Re: /tmp filesystem full
Le 22/08/2012 12:59, Andy Wodfer a écrit : Hi, I have about 500MB in my /tmp and it seems to be too small when the periodic LOCATE script runs every week. What's the best way to increase the size of /tmp ? Could I simply remove it and create a symbolic link ln -s to say /usr/tmp instead (where I have several hundred GBs free)? PS! This is on a live server and I would like to keep downtime and problems to a minimum. :-) Cheers, Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Removing /tmp and replacing it with a link is a bad idea, it might have unexpected effects if you have to go into single user mode for maintenance - especially if /usr cannot be mounted at that time. A solution would be to create a /usr/tmp BEFORE mounting /usr If the problem comes from locate, the best option is to move locate database and temp files on another drive - take a look at locate.rc for information - this should cause 0 downtime. If the problem is that the tmp file is really too small for a number of operation including locate (for example compile also fails due to lack of space) you will need to either configure each and every failing program to use a different temp directory or move temp directory ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Warning - FreeBSD (*BSD) entanglement in Linux ecosystem
Le 22/08/2012 13:59, Jerry a écrit : On Wed, 22 Aug 2012 12:29:56 +0200 Michel Talon articulated: David Jackson said: In reference to the claims that systemd developers do not care about portability, this is deceptive and misleading. You should read the following interview of Lennart Poettering http://linuxfr.org/nodes/86687/comments/1249943 The amount of hubris and self confidence he deploys is really astounding. I will just quote two extracts: LinuxFr.org : Systemd use a lot of Linux only technologies (cgroups, udev, fanotify, timerfd, signalfd, etc). Do you really think the Linux API has been taking the role of the POSIX API and the other systems are irrelevant ? Lennart : Yes, I don't think BSD is really too relevant anymore, and I think that this implied requirement for compatibility with those systems when somebody hacks software for the free desktop or ecosystem is a burden, and holds us back for little benefit. and cherry on the cake LinuxFr.org : Why Linux desktop hasn't been adopted by the mainstream users ? Linus Torvalds seems to think it's mostly a social issue and not a technical one. Do you agree with him ? Lennart : I think we weren't innovative enough in the interface, and we didn't have a convincing message and clear platform. If you accept MacOS as benchmark for user interfaces, then we weren't really matching it, at best copying it. I think this is changing now, with GNOME 3 which is a big step forward as an interface for Linux and for the first time is something that has been strictly designed under UI design guidelines. The critics complain that the new ideas merely introduces de minimis modifications and does nothing to amend the real faults in the system. The real problem is that true innovative development in FreeBSD has become stagnant. It has taken, and in some cases still not achieved equal standings with other OSs in many areas. Wireless technology, full USB support to name a few. It is ALWAYS easier to blame others for our failures than to admit the problem lies within ourselves. I would not call FreeBSD approach a failure, from my point of view it is definitely a choice. FreeBSD is all about the Least Astonishment. Sure it results in new technologies and paradigm making their way into the OS really slowly (though in the case of both wifi and USB (and ACPI by the way) most of the problem still lies in incomplete specs and dubious standard compliance from manufacturers). But on the other hand it also results in a system that is extremely coherent with himself and extremely stable over time. Almost every script I wrote under FreeBSD 4.x still work flawlessly in 9.1. In fact most *BSD contributors, write code for their needs - they improve FreeBSD because they need the new stuff, not because they have an agenda or a product to sell. Of course non vital improvement (graphics, sounds, 3D etc.) takes longer to be implemented. But I personally prefer an ugly frontend with a robust motor under the hood than the contrary. Thank God that everyone is not the complacent. Where would civilization be now if Edison had considered the candle the ultimate technological advancement in portable lighting or if Bell had considered the telegraph the pinnacle of high speed communication. Change is hard -- it always has been. There exists a strong subculture that would rather curse the darkness then light a candle. Debating with them is a waste of time. You should never argue with idiots because they will just drag you down to their levelthen beat you with experience. Simple ignore them and when time has passed them by and proven you right, you can smile knowing that you were. The frontiers are littered with dinosaurs. You could also enjoy a great day of golf which beats the hell out of arguing with those married to the past. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performance and mouse problems
On 02/05/2012 19:40, Jerry wrote: On Wed, 2 May 2012 13:19:05 -0400 (EDT) d...@safeport.com articulated: On Wed, 2 May 2012, Warren Block wrote: On Wed, 2 May 2012, Albert Shih wrote: I think the problem is indeed comme from Xorg. Just to repeat: on this Gateway notebook, only one or the other of the touchpad or mouse would work until I enabled moused in /etc/rc.conf. Now either or both work, including when the USB mouse is connected after X starts. My experience corresponds with Warren's thoughts on this. I was running the exact levels of software on an old Dell 800Mhz desktop and new aDell laptop many many times faster, 4 cpu's etc, etc. HAL (which is well named I think) did not work very well on the laptop and I would lose the mouse and keyboard when I disabled the touchpad. On the Desktop HAL worked fine. The laptop (keyboard and mouse anyway) works fine without HAL. HAL is now deprecated on GNU/Linux systems. Why it is still being kept on life support in FreeBSD is the question that needs to be addressed. This didn't just happen yesterday either. We continue to bump version numbers yet fail to repair/replace crucial elements of the operating system. What is even better, depending on whose forum you choose to read, the problem is FreeBSD -- Linux -- Gnome -- KDE -- The Cat in the Hat (no one has blamed Microsoft for this fiasco as far as I know) yet the problem still exists. Since 2008, when HAL was being deprecated, no one has properly addressed the problem. Everyone plays the blame game. Be carefull that Linux notion of Deprecated is not exactly on par with standard meaning of the term. ifconfig has been deprecated since 1999 in Linux, OSS since 2001. Both are still alive and kicking. So it might be that Linux will keep HAL for a while still. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performance and mouse problems
