From cc_simons at yahoo.com Thu Jul 3 21:17:17 2008 From: cc_simons at yahoo.com (christiaan simons) Date: Thu, 3 Jul 2008 21:17:17 -0700 (PDT) Subject: malo Airport adhoc net In-Reply-To: <559741.65637.qm@web32403.mail.mud.yahoo.com> Message-ID: <22764.23050.qm@web32402.mail.mud.yahoo.com> --- On Sat, 6/21/08, christiaan simons wrote: > No 'IBSS' mode is reported in the malo man. But then, why does ifconfig -m > malo0 advertise the ibss mediaopt? I can even set this, but no results yet. > Is this a cliffhanger? Anwering my own question, I think this has something todo with master and slave IBSS. I think the WG311 can operate in slave IBSS only. Anyway, ditched the Netgear and got an el-cheapo Ralink RT2661 based card (ral). It's an Eminent EM4467. Thought I should mention this here, since it wasn't in the man ral card summary. Runs like a charm, and no need for a separate firmware pkg_add. Great. Also the warning in man ral about requiring strict PCI 2.2 does not seem to be a problem. Use it in a PCI 2.1 box, but of course don't know why this was mentioned. I don't use the power management, the most significant addition to the 2.2 spec. From the.phule at gmail.com Fri Jul 4 02:41:24 2008 From: the.phule at gmail.com (kim) Date: Fri, 04 Jul 2008 10:41:24 +0100 Subject: fstab and mount points Message-ID: <486DF044.9050509@gmail.com> G'day all, Just wanted to check before did something really stupid. I would like to move the fstab mount point of my home directory. Ive currently got fstab as /dev/wd0a / ffs rw 1 1 With another hard drive installed on wd2 so will adding /dev/wd2a /home rw 1 2 so as long as i've copied all the files(dotfiles) from the current users directories to the new one, then should that work? kim From the.phule at gmail.com Fri Jul 4 06:12:38 2008 From: the.phule at gmail.com (kim) Date: Fri, 04 Jul 2008 14:12:38 +0100 Subject: fstab and mount points In-Reply-To: <486DF044.9050509@gmail.com> References: <486DF044.9050509@gmail.com> Message-ID: <486E21C6.2010807@gmail.com> kim wrote: > G'day all, > > Just wanted to check before did something really stupid. I would like to > move the fstab mount point of my home directory. > > Ive currently got fstab as > > /dev/wd0a / ffs rw 1 1 > > With another hard drive installed on wd2 so will adding > > /dev/wd2a /home rw 1 2 and to answer my own question no it's /dev/wd2a /home ffs rw,nodev,nosuid 1 2 but you have to dicker about with which drive becomes wd1/wd2 etc. From DStaal at usa.net Fri Jul 4 09:52:58 2008 From: DStaal at usa.net (Daniel Staal) Date: Fri, 04 Jul 2008 12:52:58 -0400 Subject: fstab and mount points In-Reply-To: <486E21C6.2010807@gmail.com> References: <486DF044.9050509@gmail.com> <486E21C6.2010807@gmail.com> Message-ID: <6E784EF295163C64887F5817@Mac-Pro.local> --As of July 4, 2008 2:12:38 PM +0100, kim is alleged to have said: >> With another hard drive installed on wd2 so will adding >> >> /dev/wd2a /home rw 1 2 > > and to answer my own question no it's > > /dev/wd2a /home ffs rw,nodev,nosuid 1 2 > > but you have to dicker about with which drive becomes wd1/wd2 etc. --As for the rest, it is mine. You could leave out the 'nodev,nosuid' if you wanted to. However, they will help your users keep from shooting themselves (and possibly others...) in the foot. There might be occasions where the 'nosuid' would get in the way though. (Very rare, but I can see them occurring.) Just saying you should think about what you want to allow and not: There are other options as well that you can put in. They are all listed in the 'mount' man page; spending a little time reading that might come in handy. The fstab man page is where the documentation lives for the file you are editing, it'll tell you what the rest of the fields mean. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From chris at bennettconstruction.biz Fri Jul 4 15:41:35 2008 From: chris at bennettconstruction.biz (Chris Bennett) Date: Fri, 04 Jul 2008 17:41:35 -0500 Subject: fstab and mount points In-Reply-To: <6E784EF295163C64887F5817@Mac-Pro.local> References: <486DF044.9050509@gmail.com> <486E21C6.2010807@gmail.com> <6E784EF295163C64887F5817@Mac-Pro.local> Message-ID: <486EA71F.6050007@bennettconstruction.biz> if you are adding/removing additional drives, you may run into the problem of the system failing to boot if drive changes from wd0 to wd1 or vice versa. Just removing the second drive will also screw things up until you edit fstab You will need to mount / and /usr as read/write after using fsck -p on each. What I had a hard time discovering was the need to use : export TERM=xterm (or vt220, etc.) to get an editor such as vi working Seems to me that this ought to be added somewhere obvious, since not knowing that last step is a real disaster to a newbie removing a disk! Chris Bennett Daniel Staal wrote: > --As of July 4, 2008 2:12:38 PM +0100, kim is alleged to have said: > > >>> With another hard drive installed on wd2 so will adding >>> >>> /dev/wd2a /home rw 1 2 >>> >> and to answer my own question no it's >> >> /dev/wd2a /home ffs rw,nodev,nosuid 1 2 >> >> but you have to dicker about with which drive becomes wd1/wd2 etc. >> > > --As for the rest, it is mine. > > You could leave out the 'nodev,nosuid' if you wanted to. However, they > will help your users keep from shooting themselves (and possibly others...) > in the foot. > > There might be occasions where the 'nosuid' would get in the way though. > (Very rare, but I can see them occurring.) > > Just saying you should think about what you want to allow and not: There > are other options as well that you can put in. They are all listed in the > 'mount' man page; spending a little time reading that might come in handy. > The fstab man page is where the documentation lives for the file you are > editing, it'll tell you what the rest of the fields mean. > > Daniel T. Staal > > --------------------------------------------------------------- > This email copyright the author. Unless otherwise noted, you > are expressly allowed to retransmit, quote, or otherwise use > the contents for non-commercial purposes. This copyright will > expire 5 years after the author's death, or in 30 years, > whichever is longer, unless such a period is in excess of > local copyright law. > --------------------------------------------------------------- > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > > > From the.phule at gmail.com Sat Jul 5 01:49:00 2008 From: the.phule at gmail.com (kim) Date: Sat, 05 Jul 2008 09:49:00 +0100 Subject: fstab and mount points In-Reply-To: <486EA71F.6050007@bennettconstruction.biz> References: <486DF044.9050509@gmail.com> <486E21C6.2010807@gmail.com> <6E784EF295163C64887F5817@Mac-Pro.local> <486EA71F.6050007@bennettconstruction.biz> Message-ID: <486F357C.2020206@gmail.com> Chris Bennett wrote: > if you are adding/removing additional drives, you may run into the > problem of the system failing to boot if drive changes from wd0 to wd1 > or vice versa. > Just removing the second drive will also screw things up until you edit > fstab I did it as two steps, took out the drives I wanted to swap out, cheked where it was after a reboot and then edited the /etc/fstab after sweating over the example in man fstab. > You will need to mount / and /usr as read/write after using fsck -p on > each. > What I had a hard time discovering was the need to use : > export TERM=xterm (or vt220, etc.) > to get an editor such as vi working > > Seems to me that this ought to be added somewhere obvious, since not > knowing that last step is a real disaster to a newbie removing a disk! > Id previously done this, hence asking here, and had no idea how to get unstuck so thanks for the additional bit of info. cheers everyone kim From lists at rensseltucky.com Sat Jul 5 15:10:27 2008 From: lists at rensseltucky.com (Ed D.) Date: Sat, 05 Jul 2008 18:10:27 -0400 Subject: Xbox 360 blocking, parental control Message-ID: <486FB913.31371.302A3BBB@lists.rensseltucky.com> Hi, I have a friend who's a single mother, that has a problem with an out of control teenaged son playing Xbox 360 to all hours of the night. I suggested her having me build her a firewall that could be used to shut off Xbox traffic to the Internet at times when she chooses to. For example between certain hours.. Has anybody done this? I didn't want to re-invent the wheel if I could benefit from soembody else's experience. Would appreciate any advice from people who've already done this, like what needs to be blocked for one. Thanks, Ed From DStaal at usa.net Sat Jul 5 17:49:59 2008 From: DStaal at usa.net (Daniel T. Staal) Date: Sat, 5 Jul 2008 20:49:59 -0400 (EDT) Subject: Xbox 360 blocking, parental control In-Reply-To: <486FB913.31371.302A3BBB@lists.rensseltucky.com> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> Message-ID: <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> On Sat, July 5, 2008 6:10 pm, Ed D. wrote: > Hi, > I have a friend who's a single mother, that has > a problem with an out of control teenaged son > playing Xbox 360 to all hours of the night. > > I suggested her having me build her a firewall > that could be used to shut off Xbox traffic to > the Internet at times when she chooses to. > For example between certain hours.. > > Has anybody done this? > > I didn't want to re-invent the wheel if I could > benefit from soembody else's experience. > > Would appreciate any advice from people > who've already done this, like what needs to > be blocked for one. I haven't actually worked with an XBox, but from what I read it uses UPnP to negotiate a way through a firewall. There is no support for that protocol in the OpenBSD install. So, a default-deny policy should stop the Xbox. To support the protocol, there is a deamon that someone has written that works with PF, but there isn't a port of it yet. (I think the documentation doesn't live up to OpenBSD standards.) It's homepage is: http://miniupnp.free.fr/ Microsoft has a technote on what ports are needed at: http://support.microsoft.com/kb/911728 I'd try setting up a default-deny system, that blocks egress on most of those ports as well, then have the miniupnp daemon on a cron job, so it was only active at certain times of the day. It can open the ports as needed while it is running and the rest of the time the ports would be closed. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From mandrich at mandrich.com Sat Jul 5 16:25:57 2008 From: mandrich at mandrich.com (Mark Andrich) Date: Sat, 05 Jul 2008 18:25:57 -0500 Subject: Xbox 360 blocking, parental control In-Reply-To: <486FB913.31371.302A3BBB@lists.rensseltucky.com> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> Message-ID: <48700305.5050606@mandrich.com> I'm thinking a transparent bridge using PF configured with a rule set to block outbound access to whatever remote ports XBL connects to. You could then crontab to specify times to run scripts to enable/disable PF. If the XB360 is connected by cable, put the bridge between it and the router. If the XB360 has the wireless adapter, then put the bridge between the WAN port of the router and the cable box or DSL modem. Hope that helps a bit, Mark Ed D. wrote: > Hi, > I have a friend who's a single mother, that has > a problem with an out of control teenaged son > playing Xbox 360 to all hours of the night. > > I suggested her having me build her a firewall > that could be used to shut off Xbox traffic to > the Internet at times when she chooses to. > For example between certain hours.. > > Has anybody done this? > > I didn't want to re-invent the wheel if I could > benefit from soembody else's experience. > > Would appreciate any advice from people > who've already done this, like what needs to > be blocked for one. > Thanks, Ed > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.138 / Virus Database: 270.4.5/1536 - Release Date: 7/5/2008 10:15 AM > > > > From marmot at pennswoods.net Sat Jul 5 19:43:48 2008 From: marmot at pennswoods.net (Woodchuck) Date: Sat, 5 Jul 2008 22:43:48 -0400 (EDT) Subject: Xbox 360 blocking, parental control In-Reply-To: <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> Message-ID: On Sat, 5 Jul 2008, Daniel T. Staal wrote: > On Sat, July 5, 2008 6:10 pm, Ed D. wrote: > > Hi, > > I have a friend who's a single mother, that has > > a problem with an out of control teenaged son > > playing Xbox 360 to all hours of the night. > > > > I suggested her having me build her a firewall > > that could be used to shut off Xbox traffic to > > the Internet at times when she chooses to. > > For example between certain hours.. > > > > Has anybody done this? > > > > I didn't want to re-invent the wheel if I could > > benefit from soembody else's experience. > > > > Would appreciate any advice from people > > who've already done this, like what needs to > > be blocked for one. > > I haven't actually worked with an XBox, but from what I read it uses UPnP > to negotiate a way through a firewall. There is no support for that > protocol in the OpenBSD install. So, a default-deny policy should stop > the Xbox. > > To support the protocol, there is a deamon that someone has written that > works with PF, but there isn't a port of it yet. (I think the > documentation doesn't live up to OpenBSD standards.) It's homepage is: > http://miniupnp.free.fr/ > > Microsoft has a technote on what ports are needed at: > http://support.microsoft.com/kb/911728 > > I'd try setting up a default-deny system, that blocks egress on most of > those ports as well, then have the miniupnp daemon on a cron job, so it > was only active at certain times of the day. It can open the ports as > needed while it is running and the rest of the time the ports would be > closed. > > Daniel T. Staal What would be wrong with just adding a pair of rules: block drop quick from any to 192.168.1.100 block drop quick from 192.168.1.100 to any supposing .100 is the Xbox? Have two pf.confs and a cron job. One would also want to flush state during the load. I dunno if this is automatic or not. This all depends on the malefactor not having the smarts to unplug his toy from the firewall and plug it into the cable modem or whatever. I think that *blocking* the lad is easy. Am I missing something? I don't pretend to expertise in this area. Is there a way to write those two rules as one? Dave -- The future isn't what it used to be. -- G'kar From DStaal at usa.net Sat Jul 5 22:40:56 2008 From: DStaal at usa.net (Daniel Staal) Date: Sun, 06 Jul 2008 01:40:56 -0400 Subject: Xbox 360 blocking, parental control In-Reply-To: References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> Message-ID: <1FEEBD9048583346AD4774BC@Mac-Pro.local> --As of July 5, 2008 10:43:48 PM -0400, Woodchuck is alleged to have said: > What would be wrong with just adding a pair of rules: > > block drop quick from any to 192.168.1.100 > block drop quick from 192.168.1.100 to any > > supposing .100 is the Xbox? > > Have two pf.confs and a cron job. One would also want to flush > state during the load. I dunno if this is automatic or not. --As for the rest, it is mine. Nothing really, besides the complexity (and insecurity) of the _other_ pf.conf: The Xbox needs several ports open, both in and out, including receiving data on random ports. Using the UPnP setup you can have only those ports _actually in use_ open, and they will automatically close when the the XBox is turned off, even if it is during the 'allowed' times. (Or, actually, when they time out, but that would just be a few minutes.) Also, we haven't discussed whether the XBox has a static address: I assume you could assign one, but using UPnP you can do this (easily) with a dynamic address. There is also a side benefit: Many common chat programs will also use UPnP (or the other common protocol for the same purpose, which the daemon also supports), so this would automatically shut them down for the night as well. Anyway, I mostly wanted to mention it as an option, partly because when I went looking for a daemon to support that protocol (for a couple of other things), it took me a while to find one. