, Jan 3, 2013 at 6:46 AM, Stuart Henderson wrote: > On 2013-01-02, Jan Stary wrote: >> This is 5.2/i386 on an IBM Thinkpad T40. As this laptop does not have >> a serial port, I bought me this USB-to-serial gizmo: > > There is a real serial port, but no standard de9 connector on the > main laptop, it's only available via the dock interface. > >> Now from this Thinkpad, I try to connect with >> >> cu -l /dev/cuaU0 -38400 >> >> That say 'Connected', but nothing else happens. >> I can see a garbled login screen such as >> >> kXKMr/i386 (gw.stare.cz) (tty00) >> login: >> -i >> >> I usually see something like that with a wrong baudrate. > > You won't have usable chars like this if the baud rate is wrong. > >> What kind of problem is this? > > Faulty/incomplete null modem cable? (do you have at least pins 2/3/5 > connected? sometimes it helps to *only* have 2/3/5 connected.) > > Faulty USB-to-RS232 adapter? > > Have you tried the USB/RS232 and null modem connected to some other > computer? (you can just run cu on both sides and type, it won't echo > locally but you should see text from the other side) > >> Can my ucom do 38400? How do I find out? >> Would it make sense to try other baudrates >> (on both the ALIX and my end, obviously)? > > Doubtful, but you could try it. > >> Is anybody using an USB-to-serial connection to an ALIX? > > Yes. > -- Gayatri Hitech http://gayatri-hitech.com
Re: vlc and udp multicast
On Sun, Jan 6, 2013 at 10:27 AM, Erling Westenvik
wrote:
> It's been more than a year since my last unsuccessful attempt to sync
> music between OpenBSD machines running vlc 0.8.6, but since vlc in ports
> now is at 2.0.4, I've decided to give it another try.
>
Good idea. ;)
> First I start a server instance of vlc on some machine:
>
> $ vlc -d --sout #standard{access=udp,mux=ts,dst=239.255.12.42}
>
> and then I start a client instance of vlc on the same machine:
>
> $ vlc -d udp://@239.255.12.42 --control netsync --netsync-master-ip
>
> and I get sound on that machine. However, when I try to start a similar
> client instance of vlc on another machine, I get no sound on that
> machine.
>
> I get the feeling that I'm missing out something about multicast, but
> what? Routing table entries? Special pf-rules? What?
>
Perhaps
mulitcast_host=YES
in /etc/rc.conf.local
> Finally: I have no problems running a vlc server instance with multiple
> clients on different machines when using http encapsulation, but they
> won't sync properly.
HTTP is not a good streaming protocol though many radio stations seem
to use it nevertheless. RTSP is better.
> Ideas are appreciated!
>
> ( and above, are references to local definitions)
>
Though I have never tried your setup I wish to ask this:
Why not mplayer or ffmpeg? Why vlc?
Even live555 will work.
-Girish
--
Gayatri Hitech
http://gayatri-hitech.com
relayd(8) transparent proxy does not work!
Hi Misc,
Perhaps I am doing something silly but I rather want to get relayd working
with simple HTTP transparent proxy. No SSL.
My relayd.conf:
relay transdivertproxy {
listen on 127.0.0.1 port 8080
transparent forward to destination interface re0
}
My pf.conf:
pass in on egress inet proto tcp from 192.168.2.12 to any port http
divert-to 127.0.0.1 port 8080
pass out on egress inet proto tcp from 192.168.2.12 to any port http
divert-reply
And relayctl show sessions shows that the
session is running.
But lynx is just hanging.
And tcpdump shows packets going back and forth but the TCP
handshake does not go thro'..
What am I doing wrong?
-Girish
--
Gayatri Hitech
http://gayatri-hitech.com
Re: relayd(8) transparent proxy does not work!
By any chance did I hit this bug? I hope not:
http://openbsd.7691.n7.nabble.com/using-relayd-in-transparent-mode-td35424.html
On Tue, Apr 9, 2013 at 6:22 PM, Girish Venkatachalam <
girishvenkatacha...@gmail.com> wrote:
> Hi Misc,
>
> Perhaps I am doing something silly but I rather want to get relayd working
> with simple HTTP transparent proxy. No SSL.
>
> My relayd.conf:
>
> relay transdivertproxy {
> listen on 127.0.0.1 port 8080
> transparent forward to destination interface re0
> }
>
> My pf.conf:
>
> pass in on egress inet proto tcp from 192.168.2.12 to any port http
> divert-to 127.0.0.1 port 8080
> pass out on egress inet proto tcp from 192.168.2.12 to any port http
> divert-reply
>
> And relayctl show sessions shows that the
> session is running.
>
> But lynx is just hanging.
>
> And tcpdump shows packets going back and forth but the TCP
> handshake does not go thro'..
>
> What am I doing wrong?
>
> -Girish
>
> --
> Gayatri Hitech
> http://gayatri-hitech.com
>
--
Gayatri Hitech
http://gayatri-hitech.com
replacement for transproxy?
Hi Misc, I see transproxy port has been removed in 5.2. I thought relayd(8) could do instead but then I want relayd to forward the HTTP request to tinyproxy and not directly proxy to the web server. What is the way out? Does relayd support transparent proxying to tinyproxy? -Girish -- Gayatri Hitech http://gayatri-hitech.com
radius client /NAS server for OpenBSD
Hi, I am looking for a RADIUS client/NAS server that can glean accounting info like packets/bytes transferred, time connected and even kick users who exceed a threshold. I know that freeradius is in ports but I don't see any Radius client/NAS port. Any ideas? -Girish
IPSec isakmpd pre shared interoperability with Fortigate VPN
Dear all, I am having a ball of a time configuring ipsec.conf against our friendly Fortigate VPN box. I think the model is some very old one, perhaps 50B or something. Now some other Linux based commercial VPN is able to talk to it as Fortigate also is from the same parent. So is every other boy out there. But I want OpenBSD to talk to it. I am sure with a lot of hard work I could possibly sort this out but some wisdom from you is good, particularly for the archives and google. If it matters in any manner at all, my ipsec.conf is #ike passive esp from $localnet to $remotenet peer $remoteip \ main auth hmac-sha1 enc 3des group modp1536 \ quick auth hmac-sha1 enc 3des group none psk Do you want isakmpd.conf too? I got one from some site. Here is the phase 1 auth reject message I get. 201238.986501 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 201238.986523 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 201238.986547 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 201238.986557 Default messag Any pointers are much appreciated. Thanks to all. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
LiveUSB OpenBSD and LiveCD-OpenBSD site updated
After a long long time. Sigh. http://liveusb-openbsd.sf.net http://livecd-openbsd.sf.net -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Question on LPD and OpenBSD printing
Dear all,
If this is OT kindly pardon me.
I have a script based on Net::LPR.
#!/usr/bin/perl -w
use strict;
use vars '@ARGV';
use Net::LPR;
use IO::File;
die "usage: $0 \n" if (@ARGV != 3);
my $lp = new Net::LPR(
StrictRFCPorts => 0,
RemoteServer => $ARGV[1],
RemotePort => 515,
PrintErrors => 0,
RaiseErrors => 0,
) or die "Can't create print context\n";
my $fh = new IO::File $ARGV[0], O_RDONLY or die "Can't open $ARGV[0]:
$!\n";
my $size = ($fh->stat())[7]; # Hope file doesn't change while printing
$lp->connect() or die "Can't connect to printer: ".$lp->error."\n";
my $jobkey = $lp->new_job() or die "Can't create new job:
".$lp->error."\n";
$lp->send_jobs('lp') or die "Can't send jobs: ".$lp->error."\n";
# Can easily print postscript by changing method to job_mode_postscript
$lp->job_mode_text($jobkey) or die "Can't set job mode to text:
".$lp->error."\n";
#$lp->job_mode_postscript($jobkey) or die "Can't set job mode to
text: ".$lp->error.";
$lp->job_send_control_file($jobkey) or die "Can't send control file:
".$lp->error."\n
$lp->job_send_data($jobkey, '', $size);
while (my $line = $fh->getline()) {
$lp->job_send_data($jobkey, $line);
}
$lp->disconnect();
I try this against a HP Professional m1213ncj printer and it does nothing.
Is there a way to use netcat to print directly to the JetDirect port 9100?
I find this ppd in hpijs package but the printer is on the network.
What to do?
I tried both postscript printing and text printing.
The silence and laziness of the printer is positively boring.
What do you think?
-Girish
--
G3 Tech
Networking appliance company
web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
I mean HP m1213nf
On Wed, Apr 4, 2012 at 8:35 PM, Girish Venkatachalam
wrote:
> Dear all,
>
> If this is OT kindly pardon me.
>
> I have a script based on Net::LPR.
>
> #!/usr/bin/perl -w
>
> use strict;
> use vars '@ARGV';
>
> use Net::LPR;
> use IO::File;
>
> die "usage: $0 \n" if (@ARGV != 3);
>
> my $lp = new Net::LPR(
>StrictRFCPorts => 0,
>RemoteServer => $ARGV[1],
>RemotePort => 515,
>PrintErrors => 0,
>RaiseErrors => 0,
> ) or die "Can't create print context\n";
>
> my $fh = new IO::File $ARGV[0], O_RDONLY or die "Can't open $ARGV[0]:
$!\n";
> my $size = ($fh->stat())[7]; # Hope file doesn't change while printing
>
> $lp->connect() or die "Can't connect to printer: ".$lp->error."\n";
> my $jobkey = $lp->new_job() or die "Can't create new job:
".$lp->error."\n";
> $lp->send_jobs('lp') or die "Can't send jobs: ".$lp->error."\n";
> # Can easily print postscript by changing method to job_mode_postscript
> $lp->job_mode_text($jobkey) or die "Can't set job mode to text:
> ".$lp->error."\n";
> #$lp->job_mode_postscript($jobkey) or die "Can't set job mode to
> text: ".$lp->error.";
> $lp->job_send_control_file($jobkey) or die "Can't send control file:
> ".$lp->error."\n
> $lp->job_send_data($jobkey, '', $size);
>
> while (my $line = $fh->getline()) {
>$lp->job_send_data($jobkey, $line);
> }
>
> $lp->disconnect();
>
> I try this against a HP Professional m1213ncj printer and it does nothing.
>
> Is there a way to use netcat to print directly to the JetDirect port 9100?
>
> I find this ppd in hpijs package but the printer is on the network.
>
> What to do?
>
> I tried both postscript printing and text printing.
>
> The silence and laziness of the printer is positively boring.
>
> What do you think?
