| stanislava-s | Есть
Sjp`hmqjhe }jqonprmn-hlonprm{e a`g{ g` 2005/2006/2007/2008 cnd`.
Qop`bnwmhj reketnmnb Sjp`hm{ h Jheb` g` 2007 cnd b }kejrpnmmnl bhde. Bnglnfmnqrh onhqj`.
Ankee ondpnam` hmtnpl`vh b oepeohqje: retresad@gmail.com
a3k|xe bhrcsb`khq| dn p3jh. � Rnb`phxs jnl`mdhp, � ubhk~~whq|, o3db3bq Rhlnt3i 3 g`qrhc mebd`k3j b3d mebhqnjncn, b jsa`mv3, bn?m` g o3qrnkernl s k3b3i psv3. � Qosqj`ireq g` lmn~ dn As...
| May 16, 12:51 pm 2008 |
| Stuart Henderson | Re: openospfd default routes
OpenBSD kernel routing code has had ECMP for a little while, and in
4.3 ospfd started supporting it too.
You just need to enable multipath forwarding in /etc/sysctl.conf, 2 lines
below where you enable IP forwarding, and either reboot or manually set
the sysctl.
| May 16, 12:44 pm 2008 |
| Jesus Sanchez | Re: pf-nat help (solved)
Ok, now everything works as spected, just for a mistake.
When I did changes on the /etc/pf.conf, I relaunched the PF
just with:
# pfctl -d
# pfctl -e
I thought that was enougth to make the changes affect pf, but NOT,
I needed to use this instead with my actual config:
# pfctl -d
# pfctl -ef /etc/pf.conf
And everything goes as spected. I seted up a little dhcpd and
all my network works as I want, from now I will make changes
to pf.conf to make it more stronger than now.
There is anoth...
| May 16, 11:39 am 2008 |
| Henning Brauer | Re: pf-nat help (solved)
of course not. you disabled pf, then enabled it again. no ruleset
that is not the right way either. you disable pf, then load a new
ruleset and enable it again. the whole disable-enable dance it useless
and leaves a timeframe where no firewalling takes place, but traffic
flows. you just do pfctl -f /etc/pf.conf, it does the right thing for
you (load new ruleset, atomically switch to it, ditch old one)
--
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services, http://bsws.de
Ful...
| May 16, 12:11 pm 2008 |
| Jason Dixon | Re: pf-nat help (solved)
It's helpful for others if you explain what your mistake was. Bonus
points for posting your corrected ruleset. Your learning helps others
No, nat is a PF feature.
---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
| May 16, 11:49 am 2008 |
| Charlie Allom | openospfd default routes
Hi,
I am trying to setup an active/active routing firewall setup with OSPF
so it load shares the traffic equally.
I am have created a test lab with IOS ASBR's that have
`default-information originate always` so I then can see 2 routes to
0.0.0.0/0.0.0.0 via 2 routes.
It seems there is a limitation with *bsd's kernels in that they do not
allow for ECMP routing. ie, they can have only one default route at one
time.
Does OpenOSPFd work around this (and I've just got my setup wrong) or
is the ...
| May 16, 11:32 am 2008 |
| Stuart VanZee | Re: Debian libssl security (Cause???)
That only works if the people who are explicitly human auditing
the software is smart enough to know that you can't implicitly
trust something like Valgrind anyway. So telling them isn't
really all that useful (if they were that smart, they would
already know).
I'm not saying that the Debian devs aren't smart, I'm just
saying that they aren't smart enough that I would trust them
to build a secure system. This is why I use OpenBSD instead
of Debian Distorted Dingo.... oh wait... or is that some...
| May 16, 9:17 am 2008 |
| Pedro de Oliveira | Re: Problems with apache vhosts
Hum, so I should just ignore it! Well, at least it is now *reported*.
Thanks Marc and Stuart
-----Mensagem original-----
De: Stuart Henderson [mailto:stu@spacehopper.org]
Enviada: sexta-feira, 16 de Maio de 2008 13:43
Para: Pedro de Oliveira
Assunto: Re: Problems with apache vhosts
btw, it's fallout from the v6 support, I noticed it too.
| May 16, 9:05 am 2008 |
| Marc Balmer |
| May 16, 11:38 am 2008 |
| Josh Grosse | OLPC inks agreement with Microsoft
One Laptop Per Child has been discussed on misc@ before, including decisions
made by the organization's technical leadership to sign NDAs for their
particular hardware choices on the XO laptop.