On 02/05/2012 17:06, Albert Shih wrote: Le 30/04/2012 ? 17:19:35+0200, Jerome Herman a écrit I was afraid this would happen. And I fear it is just the begining. Why you say that ? Short answer : I am a proud member of the HAL and DBus are evil group. Middle answer : HAL and DBus were made, maintained and tuned with pretty much nothing but Linux in mind. As a result they hardly play well with other OS, and will tend to play worse as the time goes by. In fact general opinion is that HAL never truly worked under Linux either, it is now officially deprecated. OK. I'm just a basic user. Event I use FreeBSD since 3.x I'm sysadmin so I use lot of FreeBSD for the server side. On my laptop I use...vim/X11/Firefox/ion3 and that is almost everything I knwon. I remenber when hal is release I lost lot of time to configure X11 to use my keyboard map (us_intl) and hate hal for that ;-) ugen5.2:vendor 0x413c at usbus5 ums1:vendor 0x413c Dell Premium USB Optical Mouse, class 0/0, rev 2.00/0.09, addr 2 on usbus5 ums1: 5 buttons and [XYZT] coordinates ID=0 Ok looking at your files, it does not appear to be a hal/dbus problem either : The device is correctly probed and registered with DBus, known as /dev/ums1, and the x11 driver is mapped to mouse which should be correct. For one reason or another, xorg is not catching/processing the info. Can you send the Xorg log ? Just wait until X is up and then plug the mouse. I am curious to see what happens inside xorg. I think the problem is indeed comme from Xorg. Before I plug (Notice my touchpad working) http://dl.free.fr/nkZEuk5nZ I plug the mouse http://dl.free.fr/vEn4bnirv Thanks. Regards. JAS Ok here is what happens, In your system you have your touchpad declared both in a static way in your xorg config, and probed by HAL. What happens is that when xorg starts it first install the touchpad as required by the config file, and then tries to install it again via autodetection. Of course the second installation of the same device doesn't work as the device is already busy with xorg, and xorg stops to try to auto-install devices. When you plug another mouse, xorg is notified that there are new devices, but starts by trying to reinstall the touchpad, fails again for the same reason as above and stops trying. In order to solve your problem you can try the following : a) remove the touchpad lines from your xorg config. This way the touchpad should be installed by auto detection. (simply comment it as you might be needing it back soon) b) forbid hal from probing the touchpad. If solution a fails, I would explain to you how to do this if solution a) fails. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performance and mouse problems
On 30/04/2012 13:39, Albert Shih wrote: Le 29/04/2012 ? 00:58:01+0200, Jerome Herman a écrit I was afraid this would happen. And I fear it is just the begining. Why you say that ? Short answer : I am a proud member of the HAL and DBus are evil group. Middle answer : HAL and DBus were made, maintained and tuned with pretty much nothing but Linux in mind. As a result they hardly play well with other OS, and will tend to play worse as the time goes by. In fact general opinion is that HAL never truly worked under Linux either, it is now officially deprecated. I assume you did not create any custom hald rule. Did you ? I have one, but I try with him (I use since hal existe on BSD) and without him. For the same result. The pad in the laptop working but not the usb mouse. In fact I don't think the cpu load is connected to this problem. I already send a email to freebsd-stable. Well but that not a solve the Xorg don't see the mouse. The first thing to do is to add Option AutoAddDevices Off In your ServerLayout section of xorg.conf. Then restart X and try to plug a mouse again. It may result in your mouse not working in X, but at least it should stop your computer from using all it's CPU trying to map the mouse. If indeed the CPU load does not reach skyhigh levels when you plug a USB mouse, we will be able to conclude that there is a DBus/hald problem. Also could you do the following - Mouse unplugged : # /usr/local/etc/rc.d/hald stop # /usr/local/sbin/hald --daemon=no --verbose=yes /tmp/hald_debug.log 21 # dbus-launch lshal /tmp/dbus_hal_debug.log 21 - plug mouse # dbus-launch lshal /tmp/dbus_hal_debug.log 21 And post the content of both log files ? That should help in understanding what is going on. In the worst case there are mecanism that will keep HAL from tinkering/probing usb mouse. Here : the hald log file : http://dl.free.fr/rqLTgOvPS (I put some blank ligne juste before I plug the mouse) the dbus log file before I plug the mouse : http://dl.free.fr/iDgqyLgu6 and the dbus log file after I plug the mouse : http://dl.free.fr/lZuRadJFx I'm not qualified to said if it's hald/dbus problem, FreeBSD-Stable problem or both. I don't think it's a FreeBSD-Stable problem because in the dmesg we see the mouse plug ugen5.2:vendor 0x413c at usbus5 ums1:vendor 0x413c Dell Premium USB Optical Mouse, class 0/0, rev 2.00/0.09, addr 2 on usbus5 ums1: 5 buttons and [XYZT] coordinates ID=0 Ok looking at your files, it does not appear to be a hal/dbus problem either : The device is correctly probed and registered with DBus, known as /dev/ums1, and the x11 driver is mapped to mouse which should be correct. For one reason or another, xorg is not catching/processing the info. Can you send the Xorg log ? Just wait until X is up and then plug the mouse. I am curious to see what happens inside xorg. Regards. Jerome Regards. JAS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: UFS Crash and directories now missing
On 30/04/2012 19:23, Eitan Adler wrote: On 30 April 2012 07:36, Robert Bonomibon...@mail.r-bonomi.com wrote: A competennt, not stupid, sysadmin would know these things. And not 'remove all doubt' (in the words of Abraham Lincoln), by raising such nonsense questions. A competent sysadmin would ask questions when they don't know the answer bringing up possibilities they thought about. A stupid sysadmin would yell at someone asking a question claiming they should have known the answer. I must admit that Robert Bonomi tone was highly insulting for this list, and though I completely condemn the form of his post, I cannot say I disagree with the content. There are quite a lot of things that are wrong with Alejandro Imass' post and analysis. The fist thing is that he did not give is setup in one go. It took quite a while to figure what happened, what system he was using and how he was using it. At first he had to hard reboot an unresponsive system, then at reboot he would have lost all of his jail. Then it appeared that all the jails where inside another jail and that the unresponsiveness came from MySQL. Then we learn that all his daemons are inside jails. Then we learn that ftp-proxy is not. Then we learned that jail are not handled manually but through EZJail. Then we are told that the problem with MySQL is known and comes from a client using TigerCRM