Re: SU+J Lost files after a power failure
On Mon, 14 Oct 2013, Bruce Cran wrote: On 10/14/2013 6:16 PM, CeDeROM wrote: Isn't there Journal to prevent and reverse such damage? Unlike other journaling filesystems, UFS+J only protects the metadata, not the data itself - i.e. I think it ensures you won't have to run a manual fsck, but just like plain old UFS files may be truncated as the journal is replayed. This discussion skirts the critical issue - are files that are not open for writing endangered? No description of the uses of journaling can be considered informative if it doesn't address that explicitly. As a naive user I have always assumed that once closed, a file was invulnerable to improper shutdowns, but this discussion shakes that belief. I expect the answer may be different for SSD and spinning disks. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Commercial Licensing
On Fri, 9 Aug 2013, kpn...@pobox.com wrote: On Fri, Aug 09, 2013 at 08:41:04PM -0500, Someth San wrote: Hello, I'm interested in installing FreeBSD into a small form factor PC for commercial use and was wondering whether there is a EULA in place for that purpose. I would like to avoid the open source requirement of disclosing my codes to a public community. You haven't said if commercial use includes the distribution of executables. Note that the GPL requirement to disclose source applies only if binaries are distributed outside your establishment. You can make commercial use of the device inside your firm of GPL code without violating the GPL. This is often forgotten in discussion, and leads to unnecessary worry. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 2 lines
On Mon, 29 Jul 2013, Terje Elde wrote: On 29. juli 2013, at 18:38, Zyumbilev, Peter pe...@aboutsupport.com wrote: Not sure what is the best way nowadays to get own /24 or at least /26 ? I don't think you ever said if this was two links from the same provider, or two different providers. That's a huge factor in what your options are. You'll have a hard time doing BGP-based failover with a /26. It's just too small a route to be announced globally. This stuff isn't just a technical question, but also one of policy and politics. In order to get to a proper solution, your best option is probably to give the provider(s) a call, and explain what you'd like to do. Depening on a lot of things, one option could be to have the provider owning the IP(s) tunnel it over the other link durin fault. Hard to say if they will, so you really nedd to talk to them. In the meantime, DNS-failover is a lot better than nothing. Did the OP say he was running servers at all? If there are no servers, then any of a number of dual-wan routers will handle the problem with no difficulty and minimal expense. If he is running servers, these routers generally come with built in software to do dynamic updates of DNS, that I understand works, provided you don't have unreasonable expectations about reliability. Just because some institutions can't stand 5 minutes of downtime doesn't mean there isn't a legitimate use for facilities that suffer 5 minutes of downtime several times a year. daniel feenberg NBER Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: to gmirror or to ZFS
On Sat, 20 Jul 2013, Steve O'Hara-Smith wrote: On Sat, 20 Jul 2013 18:14:20 +0100 Frank Leonhardt fra...@fjl.co.uk wrote: It's worth noting, as a warning for anyone who hasn't been there, that the number of times a second drive in a RAID system fails during a rebuild is higher than would be expected. During a rebuild the remaining drives get thrashed, hot, and if they're on the edge, that's when they're going to go. And at the most inconvenient time. Okay - obvious when you think about it, but this tends to be too late. Having the cabinet stuffed full of nominally identical drives bought at the same time from the same supplier tends to add to the probability that more than one drive is on the edge when one goes. It's a pity there are now only two manufacturers of spinning rust. Often this is presummed to be the reason for double failures close in time, also common mode failures such as environment, a defective power supply or excess voltage can be blamed. I have to think that the most common cause for a second failure soon after the first is that a failed drive often isn't detected until a particular sector is read or written. Since the resilvering reads and writes every sector on multiple disks, including unused sectors, it can detect latent problems that may have existed since the drive was new but which haven't been used for data yet, or have gone bad since the last write, but haven't been read since. The ZFS scrub processes only sectors with data, so it provides only partial protection against double failures. Daniel Feenberg NBER -- Steve O'Hara-Smith st...@sohara.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: your mail
See http://www.nber.org/prefs/ On Sat, 29 Jun 2013, Upali Kulasekara wrote: Thank you very much for subscribing me for your mailing list. Upali ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A very 'trivial' question about /root
On Fri, 28 Jun 2013, ASV wrote:
Hi Julian,
you played Devil's advocate well actually as I don't know which idea
would be more audacious, letting httpd access files from your root dir
or exporting /root via nfs. :)
Both of them sound more like a lab scenario than a real one.
A diskless FreeBSD will use an NFS-mounted /root. See:
http://www.freebsd.org/doc/handbook/network-diskless.html
http://www.nber.org/sys-admin/FreeBSD-diskless.html
So it is more than a theoretical possibility. I would also add that
putting stricter permissions on perfectly public information may not
lead to improved security, if it leads to programs and daemons that
would otherwise run as nobody having to run with root priviledges.
daniel feenberg
I understand that launching a chmod 700 /root it's a matter of
something between 1 and 3 seconds. I do also understand that I had /root
closed for long time and never had the need to set permissions back
loose and this triggered my point.
Why is it that open? :)
On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote:
Hi, Reference:
From: ASV a...@inhio.eu
Date: Thu, 27 Jun 2013 21:39:20 +0200
ASV wrote:
Thanks for your reply Polytropon,
I'm using FreeBSD since few years already and I'm kind of aware of the
dynamics related to permissions, many of them are common to many
Unices.
I agree that the installer doesn't put anything secret but as a home dir
for the root user it's highly likely that something not intended to be
publicly readable will end up there soon after the installation.
Which IMHO it's true also for any other user homedir which gets created
by default using a pretty relaxed umask 022, but that seems to be the
default on probably any other UNIX like system I've put my hands on
AFAIR.
Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine
is just a concern about these permission defaults which look to me a bit
too relaxed and cannot find yet a reason why not to restrict it.
After all I believe having good default settings may make the difference
in some circumstances and/or save time.
On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote:
On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote:
There's any reason (and should be a fairly good one) why the /root
directory permissions by default are set to 755 (for sure on releases
8.0/8.1/9.0/9.1)
This is the default permission for user directories, as root
is considered a user in this (special) case, and /root is its
home directory. The installer does not put anything secret
in there, but _you_ might, so there should be no issue changing
it to a more restricted access permission.
Hint: When a directory is r-x for other, then it will be
indexed by the locate periodic job, so users could use the
locate command (and also find) to look what's in there. If
this is not desired, change to rwx/---/---, or rwx/r-x/---
if you want to allow (trusted) users of the wheel group
to read and execute stuff from that directory (maybe homemade
admin scripts in /root/bin that should not be public).
There are few things that touch /root content. System updating
might be one of them, but as it is typically run as root (and
even in SUM), restrictive permissions above the default are
no problem.
To summarize the answer for your question: It's just the default. :-)
I'll play Devil's advocate for a moment ;-)
One reason not to tighten ~root is because one might want
~root/httpuserfile to be readable by httpd to access the crypted
passwords of locked web page. ... ;-)
No not really, that's perverted, I wouldn't reccomend an
http://localhost/~root/ regardless of password locked pages or not.
But it shows how lateral head scratching might be
appropriate before removing read perms on ~root/ .
{ A bit like wrong ownership on / can surprisingly kill AMD NFS
access } ... some unexpected constraints can take some thinking
through, It might be quickest for a number of us to just try chmod
700 ~root for a while see if we get trouble.
Cheers,
Julian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Restarting exports disturbs clients
When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` it kills the jobs on clients that have files open on the fileserver. This is pretty inconvenient for users (and us). Is there a way around this? We have noticed that a Linux fileserver can restart nfs without distrubing clients (other than a short pause). The Linux restart doesn't restart the locking mechanism - is that the difference? We could do without locks, even without NFSv4, for that matter, if it would let us change exports without disturbing users. Perhaps there there is an NFS shutdown procedure that we should be using? Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Restarting exports disturbs clients
On Fri, 3 May 2013, Graham Allan wrote: On Fri, May 03, 2013 at 02:08:26PM +0200, Bernt Hansson wrote: 2013-05-03 12:49, Daniel Feenberg skrev: When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` That seems a bit harsh, try /etc/rc.d/nfsd restart or /etc/nfsserver restart. Sending SIGHUP to mountd has always been the right way to have it reread the exports file - should really be much less disruptive than restarting the service. We have tried both and both disruptive NFS clients. dan feenberg Graham -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD-update?
On Thu, 25 Apr 2013, Steve O'Hara-Smith wrote: The problem under discussion is that the kernel version does not change when a freebsd-update update does not include a kernel change. Perhaps we could adopt the Linux practice of placing the release information in /etc/issue Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD-update?
