Re: Bandwidth Control in FreeBSD 8
On 9/15/2009 2:24 AM, perl info wrote: I have two questions in regards to a FreeBSD Server and avoiding ISP bandwidth charges. Are there changes to the ways bandwidth can be controlled in FreeBSD 8. Is there an accepted or standardized method to control and limit bandwidth usage over an interface. Changes I don't know about. But you can use IPFW to limit and measure the bandwidth you're using. You can also use darkstat (port) to measure the traffic you're generating. -- Frederique ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rebinding keys to functions
On Tue, Sep 15, 2009 at 01:38:18AM +0200, Mel Flynn wrote: Not all of them. My laptop is based on a quite modern cantiga (aka centrino2) PM45 chipset (from 2008, according to Wikipedia). The function keys for changing the creen brightness and sound volume work OK with FreeBSD, even though xev doesn't see them. So that signal seems to go directly to the hardware. Most likely not entirely. Having acpidump(8)ed a few laptops, I have seen references to multimedia keys in there. However I know not nearly enough about ACPI to know if the OS can intercept/reroute the bindings. A gamble I would take is to let FreeBSD post itself as a windows variant to acpi, by setting hw.acpi.osname=Windows 2001 in /boot/loader.conf. Then recheck xev. What would you see in the acpidump that indicates those keys? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpl1pHBsDqvg.pgp Description: PGP signature
Re: rebinding keys to functions
Roland Smith rsm...@xs4all.nl wrote: Writing a driver to detect if headphones are connected sounds much more complicated to me than connecting a couple of switches! I mean, you'd have to measure something like the impedance of the jack. Surely that is more expensive than a simple switch? Or use a simpler jack, with one switch that connects to ground or not depending on whether the plug is inserted or not. It probably costs a cent or two less than the usual two-switch variety, and this is a BOM (Bill Of Materials, i.e. per-unit-built) savings. Writing the driver is an NRE (non-recurring engineering) expense which can be amortized over -- the manufacturer hopes -- a huge number of delivered units. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Giorgos Keramidas wrote: Przemyslaw should email security-officer with any details he thinks are relevant. Then the security team will make sure to fix the bug for all affected releases of FreeBSD, release a patch with the fix, issue an advisory through the usual channels, and post the details online at our security information web pages at http://www.FreeBSD.org/security/. I see that I received a lot of criticism after disclosing 6.4 vulnerability. Please read some facts: I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep directly to security officer. None of them were responded. I haven't filled any PRs, because it would disclose details of vulnerability to the public and allow blackhats to exploit it. I won't publish anything more than video, before official security advisory. The exploit is private to me and it won't be given to the community. Michael Powell wrote: Quoted from ~freebsd.security.general: The bug was fixed in 6.1-STABLE, just before release of 6.2-RELEASE, but was not recognized as security vulnerability. This is another bug. The former one affected only 6.1, this one affects everything up to 6.4-STABLE. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Non-root user and accept() or listen()
2009/9/14 Chris Rees utis...@googlemail.com Isn't this a bit drastic? Listening sockets are opened by very many types of processes, as well as remembering that sendmail, BIND, and others don't actually run as root... I suppose it'd be possible, but would it actually be useful? Sure, those open listening sockets. But those are things I want to listen. Now suppose a user account was hacked, and Bob sets up a web server listening on some random port above 1024. If Bob couldn't use listen() he wouldn't be able to do that. Of course, user accounts should be made secure, but what I am getting at is making the hack much less useful. BTW, there may be an ipfw rule for this, I'll have to look it up when my servers are back online! Chris Frem. (Apologies for Gmail quoting, which is horrible). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rebinding keys to functions
On Tuesday 15 September 2009 09:01:00 Roland Smith wrote: On Tue, Sep 15, 2009 at 01:38:18AM +0200, Mel Flynn wrote: Not all of them. My laptop is based on a quite modern cantiga (aka centrino2) PM45 chipset (from 2008, according to Wikipedia). The function keys for changing the creen brightness and sound volume work OK with FreeBSD, even though xev doesn't see them. So that signal seems to go directly to the hardware. Most likely not entirely. Having acpidump(8)ed a few laptops, I have seen references to multimedia keys in there. However I know not nearly enough about ACPI to know if the OS can intercept/reroute the bindings. A gamble I would take is to let FreeBSD post itself as a windows variant to acpi, by setting hw.acpi.osname=Windows 2001 in /boot/loader.conf. Then recheck xev. What would you see in the acpidump that indicates those keys? Example, HPDV9000: If (LEqual (Local1, 0x07)) { Store (Fn+F7 Pressed, Debug) If (LEqual (OSYS, 0x07D6)) { If (IGDS) { Notify (\_SB.PCI0.GFX0.DD04, 0x87) } Else { Notify (\_SB.PCI0.PEGP.VGA.LCD, 0x87) } } Else { Store (0x15, SMIF) Store (0x00, TRP0) } Fn+F7 = screen darker. See the ref to OSYS. Also: Method (_Q16, 0, NotSerialized) { Store (!!! DVD/Music Button pressed !!!, Debug) If (LEqual (OSYS, 0x07D6)) { And: If (\_OSI (Windows 2006)) { Store (0x07D6, OSYS) } -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Monday 14 September 2009 23:46:42 David Kelly wrote: On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: Am 2009/9/14 Dan Goodin dgoo...@sitpub.com writhed: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief article about this. Please let me know ASAP if someone cares to comment. Has anyone submitted a PR about this? Przemyslaw Frasunek has PR's posted but none recent. IMO if a PR is not submitted then one has *not* informed the Powers That Be. Wrong. Security bugs should be reported to the security team, not PR'd. It's typical for security issues to be kept hushed until a fix is ready. As a result, there are usually no PRs, and in the case where the person who discovered the problem is amenable, there is no public discussion at all until a fix is available. Apparently, Mr. Frasunek started out down that path, which is admirable. It seems as if he doesn't have much patience, however, since he thinks that only 2 weeks is enough time to fix a security problem and QA the fix. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't boot Marvel Sheevaplug from USB