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From marmot at pennswoods.net Sun Jul 6 06:52:51 2008 From: marmot at pennswoods.net (Woodchuck) Date: Sun, 6 Jul 2008 09:52:51 -0400 (EDT) Subject: Xbox 360 blocking, parental control In-Reply-To: <1FEEBD9048583346AD4774BC@Mac-Pro.local> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> <1FEEBD9048583346AD4774BC@Mac-Pro.local> Message-ID: On Sun, 6 Jul 2008, Daniel Staal wrote: > --As of July 5, 2008 10:43:48 PM -0400, Woodchuck is alleged to have said: > > > What would be wrong with just adding a pair of rules: > > > > block drop quick from any to 192.168.1.100 > > block drop quick from 192.168.1.100 to any > > > > supposing .100 is the Xbox? > > > > Have two pf.confs and a cron job. One would also want to flush > > state during the load. I dunno if this is automatic or not. > > --As for the rest, it is mine. > > Nothing really, besides the complexity (and insecurity) of the _other_ > pf.conf: The Xbox needs several ports open, both in and out, including > receiving data on random ports. Using the UPnP setup you can have only those > ports _actually in use_ open, and they will automatically close when the the > XBox is turned off, even if it is during the 'allowed' times. (Or, actually, > when they time out, but that would just be a few minutes.) I just did some reading on UPnP. It is scary. > Also, we haven't discussed whether the XBox has a static address: I assume you > could assign one, but using UPnP you can do this (easily) with a dynamic > address. Sure. > There is also a side benefit: Many common chat programs will also use UPnP (or > the other common protocol for the same purpose, which the daemon also > supports), so this would automatically shut them down for the night as well. For the whole network, though, not the miscreant, right? > Anyway, I mostly wanted to mention it as an option, partly because when I went > looking for a daemon to support that protocol (for a couple of other things), > it took me a while to find one. Looking at some of the UPnP spex, I'd recommend never connecting the Xbox to the same LAN as anything valuable. To be taken lightheartedly, with a grain of salt, but still there's a grain of truth here: instead, control the child's excess gaming behavior in some other way, like a court order, a padlock, a father, or simply let him go ahead with it. Technical solutions to problems of character seldom work in the way expected. This one will lead predictably to rage, and when that cools, evasion. Or it might lead to the kid learning enough 'nix to thwart the tech. Dave -- The future isn't what it used to be. -- G'kar From DStaal at usa.net Sun Jul 6 09:01:46 2008 From: DStaal at usa.net (Daniel Staal) Date: Sun, 06 Jul 2008 12:01:46 -0400 Subject: Xbox 360 blocking, parental control In-Reply-To: References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> <1FEEBD9048583346AD4774BC@Mac-Pro.local> Message-ID: <6AF9F5D0B20C91A56B0547E1@Mac-Pro.local> --As of July 6, 2008 9:52:51 AM -0400, Woodchuck is alleged to have said: > I just did some reading on UPnP. It is scary. That was my first thought too, but on the other hand the protocol just says how to request and get open ports. It doesn't say you _have_ to be granted the access you request... That was one of the things I was looking for in a daemon when I went looking: Some way to configure what it will allow and what it won't. >> There is also a side benefit: Many common chat programs will also use >> UPnP (or the other common protocol for the same purpose, which the >> daemon also supports), so this would automatically shut them down for >> the night as well. > > For the whole network, though, not the miscreant, right? You could probably do either one, depending on your setup and how much work you want to put in. (Changing the daemon config, instead of just shutting it down.) But I'm guessing a single mother won't mind it shut down for the entire network at night: It's likely she wouldn't be using it, and enforcing it for her son might be a useful side benefit. Just musing, of course. >> Anyway, I mostly wanted to mention it as an option, partly because when >> I went looking for a daemon to support that protocol (for a couple of >> other things), it took me a while to find one. > > Looking at some of the UPnP spex, I'd recommend never connecting > the Xbox to the same LAN as anything valuable. Again, a good management program can control some of that: Not everything in the spec has to be allowed, if you don't want it to be... > To be taken lightheartedly, with a grain of salt, but still there's > a grain of truth here: instead, control the child's excess gaming > behavior in some other way, like a court order, a padlock, a father, > or simply let him go ahead with it. Technical solutions to problems > of character seldom work in the way expected. This one will lead > predictably to rage, and when that cools, evasion. Or it might > lead to the kid learning enough 'nix to thwart the tech. Technical measures do have some place in a larger solution, on occasion, though. If the mother has talked about it with her son, and given warnings, then it might be a good temporary measure to make him realize she is serious, especially if she doesn't have the resources to enforce that in person. Long term it wouldn't work as the only measure, but as a short term 'grounding' it could be effective. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From vim.unix at googlemail.com Sun Jul 6 06:04:20 2008 From: vim.unix at googlemail.com (Pau) Date: Sun, 6 Jul 2008 15:04:20 +0200 Subject: Xbox 360 blocking, parental control In-Reply-To: <1FEEBD9048583346AD4774BC@Mac-Pro.local> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> <39126.192.168.1.55.1215305399.squirrel@MageHandbook.com> <1FEEBD9048583346AD4774BC@Mac-Pro.local> Message-ID: <30c383e70807060604o17a8845dp1c92ef7f83bba4ac@mail.gmail.com> what about a book? I don't think blocking the lad is the best idea. He'll either find his way out or, if not, feel frustrated. Tell him about Dostoevsky; teenager of his kind use to like the Russian 2008/7/6, Daniel Staal : > --As of July 5, 2008 10:43:48 PM -0400, Woodchuck is alleged to have said: > >> What would be wrong with just adding a pair of rules: >> >> block drop quick from any to 192.168.1.100 >> block drop quick from 192.168.1.100 to any >> >> supposing .100 is the Xbox? >> >> Have two pf.confs and a cron job. One would also want to flush >> state during the load. I dunno if this is automatic or not. > > --As for the rest, it is mine. > > Nothing really, besides the complexity (and insecurity) of the _other_ > pf.conf: The Xbox needs several ports open, both in and out, including > receiving data on random ports. Using the UPnP setup you can have only > those ports _actually in use_ open, and they will automatically close when > the the XBox is turned off, even if it is during the 'allowed' times. (Or, > actually, when they time out, but that would just be a few minutes.) > > Also, we haven't discussed whether the XBox has a static address: I assume > you could assign one, but using UPnP you can do this (easily) with a > dynamic address. > > There is also a side benefit: Many common chat programs will also use UPnP > (or the other common protocol for the same purpose, which the daemon also > supports), so this would automatically shut them down for the night as well. > > Anyway, I mostly wanted to mention it as an option, partly because when I > went looking for a daemon to support that protocol (for a couple of other > things), it took me a while to find one. > > Daniel T. Staal > > --------------------------------------------------------------- > This email copyright the author. Unless otherwise noted, you > are expressly allowed to retransmit, quote, or otherwise use > the contents for non-commercial purposes. This copyright will > expire 5 years after the author's death, or in 30 years, > whichever is longer, unless such a period is in excess of > local copyright law. > --------------------------------------------------------------- > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From markdmathias at gmail.com Sun Jul 6 08:52:26 2008 From: markdmathias at gmail.com (Mark Mathias) Date: Sun, 6 Jul 2008 11:52:26 -0400 Subject: Xbox 360 blocking, parental control In-Reply-To: <486FB913.31371.302A3BBB@lists.rensseltucky.com> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> Message-ID: <9649162d0807060852m74726217n7b3cd3782556ec3b@mail.gmail.com> On Sat, Jul 5, 2008 at 6:10 PM, Ed D. wrote: > Hi, > I have a friend who's a single mother, that has > a problem with an out of control teenaged son > playing Xbox 360 to all hours of the night. > > I suggested her having me build her a firewall > that could be used to shut off Xbox traffic to > the Internet at times when she chooses to. > For example between certain hours.. > > Has anybody done this? > > I didn't want to re-invent the wheel if I could > benefit from soembody else's experience. > > Would appreciate any advice from people > who've already done this, like what needs to > be blocked for one. > Thanks, Ed > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > The firewall suggestion should work , but there may be an easier, although non OpenBSD, solution. If she just wants to limit the time he is playing, the xbox 360 has a "family timer" feature, you set a length in hours per day or week, and when it is used up, the console locks up until the next day/week. -- Mark Mathias From fbax at sympatico.ca Sun Jul 6 18:11:04 2008 From: fbax at sympatico.ca (Frank Bax) Date: Sun, 06 Jul 2008 21:11:04 -0400 Subject: Xbox 360 blocking, parental control In-Reply-To: <486FB913.31371.302A3BBB@lists.rensseltucky.com> References: <486FB913.31371.302A3BBB@lists.rensseltucky.com> Message-ID: <48716D28.3060104@sympatico.ca> Ed D. wrote: > Hi, > I have a friend who's a single mother, that has > a problem with an out of control teenaged son > playing Xbox 360 to all hours of the night. > > I suggested her having me build her a firewall > that could be used to shut off Xbox traffic to > the Internet at times when she chooses to. > For example between certain hours.. > > Has anybody done this? Yes; and it failed! I tried this and other mechanisms to curb the appetite for internet usage. All these attempts resulted in the teenager learning how to bypass the controls. Remember that he'll have physical access to the box; so he can replace it an off-the-shelf device and thereby bypass your controls. If you lock the firewall and/or Xbox in a cabinet; he might read up on lock-picking. From macintoshzoom at lavabit.com Mon Jul 7 03:24:32 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Mon, 07 Jul 2008 04:24:32 -0600 Subject: how to undelete? Message-ID: <4871EEE0.6090605@lavabit.com> I deleted a directory from an OpenBSD slice from my 2nd HD, and I need to recover a single file. I tried : http://myutil.com/2008/1/15/undelete-unrm-for-openbsd-4-2-with-dls but failed : # dls /dev/wd1x > /xxx/xx/undelete.bin Sector offset supplied is larger than disk image (maximum: 0) Help & thanks. From macintoshzoom at lavabit.com Mon Jul 7 12:07:06 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Mon, 07 Jul 2008 13:07:06 -0600 Subject: Why still obsolete Java install? Message-ID: <4872695A.2090807@lavabit.com> On OpenBSD 4.3, to build Java to run, say, Jondos anonymizer, latest port seems jre-1.4.2p15, .... it requires 2004? (out)dated distfiles as *** j2sdk-1_4_2-src-scsl.zip *** j2sdk-1_4_2-bin-scsl.zip .. Is this sane when everybody knows how buggy and unsafe is Java (see Secunia.com ) ????? Can I go ahead for a top secure Java or may I have to forget Java on OpenBSD (by the moment)??????? Lots of years playing with OpenBSD, and sometimes I still feel as the latest idiot on earth when trying to install Java: Obsolete, No port, no package, distfiles nearly impossible to find at sun.com sites, (try to search j2sdk-1_4_2-src-scsl.zip at the searchbox from sun.com, no results), bsd-jdk14-patches-8.tar.gz from http://www.eyesbeyond.com requires to leave your fingerprints because it uses javascript, really, really an exasperating experience. Why not a simple script to install, opening a simple lynx browser w?hen required (license notifications and the like), as everyone (0S) else does (that fails also in the non redistributable trick), is this so difficult? And after all that shit, I am ending with an obsolete and buggy unsafe java, that I want to run ultrasecure software! Sorry guys, some days I hate OpenBSD. Cab anyone give me some consolation words? (or any tip to compile latest java) From marmot at pennswoods.net Tue Jul 8 10:50:29 2008 From: marmot at pennswoods.net (Woodchuck) Date: Tue, 8 Jul 2008 13:50:29 -0400 (EDT) Subject: how to undelete? In-Reply-To: <4871EEE0.6090605@lavabit.com> References: <4871EEE0.6090605@lavabit.com> Message-ID: On Mon, 7 Jul 2008, macintoshzoom wrote: > I deleted a directory from an OpenBSD slice from my 2nd HD, and I need > to recover a single file. > > I tried : http://myutil.com/2008/1/15/undelete-unrm-for-openbsd-4-2-with-dls > but failed : > > # dls /dev/wd1x > /xxx/xx/undelete.bin > Sector offset supplied is larger than disk image (maximum: 0) Nobody here is likely to be familiar with this software or its error messages. Why not ask its author? > Help & thanks. If it is in a ffs filesystem, and it probably is, undeletion is a fruitless task. It can be done. But it is not easy, and the skill has died out among Unix people under the age of about 50. (The chief tool, fsedit(8), is no longer distributed. Another useful tool, dumpfs(8) is still around.) It required working knowledge of the lowest details of a filesystem, sufficient knowledge to build and dissect a filesystem inode by inode. fsedit() was better than just using a hex editor. I have, *sigh*, used it, on SYSV in the mid 1980's. It was terrifying. I rebuilt a whole lousy filesystem with corrupted inodes. Never again... The file might be recoverable if you had pulled the power plug (not run "shutdown") immediately after the rm. But it would require knowledge. (The dls webpage says to run shutdown: that is a mistake. Shutdown sync's the disks by default. You wanted shutdown -n and probably "shutdown -n -k now", unless the rm'ed file was on /, in which case you pull the plug, no not the off switch, you pull the plug from the wall or hit a big red panic button that throws the circuit breakers. You've asked on three or four mailing lists. Everyone says: forget it. One more time: forget it. This is one of the small pleasures, in the category of Schadenfreude, of admining unix, telling users that "Your file hath gaily fled thither, where the woodbine twineth." When it's the boss's file, you add, "You should have approved my request for more backup tapes." This isn't MS-DOS. That's the only filesystem I've heard of until lately that even had the hope of undeletion. Perhaps these new-fangled journal filesystem like the one written by the unfortunate Mr. Reiser, have such a feature. Perhaps certain RAID configurations have such things. Young people seem to like undeletion. They are not used to unix yet. They want their Ubuntu, to which they are welcome. If the file is valuable, you might hire a consultant, pay $1000 a day, and probably be disappointed. Let me put it this way: removing a file is a lot like burning a paper document: you are left with ashes. If you don't stir the ashes, and study them with a microscope in a laboratory, you might discover what was on the document. If you have been using the filesystem mounted at all, you've been stirring the ashes. Inodes (the places where data about files are stored) are overwritten and reused quickly. Some of this is for security. When you rm "/home/stuff/bomb.jpg" as the police are breaking down your door, you would like at least some assurance that it will not reappear to a $5 utility in the hands of po-lees egg-spurt with a mail-order certificate in "Disks 'n' Stuff" and a CD with "magic cop tools" on it. Try that dls thing again, but find someone who has used it. Try asking on a FreeBSD list, there are many more users of FreeBSD, and they tend to be hopers and believers in magic. Dave -- The future isn't what it used to be. -- G'kar From vim.unix at googlemail.com Tue Jul 8 14:35:56 2008 From: vim.unix at googlemail.com (Pau) Date: Tue, 8 Jul 2008 23:35:56 +0200 Subject: how to undelete? In-Reply-To: References: <4871EEE0.6090605@lavabit.com> Message-ID: <30c383e70807081435j7b216029w8c106e2d46c00c26@mail.gmail.com> Let me tell you one thing: Since the very first day in which I joined this email list, this person, Woodchuck, has been answering every single question I asked, regardless of bad exposition of the problem, wrong formulation, how difficult, boring, slow-witted, dull, complicated or even handcuffed, impeded, obtuse and hebetudinous the questions were. But not only did I get every time an in-detail and kind answer of this gentleman. I got it wrapped in what one could qualify as a very exquisite inkhorn literary style. He combines a delicate sense of humour with the most rigorous exegesis and analysis of the problem, whilst providing you with the exact answer. It is because of people like him that I stubbornly cling to OpenBSD. I have been using computers since 1997, which is not bad, taking into account my age. Last time I used windows it was 3.11. Then I changed to SYSV and, only recently, two years ago, I converted to OpenBSD. This tedious paragraph is to state the following: I am used to mailing lists. I have "met" ("e-met"? sorry for ruining your idiom) many users in those mailing lists. But a jewel, a gemstone, an intaglio as Woodchuck I have only seen in the obsd lists. My irrationality is this: If a person like he is using OpenBSD, there is no other possible software that ever should touch any hardware I possess. I say "irrationality" because the many reasons he could teutonicly enumerate very possibly are far away from what I can understand. I, thus, must and will simply have Faith. I would like to express herewith not only my gratitude to Woodchuck in public, but also my big admiration to him. Long life to Big Marmot Pau Amaro Seoane 2008/7/8 Woodchuck : > On Mon, 7 Jul 2008, macintoshzoom wrote: > >> I deleted a directory from an OpenBSD slice from my 2nd HD, and I need >> to recover a single file. >> >> I tried : http://myutil.com/2008/1/15/undelete-unrm-for-openbsd-4-2-with-dls >> but failed : >> >> # dls /dev/wd1x > /xxx/xx/undelete.bin >> Sector offset supplied is larger than disk image (maximum: 0) > > Nobody here is likely to be familiar with this software or > its error messages. Why not ask its author? > >> Help & thanks. > > If it is in a ffs filesystem, and it probably is, undeletion is a > fruitless task. It can be done. But it is not easy, and the skill > has died out among Unix people under the age of about 50. (The > chief tool, fsedit(8), is no longer distributed. Another useful > tool, dumpfs(8) is still around.) It required working knowledge > of the lowest details of a filesystem, sufficient knowledge to build > and dissect a filesystem inode by inode. fsedit() was better than > just using a hex editor. I have, *sigh*, used it, on SYSV in the > mid 1980's. It was terrifying. I rebuilt a whole lousy filesystem > with corrupted inodes. Never again... > > The file might be recoverable if you had pulled the power plug > (not run "shutdown") immediately after the rm. But it would require > knowledge. (The dls webpage says to run shutdown: that is a mistake. > Shutdown sync's the disks by default. You wanted shutdown -n and > probably "shutdown -n -k now", unless the rm'ed file was on /, in > which case you pull the plug, no not the off switch, you pull the > plug from the wall or hit a big red panic button that throws the > circuit breakers. > > You've asked on three or four mailing lists. Everyone says: forget > it. One more time: forget it. This is one of the small pleasures, > in the category of Schadenfreude, of admining unix, telling users > that "Your file hath gaily fled thither, where the woodbine twineth." > When it's the boss's file, you add, "You should have approved my > request for more backup tapes." > > This isn't MS-DOS. That's the only filesystem I've heard of until > lately that even had the hope of undeletion. Perhaps these new-fangled > journal filesystem like the one written by the unfortunate Mr. > Reiser, have such a feature. Perhaps certain RAID configurations > have such things. > > Young people seem to like undeletion. They are not used to unix > yet. They want their Ubuntu, to which they are welcome. > > If the file is valuable, you might hire a consultant, pay $1000 > a day, and probably be disappointed. > > Let me put it this way: removing a file is a lot like burning a > paper document: you are left with ashes. If you don't stir the ashes, > and study them with a microscope in a laboratory, you might discover > what was on the document. > > If you have been using the filesystem