>
> -Girish
>
> --
> G3 Tech
> Networking appliance company
> web: http://g3tech.in mail: gir...@g3tech.in
--
G3 Tech
Networking appliance company
web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
On Wed, Apr 4, 2012 at 8:58 PM, Jan Stary wrote: >> I try this against a HP Professional m1213ncj printer and it does nothing. > > Before using the script, try to get it printing with just lpr. > Failed. It is silent. nmap reports port as open, if I disable LPD script does not work, so LPD seems sane but it refuses to respond. >> Is there a way to use netcat to print directly to the JetDirect port 9100? > > Maybe. What other interfaces does the printer have? > What other ways are there to talk to the printer besides port 9100? > Does it listen on the standard lpd port? > I did an nmap scan. Those are the only ports. It does listen on LPD. 515. >> I find this ppd in hpijs package but the printer is on the network. > > I must be missign something here: cannot PPD files be used > with remote printers just as with local printers, via foomatic-filters? > You are not missing anything here. I want a config an /etc/printcap that can print to this fellow remotely. ;) Thanks. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
On 4/4/12, Jan Stary wrote: > On Apr 04 21:54:30, Girish Venkatachalam wrote: >> On Wed, Apr 4, 2012 at 9:40 PM, Jan Stary wrote: >> >> Failed. It is silent. >> > >> > What failed? How does your /etc/printcap describe the printer? >> > >> >> I just modified from the default remote printer commented out section. >> >> rm= >> >> lpr is from /usr/bin, not LPRng >> >> I tried that as well. >> >> lpq lists the jobs but nothing happens/moves in the printer. >> > > Repeat: how does your printcap decribe the printer? > As in: show me your printcap. > ftp://g3tech.in/printcap # export PRINTER=rp@ # lpr /etc/passwd >> Printer works. It prints from Mac machine, not from OpenBSD. > > So it is alive, and does not refuse to to respond, right? > Correct. > > file.ppd is nothing but a made up name for a file that you > need to replace with the right PPD file for that printer. > Right. >> OpenBSD has never give me so much trouble before. ;) > > It is not OpenBSD that is giving you trouble. > > My ignorance. :) -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
I don't want to use CUPS. I will also avoid LPRng. Please guide me. lpr command from Mac is working like a cake. It uses CUPS and IPP. -Girish On 4/4/12, Girish Venkatachalam wrote: > On 4/4/12, Jan Stary wrote: >> On Apr 04 21:54:30, Girish Venkatachalam wrote: >>> On Wed, Apr 4, 2012 at 9:40 PM, Jan Stary wrote: >>> >> Failed. It is silent. >>> > >>> > What failed? How does your /etc/printcap describe the printer? >>> > >>> >>> I just modified from the default remote printer commented out section. >>> >>> rm= >>> >>> lpr is from /usr/bin, not LPRng >>> >>> I tried that as well. >>> >>> lpq lists the jobs but nothing happens/moves in the printer. >>> >> >> Repeat: how does your printcap decribe the printer? >> As in: show me your printcap. >> > > ftp://g3tech.in/printcap > > # export PRINTER=rp@ > > # lpr /etc/passwd > >>> Printer works. It prints from Mac machine, not from OpenBSD. >> >> So it is alive, and does not refuse to to respond, right? >> > > Correct. > >> >> file.ppd is nothing but a made up name for a file that you >> need to replace with the right PPD file for that printer. >> > > Right. > >>> OpenBSD has never give me so much trouble before. ;) >> >> It is not OpenBSD that is giving you trouble. >> >> > > My ignorance. :) > > -Girish > > -- > G3 Tech > Networking appliance company > web: http://g3tech.in mail: gir...@g3tech.in > -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
On Wed, Apr 4, 2012 at 11:36 PM, Jan Stary wrote: > On Apr 04 22:25:18, Girish Venkatachalam wrote: >> ftp://g3tech.in/printcap > > Sigh. Next time, please post the six damn lines inline. > > rp:HP PRinter:\ >:lp=:rm=192.168.1.6:rp=lp:\ >:af=/etc/foomatic/hp.ppd:\ >:if=/usr/local/bin/foomatic-rip:\ >:sd=/var/spool/output:\ >:lf=/var/log/lpd-errs:\ >:sh: > >> # export PRINTER=rp@ > > Does that mean "rp@192.168.1.6"? > I tried that as well as what you suggest below. I get on the command line, "connecting to localhost..." > Anyway, I don't think this is correct: it should be simply "rp", > i.e. the name of the printer in your printcap. > > With the above printcp, an empty lpq, and a correctly running lpd, > what does the following do? > >echo test | lpr -Prp > Yes empty lpq , lpd runs and the above command does nothing. > If it doesn't work, what does lpd-errs say? > Nothing. Okay I am giving up now. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
On Thu, Apr 5, 2012 at 4:46 AM, Jan Stary wrote: >> >> Nothing. > > Then something else is broken. > > Run lpd with -l to make sure that the print job > at least made it to lpd as a request. > If the queue clears that is what it means right? It does make it. I will also take a stab at the -l switch. > You do actually have the foomatic* packages installed, right? > You did not just blindly copy the ':if=/usr/local/bin/foomatic-rip:' > line, right? > But of course yes. If you install hpijs it is installed as a dependency. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Manual IPsec setup with ipsec.conf
Dear all, Such a silly thing is not documented anywhere, no vpn(8) man page and not on the Internet. I am forced to send this mail though it is embarrassing having worked on the internals of manual IPsec keying back in 2004. But well here goes. on peer A: remoteip="173.167.82.52" remotenet="10.1.23.0/24" flow esp from 59.99.242.167 to $remoteip flow esp from 192.168.1.0/24 to $remotenet peer $remoteip esp from 59.99.242.167 to $remoteip spi 0xdeadbeef:0xbeefdead auth hmac-sha1 \ authkey 0xeda8f06463b2d0fed008ccc474216dba8c463a7c:0x91c763de940ce1745215c84b7 535269acaef516d \ enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d on peer B: localnet="192.168.0.0/16" remoteip="59.99.242.167" flow esp from 173.167.82.52 to 59.99.242.167 flow esp from 10.1.23.0/24 to 192.168.1.0/24 peer $remoteip esp from 173.167.82.52 to 59.99.242.167 spi 0xbeefdead:0xdeadbeef auth hmac-sha1 \ authkey 0x91c763de940ce1745215c84b7535269acaef516d:0xeda8f06463b2d0fed008ccc47 4216dba8c463a7c \ enckey 0xf7795f6bdd697a43a4d28dcf1b79062d:0xb341aa065c3850edd6a61e150d6a5fd3 It is a test. I don't care about the keys and IP addresses. pf(4) is disabled both sides and here is the output of #ipsecctl -sa on peer B # ipsecctl -sa -v FLOWS: flow esp in from 192.168.1.0/24 to 10.1.23.0/24 peer 59.99.242.167 type require flow esp out from 10.1.23.0/24 to 192.168.1.0/24 peer 59.99.242.167 type require flow esp in from 59.99.242.167 to 173.167.82.52 peer 59.99.242.167 type require flow esp out from 173.167.82.52 to 59.99.242.167 peer 59.99.242.167 type require SAD: esp tunnel from 173.167.82.52 to 59.99.242.167 spi 0xbeefdead auth hmac-sha1 enc aes sa: spi 0xbeefdead auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1333585323 first 0 address_src: 173.167.82.52 address_dst: 59.99.242.167 esp tunnel from 59.99.242.167 to 173.167.82.52 spi 0xdeadbeef auth hmac-sha1 enc aes sa: spi 0xdeadbeef auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1333585323 first 0 address_src: 59.99.242.167 address_dst: 173.167.82.52 And peer A: # ipsecctl -sa -v FLOWS: flow esp in from 10.1.23.0/24 to 192.168.1.0/24 peer 173.167.82.52 type require flow esp out from 192.168.1.0/24 to 10.1.23.0/24 peer 173.167.82.52 type require flow esp in from 173.167.82.52 to 59.99.242.167 peer 173.167.82.52 type require flow esp out from 59.99.242.167 to 173.167.82.52 peer 173.167.82.52 type require SAD: esp tunnel from 173.167.82.52 to 59.99.242.167 spi 0xbeefdead auth hmac-sha1 enc aes sa: spi 0xbeefdead auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1333585275 first 0 address_src: 173.167.82.52 address_dst: 59.99.242.167 esp tunnel from 59.99.242.167 to 173.167.82.52 spi 0xdeadbeef auth hmac-sha1 enc aes sa: spi 0xdeadbeef auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 196 add 1333585275 first 1333585277 address_src: 59.99.242.167 address_dst: 173.167.82.52 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1333585277 I cannot ping between 192.168.1.50 and 10.1.23.2 What is going on? -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Manual IPsec setup with ipsec.conf
On Thu, Apr 5, 2012 at 11:37 AM, Jason McIntyre wrote: > On Thu, Apr 05, 2012 at 05:53:27AM +0530, Girish Venkatachalam wrote: >> Dear all, >> >> Such a silly thing is not documented anywhere, no vpn(8) man page and >> not on the Internet. >> > >Subject: Manual IPsec setup with ipsec.conf > > have you looked at the manual page for ipsec.conf? > > jmc > Sorry I did not mean to antagonize. I did read the section. But an example would be a great addition. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Debugging a CD/DVD driver?
Hello friends, I am having a great deal of handicap with OpenBSD since I am unable to use/access my SATA DVD drives. The machine would freeze and do nothing till I reboot. ( I am running 4.0, it used to sometimes work with an old installation) Here is the excerpt from dmesg. <<< cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removab le cd0(pciide1:0:1): using PIO mode 4 <<< I have been putting up with this issue ever since I bought a new machine along with these brand new Sony SATA DVD writers. I initially suspected a hardware problem and got them replaced three times. It was only much later that I discovered that both the BIOS and linux can read/write CD/DVD correctly. Moreover the vendor told me that I am the only customer to report a faulty piece. Much to my chagrin, I later discovered that after all it is a software issue. Even now I do not wish to jump the gun and conclude a problem before I try the 4.2 image. In case the problem persists I wish to know how I can fix it. The problem: Every time I access the CD with the mount command, the machine freezes mandating a hard reboot. Even if I try a "dvd+rw-format -f /dev/rcd0c" it would hang. Whilst installing from the CD ( not official), I can proceed till the "extracting distributions" stage since the BIOS driver does the job for you. Once the OpenBSD kernel tries to read the CD, the installation process would hang. The way I got around this is by pointing it to a local FTP server for the distributions. I am concerned since I cannot use ddb ( apparently ) to figure out what is going on. How are such problems usually diagnosed? In case you wish to see the complete dmesg on my Intel 82801 chipset, please take a look. http://www.sirsasana.org/misc/girish-dmesg.txt Once I fix it I shall send the patch at the earliest. I have a bunch of other patches with me too (mostly for USB NIC drivers )... Thanks. Any help is appreciated. regards, Girish
Support for HDMI and Disk On Memory?
Hello friends, Please excuse me for sounding like a newbie. I have not obtained enough info about these technologies on the web. Any pointers are much appreciated. I want to know what needs to be done to make OpenBSD boot from a DOM module. Does DOM emulate a hard disk? Are any special drivers required? My second question is totally unrelated. Are any special drivers required for supporting a HDMI high definition audio/video output? I am guessing that the audio part alone will need some sort of driving. What about video? Or is it all done in hardware/firmware? Many thanks. regards, Girish
Re: [i386/Thinkpad T41]USB mouse + Xorg obsd 4.1
On 05:28:58 Nov 01, Mark Thomas wrote: > On Oct 31, 2007 9:47 PM, Vadim Jukov <[EMAIL PROTECTED]> wrote: > > You need only one "InputDevice" section for all your mice with > > "/dev/wsmouse" as "Device" option, indeed. > > I'm sorry but I do not understand. I tried putting both mice in one > InputDevice section and X refused to start. > > Parse error on line 47 of section InputDevice in file /etc/X11/xorg.conf > Multiple "Identifier" lines. > (EE) Problem parsing the config file > (EE) Error parsing the config file > I don't think you got him right. He must have meant replacing /dev/wsmouse1 and /dev/wsmouse2 with /dev/wsmouse. If you are not sure about the format of xorg.conf , then you can get several samples from google. The idea is that OpenBSD multiplexes mouse movements into /dev/wsmouse. So you don't have to explicitly tell Xorg about it. Read wsmouse(1) and wsmux(1) for details. Best, Girish
Thinkpad t61 OpenBSD support?
Hello friends, Was wondering if IBM Thinkpad T61 can be a good buy if I wish to run OpenBSD on it. Any anecdotes? Advice? My friend is in US right now. So I could ask him to bring it for me. Which is the best website to order from? Thanks. Have a nice day! regards, Girish
Re: Thinkpad t61 OpenBSD support?
On 23:10:35 Nov 06, Predrag Punosevac wrote: > You should not pay more than $1000 including taxes and shipping for > ThinkPAD T61. The prices vary a lot from web-site to web-site, from > store to store and from one week to another. Hmmm... > Actually have you heard of Black Friday? No. > This is the first day of Christmas sales (right after the Thanks Giving > Holiday) when you can get killer deals if you know what are you doing. > This year Black Friday is 23 of November (I think). Great. :) 23 Nov is just round the corner. Perfect timing. > The best web-site for computer parts in states is www.newegg.com but > they also sell laptops and complete PCs. > Geeks.com often have killer deals on older stuff. I shall ask him to order from newegg then. I have used that site before. Thanks for your reply. Much appreciated. Best, Girish
Re: Cannot ssh after reboot! Help!!!!
On 19:44:00 Nov 08, Jake Conk wrote: > I rebooted my server and now I get this error when I try to ssh: > > > Last login: Thu Nov 8 19:40:00 2007 from 192.168.10.246 > OpenBSD 4.1 (GENERIC) #0: Thu Sep 13 18:41:29 PDT 2007 > > Welcome to OpenBSD: The proactively secure Unix-like operating system. > > Please use the sendbug(1) utility to report bugs in the system. > Before reporting a bug, please try to reproduce it with the latest > version of the code. With bug reports, please try to ensure that > enough information to reproduce the problem is enclosed, and if a > known fix for it exists, include that as well. > > -bash: can't load library 'libintl.so.3.0' > Connection to 192.168.10.2 closed. > > > Why can't it load libintl? What causes this with a simple reboot?!??! Do a ldd and see if it can pick up the symbols from the aforementioned shared library. $ ldd `which bash` The best option for any shell would be a statically linked one. OpenBSD ksh has nearly all the cool things bash has... Anyway the choice is yours. You can try manually running ldconfig or simply rebooting. Best, Girish
Re: Printing with apsfilter
On 13:32:21 Nov 10, Aaron W. Hsu wrote: > There used to be an article on the web about dealing with LPD printcap files > and setting up filters. I used it to set up one of my HP printers. The > process > is really quite simple if you know what your printer's magic incantations > are. > However, that is sometimes hard to discover. All APSFilter does is create the > relevant files and entries, and then has its own script for filtering. This > can be done by hand, as well. > > The easiest way to do all this is probably by have APSFilter make the filter > script for you, but if you just add a filter script for PS files (man > printcap) in your entries, then if you pass a postscript file to the printer, > it's all good. :-) Normally, if you have a non-postscript native printer, you > may have to tell the filter to run some program like Ghostscript on the file > to convert it to the native format for the printer. Let me throw in my 2 cents of unsolicited comments. :) I have been very happy with the power and flexibility of a2ps. Its capabilities are amazing. Throw in any input file and it can neatly decorate it for you, syntax highlight, put appropriate headers and footers, page numbering, duplex printing, printing 4 pages in 1 sheet and so on. I believe the power comes from the postscript language and most likely the psutils package. Saving paper has been the highest priority for me and being a command line utility a2ps has always appealed to me... Now I only know what you people seem to be saying about PPD files and drivers. I have never used CUPS either. However long ago I have read that postscript is a PCL - printer command language. And most printers these days support printing using postscript and the LPD daemon which listens at TCP port 515 . In fact I have tested $ nc -v 515 and checked whether the printer supported LPD printing. AIUI LPRng helps you print directly without messing around with /etc/printcap. A simple command line can do the job. Something like $ export [EMAIL PROTECTED] $ lpr foo.ps Here 192.168.1.40 is the IP of the printer and foo.ps is the output generated by a2ps. Note that for the above to work you neither need a printer daemon on your host nor any /etc/printcap entry! Hopefully this does not add to the confusion. :) Please point out if there are any mistakes in the blurb above. Ever willing to learn. Thanks. Have a nice day! regards, Girish
Re: partition and copy in one line?
