4.3-stable panics on a Soekris net-5501

[Tom Van Looy]

0x82  nanosleep perl
 28111  1  28111  0  30x81  selectnmbd
  7325  11156  11156  0  3   0x181  pause smbd
 11156  1  11156  0  3   0x181  selectsmbd
 32124  1  32124  0  30x80  selectsshd
 17686   7256   7256 67  3   0x180  netconhttpd
 27968   7256   7256 67  3   0x180  netconhttpd
  7216   7256   7256 67  3   0x180  netconhttpd
 14204   7256   7256 67  3   0x180  netconhttpd
 11005   7256   7256 67  3   0x180  netconhttpd
 22759  1  22759  0  3 0x40180  selectsendmail
 27238  1  27238  0  3   0x180  selectinetd
  7256  1   7256 67  3   0x180  selecthttpd
 18628  1  18628 77  3   0x180  poll  dhcpd
 22153  1  22153  0  30x80  poll  ntpd
  7671  1   7671 83  3   0x180  poll  ntpd
 31071   4159   4159 70  3   0x180  selectnamed
  4159  1   4159  0  3   0x180  netio named
 10100  15371  15371 74  3   0x180  bpf   pflogd
 15371  1  15371  0  30x80  netio pflogd
 28057   5556   5556 73  2   0x100syslogd
  5556  1   5556  0  30x88  netio syslogd
 13545  1  13545 77  3   0x180  poll  dhclient
  5571  1  16890  0  30x82  poll  dhclient
14  0  0  0  30x100200  bored crypto
13  0  0  0  30x100200  aiodoned  aiodoned
12  0  0  0  30x100200  syncerupdate
11  0  0  0  30x100200  cleaner   cleaner
10  0  0  0  30x100200  reaperreaper
 9  0  0  0  30x100200  pgdaemon  pagedaemon
 8  0  0  0  30x100200  pftm  pfpurge
 7  0  0  0  30x100200  usbevtusb1
 6  0  0  0  30x100200  usbtskusbtask
*5  0  0  0  70x100200usb0
 4  0  0  0  30x100200  bored syswq
 3  0  0  0  30x100200idle0
 2  0  0  0  30x100200  kmalloc   kmthread
 1  0  1  0  3  0x4080  wait  init
 0 -1  0  0  3 0x80200  scheduler swapper
ddb> trace
Debugger(d078ac70,50,d82b9d4c,d0809460,d8391000) at Debugger+0x4
panic(d06b2401,d06d8062,d82b9d8c,7b00,d82b9d74) at panic+0x63
pool_do_put(d0809460,d8391000,0,7e0a,d103cc80) at pool_do_put+0x193
pool_put(d0809460,d8391000,d82b9dec,d0494fee,d1026630) at pool_put+0x27
scsi_free_xs(d8391000,1,d82b9e4c,0) at scsi_free_xs+0x3c
scsi_done(d8391000,0,0,d0627a02,0) at scsi_done+0xb3
umass_scsi_cb(d0dff800,d8391000,4000,3,d0dff800) at umass_scsi_cb+0x8a
umass_detach(d0dff800,1,10,d0628037,d0d7db00) at umass_detach+0xfb
config_detach(d0dff800,1,d82b9f0c,d06285b0,d0d7db00) at config_detach+0x228
usb_disconnect_port(d0d91f30,d0d7c600,10) at usb_disconnect_port+0x65
uhub_explore(d0d7db00,d0626744,d82b9f8c,d06267f9,0) at uhub_explore+0x205
usb_discover(d0d7db80,d06267cc,8,246,d61e5560) at usb_discover+0x36
usb_event_thread(d0d7db80) at usb_event_thread+0x91
Bad frame pointer: 0xd092ce78
ddb>

ps: I won't pull out the cable again ;-)

Kind regards,

Tom Van Looy

Re: possible bug in OpenNTPD code?

[Tom Van Looy]

>>Why would you assume that? That seems a bit hostile. Perhaps the
>>developers are a bit busy at the moment.
>
>True. I generally post on the Linux lists and I believe I am spoiled by
getting quick responses from my postings. In future, I will remember to keep
more patience.

I would like to respond to this with a small anecdote: I opened a call at
vendor x at 17/sep/2008. The call resulted in me having to open a design
change request for their OS. So, 65 days later (coincidently today), I
received a "tracking number" and probably have to wait an other (max) 90 days
for the developers to decide if they even will make a fix. Oh, did I mention
how ridiculously much we pay each month for their support?

Re: CARP under heavy load

[Tom Van Looy]

Stephan A. Rickauer wrote:

One can use 'carppeer' to not send multicast but unicast. However, I was
under the impression one still needs to do peering on the same link as
the carp interfaces sit.


Yes, because if you send carp messages on an other (dedicated) link and
the link to the external/internal network goes down, carp messages will
still reach the backup firewall. So, it won't become master.

Re: Openbsd mounting

[Tom Van Looy]

Dorian B|ttner wrote:

rizzo0917 schrieb:
 and usb devices.   


keyword is hotplugd(8), includes example.



I think he's looking for amd(8).

Re: script

[Tom Van Looy]

>Nick Guenther wrote:
>>> Does anybody provide a commercial shell scripting???
>> 
>> for i in "Don't wait" "Buy Things Now" "Save Now" "$0.99" "Get your
>> instant trial account now" "Double Your Sales Calls, Free Script
>> Demo"; do
>>   echo $i
>> done
>> 
>> Like that?
>
>Hey man, that wasn't just 'commercial grade', that was Enterprise(tm) ready!
>Almost ready to be:
>#!/usr/games/fortune 500
>...

Actually, there's a bug in the script. Should be "\$0.99". ;o)

Re: Survey on the usage of IPv6

[Tom Van Looy]

Will (when) the results and the paper be published publicly?

Claudio Jeker wrote:

For an IPv6 related paper we are currently working on, Claudio and I are
doing a small online survey on the use of IPv6 among OpenBSD developers
and users.

It would be nice if you could spare 10-15 minutes of your time and
answer the questions.  Please do that also if you don't use IPv6,
since that helps us evaluating how much it is used.

You find the survey online at

http://ilias.msys.ch/goto.php?target=svy_41&client_id=ipv6

and you start the survey by pressing the button on the top left.

Many thanks,
Marc & Claudio

Re: starting gnome session with gdm as non root

[Tom Van Looy]

>I can start gnome by just typing "gdm", and then log in as a user.
>But I dont think this is a right or secure way to use gnome.

add the following line to the end of /etc/rc.local
/usr/local/bin/gdm -nodaemon &

This starts gdm at system startup. If you want to log in from the commandline 
you can just use startx. Do a echo "exec gnome-session" > ~/.xinitrc if you 
want startx to choose gnome.

Re: Go order your 4.5 CD

[Tom Van Looy]

Ordered mine too.
And here's the artwork in a wallpaper format:
http://users.telenet.be/assarix/pub/wallpaper/45.png

Daniel Ouellet wrote:
The new puffy looks nice too. Look to me that may be we have a new disco 
puffy with the improvements on the audio in the system, but I could be 
wrong.

Re: openbsd.org man pages case sensitive (was: Re: umts need help)

[Tom Van Looy]

ropers wrote:

I've just noticed that the web-based openbsd.org man pages are
case-sensitive. Observe:

Is this intended behaviour or a bug?


So is the command line. I think it should stay case sensitive. E.g. "man 
Carp" and "man carp" point to different manpages.

Looking for Mini PCI Express wireless card suggestions

[Tom Van Looy]

Hi

My laptop (HP ProBook 6560b) has a Broadcom BCM4313 wifi card. Seems like
it's not supported (there is also a thread on misc@ about this card).

I want to buy a new card. What mini PCI express card is the best card you
can buy?

For example, there are a lot of cards in the iwn driver. I can buy a "Intel
Centrino Ultimate-N 6300" or "Intel Centrino Advanced-N 6235" for around 30
euro, but I can also buy a "Intel Centrino Wireless-N 2230" for 13 euro or
something non Intel like "Realtek RTL8192CE" for 20 euro.

They all should be supported, but I'm not sure what to expect. Any
suggestions?

Kind regards,

Tom

Re: Looking for Mini PCI Express wireless card suggestions

[Tom Van Looy]

I think the cheapest (Wireless-N 2230) is ok because they all are 300
Mbit/s and OpenBSD doesn't support bluetooth.

