Re: OpenBSD version / build question

On Tue, Dec 04, 2007 at 05:41:28PM -0800, new_guy wrote: > > 375, 410, 468: > > Are these build numbers? > > Yes. > > So, the current stable kernel is 0? > > OpenBSD amdthunder.home.local 4.2 GENERIC#0 i386 > OpenBSD black.cirt.vt.edu 4.2 GENERIC#0 i386 When you build a kernel, a new vers.c fil

Re: Compliments and Knob Question

On 5/12/2007, at 7:09 PM, Richard Toohey wrote: On 5/12/2007, at 4:24 PM, L wrote: Question about buttons and knobs.. What exactly is a knob? [cut] it simpler. For example the CP command is just a knob for copy.. My understanding of knob is an option or a switch. I guess the meaning is

Re: Compliments and Knob Question

On 5/12/2007, at 4:24 PM, L wrote: Question about buttons and knobs.. What exactly is a knob? [cut] it simpler. For example the CP command is just a knob for copy.. My understanding of knob is an option or a switch. I guess the meaning is like a music console - all those knobs you can tu

Re: Code signing in OpenBSD

On Dec 5, 2007 11:16 AM, new_guy <[EMAIL PROTECTED]> wrote: > I've searched OpenBSD.org and google for source code signing practices in > OpenBSD, nothing obvious stands out. I've probably overlooked it. Just > curious about this... is the process described someplace? No. OpenBSD doesn't sign code

Re: Compliments and Knob Question

That thing on the door is a handle. A knob would let you adjust how far the door opens, how much it resists being opened, whether or not it shuts itself (and how quickly) and how far you have to turn the handle to get it to start opening. Clearly most doors work just fine without knobs. Tec

Re: Compliments and Knob Question

>Question about buttons and knobs.. >What exactly is a knob? At least here is Australia, knob is slang for: 1. Penis 2. an idiot or a person who does stupid things. "That guy is a knob"

Re: Compliments and Knob Question

On 4-Dec-07, at 10:24 PM, L wrote: Hello, I just plugged in some USB devices into my old 133Mhz laptop with OpenBSD on it and they magically work. These devices would not work and/or had problems on Winblows with the laptop.. yet on the desktop they USB devices worked fine. So as I say..

A question about pecl install fileinfo

While trying to install fileinfo # pecl install fileinfo I get the following error. downloading Fileinfo-1.0.4.tgz ... Starting to download Fileinfo-1.0.4.tgz (5,835 bytes) .done: 5,835 bytes 3 source files, building running: phpize Configuring for: PHP Api Version: 20041225 Zend Mod

Re: netstat freezes

I noticed way back with 3.8 that netstat would sometimes hang on me for a very long time (over two minutes) before spitting out the Active Internet Connections list; once it shows that though, it shows the rest of the lists in an instant. I thought it was just a fluke so I ignored it. But now I've

Re: ftp-proxy feature request

On Dec 4, 2007 9:34 PM, Camiel Dobbelaar <[EMAIL PROTECTED]> wrote: > > I think I helped create part of that route-to diff, but I don't think it > belongs in base ftp-proxy. A userland daemon should not control routing > like that. > > Maybe the new 'tag' option can be used for this? (or else the

Importante en navidad

Hola muy buenos dias, le escribo nuevamente para comentarle que se han liberado algunos espacios en Cancun para esta navidad puede ver mas detalles en http://www.yuppieviajes.com/cancun tambien puede marcarme al 01 800 123 3153 o al 01 800 555 0505 o si prefiere que le marque puede indicarme a

Compliments and Knob Question

Hello, I just plugged in some USB devices into my old 133Mhz laptop with OpenBSD on it and they magically work. These devices would not work and/or had problems on Winblows with the laptop.. yet on the desktop they USB devices worked fine. So as I say.. compliments, and thanks. Question abou

Code signing in OpenBSD

I've searched OpenBSD.org and google for source code signing practices in OpenBSD, nothing obvious stands out. I've probably overlooked it. Just curious about this... is the process described someplace? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#

Re: OpenBSD version / build question

On Dec 4, 2007 5:41 PM, new_guy <[EMAIL PROTECTED]> wrote: > > 375, 410, 468: > > Are these build numbers? > > Yes. > > So, the current stable kernel is 0? Just on your system. The -release kernel as compiled by [EMAIL PROTECTED] is his build #375. Once you start compiling your own kernels you m