On 18:38:38 Nov 10, Lars Nood??n wrote: > I had a hard drive die and used the chance to move to 4.2. Since the > 'new' machine is of the same vintage as the one it replaced, I expect it > to start grinding to a halt soon, too. > > Is there a way to copy one entire hard drive, partition table and all, > to another -- in one line? > > I tried something like this one but it seems to work only for specific > partitions: > ssh target_address dd if=remotefile | dd of=localfile > > I'd like to just steamroll over the previous partitions. There are much more qualified folks out there but if I were you I would simple do a dump(8) and a restore(8) of each of the partitions. dd(1) can do it too but it might be far more messy and need more experimentation. I am talking thro' the hat here but the advantage with dump(8) and restore(8) is it might be much faster and understands FFS quite well unlike the raw dd command. Thanks. regards, Girish
Re: Printing with apsfilter
On 21:22:19 Nov 11, [EMAIL PROTECTED] wrote: > PCL is a printer control language. PS is a stack based programming > language with graphics primitives for drawing. it may also be > classed as a PDL (page description language). Thanks. I definitely stand corrected. I definitely meant PDL and not PCL. My memory failed due to lack of proper understanding. Sorry... > > i would guess that you are assuming that "most printers" can process > PS because "most" unix print services use ghostscript to process these > files into a native printer langauge. in fact most printers cannot > process PS because implementing a PS processor is quite expensive > (requires significant processing and memory) compared to control > protocols (like PCL), although PS has other advantages. I understand what you say but still I am feeling uncomfortable. I want to know what happens behind the scenes when you type $ lpr foo.ps Assuming that foo.ps is the output of a2ps. I can only guess that the file is transfered using TCP to port 515 of the printer using the LPD protocol and then at one point the printer which understands only PCL converts PS to PCL. Or if my understanding is correct, lpr or CUPS does it for you. Is that correct? Then what does it mean when a printer manufacturer says "supports postscript printing"? And what is the relation between PS and PDF? I hear that even PDF is some form of PDL. As you can see I am quite lost at this point. :) > > this pre-processing is supported by cups and lpr but installation is > generally simpler with cups (due to greater vendor attention). cups > also has better integration with the new ghostscript processing > structure, which allows more feedback from the print processor. this > is particularly useful when using control languages (or host based > raster processing) instead of PDLs. > > the lpr protocol also has some fundamental "issues" in it's design > (much like FTP does). > > in short, i'd suggest you use, use cups unless you have a specific > reason not to. Thanks. I shall try learning CUPS sometime. regards, Girish
Re: Connectivity Issues with Linksys 802.11 USB Adapter
On 10:01:31 Nov 14, Stuart Henderson wrote: > These are in the same subnet, this won't work. You might like > to look at trunk(4). > Can't you bridge them or create separate subnets and route them? Is trunking the purpose here? Just wondering regards, Girish
Re: win32-codecs, avi and amd64 question
On 08:41:22 Nov 14, Didier Wiroth wrote: > Hello, > > I'm currently running current i386 on my amd64 processor. > I'm considering to move to the amd64 distribution but I noticed that the > win32-codecs package is only for i386. > > Is there currently a win32-codecs alternative for amd64 or is it possible to > watch avi (+/- all codecs) movies on amd64? mplayer plays every damn format out there. :) It works quite well on OpenBSD though there are rough edges. Try some advanced option of mencoder and boom... Anyway I better shut up or send patches. As to win32codecs working on amd64 if you can run them under a chroot jail and try 32 bit emulation it might work. Hey I am talking thro' my hat and you know what that means. But I have played several video formats(avi, wmv...) without the closed source win32codecs package. I wonder why people look any further when there is something as sexy as mplayer... regards, Girish
Re: win32-codecs, avi and amd64 question
On 12:52:32 Nov 14, Antoine Jacoutot wrote: > > I committed a workaround a couple of days ago that might help. > Cheers! > Wow! That is great news. :) I specifically had problems with DVD creation and creating a video with still pictures. Thanks. I shall test if I get time. Best, Girish
Re: Connectivity Issues with Linksys 802.11 USB Adapter
On 11:37:48 Nov 14, Stuart Henderson wrote: > > failover trunks are quite good for this situation (depending on how > long your switch takes to notice the move). Separate subnets are another > option but means doing more (and losing active connections) when you > change between wired and wireless. > > You might use bridge(4) for an access point but that's somewhat > unlikely with atu(4). :-) Thanks Stuart. regards, Girish
Re: win32-codecs, avi and amd64 question
On 13:44:00 Nov 14, Jacob Meuser wrote: > > IMO vlc has higher quality playback of most media, can do things > mplayer can't, has a nicer ui, etc, etc ... > UI? Well I am a command line person. mplayer cannot understand DVD menus. That is the only problem mplayer has IMHO. I honestly tried vlc. But it was too GUI oriented, all sorts of ugly output like KDE and other C++ junk out there... Now I again it is my opinion. Can you tell me what vlc can do that mplayer can't? Have you tried to "study" mplayer's man pages, the html documentation and stuff? It takes a long time to learn but once learnt you start feeling that it is the best thing since sliced bread. This article should give an idea. http://linuxjournal.com/9787 Best, Girish
Re: win32-codecs, avi and amd64 question
On 01:58:13 Nov 15, Jacob Meuser wrote: > > command line media player. sorry, but that doesn't make sense, IMO. > I mean, if you're playing a video, you have a video window .. it's > graphical by nature. > Didn't you check out the menu option in my article? mplayer has a sexy OSD. :) Well any reasonable UNIX app should have an extensive set of command line controls and tweaks. Doesn't matter if it is multimedia. Even some web apps have the same parameters configured from the command line. > > that's pretty basic functionality of a media player, no? > I agree. > > $ vlc --help | wc -l > VLC media player 0.8.6c Janus > 169 > $ mplayer --help | wc -l > 39 > $ > This is not apples to apples comparison. mplayer can play any media. In fact you don't need any other application. You can also stream with mplayer in an indirect way. It can play SIP urls and play Internet streams. You cannot run a media server. For that you can use darkice,liveice,shout* or even ffserver. Of course I tried vlc for this very purpose but I am sorry to say I was disappointed. The documentation asks me to use the GUI. I don't like that. I am sure you know this but still. mplayer can play a) audio b) video c) streams d) analog television e) digital television Now what remains? :) Have you checked the filters and plugins? It is mind boggling. And the tweakability with the input keys and commands? $ mplayer -input keylist $ mplayer -input cmdlist LIRC is pretty basic these days but mplayer is quite tweakable to one's taste and as a media player for UNIX this is what one would expect. > > yes, in -current the vlc port can be built with aRTs and Esound > support, and it does use wxWidgets for the GUI. however, it does > have a curses UI: vlc -I curses. > But where is the documentation? Anyway I might be biased here. I don't like the smell of vlc. That is all. > rtp stream server. sound server output (in -current). playing > mpeg movies in firefox. mplayer plugin for firefox. Have you checked that out? I got that working for OpenBSD but for some reason it does not play sound most of the time. I hope some port of it is in the works... (maybe it is already there) > > yes. it's a mess. how can e.g, mpg321 know that file.m3u is a playlist, > but mplayer needs to have -playlist specified? and if -playlist is > not specified, it complains about missing win32-codecs??? > Buddy, You are seriously mistaken here. The -playlist option cannot be avoided because mplayer expects a media file as input. You can get the best of both worlds with the -playlist option. Check out my article. You can invoke the input subsystem from a FIFO file. Really cool. :) But tvtime can do that too. > > actually, the more I use it, the less I like it. > I have nothing to say here. ;) > > I see a statements like: > > It is a mature application that has no parallel. MEncoder, it companion > video encoder program, does a much better job than FFMPEG in transcoding > video, although it is a bit difficult to use and learn. > > that have no basis. Why? > how and why MEncoder "does a much better job than > FFMPEG in transcoding video"? there is no comparison whatsoever > between ffmpeg transcoding and mplayer transcoding. further, mplayer/ > mencoder are heavy users of libavcodec/libavformat (FFMpeg libraries). > that's what all those 'lavc*' options are. ffmpeg screws up the videos. Did you know that? I have burnt my finger several times with it. There are plenty of bugs and there is hardly any tweakability there. It is very easy to goof up when you cut videos. It somehow does not get the mpeg keyframes and their integrity correctly. And it crashes and cannot handle audio resampling. It works sometimes but mostly I have to resort to some external application for it. mencoder is harder to use, but it is far more stable, feature rich and does what you expect. However this is not to say that mencoder can do everything that ffmpeg can do. I have heard that ffmpeg can record X11 events but I never got it to work. mencoder cannot. I am sure there are few corner cases where ffmpeg can do a better job but I don't remember right now. Nothing to beat ffmpeg in ease of use though. > > $ ffmpeg -i input.avi -target ntsc-dvd dvd.mpg > > takes any AVI input and outputs a DVD compliant NTSC mpeg2 PS. what > is the mplayer equivilent? Check out the html documentation. It is far more readable than the man pages. Just to make my point I am yanking the relevant command line. $ mencoder -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd -vf scale=720:480,\ harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:\ vrc_buf_size=1835:vrc_maxrate=9800:vbitrate=5000:keyint=18:acodec=ac3:\ abitrate=192:aspect=16/9 -ofps 3/1001 \ -o movie.mpg movie.avi You have examples for everything including what you ask. Just point your browser under OpenBSD to file:///usr/local/share/doc/mplayer/in
Re: win32-codecs, avi and amd64 question
On 04:40:22 Nov 15, Jacob Meuser wrote: > > nonsense > Agreed. But for playing media I don't need. > > you are obviously not talking about mplayer on OpenBSD. > It will have it in future of course. :) > > because you do not say how or why it is better. are the options > more sensible? is the compression better? is the overall output > smoother? higher quality vs lower bitrate? what is "better"? > To answer the above questions, I will try my best. I don't get what you mean by compression but "options being sensible" does not sound like something I can answer. I will still try. It does give me enough options to play with. Whereas ffmpeg hardly gives any. Overall output being smoother? It depends on the output driver. mplayer has support for a zillion output drivers. No other application can match in that respect. If you have xv support, I would think that mplayer can do a better job than any other application. It makes use of optimal memory/CPU resources. Even if you don't have xv support mplayer can do a good job. Since the options are rich. Higher quality vs lower bitrates? It depends on the CODEC and as you know both mplayer and ffmpeg use the same libavcodec library (more or less). But mplayer/mencoder supports a great deal more tweakability. Better is from many angles.:) > I am the ffmpeg port maintainer. I use ffmpeg regularly for video > capture and transcoding. it works quite well for me, and there are > no outstanding bug reports for the port. I have never heard from you > about "ffmpeg screws up the videos". > If it screws up the video, there is a problem in the algorithm and not in the port. I shall get back to you with bug reports in future. Also it is good to know that you maintain the port. Thanks. > look, someone asked about playing media on amd64 and whether > win32-codecs was important. this immediately made me think of > mplayer because it really seems to want to use those blobs, so > I offered some other options which I prefer, while you insist > that mplayer is the be-all-end-all. no I don't write articles, > but I do work on OpenBSD's multimedia ports. mplayer using blobs? I never want anyone to use blobs either. No one in this camp wants that. In fact in one of my first responses I specifically said that I could play without using the closed source drivers. Anyway let us move on. Nice talking to you. Best, Girish
Re: Using CBQ with variable upload bandwidth
On 08:00:08 Nov 16, Jonathan Stewart wrote: > I though about doing something like that but the usable upload is so > variable that 60% could completely knock the normal_folk off when it > gets congested. I have 256kbit up right now and get anywhere from as > low as 64kbit to 160kbit+ actual throughput depending on how busy the > system is. If PF had a weighted round robin queuing system that would > be almost perfect because then it would scale with the amount of > bandwidth available. Ideally something that says if one queue has > priority 5 and another 3 for every 5 packets sent from the first one 3 > are sent from the other, unless there is something wrong with that I'm > missing (other than increased jitter.) What is stopping you from using the priority field with HFSC? And why don't you determine the average uplink bandwidth statistically? If you measure it for a week or so and mark out the variance and figure out the standard deviation or some such thing...then you can do what you want. >From my experience with ADSL links I find that there is usually not much variance in the uplink path. Is my reasoning correct? regards, Girish
Re: Using CBQ with variable upload bandwidth
On 20:12:45 Nov 16, Stuart Henderson wrote: > > Say you have a 10Mb ethernet feed, plugged into an > unmanaged switch with a bunch of other people in the > building connecting to other ports, who sometimes use > up all available bandwidth on the uplink, and other > times use nothing. I am not sure if this situation can arise in the present scenario. Most ADSL links are used at home with hardly more than one user at one point of time.I was referring to a case of congestion at the upstream router. If that accounts for the variation OP is seeing then measurement can do something. Usually downlink paths tend to get congested depending upon who is downloading how much but the uplink bandwidth is mostly unused. Moreover the uplink capacity actually widens quite a bit the moment the packet crosses the ADSL link and reaches the exchange. However in case your point applies to this situation then surely any amount of statistical analysis won't help. > > Now you want to take whatever of that uplink is available > to you, and share it fairly between users, giving priority > to some over others. > > Obviously if you set a queue at 10Mb you'll have problems > sometimes. But if you set it at the "average", you'll Obviously "average" will not help here. > A) miss out on a lot of bandwidth most of the time and > B) still have problems when the connection is heavily > used by people in the building who aren't downstream of > your PF box. > > Similar sort of deal with a normal shared-access satellite > system. > > Someone please correct me if I'm wrong, but I think that > congestion is defined as "bw wanted > bw configured on the > interface in the 'altq on' definition". Problem there is > you can't tell what is available at a given time. > > From what you quoted Jonathan: > > "Queues with a higher priority are preferred during congestion > over queues with a lower priority as long as both queues share > the same parent" > > OpenBSD's pf.conf(5) fits a little more information into about > the same space: > > "Priq queues with a higher priority are always served first. > Cbq and Hfsc queues with a higher priority are preferred in > the case of overload." > > I don't think it's possible to do exactly what's wanted with > the existing altq disciplines. Priq would starve out lower > priority queues; cbq/hfsc would have the problem that they > can't identify an overload on this sort of uplink. Can someone shed some light on this please? I for some reason cannot imagine that Daniel or anyone would have missed this point.. regards, Girish
Re: ntp and pppoe
On 20:02:17 Nov 17, Henning Brauer wrote: > > bad idea. loses all state. > just give it a little slack, it copes. > Probably what he means is that if you restart ntpd with ifstated and interfere with its normal operation the clock filtering and correction algorithms will go for a toss. Time correction on a machine where thousands of processes depend on clockticks is a difficult science. Time can never go back and even advancement has to be done slowly. It is great that Henning implemented OpenNTPD since the RFC and code by Dave Mills is so overly complex you start wondering why so much trouble to do something that is done by a quartz watch worth 5 $ ? :) And the most important point being do we really need nanosecond level accuracy? Most of us don't. Keep things simple and no useless buttons. Way to go OpenBSD. regards, Girish
Re: password echo turned off when performing sudo auth checks via ssh
On 16:54:54 Nov 17, Walter Goulet wrote: > Hi, > > I don't think this question is really OpenBSD specific per-se but > rather an OpenSSH command. > > I'm using public key authentication between my OpenBSD systems > (running ssh-agent) so that I can ssh/sftp between my systems (both > are 4.1) without having to enter a password. As part of some IPSec > performance testing I'm doing, I'm copying ipsec.conf files between > the systems and applying them using ipsecctl -f which of course > requires root privileges. I'm scripting this with perl since I'm > testing 24 different IPSec policies at a time. > > What I've noticed is that when sudo (on the remote machine) > periodically asks me to reauthenticate myself prior to executing a > sudo command, the password prompt for the remote machine does not turn > off echo. This also happens if I ssh into my other machine with any > command that requires me to enter a password (such ssh host su). Any > ideas as to why this happens? A few minutes of googling didn't pull up > any useful hits as to why this happens. sudo(1) has a timeout and it stores a cookie after an interactive password authentication. Hence the behavior you see. Anyway it is not the right approach. If you are using ssh, why don't you use ssh-agent and use public key authentication for non interactive logins? You will easily get the sequence necessary to perform that if you google a bit. Moreover your setup is not clear. Hope this gets you started. Best of luck! regards, Girish
Re: Running cwm and fvwm at the same time?