And you would recommend iwn and not something else?

On Mon, Jan 5, 2015 at 8:00 AM, Stefan Sperling  wrote:

> On Sun, Jan 04, 2015 at 11:27:54PM +0100, Tom Van Looy wrote:
> > Hi
> >
> > My laptop (HP ProBook 6560b) has a Broadcom BCM4313 wifi card. Seems like
> > it's not supported (there is also a thread on misc@ about this card).
> >
> > I want to buy a new card. What mini PCI express card is the best card you
> > can buy?
> >
> > For example, there are a lot of cards in the iwn driver. I can buy a
> "Intel
> > Centrino Ultimate-N 6300" or "Intel Centrino Advanced-N 6235" for around
> 30
> > euro, but I can also buy a "Intel Centrino Wireless-N 2230" for 13 euro
>
> Any of the above should work with iwn(4). I'd suggest to get one of these,
> whichever matches your budget and requirements best.
>
> Note that some laptop brands have an artificial limitation where they
> refuse to boot if the wireless card has a PCI ID unknown to the BIOS.
> Not sure if this is a problem with HP but Lenovo Thinkpads do have this
> problem. In these cases the card needs to be compatible with both the
> laptop and OpenBSD.
>
> > or something non Intel like "Realtek RTL8192CE" for 20 euro.
>
> This Realtek PCI card is not supported yet. Its USB dongle cousins are
> supported by urtwn(4). But the PCI ones don't work, unfortunately.
>
> > They all should be supported, but I'm not sure what to expect. Any
> > suggestions?
> >
> > Kind regards,
> >
> > Tom

Re: Looking for Mini PCI Express wireless card suggestions

[Tom Van Looy]

Thank you for warning me about the BIOS! I just tried with an Intel card
from an old machine (Intel PRO/Wireless 3945ABG) and the BIOS indeed
disables the card.

I also had a USB device lying around which came with my TV :-) it's an
Atheros AR9271 rev 1. It works and allows me to go sit in the couch with
the laptop now.

Thanks everyone!

Re: Looking for Mini PCI Express wireless card suggestions

[Tom Van Looy]

Seems that HP has an driver for Intel cards that should work with my
laptop. Maybe there is some hope for it to work after all.
ftp://ftp.hp.com/pub/softpaq/sp56501-57000/sp56752.html

On Mon, Jan 5, 2015 at 10:04 PM, Tom Van Looy  wrote:

> Thank you for warning me about the BIOS! I just tried with an Intel card
> from an old machine (Intel PRO/Wireless 3945ABG) and the BIOS indeed
> disables the card.
>
> I also had a USB device lying around which came with my TV :-) it's an
> Atheros AR9271 rev 1. It works and allows me to go sit in the couch with
> the laptop now.
>
> Thanks everyone!

Authpf not working with ssh -fN session

[Tom Van Looy]

Hi

I'm using authfp to secure an NFS server (authpf required before mount).
This works when I use it interactively, but not when I try to background
the SSH session (ports stay closed).

I want to use this in a shell script. Something like this:

ssh -fN nas_u...@puffy.home.ctors.net
SSH_SESSION=$!
sudo mount -t nfs puffy.home.ctors.net:/home/nas ~/nas
# copy files ...
sudo umount ~/nas
kill $SSH_SESSION

The SSH command is in the ps output and in netstat on both sides (client
and server) but the mount won't work (timeout) because the firewall is not
changed by authpf.

I compared ssh -vvv output from the regular ssh session with the background
ssh and see that they are identical until "Authenticated to
puffy.home.ctors.net". After that line I see that the regular session
prints stuff about "ignoring env ..." and the background one prints
"forking to background". When the sessions are closed they both print that
data was transfered (send/receive) etc.

Is this something that can work and if so, what am I doing wrong of how do
I debug this any further? I'm stuck. :-)

Thanks,

Tom Van Looy

Re: Authpf not working with ssh -fN session

[Tom Van Looy]

Yes. That is what the manpage says. I'm not sure what you are trying to say
with it. I think I am not using it as a shell ... Can you explain?

On Sun, Aug 16, 2015 at 9:39 PM, laudarch  wrote:

> authpf is not a shell
>
> On 2015-08-16 19:13, Tom Van Looy wrote:
>
>> Hi
>>
>> I'm using authfp to secure an NFS server (authpf required before mount).
>> This works when I use it interactively, but not when I try to background
>> the SSH session (ports stay closed).
>>
>> I want to use this in a shell script. Something like this:
>>
>> ssh -fN nas_u...@puffy.home.ctors.net
>> SSH_SESSION=$!
>> sudo mount -t nfs puffy.home.ctors.net:/home/nas ~/nas
>> # copy files ...
>> sudo umount ~/nas
>> kill $SSH_SESSION
>>
>> The SSH command is in the ps output and in netstat on both sides (client
>> and server) but the mount won't work (timeout) because the firewall is not
>> changed by authpf.
>>
>> I compared ssh -vvv output from the regular ssh session with the
>> background
>> ssh and see that they are identical until "Authenticated to
>> puffy.home.ctors.net". After that line I see that the regular session
>> prints stuff about "ignoring env ..." and the background one prints
>> "forking to background". When the sessions are closed they both print that
>> data was transfered (send/receive) etc.
>>
>> Is this something that can work and if so, what am I doing wrong of how do
>> I debug this any further? I'm stuck. :-)
>>
>> Thanks,
>>
>> Tom Van Looy

[HAR2009] Finall call for papers: submit before may 15th

[Tom Van Looy]

 Original Message 
Subject: [HAR2009] Finall call for papers: submit before may 15th
Date: Fri, 1 May 2009 21:09:50 +0200
From: HAR2009 
Reply-To: har-annou...@har2009.org
To: annou...@har2009.org


Finall call for papers: submit before may 15th

   A significant number of interesting talks and workshops have been
   submitted already, but there is still room in the program for more. The
   uniting theme is, of course, technology. Explicitly sollicited are any
   talks, workshops or other activities that are about pure, hard
   technology. But, dont be afraid to submit anything of a less technical
   nature, maybe just skirting the fringes of technology. But, remember,
   _all_ talks and workshops should definetely be interesting and
   knowledgeable, hopefully be groundbreaking, and possibly, fun.

   The call for papers is available as [1]html, [2]pdf and [3]ascii.
   Please circulate widely: email your friends and relevant mailing lists.
   Proposals may be submitted on
   [4]https://pentabarf.har2009.org/submission/HAR2009, but must be in
   before may 15th.

World community grid

   BOINC! Yes, head over to the [5]World Community Grid site now,
   download the BOINC client and help HAR2009 earn an extra buck! We
   invite you to join the World Community Grid HAR2009-Team, and donate
   some of your CPU power to worthy causes. IBM, who have recently become
   one of the event sponsors, will add to their pledged amount if we all
   manage to get 250 new and active WCG accounts up before June 1st.

   So set yourself up to join the HAR2009 team!

   If you are already active in the world community grid, use this link to
   [6]join the HAR2009 team.

   If you are not part of the Grid yet, go to [7]the WCG-website,
   download & install the software (BOINC) and join the team
   automagically!

   Speaking of sponsors, it is because of [8]these generous parties that
   it was possible to extend the early-bird deadline. Since our last
   announcement, the [9]NLnet foundation is also among those friends of
   HAR2009. They have done and are doing a lot to keep the world open!

References

  1. https://har2009.org/post/call-for-papers
  2.
http://har2009.org/wp-content/uploads/2008/12/har2009_call_for_papers.pdf
  3.
http://har2009.org/wp-content/uploads/2008/12/har2009_call_for_papers.txt
  4. https://pentabarf.har2009.org/submission/HAR2009
  5.
http://secure.worldcommunitygrid.org/reg/viewRegister.do?teamID=1SJQMVGGV1
  6.
http://secure.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=1SJQMVGGV1
  7.
http://secure.worldcommunitygrid.org/reg/viewRegister.do?teamID=1SJQMVGGV1
  8. https://har2009.org/sponsors
  9. http://nlnet.nl/

___
Har-announce mailing list
har-annou...@har2009.org
http://mx.har2009.org/mailman/listinfo/har-announce

Re: 4.5 soon, but ...