Hi everyone, I'm also playing with a Sheevaplug and I'm running into the same problem as reported by Rafal Jaworowski, but I think I have a clearer picture of what goes wrong. To recap, the kernel fails to mount the root filesystem because the partition on the USB stick isn't recognized by the kernel: FreeBSD 9.0-CURRENT #4: Mon Sep 14 19:57:10 CEST 2009 -- blablabla -- ugen0.1: Marvell at usbus0 uhub0: Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1 on usbus0 uhub0: 1 port with 1 removable, self powered Root mount waiting for: usbus0 ugen0.2: vendor 0x0930 at usbus0 umass0: vendor 0x0930 USB Flash Memory, class 0/0, rev 2.00/1.00, addr 2 on usbus0 umass0: SCSI over Bulk-Only; quirks = 0x Root mount waiting for: usbus0 umass0:0:0:-1: Attached to scbus0 Trying to mount root from ufs:/dev/da0s1a ROOT MOUNT ERROR: I think the problem is that the partition is detected only after the USB bus has been scanned. If I configure a kernel to boot from the network instead, it does recognize the USB device because of the additional delay involved in booting from the network: FreeBSD 9.0-CURRENT #5: Mon Sep 14 20:45:30 CEST 2009 -- blablabla -- ugen0.1: Marvell at usbus0 uhub0: Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1 on usbus0 uhub0: 1 port with 1 removable, self powered mge0: link state changed to UP Received DHCP Offer packet on mge0 from 130.89.1.145 via 130.89.160.4 (accepted) (no root path) Received DHCP Offer packet on mge0 from 130.89.1.144 via 130.89.160.5 (ignored) (no root path) ugen0.2: vendor 0x0930 at usbus0 umass0: vendor 0x0930 USB Flash Memory, class 0/0, rev 2.00/1.00, addr 2 on usbus0 umass0: SCSI over Bulk-Only; quirks = 0x umass0:0:0:-1: Attached to scbus0 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed Retrying Command (per Sense Data) (probe0:umass-sim0:0:0:0): Retrying Command pass0 at umass-sim0 bus 0 scbus0 target 0 lun 0 pass0: USB Flash Memory 1.00 Removable Direct Access SCSI-2 device pass0: Serial Number 0612140557130 pass0: 40.000MB/s transfers GEOM: new disk da0 da0 at umass-sim0 bus 0 scbus0 target 0 lun 0 da0: USB Flash Memory 1.00 Removable Direct Access SCSI-2 device da0: Serial Number 0612140557130 da0: 40.000MB/s transfers da0: 962MB (1971200 512 byte sectors: 64H 32S/T 962C) Of course with the kernel configured like this, the kernel wants to mount the root filesystem from NFS and I can't break into the mountroot prompt! It seems that the kernel assumes that it only needs to wait for the USB bus to finish scanning and then expects the root partition to be available, but apparently partitions can be detected after that. Does anyone have a suggestion how to deal with this? Is there a way to insert a delay before trying to mount root? (I tried setting SCSI_DELAY to 5000 but this didn't seem to have any effect -- I didn't notice any delay. Maybe this isn't supported for the ARM architecture?) Kind regards, Maks Verver. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Non-root user and accept() or listen()
On Tue, Sep 15, 2009 at 11:39:05AM +0100, Freminlins typed: 2009/9/14 Chris Rees utis...@googlemail.com Isn't this a bit drastic? Listening sockets are opened by very many types of processes, as well as remembering that sendmail, BIND, and others don't actually run as root... I suppose it'd be possible, but would it actually be useful? Sure, those open listening sockets. But those are things I want to listen. Now suppose a user account was hacked, and Bob sets up a web server listening on some random port above 1024. If Bob couldn't use listen() he wouldn't be able to do that. Haven't tried it, but you can probably set net.inet.ip.portrange.reservedhigh to 65535. That way only root can bind(2) to any port. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: libnsl.so.1
On Tuesday 15 September 2009 02:43:32 Joe R. Jah wrote: On Tue, 15 Sep 2009, Mel Flynn wrote: Date: Tue, 15 Sep 2009 01:17:02 +0200 From: Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net To: freebsd-questions@freebsd.org Cc: Joe R. Jah j...@cloud.ccsf.cc.ca.us Subject: Re: libnsl.so.1 On Tuesday 15 September 2009 00:02:50 Joe R. Jah wrote: Hello all, I want to install a dispather module from Day Communique software on apache22. The binaray mod_dispatcher.so is provided by Day as a 64 bit *NIX compatible module to place in apache22 module directory. The mocule requires a shared library missing from system: --8-- # apachectl -t httpd: Syntax error on line 827 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/mod_dispatcher.so into server: Shared object libnsl.so.1 not found, required by mod_dispatcher.so --8-- Does anyone know where to download libnsl.so.1, or from what port it can be installed? nsl=name service library. All of it's functions are in FreeBSD implement in libc. If this mod_dispatcher.so is indeed loadable by FreeBSD's linker, then you can provide a dummy libnsl.so.1, like so: $ cat 'EOF' BSDmakefile SHLIB=nsl SHLIB_MAJOR=1 NO_MAN=yes SRCS=nsl.c .include bsd.lib.mk EOF $ cat 'EOF' nsl.c int nsl_dummy(void); int nsl_dummy(void) { return 0; } EOF $ make; sudo make LIBDIR=/usr/local/lib install The symbols it's looking for should be provided by libc, but if there's any undefined ones, this trickery gets a little dangerous and you're better off asking the developers for a native FreeBSD version. Thank you Mel. You were right about undefined ones; Here's what I get: --8-- apachectl -t httpd: Syntax error on line 826 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/mod_dispatcher.so into server: /usr/local/libexec/apache22/mod_dispatcher.so: Undefined symbol __strdup --8-- Any more trickeries?;-) Sure, add #define __strdup strdup to nsl.c, however this road is not likely to end soon. It seems to be compiled for a linux system, at least for a SYSV system, while FreeBSD follows '4.4BSD'. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tuesday 15 September 2009 09:58:31 Przemyslaw Frasunek wrote: Giorgos Keramidas wrote: Przemyslaw should email security-officer with any details he thinks are relevant. Then the security team will make sure to fix the bug for all affected releases of FreeBSD, release a patch with the fix, issue an advisory through the usual channels, and post the details online at our security information web pages at http://www.FreeBSD.org/security/. I see that I received a lot of criticism after disclosing 6.4 vulnerability. Please read some facts: FWIW, I think some people here read with their eyes closed and I'm wondering myself, why security@ did not at least respond with a we're looking into it, please hold on, as we're busy with 8.0 release.. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 09:58:31 +0200, Przemyslaw Frasunek przemys...@frasunek.com wrote: Giorgos Keramidas wrote: Przemyslaw should email security-officer with any details he thinks are relevant. Then the security team will make sure to fix the bug for all affected releases of FreeBSD, release a patch with the fix, issue an advisory through the usual channels, and post the details online at our security information web pages at http://www.FreeBSD.org/security/. I see that I received a lot of criticism after disclosing 6.4 vulnerability. Please read some facts: I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep directly to security officer. None of them were responded. I haven't filled any PRs, because it would disclose details of vulnerability to the public and allow blackhats to exploit it. I won't publish anything more than video, before official security advisory. The exploit is private to me and it won't be given to the community. Hi Przemyslaw, What I wrote is not criticism for what you have or might have not done. I now know (after posting the initial message) that the security officer is preparing a fix and an advisory, so my response was more like ``this is the usual way of handling this sort of thing''. The wording was a bit careful to avoid implying that you didn't know or were not prepared to do what is appropriate :) pgp6EjWT4Gvtk.pgp Description: PGP signature
Re: Non-root user and accept() or listen()
On Monday 14 September 2009 18:47:18 Freminlins wrote: Hi, I am not sure if this exists (but don't think so), so I am asking. Is there a sysctl type thing to disallow non-root users, or indeed any specified user or group, from running a program with listen() ? What I am looking at is improving network security, such that if a user account is compromised it can then not be used to run a dodgy web server/whatever on a non-privileged port. Although I can firewall off any port I wish, it seems like an obvious thing to disallow any user from opening a listening socket in the first place. I am suggesting something like sysctl user.socket_listen with enable or disable. Am I being really daft? Or does this exist already? See mac_portacl(4). -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