with a too much data. There are litterally dozens of little pieces of important knowledge all over the thread. And you have to read it all to make sure you have the global view. Not really a good start. It is OK to forget to mention a thing or two, discarding what you think is irrelevant to the problem at hand, but it is not OK to force people who are trying to help you to read 50+ posts to learn about the basics of your installation. What is even more irritating is the fact that Alejandro Imass ignores pretty much anything that would leads toward a human mistake. Most posts implying a possible bad use of jails/nullfs/ezjail are ignored or answered by a simple I have done everything by the book. Now from my experience someone with 6 servers, each containing multiple jails will not do everything by the book every time. It might be that Alejandro is exceptional, but it is more likely that at least one if not more of these jails were not made by the book. Nothing to blame anyone in here, we all get tired/bored/overconfident sometime - but refusing to admit the very possibility of a human mistake won't help at all in finding a solution. Reading the thread I realized that my suggestion that he might have over-used ln had been discarded as stupid, but the information came a lot later in answer to another post. Of course in the mean time I learned that he was using ezjail, which, if I had known earlier, would have made me wonder if he had not overused nullfs or ln. He furthermore discarded the possibility saying that he did not think that ezjail was using links, just nullfs. Well too bad ezjail is massively using links, at least for basejail, and sometime for port trees or perl setup depending which guide you are using as your reference. During the thread he pretty much bashed anyone who tried to tell him that no amount of jail/ezjail/nullfs/journal screw up could have resulted in the entire content of the jails being moved into another completely unrelated directory node. If one jail had moved it would already have been extraordinary, with a probability of it happening so cleanly that fsck would find nothing already magnitude of order above the chances of winning the national lottery. But all of them ? Not a chance. He finally admitted that he had very little knowledge about UFS and fsck, but still managed to do it in a quite offensive way. That was basically the point were I decided to stop to try to help him. I think others felt the same. This problem is quite interesting in itself, and I think a lot of the most talented people on this list would have been on it but were repelled by the attitude. On the other hand Alejandro Imass pretty much jumped on anything that would be a third party interaction. From someone hacking into his box to a potential nullfs bug that might result in a PR. Now the thing is that EZJail make use of the system immutable flag quite a lot for its config file, resulting in quite a lot of file being impossible to delete or move unless the box is running at kern_secure_level 0. This renders the whole jails moved on their own theory even more improbable. After so much ranting, I would feel bad not to try to help a little : Here are the facts : - In a jail, MySQL was grabbing all the CPU and making the box non responsive. This is due to TigerCRM making requests to a too huge database. - The jail was working - Unless all the data were in memory at this time (unprobable), it means that access path/nullfs/EZJail were OK at this time. - After a force reboot
Re: UFS Crash and directories now missing
On 28/04/2012 19:52, Alejandro Imass wrote: On Sat, Apr 28, 2012 at 1:31 PM, Robert Bonomibon...@mail.r-bonomi.com wrote: Alejandro Imassaim...@yabarana.com wrote: On Sat, Apr 28, 2012 at 11:39 AM, Robert Bonomi bon...@mail.r-bonomi.com wrote: Alejandro Imassaim...@yabarana.com wrote: After a little more research, ___it it NOT unlikely at all___ that under high distress and a hard boot, UFS could have somehow corrupted the directory structure, whilst maintaining the data intact. This is techically accurate, *BUT* the specifics of the quote corruption unquote in the case under discussion make it *EXTREMELY* unlikely that this is what happened. 99.99+++% of all UFS filesystem corruption' issues are the result of a system crash _between_ the time cached 'meta-data' is updated in memory and that data is flushed to disk (a deferred write). The second most common (and vanishingly rare) failure mode is a powerfail _as_ a sector of disk is being written -- resulting in 'garbage data' being written to disk. The next possibility is 'cosmic rays'. If running on 'cheap' hardware (i.e., without 'ECC' memory), this can cause a *SINGLE-BIT* error in data being output. The fact that the 'corrupted' filesystem passed fsck -without- any reported errors shows that everything in the filesystem meta-data was consistent [...] I think it is safe to conclude that the probabilities -greatly- favor alternative #1. OK. So after your comments and further research I concur with you on the mv but if it wasn't a human, then this might be exposing a serious security flaw in the jail system or the way EzJail implements it. BOGON ALERT!!! I admit my ignorance on how the filesystem works but I don't think your condescending remarks add a lot of value. The issue here is this actually happened and there is a flaw somewhere other than the stupid administrator did it. Ok, Not wanting to take any side in what could end up in personal attacks and nasty things being said about any poster genitors but : - Jails are very widely used, in fact it is probably one of the most used functionnality of FreeBSD. Far beyond ZFS, MAC or any of the other nice thingies FreeBSD has. - Jails are very often misused. Though not overly complex, creating a proper jail and upgrading it can sometime be a bit tricky. - Though not entirely devoid of bug and perfect, FreeBSD 8.2 is probably the best thing there is out there when it comes to system stability. It might be lacking some little nooks and cranies when it comes to perfect compliance with obscure standards, it might not behave as expected in some very few situation, but these are extremely rare. FreeBSD 8.2 is very widely used and this is one of the first time I heard of such a problem in jails. Nothing even remotely rings a bell. Take all these information into account and put yourself in our shoes. When reading your problem description, most of us will be inclined to think that you did something wrong. My personnal guess would be that you probably abused ln a bit too much when creating the jails (total shot in the dark here, but it could explain what happened). I don't see how journaling could impact your jails in anyway except if your jails were all extremely new when the crash happened or that the I/O was such that FreeBSD could never sync and commit journal from the time you created your jails to the time where the system crashed. Extremely unlikely. So my question is : where all the jail created properly ? Did you cpdup each and every one of them or were you lazy at some point ? Are all the jails properly declared in rc.conf ? My guess would be that the first jail was created in the right way, but that others were created using cp and ln, resulting in unexpected behaviour in the end. If I am right then the surviving jail would be either the first or the last you created. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performance and mouse problems