On 10:26:22 Nov 20, Alexander Hall wrote: > Hi! > > I'm just curious how come it its possible to start (and run) cwm at the > same time as running fvwm (from base). AFAIK a window manager normally > cannot (or refuses to) run if another window manager is already in use. Correct. > Is this only a courtsey from the second window manager? I thought there > were limitations in X that forced this behaviour. It works at the X level. Only one program can take control of the root window and decide window placements, receive events etc. That X client has special status and is called as window manager. > > Anyway, I'd expect cwm to behave that way, too, but please feel free to > explain to me why I'm wrong. I dunno about cwm (never used it ) but if you use the Xnest program you can run any number of X servers and consequently run a different window manager in each. $ export DISPLAY=host:display:screen In the case of Xnest, it is yet another X client but it also acts as a X server. So it runs as a normal X client inside which you can run any window manager of your choice. The other method is running Xserver on different virtual terminals as mentioned in the reply to this post. # X :n or even $ startx -- :n > > I also meant to ask about key bindings, but after finding a new part in > the man pages, I realize I have to test a few things first. (Yes, it was > quite a while since I last had a look at cwm) :-) You can use a tool called XBindKeys. http://hocwp.free.fr/xbindkeys/xbindkeys.html I faintly remember that it compiled and worked fine for OpenBSD. Best, Girish
Re: mutiple pptp pass-through PF
On 07:28:05 Nov 20, Beavis wrote: > lars, > > thanks for the reply. as for the pptp implementation, I just wanted > to make PF do this (pass-through) like what other packet filtering > (iptables, even PIX) can do. I know how unsafe this implementation is, > but the site where we are currently getting this pptp connection to, > is an old branch office and i don't manage their network. they are > moving to the new facility where i have my pf firewalls in place, they > need this pptp pass-through during transition as soon as everybody is > moved here we can easily let this pptp go. on the other side of things > it would be nice to make PF do this pptp pass through, it makes pf > more of a over-all packet filter that can basically do "anything" > > and personally .. it may sound like a joke here but .. with all of > pf's features .. i kinda envy crappy routers like LINKSYS that can do > PPTP pass-through and our beloved pf(4) can't > pf(4) can do this. I have a diff with me but if I send it in the present state, then Theo will catch my neck. :) I should be able to submit a diff soon. I need to modify it to meet the high standards of OpenBSD... Please hang on. Appreciate your patience. Thanks. regards, Girish
Re: OT - SSHD
On 11:58:03 Nov 21, [EMAIL PROTECTED] wrote: > Hi All, > > Not specifically about OpenBSD, it is SSHD. > > What causes sshd not to respond? Attached is sshd -v -v. > > I tried to connect to the box remotely, it seems like sshd is asleep somehow. > > > Kind regards, > > > Yance > ssh -v -v -l yance 192.168.1.3 > OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22. > debug1: Connection established. > debug1: identity file /home/yance/.ssh/identity type -1 > debug1: identity file /home/yance/.ssh/id_rsa type -1 > debug1: identity file /home/yance/.ssh/id_dsa type -1 > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 > FreeBSD-20030924 > debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss,ssh-rsa > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED] > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > PROTECTED] > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL > PROTECTED],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 125/256 > debug2: bits set: 517/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host '192.168.1.3' is known and matches the DSA host key. > debug1: Found key in /home/yance/.ssh/known_hosts:10 > debug2: bits set: 537/1024 > debug1: ssh_dss_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/yance/.ssh/identity (0x0) > debug2: key: /home/yance/.ssh/id_rsa (0x0) > debug2: key: /home/yance/.ssh/id_dsa (0x0) Not sure if it is the same problem you are facing. But FreeBSD used to have problems with the OpenSSL library causing this. Just go to /usr/ports/security/openssl on your FreeBSD *server* box and # make deinstall # make clean # make reinstall This should fix it. Best of luck! Check the FreeBSD archives. Thanks. regards, Girish
Re: mutiple pptp pass-through PF
On 13:04:56 Nov 22, Reyk Floeter wrote: > i'm sure that somebody told you about the reason to reject these patches: > > it does not belong into the kernel! > > write a userland proxy. > > like ftp-proxy, tftp-proxy, hoststated, ... Sure. > > how hard is it to understand? > It sure isn't. > there are zillions of insane features in linux but we don't care - it > is not the OpenBSD way of doing it. they do string operations like SIP > parsing (which looks like HTTP) in the kernel. so what? > A million thanks for your kind advice. Here is a promise. You shall have the patch from me sent to tech@ before Dec 15. A lot of poor souls have been asking this feature for years and a lot of sweat and blood has gone into my writing it. So I better try my best to get it accepted into mainline pf at the earliest. Thanks. regards, Girish
Re: mutiple pptp pass-through PF
On 14:40:57 Nov 22, Henning Brauer wrote: > sounds reasonable. but i have no idea how coplicated gre is or what it > takes to translate callIDs. Take a look at my diff. I have already done all the work for you. The only advantage with my design is the ease with which you can get it working. No config changes, no userland stuff, no redirection, no overhead, nothing. The problem however is that something tells me deep inside my heart that somewhere something is wrong. :) You are the best judge. Awaiting your speedy reply. regards, Girish
Re: mutiple pptp pass-through PF
On 13:34:22 Nov 22, Stuart Henderson wrote:
> it must look at the control message on TCP/1723 and translate CallID;
Modulate, not translate. :) My terminology.
I am using arc4random() to generate unique callIDs that do not clash.
The callID is always set to zero by PPTP , hence this requirement.
( No more comments about M$ stuff :)
> then it must look at the session packets (GRE/proto 47) and translate
> CallID the same way.
Yes and maintain a mapping.
This is far more difficult than it first appears. You can see the diff
for what all needs to be done.
>
> the parts handling control messages probably belong in userland and
> they can add translation rules to an anchor like ftp-proxy does, but
> that would need a change to PF so that you can tell it to translate
> CallID for GRE packets (like you can tell it to translate port for
> TCP/UDP).
>
> http://blogs.isaserver.org/pouseele/2007/06/17/multiple-pptp-vpn-clients-behind-a-nat-device/
I think though it takes a lot of clever programming and even
smarter design, I have a problem with maintaining the table in kernel. I
got it working perfectly a long time ago ( roughly a year ago) and I can
send the working diff right away if you want.
I am sure Henning is not going to like it. :)
Whether it is small or not is a matter of taste but if I were to do it
correctly I will do it the proxy rdr way.
The problem however with that approach is that there is a huge overhead
in passing packets between kernel to userland and back.
Here is the diff attached. If you like it commit it. :)
And bear in mind that I developed it against old code, so you might have
to do some tweaks.
If not I am more than willing to do it the right way.
Let me know your choice.