mounted at all, you've been > stirring the ashes. Inodes (the places where data about files > are stored) are overwritten and reused quickly. Some of this is > for security. When you rm "/home/stuff/bomb.jpg" as the police > are breaking down your door, you would like at least some assurance > that it will not reappear to a $5 utility in the hands of po-lees > egg-spurt with a mail-order certificate in "Disks 'n' Stuff" and > a CD with "magic cop tools" on it. > > Try that dls thing again, but find someone who has used it. > Try asking on a FreeBSD list, there are many more users of FreeBSD, > and they tend to be hopers and believers in magic. > > Dave > -- > The future isn't what it used to be. > -- G'kar > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From cc_simons at yahoo.com Tue Jul 8 21:25:10 2008 From: cc_simons at yahoo.com (christiaan simons) Date: Tue, 8 Jul 2008 21:25:10 -0700 (PDT) Subject: launching jabberd Message-ID: <380173.28914.qm@web32406.mail.mud.yahoo.com> Hi, Some fun with a wireless NIC and OpenBSD: I'm trying to create a public Jabber server, reachable over the wireless NIC only. The parts that launch ok, and tested to be functional are: dhcpd + named + mysql. However, launching jabberd from rc.local may require some extra BSD magic, I can only get it to launch properly using su cd /usr/local/sbin su _jabberd ./jabberd When I put something along these lines in rc.local, I get some complaints from jabberd, not being able to connect to the mysql server. Can this be a problem with startup timing? My rc.local contents: # Add your local startup actions here. if [ -x /usr/local/bin/mysqld_safe ] ; then su -c mysql root -c '/usr/local/bin/mysqld_safe >/dev/null 2>&1 &' echo -n ' mysql' fi if [ -x /usr/local/sbin/jabberd ] ; then sleep 2 su _jabberd -c '/usr/local/sbin/jabberd >/dev/null 2>&1 &' echo -n ' jabberd' fi The "sleep 2" bit is just a stupid attempt to "fix", but what am I overlooking here? What is the correct startup code or sequence for this? Cheers, Christiaan From vim.unix at googlemail.com Tue Jul 8 14:39:40 2008 From: vim.unix at googlemail.com (Pau) Date: Tue, 8 Jul 2008 23:39:40 +0200 Subject: how to undelete? In-Reply-To: <30c383e70807081435j7b216029w8c106e2d46c00c26@mail.gmail.com> References: <4871EEE0.6090605@lavabit.com> <30c383e70807081435j7b216029w8c106e2d46c00c26@mail.gmail.com> Message-ID: <30c383e70807081439s44d86681h305a5726540b5751@mail.gmail.com> having said that, I must say that I miss a tool like shred in OpenBSD: http://unixhelp.ed.ac.uk/CGI/man-cgi?shred+1 2008/7/8 Pau : > Let me tell you one thing: > > Since the very first day in which I joined this email list, this > person, Woodchuck, has been answering every single question I asked, > regardless of bad exposition of the problem, wrong formulation, how > difficult, boring, slow-witted, dull, complicated or even handcuffed, > impeded, obtuse and hebetudinous the questions were. > > But not only did I get every time an in-detail and kind answer of this > gentleman. I got it wrapped in what one could qualify as a very > exquisite inkhorn literary style. He combines a delicate sense of > humour with the most rigorous exegesis and analysis of the problem, > whilst providing you with the exact answer. > > It is because of people like him that I stubbornly cling to OpenBSD. > > I have been using computers since 1997, which is not bad, taking into > account my age. Last time I used windows it was 3.11. Then I changed > to SYSV and, only recently, two years ago, I converted to OpenBSD. > This tedious paragraph is to state the following: I am used to mailing > lists. I have "met" ("e-met"? sorry for ruining your idiom) many users > in those mailing lists. But a jewel, a gemstone, an intaglio as > Woodchuck I have only seen in the obsd lists. > > My irrationality is this: If a person like he is using OpenBSD, there > is no other possible software that ever should touch any hardware I > possess. I say "irrationality" because the many reasons he could > teutonicly enumerate very possibly are far away from what I can > understand. I, thus, must and will simply have Faith. > > I would like to express herewith not only my gratitude to Woodchuck in > public, but also my big admiration to him. > > Long life to Big Marmot > > Pau Amaro Seoane > > > > 2008/7/8 Woodchuck : >> On Mon, 7 Jul 2008, macintoshzoom wrote: >> >>> I deleted a directory from an OpenBSD slice from my 2nd HD, and I need >>> to recover a single file. >>> >>> I tried : http://myutil.com/2008/1/15/undelete-unrm-for-openbsd-4-2-with-dls >>> but failed : >>> >>> # dls /dev/wd1x > /xxx/xx/undelete.bin >>> Sector offset supplied is larger than disk image (maximum: 0) >> >> Nobody here is likely to be familiar with this software or >> its error messages. Why not ask its author? >> >>> Help & thanks. >> >> If it is in a ffs filesystem, and it probably is, undeletion is a >> fruitless task. It can be done. But it is not easy, and the skill >> has died out among Unix people under the age of about 50. (The >> chief tool, fsedit(8), is no longer distributed. Another useful >> tool, dumpfs(8) is still around.) It required working knowledge >> of the lowest details of a filesystem, sufficient knowledge to build >> and dissect a filesystem inode by inode. fsedit() was better than >> just using a hex editor. I have, *sigh*, used it, on SYSV in the >> mid 1980's. It was terrifying. I rebuilt a whole lousy filesystem >> with corrupted inodes. Never again... >> >> The file might be recoverable if you had pulled the power plug >> (not run "shutdown") immediately after the rm. But it would require >> knowledge. (The dls webpage says to run shutdown: that is a mistake. >> Shutdown sync's the disks by default. You wanted shutdown -n and >> probably "shutdown -n -k now", unless the rm'ed file was on /, in >> which case you pull the plug, no not the off switch, you pull the >> plug from the wall or hit a big red panic button that throws the >> circuit breakers. >> >> You've asked on three or four mailing lists. Everyone says: forget >> it. One more time: forget it. This is one of the small pleasures, >> in the category of Schadenfreude, of admining unix, telling users >> that "Your file hath gaily fled thither, where the woodbine twineth." >> When it's the boss's file, you add, "You should have approved my >> request for more backup tapes." >> >> This isn't MS-DOS. That's the only filesystem I've heard of until >> lately that even had the hope of undeletion. Perhaps these new-fangled >> journal filesystem like the one written by the unfortunate Mr. >> Reiser, have such a feature. Perhaps certain RAID configurations >> have such things. >> >> Young people seem to like undeletion. They are not used to unix >> yet. They want their Ubuntu, to which they are welcome. >> >> If the file is valuable, you might hire a consultant, pay $1000 >> a day, and probably be disappointed. >> >> Let me put it this way: removing a file is a lot like burning a >> paper document: you are left with ashes. If you don't stir the ashes, >> and study them with a microscope in a laboratory, you might discover >> what was on the document. >> >> If you have been using the filesystem mounted at all, you've been >> stirring the ashes. Inodes (the places where data about files >> are stored) are overwritten and reused quickly. Some of this is >> for security. When you rm "/home/stuff/bomb.jpg" as the police >> are breaking down your door, you would like at least some assurance >> that it will not reappear to a $5 utility in the hands of po-lees >> egg-spurt with a mail-order certificate in "Disks 'n' Stuff" and >> a CD with "magic cop tools" on it. >> >> Try that dls thing again, but find someone who has used it. >> Try asking on a FreeBSD list, there are many more users of FreeBSD, >> and they tend to be hopers and believers in magic. >> >> Dave >> -- >> The future isn't what it used to be. >> -- G'kar >> _______________________________________________ >> Openbsd-newbies mailing list >> Openbsd-newbies at sfobug.org >> http://mailman.theapt.org/listinfo/openbsd-newbies >> > From phessler at theapt.org Wed Jul 9 16:33:39 2008 From: phessler at theapt.org (Peter Hessler) Date: Wed, 9 Jul 2008 16:33:39 -0700 Subject: how to undelete? In-Reply-To: <30c383e70807081439s44d86681h305a5726540b5751@mail.gmail.com> References: <4871EEE0.6090605@lavabit.com> <30c383e70807081435j7b216029w8c106e2d46c00c26@mail.gmail.com> <30c383e70807081439s44d86681h305a5726540b5751@mail.gmail.com> Message-ID: <20080709233339.GF6165@gir.theapt.org> does `rm -P` do what you want? On 2008 Jul 08 (Tue) at 23:39:40 +0200 (+0200), Pau wrote: :having said that, I must say that I miss a tool like shred in OpenBSD: : :http://unixhelp.ed.ac.uk/CGI/man-cgi?shred+1 : :2008/7/8 Pau : :> Let me tell you one thing: :> :> Since the very first day in which I joined this email list, this :> person, Woodchuck, has been answering every single question I asked, :> regardless of bad exposition of the problem, wrong formulation, how :> difficult, boring, slow-witted, dull, complicated or even handcuffed, :> impeded, obtuse and hebetudinous the questions were. :> :> But not only did I get every time an in-detail and kind answer of this :> gentleman. I got it wrapped in what one could qualify as a very :> exquisite inkhorn literary style. He combines a delicate sense of :> humour with the most rigorous exegesis and analysis of the problem, :> whilst providing you with the exact answer. :> :> It is because of people like him that I stubbornly cling to OpenBSD. :> :> I have been using computers since 1997, which is not bad, taking into :> account my age. Last time I used windows it was 3.11. Then I changed :> to SYSV and, only recently, two years ago, I converted to OpenBSD. :> This tedious paragraph is to state the following: I am used to mailing :> lists. I have "met" ("e-met"? sorry for ruining your idiom) many users :> in those mailing lists. But a jewel, a gemstone, an intaglio as :> Woodchuck I have only seen in the obsd lists. :> :> My irrationality is this: If a person like he is using OpenBSD, there :> is no other possible software that ever should touch any hardware I :> possess. I say "irrationality" because the many reasons he could :> teutonicly enumerate very possibly are far away from what I can :> understand. I, thus, must and will simply have Faith. :> :> I would like to express herewith not only my gratitude to Woodchuck in :> public, but also my big admiration to him. :> :> Long life to Big Marmot :> :> Pau Amaro Seoane :> :> :> :> 2008/7/8 Woodchuck : :>> On Mon, 7 Jul 2008, macintoshzoom wrote: :>> :>>> I deleted a directory from an OpenBSD slice from my 2nd HD, and I need :>>> to recover a single file. :>>> :>>> I tried : http://myutil.com/2008/1/15/undelete-unrm-for-openbsd-4-2-with-dls :>>> but failed : :>>> :>>> # dls /dev/wd1x > /xxx/xx/undelete.bin :>>> Sector offset supplied is larger than disk image (maximum: 0) :>> :>> Nobody here is likely to be familiar with this software or :>> its error messages. Why not ask its author? :>> :>>> Help & thanks. :>> :>> If it is in a ffs filesystem, and it probably is, undeletion is a :>> fruitless task. It can be done. But it is not easy, and the skill :>> has died out among Unix people under the age of about 50. (The :>> chief tool, fsedit(8), is no longer distributed. Another useful :>> tool, dumpfs(8) is still around.) It required working knowledge :>> of the lowest details of a filesystem, sufficient knowledge to build :>> and dissect a filesystem inode by inode. fsedit() was better than :>> just using a hex editor. I have, *sigh*, used it, on SYSV in the :>> mid 1980's. It was terrifying. I rebuilt a whole lousy filesystem :>> with corrupted inodes. Never again... :>> :>> The file might be recoverable if you had pulled the power plug :>> (not run "shutdown") immediately after the rm. But it would require :>> knowledge. (The dls webpage says to run shutdown: that is a mistake. :>> Shutdown sync's the disks by default. You wanted shutdown -n and :>> probably "shutdown -n -k now", unless the rm'ed file was on /, in :>> which case you pull the plug, no not the off switch, you pull the :>> plug from the wall or hit a big red panic button that throws the :>> circuit breakers. :>> :>> You've asked on three or four mailing lists. Everyone says: forget :>> it. One more time: forget it. This is one of the small pleasures, :>> in the category of Schadenfreude, of admining unix, telling users :>> that "Your file hath gaily fled thither, where the woodbine twineth." :>> When it's the boss's file, you add, "You should have approved my :>> request for more backup tapes." :>> :>> This isn't MS-DOS. That's the only filesystem I've heard of until :>> lately that even had the hope of undeletion. Perhaps these new-fangled :>> journal filesystem like the one written by the unfortunate Mr. :>> Reiser, have such a feature. Perhaps certain RAID configurations :>> have such things. :>> :>> Young people seem to like undeletion. They are not used to unix :>> yet. They want their Ubuntu, to which they are welcome. :>> :>> If the file is valuable, you might hire a consultant, pay $1000 :>> a day, and probably be disappointed. :>> :>> Let me put it this way: removing a file is a lot like burning a :>> paper document: you are left with ashes. If you don't stir the ashes, :>> and study them with a microscope in a laboratory, you might discover :>> what was on the document. :>> :>> If you have been using the filesystem mounted at all, you've been :>> stirring the ashes. Inodes (the places where data about files :>> are stored) are overwritten and reused quickly. Some of this is :>> for security. When you rm "/home/stuff/bomb.jpg" as the police :>> are breaking down your door, you would like at least some assurance :>> that it will not reappear to a $5 utility in the hands of po-lees :>> egg-spurt with a mail-order certificate in "Disks 'n' Stuff" and :>> a CD with "magic cop tools" on it. :>> :>> Try that dls thing again, but find someone who has used it. :>> Try asking on a FreeBSD list, there are many more users of FreeBSD, :>> and they tend to be hopers and believers in magic. :>> :>> Dave :>> -- :>> The future isn't what it used to be. :>> -- G'kar :>> _______________________________________________ :>> Openbsd-newbies mailing list :>> Openbsd-newbies at sfobug.org :>> http://mailman.theapt.org/listinfo/openbsd-newbies :>> :> :_______________________________________________ :Openbsd-newbies mailing list :Openbsd-newbies at sfobug.org :http://mailman.theapt.org/listinfo/openbsd-newbies : -- Alden's Laws: (1) Giving away baby clothes and furniture is the major cause of pregnancy. (2) Always be backlit. (3) Sit down whenever possible. From the.phule at gmail.com Thu Jul 10 05:53:25 2008 From: the.phule at gmail.com (the.phule) Date: Thu, 10 Jul 2008 13:53:25 +0100 Subject: /etc 100% Message-ID: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Hi all, Just installing a game i get a never before seen error # pkg_add boswars-2.4.1p0.tgz Can't find boswars-2.4.1p0.tgz /usr/sbin/pkg_add: boswars-2.4.1p0.tgz:Fatal error b/OpenBSD/4.3/packages/i386/boswars-2.4.1p0.tgz < Error: /dev/wd0e is not large enough (/usr/local/bin/lua) Error: /dev/wd0e is not large enough (/usr/local/bin/luac) Error: /dev/wd0e is not large enough (/usr/local/include/lauxlib.h) Error: ... more files do not fit on /dev/wd0e /dev/wd0e: 729319 bytes (missing 6921 blocks) /dev/wd0d: 297 bytes /usr/sbin/pkg_add: fatal issues in installing lua-5.1.2p1 and low and behold... # df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 1008M 38.8M 919M 4% / /dev/wd0g 70.2G 1.9G 64.8G 3% /home /dev/wd0f 1008M 16.0K 958M 0% /tmp /dev/wd0e 1008M 961M -2.7M 100% /usr /dev/wd0d 1008M 8.5M 949M 1% /var Anyone got a clue as to what I may have done to fill up /etc with 1gb of stuff? how do I go about cleaning it? should it have more space? thanks for any help kim From colinstr at gmail.com Thu Jul 10 06:00:34 2008 From: colinstr at gmail.com (Colin Streicher) Date: Thu, 10 Jul 2008 09:00:34 -0400 Subject: /etc 100% In-Reply-To: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> References: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: It sort of looks like you filled up /usr, although I'm not sure how anyone is going to know how you did that. Could be the ports system or something similar. Maybe du /usr would give you some insight. On Thu, Jul 10, 2008 at 8:53 AM, the. phule wrote: > Hi all, > > Just installing a game i get a never before seen error > > # pkg_add boswars-2.4.1p0.tgz > Can't find boswars-2.4.1p0.tgz > /usr/sbin/pkg_add: boswars-2.4.1p0.tgz:Fatal error > b/OpenBSD/4.3/packages/i386/boswars-2.4.1p0.tgz < > Error: /dev/wd0e is not large enough (/usr/local/bin/lua) > Error: /dev/wd0e is not large enough (/usr/local/bin/luac) > Error: /dev/wd0e is not large enough (/usr/local/include/lauxlib.h) > Error: ... more files do not fit on /dev/wd0e > /dev/wd0e: 729319 bytes (missing 6921 blocks) > /dev/wd0d: 297 bytes > /usr/sbin/pkg_add: fatal issues in installing lua-5.1.2p1 > > and low and behold... > > # df -h > Filesystem Size Used Avail Capacity Mounted on > /dev/wd0a 1008M 38.8M 919M 4% / > /dev/wd0g 70.2G 1.9G 64.8G 3% /home > /dev/wd0f 1008M 16.0K 958M 0% /tmp > /dev/wd0e 1008M 961M -2.7M 100% /usr > /dev/wd0d 1008M 8.5M 949M 1% /var > > Anyone got a clue as to what I may have done to fill up /etc with 1gb > of stuff? how do I go about cleaning it? should it have more space? > > thanks for any help > > kim > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From DStaal at usa.net Thu Jul 10 06:03:41 2008 From: DStaal at usa.net (Daniel Staal) Date: Thu, 10 Jul 2008 09:03:41 -0400 Subject: /etc 100% In-Reply-To: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> References: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: --As of July 10, 2008 1:53:25 PM +0100, the.phule is alleged to have said: ># df -h > Filesystem Size Used Avail Capacity Mounted on > /dev/wd0a 1008M 38.8M 919M 4% / > /dev/wd0g 70.2G 1.9G 64.8G 3% /home > /dev/wd0f 1008M 16.0K 958M 0% /tmp > /dev/wd0e 1008M 961M -2.7M 100% /usr > /dev/wd0d 1008M 8.5M 949M 1% /var > > Anyone got a clue as to what I may have done to fill up /etc with 1gb > of stuff? how do I go about cleaning it? should it have more space? > > thanks for any help --As for the rest, it is mine. You didn't fill /etc. You filled /usr. Which happens to be where the ports tree lives, and where any applications you've installed go. The current FAQ recommendation[1] for that