Re: Update Databases from Webserver
Troy, Maybe the 'commercial question' that should be asked is.. Why do you need this highly troublesome data within your system? NOTE : I am not expecting you to answer that here in public forum, but maybe you as (potential) sysadmin should be asking it of your CEO, CIO, legal pipple, etc etc. You want to be sure that you have very good paper covering _your_ nether regions! ;-o my 0.02c worth mjt On Tue, 2004-09-07 at 14:55, FreeBSD Mail Lists wrote: Richard, Thanks for your reply. I thought there was something terribly wrong with that logic. So I thought I would ask in this mail list since people have been great here in the past about everything else I wanted to know. Are there any security lists in relation to ecommerce that you would recommend? So I can stop annoying everyone else here. I just don't want to make anymore mistakes than I have to starting down this road. Thanks again, Troy -Original message- From: Richard Lynch [EMAIL PROTECTED] Date: Mon, 6 Sep 2004 17:22:54 -0600 To: FreeBSD Mail Lists [EMAIL PROTECTED] Subject: Re: Update Databases from Webserver FreeBSD Mail Lists wrote: I would like to see how other people are updating backend databases (postgresql on FreeBSD, internal network) from a webserver (apache,php on FreeBSD, dmz network) through a firewall. Pretty much what I am trying to learn is how to take private information (credit card numbers, etc.) and write it to a backend database without leaving any huge holes for hacking. Should this be done or am I barking up the wrong tree, should there be an intermediary step? I have been trying to find information books/web that gives a real nuts and bolts way of trying to do this stuff and am not having a lot of luck. Any pointers books or sites would be appreciated. The most common answer is Don't do that 99.9% of e-commerce sites have absolutely no business storing credit card numbers on any hardware they own. They should simply run the transaction through their Merchant Account (bank) computer using a secure connection, and the software provided by their Merchant Account (bank). If you need a recurring charge, you can run your charge through the Merchant Account as a recurring charge (whoda thunk it?) and the Merchant Account software will give you back a unique transaction # to refer to if you ever need to cancel THAT particular recurring charge. You would store only that transaction number, and *NOT* the customer's credit card charge. In the unlikely event that you really *ARE* in the 0.01% of servers that needs to store credit card info... Well, it's kinda scare that you're asking here, rather than a security mailing list, but here is *ONE* solution that may be worth considering. I am posting to the list so that others can tell us just how inadequate this is. You should also be aware that by no means am I an expert -- I am simply describing what has been described to me as the right way (tm) to do this. My information may be out of date. (It's been awhile.) I chose to let the Merchant Account (bank) worry about keeping credit card numbers safe, rather than do all of the following. You probably should too. Depending on the current interpretation of existing laws, you, the web developer, may or may not be held responsible for *ANY* damages that result from your work -- no matter how faultless you may be in reality. We're talking legalities here, not reality. Did I mention that you really shouldn't be doing this at all? Good. First, your servers *MUST* be in a physically secure location, with access limited to *ONLY* people you really really really trust. No software in the world will do you any damn good if a not-so-honest person can waltz in and play around with the hardware! If you *CANNOT* guarantee that the hardware in question can *ONLY* be accessed by trusted individuals, than you should stop reading right here and now. This rules out shared servers, co-location (IMHO), and almost all corporate servers, which need too many people of limited trust value to be able to access them to keep them up. Next, you need a SECOND server which will be used to hold credit card info, and that second computer will *NOT* be connected to the Internet (directly) You put an extra NIC in your web-server, and run a cross-over cable to the SECOND server, the extra one, which will hold the credit card numbers. You limit ethernet access to that second computer which will hold credit cards so that *ONLY* the one computer connected to it via the cross-over cable will be allowed to connect. The extra NIC in the web-server and the SECOND server are both on a separate sub-net from everything else in your system. IE, the only interface cards in your entire organization that utilize the IP address space
Re: httpd with SSL
Yee ... thanks a lot. Cristi On Mon, 2004-09-06 at 18:20, Josh Hansen wrote: Cristi Tauber wrote: Hello, I installed from ports (switched from sources ... hope to learn :) ) apache 1.3.29 with mod-ssl. All good ... httpd works ... i issued a certificate ... but now when my computer reboots and apache starts in ssl mode it asks for pass phrase !!! So ... if computer reboots over night someone have to write the pass phrase so the computer can start. This is annoying ... how can i skip this ... can i enter the passphrase in my boot script ? How ??? Cristi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hello Cristi, This is from the apache site: How can I get rid of the pass-phrase dialog at Apache startup time? The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in encrypted format for security reasons. The pass-phrase is needed to be able to read and parse this file. When you can be sure that your server is secure enough you perform two steps: 1. Remove the encryption from the RSA private key (while preserving the original file): $ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key 2. Make sure the server.key file is now only readable by root: $ chmod 400 server.key Now server.key will contain an unencrypted copy of the key. If you point your server at this file it will not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate you on the net. PLEASE make sure that the permissions on that file are really such that only root or the web server user can read it (preferably get your web server to start as root but run as another server, and have the key readable only by root). As an alternative approach you can use the ``SSLPassPhraseDialog exec:/path/to/program'' facility. But keep in mind that this is neither more nor less secure, of course. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Update Databases from Webserver
On Mon, Sep 06, 2004 at 10:55:42PM -0600 or thereabouts, FreeBSD Mail Lists wrote: Richard, Thanks for your reply. I thought there was something terribly wrong with that logic. So I thought I would ask in this mail list since people have been great here in the past about everything else I wanted to know. Are there any security lists in relation to ecommerce that you would recommend? So I can stop annoying everyone else here. I just don't want to make anymore mistakes than I have to starting down this road. Stop talking like that. You are not annoying anyone in here. You asked the question, you got the replies. Richard wrote nice email. But it would be much better and less painful for you, if you could run your credit card transactions using services of your Bank, or maybe by some kind of well know and trustworthy billing system. Why should you have dreamless nights? Credit card info is very *very* sensitive information. So ask yourself, do you really need to have all the stress or can you leave it to your bank/billing partner (although for small fee)? And mainly, are you well known to your customers, even to those which are new? Because if I am about to give someone my credit card info I will not trust to e-commerce application provider, but to well known bank or such. Cheers, Martin Hudec -Original message- From: Richard Lynch [EMAIL PROTECTED] Date: Mon, 6 Sep 2004 17:22:54 -0600 To: FreeBSD Mail Lists [EMAIL PROTECTED] Subject: Re: Update Databases from Webserver FreeBSD Mail Lists wrote: I would like to see how other people are updating backend databases (postgresql on FreeBSD, internal network) from a webserver (apache,php on FreeBSD, dmz network) through a firewall. Pretty much what I am trying to learn is how to take private information (credit card numbers, etc.) and write it to a backend database without leaving any huge holes for hacking. Should this be done or am I barking up the wrong tree, should there be an intermediary step? I have been trying to find information books/web that gives a real nuts and bolts way of trying to do this stuff and am not having a lot of luck. Any pointers books or sites would be appreciated. The most common answer is Don't do that 99.9% of e-commerce sites have absolutely no business storing credit card numbers on any hardware they own. They should simply run the transaction through their Merchant Account (bank) computer using a secure connection, and the software provided by their Merchant Account (bank). If you need a recurring charge, you can run your charge through the Merchant Account as a recurring charge (whoda thunk it?) and the Merchant Account software will give you back a unique transaction # to refer to if you ever need to cancel THAT particular recurring charge. You would store only that transaction number, and *NOT* the customer's credit card charge. In the unlikely event that you really *ARE* in the 0.01% of servers that needs to store credit card info... Well, it's kinda scare that you're asking here, rather than a security mailing list, but here is *ONE* solution that may be worth considering. I am posting to the list so that others can tell us just how inadequate this is. You should also be aware that by no means am I an expert -- I am simply describing what has been described to me as the right way (tm) to do this. My information may be out of date. (It's been awhile.) I chose to let the Merchant Account (bank) worry about keeping credit card numbers safe, rather than do all of the following. You probably should too. Depending on the current interpretation of existing laws, you, the web developer, may or may not be held responsible for *ANY* damages that result from your work -- no matter how faultless you may be in reality. We're talking legalities here, not reality. Did I mention that you really shouldn't be doing this at all? Good. First, your servers *MUST* be in a physically secure location, with access limited to *ONLY* people you really really really trust. No software in the world will do you any damn good if a not-so-honest person can waltz in and play around with the hardware! If you *CANNOT* guarantee that the hardware in question can *ONLY* be accessed by trusted individuals, than you should stop reading right here and now. This rules out shared servers, co-location (IMHO), and almost all corporate servers, which need too many people of limited trust value to be able to access them to keep them up. Next, you need a SECOND server which will be used to hold credit card info, and that second computer will *NOT* be connected to the Internet (directly) You put an extra NIC in your web-server, and run a cross-over cable to the SECOND server, the extra one, which will hold the credit card
Re: [another me too] Re: portindex/portindexdb
On Tue, Sep 07, 2004 at 06:32:23AM +0200, Nico Meijer wrote: Hi Joe, Sigh: Lighten up! ;-) /usr/local/lib/ruby/site_ruby/1.8/portsdb.rb:587: [BUG] Bus Error ruby 1.8.2 (2004-07-29) [i386-freebsd4] Have you tried replacing the portsdb-sequence with `portindex portindexdb`? So: - cvsup (or whatever tool you use) - portindex - portindexdb - portversion -vL = (or whatever switches you use) The upside to using portindex is that it merges changes instead of building the entire index every time. So your first run will take quite some time, but your following runs will run quite a bit faster. Another workaround is simply to set: PORTS_DBDRIVER=bdb1_hash in your environment, and then use portsdb and portupgrade as usual. There are a number of variations on this workaround, but the other ways of doing that involve installing some extra software. See: http://lists.freebsd.org/pipermail/freebsd-ports/2004-September/015902.html http://lists.freebsd.org/pipermail/freebsd-ports/2004-September/015922.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpa7VPOKd5Ax.pgp Description: PGP signature
Re: Update Databases from Webserver
On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote: I would like to see how other people are updating backend databases (postgresql on FreeBSD, internal network) from a webserver (apache,php on FreeBSD, dmz network) through a firewall. Pretty much what I am trying to learn is how to take private information (credit card numbers, etc.) and write it to a backend database without leaving any huge holes for hacking. Should this be done or am I barking up the wrong tree, should there be an intermediary step? I have been trying to find information books/web that gives a real nuts and bolts way of trying to do this stuff and am not having a lot of luck. Any pointers books or sites would be appreciated. First thing to consider - do you -have- to store things like credit card numbers ? Most clearing houses can be negotiated with on-line; during the transaction and all you need to capture is an authorization ack. That already makes things a lot safer. Secondly - carefully consider what you need to have on your webserver; do you really have to store a name/address there long term; or is a login and some preferences enough ? Thirdly consider making the flow a one way street: using things like a PGP email with just the public key on the web server; i.e. shunt any private information into an encrypted email - send it to your systems in-house; and only have the decryption key behind the firewall; and thus only keeping the bare essentials on your server. Dw ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fwd: external todo patch to qmail (ports)
At 19:32 2004-09-06, you wrote: Emil Isberg [EMAIL PROTECTED] wrote: Hi, I sent the following message to the qmail port maintainer. External todo patch is a good option to have for busy mailservers since if you continously get email to your smtp-server then qmail-send can't keep up with both todo-queue and spawning qmail-local/qmail-remote. I don't suggest changing the default install, but only add external todo as an option for those of us that use freebsd and qmail for busy mailservers. I have not yet received any response from the qmail port maintainer so I wonder where I should go and whom I should turn to to get it included in the port or a reason why it shouldn't be added. Have you filed a PR? http://www.freebsd.org/send-pr.html No I didn't. When I was going to the text said that to be sure that I really should file a PR (since it wasn't a bug) then I should ask on freebsd-questions. :-) I'll file a PR then. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IBM Thinkpad R51 FreeBSD 4.10???