Re: Access to a remote Oracle database

* Joaquin Herrero <[EMAIL PROTECTED]> [071204 17:27]: > Hi, > > I'm using "freetds" from my OpenBSD machine to connect to a MS SQL Server > and works like a charm. Now I need to access to a Oracle server but it > seems that the TDS protocol is not supported by Oracle databases, they use > their o

Re: OpenBSD version / build question

> 375, 410, 468: > Are these build numbers? Yes. So, the current stable kernel is 0? OpenBSD amdthunder.home.local 4.2 GENERIC#0 i386 OpenBSD black.cirt.vt.edu 4.2 GENERIC#0 i386 -- View this message in context: http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14163491 Se

Re: pfctl - show port numbers

On 06:12:09 Dec 05, Girish Venkatachalam wrote: > > If there is enough coffee for me in the list, I would do it. ;) > This diff should satisfy everyone. -Girish Index: pfctl_parser.c === RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c

Re: netstat freezes

On Tue, 4 Dec 2007 16:59:51 -0500 "Nick Guenther" <[EMAIL PROTECTED]> wrote: > On 12/4/07, Claudio Jeker <[EMAIL PROTECTED]> wrote: > > On Tue, Dec 04, 2007 at 03:05:31PM -0500, Nick Guenther wrote: > > > Hi misc, > > > > > > I noticed way back with 3.8 that netstat would sometimes hang on me > >

Re: License Violation - ksh

Pedro de Oliveira wrote: > > Hello, > Someone on IRC just posted this link http://www.delilinux.de/oksh/ , seems > like someone ported OpenBSD ksh to Linux and licensed it under GPLv3. > Isn't > this a license violation? > > The ksh in OpenBSD is the pdksh (Public Domain). Slap a license on it if

Re: pfctl - show port numbers

On 13:22:23 Dec 05, [EMAIL PROTECTED] wrote: > A longer winded version (same idea - Perl ... and no prizes for my code) > > use warnings; > use strict; > > # Get the rules > my $pfctl_rules=`pfctl -s rules`; > > # Get the known services > open(SERVICES," my (@services)=; > > # Pull out the TCP

Re: pfctl - show port numbers

On 23:44:31 Dec 04, Stuart Henderson wrote: > *seriously* unsupported: > > $ perl -pi -e s,etc/services,etc/sXrvices, < /sbin/pfctl > > ~/bin/pfctl-no-service-names > > your foot is > > : > > : > > : > > V > > this way Wow ;) I never imagined one cud get so devious with programming. Ha h

Re: pfctl - show port numbers

Quoting Stuart Henderson <[EMAIL PROTECTED]>: > *seriously* unsupported: > > $ perl -pi -e s,etc/services,etc/sXrvices, < /sbin/pfctl > > ~/bin/pfctl-no-service-names > > your foot is > > : > > : > > : > > V > > this way > A longer winded version (same idea - Perl ... and no prizes for

Re: pfctl - show port numbers

*seriously* unsupported: $ perl -pi -e s,etc/services,etc/sXrvices, < /sbin/pfctl > ~/bin/pfctl-no-service-names your foot is : : : V this way

Re: pfctl - show port numbers

On 11:06:09 Dec 04, Bob Beck wrote: > Personally, I think if I were starting from square one, I'd > do port numbers, not service names, but that's not the way it's > been for many years and even though my preference would be numbers > my loathing for yet another option far outweighs this pref

Re: Access to a remote Oracle database

On 12/4/07, Joaquin Herrero <[EMAIL PROTECTED]> wrote: > Hi, > > I'm using "freetds" from my OpenBSD machine to connect to a MS SQL Server > and works like a charm. Now I need to access to a Oracle server but it > seems that the TDS protocol is not supported by Oracle databases, they use > their o

Re: pfctl - show port numbers

On 18:08:13 Dec 04, frantisek holop wrote: > > shouting? are you serious? > I am rarely if ever serious. ;) -Girish

Re: /var/log/messages permissions in 4.2

> What would be the rationale for 640? ;) Well according to cvs log: "it can be easily changed if you like it another way. millert," So I guess one rationale might be as simple as "because" ;) -B

