Re: Unified BSD?

[Tony]

On Mon, Nov 12, 2012 at 9:37 PM, Robin Björklin
wrote:

>
> Am I bat crap crazy for thinking it could be good to merge the four largest
> BSD variants out there, take the best bits and pieces out of each and
> create a Unified BSD?
>

Ain't that what OpenBSD is though - the best from all worlds?

Tony
http://soundcloud.com/abletony84

Merry Christmas from AnthonysTshirts.com

[Tony]

Greetings!

~
Merry Christmas!
Wishing you...

and your family the Christmas season's joys and 
wonders. Enjoy the holiday.

Sincerely,

AnthonysTshirts.com

~
AnthonysTshirts.com
2269 S. University Drive - Suite 413
Davie, Florida 33328
[EMAIL PROTECTED]
http://www.AnthonysTshirts.com


Forward email
http://ui.constantcontact.com/sa/fwtf.jsp?m=1101423766115&ea=misc%40openbsd.org&a=1101491426669





This email was sent to misc@openbsd.org,
by [EMAIL PROTECTED]

Update Profile/Email Address
http://ui.constantcontact.com/d.jsp?p=oo&m=1101423766115&ea=misc%40openbsd.org&se=925&t=1101491426669&lang=en&reason=F

Instant removal with SafeUnsubscribe(TM)
http://ui.constantcontact.com/d.jsp?p=un&m=1101423766115&ea=misc%40openbsd.org&se=925&t=1101491426669&lang=en&reason=F

Privacy Policy:
http://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp




Powered by
Constant Contact(R)
www.constantcontact.com




AnthonysTshirts.com | 2269 S. University Drive | Suite 413 | Davie | FL | 33328

Re: The future of NetBSD

[Tony]

Andy Ruhl wrote:
> 
> On 8/30/06, Charles M. Hannum <[EMAIL PROTECTED]> wrote:
> > The NetBSD Project has stagnated to the point of irrelevance.  It has
> 
> Let me start by saying I'm probably not qualified to reply to this
> thread, but I was never worried about making a fool out of myself
> before so here goes...
> 
> I am a former user of FreeBSD and occasional user of OpenBSD. Haven't
> had much experience with either in the last year or so.
> 
> So...
> 
> Stagnant? Yes. Irrelevance? Possibly.
> 
> But, BUT, can anyone tell me where I can get an OS that I can build
> easily from the same place to run on my NEC PDA as well as an old IBM
> PowerPC box I just happened to have sitting around and doing nothing
> else? And I'm typing this now on an AMD64 box that ran stably long
> before FreeBSD did (yes, I tested both). Nobody else can say that. Is
> it relevant? It's funny how much more relevant NetBSD's philosophy
> becomes as i386 becomes irrelevant. While the others (FreeBSD in
> particular) seemed to be scrambling for another architecture, NetBSD
> just quietly supported them without any fanfare (IA-64 excluded, but
> it's more irrelevant than NetBSD!).
> 
> There are strengths that go right down to the core of the project.
> They are still there. They won't ever be irrelevant. They just need to
> be built upon. The cleanliness, portability, and ease of use is there.
> 
> So you're probably right. A strong leader is needed to recruit people
> to complete new projects and generally keep things relevant. If it's a
> people problem, I hope someone can fix it.
> 
> Too bad the guy who used to say "I probably don't know what I'm
> talking about" isn't here to comment.
> 
> Andy

With a straight line like that, I cannot resist:

Seems like somebody is complaining that stability is the same thing
as stagnating to the point of irrelevance.

A chicken running around sans head is quite active.
Not really the same thing as productive.

Microsoft Windows goes patch-happy,
and the rate for compromised machines goes to five cents each.

I don't know what I'm talking about (no probably about it)
but there's stuff running around considerably worse.

Re: The future of NetBSD

[Tony]

Theo de Raadt wrote:
[snip]
> 
> We know one reason why we never got documentation.  Bit by bit more
> information has come out to show that the hardware design is an
> embarrasment and there are countless bugs and shortcomings.
> 
Surprising? Not really.
Affects ONLY OpenBSD? Not a chance.
That's why I follow [EMAIL PROTECTED]  I don't think I'm alone.

Re: automated source code scanning

[Tony]

 Jacob Yocom-Piatt wrote:
>
> since the openbsd project prides itself on being especially
> proactive about
> debugging, it would not surprise me to learn that there is automated code
> auditing going on. is this already the case? i didn't see openbsd

Automating stuff you do NOT understand stands little chance of making
anything
better. Me, I just lurk here and do not speak for anyone, but I can assure
you
that the OpenBSD folks are not so naive as to put any trust in automated
gizmos.
I am sure that they do manage to automate a few bits and pieces here and
there,
but I don't think that's what you were asking.

Re: Problems with CPU/ARCH specific compilation!?

[Tony]

Some I've been in, the owner never gets a chance. You're already out of
there. Forcibly.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Markus Kolb
Sent: Thursday, June 02, 2005 5:06 AM
To: misc@openbsd.org
Subject: Re: Problems with CPU/ARCH specific compilation!?

[snip]
Think about it in real life. You are in a pub and discuss for example
political stuff which the owner hears and doesn't like. Do this owner
offend you or even kick you out of his pub? No. You do it here.

Re: howto clean disks ?

[Tony]

Results can be a bit, ... interesting if there is a Linux swap partition in
existence.
(That's partition as in DOS/Windows/Linux, not partition as in BSD)
The swap is activated by default and the verification "errors" can be
"interesting".

badblocks probably gives better assurance that the disk is in fact useable.
seems like dd will error and quit if there is a hard error before the end.
flames invited if I am in error.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Andy Hayward
Sent: Thursday, June 02, 2005 6:06 AM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: howto clean disks ?


Ed White wrote:

>Hi,
>
>I'm going to give away some old hard disks and I'm planning to
>delete/overwrite all the data on them. Is there any tool to make this
>automagically ?
>
>
badblocks -s -v -w 

I usually keep a Knoppix CD around for this purpose, but its also
available in the e2fsprogs port.

-- ach

Re: Problems with CPU/ARCH specific compilation!?

[Tony]

No, they hate it when you do things that are advised against and that tend
to
run into trouble and you expect them to bail you out when you don't even
supply any hard information about the failures.

I've been following this thread, actually a bit amazed at the reticence of
the
developers. About this "ours", there is no "ours" (plural), there is just
you.

This thread has supplied one useful bit of knowledge.
Anything dependent on 486-specific code is likely to be permanently broken.

As the OS being only useable for things [the developers] think about, I had
an easy time convincing my boss to buy the CDs, based solely on this list!
There are a number of savvy competent people here, and there is a fair
amount
of "heads-up" about things that will matter, regardless of platform.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Markus Kolb
Sent: Friday, June 03, 2005 5:48 AM
To: Theo de Raadt
Cc: misc@openbsd.org
Subject: Re: Problems with CPU/ARCH specific compilation!?

[snip]
The work you do is quite good but your mentality has no compatibility
with ours.
I got it that I am using the wrong OS. Your OS is only useable for
things you think about. So nothing free at all when you hate people
doing stuff you don't like.

Re: heal the world, and misc@ [strictly coffeetime reading]

[Tony]

Some people on this list seem to have some anger management issues.
Some people not on this list seem to have some anger management issues.
Both statements true and both statements approximately equally relevant.

Overall, this list seems quite a friendly place, and if anything
is surprising, it is the reticence of many of the regulars.

A degree in "teaching computer science".
This is very good for teachers who know some computer science to teach
a lot of people something about computer science. In which case it is
probably beneficial that this big mass of humanity, who will never even
begin to understand the stuff, feel good about themselves.
This list cannot serve that purpose. That much is obvious, even if I
weren't lurking on the list. Whatever OpenBSD's goals or achievements,
mediocrity isn't in the list. Whatever they have achieved, they have
achieved with limited resources and according to their own priorities.
They are not so stupid as to let some outsiders set their priorities or
to tell them how they should behave.

Bluntly, at the low to mediocre end, how well the teacher teaches is what
matters. At the high end, it's strictly how well the teacher knows the
subject that matters. If you are after the high end, you tend to listen
to the best teacher, experience, which to the best of my knowledge, has
none of the finer social graces. Seems like OpenBSD, quite correctly,
caters to the high end. There are plenty of other avenues for the rest.

As for anger being expressed, I've seen too many times when the only way
that things do get fixed is when somebody gets mad enough to actually do
something about it. If a bit leaks around the fringes, seems like a very
small price to pay. Certainly nothing that an outsider (myself included)
has any right to complain about.

During my education I have been probably more fortunate than most in having
had a few good teachers. Looking back, seems like the only thing these good
teachers had in common was some kind of intensity or drive or belief in
what they were teaching. I find the same kind of stuff here, so I lurk here.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Roy Morris
Sent: Friday, June 10, 2005 11:38 AM
To: [EMAIL PROTECTED]
Cc: -f; OpenBSD
Subject: Re: heal the world, and misc@ [strictly coffeetime reading]


Bram Van Dam wrote:

>
> I particularly agree with this bit. Some people on this list seem to
> have some anger management issues.


damn it!! we don't! we can contain ourselves!!! .. got it !! huh!!!

lol

Re: heal the world, and misc@ [strictly coffeetime reading]

[Tony]

OpenBSD has an annoying habit of being right.
Perhaps if OpenBSD can be civilized into not speaking their minds,
OpenBSD won't be so annoying (by not being so right).
That seems to be the implicit thrust of these thingees.
Flames invited if I've misread the situation.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Rick Barter
Sent: Friday, June 10, 2005 2:59 PM
To: OpenBSD-Misc
Subject: Re: heal the world, and misc@ [strictly coffeetime reading]


dereck wrote:
>>Look, I don't 'act all tough on the net'.  I just
>>refuse to sit idly 
>>by while mamby pamby whiners are spouting crap. 
>>And, in real life, 
>>I'd say the same thing to him.
> 
> On this I'll have to draw the line - that is plainly
> Bullshit.  You would not say anything like this to his
> or her face, because you are a coward hiding behind
> your keyboard.  In the "real world" no one would take
> what you dish on this list, and that is the plain
> fact.  No company or government job would put up with
> it.  We have to because it is a public list.  But you
> are so full of it that it is painful to watch.  You
> would not say these things and stay gainfully
> employed.

Not true.  I have spoken my mind many times in-person and at work, to 
managers and presidents.  I have never been fired for anything I've 
said because I don't attack people personally.  I would gladly have a 
discussion in real-life with anyone on this list.  Only a fool or 
someone as immature as you would actually get so defensive.  Rational 
people can disagree cannot they not?  They can argue points without 
breaking into a fist-fight, can't they?  Maybe you don't understand 
the difference between arguing a point and just arguing.

> You are driving people away from trying and using
> OBSD, and I (for one) hope that you are at least proud
> of yourself.  This is the MISC list, for crissakes,
> and we should be more helpful to newbies.  As a
> technical project, Linux is a mess; but it continues
> to grow not in small part to the esprit de corps that
> the users openly encourage.  Newbie questions on Linux
> lists are not discouraged, and a "keep at it - it'll
> come" encouragement is not at all unusual.  They are
> even proud of getting their grandmothers to use it!  

Never once during this thread have I advocated NOT helping new people. 
  Please re-read my response to the original post.  I have never 
once discouraged someone from participating on this list and have 
helped whenever and wherever I can.

> We, by contrast, have to put up with the "better than
> you" attitude from the vocal minority on this list
> which reminds one unpleasantly of Jerry Fallwell,
> Osama bin Liden, and other wacko religious crowds.

> Put a sock in it, Rick.  Almost everyone met your type
> in grade school.  Small boys who pick fights with
> younger girls, or kick the neighbor's dog, are not
> uncommon.  You are not "keeping it real," or "setting
> the story straight," or "protecting us from assholes."
>  You ARE the asshole.  

Hahaha are you saying I'm a wacko, a terrorist?  Why, because I have 
an opinion I feel strongly about, tried to make a point, and am 
defending my assertions?  This is what I'm talking about.  The world 
is being conditioned such that if you argue with someone, you're the 
enemy.  Grow up.  Oh, and thanks for calling me an asshole.  You made 
my day.

> If you will stop "protecting us" maybe the user base
> will expand. [And yes, I'll be glad to answer
> questions and help - with money, time, and anything
> else.]

Haha.  Who cares if the user base expands.  The OpenBSD team doesn't. 
  Go read some documentation.  They code this stuff for their own 
pleasure/use.  I happen to like the system and come along for the ride.

And if anyone wants to come to my house and discuss it over tea or 
coffee or anything let me know and I'll give you my address.

rvb

Re: heal the world, and misc@ [strictly coffeetime reading]

[Tony]

The gcc thread. The advice is to NOT use strange optimizations. 
The experience supports that advice. This is similar to people 
not following a recipe and complaining that the recipe doesn't work.

This thread is started by someone with a degree in "teaching 
computer science", who is afraid to teach.

There is an old saying, "When in Rome do as the Romans". 
Seems incredibly stupid to go to Rome and tell the Romans 
how they ought to behave. Of course they react.

In terms of damaging tender young minds, your "little social
experiment", presented as if it had any redeeming virtues,
probably does the most damage.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
-f
Sent: Saturday, June 11, 2005 7:52 AM
To: OpenBSD
Subject: Re: heal the world, and misc@ [strictly coffeetime reading]


hi there,

for those who did not delete another post w/this subject:

i am mostly impressed by the answers, positive, negative.
my little social experiment reaffirms the following:

it is not threads like i started which add too much noise
to the list.  it's the answers.  this thread contains
almost all of the archetypal answers one can get:
-the fuck off style
-i agree but why starting this
-i disagree but why starting this
-you are a troll
-long live anarchy
-stop this thread
-you are full of shit because you provided only your initials
-etc, etc.

very few of them actually add anything meaningful.
all these people could have flamed me offlist, because
they do precisely know how much the others are not interested
in it.  my very favourites are "stop this thread", adding
the most noise w/o any real meaning.

some other remarks:
-instead of nazis, terrorists are the next favourite target group
-there is always someone telling you "run a spelcheker, idiot" (probably
 never heard of dyslexics)



let me try again, because i love you all:

please, reread the thread about the gcc stuff.  before reading
it, forget that you are member of this list, that you know the
stuff you know about openbsd.  imagine a friend sent it to you
for amusement.  what would you think about this list in general?



i know i can't change people, and don't want to, that's why i do
NOT teach (spare me the "you always change people stuff", and go read
amok by stefan zweig), all of you who were kind enough to "enlighten"
me how pointless my post was, here is a surprise: it wasn't.  it shows
just how much everyone want to see his/her name in the list, even
when adding nothing to the thread.  could have told me offlist.


be polite, learn to ignore, or do the thing offlist.  that was my
message most of you missed.

anyway, i will now go back and do what i advised. i will answer
you offlist, or ignore you.  thank you for ignoring me.

-f
-- 
you will become rich and famous unless you don't.

Re: Some Sites Don't Load Behind pf NAT

[Tony]

Dunno if relevant, but a long time ago, routing ethernet
over an internal SLIP connection (don't ask, fiber is much better),
connections were real flaky until I upped the MTU on the
SLIP connection to 1500. Seems Microsoft likes to put a
"Don't Fragment" into the TCP/IP setup and silently ignores
fragmented packets, or at least did.
If both ends like full 1500 byte packets and one end
cannot accept fragments (either end?) .

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Javier Villavicencio
Sent: Sunday, June 12, 2005 10:28 PM
To: Serban Giuroiu
Cc: misc@openbsd.org
Subject: Re: Some Sites Don't Load Behind pf NAT


Serban Giuroiu wrote:
> Hello.
>
> I have an OpenBSD 3.7 box set up as a router and
> server for my home network. It connects to the
> Internet through the kernel PPPoE driver. Naturally, I
> use pf on that box. Everything runs smoothly, but
> there are certain websites that do not load properly
> from machines behind the NAT router.
>
> When trying to access http://mail.yahoo.com or
> http://linuxhardware.org, an initial connection is
> made, but no further data comes in as the web browser
> sits and waits. However, if I open those pages in lynx
> from the OpenBSD box, they load without any problems.
> Most other websites load correctly from all machines
> on my network.
>
Had the very same problem.
> Searching Google, I found a similar problem posted to
> this list a couple years ago in which an MTU setting
> and fragmentation were the cause of the strage
> behavior
> (http://www.monkey.org/openbsd/archive/tech/0211/msg00163.html).
Didn't found this one.

> The poster added "scrub out all no-df max-mss 1452" to
> his pf configuration and that fixed his problem.
>
> As recommended in the pppoe(4) man page, I set the MSS
> for the pppoe interface to 1440. I played around with
> different MSS's and scrubbing out the DF bit, but my
> problem remains. Does anyone know what is causing this
> strange problem and how to fix it?
>
[snip]
As Shawn says, I installed squid as a transparent proxy trying to solve
this,
but some of the sites worked, and some didn't. This is what (I think, too
much
trial and error before everything worked fine) solved that problem:

scrub in all fragment reassemble random-id
scrub out on pppoe0 max-mss 1452

Just to help you testing, this is what I did with the sites that didn't
opened
correctly: From the machine behind the nat that isn't working well, *telnet*
to
that site on port 80, and try to get the same page writing (or pasting) the
HTTP
GET command, for example: "GET / HTTP/1.0" (without quotes).

Trying that you will find that if you type wrong thing on telnet, generally,
most sites send you an error page. Funny though, it seems that some error
pages
aren't big enough to "fill" a tcp packet and you get the error page fine,
while
the actual page u're trying to see is so big (the html text) that the
MTU/MSS
screws up.

Hope it helps,
Salu2.
Javier.

Re: Theo gave an interview to Forbes Mag. about Linux

[Tony]

Correctness is difficult.
Actually, security is the easier part.
(and it's easier to keep score;)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
chefren
Sent: Friday, June 17, 2005 6:17 PM
To: misc@openbsd.org
Subject: Re: Theo gave an interview to Forbes Mag. about Linux


http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz
_dl_0616theo.html


"Torvalds, via e-mail, says De Raadt is "difficult" and declined to
comment further. "


ROFL...

+++chefren

Re: Why timezone it is always incorrect??

[Tony]

User A is on the east coast.
User B is on the west coast.
They both use the same computer.
What time is it?

UTC is the correct time.
User wants to view time in his own time zone.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
C. L. Martinez
Sent: Saturday, June 18, 2005 3:05 PM
To: misc@openbsd.org
Subject: Why timezone it is always incorrect??


Hi all,

 Is not possible to adjust clock under OpenBSD correctly??? I do not
understand why cmos clock needs to leave at UTC. why?

 Do i need to recompile kernel with TIMEZONE option to correct this
"bug"?? Is not possible to use sysctl tool to correct this???

Thank you very much.
 