This slashdot posting:
http://tech.slashdot.org/article.pl?sid=08/05/15/2320243
references a New York Times article published today by Steve Lohr describing a
new agreement with Microsoft, to replace Linux in markets which prefer
Windows. The slashdot posting missed a couple of key points from the a...
| May 16, 8:09 am 2008 |
| Stuart Henderson | Re: Problems with apache vhosts
These are because of the chroot handling. You can just use the full
These are probably bogus warnings, the vhosts almost certainly
still function correctly.
| May 16, 7:55 am 2008 |
| Pedro de Oliveira | Re: Problems with apache vhosts
Yes, the DocumentRoot ones I know that are because of the chroot.
But the VirtualHosts warnings shoulnt appear, and yes, it is working
correctly.
-----Mensagem original-----
De: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] Em nome de Stuart
Henderson
Enviada: sexta-feira, 16 de Maio de 2008 12:55
Para: misc@openbsd.org
Assunto: Re: Problems with apache vhosts
These are because of the chroot handling. You can just use the full path
These are probably bogus warnings, the vhosts alm...
| May 16, 8:03 am 2008 |
| Ross Cameron |
| May 16, 7:31 am 2008 |
| Otto Moerbeek | Re: Debian libssl security (Cause???)
yes, read the stuff posted earlier, it contains all relevant links. To
summarize, to silence a bogus valgrind warning, almost all seeding of
the PRNG used by openssl was removed.
-Otto
| May 16, 7:41 am 2008 |
| Ross Cameron | Re: Debian libssl security (Cause???)
Mmmmmmm this isn't the first time I've heard of bogus reports from Valgrind.
How does one politely inform the Debian project to not trust it explicitly
and to human audit anything it flags?
| May 16, 8:30 am 2008 |
| Ted Unangst | Re: Debian libssl security (Cause???)
I think people are placing too much blame on valgrind. valgrind
doesn't tell you "Delete this line of code." It says "You are using
uninitialized memory here." The correct fix is to initialize the
memory, not delete the line of code. It's not about trusting or not
trusting the tool; it's about responding correctly.
I've seen innocuous valgrind reports, but never wrong ones. I also
saw a valgrind report ignored as innocuous because it didn't seem to
cause trouble, only to be the root cause of...
| May 16, 4:02 pm 2008 |
| Travers Buda | Re: Debian libssl security (Cause???)
They probably have figured it out. This is a pretty big screw-up--it
was in the tree since September 2006. You don't do something this
bad and not learn from it =).
--
Travers Buda
| May 16, 2:33 pm 2008 |
| mcb, inc. |
| May 16, 3:06 pm 2008 |
| Pedro de Oliveira | Problems with apache vhosts
Hello,
I'm having a little problem with vhosts with OpenBSD apache, not really a
problem, more a Warning cause everything is working nicely, i just dont like
the warnings.
I created a vhosts.conf in /var/www/conf/modules with the following:
---------vhosts.conf---------
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /htdocs
ServerName domain1.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /htdocs/stats
ServerName sub.domain...
| May 16, 7:05 am 2008 |
| Marc Balmer |
| May 16, 7:10 am 2008 |
| Pedro de Oliveira | Re: Problems with apache vhosts
I'm running -current from Mon May 12 10:57:47 WEST 2008.
-----Mensagem original-----
De: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] Em nome de Marc
Balmer
Enviada: sexta-feira, 16 de Maio de 2008 12:11
Para: Pedro de Oliveira
Cc: misc@openbsd.org
Assunto: Re: Problems with apache vhosts
On which version do you see this problem? Are you running -current? If so,
| May 16, 7:18 am 2008 |
| Marc Balmer |
| May 16, 7:21 am 2008 |
| Denis Doroshenko | glimpse of a miracle [was: GENERIC with new ACPI parser cras...
it was a glimpse of the light and then Jordan's new parser got
busted... actually Jordan has fixed the parser for HP notebooks (i
believe for most of them, since as many as i seen they all crashed the
same way) and with Jordan's changes the kernel boots a lot further
(experiencing death in acpitz later on), yeeha!
OpenBSD 4.3-current (GENERIC) #0: Fri May 16 12:01:20 EEST 2008
cyxob@vll300864.omnitel.lan:/data/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1600MHz ("Gen...
| May 16, 5:22 am 2008 |
| Tomas Bodzar |
| May 16, 5:21 am 2008 |
| Tim Post | Re: Time for OBSD everywhere?
That reminds me of a story where investigators were stumped for 3 months
trying to get data off a 1541 5.25" drive connected to a Commodore 64. I
wish I could find the link to it.