On Thu, 25 Apr 2013, Polytropon wrote: On Thu, 25 Apr 2013 07:37:01 -0400 (EDT), Daniel Feenberg wrote: On Thu, 25 Apr 2013, Steve O'Hara-Smith wrote: The problem under discussion is that the kernel version does not change when a freebsd-update update does not include a kernel change. Perhaps we could adopt the Linux practice of placing the release information in /etc/issue ... In /etc/issue, you write something like %s/%m %r to print the information before the login prompt. Or you use something like the traditional im=\r\n%s/%m (%h) (%t) in /etc/gettytab. This is written as though it applies to FreeBSD, but I was under the impression that FreeBSD didn't do anything with /etc/issue. There isn't any man page for it, and when I created a file /etc/issue it wasn't presented at login. Is there something else I need to do? I am using 9.1 Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On Sat, 23 Mar 2013, Doug Hardie wrote: On 23 March 2013, at 21:51, Mehmet Erol Sanliturk m.e.sanlit...@gmail.com wrote: Using Static IP in the client side , and checking Static IP of the user may be a possibility : In that way , any message from another IP will not be accepted . If this is possible for your systems , it may be checked for usability . One difficulty is that each user should obtain a Static IP and can not connect to his/her ISP from another IP . Good side is that nobody can connect to ISP of the user from another IP : It supplies hardware security ( we are assuming that the user computer is not captured ) .. That is an interesting idea, but unfortunately our users tend to travel a lot and need to be able to access mail from anywhere. Also, static IPs can get quite expensive from some ISPs. Our users are pretty much on fixed incomes and any expense is a hardship for them. Can you filter outgoing mail with Spamassassin? How about refusing to relay mail from addresses in a good DNSBL? Do you rate-limit outgoing mail? Can you just refuse to relay mail from other continents, using a geolocation service? daniel feenberg -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dumb down a Netgear Smart Switch
On Wed, 20 Mar 2013, Sergio de Almeida Lenzi wrote: Em Ter, 2013-03-19 às 17:09 -1000, Al Plant escreveu: Aloha, Anybody on our list who can tell me how to set a Netgear GS108T 8 Port Smart Switch (Gigabit) to pass thru to a modem under FreeBSD. I have 2 other (non Smart) ones working with FreeBSD just fine in my rack and need to have the new one connect with a DSL modem on a static address. I have one of that model, and if you reset to factory defaults it should act as a dumb switch. There are some options that could be set that would interfere with operation (flow control, port negotiation, etc) but I am confident that none are set in the factory default configuration. (Stick a pin in the hole while power cycling). daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Revoke a DHCP lease early?
On Sat, 9 Mar 2013, Modulok wrote: List, I'm running isc-dhcpd to serve leases to clients. Is there a way to expire a lease before it normally would, i.e. force a client to re-negotiate a lease early? Perhaps some shell command akin to the following (which would be nice, but obviously doesn't work):: dhcpd --revoke 192.168.1.24 I am pretty sure there is no message the dhcp server can send to a client to request it give up its IP address unless the client has asked for an address or renewal. dhcpd is a server, it doesn't initiate commands. I expect that if you modified the entry in the dhcpd.conf file and restarted dhcpd that the client would be assigned (and use) a new address the next time it tried to renew (which is typically when half the lease has been used up). My view tends to be confirmed here - http://www.cites.illinois.edu/ipam/leases.html daniel feenberg How do you revoke a client's lease prematurely? Thanks. -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, or perhaps the subnet mask is incorrect. The lack of a domain should not be a problem. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Software raid VS hardware raid
On Mon, 28 Jan 2013, Per olof Ljungmark wrote: On 01/28/13 21:43, Artem Kuchin wrote: Hello! I have to made a decision on choosing a dedicated server. The problem i see is that while i can find very affordable and good options they do not provide hardware raid or even if they do it is not the best hardware for freebsd. The server base conf is 8core 32gb ram 2.8+ ghz. So, maybe someone has personal experience with both worlds and can tell if it really matters in such configuration if i go for software raid. What are the benefits and what are the negatives of software raid? How much is the performance penalty? I am planning to use mirror configuration of two SATA 7200rpm 2TB disks. Nothing fancy. File system planned is UFS with journaling. I won't delve into detail here but if the data is important HW RAID is where you want to be. Perhaps you could give us a little more details A problem with HW RAID is that if the controller breaks, you need to get an identical controller to replace it, or the data will be lost. With software raid, you can read the data on any machine that will boot FreeBSD. That is a great convenience compared to searching eBay for an obsolete controller with the proper rev level. We haven't noticed any speed disadvantage on modern multi-core hardware and RAID 1. The advantages of HW raid escape me - I understand that years ago it provided OS independence and reduced CPU load, but it no longer provides the former, and with 8 cores do you need the latter while waiting for a disk platter to spin? ZFS is worthwhile, too, especially since you have a good amount of memory. That would give you snapshots and some other desirable features, such as background scanning for defects that UFS doesn't have. about what the purpose of the server is? Mission-critical or low cost? Those two tends to be mutually exclusive... Surely the presence of SATA drives shows that low cost is essential. Mirroring and ZFS provide very important advantages. HW raid seems to fill a much needed gap (apologies to Brian Kernigan). daniel feenberg We are HP-only but have good experience from LSI as well. Just my $0.02. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with diskless/nfs
On Sun, 20 Jan 2013, Bernt Hansson wrote: Hello list! I'm trying to set up a diskless workstation, but I fail. The boot process stops at Can't find kernel then the OK prompt appear. In the log I have this: mountd[1200]: mount request denied from 10.0.0.6 for /news/spool/ad16/x86 pxeboot loads but can't find the kernel because of this. in inetd.conf I have this for tftpd tftpdgram udp waitroot/usr/libexec/tftpd tftpd -l -s /news/spool/ad16/x86 It seems like it is some problem with nfs. kernel is loaded by tftp - so nfs isn't the problem. Find a tftp client and see if the kernel is available to it. I suspect the kernel isn't world-readable and executable. It may also be that tftpd isn't available beyond localhost - did you edit hosts.allow? See http://www.nber.org/sys-admin/FreeBSD-diskless.html for our experiences with diskless boot. daniel feenberg NBER Any help is welcome. /B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gPXE booting FreeBSD?
On Tue, 4 Dec 2012, Rick Miller wrote: Hi All, Does anyone have any experience booting FreeBSD via gPXE and have pointers to relevant documentation and/or blog posts? In the last paragraph of our description of PXE booting FreeBSD: http://www.nber.org/sys-admin/FreeBSD-diskless.html we report that gpxelinux did not work for us. (It hangs once a menu item is selected, or if more than one choice is available). Have you tried and gotten better/worse/similar results? Our trial was about a year ago, it would be worth trying again. dan feenberg NBER -- Take care Rick Miller ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VPS FreeBSD Hosting
On Sun, 25 Nov 2012, Jim Flowers wrote: I gave up maintaining my own hardware for providing cloud computing services about 10 years ago and have been using several dedicated server services with root-access FreeBSD since about 6.0. with good results. At the time VPS looked like too many problems. Now, however, it looks like there are quite a number of mature VPS hosting services that are FreeBSD-centric at very attractive prices. Most offer KVM or VPS-instance access to allow rebooting and reinstallation. Can anyone comment on the providers and the technology in the context of having used them specifically for FreeBSD in the last few years? Good? Bad? Indifferent? We have had good experience with pair.com and rootbsd.com. Both were used for websites. We never had any problems with either, so I can't report on their problem solving skills, but customer service from both was good for the handful of routine questions we had. dan feenberg Fairly modest duty - spam filtering, mailboxes, websites, storage, reverse proxy and the like. Oh yeah, some development. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anybody use the Dell 3010??
On Mon, 19 Nov 2012, Polytropon wrote: On Mon, 19 Nov 2012 06:00:29 -0500, Jerry wrote: On Mon, 19 Nov 2012 11:43:06 +0100 Polytropon articulated: Allow me to provide just one example: More in the series of bizarre UEFI bugs http://mjg59.dreamwidth.org/20187.html That doesn't appear to be a bug. It appears that the code is doing exactly what the designer wanted it to do. At best this was an oversight by the designer; at worse just plain incompetence. That's quite possible. We've seen poorly implemented ACPI behaviour in modern BIOS as well, or manufacturers intendedly going their way to limit hardware in what it can do or what it will support. It's just my fear that UEFI won't do better per se, and that lazy or incompetent people will screw it up, and make it worse. The article mentions legacy boot to restore a somewhat normal behaviour... The only way for FreeBSD (or Linux, for that matter) to survive in a world where hardware vendors care only about Windows, is to make sure that FreeBSD only depends upon features that Windows uses. If a hardware or firmware specification requires feature X, but Windows doesn't use feature X, then vendors won't test feature X, and FreeBSD can't depend on it being functional. So it shouldn't be required by FreeBSD. It can be used, provided it isn't required. In this case it may mean that FreeBSD must identify itself as Windows, just as all browsers identify themselves as IE. You might say this was enabling vendors to provide buggy systems, but as long as FreeBSD is small it does not have the power to affect vendors. Insisting on correctness from vendors has no effect when it is FreeBSD doing the insisting. It is only when FreeBSD is more widely used that it can adopt the role of enforcing standards on vendors, and it can not become widely used if it starts insisting on standards prematurely. daniel feenberg -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anybody use the Dell 3010??