Hakim Z. Singhji wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I recently purchased an IBM Thinkpad R51 and I was looking to install FreeBSD 4.10. Has anyone ever done this? Should I anticipate any problems? Lastly I have never installed FreeBSD on a laptop before are there things that I should know before I get started? Thanks in advance for you help. HZS -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBN9WwlT9WV6TztkoRAol1AJ9CJU9EOAA976RAfYOQNI6v4tf/OgCgkyPC rnr5z0hnkABA5QNVyNnQ1KM= =n2Vy -END PGP SIGNATURE- Hi, I have successfully installed 4.10 on a R31 and a T22. There is some info on the internet for older IBMs, but not much (see below). Sound does work. PCMCIA (16 bit!) should do, but I still could not test. USB is working well. Modem (winmodem) does more ore less *not* work. There is even a port (comms/ltmdm), providing a kernel-module, but I did not test it. To setup X-Window with KDE is easy. Overall, FreeBSD 4.10 on those IBMs, no Problem. http://homepage.univie.ac.at/l.ertl/thinkpad/index.html http://groups.google.de/groups?q=freebsd+thinkpadstart=10hl=delr=ie=UTF-8selm=200206051237.00014.metrol_metrol.net%40ns.sol.netrnum=20 http://groups.google.de/groups?q=freebsd+thinkpadstart=60hl=delr=ie=UTF-8selm=c6v6h3%24evs%241%40FreeBSD.csie.NCTU.edu.twrnum=61 I found this in GENERIC: # If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines #optionsPCVT_SCANSET=2 # IBM keyboards are non-std I suppose R51 will be similar. Hope that helps. FreeBSD 5.x may be a better choice (ACPI, Cardbus,...whatever), but I still have no 5.x installation anywhere. Good luck, Ben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: install qmail by using PORTS
Hmm, i know what you mean! Checked Makefile, it seems these four patches not included, SIZE (qmail-1.03-starttls-smtp-auth.patch) = 41786 SIZE (qmail-ldap-1.03-20020901.patch.gz) = 130655 SIZE (qmail-mysql-1.1.8.patch) = 57702 SIZE (tls.patch) = 39095 SIZE (sendmail-flagf.patch) = 863 But if i want to added with these two patches, how can i add them during the installation?? SIZE (qmail-1.03-starttls-smtp-auth.patch) = 41786 SIZE (tls.patch) = 39095 Thanks kin - Original Message - From: Chuck Swiger [EMAIL PROTECTED] To: kinux [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 07, 2004 2:07 AM Subject: Re: install qmail by using PORTS kinux wrote: i always install qmail by source code compiled manually, this time, i would like to try to use ports install qmail, but there is a problem about the patch included in ports and any patch will be installed automacticall/ by default. i tried to read Makefile, not really sure, checked /usr/ports/mail/qmail/distinfo with following patches will be fetched, but all of them will be installed? if not, how can i install them?? Thanks If you try type a make, the build process will tell you: You may use the following build options: WITH_QMAILQUEUE_PATCH=yes enable patch to qmail to run a QMAILQUEUE program instead of bin/qmail-queue WITH_BIG_TODO_PATCH=yes enable big_todo qmail patch WITH_BIG_CONCURRENCY_PATCH=yes enable patch to qmail to use a concurrency greater than 240 WITH_BIG_CONCURRENCY_PATCH_CONCURRENCY_LIMIT=NUMBER (default NUMBER=) set this to a value reasonable for your system if you use the patch WITH_OUTGOINGIP_PATCH=yes enable patch to qmail to allow setting the IP address used by qmail when sending outgoing messages WITH_PRESERVE_CONFIG_FILES=yes do not run automatic config to preserve your config files I'm not sure whether that means all of these options default to being on, but it's possible. Otherwise, turn them on: env WITH_QMAILQUEUE_PATH=yes make -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
named[353]: sysquery: no addrs found for root NS ..........
Hi, From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (h.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (f.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (b.root-servers.net) Doing here a named.reload and : Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS () Sep 7 12:57:45 it named[353]: reloading nameserver Sep 7 12:57:45 it named[353]: Ready to answer queries. Anyone could tell me where to look for the problem ? I can see no pattern. it doesn't happen on a load, it was happening on 5.2 now also on 5.3BETA3. Thanks, -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
On Tue, 7 Sep 2004 13:00:47 +0300 Ion-Mihai Tetcu [EMAIL PROTECTED] wrote: Hi, From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (h.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (f.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (b.root-servers.net) Doing here a named.reload and : Actually it requires a named.restart, a reload only makes it work for a couple of seconds and the it starts again. Sep 7 13:03:25 it named[15916]: starting (/etc/namedb/named.conf). named 8.3.7-REL Mon Aug 30 13: 23:41 EEST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/usr.sbin/named Sep 7 13:03:25 it named[15916]: limit files set to fdlimit (1024) -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
Hi! From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (h.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (f.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (b.root-servers.net) This problem plagued me for a long time on several FreeBSD 4 servers running BIND 8 from the base system. Google finds numerous discussions on this problem in various lists/newsgroups but a solution is rarely offered. Finally, I found someone's theory in a NetBSD (or was it OpenBSD) forum. I can't tell whether it is true or not, but it makes sense to me. If your BIND is configured to use a forwarder and this forwarder is really good then BIND (almost) never needs to contact the root servers. The root zone times out in memory and it is not reloaded from disk. It is only loaded when BIND is started. Thus, if your BIND finally needs to contact a root name server after a long time of getting all responses from forwarder, it turns out that the data for root zone is not available... Now, as I said, I cannot tell whether this theory is true or not. What I can say is that on all 4 machines where I run BIND I configured one of two workarounds: - use forward only so you *never* need to check the root zone - do not use forwarders at all so you check the root zone fairly frequently. I did this almost a year ago, and after that I never have had this problem again. HTH. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Press any key to continue or any other key to quit. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: data backup software for freebsd
Hello John, Tuesday, September 7, 2004, 1:39:23 AM, you wrote: JL hmm, are there any popular free data backup software JL for freebsd? JL i hope to backup my /etc and important files to another JL server via ftp. Try and google for g4u (ghost for unix). This is a NetBSD based boot floppy with a script that will let you back up to a FTP server. -- Best regards, evil0nemailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MTU Blackhole problem?