[Tom Van Looy]

I tried the new installer today with the last snapshot. Nice job! Still
pretty clean. Who's going to do the first < 2 minute OpenBSD install
with the new installer? ;-)

Theo de Raadt wrote:
> So OpenBSD 4.5 will be available soon, next weekend.
> 
> I feel that I should urge people to avoid the new snapshots until
> after they give 4.5 a try, because a few of us have been improving the
> system installer a little bit.  It is night and day.
> 
> Therefore; don't try to install a -current snapshot or you'll really
> hate installing 4.5...

Re: [ot] debian switching to eglibc

[Tom Van Looy]

frantisek holop wrote:
> hmm, on Thu, May 07, 2009 at 03:13:53PM +0200, frantisek holop said that
>> http://www.osnews.com/story/21441/Debian_Switching_to_EGLIBC
> 
> http://sourceware.org/bugzilla/show_bug.cgi?id=4980
> 
> hillarious.  good fun.
> who does this remind me?  let's see...
> 
> and as added bonus, thorsten is there, long time no see mate.
> 
> -f

Shut up! You should be punished anyway!
http://sources.redhat.com/ml/libc-alpha/2000-08/msg00053.html

Re: cp(1) bug ?

[Tom Van Looy]

on unix everything is a file?


>- Oorspronkelijk bericht -
>Van: Ted Unangst [mailto:[EMAIL PROTECTED]
>Verzonden: zaterdag, oktober 20, 2007 01:18 AM
>Aan: 'Aaron W. Hsu'
>CC: [EMAIL PROTECTED], misc@openbsd.org
>Onderwerp: Re: cp(1) bug ?
>
>On 10/19/07, Aaron W. Hsu <[EMAIL PROTECTED]> wrote:
>> > From: "Tom Van Looy" <[EMAIL PROTECTED]>
>> > Date: Fri, 19 Oct 2007 20:21:56 +
>> > Subject: Re: cp(1) bug ?
>> >
>> > it shall do nothing more with source_file and shall go on to any
>> > remaining files.
>>
>> Doesn't this mean that cp should not do anything when, for example, the
>> following command is run?
>>
>>$ cp -R foo foo/
>
>no, because that section is talking about files, not directories.

Re: About Xen: maybe a reiterative question but ..

[Tom Van Looy]

I think you forgot to count power savings here?

Theo de Raadt wrote:

And when physical servers cost less than some vmware licenses
Then it is even more dumb to defend such stupid practices.

binat and VPN question

[Tom Van Looy]

Hi

I have 2 ipsec VPN endpoints on a firewall. The remote networks both use the
same address range (10.10.1/24). The question is now to route this?

I was thinking about using binat to NAT one of the two networks to 10.10.2/24.
So that on my network 10.10.1.1 is actually 10.10.1.1 on remote network A and
10.10.2.1 is actually 10.10.1.1 on remote network B. But is that possible for
an entire network?

Or is there an other way?

Kind regards,

Tom Van Looy

Re: binat and VPN question

[Tom Van Looy]

And I can't just change the IP range of network A and B because these 
are customer networks (and they for sure don't want to change it).



Tom Van Looy wrote:

Hi

I have 2 ipsec VPN endpoints on a firewall. The remote networks both use the
same address range (10.10.1/24). The question is now to route this?

I was thinking about using binat to NAT one of the two networks to 10.10.2/24.
So that on my network 10.10.1.1 is actually 10.10.1.1 on remote network A and
10.10.2.1 is actually 10.10.1.1 on remote network B. But is that possible for
an entire network?

Or is there an other way?

Kind regards,

Tom Van Looy

Re: Real men don't attack straw men

[Tom Van Looy]

Hi

About the ports tree, maybe you are right and OpenBSD should go kick out 
the possibly 50 ports that you have a problem with.


Now, about BSD/GPL that's an other story. But that doesn't mean we can't 
learn from each other and help each other.


I hope it has to do Richards efforts on the GNU/Linux side of the 
open-source world that even Ubuntu works on a completely free edition 
(Gobuntu) nowadays.


OpenBSD "refuses to accept it's users being forced into depending on 
vendor binaries" and pushes people to "send a message that open support 
for hardware matters". Unix is becoming mainstream again. You should all 
work together at educating new people.


Kind regards,

Tom



Richard Stallman wrote:

It looks like some people are having a discussion in which they
construct views they would find outrageous, attribute them to me, and
then try to blame me for them.

For such purposes, knowledge of my actual views might be superfluous,
even inconvenient.  However, if anyone wants to know what I do think,
I've stated it in various articles in http://www.gnu.org/philosophy/.
In particular, see http://www.gnu.org/philosophy/freedom-or-power.html.

One question particularly relevant for this list is why I don't
recommend OpenBSD.  It is not about what the system allows.  (Any
general purpose system allows doing anything at all.)  It is about
what the system suggests to the user.

Since I consider non-free software to be unethical and antisocial, I
think it would be wrong for me to recommend it to others.  Therefore,
if a collection of software contains (or suggests installation of)
some non-free program, I do not recommend it.  The systems I recommend
are therefore those that do not contain (or suggest installation of)
non-free software.


From what I have heard, OpenBSD does not contain non-free software

(though I am not sure whether it contains any non-free firmware
blobs).  However, its ports system does suggest non-free programs, or
at least so I was told when I looked for some BSD variant that I could
recommend.  I therefore exercise my freedom of speech by not including
OpenBSD in the list of systems that I recommend to the public.

I could recommend OpenBSD privately with a clear conscience to someone
I know will not install those non-free programs, but it is rare that I
am asked for such recommendations, and I know of no practical reason
to prefer OpenBSD to gNewSense.

The fact that OpenBSD is not a variant of GNU is not ethically
important.  If OpenBSD did not suggest non-free programs, I would
recommend it along with the free GNU/Linux distros.

Re: OpenBSD 4.3 in peril?

[Tom Van Looy]

I think you mean Hungry Hippo. :p

>Don't make me install Frosty Warthog!!

Re: Linus about C++

[Tom Van Looy]

I advise you to read "The Art of Unix Programming" by Eric Steven Raymond
http://www.catb.org/~esr/writings/taoup/html/ch14s04.html#cc_language
In this book you can find more about the Unix philosophy, and arguments on why 
C++ is wrong.


>- Oorspronkelijk bericht -
>Van: Brian Hansen [mailto:[EMAIL PROTECTED]
>Verzonden: vrijdag, december 28, 2007 07:33 AM
>Aan: misc@openbsd.org
>Onderwerp: Linus about C++
>
>Hi.
>
>This is partly not OpenBSD related, and yet again someone pointed out that
>perhaps a lot of bug could be avoided using C++. I am writting my big paper
>on C and C++ and would like some comments from people who are experts.
>
>Off-list is okay, but maybe others are interested as well.
>
>I found this statement of Linux Torvalds about C++ online:
>
>
>C++ is a horrible language. It's made more horrible by the fact that a lot
>of substandard programmers use it, to the point where it's much much
>easier to generate total and utter crap with it. Quite frankly, even if
>the choice of C were to do *nothing* but keep the C++ programmers out,
>that in itself would be a huge reason to use C.
>
>C++ leads to really really bad design choices. You invariably start using
>the "nice" library features of the language like STL and Boost and other
>total and utter crap, that may "help" you program, but causes:
>
> - infinite amounts of pain when they don't work (and anybody who tells me
>   that STL and especially Boost are stable and portable is just so full
>   of BS that it's not even funny)
>
> - inefficient abstracted programming models where two years down the road
>   you notice that some abstraction wasn't very efficient, but now all
>   your code depends on all the nice object models around it, and you
>   cannot fix it without rewriting your app.
>
>In other words, the only way to do good, efficient, and system-level and
>portable C++ ends up to limit yourself to all the things that are
>basically available in C. And limiting your project to C means that people
>don't screw that up, and also means that you get a lot of programmers that
>do actually understand low-level issues and don't screw things up with any
>idiotic "object model" crap.
>
>
>Is he right?
>
>Best regards, and forgive me if I am to much "off topic".

Re: OpenBSD 4.2 dhcpd(8)

[Tom Van Looy]

The current implementation of dhcpd in base was a reworked version of 
ISC dhcpd 2.0pl5-OpenBSD (port). The rework was done by Henning Brauer.


If you look at cvsweb you can find this information.