On Mon, 19 Nov 2012, Mehmet Erol Sanliturk wrote: On Mon, Nov 19, 2012 at 4:55 AM, Daniel Feenberg feenb...@nber.org wrote: On Mon, 19 Nov 2012, Polytropon wrote: On Mon, 19 Nov 2012 06:00:29 -0500, Jerry wrote: On Mon, 19 Nov 2012 11:43:06 +0100 Polytropon articulated: Allow me to provide just one example: More in the series of bizarre UEFI bugs http://mjg59.dreamwidth.org/**20187.htmlhttp://mjg59.dreamwidth.org/20187.html The only way for FreeBSD (or Linux, for that matter) to survive in a world where hardware vendors care only about Windows, is to make sure that FreeBSD only depends upon features that Windows uses. If a hardware or firmware specification requires feature X, but Windows doesn't use feature X, then vendors won't test feature X, and FreeBSD can't depend on it being functional. So it shouldn't be required by FreeBSD. It can be used, provided it isn't required. In this case it may mean that FreeBSD must identify itself as Windows, just as all browsers identify themselves as IE. The above paragraph is completely meaningless , because neither *BSD , nor Linux is a marginal operating system . Please see http://www.top500.org/statistics/list/ Select from this Operating System Family where in world's 500 super computers , Windows is on ONLY 3 computers , the rest is almost Linux 469 , Unix 20 , BSD-based 1 computers and others . http://www.asus.com/Static_WebPage/OS_Compatibility/ http://www.asus.com/websites/global/aboutasus/OS/Linux.pdf contains Linux distributions supported in ASUS desktop boards . Some trade marked servers excluded , Linux and *BSD run on many server hardware . It isn't what vendors should care about. I agree they should care about FreeBSD. But by and large they don't. Arguing that they should serves no purpose. They have poor moral character, that is why they don't care and also why they are impervious to argument, except from large customers. The handful of server vendors that are exceptions do not detract from the force of my argument. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Building a FreeBSD desktop.
On Tue, 21 Aug 2012, d...@safeport.com wrote: On Mon, 20 Aug 2012, James D. Parra wrote: I was looking to build a desktop to learn FreeBSD and was wondering if there is a list of parts to build one or to just look at the hardware comparability list? I just don't want to order wrong parts. If don't want to make the full commitment to building a desktop, a good way to learn about FreeBSD is to install within a virtual machine. Either VMWare or VirtualBox will serve you well. If you have a system you want to try you can also check out http://laptop.bsdgroup.de/freebsd/index.html. That is a great resource for laptops, too bad it isn't mentioned in the Handbook compatibility chapter. We have purchased many desktop motherboards for FreeBSD over the years, from Intel, Gigabyte, ASUS, MSI and others. None mentioned FreeBSD compatibility, none was on any list promising FreeBSD compatibility and none has failed to boot and run well. That said, rarely the onboard ethernet has not been recognized and we had to add a PCI NIC until the next version of FreeBSD included the proper drivers. No NIC has ever been incompatible in our experience. We have not ever tested APM or ACPI, and if you follow the newsgroup you will know that those are sometimes problematic. Notice how few laptops support APM or ACPI with FreeBSD. Also, while onboard video has always worked for us, some people will notice that the drivers do not always provide the full performance available in Windows. We have not found the Handbook compatibility list very helpful. The list is mostly by chip, which card vendors don't mention in their literature. It would be nice to see a list of currently available products, by retail model number. That doesn't exist as far as I can tell. So it comes down mostly to your feelings about those issues. If you will be upset by less than optimal 3D graphics perforance, there is a risk. Otherwise, don't worry. But why order parts? If you want to learn FreeBSD, just take any old windows box and install FreeBSD over the existing windows install. It will work fine and won't cost you anything. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to refresh network card buffer?
On Fri, 10 Aug 2012, Cos wrote: Hi all The background is I have around 100pcs router-like products. they all have a fixed IP address 192.168.1.100 and of course different MAC address. I need to connect them one by one to configure. The trouble is while I disconnect one unit and change to another unit, the FreeBSD can not recognize the unit immediately. It need around more than 10 minutes to ping 192.168.1.200 successfully. I can refresh it by ifconfig ue0 down and ifconfig ue0 up, it works but I think the way is not smart. I guess there is something like buffer to record IP and MAC pair has to be cleaned. Could anybody advise? Try arp -d 192.168.1.200 as superuser to delete the MAC address from the local ip-to-mac table. dan feenberg -- with kind regards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: On-access AV scanning
On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain Well, there is AV software for FreeBSD - we use Kaspersky on our FreeBSD based mailserver, but the viruses it looks for are Windows viruses. I don't know if that will satisfy your IT policy. Maybe you should be looking at Cygwin? Or, can FreeBSD run under HyperV? daniel feenberg NBER of dismissal. I don't want to lose my job, because you said I didn't need AV software. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fsck on FAT32 filesystem?
On Thu, 19 Jul 2012, Carmel wrote: On Thu, 19 Jul 2012 10:15:17 +0200 (CEST) Wojciech Puchar articulated: 1) There's a _reason_ the gov't requires hard drives with anthing higher than 'somewhat' classified data on them to be =physically= destroyed before leving the secure area. no. for modern hard drives it was already proved that dd if=/dev/zero of=/dev/disk bs=1m is enough to make data unreadable. for very old drives it may not Would you be so kind as to point out the proof of that statement? Please provide an address or location where the documentation supporting that statement can be found. By the way, NOT READABLE is not equal to UNRECOVERABLE. I hesitate to intervene in this dispute, but my posting Can intelligence agencies recover overwritten data? at http://www.nber.org/sys-admin/overwritten-data-gutmann.html will iluminate this discussion. dan feenberg -- Carmel ? carmel...@hotmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: power failure, boot, and fsck
On Mon, 9 Jul 2012, Matthew Seaman wrote: On 09/07/2012 04:22, Patrick Donnelly wrote: UFS: /dev/ad10s3f (/usr) Automatic file system check failed, help! error aborting boo (sending sigtem to parent)! init: /bin/sh on /etc/rc terminated abnormally, going to single user mode. enter full pathname of shell or RETURN for /bin/sh: In single-user mode I just `fsck /dev/da0s1a` and reboot. That fixes the problem. However, I would like this to be automatic on boot. It would be annoying if I'm out-of-town and the server cannot recover without my help. Any tips? fsck does run automatically when a filesystem does not get shut down cleanly. However, fsck cannot fix all of the problems a filesystem can experience without risk of loss of data. In those cases, there is no option but to stop and ask the operator to intervene. Won't soft updates solve this problem? http://www.freebsd.org/doc/en/books/handbook/configtuning-disk.html The handbook says. We recommend to use Soft Updates on all of your file systems. but doesn't mention booting specifically. This isn't something I have tried (we boot over the network). Your best bet is to avoid an unclean shutdown entirely. Buy a UPS. We have lots of UPS systems. They constitute a single point of failure, a prodigous amount of hazardous waste every couple of years. I'd sure like to drop them - and not on my foot. I should say that we stopped using soft updates because the background fsck was very slow, but that was on very large partitions. On a boot drive with no user data, the timing would be fine. dan feenberg Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB device activity when not mounted
On Thu, 14 Jun 2012, Mike Clarke wrote: On Thursday 14 June 2012 07:05:11 Polytropon wrote: I don't think that's a problem. I've got a USB stick here that has a blinkenlight as soon as it's powered on (plugged in), even if there is no reading / writing / mounting activity. After you've successfully performed umount, the USB stick _is_ synced and can safely be removed, no matter what you assume the funny lights want to tell you. Is it possible that there is volitile memory buffering in the stick that may not have been written to flash when umount thinks it is complete, and the flashing light is an indication that power is still required to complete the write to non-volitile memory? Futhermore, are we sure that umount even waits for a sync? There is no mention of that in the man page and I don't recall any long waits for umount to return. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Making a bootable backup (hard)disk... how?
