Disallowed attachment type found in sent message Re: details
Attention: [EMAIL PROTECTED] A Disallowed attachment type was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The Disallowed attachment type was reported to be: EXE files not allowed per Company security policy Please contact your IT support personnel with any queries regarding this policy. Your message was sent with the following envelope: MAIL FROM: [EMAIL PROTECTED] RCPT TO: [EMAIL PROTECTED] ... and with the following headers: --- MAILFROM: [EMAIL PROTECTED] Received: from 250-66-109-203.static.iqara.net (HELO tassgroup.com) (203.109.66.250) by tassgroup.com with SMTP; 8 Jan 2007 09:02:25 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: details Date: Mon, 8 Jan 2007 14:18:57 +0530 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0016=_NextPart_000_0016 X-Priority: 3 X-MSMail-Priority: Normal --- The original message is kept in: mail.bootham.com:/var/spool/qmailscan/quarantine/new/mail.bootham.com1168246945469948 where the System Anti-Virus Administrator can further diagnose it. The Email scanner reported the following when it scanned that message: --- ---perlscanner results --- Disallowed attachment type 'EXE files not allowed per Company security policy' found in file /var/spool/qmailscan/tmp/mail.bootham.com1168246945469948/details.exe ---perlscanner results --- Disallowed attachment type 'EXE files not allowed per Company security policy' found in file /var/spool/qmailscan/tmp/mail.bootham.com1168246945469948/details.exe --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB drive is a CDROM drive and is not writable
On Mon, January 8, 2007 03:48, Michael M. Press wrote: I have a 2 gigabyte USB memory stick from made by PNY. When I plug it in, I get the following: umass0: vendor 0x0930 USB Flash Memory, rev 2.00/2.00, addr 2 da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB Flash Memory 6.50 Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1901MB (3894975 512 byte sectors: 255H 63S/T 242C) cd1 at umass-sim0 bus 0 target 0 lun 1 cd1: USB Flash Memory 6.50 Removable CD-ROM SCSI-0 device cd1: 40.000MB/s transfers cd1: Attempt to query device size failed: NOT READY, Medium not present I want to be able to mount the device read-write, so I use the following command: mount -t cd9660 -o rw /dev/cd1 /media/flashdrv The command runs without spitting any errors at me, but it does a read-only mount. I can see files on the drive, but (of course) I can't change them. Does my problem have anything to do with the device being detected as a CD-ROM drive? If that is what's wrong I don't really know where to start looking to fix it. Any ideas? This sounds like a Smart drive - can you confirm? It this is the case it's designed to work this way. You won't be able to write to the CD partition of this flash drive. Smart isn't supported under *nix so the functionality it provides isn't available to FreeBSD users. I have one of these devices myself and simply removed the Smart partition to reclaim the space it takes up. -- Kelvin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Adduser utility to generate random passwds ?
Hello Is there a possibility to use as a standalone software the adduser feature that generate random passwd. I want to generate new strong password for existing users. Thank you Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adduser utility to generate random passwds ?
Frank Bonnet wrote: Is there a possibility to use as a standalone software the adduser feature that generate random passwd. I want to generate new strong password for existing users. /usr/sbin/pw usermod username -w random -- Sahil Tandon [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adduser utility to generate random passwds ?
Frank Bonnet wrote: I want to generate new strong password for existing users. Here's an idea: $ head -c 64 /dev/random | md5 | head -c 10 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adduser utility to generate random passwds ?
Sahil Tandon wrote: Frank Bonnet wrote: Is there a possibility to use as a standalone software the adduser feature that generate random passwd. I want to generate new strong password for existing users. /usr/sbin/pw usermod username -w random thanks a lot :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Koffice Compile Error fixed
Greetings: Let me preface this by saying that I am not C programmer. I am running on FreeBSD 6.1-RELEASE-p10, and my ports and source trees are up to date. While attempting to compile koffice-1.6.1 I ran into this error: In file included from /usr/local/include/wv2/olestream.h:22, from graphicshandler.cpp:23: The offending code is in the file /usr/local/include/wv2/olestorage.h and reads: #include gsf/gsf.h I have libgsf-1.14.1 installed and it installs gsf.h at: /usr/local/include/libgsf-1/gsf/gsf.h I also have wv2-0.2.3 Installed To fix this error, I edited the file /usr/local/include/wv2/olestorage.h and changed: #include gsf/gsf.h to #include /usr/local/include/libgsf-1/gsf/gsf.h This fixed the error. There seems to be a discrepancy between WV2 and LIBGSF as to the proper location of gsf.h Either that, or my installation is not correct. Can someone either tell me who to report this to, or go ahead and report this to the proper maintainer? Perhaps the maintainer of koffice should add a patch? What is strange, and bothers me is that koffice 1.6.1 has been released for a while now, and nobody has run into this? Surely I am not the first to build koffice from sources. Best Regards Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Koffice Compile Error
On Jan 5, 2007, at 7:48 PM, Bob wrote: In file included from /usr/local/include/wv2/olestream.h:22, from graphicshandler.cpp:23: /usr/local/include/wv2/olestorage.h:26:21: gsf/gsf.h: No such file or directory Reinstall your devel/libgsf port. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tuning PostgreSQL for bulk imports
On Monday 08 January 2007 1:51 am, Abdullah Al-Marrie wrote: Why did you choose PostgreSQL over MySQL 5.0.x? We value our data, ruling out MyISAM. PostgreSQL is much faster than InnoDB for many concurrent reads and complex queries. Is the latest PostgreSQL release performance much better than MySQL 5.0.x in RELENG_6 with SMP and 2 GB of ram now? This has been true for our workload for several years. -- Kirk Strauser pgpAIJVatyFM2.pgp Description: PGP signature
Re: Adduser utility to generate random passwds ?
On Monday 08 January 2007 5:26 am, Ivan Voras wrote: Here's an idea: $ head -c 64 /dev/random | md5 | head -c 10 Hugely bad idea. Since md5 outputs hex, you're only getting 4 bits of entropy per character. Much better to use something like sysutils/pwgen to generate good random passwords. -- Kirk Strauser pgppuaGVN8vUP.pgp Description: PGP signature
proftpd update error
Hi, I have a problem when I run portupdate for port proftpd. Log will be applied in the end of this email. I am running as root. My uname -a prints FreeBSD tentor.xxx.local 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Sat Mar 5 21:45:37 UTC 2005 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/TENTOR mailto:[EMAIL PROTECTED]:/usr/src/sys/i386/compile/TENTOR i386 My portscollegtion is up to date. Kind regards Tim --- Upgrading 'proftpd-1.2.10_1' to 'proftpd-1.3.1.r1' (ftp/proftpd) --- Building '/usr/ports/ftp/proftpd' === Cleaning for gmake-3.81_1 === Cleaning for mysql-client-4.1.22 === Cleaning for gettext-0.14.5_2 === Cleaning for libtool-1.5.22_2 === Cleaning for ldconfig_compat-1.0_8 === Cleaning for libiconv-1.9.2_2 === Cleaning for proftpd-1.3.1.r1 === Found saved configuration for proftpd-1.2.10_1 === Extracting for proftpd-1.3.1.r1 = MD5 Checksum OK for proftpd-1.3.1rc1.tar.bz2. === Patching for proftpd-1.3.1.r1 === Applying FreeBSD patches for proftpd-1.3.1.r1 === proftpd-1.3.1.r1 depends on executable in : gmake - found === proftpd-1.3.1.r1 depends on shared library: mysqlclient.14 - found === Configuring for proftpd-1.3.1.r1 == Configuring with mod_ratio:mod_readme:mod_rewrite:mod_wrap2:mod_sql:mod_sql_mysql:mod_ifsession configure: WARNING: you should use --build, --host, --target checking build system type... i386-portbld-freebsd5.3 checking host system type... i386-portbld-freebsd5.3 checking target system type... i386-portbld-freebsd5.3 checking for i386-portbld-freebsd5.3-gcc... cc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ANSI C... none needed checking whether gmake sets $(MAKE)... yes checking for a BSD-compatible install... /usr/bin/install -c -o root -g wheel checking for a sed that does not truncate output... /usr/bin/sed checking for egrep... grep -E checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... nm checking whether ln -s works... yes checking how to recognise dependent libraries... pass_all checking how to run the C preprocessor... cc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking for i386-portbld-freebsd5.3-g++... c++ checking whether we are using the GNU C++ compiler... yes checking whether c++ accepts -g... yes checking how to run the C++ preprocessor... c++ -E checking for i386-portbld-freebsd5.3-g77... no checking for i386-portbld-freebsd5.3-f77... no checking for i386-portbld-freebsd5.3-xlf... no checking for i386-portbld-freebsd5.3-frt... no checking for i386-portbld-freebsd5.3-pgf77... no checking for i386-portbld-freebsd5.3-fort77... no checking for i386-portbld-freebsd5.3-fl32... no checking for i386-portbld-freebsd5.3-af77... no checking for i386-portbld-freebsd5.3-f90... no checking for i386-portbld-freebsd5.3-xlf90... no checking for i386-portbld-freebsd5.3-pgf90... no checking for i386-portbld-freebsd5.3-epcf90... no checking for i386-portbld-freebsd5.3-f95... no checking for i386-portbld-freebsd5.3-fort... no checking for i386-portbld-freebsd5.3-xlf95... no checking for i386-portbld-freebsd5.3-ifc... no checking for i386-portbld-freebsd5.3-efc... no checking for i386-portbld-freebsd5.3-pgf95... no checking for i386-portbld-freebsd5.3-lf95... no checking for i386-portbld-freebsd5.3-gfortran... no checking for g77... no checking for f77... f77 checking whether we are using the GNU Fortran 77 compiler... yes checking whether f77 accepts -g... yes checking the maximum length of command line arguments... (cached) 65536 checking command to parse nm output from cc object... ok checking for objdir... .libs checking for i386-portbld-freebsd5.3-ar... no checking for ar... ar checking for i386-portbld-freebsd5.3-ranlib... no checking for ranlib... ranlib checking for i386-portbld-freebsd5.3-strip... no checking for strip... strip checking if cc static flag works... yes checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC checking if cc PIC flag -fPIC works... yes checking if cc supports -c -o file.o... yes checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... yes checking dynamic linker characteristics...