I'm using FreeBSD 5.21 with a dialup modem, and I'm having problem uploading files and sending emails with attachments through the Fastmail.fm mail service - the connections just time-out. Ordinary web browsing and short text emails work normally with Fastmail. File uploads to other sites work and file uploads to Fastmail works from Windows 98. I'm guessing that this is a path MTU discovery blackhole, since if I set sysctl net.inet.tcp.sendspace=400 the problem goes away. (I presume that net.inet.tcp.path_mtu_discovery: 1 means that path MTU discovery is already turned-on by default.) What the correct way to deal with this? Should I just play around with net.inet.tcp.sendspace? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
On Tue, 7 Sep 2004 14:24:37 +0300 Toomas Aas [EMAIL PROTECTED] wrote: Hi! From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (h.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (f.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (b.root-servers.net) This problem plagued me for a long time on several FreeBSD 4 servers running BIND 8 from the base system. Google finds numerous discussions on this problem in various lists/newsgroups but a solution is rarely offered. Finally, I found someone's theory in a NetBSD (or was it OpenBSD) forum. I can't tell whether it is true or not, but it makes sense to me. If your BIND is configured to use a forwarder and this forwarder is really good then BIND (almost) never needs to contact the root servers. The root zone times out in memory and it is not reloaded from disk. It is only loaded when BIND is started. Thus, if your BIND finally needs to contact a root name server after a long time of getting all responses from forwarder, it turns out that the data for root zone is not available... Now, as I said, I cannot tell whether this theory is true or not. What I can say is that on all 4 machines where I run BIND I configured one of two workarounds: - use forward only so you *never* need to check the root zone - do not use forwarders at all so you check the root zone fairly frequently. It makes some sense; I have a forwarder on the LAN router that doesn't do much besides routing and dns caching. Thanks. -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[no subject]
I am pretty new here but you should first do the cvsup for sources and port collection. Then use portupgrade to upgrade to latest version Message: 13 Date: Tue, 07 Sep 2004 09:36:24 +0800 From: Leandro Malaquias [EMAIL PROTECTED] Subject: Update Kde 3.x to 3.y To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi, I'm new to the list and I'm sure that this question has been asked before, but I am using kde 3.1 and I've read heaps of stuff on the internet but none really helped. How can I update my kde 3.1 to kde 3.2.3 using cvsup? thx Leandro -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
problem by the installation
Sorry to vaste your time, but I have a problem and I don´t know how to fiksed it. I have the geforce fx5200 grafic card and the e-yama LCD 17 monitor. When I will enter the section to configure my grafic card and the monitor, the monitor paints black and the computer doesn´t responce anymore. Can somebody give me a good adveise, Please, Please.. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: data backup software for freebsd
On Tue, 7 Sep 2004, Ralph M. Los wrote: From: Warren Block [mailto:[EMAIL PROTECTED] On Mon, 6 Sep 2004, Ralph M. Los wrote: Sorry to throw this in - but does anyone have any experience with commercial, Win32-based backup software backing up Samba shares on FreeBSD? I have BackupExec running, on a tape library Win2k box, and I have my file-server a FreeBSD 5.2.1 machine running Samba 2.2.8a. I'm still learning BSD so please bear with my possibly stupid question... Why does the Win2k box always backup the full share, even though I have differential backup selected? [Note: other mailing lists removed from CC list.] One guess: you haven't configured Samba to map the Windows permission bits to Unix permission bits. So the backup can't use the archive bits to include only files that have changed. Warren - Yes! Ok, so how? [Format recovered--please don't top-post, as it makes replying difficult. It's also customary to include [EMAIL PROTECTED] in the CC list for threads that originated there, so followups make it into the archives.] These are settings in the smb.conf file. I don't recall the exact ones, but the Samba documentation has information on it. Check either samba.org or the local documentation, and SWAT probably has a convenient link to it. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem by the installation
huko wrote: Sorry to vaste your time, but I have a problem and I don´t know how to fiksed it. I have the geforce fx5200 grafic card and the e-yama LCD 17 monitor. When I will enter the section to configure my grafic card and the monitor, Where do you enter the section to configure my grafic card? In the installation routine aka sysinstall? If so, what version of FreeBSD are you trying to install? the monitor paints black and the computer doesn´t responce anymore. Can somebody give me a good adveise, Please, Please.. You might want to use a text based configuration tool. If you are trying to install a version of FreeBSD that comes with XFree86, you might be able to easily configure your card and monitor by running `xf86cfg -textmode`. If you are trying to install X.org, you can do the same thing by running `xorgcfg -textmode` Regards, Phil. -- Did you know... If you play a Windows 2000 CD backwards, you hear satanic messages, but what's worse is when you play it forward ...it installs Windows 2000 -- Alfred Perlstein on [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Ports and cvsup (was Re: )
Ara Avvali [EMAIL PROTECTED] wrote: I am pretty new here but you should first do the cvsup for sources and port collection. Then use portupgrade to upgrade to latest version First, you should use a subject in your emails. Here is a good reference for asking good questions: http://www.lemis.com/questions.html In order to do portupgrade, you only need to cvsup your ports tree. cvsup your sources if you need to upgrade the base system. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
On Tue, 7 Sep 2004 13:07:05 +0300, Ion-Mihai Tetcu wrote On Tue, 7 Sep 2004 13:00:47 +0300 Ion-Mihai Tetcu [EMAIL PROTECTED] wrote: Hi, From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Hi, I had the same problem a while ago. I had configured my ISP's name-server (actually several of them) to forward requests to. It happened that one of them became unreachable. From (just quickly) looking at the source, I found that named ends in this very loop as it does not try to actually request adresses for the root name-servers but rather writes out error messages. The funny thing was that the forwarders are managed in the same list as the root servers. After removing any forwarders from my named-config and relying completely on the root servers I never had the problem again. (Before this it happend after a few hours up to several weeks of named's run-time.) Regards, Robert ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
KDE make package failure
I have just installed 4.10R (again :)). I did not install KDE from packages. As soon as I installed the bare system I cvsup'd all the ports, then did a make install kde3. This completed successfully, albeit in 3 days. I then tried to make package for kde so I wouldnt need to compile it again. The make package failed with the following: Creating gzip'd tar ball in '/usr/ports/packages/All/kde-3.3.0.tgz' tar: etc/kde-meta.conf: Cannot stat: No such file or directory tar: Error exit delayed from previous errors pkg_create: make_dist: tar command failed with code 512 *** Error code 1 Stop in /usr/ports/x11/kde3 - Google shows a few other people have reported similar problems, but there are no solutions. (except update the port and do it again - but I used the most recently updated port already) Any help much appreciated. Thanks Peter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: uh
On Tue, 7 Sep 2004 08:39:21 +0530, Subhro [EMAIL PROTECTED] wrote: What is that supposed to mean? Configure as in? Regards S. On Tue, 07 Sep 2004 01:56:04 +, A W [EMAIL PROTECTED] wrote: Hello FreeBsd I would like to know how to configure devices so that it works with FreeBsd. Thank you which devices? which interface? Regards, Shantanoo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Update Databases from Webserver
On Mon, 6 Sep 2004, FreeBSD Mail Lists wrote: I would like to see how other people are updating backend databases (postgresql on FreeBSD, internal network) from a webserver (apache,php on FreeBSD, dmz network) through a firewall. Pretty much what I am trying to learn is how to take private information (credit card numbers, etc.) and write it to a backend database without leaving any huge holes for hacking. Should this be done or am I barking up the wrong tree, I'm afraid the awful truth is that if you need to ask this question here, you shouldn't be storing other people's credit card details on your server. You don't say why you'd want to do this. If you want to allow customers of an e-commerce site to avoid repeating their details whenever they want to buy, perhaps consider basing the payment backend around PayPal. The need for users to authenticate in order to make a payment hasn't brought e-Bay to its knees. If you want to use the numbers to confirm identity or something, you could store an encrypted version of the number and use that for comparison. But to start storing plaintext CC details on your system without being deeply expert in all the security issues raised would be very dangerous. And the high degree of monitoring needed for such a system would make it uneconomical without commensurately high volumes of business. Peter. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
On Tue, 7 Sep 2004 14:41:08 +0200 Robert Eckardt [EMAIL PROTECTED] wrote: On Tue, 7 Sep 2004 13:07:05 +0300, Ion-Mihai Tetcu wrote On Tue, 7 Sep 2004 13:00:47 +0300 Ion-Mihai Tetcu [EMAIL PROTECTED] wrote: Hi, From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Hi, I had the same problem a while ago. I had configured my ISP's name-server (actually several of them) to forward requests to. It happened that one of them became unreachable. From (just quickly) looking at the source, I found that named ends in this very loop as it does not try to actually request adresses for the root name-servers but rather writes out error messages. Kinda' funny since it has named.root handy. The funny thing was that the forwarders are managed in the same list as the root servers. After removing any forwarders from my named-config and relying completely on the root servers I never had the problem again. (Before this it happend after a few hours up to several weeks of named's run-time.) Yes that what was happening here too; and that loop nice loaded the system. Thanks. BTW, 5.3 with debug.witness_watch=0 just rocks; the load is a half :) -- IOnut Unregistered ;) FreeBSD user ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installation without PS/2 Keyboard
On Mon, 6 Sep 2004 22:48:43 -0600, Chad Leigh -- Shire.Net LLC [EMAIL PROTECTED] wrote: Try and find a specific USB keyboard BIOS entry and see if that works Unfortunately, the legacy keyboard emulation option in the BIOS that I mentioned is the only thing there that looks promising, and it doesn't seem to matter to FreeBSD. What's most annoying is the fact that I can use the keyboard just fine in the boot loader, it's when the kernel actually loads that the system starts ignoring the keyboard. Is there a way to enable the serial console from the bootloader (the OK prompt)? -- David Aquilina [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Swap file errors on 4 GB drive.