On Sun, 10 Jun 2012, Ronald F. Guilmette wrote: What I don't understand (and what I wish someone would enlighten me about) is just this: It would seem that in order to implement these dump levels, dump must be keeping a record somewhere, for each file in the filesystem, of the level at which that file was last dumped. But where is this infor- mation stored, exactly?? I won't be able to sleep until I know. Only the dates of the levels of backup are stored, in /etc/dumpdates. Then the fact that a file has been dumped is inferred by comparing the file's last mod date with the dates in /etc/dumpdates. See the -T and -u options of the dump man page where this is implied but perhaps not actually stated. It does occur to me that /etc is not a felicitous place to keep this information, but given the desirability of dumping filesystems in read only state, placing the dump dates in the filesystem itself isn't feasible. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body ... On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own You don't need the signing key if you turn off secure boot in the CMOS. The fedora folk are worried that naive desktop users will not be able to do that, and usage of linux will be impeded. It won't be a significant impediment to users capable of compiling their own kernel. is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Apple keeps it's signing key secret because it gets a share of revenue from the sale of apps. If the fedora key became known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked keys online? That would be surprising. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Damien Fleuriot wrote: On 6/6/12 6:45 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. But my point is that MS doesn't issue the updates, they have to ask the BIOS vendors to do so, and then the MB vendors have to take the update, and then the users have to install the update. The incentive at each level is generally very small. It does create some confusion, but is hardly an enforcement mechanism. It would disable older versions of FreeBSD on newer hardware, but not much else. A previous poster has pointed out that MS can't revoke a certificate belonging to RH, but I suppose the could ask the BIOS vendors to treat it as revoked. I don't know what the response would be. Daniel Feenberg Otherwise the key's purpose is rendered moot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Tue, 5 Jun 2012, Polytropon wrote: On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ I may reply with another link: http://mjg59.dreamwidth.org/12368.html I have a pretty basic question that probably displays some ignorance... Does the loader need to be signed? Once signed, can it load anything, or just things MS has approved? If MS signs the kernel, can the kernel run anything, or just things MS has approved? If RH has a signed kernel, do they have to sign all the userland programs that run under that kernel? Can users sign programs compiled from source? If MS only has to sign the first link in the chain, then the $99 certificate is not really a problem except for the pure of heart. If MS or someone else has to sign all the way down to the userland binaries, then users of FreeBSD will have to turn off secure boot in CMOS, and it will lose a few users. But I can't tell from the discussions mentioned above. Either way, I don't think it will destroy FreeBSD, or Linux, but I would be interested anyway. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Tue, 5 Jun 2012, Jerry wrote: On Tue, 5 Jun 2012 17:00:14 -0400 (EDT) Daniel Feenberg articulated: On Tue, 5 Jun 2012, Polytropon wrote: On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ I may reply with another link: http://mjg59.dreamwidth.org/12368.html I have a pretty basic question that probably displays some ignorance... Does the loader need to be signed? Once signed, can it load anything, or just things MS has approved? If MS signs the kernel, can the kernel run anything, or just things MS has approved? If RH has a signed kernel, do they have to sign all the userland programs that run under that kernel? Can users sign programs compiled from source? If MS only has to sign the first link in the chain, then the $99 certificate is not really a problem except for the pure of heart. If MS or someone else has to sign all the way down to the userland binaries, then users of FreeBSD will have to turn off secure boot in CMOS, and it will lose a few users. But I can't tell from the discussions mentioned above. Either way, I don't think it will destroy FreeBSD, or Linux, but I would be interested anyway. I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. It says once paid you can sign as many binaries as you want but I don't know if that means as many different binaries or as many copies of the same binary. Later it says they will write a new bootloader that MS will sign and adding support for verifying that the kernel it's about to boot is signed with a trusted key but I don't know if that kernel is signed by MS or RH, or if MS gets to approve it. Finally it says we'll be sanitising the kernel command line to avoid certain bits of functionality that would permit an attacker to cause even a signed kernel to launch arbitrary code but does arbitrary code refer to something I would want to do as a sys-admin? dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
On Fri, 1 Jun 2012, Wojciech Puchar wrote: Assuming that filesystem doesn't need offline filesystem check utility because it never crash is funny. zfs scrub...??? when starting means crash quickly? Well.. no. Certainly with computers that never have hardware faults and assuming ZFS doesn't have any software bugs you may be right. But in real world you will be hardly punished some day ;) Additionally ZFS works directly at the block level of the HD meaning that it is slightly different to the 'normal' file systems in storing information and is also self healing.. doesn't other filesystem work on block level too? if no - then at what level? If the OP really intended to stripe disks with no parity or mirror for ZFS , then that is probably a mistake. If the disks are /tmp, it might make sense to stripe disks without parity, but no need for ZFS. The OP did say JBOD, which to me means that each disk is a separate disk partition with no striping or parity. Again, in that case I don't see any need for ZFS. As for ZFS being dangerous, we have a score of drive-years with no loss of data. The lack of fsck is considered in this intelligently written piece http://www.osnews.com/story/22423/Should_ZFS_Have_a_fsck_Tool_ The link to the emotional posting by Jeff Bomwick is broken, but the original is available at: http://mail.opensolaris.org/pipermail/zfs-discuss/2008-October/022324.html daniel feenberg nber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network Cards Compatibility
On Thu, 17 May 2012, Christian ROUSSEAU wrote: Greetings, I would like to have a list of the free bsd compatible network cards . Is it compatible with realtek chipset drivers. That comes with most PC's? Just guessing, you have to restrict yourself to a very limited selection? You would do better to post a list of the cards available to you and ask what will work. I have purchased many very inexpensive ($10) NICs and never had a compatibility problem with whatever was the latest FreeBSD version available at the time, although very expensive cards, and very new motherboard with embedded NICs have sometimes not worked. Also, if you are running an older version of FreeBSD you may have more difficulties. My cynical view is that the vendors of cheap cards don't bother to make modifications to the reference design, so they remain compatible. The official list of compatible NICs is sometimes difficult to reconcile with what is available in the local Micro-Center or Fry's, and I expect the situation is no better where you live. http://www.freebsd.org/relnotes/CURRENT/hardware/support.html#ETHERNET The Intel Pro/1000 is our current favorite card, but is $35. It supports PXE booting, which we do a lot. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Server
On Thu, 17 May 2012, lpeth wrote: FreeBSD Dear Sirs; I have a 8core, 32 GB ram server I built myself. AMD cpu, with Supermicro motherboard. I want to use FreeNAS as a database system, and I'm wondering what it will cost to use FreeBSD with FreeNAS. I see the Version I would like is $40 for a four CD set, but that does not mean I get to use the server version of it. What is the server version going to cost? Sincerely, Mark T. Evans FreeNAS is effectively a FreeBSD distribution emphasizing storage. It is open source and free of cost: http://www.freenas.org/ The CDs are nice, but you can download an ISO also. iXSystems have TrueNAS, which is costly. My understanding is that FreeNAS is a subset of TrueNAS. See: http://www.ixsystems.com/storage/ix/truenas/ for more information. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Many SATA disks
We would like to build a FreeBSD machine ourselves with many (~15) SATA drives, but NOT use a RAID controller. We want to be able to remove any drive and connect it to an ordinary motherboard SATA port and mount the filesystem using only the OS provided drivers and tools. I have built many FreeBSD systems, but never used port multipliers and don't know which controllers advertised as RAID controllers will support a plain pass-thru mode. Would anyone like to make a suggestion from actual experience? The system will be used solely for archiving, so performance is not critical, but portability of the partitions to other systems is necessary. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On Sat, 25 Feb 2012, Da Rock wrote: On 02/25/12 12:03, David Brodbeck wrote: On Fri, Feb 24, 2012 at 5:15 AM, Daved...@g8kbv.demon.co.uk wrote: Those address links need changing to graphic's, so that most address harvesting bots won't get anything usable. Mk1 eyeball can still see what's what, but if you have to use the info, you have to re-type it manually. I really don't recommend that. Keep in mind not everyone can use the Mk1 eyeball. Websites need to be accessible to blind people using screen reader software, too. And therein lies the problem. How do you maintain accessibility while preventing bots from harvesting? You can't have your cake and eat it too... :) Only solution lies in a security gate of good filters and blocklists. But occasionally one or two will still pass. An email address can be hidden from bots without violating section 508, for instance: feenberg is at nber dot org or some variant won't be picked up by a robot. But is it really practical to treat an email address as a secret, when it will be shared with hundreds of correspondents? I have mostly thought that was hopeless. We do it on our website because we don't want to bother arguing with people. daniel feenberg feenb...@nber.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Horrible installer
On Sat, 21 Jan 2012, Damien Fleuriot wrote: On 21 Jan 2012, at 05:47, Michael Sierchio ku...@tenebras.com wrote: I've been using FreeBSD since 2.2.1, and IMHO, the 9.0 installer SUX! It blow chunks. It's a POS. It's crap. It is a joke. I hope I made myself clear. ;-) - M Just because you see things a certain way doesn't make them a fact. It's your personal opinion and other people's mileage may vary. Since you're a fbsd user from 2.x, certainly you're WAY beyond needing the installer and just unpack the base system + kern + src + ports and install them manually. Refer my earlier post on the subject. Perhaps if you're unhappy with the new installer you should have submitted feedback about it before -RELEASE hit the road. I have not yet encountered the new installer, but I recall the traditional installer still came with 9.0 Beta3 (which I have used), so I am wondering how much time for discussion of the new installer there really was. Nevertheless, the problem with the old installer was the menu system's departure from convention, which did take quite a while to get used to. I recall that the author of the old installer said he regretted picking that menu package for this reason. Could someone enumerate what advanced hooks are now buried? If they are configuration items that can be changed post-install, then there is probably little reason to offer them during the install. Partitioning, RAID setup and encryption are things that do need to be established during setup, and I regret that no installer (for FreeBSD or Linux) notices that I have two empty drives, and defaults to a RAID 1. Daniel Feenberg Last but not least I find your calling the new installer a pos highly disrespectful towards the people that invested time, energy and money in it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Realtek RTL8191SEvB Linux driver?