Re: netstat freezes

On 12/4/07, Claudio Jeker <[EMAIL PROTECTED]> wrote: > On Tue, Dec 04, 2007 at 03:05:31PM -0500, Nick Guenther wrote: > > Hi misc, > > > > I noticed way back with 3.8 that netstat would sometimes hang on me > > for a very long time (over two minutes) before spitting out the Active > > Internet Conn

Access to a remote Oracle database

Hi, I'm using "freetds" from my OpenBSD machine to connect to a MS SQL Server and works like a charm. Now I need to access to a Oracle server but it seems that the TDS protocol is not supported by Oracle databases, they use their own protocol named TNS and there is no "freetns" available. I inve

Re: netstat freezes

try using the -n switch, if that works, something is not resolving properly.

Re: PKI & VPN

On 2007/12/04 21:48, Jean-Girard Pailloncy wrote: > > The key are manage by isakmp, and I would like to use a PKI to manage the > keys. Then to migrate the keys to the VPN servers (file or LDAP ?). I think you're missing part of the puzzle. For the client OS you're talking about, I think you're

Re: VPN Concentrator

On 2007/12/04 21:17, Khalid Schofield wrote: > So how can i get an encrypted vpn service with username and password auth > instead of certificates? We kind of skimmed over those bits. is authpf any good for you?

Re: netstat freezes

On Tue, Dec 04, 2007 at 03:05:31PM -0500, Nick Guenther wrote: > Hi misc, > > I noticed way back with 3.8 that netstat would sometimes hang on me > for a very long time (over two minutes) before spitting out the Active > Internet Connections list; once it shows that though, it shows the > rest of

Re: VPN Concentrator

So how can i get an encrypted vpn service with username and password auth instead of certificates? We kind of skimmed over those bits. On 1 Dec 2007, at 06:44, Scott Learmonth wrote: On 30-Nov-07, at 9:57 PM, Jason Dixon wrote: On Dec 1, 2007, at 12:37 AM, visc wrote: On 30-Nov-07, at 2

Re: VPN Concentrator

On 1 Dec 2007, at 05:37, visc wrote: On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bri

PKI & VPN

Hi, I am planning (I do not know when) to use a PKI to manage the key of a VPN router. I follow a little the last discussion: IpSec may be use without (too much) trouble on recent Windows and MacOS client (in addition of OpenBSD client). No (strong) need for pptp or L2TP. The key are manage by i

netstat freezes

Hi misc, I noticed way back with 3.8 that netstat would sometimes hang on me for a very long time (over two minutes) before spitting out the Active Internet Connections list; once it shows that though, it shows the rest of the lists in an instant. I thought it was just a fluke so I ignored it. But

Re: /var/log/messages permissions in 4.2

On 04/12/2007, Constantine A. Murenin <[EMAIL PROTECTED]> wrote: > On 04/12/2007, Lars Noodin <[EMAIL PROTECTED]> wrote: > > I'm noticing that the messages log seems to be world readable in 4.2 > > e.g. > > -rw-r--r-- 1 root wheel 1801 Dec 4 17:51 messages > > > > What's up wit

Re: /var/log/messages permissions in 4.2

On 04/12/2007, Lars Noodin <[EMAIL PROTECTED]> wrote: > I'm noticing that the messages log seems to be world readable in 4.2 > e.g. > -rw-r--r-- 1 root wheel 1801 Dec 4 17:51 messages > > What's up with that? Shouldn't it be set to 640? If not what is the > rationale for 644

pf: antispoofing and LANs

Hello, From reading the documentation, I couldn't quite tell where the antispoofing rule should fall in a pf ruleset. Is this syntax correct? I thought I'd be able to access another LAN machine freely via ssh (I've already tested that ssh does work without a firewall), but I cannot.

Re: pfctl - show port numbers

> while that is entirely true, I really don't see much of a point here. > actually, if I were to implement these parts now I'd make it print port > numbers only and not names - we don't print hostnames either. > but - it has been that way for more than 6 years. I don't see a good > reason to chan

Re: pfctl - show port numbers

* frantisek holop <[EMAIL PROTECTED]> [2007-12-04 18:15]: > > If it is a no , it is a no. I later realized that nobody can satisfy > > everyone's needs and it is impossible to ever get total buy in in > > anything. We have to respect the developer's decisions. > > Henning has not used the word "no

Re: RTL8185 wireless support?