is 6G, and they note that if you are building things from source you could need a lot more. The 'minimum' system listing[2] has it using 660M, so you were over half full just from the install. If you have any spare disks, I'd say put one in and 'union' mount it over the current /usr partition. (Or just plain copy everything over - making sure to preserve permissions and links - and replace your current mount.) The other option of course is to find some programs you aren't using and delete them. Daniel T. Staal [1] [2] --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From the.phule at gmail.com Thu Jul 10 06:07:43 2008 From: the.phule at gmail.com (the.phule) Date: Thu, 10 Jul 2008 14:07:43 +0100 Subject: /etc 100% In-Reply-To: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> References: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: <320ff2aa0807100607t1adff1e3p7a2b546ce88c4805@mail.gmail.com> God some days I feel like thicky holden ...thats /usr is full, I take it i've got to many packages installed? what would a better size for /usr to be minimum on a desktop machine 5 or 6G? kim On Thu, Jul 10, 2008 at 1:53 PM, the. phule wrote: > Hi all, > > Just installing a game i get a never before seen error > > # pkg_add boswars-2.4.1p0.tgz > Can't find boswars-2.4.1p0.tgz > /usr/sbin/pkg_add: boswars-2.4.1p0.tgz:Fatal error > b/OpenBSD/4.3/packages/i386/boswars-2.4.1p0.tgz < > Error: /dev/wd0e is not large enough (/usr/local/bin/lua) > Error: /dev/wd0e is not large enough (/usr/local/bin/luac) > Error: /dev/wd0e is not large enough (/usr/local/include/lauxlib.h) > Error: ... more files do not fit on /dev/wd0e > /dev/wd0e: 729319 bytes (missing 6921 blocks) > /dev/wd0d: 297 bytes > /usr/sbin/pkg_add: fatal issues in installing lua-5.1.2p1 > > and low and behold... > > # df -h > Filesystem Size Used Avail Capacity Mounted on > /dev/wd0a 1008M 38.8M 919M 4% / > /dev/wd0g 70.2G 1.9G 64.8G 3% /home > /dev/wd0f 1008M 16.0K 958M 0% /tmp > /dev/wd0e 1008M 961M -2.7M 100% /usr > /dev/wd0d 1008M 8.5M 949M 1% /var > > Anyone got a clue as to what I may have done to fill up /etc with 1gb > of stuff? how do I go about cleaning it? should it have more space? > > thanks for any help > > kim > From jjhartley at gmail.com Thu Jul 10 06:27:16 2008 From: jjhartley at gmail.com (James Hartley) Date: Thu, 10 Jul 2008 06:27:16 -0700 Subject: /etc 100% In-Reply-To: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> References: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: On Thu, Jul 10, 2008 at 5:53 AM, the. phule wrote: > # df -h > Filesystem Size Used Avail Capacity Mounted on > /dev/wd0a 1008M 38.8M 919M 4% / > /dev/wd0g 70.2G 1.9G 64.8G 3% /home > /dev/wd0f 1008M 16.0K 958M 0% /tmp > /dev/wd0e 1008M 961M -2.7M 100% /usr > /dev/wd0d 1008M 8.5M 949M 1% /var > > Anyone got a clue as to what I may have done to fill up /etc with 1gb > of stuff? how do I go about cleaning it? should it have more space? >From your df(8) output, /etc isn't the problem; /usr is has filled up. It also looks like you have only allocated 1GB for all partitions & held out for 70G for /home. Given the information presented, It is unclear if you allocated all space on your drive. If you didn't, then you might consider growfs(8), however, growfs can only be used to grow a partition into *adjacent* free space. Unfortunately, I suspect you may have allocated all space on the drive, so this will neither be a simple or a easy solution to implement if it is possible at all. Because of this, I would suggest studying Section 4.5.2 & 14.3 of the FAQ. I will also suggest that you consider the following redistribution of space: /dev/wd0a 500MB / /dev/wd0f 1G /tmp /dev/wd0d 1G /var /dev/wd0e 20G /usr /dev/wd0g 5G /home In this manner, if you fill up any particular partition, you can create a new partition from the ample free space available. Also note that all applications/packages go into /usr. So does source & all its object files if you ever recompile the system or compile ports. If this is what you are going to do, consider adding more partitions such as: /dev/wd0h 5G /usr/src /dev/wd0i 5G /usr/obj /dev/wd0j 5G /usr/xenocara /dev/wd0k 30G /usr/ports If you ever compile large ports such as Java, OpenOffice.org, KDE, or GNOME, you will need *lots* of space in /usr/ports. Learn to watch how the partitions fill up via df(1), & don't expect that you will get the distribution of space correct the first time. You may have to go through a few iterations before you see how you use space over a longer period of time. Given that a new version of OpenBSD is released every six months, reinstalling with every new release may be worthwhile until you are familiar/comfortable/happy with your chosen distribution of disk space. From mark at pecaut.us Thu Jul 10 07:48:44 2008 From: mark at pecaut.us (Mark Pecaut) Date: Thu, 10 Jul 2008 08:48:44 -0600 Subject: /etc 100% In-Reply-To: References: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: <411f69670807100748n6936fae6ocb9cc2f04ffd82a4@mail.gmail.com> On 7/10/08, Daniel Staal wrote: > If you have any spare disks, I'd say put one in and 'union' mount it over > the current /usr partition. (Or just plain copy everything over - making Just for the record, there is no more mount_union in OpenBSD. They took it out a few years ago. -Mark From the.phule at gmail.com Thu Jul 10 10:40:51 2008 From: the.phule at gmail.com (the.phule) Date: Thu, 10 Jul 2008 18:40:51 +0100 Subject: /etc 100% In-Reply-To: References: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: <320ff2aa0807101040g5d9e94f8l7039e586e6362c2d@mail.gmail.com> On Thu, Jul 10, 2008 at 2:27 PM, James Hartley wrote: > On Thu, Jul 10, 2008 at 5:53 AM, the. phule wrote: >> # df -h >> Filesystem Size Used Avail Capacity Mounted on >> /dev/wd0a 1008M 38.8M 919M 4% / >> /dev/wd0g 70.2G 1.9G 64.8G 3% /home >> /dev/wd0f 1008M 16.0K 958M 0% /tmp >> /dev/wd0e 1008M 961M -2.7M 100% /usr >> /dev/wd0d 1008M 8.5M 949M 1% /var >> >> Anyone got a clue as to what I may have done to fill up /etc with 1gb >> of stuff? how do I go about cleaning it? should it have more space? > > From your df(8) output, /etc isn't the problem; /usr is has filled > up. It also looks like you have only allocated 1GB for all partitions > & held out for 70G for /home. problem solved although it has taken me all afternoon to reinstall, just proves you should ignore the big book as it's not up to much. thanks for the help kim From tony at servacorp.com Thu Jul 10 06:01:35 2008 From: tony at servacorp.com (Tony Abernethy) Date: Thu, 10 Jul 2008 08:01:35 -0500 Subject: /etc 100% In-Reply-To: <320ff2aa0807100553s4e1e0ec8xe6683a701da98f2d@mail.gmail.com> Message-ID: <070301c8e28d$170b1ed0$0302a8c0@TONY> the.phule wrote: > > Hi all, > > Just installing a game i get a never before seen error > > # pkg_add boswars-2.4.1p0.tgz > Can't find boswars-2.4.1p0.tgz > /usr/sbin/pkg_add: boswars-2.4.1p0.tgz:Fatal error > b/OpenBSD/4.3/packages/i386/boswars-2.4.1p0.tgz > < > Error: /dev/wd0e is not large enough (/usr/local/bin/lua) > Error: /dev/wd0e is not large enough (/usr/local/bin/luac) > Error: /dev/wd0e is not large enough (/usr/local/include/lauxlib.h) > Error: ... more files do not fit on /dev/wd0e > /dev/wd0e: 729319 bytes (missing 6921 blocks) > /dev/wd0d: 297 bytes > /usr/sbin/pkg_add: fatal issues in installing lua-5.1.2p1 > > and low and behold... > > # df -h > Filesystem Size Used Avail Capacity Mounted on > /dev/wd0a 1008M 38.8M 919M 4% / > /dev/wd0g 70.2G 1.9G 64.8G 3% /home > /dev/wd0f 1008M 16.0K 958M 0% /tmp > /dev/wd0e 1008M 961M -2.7M 100% /usr > /dev/wd0d 1008M 8.5M 949M 1% /var > > Anyone got a clue as to what I may have done to fill up /etc with 1gb > of stuff? how do I go about cleaning it? should it have more space? > > thanks for any help > > kim errrr ... looks like that's /usr (/dev/wd0e) that got too full (where all the programs and such go) /etc is in the root partition (chicken&egg problems if you try to put it anywhere else -- /etc/fstab and others) From douglas.hunter at tiscali.co.uk Fri Jul 11 04:52:21 2008 From: douglas.hunter at tiscali.co.uk (Douglas) Date: Fri, 11 Jul 2008 12:52:21 +0100 Subject: which files need downloaded for compiling jdk ? Message-ID: <48774975.1020900@tiscali.co.uk> Hi, I`m enjoying OBSD 4.3 amd64 (stable) and would like to get java compiled. I`ve read http://www.openbsd.org/faq/faq13.html#javaplugin and http://www.openbsd.org/faq/faq8.html#Programming but am still unclear on specifically which "necessary distribution files and patch sets" to download. any help appreciated Douglas From jjhartley at gmail.com Fri Jul 11 07:45:10 2008 From: jjhartley at gmail.com (James Hartley) Date: Fri, 11 Jul 2008 07:45:10 -0700 Subject: which files need downloaded for compiling jdk ? In-Reply-To: <48774975.1020900@tiscali.co.uk> References: <48774975.1020900@tiscali.co.uk> Message-ID: On Fri, Jul 11, 2008 at 4:52 AM, Douglas wrote: > ...but am still unclear on specifically which "necessary distribution files > and patch sets" to download. make will prompt you if any of the files are not found when being executed, so you can look in the corresponding Makefile for the necessary filenames: http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/jdk/1.6/Makefile?rev=1.5&content-type=text/x-cvsweb-markup Likewise, the building of JDK1.6 required JDK1.5, so you will need to look at its Makefile as well: http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/jdk/1.5/Makefile?rev=1.52&content-type=text/x-cvsweb-markup Disclaimer: the links above are to files in the -current ports tree. I don't recall that the required external files have changed (yet) from -release, but you should consult the matching Makefiles for definitive information. Once the ports tree is installed, you will find the appropriate Makefiles in: /usr/ports/devel/jdk/1.5/Makefile /usr/ports/devel/jdk/1.6/Makefile I haven't built JDK1.7, so you will need to look through its Makefile for additional information if that is the version you desire. From douglas.hunter at tiscali.co.uk Fri Jul 11 13:04:14 2008 From: douglas.hunter at tiscali.co.uk (douglas.hunter at tiscali.co.uk) Date: Fri, 11 Jul 2008 21:04:14 +0100 (GMT+01:00) Subject: which files need downloaded for compiling jdk ? Message-ID: <31257469.1215806654253.JavaMail.root@ps33.mc.tiscali.sys> Thanks James, I hadn`t read through the Makefile, it now seems clear :) __________________________________________________________ Free games for a wet weekend - http://www.tiscali.co.uk/play __________________________________________________________ From tonino-pablo at lycos.com Sun Jul 13 18:32:24 2008 From: tonino-pablo at lycos.com (x x) Date: Sun, 13 Jul 2008 21:32:24 -0400 (EDT) Subject: No subject Message-ID: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> An HTML attachment was scrubbed... URL: http://mailman.theapt.org/pipermail/openbsd-newbies/attachments/20080713/bcb34991/attachment.html From kousue at gmail.com Sun Jul 13 21:30:27 2008 From: kousue at gmail.com (Nick Guenther) Date: Mon, 14 Jul 2008 00:30:27 -0400 Subject: In-Reply-To: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> References: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> Message-ID: <98f5a8830807132130t322aa625x63ef0ee43e680f7b@mail.gmail.com> On Sun, Jul 13, 2008 at 9:32 PM, x x wrote: > > what do you suggest for a minimalist x wm? I was thinking trying blackbox or > fluxbox. Just something to play videos with VLC, Pidgin, and Firefox, maybe > a torrent client, and nothing else in there. I don't want any games or > office programs or other stuff in there that is not a dependency for the > core programs I actively use xmonad! From marmot at pennswoods.net Sun Jul 13 22:13:57 2008 From: marmot at pennswoods.net (Woodchuck) Date: Mon, 14 Jul 2008 01:13:57 -0400 (EDT) Subject: your mail In-Reply-To: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> References: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> Message-ID: On Sun, 13 Jul 2008, x x wrote: > > what do you suggest for a minimalist x wm? I was thinking trying blackbox > or fluxbox. Just something to play videos with VLC, Pidgin, and Firefox, > maybe a torrent client, and nothing else in there. I don't want any games > or office programs or other stuff in there that is not a dependency for > the core programs I actively use Those sure sound like likely candidtates. I've been using fluxbox ("son of blackbox") for a while and while there are some rough edges, they're not rough enough to make me change it out. About all I demand from a wm is multiple desktops and a button bar, and fluxbox has all that. Packages makes it pretty easy to testdrive a (small style) wm. You spend a half hour with man setting things up, and that's that. Dave -- When was the day your shine was taken? -- gerg From phessler at theapt.org Sun Jul 13 22:38:14 2008 From: phessler at theapt.org (Peter Hessler) Date: Sun, 13 Jul 2008 22:38:14 -0700 Subject: your mail In-Reply-To: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> References: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> Message-ID: <20080714053813.GI10042@gir.theapt.org> fvwm or cwm. both are included by default in the X packages, and are small but useful. (I actively use fvwm as my WM, I talked about it here http://undeadly.org/cgi?action=article&sid=20080607131856 a bit.) On 2008 Jul 13 (Sun) at 21:32:24 -0400 (-0400), x x wrote: : : what do you suggest for a minimalist x wm? I was thinking trying : blackbox or fluxbox. Just something to play videos with VLC, Pidgin, : and Firefox, maybe a torrent client, and nothing else in there. I : don't want any games or office programs or other stuff in there that : is not a dependency for the core programs I actively use -- Only adults have difficulty with childproof caps. From jjhartley at gmail.com Sun Jul 13 22:58:04 2008 From: jjhartley at gmail.com (James Hartley) Date: Sun, 13 Jul 2008 22:58:04 -0700 Subject: In-Reply-To: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> References: <20080713213224.HM.0000000000003Kw@tonino-pablo.bos-mail-wwl12.lycos.com> Message-ID: On Sun, Jul 13, 2008 at 6:32 PM, x x wrote: > I was thinking trying blackbox or fluxbox. For a graphical comparison of many window managers, you may be interested in combing through the following Website: http://xwinman.org/ As for a minimalist window manager, fluxbox is very popular, however, if minimalism is important, you may want to play with cwm(1) which is installed by default with X. Not that it comes *with* X, but cwm is BSD license friendly, & thus is positively looked upon by the project. From robertgranger at yahoo.com Mon Jul 14 01:38:32 2008 From: robertgranger at yahoo.com (Robert Granger) Date: Mon, 14 Jul 2008 01:38:32 -0700 (PDT) Subject: DNS security hole Message-ID: <283647.31272.qm@web58702.mail.re1.yahoo.com> Fellow newbies, I've heard a lot of news about a critical design flaw in DNS, yet I have not hear anything about this problem on undeadly.org or openbsd.org. Is OpenBSD vulnerable or is this another example where OpenBSD fixed this problem a while ago? Slashdot talks about it here: http://it.slashdot.org/article.pl?sid=08/07/08/195225 Rob From josh at jggimi.homeip.net Mon Jul 14 05:29:03 2008 From: josh at jggimi.homeip.net (Josh Grosse) Date: Mon, 14 Jul 2008 08:29:03 -0400 Subject: DNS security hole In-Reply-To: <283647.31272.qm@web58702.mail.re1.yahoo.com> References: <283647.31272.qm@web58702.mail.re1.yahoo.com> Message-ID: <20080714122903.GA21592@jggimi.homeip.net> On Mon, Jul 14, 2008 at 01:38:32AM -0700, Robert Granger wrote: > Fellow newbies, > > I've heard a lot of news about a critical design flaw in DNS, yet I have > not hear anything about this problem on undeadly.org or openbsd.org. 23 posts between 09 and 11 July on misc at . If you've never read misc@ before, this will give you a nice feel for the .... um ... "social culture" that sometimes prevails there: http://marc.info/?t=121561500000003&r=1&w=2 From robertgranger at yahoo.com Thu Jul 17 15:12:24 2008 From: robertgranger at yahoo.com (Robert Granger) Date: Thu, 17 Jul 2008 15:12:24 -0700 (PDT) Subject: Issue with OpenBSD web site Message-ID: <827510.31042.qm@web58715.mail.re1.yahoo.com> Has anyone noticed this before... If you do an nslookup on openbsd.org, you get 199.185.137.3 If you do an nslookup on www.openbsd.org, you get 129.128.5.191 The content on http://openbsd.org/errata43.html is different than http://www.openbsd.org/errata43.html. Dumb question... Is openbsd.org an official mirror of www.openbsd.org? Rob From phessler at theapt.org Thu Jul 17 16:19:20 2008 From: phessler at theapt.org (Peter Hessler) Date: Thu, 17 Jul 2008 16:19:20 -0700 Subject: Issue with OpenBSD web site In-Reply-To: <827510.31042.qm@web58715.mail.re1.yahoo.com> References: <827510.31042.qm@web58715.mail.re1.yahoo.com> Message-ID: <20080717231920.GR10042@gir.theapt.org> This is known. openbsd.org is at Theo's House. www.openbsd.org is the main site, hosted at University of Alberta. www will give you far better bandwidth, due to UAlberta's network connection. I currently see no differnce between the errata43.html's. Occasionally there will be, because the updates are synced on different schedules. On 2008 Jul 17 (Thu) at 15:12:24 -0700 (-0700), Robert Granger wrote: :Has anyone noticed this before... : :If you do an nslookup on openbsd.org, you get 199.185.137.3 : :If you do an nslookup on www.openbsd.org, you get 129.128.5.191 : :The content on http://openbsd.org/errata43.html is different than http://www.openbsd.org/errata43.html. : :Dumb question... Is openbsd.org an official mirror of www.openbsd.org? : :Rob -- The light at the end of the tunnel is the headlight of an approaching train. From tonino-pablo at lycos.com Fri Jul 18 01:23:38 2008 From: tonino-pablo at lycos.com (x x) Date: Fri, 18 Jul 2008 04:23:38 -0400 (EDT) Subject: CHS/fdisk Message-ID: <20080718042338.HM.0000000000003Ns@tonino-pablo.bos-mail-wwl12.lycos.com> An HTML attachment was scrubbed... URL: http://mailman.theapt.org/pipermail/openbsd-newbies/attachments/20080718/7039b1bc/attachment.html From josh at jggimi.homeip.net Fri Jul 18 05:58:15 2008 From: josh at jggimi.homeip.net (Josh Grosse) Date: Fri, 18 Jul 2008 08:58:15 -0400 Subject: CHS/fdisk In-Reply-To: <20080718042338.HM.0000000000003Ns@tonino-pablo.bos-mail-wwl12.lycos.com> References: <20080718042338.HM.0000000000003Ns@tonino-pablo.bos-mail-wwl12.lycos.com> Message-ID: <20080718125815.GA21169@jggimi.homeip.net> On Fri, Jul 18, 2008 at 04:23:38AM -0400, x x wrote: > anyone successfully