Kind regards,

Tom



Tim Stewart wrote:

Hello all,

Does anyone know which version of ISC DHCP that OpenBSD 4.2 uses for
dhcpd(8)?  I wasn't able to find any clue on the webpage or associated
documentation.

It feels a lot like a 2.x release based on the options available, but
I just want to make sure.

Thanks.

Re: Network Slowness Proliant DL380 G4

[Tom Van Looy]

I also have this nic in my Lenovo R60:
bge0 at pci2 dev 0 function 0 "Broadcom BCM5751M" rev 0x21, BCM5750 C1 
(0x4201): irq 11, address 00:16:d3:b8:d6:4c


experiencing the same problems


Joe Warren-Meeks wrote:

On Thu, Feb 07, 2008 at 03:04:13PM +, Stuart Henderson wrote:

Hey there,
 

recvspace and sendspace do *nothing* to packet-forwarding
performance. they affect only locally sourced/sinked traffic.


Ah yes, of course. So, is there anything I can do, or need to do, to
ensure good throughput? Or is the bge driver ok for that?

 -- joe.

Re: FOSDEM 23/24 Feb Brussels

[Tom Van Looy]

Actually, it's the Netherlands that speak a slightly modified version of dutch. 
Only Flemish Belgium speaks true Dutch.

The term "Flemish" covers the Belgian Dutch dialects.

It's a bit confusing because of the naming and translations to English, I think 
this is caused by the fact that Belgium is partly French and the Netherlands is 
completely Dutch.

ps: will be at Fosdem too



>- Oorspronkelijk bericht -
>Van: nicodache [mailto:[EMAIL PROTECTED]
>Verzonden: vrijdag, februari 22, 2008 12:35 PM
>Aan: misc@openbsd.org
>Onderwerp: Re: FOSDEM 23/24 Feb Brussels
>
>You're right, this is the native language of the Netherlands, and also
>(in a slightly modified version) the one spoken by half the people
>from belgium.
>The first one is the dutch, the second the flemish.
>
>I think if you try to binary-xor it with the lyrics from latest song
>from clouseau, you'd get something near english you can understand.
>
>cheers,
>
>nicodache_punt_be ^^
>
>2008/2/22 Mayuresh Kathe <[EMAIL PROTECTED]>:
>> Golly, what language is that? is it the native language of NL?
>>  I tried running it through 'rot13', but that complicated it even more.
>>
>>
>>  2008/2/22 Han Boetes <[EMAIL PROTECTED]>:
>>
>>
>> > Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
>>  >  plezier. :-)
>>  >
>>  >  Groetjes aan Tilly. ;-)
>>  >
>>  >
>>  >
>>  >  Wim Vandeputte wrote:
>>  >  > like each year we'll be present at the FOSDEM event in Brussels, it's
>>  >  > completely free entrance, plenty of interesting things to see,
>>  >  > even a BSD devroom with presenations
>>  >  >
>>  >  > Feel free to drop by
>>  >  >
>>  >  > http://www.fosdem.org/
>>  >  >
>>  >  > This weekend.
>>  >
>>  >
>>  >
>>  >  # Han

Compile bind on 4.2 fails -> no acceptable grep in path

[Tom Van Looy]

The source is the src.tar.gz from CD's, I didn't update/patch it yet.

[EMAIL PROTECTED] ~]
# sysctl kern.version
kern.version=OpenBSD 4.2-stable (GENERIC) #0: Mon Mar  3 23:45:54 CET 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

[EMAIL PROTECTED] ~]
# cd /usr/src/usr.sbin/bind

[EMAIL PROTECTED] /usr/src/usr.sbin/bind]
# make -f Makefile.bsd-wrapper clean
rm -f

[EMAIL PROTECTED] /usr/src/usr.sbin/bind]
# make -f Makefile.bsd-wrapper obj
/usr/src/usr.sbin/bind/obj -> /usr/obj/usr.sbin/bind

[EMAIL PROTECTED] /usr/src/usr.sbin/bind]
# make -f Makefile.bsd-wrapper
PATH="/bin:/usr/bin:/sbin:/usr/sbin"  CC="cc" CFLAGS="-O2 -pipe  " LDFLAGS=""
INSTALL_PROGRAM="install -c -s"  sh /usr/src/usr.sbin/bind/configure
--prefix=/usr  --localstatedir=/var  --sysconfdir=/etc  --disable-shared
--disable-threads
checking build system type... i386-unknown-openbsd4.2
checking host system type... i386-unknown-openbsd4.2
checking whether make sets $(MAKE)... yes
checking for ranlib... ranlib
checking for a BSD-compatible install... /usr/bin/install -c
checking for ar... /usr/bin/ar
checking for etags... no
checking for emacs-etags... no
checking for perl5... no
checking for perl... /usr/bin/perl
checking for gcc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for grep that handles long lines and -e... configure: error: no
acceptable grep could be found in /bin:/usr/bin:/sbin:/usr/sbin:/usr/xpg4/bin
*** Error code 1

Stop in /usr/src/usr.sbin/bind (line 69 of
/usr/src/usr.sbin/bind/Makefile.bsd-wrapper).

[EMAIL PROTECTED] /usr/src/usr.sbin/bind]
which grep
/usr/bin/grep

This also occurs when I try to install acroread from ports.
The same error when compiling /usr/ports/archivers/gcpio as dependency.

I guess it must be my fault because I searched the list and didn't find
anything. But I don't see what I'm doing wrong ...

Kind regards,

Tom Van Looy

Re: Compile bind on 4.2 fails -> no acceptable grep in path

[Tom Van Looy]

LATFORM_USETHREADS=''
ISC_SOCKADDR_LEN_T=''
ISC_THREAD_DIR=''
LATEX=''
LDFLAGS=''
LIBBIND=''
LIBOBJS=''
LIBS=''
LIBTOOL=''
LIBTOOL_ALLOW_UNDEFINED=''
LIBTOOL_IN_MAIN=''
LIBTOOL_MKDEP_SED=''
LIBTOOL_MODE_COMPILE=''
LIBTOOL_MODE_INSTALL=''
LIBTOOL_MODE_LINK=''
LN='ln'
LN_S=''
LTLIBOBJS=''
LWRES_HAVE_SIN6_SCOPE_ID=''
LWRES_PLATFORM_HAVEINADDR6=''
LWRES_PLATFORM_HAVEIPV6=''
LWRES_PLATFORM_HAVESALEN=''
LWRES_PLATFORM_NEEDIN6ADDRANY=''
LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK=''
LWRES_PLATFORM_NEEDNETINET6IN6H=''
LWRES_PLATFORM_NEEDNETINETIN6H=''
LWRES_PLATFORM_NEEDSPRINTF=''
LWRES_PLATFORM_NEEDSTRTOUL=''
LWRES_PLATFORM_NEEDSYSSELECTH=''
LWRES_PLATFORM_NEEDVSNPRINTF=''
LWRES_PLATFORM_QUADFORMAT=''
LWRES_PLATFORM_USEDECLSPEC=''
MKDEPCC=''
MKDEPCFLAGS=''
MKDEPPROG=''
O=''
OBJEXT='o'
PACKAGE_BUGREPORT=''
PACKAGE_NAME=''
PACKAGE_STRING=''
PACKAGE_TARNAME=''
PACKAGE_VERSION=''
PATH_SEPARATOR=':'
PDFLATEX=''
PERL='/usr/bin/perl'
PURIFY=''
RANLIB='ranlib'
SA=''
SET_MAKE=''
SHELL='/bin/sh'
STD_CDEFINES=''
STD_CINCLUDES=''
STD_CWARNINGS=''
STRIP=''
USE_GSSAPI=''
USE_OPENSSL=''
XMLLINT=''
XSLTPROC=''
XSLT_DB2LATEX_ADMONITIONS=''
XSLT_DB2LATEX_STYLE=''
XSLT_DOCBOOK_CHUNK_HTML=''
XSLT_DOCBOOK_CHUNK_XHTML=''
XSLT_DOCBOOK_STYLE_HTML=''
XSLT_DOCBOOK_STYLE_MAN=''
XSLT_DOCBOOK_STYLE_XHTML=''
ac_ct_CC='cc'
ac_ct_CXX=''
ac_ct_F77=''
bindir='${exec_prefix}/bin'
build='i386-unknown-openbsd4.2'
build_alias=''
build_cpu='i386'
build_os='openbsd4.2'
build_vendor='unknown'
datadir='${datarootdir}'
datarootdir='${prefix}/share'
docdir='${datarootdir}/doc/${PACKAGE}'
dvidir='${docdir}'
exec_prefix='NONE'
host='i386-unknown-openbsd4.2'
host_alias=''
host_cpu='i386'
host_os='openbsd4.2'
host_vendor='unknown'
htmldir='${docdir}'
includedir='${prefix}/include'
infodir='${datarootdir}/info'
libdir='${exec_prefix}/lib'
libexecdir='${exec_prefix}/libexec'
localedir='${datarootdir}/locale'
localstatedir='/var'
mandir='${datarootdir}/man'
oldincludedir='/usr/include'
pdfdir='${docdir}'
prefix='/usr'
program_transform_name='s,x,x,'
psdir='${docdir}'
purify_path=''
sbindir='${exec_prefix}/sbin'
sharedstatedir='${prefix}/com'
subdirs=' lib/bind'
sysconfdir='/etc'
target_alias=''