regards,
Girish
Index: pfvar.h
===
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.242
diff -c -r1.242 pfvar.h
*** pfvar.h 13 Dec 2006 05:10:15 - 1.242
--- pfvar.h 12 Mar 2007 09:18:49 -
***
*** 2,7
--- 2,8
/*
* Copyright (c) 2001 Daniel Hartmeier
+ * Copyright (c) 2007 Girish Venkatachalam
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
***
*** 936,941
--- 937,943
struct tcphdr *tcp;
struct udphdr *udp;
struct icmp *icmp;
+ struct gre_h *gre;
#ifdef INET6
struct icmp6_hdr*icmp6;
#endif /* INET6 */
***
*** 958,963
--- 960,970
sa_family_t af;
u_int8_t proto;
u_int8_t tos;
+ u_int16_tmycallid; /* PPTP lan call id */
+ u_int16_tpeercallid;/* PPTP remote call id */
+ struct pfpptp_head *pptph;
+
+
};
/* flags for RDR options */
***
*** 1351,1356
--- 1358,1372
int pfiio_size;
int pfiio_nzero;
int pfiio_flags;
+ };
+
+
+ enum { PF_PPTP_MYID, PF_PPTP_PEERID };
+
+ struct pfpptp_call {
+ SLIST_ENTRY(pfpptp_call) next_call;
+ u_int16_t myid;
+ u_int16_t peerid;
};
Index: pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.523
diff -c -r1.523 pf.c
*** pf.c22 Dec 2006 13:24:52 - 1.523
--- pf.c12 Mar 2007 09:18:01 -
***
*** 3,8
--- 3,9
/*
* Copyright (c) 2001 Daniel Hartmeier
* Copyright (c) 2002,2003 Henning Brauer
+ * Copyright (c) 2007, Girish Venkatachalam
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
***
*** 72,77
--- 73,79
#include
#include
+ #include
#include
#include
#include
***
*** 105,110
--- 107,114
intaltqs_inactive_open;
u_int32_t ticket_pabuf;
+ SLIST_HEAD(pfpptp_head,pfpptp_call) pf_pptph;
+
struct pf_anchor_stackframe {
struct pf_ruleset *rs;
struct pf_rule *r;
***
*** 163,168
--- 167,176
int, struct pfi_kif *, struct mbuf *, int,
void *, struct pf_pdesc *, struct pf_rule **,
struct pf_ruleset **, struct ifqueue *);
+ int pf_test_gre_pptp(struct pf_rule **, struct pf_state
**,
+ int , struct pfi_kif *, struct mbuf *, int,
+ void *, struct pf_pdesc *, struct pf_rule **,
+ struct pf_ruleset **, struct ifqueue *);
intpf_test_other(struct pf_rule **, struct pf_state **,
int, struct pf
Re: remote Gnome OpenBSD 4.2 problems
On 02:49:32 Nov 23, David H. Lynch Jr. wrote: > I have been trying to establish an Xnest connection to an OpenBSD > 4.2 machine without success. > I do not care about security - in this particular application. > > 4.2 is using a newer Gnome and the config files are reorganized. > But they do not appear to be the names/locations as newer Gnome faqs > indicate either. > > With comments snipped my /etc/X11/gdm/custom.conf is below. Yet my > Xnest never gets past the grey checked background screen. > I have no problem Xnest'ing to other systems. > > [daemon] > RemoteGreeter=/usr/local/libexec/gdmlogin > [security] > AllowRemoteRoot=true > RelaxPermissions=2 > DisallowTCP=false > [xdmcp] > Enable=true > I know what you are talking. You have to set the MAGIC COOKIE field manually. For instance, $ Xnest :2& And it will give you a root weave pattern on a separate window. Now you can run any application inside this X server like this. $ xclock -display :2 will display an xclock inside the nested Xserver. This did not work for me until I used this script. Perhaps you might find it useful. MCOOKIE=875d5e5ed1dec9c5259dcc4239206f55 xauth add $(hostname)/unix$1 . $MCOOKIE xauth add localhost/unix$1 . $MCOOKIE Xnest "$@" xauth remove $(hostname)/unix$1 localhost/unix$1 exit 0 The xauth authentication does not go thro' for some reason on OpenBSD systems. Then it will work. Best of luck! Of course you said you don't care about security. :) Let me know if it works. Thanks. regards, Girish
Re: mutiple pptp pass-through PF
On 15:48:37 Nov 23, Andre Ruppert wrote: > A short "user's view" from a simple OBSD user: > > Pptp is a security risk, d'accord. > > But here in Germany, a lot of H.323-VoIP-systems (gates and clients) > work with pptp tunneling to be independent from H.323-NAT on firewalls. > > The corresponding dual-homed VoIP-gateways accept pptp from their > VoIP-Clients in different locations. Ipsec stacks are not supportet. > > So, at least H.323 VoIP technology would appreciate this diff :-) I am working on it. I plan to spend the whole night hacking it. My diff is old and is not coded as per style(9). So I am reworking it and also generating a diff against -current. Please wait for an update from me within the next 48 hours. Thanks. regards, Girish
Re: Would I be encouraged to use OpenBSD as embedded system
On 16:16:18 Nov 24, PowerMan wrote: > Hello, > >My English is poor and I wish I could express myself clearly. > No problem. English is not my native language either. ;) >I am an embedded software engineer developing arm-linux based > system. In fact, ebmedded system is an huage industrial domain > in P.R.China now, and linux is the most popular OS. > Right. >But the linux kernel 2.6 is more and more complex. Right again. > I think an > embedded system should be brief or laconic which is the feature > of OpenBSD and NetBSD. OpenBSD has the leanest kernel. NetBSD kernel is also bloated. FreeBSD used to be good till around 5.3. OpenBSD has the slimmest kernel around with support for nearly every ethernet card and other common peripherals that give trouble with linux. Most importantly audio support has been excellent with OpenBSD. There are problems with exotic hardware however. But there is no doubt about the fact that for an embedded system there is no better choice than OpenBSD if there is an MMU. >I intend to make some effort to let people substitute linux for > OpenBSD in P.R.China, such as port OpenBSD to Samsung S3Cxxx, > Cirrus EP9xxx and Freescale i.MX etc., publicize the good features of > OpenBSD and offer some technical supports. I have never heard of these. OpenBSD has been ported to several architectures. Sharp Zaurus is the closest I believe to an embedded port that we have. Others please correct me if I am wrong. Also landisk perhaps. There is a very good chance that your machine is already supported by the kernel. > >Would I be encouraged? I visit the web site of OpenBSD and find > the supported platforms should be self-compile itself and one of the > project goal is greater integration of cryptographic software. Yes. Hardware accelerated crypto for SSL and IPsec has never been a problem. >But usually ther is no IDE disks in an arm9 based system, at most > a 64MB flash chip. So it can not self-compile. And the resource is limitted, You need an MMU. Does it have a USB port? These days embedded systems come with USB support. You can put the OS on a memory stick. That way you can get much more capacity than flash. > in some circumstance integration of cryptographic software is unnecessary, > such as industrial control and some handhelds equipment. > I agree. OpenBSD excels in all areas. Seamless package management, support for industry strength crypto and built in security mechanisms, support for nearly every single routing protocol and other cutting edge network protocols on earth ( except MPLS,ISIS). And many many more. You can see the slides of my seminar for more details about what all OpenBSD can do. http://sirsasana.org/seminar ( I am focusing only on networking and crypto here ) >Would I be encouraged by the OpenBSD organization and get supported > to just port OpenBSD kernel to arm based board and only run some necessary > applications.(Actually busybox and some controlling programs in a > controlling > circumstance is enough.) Check the openbsd website[1] and [2] for hardware support and the supported architectures. ARM I am sure is supported but porting is not only about the CPU; the machine counts as well. busybox is a linux thingy. You can generate your own stuff with crunchgen(1). Best of luck! Thanks and welcome to the wonderful world of OpenBSD. Where the world is without fences and (add your thing here)... :) regards, Girish 1. http://www.openbsd.org 2. http://www.openbsd.org/plat.html
Re: mutiple pptp pass-through PF
On 23:11:21 Nov 23, Girish Venkatachalam wrote: > > I am working on it. I plan to spend the whole night hacking it. > > My diff is old and is not coded as per style(9). > > So I am reworking it and also generating a diff against -current. > > Please wait for an update from me within the next 48 hours. > Please pardon the delay. I just sent the diff to [EMAIL PROTECTED] Please test it. Thanks. regards, Girish
Re: ftp-proxy and pf help! Working 50/50
On 19:12:32 Nov 28, Jake Conk wrote: > #1 server: 200 PORT command successful - not using PASV eh?\r\n You are using active mode ftp which requires the rdr-anchor. See below. > #1 active: server to client port 32818 via port 50073 > #1 client: LIST\r\n > #1 server: 425 Timeout establishing data connection - Broke your > packet filters again eh?\r\n > ^Cftp-proxy exiting on signal 2 > #1 ending session It could not open not redirect the data connection. See below. > # NAT anchor for ftp proxy > nat-anchor "ftp-proxy/*" > You should attach the rdr-anchor "ftp-proxy/*" right here. NOT below. > > # RDR: packets coming in on $ext_if with destination $external_addr:1234 will > # be redirected to 10.1.1.1:5678. A state is created for such packets, and > # outgoing packets will be translated as coming from the external address. > # rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> > 10.1.1.1 port 5678 > # rdr outgoing FTP requests to the ftp-proxy > rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 This should be below the ftp-proxy rdr anchor. [...] > > # RDR anchor for ftp-proxy > rdr-anchor "ftp-proxy/*" > It is too late to rdr here. It is clearly mentioned in the ftp-proxy(8) man page that this redirection should _precede_ the ftp-proxy(8) rdr. This change will surely work. If it doesn't then try passive mode. In any case please do exactly as mentioned in ftp-proxy(8) man page. Best of luck! -Girish
Re: Strange em(4) issues
On 20:47:57 Nov 29, Stuart Henderson wrote: > Been there, done that. If you use plaintext protocols (ftp or so) > over the interface, you'll see random corruption visible in the > data (e.g. directory listings). > > At 133MHz there's some corruption between motherboard and card. > Disappears at 66MHz. > > Normally this would be masked by TCP checksums (you'd get packet > loss, but it would mostly be corrected rather than pass corrupt > packets up the stack), but the em(4) does offload TCP checksum > processing to the card, so the checksum no longer covers the > transfer over the PCI bus, hence the wierd protocol errors. TCP checksums or for that matter any checksum cannot catch *all* errors. The best way to consistently reproduce that is by using our own scp(1). Since there is a MAC computation for every packet, this will easily help you identify the problem. If you do a recursive transfer and play with large files, it gives you enough headroom to track down the bug(s). Best of luck. -Girish
Re: pfctl - show port numbers
On 21:45:37 Dec 02, Henning Brauer wrote:
> * MikeM <[EMAIL PROTECTED]> [2007-12-02 15:35]:
> > When I run the command
> >
> > pfctl -sr
> >
> > a list of the rules is displayed, a sample line is below.
> >
> > pass in log quick on fxp0 inet proto tcp from 226.174.167.164 to
> > (fxp0) port = smtp flags S/FSRA keep state
> >
> >
> > Is there a way for me to tell pfctl that I want to see
> >
> > port = 25
> >
> > instead of
> >
> > port = smtp
> >
> > ?
>
> short of hacking pfctl source, no.
>
As per your request I have added the "-P" switch to pfctl to display
numeric port numbers instead of service names for those who desire the
same.
Please find attached the diff.
I have modified the man page as well.
Now, if you desire numeric ports display you have to use the -P option
in addition to other options. Everything else works as before.
-Girish
? y.output
? y.tab.c
Index: pfctl.8
===
RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
retrieving revision 1.133
diff -u -r1.133 pfctl.8
--- pfctl.8 2007/07/01 11:38:51 1.133
+++ pfctl.8 2007/12/03 01:59:39
@@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: July 1 2007 $
.Dt PFCTL 8
.Os
.Sh NAME
@@ -33,7 +33,7 @@
.Sh SYNOPSIS
.Nm pfctl
.Bk -words
-.Op Fl AdeghmNnOqRrvz
+.Op Fl AdeghmNnOPqRrvz
.Op Fl a Ar anchor
.Oo Fl D Ar macro Ns =
.Ar value Oc
@@ -315,6 +315,8 @@
.Ar device
instead of the default
.Pa /dev/pf .
+.It Fl P
+Print numeric ports instead of standard service names
.It Fl q
Only print errors and warnings.
.It Fl R
Index: pfctl.c
===
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.272
diff -u -r1.272 pfctl.c
--- pfctl.c 2007/11/27 16:22:13 1.272
+++ pfctl.c 2007/12/03 01:59:42
@@ -226,7 +226,7 @@
{
extern char *__progname;
- fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname);
+ fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname);
fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n");
fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] ");
fprintf(stderr, "[-k host | network]\n");
@@ -821,7 +821,8 @@
case PFCTL_SHOW_RULES:
if (pr.rule.label[0] && (opts & PF_OPT_SHOWALL))
labels = 1;
- print_rule(&pr.rule, pr.anchor_call, rule_numbers);
+ print_rule(&pr.rule, pr.anchor_call,
+rule_numbers, opts & PF_OPT_NUMERICPORTS);
printf("\n");
pfctl_print_rule_counters(&pr.rule, opts);
break;
@@ -881,7 +882,8 @@
} else
p = &pr.anchor_call[0];
- print_rule(&pr.rule, p, rule_numbers);
+ print_rule(&pr.rule, p, rule_numbers,
+ opts & PF_OPT_NUMERICPORTS );
if (brace)
printf(" {\n");
else
@@ -938,7 +940,8 @@
dotitle = 0;
}
print_rule(&pr.rule, pr.anchor_call,
- opts & PF_OPT_VERBOSE2);
+ opts & PF_OPT_VERBOSE2,
+ opts & PF_OPT_NUMERICPORTS);
printf("\n");
pfctl_print_rule_counters(&pr.rule, opts);
pfctl_clear_pool(&pr.rule.rpool);
@@ -1305,7 +1308,8 @@
if (pf->opts & PF_OPT_VERBOSE) {
INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
print_rule(r, r->anchor ? r->anchor->name : "",
- pf->opts & PF_OPT_VERBOSE2);
+ pf->opts & PF_OPT_VERBOSE2,
+ pf->opts & PF_OPT_NUMERICPORTS);
}
path[len] = '\0';
pfctl_clear_pool(&r->rpool);
@@ -1952,7 +1956,7 @@
usage();
while ((ch = getopt(argc, argv,
- "a:AdD:eqf:F:ghi:k:K:mnNOo:p:rRs:t:T:vx:z")) != -1) {
+ "a:AdD:eqf:F:ghi:k:K:mnNOo:p:PrRs:t:T:vx:z")) != -1) {
switch (ch) {
case 'a':
anchoropt = optarg;
@@ -2041,6 +2045,10 @@
case 'p':
pf_device = optarg;
break;
+ case 'P':
+ opts |= PF_OPT_NUMERICPORTS;
+ break;
+
case 's':
showopt = pfctl_lookup_option(optarg, showopt_list);
if (showopt == NULL) {
Index: pfctl_parser.c
==
Re: removing sendmail
On 13:31:27 Dec 03, RW wrote: > Forget it. > No, I'm not ordering you to. It's a tip. > Given that the developers are ignoring this thread, my guess is that > nothing is going to happen. It's all been said before. Not true. They just don't have the time. > BTW I run or admin several mailservers. I don't use sendmail but I > avoid campaigning for a change in base: The package I use installs in a > minute and Just Works (TM) so no, I don't demand the replacement of > sendmail by my favourite MTA. Everyone knows this is not going to happen unless there is a worthy replacement. > Sorry to have posted at all in this "going nowhere" thread but once it > got off religious choices and descended back to space saving, I > couldn't resist. I couldn't either. ;) -Girish > It's time the thread died. It should have died on day 1. > Maybe something useful comes out it? Who knows? :)
Re: pfctl - show port numbers
On 14:45:41 Dec 04, frantisek holop wrote: > +1 > > one man's worthless feature is other man's best friend. > please put it in... No use shouting yourself hoarse over this. If it is a no , it is a no. I later realized that nobody can satisfy everyone's needs and it is impossible to ever get total buy in in anything. We have to respect the developer's decisions. And I myself am quite convinced that it is not worthwhile to add this. No offense meant. -Girish
Re: pfctl - show port numbers
On 18:08:13 Dec 04, frantisek holop wrote: > > shouting? are you serious? > I am rarely if ever serious. ;) -Girish
Re: pfctl - show port numbers
On 11:06:09 Dec 04, Bob Beck wrote: > Personally, I think if I were starting from square one, I'd > do port numbers, not service names, but that's not the way it's > been for many years and even though my preference would be numbers > my loathing for yet another option far outweighs this preference. I personally feel service names are better. I can better relate when I see pptp, http or ftp instead of 1723, 80 or 21. Again this is dependent on personal preference and is really inconsequential. I feel it is important that any product/software does not change its behavior once it gets entrenched in the market. Moreover it is yet another option as Henning correctly said. We don't want to be linux? Do we? ;) > So, I'd prefer not to see a knob for this. The change > does not warrant the churn. Quite right. Have a nice day! -Girish
Re: pfctl - show port numbers
On 23:44:31 Dec 04, Stuart Henderson wrote: > *seriously* unsupported: > > $ perl -pi -e s,etc/services,etc/sXrvices, < /sbin/pfctl > > ~/bin/pfctl-no-service-names > > your foot is > > : > > : > > : > > V > > this way Wow ;) I never imagined one cud get so devious with programming. Ha ha Human cleverness can do some really cool things. ;) -Girish
Re: pfctl - show port numbers
On 13:22:23 Dec 05, [EMAIL PROTECTED] wrote:
> A longer winded version (same idea - Perl ... and no prizes for my code)
>
> use warnings;
> use strict;
>
> # Get the rules
> my $pfctl_rules=`pfctl -s rules`;
>
> # Get the known services
> open(SERVICES," my (@services)=;
>
> # Pull out the TCP services
> my %services;
> foreach my $service (@services) {
> if ($service =~ /(.*?)[\s]*([0-9]{1,4})\/tcp/) {
> my $service_name=$1;
> my $service_port=$2;
> $services{$service_name}=$service_port;
> }
> }
>
> # Now go through the rules - if we find port = ccc then translate, otherwise
> # just print the pftcl line "as is"
> foreach my $pfctl_rule (split /\n/,$pfctl_rules) {
> if ($pfctl_rule =~ /(.*?)port = ([\D]*?)([\s].*)/) {
> my $look_up="";
> if (exists $services{$2}) {
> $look_up=$services{$2};
> }
> print "$1port = $2($look_up)$3\n";
> } else {
> print "$pfctl_rule\n";
> }
> }
>
> Sample (manually altered, obviously):
>
> # perl pfrules.pl
> block drop log all
> pass out quick on XXX1 inet proto tcp from (XXX1) to NNN.NNN.NNN.NNN port =
> ssh(22) flags S/SA keep state
> pass proto udp from any to any port = domain(53) keep state
> pass in log on XXX0 inet proto tcp from any to 127.0.0.1 port = 8021 flags
> S/SA
> keep state
> pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = www(80)
> flags
> S/SA keep state
> pass in on XXX0 inet proto tcp from any to NNN.NNN.NNN.NNN port = https(443)
> flags S/SA keep state
If I had done this in my patch, probably it would have got accepted. ;)
Even now it could be done of course.