PHP 5.2.0 Curl module compiled but unavailable?
Hi, I'm trying to add CURL support to PHP 5.2.0. I installed Apache modules like always, with the /usr/ports/lang/php5-extensions port. But the module does not show up in phpinfo(). I tried adding the --with-curl flag to the Makefile of the /usr/ports/lang/php5 port, but then compilation fails. Does anyone have the same problem maybe? FreeBSD 6.0 curl-7.16.0_1 php5-5.2.0 php5-curl-5.2.0_1 Thanks! --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
Re: USB drive is a CDROM drive and is not writable
On Mon, 8 Jan 2007 02:18 pm, Michael M. Press wrote: I have a 2 gigabyte USB memory stick from made by PNY. When I plug it in, I get the following: umass0: vendor 0x0930 USB Flash Memory, rev 2.00/2.00, addr 2 da0 at umass-sim0 bus 0 target 0 lun 0 da0: USB Flash Memory 6.50 Removable Direct Access SCSI-0 device da0: 40.000MB/s transfers da0: 1901MB (3894975 512 byte sectors: 255H 63S/T 242C) cd1 at umass-sim0 bus 0 target 0 lun 1 cd1: USB Flash Memory 6.50 Removable CD-ROM SCSI-0 device cd1: 40.000MB/s transfers cd1: Attempt to query device size failed: NOT READY, Medium not present I want to be able to mount the device read-write, so I use the following command: mount -t cd9660 -o rw /dev/cd1 /media/flashdrv You cannot mount even a conventional CD drive as a writable cd9660 filesystem. Creating a cd9660 fs is normally a one hit prossess in which the fs is created fully populated and can't then normally be changed except on RW media by overwriting the entire fs. I don't know the device you are using but would expect that you can write a populated cd9660 file system directly using cdrecord (or perhaps burncd) without attempting to mount; just as you would on a conventional ATAPI or SCSII CD drive. Malcolm The command runs without spitting any errors at me, but it does a read-only mount. I can see files on the drive, but (of course) I can't change them. Does my problem have anything to do with the device being detected as a CD-ROM drive? If that is what's wrong I don't really know where to start looking to fix it. Any ideas? -- I have 'device pass' in my kernel -- I am using 6.2 prerelease ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SV: FreeBSD File System, please help
Hi 1. ls -t man ls -t Sort by time modified (most recently modified first) before sort- ing the operands by lexicographical order. -u Use time of last access, instead of last modification of the file for sorting (-t) or printing (-l). 2. cat /etc/passwd cat /etc/groups Kind regards Tim Nilimaa Från: [EMAIL PROTECTED] genom VeeJay Skickat: må 2007-01-08 15:29 Till: [EMAIL PROTECTED]; FreeBSD-Questions Ämne: FreeBSD File System, please help Hello my friends 1. How to get the Files listing of Recently Changed files under a File System based on date... for example Root / 2. How to see that how many Users are created on a FreeBSD System.. meaning how to get All Users/Groups list on a FreeBSD Server? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why is sysinstall considered end-of-life?
Ivan Voras wrote: I've read up a few things stating that sysinstall is at its end-of-life and there are plans to replace it. I'm wondering about the reasons or rationale behind this. Two reasons AFAIK: 1. it simply doesn't even know how deal with the more modern features like GEOM RAID, more advanced authentication mechanisms (nsswitch), and devices like sound cards (there are many more in this list...) There's a strong argument often made it behaves correctly in this regard. The job of sysinstall is to bring a basic system up and running (thus enabling the use of more conventional tools), not to be tha all-singing, all-dancing, fill-out-the-taxes-and-change- the-baby's-diaper installation program. Should you want one of those, I'm sure you could talk to MicroSoft. :-) Even if you accept that position, there are things it could do differently, do better, and even do at all. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD File System, please help
Hello my friends 1. How to get the Files listing of Recently Changed files under a File System based on date... for example Root / 2. How to see that how many Users are created on a FreeBSD System.. meaning how to get All Users/Groups list on a FreeBSD Server? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD File System, please help
VeeJay writes: 1. How to get the Files listing of Recently Changed files under a File System based on date... for example Root / man find 2. How to see that how many Users are created on a FreeBSD System.. meaning how to get All Users/Groups list on a FreeBSD Server? The information is in /etc/passwd and /etc/group. You can get a count with the wc command. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tuning PostgreSQL for bulk imports
Why did you choose PostgreSQL over MySQL 5.0.x? We value our data, ruling out MyISAM. Huh? I thought you said that the SQL database is just a mirror of the stuff from Foxpro. R's, John k ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: stopping my server from spamming
This is more of a question geared towards your mail server application than FreeBSD. You should check your mail logs. If you want better advise, you may want to provide more information on what mail server are you running, and what did you do to prevent SMTP relay. I am using sendmail. It will not allow open relaying. What I would like to know is how I can separate legitimate emails in the log from spam. All that appears is the from: email and the to:email. In the past I have seen separate SMTP servers installed by viruses on windows boxes which are spamming away -independent- of sendmail. I have blocked port 25 from all my connected windows boxes, but will that take care of it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up ucom serial device for tty communications
I have a Keyspan USB serial adapter identified by FreeBSD 6.1 as shown below. I was wondering if it is possible, and how to, set this device up to receive COM communications from another Linux box using minicom. Can someone suggest or point to some helpful docs possibly to setup in /etc/ttys? esmtp# dmesg | grep Keyspan ugen0: Keyspan, a division of InnoSys Inc. Keyspan USA-19H, rev 1.10/1.00, addr 2 esmtp# grep Keyspan /var/log/messages Jan 6 10:48:02 esmtp kernel: ugen0: Keyspan, a division of InnoSys Inc. Keyspan USA-19H, rev 1.10/1.00, addr 2 Thanks -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
unable to load kernel
After installing FreeBSD 6.1, I get the error message ‘Unable to load kernel’ and it goes to an OK prompt. I suspect the problem is in the geometry, when installing I get the message ’Geometry of 238316/16/63 for ad0 is incorrect. Using a more likely geometry’. And appears to use 14946/255/63.However the BIOS shows 58853/16/255, but attempting to use this produces the same error message. The system has a 200Gb hard disk, all but the last 1.5Gb is Windows XP, and it is the last 1.5Gb I have tried to install FreeBSD. Any suggestions would be much appreciated. Brian Levie -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.16.7/619 - Release Date: 07/01/2007 18:29 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: stopping my server from spamming
In response to David Banning [EMAIL PROTECTED]: This is more of a question geared towards your mail server application than FreeBSD. You should check your mail logs. If you want better advise, you may want to provide more information on what mail server are you running, and what did you do to prevent SMTP relay. I am using sendmail. It will not allow open relaying. What I would like to know is how I can separate legitimate emails in the log from spam. All that appears is the from: email and the to:email. Look at one of the spam emails and review the headers to see how it's getting delivered. In the past I have seen separate SMTP servers installed by viruses on windows boxes which are spamming away -independent- of sendmail. I have blocked port 25 from all my connected windows boxes, but will that take care of it? Who knows. You first have to determine how the problem is occurring. The block you've implemented is a good idea -- I think everyone should do it as a matter of course, but there's no guarantee that it will fix your particular problem until you know what that problem is. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tuning PostgreSQL for bulk imports
On Monday 08 January 2007 9:05 am, John Levine wrote: Why did you choose PostgreSQL over MySQL 5.0.x? We value our data, ruling out MyISAM. Huh? I thought you said that the SQL database is just a mirror of the stuff from Foxpro. Not *all* of it. We're migrating over to it as the native backend for new applications, so the Foxpro stuff is loaded into its own schema inside the same database as the production data. -- Kirk Strauser pgprkpxt351qO.pgp Description: PGP signature
Boot error?