-- 
C.L. Martinez
[EMAIL PROTECTED]

Re: No man pages after installing bash

[Tony]

Check /etc/man.conf
from fresh 3.7 install (with bash and a few others installed)
?? Did you install the man pages ??

bash-3.00$ cat /etc/man.conf
#   $OpenBSD: man.conf,v 1.8 2001/04/05 19:05:49 millert Exp $

# Sheer, raging paranoia...
_versionBSD.2

# The whatis/apropos database.
_whatdb /usr/share/man/whatis.db
_whatdb /usr/local/man/whatis.db
_whatdb /usr/X11R6/man/whatis.db

# Subdirectories for paths ending in '/', IN SEARCH ORDER.
_subdir cat1 man1 cat8 man8 cat6 man6 cat2 man2 cat3 man3 cat5 man5
cat7 man7 cat3f man3f cat4 man4 cat9 man9 cat3p man3p

# Files typed by suffix and their commands.
# Note the order, .Z must come after .[1-9n].Z, or it will match first.
_suffix .0
_build  .0.Z/usr/bin/zcat %s
_build  .0.gz   /usr/bin/gunzip -c %s
_build  .[1-9n] /usr/bin/nroff -man %s
_build  .[1-9n].Z   /usr/bin/zcat %s | /usr/bin/nroff -man
_build  .[1-9n].gz  /usr/bin/gunzip -c %s | /usr/bin/nroff -man
_build  .[1-9][a-z] /usr/bin/nroff -man %s
_build  .[1-9][a-z].Z   /usr/bin/zcat %s | /usr/bin/nroff -man
_build  .[1-9][a-z].gz  /usr/bin/gunzip -c %s | /usr/bin/nroff -man
_build  .tbl/usr/bin/tbl %s | /usr/bin/nroff -man
_build  .tbl.Z  /usr/bin/zcat %s | /usr/bin/tbl |
/usr/bin/nroff -man
_build  .tbl.gz /usr/bin/gunzip -c %s | /usr/bin/tbl |
/usr/bin/nroff -man
_build  .me /usr/bin/nroff -me %s 2>/dev/null | cat -s

# Sections and their directories.
# All paths ending in '/' are the equivalent of entries specifying that
# directory with all of the subdirectories listed for the keyword _subdir.

# default
_default/usr/{share,X11R6,X11,contrib,gnu,local}/{man,man/old}/

# Other sections that represent complete man subdirectories.
X11 /usr/X11/man/
X11R6   /usr/X11R6/man/
contrib /usr/contrib/man/
local   /usr/local/man/
new /usr/contrib/man/
old /usr/share/man/old/

doc /usr/share/doc/{sendmail/op,sendmail/intro}

# Specific section/directory combinations.
1
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}1
2
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}2
3
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}3
3F  /usr/share/man/cat3f
3f  /usr/share/man/cat3f
3P  /usr/share/man/cat3p
3p  /usr/share/man/cat3p
4
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}4
5
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}5
6
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}6
7
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}7
8
/usr/{share,X11R6,X11,contrib,local}/{man/,man/old/}{cat,man}8
9   /usr/share/man/{cat,man}9
-bash-3.00$

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Timothy Horie
Sent: Monday, June 20, 2005 5:31 PM
To: misc@openbsd.org
Subject: No man pages after installing bash


Hello,

I can't use man pages for some reason after I installed bash and login
using bash. I typed 'man dump' and it says that it can't find a manual
page for that.

I looked at some help on the web and there's a MANPATH but I'm not sure
what to set it to. I also looked at the /etc/man.conf but everything in
there should be the same as when I was using sh (csh). I don't know what
the problem is.

Thanks
Tim

Re: mcopy -s foo a:

[Tony]

Dunno if it will help but
Writing to a fresh floppy (W98)
foo.txt
bar.foobar
dir > dir.txt

The (possibly) long filename take up an extra directory slot
and is in the proper case.
Floppy should be FAT12 (very limited number of clusters)
but this has nothing to do with long file names.
The extension is in mucking with directory entries which
are invisible to DOS.

Sector 19
Af.o.o.. .t.  4294967295  15-31-07   7:63 pm  0   R/O Sys Hid
Vol
FOO  TXT  36   6-21-05   5:10 am  2   Arc
Ab.a.r.. .f.  4294967295   0-00-80  12:03 am  0   R/O Sys Hid
Vol
BAR~1FOO  52   6-21-05   5:11 am  3   Arc
Ad.i.r.. .t.  4294967295  15-31-07   7:63 pm  0   R/O Sys Hid
Vol
DIR  TXT 305   6-21-05   5:11 am  4   Arc
   Unused directory entry
Unused directory entry
Sector 19
:  41 66 00 6F 00 6F 00 2E - 00 74 00 0F 00 65 78 00
Af.o.o...t.$.ex.
0010:  74 00 00 00 FF FF FF FF - FF FF 00 00 FF FF FF FF
t...__..
0020:  46 4F 4F 20 20 20 20 20 - 54 58 54 20 00 B4 2F 29 FOO TXT
.&/)
0030:  D5 32 D5 32 00 00 41 29 - D5 32 02 00 24 00 00 00
+2+2..A)+2.$...
0040:  41 62 00 61 00 72 00 2E - 00 66 00 0F 00 52 6F 00
Ab.a.r...f.$.Ro.
0050:  6F 00 62 00 61 00 72 00 - 00 00 00 00 FF FF FF FF
o.b.a.r.
0060:  42 41 52 7E 31 20 20 20 - 46 4F 4F 20 00 8B 51 29 BAR~1   FOO
.oQ)
0070:  D5 32 D5 32 00 00 64 29 - D5 32 03 00 34 00 00 00
+2+2..d)+2.4...
0080:  41 64 00 69 00 72 00 2E - 00 74 00 0F 00 DB 78 00
Ad.i.r...t.$._x.
0090:  74 00 00 00 FF FF FF FF - FF FF 00 00 FF FF FF FF
t...__..
00A0:  44 49 52 20 20 20 20 20 - 54 58 54 20 00 0E 71 29 DIR TXT
.q)
00B0:  D5 32 D5 32 00 00 72 29 - D5 32 04 00 31 01 00 00
+2+2..r)+2.1
..
00C0:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00

00D0:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00

00E0:  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Juan J. Martmnez
Sent: Tuesday, June 21, 2005 4:54 AM
To: misc
Subject: Re: mcopy -s foo a:


El mar, 21-06-2005 a las 11:39 +0200, Juan J. Martmnez escribis:
>[..]
> May be is related to FAT16 and the extension for long filenames.

Well, now I don't know if floppies have FAT16 or FAT12.

Anyway I think the problem is related to FAT (no bits :D) and long
filename support.

regards,

Juanjo

Re: can't find /etc/crontab ?

[Tony]

man crontab (from fresh OBSD 3.7)
FILES
 /var/cron/cron.allow  list of users allowed to use crontab
 /var/cron/cron.deny   list of users prohibited from using crontab
 /var/cron/tabsdirectory of individual crontabs

I think there's a reason that they include the man (manual) command.
Works much better than playing guessing games.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Neta
Sent: Saturday, June 25, 2005 6:02 AM
To: misc@openbsd.org
Subject: can't find /etc/crontab ?


Hello All,
I have fresh install machine openbsd 3.7, i couldn't locate any /etc/crontab
?
is this crontab disable by default?
how i can enable it?

Kind regards

Neta

Re: Strange df output

[Tony]

5% or so is reserved for root and is not "available".

When everybody has run out of disk space, it is very helpful 
if the situation does NOT apply to root.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Matthew S Elmore
Sent: Saturday, June 25, 2005 11:35 PM
To: misc@openbsd.org
Subject: Strange df output


Can anyone explain this math to me?

490M - 32.8M != 433M

Not that it's a big deal but just wondering where that bit of space 
went.

[EMAIL PROTECTED]:/home/matt$ df -h
FilesystemSizeUsed   Avail Capacity  Mounted on
/dev/wd0a 490M   32.8M433M 7%/

Re: Strange df output

[Tony]

Filesystem  512-blocks  Used Avail Capacity  Mounted on
/dev/wd0a   256252180540 6290074%/

256252 blocks less 5% reserve.
This gives 243440 blocks total available for users.
less 180540 gives 62900 blocks currently available for users.
180540/243440  gives 74.162% which rounds to 74%

For a user to write to the disk, it must be less than 100% full.
If root has used up all the reserve, 105% capacity is a fair value,
in that the user will need to free up in excess of 5% in order to
have ANY free space in which to write stuff.

For the above 256252 block partition, the percentages are based
on the 243440 blocks of user-usable space rather than the
total of 256252 blocks of root-usable space.

Probably much kinder on users to run out at 100% than at 95%.
Of course this requires that root runs out at something over 100%.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Matthew S Elmore
Sent: Saturday, June 25, 2005 11:48 PM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: Strange df output


It was my understanding that this reserved space was not accounted for 
when using 'df'. Hence, you can sometimes have partitions that are 105% 
capacity.

Am I off base on this? It is very possible, it is very late. ;)

 From the FAQ sec 14.14:

People are sometimes surprised to find they have negative available 
disk space, or more than 100% of a partition in use, as shown by df(1).

When a partition is created with newfs(8), some of the available space 
is held in reserve from normal users. This provides a margin of error 
when you accidently fill the disk, and helps keep disk fragmentation to 
a minimum. Default for this is 5% of the disk capacity, so if the root 
user has been carelessly filling the disk, you may see up to 105% of 
the available capacity in use.

On Jun 25, 2005, at 11:41 PM, <[EMAIL PROTECTED]> wrote:

> 5% or so is reserved for root and is not "available".
>
> When everybody has run out of disk space, it is very helpful
> if the situation does NOT apply to root.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf 
> Of
> Matthew S Elmore
> Sent: Saturday, June 25, 2005 11:35 PM
> To: misc@openbsd.org
> Subject: Strange df output
>
>
> Can anyone explain this math to me?
>
> 490M - 32.8M != 433M
>
> Not that it's a big deal but just wondering where that bit of space
> went.
>
> [EMAIL PROTECTED]:/home/matt$ df -h
> FilesystemSizeUsed   Avail Capacity  Mounted on
> /dev/wd0a 490M   32.8M433M 7%/

Re: SH programming

[Tony]

The following seems to work.

$ year=2005
$ foo=$(expr $year - 1900 )
$ dayscount=$(expr $foo \* 365 )
$ echo $dayscount
38325

Problems include an unescaped asterisk
man expr indicates that parentheses should work
but my playing with them seems to indicate otherwise.
---Correction:
$ dayscount=$(expr \( $year - 1900 \) \* 365 )
$ echo $dayscount
38325

Parens that are destined for expr instead of the shell must also be escaped.




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Otto Moerbeek
Sent: Monday, June 27, 2005 2:08 AM
To: Peter Bako
Cc: misc@openbsd.org
Subject: Re: SH programming


On Sun, 26 Jun 2005, Peter Bako wrote:

> Ok, so this is not really an OpenBSD question but I am doing this on an
> OpenBSD system and I am about to lose my mind...
>
> I have done some basic shell scripting before but I've not had to deal
with
> actual integer math before and now it is killing me.  The script takes a
> parameter in (year number) and is supposed to subtract 1900 from it and
then
> multiply the result by 365.  (This is part of a larger script that deal
with
> converting dates to a single numeric value, but this one problem is an
> example of the problems I am having with this entire script.)  So, this is
> what I have:
>
> #!/bin/sh
> month=$1
> day=$2
> year=$3
>
> dayscount=$(expr ($year - 1900) * 365)
> echo $dayscount
> exit
>
> This will generate a "syntax error: `$year' unexpected" error.  I have
tried
> all sorts of variations and I am not getting it!!!  HELP!!!

When using ksh, you can do:

#!/bin/ksh
month=$1
day=$2
year=$3

dayscount=$((($year - 1900) * 365))
echo $dayscount
exit

When using sh, you'll need expr(1), for which all parts of the
expression are separate arguments, and you need to escape all special
shell chars:

#!/bin/sh
month=$1
day=$2
year=$3

dayscount=`expr \( $year - 1900 \) \* 365`
echo $dayscount
exit

> BTW, obviously I need a good book on SH programming.  Any suggestions?

For ksh, the Korn Shell Book by David Korn and (iirc Morris Bolsky)
comes to mind.

-Otto

Re: boot failure: If i could drop dead right now ...

[Tony]

Just guessing, but it looks like you are at the very fringe of what BIOS
can and cannot access. Insignificant differences have large consequences,
just like a few inches near the edge of a cliff. If so, any recompile of
the kernel would be unbootable.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Gustavo Rios
Sent: Thursday, June 30, 2005 6:47 PM
To: [EMAIL PROTECTED]; misc
Subject: Re: boot failure: If i could drop dead right now ...


Hey everybody.

I would like to let you know i have "fixed" it.
Now i have the disklabel layout i want.
I managed to get it working because instead of using 512/4K
fragment/block size (using disklabel into expert mode) i tried with
1K/8K for the a partition.

Now it works. Although i have no ideia how block size could influence that.

Would someone mind commenting it, i.e., why i could not use 512/4K for
frag/blk size?

thanks.

PS: Good work for 3.7, just now i have it installed in my box.

On 6/30/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> You'll probably get some better answers from the list, but this may give
> you an idea of what is going on.
> In olden days BIOS would only be able to handle disk within the first
> 1024 cylinders. (That's why you see stuff like 63 sectors/track and 255
> or so heads) Later BIOSes have upped the limit somewhat.
> Until enough of the OS gets itself loaded, the bootstrap is dependent on
> BIOS functions. Afterwards, the BIOS limitations are irrelevant.
>
> If I'm doing strange things with disks, I try to put a bunch of small
> (DOS partitions) at the front end of the disk, Normally a 2G DOS formatted
> C: drive, followed by (or after a few other small partitions)
>
> If you are brave and daring, (and dead accurate with a calculator)
> there are some stunts that can be done with partitions.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Gustavo Rios
> Sent: Thursday, June 30, 2005 4:03 PM
> To: misc@openbsd.org
> Subject: boot failure: If i could drop dead right now ...
>
>
> ... i would be the happiest man in the world!
>
> I am going crazy. It simply does not boot directly from the partition
> when i spare too many of them.
>
> If someone could, please guys, help me i would send you some bears.
>
> With the following set up everything works ok:
>
> fdisk:
>
> Disk: wd0   geometry: 9726/255/63 [156248190 Sectors]
> Offset: 0   Signature: 0xAA55
> Starting   Ending   LBA Info:
>  #: idC   H  S -C   H  S [   start:  size   ]
> 
>  0: 070   1  1 - 6399 254 63 [  63:   102815937 ] HPFS/QNX/AUX
> *1: A6 6400   0  1 - 9726  28 46 [   102816000:53434000 ] OpenBSD
>  2: 000   0  0 -0   0  0 [   0:   0 ] unused
>  3: 000   0  0 -0   0  0 [   0:   0 ] unused
>
> disklabel:
>
> # /dev/rwd0c:
> type: ESDI
> disk: ESDI/IDE disk
> label: Maxtor 6Y080M0
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 155009
> total sectors: 15625
> rpm: 7200
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> # sizeoffset  fstype [fsize bsize  cpg]
>  a:  51819264 102816000  4.2BSD   2048 16384  328 # Cyl
> 102000 -153407
>  b:   1614736 154635264swap   # Cyl
> 153408 -155009*
>  c: 15625 0  unused  0 0  # Cyl
>0 -155009*
>  i: 10281593763 unknown   # Cyl
> 0*-101999
>
>
> But this one does prevent me from booting.
>
> fdisk:
>
> Disk: wd0   geometry: 9726/255/63 [156248190 Sectors]
> Offset: 0   Signature: 0xAA55
> Starting   Ending   LBA Info:
>  #: idC   H  S -C   H  S [   start:  size   ]
> 
>  0: 070   1  1 - 6399 254 63 [  63:   102815937 ] HPFS/QNX/AUX
> *1: A6 6400   0  1 - 9726  28 46 [   102816000:53434000 ] OpenBSD
>  2: 000   0  0 -0   0  0 [   0:   0 ] unused
>  3: 000   0  0 -0   0  0 [   0:   0 ] unused
>
>
> disklabel:
>
> # /dev/rwd0c:
> type: ESDI
> disk: ESDI/IDE disk
> label: Maxtor 6Y080M0
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 155009
> total sectors: 15625
> rpm: 7200
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> # sizeoffset  fstype [fsize bsize  cpg]
>  a:161280 102816000  4.2BSD512  4096   21 # Cyl
> 102000 -102159
>  b:   1614736 154635264swap   # Cyl

Re: OpenBSD with Linksys WRT54G

[Tony]

The Linksys WRT54g has a 4-port switch, an RJ45 jack labeled "Internet", 
and an access point which can speak 11Mbps and/or 54Mbps.
What I do on our local lan is essentially to use it/them as a bridge.
Turn off the Linksys DHCPD, set the internal IP address, set a password,
set whatever parameters desired for wireless access,
and not use the port labeled "Internet".

To effectively show under ifconfig, I think you need a third NIC,
and precisely one cable from the OpenBSD box to the Linksys.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Alari Kask
Sent: Sunday, July 03, 2005 4:16 PM
To: misc@openbsd.org
Subject: OpenBSD with Linksys WRT54G


Hello,
my home network consists of 6 machines, one of them runs openbsd, which
i used for dhcp, nat, pf, php, mysql, etc.
Now i bought a Linksys WRT54g wifi router, at the moment i use the
router's configuration utility, which is accessible over the web,
i'm not familiar with it and it doesn't feel comfortable for me, i'd
still like to use openbsd for serving my home network and use the router
for 100Mb LAN and for WiFi,
my question is - is it possible to just use the router as an access
point and set the firewall rules, dhcpd on my openbsd box, so the router
would just show up as an interface under ifconfig ?

Re: Toshiba laptop 3.7 installation problem

[Tony]

>From a Toshiba Satellite, maybe not too dissimilar:
I assume the Q of "pckbc0 ISA Q Port 0x60/5" is a typo
Seems to be a pckbc0 and a pckbd0
Beyond that I'm out of my depth. (way out;)


Loading...
probing: pc0 mem[639K 478M a20=on]
disk: fd0 hd0+
>> OpenBSD/i386 BOOT 2.06
boot>
booting hd0a:/bsd: 4686240+945680 [52+241338+223324]=0x5d0864
entry point at 0x100120
[snip]
isa0 at isa0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
[snip]

-dmesg
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.66GHz ("GenuineIntel" 686-class) 2.66 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,AC
PI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 502833152 (491048K)
avail mem = 451952640 (441360K)
using 4278 buffers containing 25243648 bytes (24652K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(63) BIOS, date 05/19/03, BIOS32 rev. 0 @ 0xf98d6
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf01c0/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Acer Labs M1533 ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xc000 0xe/0x1!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor "Acer Labs", unknown product 0x1672
rev 0x00
ppb0 at pci0 dev 1 function 0 "Acer Labs M5247 AGP/PCI-PCI" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Trident CyberBlade XP/Ai1" rev 0x82
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pciide0 at pci0 dev 4 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
autri0 at pci0 dev 6 function 0 "Acer Labs M5451 Audio" rev 0x02: irq 11
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at autri0
midi0 at autri0: <4DWAVE MIDI UART>
pcib0 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
"Acer Labs M7101 Power Mgmt" rev 0x00 at pci0 dev 8 function 0 not
configured
vendor "Acer Labs", unknown product 0x5457 (class communications subclass
modem, rev 0x00) at pci0 dev 9 function 0 not configured
rl0 at pci0 dev 10 function 0 "Realtek 8139" rev 0x10: irq 11 address
00:08:0d:6d:7f:cb
rlphy0 at rl0 phy 0: RTL internal phy
ohci0 at pci0 dev 12 function 0 "NEC USB" rev 0x43: irq 11, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 12 function 1 "NEC USB" rev 0x43: irq 11, version 1.0
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 12 function 2 "NEC USB" rev 0x04: irq 11
ehci0: EHCI version 1.0
ehci0: companion controllers, 3 ports each: ohci0 ohci1
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NEC EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub2: single transaction translator
uhub2: 5 ports with 5 removable, self powered
ath0 at pci0 dev 16 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: mac 80.6 phy 4.1 radio 1.7 2.3, 802.11a/b/g, WOR4W, address
00:90:96:72:6c:12
gpio at ath0 not configured
cbb0 at pci0 dev 17 function 0 "Toshiba ToPIC100 CardBus" rev 0x33: irq 11
"Toshiba SD Controller" rev 0x05 at pci0 dev 18 function 0 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: 
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x0
pcmcia0 at cardslot0
biomask effd netmask effd ttymask 
pctr: user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Z L
Sent: Friday, July 08, 2005 9:29 PM
To: Nick Holland
Cc: misc
Subject: Re: Toshiba laptop 3.7 installation problem


On 7/8/05, Nick Holland <[EMAIL PROTECTED]> wrote:
> Z L wrote:
> > I been trying to install Op

Re: Writes to samba server very, very slow

[Tony]

This *may* help.

man mount
 softdep
 (FFS only.)  Mount the file system using soft dependen-
 cies.  Instead of metadata being written immediately,
it
 is written in an ordered fashion to keep the on-disk
 state of the file system consistent.  This results in
 significant speedups for file create/delete operations.
 This option will be ignored when using the -u flag and
a
 file system is already mounted read/write.  It requires
 option FFS_SOFTUPDATES to be enabled in the running
ker-
 nel.