dual boot with Linux, as well separately dual booting > with XP/Vista? Sure. > I read through the FAQ about Linux and that is 4 years old, and am having > a major pain and frustration with CHS, same with XP machine, having problems > around the setting the CHS. You should not have to set CHS values with a modern (say, less than 15 years old) BIOS. The drive tells the BIOS what it prefers, and the BIOS should use that. > Also in fdisk, in faq for mutibooting only shows 0 is Win-95, 1, 2, and 3 > or unused so e 1, but what if 0, 1, and 2 are each used from a Linux > distribution, do I e 3, but which do I set as the active partition, do I > f 0 or f 1 and write to disk for Linux, or do I f 3 and write to disk to > boot Open? You need to understand this much about Master Boot Records, and MBR partitions: It's a very old design. There is only room in the MBR for 4 partitions. These are called, "Primary Partitions". An "Extended DOS Partition" is a method of increasing that number without changing the structure of this old design; one of the 4 partition slots are used to point to blocks on disk with additional MBR partitions. This design was invented by Microsoft to add some logical partitions without impacting any of their PC manufacturing cusotmers. Some OS's are very particular about starting and ending addressing and booting. It is usually best to use each OS's MBR manipulation tools when setting up multibooting. Windows tools for Windows, Linux tools for Linux, and OpenBSD tools for OpenBSD. Today, OpenBSD requires a primary partition. Using OpenBSD's fdisk(8) program, these are numbered 0-3. If, as you say, on your system 0-2 are used and 3 is unused, then you must use 3. If all four are already in use, you must restructure your system to free one of these primary partitions. The "f" command you mention, "flag", is used to assign the active, bootable partition for the BIOS. > When I set CHS to work along side XP on there and reboot nothing works, > neither OS knows how to load On boot, the BIOS loads the MBR program from the drive. The partition marked as bootable ("active" in Microsoft's fdisk program, "flagged" in OpenBSD's) is determined, and its Partition Boot Record (PBR) is loaded and executed. If none of the four partitions is marked active, the disk is not bootable. Below, is the output of "# fdisk wd0" on a laptop with three operating systems: WXP, Ubuntu, and OpenBSD. There are 4 primary partitions in use, one for each OS and a fourth, containing the "Extended DOS Partition" which is used by Ubuntu to create a logical partition for Linux swap. Note the "active" partition is OpenBSD; though I use the GAG bootloader to manage multibooting -- it lives in the blocks before partition #0 begins. Disk: wd0 geometry: 2432/255/63 [39070080 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 07 0 1 1 - 522 254 63 [ 63: 8401932 ] HPFS/QNX/AUX *1: A6 523 0 1 - 1815 254 63 [ 8401995: 20772045 ] OpenBSD 2: 83 1816 0 1 - 2401 254 63 [ 29174040: 9414090 ] Linux files* 3: 05 2402 0 1 - 2431 254 63 [ 38588130: 481950 ] Extended DOS Offset: 38588130 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 82 2402 1 1 - 2431 254 63 [ 38588193: 481887 ] Linux swap 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused From vim.unix at googlemail.com Fri Jul 18 11:45:15 2008 From: vim.unix at googlemail.com (Pau) Date: Fri, 18 Jul 2008 20:45:15 +0200 Subject: CHS/fdisk In-Reply-To: <20080718125815.GA21169@jggimi.homeip.net> References: <20080718042338.HM.0000000000003Ns@tonino-pablo.bos-mail-wwl12.lycos.com> <20080718125815.GA21169@jggimi.homeip.net> Message-ID: <30c383e70807181145o5433d94oe64108e9a3d4a891@mail.gmail.com> www.aei.mpg.de/~pau/zen_process_obsd.html 2008/7/18 Josh Grosse : > On Fri, Jul 18, 2008 at 04:23:38AM -0400, x x wrote: >> anyone successfully dual boot with Linux, as well separately dual booting >> with XP/Vista? > > Sure. > >> I read through the FAQ about Linux and that is 4 years old, and am having >> a major pain and frustration with CHS, same with XP machine, having problems >> around the setting the CHS. > > You should not have to set CHS values with a modern (say, less than 15 years > old) BIOS. The drive tells the BIOS what it prefers, and the BIOS should > use that. > >> Also in fdisk, in faq for mutibooting only shows 0 is Win-95, 1, 2, and 3 >> or unused so e 1, but what if 0, 1, and 2 are each used from a Linux >> distribution, do I e 3, but which do I set as the active partition, do I >> f 0 or f 1 and write to disk for Linux, or do I f 3 and write to disk to >> boot Open? > > You need to understand this much about Master Boot Records, and MBR > partitions: > > It's a very old design. There is only room in the MBR for 4 partitions. > These are called, "Primary Partitions". An "Extended DOS Partition" is a > method of increasing that number without changing the structure of this old > design; one of the 4 partition slots are used to point to blocks on disk > with additional MBR partitions. This design was invented by Microsoft to > add some logical partitions without impacting any of their PC manufacturing > cusotmers. > > Some OS's are very particular about starting and ending addressing and booting. > It is usually best to use each OS's MBR manipulation tools when setting up > multibooting. Windows tools for Windows, Linux tools for Linux, and OpenBSD > tools for OpenBSD. > > Today, OpenBSD requires a primary partition. Using OpenBSD's fdisk(8) > program, these are numbered 0-3. If, as you say, on your system 0-2 are used > and 3 is unused, then you must use 3. If all four are already in use, you > must restructure your system to free one of these primary partitions. > > The "f" command you mention, "flag", is used to assign the active, bootable > partition for the BIOS. > >> When I set CHS to work along side XP on there and reboot nothing works, >> neither OS knows how to load > > On boot, the BIOS loads the MBR program from the drive. The partition marked > as bootable ("active" in Microsoft's fdisk program, "flagged" in OpenBSD's) > is determined, and its Partition Boot Record (PBR) is loaded and executed. > If none of the four partitions is marked active, the disk is not bootable. > > Below, is the output of "# fdisk wd0" on a laptop with three operating systems: > WXP, Ubuntu, and OpenBSD. There are 4 primary partitions in use, one for > each OS and a fourth, containing the "Extended DOS Partition" which is used > by Ubuntu to create a logical partition for Linux swap. > > Note the "active" partition is OpenBSD; though I use the GAG bootloader to > manage multibooting -- it lives in the blocks before partition #0 begins. > > Disk: wd0 geometry: 2432/255/63 [39070080 Sectors] > Offset: 0 Signature: 0xAA55 > Starting Ending LBA Info: > #: id C H S - C H S [ start: size ] > ------------------------------------------------------------------------------- > 0: 07 0 1 1 - 522 254 63 [ 63: 8401932 ] HPFS/QNX/AUX > *1: A6 523 0 1 - 1815 254 63 [ 8401995: 20772045 ] OpenBSD > 2: 83 1816 0 1 - 2401 254 63 [ 29174040: 9414090 ] Linux files* > 3: 05 2402 0 1 - 2431 254 63 [ 38588130: 481950 ] Extended DOS > Offset: 38588130 Signature: 0xAA55 > Starting Ending LBA Info: > #: id C H S - C H S [ start: size ] > ------------------------------------------------------------------------------- > 0: 82 2402 1 1 - 2431 254 63 [ 38588193: 481887 ] Linux swap > 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused > 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused > 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From eyiglmada at gmail.com Fri Jul 18 12:18:43 2008 From: eyiglmada at gmail.com (:::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::) Date: Fri, 18 Jul 2008 20:18:43 +0100 Subject: pkg_add /cdrom/... ; can`t find /cdrom/iwi-firmware-2.3.gz : fatal error Message-ID: <7d70ea1c0807181218i136b4b1di3710f25ff7d71372@mail.gmail.com> Hi. My question it`s a simple problem: # mount_cd9660 /dev/cd0a /cdrom # ls -a /cdrom lists iwi-firmware-2.3.gz I mounted the cd-rom. In the cd-rom there is firmware which probably would solve another problem (wireless internet connection with INTEL PRO/wireless 2200GB). I am getting an error message when I try to install the firmware contained in the cd-rom. pkg_add /cdrom/iwi-firmware-2.3.gz error message: can`t find /cdrom/iwi-firmware-2.3.gz /usr/sbin/pkg_add : /cdrom/iwi-firmware-2.3.gz : fatal error What should I do to install this file from cd-rom? Thanks In Advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.theapt.org/pipermail/openbsd-newbies/attachments/20080718/5acc9f7e/attachment-0001.html From robertgranger at yahoo.com Fri Jul 18 13:43:12 2008 From: robertgranger at yahoo.com (Robert Granger) Date: Fri, 18 Jul 2008 13:43:12 -0700 (PDT) Subject: pkg_add /cdrom/... ; can`t find /cdrom/iwi-firmware-2.3.gz : fatal error In-Reply-To: <7d70ea1c0807181218i136b4b1di3710f25ff7d71372@mail.gmail.com> Message-ID: <710982.85736.qm@web58710.mail.re1.yahoo.com> Have you tried copying the file from the cd-rom to a local file system directory (i.e. /tmp) to remove pkg_add from the equation? If the copy works, then you could try "pkg_add /tmp/iwi-firmware-2.3.gz" instead. Also, is the iwi-firmware-2.3.gz a valid package (meaning created by pkg_create)? Rob --- On Fri, 7/18/08, :::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::: wrote: > From: :::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::: > Subject: pkg_add /cdrom/... ; can`t find /cdrom/iwi-firmware-2.3.gz : fatal error > To: openbsd-newbies at sfobug.org > Date: Friday, July 18, 2008, 12:18 PM > Hi. > My question it`s a simple problem: > > # mount_cd9660 /dev/cd0a /cdrom > # ls -a /cdrom > lists > iwi-firmware-2.3.gz > > I mounted the cd-rom. In the cd-rom there is firmware which > probably would > solve another problem (wireless internet connection with > INTEL PRO/wireless > 2200GB). > I am getting an error message when I try to install the > firmware contained > in the cd-rom. > > pkg_add /cdrom/iwi-firmware-2.3.gz > > error message: > can`t find /cdrom/iwi-firmware-2.3.gz > /usr/sbin/pkg_add : /cdrom/iwi-firmware-2.3.gz : fatal > error > > What should I do to install this file from cd-rom? > > Thanks In > Advance._______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies From admin at madona.lv Fri Jul 18 13:39:07 2008 From: admin at madona.lv (ADMIN / MEDIA.MADONA.LV) Date: Fri, 18 Jul 2008 23:39:07 +0300 Subject: problem with pf and ftp Message-ID: <77305399-A1BA-4A51-8281-8870B716FB98@madona.lv> hi folks maybe u can give me some advice or what i do wrong directory listing its takes very long time :( here is my pf conf file ext_if="fxp0" # # Options: tune the behavior of pf, default values are given. set timeout { interval 30, frag 10 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set limit { states 10000, frags 5000 } set loginterface fxp0 set optimization conservative set skip on lo set block-policy drop # Normalization scrub on $ext_if random-id reassemble tcp # Antispoof antispoof for $ext_if # Filtering: the implicit first two rules are block in log all pass out keep state # pass out to external interface pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { icmp, udp } all keep state # connections and keep state, logging blocked packets. pass in on $ext_if proto tcp from any to any \ port { ssh www 20 21 https 4801 4802 } keep state pass in on $ext_if proto tcp from any to any port > 49151 \ keep state + i put passive port in pureftpd config file thx From josh at jggimi.homeip.net Fri Jul 18 15:49:48 2008 From: josh at jggimi.homeip.net (Josh Grosse) Date: Fri, 18 Jul 2008 18:49:48 -0400 Subject: pkg_add /cdrom/... ; can`t find /cdrom/iwi-firmware-2.3.gz : fatal error In-Reply-To: <7d70ea1c0807181218i136b4b1di3710f25ff7d71372@mail.gmail.com> References: <7d70ea1c0807181218i136b4b1di3710f25ff7d71372@mail.gmail.com> Message-ID: <20080718224948.GA15078@jggimi.homeip.net> >From pkg_add(1): If the given package names are not found in the current working directory, pkg_add will search for them in each directory named by the PKG_PATH environment variable. ---- So, either change your working directory to /cdrom before running pkg_add, or use PKG_PATH. From mark at pecaut.us Fri Jul 18 18:08:28 2008 From: mark at pecaut.us (Mark Pecaut) Date: Fri, 18 Jul 2008 19:08:28 -0600 Subject: pkg_add /cdrom/... ; can`t find /cdrom/iwi-firmware-2.3.gz : fatal error In-Reply-To: <20080718224948.GA15078@jggimi.homeip.net> References: <7d70ea1c0807181218i136b4b1di3710f25ff7d71372@mail.gmail.com> <20080718224948.GA15078@jggimi.homeip.net> Message-ID: <411f69670807181808x376c6ac5l2d7147f17846ce81@mail.gmail.com> On 7/18/08, Josh Grosse wrote: > So, either change your working directory to /cdrom before running pkg_add, or > use PKG_PATH. Ok, but you certainly can do $ pkg_add /path/to/your/package/packagename.tgz as root and that should work. However, there is no package with the .gz suffix. Packages will have a .tgz suffix. Did the original poster copy this package from Damien's site? http://damien.bergamini.free.fr/ipw/iwi-openbsd.html On that site, the package is clearly named "iwi-firmware-2.3.tgz". Where did you obtain that package originally, and how did it become named iwi-firmware-2.3.gz? -Mark From public at kubikcz.net Sun Jul 20 01:09:50 2008 From: public at kubikcz.net (mk) Date: Sun, 20 Jul 2008 10:09:50 +0200 Subject: best way to update packages on stable Message-ID: <881F92A17CF94407AA9131B247C4454B@mknotebook> Hello list, I have several packages which are exposed to internet installed on my OpenBSD 4.2 server. Unfortunately some of them are quite old and contain security bugs so I would like to update them. I was watching quite a big fight on MISC OpenBSD list recently so I know that updates are not released for stable version anymore and it is necessary to follow current and build everything from ports if you want updated software. Should I switch to current? .... because it seems in current are sometimes big changes, is current ok for production system? How do you solve this issue? Do you run current, or compile applications directly from source? Or is there any other possibility? Thank you MK From marmot at pennswoods.net Mon Jul 21 17:45:13 2008 From: marmot at pennswoods.net (Woodchuck) Date: Mon, 21 Jul 2008 20:45:13 -0400 (EDT) Subject: best way to update packages on stable In-Reply-To: <881F92A17CF94407AA9131B247C4454B@mknotebook> References: <881F92A17CF94407AA9131B247C4454B@mknotebook> Message-ID: On Sun, 20 Jul 2008, mk wrote: > Hello list, > > I have several packages which are exposed to internet installed on my > OpenBSD 4.2 server. > Unfortunately some of them are quite old and contain security bugs so I > would like to update them. First step: update to 4.3-release Second step: update to 4.3-stable Third step: update all packages. See man pkg_add > I was watching quite a big fight on MISC OpenBSD list recently so I know > that updates are not released for stable version > anymore and it is necessary to follow current and build everything from > ports if you want updated software. Unlike other OSes, OpenBSD keeps (obsessively) to a 6 month release cycle. This means you will wait, on average, 90 days for an update. The next release will be 4.4 on November 1, 2008. Security changes (or major functional bug-fixes) to the kernel and user-land are still made as they happen to -stable, and I think, stable n-1. (At present, 4.2 and 4.3 are being maintained). Just not to the ports/packages. So it is not as bad as it might look. There are only a few (in my opinion) reasons to update a package/port. 1) New swell features, almost always these are brainless fluff from Linuxland like "redesigned Klingon fonts" or "Morphing xterm backgrounds", or new support for some obscure language like "Structured Visual Forth on Rails". Included would be new major releases of something that hasn't needed a major release since 1985, like "ls" or "vi". Most "vanity" packages -- re-invented wheels -- come under this heading. 2) Fixes for last year's wretched excesses: "now Klingon letter "double tlh" prints correctly with improved kerning", i.e. stuff that doesn't affect operation or system integrity. 3) Fixes that close security loopholes or repair bugs that have been crashing the system or crashing major applications or crashing the package. (also s/crashing/severely buggering up/g). In my opinion, (1) and (2) can wait the 90 days. In case (3) I assume there is no acceptable workaround. ("Shut down named and buy commercial name service" is not my idea of an acceptable work around...) We can add (4): 4) Stuff you want badly. Maybe you have an uncle who only speaks Klingon. Maybe your boss or client is roasting you to get a specific spam trap up and running YESTERDAY. (3) and (4) demand action, in other words. > Should I switch to current? .... because it seems in current are sometimes > big changes, is current ok for production system? No and No. > How do you solve this issue? Do you run current, or compile applications > directly from source? I personally am still at 4.2-stable. I ignore the issue. But I don't offer outside hosts any access. Recent named cache-poisoning issues are motivating me to install an updated name server. I compile applications from wherever I can get them. (I write software some times, too). > Or is there any other possibility? Let's look at cases (3) and (4). If you're not familiar with programming and system administration in Unix, you're not going to have fun updating by any method, and will remain a slave to pkg_add and pkg_delete. Even using ports to make a package and then install it (which is all ports is) will be scary. So let's assume you have clue. Get familiar with how ports works. RTFM man ports. I'll work out a specific example later, over the next few days, maybe. Or not. Dave From josh at jggimi.homeip.net Wed Jul 23 02:34:34 2008 From: josh at jggimi.homeip.net (Josh Grosse) Date: Wed, 23 Jul 2008 05:34:34 -0400 Subject: CHS/fdisk Message-ID: <20080723093434.GB4542@jggimi.homeip.net> Tonino Pablo posted the following message to me via e-mail; my reply bounced from Lycos; the mail server refused e-mail to the address. Normally I wouldn't post an e-mail, but I have no way of replying directly, and Tonino had already posted an initial question on the subject to this list; nothing in the e-mail is of any personal nature. ----- Forwarded message from Josh Grosse ----- Date: Wed, 23 Jul 2008 05:28:16 -0400 From: Josh Grosse To: x x Subject: Re: CHS/fdisk On Wed, Jul 23, 2008 at 12:28:02AM -0400, x x wrote: > I tried doing as you said about using like flag 1, flag 2, to set the > active partition and to skip over editing the CHS, but when I reboot there > is nothing there, it doesn't work. So how can I install Open as the > second or third OS without editing the CHS? Boot the ramdisk kernel (from cd43.iso, or similar media), and capture the output of "# fdisk wd0" or "# fdisk sd0" (for IDE/ATA or SCSI, respectively). Post the output to openbsd-newbies. ----- End forwarded message ----- From public at kubikcz.net Thu Jul 24 09:45:38 2008 From: public at kubikcz.net (mk) Date: Thu, 24 Jul 2008 18:45:38 +0200 Subject: pcmcia - RP-1632DRC Message-ID: Hello all, I bought pcmcia Fast Ethernet card RP-1632DRC http://www.repotec.com/default.asp?pagename=Network_Interface_Card/RP_1632DRC.htm It has realtek 8139 on it so I though it could work with my OpenBSD box. Card is detected by OS but that's all. It gives me error "watchdog timeout" but it's not problem with a cable etc. as it works if I plug same cable into other NIC. Is there any chance that this card can work with OpenBSD? I know, it's my fault I though that if it has supported chipset it should work. Fortunately it was quite cheap so next time I'll buy something 100% supported. What pcmcia Fast Ethernet card would you recommend? I was thinking about Dlink DFE-690TXD. Thanks MK From macintoshzoom at lavabit.com Sat Jul 26 06:52:34 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Sat, 26 Jul 2008 07:52:34 -0600 Subject: Is OpenBSD a good anti-tempest OS? Message-ID: <488B2C22.7000908@lavabit.com> I was reading http://www.schneier.com/blog/archives/2007/05/reading_lcd_dis.html about LCD emissions "Reading LCD Displays at a Distance". Some one said something about >>>>...The article states that, "the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor..." Because HD over HDMI requires over-the-cable encryption (using secret keys in the graphics and monitor hardware), HDMI is not vulnerable to this attack.