Just that I thought the "options" way.
If there is enough coffee for me in the list, I would do it. ;)
-Girish
Re: pfctl - show port numbers
On 06:12:09 Dec 05, Girish Venkatachalam wrote:
>
> If there is enough coffee for me in the list, I would do it. ;)
>
This diff should satisfy everyone.
-Girish
Index: pfctl_parser.c
===
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
retrieving revision 1.235
diff -u -r1.235 pfctl_parser.c
--- pfctl_parser.c 2007/10/15 02:16:35 1.235
+++ pfctl_parser.c 2007/12/05 01:27:21
@@ -295,6 +295,7 @@
void
print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto)
{
- char a1[6], a2[6];
+ char a1[6], a2[6], srvport1[1024], srvport2[1024];
struct servent *s;
-
s = getservbyport(p1, proto);
p1 = ntohs(p1);
- p2 = ntohs(p2);
snprintf(a1, sizeof(a1), "%u", p1);
+
+ if (s != NULL)
+ snprintf(srvport1,sizeof(srvport1), "%s(%s)", s->s_name, a1);
+ else
+ strlcpy(srvport1, a1, sizeof(srvport1));
+
+ p2 = ntohs(p2);
snprintf(a2, sizeof(a2), "%u", p2);
+ s = getservbyport(p2, proto);
+ if (s != NULL)
+ snprintf(srvport2,sizeof(srvport2), "%s(%s)", s->s_name, a1);
+ else
+ strlcpy(srvport2, a2, sizeof(srvport2));
+
printf(" port");
- if (s != NULL && (op == PF_OP_EQ || op == PF_OP_NE))
- print_op(op, s->s_name, a2);
- else
- print_op(op, a1, a2);
+ print_op(op, srvport1, srvport2);
}
Re: Problem during OpenBSD 4-2 installation
On 21:55:02 Dec 08, hogo hogo wrote: > I have got a problem during OpenBSD 4.2 installation. > I install on a QEMU virtual machine on a hard disk with 7000M of size. > In the end of installation process when the system writes MBR onto the disk > I get such a message: > > Installing boot block... > boot: /mnt/boot > proto: /usr/mdec/biosboot > device: /dev/rwd0c > /usr/mdec/biosboot: entry point 0 > proto bootblock size 512 > /mnt/boot is 3 blocks x 16384 bytes > fs block shift 2; part offset 63; inode block 24, offset 1704 > installboot: broken MBR > done > This means that no matter how many ever times you try you are going to keep getting this message and make no progress at all. ;) You have to zero out your MBR with the dd command or fdisk. # dd if=/dev/zero of=/dev/wd0c bs=512 count=1 Be careful with this command. It can cause real havoc if you give the wrong disk or if you goof up in any other way. You have been warned. Another thing you can try of course is the fdisk reinit command. I remember getting this error and I vaguely remember it was caused by a bad fdisk partition or something. I wish I knew exactly what went wrong. But trying out various methods saved my day. Best of luck! -Girish
Re: httpdv6
On 19:19:30 Dec 08, Mats O Jansson wrote: > This is the problem. You are trying to switch a daemon to be IPv6 centric > when the majority of our users doesn't use IPv6. I can understand that > KAME has that agenda but I dont think OpenBSD should. > I know only one thing and it is this. I was looking at KAME for an IPsec implementation. Thank God OpenBSD IPsec is by Angelos Keromytis and not from KAME like FreeBSD and NetBSD. KAME code sucks and no mistake. OpenBSD is far far better than KAME. Please let us not degrade ourselves by going the KAME way. (Either in design,approach or code) And again my opinion does not matter at all I know that. ;) -Girish
Re: come, help me with something more productive
On 17:34:11 Dec 14, bofh wrote: > Heh. I think we're having far too much fun in the other threads. You mean threads or thread? ;) ha ha > I > have a serious question. Shoot. > I'm a mangler in a largish company. We have > developers, and contractors. No coding standards and all that, so, > things are... messy. But of course yes. ;) > I'm not in charge of development, but I want to help them develop > something useful, and secure. Other than doing a braindump of the > developers here, what are the things that you people have found useful > to have in secure programming practises? Some of the things like privilege separation, privilege revocation, using OpenBSD's gcc, using strl* and strn* functions, giving enough headroom for buffers instead of being stingy in buffer sizes as they are allocated on the stack anyway and so on and so forth... Making things really simple and straight forward. Use a good programming language and write less code I could go on. ;) > I'm looking for advice, tips, procedures, processes, whatever. I will > be looking through my old notes from Matt Bishop's class at SANS, and > other things I've gathered throughout the years. I have been doing security programming for a decade now but nothing comes even remotely close to OpenBSD's standards. I would say just dump those lessons and look at /usr/src/sys... ;) > Unfortunately, it's rather flat here, so I can't even invite Theo to > come by and give a talk. ;) Best of luck! -Girish
mutt and Stallman
I am giving first aid after the war but still it will help. I can give a lot of relief to those of you who had nervous breakdowns and blood pressure problems due to spam mails getting in the way of useful technical stuff. It is not hard at all. First thing is install mutt from packages. # pkg_add -i mutt (Choose one of the flavors) Then get a cool muttrc. If you want mine mail me offlist. There are several good ones floating on the Internet ocean. Next ensure this. It is most critical. $ grep sort ~/.muttrc set sort="threads" Now just watch the fun. Whenever you see a thread with the favorite subject line or as soon as you read the first mail that is a symptom of impending health problems, all you have to do is hit "Ctrl-D". All the mails in the thread get deleted. Cool eh? This is the OpenBSD way of solving real life problems with a bit of technical knowledge instead of pleading and complaining. ;) Anyway hopefully my recipe will come in handy for future occasions. History repeats itself... -Girish
Re: yt: youtube download issue
On Tue, Dec 18, 2007 at 06:33:07PM +1100, Chris wrote: > yt is giving me the following error while trying to download - > > $ yt http://youtube.com/watch?v=huF2mrhTtCw&feature=dir > > $ Getting http://youtube.com/watch?v=huF2mrhTtCw ... > /usr/local/bin/lua: /usr/local/bin/yt:42: assertion failed! > stack traceback: > [C]: in function 'assert' > /usr/local/bin/yt:42: in main chunk > [C]: ? > [2]+ Exit 1 yt http://youtube.com/watch?v=huF2mrhTtCw > > I have yt-6 and lua-5.1.2p0 installed on 4.2. > > Any help would be much appreciated. Thanks. > Problem is fixed in -current. -Girish
tiny writeup on simultaneous audio playback
I thought this might benefit some of you folks.
I find that esd is pretty cool when it comes to figuring out if you have
got a mail when you are listening to music.
There are other uses too of course.
Here is a short writeup.
Before we start, my .procmailrc ;)
:0
*
{
:0 c
| esdplay /store/sounds/chimes.wav
:0
inbox/
}
Note that if you want simultaneous audio playback using the esd daemon,
then *all* the players should go thro' the ESD daemon.
If you use play instead of esdplay above it won't work.
Now let us first get mplayer to support esd.
$mplayer -ao help
does not report esd. So you have to compile it from ports.
# cd /usr/ports/x11/mplayer
# env FLAVOR="esd sdl" make install
(Before that you will have to uninstall existing mplayer)
Test whether it support esd now.
$mplayer -ao help
Good.
Now get my /etc/mplayer/mplayer.conf
font=/usr/local/lib/X11/fonts/mscorefonts/comicbd.ttf
subfont-osd-scale=5
subfont-text-scale=6
vf=hue,eq2,screenshot
ao=esd
menu=yes
osdlevel=3
Check out the 'ao=esd' line.
That is all to it.
It will be cool if we can ask esd to start up at boot.
/etc/rc.local
if [ -x /usr/local/bin/esd ];then
echo -n "esd"
/usr/local/bin/esd&
fi
Thanks.
Should you have any questions, don't hesitate to ask.
-Girish
Re: mutt and Stallman
On 16:44:48 Dec 18, Kennith Mann III wrote: > > If you want to share it, feel free to post it on openbsd-wiki.org =) > Sure. :) You can get them here. http://sirsasana.org/misc/muttrc-personal.txt http://sirsasana.org/misc/muttrc-list.txt -Girish
Re: mutt and Stallman
On 10:13:06 Dec 19, Girish Venkatachalam wrote: > > You can get them here. > > http://sirsasana.org/misc/muttrc-personal.txt > http://sirsasana.org/misc/muttrc-list.txt > Very nice page on mutt. http://home.nyc.rr.com/computertaijutsu/mutt.html -Girish
Re: Quick question about PF and binat
On 03:14:10 Dec 22, Mikolaj Kucharski wrote:
> Hi,
>
> # echo binat on wi0 inet proto '{' tcp udp icmp '}' \
> from 192.168.100.2 to any '->' 192.168.15.103 | pfctl -f -
>
> # pfctl -sn
> binat on wi0 inet proto tcp from 192.168.100.2 to any -> 192.168.15.103
>
> # sysctl -n kern.version
> OpenBSD 4.2-current (GENERIC) #599: Fri Dec 14 17:13:48 MST 2007
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
>
>
> I didn't work with PF for long time, so maybe I'm missing something, but
> is this behaviour correct? Could someone more experienced comment on
> this? TIA
I am no authority but looking at the grammar section in pf.conf(5), I
would guess that it is correct behavior.
nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
[ "on" ifspec ] [ af ]
[ protospec ] hosts [ "tag" string ] [ "tagged"
string ]
[ "->" ( redirhost | "{" redirhost-list "}" )
[ portspec ] [ pooltype ] [ "static-port" ] ]
binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts
")" ] ] ]
[ "on" interface-name ] [ af ]
[ "proto" ( proto-name | proto-number ) ]
"from" address [ "/" mask-bits ] "to" ipspec
[ "tag" string ] [ "tagged" string ]
[ "->" address [ "/" mask-bits ] ]
rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
[ "on" ifspec ] [ af ]
[ protospec ] hosts [ "tag" string ] [ "tagged"
string ]
[ "->" ( redirhost | "{" redirhost-list "}" )
[ portspec ] [ pooltype ] ]
You can see that there is no 'protospec' token in binat-rule.