There is a tradeoff between speed and safety.
A rather large tradeoff I suspect ;)

With any disk system, there is the question of what happens when the power
fails.

What is the speed when you copy the 48MB file locally?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Gary Clemans-Gibbon
Sent: Tuesday, July 19, 2005 3:45 AM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: Writes to samba server very, very slow


Thanks for your reply Tim. If anything it makes me feel worse. I was
hoping it was something easily fixed.

I just tried transferring a 50 Mb file to the OBSD samba box from win
using SCP. Again very slow writes but much faster reads. The 50 Mb file
took about 7 mins to transfer to the OBSD box and about 30 seconds to
read from the OBSD box.

Perhaps this isn't a samba smb issue at all.

My fstab...

# cat /etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd1a /data1 ffs rw 1 2
/dev/wd2a /data2 ffs rw 1 2

same result with either data disk. I've been googling all evening and
found many many forum posts with similar problems but no solutions. Some
posts date back to 2002!

If I have to go back to RH7.3 I'll be bummed. Especially as I spent ages
setting up all my families accounts and softlinks for the data store.
Waste of a day!


Tim Hammerquist wrote:
> Gary Clemans-Gibbon wrote:
>
>>David Gwynne wrote:
>>
>>>Gary Clemans-Gibbon wrote:
>>>
Everything is working fine except that when I copy files to the
box from a Windows XP box the transfers are very slow, like
9 minutes for a  48 Mb file. Copying the same file back to the win
box is quick - a couple  of seconds as you'd expect.
>>>
>>>I would suggest looking at the socket options parameter in
>>>/etc/samba/ smb.conf. I have the following in my smb.conf and
>>>transfer speeds  seem to perform a lot better now:
>>>
>>>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>>I just tried that line but it seems to be the same or if anything it
>>seems even slower.
>
>
> Gary,
>
> I've seen this same phenomenon when copying to from my OSX Powerbook and
> my fileserver (running both FreeBSD 5 and Gentoo Linux), with the OSX
> acting as samba client.
>
> The transfer speeds are not "slightly" slower, they are slower by orders
> of magnitude, with normally 20sec transfers taking 10-20 minutes.
> I watch the progress meter slowly incrementing at the rate of 32-64k/sec
> over a 100bTX link.  Does this sound like your issue?
>
> In my setup, I had limited success merely unmounting and remounting the
> share; that worked maybe 50% of the time.  Also, the rate seemed to be
> normal more often if I had a simultaneous ssh connection between the
> same two machines, even if the ssh connection were idle.  I was not able
> to find any consistently effective solution.
>
> After googling many times over several months, finding nothing more than
> the same advice you got about TCP_NODELAY and the SO_*BUF settings
> (which did not affect performance in my case either), I finally gave up,
> switching to NFS and/or scp.
>
> For what it's worth, I haven't noticed this since I upgraded my
> powerbook to OSX 10.4, so it might have something to do with the client
> OS, network stack, or Samba version.
>
> I apologize for not having anything solid to recommend.  But I wanted to
> let you know that this *has* happened to others; you're not imagining
> it.
>
> Tim Hammerquist
>
>
> .

Re: network adapter order

[Tony]

Rod.. Whitworth wrote:
[snip]
>We chose to use 0 for outside 1 for internal and 2 for server. I cannot
fool anybody into thinking that 2 looks like S, dammit!
>From the land "down under": Australia.
Do we look  from up over?

[snicker] try a mirror.

But seriously folks, that looks like THE defitive rule.
If there is just one interface, that one is to the outside.

Re: x86 rings?

[Tony]

Unless I am very much mistaken, this is Unix not Multics.
To do anything with the rings, you must make userland
into a three-ring circus.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Dave Feustel
Sent: Thursday, August 04, 2005 4:05 PM
To: Theo de Raadt
Cc: [EMAIL PROTECTED]; misc@openbsd.org
Subject: Re: x86 rings?


Ed,

Ever read anything about MIT's Multics and the GE 645?

Re: x86 rings?

[Tony]

Rings and segments are pretty much orthogonal concepts.

C is hardly unique in not supporting segmentation.
The only languages I am aware of that even come close are Burroughs
Algol and PL/I (and as always Basic Assembly). (Lisp?)

But overriding is the fact that x86 supporting segments does not
imply that all the other supported architectures also support.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Dave Feustel
Sent: Thursday, August 04, 2005 6:17 PM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: x86 rings?


On Thursday 04 August 2005 04:47 pm, [EMAIL PROTECTED] wrote:
> Unless I am very much mistaken, this is Unix not Multics.
> To do anything with the rings, you must make userland
> into a three-ring circus.

That is precisely the point. The C programming language and Unix are
incompatible with the x86 segmentation model, including rings, although
amazing accommodations were made within C for 286 segments by Intel
and Microsoft, et all before 386 flat  addressing took hold. While x86 rings
and segments were neat and useful, if extremely awkward to use within C,
they are rapidly disappearing into the dustbin of history.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Dave Feustel
> Sent: Thursday, August 04, 2005 4:05 PM
> To: Theo de Raadt
> Cc: [EMAIL PROTECTED]; misc@openbsd.org
> Subject: Re: x86 rings?
>
>
> Ed,
>
> Ever read anything about MIT's Multics and the GE 645?

Re: Requesting an change in the installer

[Tony]

Alexey E. Suslikov wrote:

Nick Holland wrote:
> PERSONALLY, I prefer to call the single processor kernel "bsd.sp",

bsd.sp is not correct if you crazy about correct terminology :)
bsd.up ("uniprocessor") is correct one.
Alexey.


Maybe it's just me, but everytime I see up I see down as its implicit
alternate.

Re: It's not about the money

[Tony]

It's a lot like mountain climbing.
People do it, although personally I can't really imagine why.
Because it's there. Because they can. That's why. It is not rational.
Nice words maybe don't hurt, but at that level are certainly irrelevant.
Me, I lurk on this list because of the attitude and the honesty.
If there's something I really need to know. it's likely to show here
and not much of anywhere else. 
Actually, considering, it's a very friendly place.
They do their thing. It is their thing. It is not your thing or my thing.
They will get an instant dislike of anything aimed at trying to make them
do either your thing or my thing. I do not blame them.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> steve szmidt
> Sent: Saturday, March 25, 2006 8:14 PM
> To: misc@openbsd.org
> Subject: Re: It's not about the money
> 
> 
> On Saturday 25 March 2006 17:33, you wrote:
> 
> > Have you ever read [EMAIL PROTECTED] I mean actually read it? The only 
> > people
> > that get slammed are those that deserve it. You're supposed to do your
> > own homework - there is no hand holding because hand holding takes
> > away time from more productive things, like code. The community as a
> > whole spends a great deal of effort clearly documenting everything and
> > those that choose to ignore that effort get the brunt of the flames. I
> > have never seen, in my four years on this list, anyone getting flamed
> > by a developer or well-known community member that didn't absolutely
> > deserve it.
> 
> Hmm. The last time money was short I unselfishly offered my time 
> to help raise 
> money, because I wanted to help. Help those who had helped me. I 
> figured it 
> would be a nice thing for me to do.
> 
> I got ripped so badly in a stream of four letter words I thought 
> I was back in 
> boot camp. My kind was not needed and such. Of course it was entirely in 
> someones mind who I was as it sure as heck was not known. 
> 
> Yeah, it was not done on the list. But never the less by what you 
> call a key 
> member. Several others have shared their experiences with me. 
> Maybe because 
> I've offered a kind word after some public abuse.
> 
> Jim Snyder, and others is dead on, but some people simply don't 
> see it. It's 
> invisible to a whole bunch, which is really sad. Personally I had 
> not heard 
> such fould language since boot camp.
> 
> Your judgement as to what constitutes "deserve" is not on par 
> with most others 
> outside this list. Heck, this list is infamous for toasting people. 
> 
> > Blah blah blah, enough with the tired cliches. The problem is exactly
> > too many selfish whiners. They want more and more, without having to
> 
> Tired cliche?!? 
> 
> He's, like most of us, really grateful for the code, and pay in 
> kind by buying 
> a copy every six months. Often times I get new people to buy it too. 
> 
> > support the project, and then they want everyone to hold their hand
> > through it. "Why doesnt my laptop touchpad work?" "When are you going
> > to support Adaptec cards? FreeBSD supports it!" These people have zero
> > understanding of OpenBSD or open source in general; and the sad part
> > is, they don't even know it. Consider OpenBSD is doing them a favor by
> > giving them a harsh reality check. One can only hope it will do them
> > some good.
> 
> This is not Jim whining...
> 
> > Vendors do care. They have to care exactly because OpenSSH is the
> > world standard. It would cost them far more to develop in house talent
> > to maintain and extend the current codebase than it would to simply
> > drop a $10K check to the project.
> 
> That has never been questioned. And not related to Jim's comment.
> 
> > Blah blah blah, more tired cliches. The culture here is exactly what
> > made the code "beautiful". So kindly, STFU (-:
> 
> There are very few places indeed where people retain customers 
> after being 
> verbally abused. It speaks droves of how good your code is. Imagine the 
> support if your attitude matched your code!
> 
> You are burning bridges left right and center with those who'd be 
> happy to 
> contribute, had it not been for the holier than thou attitude. It's 
> absolutely amazing people donate at all. Imagine if you had 
> competition that 
> were nice! Anyone who'd spent any time on the list would go elsewhere.
> 
> It's not like anyone is suggesting you go celebate, or wear weird 
> clothes or 
> something. People just like being treated nicely. I'm sure you 
> would not mind 
> if someone threw a few nice words your way...
> 
> -- 
> 
> Steve Szmidt
> 
> "For evil to triumph all that is needed is for good men to do nothing.
>   Edmund Burke

Re: When would you NOT use OpenBSD?

[Tony]

Daniel Ouellet wrote:
>
> >I'm not saying that having a blobbed driver in-tree would be an
> >improvement - however, a machine that runs is likely to be an
> >improvement over one that doesn't, at least for a while (because, as
> >pointed out, bugs like blobs).
>
> I prefer looking at what's supported first and asked questions on the
> list about it BEFORE getting it and STICKING with supported hardware and
> EVEN lately, I go as far as ONLY getting hardware that is friendly to
> the project now, meaning providing documentations, etc.
>
> So, if everyone would do the same, I bet chances are that we might see
> more documentations available for various project, but hey,
> that's just me!
>
> The bottom line is I don't get hardware that is not supported by OpenBSD
> an by the way, ALL my Adaptec RAID shit is in the trash from last year!
>
> No more Adaptec here.

Hmmm, the one time I've actually run OpenBSD was because of an obscure
SCSI adapter that would only run Linux if the BIOS was disabled.
I didn't really want to depend on rebooting from a floppy.

As to why I lurk here, Do you really imagine that hardware that gives
OpenBSD troubles is going to be nice and friendly to everything else?
... And stay that way?
I even preorder a couple CDs just in case I ever really need to lay hands
on one. (Do you really want to FTP when you NEED it?)

What I'm vaguely familiar with and where my own errors dominate any
in the OS. It is of course worthwhile knowing what is right, even if ...

As to the blobbed drivers, is it better to fail early when there are options
or later after you have committed? Makes a good open question.

Re: (OT: PostgreSQL vs MySQL)

[Tony]

Chris Kuethe wrote:
> 
> On 06 Apr 2006 18:12:59 -0700, Randal L. Schwartz 
>  wrote:
> > Given the cost of programmer time (and the cost of lost data) vs the
> > cost of a slightly faster processor, is it ever really worth it even
> > if MySQL is *twice* as fast?
> 
> Yes.
> 
> Example 1: I feel like digging through some data that will be relevant
> for a short time, and a mysql database is the quickest/easiest way for
> to slurp stuff out and get answers. I sat in on a netflow tutorial
> last year at cansecwest. We were given a hundred megs of flows and
> told to find the problems. A minute later, I had a reasonable table
> put together, populated with data and was getting answers back.
> 
> Example 2: I have other mysql databases where I store syslog for later
> analysis. Sure, I have all the original logs on disk, but it's faster
> to knock something together with mysql knowing that I can reconstitute
> the database easily from the original data. My problem lies with
> syslog not always getting the data back to my log server, not with
> mysql sometimes losing it.
> 
> CK
> 
> --
> GDB has a 'break' feature; why doesn't it have 'fix' too?

I like those examples. 
Further, the more MySQL follows the "Standards" the worse it will work 
for your purposes, I'm thinking. 
In an ideal world, nobody makes any mistakes and everything is perfect.

If you made a field too short for some of the data which comes along
there are two different approaches as to how to handle the situation.
First is to identify the problem and roll back so that nothing even got 
started. This is what "real" RDMSs apparently do.
Second is to keep going and minimize the damage as best you can.
This is what systems that face the "real world" are forced to do.
If you use the first way and I can control a moving target of what
you must eat, I can keep you going forever. 

There was a crack in this about MySQL being an SQL-looking front end
to a file system. Actually very perceptive. You can use the filesytem
to move stuff around and get away with it very nicesly.

As to losing data, I suspect you'd lose a lot more
from PostgreSQL than MySQL on a failing hard drive.

Re: (OT: PostgreSQL vs MySQL)

[Tony]

Josh Tolley wrote:
> 
> On 4/7/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > As to losing data, I suspect you'd lose a lot more
> > from PostgreSQL than MySQL on a failing hard drive.
> 
> Any particular reason for that suspicion? I ask out of genuine
> interest, and I promise I don't want to start a flame war.
> 
> -Josh

It has to do with how much information other than that essential
to the data itself, and how sensitive a system would be to
corruption of that data. Any provision so that readers do not
interfere with writers requires a vastly more complicated
structure which must be much more sensitive to errors than
something that does not exist.

However, if there is redundancy, and you can take advantage
of that redundancy, the odds shift enormously.

Taking advantage is  non-trivial maybe the best term.

Re: Questions about 3.9 Installation on External USB Disk

[Tony]

Dave Feustel wrote:
> 
> 
> I got my 3.9 Cdrom set yesterday and today started installing
> it on an external usb disk so as not to wipe out my existing
> 3.8 setup. When I got to the disk partition, I erased the existing
> 'a' partition (dos) and created a new bsd 'a' partition. The partition
> had a default offset of 32 which looked odd to me, so I changed
> it to 64 and sized it to 1G. Then I created a 'b' partition. Again,
> the default offset was 32. That looked even odder to me, so
> I aborted the installation. A dmesg of the 3.8 boot (with external
> usb drive attached) follows at the end of this post.
Something is very confused. 
I do not believe an existing 'a' partition (dos).
What you really need is the disk geometry BEFORE you did whatever.
The OpenBSD 'a' partition is the root. It needs to be bootable
(id addressable) by the BIOS. It needs be be very small so that
everything required for booting fits inside the limits of the BIOS.
The BIOS likely uses CHS addressing. The exact limits depend on
which BIOS and which disk geometry. Generally hard drives went to
claiming 63 sectors per track very early to extend the limits.
Since the disks are small and NOT usually boot devices there is not
the need to use antiquated methods of extending addressable disk
space. In that case, 32 sectors per track seems a very plausible
number. It should make some internal addressing rather more readily
calculable with stuff being powers of two.

Partitions labeled a,b,c etc belong to an OpenBSD disklabel.
This is actually totally independent of what holds what are called 
DOS partitions (and I think these are numbered like 0,1,2,3 on OpenBSD.
The 
> 
> So is it possible to install 3.9 on an external usb drive and then to
> boot from that drive? Is the default 32 offset for a and b partitions
> on the usb drive correct? (I don't think so, but I am asking anyways
> since I have not used usb hard drives with OpenBSD before).
The offset should be whatever the drive wants to claim.
I think the number has to be somewhere between 1 and 63 and is really
one less than the number of wasted sectors at the beginning of the disk.
For some reason, Operating Systems seem to be unhappy unless they start
at the beginning of the track they start on. An offset that is valid for
one disk geometry is very wrong for a different disk geometry.
Do not decide it looks funny just because it's a different disk.


> sd0: 57231MB, 57231 cyl, 64 head, 32 sec, 512 bytes/sec, 

That is 32 sitting there.

Re: Questions about 3.9 Installation on External USB Disk

[Tony]

Dave Feustel wrote:
> 
> 
> On Sunday 09 April 2006 16:41, [EMAIL PROTECTED] wrote:
> > Something is very confused. 
> > I do not believe an existing 'a' partition (dos).
> 
> I bought the disk at Best Buy and copied a few files from
> /home/daf to test the disk. The files were copied to the
> usb-connected disk and stored in the fat file system already
> installed on the disk. I don't mind the fat file system on a usb flash
> disk, but I do mind a fat file system on a large usb hard drive.
> I wanted to replace the fat file system with default BSD 
> partitions/filesystems. I though I could kill 2 birds with one stone
> by installing OpenBSD 3.9 on the usb drive. Maybe this is not possible 
> with external usb drives. Until now I have had no experience with usb 
> harddrives running with OpenBSD, hence my caution.
> 
> Dave

I do not believe an existing 'a' partition (dos).
I do believe an existing dos partition, 
which is something very different from an OpenBSD 'a' partition. 

OpenBSD partitions are stored in an OpenBSD disklabel
Dos formatted disks do not have OpenBSD disklabels.

You can certainly install OpenBSD on the usb drive.
If your BIOS allows, you can even boot from it.

man fdisk   plays with DOS partitions
man disklabel   plays with OpenBSD partitions
They are NOT the same 

Re: Set up root partition as read only.

[Tony]

Joco Salvatti wrote:
>
> Hi all,
>
> To increase the security level of my OpenBSD system I have defined at
> /etc/fstab that the root partition should be read only. /etc/fstab
> follows:

Me, I just lurk here but:
1) if having / ro would actually improve security,
they would have done so long ago.
2) There are probably essential reasons why / cannot be read-only
on a useable system. Involving /etc, maybe.

You maybe can get the desired effect if you make / small enough
so there isn't room to write anything else.