I'm not so worried about that particular project (for obvious reasons),
but I have been putting together a plan to move anything that talks to
the world to OBSD.
Cheers,
--Tim
--
Monkey + Typewriter = Echoreply ( http://echoreply.us )
| May 16, 5:59 am 2008 |
| LÉVAI Dániel | Re: Time for OBSD everywhere?
Then, when everyone will use OpenBSD, and have calmed down, the devs
will unhide a super-secret secretly hidden remote hole, and the
computers will turn into one big playground for the OpenBSD folks ;)
(just fooling around.. of course)...
Daniel
--
LEVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
| May 16, 7:40 am 2008 |
| Travers Buda | Re: Time for OBSD everywhere?
Well, in a way, diversity of operating systems is a good thing in
terms of security. However, if the diverse population is made up
of buggy crap, then you see less of a benefit. The worst case
scenario is when you have a single operating system having a majority,
and being crappy.
--
Travers Buda
| May 16, 2:30 pm 2008 |
| Daniel Ouellet | Re: Time for OBSD everywhere?
Well, I can proudly say that I do own two business and one is 100%
OpenBSD only now for 10 years, and the second one only have 8 Solaris
servers left in it that sadly I can't switch to OpenBSD yet. The last
Microsoft server alive was kill a few years back, NT4.0 and we had a
party then. Never look back and sure never regret it either.
And we keep increasing the usage of OpenBSD as time allow us too and all
servers were replaced. Now it's slowly time for Cisco routers where
possible.
And ...
| May 16, 2:51 pm 2008 |
| chefren | Re: Time for OBSD everywhere?
Hello Daniel,
Not to challenge you or anyone else personally: What's the best program
to look at Microsoft Powerpoint presentations? I now and the receive
them, K presenter crashes on them, and still have to forward them to a Mac.
+++chefren
| May 16, 4:35 pm 2008 |
| Paul de Weerd | Re: Time for OBSD everywhere?
Depending on the origin and contents of the presentation you can :
1) Tell the originator to stop sending you MS docs
2) Load them in Google Docs (which should convert them)
3) Try OO.org conversion
4) Special case it
4a) Use your mac
4b) Use Windows in a QEMU image
4c) Use a not-connected windows machine + USB drive
Option 1) can be very effective, especially with the growing awareness
amongst Windows users (in corp- and govtland) of non-Windows users in
the rest of the w...
| May 16, 6:47 pm 2008 |
| Floor Terra |
| May 16, 6:09 pm 2008 |
| Rico Secada | Re: Time for OBSD everywhere?
On Fri, 16 May 2008 22:35:00 +0200
I can almost second that except for the few cases in which we really
need to update stuff without fuzz, then we use Debian.
| May 16, 5:26 pm 2008 |
| Daniel Ouellet | Re: Time for OBSD everywhere?
All I need and use are in packages and using current and the pkg_add to
updates couldn't be easier and faster. I find it a lots faster and
easier then app_get from Debian, but that's the beauty of it all. You
choose what you feel is right for you.
And in some cases, release is just find and it's not liek I need the
latest all the time for each packages either. A properly 6 months fresh
reinstall on all always provides best results and fix what ever bugs in
between that may happened.
I st...
| May 16, 5:48 pm 2008 |
| michael enoma aghayere |
| May 16, 8:02 am 2008 |
| Katarzyna Kaczor | news about BSD world
Hi Guys,
Would you like to reach to the large audience of BSD Magazine?
I am happy to announce that we started News Section on BSD Magazine website.
In this bookmark you can place news, press releases, latest and upcoming BSD
events announcements and other information precious for BSD Community.
If you want to add your news, please contact me directly at
katarzyna.kaczor@bsdmag.org
Thanks a lot :)
| May 16, 4:54 am 2008 |
| banana split | Re: build a release
> I'm not sure that building the system from source is the primary target
man pages & faqs are amazing so it is quite impossible that things go wrong.
however there are no snapshots since 6 may and because many interesting things
were added to the tree building from the source was the only way to get in
my bad! my apologies! it will never happen!
| May 16, 2:44 am 2008 |
| Alexander Hall | Re: build a release
Dear Mr Banana,
I was talking in general terms, which may or may not apply to you.
However many people coming from other os'es (in particular linux-based
ones) do not understand that using openbsd seldom _need_ to include
Now that's a good reason for compiling from source, assuming you can
I actually cannot tell whether you are being sarcastic or honest, but
anyway don't worry. Keep on exploring this new OS, and you'll probably
in time be as addicted to it as many of us.