-Girish
Re: Using the C programming language
On 12:06:34 Dec 22, Brian Hansen wrote: > Hi. > > I address this issue on this list, because a lot of people here are very > skillfull C programmers. Yes. OpenBSD not only is secure , the code is also exceedingly beautiful. You can discern a certain artistic beauty in the way code is written, even commented. If you don't believe me, take a look at IPsec implementation in the other BSDs from KAME and the one in OpenBSD. ;) If you are really bold, also see the same under linux. www.freeswan.org which was abandoned. The code is so direct, clear and straight forward. Security can be obtained only thro' simplicity, less code and good review process. OpenBSD's C coding process ensures all three. And more. It is not possible for ssh to be so secure but for these practices. If you look at secure code from other projects, you will find that the code is so poorly indented, carelessly written and all sorts of tricks resorted to. This makes review ineffective and audit close to impossible. It is not just the programming language. It is also how it is used and who uses it that matters. In Tamil, my mother tongue there is a beautiful simile. "Flower garland in the hand of a monkey." You need really smart people to do a good job. Even the best of tools will be misused by incompetent people the same way a flower garland is spoilt by a monkey. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada. > I dunno about ada. > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). There is simply no alternative to C. Period. > 3. Are there any real benefits in using C++ over C regarding security? Are > C++ really "better" from a security perspective? C++ is a disease. A horrible programming language. > 4. Has anyone from the OpenBSD team written any guidelines in "secure > programming"? (I haven't been able to locate anything except some interviews > and stuff). Check out the papers on http://www.openbsd.org/papers/ You can take a look at one of them on OpenBSD culture. -Girish
Re: Using the C programming language
On 07:32:54 Dec 23, Rico Secada wrote: > Now those two statements are somewhat in contradiction. You can't say > that Ada isn't an alternative to C without knowing what it is. Ada > fully serve as an alternative to C, but read up on that if you must > know. I have been wanting to ask this. Lot of people seem to be in favor of Ada. I had no clue that Ada was such an important language in embedded systems and mission critical applications. Anyway it is never too late to learn. Can someone give me a list of useful links on Ada so I can start learning the language? I did read the wikipedia entry though. Thanks. -Girish
Re: Using Mail(1)
On 22:15:03 Dec 24, Marc Espie wrote: > vim actually has an internal fmt command. > > I found about it fairly recently. All vi users use the filter command > all the time, and it usually takes us a while to adjust to vim improvements ;) I have this on my vimrc. sy on se nu se textwidth=72 nnoremap :,$d se spell spelllang=en_us nnoremap :highlight clear spellbad nnoremap ihttp://sirsasana.org/ports/a Setting "se textwidth=72" is the best way. No need to invoke 'fmt'. Check out my other useful stuff too. I have an on the fly spell checker and a short hand for sending ports. ;) vim helps me avoid errors in e-mail messages ( though I keep making typos despite that ;). Also check out the mapping for 'Ctrl-K' which is extremely critical for e-mail. Whenever you reply to a mail on the list, you keep running into the need for deleting everything from current line downwards. As to the preference between vim and vi, I would say that I have kind of got "spoilt" by the luxury of vim. I definitely agree that vim sometimes is a bit slow and that it has bloat that can be avoided, but what the heck? Vim's syntax highlighting never ever let me down. ;) It cannot understand all sorts of #ifdef, so sometimes the bracket matching fails but throw any config file or whatever you think of at it and vim does a marvelous job. Yes, I am typing this mail in vim. I have written an article on vim too. http://linuxjournal.com/8289 I know this discussion is about vi and not vim, but Marc spoilt me. ;) -Girish
Re: Using Mail(1)
On 12:06:02 Dec 25, Pieter Verberne wrote:
> In Vi I set "set wl=72" (wl = wraplen). But when I remove text in the
> middle of a sentence, the text won't shift. This makes the line less
> than 72 characters. I think Vim does shift the sentence automaticly?
No, vim does not shift either. I was under the impression that there is
no need to justify sentences that way. As long as lines are under 72
characters I am quite alright.
If you remove something in the middle, it is going to be less than 72
characters anyway.
If you want to justify/fill correctly, then you end up using fmt at the end.
I have a problem with using post processing tools. I want everything to
happen on the fly.
I just checked out the 'wl=72' stuff in vi. Works exactly like 'tw' in
vim. I then did an fmt in the end. The result looks much better
of course. But there is a problem. The quoting gets goofed up. One has
to do it with little more care I guess.
Looks like I misunderstood then.
> Something like 'd-{'?
I don't get you. You mean 'd' and '{'?
Doesn't work for me.
Perhaps I misunderstood? I want to delete everything from current line
till end of file. In vi, it corresponds to
:,$d
-Girish
Hazy top of mind questions on spam control with OpenBSD
Dear friends, Please excuse the silly subject line. I am unfortunately not qualified enough to come up with a better one. First my assumptions, then my questions. Request inputs on both. Assumptions - a) Most of the spam originates in USA. And high bandwidth links and busy mail servers are common targets. b) Spam control strategies differ depending upon which leg of the spam propagation cycle we are in. Let me explain. *) Spammers have some kind of 'radar' that looks for vulnerable hosts/networks and they abuse them for carrying their traffic. Sometimes ISPs connive with spammers and let them use their networks. At this point, the spam is in the egg form. *) Once the spammer gets a foothold to munge his mail ID and originating IP/network, then he looks for bandwidth guzzler techniques involving smart programming involving a combo of IP and TCP techniques to deliver millions of mails in a jiffy *) The final leg is when the spam reaches the destination MTA/ user's mailbox c) We have to necessarily use a combination of spam control strategies for combating this disease. Okay now for my questions. First please correct my assumptions. Thanks. Questions - 1) Since my field of activity is neither USA nor do I have access to high bandwidth what effect will greylisting have on me? Is there a point in using greylisting since it is highly unlikely that someone is going to use me/my networking/my MTA as scapegoat for sending spam 2) case b) also does not apply since very few routers here run BGP or give spammer enough ammo for his job. Should I still go in for clever tricks with pf and spamd like greytrapping, source tracking, blacklisting etc.? 3) I hate spamassassin and I love dspam and its statistical filtering math. But alas, the project is largely unmaintained and dying. What alternative do I have in combating spam by textual analysis, context sensitive Bayesian techniques and so on? Finally I have the choice of using hackish solutions like tagging mails with X-spam-* scores with procmail or other filters with collaborative user feedback from shared databases. Kind of like the DCC stuff by Vipul's razor or gmail. I also believe that without user feedback and individual training spam cannot be combated effectively. Each user has his own behavioral patterns when it comes to mail. How should I design my spam control 'fishing net'? I don't want to make the holes in my net too small thereby catching small fish (false positives), at the same time I should catch big fishes. Thanks for your inputs and pardon my ignorance and this lengthy mail. Happy new year folks! ;) - Girish
What does this mean?
Check out http://www.spamhaus.org/statistics/countries.lasso There is USA right at the top head and shoulders above the rest. The way I look at it is this: 1) It takes a lot of talent/energy even to cause harm 2) Spammers may use cheap tools written by others but they are a powerful cartel very similar to the underworld. It requires great coordination, planning and heavy resources to write/use the sophisticated tools used by them I would not imagine a nation like Nigeria coming up with tools like this. ;) -Girish
UNIX way of undeleting files?
Just wondering if there was a way to undelete a file. I have never run into the situation so far (surprise, surprise) but I sure will in future. It is best to know. I saw something like this. $ grep -a -B[size before] -A[size after] 'text' /dev/[your_partition] I want something from the old school, something more formal and using the traditional UNIX method of doing it the right way. Apparently lsof from linux world could help too. I guess depending on the file system one could use a different recovery command. What is the way to do it with FFS? ncheck_ffs? Thanks. -Girish
Re: UNIX way of undeleting files?
On 12:32:58 Dec 29, Unix Fan wrote: > From my understanding, restoring a file after deletion would be very > complicated because files aren't stored in a "sequential" fashion... > > > > When you delete a file, the inode for the file is removed.. (assuming there > wasn't another hard link to it...)... That inode contained the only list of > blocks that were allocated for that file. > > > > As you can see, The data remains on the drive.. but as Chris Kuethe said... > do you like jigsaw puzzles? > I get you but I have read mails on the local LUG where people speak about linux tools that do the dirty job for you. They perhaps scour the disk and rebuild the list of inodes and link them. I dunno. I don't recollect the name of the tool though. -Girish
Re: UNIX way of undeleting files?
On 02:34:15 Dec 30, Hannah Schroeter wrote: > > If you type rm foo and foo was the last link to the file (the underlying > inode) and there was no open file descriptor and no mapped memory > referring to the inode, either (I hope I've covered the important kinds > of references to inodes), the inode (data structure on your disk) will > be completely cleared and the inode and the data blocks will be > returned to the freelist (managed as bitmaps), on FFS. Of course also > the directory entry "foo", which maintained the link between the file > name and the inode, will be cleared. So both the links between the name > and the inode, as well as the link between the inode (the file) and the > data (the blocks containing your text, or other data) will be gone. > If what you are saying is indeed accurate then that puts paid to that. It is clear that it is impossible to undelete an FFS file. Thanks. -Girish
Ethernet jumbo frames?
What on earth is this? http://www.cyberciti.biz/faq/rhel-centos-debian-ubuntu-jumbo-frames-configuration/ I was under the impression that Ethernet frames can never be more than 1500 bytes. Or is it some kind of stupid linux hack? Or does it have any meaning? Is there real value in this? I don't get it. -Girish
Re: Embedding OpenBSD
On 15:37:46 Dec 31, Stuart Henderson wrote:
> Even so, it still allows recovery from some serious problems without
> touching the machine. There are quite a few situations where this could
> be very useful, though it might not be worth the extra expense and
> complexity of adding an external device, watchdog timers aren't too
> uncommon in PC hardware these days.
Correct me if I am wrong but I believe it was this that saved the Mars
lander from total disaster a few years ago. I heard it was due to the
brilliant idea of some Indian professor. I don't remember much about it
now.
> In the case of the hardware Nick mentioned, there should be a watchdog
> timer in the I/O controller hub (82801AA ICH); adding support for this
> might be as simple as adding the device ID to /sys/dev/pci/ichwdt.c then
> test by setting sysctl kern.watchdog.auto=0 and kern.watchdog.period=30
> and wait 30 seconds for it to reboot. See watchdog(4) and watchdogd(8)
> ("man -k watchdog" gives a list of device drivers supporting watchdog
> timers).
Watchdog is a great idea. And for embedded/real time systems it might be
inevitable and even life saving. But since I lack experience my ideas
could be wrong.
> The main docs for driving the ICH* watchdog timers are here:
> http://download.intel.com/design/chipsets/applnots/29227301.pdf
> (also see http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/ichwd/
> which supports 82801AA).
Wow! Great!
I believe Intel gives very good documentation for everything except
wireless chipsets. ;) Theo should have more to say on this. ha ha
Many thanks Stuart.
-Girish
Re: Embedding OpenBSD
On 13:37:28 Dec 31, Steve Shockley wrote: > Girish Venkatachalam wrote: >> Correct me if I am wrong but I believe it was this that saved the Mars >> lander from total disaster a few years ago. I heard it was due to the >> brilliant idea of some Indian professor. I don't remember much about it >> now. > > It's somewhat more difficult to access the hardware on the Mars lander, let > alone replace parts. Read this and 'CTRF-F' for watchdog. http://research.microsoft.com/~mbj/Mars_Pathfinder/Mars_Pathfinder.html If I remember right this made a lot of headlines few years ago. This is not on topic but other threads don't look any good anyway.;) -Girish
Re: Why do clients running BitTorrent make my router's latency go through the roof?