On Wed, 4 Jan 2012, Da Rock wrote: On 01/03/12 22:10, Jerry wrote: On Tue, 03 Jan 2012 16:44:30 +1000 Da Rock articulated: On 01/03/12 11:15, Jeffrey McFadden wrote: Jerry, there are so many things that are so wrong and so un-pc in this statement that it is more than ridiculous. But we will ignore the political/religious sentiments and try to stick to the technical. Winblows, Mac, Linux, BSD, others APIs are like cheese and chalk (although Mac is a closer relative than any other). By your logic we should be getting Winblows drivers to work on BSD. Don't ndis(4) ndiscvt and ndisgen(8) essentially accomplish what the OP is requesting? See the handbook section 12.8.1.1: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html or the man page for ndiscvt: http://www.gsp.com/cgi-bin/man.cgi?section=8topic=ndiscvt While doing the conversion looks a bit beyond what we would expect of an end-user, it does seem to offer a path for using hardware whose manufacturer does not support FreeBSD. Is there anything beyond licensing issues preventing such drivers from being included in the distribution, or made downloadable in FreeBSD form? Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Realtek RTL8191SEvB Linux driver?
On Wed, 4 Jan 2012, Da Rock wrote: On 01/04/12 02:10, Daniel Feenberg wrote: On Wed, 4 Jan 2012, Da Rock wrote: On 01/03/12 22:10, Jerry wrote: On Tue, 03 Jan 2012 16:44:30 +1000 Da Rock articulated: On 01/03/12 11:15, Jeffrey McFadden wrote: Don't ndis(4) ndiscvt and ndisgen(8) essentially accomplish what the OP is requesting? See the handbook section 12.8.1.1: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html or the man page for ndiscvt: http://www.gsp.com/cgi-bin/man.cgi?section=8topic=ndiscvt While doing the conversion looks a bit beyond what we would expect of an end-user, it does seem to offer a path for using hardware whose manufacturer does not support FreeBSD. Is there anything beyond licensing issues preventing such drivers from being included in the distribution, or made downloadable in FreeBSD form? Oh yes, it is possible, just not probable :) At http://sourceforge.net/apps/mediawiki/ndiswrapper/index.php?title=Category:USB almost 800 compatible devices are listed. Not everything, but I have found that a willingness to spend a few dollars on a different card helps immensely in enjoying FreeBSD and Linux. For me at least it is easier to find a compatible card than to write a compatible driver. I would also observe that most people involved with computers, whether as users or developers, have little symphathy for people with different needs from the device. This is a great impediment to progress. It is a mistake to assume that because you don't need something, another person's desire for it is illegitimate. In this case, I fully agree that it is an injustice that hardware vendors do not supply FreeBSD drivers, but that does not mean that users requiring such drivers are immoral or of poor character, and therefore to be ignored or insulted. There is little that FreeBSD coders and users can do about that injustice directly, however it is within their power to mitigate it with the NDIS wrapper. If that wrapper allows another user to enter the FOSS world, that will (in the fullness of time) contribute to reforming the vendor. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need to know the compatibility
On Mon, 19 Dec 2011, vijayamurugan.kalyanasunda...@emc.com wrote: Hi Team, Kindly let me know on the compatibility of Intel X520 Dual Port 10 Gigabit Ethernet PCIe Adaptor Card with Free BSD 8.2 OS. I didn't see any answer to this - but we are interested in ANY 10 GB ethernet card for FreeBSD or Ubuntu. Does anyone have that working? Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I am FreeBSD user.
On Mon, 5 Dec 2011, Chris Whitehouse wrote: On 05/12/2011 01:42, Warren Block wrote: On Sun, 4 Dec 2011, masayoshi wrote: When I was looking for sudo, I noticed a weired thing. http://www.freebsd.org/cgi/man.cgi?query=sudoapropos=0sektion=0manpath=Red+Hat+Linux%2Fi386+9arch=defaultformat=html The source html on that page for what appears in your browser as ssuuddoo is: bs/bbsu/bbud/bbdo/bbo/b which is weird enough that I wouldn't blame the browser for the odd appearance. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Shouldn't GNU tar be ignoring /proc with --one-file-system?
On Fri, 18 Nov 2011, Kirk Strauser wrote: On Nov 18, 2011, at 11:27 AM, Robert Bonomi wrote: See the output of 'mount(8)' for the names of all the mounted filesystems on your machine. $ mount | grep proc procfs on /proc (procfs, local) *NOTE*WELL* that '/proc' is *not* a separate filesystem. It is merely a _directory_ with a bunch of 'special' files in it. I'm confused here. In what way isn't /proc a separate filesystem? It's even called procfs. I just went to an 8.1 system as root and did: umount /proc and /proc dismounted leaving an empty directory in route. I then went mount /proc and /proc was mounted again, using the parameters in /etc/fstab. Surely that means that going from / to /proc is crossing a filesystem boundary. To me that suggests it is a separate filesystem, and typically /proc is filled with stuff that you wouldn't want to recurse through, so I wouldn't think it a good candidate for special casing as non-mounted. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fast personal printing _without_ CUPS
On Thu, 27 Oct 2011, Mark Felder wrote: You've just made me a happy, happy user. I always wondered what it would take to get rid of CUPS, and today I've done it. Finally my print jobs are instantaneous here at work instead of being a mystery. Can't wait to go home and do the same with my personal laser. Has anyone here experience with PDQ? It is a printing system that appears to address the problems cited in this thread. http://pdq.sourceforge.net/ Quoting from the website: Most casual unix users regard lp and lpr as black holes to which print jobs disappear, and may or may not emerge. I haven't tried it, as we have been able to make CUPS work (barely), but I am sympathetic to the sentiments expressed. Other than Windows-specific printers, FreeBSD printing problems are home-grown, and not caused by vendor misbehavior. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: somewhat Off topic, Sendmail Issue
On Wed, 12 Oct 2011, Dean E. Weimer wrote: I know this is a Sendmail issue, but I haven't been able to track down any information online, or found any Sendmail user email lists yet. And since I am running it on a FreeBSD server, I thought I would try here and see if anyone knows the answer to my problem. I have enabled SSL on SMTP to enable the delivery and reception of TLS encrypted emails, the server is going to be used as a relay between a MS Exchange server and an external Spam filtering service that has an encrypted email sending application that strips attachments and creates a password protected HTTPS link based on keywords in the subject. Everything works as expected, but when I test the server against required PCI scans, it accepts weak encryption ciphers, I need to limit these ciphers. After a lot of extensive searching I have found references to the fact that it is possible to configure Sendmail to do this, but I can't find any documentation on how to do it. There is an active Usenet group at comp.mail.sendmail. Does the ENCR parameter documented at http://www.sendmail.org/m4/starttls.html do you any good? It doesn't restrict the method, only the number of bits in the key. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: User tasks in ~/.logout
On Tue, 11 Oct 2011, Polytropon wrote: I have some users who I want to schedule a specific job for which gets executed on their user account. For some of them, it will be twice a day, for others just once a month. It should happen at logout time. The intended mechanism to do so is ~/.logout, the C shell's logout script. If the user doesn't want to wait for the script to complete for the session to end, you could start the script with a call to batch or at. The shell documentation claims that .logout executes whenever the shell exits, so your script should execute even if the user neglects to properly log out, however I haven't experimented with that. Are you sure you wouldn't be better off with a cron job? Is it that you don't want the script running while the user is logged in? Dan Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: KVM switch with FreeBSD-8.2
On Sun, 11 Sep 2011, Robert Huff wrote: Carmel writes: I am thinking of using a TRENDnet 2-Port DVI USB KVM Switch Kit with Audio TK-214i with a FreeBSD-8.2 amd64 PC and a Windows 7 machine. I presently have a Samsung 24 digital monitor and a Logitech S510 cordless keyboard mouse combination. The keyboard, mouse and monitor presently work fine on FreeBSD. I am wondering if anyone has any personal experience with using KVM switches with FreeBSD and what that experience might be. I would really like to integrate these two PC into using just one common monitor, etcetera mostly due to space considerations. I have not used that particular make/model, but I have used a KVM and it worked. I vaguely remember accounts of people who had problems; a search of the mailing-list archives is advisable. The problem I have heard of relates to what happens if the machine boots with the KVM switched to another machine? The KVM may need to pretend there is a keyboard connected at that point. You certainly can't tell by looking at the box, but the Trendnet TK-407 I have (which is a 4-port USB KVM from the vendor you mention) works fine with FreeBSD and Windows. We haven't tested the mouse in FreeBSD. Since any USB KVM would be fairly recent, you might just want to take a chance. Solaris Sparc systems had worse problems. Daniel Feenberg Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: KVM switch with FreeBSD-8.2
On Sun, 11 Sep 2011, Carmel wrote: On Sun, 11 Sep 2011 14:28:42 -0400 (EDT) Daniel Feenberg articulated: The problem I have heard of relates to what happens if the machine boots with the KVM switched to another machine? The KVM may need to pretend there is a keyboard connected at that point. You certainly can't tell by looking at the box, but the Trendnet TK-407 I have (which is a 4-port USB KVM from the vendor you mention) works fine with FreeBSD and Windows. We haven't tested the mouse in FreeBSD. Since any USB KVM would be fairly recent, you might just want to take a chance. There is a Windows configuration utility that can be used to setup the switch. The way I figure it, if I cannot get it to work satisfactory, I can always return it. Does your switch work when X is not loaded? I have not been able to get a satisfactory answer regarding that. Someone mentioned that X has to be loaded first. That would definitely be a deal breaker. If you are asking, Is there a FreeBSD command to cause the KVM switch to move to the next system? then the answer is I don't know and it would amaze me if there were. If the question is Does the switch care what the OS is? then the answer is, you can press the physical button on the switch to change the system connected. The OS doesn't know it doesn't have the screen and keyboard, and is in no way affected by the KVM switch, just as the KVM doesn't know or care what the OS is. I just looked at the manual for the 207K online, and it indeed comes with a utility that runs under windows. That won't work with FreeBSD but the switch has actual buttons on it, and they will work fine. Daniel Feenberg Thanks for your feedback. -- Carmel ✌ carmel...@hotmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Poll on server attacks
On Sat, 13 Aug 2011, Alejandro Imass wrote: On Sat, Aug 13, 2011 at 4:40 PM, Jerry je...@seibercom.net wrote: On Sat, 13 Aug 2011 15:43:02 -0400 Alejandro Imass articulated: [...] Personally, I prefer: https://www.countryipblocks.net/. It is just a matter of personal taste I guess. The problem with using country lists for blocking is that individual sources can't get off them by behaving better. With no incentive to improve behavior, they are likely to continue the bad behavior forever, and the entire country is likely to remain tolerant of bad behavior. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: will have 4th FreeBSD Edition handbook?