Hi, Folks I got this systemic error on a new install of PCBSD 1.3. Below: Jan 8 09:54:58 Growler kernel: acd0: FAILURE - unknown CMD (0x03) ILLEGAL REQUEST asc=0x20 ascq=0x00 Jan 8 09:55:29 Growler last message repeated 15 times Jan 8 09:57:31 Growler last message repeated 60 times Jan 8 10:07:33 Growler last message repeated 295 times Jan 8 10:17:35 Growler last message repeated 295 times Jan 8 10:27:37 Growler last message repeated 296 times Jan 8 10:37:39 Growler last message repeated 295 times Jan 8 10:47:40 Growler last message repeated 295 times Growler# Any ideas about the cause? I read that hald may give qurky results, but I don't know where to look Thanks in advance... Jack ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Boot error ?
Hi, Folks I got this systemic error on a new install of PCBSD 1.3. Below: Jan 8 09:54:58 Growler kernel: acd0: FAILURE - unknown CMD (0x03) ILLEGAL REQUEST asc=0x20 ascq=0x00 Jan 8 09:55:29 Growler last message repeated 15 times Jan 8 09:57:31 Growler last message repeated 60 times Jan 8 10:07:33 Growler last message repeated 295 times Jan 8 10:17:35 Growler last message repeated 295 times Jan 8 10:27:37 Growler last message repeated 296 times Jan 8 10:37:39 Growler last message repeated 295 times Jan 8 10:47:40 Growler last message repeated 295 times Growler# It just seems to hang around... Eating up about 20% of cpu time.. Any ideas about the cause? I read that hald may give quirky results, but I don't know where to look Thanks in advance... Jack ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
is THIS why the 6.2 release seems stalled ?
http://farragut.flameeyes.is-a-geek.org/articles/2007/01/08/a-shadow-lies-upon-all-bsd-distributions - Gentoo/FreeBSD: license problems require a development pause http://farragut.flameeyes.is-a-geek.org/articles/2007/01/07/gentoo-freebsd-license-problems-requires-a-development-pause The big license mess, part 2 http://farragut.flameeyes.is-a-geek.org/articles/2007/01/07/the-big-license-mess-part-2 -- Gentoo/FreeBSD On Hold Due To Licensing Issues ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is THIS why the 6.2 release seems stalled ?
Jim Pazarena schrieb: http://farragut.flameeyes.is-a-geek.org/articles/2007/01/08/a-shadow-lies-upon-all-bsd-distributions - Gentoo/FreeBSD: license problems require a development pause http://farragut.flameeyes.is-a-geek.org/articles/2007/01/07/gentoo-freebsd-license-problems-requires-a-development-pause The big license mess, part 2 http://farragut.flameeyes.is-a-geek.org/articles/2007/01/07/the-big-license-mess-part-2 -- Gentoo/FreeBSD On Hold Due To Licensing Issues No, Gentoo/FreeBSD is an another project from Gentoo to port their infratructure to the FreeBSD kernel. That project is developed by the Gentoo people not by us. Regards, Gabor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD File System, please help
2. How to see that how many Users are created on a FreeBSD System.. meaning how to get All Users/Groups list on a FreeBSD Server? The information is in /etc/passwd and /etc/group. You can get a count with the wc command. Such a report will be incomplete if the system in question is an NIS client. For starters, see yp(8). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pwgen's seeding looks insecure
Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)9) ^ (getpgrp()15) ^ (getpid()) ^ (time(0)11)); #else srand(time(0) ^ (getpgrp() 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Unless getpgrp() is a better source of entropy than I give it credit for, I think this port should perhaps be marked as vulnerable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Permissions Question
Sorry for the dumb question this morning-- caffeine hasn't yet worked its wondrous magic upon my person. I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? I've considered allowing him to run a local copy of the praliases command, but that chokes on the /etc/mail/aliases permissions... To complicate things, the file /etc/mail/aliases is actually an NFS mounted file shared between all our mx boxes, and he only needs to access it from a designated machine. Thoughts? My apologies if this is unclear... -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / [EMAIL PROTECTED] Today's Excuse: I'm sorry a pentium won't do, you need an SGI to connect with us. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pwgen's seeding looks insecure
In the last episode (Jan 08), RW said: Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)9) ^ (getpgrp()15) ^ (getpid()) ^ (time(0)11)); #else srand(time(0) ^ (getpgrp() 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Even better: make RANDOM() call random() instead of rand(), and initialize the rng with srandomdev(). Another random password generator is in security/apg, and that one already uses /dev/random as a seed. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
Jay Chandler wrote: I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? Hand him some sheets of printout? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: debugging ipnat
On 1/6/07, Michael P. Soulier [EMAIL PROTECTED] wrote: I have a simple port-forwarding rule that I want to work from my gateway to a box on my LAN, but it doesn't seem to be working. [EMAIL PROTECTED] ~]$ sudo ipnat -l Password: List of active MAP/Redirect filters: rdr tun0 0.0.0.0/32 port 6882 - 192.168.1.3 port 6882 tcp What I was doing wrong is that the rule should have been this. rdr tun0 0.0.0.0/0 port 6882 - 192.168.1.3 port 6882 tcp Mike -- Michael P. Soulier [EMAIL PROTECTED] Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction. --Albert Einstein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pwgen's seeding looks insecure
On Jan 8, 2007, at 9:53 AM, RW wrote: Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)9) ^ (getpgrp()15) ^ (getpid()) ^ (time(0) 11)); #else srand(time(0) ^ (getpgrp() 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Unless getpgrp() is a better source of entropy than I give it credit for, I think this port should perhaps be marked as vulnerable. It's not spectacular looking at that output, but it seems like a typical hash. As long as getpgrp() and getpid() don't always fall in the same range (thus producing the same sets of numbers) and getpid() doesn't return a multiple of getpgrp() 8, I don't see any particular problems with the above setup. pwgen would do better on a system with a lot more processes though, or one that's been up longer though, since PIDs increase over time. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD File System, please help
On Monday 08 January 2007 12:04 pm, [EMAIL PROTECTED] wrote: Such a report will be incomplete if the system in question is an NIS client. For starters, see yp(8). Would getent passwd and getent group be more definitive? -- Kirk Strauser pgpU9vIlBUWYA.pgp Description: PGP signature
Re: Permissions Question
On Monday 08 January 2007 12:07 pm, Jay Chandler wrote: I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? You could configure sudo to give him access to run that one command as root. -- Kirk Strauser pgpX62GnRqncn.pgp Description: PGP signature
Re: pwgen's seeding looks insecure
On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: In the last episode (Jan 08), RW said: Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)9) ^ (getpgrp()15) ^ (getpid()) ^ (time(0) 11)); #else srand(time(0) ^ (getpgrp() 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Even better: make RANDOM() call random() instead of rand(), and initialize the rng with srandomdev(). Another random password generator is in security/apg, and that one already uses /dev/random as a seed. -- Dan Nelson [EMAIL PROTECTED] Not all architectures support random number generation though IIRC and random number generation can be removed from the kernel, so I think that the dev was playing it safe by using another, less random seed source than /dev/random or /dev/urandom. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
I've never used them, but wasn't ACL written just for this scenario? On 1/8/07, Kirk Strauser [EMAIL PROTECTED] wrote: On Monday 08 January 2007 12:07 pm, Jay Chandler wrote: I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? You could configure sudo to give him access to run that one command as root. -- Kirk Strauser -- I'm nerdy in the extreme and whiter than sour cream ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adduser utility to generate random passwds ?
Kirk Strauser wrote: On Monday 08 January 2007 5:26 am, Ivan Voras wrote: Here's an idea: $ head -c 64 /dev/random | md5 | head -c 10 Hugely bad idea. Since md5 outputs hex, you're only getting 4 bits of entropy per character. Yes, with 10 characters that's 5 bytes of practically pure random data, i.e. 40 bits. You're somewhat right: I don't know about pwgen but usually such utilities generate passwords from a set that looks like [0-9a-zA-Z-,], i.e. 6 bits per character. For a password of 8 characters, that's 48 bits, so 8 bits stronger than 10 hexadecimal characters. For equal entropy, 12 hex characters should be used. But hex characters are easier to remember :) signature.asc Description: OpenPGP digital signature
Re: Adduser utility to generate random passwds ?