<<<< What it is HDMI, is it supported y OpenBSD? another one at http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html says: >>>< ...After some research, it was found that the biggest EM leakage source that could be easily decoded was the cable between the keyboard and system. He simply used a passive optical pipe with led's in the keyboard and the keys would act as shutters to interrupt the light. No EM at all. The monitor and monitor cables were all heavily shielded to avoid leakage there....<<<< Anyone knows if OpenBSD encrypts what is going on the cable between the keyboard and system? It seems to me that win anti-keyloggers software does this. Another one says: >>>>The best solution might be already there in Vista. If the video card and the monitor use HDCP for encryption, there will be very little to eavesdrop on. Wow, DRM might be useful one day! (Or am I missing something here?)>>>> What the hell is that Vista videocard and monitor encryption? Is this available in OpenBSD? Thanks for any light on anti-tempest settings for OpenBSD desktops. From martin at oneiros.de Sat Jul 26 07:26:43 2008 From: martin at oneiros.de (=?ISO-8859-1?Q?Martin_Schr=F6der?=) Date: Sat, 26 Jul 2008 16:26:43 +0200 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <488B2C22.7000908@lavabit.com> References: <488B2C22.7000908@lavabit.com> Message-ID: <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> 2008/7/26 macintoshzoom : > What it is HDMI, is it supported y OpenBSD? You might have heard of Wikipedia (www.wikipedia.org), which will answer most of your questions. Please use it and leave us alone. Best Martin From macintoshzoom at lavabit.com Sat Jul 26 08:20:03 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Sat, 26 Jul 2008 09:20:03 -0600 Subject: Is OpenBSD a good anti-tempest OS? To Martin Mr."leave us alone" In-Reply-To: <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> Message-ID: <488B40A3.3080906@lavabit.com> Hi Martin Mr."leave us alone": You seem to dislike any anti-tempest efforts, with your "leave us alone" note to me. Wikipedia http://en.wikipedia.org/wiki/Hdmi didn't say anything about if HDMI is supported on OpenBSD, nor the main subject about this thread that is "Is OpenBSD a good anti-tempest OS?". Wikipedia says that "PCs with HDMI output using Windows Vista and Windows XP may be capable of HDMI audio output depending on specific hardware", but I don't know if this is supported on OpenBSD. Are you working for any tempest spying agency, so these question attempts against your interests, and so you try to discourage any thread about this?. Forget me if you are going to reply again with a "leave us alone", leave us alone you with your dirty mood and manners, man. Who the hell do you think you are to speak like that? Go away from any public open meeting as this mail list, you are nor ready for a social life. Mac. ? wrote: > 2008/7/26 macintoshzoom : >> What it is HDMI, is it supported y OpenBSD? > > You might have heard of Wikipedia (www.wikipedia.org), which will > answer most of your questions. Please use it and leave us alone. > > Best > Martin > From martin at oneiros.de Sat Jul 26 08:41:15 2008 From: martin at oneiros.de (=?ISO-8859-1?Q?Martin_Schr=F6der?=) Date: Sat, 26 Jul 2008 17:41:15 +0200 Subject: Is OpenBSD a good anti-tempest OS? To Martin Mr."leave us alone" In-Reply-To: <488B40A3.3080906@lavabit.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> <488B40A3.3080906@lavabit.com> Message-ID: <68c491a60807260841p5cb52211i90c452d80d81024a@mail.gmail.com> 2008/7/26 macintoshzoom : > You seem to dislike any anti-tempest efforts, with your "leave us alone" > note to me. No. But there are worthier causes then anti-tempest. > Wikipedia http://en.wikipedia.org/wiki/Hdmi didn't say anything about if Ah, you found the article. So you know more about HDMI. :-) > Forget me if you are going to reply again with a "leave us alone", leave > us alone you with your dirty mood and manners, man. No. OpenBSD is for people who do their own research - or at least try to. You didn't seem to. > Who the hell do you think you are to speak like that? Go away from any Someone who doesn't want mails like yours in my inbox. Best Martin From robert at pottsdata.com Sat Jul 26 08:28:38 2008 From: robert at pottsdata.com (Robert Potts) Date: Sat, 26 Jul 2008 09:28:38 -0600 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> Message-ID: <488B42A6.5060209@pottsdata.com> Bad response for a newbie list. Please ignore it. I think this is a good topic and would like to hear from more people on it. If these kinds of questions annoy you maybe you should get off this list? Martin Schr?der wrote: > 2008/7/26 macintoshzoom : > >> What it is HDMI, is it supported y OpenBSD? >> > > You might have heard of Wikipedia (www.wikipedia.org), which will > answer most of your questions. Please use it and leave us alone. > > Best > Martin > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > > I was reading http://www.schneier.com/blog/archives/2007/05/reading_lcd_dis.html about LCD emissions "Reading LCD Displays at a Distance". Some one said something about >>>> >>>>...The article states that, "the aim is to tune into the radio >>>> emissions produced by the cables sending a signal to the monitor..." Because HD over HDMI requires over-the-cable encryption (using secret keys in the graphics and monitor hardware), HDMI is not vulnerable to this attack.<<<< What it is HDMI, is it supported y OpenBSD? another one at http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html says: >>> >>>< ...After some research, it was found that the biggest EM leakage >>> source that could be easily decoded was the cable between the keyboard and system. He simply used a passive optical pipe with led's in the keyboard and the keys would act as shutters to interrupt the light. No EM at all. The monitor and monitor cables were all heavily shielded to avoid leakage there....<<<< Anyone knows if OpenBSD encrypts what is going on the cable between the keyboard and system? It seems to me that win anti-keyloggers software does this. Another one says: >>>> >>>>The best solution might be already there in Vista. If the video card >>>> and the monitor use HDCP for encryption, there will be very little to eavesdrop on. Wow, DRM might be useful one day! (Or am I missing something here?)>>>> What the hell is that Vista videocard and monitor encryption? Is this available in OpenBSD? Thanks for any light on anti-tempest settings for OpenBSD desktops. _______________________________________________ Openbsd-newbies mailing list Openbsd-newbies at sfobug.org http://mailman.theapt.org/listinfo/openbsd-newbies > . > > From martin at oneiros.de Sat Jul 26 09:34:31 2008 From: martin at oneiros.de (=?ISO-8859-1?Q?Martin_Schr=F6der?=) Date: Sat, 26 Jul 2008 18:34:31 +0200 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <488B42A6.5060209@pottsdata.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> <488B42A6.5060209@pottsdata.com> Message-ID: <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> 2008/7/26 Robert Potts : > Bad response for a newbie list. Please ignore it. I think this is a It's bad to point newbies to wikipedia if they don't know it? Best Martin From axel.keuchel at web.de Sat Jul 26 09:38:29 2008 From: axel.keuchel at web.de (Axel Keuchel) Date: Sat, 26 Jul 2008 18:38:29 +0200 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> <488B42A6.5060209@pottsdata.com> <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> Message-ID: <488B5305.9060700@web.de> No, it's about your bad manners and being rude without a reason. Martin Schr?der wrote: > 2008/7/26 Robert Potts : > >> Bad response for a newbie list. Please ignore it. I think this is a >> > > It's bad to point newbies to wikipedia if they don't know it? > > Best > Martin > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > > From macintoshzoom at lavabit.com Sat Jul 26 10:03:19 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Sat, 26 Jul 2008 11:03:19 -0600 Subject: Can I gpg encrypt my mail to this list? Message-ID: <488B58D7.9080702@lavabit.com> Hi, Is it available to post here using gpg encrypted mail? I hate emailing plain text so as everyone hacking my traceroutes can read what I post. Mac. From macintoshzoom at lavabit.com Sat Jul 26 10:06:58 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Sat, 26 Jul 2008 11:06:58 -0600 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <488B5305.9060700@web.de> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> <488B42A6.5060209@pottsdata.com> <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> <488B5305.9060700@web.de> Message-ID: <488B59B2.8010203@lavabit.com> Hey all, I think we might stop flaming here. With or without proper reasons. Thank you guys for adhering my protest to Martin. He may had a bad day. Sorry, I started it all. Let's talk about OpenBSD! Mac Axel Keuchel wrote: > No, it's about your bad manners and being rude without a reason. > > Martin Schr?der wrote: >> 2008/7/26 Robert Potts : >> >>> Bad response for a newbie list. Please ignore it. I think this is a >>> >> It's bad to point newbies to wikipedia if they don't know it? >> >> Best >> Martin >> _______________________________________________ >> Openbsd-newbies mailing list >> Openbsd-newbies at sfobug.org >> http://mailman.theapt.org/listinfo/openbsd-newbies >> >> > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From phessler at theapt.org Sat Jul 26 10:18:53 2008 From: phessler at theapt.org (Peter Hessler) Date: Sat, 26 Jul 2008 10:18:53 -0700 Subject: Can I gpg encrypt my mail to this list? In-Reply-To: <488B58D7.9080702@lavabit.com> References: <488B58D7.9080702@lavabit.com> Message-ID: <20080726171853.GP11847@gir.theapt.org> No, this mailing list cannot decypher your texts. Additionally this is a /public/ mailing list, so everything you send here is available to everyone, for all time. On 2008 Jul 26 (Sat) at 11:03:19 -0600 (-0600), macintoshzoom wrote: :Hi, :Is it available to post here using gpg encrypted mail? : :I hate emailing plain text so as everyone hacking my traceroutes can :read what I post. : :Mac. -- ... And malt does more than Milton can To justify God's ways to man -- A. E. Housman From phessler at theapt.org Sat Jul 26 10:23:18 2008 From: phessler at theapt.org (Peter Hessler) Date: Sat, 26 Jul 2008 10:23:18 -0700 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> Message-ID: <20080726172318.GQ11847@gir.theapt.org> Hi Martin. This list is a place for people to ask "dumb questions", and not to be ridiculed. Personal feelings on the person, or question are inappropriate. If you don't like a poster, don't respond to them. -List Admin On 2008 Jul 26 (Sat) at 16:26:43 +0200 (+0200), Martin Schr?der wrote: :You might have heard of Wikipedia (www.wikipedia.org), which will :answer most of your questions. Please use it and leave us alone. -- In Pocatello, Idaho, a law passed in 1912 provided that "The carrying of concealed weapons is forbidden, unless same are exhibited to public view." From robert at pottsdata.com Sat Jul 26 10:44:42 2008 From: robert at pottsdata.com (Robert Potts) Date: Sat, 26 Jul 2008 11:44:42 -0600 Subject: Is OpenBSD a good anti-tempest OS? Message-ID: <488B628A.5000506@pottsdata.com> Now you're being passive-aggressive. It's obviously not bad to point people to wiki, but it is bad to say "Please use it and leave us alone." This is a newbie list. The only stupid question on this list is the one you don't ask. Again, if you don't like this, leave the list. You're better off without it, and we're better off without you. Not that you are not welcome, just your attitude is not welcome. >It's bad to point newbies to wikipedia if they don't know it? >Best > Martin From macintoshzoom at lavabit.com Sat Jul 26 10:49:39 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Sat, 26 Jul 2008 11:49:39 -0600 Subject: Can I gpg encrypt my mail to this list? In-Reply-To: <20080726171853.GP11847@gir.theapt.org> References: <488B58D7.9080702@lavabit.com> <20080726171853.GP11847@gir.theapt.org> Message-ID: <488B63B3.9040106@lavabit.com> ok. Peter Hessler wrote: > No, this mailing list cannot decypher your texts. Additionally this is a > /public/ mailing list, so everything you send here is available to everyone, > for all time. > > On 2008 Jul 26 (Sat) at 11:03:19 -0600 (-0600), macintoshzoom wrote: > :Hi, > :Is it available to post here using gpg encrypted mail? > : > :I hate emailing plain text so as everyone hacking my traceroutes can > :read what I post. > : > :Mac. > > From tonino-pablo at lycos.com Sat Jul 26 11:22:14 2008 From: tonino-pablo at lycos.com (x x) Date: Sat, 26 Jul 2008 14:22:14 -0400 (EDT) Subject: No subject Message-ID: <20080726142214.HM.0000000000003TH@tonino-pablo.bos-mail-wwl12.lycos.com> An HTML attachment was scrubbed... URL: http://mailman.theapt.org/pipermail/openbsd-newbies/attachments/20080726/f2f79576/attachment-0001.html From josh at jggimi.homeip.net Sat Jul 26 11:57:23 2008 From: josh at jggimi.homeip.net (Josh Grosse) Date: Sat, 26 Jul 2008 14:57:23 -0400 Subject: your mail In-Reply-To: <20080726142214.HM.0000000000003TH@tonino-pablo.bos-mail-wwl12.lycos.com> References: <20080726142214.HM.0000000000003TH@tonino-pablo.bos-mail-wwl12.lycos.com> Message-ID: <20080726185723.GA26752@jggimi.homeip.net> On Sat, Jul 26, 2008 at 02:22:14PM -0400, x x wrote: > Thanks Josh, I am surprised to see my email bounced, since I only use > webmail for this list, and imagine it was a direct reply, so that's > surprising. > Your webmail not only bounces (mail refused by user), but it's difficult to read with a plain text mail client, and lacks a subject, also. As you can see from my reply, I had to manually quote your text and break it into readable lines. If you intend to continue sending to this list, or eventually to the OpenBSD mailing lists, or any other lists, you should consider using a different mail service. > ...I had the starting and ending heads and sectors correct, and ending > cylinder, but it seems the starting cylinder has to be one higher of the > ending cylinder.... I'm glad you were able to get things sorted out. > But while I have you guys, how do I get it to automatically load cwm or > fvwm when the system boots? I have already built xenocara. As Peter said, > I just want to use what WM comes with the base system fvwm(1) is configured by default. All you need do is use startx(1). If you want cwm(1), you'll need to create an ~/.xinitrc file; see the startx(1) man page. From mandrich at mandrich.com Sat Jul 26 14:38:14 2008 From: mandrich at mandrich.com (Mark Andrich) Date: Sat, 26 Jul 2008 16:38:14 -0500 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <488B5305.9060700@web.de> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> <488B42A6.5060209@pottsdata.com> <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> <488B5305.9060700@web.de> Message-ID: <488B9946.7030406@mandrich.com> Martin, The "newbie" list is a place for people to ask questions without fear of condescending and arrogant responses, even if they weren't sure where to start their research. I'd have to say that you are in the minority here and your attitude might be very much more at home on the "misc" mailing list. ;) Mark Axel Keuchel wrote: > No, it's about your bad manners and being rude without a reason. > > Martin Schr?der wrote: > >> 2008/7/26 Robert Potts : >> >> >>> Bad response for a newbie list. Please ignore it. I think this is a >>> >>> >> It's bad to point newbies to wikipedia if they don't know it? >> >> Best >> Martin >> _______________________________________________ >> Openbsd-newbies mailing list >> Openbsd-newbies at sfobug.org >> http://mailman.theapt.org/listinfo/openbsd-newbies >> >> >> > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.138 / Virus Database: 270.5.6/1574 - Release Date: 7/25/2008 4:27 PM > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.theapt.org/pipermail/openbsd-newbies/attachments/20080726/dfac9773/attachment.html From DStaal at usa.net Sat Jul 26 17:08:32 2008 From: DStaal at usa.net (Daniel Staal) Date: Sat, 26 Jul 2008 20:08:32 -0400 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <488B2C22.7000908@lavabit.com> References: <488B2C22.7000908@lavabit.com> Message-ID: <010F875A9CE39B0F9751AE53@Mac-Pro.local> --As of July 26, 2008 7:52:34 AM -0600, macintoshzoom is alleged to have said: > Because HD over HDMI requires over-the-cable encryption (using secret > keys in the graphics and monitor hardware), HDMI is not vulnerable to > this attack.