On Fri, 5 Aug 2011, Alvaro Castillo wrote: Hello world! Yes, The 3rd Edition of FreeBSD's Handbook is more old than Noe's Ark (is for FreeBSD 4.x and 5.x versions). The Handbook today has got a lot of changes (I presume with FreeBSD 9.0-RELEASE more yet). I'm interesting buy this handbook, but is so old You might be better off purchasing Absolute FreeBSD which has a more recent 2nd edition: http://www.amazon.com/gp/product/1593271514/ and which covers much the same territory. It has a good discussion of diskless booting, a portion of the handbook which is hopelessly obsolete. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 2020: Will BSD and Linux be relevant anymore?
On Thu, 21 Jul 2011, Chad Perrin wrote: On Thu, Jul 21, 2011 at 10:52:28AM +0200, C. P. Ghost wrote: I'm not familiar with Windows, but I don't think a typical windows driver as written by a hardware vendor would manipulate the windows kernel internals (data structures) directly, right? If that's correct, we merely need to catch the ABI up- and down-calls from and to the windows driver, and translate them into regular FreeBSD syscalls (maybe augmented by a compat helper library?). Since this is exactly the approach taken by the Linuxulator, I fail to see why a similar method hasn't been tried for those windows kernel driver (binary blobs). Maybe some artificial restrictions like, say, patents are standing in the way? Or a technical restriction like such binary blobs being encrypted with a public key, and only usable from Windows kernel with their own secret key? It may not be anything so exotic. On a per-release basis, the MS Windows ABIs and APIs change far more dramatically than the Linux kernel, and are far less transparent to developers; they must in many cases be discovered by experimentation, being closed source software. Over a given period of time, the changes to Linux may be greater in number and magnitude (I'm not a kernel hacker, so I wouldn't know for sure), but they're spread out over time rather than bundled in a major collection of changes with a new marketing campaign. This might make it much more difficult to target the MS Windows ABIs and APIs. I'm just speculating, though. As I said, I'm not a kernel hacker. Doesn't the NDIS specification offer a reasonably stable ABI for wireless drivers? I have often thought that supporting NDIS would offer manufacturers a sort of halfway house to ease them into proper support for FreeBSD and Linux. While it is inferior to open source drivers, it would attract users, and with users manufacturers would feel pressure to have better support, which would best be achieved with open-source drivers. Daniel Feenberg -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to force a hard reboot remotely
In the last episode (Jul 16), Aryeh Friedman said: Is there any way to force a complete power down and then reset of a i386 without physically being present? You haven't said what about an ordinary shutdown -r isn't satisfactory, but we have an iboot gizmo http://dataprobe.com/remote-reboot.html that we use on a (non-FreeBSD) server that hangs from time to time. WOL also works. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question about NIC link state initialization
On Wed, 29 Jun 2011, per...@pluto.rain.com wrote: Steve Polyack kor...@comcast.net wrote: ... An occaisional fat-finger in /etc/fstab may cause one to end up in single-user mode ... some of these systems have a LOM (lights-out management) controller which shares the system's on-board NICs ... when the system drops out of init(8) and into single-user mode, the links on the interfaces never come up, and therefore the LOM becomes inaccessible. ... all one has to do is run ifconfig to cause the NIC's links to come up ... why do we have to run ifconfig(8) to bring the links up on the attached interfaces? When trying to troubleshoot a problem that was known or suspected to involve the network or its hardware, one might not _want_ the NICs Well, maybe, but if the system needs to boot into multi-user mode for the LOM to be available, what is the need for the LOM? At that point you can do everything you might need through the OS interface. Can I ask what is the brand of this so-called LOM? Is there any documentation implying something more useful? Do they describe doing a bare metal install of an OS? Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SAS controller for FreeBSD
On Sat, 25 Jun 2011, Leon Meßner wrote: On Fri, Jun 24, 2011 at 06:51:37PM -0400, Daniel Feenberg wrote: ... There are some SAS RAID controllers that claim to support FreeBSD but I can't tell if their JBOD mode is a true pass-through, or leaves some undesirable junk on the disk. So does anyone have a recomendation for a reasonably priced SAS controller? We aren't looking for anything fancy at this point. We are using two of the LSI SAS2008 based cards here and have no problems with them. Be sure to run a recent STABLE as the mps driver is relatively new. Speed and reliability are very nice. The only thing we February of this year: http://lists.freebsd.org/pipermail/freebsd-scsi/2011-February/004784.html are missing is IR-Firmware support but if you only want a HBA this won't bother you. If I search the LSI website for SAS2008 the first hit includes a description of the chipset features, including the bullet point * Integrated RAID All the cards on the LSI website that I can find using the SAS2008 chipset include the sentence Integrated RAID avoids additional host CPU overhead in their brief description, even the ones labeled HBA. Apparently the FreeBSD driver does not include an interface to the RAID capability, but it seems that the chipset still provides it. I suppose this still avoids controller lock in, so it should be satisfactory. Can I ask what model you have? Thanks Daniel Feenberg cherio, Leon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SAS controller for FreeBSD
We have been using ZFS under FreeBSD for a while, and are very pleased, but are considering building a system with SAS drives, in the hope that they will be faster (any truth to that?). I am assuming that I should look for a non-RAID controller, but I can't find any SAS controllers that don't claim to do RAID and are on the FreeBSD compatibility list. I have always thought that using a RAID controller for a non-raid partition was a bad idea, since it limited ones ability to swap controllersm, and presumably if we are using ZFS for our RAID we don't need another level of RAID provided by the controller. Is that prejudice justified? There are some SAS RAID controllers that claim to support FreeBSD but I can't tell if their JBOD mode is a true pass-through, or leaves some undesirable junk on the disk. So does anyone have a recomendation for a reasonably priced SAS controller? We aren't looking for anything fancy at this point. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ftp installation
I have tried many of the ftp sites enumerated in sysinstall, with both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation proceeds for a few seconds and then hangs, with the last message on the console always being: DEBUG: Generating /etc/fstab file. This happens with several different systems. I believe it is not any hardware problem, since I was able to install 7.4 from NFS. (I have unrelated problems with 8.2). If I ftp to any of the mentioned FreeBSD ftp servers under manual control, I have no trouble downloading ISO files. The ftp sites tried include ftp[34567].freebsd.org and ftp10.us.freebsd.org. We have no firewall or proxy regulating outbound connections. Is there something off about the sysinstall ftp dialog? I don't see a way to monitor what is happening. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ftp installation
On Sat, 11 Jun 2011, Robert Simmons wrote: On Sat, Jun 11, 2011 at 6:52 PM, Daniel Feenberg feenb...@nber.org wrote: I have tried many of the ftp sites enumerated in sysinstall, with both 7.4-RELEASE and 8.2-RELEASE, and in all cases the installation proceeds for a few seconds and then hangs, with the last message on the console always being: DEBUG: Generating /etc/fstab file. ... Is there something off about the sysinstall ftp dialog? I don't see a way to monitor what is happening. Your firewall may be interfering with the connection. You may want to read the handbook section on FTP installs (the grey box at the bottom of the page): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-media.html Well, our router has never interfered with ftp transfers done from the command line, but switching to the firewall-friendly mode in sysinstall does fix the problem. Thank you Daniel Feenberg NBER___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long Day's Journey into Bleep
On Fri, 10 Jun 2011, Jerry wrote: On Thu, 09 Jun 2011 17:37:14 -0700 Chuck Swiger cswi...@mac.com articulated: On Jun 9, 2011, at 3:28 PM, Chad Perrin wrote: In many cases, it's not even obvious which of the products I find are suitable for building various types of network switches. Do you know of any Webpages that might help me rectify my dearth of understanding in this area? You can get an unmanaged 24-port 10/100/1000 switch for less than $10 per port, and a good managed switch for about $30 per port. A cheap quad-port GB NIC runs $200 or $50 per port; and one from Intel or Cisco which can actually run all of the ports near rated line speed is closer to $100 per port. You simply can't build a commodity PC using these and end up anywhere near the price point of a dedicated switch. I wouldn't think the OP was interested in saving money, there are other reasons for building your own switch. For example, there is a famous article Tricks you can do if your firewall is also a bridge: http://www.usenix.org/events/neta99/full_papers/limoncelli/limoncelli_html/ Dan Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long Day's Journey into Bleep