Ivan Voras wrote: Frank Bonnet wrote: I want to generate new strong password for existing users. Here's an idea: $ head -c 64 /dev/random | md5 | head -c 10 ... or, following the upthread discussion, a preferable alternative: openssl rand -base64 6 This will generate a strong password of 8 characters[*] with 6 bits of entropy each (48 bits total), which is as strong as it gets. [*] literally: 6 random bytes encoded with base64 to 8 ASCII characters signature.asc Description: OpenPGP digital signature
Re: pwgen's seeding looks insecure
In the last episode (Jan 08), Garrett Cooper said: On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: Even better: make RANDOM() call random() instead of rand(), and initialize the rng with srandomdev(). Another random password generator is in security/apg, and that one already uses /dev/random as a seed. Not all architectures support random number generation though IIRC and random number generation can be removed from the kernel, so I think that the dev was playing it safe by using another, less random seed source than /dev/random or /dev/urandom. Luckily, if srandomdev() can't open /dev/random, it falls back to seeding with gettimeofday() (so more variability than just time()), getpid(), and some random data off the stack, so it's always safe to use. I just noticed that there's also a sranddev, so fixing pwgen is really as simple as replacing the srand() call with sranddev(). -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
On Monday 08 January 2007 12:57 pm, Andy Greenwood wrote: I've never used them, but wasn't ACL written just for this scenario? Perhaps, but that seems like a lot more effort to accomplish a relatively easy job. -- Kirk Strauser pgpryAcPuyqUa.pgp Description: PGP signature
Re: freebsd-questions Digest, Vol 159, Issue 43
Run sysinstall as root (sudo sysinstall). Select Configure. Select Startup. Check the box next to Linux (you will have to scroll down). Hit OK. If prompted to install Linux compatible binaries, select the affirmative response (yes or continue). The install should modify your /ect/fstab file to include a line that looks like: linprocfs /compat/linux/proc linprocfs rw 0 0 It may not look exactly like that, but something close. When you ran the install, it should have asked you if you wanted to install Linux binary compatibility and you selected no. This is usually a bad idea unless you know you won't run any software written for the linux kernel. James Riendeau MMI Computer Support Technician 1300 University Ave Rm. 436, Dept. of MedMicro Madison, WI 53706 Phone: (608) 262-3351 After-hours Phone: (608) 260-2696 Fax: (608) 262-8418 Email: [EMAIL PROTECTED] On Jan 5, 2007, at 3:22 PM, [EMAIL PROTECTED] wrote: Message: 27 Date: Fri, 5 Jan 2007 12:55:17 -0800 (PST) From: Juan Ortega [EMAIL PROTECTED] Subject: alittle help To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Hi, I have freeBSD 6.2-RC2 I installed vmware3 from the ports tree but I get an error when I run it. ** It seems linux procfs is not mounted on /compat/linux/proc. VMware does not work without Linux procfs mounted. For details, see linprocfs(5) manpage. *** I read the linprocfs and linux handout put I'm still having problems with it. Is linprocfs a command? or something to mount it, because I cant find it on xterm. can u plz help me out with this ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
Matthew Seaman wrote: Jay Chandler wrote: I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? Hand him some sheets of printout? Sadly, the data change too often for this to be effective. -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / [EMAIL PROTECTED] Today's Excuse: I'm sorry a pentium won't do, you need an SGI to connect with us. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
iSCSI
We are moving to SAN in the near future to resolve a host of issues. I have been looking through archives for information on FreeBSD and iSCSI without much success. We currently have 15 servers running FreeBSD and several more in the queue/on order. It is looking like FreeBSD may not provide the production level of iSCSI initiator we will require. (The iSCSI target host will be a third party vendor) I am sending a request for information to the project lead but I am also interested in knowing if anyone is currently using any iSCSI with FreeBSD and what your success failures might be. Thank you, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Permissions advice needed.
I have a curious problem. I need an executable file to be owned by a user's uid and gid so they can run it. HOWEVER, I don't want them to be able to modify or delete the file and/or it's permissions. Another program will do that. This, under standard Unix permissions, is a tad difficult. :-) ACL's don't help here as the owner of a file has the ability to change permissions. I could set the immutable bit (Linux term for the schg flag) but the modifying program does not recognise this flag and will thus fail to modify the file. (I have no control over the modifying program). Any ideas? I don't want to go down the line of using BSD MAC but I'm starting to think I may have too just to be able to prevent the user from modifying ONE file! (I'm not even sure I could implement this using MAC anyway). Cheers, Brett. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pwgen's seeding looks insecure
On Mon, 8 Jan 2007 10:42:12 -0800 Garrett Cooper [EMAIL PROTECTED] wrote: On Jan 8, 2007, at 9:53 AM, RW wrote: Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)9) ^ (getpgrp()15) ^ (getpid()) ^ (time(0) 11)); #else srand(time(0) ^ (getpgrp() 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Unless getpgrp() is a better source of entropy than I give it credit for, I think this port should perhaps be marked as vulnerable. It's not spectacular looking at that output, but it seems like a typical hash. As long as getpgrp() and getpid() don't always fall in the same range (thus producing the same sets of numbers) and getpid() doesn't return a multiple of getpgrp() 8, I don't see any particular problems with the above setup. My concern is that an unprivileged attacker could log pids created by his own processes and virtually eliminate entropy from getpid(). I'm wondering if something similar can be done with getpgrp(). If it can then entropy may fall to a handfull of bits, and bruteforce may not be all that brutal. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
Jay Chandler writes: I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? Hand him some sheets of printout? Sadly, the data change too often for this to be effective. Copy the file evey N minutes, then change ownership and permissions? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pwgen's seeding looks insecure
Dan Nelson wrote: In the last episode (Jan 08), Garrett Cooper said: On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: Even better: make RANDOM() call random() instead of rand(), and initialize the rng with srandomdev(). Another random password generator is in security/apg, and that one already uses /dev/random as a seed. Not all architectures support random number generation though IIRC and random number generation can be removed from the kernel, so I think that the dev was playing it safe by using another, less random seed source than /dev/random or /dev/urandom. Luckily, if srandomdev() can't open /dev/random, it falls back to seeding with gettimeofday() (so more variability than just time()), getpid(), and some random data off the stack, so it's always safe to use. I just noticed that there's also a sranddev, so fixing pwgen is really as simple as replacing the srand() call with sranddev() Interesting--I didn't know that. That sounds a lot better than what's in place by a long shot and it would be nice to have that in the program considering that random number generators are quite ubiquitous in Unix nowadays. I'll CC the project devs later on today with this thread then. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iSCSI
On Monday 08 January 2007 14:52, DAve wrote: We are moving to SAN in the near future to resolve a host of issues. I have been looking through archives for information on FreeBSD and iSCSI without much success. We currently have 15 servers running FreeBSD and several more in the queue/on order. It is looking like FreeBSD may not provide the production level of iSCSI initiator we will require. (The iSCSI target host will be a third party vendor) I am sending a request for information to the project lead but I am also interested in knowing if anyone is currently using any iSCSI with FreeBSD and what your success failures might be. I just started using the latest iSCSI initiator[1] on my 6-STABLE desktop to access some volumes on a LeftHand Networks SAN. It's a bit lacking in polish, but it works quite well. The one big missing feature is that it doesn't handle network disconnections. No panics or anything though, and performance was what I expected. I'd be interested in what Danny tells you about the initiator's readiness for production use, but in any case you'll probably just have to do some stability and stress testing on your own. [1] ftp://ftp.cs.huji.ac.il/users/danny/freebsd/iscsi-17.5.tar.bz2 JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iSCSI
On Mon, 08 Jan 2007 14:52:06 -0500 DAve wrote: We are moving to SAN in the near future to resolve a host of issues. I have been looking through archives for information on FreeBSD and iSCSI without much success. We currently have 15 servers running FreeBSD and several more in the queue/on order. It is looking like FreeBSD may not provide the production level of iSCSI initiator we will require. (The iSCSI target host will be a third party vendor) I didn't use them myself but I'll second for hearing about them: http://ixsystems.com/storageiSCSI.php I am sending a request for information to the project lead but I am also interested in knowing if anyone is currently using any iSCSI with FreeBSD and what your success failures might be. WBR -- Boris Samorodov (bsam) Research Engineer, http://www.ipt.ru Telephone Internet SP FreeBSD committer, http://www.FreeBSD.org The Power To Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iSCSI
John Nielsen wrote: On Monday 08 January 2007 14:52, DAve wrote: We are moving to SAN in the near future to resolve a host of issues. I have been looking through archives for information on FreeBSD and iSCSI without much success. We currently have 15 servers running FreeBSD and several more in the queue/on order. It is looking like FreeBSD may not provide the production level of iSCSI initiator we will require. (The iSCSI target host will be a third party vendor) I am sending a request for information to the project lead but I am also interested in knowing if anyone is currently using any iSCSI with FreeBSD and what your success failures might be. I just started using the latest iSCSI initiator[1] on my 6-STABLE desktop to access some volumes on a LeftHand Networks SAN. It's a bit lacking in polish, but it works quite well. The one big missing feature is that it doesn't handle network disconnections. No panics or anything though, and performance was what I expected. I'd be interested in what Danny tells you about the initiator's readiness for production use, but in any case you'll probably just have to do some stability and stress testing on your own. [1] ftp://ftp.cs.huji.ac.il/users/danny/freebsd/iscsi-17.5.tar.bz2 JN Thanks for the feedback. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pwgen's seeding looks insecure