/Alexander
...
| May 16, 2:42 pm 2008 |
| David Kan | Asia Resort Market Review
Dear ,
We are in the development of Victoo - Free Tourism & Hospitality
Management Resources. I hope you like to join this online community at
www.victoo.com.
Below is our 3 market report documents of Victoo's Free Resources
Sharing:
Asia Resort Market Review A special report from Horwath HTL about Resort
Market Trends in Thailand, Philippine, Vietnam, Malaysia, Indonesia.
The Future Of The Hotel Industry "It doesn
| May 15, 10:30 pm 2008 |
| Robert Urban | updating ports after OS update
Hi Folks,
in the upgrade guide there is a description of how to update packages after
the OS has been updated. The command mentioned is (with the appropriate env
variable(s) set):
# pkg_add -ui -F update -F updatedepends
What do I need to do about the numerous ports I built and installed? Do
they need to be updated manually?
Also, I'm currently running 4.1, and would like to get to 4.3. I guess I
will need to do this in two hops. Can I postpone package updating until
I've finished...
| May 15, 10:19 pm 2008 |
| Marc Espie | Re: updating ports after OS update
The packages you built manually, assuming you used a virgin ports tree,
are no different from the distributed packages.
You can update safely from our tree. Things may fail if you run into
a package that's not distributed (java comes to mind), but it will fail
decently, and you can update the required packages manually, then proceed
with update.
You can also set FETCH_PACKAGES to Yes and update using the ports tree.
You can skip one release, the ports tree tools can deal with old stuff
wit...
| May 16, 3:34 am 2008 |
| Ben Calvert |
| May 16, 2:47 pm 2008 |
| Marc Espie | Re: SRC in PKG_PATH ( was Re: updating ports after OS update )
It was finished fairly recently, and it's not 100% tested yet:
- it requires some cooperation between the ports tree and pkg_add:
if you run the ports tree from pkg_add, it means you already have a lock on
/var/db/pkg, so it requires -F nolock.
- it's also one of the reasons for stopping at the first PKG_PATH entry
that satisfies your request. SRC urls are a `last resort', when you can't
find the package and need to build it.
If you want to play with it, you can try adding an entry like:
s...
| May 16, 3:51 pm 2008 |
| Ted Unangst | Re: uvm_mapent_alloc: out of static map entries on 4.3 i386
Are you using squid as well? You may try doing something like
restarting apache.
The problem seems related to certain long running processes with
fragmented address spaces.
Basically, in order to manage address spaces, the kernel keeps track
of a bunch of maps. Entries in these maps are stored in... map
entries. In certain situations, the kernel can't wait to allocate a
map entry, so it grabs one from a static list. Previously, when they
ran out, the kernel paniced. Now it just says uh oh...
| May 15, 10:07 pm 2008 |
| mickey | Re: uvm_mapent_alloc: out of static map entries on 4.3 i386
the problem is not in the user land.
the problem is in i386 pmap which abuses kmem_map that is there
for malloc(9)s use and allocates pv_entries from it.
this leads to enormous kmem_map fragmentation and unaccounted
allocations that does not show up in the vmstat and as well leads
to livelocks (sleeping on kmem_map) and out of space in kmem_map
panics as well. there is a number of measures to remediate the
situation proper
- convert pv_entries allocations to pool (i have a diff if you wanna)
- ba...
| May 16, 6:09 am 2008 |
| Kevin |
| May 16, 1:16 pm 2008 |
| Darrian Hale |
| May 16, 11:21 am 2008 |
| Kevin | Re: uvm_mapent_alloc: out of static map entries on 4.3 i386
Funny you should ask. Yes and no. We are proxying some of the site's
content, but it's with apache's mod_proxy.
(No way around this from what we can see as it solves some business
needs in terms of content delivery and is an easy fix to an otherwise
vexing problem.)
Restarting apache always solves the problem, but that's hardly a fix.
Sure, I could crontab it to do so automatically and just periodically
kick everyone off, but that's super yucky and still doesn't really
*solve* the problem.... I'...
| May 16, 2:30 am 2008 |
| Henning Brauer |
| May 16, 3:13 am 2008 |
| Janusz Gumkowski |
| May 16, 6:20 am 2008 |
| Henning Brauer | Re: uvm_mapent_alloc: out of static map entries on 4.3 i386
sure, they help. at least if you want to believe they do.
randomly pushing buttons you don't understand until it feels better is
going to help how?
btw, two of the three up there are completely unrelated to the problem
at hand and useless these days.
--
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
| May 16, 3:10 am 2008 |