>
>
> /dev/wd0a / ffs ro,softdep 1 1
> /dev/wd0g /home ffs rw,softdep,nodev,nosuid,noexec 1 2
> /dev/wd0f /tmp ffs rw,softdep,nodev,nosuid,noexec 1 2
> /dev/wd0d /usr ffs rw,softdep,nodev 1 2
> /dev/wd0e /var ffs rw,softdep,nodev,nosuid,noexec 1 2
>
> After rebooting my system I tested to check whether these settins were
> applied correctly:
>
> # cd /
> # touch test
>
>  When I ran ls the 'test' file was there. I mean, the ro flag that I
> had added to my root partition had no effect. Has anyone ever faced
> this?
>
> Thanks.
>
>
> --
> Joco Salvatti
> Undergraduating in Computer Science
> Federal University of Para - UFPA
> web: http://www.openbsd-pa.org
> e-mail: [EMAIL PROTECTED]

Re: 3.7: weird IP address problem

[Tony]

Toni Mueller  wrote:
>
> Hello,
>
> On Mon, 24.04.2006 at 15:30:55 -0400, Matthew Closson
> <[EMAIL PROTECTED]> wrote:
> > > [ wrong IP address ]
> > >What could that be, and why can't I see this address anywhere?
> > >
> > >I'd rather not reboot only to make a change in IP numbers effective...
>
> > Can you send us the output of "ifconfig ifname0" for example if
> you had an
> > fxp card then:
>
> unfortunately, I can't.
>
>
> But there were two IP addresse on there:
>
> The remaining, correct IPv4 address, and some IPv6 address. I've now
> also deleted that IPv6 address, but it's still no-go.
>
> > Also did you do this?
> >
> > ifconfig ifname delete inet alias aaa.bbb.ccc.ddd
>
> I did:
>
> ifconfig ifname inet aaa.bbb.ccc.ddd -alias
>
> and:
>
> ifconfig ifname inet aaa.bbb.ccc.eee
>
> which looks similar according to the manual. At least, the latter
> should overwrite any remnants of the original assignment.
>
> Trying to delete the already non-listed address yields:
>
> ifconfig: SIOCDIFADDR: Can't assign requested address
>
>
> I wasn't trying to delete an alias, but instead change the main address
> to the (former) alias, and then delete the original address.
>
> > route add default gw aaa.bbb.ccc.ddd
>
> What? The default gateway is already set, but to a quite different
> machine.

U, bit outa my league, but seems like in order to get to
a gateway on another machine, you must first go through an interface
(ie gateway) on your own machine. At least there seems to be something
of that nature in any routing tables I've seen.
Most likely in order to go anywhere you must first go through your
non-existent IP address.
I think that default gateway makes more than one entry in the routing
tables.

>
> As for the 'arp' and 'route' suggestions:
>
>  * No suspicious information turns up there. I only see remote machines
>in these displays anyway.
>
>  * The problem now persists for several weeks. Enough time for arp to
>time out in any case.
>
>
> Best,
> --Toni++

Re: Why advocate Old daemon book?

[Tony]

js wrote:
> 
> 2006/4/28, Theo de Raadt <[EMAIL PROTECTED]>:
> > > I wonder why http://www.openbsd.org/books.html still recommend old
> > > daemon book, The Design and Implementation of the 4.4 BSD Operating
> > > System?
> > > As most of you know, there's newer version, The Design and
> > > Implementation of the FreeBSD Operating System.
> >
> > Because the old book is still more relevant to what we do.
> >
> 
> I thought Changes from 4.4  BSD to FreeBSD  is 'upgrade' in many ways,
> and so is the books.
> 
> you're saying newer doesn't necessarily mean evolving, even in BSD world?
> or OpenBSD is 'obsolete' in some ways compared with FreeBSD?
> 
> I don't want to start holy war, but just out of curiosity.

The state of the art of computer science has gone (steadily?) downhill
for the last 30 (maybe 40) years.
The computers are bigger and faster, but the knowedge of what to do with
them has decayed.

There are a few pockets of resistance to the decay.

Re: Why advocate Old daemon book?

[Tony]

prad wrote:
[snip]
> (curiously, i've found on my system at least that some 
> things seem 
> to work faster on openbsd than freebsd.)
> 
Shouldn't be a surprise, really.
Efficiency is really more a case of never being too inefficient
rather that occasionally being very efficient. (ie hard.)
Anything take takes longer than it should is doing something
with that time, and it cannot be doing anything good.
OpenBSD is not designed to win benchmarks, but I wouldn't put it
out of the running, even for "high-performance" stuff.
It's also a matter of inherent design rather than "tweaking".

>From the old days, I had a choice of two card sorters, an old
one at 1,000 cards per minute and a new one at 2,000 cards per
minute. The newer faster model jammed often enough to make it
essentially break-even as to which was the better to use.

As the computers get faster, correctness will start to matter 
more than performance. Actually, the more performant, the more
that correctness will matter (handling the wreckage).
Now to get that correctness on modern high-speed stuff, your
best ally is likely the old slow hardware. Ironic?

Re: pf firewall question

[Tony]

S t i n g r a y wrote:
> 
> Now what i want to know , maybe is O T in this list
> but what is the diffrence , i mean pf in openBSD is
> refered to as a firewall for home or small offices ?
> why is that , i mean what is the criteria of an
> enterprise firewall what is the diffrence between pf &
> MS ISA / cisco pix or checkpoint ? 
> performance ? stability or features ?

pf in OpenBSD is what the developers use to protect their
own systems. As such it is probably better and stronger
than anything you can buy. 

What you can buy is a high price tag, maybe some hand-holding,
and probably a false sense of security.
There may be some features that are worth it. Maybe, Depends.

Documentation? Start with man 4 pf
There is also a PF User's Guide.

Re: style(9) and return statements

[Tony]

Nick Guenther wrote:
> 
> On 4/30/06, Matthias Kilian <[EMAIL PROTECTED]> wrote:
> > Hi!
> >
> > I wonder what the preferred style of return statments is -- for
> > returning simple values, both styles
> >
> > return foo;
> >
> > and
> >
> > return (foo);
> >
> > are used in the sources everythen and now. For me, the latter hurts
> > my eyes, since return just expects an rvalue which doesn't need
> > brackets (except for more complex expressions that actually need
> > brackets).
> >
> > In addition, return statements in void functions are just
> >
> > return;
> >
> > and not
> >
> > return ();
> >
> > (which wouldn't be syntactically correct)
> >
> > Simplified, the syntax is something like
> >
> > return_stmt::   RETURN ';'
> > |   RETURN expr ';'
> > ;
> >
> > So why do so many people put brackets around the returned expression?
> > And what's the preferred style for OpenBSD?
> >
> > Ciao,
> > Kili
> 
> I was wondering this myself last week, but I remembered that someone
> once said "check all the examples before deciding style(9) is silent
> on an issue" and so I did. The examples all use `return (expr);`. I
> didn't pursue it any further because in the two files I checked that
> was the style used as well, but now that I know not all programs are
> the same I wonder what the official word is?
> 
> -Nick

There is a
return (eight);
in man style.

I suspect that bad things can happen with macros
when you do only sensible things with parens.

Re: style(9) and return statements

[Tony]

Matthias Kilian wrote:
> 
> On Sun, Apr 30, 2006 at 03:44:13PM -0500, [EMAIL PROTECTED] wrote:
> > There is a
> > return (eight);
> > in man style.
> 
> But in err() context.
> 
> > I suspect that bad things can happen with macros
> > when you do only sensible things with parens.
> 
> Good point, but if a macro `foo' works with
> 
>   return (foo(x));
> 
> but not with
> 
>   return foo(x);
> 
> then the macro is broken, not the return statement.
> 
> Ciao,
>   Kili

Wonderful.
You have an unbroken return statement that does not work correctly.

If the macro is broken, anything built on top of it is broken.
(And it seems like macros are easily built initially broken;)

Re: Compilers make a system less secure?

[Tony]

Anton Karpov wrote
>
> > If he can break in as a lowly user uname -a will tell him what it is
> > anyway. And don't tell me we should disable that command or cause it to
> > lie because then I'll shoot you down another way.
>
>
>
> Re-read my message, please. I didn't tell he cannot stat os version and
> arch. But he may has to find similar os version and arch, to compile his
> code.
Hmmm, There's a lot more that I don't know about this stuff, but seems
like to whatever extent security by obscurity can actually work,
  (actually it is quite effective -- but it does have to be obscure
  -- obscure is very removed from ubiquitous (with whatever trappings))
you have a lot more opportunities with locatized "options" and such.
Intruder must compile elsewhere because the locally installed stuff
breaks the intruders stuff.
(gcc bugs as security enhancements?? -- yuck but probably effective)

Now, without an installed compiler, methinks you dare not even think
about any such. With installed and just horsing around, ???
>
>
> >
> > Back to the circus, Anton, you ain't funny any more. Pathetic is more
> > like it.
>
>
>
> Yeah, but you ARE quite funny. The man who cannot read emails carefully is
> always funny

Actually the opposite.
They know enough to make asnwers which are legitimate regardless of
whatever it is they are in reply to. (As opposed to ...)

Re: Compilers make a system less secure?

[Tony]

Anton Karpov wrote:
> 
> Noone here talks about attacking a compiler ;)  We're discussing 
> differences
> for attacker, depending on compiler available or not.

They should.
There is a classic by Ken Thompson (I think) about using a compiler
to create a back door which has no traces in the source of either
the compiler or of the back-doored module.

Something about who can you trust.

Re: 3.9, su command: bug or feature?

[Tony]

Cristiano Deana wrote:
> 
> Hi,
> i'm new on OpenBSD. I just installed 3.9 (one week ago sources) 
> and i got this:
> 
> $ uname -rs
> OpenBSD 3.9
> $ su
> Password:
> you are not in group wheel
> Sorry
> $ whoami
> cris
> $ id cris
> uid=1000(cris) gid=0(wheel) groups=0(wheel)
> $ grep cris /etc/passwd
> cris:*:1000:0:Cristiano Deana:/home/cris:/bin/ksh
> $ grep wheel /etc/group
> wheel:*:0:root
> 
> Notes:
> * 'sudo' correctly found me in 'wheel' group
> * if i add 'cris' in /etc/group at wheel's line it works
> * adding 'cris' user i have choosen 'wheel' group, not a different
> group and then added to wheel
> 
> Thanks in advance for explanations.
> 
> --
> Cris, member of G.U.F.I
> Italian FreeBSD User Group
> http://www.gufi.org/

I'm pretty much a newbie re OpenBSD, but that looks a lot
like you claim wheel as a group, but
wheel does not claim you.
Probably would have essentially identical behavior on any BSD/Linux.
Flames/clarifications invited if I'm wrong.

Re: disk bad block

[Tony]

Paulo Manoel Mafra wrote:
> 
> Hi misc,
> I would like to create a large partition on a disk, but this disk has a 
> known bad block. How could I create the partition without the bad block ?
> One solution is to create two partitions without the bad block and use
> ccd. Is there another solution ?
> 
> And is there any way to "isolate" some bad blocks on an existing 
> partition?
Somehow create a file which occupies those blocks.
Preferably including neighboring blocks.
Do not EVER delete or use the file.

> I know that I should buy another disk :-)
Yes, it almost certainly has other problems.
For a long time, drives will show a bad sector only when the hardware
has run out of spares in the neighborhood. When it shows a bad block,
there is more that one problem already on the disk.
Probably useful as a learning experience watching a disk slowly go bad.
However you do not want to put your only copy of anything important on it.

> 
> Thanks
> 
> 
> Paulo Manoel Mafra
> LCMI - Laboratorio de Controle e Micro Informatica
> Departamento de Automagco e Sistemas - UFSC

Re: Magic numbers, signed binaries (Re: Compilers make a system less secure?)

[Tony]

Otto Moerbeek wrote:
> 
> Key mananagement is the most important part. The part that
> continuously will require time and attention from a lot of people, and
> the part that will cause the headaches. The part where the errors
> will be made.  System managers experiencing problems and needing to
> get systems up and running will find ways to "make it work" and as a
> result kill the protection. 
> 
>   -Otto

The kind of protection that works exactly as long as you don't need it.

Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?

[Tony]

Security is not having to say "how high?" when someone says jump!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Miroslav Kubik
Sent: Monday, August 29, 2005 4:54 AM
To: misc@openbsd.org
Subject: Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?


In my opinion, it is better to have it disabled as default. Nothing is
without bugs. So if we want most secure OS we should disable this function.
If you need it. Enable it.

MK

- Original Message -
From: "Han Boetes" <[EMAIL PROTECTED]>
To: 
Sent: Monday, August 29, 2005 11:32 AM
Subject: Re: Shouldn't OpenBSD X11 come out with "-nolisten tcp" as default?


Vladislav Belogrudov wrote:
> I thought it would make sence for most secure OS.
> One port less listening the World.

It's not a security problem to have an open port. It's a security problem to
have a bad server listening to an open port.

And since nobody knows about a problem with the X server, not even the
people
who have very deep knowledge about X and about security you can safely
assume
it's OK to have that port open by default.

Now if you don't trust any of all those experts and you want to close that
port
for your own machine that's fine, but don't ask the experts to trust on your
intuition while they are providing the OS in the first place.



# Han

RE: Re: Portmap non-local set / unset attempt

[tony]

>Security is everything you've ever said, plus a
>process.

No. security does not require the process.
Attempted security (that doesn't quite work) requires a process.
Like the difference between does work and should work.

RE: Re: Portmap non-local set / unset attempt

[tony]

Making is a process.
Toast is not a process.

>- --- Original Message --- -
>From: [EMAIL PROTECTED]
>To: misc@openbsd.org
>Sent: Fri, 23 Sep 2005 02:30:10
>
>[EMAIL PROTECTED] wrote:
>
>>> Security is everything you've ever said, plus a
>process.
>> 
>> If it is secure, it doesn't need a process. So
>why would security be a
>> process again? Because of the vendors making
>"mistakes" and fix it later?
>> 
>> Jimmy Scott
>
>It is a "process" in the same way that "making
>toast" is a process.
>The purchase of a "bread-crisping solution" that is
>UL-certified to not
>set your house on fire is the contribution of the
>"engineering" and
>"product development" stages.  In common usage,
>using this "solution"
>to toast your morning snack will produce crispy
>bread and will not
>produce a howling conflagration.  However, note
>that it is still very
>much possible to ignite your domicile by soaking a
>rag in lighter fluid,
>stuffing it into the bread-toasting slot, and
>jamming the switch closed
>with a butter knife.  For a less extreme example,
>it _may_ be possible
>to cause a fire by leaving a towel too near the
>toaster while it is
>operating, something which is easy to do and all
>too common.
>
>Having a morning snack and an un-burnt house at the
>same time, then, is
>contingent upon two things - possessing a toaster
>of adequate quality,
>and using it properly.  You don't get to have the
>whole package without
>a) looking for a good toaster in the first place,
>and b) learning how
>to use it.  Security operates similarly:  one boner
>mistake on anybody's
>part - coder, engineer or administrator - and your
>"security" vaporizes
>_instantly_.  Go read some of Bruce Schneier's
>screeds on the subject,
>they're informative.
>
>So yes, security most certainly _is_ partly a
>"process", various
>opinions to the contrary notwithstanding.  It is
>identical to the
>process of locking your doors and checking your
>windows before you
>go to bed at night, or of making sure that you're
>not stuffing a paper
>towel or a cardboard box top in your toaster in the
>morning before
>you've had coffee.  You could call it "habitual
>prudence", I suppose.
>
>Of course, computers being based on hard-core
>determinism and Boolean
>logic, a higher standard is possible.  I note in
>passing that the
>security of every operating system in common use
>(including OpenBSD) is
>_unproven_ [1], with the possible exception of
>Coyotos.  Asserting
>something that is unproven and which may actually
>be impossible to prove
>("X is more secure than Y") is not a good idea.  In
>other words, don't
>toss shit at the vendors unless you can _prove_,
>from a chain of
>irrefutable deduction, that your proposed solution
>is "more secure" than
>theirs.  (Something which is likely impossible, due
>to OpenBSD's design
>and the language in which it is written.)  Hint: 
>the manpower,
>brainpower, and computing power needed to
>accomplish this task _even if_
>it is possible is probably going to exceed anything
>you're willing to
>marshal to that end.
>
>Theo is right about one thing, however:  Bugs and
>security flaws arise
>from mistakes, every one of which is avoidable. 
>There are no "new"
>classes of bugs or design flaws, essentially every
>one has been
>generally known of and understood for decades.  It
>is only sloppy
>practices - dare I say it, "bad processes" - that
>permit these bugs
>to creep into various codebases and multiply.  The
>cure for this
>problem is "better processes".  The "easy" cure is
>for these processes
>to entail continuous auditing (the OBSD solution). 
>The harder cure
>is to work on establishing and maintaining a
>process that incorporates
>rigorous proof as a necessary component.  We may
>not ever see that, but
>hey - it's nice to dream, isn't it?
>
>-- 
>(c) 2005 Unscathed Haze via Central Plexus
><[EMAIL PROTECTED]>
>I am Chaos.  I am alive, and I tell you that you
>are Free.  -Eris
>Big Brother is watching you.  Learn to become
>Invisible.
>| Your message must be this wide to ride
>the Internet. |
>
>[1]  Rigorous proof, that is.  Anecdotal evidence
>does not establish
>proof of anything whatsoever.

RE: Netgear WG311 v3

[tony]

Quoth [EMAIL PROTECTED]
>These cards don't seem to be ath anymore.
>
>The relevant bits from my dmesg.
>
>rl0 at pci1 dev 0 function 0 "D-Link Systems
>530TX+" rev 0x10: irq 11 address 00:11:95:24:6a:0d
>rlphy0 at rl0 phy 0: RTL internal phy
>rl1 at pci1 dev 1 function 0 "D-Link Systems
>530TX+" rev 0x10: irq 5 address 00:11:95:24:6a:0c
>rlphy1 at rl1 phy 0: RTL internal phy
>vendor "Marvell", unknown product 0x1faa (class
>network subclass ethernet, rev 0x03) at pci1 dev 2
>function 0 not configured
>
>Thought you all might like to know. Thrice cursed
>vendors. Lucky for me it was an incredibly cheap
>impulse buy. 
>
>Ray
>-- 
>BOFH excuse #326:
>
>We need a licensed electrician to replace the light
>bulbs in the computer room.

First "Thanks", which you don't hear very often.

Second, it seems that this list is the best (best that I know of) available 
intelligence about the state of hardware. Not as an OpenBSD user, but as a user 
of most everything else. Anything that gives OpenBSD trouble, it's just a 
matter of time before it gives me trouble where I care about it. I doubt that I 
am alone, and most of us tend to keep our yaps shut.
I would love to have the information organized and digensted for me, hardware 
compatibility lists make some attempt to do this, but the intelligence value 
comes from reading betwen the lines and is based on human reaction and opinion. 
Anything "organized" is too easily astroturfed.

My experience with OpenBSD is limited, however. 
3Com NIC on NT Server suddenly decided to work very poorly. Best help I could 
find was OpenBSD archives. Intel Pro NIC and problems went away. Actually did a 
repeat performance.
Consensus seems to be 
Peculiar Adaptec SCSI controller (I understand Adaptec used to make good 
products) card would work with Linux only with SCSI BIOS disabled. Worked with 
OpenBSD with BIOS enabled.
OpenBSD has an attitude, knows quite a bit about hardware, and is probably well 
worthwhile listening to regardless of OS. There is of course much more that I 
do not know than I do know, but in a few cases I do know enough that OpenBSD 
and expecially Theo seems to have a knack for being dead accurate.