On Thu, 9 Jun 2011, Chad Perrin wrote: On Thu, Jun 09, 2011 at 06:01:03PM -0400, Daniel Staal wrote: Depending on your needs, Soekris, ALIX, or Netgate products could all work. Most don't have large numbers of ports (2-5 built in are standard, and some have expansion capability), but can run some higher-level processing while doing switching work. I appreciate the information. Unfortunately, while I can find products offered under these brands for sale on the Internet, this is not (as I mentioned) within my areas of expertise, so I'm finding the information about the products somewhat opaque. In many cases, it's not even obvious which of the products I find are suitable for building various types of network switches. Do you know of any Webpages that might help me rectify my dearth of understanding in this area? Thanks to the completeness of documentation such as the FreeBSD Handbook, learning how to build firewalls and routers is a relatively trivial exercise. Switches are another matter entirely. . . . A switch can also be called a bridge. FreeBSD seems to have built-in facility for bridging. See: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/index.html It isn't something I have any experience with, though. Daniel Feenberg -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Diskless boot fails when network card is reset before NFS root mount
Our dozen diskless FreeBSD 7.0 machines are all able to diskless boot just fine. However, when we tried to set up a FreeBSD 8.0 root for them to boot from, the boot process would load up all the devices, and then fail right after the line NFS ROOT: ... We boot using pxeboot. pxeboot then mounts our NFS root and runs the loader from /boot under there. After the beastie screen, loader runs the kernel. All this works fine under both 7 and 8. On both 7 and 8, we see messages of the form em0: link state changed to down,em0: link state changed to up. They happen right before or after NFS ROOT. Then, on version 8, we see error messages about /devfs not being found, and eventually /sbin/init not being found. We surmise that what happens is that the kernel resets the ethernet interface, right before re-mounting the NFS root (note that the NFS root was already mounted back before the beastie screen). On 8, somehow the interface reset interferes with the nfs mount resulting in no root FS. This problem seems to be referred to here: http://lists.freebsd.org/pipermail/freebsd-net/2009-January/020666.html Have others seen this issue? Is it a known bug? Is there a workaround or a fix? It seems to us, not being kernel hackers, a particularly difficult problem to get a handle on because execution is being controlled by the kernel at that point, there is no loader script or rc script that one could insert debugging print statements into. A complete description of our diskless boot procedure is given at: http://www.nber.org/sys-admin/FreeBSD-diskless.html which has worked well on several prior versions of FreeBSD. The network card is an Intel Pro/1000 card - well supported by FreeBSD. - Alex Aminoff BaseSpace.net National Bureau of Economic Research (nber.org) - Daniel Feenberg feenb...@nber.org National Bureau of Economic Research (nber.org) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Diskless boot fails when network card is reset before NFS root mount
http://www.freebsd.org/cgi/query-pr.cgi?pr=139363 suggests the fix is to set boot.nfsroot.options=nfsv2 in /boot/loader.conf or via dhcp. I can see how to set options in /boot/loader.conf, but I don't see how boot loader options can be set in dhcpd.conf. All I have is: next-server 66.251.72.4; filename pxeboot; option root-path 66.251.72.44:/vol/vol1b/FreeBSD-7.2-root; Where would the boot loader options go? Are they a numbered option? Which one? Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tnftpd, lukemftpd and conversions
On Sun, 26 Apr 2009, Rudolf Cejka wrote: Daniel Feenberg wrote (2009/04/24): and from the motd message I can see that the server is using this configuration file. The compress program has been copied to /var/ftp/bin/compress so it should be available too. \ From /usr/bin/compress? Are you using chroot in ftpd? Did you tried to perform chroot and run /bin/compress yourself? Isn't there missing libc? Yes, that looks like the problem. I found a copy of the example file in the examples directory of /usr/ports/ftp/tnftpd and there is more information there. I'll try to compile compress statically or make copies of the libraries. (Also, I missed the -c option to compress). Thank You Daniel Feenberg -- Rudolf Cejka cejkar at fit.vutbr.cz http://www.fit.vutbr.cz/~cejkar Brno University of Technology, Faculty of Information Technology Bozetechova 2, 612 66 Brno, Czech Republic ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
tnftpd, lukemftpd and conversions
I am trying to get tnftpd or lukemftpd to do the authomatic conversions documented in the man page. I am running 7.1 Release #0. My /var/ftp/etc/ftpd.conf file is only two lines: motd all motd conversion all .Z f . /bin/compress %s and from the motd message I can see that the server is using this configuration file. The compress program has been copied to /var/ftp/bin/compress so it should be available too. However, while I can ftp to localhost and login as anonymous and get the file test, when I ask for test.Z I get only the following messages: get test.Z local test.Z remote test.Z 229 entering Passive mode 550 test.Z: no such file or directory The man page for ftpd.conf says: If a file to retrieve ends in suffix and a real file (sans suffix) exists then the output of command is returned instead of the contents of the file. I also tried the default ftpd, with the same result (although it isn't clear if ftpd supports conversion, there isn't any documentation for the configuration file for ftpd - the included man page is clearly for lukemftpd and the tnftpd page is essentially the same). So I am left with the conclusion that there is something wrong with my ftpd.conf entry, but have found no examples anywhere on the net to guide me. There is supposed to be an example in /usr/share/examples/ but it isn't there (PR 133468). I'd sure like to see it, if anyone has it or another. Daniel Feenberg NBER 617-588-0343 feenb...@nber.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
faster booting
We have several network services hosted on a FreeBSD system, and want it to come up quickly, so that these services (dhcp, nameservice, nis, tftp etc) are available when systems are restarting after a prolonged power failure. That is, several times a year we have multi-hour power failures (generally starting at midnight because that is utility maintainance time) and our UPSs run out of power. That is OK, but we would like the systems to come up when the power returns, without going to the server room and restarting systems in a prescribed order. In most cases the clients hang because essential services are not available, and in most cases the clients do not proceed to boot later when the service does become available. So, is there advice anywhere about speeding up the boot process? It appears that most of the 1 minute 45 seconds to boot our system is wait time for checking the existence of non-existant hardware and would not be appreciable reduced with a faster CPU or disk. Are there kernel options that we could use to avoid this checking? Would recompiling the kernel in some specialized way help? Would pico-bsd be faster? About the only thing I can find is to reduce the 10 second boot screen delay - but we need to cut more than 30 seconds. The server is statically configured but the clients obtain network configuration from dhcp and pxeboot with nfs mounted root directories. Clients are FreeBSD and Linux, and we are not eager to give up pxeboot as it has greatly simplified maintainance. Any suggestions, pointers much appreciated. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: faster booting
On Wed, 5 Mar 2008, Bill Moran wrote: In response to Daniel Feenberg [EMAIL PROTECTED]: We have several network services hosted on a FreeBSD system, and want it to come up quickly, so that these services (dhcp, nameservice, nis, tftp etc) are available when systems are restarting after a prolonged power failure. That is, several times a year we have multi-hour power failures (generally starting at midnight because that is utility maintainance time) and our UPSs run out of power. That is OK, but we would like the systems to come up when the power returns, without going to the server room and restarting systems in a prescribed order. In most cases the clients hang because essential services are not available, and in most cases the clients do not proceed to boot later when the service does become available. So, is there advice anywhere about speeding up the boot process? It appears that most of the 1 minute 45 seconds to boot our system is wait time for checking the existence of non-existant hardware and would not be appreciable reduced with a faster CPU or disk. Are there kernel options that we could use to avoid this checking? Would recompiling the kernel in some specialized way help? Would pico-bsd be faster? About the only thing I can find is to reduce the 10 second boot screen delay - but we need to cut more than 30 seconds. The server is statically configured but the clients obtain network configuration from dhcp and pxeboot with nfs mounted root directories. Clients are FreeBSD and Linux, and we are not eager to give up pxeboot as it has greatly simplified maintainance. Any suggestions, pointers much appreciated. Three things I can think of: * The 10 sec boot delay, which you already mentioned * Make sure the wait time for SCSI devices is a low as reliably works. If it only has SCSI disks, this could probably very short, 1 sec or so * Recompile your kernel removing any devices that don't exist in your hardware. I'm not buying this, however. My laptop boots in ~30 seconds with a mostly stock kernel. Please provide specific details as to what's slowing it down. Are you sure it's not a slow BIOS? Many of the Dell systems we have take several minutes with BIOS self-checks before the OS even starts to boot. The BIOS time isn't terrible - BTX shows up on the console within 15 seconds. The major delays happen when the last console message is about atapci: (25 seconds) and ad2: (15 seconds). Daniel Feenberg -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: faster booting