building emulators/virtualbox-3.0.51r22902 fails in kBuild
Here's the last part of the output. kBuild: Compiling RuntimeR0Drv - /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/generic/RTMpIsCpuWorkPending-r0drv-generic.cpp kBuild: Compiling RuntimeR0Drv - /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/generic/mpnotification-r0drv-generic.cpp kBuild: Compiling RuntimeR0Drv - /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/alloc-r0drv-freebsd.c kBuild: Compiling RuntimeR0Drv - /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/assert-r0drv-freebsd.c In file included from /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/the-freebsd-kernel.h:60In file included from /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/the-freebsd-kernel.h:60, from /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/assert-r0drv-freebsd.c:34: /sys/vm/vm.h:64:24: error: machine/vm.h: No such file or directory , from /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/alloc-r0drv-freebsd.c:34: /sys/vm/vm.h:64:24: error: machine/vm.h: No such file or directory kmk[2]: *** [/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/obj/RuntimeR0Drv/r0drv/freebsd/alloc-r0drv-freebsd.o] Error 1 The failing command: @cc -c -O2 -Wall -Wextra -Wno-missing-field-initializers -Wno-unused -Wno-trigraphs -Wpointer-arith -Winline -Wno-pointer-sign -Wstrict-prototypes -Wmissing-prototypes -Wstrict-prototypes -Wnested-externs -O2 -fformat-extensions -ffreestanding -fno-strict-aliasing -fno-common -finline-limit=8000 -fno-stack-protector -O2 -mtune=generic -fno-omit-frame-pointer -nostdinc -std=c99 -m32 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/gen-sys-hdrs -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/include -I/sys -I/sys/contrib/altq -I/sys/../include -I/usr/include -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/include -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release -DVBOX -DVBOX_OSE -DVBOX_W! ITH_64_BITS_GUESTS -DVBOX_WITH_HARDENING -DRTPATH_APP_PRIVATE=\/usr/local/share/virtualbox\ -DRTPATH_APP_PRIVATE_ARCH=\/usr/local/lib/virtualbox\ -DRTPATH_SHARED_LIBS=\/usr/local/lib/virtualbox\ -DRTPATH_APP_DOCS=\/usr/local/share/doc/virtualbox\ -DRT_OS_FREEBSD -D__FREEBSD__ -DRT_ARCH_X86 -D__X86__ -D_KERNEL -DKLD_MODULE -DIN_RING0 -DIN_RT_R0 -DIN_RT_R0 -DRT_WITH_VBOX -DRT_WITHOUT_NOCRT_WRAPPERS -DRT_NO_EXPORT_SYMBOL -Wp,-MD,/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/obj/RuntimeR0Drv/r0drv/freebsd/alloc-r0drv-freebsd.o.dep -Wp,-MT,/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/obj/RuntimeR0Drv/r0drv/freebsd/alloc-r0drv-freebsd.o -Wp,-MP -o /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/obj/RuntimeR0Drv/r0drv/freebsd/alloc-r0drv-freebsd.o /usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/r0drv/freebsd/alloc-r0drv-freebsd.c kmk[2]: *** Waiting for unfinished jobs kmk[2]: *** [/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/obj/RuntimeR0Drv/r0drv/freebsd/assert-r0drv-freebsd.o] Error 1 The failing command: @cc -c -O2 -Wall -Wextra -Wno-missing-field-initializers -Wno-unused -Wno-trigraphs -Wpointer-arith -Winline -Wno-pointer-sign -Wstrict-prototypes -Wmissing-prototypes -Wstrict-prototypes -Wnested-externs -O2 -fformat-extensions -ffreestanding -fno-strict-aliasing -fno-common -finline-limit=8000 -fno-stack-protector -O2 -mtune=generic -fno-omit-frame-pointer -nostdinc -std=c99 -m32 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release/gen-sys-hdrs -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/src/VBox/Runtime/include -I/sys -I/sys/contrib/altq -I/sys/../include -I/usr/include -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/include -I/usr/ports/emulators/virtualbox/work/virtualbox-3.0.51r22902/out/freebsd.x86/release -DVBOX -DVBOX_OSE -DVBOX_W! ITH_64_BITS_GUESTS -DVBOX_WITH_HARDENING -DRTPATH_APP_PRIVATE=\/usr/local/share/virtualbox\ -DRTPATH_APP_PRIVATE_ARCH=\/usr/local/lib/virtualbox\ -DRTPATH_SHARED_LIBS=\/usr/local/lib/virtualbox\
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 07:18:26 -0400 Bill Moran wmo...@potentialtech.com wrote: Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Monday 14 September 2009 23:46:42 David Kelly wrote: On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: Am 2009/9/14 Dan Goodin dgoo...@sitpub.com writhed: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief article about this. Please let me know ASAP if someone cares to comment. Has anyone submitted a PR about this? Przemyslaw Frasunek has PR's posted but none recent. IMO if a PR is not submitted then one has *not* informed the Powers That Be. Wrong. Security bugs should be reported to the security team, not PR'd. It's typical for security issues to be kept hushed until a fix is ready. As a result, there are usually no PRs, and in the case where the person who discovered the problem is amenable, there is no public discussion at all until a fix is available. Apparently, Mr. Frasunek started out down that path, which is admirable. It seems as if he doesn't have much patience, however, since he thinks that only 2 weeks is enough time to fix a security problem and QA the fix. I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. -- Jerry ges...@yahoo.com If there is a possibility of several things going wrong, the one that will cause the most damage will be the one to go wrong. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 2009-09-15 at 10:49 -0400, Jerry wrote: On Tue, 15 Sep 2009 07:18:26 -0400 Bill Moran wmo...@potentialtech.com wrote: Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Monday 14 September 2009 23:46:42 David Kelly wrote: On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: snip I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. Jerry, point your aggregator to http://www.freebsd.org/security/advisories.rdf There have only been 12 security advisories put out this year, as far as I can tell. Nothing about this one, though. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
In response to Jerry ges...@yahoo.com: On Tue, 15 Sep 2009 07:18:26 -0400 Bill Moran wmo...@potentialtech.com wrote: Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Monday 14 September 2009 23:46:42 David Kelly wrote: On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: Am 2009/9/14 Dan Goodin dgoo...@sitpub.com writhed: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief article about this. Please let me know ASAP if someone cares to comment. Has anyone submitted a PR about this? Przemyslaw Frasunek has PR's posted but none recent. IMO if a PR is not submitted then one has *not* informed the Powers That Be. Wrong. Security bugs should be reported to the security team, not PR'd. It's typical for security issues to be kept hushed until a fix is ready. As a result, there are usually no PRs, and in the case where the person who discovered the problem is amenable, there is no public discussion at all until a fix is available. Apparently, Mr. Frasunek started out down that path, which is admirable. It seems as if he doesn't have much patience, however, since he thinks that only 2 weeks is enough time to fix a security problem and QA the fix. I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. Because releasing security advisories before there is a fix available is not responsible use of the information, and (as is being discussed) the fix is still in the works. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Approx. restore time estimate