## --- ##
## File substitutions. ##
## --- ##

BIND9_MAKE_INCLUDES=''
BIND9_MAKE_RULES=''
LIBBIND9_API=''
LIBDNS_API=''
LIBISCCC_API=''
LIBISCCFG_API=''
LIBISC_API=''
LIBLWRES_API=''

## --- ##
## confdefs.h. ##
## --- ##

#define PACKAGE_NAME ""
#define PACKAGE_TARNAME ""
#define PACKAGE_VERSION ""
#define PACKAGE_STRING ""
#define PACKAGE_BUGREPORT ""

configure: exit 1



Philip Guenther wrote:

On Wed, Mar 5, 2008 at 2:29 PM, Tom Van Looy <[EMAIL PROTECTED]> wrote:

The source is the src.tar.gz from CD's, I didn't update/patch it yet.

...

 checking for grep that handles long lines and -e... configure: error: no
 acceptable grep could be found in /bin:/usr/bin:/sbin:/usr/sbin:/usr/xpg4/bin
 *** Error code 1


Is your /usr/bin/grep the original that came with 4.2 or has it been
replaced?  (Try re-extracting it from base42.tgz)

What's the config.log file show for this test?


Philip Guenther

4.3 - acpi critical temperature on Lenovo R60

[Tom Van Looy]

Yesterday I sent my 4.3 dmesg (to dmesg@).
Today I was comparing dmesgs to see what changed and noticed "critical 
temperature warnings". See dmesg below, I would say that's not normal.

But with acpi I am able to turn off my machine now without rebooting :-)
Very nice, thank you!

OpenBSD 4.3 (GENERIC) #695: Tue Mar  4 14:28:56 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 1072066560 (1022MB)
avail mem = 1028591616 (980MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/18/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS 
rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version "7CETC6WW (2.16 )" date 04/18/2007
bios0: LENOVO 9461DXG
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "92P1141" serial  5361 type LION oem "SONY"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpidock at acpi0 not configured
bios0: ROM list: 0xc/0xfe00 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 
0xe/0x1!
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2506000b25
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1833 MHz (1292 mV): speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
agp0 at pchb0: no integrated graphics
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: irq 11
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X1400" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 11
azalia0: codec[s]: Analog Devices/0x1981, Conexant/0x2bfa, using Analog 
Devices/0x1981
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: irq 11
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 "Broadcom BCM5751M" rev 0x21, BCM5750 C1 
(0x4201): irq 11, address 00:16:d3:b8:d6:4c
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: irq 11
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: irq 11, 
MoW2, address 00:1b:77:41:1d:be
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: irq 11
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: irq 11
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 11
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 "TI PCIXX12 CardBus" rev 0x00: irq 11
"TI PCIXX12 FireWire" rev 0x00 at pci6 dev 0 function 1 not configured
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ahci0 at pci0 dev 31 function 2 "Intel 82801GBM AHCI" rev 0x02: irq 11, AHCI 1.1
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 114473MB, 14593 cyl, 255 head, 63 sec, 512 bytes/sec, 234441648 sec total
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: irq 11
iic0 at ichiic0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI roo

Broken link in 'man sendmail(8)'

[Tom Van Looy]

The manual page of sendmail(8) contains the following link:
http://www.sendmail.org/tips/DontBlameSendmail.html

It seems sendmail replaced the link by the following:
http://www.sendmail.org/tips/DontBlameSendmail.php

Can someone please fix this?

OpenBSD 4.0 dvd case

[Tom Van Looy]

Some people thought the current 4.0 artwork was to childish for a
corporate environment. I created a more simple and clean looking dvd
case. You can download it at http://puffy.ctors.net/

If you have some comments about this, please let me know.

Re: OpenBSD 4.1 Pre-Orders...

[Tom Van Looy]

No T-shirts this time?

Darrin Chandler wrote:
> Have you got yours yet?!
> 
> http://undeadly.org/cgi?action=article&sid=20070312181549

Re: Important OpenBSD errata

[Tom Van Looy]

What about: "Release Mode: FORCED RELEASE"?
This is about the exploit, right? And not the advisory.


Theo de Raadt wrote:
> This means everyone should have our latest patches installed.
> 
> 
> Date: Tue, 13 Mar 2007 19:40:15 -0300
> From: CORE Security Technologies Advisories <[EMAIL PROTECTED]>
> Organization: CORE Security Technologies
> MIME-Version: 1.0
> To: Bugtraq , Vulnwatch <[EMAIL PROTECTED]>
> Subject: CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit

Re: Beep!

[Tom Van Looy]

great man, thanks :-)
the echo \a etc. never worked with me

I replaced "echo '.'" in /etc/rc.local with "echo 'C' > /dev/speaker"
so now I know when my headless server is ready booting up



Reyk Floeter wrote:
> On Tue, Apr 10, 2007 at 07:53:23AM -0700, Manuel Ravasio wrote:
>> Hello list.
>>
>> I have a small, trivial task I can't accomplish and I'm sure you guys can
>> help me in a second.
>> I'm creating some shell scripts for various administrative purposes, and I'd
>> really like to add some kind of command at the end of each in order to have
>> the pc speaker BEEP when the script is over.
>>
>> Is there a way to do so on OpenBSD 4.0/i386?
>> I've shuffled through MISC archives and FAQs, but I found nothing relevant...
>>
>>
> 
> man speaker(4)
> 
> for example,
> # echo 'CDEFGAHO>C' > /dev/speaker
> 
> reyk

acx/ath card information

[Tom Van Looy]

This (acx) is a wireless minipci card I got out of a broken D-Link DI-624+

acx0 at pci0 dev 16 function 0 "TI ACX111" rev 0x00: irq 10
acx0: ACX111, radio Radia (0x16), EEPROM ver 5, address 00:0f:3d:0e:28:75

Also I use the ath driver for a D-Link DWL-G650 rev C.
(but it seems unstable, after eg. an hour of usage it's really slow)

Actually the manpages said DWL-G650 should be supported by acx, well it
appears as an ath on my machine.

More details on request (eg. dmesg).
(this is all 4.0 with security patches)

Re: Read and write disk statistics

[Tom Van Looy]

$ systat -w 1 iostat


Federico Giannici wrote:
I'd like to know how much of the disk activity is for reads and how much 
is for writes.


It seems that there are a few system commands that show statistics about 
disks activity (iostat, vmstat, systat) but none of them separate reads 
and writes.


Is there some command that shows the READ disk stats and WRITE disk 
stats, SEPARATELY?



Thanks.

Re: Read and write disk statistics

[Tom Van Looy]

Then read man systat and find the section about display iostat, it has a
command:

split   Toggle the display of separate read/write statis-
tics (the default is combined statistics).


Federico Giannici wrote:

Tom Van Looy wrote:

$ systat -w 1 iostat


Unfortunately under 3.9 (where I need it) the output is different and
reads and writes are not separate.

Anything similar working under 3.9?

Thanks.



Federico Giannici wrote:

I'd like to know how much of the disk activity is for reads and how
much is for writes.

It seems that there are a few system commands that show statistics
about disks activity (iostat, vmstat, systat) but none of them
separate reads and writes.

Is there some command that shows the READ disk stats and WRITE disk
stats, SEPARATELY?