On 28/04/2012 22:52, Albert Shih wrote: Le 27/04/2012 ? 12:14:04-0500, Adam Vande More a écrit On Fri, Apr 27, 2012 at 11:13 AM, Albert Shihalbert.s...@obspm.fr wrote: Hi all I've got two very strange problem I'm running 9-stable on a Dell Laptop E4200. Since this morning when I put a USB mouse (I've try three mouses to be sure) it's not working. The kernel and HAL see the mouse but Xorg don't seem do anything. The second point is the load of the system is alway more than 1 (~1.5-2) event I do nothing. I kill all services, daemon, software and the load never drop. I've stop : hald dbus powerd etc... and ps don't show any process eating some ressource. But the load is high (and the laptop is very hot). I make a csup of world and build new userland, and news kernel. And nothing change http://www.wonkity.com/~wblock/docs/html/aei.html Well I don't see why this can be from a misconfiguration, the usb mouse work well before I update hald and world. But I read you link and I don't have those option in my configuration of xorg. Any other idea ? But thanks. For the problem about performance I submit this problem on stable mailing list. Regards JAS I was afraid this would happen. And I fear it is just the begining. I assume you did not create any custom hald rule. Did you ? The first thing to do is to add Option AutoAddDevices Off In your ServerLayout section of xorg.conf. Then restart X and try to plug a mouse again. It may result in your mouse not working in X, but at least it should stop your computer from using all it's CPU trying to map the mouse. If indeed the CPU load does not reach skyhigh levels when you plug a USB mouse, we will be able to conclude that there is a DBus/hald problem. Also could you do the following - Mouse unplugged : # /usr/local/etc/rc.d/hald stop # /usr/local/sbin/hald --daemon=no --verbose=yes /tmp/hald_debug.log 21 # dbus-launch lshal /tmp/dbus_hal_debug.log 21 - plug mouse # dbus-launch lshal /tmp/dbus_hal_debug.log 21 And post the content of both log files ? That should help in understanding what is going on. In the worst case there are mecanism that will keep HAL from tinkering/probing usb mouse. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Kind OFF Topic. FreeBSD for Blocking URLS? Nanny?
On 10/04/2012 05:27, Jorge Biquez wrote: Hello all. I am sorry if this is kind OFF Topic. I am looking for help from more experienced people in these areas. Please let me know if this question should be moved to FREEBSD-CHAT list. As I have mentioned before I am helping a school , non profit with their IT issues. As always there are some experts that controls everything and do not let you change anything because is their kingdom. Anyway, there we have Internet service from a cable company and they have some cisco routers to receive the access and from there some Cisco Switches. They won't let you do things not because it is their kingdom, but because they certainly have a contract with prices for services and penalties for lack of services. As IT professional they want to make their lives simpler and have whoever benefits from a service pay for it. This is a logical and sane attitude to have. Now if you want to meddle with the stuff they are legally responsible for you need to prove them a few things : 1 - Nothing you do will impact them in terms of workload. You might be working for free (and it is very noble of you), but they are trying to earn their lives here. So more work for the same price is not an option. 2 - You can be trusted and you have good skills. This start by explaining fully what you want to achieve, how you will do it and (most important point) how fast anything you do can be undone. No matter what solution you choose it is likely to have side effects, especially since you have no knowledge of what is installed and how it is set-up, except what you can guess probing here and there without administrative rights. No matter how simple and innocuous you solution may seem, it might break the first rule, for example a FreeBSD Gateway might prevent patches from a WSUS server to be applied, it might prevent remote control, it might prevent alert mails to be sent or received and so on. 3 - You have to right the full documentation of what you are going to do, give all the administrative password of your solution to the experts, complete with a good deal of explanation on how to use, remove or change the system. It is also important that they know they can remove your own rights on your own solution if need be. The reason are you may not always be available and you may not always be lucid or in good terms with the school. If a problem arise they have to be able to take full control back, on way or another. 4 - You will find a way to pay them for your solution. Even if you do everything yourself, and have enough skill to do it right without them helping at any point (which is extremely unlikely), the time needed for the experts to review, test, validate and potentially maintain your solution will have to be paid. The closer the solution is to what they already know and have a staff trained for, the lighter the price. But do not expect them accept a solution that might bring them troubles but won't bring them money. The main problem you might have is that you do not seem to have any respect for the guys in charge. True I do not know your history with them, and they may not deserve respect, but as an IT manager for quite a lot of companies both large and small I can tell you one thing : We positively loathe the smart guy with a (most of the time very small) IT background that springs out of nowhere to bring simple solutions to complex problems. 99.9 % of the time they end up giving up with the job half done or they disappear just as suddenly as they appeared taking all their knowledge with them. From the director 13 years old nephew who can have the thing running in minutes (or so the director seems to think) to the junior analyst that will replace a behemoth of ETL processed files and Excel sheets with a single Access app because he has read the first three chapter of VBA for Brain Damaged last week, we see them coming from miles away and needless to say that there are no warms welcome when they finally arrive. The only way to get anywhere is to be humble and then impress the experts with your professional and exhaustive approach of the problem. Anything else will lead to the experts telling you that to achieve the result you want you will need to purchase the solution they know (probably a Checkpoint/Baracuda/Blue Coat/what else appliance) and then pay monthly for maintenance. There are literally thousands of solutions to your problem, ranging from simply installing K9 on every computer to a complex set up with QOS, LDAP/KERBEROS auth and rights delegation going to a redundant active proxy with cache and filtering. Given the small size of the lan, an old and small computer with two ethernet cards and PFSense could probably do the trick, but you will need insight from the guys in charge to be sure. Dans Guardian can offer content filtering, but will require more RAM and CPU power. Cheap commercial appliances will do