On 17:37:44 Jan 13, Max Hayden Chiz wrote: > Okay, maybe I wasn't clear what the problem is. The problem is that > having a high number of bittorrent connections causes high latency on > the external interface. Using max-src-states fixes this problem, but > I don't understand why it is a problem to begin with. > > From extensive experimentation here is what I have been able to determine: > > The problem has nothing to do with bandwidth. I don't experience this > problem with any other protocol (HTTP and FTP for example) and if I am > running a few connections and pulling down a huge chunk of my download > and using almost all of my upload, altq will work fine and I will have > little or no latency. > > On the other hand, I can cause this problem even if I am only using a > fraction of the bandwidth -- all I have to do is have the bittorrent > client start a bunch of torrents and make hundreds of connections > each. > > Altq isn't useful here because it isn't going to engage until there is > a backlog. Now, it is true that once the latency starts to rise, a > backlog will result, but I am already running a modified ack-priq and > the increase in latency becomes a problem (as in no one can browse the > web) long before it turns into backlog. I have played with the altq > six ways from Sunday in an attempt to solve this. It doesn't affect > anything unless I turn the bandwidth down to some ridiculously low > number. > > Although the increase in latency seems to generally slow down the time > it takes to process a packet. It seems to disproportionately impact > TCP handshakes. At first I thought this was just because the > handshake was experiencing 3x the latency increase, but after playing > with it more, it seems that the increase is more than linear. > > My concern is that this is a bug that would allow a malicious user to > perform a DoS attack on any router that allows for BitTorrent. If you > don't use max-src-states, then the BitTorrent user (even if bandwidth > limited by hfsc or cbq) can make an absurd number of connections and > increase latency to the point that the external interface becomes > unusable. > Have you considered playing with TCP window sizes? Or the pf options? I bet it is a TCP issue. I know this isn't much helpful but this is the best I can do. Thanks. -Girish
Re: KSH and Bash problem with long commands
On 15:08:54 Feb 12, OBSD wrote: > Hi All, > > I have a small problem with the KSH and Bash on a OpenBSD 4.2. with very long > commands. > I have > echo $SHELL > /bin/ksh and > echo $KSH_VERSION > @(#)PD KSH v5.2.14 99/07/13.2 > and in my ~/.inputrc is > set horizontal-scroll-mode Off > > I found this setting in the man readline > http://www.openbsd.org/cgi-bin/man.cgi?query=readline&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html > > But unfortunately it does not work. > It does not warp the line either in KSH or Bash. Instead it overwrites the > already written text > which is annoying if you have very long commands. > I have tried as well the /etc/inputrc with this entry but it does not work > again. > I read as well the man KSH but does not find any useable info there. > > Strange enough if I start a csh it works but not with the other shells. > > Has anybody maybe an fix or workaround how I can solve this? > Every hint is appreciated!! > To the best of my knowledge (which is not much) ksh does not support what you are asking for. -Girish
Re: rtorrent + OpenBSD = freeze
On 14:42:37 Feb 19, Paul Irofti wrote: > I've been using rtorrent for more than a year now and it never > stopped/blocked/froze/etc. > I can second that . Little annoyances here and there but overall rtorrent works very well under OpenBSD. If it freezes very likely it is a network issue. -Girish
Re: rtorrent + OpenBSD = freeze
On 16:43:00 Feb 19, Daniel Andersson wrote: > > Could you please elaborate? The only thing that was working after > the freeze was the routing. I guess I could try FreeBSD since they > have pf too. iptables is driving me nuts. > Sorry I was out and just came back home. I think my answer would be irrelevant now since many other people seem to be facing problems. So there seems to be something wrong somewhere. I did notice a freeze but I don't think it has anything to do with what others are saying. Almost in every case I thought it was due to the tracker being down or some such bittorrent issue. Since p2p networks have so much churn I am always wary of concluding anything based on this. Beyond this I have nothing more to add to this. As to iptables and pf, I honestly think comparing the two would be like comparing darkness to light. ;) On a different note, I have seen my OpenBSD box freeze badly whenever I access my Sony SATA DVD R/W drive. I never got time to diagnose the exact cause. It is a serious issue and something needs to be done about it soon. In fact I install using FTP or HTTP due to this hairy issue. Other than that I have seen OpenBSD freeze with the ImageMagick convert(1) program as well. Here goes one more freeze. I used to have trouble recording voice with the new Intel HDA driver, but nowadays that problem does not seem to be there. It is a little unnerving to note that OpenBSD userland code sometimes hangs the whole machine very much like Windoze but then...let us better be open about it and do something. I am quite well versed with OpenBSD's kernel code but I need experience with driver development and fixing such "freezes". If someone can throw some light on the debugging process I can definitely give it a shot. Would I have to use a serial console and run the kernel with ddb(4) ? Thanks. Best, Girish
Re: Power fluctuation and hard disk crashes
On 07:34:21 Feb 28, Matt wrote: > > I am not an authority on the subject at all but... > > A non-tech solution might be to buy a cheap notebook and use that as your > workstation and/or backup device. > If power fails or drops the battery will automatically take over and you > should not experience any disk problems. Guys, Sorry for the noise. I fixed the problem by buying myself a new SMPS. The SMPS was to blame. I have several other PCs which run just fine. Whose disks never failed. I am feeling stupid but I hope the feeling passes. ;) For the archives in case anyone feels that they are having too many disk crashes the first suspect should always be SMPS. Actually last year I had the same problem. I replaced the SMPS and the mobo as well. And the reason my mobos never failed probably have got to do with the fact that they are all original Intel ones. Thanks for helping me out. A special thanks to Nick Holland for giving me prodigious amount of information/advice in private. Thanks once again. -Girish
Re: P2V with VMWare -> "ERR M"
On 09:42:17 Feb 28, Steve Shockley wrote: > Recipes don't teach you how to cook. > I can second this because I have been cooking for more than three years now. And God alone knows how hard it has been. I never consult any book or even the Internet. I simply ask ladies and that too the ones whose food I have tasted. In spite of my making mistakes and experimentation I still cannot be sure how my dish will end up tasting. It is the same with programming or anything with computers. No matter what you read, until you try it out for yourself and get experience it is useless. -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks
Re: 4.3 Beta: no sound
On 22:15:17 Feb 29, Claus Assmann wrote: > I've upgraded one machine to 4.3 Beta (2008-02-23, i386, dmesg > below) and there is no audio anymore (it used to work with 3.8). I > tried to cat an audio file directly to the device: > > $ file gong.au > gong.au: Sun/NeXT audio data: 8-bit ISDN u-law, mono, 8000 Hz > $ cat gong.au > /dev/audio > $ cat gong.au > /dev/sound > > > and mpg123 (playing song36.mp3 with various options), > and mplayer, xine, vlc to play some DVDs: video is shown (even though > mplayer is "jerky"), but no audio. > > What can I check next? > > $ mixerctl > outputs.master=199,199 > outputs.master.mute=off > outputs.mono=255 > outputs.mono.mute=off > outputs.mono.source=mixerout > outputs.headphones=255,255 > outputs.headphones.mute=off > outputs.surround=255,255 > outputs.surround.mute=off > outputs.center=255 > outputs.center.mute=off > outputs.lfe=255 > outputs.lfe.mute=off > inputs.speaker=255 > inputs.speaker.mute=off > inputs.phone=191 > inputs.phone.mute=off > inputs.mic=191 > inputs.mic.mute=off > inputs.mic.preamp=off > inputs.mic.source=mic0 > inputs.line=191,191 > inputs.line.mute=off > inputs.cd=191,191 > inputs.cd.mute=off > inputs.video=255,255 > inputs.video.mute=off > inputs.aux=191,191 > inputs.aux.mute=off > inputs.dac=191,191 > inputs.dac.mute=off > record.source=mic > record.volume=255,255 > record.volume.mute=off > outputs.extamp=off > # I turned off all "mute" fields as stated in the FAQ. > Not sure if it would apply in your case but still... You can try the UKC stuff. # config -e -o bsd.new /bsd And then do a "find auvia" and change the PCI device and function numbers to match the output of scanpci. But I have most sound cards working even with the above parameters showing -1. Your dmesg shows no errors, so this trick might work. If it doesn't then you can try mplayer with various audio output drivers. $ mplayer -ao help Thanks. -Girish
Re: how I can save ddb trace information.
On 12:16:31 Mar 06, Jorge Medina wrote: > Hi list: > I have a panic with mp kernel, when panic launch me to ddb prompt I > execute ps and trace but i don't know how save the dump information. > man crash(8) man savecore(8) You have type ddb> boot dump -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks
Re: Samba(SMB) or Netatalk(AFP)?
On 18:59:06 Mar 11, Sunnz wrote: > But... the user account on the clients already has their own > uid/gid... do I have to make new accounts? Or am I missing something? > vipw ;) -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+
Re: pf label and viewing with tcpdump?
On 12:13:56 Mar 18, Karl-Heinz Wild wrote: > After viewing the man pages and searched the internet > I couldn't find how to display pf tags-labels in tcpdump. > It is not possible for userland processes like tcpdump(1) to display pf(4) tags. So it follows that pfctl(1) also cannot read tags. Packet tagging happens in kernel and there is no ioctl to read tags. I am not sure if there is any plan to implement it. > The other thing is how to display a tag in the states with > pfctl -ss? > It is not possible. > Is it not implemented or did I miss the right information? > > I hope that my questions aren't rubbish :) > You know how to display pf(4) labels with pfctl. Don't you? -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: using openbsd to make presentations
On 22:18:30 Mar 18, Pau Amaro-Seoane wrote: > Hi, > > very often I have to give a talk about my work etc... The slides > contain a lot of math equations, plots and even sometimes some movies. > > I was used to latex-beamer to do all this because I want something I > can edit with vi(m) and it fulfilled all requisites ... and I was used > to it when I was using linux. > > I have switched to OpenBSD since some 1.5 years and I am very happy to > report here, by the way, that OpenBSD _does_ start X on the projector > where most linux peecees and macs fail :) BUT -and this is the main > reason to write now- the pdf slides created with latex-beamer "feel > heavy"... What I mean is that when using full screen (with xpdf or > kpdf etc) it takes some 3-4 seconds to change a slide. I don't know > why... I can provide you with a test talk, so that you udnerstand what > I mean. > > This is very bad when somebody in the public asks a question of plot > number 2 in slide #3 and you're in slide #55. Sure there are ways to > overcome the problem, with the progress bar of latex-beamer, for > instance, but still I don't like it. > > I just want to ask here in misc whether somebody has had the same > problem and what other alternatives there are. > > I have noticed that a lot of people are using magicpoint out there. I > had a look at it, but it seems not obvious to use when it comes to > latex. As far as i know, there are these two possibilities: > > http://www.sonycsl.co.jp/person/nishida/mgp-users/msg00241.html > > http://www.sonycsl.co.jp/person/nishida/mgp-users/msg00290.html > > I have made some tests and I could not use all latex commands... I run > into a snag in a number of occasions. > > Question: Do you have any recommendation / suggestion to prepare talks > to be shown in a projector including mathematical equations, plots > and, eventually, movies (I can live without this last point)? Wow! This is very interesting. ;) I am in the same boat as you but guess what? You got a lot of responses for the "xpdf slowness" problem and can you guess how I solved it? Of course you know that Acroread is not slow at all...that is my solution, not something I like though. What about evince? Evince is not slow either. xpdf is blazing fast on my gentoo. So it looks like there is something wrong with xpdf on OpenBSD. I have never played with apm(8), so I am not so sure what is to be done. As to mgp and LaTeX beamer, well I think there is no question. ;) mgp is quite painful since many people cannot get that running properly under linux and it never works on Windows. I find this a problem when I want to distribute the slides. And they are completely lifeless when you view the html... OTOH LaTeX Beamer is superb. But bear in mind that nowadays you have www.slideshare.net and I uploaded my jQuery talk and they completely fucked my slides. I think it converts it into flash and they have no clue what to do with slide overlays. Anyway I got some new ideas from this thread, that of trying out the seminar class and other LaTeX packages. Let me try my luck. As to scalable fonts, I have never had a problem with fonts breaking under xpdf. My slides invariably have pictures in them. It is just that xpdf gets angry when you view your slides in fullscreen. I have never seen the source of xpdf but it is in the back of my mind. If I get around to it, I want to fix whey xpdf is slow on OpenBSD but fast on gentoo. Or it might be that I have never played with apm. Anyway, -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: using openbsd to make presentations
On 17:45:26 Mar 18, Predrag Punosevac wrote: > I am a mathematician so I am quite often in the same position as you to > give presentations which contain > lots of formulas and images. > I use Powerdot class of Latex presentations (descendant of Prosper an > obsolete class of presentations ) which is as an alternative to the Beamer > class. For the comprehensive review of all classes of presentations for > latex you may check > > http://texcatalogue.sarovar.org/bytopic.html#present > > The advantages over Powerdot over Beamer are numerous. > Powerdot is far easier (has only 60 man pages v.s. Beamer man pages are > over 400 pages). > It is also very simple to incorporate movies into your slides. The slides > are easily customized > and in my point of view far more beautiful than the Beamer. That will be really cool. ;) I love beauty both in women and in my work. ;) What about movies? > > The popularity of Beamer seems comes from the fact that you can use > pdflatex to produce pdf slides. > That is not possible with Powerdot as it uses some PostScript tricks. So > you will have to latex slides followed by > dvips and ps2pdf or dvipdfm to produce pdf slides. The ultimate goal of > course is to produce pdf slides. > That is no problem at all. > I noticed that one has to use Adobe Reader (I prefer Xpdf as well) which is > only available from ports due to the > license issues in order to have alive links on slides. That seems to be > built in feature ( I would call it bug) > which should be communicated probably up stream. The slides are very > responsive. I personally have not seen better > looking slides on any platform and I think I have seen it all. > > Powerdot class of presentations is part of TeXLive but not the part of > teTeX. As you know teTeX is > dead for about three years now and the TeXLive is official TeX distribution > for Unix maintained by TeX community. > TeXLive is available only from ports for OpenBSD 4.2. > However you will have to use port for 4.3 current (soon to be release) as I > stumbled upon a bug in Powerdot > class of presentation. The bug was in TeXLive source code and was well > documented. > It is already fixed by port maintainer for OpenBSD 4.3. > > As far as I know TeXLive will be regular package (you will not need to use > ports) starting OpenBSD 4.3. This is > only second Unix like system after Debian to have fully functional TeXLive > thanks to Edd Baret porter of TeXLive > for OpenBSD. On the last note I recommend that you install full TeXLive > which is about 1Gb but includes > all TeX/Latex features coded at the moment. I am not sure if the TeXLive > base includes Powerdot. I would guess yes. > I don't mind waiting till May 1. It is much better than Beamer? Do I have to go thro' the same learning curve? Your argument is quite convincing though. What about movies? -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: using openbsd to make presentations
On 22:43:32 Mar 18, Jonathan Thornburg wrote: > I find that the speed, or lack thereof, which which xpdf renders > each new page (or progessive-overlay-on-the-same-page) varies from > "too fast for any perceptable delay" to "a couple of seconds" and > sometimes even to "10 secondes". It seems to depend entirely on how > big/complex the graphics are that I include -- if a page has only > text and/or latex math, it renders "instantly". But if there are > big/complex graphics, then it can be slower. (The "10 seconds" is > only for some really nasty graphics files.) > I have observed something around 3 to 4 seconds. It is not exactly "painful" but distracting. All my slides have pictures or source code, so xpdf is mostly unacceptable. It is very fast when you don't view fullscreen , so the issue is in scaling. In fact I would also venture to say that color pictures give a lot of fun and life to your boring technical talks be it math or software or hardware or even if you are making a sales/marketing pitch. I always look for powerful imagery from flickr.com. -Girish -- "unix soi qui mal y pense" UNIX to him who evil thinks +--+ | GnuPG key : 0xC7BBF207 | http://wwwkeys.nl.pgp.net| | Fingerprint: 2AFF C264 20CE C80C DDFF CC15 AD3E F190 C7BB F207 | +--+ [demime 1.01d removed an attachment of type application/pgp-signature]