Garrett Cooper wrote: Dan Nelson wrote: In the last episode (Jan 08), Garrett Cooper said: On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: Even better: make RANDOM() call random() instead of rand(), and initialize the rng with srandomdev(). Another random password generator is in security/apg, and that one already uses /dev/random as a seed. Not all architectures support random number generation though IIRC and random number generation can be removed from the kernel, so I think that the dev was playing it safe by using another, less random seed source than /dev/random or /dev/urandom. Luckily, if srandomdev() can't open /dev/random, it falls back to seeding with gettimeofday() (so more variability than just time()), getpid(), and some random data off the stack, so it's always safe to use. I just noticed that there's also a sranddev, so fixing pwgen is really as simple as replacing the srand() call with sranddev() Interesting--I didn't know that. That sounds a lot better than what's in place by a long shot and it would be nice to have that in the program considering that random number generators are quite ubiquitous in Unix nowadays. I'll CC the project devs later on today with this thread then. -Garrett Hmm.. it seems that the project hasn't been updated in eons (2001): http://sourceforge.net/projects/pwgen. I'll still try to get a hold of the dev, but I'm not sure if they are still administering the project. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iSCSI
Boris Samorodov wrote: On Mon, 08 Jan 2007 14:52:06 -0500 DAve wrote: We are moving to SAN in the near future to resolve a host of issues. I have been looking through archives for information on FreeBSD and iSCSI without much success. We currently have 15 servers running FreeBSD and several more in the queue/on order. It is looking like FreeBSD may not provide the production level of iSCSI initiator we will require. (The iSCSI target host will be a third party vendor) I didn't use them myself but I'll second for hearing about them: http://ixsystems.com/storageiSCSI.php I am sending a request for information to the project lead but I am also interested in knowing if anyone is currently using any iSCSI with FreeBSD and what your success failures might be. WBR iSCSI Target and iSCSI initiator are two different animals. The above is for hosting a iSCSI system, providing a target(I believe), we need to connect to it, using an initiator. Thanks, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
a bit OT - VPN+Windows
could You put me to some manual about configuring any king of VPN (with encryption at least, preferable compression too) with windows machines as clients and FreeBSD as servers. i used VPN's many times but always with unix on both sides and used vtun which works great. unfortunately there is no vtun for windows. thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a bit OT - VPN+Windows
On Jan 8, 2007, at 4:01 PM, Wojciech Puchar wrote: could You put me to some manual about configuring any king of VPN (with encryption at least, preferable compression too) with windows machines as clients and FreeBSD as servers. i used VPN's many times but always with unix on both sides and used vtun which works great. unfortunately there is no vtun for windows. Try OpenVPN. It's in the ports, and it also has a fancy Windows GUI client available, similar to the Cisco or SonicWall VPN clients... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a bit OT - VPN+Windows
There are various VPN solutions available depending on your needs for the network so no one answer will cover everything. Currently I am using OpenVPN with great success and resonable security as well. Homepage: http://www.openvpn.org One of the nice things about this solution is you can customize the OpenVPN GUI (http://openvpn.se/). Even my most computer cluess employee's can use this. There are various IPSEC solutions but you run into a client issue in a lot of cases for the Windows side. Wojciech Puchar wrote: could You put me to some manual about configuring any king of VPN (with encryption at least, preferable compression too) with windows machines as clients and FreeBSD as servers. i used VPN's many times but always with unix on both sides and used vtun which works great. unfortunately there is no vtun for windows. thanks Cheers, Jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pwgen's seeding looks insecure
On Mon, 8 Jan 2007 10:56:50 -0800 Garrett Cooper [EMAIL PROTECTED] wrote: On Jan 8, 2007, at 10:36 AM, Dan Nelson wrote: In the last episode (Jan 08), RW said: Someone recently recommended sysutils/pwgen for generating user passwords. Out of curiosity I had a look at how it works, and I don't like the look of its PRNG initialization: #ifdef RAND48 srand48((time(0)9) ^ (getpgrp()15) ^ (getpid()) ^ (time(0) 11)); #else srand(time(0) ^ (getpgrp() 8) + getpid()); #endif If pwgen is called from an account creation script, time(0) can be inferred from timestamps, e.g. on a home-directory, so that just leaves getpid() and getpgrp(). PIDs are allocated sequentially and globally, so getpid() is highly predictable. I don't know much about getpgrp(), but from the manpage it doesn't appear to be any better. Even better: make RANDOM() call random() instead of rand() I wasn't suggesting the use of getpgrp(), it's one of the existing three sources of entropy . The other two sources are can be inferred by any user (assuming that pwgen is run close to the point at which the account is created). What I was wondering is how much secure entropy there is in getpgrp() alone. I just wrote a little test program, and getpgrp() seems to return the same number as getpid. If I haven't screwed-up and that is generally correct, then any user can log PIDs verses time and find the password of a newly created account from the datestamp of its home directory, within a few attempts. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 3.4 / 4.5 - 2007 DST Changes
We have a few older FreeBSD systems running 3.4 and 4.5. Are there patches for the 2007 daylight savings time US change for these FreeBSD versions? If so, where can I find them? Thanks, Adam Cormany UNIX Systems Engineer Scientific Games International Office 678.297.5465 Cell678.315.2763 Fax770.772.7680 [EMAIL PROTECTED] This communication (including any attachments) is intended for the use of the intended recipient(s) only and may contain information that is confidential, privileged or legally protected. Any unauthorized use or dissemination of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by return e-mail message and delete all copies of the original communication. Thank you for your cooperation. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
Robert Huff wrote: Jay Chandler writes: I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? Hand him some sheets of printout? Sadly, the data change too often for this to be effective. Copy the file evey N minutes, then change ownership and permissions? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Probably the simplest way to do it-- just wanted to make sure I wasn't overlooking something silly. Thanks! -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / [EMAIL PROTECTED] Today's Excuse: Our POP server was kidnapped by a weasel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Nvidia Problems
On Sunday 07 January 2007 16:21, [EMAIL PROTECTED] wrote: I am using 6_STABLE(FreeBSD 6.2-PRERELEASE). I created another xorg.conf adding your suggested option. Below is what I get from /var/log/Xorg.0.log. (II) NVIDIA(0): Assigned Display Device: DFP-0 (WW) NVIDIA(0): No valid modes for 1600x1050; removing. (WW) NVIDIA(0): No valid modes for 1280x1024; removing. (WW) NVIDIA(0): No valid modes for 1024x768; removing. (WW) NVIDIA(0): (WW) NVIDIA(0): Unable to validate any modes; falling back to the default mod e (WW) NVIDIA(0): nvidia-auto-select. (WW) NVIDIA(0): (II) NVIDIA(0): Validated modes: (II) NVIDIA(0): nvidia-auto-select (II) NVIDIA(0): Virtual screen size determined to be 800 x 600 (WW) NVIDIA(0): Unable to get display device DFP-0's EDID; cannot compute DPI (WW) NVIDIA(0): from DFP-0's EDID. (==) NVIDIA(0): DPI set to (75, 75); computed from built-in default xorg.conf snippet: Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 Option UseEDID FALSE DefaultDepth24 SubSection Display Depth 24 Modes 1600x1050 1280x1024 1024x768 EndSubSection EndSection I know of a few EDID issues with the current nvidia driver. are you using freebsd-7-CURRENT? Try adding Option UseEDID FALSE to the Screen section in your X configuration file. Hopefully future NVIDIA X driver versions should do a better job of detecting invalid EDIDs. Let me know if that solves the issues. -nawcom On Sunday 07 January 2007 12:34, Garrett Cooper wrote: Derrick Edwards wrote: Hi, I cant seem to get my new nvidia card to dispaly the correct resolution. Looking at /var/log/Xorg.0.log I see these entries. My max resolution is 1600x1050 but it is not letting me use it. (WW) NVIDIA(0): No valid modes for 1600x1050; removing. (WW) NVIDIA(0): No valid modes for 1280x1024; removing. (II) NVIDIA(0): Validated modes: (II) NVIDIA(0): 1024x768 (II) NVIDIA(0): 800x600 (II) NVIDIA(0): 640x480 (II) NVIDIA(0): Virtual screen size determined to be 1024 x 768 I configured Xorg using nvidia-settings. Section ServerLayout Identifier Layout0 Screen 0 Screen0 0 0 InputDeviceKeyboard0 CoreKeyboard InputDeviceMouse0 CorePointer EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb FontPath/usr/X11R6/lib/X11/fonts/misc/:unscaled FontPath/usr/X11R6/lib/X11/fonts/100dpi/:unscaled FontPath/usr/X11R6/lib/X11/fonts/75dpi/:unscaled FontPath/usr/X11R6/lib/X11/fonts/misc/ FontPath/usr/X11R6/lib/X11/fonts/Type1/ FontPath/usr/X11R6/lib/X11/fonts/100dpi/ FontPath/usr/X11R6/lib/X11/fonts/75dpi/ FontPath/usr/X11R6/lib/X11/fonts/cyrillic/ FontPath/usr/X11R6/lib/X11/fonts/TTF/ EndSection Section Module Load dbe Load extmod Load type1 Load freetype Load glx EndSection Section InputDevice # generated from default Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse Option Emulate3Buttons no Option ZAxisMapping 4 5 EndSection Section InputDevice # generated from default Identifier Keyboard0 Driver keyboard EndSection Section Monitor Identifier Monitor0 VendorName Unknown ModelName Unknown HorizSync 30.0 - 110.0 VertRefresh 50.0 - 150.0 Option DPMS EndSection Section Device Identifier Device0 Driver nvidia VendorName NVIDIA Corporation EndSection Section Screen Identifier Screen0 Device Device0 MonitorMonitor0 DefaultDepth24 SubSection Display Depth 24 Modes 1600x1050 1280x1024 1024x768 800x600 640x480 EndSubSection EndSection Please help Thanks Derrick Monitor horizontal and vertical sync set correctly? That seems the only viable explanation other than your card doesn't support that resolution. -Garrett _ Thanks for the reply. My card supports up to 1600x1200 and the freqs are correct. _ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions
lab equipment reservation system - web based
Hi there, I know there are a lot of various reservation systems out there. I can google for them. I am looking for recommendations from users that use res systems. I am looking for a lab equipment reservation system - something simple, with a good amount of capabilities, open source, and hopefully web based. Anybody got a good recommendation please. Cheers, noah ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sun Fire x2100
--- DAve [EMAIL PROTECTED] wrote: Is anyone running FreeBSD on a Sun Fire X2100? Any caveats I should know about? I don't recommend them if you plan to use as a file server. They have an issue with randomly rebooting under a large network load with thousands of open connections. Have seen this on my system and have have had a dozen or so folk email me with the identical problem. -Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB drive is a CDROM drive and is not writable