W. D. [EMAIL PROTECTED] writes: At 03:39 9/5/2004, Markie wrote: |- Original Message - |From: W. D. [EMAIL PROTECTED] |To: [EMAIL PROTECTED] |Sent: Sunday, September 05, 2004 7:36 AM |Subject: Swap file errors on 4 GB drive. | |Hi folks, | Hi |I tried to install FreeBSD 4.9 on a computer with |a 4 GB drive, but it killed the kernel when it |got a swap file error. | I have it installed on a 4GB drive. |I put in an 8 GB drive an everything went smoothly. | Perhaps your 4GB drive had bad sectors? Well, it tested fine with Hitachi's drive fitness test: http://www.HitachiGST.com/hdd/support/download.htm What other ways are there to test drives? That would usually be pretty definitive. What *was* the error you got from the FreeBSD install? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Tar pitting automated attacks
I am seeing a lot of automated attacks lately against sshd such as: Sep 6 12:16:24 www sshd[29888]: Failed password for root from 159.134.244.189 port 3723 ssh2 Sep 6 12:16:25 www sshd[29889]: Failed password for illegal user webmaster from 159.134.244.189 port 3749 ssh2 Sep 6 12:16:26 www sshd[29890]: Failed password for illegal user data from 159.134.244.189 port 3771 ssh2 Sep 6 12:16:27 www sshd[29891]: Failed password for illegal user user from 159.134.244.189 port 3800 ssh2 Sep 6 12:16:28 www sshd[29892]: Failed password for illegal user user from 159.134.244.189 port 3824 ssh2 Sep 6 12:16:29 www sshd[29893]: Failed password for illegal user user from 159.134.244.189 port 3847 ssh2 Sep 6 12:16:31 www sshd[29894]: Failed password for illegal user web from 159.134.244.189 port 3872 ssh2 Sep 6 12:16:32 www sshd[29895]: Failed password for illegal user web from 159.134.244.189 port 3893 ssh2 Sep 6 12:16:33 www sshd[29896]: Failed password for illegal user oracle from 159.134.244.189 port 3918 ssh2 Sep 6 12:16:34 www sshd[29897]: Failed password for illegal user sybase from 159.134.244.189 port 3938 ssh2 Sep 6 12:16:36 www sshd[29898]: Failed password for illegal user master from 159.134.244.189 port 3976 ssh2 Sep 6 12:16:37 www sshd[29899]: Failed password for illegal user account from 159.134.244.189 port 4006 ssh2 Sep 6 12:16:38 www sshd[29900]: Failed password for illegal user backup from 159.134.244.189 port 4022 ssh2 Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user server from 159.134.244.189 port 4044 ssh2 Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user adam from 159.134.244.189 port 4072 ssh2 Sep 6 12:16:42 www sshd[29903]: Failed password for illegal user alan from 159.134.244.189 port 4104 ssh2 Sep 6 12:16:43 www sshd[29904]: Failed password for illegal user frank from 159.134.244.189 port 4131 ssh2 Sep 6 12:16:44 www sshd[29905]: Failed password for illegal user george from 159.134.244.189 port 4152 ssh2 Sep 6 12:16:45 www sshd[29906]: Failed password for illegal user henry from 159.134.244.189 port 4175 ssh2 -- snip -- Some of these go on until they turn the logs over. Is there a method to make this more expensive to the attacker, such as tar-pitting? Thanks -Mike -- Mike Galvez Information Technology Specialist E-Mail: mrg8n AT virginia.edu ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Name Lookup fail for cvsup.freebsd.org
[EMAIL PROTECTED] --- Kevin D. Kinsey, DaleCo, S.P. [EMAIL PROTECTED] wrote: Huajian Luo wrote: Hi, I have a Compaq Evo N610c Laptop and installed with 5.2.1 release, The Modem is a Lucent winmodem , I've installed comm/ltmdm and config /etc/ppp/ppp.conf as follow, --/etc/ppp/ppp.conf- enable dns and I run #ppp -ddial myISP and check /var/log/ppp/log everything is Ok , but when I do #cvsup -g -L2 /etc/ports-supfile it output: Name Lookup fail for cvsup.freebsd.org, host name lookup failed will retry at.blah-blah So, your ISP's servers aren't giving you any DNS information, or else FreeBSD isn't paying attention when it does... ? If you call nslookup(1), what is the result? If you aren't running a local nameserver, and you're not getting any response, you should probably get an error there, too. Another possibility is that you have no real connectivity at all ... something which you haven't addressed. Can you ping by IP address? Maybe yahoo.com, which a moment ago was at 66.94.234.13 ? --the question is should I comment out enable dns in /etc/ppp/ppp.conf to make it not check nameserver , cause when I dailed from windows ,I just need the ISP's phone number and user/pass everything is OK. I just wanna dial to web when I'm at home, so I don't know how to config /etc/resolv.conf, cause this is just a stand alone laptop and the Ip was dynamic allocated by my ISP, and I pick up the phone an heard ZzzzZzz, which means I've dialed onto web, and nslookup show me the same problem, thanks in advances, whatluo, If it is simply a DNS problem, adding the IP addresses of your ISP's nameservers to /etc/resolv.conf would be a valid workaround. I don't know why DNS wouldn't be working otherwise, *unless* you actually aren't connected as I noted above. I pick up the phone an heard 'ZzzzZzz' isn't necessarily an indication of a successful PPP connection IMHO Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi, thanks for your response I've checked the /var/log/ppp.log and see these weired stuff. - PPP[513]:tun0:Phase:deflink:IPV6CP Protocol reject close IPV6CP! PPP[513]:tun0:IPCP:deflink:RecvConfigAck(3) state=Ack-Sent PPP[513]:tun0:IPCP:IPADDR[6] 211.157.91.2 PPP[513]:tun0:IPCP:deflink:state Change Ack-Sent-Opened :LayerUp PPP[513]:tun0:IPCP:Myaddr 211.157.91.2 Hisaddr=10.1.8.14 PPP[513]:tun0:IPCP:deflink:RecvProtocolRej(159)State =Opened = should I disable the IPv6 option or not, if so what can I do next, Thanks again, whatluo ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem by the installation
On Sun, 5 Sep 2004 18:16:09 +0200, huko [EMAIL PROTECTED] wrote: Sorry to vaste your time, but I have a problem and I don´t know how to fiksed it. I have the geforce fx5200 grafic card and the e-yama LCD 17 monitor. When I will enter the section to configure my grafic card and the monitor, the monitor paints black and the computer doesn´t responce anymore. Can somebody give me a good adveise, Please, Please.. Try following for XFree86: XFree86 -configure or xf86cfg -textmode or xf86cfg Regards, Shantanoo ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mozilla linuxpluginwrapper with flash7 (Was: Re: Mozilla linuxpluginwrapper)
Hello, is there any way how to get linux-flashplugin7 working with Mozilla (native Firefox)? Linuxpluginwrapper uses linux-flashplugin6, but how can I use linux-flashplugin7 instead of it? Cheers, Martin -- Martin Hudec| corwin at aeternal.net | corwin at web.markiza.sk http://www.aeternal.net | cell +421 907 303 393 pgpNxPgWzi1a9.pgp Description: PGP signature
Re: Update Databases from Webserver
Peter, Thanks for your response. In response to You don't say why you'd want to do this. If you want to allow customers of an e-commerce site to avoid repeating their details whenever they want to buy, perhaps consider basing the payment backend around PayPal. The need for users to authenticate in order to make a payment hasn't brought e-Bay to its knees. Pretty much the end result would be Amazon like with the customer being able to choose a previously used card. Is this possible without storing credit card numbers or using paypal? Anyway thanks everyone for their replies thus far any input helps. -Troy -Original message- From: Peter Risdon [EMAIL PROTECTED] Date: Tue, 7 Sep 2004 07:18:22 -0600 To: FreeBSD Mail Lists [EMAIL PROTECTED] Subject: Re: Update Databases from Webserver I'm afraid the awful truth is that if you need to ask this question here, you shouldn't be storing other people's credit card details on your server. If you want to use the numbers to confirm identity or something, you could store an encrypted version of the number and use that for comparison. But to start storing plaintext CC details on your system without being deeply expert in all the security issues raised would be very dangerous. And the high degree of monitoring needed for such a system would make it uneconomical without commensurately high volumes of business. Peter. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: AMD 64 and 4.10. will they work?
Ara Avvali wrote: I have checked on site and what I can see that 5 is the one which actually supports athlon 64 processors. But what I am wondering if there is anyway to run it under 4.10 since we are looking for stable series. I mean is it possible to run 4.10 under AMD64 and if it is, do I get benefit from speed improvements over 32 bit processors or the only way to get a true 64bit is 5 series Thank you for help Greetings! FreeBSD 4.10 will install fine on an AMD64, but the processor will be running in 32-bit mode. Still, the AMD64 is the fastest 32-bit processor out there. ;-) -Henrik W Lund ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
. and .. directories missing
Hello, I'm having some trouble with FreeBSD on my T20 ThinkPad. There is a problem with the hard disk that prevents me from booting into multi-user mode. I'm not exactly sure what the problem is; fsck reports many hundreds of errors on the /usr /home partitions, claims to fix those, but doesn't. If I run fsck back to back, the same errors show up. When I reboot after fsck, it does attempt to boot (since filesystems are marked clean) but panic, and fails to sync 1 buffer. Not sure which one, but it's always 1 buffer. I'm also not entirely sure what caused this problem to occur, but right before when it occurred I was doing a massive portupgrade -rR of many things, and many (but not all) of the disk problems seem to be in the /usr/ports tree. Now to the things that I do know: I suddenly have many directories, particularly under /usr/ports, that do not have the normal . and .. entries. I also cannot rmdir or rm -rf them, because it says they're not empty (except they're as empty as I've seen, ls -al returns no lines). Why would that occur. Is there a way to put them back in? Could I ln . to what, maybe .? and ln .. to the parent directory? Anybody have any ideas as to what could have occurred or what I can do to fix the problem? I have downloaded, burned booted the excellent FreeSBIE disk and I can mount and access the hard disk partitions that way. Also, the install CDs mention a repair disk in their install menu, that I couldn't find images for. Instead I used FreeSBIE. I was tracking STABLE (4.10) and had done an update rebuild of the system about 10 days ago. -aram __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [another me too] Re: portindex/portindexdb
On Tue, Sep 07, 2004 at 06:32:23AM +0200, Nico Meijer wrote: Hi Joe, Sigh: Lighten up! ;-) Hehthanks, I will. /usr/local/lib/ruby/site_ruby/1.8/portsdb.rb:587: [BUG] Bus Error ruby 1.8.2 (2004-07-29) [i386-freebsd4] Have you tried replacing the portsdb-sequence with `portindex portindexdb`? Not yet; but I will. I was reading over the thread(s) mentioned by racerx last night. So: - cvsup (or whatever tool you use) - portindex - portindexdb - portversion -vL = (or whatever switches you use) The upside to using portindex is that it merges changes instead of building the entire index every time. So your first run will take quite some time, but your following runs will run quite a bit faster. AhI see now the advantage. That is nice. Thanks. -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [another me too] Re: portindex/portindexdb
On Tue, Sep 07, 2004 at 07:24:49AM +0100, Matthew Seaman wrote: Another workaround is simply to set: PORTS_DBDRIVER=bdb1_hash This is the Berkeley, AKA Sleepycat, bdb? I ask because I am also (suddenly) encountering the famous Exim Failed to open DBM file /var/spool/exim/db/retry for writing: message. Oddly, until recently this error was not in evidence; and prior to recently, it was in evidence and I fixed it; prior to that failure, it (wait for it) Just Worked[1]. I wonder if the issue as evidenced by the Exim error could possibly be related to the ruby error? I hear, from time to time, vague rumblings about how the bdb software seeming to annoy people. I know one thing I've learned, and hope it is accurate: when installing Exim (and likely any other MTA as a substitute for Sendmail) build it from source the first time, because installing a binary and then using portupgrade will likely cause problems down the road. Of course, that lesson is probably covered in an FAQ somewhere, and I just forgot it. in your environment, and then use portsdb and portupgrade as usual. There are a number of variations on this workaround, but the other ways of doing that involve installing some extra software. See: http://lists.freebsd.org/pipermail/freebsd-ports/2004-September/015902.html http://lists.freebsd.org/pipermail/freebsd-ports/2004-September/015922.html Thanks; that last one looks interesting. [1] So: it worked, it failed, it worked, and now, shortly before the ruby issue, it began to fail. My previous cure for the Exim error was, vis-a-vis this last failure, ineffectual. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MTU Blackhole problem?