Thanks.

ntpd use dhclient ntp-servers

[Tom Van Looy]

Hi, I wanted to let my ntp client use the servers it receives from the 
dhcp server (3.0 from packages). I made it working like this:


I added ntp-servers to /etc/dhclient.conf, and the following function to 
the /sbin/dhclient-script script:


add_new_ntp() {
   if [ -n "$new_ntp_servers" ]; then
  sed "/^server/d" /etc/ntpd.conf > /etc/ntpd.conf.new
  for address in $new_ntp_servers; do
 echo "server" $address >> /etc/ntpd.conf.new
  done
  mv /etc/ntpd.conf.new /etc/ntpd.conf && pkill -KILL ntpd && ntpd
   fi
}

I use add_new_ntp after add_new_routes in BOUND|RENEW|REBIND|REBOOT)

Is this the right way to do let ntp use dhclient?
And, is what I did in add_new_ntp() the best way to do it?

It seems that the script works. After executing "/bin/sh /etc/netstart 
bce0" I see the following in /var/log/daemon:


May  2 22:35:51 kaat dhclient[30663]: DHCPREQUEST on bce0 to 
255.255.255.255 port 67

May  2 22:35:51 kaat dhclient[30663]: DHCPACK from 127.0.0.1
May  2 22:35:51 kaat ntpd[2737]: Lost child: child terminated; signal 9 
(Killed)

May  2 22:35:51 kaat ntpd[27146]: ntp engine ready
May  2 22:35:51 kaat dhclient[30663]: bound to 192.168.1.80 -- renewal 
in 7200 seconds.

May  2 22:36:11 kaat ntpd[27146]: peer 192.168.1.7 now valid
May  2 22:36:14 kaat ntpd[27146]: peer 192.168.1.6 now valid
May  2 22:38:13 kaat ntpd[27146]: clock is now synced
May  2 22:52:39 kaat ntpd[12672]: adjusting clock frequency by 
-12.976140 to -12.976140ppm


But I have two additional questions about this:
1) my dhcpd runs at 192.168.1.5 (remote), so why DHCPACK from 127.0.0.1?
2) "adjusting clock frequency by -12.976140 to -12.976140ppm." These 
values are the same, what just happend?


Note: I don't run a DB server on the machine, so I don't think playing 
with the time hurts something. But anyway, I just want to be sure I get 
it right.


Regards,

Tom

Re: ntpd use dhclient ntp-servers

[Tom Van Looy]

Maurice Janssen wrote:

On Thursday, May  3, 2007 at 00:23:00 +0200, Tom Van Looy wrote:
Hi, I wanted to let my ntp client use the servers it receives from the 
dhcp server (3.0 from packages). I made it working like this:


I added ntp-servers to /etc/dhclient.conf, and the following function to 
the /sbin/dhclient-script script:


add_new_ntp() {
  if [ -n "$new_ntp_servers" ]; then
 sed "/^server/d" /etc/ntpd.conf > /etc/ntpd.conf.new
 for address in $new_ntp_servers; do
echo "server" $address >> /etc/ntpd.conf.new
 done
 mv /etc/ntpd.conf.new /etc/ntpd.conf && pkill -KILL ntpd && ntpd
  fi
}

I use add_new_ntp after add_new_routes in BOUND|RENEW|REBIND|REBOOT)

Is this the right way to do let ntp use dhclient?
And, is what I did in add_new_ntp() the best way to do it?


I'm not sure if it is wise to restart ntpd each time your dhcp
lease is renewed.  ntpd needs some time to settle and this will
interrupt this process again and again.

Maurice



You could be right. I changed it to only do it on REBOOT now.
Any idea about the DHCPACK from 127.0.0.1? That's still strange.

connection reset

[Tom Van Looy]

I have a 5250 telnet session open to an iSeries. When I do this from the 
LAN (to the DMZ), I can keep the connection idle for hours without it 
being reset by the iSeries.
When I connect to the iSeries (5250) from a remote site over the VPN 
(IPSec) the iSeries resets the connection after less than 15 minutes of 
idle time. The VPN goes over a cable network.


Now I enable SO_KEEPALIVE when I connect from the remote site and that 
seems to work (no resets when being idle). But my question is, why do I 
get these resets in the first place?


You can point me to RFC's, manpages, docs, tips, hints, ... anything. I 
would appreciate it a lot. I guess this is not really an OpenBSD 
question because I think it has nothing to do with the VPN (I can't 
imagine).


Regards,

Tom

Re: find -exec {} help

[Tom Van Looy]

I think this is also correct:

find . -name '*.htm' -exec cp '{}' '{}'.new \; \
-exec sed -i s/old/new/ '{}'.new \;



Hannah Schroeter wrote:

Hello!

On Mon, Jun 04, 2007 at 02:01:12PM +0200, Marc Espie wrote:

[...]



Don't use for loops with find results, they do not scale well.
Also, beware of spaces in file.



For this kind of thing, I generally use 'while read'



find . -type f -name \*.htm -print|while read f; do sed s/old/new <"$f" 
>"$f.new"; done


This isn't safe wrt newlines in file names, either.

A completely safe solution would be writing a small script:

#! /bin/sh
exec sed s/old/new/ < "$1" > "$1".new

and using find . -type f -name \*.htm -exec /path/to/script {} \;
or find . -type f -name \*.htm -print0 | xargs -0 -L 1 -r /path/to/script

Kind regards,

Hannah.

Re: How to run and manage a DNS server.

[Tom Van Looy]

http://lifewithdjbdns.org (henning@ wrote this ;-)
It's not about bind but it has stuff about mysql and ISP-Environments.

So it may be of your interest.


Sam Fourman Jr. wrote:

well here is a question, I was wondering if there would be anyway to make
OpenBSD based DNS
 servers have a PostgreSQL backend. (I know there will be a performance hit)

and does anyone know of a gtk front end for DNS management? or maybe a web
based solution that is just DNS not like a full install of webmin.


Sam Fourman Jr.

On 6/6/07, Open Phugu <[EMAIL PROTECTED]> wrote:

On 6/6/07, Bray Mailloux <[EMAIL PROTECTED]> wrote:

Hello;

This is my first time managing anything larger than a simple dhcp or pf
box and I'm wondering if there is anyone available on this list who can
answer a few questions I have concerning the creation and management of
DNS servers.

Give us details of what you want to accomplish and your questions.

ssh and sudo, password not hidden

[Tom Van Looy]

Hi

Today I used sudo as command to ssh and it echoed my sudo password.

[EMAIL PROTECTED] ~]
$ ssh soekris sudo pfctl -s state
[EMAIL PROTECTED]'s password:
Password:secret_in_echo

[EMAIL PROTECTED] ~]
$

I don't see anything about this in the manpage so I think this not 
expected behaviour. Normally I ssh from an Ubuntu box to the firewall, 
but to be sure, I ssh-ed to localhost on the openbsd box and I got the 
same result. What's wrong?


Kind regards,

Tom Van Looy

Re: ssh and sudo, password not hidden

[Tom Van Looy]

Oke, problem solved. But, why doesn't this flag get set implicitly when
using a command with ssh?


Chris Cohen wrote:

On Saturday 30 June 2007 19:31, Tom Van Looy wrote:

Hi

Today I used sudo as command to ssh and it echoed my sudo password.

[EMAIL PROTECTED] ~]
$ ssh soekris sudo pfctl -s state
[EMAIL PROTECTED]'s password:
Password:secret_in_echo

[EMAIL PROTECTED] ~]
$

I don't see anything about this in the manpage so I think this not
expected behaviour. Normally I ssh from an Ubuntu box to the firewall,
but to be sure, I ssh-ed to localhost on the openbsd box and I got the
same result. What's wrong?


Add -t to your ssh command:
 -t  Force pseudo-tty allocation.  This can be used to execute arbi-
 trary screen-based programs on a remote machine, which can be
 very useful, e.g. when implementing menu services.  Multiple -t
 options force tty allocation, even if ssh has no local tty.