On Sat, Dec 01, 2007 at 08:41:48AM -0500, Frank Bax wrote: > Jonathan Gray wrote: >> On Fri, Nov 30, 2007 at 11:42:53PM -0500, Frank Bax wrote: >>> TP-LINK 802.11g/b pci cards (model TL-WN353G) are on sale; so I got one. >>> Chipset is marked RTL8185L. >>> >>> I found a reference to RTL8185 in CVS,

Re: pfctl - show port numbers

hmm, on Tue, Dec 04, 2007 at 09:47:17PM +0530, Girish Venkatachalam said that > On 14:45:41 Dec 04, frantisek holop wrote: > > > +1 > > > > one man's worthless feature is other man's best friend. > > please put it in... > > No use shouting yourself hoarse over this. shouting? are you serious?

Re: pfctl - show port numbers

On 14:45:41 Dec 04, frantisek holop wrote: > +1 > > one man's worthless feature is other man's best friend. > please put it in... No use shouting yourself hoarse over this. If it is a no , it is a no. I later realized that nobody can satisfy everyone's needs and it is impossible to ever get to

Re: ftp-proxy feature request

Bryan S. Leaman wrote: > I have a multiple ISP router/firewall running 4.2. To make FTP work > properly over both gateways, I found and applied the following patch to > ftp-proxy **see link below** and it's working great (apparently pftpx is > very similar to ftp-proxy). Without this fix, my seco

Re: seems like packet is lost between pf and interface

Imre Oolberg wrote: Hallo! I am observing seemingly perplexing problem on OpenBSD 4.1 firewall. Some dns queries work from behind firewall towards internet and others doesnt. For example doesnt work query which has a big response of TXT data. If someone could explain to me where to look to o

/var/log/messages permissions in 4.2

I'm noticing that the messages log seems to be world readable in 4.2 e.g. -rw-r--r-- 1 root wheel 1801 Dec 4 17:51 messages What's up with that? Shouldn't it be set to 640? If not what is the rationale for 644? -Lars

Re: Bernstein puts qmail in public domain

On Tue, Dec 04, 2007 at 10:16:27AM -0500, Douglas A. Tutty wrote: > Could you be slightly more specific? perhaps checking vulnerabilities reported compared to other products. see also how frequent the fixes are, since some bug fixes can also improve security (some bugs can be used as security hol

Re: Bernstein puts qmail in public domain

On Tue, Dec 04, 2007 at 10:04:54AM +0100, Henning Brauer wrote: > * Tom Bombadil <[EMAIL PROTECTED]> [2007-12-04 03:00]: > > > exim is an insecure piece of shit that makes old sendmail look good. > > > besides, it is not free. > > > > Curiosity here since we are exim users... what makes it insecu

Info gpio Support on alix - pcengines ...

Hi. Marc Balmer gave me info about adding gpio support for the new alix boards produced by pcengines. I hope someone is interested in ... I'll sum it up ... 1. add to GENERIC config gpio* at gscpcib? glxpcib* at pci? # AMD CS5536 PCI-ISA bridge gpio* at glxpcib? 2. booting the new kern

ftp-proxy feature request

I have a multiple ISP router/firewall running 4.2. To make FTP work properly over both gateways, I found and applied the following patch to ftp-proxy **see link below** and it's working great (apparently pftpx is very similar to ftp-proxy). Without this fix, my second ftp-proxy process (for I

Re: Replacement functionality if systrace is to be removed.

On Tue, 4 Dec 2007, Edd Barrett wrote: On 04/12/2007, Antoine Jacoutot <[EMAIL PROTECTED]> wrote: Better fix the port then. I think you misunderstood. The port is fixed, but only because systrace allowed me to cut the build short when the build offended. Ah ok yes, I did misunderstand. Well

Re: Routing between "spokes" - recent best practices?

On 12/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote: > > > > On 12/4/07, John Rodenbiker <[EMAIL PROTECTED]> wrote: > > > > On Dec 4, 2007, at 12:14 AM, visc wrote: > > > So, my question is this - what are the current best practices for > > > setting up a hub and spoke topology using OpenBSD, allow

Re: Routing between "spokes" - recent best practices?