I was wondering if 24, 48, 72 hrs or even a lifetime was the order of time. I am now approaching 24 hrs. probably wait until my geriatric years and come back to look at the machine ... lol!!! Or would I have been better off using dd if=/dev/* of=output/path/filename [options] All other things being equal, would the removal of the restore overheads be significant relative to those from dd . Thanks Lars Eighner-2 wrote: On Mon, 14 Sep 2009, jaymax wrote: Thanks! That might explain. Is there an alternate process you would recommend with at least equal reliability. I don't know of anything that isn't a bigger can of worms in a file system of any complexity to speak of. BTW I should have mentioned that I was restoring from a disk file rather than from a tape I was speaking of disk to disk. -- View this message in context: http://www.nabble.com/Approx.-restore-time-estimate-tp25443580p25457128.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 11:13:31 -0400 Bill Moran wmo...@potentialtech.com wrote: In response to Jerry ges...@yahoo.com: On Tue, 15 Sep 2009 07:18:26 -0400 Bill Moran wmo...@potentialtech.com wrote: Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Monday 14 September 2009 23:46:42 David Kelly wrote: On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: Am 2009/9/14 Dan Goodin dgoo...@sitpub.com writhed: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief article about this. Please let me know ASAP if someone cares to comment. Has anyone submitted a PR about this? Przemyslaw Frasunek has PR's posted but none recent. IMO if a PR is not submitted then one has *not* informed the Powers That Be. Wrong. Security bugs should be reported to the security team, not PR'd. It's typical for security issues to be kept hushed until a fix is ready. As a result, there are usually no PRs, and in the case where the person who discovered the problem is amenable, there is no public discussion at all until a fix is available. Apparently, Mr. Frasunek started out down that path, which is admirable. It seems as if he doesn't have much patience, however, since he thinks that only 2 weeks is enough time to fix a security problem and QA the fix. I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. Because releasing security advisories before there is a fix available is not responsible use of the information, and (as is being discussed) the fix is still in the works. I disagree. If I have a medical problem, or what ever, I expect to be informed of it. The fact that there is no known cure, fix, etc. is immaterial, if in fact not grossly negligent. Being keep ignorant of a security problem is as foolish a theory as Security through Obscurity. I find the http://www.us-cert.gov/ updates invaluable. The fact that apparently FBSD does not encompass them I find discomforting. BTW, please do not CC: me. I am subscribe to the list and do not need multiple copies of the same post. -- Jerry ges...@yahoo.com There is no sin but ignorance. Christopher Marlowe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 13:03:50 -0400 Jerry ges...@yahoo.com wrote: On Tue, 15 Sep 2009 11:13:31 -0400 Bill Moran wmo...@potentialtech.com wrote: In response to Jerry ges...@yahoo.com: I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. Because releasing security advisories before there is a fix available is not responsible use of the information, and (as is being discussed) the fix is still in the works. I disagree. If I have a medical problem, or what ever, I expect to be informed of it. The fact that there is no known cure, fix, etc. is immaterial, if in fact not grossly negligent. This is a stupid and non-relevant comparison. A better comparison would be if I realized that you'd left your car door unlocked in a less than safe neighborhood. Would you rather I told you discreetly, or just started shouting it out loud to the neighborhood? Wait, I know the answer, if I see _your_ car unlocked, I'll just start shouting. Being keep ignorant of a security problem is as foolish a theory as Security through Obscurity. No, it's not. And I don't even want to hear your ill-fitting metaphor for how you arrived at that conclusion. I find the http://www.us-cert.gov/ updates invaluable. The fact that apparently FBSD does not encompass them I find discomforting. You're missing the fact that FreeBSD's security issues _are_ listed there, when appropriate. Your obvious ignorance of how things operate absolves you of any right to complain. BTW, please do not CC: me. I am subscribe to the list and do not need multiple copies of the same post. Whine me a river, for crying out loud. List policy on this list since the Dawn of Time has been to CC the list and the poster. I'm not going to check with everyone on the list to see if they're subscribed or not. Don't like it? Get off the list. -Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
krootimage crashed at KDE 3.5 startup on signal 11 (7.2 STABLE)
Hi folks!!! For some reason im getting krootimage (the wallpaper manager of kde) crashing everytime when i login... Any ideas of how to fix that? All the best! Jero ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
looking for motherboard with 7.2 proven suspend/resume
S3 is a key feature for me for my desktops. I have gone thru probably 5 mobo's and 5 laptops in my time as a FBSD user, the only one which ever S3'd was a compaq of all things (well, lots of them will S3 if you kldunload usb, but they crash/hang/etc on resume generally). Anyway, it's time for a new system, and as long as I can shove a somewhat modern dual core in it, my second most critical criteria for purchase is that S3 works with FreeBSD with a minimum of or at least well described hacking. Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 13:18:29 -0400 Bill Moran wmo...@potentialtech.com wrote: On Tue, 15 Sep 2009 13:03:50 -0400 Jerry ges...@yahoo.com wrote: On Tue, 15 Sep 2009 11:13:31 -0400 Bill Moran wmo...@potentialtech.com wrote: In response to Jerry ges...@yahoo.com: I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. Because releasing security advisories before there is a fix available is not responsible use of the information, and (as is being discussed) the fix is still in the works. I disagree. If I have a medical problem, or what ever, I expect to be informed of it. The fact that there is no known cure, fix, etc. is immaterial, if in fact not grossly negligent. This is a stupid and non-relevant comparison. A better comparison would be if I realized that you'd left your car door unlocked in a less than safe neighborhood. Would you rather I told you discreetly, or just started shouting it out loud to the neighborhood? Wait, I know the answer, if I see _your_ car unlocked, I'll just start shouting. The fact is, that you do in fact notify me. Keeping important security information secret benefits no one, except for possibly those responsible for the problem to begin with who do not want the knowledge of the problem to become public. A multitude of software, such as Mozilla, publish known security holes in their software. The ramifications of allowing a user to actively use a piece of software when a known bug/exploit/etc. exists within it is grossly negligent. Being keep ignorant of a security problem is as foolish a theory as Security through Obscurity. No, it's not. And I don't even want to hear your ill-fitting metaphor for how you arrived at that conclusion. I find the http://www.us-cert.gov/ updates invaluable. The fact that apparently FBSD does not encompass them I find discomforting. You're missing the fact that FreeBSD's security issues _are_ listed there, when appropriate. Your obvious ignorance of how things operate absolves you of any right to complain. BTW, please do not CC: me. I am subscribe to the list and do not need multiple copies of the same post. Whine me a river, for crying out loud. List policy on this list since the Dawn of Time has been to CC the list and the poster. I'm not going to check with everyone on the list to see if they're subscribed or not. Don't like it? Get off the list. I just check the FreeBSD list web page, http://lists.freebsd.org/mailman/listinfo/freebsd-questions and failed to find any indication that CC:ing was the desired posting response. In fact, except for a few, perhaps one or two others, I am not aware of any perpetual CC:'s on this list. Then again, I doubt that they feel as threatened when their beliefs are questioned. Perhaps you should seek professional help for your anger issues. Now, if you don't like that, KISS MY ASS. -Bill -- Jerry ges...@yahoo.com If it doesn't smell yet, it's pretty fresh. Dave Johnson, on dead seagulls ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: krootimage crashed at KDE 3.5 startup on signal 11 (7.2 STABLE)