If security matters, OpenBSD "gets it". 
If security matters, you do NOT get compromised machines at a nickle each.
If security does not matter, there are a number of stupidities which are very 
ill advised.

[ ] Always trust OpenBSD.

RE: Re: sh-script executing

[tony]

The editing is perfectlty safe.
It is the reading of a file that is being changed that is unsafe.

Of course there's Microsoft Windows.

>- --- Original Message --- -
>From: [EMAIL PROTECTED]
>To: misc@openbsd.org
>Sent: Fri, 7 Oct 2005 09:39:47
>
>OM> I know this behaviour form every Unix system
>I've worked on. Besides,
>OM> the nice thing about the current way of doing
>things is that you can
>OM> read a script form a pipe and have the desired
>behaviour without any
>OM> special case code.
>
>This behavior has any advantages for regular files
>? Compatibility ?
>
>  If so, do any editor has option to safe editing
>for this case ?
>(of course, I always can do editor wraparound).

Re: FileSystem Corruptions? Very important Files at stake.

[Tony]

The first thing to do is to copy the drive with the photos
to fresh disk space before further damage is done to the originals.
Expect recovery to be long and painful even with some tools
to make it easier.

There are people here that know a lot more about this than I, but the
first thing is to get lots of accessible disk space in which to put:
1) the raw image of the original disk
2) the raw images of the disk partitions (dos partitions, that is)
3) the raw images of the disk partitions (obsd partitions, that is)
4) space in which to attemp reconstructions of what was supposed to be
there.

If you really know what you are doing, you can probably get away
with omitting some of the above.

Make accurate notes of what is where in what order etc.

Good luck.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Justin Wong
Sent: Saturday, October 08, 2005 4:46 PM
To: misc@openbsd.org
Subject: FileSystem Corruptions? Very important Files at stake.


Hi, I was wondering if you could help me.
After searches on the internet turned up nothing, I found your site about
your love for OpenBSD. My problem is that when I boot, I get an error
/dev/rwd0a BAD SUPER BLOCK: VALUES IN SUPER BLOCK DISAGREE WITH THOSE IN
FIRST ALTERNATE.
Then, on the same 13 gig drive, the error,"
/dev/rwd0a UNEXPECTED INCONSISTENCY RUN fsck_ffs MANUALLY"
. Later on, I also get an error from my other HardDRive which is a 200 gig
Seagate. This drive is also getting many errors. I did not realise it, but I
guess I had formatted it in NTFS. This HardDrive contains many files of
which are very important (3 years worth of files and a few thousand family
photos).

The only thing I can remember that might be related to the error is that the
computer would not shut down the previous night. I am relatively new to
OpenBSD so I shurgged it off as I held the power button down. I made sure
the HDD activity light was off.

I am using OpenBSD 3.7.
When I type "login" I get a #sh not found error and it seems to continue.
>From there I get thousands of errors where the computer tells me to fsck.
>From my view, it looks like both filesystems became corrupted. I really
need
these files.
A liveCD of Ubuntu doesn't seem to be working as it can't read the 200 gig
drive. The 13 gig drive comes up with a nod error every couple or so nodes
with fsck. Ubuntu won't even read the 200 gig drive. Can you please help me
at least to recover hte files? Any suggestions would help. THe computer is a
500Mhz K6 with the 13 gig drive run as master and the 200 gig drive as
slave. Some of these files are photographs of my now deceased grandfather
and are very important.
Thank you for your time.
Justin Wong.

--
$ cat "food in tin cans"
cat: cannot open food in tin cans

Re: RAID for dummies

[Tony]

Quoth J Moore
[snip]

>And I'm suggesting that trying to be an expert in everything is not a 
realistic goal... why pick up a scalpel at all (to "haul your butt out 
of the fire") if your neighbor has invested years in becoming a thoracic 
surgeon? If surgery is required, I would choose to let the experienced 
surgeon haul my butt out of the fire, and concentrate my energy in my 
field of interest. Sorry if I confused you on that point.

If my neighbor has invested years in becoming a thoracic surgeon, I 
still have the problem of knowing that it is his expertise that I need.
If I do need his services, how much knowledge of his field should I
know for my own protection and so that I can make rational choices?

In the case of RAID, just how effective is the magical incantation?
Everything I've seen on this list by people who should know (that's
the people who have survived disasters rather than wondering what
happened to them) indicates that RAID has become a sales gimmick for
customers with more dollars than sense, and unless handled extremely
carefully is slower, much more likely to fail catestropically, with
marginal gain in accessibility. The main problems are in rebuilding
a failed disk and in extremely long downtimes while rebuilding.

You don't need to be an expert in everything, but you do need to know
enough to know when an expert is needed. Anything that claims that no
expertise is needed when in fact expertise is needed is no friend.

Re: Non Developers allowed to ask questions ?

[Tony]

There is a legitimate use for top posting.
Deletion and/or answer of message in 10 to 15 seconds or less.

The stunt is essentially the same as stuff in newspapers.
The reporter writes. The editor puts as much as will fit in the alloted
space and ignores the remainder without even looking. The readers read
as far as they like and then stop reading.

Top posting totally messes up any attempts at coherent follow-ups.
Hmmm, does that expain some of the problems with media?

If I had another point to make, I have run out of space in which to make it.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Kevin .
Sent: Tuesday, October 18, 2005 5:41 PM
To: misc@openbsd.org
Cc: [EMAIL PROTECTED]
Subject: Re: Non Developers allowed to ask questions ?


>there seems to be some unwritten rule that users (not to be confused
>with developers) are not allowed to ask whether certain things are
>supported in OpenBSD or when these items are likely to be available,

Nope--not at all. Stupid questions that show a lack of research and/or lack
of supporting documentation (like a dmesg when required) are seriously
frowned upon though. In fact such posts usually just get ignored.

The minimal rules (for the record) are:

1) Top posting is nearly always bad. Consider emails you're sending as if
they're being published in a book.

Books make sense read from top to bottom.  This is particularly important
for logic-flow in the lists when multiple parties get involved.

2) Check at *very* least the following various resources before posting:
http://www.openbsd.com/faq/
ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt (for PF questions)
http://www.openbsd.com/plat.html (for your respective hardware)
http://www.google.com (do at least the basic research to see if it has
been discussed)

3) Holy wars and similar philosophical debates are nearly always useless. In
fact aside from those for yanking out crappy software / licenses, I can
think of not one instance where one has been anything BUT useless. Messages
like that should go to /dev/null instead of the list. You'll feel better and
so will we. ;-)

4) Never ask for driver or software support that doesn't include offers to
provide:

- free or at VERY, VERY least absolutely-no-strings-attached loaner
hardware
- offer to fund development

Most developers have 'day jobs.' This ain't Microsoft where people punch
clocks.  These guys are doing this because it's fun and because they use it
themselves.

Asking for development of something complicated like drivers (especially for
some old trashy ISA NIC for instance) brings no one joy when they themselves
have no use for it. Follow?

Most of them--like the rest of us sane folk--would rather be doing something
fun and/or useful to *themselves* when finished.

Last footnote: when requesting support, include _brief_ reasoning why
(particularly in context of it benefitting the entire community) it would be
good for all, and it's M-U-C-H  more likely to get attention than, "Uh...
anyone working on this?"

5) If you get no answer, consider it an implicit "no". For a dozen people to
stand up and say, "no," makes no sense, right? It takes time away from
coding and just makes noise.

6) Barring that, an off-list note to a developer responsible for something
similar **may** also make sense. Particuarly if there's cash and/or hardware
attached.

>So where does one post questions *after* having read the FAQ etc
C'mon. That depends on the question. If it's related to php5 you're probably
better off with ports@; alpha specific comments should probably go to alpha@
and so on.

>If I was a developer I'd be posting to the tech@ list woudln't I.
Maybe. Maybe not. Many developers post things to misc. Think about your
audience and who's most likely to benefit from your questions / comments.

Any notions that anyone here is somehow beholden to you (that being the
universal you, not you specifically) have got to go.

By using the list, we're each asking for help from a tremendous resource of
hundreds (thousands?) of people including the very developers themselves of
your OS. We're getting support for the bargain price of free just for the
asking. In exchange one must be reasonable. You'll never, ever get this from
Microsoft or Cisco. There you'll get shuffled around on the phone for hours,
talk to someone useless, get no answer, and more likely than not be $195
lighter in your loafers for the trip.

As I think most fellow misc@ listers will agree, an email with such
questions certainly *leans* towards being hostile or at least
passive-aggressive / accusatory. I'll afford the courtesy of benefit of the
doubt. With that in mind if one doesn't get the response one wants, chances
are the answer is "no."

Now it's time to look to consider marshalling resources for a hardware/cash
donation if you *really* want it done or to begin looking for another
solution better suited to your needs. For some people that means 

RE: Re: Non Developers allowed to ask questions ?

[tony]

On Wed, 19 Oct 2005 14:06:11 
[EMAIL PROTECTED] wrote:

>On 19/10/05, [EMAIL PROTECTED]
><[EMAIL PROTECTED]> wrote:
>> There is a legitimate use for top posting.
>> Deletion and/or answer of message in 10 to 15
>seconds or less.
>
>Nonsense. Just because your MS Outlook does not
>support or is not
>configured to support bottom-posting, doesn't mean
>that you should
>find some invalid excuses for top-posting.
>
>Cheers,
>Constantine.

Since I am replying to your reply,
I think I maybe stand corrected.

This is lame enough sitting here.
It does not work as a top post.

Microsoft makes it easy.
Easy to do it stupid, I'm beginning to think.

RE: Re: Non Developers allowed to ask questions ?

[tony]

On Wed, 19 Oct 2005 10:07:47
[EMAIL PROTECTED]
>
>On Wed, 19 Oct 2005 14:06:11 +0100
>"Constantine A. Murenin" <[EMAIL PROTECTED]>
>wrote:
>
>> On 19/10/05, [EMAIL PROTECTED]
><[EMAIL PROTECTED]> wrote:
>> > There is a legitimate use for top posting.
>> > Deletion and/or answer of message in 10 to 15
>seconds or less.
>> 
>> Nonsense. Just because your MS Outlook does not
>support or is not
>> configured to support bottom-posting, doesn't
>mean that you should
>> find some invalid excuses for top-posting.
>
>With a sig like mine I coudln't resist a resounding
>"me too" on this
>one;-)   My sig concisely demonstrates in a
>nutshell why top posting is
>problematic, if not an all out pita.
>
>
>Before johnny-come-lately M$ decided to jump on the
>interenet bandwagon
>w/ their lame software top posting was completely
>unheard of.  I've
>been using Unix since '81 so I think I can say this
>w/some certainty.
>Top posting is just a lame excuse offered by lame
>software developers
>who wrote a lame mua w/o bothering to read any
>rfc's, research
>conventions, etc. prior to doing so.  A point
>obvious to those who cut
>their teeth on *nix rather than M$.
>
>
>
>-- 
>Best regards,
>
>Ken Gunderson
>
>Q: Because it reverses the logical flow of
>conversation.
>A: Why is putting a reply at the top of the message
>frowned upon?

Ok, OK. This would not work in top posting.
And the complexity of this is essentially trivial.

Microsoft is good for someone with no knowledge or 
skill throwing something into Word or Outlook and 
having something come out looking quite presentable. 
But woe to anyone who actually cares critically what 
it looks like. 

> Yep. If you're stuck on an M$ platform for whatever reason 
Yep. The question is when and how to jump. Maybe why.
To what "should" matter, but I suspect that how you
go about it, and the expectations probably matter more.

Nasty question. Which works better (or worse depending
on your viewpoint), thinking Linux and using OpenBSD,
or thinking OpenBSD and using Linux?

[rant]
Security should be a reason, but I cannot put security 
mattering in the same universe as five cent compromized
computers. My impression of NT4 was that it was 
unsecurable, so I didn't. My impression of XP is that
it is guaranteed insecure. My users do NOT "click on
everything". Analogies to babies putting everything into
their mouths probably have something to do with it.
Hiding stuff from users seems like a fatally bad idea.
Hiding error messages from users is maybe not a good idea
either. Just because the dumb computer thinks it has a
problem does NOT mean that the intelligent user has a
problem. Everything I've seen indicates that intelligent
user/dumb compuer is the way to play it. Moreso as the
computers get bigger, faster, more complicated. Intelligent
computer has the fatal flaw that the computer does not
know what the computer does not know. A bit like the
flat=earth society where the edge is not visible from
the inside.
[/rant]

With a wee bit of editing, bottom posting is quite workable.
(I've got too much work related where top posting (like
Done.) is necessary. For this list, it is emphatically worth
the trouble. As simple and straight-forward as this is, I 
defy anyone to translate it intelligently into top-posting.
Top posting is designed to terminate conversations.
Bottom posting encourages continuing and exploring various
alternatives. If I were actually talking about something
relevant, bottom posting gives many places to attach
something. Since I am not distracting with relevant stuff,
we can play with the structure of the beasties temselves.

FWIW. I LIKE this list. I like the way you all think.

Not nearly as concise as your sig ;)

Re: 10 things i hate most on unix

[Tony]

Quoth Gustavo Rios Saturday, November 05, 2005 8:40 PM
> 
> Hey folks,
> 
> sorry, but i found this on the web. May someone tell if it is serious,
> i myself could not believe it.
> 
> http://www.informit.com/articles/article.asp?p=424451&seqNum=1


"UNIX was a terrific workhorse for its time, but eventually the old nag 
needs to be put out to pasture."

Seems to me that Unix has outlived its betters, notably Multics.
The end of Unix has been proclaimed for ages.
I think there are many legitimate gripes about Unix.
I doubt that you will find any in said article.

Unix is deceptively simple. And deceptively powerful.

RE: Re: OT: 10 things i hate most on unix

[tony]

[EMAIL PROTECTED] wrote:
>
>On Sun, Nov 06, 2005 at 12:40:12AM -0200, Gustavo
>Rios wrote:
>> Hey folks,
>> 
>> sorry, but i found this on the web. May someone
>tell if it is serious,
>> i myself could not believe it.
>> 
>>
>http://www.informit.com/articles/article.asp?p=4244
>51&seqNum=1
>> 
>
>Looks like a rehash of
>
>http://research.microsoft.com/~daniel/unix-haters.h
>tml
>
>with its Anti-Foreward by Dennis Ritchie. Whether
>you think it is
>humurous or not is of course up to you. I thought
>it was funny when
>I read it '94.
>
> Ken

Looks like a good book. Thanks.

from the Preface "Deficient by Design"
"Being small and simple is more important 
than being complete and correct"
"You only have to solve 90% of the problem."
"Everything is a stream of bytes."

"Despite a plethora of fine books on the subject, Unix security remains an 
elusive goal at best."
There is an obvious implication for Windows security.

"These attitudes are no longer appropriate for an operating
system that hosts complex and important applications"

The gripes may be legitimate, but really, are we any closer
to finishing that last 10% than we were 40 years ago?
Before there even were such things as operating systems
and editors and such.
Probably the real reason to hate Unix is that it has
outlived its betters, and will most likely continue to do so.

Somehow the assumption that you have 100% (when only 90% 
is attainable) seems to be eventually fatal.

RE: Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[tony]

[EMAIL PROTECTED] Tue, 15 Nov 2005 08:20:07
>
>On Tue, Nov 15, 2005 at 10:23:00AM +0100, the unit
>calling itself Henning Brauer wrote:
>> > 
>> > 'adjusting local clock by XXs'
>> > 
>> > The word 'by' is a preposition with a specific
>meaning in the context of 
>> > its use... it means "in the amount of"... but
>that's not what it means 
>> > here, is it? No, it does not. Therefore, the
>log entry is *inaccurate*. 
>> 
>> it is perfectly accurate. it says "adjusting by",
>and that is what it 
>> does.
>> it does not say "hard setting" or anything.
>> I won't change the log message, case closed.
>
>It *is* an inaccurate statement of what ntpd is
>doing to the system's 
>time. ntpd is your product - if you're happy with
>this little flaw, then 
>that's fine - leave it as is. But again, "The
>emperor has no clothes!"
>
>Jay
>
>PS - It would seem "mind closed" would be more
>accurate description of 
>this situation than "case closed", eh?

The message is 'adjusting local clock by XXs'
The message is NOT 'adjusted local clock by XXs'

It's been a long time since English classes, but seems like 
'adjusted' refers to something that has been done, 
while 'adjusting' refers to an ongoing operation.
There is no reason to assume that something that 
'adjustinjg' refers to a completed operation.

RE: Re: slightly OT: TCP checksum and RFC conformity

[tony]

[EMAIL PROTECTED] wrote:
>Hi,
>
>Damien Miller wrote:
>...
>> [EMAIL PROTECTED] djm]$ netstat -sp ip | grep -E
>'(bad.*checksum|total packets)'
>> 61092730 total packets received
>> 0 bad header checksums
>> 
>
>wouldn't netstat -sp tcp | grep -E
>'(bad.*checksum|total packets)' give 
>the output of interest?
>
>(uptime 10 days on my slow ADSL link)
>netstat -sp ip | grep -E '(bad.*checksum|total
>packets)'
> 2448320 total packets received
> 0 bad header checksums
>netstat -sp tcp | grep -E '(bad.*checksum|total
>packets)'
> 23 discarded for bad checksums
> 0 bad/missing md5 checksums
>
>Doesn't this mean that 23 errors were not detected
>by the link layer 
>(probably because the errors were introduced some
>hops away from me) and 
>only the TCP checksum catched them?
>
>I hope you're right and it's not a reliability
>problem in practice.
>
>regards,
>Andreas

Flames invited if I'm wrong, but I think that it
means that 23 packets were discarded for bad checksums
Those 23 packets were discarded BEFORE being seen by the
next layer up.
Of course that may be just wishful thinking.
One easy stunt would be to generate correct checksums going
out for whatever garbage seems to have been received.
Repeat. Flames invited. Who/what do you trust?

Re: timekeeping on Soekris net4801 w/ ntpd. 3.8

[Tony]

Ted Unangst:
> [i was trying to stay away, but can't.]

I've never really trusted prepositions ;)
By and by, stand by that clock and adjust it by 30 minutes,
by whatever means and by whatever rubric you deem appropriate.
By which direction, I wonder.

> On 11/18/05, J Moore <[EMAIL PROTECTED]> wrote:
> > On Wed, Nov 16, 2005 at 09:58:28AM -0800, the unit calling
> itself Greg Thomas wrote:
> > > What part of adjusting do you not understand? Nowhere in the
> log message
> > > does it say that that adjusting is finished. You are just
> being obnoxious
> > > for obnoxious' sake because you didn't get your way.
> > >
> > > Greg
> >
> > No, Greg - I'm not trying to be obnoxious for obnoxious' sake - are you?
> > What part of the definition of the word "by" to you not understand?
> >
> > Have you looked the word up in a dictionary? Have you imagined yourself
> > in a situation where you were standing in front of a clock, and someone
> > said to you, "adjust that clock by 30 minutes, Greg."
>
> the log message says "adjusting".  that's the present participle (not
> to be confused with gerunds).  it means "not done yet."
>
> q: "what are you doing in front of the clock?"
> a1: "i adjust the time (this instant only)" -- no
> a2: "i adjusted the time" -- no
> a3: "i will adjust the time" -- no
> a4: "i'm adjusting the time" -- we have a winner.  will you be done
> adjusting the time the instant that the sentence is out of your mouth?
>  or will the adjusting [gerund form here] continue for some time after
> the statement is issued?

