Re: Archive Server Error
On Mon, 14 Jun 2010, A. Wright wrote: Not a cache issue; clearing/restarting has no effect, and I have seen the issue on several machines/browsers (FBSD/links, Mac/Firefox, Mac/Safari). I'm wondering about firewall/proxy -- I'll give it a whirl when off-site later today. Still nothing when checking from home. I'm wondering about network topology -- it is dead when viewed from my server (138.73.29.51). Traceroute returns this: traceroute to wwwdyn.freebsd.org (69.147.83.38), 64 hops max, 52 byte packets 1 138.73.29.254 (138.73.29.254) 0.618 ms 0.555 ms 0.541 ms 2 bfg-6506.mta.ca (138.73.101.254) 0.801 ms 0.311 ms 0.323 ms 3 198.164.29.73 (198.164.29.73) 0.855 ms 0.792 ms 0.507 ms 4 198.164.29.65 (198.164.29.65) 8.464 ms 8.194 ms 8.109 ms 5 142.166.176.1 (142.166.176.1) 124.732 ms 124.961 ms 114.841 ms 6 xe-1-0-0-200.dr02.fctn.nb.aliant.net (142.166.209.194) 129.638 ms 117.374 ms 117.979 ms 7 so-1-3-0.cr02.stjh.nb.aliant.net (142.166.185.145) 126.063 ms 123.422 ms 130.776 ms 8 te-0-2-5-0.cr01.hlfx.ns.aliant.net (142.166.181.137) 126.243 ms 130.194 ms 123.887 ms 9 xe-3-0-0.bx01.asbn.va.aliant.net (207.231.227.6) 144.084 ms 148.291 ms 146.069 ms 10 yho1.asbn.va.aliant.net (207.231.227.26) 146.966 ms 143.405 ms 144.975 ms 11 ae-6.pat1.dce.yahoo.com (216.115.102.172) 140.772 ms 146.617 ms 166.540 ms 12 as-0.pat2.che.yahoo.com (216.115.101.145) 166.338 ms 201.429 ms 172.191 ms 13 as-1.pat2.dnx.yahoo.com (216.115.96.55) 206.685 ms 212.076 ms 212.919 ms 14 as-0.pat1.pao.yahoo.com (216.115.101.128) 221.059 ms 220.649 ms 222.264 ms 15 ae-1-d140.msr1.sp1.yahoo.com (216.115.107.53) 230.591 ms ae-0-d140.msr1.sp1.yahoo.com (216.115.107.49) 235.904 ms UNKNOWN-216-115-107-73.yahoo.com (216.115.107.73) 229.977 ms 16 * * gi-1-39.bas-b1.sp1.yahoo.com (98.136.16.61) 661.870 ms 17 wwwdyn.freebsd.org (69.147.83.38) 235.035 ms 238.288 ms 229.476 ms Could there be some bad cacheing on the server? I'm guessing that wwdyn indicates some load balancing? There seems to be some strange configuration going on; if the IP is substituted: http://69.147.83.38/pipermail/freebsd-questions/ a document not found error results referring to a machine called realcgi.sky.freebsd.org. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf suggestions for paced attack
On Mon, 3 May 2010, John wrote: The script kiddies have apparently figured out that we use some time-window sensitivity in our adaptive filtering. From sshd, I've [ ... deletia ... ] Anybody got any superior suggestions? I've been running a script using tail -F to watch /var/log/auth.log to count total number of failures, and ix-nay anyone who reaches 10 fluffed attempts in 24 hours; this is managed by using pfctl to update the relevant table. It has worked pretty well for me over the last three or so years, and is immune to the current longer timeouts that you mention. If anyone is interested, I can send (or I suppose post) the scripts. Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dump snapshot issue...