On Tuesday 15 September 2009 19:35:47 Jeronimo Calvo wrote: Hi folks!!! For some reason im getting krootimage (the wallpaper manager of kde) crashing everytime when i login... Any ideas of how to fix that? Any chance you have two jpeg versions lying around? Please provide ldd -a output of krootimage. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: krootimage crashed at KDE 3.5 startup on signal 11 (7.2 STABLE)
Yes, I remember I had an error when I ran pkgdb -F due to 2 different versions of jpeg... here is the output: $ ldd -a /usr/local/bin/krootimage /usr/local/bin/krootimage: libkio.so.6 = /usr/local/lib/libkio.so.6 (0x80064f000) libkdeui.so.6 = /usr/local/lib/libkdeui.so.6 (0x800b35000) libkdesu.so.6 = /usr/local/lib/libkdesu.so.6 (0x800fef000) libkwalletclient.so.1 = /usr/local/lib/libkwalletclient.so.1 (0x801108000) libkdecore.so.6 = /usr/local/lib/libkdecore.so.6 (0x80121b000) libDCOP.so.6 = /usr/local/lib/libDCOP.so.6 (0x8015c1000) libutil.so.7 = /lib/libutil.so.7 (0x8016fb000) libart_lgpl_2.so.5 = /usr/local/lib/libart_lgpl_2.so.5 (0x80180a000) libidn.so.16 = /usr/local/lib/libidn.so.16 (0x801921000) libintl.so.8 = /usr/local/lib/libintl.so.8 (0x801a53000) libiconv.so.3 = /usr/local/lib/libiconv.so.3 (0x801b5c000) libkdefx.so.6 = /usr/local/lib/libkdefx.so.6 (0x801d56000) libqt-mt.so.3 = /usr/local/lib/libqt-mt.so.3 (0x801e81000) libpng.so.5 = /usr/local/lib/libpng.so.5 (0x802796000) libXext.so.6 = /usr/local/lib/libXext.so.6 (0x8028bc000) libSM.so.6 = /usr/local/lib/libSM.so.6 (0x8029cd000) libICE.so.6 = /usr/local/lib/libICE.so.6 (0x802ad5000) libXrender.so.1 = /usr/local/lib/libXrender.so.1 (0x802bef000) libX11.so.6 = /usr/local/lib/libX11.so.6 (0x802cf8000) libxcb.so.2 = /usr/local/lib/libxcb.so.2 (0x802f26000) libXau.so.6 = /usr/local/lib/libXau.so.6 (0x80304) libXdmcp.so.6 = /usr/local/lib/libXdmcp.so.6 (0x803143000) librpcsvc.so.4 = /usr/lib/librpcsvc.so.4 (0x803248000) libz.so.4 = /lib/libz.so.4 (0x803351000) libfam.so.0 = /usr/local/lib/libfam.so.0 (0x803465000) libjpeg.so.10 = /usr/local/lib/libjpeg.so.10 (0x80356d000) libstdc++.so.6 = /usr/lib/libstdc++.so.6 (0x8036a1000) libm.so.5 = /lib/libm.so.5 (0x8038ad000) libgcc_s.so.1 = /lib/libgcc_s.so.1 (0x8039c7000) libthr.so.3 = /lib/libthr.so.3 (0x803ad4000) libc.so.7 = /lib/libc.so.7 (0x803bec000) /usr/local/lib/libkio.so.6: libkdeui.so.6 = /usr/local/lib/libkdeui.so.6 (0x800b35000) libkdesu.so.6 = /usr/local/lib/libkdesu.so.6 (0x800fef000) libkwalletclient.so.1 = /usr/local/lib/libkwalletclient.so.1 (0x801108000) libkdecore.so.6 = /usr/local/lib/libkdecore.so.6 (0x80121b000) libDCOP.so.6 = /usr/local/lib/libDCOP.so.6 (0x8015c1000) libutil.so.7 = /lib/libutil.so.7 (0x8016fb000) libart_lgpl_2.so.5 = /usr/local/lib/libart_lgpl_2.so.5 (0x80180a000) libidn.so.16 = /usr/local/lib/libidn.so.16 (0x801921000) libintl.so.8 = /usr/local/lib/libintl.so.8 (0x801a53000) libiconv.so.3 = /usr/local/lib/libiconv.so.3 (0x801b5c000) libkdefx.so.6 = /usr/local/lib/libkdefx.so.6 (0x801d56000) libqt-mt.so.3 = /usr/local/lib/libqt-mt.so.3 (0x801e81000) libpng.so.5 = /usr/local/lib/libpng.so.5 (0x802796000) libXext.so.6 = /usr/local/lib/libXext.so.6 (0x8028bc000) libSM.so.6 = /usr/local/lib/libSM.so.6 (0x8029cd000) libICE.so.6 = /usr/local/lib/libICE.so.6 (0x802ad5000) libXrender.so.1 = /usr/local/lib/libXrender.so.1 (0x802bef000) libX11.so.6 = /usr/local/lib/libX11.so.6 (0x802cf8000) libxcb.so.2 = /usr/local/lib/libxcb.so.2 (0x802f26000) libXau.so.6 = /usr/local/lib/libXau.so.6 (0x80304) libXdmcp.so.6 = /usr/local/lib/libXdmcp.so.6 (0x803143000) librpcsvc.so.4 = /usr/lib/librpcsvc.so.4 (0x803248000) libz.so.4 = /lib/libz.so.4 (0x803351000) libfam.so.0 = /usr/local/lib/libfam.so.0 (0x803465000) libjpeg.so.10 = /usr/local/lib/libjpeg.so.10 (0x80356d000) libstdc++.so.6 = /usr/lib/libstdc++.so.6 (0x8036a1000) libm.so.5 = /lib/libm.so.5 (0x8038ad000) libc.so.7 = /lib/libc.so.7 (0x803bec000) libgcc_s.so.1 = /lib/libgcc_s.so.1 (0x8039c7000) /usr/local/lib/libkdeui.so.6: libkdecore.so.6 = /usr/local/lib/libkdecore.so.6 (0x80121b000) libDCOP.so.6 = /usr/local/lib/libDCOP.so.6 (0x8015c1000) libutil.so.7 = /lib/libutil.so.7 (0x8016fb000) libart_lgpl_2.so.5 = /usr/local/lib/libart_lgpl_2.so.5 (0x80180a000) libidn.so.16 = /usr/local/lib/libidn.so.16 (0x801921000) libintl.so.8 = /usr/local/lib/libintl.so.8 (0x801a53000) libiconv.so.3 = /usr/local/lib/libiconv.so.3 (0x801b5c000) libkdefx.so.6 = /usr/local/lib/libkdefx.so.6 (0x801d56000) libqt-mt.so.3 = /usr/local/lib/libqt-mt.so.3 (0x801e81000) libpng.so.5 = /usr/local/lib/libpng.so.5 (0x802796000) libz.so.4 = /lib/libz.so.4 (0x803351000) libXext.so.6 = /usr/local/lib/libXext.so.6 (0x8028bc000) libSM.so.6 = /usr/local/lib/libSM.so.6 (0x8029cd000) libICE.so.6 = /usr/local/lib/libICE.so.6 (0x802ad5000) libXrender.so.1 =
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tuesday 15 September 2009 20:13:17 Jerry wrote: On Tue, 15 Sep 2009 13:18:29 -0400 Bill Moran wmo...@potentialtech.com wrote: On Tue, 15 Sep 2009 13:03:50 -0400 Jerry ges...@yahoo.com wrote: On Tue, 15 Sep 2009 11:13:31 -0400 Bill Moran wmo...@potentialtech.com wrote: In response to Jerry ges...@yahoo.com: I usually discover security problems with updates I receive from http://www.us-cert.gov/. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. Because releasing security advisories before there is a fix available is not responsible use of the information, and (as is being discussed) the fix is still in the works. I disagree. If I have a medical problem, or what ever, I expect to be informed of it. The fact that there is no known cure, fix, etc. is immaterial, if in fact not grossly negligent. This is a stupid and non-relevant comparison. A better comparison would be if I realized that you'd left your car door unlocked in a less than safe neighborhood. Would you rather I told you discreetly, or just started shouting it out loud to the neighborhood? Wait, I know the answer, if I see _your_ car unlocked, I'll just start shouting. The fact is, that you do in fact notify me. Keeping important security information secret benefits no one, except for possibly those responsible for the problem to begin with who do not want the knowledge of the problem to become public. A multitude of software, such as Mozilla, publish known security holes in their software. The ramifications of allowing a user to actively use a piece of software when a known bug/exploit/etc. exists within it is grossly negligent. Please inform yourself properly before assuming you're right. Mozilla does not by default publish vulnerabilities before a fix is known. In some cases publishing has been delayed by months. The exception is when exploits are already in the wild and a work around is available, while a real fix will take more work. This is also why vulnerabilities are typically not disclosed till a fix is known, because it does not protect the typical user, but puts him in harms way, which is exactly what you don't want. In theory, if I know the details of this particular exploit, I can patch my 6.4 machines myself, but more realistically, if developers take all this time to come up with a solution that doesn't break functionality the chances that I and more casual users can do this are slim. Meanwhile, the exploit will be coded into the usual rootkits and internet scanners and casualties will be made. That doesn't help anyone. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Jerry wrote: Now, if you don't like that, KISS MY ASS. I love IT mail lists! So classy. DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Quincy Adams ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: looking for motherboard with 7.2 proven suspend/resume