Re: "FileSystem" versus "File System"

[Tony]

J.C. Roberts wrote:
> I went looking for HIER(7) but didn't know it's name, so I stuffed the
> words "file system" into an Apropos keyword search and got nothing.
> 
> http://www.openbsd.org/cgi-bin/man.cgi?query=file+system&sektion=0
> &manpath=OpenBSD+Current&arch=i386&apropos=1&format=html
> 
> Damn, I _KNOW_ the darn thing exists because I've read it before. After
> think about it, I tried an Apropos search for the keyword "layout" and
> finally found HIER(7).
> 
> The think I found interesting is that HIER(7) uses the term "filesystem"
> without a space, while other man pages use "file system" with a space.
> 
> Other documentation on the OpenBSD.org web site also shows both
> spellings are used in fairly equal measure:
> 
> Google:
> Results 1 - 100 of about 347 from www.openbsd.org for filesystem.
> Results 1 - 45 of about 534 from www.openbsd.org for "file system"
> 
> My question are:
> (1) Are patches even wanted to standardize on one of the two?
> (2) Which do you think is more correct?
> 
> There's no sense in me spending the time to create and send
> documentation patches if the discrepancy is a considered non-issue.
> 
> Kind Regards,
> JCR

man 2 mount claims filesystem
man 8 mount claims file systems
man fstab claims filesystems
man fsck claims file system
man growfs claims file system
man hier claims filesystems
man tunefs claims file system
man newfs claims file system

man mount_ffs claims File System
man mount_xfs claims filesystem

The distinctions do not look accidental. There is a fine line 
between one-word, low-emphasis "filesystem" and the two-word
higher emphasis "file system".
mount_ffs belongs in a class by itself with 
"Berkeley Fast File System"
"Berkeley Fast Filesystem" -- does NOT feel the same.

Similarly,
hier - layout of File Systems -- looks WRONG  
  A sketch of the File System hierarchy. -- worse?

Looks like any attempt to use one spelling for all forms
would make a number of things worse.

Re: Updated CCD Mirroring HOWTO

[Tony]

J.C. Roberts wrote:
> To the rest of list users; Please pardon another long email from me on
> this. Helping reasonable people like Robbert understand why many people
> consider "HOWTO's" to be harmful is hopefully worth the added noise and
> bandwidth.
>
>
> On Sat, 26 Nov 2005 10:57:12 +0100, Robbert Haarman
> <[EMAIL PROTECTED]> wrote:
>
[snip]
> >> If end-users are lazy and want to take the easy way out, they should
> >> go back to using linux and MS-Windows. They are not welcome here.
> >
> >That's a pity. I personally think OpenBSD is the _only_ operating system
> >that takes security as seriously as it should be taken, and it would be
> >in everybody's (well, almost everybody's) best interest if they used it.
> >There is nothing wrong with the project not wanting certain users, but
> >it leaves these users with a choice among evils, which is a pity.
> >
>
> Both security and reliability are really nothing more than a byproduct
> of correctness and well informed decisions.


That's the point.
Note the "nothing more". And the "byproduct".
If you throw away the correctness, and the effort it requires,
the security and reliability won't be around for long.

Yes, OpenBSD is the _only_ operating system that takes security as
seriously as it should be taken. Consider the why of OpenBSD's
accomplishments. Remove the why and you remove what they accomplished.
Use OpenBSD and think like Windows and get Windows security.

Re: Updated CCD Mirroring HOWTO

[Tony]

Daniel Ouellet wrote:
> In all these:
>
> >>I'm going to take this thread for what I think it is... the old guard
> >>telling us youngin's that our efforts are appreciated, but we've got a
> >>bit more to learn about how things work, and how to write good
> >>documentation, before we're really ready to jump into these things the
> >>way we have been lately.  I've noticed a decent drop in the number of
> >>"How do I get PPPoE working" and "How do I get Apache+MySQL+PHP working"
> >>questions on the list, which is what prompted Daniel to create
> >>openbsdsupport in the first place, so in a way, we've been successful in
> >>what we set out to do.
> >
> >
> > I may seem overly critical in debate but I still believe the work of
> > Daniel Ouellet and the HOWTO writers has been a worthwhile experiment.
> > Though it has opened the door for the blind leading blind, only by
> > experimenting with new ideas will one be able to prove or disprove their
> > validity and in the process, you might learn something unexpected.
> >
> or
> quote "Are you subscribed to newbies?  We don't do the bullshit like the
> HOWTOs or openbsdsupport.org.  We teach you how to help yourself. The
> answers come with learning, so you can be a better admin."
>
> There is many sad facts and true factors from both sides. Users have to
> and should look for informations and the proper way of doing things.
> Hopefully the fact that they decide to switch their OS to OpenBSD may
> open the light a bit and may have become a bit more critical to security
> anyway, so one would think they wouldn't jump on the first document they
> find and just do cut and paste. But the fact of life is also that you
> can be sure some will for sure just do that!
>
> Other may read some documents and see something in it that haven't seen
> before and pick their curiously to go look why that is and actually
> improve their learning. Not the majority I agree!
>
> So, nothing is perfect and never will be!
>
> Is it better to provide some help to some users to get them started, or
> does it hurt them for not forcing them to dig in vain to fine something
> they would get easier. Will the results favor the laziness, or the
> curiosity! I wish I knew that answer! Who are lazy, most likely will
> stay that way. Some that are incline to change, may well see it as
> useful and change, who are doing their homework will take it for what it
> is, an other source of information and grab anything, or nothing they
> see fit from it, and finally who ever know it all, will see it as a
> waist and not look at it, why should they anyway! So, where you fit,
> will dictate your point of view on the subject I guess.
>
> Does it mean it shouldn't exists as a side track? I still don't know for
> sure yet...
>
> But, I think the best way might be to provide the informations in a cons
> ice matter WITH reference (URL) to more details and ALWAYS warn the
> users NOT to do simply cut and paste as this hurt them for sure, but to
> seek the understanding of what is suggested in the documents. Not the
> stage of things now of almost all side documents at this time and may
> well be never either.
>
> But who never start walking will never be running either!
>
> So, it's like, providing knobs to a monkey and he will turn them, that's
> why OpenBSD doesn't have knobs like many other OS, or very few knobs
> anyway! Generic default is best, so how to provide more informations and
> make it easier for users that are not use to do their research and help
> them use a better system and at the same time try to trigger them to
> learn it without aliening them! I wish I knew the solution for that!
>
> But, I do believe this however, if a brain dead user switch from a less
> secure OS ( take your pick of OS here ) and comes to OpenBSD for
> security, documentations, curiosity, stability, what ever else, and stop
> using the less secure OS, what ever that might be, and in the process
> use what some would call "bullshit and stupid brain dead HOWTOs for
> monkeys", and never learn more about it, and in the process, may even
> hurt it's own setup and making it less secure in the process by using
> the brain dead HOWTOs, wouldn't the system in the end still be more
> secure then the same setup in any other OS? Don't forget the common
> factor here. Brain dead setup to start with, so very likely to be miss
> configure in the first place and joint many other less secure system on
> the Internet and continue to pollute it.
>
> I guess that's really the questions isn't it?
>
> Sadly there will always be brain dead users that cut and paste without
> thinking, or knowing, or even wanted to know or learn, what ever you
> want to describe it, in the end the resulting system in use by the same
> brain dead users is still more secure then an other system setup in the
> same matter by the same brain dead users, so the facts remain that in a
> small matter, the Internet at large become a bit safer for all of us!
>
> Isn't it

Re: Updated CCD Mirroring HOWTO

[Tony]

Robbert Haarman wrote:

[snip]

> As it stands, OpenBSD is the only operating system I am aware of that
> has had the full base system completely audited and has buffer overrun
> and other protections enabled for all software on it. This, by itself,
> makes it more secure than other systems, regardless of what users do
> with it. Even in the worst case, where users actively degrade the
> security of the system, I would imagine OpenBSD's security would at
> least not be _worse_ than that of another system.

Somehow I don't think that really fits OpenBSD's objectives.
The full base system has been audited.
The full base system plus something stuck on has NOT been audited.
Security is one of those thingees where it's not what you did right
that matters. It's any and everything you did wrong that matters.

I am not an OpenBSD fanboy. I am typing this on an XP laptop at home via 
some vintage of VNC redirected via rinetd to a very old laptop running 
98 sitting on my desk at work. Secure? Hardly.
I lurk on this list because it is entirely possible that i find myself
in a situation where security actually matters. In that case, knowing
what and why and digging through everything will be essential.
If security matters, just running on OpenBSD will hardly be enough.
Security requires getting all the edges right. And so they stay right.

RE: sent some www diffs, your one and last chance to flame me

[tony]

[EMAIL PROTECTED] wrote:
[snip]
>all or nothing.
>make the pages match the quality of the code and
>the cd's.
>even if you don't care, other people do.

I PAID for my CDs. I am happy with artwork, particularly the
smirk on that puffer fish.
I did not pay for the website. If I can stumble into the FAQ
and packages and figure out where -current lives, I am
more than satisfied.
The mirrors probably have more than enough to keep up with.
Adding anything just to be cutesy seems counterproductive.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>hmm, on Mon, Nov 28, 2005 at 05:32:54PM +0100, Otto
>Moerbeek said that
>> It's even a FAQ:
>http://www.openbsd.org/faq/faq8.html#wwwnotstd
>
>doesn't mean it's right, does it?
>
Certainlly doesn't mean it's wrong.
Almost certainly means it's OpenBSD

What system were you talking about?

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>hmm, on Mon, Nov 28, 2005 at 05:32:54PM +0100, Otto
>Moerbeek said that
>> It's even a FAQ:
>http://www.openbsd.org/faq/faq8.html#wwwnotstd
>
>at least remove
>"We welcome new contributors,"
>because that is clearly not true.
>
They welcome contributers.
You are not a contributor.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

misc@openbsd.org wrote:
>
>hmm, on Mon, Nov 28, 2005 at 12:35:57PM -0501, Nick
>Holland said that
>> NAME ONE.
>> Name one person.
>> Name one browser.
>> Name one problem.
>> OR SHUT UP.
>
>so small problems or "quirks" are not problems
>anymore?
>honestly Nick, go compare the code to the pages and
>you
>should blush.
>

Well, that's one.
But I don't find THAT on the web site.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>On 11/28/05, Nick Holland
><[EMAIL PROTECTED]> wrote:
>
>> NAME ONE.
>> Name one person.
>> Name one browser.
>> Name one problem.
>> OR SHUT UP.
>
>I believe I've mentioned several problems in this
>thread which occur
>with several browsers. 
Said problems are not worth the effort of repeating here.

>I suppose that I had hoped
>that the OpenBSD
>team would greet new ideas with respect when
>respectfully discussed. 
I would hope they would greet nay good iedas I had, if I had
any, regarless of my respect or lack thereof.

>I didn't expect anyone to automatically agree with
>me, but I was hoping
>for a civil conversation, not from list members at
>large, but at least
>from the OpenBSD team. I guess that was too much to
>hope for. This
>conversation, at least on my end, is over.
One down.

>
>No wonder people hate OpenBSD nerds. 
Why would you think that?
I assure you I am NOT an OpenBSD nerd.

>Really. What
>were you expecting
>me to say? "Your status as an OpenBSD team leader
>and your ALL CAPS
>have convinced me?
>
>I expected that kind of behavior from random list
>members, but if this
>is the kind of nonsensical, childing thinking and
>behavior that goes
>on in the OpenBSD team, I don't know what to think
>about the quality
>of the product right now.
>
You don't know what to think. Probably don't know how.

>- Jeremy

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:
>
>On Mon, Nov 28, 2005 at 10:53:45AM -0800, the unit
>calling itself J.C. Roberts wrote:
I would assume that J.C. Roberts is a human, not a "unit",
whatever that is supposed to imply.

>> On Mon, 28 Nov 2005 11:27:56 -0600, J Moore
><[EMAIL PROTECTED]> wrote:
>> 
>> >I did think - I actually thought pretty
>carefully about what I said. I 
>> >tried to avoid actually *calling* Nick the
>OpenBSD bitch; instead I 
>> >asked him if he was. Yeah - it's kind of a fine
>line...
>> >
>> 
>> Have you given up molesting children?
>
>Ummm - I'm sorry, but you score no points with that
>boinked analogy here 
Are you now the official representative of stupid and 
useless tolls? Better analogy?

>because you've changed context. If you care to read
>the opening salvo 
>again, you should see clearly that Nick threw the
>first punch... he 
>simply couldn't let the other thread go; he simply
>couldn't let the OP 
>try to organize something; he had to jump in and
>start trashing the 
>whole idea. 
>
>You may have lost the whole point of this by now.
>
>Jay
There never was a point.
Nick just called it earlier that most everybody else.

RE: Re: openbsd web site design proposals (from HOTO write bad docs)

[tony]

[EMAIL PROTECTED] wrote:

>I'm using a mozilla 1.7 browser, with CSS on,
>JavaScript off.
And it doesn't run javascript.
Outside my area of expertise, but that seems normal somehow.


>The menus on the referenced cerealport.com web-site
>don't expand at
http://cerealport.com does not answer
http://www.cerealport.com does answer, but how is it supposed
to be related to OpenBSD.
Looks like another attempt to look good and succeeds only
in being disfunctional.

>End of discussion.

Promises, promises.

Re: openbsd web site design proposals (from HOTO write bad docs)

[Tony]

Jacob Meuser wrote:
> 
> this is how the world works: ignore the whiners, they offer nothing
> useful.  

Some irresistable "straight lines"?

RE: Re: Updated CCD Mirroring HOWTO

[tony]

[EMAIL PROTECTED] wrote:
>
>Robbert Haarman writes:
>> Greg,
>> 
>> Again, you raise some interesting issues. I
>wonder how likely the 
>> catastrophic failures you describe are, versus
>how likely it is that 
>> things fail in a way where ccd actually helps
>you. I was hoping someone 
>> else would comment on that, but that doesn't seem
>to have happened so 
>> far.
>
>When you do a "shutdown -r", has the system ever
>hung on you?  Has 
>your system ever crashed/paniced/suffered a power
>outage?
>
>How does ccd guarantee that the mirrors are in
>sync?  If it can't do 
>that, then it's worse than using just a single
>disk, because a fsck 
>is only going to look at one half of the mirror,
>and inconsistent 
>data on the other half is not going to be touched.
>

Thankee. Now it makes sense.
It is rather WORSE than you paint.
Once there is ANY discrepancy between the disks,
Murphy's Law is operable and Mother Nature will deal
you its choice of which sector, when.
The disk you update is not the disk fsck'd.

The system seeming to run properly is no assurance that
it can continue to do so. Disk cache and all that.

Looks like the only safe way to come up after a power fail
is to break the mirror, fsck, and re-mirror.

Hardware might know which if any disk had not been updated.

RE: Re: Updated CCD Mirroring HOWTO

[tony]

[EMAIL PROTECTED] Wed, 30 Nov 2005 03:19:49
>
>I know of several people who ran software mirroring
>on Windows and they had
>major problems with it along the lines that Greg
>described. I also know some
>people that never had problems in a similar setup
>with OpenBSD. Prodded a
>little more, they never had it crash so I guess
>sometimes being stable can
>actually hurt you ... :-)
>
You probably mean unstable, but it actually works both ways.
My understanding is that the worst security problem is a 
false sense of security. Looks safe but isn't.

This does mean that the phenomena is not just theoretical.
Tempting to say that the Windows code is buggy and the OBSD
code is not buggy, but the results are completely consistent
with the opposite case. The old-timers here keep urging an
approach that is completely foreign to Windows. That
approach, not the immediate code quality, explains the
difference. (No offense to the OBSD developers, but watch
what happens)

Driving forces. Windows, anything which gives a slight
performance advantage (impress the coder's boss) is a good
thing, assuming it probably (probably is 50-percentile, about -1 nines) doesn't 
casue any obvious problems. OpenBSD 
has a different set of priorities. Maybe not so fast, but 
with any second-order complexities OpenBSD just might 
surprise you since effeciency is really more about never
being too inefficient rather than sometimes being efficient.

The OpenBSD implementation will as much as feasible try to
not overly rely on things "being as the should". However,
you listen closely to those who should know. Know what is
assumedd and what the user needs to know to be survivable.
Their instincts tend to be reliable even if they don't
know just how or cannot express just how things go bump.
I'd trust a 5-second off-the-wall reaction like that over
an exhaustive and extensive 6-month detailed study.
The Microsoft code wrecks disks, apparently consistently.
It's probably safe to assume that Microsoft has put more
(and arguably better by some standards) work into it.

There are reasons that OpenBSD succeeds where Microsoft 
fails. I assure you the situation is not as simple as OBSD
has good coders and Microsoft has bad coders. The situation
is more like OBSD is NOT committed to making the mistakes
that Microsoft is. This is essentially in the "attitude".
The regulars know it. They've seen it. I've seen much the
same kind of stuff in different contexts. No offence to the
developers, they're good, much better than I, but they're
not enough better to explain the differences. The approach
is, and they're smart enough to have a good grasp of what
they know, what they don't know, and that there is a 
difference. 
Where what how they do documentation. Without knowing 
entirely too much about everything, I'd trust their 
judgement. Everything I don't know matters. Not probably.
For "probably" I'll use Windows. OpenBSD is for stuff
that needs a positive number of nines in reliability.
Making OpenBSD friendly like Windows. I think the best
you can hope for is a very bad Windows.

Moral of the story. (Certainly not just ccd)
Listen to the old-timers on this list.
Now why would I expect anyone to listen to me when
obviously they never listen to said old-timers who
DO know what they are talking about.
End of rant.



Short story. 

Re: theo

[Tony]

Sophie Laurie wrote:
>
>
> theo,
>
>
> Coming from Canada, have you ever skated on thin ice? Well, you're doing
> it now!
I've lived in Canada. Nine months of winter and three months of bad skating
is just a myth.

> She's a wheelchair bound 65 year old woman who only wanted your help and
Same age, but haven't had to hit the wheelchair yet.

> Remember the USB ports on a Toshiba Satellite A60 - All she wanted to
> use was an external mouse
So would I, but laptops are notoriously strange and expecting strange stuff
to work flawlessly is something I've long since learned to not expect.
Unreasonable expectations are somewhat tolerated in children, not so much
in adults. Considering the goals of OpenBSD, I would not expect USB rodents,
sound cards or even video to be necessarily well supported.
If using the mouse was of prime importance, I'd use Windows and even then
I'd probably have to download drivers because Windows doesn't support it
either.

The problems are most likely due to bad hardware from Toshiba.
Toshiba has workarounds that work in (some versions of) Windows.
Very unlikely that Toshiba has workarounds that work in OpenBSD.
I don't think OpenBSD does hardware support for Toshiba.

>
> Sophia's daughter,
> Martha (Muscles) Boyd
>
> (I'm going to delete this email now so she doesn't see it in her inbox)
>
... and any replies?