Question about dynamic DNS (BIND 8 EOL: OpenBSD Makes It Easy)

[Tom Van Looy]

I read the article on undeadly and a question came up.

dhcpd in base install does not support dynamic DNS (which is modern I 
guess) so I followed this guide to configure a 4.0 box to support it 
http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php


But the following seems wrong to me:
cd /usr/sbin
mkdir isc-dhcp-2.0
mv dhcpd isc-dhcp-2.0/
mv /usr/local/sbin/dhcpd dhcpd

Because it breaks the rule of packages being outside of the base 
install. So, what is the correct way to do it? I'm going to upgrade 4.0 
to 4.2 when it releases so I actually am looking for information on this.


Or, is nobody using dynamic DNS for some reason?
Thanks for any advise about this.

Tom Van Looy

Re: 4.2 song

[Tom Van Looy]

I think it should have been 101 instead of 11. But if it's not 
than it's a good easter egg :-p (and I don't get it).


ropers wrote:

On 08/10/2007, Craig Skinner <[EMAIL PROTECTED]> wrote:

Theo de Raadt wrote:

 And there's a few easter eggs hidden in the song as well.


Okay, I can't bear it any longer. I thought that maybe binary 11
and 1010101 stood for decimal 33 and 85, and that made me think of
ASCII ! and U. But I just don't get it. Is anybody in a mood to
enlighten me?

Cheers,
ropers

Re: cp(1) bug ?

[Tom Van Looy]

I read that single unix specification thing again because the OpenBSD cp 
manpage says it is expected to be IEEE Std 1003.2 (``POSIX.2'') compatible.


For each source_file, the following steps shall be taken:

1) If source_file references the same file as dest_file, cp may write a 
diagnostic message to standard error; it shall do nothing more with source_file 
and shall go on to any remaining files.


_may_ write a diagnostic message, and all the rest is implementation-defined
So, for sure, it's not "wrong" behaviour if you look at posix.

Re: : cp(1) bug ?

[Tom Van Looy]

ps: it was a ;-p


Nick Guenther wrote:

On 10/19/07, Tom Van Looy <[EMAIL PROTECTED]> wrote:

Richard Toohey wrote:

On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote:

Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same
sort of outcome.


Copy foo to foo only once and quit, I think that's the correct
behaviour. I even think that posix more or less describes that.


That's what it should be doing I guess. But it's tricky, if you start
doing symlinks etc, you'll end up looping sooner or later. What if the
directoy's are not named the same (eg: hard links)?


correction: hard links are not allowed on directory's, ...
that being said, comparing inodes seems the best solution

only, don't give an error but copy once
maybe if I have time this weekend I'll try code that behaviour

Anyway, it has worked like that since years, and I guess nobody has had
a problem with it before. I don't think it should be changed just
because some bored guy playing with it noticed strange output ;-p


Sure, but "bored guy" can translate to "new ideas" and testing
somehow-still-untested code paths. It's worth a shot at fixing.

-Nick

Re: cp(1) bug ?

[Tom Van Looy]

cp on linux is part of gnu coreutils (http://www.gnu.org/software/coreutils/)
the error can be found in /coreutils-6.9/tests/cp/into-self

So it is not a part of bash or ksh (also on OpenBSD it is not part of the 
shell, the code is in /usr/src/bin/cp/).



>> I beat you to trying it on Linux
>
>No I didn't. Others beat me and you to it. Apologies for the unnecessary noise.
>
>(...)
>
>> IMHO cp behaving like this is somewhat nicer than its current
>> behaviour on apparently most or all BSD OSes.
>
>I'm surprised now.
>
>I just thought that what I wrote above was stupid, because I thought
>that the behaviour of cp was a function of the shell built-in command
>cp, not of the OS.
>To confirm this, I installed the OpenBSD default shell pdksh on
>Ubuntu. However, pdksh on Ubuntu gives the same result as bash on
>Ubuntu. So is this a function of the OS after all?
>
>| [EMAIL PROTECTED]:~$ uname -a
>| Linux tranquility 2.6.22-14-386 #1 Sun Oct 14 22:36:54 GMT 2007 i686 
>GNU/Linux
>| [EMAIL PROTECTED]:~$ echo $SHELL
>| /bin/bash
>
>We're on Linux and we're using bash.
>
>| [EMAIL PROTECTED]:~$ mkdir foo
>| [EMAIL PROTECTED]:~$ cp -r foo foo
>| cp: cannot copy a directory, `foo', into itself, `foo/foo'
>
>Bash behaves as expected.
>
>| [EMAIL PROTECTED]:~$ sudo apt-get install pdksh
>| Reading package lists... Done
>| Building dependency tree
>| Reading state information... Done
>| The following NEW packages will be installed:
>|   pdksh
>| 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
>| Need to get 0B/261kB of archives.
>| After unpacking 442kB of additional disk space will be used.
>| Selecting previously deselected package pdksh.
>| (Reading database ... 167230 files and directories currently installed.)
>| Unpacking pdksh (from .../pdksh_5.2.14-20build1_i386.deb) ...
>| Setting up pdksh (5.2.14-20build1) ...
>
>Ok, now pdksh is installed.
>
>| [EMAIL PROTECTED]:~$ pdksh
>| $ ps | grep sh
>|  6567 pts/000:00:00 bash
>|  6816 pts/000:00:00 pdksh
>|  6818 pts/000:00:00 pdksh
>
>Now we're running pdksh (echo $SHELL isn't changed when launching
>another shell interactively, hence the use of ps to confirm).
>
>| $ rm -rf foo
>
>Need to rm foo to start from scratch.
>
>| $ mkdir foo
>| $ cp -r foo foo
>| cp: cannot copy a directory, `foo', into itself, `foo/foo'
>
>Strange.
>
>pdksh on Linux behaves just like bash on Linux, and unlike pdksh on OpenBSD.
>I didn't expect that. So does that error message depend on OS APIs
>rather than the shell program and its built-in commands?

Re: : cp(1) bug ?

[Tom Van Looy]

correction: hard links are not allowed on directory's, ...
that being said, comparing inodes seems the best solution

only, don't give an error but copy once
maybe if I have time this weekend I'll try code that behaviour

Anyway, it has worked like that since years, and I guess nobody has had 
a problem with it before. I don't think it should be changed just 
because some bored guy playing with it noticed strange output ;-p


Regards,

Tom


Richard Toohey wrote:

On 19/10/2007, at 8:12 PM, Raimo Niskanen wrote:


On Thu, Oct 18, 2007 at 10:06:42PM +1300, Richard Toohey wrote:

JUST FOR FUN I have tried to "fix" this.  What I know about C code
can be written on the back of a postage stamp


Did I mention the SIZE of the postage stamp?  It's rather small ... 8-)


I am afraid solving the general case is harder.



The path length limit actually works as a crude, cheep and effective
cycle detection.

While Windows Finder solves the simple case of copying into
yourself, I do not think it has solved the general case.
Anyone curious to try?


Runs screaming into the night ... A lot more man reading for me, first!



--
/ Raimo Niskanen, Erlang/OTP, Ericsson AB


I might try a Linux install (got some Slackware 12.0 CDs) and look at
what it does (and its source code) - sure someone will beat me to it.

Looks like OpenBSD, FreeBSD, and Mac OS X BSD bits have the same
sort of outcome.

I got this from Tom Van Looy (thanks, Tom):

Copy foo to foo only once and quit, I think that's the correct 
behaviour. I even think that posix more or less describes that.


$ mkdir foo
$ cp -R foo foo
$ ls -R foo
foo/:
foo

foo/foo:

That's what it should be doing I guess. But it's tricky, if you start 
doing symlinks etc, you'll end up looping sooner or later. What if the 
directoy's are not named the same (eg: hard links)?


(please reply cc to the list)

And another email from Tom Van Looy:

Oh and yes, it doesn't go boom, the copy just stops when the max 
filename length is reached (logically). And " name too long 
(not copied)" is an error, you can just redirect it to dev null, cp -R 
foo foo 2>/dev/null, if you don't like it on your screen.


Try fixing it so that it doesn't copy a directory into itself when it is 
allready copied (so allow it only once). GNU cp does something like that:


$ mkdir foo
$ cp -R foo foo
cp: cannot copy a directory, `foo', into itself, `foo/foo'
$ ls -R foo
foo:
foo

foo/foo:

Only, I think the warning is not needed (and I didn't further test it, 
so it's possibly doing something else after all).