On 9/15/09, Steve Franks bahamasfra...@gmail.com wrote: S3 is a key feature for me for my desktops. I have gone thru probably 5 mobo's and 5 laptops in my time as a FBSD user, the only one which ever S3'd was a compaq of all things (well, lots of them will S3 if you kldunload usb, but they crash/hang/etc on resume generally). Anyway, it's time for a new system, and as long as I can shove a somewhat modern dual core in it, my second most critical criteria for purchase is that S3 works with FreeBSD with a minimum of or at least well described hacking. Resume doesnt work on i386 SMP, on amd64 it should work (at least it worked on Intel T5500 last time I tried). -- Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: krootimage crashed at KDE 3.5 startup on signal 11 (7.2 STABLE)
On Tuesday 15 September 2009 20:48:55 Jeronimo Calvo wrote: Yes, I remember I had an error when I ran pkgdb -F due to 2 different versions of jpeg... here is the output: $ ldd -a /usr/local/bin/krootimage ... /usr/local/lib/libqt-mt.so.3: libaudio.so.2 = /usr/local/lib/libaudio.so.2 (0x803e1) libXt.so.6 = /usr/local/lib/libXt.so.6 (0x803f27000) libmng.so.1 = /usr/local/lib/libmng.so.1 (0x804086000) libjpeg.so.9 = /usr/local/lib/compat/pkg/libjpeg.so.9 (0x8041e6000) libpng.so.5 = /usr/local/lib/libpng.so.5 (0x802796000) libz.so.4 = /lib/libz.so.4 (0x803351000) libXi.so.6 = /usr/local/lib/libXi.so.6 (0x804307000) libXrender.so.1 = /usr/local/lib/libXrender.so.1 (0x802bef000) libXrandr.so.2 = /usr/local/lib/libXrandr.so.2 (0x80441) libXcursor.so.1 = /usr/local/lib/libXcursor.so.1 (0x804518000) libXinerama.so.1 = /usr/local/lib/libXinerama.so.1 (0x804622000) libXft.so.2 = /usr/local/lib/libXft.so.2 (0x804724000) libfreetype.so.9 = /usr/local/lib/libfreetype.so.9 (0x804837000) libfontconfig.so.1 = /usr/local/lib/libfontconfig.so.1 (0x8049b6000) libXext.so.6 = /usr/local/lib/libXext.so.6 (0x8028bc000) libX11.so.6 = /usr/local/lib/libX11.so.6 (0x802cf8000) libSM.so.6 = /usr/local/lib/libSM.so.6 (0x8029cd000) libICE.so.6 = /usr/local/lib/libICE.so.6 (0x802ad5000) libstdc++.so.6 = /usr/lib/libstdc++.so.6 (0x8036a1000) libm.so.5 = /lib/libm.so.5 (0x8038ad000) libgcc_s.so.1 = /lib/libgcc_s.so.1 (0x8039c7000) libthr.so.3 = /lib/libthr.so.3 (0x803ad4000) libc.so.7 = /lib/libc.so.7 (0x803bec000) /usr/local/lib/libmng.so.1: libm.so.5 = /lib/libm.so.5 (0x8038ad000) libz.so.4 = /lib/libz.so.4 (0x803351000) liblcms.so.1 = /usr/local/lib/liblcms.so.1 (0x804ae5000) libjpeg.so.9 = /usr/local/lib/compat/pkg/libjpeg.so.9 (0x8041e6000) libc.so.7 = /lib/libc.so.7 (0x803bec000) /usr/local/lib/compat/pkg/libjpeg.so.9: Those are the two culprits. Forcibly (portupgrade/portmaster -f) reinstall x11-toolkits/qt33 and graphics/libmng and make sure it's done from source, not from local packages. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 20:51:40 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: Please inform yourself properly before assuming you're right. Mozilla does not by default publish vulnerabilities before a fix is known. In some cases publishing has been delayed by months. The exception is when exploits are already in the wild and a work around is available, while a real fix will take more work. This is also why vulnerabilities are typically not disclosed till a fix is known, because it does not protect the typical user, but puts him in harms way, which is exactly what you don't want. In theory, if I know the details of this particular exploit, I can patch my 6.4 machines myself, but more realistically, if developers take all this time to come up with a solution that doesn't break functionality the chances that I and more casual users can do this are slim. Meanwhile, the exploit will be coded into the usual rootkits and internet scanners and casualties will be made. That doesn't help anyone. Assume that I have discovered a vulnerability in a widely used, or even marginal for arguments sake, program. I now start to exploit that vulnerability. Now assume that you are responsible for maintaining, that program. Use any job description that suits you for this purpose. Are you claiming that since it may take several months to fix, it is better to let users be exploited rather than inform them that there is an exploitable problem in said software? I fine that extremely disturbing. As you can no doubt tell, I am not a believer in the Ignorance is bliss theory. -- Jerry ges...@yahoo.com In the days of old, When Knights were bold, And women were too cautious; Oh, those gallant days, When women were women, And men were really obnoxious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: krootimage crashed at KDE 3.5 startup on signal 11 (7.2 STABLE)
done and fixed!! thanks a lot!! btw, that was caused then to a portupgrade -f?? there is any additional steps, to solve any future errors caused by that as well?? Cheers! 2009/9/15 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net: On Tuesday 15 September 2009 20:48:55 Jeronimo Calvo wrote: Yes, I remember I had an error when I ran pkgdb -F due to 2 different versions of jpeg... here is the output: $ ldd -a /usr/local/bin/krootimage ... /usr/local/lib/libqt-mt.so.3: libaudio.so.2 = /usr/local/lib/libaudio.so.2 (0x803e1) libXt.so.6 = /usr/local/lib/libXt.so.6 (0x803f27000) libmng.so.1 = /usr/local/lib/libmng.so.1 (0x804086000) libjpeg.so.9 = /usr/local/lib/compat/pkg/libjpeg.so.9 (0x8041e6000) libpng.so.5 = /usr/local/lib/libpng.so.5 (0x802796000) libz.so.4 = /lib/libz.so.4 (0x803351000) libXi.so.6 = /usr/local/lib/libXi.so.6 (0x804307000) libXrender.so.1 = /usr/local/lib/libXrender.so.1 (0x802bef000) libXrandr.so.2 = /usr/local/lib/libXrandr.so.2 (0x80441) libXcursor.so.1 = /usr/local/lib/libXcursor.so.1 (0x804518000) libXinerama.so.1 = /usr/local/lib/libXinerama.so.1 (0x804622000) libXft.so.2 = /usr/local/lib/libXft.so.2 (0x804724000) libfreetype.so.9 = /usr/local/lib/libfreetype.so.9 (0x804837000) libfontconfig.so.1 = /usr/local/lib/libfontconfig.so.1 (0x8049b6000) libXext.so.6 = /usr/local/lib/libXext.so.6 (0x8028bc000) libX11.so.6 = /usr/local/lib/libX11.so.6 (0x802cf8000) libSM.so.6 = /usr/local/lib/libSM.so.6 (0x8029cd000) libICE.so.6 = /usr/local/lib/libICE.so.6 (0x802ad5000) libstdc++.so.6 = /usr/lib/libstdc++.so.6 (0x8036a1000) libm.so.5 = /lib/libm.so.5 (0x8038ad000) libgcc_s.so.1 = /lib/libgcc_s.so.1 (0x8039c7000) libthr.so.3 = /lib/libthr.so.3 (0x803ad4000) libc.so.7 = /lib/libc.so.7 (0x803bec000) /usr/local/lib/libmng.so.1: libm.so.5 = /lib/libm.so.5 (0x8038ad000) libz.so.4 = /lib/libz.so.4 (0x803351000) liblcms.so.1 = /usr/local/lib/liblcms.so.1 (0x804ae5000) libjpeg.so.9 = /usr/local/lib/compat/pkg/libjpeg.so.9 (0x8041e6000) libc.so.7 = /lib/libc.so.7 (0x803bec000) /usr/local/lib/compat/pkg/libjpeg.so.9: Those are the two culprits. Forcibly (portupgrade/portmaster -f) reinstall x11-toolkits/qt33 and graphics/libmng and make sure it's done from source, not from local packages. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