Re: Please help me diagnose this crazy VMWare/FreeBSD 8.x crash
On 28/03/2012 22:59, Mark Felder wrote: Alright guys, I'm at the end of my rope here. For those that haven't seen my previous emails here's the (not so) quick breakdown: Overview: FreeBSD ?? - 7.4 never crash FreeBSD 8.0 - 8.2 crashes FreeBSD 8-STABLE, 8.3, and 9.0 are untested (Sorry, not possible in our production at this time, and we were hoping we could base some stuff on 8.3 for long term stability...) ESXi: Confirmed ESXi 4.0 - 5.0 has this problem. Haven't tested on others. History: Over the course of the last 2 years we've been banging our heads on the wall. VMWare is done debugging this. They claim it's not a VMWare issue. They can't identify what the heck happens. We had a glimmer of hope with ESXi 5.0 fixing it because we never saw any crashes in the handful of deployments, but our dreams were crushed today -- two days before an outage to begin migration to ESXi 5.0 -- when a customer's ESXi 5.0 server and FreeBSD 8.2 guest crashed. Crash Details: The keyboard/mouse usually stops responding for input on the console; normally we can't type in a username or password. However, we can switch VTs. If there's a shell on the console and we can type, we can only run things in memory. Any time we try to access the disk it will hang indefinitely. The server still has network access. We can ping it without issue. SSH of course kicks you out because it can't do any I/O. If we were to serve a lightweight http server off a memory backed filesystem I'm confident it would run just fine as long as it wasn't logging or anything. On ESXi you see that there is a CPU spike of 100% that goes on indefinitely. No idea what the FreeBSD OS itself thinks it is doing because we can't run top during the crash. This crash can affect a server and happen multiple times a week. It can also not show up for 180 days or more. But it does happen. The server can be 100% idle and crash. We have servers that do more I/O than the ones that crash could ever attempt to do and these don't crash at all. Completely inexplicable. Things we've looked into: Nothing about the installed software matters. We've tried cross referencing the crashed servers by the programs they run but the base OS is the only common denominator due to the wide variety of servers it has affected. Storage doesn't matter. We've tried different iSCSI SANs, we've tried different switches, we've tried local datastores on the ESXi servers themselves. HP servers, Dell servers -- doesn't seem to matter either. (All with latest firmwares, BIOSes, etc) VMWare gave us a ton of debugging tasks, and we've given them gigabytes of debugging info and data; they can't find anything. VMWare tools -- with, without, using open-vm-tools makes no difference. I think we've done a fair job ruling out VMWare. I think we've finally found enough data that this is definitely something in the FreeBSD world. I'm going to begin prepping some of the known crashy servers with more debugging. Any suggestions on what I should build the kernel with? They never do a proper panic, but I definitely want to at least *try* to get into the debugger the next time it crashes. And when it crashes, what the heck should I be running? I've never played with the KDB before... Thank you for any suggestions and help you can give me ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Sorry, coming a bit late to the party, I have seen similar behavior on a few vm. All of them either Debian and FreeBSD. Even though CPU indication are not necessarily relevant in a VM, vi launched through crontab -e would take insane amount of CPU (up to 84%) and Apache was hanging around 350% 400% (quad CPU VM). Now the thing is that making a VM snapshot and deploying the snapshot a while later, or on a different (way less loaded) VMWare platform would basically make it perfectly usable again. Shutting down the VM and starting it again with only one CPU would also basically solve the problem. In a way Debian seemed to be able to survive the crisis but Disk I/O have latencies of many seconds, sometimes minutes. This would happen only on heavily loaded VMWare. In a quite similar way older version of Debian never shown the problem. Can you test whether you have similar behavior on your platform ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Vivaldi Tablet
On 26/03/2012 01:29, Da Rock wrote: On 03/26/12 06:49, Skippy 311 wrote: With a large portion of the open source community looking towards the Vivaldi Tablet as the push for mobile linux, The site reminds me of someone organising a large party and no one showing up :) Indeed, I felt very alone going there too. I was curious if there was any plans to make an official push to put something together for this tablet. It is alot to ask from FreeBSD, but to put it bluntly, the more this tablet can offer the better it will be. Support from FreeBSD on this tablet would be a wonderful addition to the community being built around this tablet, and I hope to see FreeBSD on board in the near future. FreeBSD on a tablet would be an interesting idea. Not sure about this one though... Looks like one of those ones going on eBay for $50. You can always grab one of those and hack it to run FBSD. The main problem (though it is actually a FreeBSD strength) is that most FreeBSD dev code to solve their own problems. I don not think I am wrong when I say that a vast majority of FreeBSD contributor are also heavy users of the functionalities they code. So the question is Are there enough FreeBSD dev that see any kind of interest in having a tablet ?. Personally I still don't, even though quite a lot of people tried to explain it to me. Also the site lacks the main thing that could get the FreeBSD community on the spot : specs. I managed to learn it was a 1ghz ARM with 512MB ram and 4GB storage, and that is about it. Arm architecture being what it is (basically whatever the constructor decided to use at that moment with no standard as to how he did it) there is absolutely no way to start any kind of port short of reverse engeniring the linux version. My personal opinion is not worth the trouble. Perhaps this should go to embedded though? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: imap server performance benchmarks
