Monday, October 31, 2005

just waiting ....

Hi hari udah tanggal 31 Oktober, besok udah 1 November, nggak ada yang di harapin sih, besok OpenBSD 3.8 katanya dah keluar .. ya moga moga bisa download

Monday, October 24, 2005

AT-2916T on OpenBSD box

i never know if it's gonna be nightmare for me, first time i use it it seems ok ... but when i deeply use it ... the trouble was begin. This interface going "watch dog time out" in random time and unpredictable, i connect the "sk" interface to my 10/100 switch cause i didn't have gigabit switch.

It's confuse me for several month, and finaly i make dirty editing to the kernel source, I eliminate the watchdog function :P it's kind 'sick' but the interface was work fine for several week, i use those 2 "sk" as bridge limiter with hfsc disciplin.

Last login: Mon Oct 24 22:45:46 2005 from 192.168.25.25
OpenBSD 3.7 (btx) #2: Thu Oct 13 13:43:16 WIT 2005

@btx ~ #
@btx ~ # /usr/sys/dev/pci/if_sk.c

line : 1793

void
sk_watchdog(struct ifnet *ifp)
{
struct sk_if_softc *sc_if = ifp->if_softc;

printf("%s: watchdog timeout .. sorry seems to be the hardest word\n", sc_if->sk_dev.dv_xname);
// ifp->if_flags &= ~IFF_RUNNING;
// sk_init(sc_if);
}

Thursday, October 13, 2005

nih OpenBSD

How does OpenBSD network stack compare with Linux?

Ryan McBride: The "Linux stack" is a concept that is very hard to pin down because there are so many versions, distributions, 3rd party patches and modules, etc. People might tell you that Linux has the capability to do X, Y, or Z that OpenBSD enables by default, but they don't tell you that you have to dig around for the patches, enable the right compile flags, load the right modules and sacrifice a goat on the full moon. And even then it's incomplete and buggy.

Because of this, I think OpenBSD's main strength is the following: these security features are easy to use. (Which is somewhat ironic as OpenBSD has a mistaken reputation for not being user friendly.) Our approach is simple: Proactively implement security features. Enable these features by default. Minimize the number of "buttons" - compile-time or run-time options. And document rigorously.

It seems that OpenBSD focus on proactive security and provides good results even against new attacks. I remember when Paul Watson published his paper "Slipping in the Window: TCP Reset Attacks" around May, 2004, and OpenBSD was the only OS not vulnerable by default. However I'm wondering if sometimes it's also the result of undisclosed information from researchers...

The TCP window attack was particularly effective against long TCP sessions, so the biggest target was BGP, and for some magical reasons in that period you released the first version of OpenBGPD, a BSD-licensed implementation of BGP, so that people could use it to replace vulnerable systems to handle routing information.

I'm wondering how you chose to start working on a bizarre thing such as a BGP implementation in the end of 2003? Did you get any preview of Watson's paper?

Wednesday, October 12, 2005

sk progress

Alkhamdulilah .... sk nya masih dapet hidup walaupun watchdog time out and shapingnya juga masih jalan

Monday, October 10, 2005

sk progress

ni lancard sk0 ama sk1 kok gak mati seperti biasanya :D . . . catatan : semua interface dikasih IP, bridging seperti biasanya ... tapi sk_watchdong di kernel
di-modif dikit .... moga moga sip ni .... aku dah capek .... sampe hari ini udah ngelewatin data 18MB, kecil emang ..... masalahnya cuman dari komputer ku doang ... ;)