This sounds like a Smart drive - can you confirm? I plugged it into a Windows system and it also recognized a CD drive. In addition, it vomited out a few popup windows and started something in the system tray. This is so ingenious that I think it must be a 'smart' drive. An article from the following URL tells me it is a 'U3 smart drive': http://www.everythingusb.com/u3.html I didn't know such a thing existed before today. I have one of these devices myself and simply removed the Smart partition to reclaim the space it takes up. Apparently there is a U3 uninstaller: http://www.u3.com/uninstall/default.aspx Thanks for the responses everyone. My confusion is gone. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a bit OT - VPN+Windows
On Mon, 8 Jan 2007, Wojciech Puchar wrote: could You put me to some manual about configuring any king of VPN (with encryption at least, preferable compression too) with windows machines as clients and FreeBSD as servers. i used VPN's many times but always with unix on both sides and used vtun which works great. unfortunately there is no vtun for windows. I have used poptop (AKA pptpd) - in the ports collection, but the really useful information is at: http://www.pingle.org/2006/04/11/getting-poptop-to-run-under-freebsd-5-6 However, two points: 1. pptpd is built for Linux. For FreeBSD user-land ppp is used, no matter what you specify, and so the config file is /etc/ppp/ppp.conf. Anything you say about this setting in /usr/local/etc/pptpd.conf is ignored, and the ppp.conf file used instead. Also, some settings are repeated in both ppp.conf and pptpd.conf - the ppp.conf settings take precedence. The ppp.conf needs to specify a label for pptpd to use, and it is: pptp: (normal ppp directives follow this) 2. You need to set your FreeBSD system to be a gateway (gateway_enable=YES in /etc/rc.conf) and some routing and ARP stuff enabled in rc.conf: arpproxy_all=YES forward_sourceroute=YES accept_sourceroute=YES I have it working at a fairly large site where people use XP at home and access the Windows stuff through a FreeBSD 6.1 gateway. Cheers, Rob Hurle - Rob Hurle Faculty of Asian Studies, ANU Home address and contacts: Tel: +61 2 6247 2397 PO Box 4013Fax: +61 2 6247 2397 AinslieCell phone: 0417 293 603 Australia e-mail: [EMAIL PROTECTED] - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
acd0, error=0x00
Hello. Can anybody tell me why that may happens?: acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 P.S. FreeBSD 4.11-RELEASE-p13, acd0 - TEAC CD-RW. -- dima 7509107*mail,ru 2:550/112 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: stopping my server from spamming
I think I located the problem. I discovered through one of the blacklist hosters when exactly they received the spam and that helped me track it to a virus infected windows box. Using nmap / tcpdump / snort to find rogue SMTP hosts is the next step I would pursue. Remember though, your hosts may not be causing the spam and it could instead be spoofing of some kind. For that, you can't do anything except talk to the mail providers that blacklisted your domain and get things cleared up. These utilities where the direction of what I was looking for. Thanks for that - I will look at the use of each and how I can trace what is going on for future reference. Ultimately, I suggest switching to entirely AUTH based SMTP though to prevent this issue from occurring. You can either block port 25 from being routed or use net/smtptrapd (see http://smtptrapd.inodes.org/). done. Thanks Garret ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Linux Kernel Drivers in Under FreeBSD
Is it possible to get Linux kernel drivers working under FreeBSD? If so, how? (Specifically Garmin_USB) I have never heard of anything that would allow a Linux binary driver to be loaded by FreeBSD, and I doubt it exists. Linux binary applications certainly can be run on FreeBSD, but not drivers. The only way would be to get the source code and port it over, and you'd probably have to make major changes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: a bit OT - VPN+Windows
On 1/8/07, Rob Hurle [EMAIL PROTECTED] wrote: On Mon, 8 Jan 2007, Wojciech Puchar wrote: could You put me to some manual about configuring any king of VPN (with encryption at least, preferable compression too) with windows machines as clients and FreeBSD as servers. OpenVPN gets my vote as an easy to use cross-platform VPN. Runs on just about everything. Compression is available, password or certificate based authentication, high level encryption, NAT and firewall friendly. The add-on windows GUI makes installation and setup easy for non-unix types. /usr/ports/security/openvpn docs and good sample configs: http://openvpn.net/ windows gui: http://openvpn.se/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions Question
On Tue, 9 Jan 2007 04:37 am, Jay Chandler wrote: Sorry for the dumb question this morning-- caffeine hasn't yet worked its wondrous magic upon my person. I've got a user who needs to be able to view (read only) the aliases file. We'll grant him root access a few weeks after the eventual heat-death of the universe, so how would you all go about doing this? I've considered allowing him to run a local copy of the praliases command, but that chokes on the /etc/mail/aliases permissions... I am confused (or someone is). On all the FreeBSD systems I have immediate access to the file /etc/mail/aliases has the default permissions -rw-r--r--, in other words is readable by anyone. On the other hand /etc/mail/aliases.db is sometimes -rw-r- and sometimes -rw-r--r-- but since it is only an encoded version of aliases and additional restrictions would seem useless. I can imagine some might object to reason setting either of these o+r, but this does seem to be the norm. Perhaps someone else has other views. Or perhaps this is some variation when using profix, qmail etc. in place of sendmail. Malcolm To complicate things, the file etc/mail/aliases is actually an NFS mounted file shared between all our mx boxes, and he only needs to access it from a designated machine. Thoughts? My apologies if this is unclear... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sierra Wireless Card AC860 how to get the working in freebsd.
Hi Freebsd I have been breaking my head intermittently over this for months, so far I had no success getting this Sierra Wireless card , to Cingular ISP This card is 3G card works on my other winXP partition, I have become very uneasy to continue to use this only in windows because of reliability/security concerns I want this card working in my Freebsd OS, I wanted to wean away from windows XP as soon as possible. which I using now to access just to connect while travelling, which is too much pain. My buddy Paul Pathiakis told to post this issue here as someone of you may have been in same situation. I added the quircks for the kernel and had rebuild the kernal successfully, looking as /var/log/messages, makes sense it is detecting the card. now I am puzzled how to get this dialled and get it working. he also said we may need a device driver. When I called Cingular they said me to use Tel# to dial : *99***1 username: [EMAIL PROTECTED] password: CINGULAR1 As you see below I tried putting them up these entries in ppp.conf file. default: set log Phase Chat LCP IPCP CCP tun command ident user-ppp VERSION (built COMPILATIONDATE) # Ensure that device references the correct serial port # for your modem. (cuad0 = COM1, cuad1 = COM2) # #set device /dev/cuad1 set device /dev/cuad4 set speed 115200 set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ \\ AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT set timeout 180# 3 minute idle timer (the default) #enable dns# request DNS info (for resolv.conf) cingular: # # edit the next three lines and replace the items in caps with # the values which have been assigned by your ISP. # set phone *99***1# set authname [EMAIL PROTECTED] set authkey CINGULAR1 set login TIMEOUT 10 gin:--gin: \\U [EMAIL PROTECTED]: \\P col: CINGULAR1 set timeout 300 #APN:ISP.CINGULAR #set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 add default HISADDR# Add a (sticky) default route --- kernel log /var/log/messages Jan 8 19:28:04 DAK kernel: sio4: Sierra Wireless AC860 at port 0x3e8-0x3ee ir q 22 function 0 config 32 on pccard0 Jan 8 19:28:04 DAK kernel: sio4: type 8250 or not responding Jan 8 19:28:04 DAK kernel: sio4: unable to activate interrupt in fast mode - us ing normal mode - # ppp congular congular: Configuration label not found # ppp cingular Working in interactive mode Using interface: tun0 Warning: Add route failed: 0.0.0.0/0 already exists ppp ON DAK connect cingular Warning: connect: Invalid command Warning: connect: Failed 1 ppp ON DAK ok connect Warning: ok: Invalid command Warning: ok: Failed 1 ppp ON DAK at Warning: at: Invalid command Warning: at: Failed 1 ppp ON DAK help (o) = Optional context, (c) = Context required accept(o) : accept option request add : add route allow : Allow ppp access bg : Run a background command clear(o): Clear throughput statistics clone(c): Clone a link close(o): Close an FSM delete : delete route deny(o) : Deny option request dial(o) : Dial and login disable(o) : Disable option down(o) : Generate a down event enable(o) : Enable option ident(c): Set the link identity iface : interface control link: Link specific commands load(o) : Load settings log(o) : log information nat : NAT control open(o) : Open an FSM quit: Quit PPP program remove(c) : Remove a link rename(c) : Rename a link resolv : Manipulate resolv.conf save: Save settings sendident(c): Transmit the link identity set(o) : Set parameters shell : Run a subshell show(o) : Show status and stats term(c) : Enter terminal mode help: Display this message ppp ON DAK show Use ``show ?'' to get a list. ppp ON DAK show ? (o) = Optional context, (c) = Context required bundle : bundle details ccp(o) : CCP status compress : VJ compression stats escape(c) : escape characters filter : packet filters hdlc(c): HDLC errors iface : Interface status ipcp : IPCP status ipv6cp : IPV6CP status layers(o) : Protocol layers lcp(c) : LCP status link(c): (high-level) link info links : available link names log: log levels mem: mbuf allocations ncp: NCP status physical(c): (low-level) link info mp : multilink setup proto(o) : protocol summary route : routing table stopped(c) : STOPPED timeouttimers : alarm timers version: version string who: client list help : Display this message ppp ON DAK show link Name: deflink State: closed Peer name: N/A Discriminator: Null Class Defaults: Phone List: *99***1 Dial
Re: a bit OT - VPN+Windows
I am using a vpnc which came along with freebsd6.1 which is using IPSEC and Xauth I found using the vpnc along with rdesktop to access remote windows servers is real fast. vpnc is no frills, straight command line and just a single config file. On 1/8/07, Wojciech Puchar [EMAIL PROTECTED] wrote: could You put me to some manual about configuring any king of VPN (with encryption at least, preferable compression too) with windows machines as clients and FreeBSD as servers. i used VPN's many times but always with unix on both sides and used vtun which works great. unfortunately there is no vtun for windows. thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Shell recommendations
Hi Freebsd I am using ksh93 shell as my login shell each and everytime I do set -o vi and perform some commands it simply dumps ksh93.core file and crashed whole terminal session, I have been having this problem everrsince I changed my login shell from /bin/sh to /bin/ksh which is symbolic link of ksh93 executable I compiled off the freebsd /usr/ports/ I wonder if anyone has similar issues with this ksh or am I doing something stupid I love using ksh due to the fact you can edit and scroll back and forth as in vi commands, if you have had this issue, what did you go about doing. Any suggestion here would be great help Thanks Dak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions advice needed.