On Wed, 5 Mar 2008, Kevin Kinsey wrote: Bill Moran wrote: So, is there advice anywhere about speeding up the boot process? It appears that most of the 1 minute 45 seconds to boot our system is wait time for checking the existence of non-existant hardware and would not be appreciable reduced with a faster CPU or disk. Are there kernel options that we could use to avoid this checking? Would recompiling the kernel in some specialized way help? Would pico-bsd be faster? About the only thing I can find is to reduce the 10 second boot screen delay - but we need to cut more than 30 seconds. The server is statically configured but the clients obtain network configuration from dhcp and pxeboot with nfs mounted root directories. Clients are FreeBSD and Linux, and we are not eager to give up pxeboot as it has greatly simplified maintainance. Any suggestions, pointers much appreciated. Three things I can think of: * The 10 sec boot delay, which you already mentioned * Make sure the wait time for SCSI devices is a low as reliably works. If it only has SCSI disks, this could probably very short, 1 sec or so * Recompile your kernel removing any devices that don't exist in your hardware. I'm not buying this, however. My laptop boots in ~30 seconds with a mostly stock kernel. Please provide specific details as to what's slowing it down. Are you sure it's not a slow BIOS? Many of the Dell systems we have take several minutes with BIOS self-checks before the OS even starts to boot. The BIOS time isn't terrible - BTX shows up on the console within 15 seconds. The major delays happen when the last console message is about atapci: (25 seconds) and ad2: (15 seconds). Funky. That's a Looong time to wait for an ATA controller to determine whether or not their's a disk attached. Do you have an ad2? If not, you might want to check the BIOS to see if there's an option to disable that particular part of the ATA chain to see if that speeds FreeBSD's probe up. Let's be sure of this, though; are we actually talking about an ATA controller issue? The phrase last console message doesn't necessarily mean it's the ATA controller, but whatever is *next* in the bootup process, AFAICT, *after* the probe of /dev/ad2, which, on my systems is the mounting of the root filesystem. Yes, there is an ad2 - it is the root filesystem, but given the point made above, it might be that the best thing to do is put that on a faster device. It is currently on a 2.5 drive that was selected to reduce power consumption and make the UPS last longer. Maybe a thumb drive would be better. As for the suggestion that we delay the clients, we plan to enable memory testing in the BIOS of the clients to delay the first request for dhcp services. Any delays placed later in the boot sequence won't help with the problem. Dan Feenberg OTOH, turning off BIOS probes for disks that don't exist is a good idea, IMHO. Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mount_smb shows no files
We are starting to use mount_smbfs to mount backup shares on our Windows XP systems. Formerly we were using Linux successfully, but now many of our mounts succeed, but don't show any files. We can't tell what might be different among the XP systems to explain the difference, or why FreeBSD and Linux should be different in this regard. Demonstration (note that ls /mnt shows no files, but there are files): backup2# mount_smbfs //[EMAIL PROTECTED]/backup /mnt Password: backup2# ls /mnt backup2# df /mnt Filesystem1K-blocks UsedAvail Capacity Mounted on //[EMAIL PROTECTED]/BACKUP 36659328 13238176 2342115236%/mnt backup2# mount_smbfs -v mount_smbfs: version 1.1.0 backup2# uname -a FreeBSD backup2 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Thanks Daniel Feenberg feenberg isat nber dotte org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
diskless booting and t134
I am trying to do diskless booting, and find it requires much esoteric
knowledge. Right now I am trying to make the /conf/${class}/ function
provided in FreeBSD 6.0 work. It is briefly documented in the
diskless manpage, but with no examples. I have had success with
/conf/${ip}/ but not with ${class}.
I have
option t134-cookie code 134=text
at the beginning of my dhcpd.conf file, and
option t134-cookie client
with the other parameters for the diskless client. dhcp accepts this
and goes into background. The dhcpd server is on a FreeBSD 5.2.1
system, but since any slight variation on these commands is diagnosed,
I have the impression that the dhcp server is ok with these settings.
I have added at /disklessroot/conf/client/etc/rc.local an
identifiable file, yet when I boot the diskless client and look at
/etc/rc.local on it, it is clearly not the file from conf/client/etc
but the one in conf/default/etc/
I have tried using /disklessroot/conf/123.123.123.123/etc/rc.local
(where actual ip address is obfusticated) and that file is correctly
picked up. So the /conf system is functioning.
I can't tell what might be wrong, but if I look in /etc/rc.initdiskless
it does echo the value of ${class}, which in my case is blank rather
than the expected client. If I run kenv or sysctl -a and search
the output for this variable, I don't see anything with 134,
cookie, or client. My thought is that maybe the t134 feature
isn't supported in the 6.0 release kernel. I couldn't find out anything
about it, other than seeing it referred to in a couple of messages as
kern.bootp_cookie. Anyone familiar with this function?
I am using an unmodified 6.0 #0 kernel, with the default options. It
does serve to generate a system that boots and functions (except
where programs write to read-only filesystems.
Thanks
Daniel Feenberg
feenberg isat nber dotte org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Making UFS snapshots
On Thu, 18 Aug 2005, Giorgos Keramidas wrote: On 2005-08-17 16:32, Daniel Feenberg [EMAIL PROTECTED] wrote: I notice on this list that Garance Drosehn http://docs.FreeBSD.org/cgi/mid.cgi?p06230924bf1c752ccf7f reports making a snapshot of a 4 gigabyte filesystem in less than one second. We have a 859 gigabyte filesystem and snapshots take about 75 minutes to complete. Making a snapshot is not very slow if the disk is relatively idle at the time. Perhaps this is what's biting you? The computer and the disk system is otherwise idle - no activity other than taking the snapshot. Since the original posting I found Dr McKusik's 1999 Usenix paper describing snapshots which suggests the time for taking a snapshot should be brief, and that file system activity should resume after a time no longer than that required for an unmount. This suggests to me that something is wrong with our setup, but I still have no idea what. However, I have found some messages from users with experience similar to ours e.g. http://www.mail-archive.com/freebsd-stable@freebsd.org/msg67320.html Dan Feenberg feenberg isat nber dotte org 617-588-0343 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Making UFS snapshots
I notice on this list that Garance Drosehn http://docs.FreeBSD.org/cgi/mid.cgi?p06230924bf1c752ccf7f reports making a snapshot of a 4 gigabyte filesystem in less than one second. We have a 859 gigabyte filesystem and snapshots take about 75 minutes to complete. Once done they appear to be exactly as advertised. Since we don't yet have any actual files on the filesystem, we anticipated snapshots would be near instantaneous. Even if time were linear in gross filesystem size it should still be done in a minute or so. During this time any other activity referencing (even reads) that filesystem is blocked. Drive activity is continuous all during the 75 minutes, but cpu usage is only a few percent. The filesystem is on 4 300 gigabyte Maxtor SATA drives with a 3ware 9500S-8 controller in raid-5 mode and using the FreeBSD supplied driver. Another poster suggested reducing the number of inodes. Using tunefs -f to increase the average file size from 16K to 64K reduced the time to create a snapshot to 45 minutes. The snapshot size doesn't change. The mdconfig and mounting the memory device take only a fraction of a second - it is only making the snapshot file that takes so long. This is with FreeBSD 5.4 Release #0 (right off the distribution disk, no additional software). Is there likely a problem with our setup, or should we give up on the plan of nightly snapshots? Is this a product of Raid 5, 3ware, super-linearity or to be expected? Thanks Daniel Feenberg National Bureau of Economic Research feenberg isat nber dotte org 617-588-0343 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