On Tue, 5 May 2009, Marc Coyles wrote: I've got a script that dumps various filesystems to tape for me, but I've always had an issue whenever I've used the -L option... see below: /usr/bin/mt rewind /sbin/dump 0aLuf /dev/sa0 / dump: Cannot create //.snap/dump_snapshot: No such file or directory You probably have not created the .snap directory in the root of the filesystem. From the dump(8) man page: If the .snap directory does not exist in the root of the file system being dumped, a warning will be issued and the dump will revert to the standard behavior. This problem can be corrected by creating a .snap directory in the root of the file system to be dumped; its owner should be ``root'', its group should be ``operator'', and its mode should be ``0770''. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Shopping for external harddrive
On Tue, 5 May 2009, Daniel Underwood wrote: and other online reviews. But I also wanted to see if any of you folks have personal recommendations. I had an unpleasant experience with Maxtor/Seagate support this year. I had one of their OneTouch III's pack up after 6 mo, and the warranty replacement died out of the box. It took 69 days as well as dozens of phone calls + emails to get a replacement for the dead replacement. The overall failure rate of their products seems to be acceptable, but their support is just terrible. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xdvi with amd64
Hello Oliver; On Thu, 30 Apr 2009, Olivier Nicole wrote: Is there known issue with the port of Xdvi (/usr/ports/print/xdvi) on 6.4 amd64? I suspect there is a problem with the size of the int/short/long as Xdvi detects wrong number of bits in some font files, while these same font files are used without problem by other ports and are identical to font files generated in x86 system. Though I am now on 7.1, I was using xdvi on 6.4/amd64 without noticing any issues. Exactly which fonts are you having trouble with? I can tell you whether I can reproduce the issue under 7.1. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: going from cvs to svnq
On Tue, 31 Mar 2009, Chuck Robey wrote: I've finally decided that it's way past time that I switched from using cvs for my home archive (currently /home/ncvs) to using subversion. I'm trying to hunt down a web page that might give a set of rules to help moving things. I've It appears that you may be labouring under the assumption that svn is a potential _client_ replacement that will read a CVS repo. It doesn't do this. You can convert a repository using the tools available at: http://cvs2svn.tigris.org/ but afterwards you are using svn exclusively -- there is no ability to mix and match. After the conversion, both client and server tools will change. The primary advantage of using svn is that the _server_ uses a different protocol to track objects. Directory management, for instance, is a track-able change, as opposed to the CVS strategy of directory management through side effect. Stuff like, can I use my present cvsup-fetched /home/ncvs with svn? I didn't No - if you have fetched a directory using cvsup, then it is a CVS workspace, and will remain that way. If the server managing a repo is using CVS, you will use a CVS client to access it If you are managing a repo you wish to convert to svn, then the link above will help you do it. At the time of such a conversion, all currently-checked-out CVS workspaces will be orphaned. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wine without X
On Fri, 27 Mar 2009, Barnaby Scott wrote: Can I ask one more possibly really dumb question, to which I can find no answer: Is there a 'conventional', or sensible for one reason or another, place to download application source to? Presumably you don't want it mixed Not dumb at all. There are several conventions. The one I use is to have a user named build. This provides a natural home for these packages (the home directory of that account) as well as nice management for setting uname, potential wheel association etc. for an account that is used for building system libs by executing su - build to get that type of admin process underway. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is NFS Locking Reliable?
On Tue, 10 Mar 2009, Konrad Heuer wrote: I'd like to ask for your experiences with NFS locking in larger environments. Our experiences are not so satisfying. Our NFS servers for user home This matches my historical experience, especially if you add in periodically wedged and ignored lock state. First, it is useful to realize that locking over NFS has, until version 4, been done outside of NFS itself. That is, there are a pair of daemon (usually called statd and lockd) processes that negotiate the lock outside of the stateless mechanism that is the NFS data access method up to v3. My past v3 experience has been that only in the case where you have exactly the same version of statd and lockd on both sides (on the client and on the server) is it possible that you _may_ experience truly reliable locking. Note that this is only possible with the same OS at the same revision/patch on both client and server. NFS v4 is no longer stateless, and manages locks internally, which I would guess would make things much better, though my experience on mixed environments under v4 is much more limited. What version of the NFS protocol are you using? You can find this out via /usr/sbin/nfsstat If you are stuck with a v3 client, my recommendation would be to turn locking off altogether for that client, as I have found that this works in general better, as the applications desiring the lock are then at least aware that the lock won't work, rather than being led up the garden path by a successful return from a call to lockd that later is not honoured. If upgrading all to v4 is possible, it is probably worth a try, and good luck! Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: priority or order for /usr/local/etc/rc.d scripts?