On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: I have a curious problem. I need an executable file to be owned by a user's uid and gid so they can run it. A user does not need to own a file to be able to run it. All they need is execute permission. So what is the real problem? HOWEVER, I don't want them to be able to modify or delete the file and/or it's permissions. Another program will do that. Deleting or creating a file requires write access in the directory containg the file reference -- it has nothing to do with the permissions on the file itself. Malcolm This, under standard Unix permissions, is a tad difficult. :-) ACL's don't help here as the owner of a file has the ability to change permissions. I could set the immutable bit (Linux term for the schg flag) but the modifying program does not recognise this flag and will thus fail to modify the file. (I have no control over the modifying program). Any ideas? I don't want to go down the line of using BSD MAC but I'm starting to think I may have too just to be able to prevent the user from modifying ONE file! (I'm not even sure I could implement this using MAC anyway). Cheers, Brett. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions advice needed.
Malcolm Kay wrote: On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: I have a curious problem. I need an executable file to be owned by a user's uid and gid so they can run it. A user does not need to own a file to be able to run it. All they need is execute permission. So what is the real problem? HOWEVER, I don't want them to be able to modify or delete the file and/or it's permissions. Another program will do that. Deleting or creating a file requires write access in the directory containg the file reference -- it has nothing to do with the permissions on the file itself. Malcolm This, under standard Unix permissions, is a tad difficult. :-) ACL's don't help here as the owner of a file has the ability to change permissions. I could set the immutable bit (Linux term for the schg flag) but the modifying program does not recognise this flag and will thus fail to modify the file. (I have no control over the modifying program). Any ideas? I don't want to go down the line of using BSD MAC but I'm starting to think I may have too just to be able to prevent the user from modifying ONE file! (I'm not even sure I could implement this using MAC anyway). Cheers, Brett. Make a specialized setuid script or program to do that, and set the sticky bit appropriately if you don't want them to have direct access to the file. Just make sure that others don't have access to the file. Why does he need access to aliases though? For mail program purposes? -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
process states revisited
while searching for 'freebsd process states' on google i came across this thread: http://lists.freebsd.org/pipermail/freebsd-questions/2006-December/138024.html i'm a new subscriber, so i can't reply to the original thread. i'm guessing [EMAIL PROTECTED]'s original question was something more like: that do the values in the STATE column in top mean? here's an example of what i'm talking about: ## bad 'top' formatting to come PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 95698 mysql 200 388M 349M kserel 0 266.7H 0.63% 0.63% mysqld 98237 jffnms 80 21224K 14412K nanslp 0 0:02 0.59% 0.59% php 98239 jffnms 960 22124K 15292K select 1 0:02 0.49% 0.49% php 98596 root 960 4124K 2560K CPU1 1 0:00 0.51% 0.05% top 1263 root40 1408K 708K accept 0 0:07 0.00% 0.00% vsftpd 3405 galbrecht 80 4876K 2676K wait 0 0:00 0.00% 0.00% bash 94414 root40 3284K 1968K sbwait 1 0:00 0.00% 0.00% mysql ## end of bad formatting this snippet of top shows the following values for STATE: kserel, nanslp, select, CPU1, accept, wait, sbwait this thread has already cleared up these states: nanslp: Waiting for 1 second. [EMAIL PROTECTED] select: Waiting for a select() to complete [EMAIL PROTECTED] wait: Waiting for something to happen, possibly time limited (= 1 second) [EMAIL PROTECTED] top(1) tells us: STATE is the current state (one of sleep, WAIT, run, idl, zomb, or stop) eh, not so much. man clears up some of these states: sleep: The sleep command suspends execution for a minimum of seconds. - sleep(1) accept: accept a connection on a socket - accept(2) i bet i can answer with: run: process is running? zomb: zombie process, terminated but not removed from memory that leaves us with: kserel? sbwait? idl? stop? does the previous answer still apply (ask the developers of those programs)? -g -- Greg Albrecht ([EMAIL PROTECTED]) An Indie, Hip Hop and IDM Podcast: The Letter G http://theletterg.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: acd0, error=0x00
On Tue, 9 Jan 2007 04:11:47 +0200 (EET) dima [EMAIL PROTECTED] wrote: Hello. Can anybody tell me why that may happens?: acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 acd0: READ_BIG - MEDIUM ERROR asc=0x02 ascq=0x00 error=0x00 P.S. FreeBSD 4.11-RELEASE-p13, acd0 - TEAC CD-RW. It is most likely a bad disk, but can also mean you have a issue with the CD drive, cable, or controller. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permissions advice needed.