On 09/03/2012 03:44, Da Rock wrote: I'm reconsidering my current setup (postfix/courier) for imap and I was doing some research on performance comparisons between imap server setups. I stumbled on this article just just about fell of my chair laughing when I read the last article on future benchmarking tests to perform: research.microsoft.com/pubs/138302/lisa.pdf Considering I have close to a hundred folders or more, and an average of 50,000 emails in each (yes, not good, and I am working on archiving but it won't help _that_ much) with nearly 200,000 in just one! I got a real kick out of the comment that no sane email user would have more than 21,000 emails in a folder - that would make me certifiable :D Oh, and that most email wouldn't be more than a GB or so... mine's edging 6GB already... So, all jokes aside, I contemplated that I would make an ideal test case to the extreme for benchmarking imap servers. Anyone have any suggestions on what to test/how? Anyone have some tools they have created for a similar challenge? I have my own ideas, but if anyone wants me to try something I'd be willing to give it a shot. If anyone has a better idea on which list this should be posted to as well - I considered the lists available (I'm hooked up to most) and couldn't see any better. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No IMAP test is as vicious or as thorough as a real life company deciding to change its mail client from one day to the next and counting on IMAP to automagically restore local archives. If the company more or less uses IMAP folder as a share drives it is even better. It happened to me once. Postfix/Dovecot did handle the change quite well, yet some mailboxes took days before the local copy was in sync with IMAP folders. There was about 200GB of mail to download (35 users company) the load average was under 0.25 all the time on an i5 dual core with 8GB of ram. Duplicating a mailbox X times and having X clients doing a local copy of the entire mailbox sounds like a good first test, with mailbox size and number X on par with what you expect to find on your network. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: request a quote
On 29/02/2012 10:23, Damien Fleuriot wrote: 5-star rating this gem right now. This does, however, raise an interesting question. Do you guys know of any company whose business model is freebsd support and engineering ? Like, a la RHEL or SLES. Excluding dedicated servers rental, since they don't actually provide the real support. There a few indeed, but I am not quite sure how the mailing list mainteners would take it if we were to publicize them here. The makers of PC-BSD offers this kind of service. Jerome Herman On 29 Feb 2012, at 09:59, Mariusz Hermanmher...@advatech.pl wrote: Hi, I would be thankful, if you could send me price of 4-year support for FreeBSD. For configuration: Lp Model Description Qty 1.0 7100139 Sun Fire X4470 M2 server: model family 4 1.1 7100142 Sun Fire X4470 M2 server: 3 RU base chassis with motherboard and 2 PSUs 4 1.2 7100140 2 Intel(R) Xeon(R) E7-4820 8-core 2 GHz processors (for factory installation) 8 1.3 7100166 Two 8-DIMM riser cards (for factory installation) 16 1.4 7100152 Two 4 GB DDR3-1333 DIMMs (for factory installation) 48 1.5 2352A 2 memory DIMM slot filler (for factory installation) 80 1.6 RB-SS2CF-300G10K2 One 300 GB 1 rpm 2.5-inch SAS-2 HDD with bracket (for factory installation) 8 1.7 6331A-N 2.5-inch HDD filler panel (for factory installation) 16 1.8 8370A DVD-RW drive (for factory installation) 4 1.9 SG-SAS6-INT-Z Sun Storage 6 Gb SAS PCIe HBA, Internal: 8 port (for factory Installation) 4 1.10 4446A-Z-N Sun x4 Quad-port Gigabit Ethernet Adapter UTP 8 1.11 5394A PCIe filler panel (for factory installation) 32 1.12 2365A Tool-less rackmount rail kit (for factory Installation) 4 1.13 2364A Cable management arm (for factory installation) 4 1.14 SR-JUMP-1MC13 Power cord: Sun Rack 2 jumper, 1 meter, C14RA plug, C13 connector, 13 A (for factory installation) 8 _ Kind regards Mariusz Herman Sales Support Specialist e-mail: mher...@advatech.pl tel. (+4871) 772 66 08 kom. +48 661 917 210 Advatech Sp. z o.o. ul. Klecińska 123 54-413 Wrocław tel. (+4871) 772 66 00 fax. (+4871) 798 57 75 www.advatech.pl Wpisana do Krajowego Rejestru Sądowego pod numerem 145269 Sąd Rejonowy dla Wrocławia - Fabrycznej we Wrocławiu VI Wydział Gospodarczy Krajowego Rejestru Sądowego NIP: PL 899-21-85-891 Kapitał zakładowy 50 000 zł, kapitał własny 6 686 037 zł ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: posix compliance
On 28/02/2012 12:32, Anton Shterenlikht wrote: On Tue, Feb 28, 2012 at 06:25:37AM -0500, Jerry wrote: On Tue, 28 Feb 2012 11:03:23 + Anton Shterenlikht articulated: On Tue, Feb 28, 2012 at 08:46:51PM +1000, Da Rock wrote: On 02/28/12 19:17, Anton Shterenlikht wrote: I'm putting together a small presentation about FreeBSD for our IT support staff. Is fbsd POSIX compliant? Fully? Partially? The info here is a bit out of date: http://www.freebsd.org/projects/c99/index.html Looking at the doc its not that out of date. Just check the 9.x column. Oh.. I see. I only looked in the top table. Still, I don't get an idea from the table of how close FreeBSD is to full POSIX compliance. I guess that's the aim, isn't it? The answer is rather simple. In your presentation you would simple indicate that FreeBSD is not fully compliant. You then have the option of making copies of all the pages referenced in the above URL and including them in the presentation packet you are supplying to the group or simply referring them to the above URL. Figuring out which is more impressive I'll leave up to you. sorry to be a pain. Are we talking 10%, 50%, 90% complete? Does the above page include all tasks that need to be completed? In other words, if all tasks on the above page are ticked, does this aumtomatically give 100% compliance, or is it not that simple? It is not that simple, POSIX is more a set of norms than a norm by itself. There are Posix aspects that are not in FreeBSD and probably never will be, other aspects that do exist in FreeBSD but you should definitly not use them as they are painfull to use or flawed or both (Posix capabilities for exemple). Also there are systems that do support a fair part of Posix, but which are just a pain to use in a Posix compatible environment, basically requiring you to code quite a lot of tools to have a Posix environment. Basically Windows Server supports quite a good deal of Posix norms, and it works well for small projects or simple programs, but if you want to create a Posix compliant distributed datastore you are in for a hell of a ride. Linux is becoming basically the same, in that more and more core system tools have dependencies on Linux specific API. (And I won't talk about MacOS X) A good way of making a presentation would be to first look at what aspects of Posix you need and try to find out where these aspect are best supported. Now a simple and true enough answer would be to say that FreeBSD has one of the broader _and most usable_ Posix support, second only to Solaris. (Way better than AIX and on par with HP-UX in my humble opinion). It is mostly true in the sense that FreeBSD does