Jake Luck | 1 Aug 22:36 2003

Re: Favorite IDE for C programming on OpenBSD

you might also want to check out /usr/ports/plan9/wily/
it is a wonderful editor that is streamlined for
programming.

jake

STeve Andre' | 1 Aug 01:21 2003
Picon

Re: openbsd partitions suggestion

Chuck is saying something that is very important and should
be listened to.  The first couple of times I installed an OpenBSD
system I got the partitions wrong.  I figured this out after a few
days of playing around, and rebuilt everything.  It taught me
how to save the important config files so I could do this in a
small amount of time, and let me get things to where they were
really useful.

Plan on building up OpenBSD a half dozen times.  It will come
in handy when some emergency happens and you need to
make up a new system quickly to replace a dead one.

--STeve Andre'

On Thursday 31 July 2003 03:18 pm, Chuck Yerkes wrote:
> Install it.  Build (from /usr/ports) what you want.
> Play with it for a week.
> Look at what it needs.
> trash it
> reinstall/repartition.
>
> Quoting Gëzim Hoxha (hgezim <at> yahoo.com):
> > Hi, I'm G?zim Hoxha, and I'm new to his mailing list
> > and to openbsd. I still have not installed it
> > (OpenBSD).
> > I have a machine with 13GB that I want to install
> > openbsd on. In this machine I want apache, a mail
> > server, ftp server, mysql, php, perl, and other things
> > for a website. It's just gonna be a dedicated web
> > server basically. I want to hear some suggestions as
(Continue reading)

Nick Holland | 1 Aug 01:32 2003
Picon

Re: new bind

Jay Jennings wrote:
> 
> Setting up Bind used to be in the Faqs Section 6.  I noticed a few days ago
> it is gone now, will it be retuning?

No.

The old section was on BIND4.  
OpenBSD shipped BIND4 long after almost everything else on the 'net
was saying "Don't use BIND4 because it is 'insecure'" (btw: we were
right, they were wrong. 8-).  Now that BIND9 is included with the base
system, the BIND4 docs were no longer relevant... plus BIND9 is well
documented elsewhere.  My original plan was to leave the old document
in place with a note at the top saying "This is for 3.2 and before,
BIND9 is well docuemented elsewhere", and include a list of OpenBSD
enhancements to BIND9 for the 3.3-release cycle.  Well, apparently
people couldn't read the note at the top, and kept telling me OpenBSD
3.3 included BIND9 not BIND4, so to simplify my life, I removed it (it
was either that or use <blink></blink>, and as I got to look at it
when maintaining it, that was out).

There are certain things I don't really want to have in the FAQ.  BIND
and Sendmail are two of them.  The reason is this: I don't want
someone reading a few paragraphs and thinking they understand these
topics.  That's not the way it works.  BIND is a complex tool as part
of a complex system (the Internet DNS).  Following a "HOWTO" document
and thinking you are a capable DNS (or mail) administrator is just
foolish, and I don't want to encourage that.  

The Sendmail book is something like 1000 pages.  The BIND book is not
(Continue reading)

fmartinez | 1 Aug 01:38 2003

Re: openbsd partitions suggestion

i use this configuration..

/ - 200M
swap - 512M (varies)
/spare - 1024M
/var - 1024M
/usr - 800M
/usr/local - 1024M
/home - 'free leftovers'

this is for servers running all/some/none of php/perl/mysql/squid..

Frank

> Chuck is saying something that is very important and should
> be listened to.  The first couple of times I installed an OpenBSD
> system I got the partitions wrong.  I figured this out after a few
> days of playing around, and rebuilt everything.  It taught me
> how to save the important config files so I could do this in a
> small amount of time, and let me get things to where they were
> really useful.
>
> Plan on building up OpenBSD a half dozen times.  It will come
> in handy when some emergency happens and you need to
> make up a new system quickly to replace a dead one.
>
> --STeve Andre'
>
> On Thursday 31 July 2003 03:18 pm, Chuck Yerkes wrote:
>> Install it.  Build (from /usr/ports) what you want.
(Continue reading)

Marco Peereboom | 1 Aug 10:30 2003
Picon

Re: Dell 2650 with PERC3-DI will not boot

There is also a patch lingering in the archives that you want to apply.

Works like a champ with ahc disabled. On the 2650 you can also go to RAID/RAID 
mode in the BIOS; this eliminates the need to disabling ahc.

 On Thursday 31 July 2003 15:35, Raymond Morsman wrote:
> Op donderdag 31 juli 2003 22:30, schreef John Kaiser:
> > I have a shiny new Dell 2650 that I would like to do an install on.
> > It has the PERC3-DI mirrored scsi adapter.  This adapter is on the
> > hardware list and is shown as using the aac driver.
> 
> Have you disabled ahc* from the kernel? It should do the trick:
> 
> boot -c
> disable ahc*
> exit
> 
> Raymond.

Nick Holland | 1 Aug 01:41 2003
Picon

Re: openbsd partitions suggestion

STeve Andre' wrote:
> 
> Chuck is saying something that is very important and should
> be listened to.  The first couple of times I installed an OpenBSD
> system I got the partitions wrong.  I figured this out after a few
> days of playing around, and rebuilt everything.  It taught me
> how to save the important config files so I could do this in a
> small amount of time, and let me get things to where they were
> really useful.
> 
> Plan on building up OpenBSD a half dozen times.  It will come
> in handy when some emergency happens and you need to
> make up a new system quickly to replace a dead one.
> 
> --STeve Andre'
> 
> On Thursday 31 July 2003 03:18 pm, Chuck Yerkes wrote:
> > Install it.  Build (from /usr/ports) what you want.
> > Play with it for a week.
> > Look at what it needs.
> > trash it
> > reinstall/repartition.