On Sep 7, 2004, at 7:46 AM, R. W. wrote: I'm guessing that this is a path MTU discovery blackhole, since if I set sysctl net.inet.tcp.sendspace=400 the problem goes away. (I presume that net.inet.tcp.path_mtu_discovery: 1 means that path MTU discovery is already turned-on by default.) What the correct way to deal with this? Should I just play around with net.inet.tcp.sendspace? Try ifconfig en0 mtu 512; replace en0 with the name of your NIC. [ Try different MTUs, too. ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [another me too] Re: portindex/portindexdb
Hi Matthew, Another workaround is simply to set: PORTS_DBDRIVER=bdb1_hash in your environment, and then use portsdb and portupgrade as usual. May I bluntly - yet politely - ask why you would prefer this workaround as opposed to replacing `portsdb -Uu` with `portindex portindexdb`, other than to avoid having to install extra software? I can imagine a few, but I value your opinion. Thanks a bunch... Nico ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IP Filter on FreeBSD 5.2.1
Hi all, I'm trying to get ipfilter working with FreeBSD 5.2.1. I did a cvsup using the tag RELENG_5_2 night before last. Today I did make world (which succeeded) and then tried to build my kernel. Before doing the make kernel, I edited my kernel configuration file and added the following lines: # IPFilter stuf options IPFILTER options IPFILTER_LOG I then did make kernel KERNCONF=MYKERNEL After a while, that dies with the error at the bottom of this message. Can anyone advise me what is going wrong and how I can fix this ? Thanks in advance, ERROR MESSAGE - LINES LONGER THAN 72 CHARS FOLLOW cc -c -O -pipe -march=pentiumpro -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/contrib/dev/acpica -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/dev/ath -I/usr/src/sys/contrib/dev/ath/freebsd -I/usr/src/sys/contrib/ngatm -D_KERNEL -include opt_global.h -fno-common -finline-limit=15000 -fno-strict-aliasing -mno-align-long-strings -mpreferred-stack-boundary=2 -ffreestanding -Werror /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c: In function `fr_check_wrapper': /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:319: error: `PFIL_OUT' undeclared (first use in this function) /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:319: error: (Each undeclared identifier is reported only once /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:319: error: for each function it appears in.) /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c: In function `fr_check_wrapper6': /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:329: error: `PFIL_OUT' undeclared (first use in this function) /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c: In function `iplattach': /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:376: warning: unused variable `ph_inet' /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:378: warning: unused variable `ph_inet6' /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c: At top level: /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:317: warning: `fr_check_wrapper' defined but not used /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c:327: warning: `fr_check_wrapper6' defined but not used *** Error code 1 Stop in /usr/obj/usr/src/sys/WTP. *** Error code 1 END OF ERROR MESSAGE -- Wayne Pascoe(gpg --keyserver www.co.uk.pgp.net --recv-keys 79A7C870) Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter on FreeBSD 5.2.1
Hi Wayne, Wayne Pascoe wrote: After a while, that dies with the error at the bottom of this message. Can anyone advise me what is going wrong and how I can fix this ? Thanks in advance, ERROR MESSAGE - LINES LONGER THAN 72 CHARS FOLLOW cc -c -O -pipe -march=pentiumpro -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/contrib/dev/acpica -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/dev/ath -I/usr/src/sys/contrib/dev/ath/freebsd -I/usr/src/sys/contrib/ngatm -D_KERNEL -include opt_global.h -fno-common -finline-limit=15000 -fno-strict-aliasing -mno-align-long-strings -mpreferred-stack-boundary=2 -ffreestanding -Werror /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c /usr/src/sys/contrib/ipfilter/netinet/ip_fil.c: In function `fr_check_wrapper': I think you missed this option: options PFIL_HOOKS # pfil(9) framework in your kernel config file.. Try it and see it's magic ;) -- Kind regards, Remko Lodder |[EMAIL PROTECTED] Reporter DSINet|[EMAIL PROTECTED] Projectleader Mostly-Harmless |[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i cant enter su
i cant enter su in my machine.i controled and i found master.passwd files mode is 700. how can i change this files chmoýd.please help. i cant enter su What error do you get? Can you log in as root at the console? (This would validate the root passwd). If you've lost the root password, reboot the system, and hit any other key than ENTER when it starts up, then type boot -s to enter single user mode. You automatically are logged in as root, where you can change his password, by using ``passwd''. If you know the root password, open up the file /etc/group in your favorite editor, and make sure your username is listed beside 'wheel'. ...and ahhh, chmodding the /etc/master.passwd file? Personally, I wouldn't recommend this, but if you must, read ``man chmod''. steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [another me too] Re: portindex/portindexdb
On Tue, Sep 07, 2004 at 07:38:07PM +0200, Nico Meijer wrote: Hi Matthew, Another workaround is simply to set: PORTS_DBDRIVER=bdb1_hash in your environment, and then use portsdb and portupgrade as usual. May I bluntly - yet politely - ask why you would prefer this workaround as opposed to replacing `portsdb -Uu` with `portindex portindexdb`, other than to avoid having to install extra software? I can imagine a few, but I value your opinion. Not having to install any extra software is the specific reason to prefer this. Using portsindex and portsindexdb is perfectly good as well, but that means installing python and possibly the Postgres DB client. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpxL2PDX5HXf.pgp Description: PGP signature
Re: Update Databases from Webserver
FreeBSD Mail Lists wrote: Peter, Thanks for your response. In response to You don't say why you'd want to do this. If you want to allow customers of an e-commerce site to avoid repeating their details whenever they want to buy, perhaps consider basing the payment backend around PayPal. The need for users to authenticate in order to make a payment hasn't brought e-Bay to its knees. Pretty much the end result would be Amazon like with the customer being able to choose a previously used card. Is this possible without storing credit card numbers or using paypal? Well, yes, this is a convenience. But there's a very good reason why you only find this at very big online retailers like Amazon: It's a biggie. All the replies you had that I've seen point this out one way or another. Peter. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: KDE make package failure
Hello Peter; There is a procedure I follow in a situation like this, I don't remember where I got it from (I think from the KDE web site somewhere), 1) make install qt first 2) make install arts next 3) make install kdelibs 3rd 4) make install kde3 (the meta port) 5) make install whatever is missing that you want Substitute make package for make install, or do it after install. arts depends on qt in order to build. kdelibs depends on qt and arts in order to build. Building a packages increases the time required to get kde installed, but having those packages can save time later. Don Donald J. O'Neill [EMAIL PROTECTED] On Tuesday 07 September 2004 07:42 am, Peter Ryan wrote: I have just installed 4.10R (again :)). I did not install KDE from packages. As soon as I installed the bare system I cvsup'd all the ports, then did a make install kde3. This completed successfully, albeit in 3 days. I then tried to make package for kde so I wouldnt need to compile it again. The make package failed with the following: Creating gzip'd tar ball in '/usr/ports/packages/All/kde-3.3.0.tgz' tar: etc/kde-meta.conf: Cannot stat: No such file or directory tar: Error exit delayed from previous errors pkg_create: make_dist: tar command failed with code 512 *** Error code 1 Stop in /usr/ports/x11/kde3 - Google shows a few other people have reported similar problems, but there are no solutions. (except update the port and do it again - but I used the most recently updated port already) Any help much appreciated. Thanks Peter ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
amd64
Hi all I can't install cvsup-without-gui and said it doesn't support amd64 how can I upgrade the /usr/ports? Thank you make install clean === cvsup-without-gui-16.1h is only for alpha i386 sparc64, and you are running amd64. __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sendmail 8.12.11 from FreeBSD 4.10-RELEASE ignores many config directives
I just upgraded from Sendmail 8.12.3 (from FreeBSD 4.6) to a brand new FreeBSD 4.10-RELEASE install including Sendmail 8.12.11. I tweaked a few pathnames in my .mc file but otherwise tried to use the same one. Many things weren't working. I've found workarounds for some, but they are hacks, and others simply don't work. I don't really know if this is a sendmail problem or something weird about the FreeBSD port of it. What follows is a list of what's broken. FEATURE(dnsbl, `rbl-plus.mail-abuse.org') FEATURE(dnsbl, `sbl-xbl.spamhaus.org') ... Yes, I'm a MAPS subscriber, DNS is working correctly, and I can query the various lists and get the expected answers back. Addresses which are in one or more of the lists I have configured pass right through sendmail with nary a complaint. I've yet to find any evidence that the check_relay rulesets are being called at all. (I also have FEATURE(access_db, ...) enabled and this appears to be working.) define(`confCW_FILE', `-o /etc/mail/sendmail.cw') This has no effect, though I found that /etc/mail/local-host-names is being consulted so that's a viable workaround. I didn't try removing the -o and I can't recall what that does, so perhaps that was the problem. define(`confTRUSTED_USERS', `majordom') This address the appropriate line to the .cf file, but sendmail seems to ignore it as evidenced by lines like X-Authentication-Warning: orion.kls2.com: majordom set sender to [EMAIL PROTECTED] using -f in mail sent to Majordomo's lists. So far this one seems to be harmless albeit annoying. define(`ALIAS_FILE', `/etc/mail/aliases,/etc/mail/aliases.majordomo') The second alias file is ignored, and yes, I have built .db files for both of them. As a workaround, I finally just lumped Majordomo's aliases into the main system file, but I'd rather keep them separate and the doccy says it should work. I found something which said that m4 wants ``foo,bar'' with pairs of quotes if there's a comma but that made no difference. The resulting line in the .cf file (which matched what worked in the old version) was the same in any case. FEATURE(relay_based_on_MX) It appears that this is being ignored. What's going on? I had hoped to close some holes with the upgrade but at this point I'm about ready to dredge the sendmail 8.12.3 stuff out of my backups and revert to that. Any help in m akeing 8.12.11 match what the documentation claims would be most appreciated. -- Karl ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: KDE make package failure