Regarding the order of rc scripts, On Mon, 30 Jun 2008, fred wrote: I need resin to be started when apache is starting, how can I do that? I can?t find any documentation on priority or order for startup scripts. The rcorder(8) page will help you out. Note the PROVIDE and REQUIRE keywords. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Running with a readonly root partition
On Fri, 13 Jun 2008, Mister Olli wrote: do you have some kind of installation/setup manual? that would be really interesting to see your steps, and try that myself. There aren't very many steps: - install as per normal, but with the following on separate partitions: /, /tmp, /var Most people usually put /usr on a separate partition too, as it makes software updates easier DO NOT put /etc on a separate partition, or you will have an unbootable system - make a directory /var/etc (or other similar location in the writable portion of your filesystem) - copy the necessary files to /var/etc and create symlinks in /etc of the form ../var/etc/filename The files I have done this for are dumpdates and motd Other files may be required if you run other daemons; I experimented with denyhosts, and therefore had hosts.allow there for a while - update /etc/fstab to have 'ro' instead of 'rw' for / and /usr - reboot or run mount -u -r / ; mount -u -r /usr if you want to test whether things are working, just run mount and see whether things are ok for a while before updating /etc/fstab -- then any major panics can be solved with a reboot. I have some questions too: - how do you handle updates/ installation of new software? By remounting before doing updates. I don't do updates that often, so this is not a problem for me. - how do you prevent someone who hacked the machine to remount '/' as writable You don't; at least not this simply. The main advantages of this strategy are protection against (a) accidental changes by root users and (b) trojans, scripts and other naive rootkits. Like most security ideas, it is simply a single step along the way, and the usual rule applies -- anyone who actually has root has the privileges to damage the system to any extent they like. - how do users update theirs passwords when '/etc' is read-only? This is a larger problem, and one I had forgotten about as the machine in question is a firewall/datashare that doesn't have many users. Things should work fine if you are running yp or similar from another machine; alternatively a password update script can be written to either (a) do the remount to allow updating on the fly, or (b) queue the update until a regular remount+update cycle (as many large shops do). Certainly not a one-size fits all solution for everyone, but I remain curious as to why this technique has fallen out of favour. Perhaps it is this weakness with local passwords that has caused most people to give up the (relatively small) security advantages in favour of simplicity? Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD - FreeBSD migration
Ivan Voras wrote: Andrew Wright wrote: If both of these are true, I can simply install FreeBSD over top of the OpenBSD /, /var and /usr partitions, and then be able to mount the old /home. Is this something people do? If you delete everything from all directories except /home, it might work. Otherwise, the risk of getting mixed binaries, libraries and scripts from both systems is too great. I probably should have been more clear in my initial post -- I am certainly intending on relabelling + reformatting partitions for /, /usr, /var, /tmp and so on -- to try to run these with a potential filesystem incompatbility (not to mention the potential of mixed binaries) is just asking for trouble. What I am hoping to do is run dump | restore, as the various userdata partitions are all on separate drives (in a partitions), and I have enough space to dump the first one and compress it onto another user-space drive, and similar jiggery-pokery (Doing this will save _many_ media swaps, and thus much time). Essentially, I am asking whether _readonly_ access works, for which I will need FreeBSD to read the disklabel and the filesystem. Thought I'd clear that up in case a perusal through the archives steered anyone wrong later one. Thanks to everyone who pointed out the live CD, I think that will let me answer most, if not all, of my questions. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenBSD - FreeBSD migration
Hi All; I want to migrate a system from OpenBSD 4.2 (ie; the current version) to FreeBSD (7.0). I have poked around on the archives a little to determine how best to do this, and I want to make sure that my understanding (summarized below) is indeed correct. If I am asking these questions on the wrong list (potentially likely for the AMD specific questions) then please let me know: Filesystem stuff: - it appears that FreeBSD and OpenBSD use the same partition table format. Is this true? If so, I can potentially avoid rebuilding an entire disk if I am right that ... - FreeBSD can mount and read OpenBSD's version of the 4.2 BSD filesystem implementation If both of these are true, I can simply install FreeBSD over top of the OpenBSD /, /var and /usr partitions, and then be able to mount the old /home. Is this something people do? - even if the above isn't true, it appears that the format used by dump/restore is consistent. I have tried dumping/restoring some small filesystems to test this, but if this is an unsupported way to go, I would like to know now. Also, before someone (quite rightly) says back up your data, I will note that the reason that I would like to be able to read from /home is to avoid a lengthy restore -- all this data is backed up, but if there is no reason to re-label the drive and reformat the various user data partitions (on various drives) and then spend a day running restore, then I would like avoid such a waste of time. If this is even slightly likely to cause problems though, please let me know and I will start swapping media. - if I have somehow misled myself that restore(8) is consistent, please let me know -- re-installing the old OS just to back up to some other format would be a giant waste of time. Processor stuff: - The machine of interest has an AMD64 processor. I have seen several references to running Linux emulation on an AMD processor, but I would like to confirm that this is true while running the 64-bit version of the OS. In other words: - with a 64-bit installation (amd64) of FreeBSD 7.0, emulation of 32-bit Linux binaries (notably Matlab, but possibly other software as well) is possible, and indeed a reasonably well-known way of proceeding. If I'm crazy, and/or misreading the docs, please let me know. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]