Re: Missing security announcements

[Tom Van Looy]

> just fire a crontab entry and move on

actually, that's a great idea, I just scheduled the following script
this mails the diff of errata.html, but only if something changed

#!/bin/sh
rel="44" # OpenBSD version

ftp http://www.openbsd.org/errata"$rel".html > /dev/null 2>&1
if [ "$?" != "0" ]; then
   echo "Unable to fetch errata page!"
   exit 1
fi

if [ ! -f .errata"$rel".old ]; then
   touch .errata"$rel".old
fi

mv errata"$rel".html .errata"$rel".new
diff -u .errata"$rel".old .errata"$rel".new > .errata"$rel".diff
if [ "$?" = "1" ]; then
   cat .errata"$rel".diff | mail -s "OpenBSD$rel errata changed" root
   rm .errata"$rel".old > /dev/null 2>&1
   mv .errata"$rel".new .errata"$rel".old
fi

exit 0

Dump on soekris slow?

[Tom Van Looy]

Hi

I use the dump script of openbsdsupport.org to backup the internal SATA disk of 
my soekris to an external USB disk.


  DUMP: 197357941 tape blocks
  DUMP: Date of this level 0 dump: Thu Nov 13 23:03:31 2008
  DUMP: Volume 1 completed at: Fri Nov 14 09:25:20 2008
  DUMP: Volume 1 took 10:14:48
  DUMP: Volume 1 transfer rate: 5350 KB/s
  DUMP: Date this dump completed:  Fri Nov 14 09:25:20 2008
  DUMP: Average transfer rate: 5350 KB/s
  DUMP: level 0 dump on Thu Nov 13 23:03:31 2008
  DUMP: DUMP IS DONE
  621m51.83s real 9m31.74s user   174m12.85s system
---
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/sd0a  458G188G247G43%/backup

The script did a level 0 dump of my /strg mountpoint to /backup yesterday. But, 
I think this is really slow. What should I be looking at?

My dmesg (soekris net5501-60):
OpenBSD 4.3 (GENERIC) #0: Tue Nov 11 09:13:17 CET 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 434 
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268005376 (255MB)
avail mem = 251092992 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/71/05, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x30
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address 
00:00:24:c9:5e:28
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, address 
00:00:24:c9:5e:29
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9, address 
00:00:24:c9:5e:2a
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address 
00:00:24:c9:5e:2b
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 0, 32-bit 
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to c
ompatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0, 
legacy support
ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
biomask e5c5 netmask ffe5 ttymask ffe7
mtrr: K6-family MTRR support (2 registers)
umass0 at uhub0 port 1 configuration 1 interface 0 "Western Digital External 
HDD" rev 2.00/1.04 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct fixed
sd0: 476940MB, 60801 cyl, 255 head, 63 sec, 512 bytes/sec, 976773168 sec total
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Re: Dump on soekris slow?

[Tom Van Looy]

>Is it slower than the USB is *supposed* to be?  USB is not fast.

The external disk is a:
http://www.wdc.com/en/products/products.asp?driveid=333
It has:
Serial Bus Transfer Rate (USB 2.0)  480 Mbits/s (Max)

The soekris port is 2.0 capable "usb0 at ehci0: USB revision 2.0".
I'm getting an average transfer rate of 5350 KB/s.

By the way, the internal disk is a:
http://www.wdc.com/en/products/products.asp?driveid=477

Kind regards,

Tom

Re: Dump on soekris slow?

[Tom Van Looy]

Thanks for all the responses :-)

I did a "dump 0af /dev/null /usr":
DUMP: Average transfer rate: 10618 KB/s

Next I did a "dump 0af /backup/test1 /usr":
DUMP: Average transfer rate: 5352 KB/s

I also compared the speed of cp with dump and they seem equally fast.
Anyway, it seems like the speed is not so abnormally low after all.

Kind regards,

Tom

Re: I/O redirection

[Tom Van Looy]

>No, check the ksh man page.

Or, you could use the /usr/bin/time command to just avoid the ksh builtin.
/usr/bin/time java helloWorld >time.report 2>&1
Which works as expected.

Hacking At Random 2009

[Tom Van Looy]

I just wanted to let the list know that it's "only" a year before HAR2009.
But, they are already looking for volunteers and villages.

More info at http://har2009.org, you can subscribe at their mailing list.
I hope lots of OpenBSD people will be there again just like WTH2005.

Kind regards,

Tom

ICMP in /etc/pf.conf

[Tom Van Looy]

The manpage of pf.conf tells me icmp is a layer 4 (transport layer) 
protocol.


PACKET FILTERING
pf(4) has the ability to block and pass packets based on attributes of
their layer 3 (see ip(4) and ip6(4)) and layer 4 (see icmp(4), 
icmp6(4),

tcp(4), udp(4)) headers.

I always thought it was a layer 3 protocol. I realize OSI is academic, 
but there must me some reason

to state icmp is a layer 3 protocol.

Can this be explaind by the fact ICMP gets carried by IP and sits 
between IP and layer 4?

The ICMP header does not contain an address field.

Tom Van Looy
(ps: I might be totally wrong, I'm a novice)

Tron

[Tom Van Looy]

Hi

Most of you have probably seen this getting posted on slashdot:
http://kingofgng.com/eng/2009/07/26/tron-legacy-exposed/

That's cool :-)

Kind regards,

tvl

Re: Wireshark

[Tom Van Looy]

You can also capture the packets with tcpdump and open the pcap file in
wireshark on another platform. That's how I do it if I want to use
wireshark.

Kind regards,

Tom


merlyn wrote:
> On Monday 17 August 2009 00:51:28 stan wrote:
>> I realize that there is histroy here but I really need to make this tool
>> work, and OpenBSD is my OS of choice for network related functions.
>>
>> Has anyone gotten wireshark to compile on OpenBSD 4.5? I am trying to build
>> version 1.2.1, if that matters.
> 
> Hi stan,
> last version of Wireshark I've successfully compiled was 0.99.8.
> If you'll have more good luck than me, send a patch to this mailing list.
> 
> --
> Merlyn
> Aberdeen
> Scotland

Re: Java plugin

[Tom Van Looy]

"Starting from 1.7 OpenBSD has a fully GPLv2 licensed port, that can be
installed as a package. Users looking for the browser plugin will still
need to build 1.5 or 1.6 from ports until Sun releases the plugin code."

   -- openbsd faq


eagir...@cox.net wrote:
> Well, I built and installed the JDK (1.7) from ports.  The FAQ is correct 
> about it's taking a long time, and it took so much space that I ended up 
> mounting an additional partition for /usr/ports, because /usr ran out of 
> space the first time.
> 
> But the predicted (by the FAQ) message on using the plugin that comes along 
> with JDK installation did not appear.  What have I missed?  Relevant messages 
> below.
> --
> Ed Ahlsen-Girard
> Ft. Walton Beach FL

Re: eurobsdcon

[Tom Van Looy]

Henning Brauer wrote:
> so, otto, tedu, matthieu, oga and myself went to eurobsdcon in
> cambridge. to take the summary ahead, it was a very nice event.

Thanks you all for doing the presentations and sharing the
papers/slides. Awesome :-)

Who knows if there is also video material available that will make it's
way to the youtube channel? http://www.youtube.com/bsdconference

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

[Tom Van Looy]

Ross Cameron wrote:
> Actually no it was turned on.

This is from the commit to the Linux kernel:

"The amount of space protected is indicated by the new proc tunable
proc/sys/vm/mmap_min_addr and defaults to 0, preserving existing behavior."

It was turned off, 0 means no protection.

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

[Tom Van Looy]

Matthias Kilian wrote:
> And if you install something like wine, the knob is set back to 0,
> probably without any notice (at least in ubuntu-8.10).

That can explain why it's off on my system (karmic koala).

By the way, this is from the debian wiki:

Debian 5.0.3 ships with a default mmap_min_addr of '0'. This means that
the Debian system, by default, is susceptible to these NULL-pointer
privilege escalation techniques. Unless you know that you have
applications that require this functionality, it is recommended that you
increase the value of mmap_min_addr on your system.

Off by default.

Re: anyone, low power rack-mount server for home usage?

[Tom Van Looy]

Didier Wiroth wrote:
> I was wondering if some of you are using this type of low power
> hardware at home?
> Can you recommend such a rack-mount device?
> Can you recommend a european online reseller?

This seems nice too:
http://www.descom.be/configurator_server.php?mode=&type=17