On Tuesday 07 September 2004 05:42 am, Peter Ryan wrote: I did not install KDE from packages. As soon as I installed the bare system I cvsup'd all the ports, then did a make install kde3. This completed successfully, albeit in 3 days. I then tried to make package for kde so I wouldnt need to compile it again. You generally don't need to make KDE packages yourself. The KDE team maintains a package site themselves (http://rabarber.fruitsalad.org/) which is much more up-to-date than the usual FreeBSD package site where KDE is concerned. -David -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Error when installing apr-svn from ports collection
I am trying to install subversion from the ports collection. I have updated my ports tree. When I do make install in /usr/ports/devel/subversion, the make fails on one of the dependencies (apr-svn): checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether system uses EBCDIC... no performing libtool configuration... ./configure: line 23307: syntax error near unexpected token `done' ./configure: line 23307: ` done' *** Error code 2 Stop in /usr/ports/devel/apr-svn. *** Error code 1 Stop in /usr/ports/devel/subversion. uname -a returns: FreeBSD www.sarum.local 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Any idea what is wrong? - Carsten ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Update Databases from Webserver
-Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Peter Risdon Sent: Tuesday, September 07, 2004 1:14 PM To: FreeBSD Mail Lists Cc: Questions Subject: Re: Update Databases from Webserver FreeBSD Mail Lists wrote: Peter, Thanks for your response. In response to You don't say why you'd want to do this. If you want to allow customers of an e-commerce site to avoid repeating their details whenever they want to buy, perhaps consider basing the payment backend around PayPal. The need for users to authenticate in order to make a payment hasn't brought e-Bay to its knees. Pretty much the end result would be Amazon like with the customer being able to choose a previously used card. Is this possible without storing credit card numbers or using paypal? Well, yes, this is a convenience. But there's a very good reason why you only find this at very big online retailers like Amazon: It's a biggie. All the replies you had that I've seen point this out one way or another. Exactly right, I would look for a credit card processing company that supports the functionality you are looking for and use their existing functionality and let them absorb the liability if something horrible were to happen. You generally don't want to be the company or person that is responsible for exposing financial information. Jason Peter. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
complie kernel in amd 64
Hi all I try to add ipfw (default -accept), device polling in the kernel and recomplie in amd 64 but I got error as follows: how can I fix it Thank you ../../../amd64/amd64/genassym.c:209: error: storage size of `MSR_FSBASEw2' isn't known ../../../amd64/amd64/genassym.c:209: error: storage size of `MSR_FSBASEw3' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEsign' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw0' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw1' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw2' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw3' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEsign' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw0' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw1' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw2' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw3' isn't known *** Error code 1 ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter on FreeBSD 5.2.1
On Tue, Sep 07, 2004 at 08:07:34PM +0200, Remko Lodder wrote: I think you missed this option: options PFIL_HOOKS # pfil(9) framework in your kernel config file.. Try it and see it's magic ;) Thanks a bunch - that did the trick. I've checked the doc I used to do this, and it wasn't mentioned. I'll submit something to the maintainer tomorrow. Now I just have to find some useful sample rulesets. It's been about 18 months since I touched ipfilter, and things seem to have changed a little :) -- Wayne Pascoe(gpg --keyserver www.co.uk.pgp.net --recv-keys 79A7C870) If there's anything more important than my ego around, I want it caught and shot now! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter on FreeBSD 5.2.1
On Tuesday 07 September 2004 02:12 pm, Wayne Pascoe wrote: On Tue, Sep 07, 2004 at 08:07:34PM +0200, Remko Lodder wrote: I think you missed this option: options PFIL_HOOKS # pfil(9) framework in your kernel config file.. Try it and see it's magic ;) Thanks a bunch - that did the trick. I've checked the doc I used to do this, and it wasn't mentioned. I'll submit something to the maintainer tomorrow. This option has been default in GENERIC for over 7 months, which might be why it's not mentioned. In recent -CURRENT, it's not an option because it's now always compiled into the kernel. -David -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail 8.12.11 from FreeBSD 4.10-RELEASE ignores many config directives
On 2004-09-07 13:20, Karl Swartz [EMAIL PROTECTED] wrote:
I just upgraded from Sendmail 8.12.3 (from FreeBSD 4.6) to a brand new
FreeBSD 4.10-RELEASE install including Sendmail 8.12.11. I tweaked a
few pathnames in my .mc file but otherwise tried to use the same one.
Many things weren't working. I've found workarounds for some, but they
are hacks, and others simply don't work. I don't really know if this
is a sendmail problem or something weird about the FreeBSD port of it.
What follows is a list of what's broken.
FEATURE(dnsbl, `rbl-plus.mail-abuse.org')
FEATURE(dnsbl, `sbl-xbl.spamhaus.org')
The dnsbl macro now takes 3 arguments IIRC (wrapping inserted by me to
avoid posting one huge line):
% grep dnsbl /etc/mail/freebsd.mc
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org',
`550 Mail from ${client_addr} rejected, \
see http://mail-abuse.org/cgi-bin/lookup?; ${client_addr}')
define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
This has no effect, though I found that /etc/mail/local-host-names is
being consulted so that's a viable workaround. I didn't try removing
the -o and I can't recall what that does, so perhaps that was the
problem.
Hmmm, this works perfectly here. Are you sure there isn't something
else that is wrong, i.e. your /etc/mail/sendmail.cf being generated from
the wrong .mc file or something?
FEATURE(relay_based_on_MX)
It appears that this is being ignored.
See above. It's not normal for Sendmail to ``ignore'' all this stuff.
- Giorgos
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Update Databases from Webserver
FreeBSD Mail Lists wrote: Richard, Thanks for your reply. I thought there was something terribly wrong with that logic. So I thought I would ask in this mail list since people have been great here in the past about everything else I wanted to know. Are there any security lists in relation to ecommerce that you would recommend? So I can stop annoying everyone else here. I just don't want to make anymore mistakes than I have to starting down this road. I don't really know of any good security list... I'd sure be happy to HEAR of one, mind you. To be honest, I suspect there isn't really a good security list, because this is simply the kind of thing that so *FEW* people actually do, that there isn't a critical mass of people doing it and needing help for a good mailing list to exist. Please don't take my tone as being annoyed. I basically just wanted to scare you into *NOT* doing what you plan to do. It's incredibly dangerous, and carries an inordinate amount of risk. If you absolutely *MUST* do this, hire a security expert to help you design/program it. It's just not a good idea to do what you said you wanted to do on your own your first time. If your boss/manage won't accept that, tell them you'll need all their personal credit cards for testing purposes until you're SURE the system is secure and safe from thieves. They may change their tune at that point. -- Like Music? http://l-i-e.com/artists.htm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IP Filter on FreeBSD 5.2.1
On Tue, 7 Sep 2004 22:12:23 +0100, Wayne Pascoe [EMAIL PROTECTED] wrote: On Tue, Sep 07, 2004 at 08:07:34PM +0200, Remko Lodder wrote: I think you missed this option: options PFIL_HOOKS # pfil(9) framework in your kernel config file.. Try it and see it's magic ;) Thanks a bunch - that did the trick. I've checked the doc I used to do this, and it wasn't mentioned. I'll submit something to the maintainer tomorrow. The maintainer is likely to direct you to this entry in 5.2.1's /usr/src/UPDATING: 20030925: Configuring a system to use IPFILTER now requires that PFIL_HOOKS also be explicitly configured. Previously this dependency was magically handled through some cruft in net/pfil.h; but that has been removed. Building a kernel with IPFILTER but not PFIL_HOOKS will fail with obtuse errors in ip_fil.c. (It's a good idea to look in /usr/src/UPDATING before updating your system.) Cheers, Paul. -- e-mail: [EMAIL PROTECTED] Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid. --- Frank Vincent Zappa ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
new card, still can't get X11 working
I originally sent this to the XFree86 list, but thought I may get some useful insight if I sent it here. I had a SIS 6326, and had problems getting X11 up and running, so went to the store, and picked up an ATI Radeon 9200SE. Then I rebuilt the system, here's the info: ids# uname -a FreeBSD ids.marsik.org 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Immediately after install, I updated the ports tree using cvsup, then updated the ports by running: Portsdb -uU Pkgdb -u Portversion -v Portupgrade -varRp -x openoffice Portsclean -CDD I then installed xorg from ports and configured xorg using both methods specified by the handbook, which were: The 'Xorg -configure' method The xorgconfig method When I run 'startx', the system hangs. Is there a magical video card I can buy to alleviate these issues? I need to get past this point and get to what I'm really trying to do. Any help is much appreciated. Dustin Ps, the xorg log is attached Xorg.0.log Description: Xorg.0.log ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: named[353]: sysquery: no addrs found for root NS ..........