support quite a lot of Posix norms including the latest ones. It is false int the sense that AIX, HP-UX IRIX and quite alot of others have a 100% certified compliance for some (quite old now) Posix norms. CF : http://en.wikipedia.org/wiki/POSIX http://en.wikipedia.org/wiki/Single_UNIX_Specification#BSD_descendants At one point FreeBSD was very close to be fully Posix compliant with norm 1.e, then norm 1.e was more or less thrown out the windows, and posix norming system pretty much imploded at this time. So basically it is quite hard to answer without first knowing exactly why you need Posix compliance. It is also worth noting that porting an application from one fully compliant OS to another is not always easier than porting from that OS to a non compliant one. Quite a lot of problems can arise in slightly different interpretations of the norm, and quite a lot of assumption that are correct under one system will require carefull tweaking and lib binding in another. Another thing that is worth noting is that Posix norming system is dying, I do not know of one system that has compliance above UNIX03, a norm written in 2001... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing Samsung CLX-2160 color laser printer on USB using CUPS
On 27/02/2012 22:24, Polytropon wrote: On Sun, 26 Feb 2012 22:29:12 +0100, Jerome Herman wrote: Not at all, the web admin for adding a printer is basically an html version of lpadmin. It is just easier with the web site. Easier as in: It leaves _essential_ options aside so that you can't perform some of the tasks. :-) Technically speaking, it doesn't leaves essential options aside, it just forgets to mention them. But I get your point. OK this means the ppd does not handle everything. Might get a little complicated. When I use the foo2qpdl-wrapper which I assume does use the same PPD file, it works as intended. Nope, the wrapper is just used to convert ps to QPDL in a plain file. The PPD does a lot more, including a bit of dialog with the printer to make sure it is configured correctly. Most of the time it also helps handling different parameters such as paper size and orientation, color or BW etc. They did, then they got bought by Apple... I should make myself more familiar with the command line tool. Still I hope I won't need CUPS anytime soon. :-) No, please don't blame CUPS, it is earnestly trying to cope with everything thrown at him (stupid printers, gnome DBus autoconfig, Apple Mac OSX and so on), and it is doing a fairly good job at it. I know that printing currently isn't as easy as I (with my simple mind) assume. I've been using CUPS in the _past_ without major trouble, and even impossible things (like using parallel dotmatrix printers) were easily configurable even through the web interface. Seems that some parts got disimproved to please a certain audience... Well Apple way of handling devices : if it doesn't work the way we want, it doesn't exist. I for one do not want to go back to the time where one had to learn 2 lines long LPD command just to print in color, double side, with an ICM profile. I have several printers for varying _how_ to print. However, I like the idea of selecting duplex / no duplex in the printing dialog (which I currently do by selecting a different virtual printer: Laserjet = b/w two-sided, Laserjet-nodup = b/w single-sided, Samsung = color single-sided). Normally that is what PPD is for, giving you a bit of control on all those parameters, so you do not have to create dozens of config per printer. (This said quite a lot of my users love to have dozens of configure for one printer, even under windows and mac. They prefer choosing a printer called Graphic_A3_Color_2side than having to choose options themselves) Getting back to your problem. Apparently you are using an old version of foo2qpdl, you may want to grab it from the web site directly and compile it by hand (One of the very rare case where using the default package/port is not a good idea at all) You can find the howto here : http://foo2qpdl.rkkda.com/ You will need to download and link the ICM profile to have acceptable print quality. The latest PPD is 24 874 bytes in size. I will try that. I have installed the packages foo2zjs-20110609 foomatic-db-20090530_2 foomatic-db-engine-4.0.7,2 gutenprint-foomatic-5.2.4_2 where foo2qpdl and foo2qpdl-wrapper come from. I'm happy that I now have the fallback method of stopping CUPS, starting lpd, and using -PSamsung in order to use the color printer (not often required, it's my _first_ one, I've never needed one, really). Using a Linksys Wireless-G WPS54GU2 print server (WLAN, LAN, USB, parallel) - following Jerry's suggestion - I'll try tp get rid of the USB cable at the next step. Wireless printing isn't urgently needed (as I'm happily wired here), but real networking is much better than this local fiddling with USB (so I can print to the color printer from all of my systems when it's _real_ networked, just as the HP Laserjet 4000d which even runs its own lpd server). On small printers, nothing beats socket connections. But the USB to ethernet transform can be quite tricky sometimes. Usually QPDL is well supported, it is after all a real interpreter. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing Samsung CLX-2160 color laser printer on USB using CUPS
On 26/02/2012 18:46, Polytropon wrote: On Sun, 26 Feb 2012 02:42:08 +0100, Jerome Herman wrote: You did nothing wrong, on the contrary. You now have a prefectly working printer. You just need to tell cups it exists. Since # foo2qpdl-wrapper -p 2 -c cupstest.ps cupstest.xqx # cat cupstest.xqx /dev/ulpt0 works, you should be able to create a new printer using a direct device. So go on as if you wanted to create a network printer, choose HPJetDirect (for example) when asked about the connection. Then when you have to input the uri remove the socket:// and type usb:///dev/ulpt0. (Yes triple / before dev) The you can process as usual for name, options and PPD. If it doesn't work try parallel:///dev/ulpt0 Interesting approach. Fully unimaginable from the CUPS guide to things (i. e. how normal users _assume_ things should be done!), but interesting. I'll try that. The option to enter such kind of data (parallel:// and usb:// isn't mentioned): Add Printer --- Connection: _ Examples: http://hostname:631/ipp/ http://hostname:631/ipp/port1 ipp://hostname/ipp/ ipp://hostname/ipp/port1 lpd://hostname/queue socket://hostname socket://hostname:9100 See Network Printers for the correct URI to use with your print [ Continue ] See? Nothing for parallel or USB to enter manually. It's like going to a car salesman, buying a car, but before driving home from his yard, quickly exchanging the car you bought for the car you initially wanted. :-) Not at all, the web admin for adding a printer is basically an html version of lpadmin. It is just easier with the web site. Normally one should work. Today, I tried to add the printer again. Unlike yesterday, it got detected! (Note: System shut down during night.) It also accepts