Jerry wrote: On Tue, 15 Sep 2009 20:51:40 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: Please inform yourself properly before assuming you're right. Mozilla does not by default publish vulnerabilities before a fix is known. In some cases publishing has been delayed by months. The exception is when exploits are already in the wild and a work around is available, while a real fix will take more work. This is also why vulnerabilities are typically not disclosed till a fix is known, because it does not protect the typical user, but puts him in harms way, which is exactly what you don't want. In theory, if I know the details of this particular exploit, I can patch my 6.4 machines myself, but more realistically, if developers take all this time to come up with a solution that doesn't break functionality the chances that I and more casual users can do this are slim. Meanwhile, the exploit will be coded into the usual rootkits and internet scanners and casualties will be made. That doesn't help anyone. Assume that I have discovered a vulnerability in a widely used, or even marginal for arguments sake, program. I now start to exploit that vulnerability. Now assume that you are responsible for maintaining, that program. Use any job description that suits you for this purpose. Are you claiming that since it may take several months to fix, it is better to let users be exploited rather than inform them that there is an exploitable problem in said software? I fine that extremely disturbing. As you can no doubt tell, I am not a believer in the Ignorance is bliss theory. I believe the point that others are trying to make is this. Your example requires that the exploit is known to the blackhats and in use currently. Their example assumes that exploit is only known to those who discovered it. This particular exploit is not believed to be known to the black hats, and not known to be in use currently. Is it better for an exploit to remain a secret and not is use, protecting those that may not get their systems patched in time (as the blackhats *will* most certainly put the exploit to use as soon as they are told about it). Or, let the exploit remain a secret until it is either fixed and a patch made available or discovered in use by blackhats. I think you are both right. If the exploit is not being used, keep it a secret and let the developers design a permanent fix. If the exploit is discovered publicly before the fix is out, warn everyone loudly and provide a workaround. I believe all software I am aware of handles exploits with that method. DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Quincy Adams http://appleseedinfo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tuesday 15 September 2009 21:14:25 Jerry wrote: On Tue, 15 Sep 2009 20:51:40 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: The exception is when exploits are already in the wild and a work around is available, while a real fix will take more work. Assume that I have discovered a vulnerability in a widely used, or even marginal for arguments sake, program. I now start to exploit that vulnerability. Now assume that you are responsible for maintaining, that program. Use any job description that suits you for this purpose. Are you claiming that since it may take several months to fix, it is better to let users be exploited rather than inform them that there is an exploitable problem in said software? I fine that extremely disturbing. Then I suggest you cancel your internet account(s). Also, it helps to read what people are writing. But for the corner case where you are the person reporting me this vulnerability, telling me you won't exploit it, then do it anyway, there is no guard in place, other then that sooner or later, you'll compromise a machine administered by someone able to retrace what happened and it'll come back to me and I'd move up the timetable, cook up a work around and publish the details. There is some level of trust between reporter and fixer, whether it be good or bad, it's simply a fact of life and not likely to change. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: where to put `startx` serverargs
Roland Smith schrieb am 2009-09-15: You can put them in /usr/local/lib/X11/xinit/xserverrc, together with the X server. Roland thx. could you tell me what exactly i need to put in that file? because i already tried adding `startx -- -nolisten inet6` to ~/.serverrc and that didn't work. cheers. alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: krootimage crashed at KDE 3.5 startup on signal 11 (7.2 STABLE)
On Tuesday 15 September 2009 21:23:40 Jeronimo Calvo wrote: done and fixed!! thanks a lot!! Good, and you're very welcome. btw, that was caused then to a portupgrade -f?? there is any additional steps, to solve any future errors caused by that as well?? Though the initial instructions about the jpeg upgrade were questionable at best, the current description is accurate and will resolve any future problems. You can of course reduce the amount of work by figuring out which ports still link with libjpeg.so.9, using ldd on /usr/local/bin/* and /usr/local/sbin/*, grep and pkg_info -W. pkg_updating -d 20090719 jpeg will show the UPDATING entry. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: reporter on deadline seeks comment about reported security bug in FreeBSD
On Tue, 15 Sep 2009 15:28:59 -0400 DAve dave.l...@pixelhammer.com wrote: Jerry wrote: On Tue, 15 Sep 2009 20:51:40 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: Please inform yourself properly before assuming you're right. Mozilla does not by default publish vulnerabilities before a fix is known. In some cases publishing has been delayed by months. The exception is when exploits are already in the wild and a work around is available, while a real fix will take more work. This is also why vulnerabilities are typically not disclosed till a fix is known, because it does not protect the typical user, but puts him in harms way, which is exactly what you don't want. In theory, if I know the details of this particular exploit, I can patch my 6.4 machines myself, but more realistically, if developers take all this time to come up with a solution that doesn't break functionality the chances that I and more casual users can do this are slim. Meanwhile, the exploit will be coded into the usual rootkits and internet scanners and casualties will be made. That doesn't help anyone. Assume that I have discovered a vulnerability in a widely used, or even marginal for arguments sake, program. I now start to exploit that vulnerability. Now assume that you are responsible for maintaining, that program. Use any job description that suits you for this purpose. Are you claiming that since it may take several months to fix, it is better to let users be exploited rather than inform them that there is an exploitable problem in said software? I fine that extremely disturbing. As you can no doubt tell, I am not a believer in the Ignorance is bliss theory. I believe the point that others are trying to make is this. Your example requires that the exploit is known to the blackhats and in use currently. Their example assumes that exploit is only known to those who discovered it. This particular exploit is not believed to be known to the black hats, and not known to be in use currently. Is it better for an exploit to remain a secret and not is use, protecting those that may not get their systems patched in time (as the blackhats *will* most certainly put the exploit to use as soon as they are told about it). Or, let the exploit remain a secret until it is either fixed and a patch made available or discovered in use by blackhats. I think you are both right. If the exploit is not being used, keep it a secret and let the developers design a permanent fix. If the exploit is discovered publicly before the fix is out, warn everyone loudly and provide a workaround. I believe all software I am aware of handles exploits with that method. I am not aware of any infallible method of determining if an exploit is in use. By the time the exploit become common knowledge it is usually too late. Lacking same, I believe in the For Warned is For Armed policy. Waiting until someone is harmed is tantamount to being an accomplice to the act. -- Jerry ges...@yahoo.com Never buy from a rich salesman. Goldenstern ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: looking for motherboard with 7.2 proven suspend/resume