And I'm going to add my voice here, too.

What Chuck and STeve said.  Do it.

The idea that you can just do your first install and be "right" is so
silly.  No one hands a first time driver the keys to a Formula One
race car and says, "Ok, you are running the race in five minutes. 
(Continue reading)

Ben Goren | 1 Aug 02:49 2003

Re: blocking new version of kazaa

On Wed, Jul 30, 2003 at 10:06:36PM -0400, Nick Holland wrote:

> Anyway, you  set up  a DNS  resolver for  your network,  but you
> "poison" it with little  tidbits...for example, instead of doing
> a "proper" search to find out what *.kazaa.com is, just tell the
> resolver  to  ask that  program  over  there...which happens  to
> respond "192.168.1.10", "127.0.0.1" or some other address within
> your network for EVERY question it is asked.

Since Nick  is using that unclean  DNS server, I thought  I'd just
chime  in with  how you'd  do  it with  the real  manly man's  DNS
server. I haven't upgraded  to BIND 9 yet, but I  can't imagine it
being *that* different....

Anyway, in your /var/named/named.boot file, add a line like this:

    primary kazaa.com kazaa

(Of  course, you'll  have  to set  up BIND  to  work properly  for
evrything else, too. If  you don't know how, learn  before you try
to do this kind of poisoning.)

Then, /var/named/namedb/kazaa will look like:

    kazaa.com. IN SOA dns.example.com. myemail.example.com. (
        2003073101  ;    serial
        10800       ;    refresh
        3600        ;    retry
        3600000     ;    expire
        86400 )     ;    minimum
(Continue reading)

Oblek | 1 Aug 03:52 2003

Re: blocking new version of kazaa

This setup took me 8 minutes to complete:

1. install dsniff
2. edit dnsspoof.hosts
3. run dnsspoof

it was simple enough, that my granny can do it :)

> On Wed, Jul 30, 2003 at 10:06:36PM -0400, Nick Holland wrote:
> 
> > Anyway, you  set up  a DNS  resolver for  your network,  but you
> > "poison" it with little  tidbits...for example, instead of doing
> > a "proper" search to find out what *.kazaa.com is, just tell the
> > resolver  to  ask that  program  over  there...which happens  to
> > respond "192.168.1.10", "127.0.0.1" or some other address within
> > your network for EVERY question it is asked.
> 
> Since Nick  is using that unclean  DNS server, I thought  I'd just
> chime  in with  how you'd  do  it with  the real  manly man's  DNS
> server. I haven't upgraded  to BIND 9 yet, but I  can't imagine it
> being *that* different....
> 
> Anyway, in your /var/named/named.boot file, add a line like this:
> 
>     primary kazaa.com kazaa
> 
> (Of  course, you'll  have  to set  up BIND  to  work properly  for
> evrything else, too. If  you don't know how, learn  before you try
> to do this kind of poisoning.)
> 
(Continue reading)

Nick Holland | 1 Aug 04:10 2003
Picon

IPsec FAQ

Sorry for the overdue-ness of this note... I think I probably owe
everyone a note about why I did the rather drastic act of blanking out
an entire section of the FAQ without replacing it with anything.  

The section was obsolete and not being actively maintained in the way
it needed to be: namely, when critical changes are made, that they get
back into the FAQ.  YES, there was a lot of good information in
faq13.html, but there is also a lot of inaccurate info.  I do not feel
it is appropriate to expect users to guess what is good and what is
not. 

The trickle of "fix this"  "this changed" etc. that came in wasn't
resulting in a good document, just something that was slightly less
wrong.  

Yes, I want a new IPsec FAQ.  I would welcome any old parts from the
old faq13.html that are appropriate.  However, based on the number of
IPsec questions on the mail lists (and the resounding lack of "Read
the FAQ, dammit!" responses), I don't think simply correcting what was
there is sufficient.  This is why I wiped it out, to free people
from feeling they had to "tweak" the existing document.  If there is
good stuff from the old document you want, GREAT, it is in cvs, and it
will remain there.  But don't feel any need to retain any amount of
it.

Unfortunately, I do not have the qualifications to write a good IPsec
document at this time, and the time required for me to get "up to
speed" will basically prevent me from getting any other FAQ work
done...and there is a LOT I want to do.

(Continue reading)

Brian A. Seklecki | 1 Aug 04:16 2003

Re: isakmpd problem

On Thu, 2003-07-31 at 06:55, Nico Schottelius wrote:
> Brian A. Seklecki [Wed, Jul 30, 2003 at 05:10:59PM -0400]:
> > On Wed, 2003-07-30 at 13:09, Nico Schottelius wrote:
> > > Hello!
> > >
> > > I know this is an OpenBSD list, but I have an isakmpd problem on Linux.
> > > I hope you still can help me, as I didn't find any other ML!
> > >
> > > I am trying to establish a simple tunnel..
> > >
> >
> > This looks very generic.  The logs appear to be adding a SA entry the
> > SAD.  How do you view the kernel SAD in Linux?
> 
> that's a good question. I have no tools (like I think pf in *bsd),
> but I am examining the proc interface right now....and I cannot find
> anything!

Which linux IPSec implantation is it?  How is isakmpd(8) interfacing the
kernel?

> 
> 
> > That's the first thing
> > I'd do is forget 160k of isakmpd(8) debugging output and try to find out
> > if SA entries are getting added.
> 
> good..at least another point to search for..
> 
> > When you say "no pings go through", are you talking about your GRE
(Continue reading)


Gmane