Re: USB stuff (was Re: theo)

[Tony]

Otto Moerbeek wrote:
> 
> On Fri, 2 Dec 2005, Shawn K. Quinn wrote:
> 
> > On Thu, 2005-12-01 at 22:51 -0600, [EMAIL PROTECTED] wrote:
> > > Considering the goals of OpenBSD, I would not expect USB rodents,
> > > sound cards or even video to be necessarily well supported.
> > 
> > The reality is that USB gear is becoming much, much more common. USB
> > HIDs (human interface devices) should be well supported, as in many
> > cases that's all that is available (given that the USB-PS/2 adapters
> > often get lost and are manufacturer-specific).
> > 
> > > If using the mouse was of prime importance, I'd use Windows
> > 
> > Not a choice when freedom is *anywhere* on the list of concerns. I,
> > personally, am actively boycotting Microsoft at the current time
> > (including hardware and the Xb*x gaming consoles).
> > 
> > Don't get me wrong, I don't use OpenBSD for everything either (I am
> > writing this from a Debian GNU/Linux system). But asserting that USB
> > device support in OpenBSD is unrealistic, is questionable at best and
> > downright ludicrous at worst. We already have some USB-only KVM
> > switches.
> > 
> > -- 
> > Shawn K. Quinn <[EMAIL PROTECTED]>
> 
> What are you trying to say?
> 
> USB support in OpenBSD is very decent. Of course there wil always be
> machine/device combinations that have problems, but in general things
> are fine.
> 
>   -Otto

Completely agree.
The source of this mess was some strange combination of laptop USB mouse,
which is exactly the sort of place that tends to have "problems".
USB-only KVM switches most likely attached to well designed servers
as opposed to assorted screwey laptops.
However, I suspect that headless still takes precedence over GUI.

(Slow night/day/whatever when this thread dominates)

Re: OpenNTPD does not 'pull-in' wrong time

[Tony]

Uwe Dippel wrote:
> 
> Theo de Raadt wrote:
> 
> > So don't use it.
> > 
> > But please, I beg of you, stop your incessant complaining.
> > 
> > The more you whine, the less we feel the need to change anything.
> 
> Oh, my wrong. I simply thought you were with the intention to improve 
> the system. 

They are. However it is THEIR definition of "improve" not yours, not mine.

>And I was more than willing to help out here by pointing out 
> one thing or another 

I am sure that they are aware of a lot of things.
Including the fact that a lot of people have some very screwily broken
hardware. They MIGHT do stuff to make the system work with their own 
broken hardware. Why should they bother to mess with your broken hardware 
or with my broken hardware. A very cheap watch with an accuracy of .01% 
would probably be considered unacceptable as a very cheap watch.

Re: plz help + UNIX NETWORK PROGRAMMING

[Tony]

[EMAIL PROTECTED] wrote:
>
> Dear
> I installed the package autoconf but still day time client is not working
> following error occur
>
> plz help
>
> [EMAIL PROTECTED] ~]$ gcc -o byteorder byteorder.c
> byteorder.c:1:17: unp.h: No such file or directory
> byteorder.c: In function `main':
> byteorder.c:10: error: `CPU_VENDOR_OS' undeclared (first use in this
> function)
> byteorder.c:10: error: (Each undeclared identifier is reported only once
> byteorder.c:10: error: for each function it appears in.)
>
>
> i am lookinf forward from you
> misc@openbsd.org

Me, I'm just a kibitzer on the list, but there is some painfully missing
information. It appears that you have some trouble installing an unspecified
package autoconf on an unspecified system. I assume that the package and
the system are both some sort of OpenBSD (as opposed to some kind of Linux).
There is nothing to suggest whether this is a vax or macppc or sparc.
Packages, ports, systems, on OpenBSD appear to NOT be a mix-and-match.
Stuff for the wrong system can be expected to fail, consistently.
Since none has been specified, the answer is almost certainly that you are
mixing things that were never intended to be mixed.

Re: Mounting / ro

[Tony]

Andreas Bihlmaier wrote:
> 
> Hi,
> 
> I got a quick question because I fucked up and think quite a bunch of
> other people I have read about here did as well.
> 
> I read in a couple of postings that people like to mount their root
> partition as read-only, I followed that since it prevents accidents in
> combination of 'rm' with '*' and  as well as fscks of /
> 
> By accident I stumbled about the the permissions of /dev/tty* today and
> found that they get changed from
> crw-rw-rw-  1 root  wheel5,  14 Dec 30 11:39 ttyp
> to
> crw--w  1 user  tty5,  14 Dec 30 12:11 ttype
> when a user has them in use (or root).
> 
> Obviously they can't get chmod/chown if / is ro, thus ripping a huge
> local security hole into the system.
> 
> Whey I mailed here is:
> Is it good practice at all to mount / read-only?
> Is it only an issue when using X?
> Am I wrong and this is no security risk? Reasons?
> 
> Regards,
> ahb
> 
> In case this is all nonsense (I didn't think it is), sorry for the noice

Hmmm, making / ro doesn't make things mounted under / ro.
Arguably, having anything writable is maybe a security hole, 
but it's hard to do anything useful otherwise.

If / is the only thingee that is read only, 
I don't think that buys anything worthwhile.
rm -rf /  still removes everything but the first level directories.

Re: Remove all password restrictions?

[Tony]

On Tuesday, January 10, 2006 1:12 AM, Peter Bako wrote:
> To: misc@openbsd.org
> Subject: Remove all password restrictions?
>
>
> I have an internal OpenBSD 3.8 system that I use as a data dump, internal
> source for PXE installs and the like.  It is not accessible to the outside
> world, so security is not exactly critical.  In fact I would like
> to setup a
> user with a very minimal password (four characters and all lower case
> letters), but passwd is not letting me.  I've already found the
> "minpasswordlen" option in login.conf, and set it appropriately,
> but when I
> try to change this account's password to an all lower case
> password, I get a
> warning back to make the password more secure and it does not accept it.
>
> How do I change this so I can use any generic password?  While
> for this case
> I want to dumb down the rules, for other more exposed servers I would like
> to do the opposite so I really would like to know how/where to
> modify this.
>
> Thanks,
> Peter

Strange. On pretty stock OpenBSD 3.8
adduser  allowed creating user foo with password bar  -- no complaints

# passwd foo
allows changing password to baz  (after complaining a few times)

@ userdel foo
works nicely.

Re: Partition sizing

[Tony]

On Saturday, January 21, 2006 2:16 PM the  calling itself
J Moore wrote:
> On Sat, Jan 21, 2006 at 05:42:08PM +0800, the unit calling itself 
> Lars Hansson wrote:
> > On Sat, 21 Jan 2006 03:30:34 -0600
> 
> > > Get a bigger H/D... 40 GB is about the smallest you can buy 
> today; 4 GB 
> > > drives have not been made in years.
> > 
> > Why? 4Gb is more than enough for trying out OpenBSD.
> 
> Why? What's the point of learning how to do anything on marginal, 
> nearly-antique hardware? What is lost by using a reasonably sized, 
> current piece of hardware? He asked for advice & I think that's the 
> best course of action.
> 
> What a stupid question, Lars!
> 
> Jay

Lots of fsck time and an unbootable system if I understand this stuff.
Disk space outside the filesystems does not need to be checked.
Disk space you do not have does not need to be checked.
In fact if coming up fast from a power fail is the objective,
4G seems like way too much.

Re: Securia Rates OpenBSD

[Tony]

Bob Beck wrote:
> * Matthias Kilian <[EMAIL PROTECTED]> [2006-01-23 15:58]:
> > On Mon, Jan 23, 2006 at 05:08:00PM -0500, Dave Feustel wrote:
> > > Securia gives OpenBSD a pretty nice security rating at
> > > http://secunia.com/product/100/
> > 
> > Those statistics say nothing at first glance. For example, I could
> > argue that PHP 4.3.x is more secure than OpenBSD because there were
> > 
> 
> 
> > 
> > And what's really missing at secunia.com is some data about response
> > time wrt. to severity.
> 
> 
>   Well, the other thing is that their "severity" is often a bit
> misguided too, for example on the OpenBSD page they list the sendmail
> problem from 2003 as pretty severe, but it's the same as they listed
> it for every other operating system...
> 
>   Here's the catch though - I remember this one - propolice caught it
> on openbsd, so it actually WAS NOT EXPLOITABLE. 
> 
>   so, given that it wasn't exploitable on openbsd, but was
> on everything else that has it, why does it have the same "severity"
> rating? make sense to you?
> 
>   These sorts of "glob it together and rank it" sites are
> just collections of random knowledge. nothing more.
> 
>   -Bob

Just my opinion, but these "glob it together and rank it" s
seem to think that makes a substitute for actually knowing something.

I will take issue with the "collections of random knowledge".
Random collections of isolated statistics are NOT knowledge.

Anything that makes something unexploitable that would be severe
if it were exploitable, is certainly worth noting.

If that is the calibre of whatever claims to be ranking security` ...

RE: Re: webstore software: safe and configurable?

[tony]

[EMAIL PROTECTED] wrote:
[snip]
>All good points. That, however, still leaves my
>point standing that by
>evading PHP, you evade the worst crap.
>

True, but that is the same as that by evading ENGLISH as a 
lnaguage in posts, you evade the worst crap.
If these discussions were carried out in classical latin,
the level of discussion would rise considerably.

This is the same as registering automobiles in Antartica
because they have fewer accidents there.

An oversimplification, but an ill-written application has
essentially two choices. It can refuse to run because 
somebody forgot to dot an i or something, or it can try
to run anyway with whatseems reasonable under the 
circumstances. Ultimately everything is really only some
varient of choice number two. (Understand ALL of the
foundations of mathematics if you think otherwise.)

There is an enormous difference between sometimes doing
something right and never doing anything wrong.
There was something about an error every few lines in 
C compilers. You think a webstore something is better?

Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.

[tony]

[EMAIL PROTECTED] wrote:
>fox wrote:
>>According to http://openbsd.org/security.html, the
>last two releases
>>of OpenBSD have had 8 vulnerabilities (and that
>includes two that
>>apply to both releases - so really 6 for both
>releases of OpenBSD).
>
>What about http://www.securityfocus.com/bid/16375
>and 
>http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0
>PAD9lO059018 (Fixed in 
>cvs, but NO patch for 3.8 or 3.7 and NO security
>announce - 
>http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/i
>f_bridge.c.diff?r1=1.147&r2=1.148)
>
>Is there other bugs that haven't made it to the
>errate page?
Does it matter?
(When and if OpenBSD is secure (without disclaimers like
"uber-secure", the errata no longer matter from a security
standpoint. Methinks that would be the primary advantage
of being proactive rather than reactive.

What I find incredible is that that presumably number-literate
computer people could imagine that counting security flaws
is a measure of anything relevant.
People get bills that come in the mail (or whatever).
Computing you financial position by counting the number
of bill envelopes is mildly indicative but is hardly any
basis for any rational comparison. Even adding the numbers
is misleading if the currencies differ. The "dumb" user-base
is not THAT dumb.

Actually there is an objective measure of computer security.
That is the going rate for compromised computers.
Last I heard, seems it was something like five cents US
per compromised computer. After several years of "security
is a priority". Surely somebody could do better with
extremely bad security.

Re: MS Security VP Mike Nash remarks on MS vs OpenBSD security.

[Tony]

Lukasz Sztachanski wrote:
> On Fri, Jan 27, 2006 at 01:42:13AM +1100, Shane J Pearson wrote:
> >
> > ~~~
> > OpenBSD
> > by hahiss
> >
> > How is it that OpenBSD is able to be so secure by design with so few
> > resources and yet all of Microsoft's resources cannot stem the tide of
> > security problems that impact everyone, including those of us who do not
> > use Microsoft programs?
> >
> > Nash: First, I should say that OpenBSD includes a relatively small
> > subset of the functionality that is included in Windows. You could argue
> if you consider `solitaire' as `functionality', then yes ;)
> As far as i know, MS doesn't provide reliable software for network
> services, OpenBSD does.
>
> > that Microsoft should follow the same model for Windows that the OpenBSD
> > Org follows for their OS. The problem is that users really want an OS
> > that includes support for rich media content and for hardware devices,
> what? MS doesn't write drivers for all devices; if there would be a bug
> in NVidia`s Windows  driver, then NVidia would be the one, who`s blame.
> Moreover, Windows `built-in' drivers are usually bad and give low
> performance, and minimum of functionality.
>
> > etc. So while OpenBSD has done a good job of hardening their kernel,
> > they don't seem to also audit important software that are used commonly
> > by customers, such as PHP, Perl, etc. for security vulnerabilities. At
> yeah, and MS should audit and be responsible for every foo.bar available
> for windows ;)
>
> > Microsoft we're focusing on the entire software stack, from the Hardware
> > Abstraction Layer in Windows, all the way through the memory manager,
> > network stack, file systems, UI and shell, Internet Explorer, Internet
> > Information Services, compilers (C/C++, .NET), Microsoft Exchange,
> > Microsoft Office, Microsoft SQL Server and much, much more. If a
> > software company's goal is to secure customers, you have to secure the
> > entire stack. Simply hardening one component, regardless of how
> > important it is, does not solve real customer problems.
> >
> OpenBSD provides in base system substitutes for almost all that software.
> First and foremost, OpenBSD's designed for other type of users; author
> of that opinion surely isn't that type.
>
> > Second, it is not completely accurate to say that OpenBSD is more
> > secure. If you compare vulnerability counts just from the last 3 months,
> > OpenBSD had 79 for November, December and January compared to 11 for
> > Microsoft (and that includes one each for Office and Exchange - so
> > really 9 for all versions of Windows). I encourage you to look at the
> > numbers reported at the OpenBSD site to verify that this is true.
>
> People always talk about numbers, but the most importat is approach. I
> truly belive, that it's imposible to build anything secure on
> foundations of MS platform.
> Recently i've wrote simple application using random numbers; i was
> disappointed, when i've had to port it to windows and linux, and i saw
> the results.
>
>
>
>
>   - Lukasz Sztachanski
>
>
> P.S. i know, that openbsd isn't perfect, but it's the only reasonable
>  choice.
>
>
> --
> 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE  BC01 FC91 9EF7 058B 7133
> http://szati.blogspot.com
> http://szati.entropy.pl

As I explain to my users:
Microsoft has immense difficulty walking and chewing gum at the same time.
Most everything works pretty well assuming that everything else in the
universe is perfect, and you don't really try to do too much.
Microsoft is very good to throw something at it and have it come out
looking half-way presentable. Many cases that is all you want or need.
As time progresses, the newer computers are really just overgrown dumb
terminals (it takes a lot of horsepower for a browser to be fast and
snappy).
Everything important, you put somewhere outside of Microsoft's reach.

BTW, I lurk on the list because it is one of the FEW sources of sanity.

Security. If it has the slightest possibility of actually mattering:
Do not fool yourself.
Do not fool your customers.
Do not fool your suppliers.

If it actually does matter:
It's long and hard to accomplish what seems to be almost nothing.
OpenBSD has and does at least try.  (Actually very friendly, considering)
Some stuff looks like actually accomplishing something.  (*)
Most everybody else trying to find some cheap shot.
Does a little (almost) and want to claim it does it all.

What the users really want seems to be a $2000 computer that
functions as well as a $200 DVD player. Seems to be the direction.


(*) Secure:  Vulnerability in a critical service.
Running and your enemies are competent.
Read and understand the vunlerability.
And sneer, because that is not enough to do you in.
That is security. Anything less is still just trying.

And you've got grown men, presumably post kindergarten, who somehow
think that counting "vulnerabilities" actually mean something.
I think you'll find that sub-sta

Re: openbsd's future plans?

[Tony]

Quoth Marius Van Deventer - Umzimkulu
> > 
> > On Wednesday 08 February 2006 04:20, Diana Eichert wrote:
> > > On Tue, 7 Feb 2006, Miod Vallat wrote:
> > > > > i think we should rewrite the kernel in java since it 
> > has good support
> > > > > for threads.
> > > >
> > > > Remember we opted for C++ during c2k2 (or was it c2k3), 
> > but not until
> > > > ddb has proper name demangling code.
> > > >
> > > > Miod
> > >
> > > I cast a vote for re-writing the kernel in Ruby because of 
> > it's robust
> > > threads implementation.
> > 
> > You are misled, Diana.
> > 
> > The kernel should be written in SNOBOL4.
> > 
> > --STeve Andre'
> > 
> 
> Intercal!!!
> 
It is soo comforting to see that this topic is getting the close
attention it so richly deserves.

Spaghetti code  -- at least it looks like lots of threads.

Re: Sudo

[Tony]

man sudo for starters.
(actually that's quite enough even for a noob like me)
(even a very out of date linux is enough)
sheesh

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Dave Feustel
> Sent: Saturday, February 11, 2006 9:50 AM
> To: Otto Moerbeek
> Cc: misc@openbsd.org
> Subject: Re: Sudo
> 
> 
> On Saturday 11 February 2006 10:42, Otto Moerbeek wrote:
> > 
> > On Sat, 11 Feb 2006, Dave Feustel wrote:
> > 
> > > I don't know whether this is or would be considered as a bug, 
> > > or whether it is generally known, but sudo, when successfully 
> > > invoked  with a password  in one shell, becomes active in all 
> > > shells of that user for the timed duration.
> > 
> > This is pathetic. Why don't you read the docs before posting such a
> > "discovery"? 
> > 
> > -Otto
> 
> Which docs? 
> 
> -- 
> Lose, v., experience a loss, get rid of, "lose the weight"
> Loose, adj., not tight, let go, free, "loose clothing"

Re: Sudo

[Tony]

You sudo something, it asks for your password
You do it again soon after, it doesn't ask.
So somehow it remembers you.
Definitely more trouble, and probably opens some holes 
for nasties, if it also remembers which version of you.
That's without knowing enough to have an opinion.

> -Original Message-
> From: Dave Feustel [mailto:[EMAIL PROTECTED]
> Sent: Saturday, February 11, 2006 10:58 AM
> To: [EMAIL PROTECTED]
> Cc: Otto Moerbeek; misc@openbsd.org
> Subject: Re: Sudo
> 
> 
> On Saturday 11 February 2006 11:04, [EMAIL PROTECTED] wrote:
> > man sudo for starters.
> > (actually that's quite enough even for a noob like me)
> > (even a very out of date linux is enough)
> > sheesh
> 
> Actually --with-tickets is not mentioned in sudo.
> (I was sent '--with-tickets' info off-list by a helpful person.)
> I found out via a google search on 'tickets sudo' about
> the behavior I had discovered and reported. Then after Otto
> let me know how pathetic my post was,  I went back to man sudo
> but found nothing about tickets or about sudo being active in
> all shells. There may be something in the sudo man page that 
> describes this behavior, but I haven't spotted it yet. 
> My reading skills must be deteriorating.
> 
> 
> -- 
> Lose, v., experience a loss, get rid of, "lose the weight"
> Loose, adj., not tight, let go, free, "loose clothing"

Re: Sudo

[Tony]

Tobias Weingartner wrote:
> 
> On Saturday, February 11, Dave Feustel wrote:
> > 
> > I found out via a google search on 'tickets sudo' about
> > the behavior I had discovered and reported. Then after Otto
> > let me know how pathetic my post was,  I went back to man sudo
> > but found nothing about tickets or about sudo being active in
> > all shells. There may be something in the sudo man page that 
> > describes this behavior, but I haven't spotted it yet. 
> > My reading skills must be deteriorating.
> 
> >From the first paragraph under DESCRIPTION:
> 
>   Once a user has been authenticated, a timestamp is updated and the
>   user may then use sudo without a password for a short period of time
>   (5 minutes unless overridden in sudoers).
> 
> Note, it says "user", not "shell the user is using".
> 
> --Toby.