On Tue, 9 Jan 2007 04:02 pm, Garrett Cooper wrote: Malcolm Kay wrote: On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote: I have a curious problem. I need an executable file to be owned by a user's uid and gid so they can run it. A user does not need to own a file to be able to run it. All they need is execute permission. So what is the real problem? HOWEVER, I don't want them to be able to modify or delete the file and/or it's permissions. Another program will do that. Deleting or creating a file requires write access in the directory containg the file reference -- it has nothing to do with the permissions on the file itself. Malcolm This, under standard Unix permissions, is a tad difficult. :-) ACL's don't help here as the owner of a file has the ability to change permissions. I could set the immutable bit (Linux term for the schg flag) but the modifying program does not recognise this flag and will thus fail to modify the file. (I have no control over the modifying program). Any ideas? I don't want to go down the line of using BSD MAC but I'm starting to think I may have too just to be able to prevent the user from modifying ONE file! (I'm not even sure I could implement this using MAC anyway). Cheers, Brett. Make a specialized setuid script or program to do that, and set the sticky bit appropriately if you don't want them to have direct access to the file. Just make sure that others don't have access to the file. Why does he need access to aliases though? For mail program purposes? -Garrett I think you may have mixed up two threads with very similar subject lines. I see no reference to aliases in this thread. (Confusing isn't it) Malcolm ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vmstat -i weirdness
On Tue, Jan 02, 2007 at 02:08:44PM +0400, Tofik Suleymanov wrote: Hello list, looks like `vmstat -i` acts weird on my machine after being 12-15 hours uptime.Here is the iutput of `vmstat -i`: vmstat -i interrupt total rate irq1: atkbd06813 0 irq9: acpi0 5397 0 irq12: psm073782 1 irq14: ata074209 1 irq15: ata1 47 0 irq18: uhci2 1 0 irq19: uhci3 ehci0 1 0 irq21: iwi035139 0 cpu0: timer105315537 1999 Total 105510926 2003 Strange is that for example atkbd0 has rate of 0, but total interrupts count of atkbd0 is growing. Machine runs FreeBSD 6.1 RELEASE p11 with pretty common kernel. Is this known behaviour ? That is known and expected behaviour. It is just a round-off error due to the use of integer division. 'rate' is the average number of interrupts/second calculated over the whole uptime of the machine. Since you probably press a key on the keyboard less than once per second (on average) this means that rate 1 for atkbd0 and gets displayed as 0. If floating point values were used to display the rate you should see a value of maybe 0.13 for atkbd0. -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] Erik, that makes sense :) Many thanks for explanation, Tofig. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Shell recommendations
On 09/01/07, Dak Ghatikachalam [EMAIL PROTECTED] wrote: Hi Freebsd I am using ksh93 shell as my login shell each and everytime I do set -o vi and perform some commands it simply dumps ksh93.core file and crashed whole terminal session, I have been having this problem everrsince I changed my login shell from /bin/sh to /bin/ksh which is symbolic link of ksh93 executable I compiled off the freebsd /usr/ports/ I wonder if anyone has similar issues with this ksh or am I doing something stupid [...] It doesn't matter what you do with your shell, it simply shouldn't crash. if you like it, and you would like continue using it, I suggest you try to get a working binary. ksh93 hasn't changed since 20060214 (according to freshports.org), so I guess you're working with the most recent version already. What you should try is to rebuild this port without any optimization set in /etc/make.conf. Please comment any CFLAGS= and CPUTYPE= and do a make reinstall. This should result in a i386 binary without any optimization. Try using it, maybe the core dump is gone. There are several ports out there that don't like being built with optimization. HTH Christian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Contributing to FreeBSD documentation (was: Re: no ath0 on newsystem with good card)
- Original Message - From: Giorgos Keramidas [EMAIL PROTECTED] To: Steve Franks [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Sunday, January 07, 2007 8:25 AM Subject: Contributing to FreeBSD documentation (was: Re: no ath0 on newsystem with good card) On 2007-01-07 08:54, Steve Franks [EMAIL PROTECTED] wrote: Apologies on not hitting the list. Alyays forget to reply-all. No problem. I just didn't copy the list because I wasn't sure I should. So, I figured I'd try to fix the safe-mode end of things on my own, and I found a post several years old (looked like it even could have been yours) about safemode, which doesn't show up anywhere on the freebsd site. So I did what it said and grep'd boot/beastie.4th for safemode, which came up with this suprisingly total solution: add apic.0.disabled=1 to boot/device.hints. Not only does my system come up in regular boot mode, but, as you suspected, the pccard works too, so all appears well. Excellent news! Thanks for sharing the answer :) So my final question, what in all the land is an apic, Advanced Programmable Interrupt Controller. This is the part of your system which assigns priorities to interrupt lines of a device. The full details are probably too technical for some percentage of our user base, but more details can be found at the following pages: http://en.wikipedia.org/wiki/Advanced_Programmable_Interrupt_Controller http://en.wikipedia.org/wiki/Programmable_Interrupt_Controller http://en.wikipedia.org/wiki/Intel_8259 http://en.wikipedia.org/wiki/Intel_APIC_Architecture and why isn't apic or safemode mentioned in the handbook, manpages, or even on the freebsd site? IIRC it is mentioned in the Developer's Handbook, but you are right that it should be in the main Handbook too. Further, I'd like to write a handbook page on freebsd and laptops, because we're on my third one here now, and I'm starting to get the drift of what could usefully be added to the handbook, namely a thourough discussion of booting and device.hints. That would be great! If you can help writing such a section for the Handbook, a lot of users will be highly indebted to you, for sure :) I'll throw my $0.02 in here on this. Years ago on the CD distributions there was a file in the root of the distro labeled hints or some such. It was also on the website. It contained all the little workarounds for SPECIFIC pieces of hardware. I know as I wrote several entries for it. That apic problem was listed in there as were several others, I know some for laptops specifically. Sometime during the FreeBSD 4.X series one of the developers got a bug up their ass that somehow this was the wrong place for problems to be listed. Something along the lines of these problems aren't FreeBSD problems they are sucky hardware problems and it makes FreeBSD look bad to have the workarounds even listed at all, and we have the bug database and these icky ugly things really ought to go into the bug database. So this file disappeared. As did every other easily recognizable place for submitting hints. As did the specific e-mail address for hints to go to. These installation problems IMHO PROPERLY belong in the README for the distribution. That is the FIRST place that someone BRAND NEW to FreeBSD is going to look for them. No FreeBSD newbie who has oddball hardware that has bugs in it, is going to take the time spending hours reading the Handbook or searching the questions mailing list archives for tidbits, or querying the bug database for PR's for their gear. Any newbie to FreeBSD is going to do the same thing that they do to any other OS, they are going to stick the CD in their oddball hardware and boot it, and if it doesen't come up they will look at the README file that came with the ISO image they downloaded, and if the hardware-specific workarounds for their machine aren't there, they will discard the ISO cd and move on to some other Open Source OS. For all the huffing-and-puffing on peer-review for the Handbook, well that is fine for that. But an install hints file's very usefulness is junk if a committee is reviewing it. Hardware-specific install hints are, by their very nature, NOT guarenteed to work. They may even make things worse. All they are is user-developed workarounds that may or may not be The FreeBSD Way of doing things. The only thing that can be said about them is that at one time, one year, with one particular piece of gear, someone tried some off-the-wall thing and it worked. It might not ever work again in any future version of FreeBSD. There might be manufacture-specific BIOS updates that fix things. There might be a driver update in a later FreeBSD version that fixed that specific thing. But, it is a last-ditch suggestion to try when the 'normal' way of installing something doesen't work. I don't see much support for recreating the install hints file, so I really feel little
Re: Why is sysinstall considered end-of-life?
- Original Message - From: Tore Lund [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 07, 2007 3:45 PM Subject: Re: Why is sysinstall considered end-of-life? Robert Huff wrote: (Personally, I think there are also points where the correct user behavior is not intuitively obvious.) An understatement. There are situations where sysinstall is positively quixotic. I don't mind the simple character-based interface. But I do find it worrying that I sometimes cannot know what sysinstall will do next. In any case, this is bad publicity for FreeBSD since sysinstall is the first bit of FreeBSD they encounter. All of this is true. Time and again we hear rumors about a new installation program. Is it actually nearing completion? Keep in mind that many of us do not even consider getting involved as long as we believe a better program is under way. There is no new installation program underway. This comes up every year or so on the various discussion lists, everyone bashes sysinstall and claims it makes FreeBSD look bad and when are we going to get a replacement, etc. The arguments die away when faced with the following cold realities: 1) You can probably get consensus from everyone that sysinstall is ugly and needs replacement. But your never going to get any consensus on what the replaement should look like. And any replacement is going to have places where the user cannot know what it's going to do next, that is just the nature of install programs - it is due to the fact that different people interpret things differently. What is obvious to you isn't obvious to someone else. And, when is the install program going to cross the line between acting as a install program and acting as a training video? Review the steps needed to install a self-signed SSL certificate into Microsoft Internet Explorer 7, and then come back and tell me that those steps are more intuitive than sysinstall. Yeah, right. Face the facts, boys. Every year, computers get more complex to operate, and every year, the Average User is paying more and more to have a tech set the computer up for them. Open your eyes and look around. People think nothing of paying $30 to have a tech install Microsoft Office on their new Windows PC for God's sake. Who really is sysinstall's audience? The average l-user? Or the average technician? If it's the average tech, then who the hell cares how ugly sysinstall is? You think sysinstall is bad, you ought to see the diagnostic interface the average auto mechanic has to use to troubleshoot your car. If you are not the ultimate end-user for the FreeBSD system your installing, then you don't have any moral ground to make a call for pussifying the FreeBSD install program. I can tell you that for myself, every FreeBSD system I've installed in the last year and a half has been for OTHERS to use, NOT ME. 2) There's an immense amount of effort that has gone into sysinstall and it's libraries. Your talking about taking on an old, established program that is pretty throughly debugged, a program that is like an octopus in the amount of icky, ugly mucking around with config files and such that it does, and replacing this with a new program that is going to have all of the intelligence and institutional knowledge in it that the old program does. And furthermore if this replacement is to ever get traction among the userbase it's going to have to work PERFECTLY in the FIRST version that is released, otherwise everyone is just going to turn their back on it and keep using the existing sysinstall. 3) The largest complaint about sysinstall is that it's not graphical. The problem is that a graphical installation program has some -severe- constraints on it. First, it has to work in ALL instances. That means, 640x480x16 colors VGA screen. You have a lot of people out there installing on systems that have, for example, monitors with inadequate horizontal/vertical frequency ranges and very capabable video cards, unless you force the X-server to use the original VGA resolution, it's going to overdrive those monitors and the user is going to see a black screen when the installation program comes up. And the only way FreeBSD is going to get a graphical anything is by using Xorg, and FreeBSD does not maintain that distribution - so we are now dependent on the Xorg group writing their code with no bugs for our installation program to work. 4) Installation programs by and large are not fun programs to work on. Most developers avoid them. They are thankless tasks - you don't hear squat for thanks from anyone when they work, but you make the least mistake and everyone is on your neck. 5) Finally, sysinstall is a one-shot program. You use it once, the system is installed, and you never have to touch it again. There's lots of other things in FreeBSD that are critical things that will stop an installation cold. Such as lack of device support for some new piece of hardware.