On 9/15/09, Steve Franks bahamasfra...@gmail.com wrote: S3 is a key feature for me for my desktops. I have gone thru probably 5 mobo's and 5 laptops in my time as a FBSD user, the only one which ever S3'd was a compaq of all things (well, lots of them will S3 if you kldunload usb, but they crash/hang/etc on resume generally). Anyway, it's time for a new system, and as long as I can shove a somewhat modern dual core in it, my second most critical criteria for purchase is that S3 works with FreeBSD with a minimum of or at least well described hacking. Resume doesnt work on i386 SMP, on amd64 it should work (at least it worked on Intel T5500 last time I tried). So, no way to nix the second processor in rc.suspend, I take it? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: where to put `startx` serverargs
On Tue, Sep 15, 2009 at 09:54:39PM +0200, Alexander Best wrote: Roland Smith schrieb am 2009-09-15: You can put them in /usr/local/lib/X11/xinit/xserverrc, together with the X server. Roland thx. could you tell me what exactly i need to put in that file? because i already tried adding `startx -- -nolisten inet6` to ~/.serverrc and that didn't work. Read the startx(1) and xinit() manual pages closely. What you should put in to the xserverrc is: xerverrc #!/bin/sh exec /usr/local/bin/Xorg -nolisten inet6 xerverrc Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpcAdGfIrHku.pgp Description: PGP signature
Re: freebsd-questions Digest, Vol 276, Issue 5
Message: 15 Date: Tue, 15 Sep 2009 14:13:17 -0400 From: Jerry ges...@yahoo.com Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD To: freebsd-questions@freebsd.org Message-ID: 20090915141317.7a41b...@scorpio.seibercom.net Content-Type: text/plain; charset=US-ASCII On Tue, 15 Sep 2009 13:18:29 -0400 Bill Moran wmo...@potentialtech.com wrote: SNIP! The fact is, that you do in fact notify me. Keeping important security information secret benefits no one, except for possibly those responsible for the problem to begin with who do not want the knowledge of the problem to become public. A multitude of software, such as Mozilla, publish known security holes in their software. The ramifications of allowing a user to actively use a piece of software when a known bug/exploit/etc. exists within it is grossly negligent. The important question is: known by whom? Every reviewer brings their own bias and experience. The code has not been proven correct, so there is not reason to assume that a Black-hat will find the same bug/exploit. If there are more than about 3 unknown exploits, they are more likely to find a different one. IMO, Mozilla is a bad example. I've been bitten by (non-security) bugs going back to 1.5 or earlier. Disclosure: I still prefer Lynx. SNIP! __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: where to put `startx` serverargs
Roland Smith schrieb am 2009-09-16: On Tue, Sep 15, 2009 at 09:54:39PM +0200, Alexander Best wrote: Roland Smith schrieb am 2009-09-15: You can put them in /usr/local/lib/X11/xinit/xserverrc, together with the X server. Roland thx. could you tell me what exactly i need to put in that file? because i already tried adding `startx -- -nolisten inet6` to ~/.serverrc and that didn't work. Read the startx(1) and xinit() manual pages closely. What you should put in to the xserverrc is: xerverrc #!/bin/sh exec /usr/local/bin/Xorg -nolisten inet6 xerverrc Roland thx a bunch. that worked. imo the xorg guys should allow people to disable ipv6 support at compile time with a ./configure option. cheers. alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can't boot Marvel Sheevaplug from USB
Hi everyone, I'm also playing with a Sheevaplug and I'm running into the same problem as reported by Rafal Jaworowski, but I think I have a clearer picture of what goes wrong. To recap, the kernel fails to mount the root filesystem because the partition on the USB stick isn't recognized by the kernel: FreeBSD 9.0-CURRENT #4: Mon Sep 14 19:57:10 CEST 2009 -- blablabla -- ugen0.1: Marvell at usbus0 uhub0: Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1 on usbus0 uhub0: 1 port with 1 removable, self powered Root mount waiting for: usbus0 ugen0.2: vendor 0x0930 at usbus0 umass0: vendor 0x0930 USB Flash Memory, class 0/0, rev 2.00/1.00, addr 2 on usbus0 umass0: SCSI over Bulk-Only; quirks = 0x Root mount waiting for: usbus0 umass0:0:0:-1: Attached to scbus0 Trying to mount root from ufs:/dev/da0s1a ROOT MOUNT ERROR: I think the problem is that the partition is detected only after the USB bus has been scanned. If I configure a kernel to boot from the network instead, it does recognize the USB device because of the additional delay involved in booting from the network: FreeBSD 9.0-CURRENT #5: Mon Sep 14 20:45:30 CEST 2009 -- blablabla -- ugen0.1: Marvell at usbus0 uhub0: Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1 on usbus0 uhub0: 1 port with 1 removable, self powered mge0: link state changed to UP Received DHCP Offer packet on mge0 from 130.89.1.145 via 130.89.160.4 (accepted) (no root path) Received DHCP Offer packet on mge0 from 130.89.1.144 via 130.89.160.5 (ignored) (no root path) ugen0.2: vendor 0x0930 at usbus0 umass0: vendor 0x0930 USB Flash Memory, class 0/0, rev 2.00/1.00, addr 2 on usbus0 umass0: SCSI over Bulk-Only; quirks = 0x umass0:0:0:-1: Attached to scbus0 (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): (probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed Retrying Command (per Sense Data) (probe0:umass-sim0:0:0:0): Retrying Command pass0 at umass-sim0 bus 0 scbus0 target 0 lun 0 pass0: USB Flash Memory 1.00 Removable Direct Access SCSI-2 device pass0: Serial Number 0612140557130 pass0: 40.000MB/s transfers GEOM: new disk da0 da0 at umass-sim0 bus 0 scbus0 target 0 lun 0 da0: USB Flash Memory 1.00 Removable Direct Access SCSI-2 device da0: Serial Number 0612140557130 da0: 40.000MB/s transfers da0: 962MB (1971200 512 byte sectors: 64H 32S/T 962C) Of course with the kernel configured like this, the kernel wants to mount the root filesystem from NFS and I can't break into the mountroot prompt! It seems that the kernel assumes that it only needs to wait for the USB bus to finish scanning and then expects the root partition to be available, but apparently partitions can be detected after that. Does anyone have a suggestion how to deal with this? Is there a way to insert a delay before trying to mount root? (I tried setting SCSI_DELAY to 5000 but this didn't seem to have any effect -- I didn't notice any delay. Maybe this isn't supported for the ARM architecture?) Kind regards, Maks Verver. Sounds similar to: http://www.freebsd.org/cgi/query-pr.cgi?pr=138798 Apparently Scott Long is working on a fix. -James Butler ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
New mail server setup
I'm looking potentially to try a different mail server setup. I'm requesting honest feedback from experienced mail ops. My minimum requirements: - IPv6 for all protocols - SPF - IMAP|POP3 must support SSL - SMTP AUTH - submit on 587 - MySQL backend for un/pw, vpopmail preferred, but not mandatory - Maildir storage preferred - easy (ie: well documented) integration with SA/clam - integration with maildrop .mailfiter preferred Right now I use a system wrapped around Qmail, and honestly, I just don't want to patch for IPv6 anymore. I've broken my personal system, so while I work on re-hacking everything, I thought I'd solicit some new ideas. I've been using the same email system pretty much across the board for seven years or so, so perhaps I should look at other options. Please cc me, as this addr isn't subscribed. I won't be receiving my list email from my backup mx until tomorrow, as it were ;) Steve smime.p7s Description: S/MIME Cryptographic Signature