On 12/4/07, John Rodenbiker <[EMAIL PROTECTED]> wrote: > > On Dec 4, 2007, at 12:14 AM, visc wrote: > > So, my question is this - what are the current best practices for > > setting up a hub and spoke topology using OpenBSD, allowing for > > traffic to securely flow from Branch to Branch on occasio

Re: Replacement functionality if systrace is to be removed.

Hi, On 04/12/2007, Antoine Jacoutot <[EMAIL PROTECTED]> wrote: > Better fix the port then. I think you misunderstood. The port is fixed, but only because systrace allowed me to cut the build short when the build offended. -- Best Regards Edd ---

Re: This list: CC and TO fields

On Tue, 4 Dec 2007, Markus Hennecke wrote: But since it replaced pine the UTF-8 support is broken for me, and the arrow UTF-8 works fine here. -- Antoine

Re: Replacement functionality if systrace is to be removed.

On Tue, 4 Dec 2007, Edd Barrett wrote: I ask because I find USE_SYSTRACE (/etc/mk.conf) essential for the TeXLive port. It writes all over the place during the build. Better fix the port then. -- Antoine

Re: pfctl - show port numbers

hmm, on Mon, Dec 03, 2007 at 02:24:05PM -0500, MikeM said that > toggle between symbols and numbers (e.g., -n for netstat or tcpdump) it > may be helpful as well. That's the main reason why I originally though +1 one man's worthless feature is other man's best friend. please put it in... -f --

Re: This list: CC and TO fields

On Mon, 3 Dec 2007, xSAPPYx wrote: On Dec 3, 2007 5:04 AM, ropers <[EMAIL PROTECTED]> wrote: On 03/12/2007, L <[EMAIL PROTECTED]> wrote: I can't find the 'reply only to group' feature my mail client yet.. but I just started using this email client recently. It is Mozilla Thunderbird. Reply t

Re: ibgp

On Mon, Dec 03, 2007 at 01:00:37PM -0800, Tom Bombadil wrote: > Greetings... > > We are trying to use a couple routers with carp and uplinks with 2 > different providers. One router as master and another one slave. The > slave getting all the routes from the master using IBGP. > > The problem is

seems like packet is lost between pf and interface

Hallo! I am observing seemingly perplexing problem on OpenBSD 4.1 firewall. Some dns queries work from behind firewall towards internet and others doesnt. For example doesnt work query which has a big response of TXT data. Firewall has internal interface em1 attached to subnet 10.0.1 (actual numb

Replacement functionality if systrace is to be removed.

Hi there, I was speaking to someone at OpenCON about the fundamental systrace flaw regarding processes forking in order to bypass the checks. The general impression I was given was that systrace is to be removed at some point. If this is the case, will there be a similar tool available? I ask be

Re: Could Hiawatha replace Apache as in base HTTP server if it's license changed?

On Dec 3, 2007 10:53 PM, Damien Miller <[EMAIL PROTECTED]> wrote: > Secondly, I don't think anyone in OpenBSD would display as much hubris > as this claim on the Hiawatha home page: "Hiawatha's source code is > free of security-bugs". Heh, OK.

Re: Bernstein puts qmail in public domain

* Tom Bombadil <[EMAIL PROTECTED]> [2007-12-04 03:00]: > > exim is an insecure piece of shit that makes old sendmail look good. > > besides, it is not free. > > Curiosity here since we are exim users... what makes it insecure? rotten design and bad implementation, to begin with? > Should we be

Re: Routing between "spokes" - recent best practices?

On Dec 4, 2007, at 12:14 AM, visc wrote: So, my question is this - what are the current best practices for setting up a hub and spoke topology using OpenBSD, allowing for traffic to securely flow from Branch to Branch on occasion without using a full mesh topology. If it's at all possible...

Re: License Violation - ksh

On Mon, Dec 03, 2007 at 01:37:53PM -0700, Bob Beck wrote: > * Marco Peereboom <[EMAIL PROTECTED]> [2007-12-03 06:19]: > > > No harm done just stupidity perpetuated. Kind of like fox news. > > Dunno about "no harm done" there marco - Saying fox news doesn't do > any harm is like saying Joes

Re: VPN Concentrator

Joseph C. Bender wrote: Scott Learmonth wrote: And Khalid - sorry to hijack your thread. Most of my road warriors are going to be on macs and too cheap to purchase VPN Tracker. Any successes I gave I'll certainly share. There's always OpenVPN. GUI via Tunnelblick