<<<< > > What it is HDMI, is it supported y OpenBSD? --As for the rest, it is mine. HDMI is a monitor/video interface standard, and I assume some video cards that support it are probably supported by OpenBSD. (I'd have to know a specific card to check the list[1].) I doubt the system (and, by extension, OpenBSD) usually knows or cares what cable format you use to connect your monitor to your computer, and that's basically what HDMI is. Daniel T. Staal [1] for the i386 platform, similar pages for other platforms. --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From marmot at pennswoods.net Sun Jul 27 02:33:54 2008 From: marmot at pennswoods.net (Woodchuck) Date: Sun, 27 Jul 2008 05:33:54 -0400 (EDT) Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> References: <488B2C22.7000908@lavabit.com> <68c491a60807260726s5f0402e3k3d856a81d1998ad2@mail.gmail.com> <488B42A6.5060209@pottsdata.com> <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> Message-ID: On Sat, 26 Jul 2008, Martin Schr?der wrote: > 2008/7/26 Robert Potts : > > Bad response for a newbie list. Please ignore it. I think this is a > > It's bad to point newbies to wikipedia if they don't know it? > > Best > Martin No. It is bad to be obnoxious, insulting, argumentative and dismissive. Please save that for the ADHD/Apsberger Syndrome list at misc at openbsd.org. Compare: "XXXX is not really an OpenBSD issue." and "XXXX is not really an OpenBSD issue, you mindless piece of shit, and why are you bothering decent people with your stupid drivel?" While both examples convey the same information, the not-so-sub subtext in the second version is not suitable in this environment. Dave From marmot at pennswoods.net Sun Jul 27 02:41:49 2008 From: marmot at pennswoods.net (Woodchuck) Date: Sun, 27 Jul 2008 05:41:49 -0400 (EDT) Subject: best way to update packages on stable In-Reply-To: References: <881F92A17CF94407AA9131B247C4454B@mknotebook> Message-ID: On Mon, 21 Jul 2008, Woodchuck wrote: > I personally am still at 4.2-stable. I ignore the issue. But I > don't offer outside hosts any access. Recent named cache-poisoning > issues are motivating me to install an updated name server. BTW there is an easy-to-install patch for 4.2's named available, if you keep userland source handy (/usr/src/... ) > I'll work out a specific example later, over the next few days, > maybe. Or not. Or not, unless there is some interest. Dave From bulk at szmidt.org Sun Jul 27 06:37:34 2008 From: bulk at szmidt.org (Bulk Mail) Date: Sun, 27 Jul 2008 09:37:34 -0400 Subject: Is OpenBSD a good anti-tempest OS? In-Reply-To: References: <488B2C22.7000908@lavabit.com> <68c491a60807260934n222aad49rda74f686e4bc0c02@mail.gmail.com> Message-ID: <200807270937.35263.bulk@szmidt.org> On Sunday 27 July 2008, Woodchuck wrote: > On Sat, 26 Jul 2008, Martin Schr?der wrote: > > 2008/7/26 Robert Potts : > > > Bad response for a newbie list. Please ignore it. I think this is a It is definitely one of the liabilities with a more or less anonymous environment like the Internet. More people spread poor attitude onto others with little or no judgment on their choice of words. This is why I usually read my emails over before sending them. I try to read it from the view of someone who's never read it before, to see how it sounds like without bias. In the real world one would quickly end up without real friends. And with real friends I mean people who go out of their way to help you. Even put themselves at risk to get you out of a jam. Online it's mostly just an email address, or maybe a name, with little effective relation to the person behind it. Many people don't realize the amount of negative attitude they spread. Fortunately the misc list is one of the very few places where really crappy attitude is encouraged. The justification they use is in effect that OpenBSD is only for a certain group of people. Manners be damned! The problem with that argument, besides common courtesy, is that if so, they should clearly note that on the website. Many decades ago I met a class mate in a restaurant where I was serving tables. At the time he had hung out with a not so savory group. He sat down and when he saw me he said something like "Hello idiot!" Needless to say his service was on par. Later, having noticed that everyone around him got food promptly, he asked me why he got such lousy service. When I pointed out calling your waiter idiot might have something to do with it, he was stunned for a second. Then apologized, saying he did not realize how it sounded like. Made me wonder how many people say that sort of thing? I'm very glad to see people speaking up on this, and other lists. It usually is left to individuals who save the day by doing something about it. Steve Szmidt From macintoshzoom at lavabit.com Tue Jul 29 08:20:44 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Tue, 29 Jul 2008 09:20:44 -0600 Subject: New package xxx contains potentially unsafe operations? Message-ID: <488F354C.8070603@lavabit.com> Updating to current I got this on many packages when pkg_add -v -i -u with PKG_PATH=xxx/snapshot/xxx : e.g.: New package libglade2-2.6.2p1 contains potentially unsafe operations @exec /usr/local/share/libxml2/rebuild proceed? Q1- Do I have to say yes to all? It seems that if I say not many packages will not upgrade, the whole system may have dependency problems ...? Q2- What kind of dangers give those "potentially unsafe operations", highly critical, less critical? Q3- Did any of you got any security problems when said Q1 all yes? Q4- If there is no real dangers, why OpenBSD afraid us with those warnings? I can't sleep well anymore after saying yes to all those "unsafe" warnings. Mac From kousue at gmail.com Tue Jul 29 10:09:34 2008 From: kousue at gmail.com (Nick Guenther) Date: Tue, 29 Jul 2008 13:09:34 -0400 Subject: New package xxx contains potentially unsafe operations? In-Reply-To: <488F354C.8070603@lavabit.com> References: <488F354C.8070603@lavabit.com> Message-ID: <98f5a8830807291009h75aff1ecs9d60ab60e86c9a14@mail.gmail.com> On Tue, Jul 29, 2008 at 11:20 AM, macintoshzoom wrote: > Updating to current I got this on many packages when pkg_add -v -i -u > with PKG_PATH=xxx/snapshot/xxx : > > e.g.: New package libglade2-2.6.2p1 contains potentially unsafe operations > @exec /usr/local/share/libxml2/rebuild > proceed? > > Q1- Do I have to say yes to all? > It seems that if I say not many packages will not upgrade, the whole > system may have dependency problems ...? > > Q2- What kind of dangers give those "potentially unsafe operations", > highly critical, less critical? > > Q3- Did any of you got any security problems when said Q1 all yes? > > Q4- If there is no real dangers, why OpenBSD afraid us with those warnings? > I can't sleep well anymore after saying yes to all those "unsafe" warnings. > I might be wrong about this, but I'm pretty sure the "potentially unsafe" refers to the "@exec" and not the " /usr/local/share/libxml2/rebuild". It's just warning you that the package is calling external scripts, and making sure you know that before you let it happen. So long as you got the packages from a trusted source you should be fine. You could always go read the files that it is @exec'ing and see what they are doing just to be really paranoid. -Nick From josh at jggimi.homeip.net Tue Jul 29 10:48:11 2008 From: josh at jggimi.homeip.net (Josh Grosse) Date: Tue, 29 Jul 2008 13:48:11 -0400 Subject: New package xxx contains potentially unsafe operations? In-Reply-To: <488F354C.8070603@lavabit.com> References: <488F354C.8070603@lavabit.com> Message-ID: <20080729174138.M21451@jggimi.homeip.net> On Tue, 29 Jul 2008 09:20:44 -0600, macintoshzoom wrote > Updating to current I got this on many packages when pkg_add -v -i -u > with PKG_PATH=xxx/snapshot/xxx : > > e.g.: New package libglade2-2.6.2p1 contains potentially unsafe operations > @exec /usr/local/share/libxml2/rebuild > proceed? > > Q1- Do I have to say yes to all? This warning is there to let you know that install/deinstall scripts are about to be run -- and that the scripts *may* fail, due to local modifications you may have made after your previous install. The warning describes the script(s) so that you may then make a go/no-go decision. You may eliminate the question by issuing pkg_add with "-F update" if you wish. That is a quite common usage. From macintoshzoom at lavabit.com Wed Jul 30 09:17:45 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Wed, 30 Jul 2008 10:17:45 -0600 Subject: ftp alternative for pkg_add? Message-ID: <48909429.30809@lavabit.com> I need an alternative to the default system fetch ftp used by pkg_add, that could be socksified via dsocks, e.g. FETCH_CMD="dsocks-torify.sh newsocksifiableftp" Okay only passive ftp. BUT, as pkg_add man says, this alternative must: <<<<<<< man pkg_add : FETCH_CMD Override use of ftp(1). Must point to a command that understands ${FETCH_CMD} -o - url. >>>>>>>>> I like wget, BUT it don't understands the command -o as ftp, it uses -O instead I think, so wget can't be used as a straight replacement to ftp for pkg_add ... ? (unless tweaking the perl pkg_add code?) I want to run pkg_add -u routed via my (only) exit socks 4a/5 proxy server (tor). (dsocks-torify.sh ftp don't work) Thanks. Mac From kousue at gmail.com Wed Jul 30 09:25:24 2008 From: kousue at gmail.com (Nick Guenther) Date: Wed, 30 Jul 2008 12:25:24 -0400 Subject: ftp alternative for pkg_add? In-Reply-To: <48909429.30809@lavabit.com> References: <48909429.30809@lavabit.com> Message-ID: <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> On Wed, Jul 30, 2008 at 12:17 PM, macintoshzoom wrote: > I need an alternative to the default system fetch ftp used by pkg_add, > that could be socksified via dsocks, > e.g. FETCH_CMD="dsocks-torify.sh newsocksifiableftp" > > Okay only passive ftp. > > BUT, as pkg_add man says, this alternative must: > <<<<<<< > man pkg_add : > FETCH_CMD Override use of ftp(1). Must point to a command that > understands ${FETCH_CMD} -o - url. >>>>>>>>>> > I like wget, BUT it don't understands the command -o as ftp, it uses -O > instead I think, so wget can't be used as a straight replacement to ftp > for pkg_add ... ? (unless tweaking the perl pkg_add code?) > > I want to run pkg_add -u routed via my (only) exit socks 4a/5 proxy > server (tor). > (dsocks-torify.sh ftp don't work) > What if you wrote a script that looked for -o that then called wget with -O and used that for FETCH_CMD? -Nick From kousue at gmail.com Wed Jul 30 10:41:26 2008 From: kousue at gmail.com (Nick Guenther) Date: Wed, 30 Jul 2008 13:41:26 -0400 Subject: ftp alternative for pkg_add? In-Reply-To: <4890A3AA.9040302@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> Message-ID: <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> > Nick Guenther wrote: >> On Wed, Jul 30, 2008 at 12:17 PM, macintoshzoom >> wrote: >>> I need an alternative to the default system fetch ftp used by pkg_add, >>> that could be socksified via dsocks, >>> e.g. FETCH_CMD="dsocks-torify.sh newsocksifiableftp" >>> >>> Okay only passive ftp. >>> >>> BUT, as pkg_add man says, this alternative must: >>> <<<<<<< >>> man pkg_add : >>> FETCH_CMD Override use of ftp(1). Must point to a command that >>> understands ${FETCH_CMD} -o - url. >>> I like wget, BUT it don't understands the command -o as ftp, it uses -O >>> instead I think, so wget can't be used as a straight replacement to ftp >>> for pkg_add ... ? (unless tweaking the perl pkg_add code?) >>> >>> I want to run pkg_add -u routed via my (only) exit socks 4a/5 proxy >>> server (tor). >>> (dsocks-torify.sh ftp don't work) >>> >> >> What if you wrote a script that looked for -o that then called wget >> with -O and used that for FETCH_CMD? >> >> -Nick >> On Wed, Jul 30, 2008 at 1:23 PM, macintoshzoom wrote: > Yes, I like that, but I don't know (yet) how to write this script. > My script knowledge ends by now to just simple basic things like: > ------ > #! /bin/sh > kdesu 'pfctl -Fa -f /etc/pf.conf-443+80' && display > /home/xx/pf.conf-reloaded-to-pf.conf-443+80-OKAY.png & > -------- > (I am building an OpenBSD-KDE Desktop) > > I think pkg_add calls ftp with the "-o" command via many different > (perl?) scripts. > Doing a context text file search for "-o", or "fetch", or "FETCH_CMD", > in / can give a clue of where to tweak. > > I think pkg_add -u uses also sysmerge: > The /usr/sbin/sysmerge script mentions the FETCH_CMD= and has a > "FETCH_CMD="/usr/bin/ftp -V -m -k" at line 39. > .. perhaps tweaking all those scripts (which ones?) for wget use > instead of ftp... > > > A script to enable the use of wget for FETCH_CMD= for me should be > excellent. > > Any link where I can learn how to do this kind of scripts? > Or any very similar script to tweak? > > Thanks. > Mac. No... don't tweak pkg_add (at least, not without thinking it through and making it worthy of a patch). Maintaining your own little branch of pkg_add is bad. Use the hook they gave you. Perhaps google for a shell programming tutorial a bit? Shell programming sucks, but it's useful to have in your back pocket. You'll want to use getopt(1) (http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=1). Alternatively, if you want to hack it (since you know exactly what the command line is going to look like) just do: ----- #!/bin/sh wget -O - $3 ----- Doing it this way will break things down the road, but it'll work for this week and if you just want to get your system up that's probably better for you. (note: $3 means the fourth argument token in the command line, but I'm not 100% that will work so please test it yourself). -Nick [by the way, not to nitpick at you personally, but if you could remember to CC the mailing list (unless the discussion has clearly been taken Offline) then everyone else can benefit from the knowledge that we share :)] From macintoshzoom at lavabit.com Wed Jul 30 11:27:01 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Wed, 30 Jul 2008 12:27:01 -0600 Subject: ftp alternative for pkg_add? In-Reply-To: <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> Message-ID: <4890B275.9040706@lavabit.com> I forgot CC to the mailist, sorry to all! I have just added the "reply all" button to the toolbar of my thunderbird. As per your advise, here is what I am going to do, at least for this week and to be able to update my new -current system. I have already rebuilt the kernel, running OK, I have set up already some tweakings as per the page current.html, and now I have to update all my installed packages and ports. Later I will try to build xenocara and setup my radeonhd ATI videocard, as it seem that this new xenocara supports it... Well my fetch-via-wget.sh brand new script is ready as per your tip: ----- #!/bin/sh dsocks-torify.sh wget -O - $3 ----- Placed in my Local_scripts folder. Given executable permission for root only Now what?: edit /root/.profile and add FETCH_CMD="path-to-the-script" (for my next reboot-or how to relod this .profile without rebooting?) As I am not yet sure what .profile is the one that works, I am currently creating the same .profile file in /, in /root and in /home/username, just in case.(?) open my konsole (ksh) $su blabla #export FETCH_CMD="path-to-the-script" (or reboot to load the new .profile)(?) #pkg_add -F alwaysupdate,update,updatedepends -u -v -i .. and now wait and see what happens and if it can get the ftp distfiles, that it's my problem. (ftp honors OKAY my HTTP_PROXY environment for http fetchs and goes okay throught the privoxy+tor socks4a/5 exit proxy server to the world, the problem is how to socksify ftp for ftp files) I will tell you later or tomorrow. Thanks Nick! Mac Nick Guenther wrote: >> Nick Guenther wrote: >>> On Wed, Jul 30, 2008 at 12:17 PM, macintoshzoom >>> wrote: >>>> I need an alternative to the default system fetch ftp used by pkg_add, >>>> that could be socksified via dsocks, >>>> e.g. FETCH_CMD="dsocks-torify.sh newsocksifiableftp" >>>> >>>> Okay only passive ftp. >>>> >>>> BUT, as pkg_add man says, this alternative must: >>>> <<<<<<< >>>> man pkg_add : >>>> FETCH_CMD Override use of ftp(1). Must point to a command that >>>> understands ${FETCH_CMD} -o - url. >>>> I like wget, BUT it don't understands the command -o as ftp, it uses -O >>>> instead I think, so wget can't be used as a straight replacement to ftp >>>> for pkg_add ... ? (unless tweaking the perl pkg_add code?) >>>> >>>> I want to run pkg_add -u routed via my (only) exit socks 4a/5 proxy >>>> server (tor). >>>> (dsocks-torify.sh ftp don't work) >>>> >>> What if you wrote a script that looked for -o that then called wget >>> with -O and used that for FETCH_CMD? >>> >>> -Nick >>> > > On Wed, Jul 30, 2008 at 1:23 PM, macintoshzoom > wrote: >> Yes, I like that, but I don't know (yet) how to write this script. >> My script knowledge ends by now to just simple basic things like: >> ------ >> #! /bin/sh >> kdesu 'pfctl -Fa -f /etc/pf.conf-443+80' && display >> /home/xx/pf.conf-reloaded-to-pf.conf-443+80-OKAY.png & >> -------- >> (I am building an OpenBSD-KDE Desktop) >> >> I think pkg_add calls ftp with the "-o" command via many different >> (perl?) scripts. >> Doing a context text file search for "-o", or "fetch", or "FETCH_CMD", >> in / can give a clue of where to tweak. >> >> I think pkg_add -u uses also sysmerge: >> The /usr/sbin/sysmerge script mentions the FETCH_CMD= and has a >> "FETCH_CMD="/usr/bin/ftp -V -m -k" at line 39. >> .. perhaps tweaking all those scripts (which ones?) for wget use >> instead of ftp... >> >> >> A script to enable the use of wget for FETCH_CMD= for me should be >> excellent. >> >> Any link where I can learn how to do this kind of scripts? >> Or any very similar script to tweak? >> >> Thanks. >> Mac. > > > No... don't tweak pkg_add (at least, not without thinking it through > and making it worthy of a patch). Maintaining your own little branch > of pkg_add is bad. Use the hook they gave you. > > Perhaps google for a shell programming tutorial a bit? Shell > programming sucks, but it's useful to have in your back pocket. You'll > want to use getopt(1) > (http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=1). > Alternatively, if you want to hack it (since you know exactly what the > command line is going to look like) just do: > ----- > #!