I'm outa my depth here, but seems that any implementation
of something like sudo that belongs to the shell
is an open invitation to security disasters.

Re: BSD on x86 and virus

[Tony]

J.C. Roberts wrote:
>
> On Sat, 11 Feb 2006 17:35:58 -0500, Daniel Ouellet <[EMAIL PROTECTED]>
> wrote:
>
> >J.C. Roberts wrote:
> >> As others have pointed out, you simply misunderstood the article and
> >> then posted to the list what many people would consider an inflammatory
> >> question. This is not the first time where your reading skills have
> >> failed to comprehend the meaning of an article and you posted such
> >> questions to the list. Don't feel bad about it because you're not the
> >> only one. Heck, Dave Feustel is constantly misreading security
> stuff and
> >> posting questions to the list -and he's an American. ;-)
> >
> >Outch!!!
> >
> >Been put in the same boat... (;>
> >
> >I have some problem at times to understand some stuff too, but this one
> >really hurts. Personally I would prefer be called a moron and I have
> >been called so at times too. But it was easier to receive. (;>
> >
>
> As I said, you should not feel bad about it. Absolutely *everyone* is in
> the same situation facing these communication problems. As difficult as
> it may be to imagine, even those who have English as their first
> language (langue maternelle) regularly fail to completely understand the
> English words they read.
>
> I have tremendous respect for you and Siju and everyone who tries to
> learn multiple languages so they can communicate with other people from
> other cultures. It is a very difficult task. Even when you misunderstand
> something, you should still be proud of the fact you actually tried to
> understand it. Regardless of your results, the *effort* you put into
> comprehending deserves respect.
>
> The things I pointed out to Siju are simply tools to help him get better
> results from his efforts. You can consider them leverage since they
> allow you to understand more with less effort or you can think of them
> like wearing the glasses that bring the things you read into better
> focus.
>
> kind regards,
> jcr

This is from an "outsider".
Generally I do not run OpenBSD, but I do follow this list.
There are people on this list who actually know what they are talking about.

>From many years ago, OpenBSD has been willing to take the effort and do what
is required to at least head in the direction of what is required to make
a secure system. (Long winded and hedged. Notice I didn't say it is secure.)
With that, it is safe to assume that all the easy stuff has been done and
that most if not all the merely hard stuff has been done.
If you need to be secure (actually if there is a faint chance you might
need to be secure) you probably need to be aware of OpenBSD.

The security of OpenBSD does not come from doing more of what everybody
else seems to be doing to try to claim something regarding security.
Uber secure, I'll grant that.
Secure (without any hedge) probably not, but they are working on it.
Some signs.
Keeping up with the latest patches. If you are secure, why bother?
Secure level -- doesn't make THAT much difference.

Now if I want to crack into an OpenBSD installation, seems like the best
and fastest way is if I can somehow panic the administrator into installing
my trojan while he's thinking he's patching some new-found hole.
Fake holes are actually a security threat in themselves.

Booby traps are designed to catch boobies.
There are a lot of them.
Awareness of this even works to secure Windows (kinda sorta)
I don't think you can secure anything so you do not need to be aware.
You can baby-proof rooms in a house (somewhat)
I don't think it works to baby-proof the internet.
(Babies ten to put everything in their mouths)

The latest "sky is falling" tends to be received a bit differently here.
(But there is a faint possibility that there really is something real
and this is the only sign, so responses are a bit hedged)
Proactive does not mean keeping up with the latest patches.

Probably the main thing is that OpenBSD did not get to where it is now
by doing stuff that was easy, or expedient, or "popular".
Actually it seems to be a friendly place (I haven't been run off yet)
but for people who are willing to actually work at whatever
as opposed to people who want it done for them.

Something to realize is that the OpenBSD folks have their own OS,
designed and implemented according to their own priorities.
They do not have to listen to anybody else's ideas as to what their
priorities should be. This is something you cannot buy. I don't think
anybody else has such or could afford it. They are blunt and brutally
honest. Few others can afford to be. (Guess why I lurk here)

Re: X11 Demo programs

[Tony]

Dave Feustel wrote:
[snip]
> Well, I'm lazy, so I let pf drop all unsolicited incoming  
> traffic. Works Great!
> Lets me experiment with my system in peace and safety.

Not really.
Depends on what you can be conned into soliciting.

Re: X11 Demo programs

[Tony]

Just in case?
Like just in case a moth is drawn to a flame?

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Dave Feustel
> Sent: Sunday, February 12, 2006 4:17 PM
> To: [EMAIL PROTECTED]
> Cc: Mats O Jansson; misc@openbsd.org
> Subject: Re: X11 Demo programs
> 
> 
> On Sunday 12 February 2006 16:43, [EMAIL PROTECTED] wrote:
> > Dave Feustel wrote:
> > [snip]
> > > Well, I'm lazy, so I let pf drop all unsolicited incoming  
> > > traffic. Works Great!
> > > Lets me experiment with my system in peace and safety.
> > 
> > Not really.
> > Depends on what you can be conned into soliciting.
> 
> I think I understand what you mean, but could you please
> elaborate just in case I am wrong?
> 
> Thanks.
> 
> -- 
> Lose, v., experience a loss, get rid of, "lose the weight"
> Loose, adj., not tight, let go, free, "loose clothing"

Re: X11 exploit info

[Tony]

Matthias Kilian wrote:
>
> On Mon, Feb 13, 2006 at 02:00:24PM -0500, Daniel Ouellet wrote:
> > I would expect the people writing books, specially on OpenBSD to know a
> > lots more then me, so that I can learn from them, but if what
> you say is
> > true, it make me question my idea and intention of buying the book to
> > start with! No offense to the author if they are great, I don't know,
> > but then, they should pay more attention who they work with
> don't you think?
>
> Keep cool. Quoting from the Acknowledgements:
>
>   ...
>
>   The following people all provided feedback on one or more chapters
>   of this book, or answered specific questions on frequently-misunderstood
>   aspects of OpenBSD, and as such deserve my heartfelt thanks. Some
>   of them are OpenBSD crown princes, and others are just users who
>   were trying to figure out what their computer was actually doing.
>   What I've done right is thinks to them, and what I've done wrong
>   is my own fault. They are, in alphabetical order: Shawn Carroll,
>   Chris Cappucio, Dave Feustel, Thorsten Glaser, Daniel Hartmeier,
>   Jason Houx, Volker Kindermann, Anil Madhavapeddy, U.N. Owen (aka
>   dreamwvr), Francisco Luis Roque, Srebrenko Sehic, Matt Simonsen,
>   Sam Smith, Duncan Matthew Stirling, Peter Werner, and Jason Wright.
>
>   A special thanks goes out to Theo de Raadt, for taking time out of his
>   fiendishly busy schedule to provide special insight into the innards
>   of OpenBSD, for not holding back when I goofed, and especially for
>   sticking to his standards of freedom, despite everything the world has
>   to say on that subject.
>
>   ...
>
> *Feedback* may mean anything, from simple spelling errors to better
> examples or pointing out of errors.
>
> So please don't misjudge the book just because of a single person
> involved.
>
> Ciao,
>   Kili

It would appear that he is a dabbler, and likes to talk a good game.
I haven't seen anything that indicates that he's actually _done_ anything.
Dabbled in lots and no shortage of opinions.
(Sounds a lot like me, but I'm not dumb enough to post questions about why
this old Windows 98 laptop got hacked. (Actually it doesn't. Armed Puffy
Wallpaper must be effective. It _is_ better than anything Microsoft has
done.))

Dating from 2001-01-06
"Porting cygwin to Windows CE will be a nearly impossible task,
especially if you (Dave) are having problems just locating subscribing
to the mailing list and finding the Makefile. This indicates to me that
you probably are not fully aware of the amount of effort required."

Re: Hackathon 2005

[Tony]

There is a word "uninformed".
I do not think that Theo intended to use that word.
"Disinformed" and "Misinformed" are closer but do not convey the intent.
Words enter the language because they are used in a context which makes 
their meaning rather obvious and other words fail to express correctly.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, April 30, 2005 9:45 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Hackathon 2005 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theo,

Perhaps your a bit "ininformed" yourself.. unless there is some
weird canadian/US translation going on here, I am pretty sure that
the word you were looking for was infact, "uninformed". :)

On Sat, 30 Apr 2005 19:03:01 -0700 Theo de Raadt
<[EMAIL PROTECTED]> wrote:
>> I don't have any point to make on the value of these
>> projects, however "does this scale?"
>
>How does it scale that we have to listen to your ininformed
>gibberish day in day out?
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkJ0QpMACgkQSNwPY+UhpH8VCQCgtEFtFT8CsixwkyM+TVyMjjwAB2MA
oK4YgmqtA19bSPgqn9bjYSsZeauM
=EYkF
-END PGP SIGNATURE-




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

Re: Bandwidth loss

[Tony]

Further, since the switch is manageable, it has some ability to report port
status.
Odds-on that there is a disagreement on FULL/HALF-DUPLEX between the switch
and the network card.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Stuart Henderson
Sent: Friday, May 13, 2005 5:01 AM
To: N. Raghavendra; OpenBSD Miscellaneous
Subject: Re: Bandwidth loss


--On 13 May 2005 15:01 +0530, N. Raghavendra wrote:

> We are running an OpenBSD 3.4 host, which is connected to a 1 Mbps,
> (=128 KBps) link to the Internet through a manageable switch.

There are two problems with this report:

1. The OpenBSD version is nearly two years old. Update to recent
software, and see if the problem still exists. Nobody wants to spend
time diagnosing a fault which may have been fixed long ago...

2. You provide no information about the hardware. If the problem still
exists after upgrading, send a complete dmesg, output of 'ifconfig -a',
output of 'netstat -in' after the box has carried some traffic, and
information about what media type the switch is using for the port
(full/half-duplex etc).

Re: fdisk and disklabel C/H/S

[Tony]

Can you put the files on two different disk drives?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Mikhail Malamud
Sent: Saturday, May 14, 2005 9:39 PM
To: misc@openbsd.org
Subject: Re: fdisk and disklabel C/H/S


--- Steve Shockley <[EMAIL PROTECTED]>
wrote:
> Reported CHS has been different than actual CHS
> since PC hard drives 
> started exceeding 1024 cylinders.  Today, using the
> physical geometry 
> would be difficult because the number of sectors per
> track would vary.
> 
> Also, you wouldn't want to put a partition on a
> single platter, since 
> all the heads (on almost all drives) are linked
> together and you'd spend 
> a lot of time seeking.  With variable sectors per
> track, the outside 
> edge of the disk is faster (sometimes double!) so
> you want to use that 
> first.

This blows because I am porting a legacy application
from an MVS system. This application accesses two
sequential datasets - flat files that are over 10GBs.
Since both files have to be accessed at the same time,
I was hoping to put them on different platters to
avoid disk contention - two processes attempting to
read from the same or near cyclinder groups but since
like you say all heads are linked together, this wont
do much good. 

Re: beginner, intermediate, and advanced scripting

[Tony]

To add to your excellent analogy with hammers,
Do you drive across town to get that one best hammer to drive one nail?

OT. I use PHP, I like PHP.
Perl Monks: PHP - it's "training wheels without the bike" -- Randal L.
Schwartz
Pretty accurate. (But imagine PHP if perl didn't exist;)

Way OT. I lurk on this list because it tends to tell me things I need to
know
as opposed to things I want to know.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
J.C. Roberts
Sent: Sunday, May 15, 2005 4:10 AM
To: Eugene Hercun
Cc: misc@openbsd.org
Subject: Re: beginner, intermediate, and advanced scripting


On Sat, 14 May 2005 23:39:11 -0700, Eugene Hercun
<[EMAIL PROTECTED]> wrote:

>Thank you for your responses. Sorry I could not reply sooner since I
>went to work before I posted this e-mail. Anyway, I might have missed
>it, but did anyone recommend a book regarding scripting for BSD with
>perl?
>I think were getting a little bit off topic in the last few posts... =)
>
>Eugene

Well, what else would you expect considering your post itself is
actually off topic for this list... ;-)

I own over fifty different types of hammers and each has a particular
use for which is was designed. Though most of them could drive a nail
into a piece of wood, some are better suited for that particular task
than others. In the end, what makes a "good" hammer comes down to the
task you will preform, the time you'll invest in completing it and the
time invested by others who must maintain your work.

When you're just starting out, it may seem like a waste of ether to
watch two knowledgable guys like Jason and Adam debate fine points,
but knowing those fine points will serve you well in making your own
decisions. There are a lot of ways to drive a nail and what works best
for *you* will take some experimentation on your part.

As for learning perl, RTFM. Once you get through the basic
documentation provided with perl, start reading other peoples code and
the free tutorials available on the web, then finally move onto
reading the books. The O'Reilly "Perl Bookshelf" is a good place to
start and a good value for the money if you insist on buying books.
http://www.oreilly.com/catalog/perlcdbs4/

Also, finding the right resources, mailing lists, web boards and the
like will definitely help a lot more than the OpenBSD lists. A good
place to find such things for perl is at the "monastery"
http://www.perlmonks.com

As for getting started:
http://www.perlmonks.com/?node=Tutorials#perlstart

Since you want to know why some people claim perl is a "good"
scripting language, there is only one single viable reason for the
claim; the reason is because you can write scripts with it. Obviously,
the same is true about many other languages. The term "good" is
subjective and always an invitation for debate.

As for general advice on learning perl, I can think of two things:

(1) Though it didn't exist when I learned perl, IMHO, the best advice
for a novice is to always put "use strict" in your scripts. The
flexibility of perl gives you enough rope to build a bridge across a
chasm or to quickly hang yourself and every one you know. Putting "use
strict" in your code will not prevent the latter but it can help you
avoid some of the less than obvious programming mistakes.

(2) Use the "long form" syntax in your code until you get really
familiar with the language. Like all languages that offer a "short
form" syntax, perl code written for brevity just looks like line noise
to the unindoctrinated. Knowing both/all long and short forms is
important but which works best for *you* is your own decision.

JCR

Re: beginner, intermediate, and advanced scripting

[Tony]

>there are times when it's actually worth the effort to ...
Oh yes. Now, do you determine whether the trip is worthwhile
by examining hammers or by examining the nails?
(Language zealots all seem to have the problem
of looking only at the hammers;)

>A Britt, a Scotsman, an Aussie, a Texan, a New Yorker and a Californian
>were sitting in a bar...
>-None of them could understand what the others were saying.
Better scope than "America and England are divided by a common language".
Since programming is an entropy reducing exercise, the style is used
to obtain leverage on certain aspects of the problem (claimed advantages)
at the expense of ignored and unknown aspects (unclaimed disadvantages).

>And perl is a dialect of LISP, isn't it?
Methinks this is too much like the "high-level" and "low-level" bit about
languages.
The level is in the use of the language, not the language itself.
I would guess that perl evolves to "do" LISP as opposed to "be" LISP.

LISP suffers because it has exactly the right number of parentheses,
too many, and none of them optional.
LISP has an advatage in that it is possible to say exactly what it intended,
without a lot of extraneous baggage going along for the ride.
For any particular context, it is relatively easy to do something better
than LISP.
If the context is unknown (or worse if what is "known" is wrong)
then LISP has the advantage. Aproximately.
Hammer strikes nail. Hammer shatters. Nail just sits there.
Nail is driven in eventually. Nail is driven in quickly and efficiently.
How good does the hammer have to be so that the nail doesn't win?
What I like about PHP is that it is possible to use it effectively,
without taking the time required to learn PHP. The functions are irregular
because PHP prefers not to get in the middle of the mess.
This has of course the disadvantage that it will NOT stretch very far.
(Which applies to any language, even LISP;)


Composition of functions is associative.
Gaining leverage on that fact tends to be rather lispy.
I suspect that perl will employ a different tact (than LISP).
Functional code, even straight-forward top-down brute force,
is not as ineffecient as one might imagine.
Any leverage will dominate the so-called language efficiencies.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
J.C. Roberts
Sent: Sunday, May 15, 2005 8:21 AM
To: [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: beginner, intermediate, and advanced scripting


On Sun, 15 May 2005 05:32:07 -0500, <[EMAIL PROTECTED]> wrote:

>To add to your excellent analogy with hammers,
>Do you drive across town to get that one best hammer to drive one nail?
>

Oddly enough there are times when it's actually worth the effort to go
across town to pick up a hammer better suited for the particular job
of driving a single nail but equally, as you've implied, there are
other times when you're better off just using the hammer you happen to
have with you. If that single nail has any chance of being something
that must be maintained by someone else or has any chance of growing
into something larger, you really don't want some wise ass like me
coding the darn thing in a language like "whitespace" or "brainf*ck"
for the fun of it. Of course, the real problem is at the start you
just never know what the initial code might eventually become...

>OT. I use PHP, I like PHP.
>Perl Monks: PHP - it's "training wheels without the bike" -- Randal L.
>Schwartz
>Pretty accurate. (But imagine PHP if perl didn't exist;)
>

"Keep away from people who try to belittle your ambitions. Small
people always do that, but the really great make you feel that you,
too, can become great."  - Mark Twain

Hmmm... since I already shaved my head tonight, it's a little late for
Occams' Razor, none the less, just follow the money. Randy Schwartz is
in the *BUSINESS* of promoting perl, so such statements are to his
financial advantage. Language zealots more often than not have
financial incentives for promoting their views. Some sell books,
others sell their services and still others want their existing skills
to seem valuable to potential employers.

Everybody's got to eat, so you can't call the biased (self) promotion
entirely bad and realistically, it's unavoidable. I can not even
mention OpenBSD without in some strange way promoting the value of my
own (limited) ability to use it. As long as you recognize the agenda
being pushed, you can draw your own unbiased conclusions.

Sure, perl has it's place in the world but so does PHP, PDP-11
assembly and the countless other languages out there. Just because I
happen to own the 40 pound maul of a PDP-11 Assembly Language Manual
does not mean the poor bastard that will be asked to maintain my code
is going have the same hammers that I have.

The choice of language is only part of the answer, since then you must
answer the questions of syntax and style; the syntax and style I
prefer to use in *my* C code may make it easier for *me* to 

OpenBSD's brilliant design

[Tony]

Hello!

I'm about to write an article on OpenBSD's brilliant design, mainly to make
things clearer to myself as well as my coworkers - all of whom have been
using FreeBSD for the past 15 years. All of whom have recently converted to
OpenBSD due to the need for something simpler to base our million-dollar
webapps on.

Here are the outlines. I'd appreciate some feedback. I hope it doesn't
offend anybody:

-

OpenBSD's brilliant design

  Breath of fresh air in a world otherwise filled with clutter

  What happens when the right people take charge

  Perfection is achieved, not when there's nothing left to add, but when
there's nothing left to take away

  Sexy blue dmesg

  Clear and appealing project goals

  Its website

Well thought out and timeless (ask anyone: wolffolins.com,
wearebuild.com, orangeriet.no, grandpeople.org)

  As other websites strive to attain the latest trends (read: fads)

Remained the same for over a decade - shows that OpenBSD is willing to
stand for what it believes in

  FreeBSD

ASCII nightmare (boot loader, sysinstall)

Satanic logo

What happens when a project accepts ideas from people with no sense of
correctness or good design

Its website


http://lists.freebsd.org/pipermail/freebsd-questions/2012-April/240174.html

-

Thanks!

Tony