On Tue, 7 Sep 2004 14:24:37 +0300 Toomas Aas [EMAIL PROTECTED] wrote: Hi! From time to time I get this: Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (d.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (a.root-servers.net) Sep 7 12:57:44 it named[353]: sysquery: no addrs found for root NS (c.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (h.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (f.root-servers.net) Sep 7 12:57:45 it named[353]: sysquery: no addrs found for root NS (b.root-servers.net) This problem plagued me for a long time on several FreeBSD 4 servers running BIND 8 from the base system. Google finds numerous discussions on this problem in various lists/newsgroups but a solution is rarely offered. Finally, I found someone's theory in a NetBSD (or was it OpenBSD) forum. I can't tell whether it is true or not, but it makes sense to me. If your BIND is configured to use a forwarder and this forwarder is really good then BIND (almost) never needs to contact the root servers. The root zone times out in memory and it is not reloaded from disk. It is only loaded when BIND is started. Thus, if your BIND finally needs to contact a root name server after a long time of getting all responses from forwarder, it turns out that the data for root zone is not available... Now, as I said, I cannot tell whether this theory is true or not. What I can say is that on all 4 machines where I run BIND I configured one of two workarounds: - use forward only so you *never* need to check the root zone - do not use forwarders at all so you check the root zone fairly frequently. I did this almost a year ago, and after that I never have had this problem again. HTH. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Press any key to continue or any other key to quit. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hmm, then the easiest cure against OP's would be periodically (say, per week) requesting purposely wrong request (e.g., nslookup example.heh) ? horio shoichi ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Testimonial - Thanks to FreeBSD
Hi, starting on mainframe in the middle 80's, i met a dilemn in the later 90's : if you want a job, you must run on Microsoft. Well, i started a new learn of computing on this OS, un-learning all about i knew on computing, a very difficult task when you're coming from IBM... All my friends repeated to me : you should work on Unix like system, you should .. 2 month's ago, i would like to setup my own server, at home, with web, ftp and mail services. I want him robust, efficient, safe and so one. i dreamed to get an old 3090 for 500$ !, but there's no place at home for him :o) Thus, i have started to install my first FreeBSD (on a very special computer) ... 2 weeks later, without any knowledge about Unix like systems, my httpd, ftpd ran (very ?!) well. This mean that your system is well designed and documented. Monitoring access, it's incredible to see that BSD is faster by 2 to 3 than other tested system. and i discovered that computing is absolutely what i learned on IBM .. Great thanks to the community, and your effort to document FreeBSD, even in French (we are so bad with others languages ..!), i hope to help the FreeBSD users by writing some drivers and other things, K. Regards, take care, -- Valery aka v/ www.vslash.com - opened today. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: new card, still can't get X11 working
-Original Message- From: Dustin [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 07, 2004 3:21 PM To: [EMAIL PROTECTED] Subject: new card, still can't get X11 working I originally sent this to the XFree86 list, but thought I may get some useful insight if I sent it here. I had a SIS 6326, and had problems getting X11 up and running, so went to the store, and picked up an ATI Radeon 9200SE. Then I rebuilt the system, here's the info: ids# uname -a FreeBSD ids.marsik.org 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Immediately after install, I updated the ports tree using cvsup, then updated the ports by running: Portsdb -uU Pkgdb -u Portversion -v Portupgrade -varRp -x openoffice Portsclean -CDD I then installed xorg from ports and configured xorg using both methods specified by the handbook, which were: The 'Xorg -configure' method The xorgconfig method When I run 'startx', the system hangs. Is there a magical video card I can buy to alleviate these issues? I need to get past this point and get to what I'm really trying to do. Any help is much appreciated. Dustin Ps, the xorg log is attached Disable DRM? in your XF86Config (or whatever it may be for Xorg). I had this problem as well and that cleared it up. Hope that helps dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pam_mail
Hello, I would like an ssh login to produce the same check for new mail that /usr/bin/login does. (That is, You have new mail. or similar printed out after login, unless ~/.hushlogin exists.) On my linux box, this is achieved using the pam_mail module. If I run locate pam_mail on my FreeBSD 4.10 box, I get the following: % locate pam_mail /usr/src/contrib/libpam/modules/pam_mail /usr/src/contrib/libpam/modules/pam_mail/README Have I forgotten to install part of the source tree that I don't have any source for this module? Is there an easier way to get this module installed (e.g. one of the ports)? Or should I be going about this an altogether different way? Thanks for the help, mdr ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error when installing apr-svn from ports collection
On Tuesday 07 September 2004 01:32 pm, Carsten Gehling wrote: I am trying to install subversion from the ports collection. I have updated my ports tree. When I do make install in /usr/ports/devel/subversion, the make fails on one of the dependencies (apr-svn): checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether system uses EBCDIC... no performing libtool configuration... ./configure: line 23307: syntax error near unexpected token `done' ./configure: line 23307: ` done' *** Error code 2 Stop in /usr/ports/devel/apr-svn. *** Error code 1 Hmm... building devel/apr-svn works fine here. I'm not sure what the configure file is that the above error refers to. I don't see a 'done' near line 23307 in apr-svn/work/apr-util-APU_0_9_BRANCH/configure or apr-svn/work/apr-APR_0_9_BRANCH/configure. Can you make clean everything and install apr-svn alone? Also, which version(s) of libtool do you have installed? You also might have more luck asking this question on the [EMAIL PROTECTED] list. -David -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: complie kernel in amd 64
On Wed, 8 Sep 2004 05:08:28 +0800 (CST), adrian kok [EMAIL PROTECTED] wrote: Hi all I try to add ipfw (default -accept), device polling in the kernel and recomplie in amd 64 but I got error as follows: how can I fix it Thank you ../../../amd64/amd64/genassym.c:209: error: storage size of `MSR_FSBASEw2' isn't known ../../../amd64/amd64/genassym.c:209: error: storage size of `MSR_FSBASEw3' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEsign' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw0' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw1' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw2' isn't known ../../../amd64/amd64/genassym.c:210: error: storage size of `MSR_GSBASEw3' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEsign' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw0' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw1' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw2' isn't known ../../../amd64/amd64/genassym.c:211: error: storage size of `MSR_KGSBASEw3' isn't known *** Error code 1 First, what version of FreeBSD are you trying to compile? Have you recently updated your sources? Second, can you post your complete kernel configuration file? In grepping my CURRENT sources, I find several instances of MSR_KGSBASE under sys, but none with those odd-looking suffixes you're showing. Perhaps something is messed up either in your sources or your kernel config. More info, please! -- Conrad J. Sabatier [EMAIL PROTECTED] -- In Unix veritas ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail 8.12.11 from FreeBSD 4.10-RELEASE ignores many config directives
FEATURE(dnsbl, `rbl-plus.mail-abuse.org')
FEATURE(dnsbl, `sbl-xbl.spamhaus.org')
The dnsbl macro now takes 3 arguments IIRC (wrapping inserted by me to
avoid posting one huge line):
% grep dnsbl /etc/mail/freebsd.mc
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org',
`550 Mail from ${client_addr} rejected, \
see http://mail-abuse.org/cgi-bin/lookup?; ${client_addr}')
It did before. The third argument defaults to a suitable message, the
text of which changed slightly from 8.12.3 to 8.12.11 though sendmail
doesn't care about that.
Hmmm, this works perfectly here. Are you sure there isn't something
else that is wrong, i.e. your /etc/mail/sendmail.cf being generated from
the wrong .mc file or something?
Argh! My old makefile was doing the install for me; the new one is
not. I did a make install then make restart and now it seems to be
happier. Sigh.
--
Karl Swartz |Home [EMAIL PROTECTED] http://www.kls2.com/~karl/
The average dog is a nicer person than the average person.
- Andrew A. Rooney
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
5.3 ipfilter
How is ipfilter delivered in 5.3 .iso version? Is there still a loadable module that gets auto loaded at boot time when rc.conf contains the ipfilter_enable=YES statement like in 4.10? Will the final stable version still need kernel option PFIL_HOOKS added to the other ipfilter kernel options to compile ipfilter into the kernel like in the 5.2 and 5.2.1 development versions or will 5.3 return to the way 4.10 worked (IE no PFIL_HOOKS option needed)? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.3 ipfilter
On Tuesday 07 September 2004 05:03 pm, fbsd_user wrote: Is there still a loadable module that gets auto loaded at boot time when rc.conf contains the ipfilter_enable=YES statement like in 4.10? ipfilter_enable is still an option in rc.conf. Will the final stable version still need kernel option PFIL_HOOKS added to the other ipfilter kernel options to compile ipfilter into the kernel like in the 5.2 and 5.2.1 development versions or will 5.3 return to the way 4.10 worked (IE no PFIL_HOOKS option needed)? I'm not sure, but 5.3-BETA3 does require PFIL_HOOKS. The change made to -CURRENT to always include PFIL_HOOKS (and thus remove it as a kernel option) was made after RELENG_5 was branched, and the commit log doesn't mention merging that change to RELENG_5. -David -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum revive does not rebuild parity (was vinum rebuildparity, when?)