/bin/sh > wget -O - $3 > ----- > Doing it this way will break things down the road, but it'll work for > this week and if you just want to get your system up that's probably > better for you. > (note: $3 means the fourth argument token in the command line, but I'm > not 100% that will work so please test it yourself). > > > -Nick > [by the way, not to nitpick at you personally, but if you could > remember to CC the mailing list (unless the discussion has clearly > been taken Offline) then everyone else can benefit from the knowledge > that we share :)] > From sparctacus at gmail.com Wed Jul 30 13:53:17 2008 From: sparctacus at gmail.com (Bryan Irvine) Date: Wed, 30 Jul 2008 13:53:17 -0700 Subject: ftp alternative for pkg_add? In-Reply-To: <4890B275.9040706@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> Message-ID: <53d706300807301353i28956d8eu93812ea41403e80f@mail.gmail.com> > Now what?: > > edit /root/.profile and add > FETCH_CMD="path-to-the-script" > (for my next reboot-or how to relod this .profile without rebooting?) > > As I am not yet sure what .profile is the one that works, I am currently > creating the same .profile file in /, in /root and in /home/username, > just in case.(?) > .profile is correct log out of your shell and re-login to make sure you got it right. -Bryan From jus at krytosvirus.com Wed Jul 30 16:42:01 2008 From: jus at krytosvirus.com (Justin Krejci) Date: Wed, 30 Jul 2008 18:42:01 -0500 Subject: Too lazy to keep up with OpenBSD releases? You can still upgrade BIND Message-ID: <04be01c8f29d$dd80c450$e017a8c0@usicorp.usinternet.com> Here are some simple instructions you can follow to upgrade your OpenBSD DNS server running a no longer supported version of OpenBSD in case you are concerned about the recent cache poisoning vulnerability. I cannot vouch for the reliability of running a newer version of BIND on an older version of OpenBSD but it appears stable running the 4.3 BIND on a 3.8 system. Please expect your kernel to send you hate mail, your keyboard keys to pop out, and your network card to drop every other packet if you follow these procedures. Step 1 Determine you really cannot upgrade to a recent version of OpenBSD. Step 2 Verify your DNS server is vulnerable dig txt +short porttest.dns-oarc.net @YOUR_SERVER Look for the response. If it does not say GREAT you are probably vulnerable. Step 3 mkdir /tmp/4.3 cd /tmp/4.3 wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/004_bind.patch wget ftp://ftp.openbsd.org/pub/OpenBSD/4.3/src.tar.gz tar zxf src.tar.gz patch -p0 < 004_bind.patch cd usr.sbin/bind make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper sudo make -f Makefile.bsd-wrapper install sudo kill -TERM `cat /var/run/named.pid` sudo named -t /var/named Step 4 Verify you are no longer vulnerable dig txt +short porttest.dns-oarc.net @YOUR_SERVER Now this should respond back with "GREAT". You can visit https://www.dns-oarc.net/ for more info about the testing procedure. From phessler at theapt.org Wed Jul 30 18:10:54 2008 From: phessler at theapt.org (Peter Hessler) Date: Wed, 30 Jul 2008 18:10:54 -0700 Subject: Too lazy to keep up with OpenBSD releases? You can still upgrade BIND In-Reply-To: <04be01c8f29d$dd80c450$e017a8c0@usicorp.usinternet.com> References: <04be01c8f29d$dd80c450$e017a8c0@usicorp.usinternet.com> Message-ID: <20080731011054.GO23261@gir.theapt.org> This is bad advice. *Please* keep your self up to date. Upgrades are quick, and provide many other advances and improvements to the system. http://www.openbsd.org/faq/upgrade43.html -- Today is a good day to bribe a high-ranking public official. From kousue at gmail.com Thu Jul 31 00:57:37 2008 From: kousue at gmail.com (Nick Guenther) Date: Thu, 31 Jul 2008 03:57:37 -0400 Subject: ftp alternative for pkg_add? In-Reply-To: <53d706300807301353i28956d8eu93812ea41403e80f@mail.gmail.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> <53d706300807301353i28956d8eu93812ea41403e80f@mail.gmail.com> Message-ID: <98f5a8830807310057w26a218b9hec7bc5c321919c1f@mail.gmail.com> On 7/30/08, Bryan Irvine wrote: > > > > Now what?: > > > > edit /root/.profile and add > > FETCH_CMD="path-to-the-script" > > (for my next reboot-or how to relod this .profile without rebooting?) > > > > As I am not yet sure what .profile is the one that works, I am currently > > creating the same .profile file in /, in /root and in /home/username, > > just in case.(?) > > > > > > .profile is correct > > log out of your shell and re-login to make sure you got it right. > > I usually just do $. ~/.profile to test it From kousue at gmail.com Thu Jul 31 00:59:08 2008 From: kousue at gmail.com (Nick Guenther) Date: Thu, 31 Jul 2008 03:59:08 -0400 Subject: ftp alternative for pkg_add? In-Reply-To: <4890B275.9040706@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> Message-ID: <98f5a8830807310059n4f794b5at485dee11455b1922@mail.gmail.com> On Wed, Jul 30, 2008 at 2:27 PM, macintoshzoom wrote: > I forgot CC to the mailist, sorry to all! > I have just added the "reply all" button to the toolbar of my thunderbird. > > As per your advise, here is what I am going to do, at least for this > week and to be able to update my new -current system. > I have already rebuilt the kernel, running OK, I have set up already > some tweakings as per the page current.html, and now I have to update > all my installed packages and ports. > > Later I will try to build xenocara and setup my radeonhd ATI videocard, > as it seem that this new xenocara supports it... > > > Well my fetch-via-wget.sh brand new script is ready as per your tip: > ----- > #!/bin/sh > dsocks-torify.sh wget -O - $3 > ----- > > Placed in my Local_scripts folder. > Given executable permission for root only > > Now what?: > > edit /root/.profile and add > FETCH_CMD="path-to-the-script" > (for my next reboot-or how to relod this .profile without rebooting?) > > As I am not yet sure what .profile is the one that works, I am currently > creating the same .profile file in /, in /root and in /home/username, > just in case.(?) More detail: When you login ~/.profile gets "sourced" (equivalent to saying "$. ~/.profile" on the command line). ~ is whatever your login dir is, so which .profile you edit to do this depends on what user you're running as. Usually I put my environment variables in my "user" account, and then use sudo (so that I'm somewhat protected against slippy fingers). There is no /.profile, that's never used by anything. Every .profile file goes with a login dir. All the login dirs are under /home, except for /root. Good luck. -Nick From macintoshzoom at lavabit.com Thu Jul 31 01:41:36 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Thu, 31 Jul 2008 02:41:36 -0600 Subject: ftp alternative for pkg_add? In-Reply-To: <98f5a8830807310059n4f794b5at485dee11455b1922@mail.gmail.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> <98f5a8830807310059n4f794b5at485dee11455b1922@mail.gmail.com> Message-ID: <48917AC0.10603@lavabit.com> So pkg_add uses /root/.profile, as it runs as root if I use su from the console. Right? If I use instead sudo (wich I never use anyway), it's /home/username/.profile what matters? Right? Nick Guenther wrote: > On Wed, Jul 30, 2008 at 2:27 PM, macintoshzoom > wrote: >> I forgot CC to the mailist, sorry to all! >> I have just added the "reply all" button to the toolbar of my thunderbird. >> >> As per your advise, here is what I am going to do, at least for this >> week and to be able to update my new -current system. >> I have already rebuilt the kernel, running OK, I have set up already >> some tweakings as per the page current.html, and now I have to update >> all my installed packages and ports. >> >> Later I will try to build xenocara and setup my radeonhd ATI videocard, >> as it seem that this new xenocara supports it... >> >> >> Well my fetch-via-wget.sh brand new script is ready as per your tip: >> ----- >> #!/bin/sh >> dsocks-torify.sh wget -O - $3 >> ----- >> >> Placed in my Local_scripts folder. >> Given executable permission for root only >> >> Now what?: >> >> edit /root/.profile and add >> FETCH_CMD="path-to-the-script" >> (for my next reboot-or how to relod this .profile without rebooting?) >> >> As I am not yet sure what .profile is the one that works, I am currently >> creating the same .profile file in /, in /root and in /home/username, >> just in case.(?) > > More detail: > When you login ~/.profile gets "sourced" (equivalent to saying "$. > ~/.profile" on the command line). ~ is whatever your login dir is, so > which .profile you edit to do this depends on what user you're running > as. Usually I put my environment variables in my "user" account, and > then use sudo (so that I'm somewhat protected against slippy fingers). > > There is no /.profile, that's never used by anything. Every .profile > file goes with a login dir. All the login dirs are under /home, except > for /root. > > Good luck. > -Nick > From macintoshzoom at lavabit.com Thu Jul 31 02:27:50 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Thu, 31 Jul 2008 03:27:50 -0600 Subject: ftp alternative for pkg_add? wget-script failed. In-Reply-To: <4890B275.9040706@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> Message-ID: <48918596.6030809@lavabit.com> The wget script experiment didn't work. macintoshzoom wrote: > I forgot CC to the mailist, sorry to all! > I have just added the "reply all" button to the toolbar of my thunderbird. > > As per your advise, here is what I am going to do, at least for this > week and to be able to update my new -current system. > I have already rebuilt the kernel, running OK, I have set up already > some tweakings as per the page current.html, and now I have to update > all my installed packages and ports. > > Later I will try to build xenocara and setup my radeonhd ATI videocard, > as it seem that this new xenocara supports it... > > > Well my fetch-via-wget.sh brand new script is ready as per your tip: > ----- > #!/bin/sh > dsocks-torify.sh wget -O - $3 > ----- > > Placed in my Local_scripts folder. > Given executable permission for root only > > Now what?: > > edit /root/.profile and add > FETCH_CMD="path-to-the-script" > (for my next reboot-or how to relod this .profile without rebooting?) > > As I am not yet sure what .profile is the one that works, I am currently > creating the same .profile file in /, in /root and in /home/username, > just in case.(?) > > open my konsole (ksh) > > $su > blabla > #export FETCH_CMD="path-to-the-script" > (or reboot to load the new .profile)(?) > #pkg_add -F alwaysupdate,update,updatedepends -u -v -i > .. > > and now wait and see what happens and if it can get the ftp distfiles, > that it's my problem. > (ftp honors OKAY my HTTP_PROXY environment for http fetchs and goes okay > throught the privoxy+tor socks4a/5 exit proxy server to the world, the > problem is how to socksify ftp for ftp files) > > I will tell you later or tomorrow. > > Thanks Nick! > > Mac > > > > Nick Guenther wrote: >>> Nick Guenther wrote: >>>> On Wed, Jul 30, 2008 at 12:17 PM, macintoshzoom >>>> wrote: >>>>> I need an alternative to the default system fetch ftp used by pkg_add, >>>>> that could be socksified via dsocks, >>>>> e.g. FETCH_CMD="dsocks-torify.sh newsocksifiableftp" >>>>> >>>>> Okay only passive ftp. >>>>> >>>>> BUT, as pkg_add man says, this alternative must: >>>>> <<<<<<< >>>>> man pkg_add : >>>>> FETCH_CMD Override use of ftp(1). Must point to a command that >>>>> understands ${FETCH_CMD} -o - url. >>>>> I like wget, BUT it don't understands the command -o as ftp, it uses -O >>>>> instead I think, so wget can't be used as a straight replacement to ftp >>>>> for pkg_add ... ? (unless tweaking the perl pkg_add code?) >>>>> >>>>> I want to run pkg_add -u routed via my (only) exit socks 4a/5 proxy >>>>> server (tor). >>>>> (dsocks-torify.sh ftp don't work) >>>>> >>>> What if you wrote a script that looked for -o that then called wget >>>> with -O and used that for FETCH_CMD? >>>> >>>> -Nick >>>> >> On Wed, Jul 30, 2008 at 1:23 PM, macintoshzoom >> wrote: >>> Yes, I like that, but I don't know (yet) how to write this script. >>> My script knowledge ends by now to just simple basic things like: >>> ------ >>> #! /bin/sh >>> kdesu 'pfctl -Fa -f /etc/pf.conf-443+80' && display >>> /home/xx/pf.conf-reloaded-to-pf.conf-443+80-OKAY.png & >>> -------- >>> (I am building an OpenBSD-KDE Desktop) >>> >>> I think pkg_add calls ftp with the "-o" command via many different >>> (perl?) scripts. >>> Doing a context text file search for "-o", or "fetch", or "FETCH_CMD", >>> in / can give a clue of where to tweak. >>> >>> I think pkg_add -u uses also sysmerge: >>> The /usr/sbin/sysmerge script mentions the FETCH_CMD= and has a >>> "FETCH_CMD="/usr/bin/ftp -V -m -k" at line 39. >>> .. perhaps tweaking all those scripts (which ones?) for wget use >>> instead of ftp... >>> >>> >>> A script to enable the use of wget for FETCH_CMD= for me should be >>> excellent. >>> >>> Any link where I can learn how to do this kind of scripts? >>> Or any very similar script to tweak? >>> >>> Thanks. >>> Mac. >> >> No... don't tweak pkg_add (at least, not without thinking it through >> and making it worthy of a patch). Maintaining your own little branch >> of pkg_add is bad. Use the hook they gave you. >> >> Perhaps google for a shell programming tutorial a bit? Shell >> programming sucks, but it's useful to have in your back pocket. You'll >> want to use getopt(1) >> (http://www.openbsd.org/cgi-bin/man.cgi?query=getopt&sektion=1). >> Alternatively, if you want to hack it (since you know exactly what the >> command line is going to look like) just do: >> ----- >> #!/bin/sh >> wget -O - $3 >> ----- >> Doing it this way will break things down the road, but it'll work for >> this week and if you just want to get your system up that's probably >> better for you. >> (note: $3 means the fourth argument token in the command line, but I'm >> not 100% that will work so please test it yourself). >> >> >> -Nick >> [by the way, not to nitpick at you personally, but if you could >> remember to CC the mailing list (unless the discussion has clearly >> been taken Offline) then everyone else can benefit from the knowledge >> that we share :)] >> > > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From marmot at pennswoods.net Thu Jul 31 03:06:09 2008 From: marmot at pennswoods.net (Woodchuck) Date: Thu, 31 Jul 2008 06:06:09 -0400 (EDT) Subject: ftp alternative for pkg_add? wget-script failed. In-Reply-To: <48918596.6030809@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> <48918596.6030809@lavabit.com> Message-ID: On Thu, 31 Jul 2008, macintoshzoom wrote: > The wget script experiment didn't work. How did you test it? What were the results? (By "results" I mean an actual byte-by-byte transcript, not what you recall later, or something vague like "the server didn't answer".) What was the script? What is the path to the script? Did you put the path into the environment variable? What was the environment when the script was/should have been called? These are among the things that would be helpful to you to obtain a result. "My car doesn't go". Why are you top-posting and re-quoting the entire thread? Please, have a heart. Dave From macintoshzoom at lavabit.com Thu Jul 31 03:20:58 2008 From: macintoshzoom at lavabit.com (macintoshzoom) Date: Thu, 31 Jul 2008 04:20:58 -0600 Subject: ftp alternative for pkg_add? wget-script failed. In-Reply-To: References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> <48918596.6030809@lavabit.com> Message-ID: <4891920A.5080106@lavabit.com> Yes, I am preparing the report for later I just wanted to use pkg_add through tor. Everything seems soooo complicated, a bit tired now, need to sleep a bit. Woodchuck wrote: > On Thu, 31 Jul 2008, macintoshzoom wrote: > >> The wget script experiment didn't work. > > How did you test it? What were the results? (By "results" I mean > an actual byte-by-byte transcript, not what you recall later, or something > vague like "the server didn't answer".) > > What was the script? What is the path to the script? Did you put > the path into the environment variable? > > What was the environment when the script was/should have been called? > > These are among the things that would be helpful to you to obtain > a result. > > "My car doesn't go". > > Why are you top-posting and re-quoting the entire thread? Please, > have a heart. > > Dave > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > From kousue at gmail.com Thu Jul 31 08:09:46 2008 From: kousue at gmail.com (Nick Guenther) Date: Thu, 31 Jul 2008 11:09:46 -0400 Subject: ftp alternative for pkg_add? In-Reply-To: <48917AC0.10603@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> <98f5a8830807310059n4f794b5at485dee11455b1922@mail.gmail.com> <48917AC0.10603@lavabit.com> Message-ID: <98f5a8830807310809x4c999241u3fc65145cfe670d@mail.gmail.com> On Thu, Jul 31, 2008 at 4:41 AM, macintoshzoom wrote: > > So pkg_add uses /root/.profile, as it runs as root if I use su from the > console. > Right? > > If I use instead sudo (wich I never use anyway), it's > /home/username/.profile what matters? > Right? > Yes. You've got it. Just a nit: pkg_add uses PKG_PATH which is an environment variable. .profile is just a convenient place for you to set that environment variable on every log in. pkg_add doesn't know about .profile. You should really get into the habit of using sudo! root is a single point of failure, you should touch it as little as possible, only use it to save your system when things break. -Nick From sparctacus at gmail.com Thu Jul 31 10:54:45 2008 From: sparctacus at gmail.com (Bryan Irvine) Date: Thu, 31 Jul 2008 10:54:45 -0700 Subject: ftp alternative for pkg_add? In-Reply-To: <48917AC0.10603@lavabit.com> References: <48909429.30809@lavabit.com> <98f5a8830807300925k1de98c32l5f6e3c55f3e14a7e@mail.gmail.com> <4890A3AA.9040302@lavabit.com> <98f5a8830807301041p2f359a04wc2718338a3664fbc@mail.gmail.com> <4890B275.9040706@lavabit.com> <98f5a8830807310059n4f794b5at485dee11455b1922@mail.gmail.com> <48917AC0.10603@lavabit.com> Message-ID: <53d706300807311054p1faaaeb5i1d017827bf51f957@mail.gmail.com> On Thu, Jul 31, 2008 at 1:41 AM, macintoshzoom wrote: > So pkg_add uses /root/.profile, as it runs as root if I use su from the > console. > Right? erm, kinda. When you log in .profile gets run and sets the PKG_PATH environment variable. pkg_add 'uses' the environment variable. > If I use instead sudo (wich I never use anyway), it's > /home/username/.profile what matters? > Right? though you can get the full environment set by using -i examples: my $PATH me at mine:~$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games still my $PATH even though I've sudo'd me at mine:~$ sudo echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/games root's $PATH me at mine:~$ sudo -i -- -c 'echo $PATH' /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin me at mine:~$ -Bryan