On Thursday, 2 September 2004 at 12:17:01 +0200, Stijn Hoop wrote: Hi, back with another episode in this continuing saga: On Sun, Aug 29, 2004 at 04:26:57PM +0200, Stijn Hoop wrote: Witness this (after yet another fake disk crash): vinum - ls -v local.p0.s0 Subdisk local.p0.s0: Size: 31457129472 bytes (2 MB) State: reviving Plex local.p0 at offset 0 (0 B) Reviver PID:46863 Revive pointer: 22 GB (77%) Revive blocksize: 64 kB Revive interval: 0 seconds Drive ren (/dev/ad6s1e) at offset 135680 (132 kB) vinum - vinum[46863]: local.p0.s0 is up vinum - checkparity local.p0.s0 local.p0.s0 is not a plex vinum - checkparity local.p0 Parity incorrect at offset 0x2020 vinum - rebuildparity -V local.p0 Parity incorrect at offset 0x2020 Rebuilding at 2703 kB (0%)Parity incorrect at offset 0x2a6664 Rebuilding at 139 MB (0%) which indicates that the parity surely is not correctly recalculated during the revive. If that were the case, the parity would be incorrect at offset 0. Yes, it is recalculated. Greg, can you tell me if this is correct behaviour? Sorry for the slow response. I was at a conference last week. No, it's not correct. While not having heard back yet, I had to rebuild another subdisk, but I decided to do it off-line this time. Turns out the parity was rebuilt ok. Yes, this is what I recommended. Might there be a bug in the online rebuild code? Looks like it. The current version of Vinum is on its last legs. Lukas Ertl is rewriting it, so don't expect much change in this version. For the time being, just accept that you should umount before rebuilding a plex. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html Note: I discard all HTML mail unseen. Finger [EMAIL PROTECTED] for PGP public key. See complete headers for address and phone numbers. pgpQicdKRk1u7.pgp Description: PGP signature
hi
Hello FreeBsd I have this problem with the boot floppies, everytime i boot the kern.flp then it asks me to push in mfsroot.flp. I follow the instructions then it would reboot my computer but after it does reboot it doesn't enter the installation and gives me a message FreeBsd/i368 Boot Default: 0:fd (0,a) /kernel boot: no /kernel Why is this? What caused it? and how can i fix it? thank u _ Scan and help eliminate destructive viruses from your inbound and outbound e-mail and attachments. http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: extending concat vinum array
On Thursday, 2 September 2004 at 18:12:39 +0200, Feczak Szabolcs wrote: Hi I have the following concatenated array: 3 drives: D vinumdrive0 State: up /dev/ad2A: 0/152627 MB (0%) D vinumdrive1 State: up /dev/ad3A: 0/152627 MB (0%) D vinumdrive2 State: up /dev/ad1A: 0/152627 MB (0%) These should be partitions, not devices. it had olny the first two drives before, and it was operational when I issue growfs it dumps core: new file systemsize is: 234436157 frags Warning: 251796 sector(s) cannot be allocated. Segmentation fault (core dumped) Looks like growfs is broken. Unless somebody decides to take it on again, it's likely to remain that way. Sorry. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html Note: I discard all HTML mail unseen. Finger [EMAIL PROTECTED] for PGP public key. See complete headers for address and phone numbers. pgplmVllYgsLQ.pgp Description: PGP signature
RE: new card, still can't get X11 working
Hmm, I can't find DRM anywhere in the xorg.conf file?? Any more tips? -Original Message- From: Hauan, David [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 07, 2004 5:32 PM To: [EMAIL PROTECTED] Cc: Dustin Subject: RE: new card, still can't get X11 working -Original Message- From: Dustin [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 07, 2004 3:21 PM To: [EMAIL PROTECTED] Subject: new card, still can't get X11 working I originally sent this to the XFree86 list, but thought I may get some useful insight if I sent it here. I had a SIS 6326, and had problems getting X11 up and running, so went to the store, and picked up an ATI Radeon 9200SE. Then I rebuilt the system, here's the info: ids# uname -a FreeBSD ids.marsik.org 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Immediately after install, I updated the ports tree using cvsup, then updated the ports by running: Portsdb -uU Pkgdb -u Portversion -v Portupgrade -varRp -x openoffice Portsclean -CDD I then installed xorg from ports and configured xorg using both methods specified by the handbook, which were: The 'Xorg -configure' method The xorgconfig method When I run 'startx', the system hangs. Is there a magical video card I can buy to alleviate these issues? I need to get past this point and get to what I'm really trying to do. Any help is much appreciated. Dustin Ps, the xorg log is attached Disable DRM? in your XF86Config (or whatever it may be for Xorg). I had this problem as well and that cleared it up. Hope that helps dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
port problem in AMD 64
Hi all I can't install cvsup-without-gui and said it doesn't support amd64 How can I upgrade the /usr/ports without cvsup? Thank you make install clean === cvsup-without-gui-16.1h is only for alpha i386 sparc64, and you are running amd64. ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
MP3 Audio CD Burning
Is it possible to burn a CD from an .MP3 file? If so, how would I do that? I would appriciate any help you could give me, thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 5.3 ipfilter
[EMAIL PROTECTED] wrote: On Tuesday 07 September 2004 05:03 pm, fbsd_user wrote: Is there still a loadable module that gets auto loaded at boot time when rc.conf contains the ipfilter_enable=YES statement like in 4.10? ipfilter_enable is still an option in rc.conf. Will the final stable version still need kernel option PFIL_HOOKS added to the other ipfilter kernel options to compile ipfilter into the kernel like in the 5.2 and 5.2.1 development versions or will 5.3 return to the way 4.10 worked (IE no PFIL_HOOKS option needed)? I'm not sure, but 5.3-BETA3 does require PFIL_HOOKS. The change made to -CURRENT to always include PFIL_HOOKS (and thus remove it as a kernel option) was made after RELENG_5 was branched, and the commit log doesn't mention merging that change to RELENG_5. -David David Thanks for your reply. But you did not answer my first question. I did not ask if ipfilter_enable=YES was still valid in 5.3, but if the ipfilter bootable module is still included in 5.3 and auto loaded by the ipfilter_enable=YES in rc.conf? Since 5.3 is currently going through the weekly testing cycle as prep for becoming stable I would think this is the appropriate time to submit a 5.3 bug report to change the default kernel source so it contains the PFIL_HOOKS. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port problem in AMD 64
On Tuesday 07 September 2004 07:18 pm, ann kok wrote: Hi all I can't install cvsup-without-gui and said it doesn't support amd64 How can I upgrade the /usr/ports without cvsup? First of all, you posted this question earlier today. Do not send multiple copies of the same message to the list, certainly not within a few hours of each other. Secondly, cvsup will currently build on AMD64 because it was fixed for this platform a couple months ago. You apparently have an older ports collection than this. You then have two options: 1. install cvsup as a package rather than a port, 2. download the tarball with the entire ports collection (ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz), delete your current /usr/ports, and untar this file to make a new ports directory. -David -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.3 ipfilter
On Tuesday 07 September 2004 07:30 pm, JJB wrote: Thanks for your reply. But you did not answer my first question. I did not ask if ipfilter_enable=YES was still valid in 5.3, but if the ipfilter bootable module is still included in 5.3 and auto loaded by the ipfilter_enable=YES in rc.conf? I don't know, actually... I don't use ipfilter myself. I probably wasn't the right person to try to answer your email :) Since 5.3 is currently going through the weekly testing cycle as prep for becoming stable I would think this is the appropriate time to submit a 5.3 bug report to change the default kernel source so it contains the PFIL_HOOKS. Yes, or ask on the current@ list whether this is a planned MFC (and if not, why not). But PFIL_HOOKS is included in GENERIC by default, so I'm not sure it's that big an issue - you'd have to specifically disable it. -David -- +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MP3 Audio CD Burning
Am Mittwoch, 8. September 2004 05:25 schrieb Brian Finniff: Is it possible to burn a CD from an .MP3 file? If so, how would I do that? I would appriciate any help you could give me, thanks. Ok, any help! Then I possibly have something. First, you can create a red book audio CD which contains, simplified, wave-tracks. If you want to make a audio cd out of mp3s you have to convert the mp3 file into a wav file (pcm) and create a audio-cd (formerly done by /usr/ports/sysutils/mkisofs but rigth now this tiny utility seems to have vanished???!)! ??? Another option is to create a data-CD, containig real mp3 files in ISO9660 Filesystem. But this kind of CD needs to be played on special equipment like newer MP3 capable car radios and so on. HiFi CD Player can't play data CD's contents though many DVD-Players can replay data CDs with ISO9660-mp3 structure on it. Hope this helps a little bit, since you're using kde I'd suggest having a look at k3b (ports/sysutils/k3b), but it's not too easy getting it up and running (especially if you're not familar with FreeBSD) -Harry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgpJCCZ7gYOnQ.pgp Description: signature
Re: Tar pitting automated attacks
On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote: I am seeing a lot of automated attacks lately against sshd such as: [...] Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user server from 159.134.244.189 port 4044 ssh2 Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user adam from 159.134.244.189 port 4072 ssh2 Sep 6 12:16:42 www sshd[29903]: Failed password for illegal user alan from 159.134.244.189 port 4104 ssh2 Sep 6 12:16:43 www sshd[29904]: Failed password for illegal user frank from 159.134.244.189 port 4131 ssh2 Sep 6 12:16:44 www sshd[29905]: Failed password for illegal user george from 159.134.244.189 port 4152 ssh2 Sep 6 12:16:45 www sshd[29906]: Failed password for illegal user henry from 159.134.244.189 port 4175 ssh2 -- snip -- Some of these go on until they turn the logs over. Is there a method to make this more expensive to the attacker, such as tar-pitting? Put in a ipfw block on the netblock/country. At the very least it will make it pretty slow for the initial TCP handshake. Cheers. -- Jonathan Chen [EMAIL PROTECTED] -- Vini, vidi, velcro... I came, I saw, I stuck around ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
BSD display
I don't like the OS name and version displayed with logging to ssh or other areas. Where to I eliminate or change the text of the message being displayed? Steve Barnette ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSD display
Am Mittwoch, 8. September 2004 05:41 schrieb steveb99: I don't like the OS name and version displayed with logging to ssh or Best would be to use anythig else which you like. And after that you could read your offending mail again and sitting ashamed in the corner for a loong loong time other areas. Where to I eliminate or change the text of the message being displayed? Nowhere! That's one of the things you have to keep if you're using BSD-Licensed code :) Alternatively you're welcome to contribute youre code! -Harry Steve Barnette ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vinum revive does not rebuild parity (was vinum rebuildparity, when?)
On Wed, Sep 08, 2004 at 11:28:46AM +0930, Greg 'groggy' Lehey wrote: [...] the parity surely is not correctly recalculated during the revive. If that were the case, the parity would be incorrect at offset 0. Yes, it is recalculated. Of course -- I hadn't thought of that. Greg, can you tell me if this is correct behaviour? Sorry for the slow response. I was at a conference last week. No, it's not correct. No problem; this is still a volunteer project last time I checked. In a way I am glad to hear that it is not correct. While not having heard back yet, I had to rebuild another subdisk, but I decided to do it off-line this time. Turns out the parity was rebuilt ok. Yes, this is what I recommended. OK. Might there be a bug in the online rebuild code? Looks like it. The current version of Vinum is on its last legs. Lukas Ertl is rewriting it, so don't expect much change in this version. For the time being, just accept that you should umount before rebuilding a plex. I will; it's just that somehow I was led to believe that I didn't need to do that. This has caused me some pain in the past. May I suggest applying the attached patch to /usr/src/sbin/vinum/vinum.8? At least it would prevent someone else from making the same mistakes as me. Thanks for your response, --Stijn -- The problem is that there are several people in design positions now who couldn't design the Next Big Thing(TM) unless it involved them taking a photocopier and someone else's design of The Next Big Thing(TM). -- 'Alkaiser' in a post on Slashdot on game originality --- vinum.8.origWed Sep 8 06:47:46 2004 +++ vinum.8 Wed Sep 8 06:51:19 2004 @@ -441,6 +441,10 @@ .Ic checkparity prints a running progress report. .Pp +It is advisable to always check the parity of a RAID-4 or RAID-5 plex after +an unclean shutdown. Corrupt parity is as bad as degraded mode for such a +plex; if one of the subdisks of such a plex fails, data corruption will occur. +.Pp .It Xo .Ic concat .Op Fl f @@ -1046,6 +1050,11 @@ flag is specified, .Ic rebuildparity prints a running progress report. +.Pp +At present, a bug prevents rebuildparity from correctly completing its job +when the vinum volume is mounted and being accessed. You should only rebuild +the parity of plexes on unmounted volumes in order to guarantee correct parity +checks. .Pp .It Xo .Ic rename pgp2yuf5apg1p.pgp Description: PGP signature