print jobs, but they are stuck somewhere. % lpq -PSamsung_CLX-216x_Series Samsung_CLX-216x_Series is ready RankOwner Job File(s)Total Size 1st poly202 Unbenannt1 7563264 bytes This is from an OpenOffice session. The printer doesn't print anything. No action. OK this means the ppd does not handle everything. Might get a little complicated. Basically in cups choosing network connection allows you to input any URI you want, including file and raw (now defunct I think - it was mainly for debug anyway). Why haven't the CUPS people thought of a kind of know what you want mode where you can simply enter what you think is correct, no matter if any auto-detection magic did work (or not)? They did, then they got bought by Apple... I never tried this specific printer, but this trick worked well on a few HP and Canon. Tell us how it went. I tried both of your suggestions for specifying the connection and chose the PPD file for the printer CLX-216xsplc.ppd (size 12208 bytes). Jobs get queued, printer is ready, but no action on the printer. However, when I issue a command like this: % foo2qpdl-wrapper -p 2 -c /tmp/testpage.ps /dev/ulpt0 pcache: unable to open '/home/poly/.ghostscript/cache/gs_cache' pcache: unable to open '/home/poly/.ghostscript/cache/gs_cache' pcache: unable to open '/home/poly/.ghostscript/cache/gs_cache' pcache: unable to open '/home/poly/.ghostscript/cache/gs_cache' The printer works. The result is _very_ dark. But hey, it's stupid commodity hardware, and RGB and CMY are a little bit different, and nothing of the cheap crap is calibrated. :-) In the system log, I get those: ugen1.5:Samsung Electronics Co., Ltd. at usbus1 ulpt0:Samsung Electronics Co., Ltd. CLX-216x Series, class 0/0, rev 2.00/1.00, addr 5 on usbus1 ulpt0: using bi-directional mode ulpt0: output error ulpt0: output error ulpt0: output error ulpt0: output error Unlike yesterday, the printer now is on ugen1.5. I'll have to play with the permissions a bit, maybe that's the reason why nothing can be printed, even though the changes I made for device permissions should cover all imaginable cases - all devices /dev/usb/* now are root:cups with crwxrwx--- permissions , the /dev/u(n)lpt0 devices are also root:cups with crw-rw permissions. Really, I _need_ to dump CUPS relapse to _standard_ system tools that seem to be easily capable of what the web-driven autodetected elastic-legged program magic of CUPS can't. :-) No, please don't blame CUPS, it is earnestly trying to cope with everything thrown at him (stupid printers, gnome DBus autoconfig, Apple Mac OSX and so on), and it is doing a fairly good job at it. I for one do not want to go back to the time where one had to learn 2 lines long LPD command just to print in color, double side, with an ICM profile. Getting back to your
Re: Installing Samsung CLX-2160 color laser printer on USB using CUPS
On 25/02/2012 22:14, Polytropon wrote: I have a problem installing a Samsung CLX-2160 color laser printer using CUPS. In the http://localhost:631 web-based configuration, none of the methods that are supposed to be used for installing a printer works. The Add Printer button leads to this: Add Printer --- Local Printers: Discovered Network Printers: Other Network Printers: o Internet Printing Protocol (http) o Internet Printing Protocol (ipp) o LPD/LPR Host or Printer o AppSocket/HP JetDirect [ Continue ] No local printers can be selected (even though the printer is connected, switched on and woken up). And Find New Printers shows this: Available Printers -- No printers found. Excellent auto detection. :-) The corresponding device for the printer is this: ulpt0:Samsung Electronics Co., Ltd. CLX-216x Series, class 0/0, rev 2.00/1.00, addr 2 on usbus4 ulpt0: using bi-directional mode ugen4.2:CLX-216x Series Samsung Electronics Co., Ltd. at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON crw-rw 1 root cups0, 142 Feb 25 21:42 /dev/ulpt0 I have installed all packages I can imagine: cups-1.4.6 cups-base-1.4.6_6 cups-client-1.4.6 cups-image-1.4.6 cups-pstoraster-8.15.4_6 gutenprint-cups-5.2.4_2 foo2zjs-20110609 foomatic-db-20090530_2 foomatic-db-engine-4.0.7,2 gutenprint-foomatic-5.2.4_2 foo2zjs-20110609 I also have the CLX-216xsplc.ppd PPD file available which I think I'd like to hand over to CUPS somewhere. ALTERNATIVE: If someone could explain how it's easier to make a lpr filter (for the system's printer service), I'd also appreciate this. I've already tried this: # foo2xqx-wrapper cupstest.ps cupstest.xqx # cat cupstest.xqx /dev/ulpt0 It causes the LED of the printer to blink, but nothing is printed, even though the printer startes to make sounds (involving the print mechanism, but not the sheet feeder). If I use # foo2qpdl-wrapper cupstest.ps cupstest.xqx # cat cupstest.xqx /dev/ulpt0 the CUPS test page is printed, but not in color (only b/w). After looking into the manpage, # foo2qpdl-wrapper -p 2 -c cupstest.ps cupstest.xqx # cat cupstest.xqx /dev/ulpt0 makes the printer print properly. Okay, it works. How am I supposed to use a PPD file with CUPS when no local printer is shown? I need CUPS (or at least my programs seem to think that), how should it be done? Okay, I could make a simple printer filter. I could then integrate that with /etc/printcap (as I do with my PCL HP Laserjet 4000d). I think it should be possible to code that similar to a parallel printer (with ulpt instead of lpt device specification for the lp= parameter... What am I doing wrong? :-) You did nothing wrong, on the contrary. You now have a prefectly working printer. You just need to tell cups it exists. Since # foo2qpdl-wrapper -p 2 -c cupstest.ps cupstest.xqx # cat cupstest.xqx /dev/ulpt0 works, you should be able to create a new printer using a direct device. So go on as if you wanted to create a network printer, choose HPJetDirect (for example) when asked about the connection. Then when you have to input the uri remove the socket:// and type usb:///dev/ulpt0. (Yes triple / before dev) The you can process as usual for name, options and PPD. If it doesn't work try parallel:///dev/ulpt0 Normally one should work. Basically in cups choosing network connection allows you to input any URI you want, including file and raw (now defunct I think - it was mainly for debug anyway). I never tried this specific printer, but this trick worked well on a few HP and Canon. Tell us how it went. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Maildir Format
On 17/02/2012 18:16, APseudoUtopia wrote: Hello, I'm setting up the email system on my server. I got rid of sendmail and installed postfix, and I will be installing dovecot. I researched the difference between mbox and maildir formats, and I'm going to go with the Maildir. I'm running everything on ZFS, so many small files shouldn't be a problem. My problem is, before I made any of these changes and was using the default sendmail setup, I was using /usr/bin/mail to read my periodic and cron outputs. However, after I installed postfix with the Maildir delivery option, I quickly realized that /usr/bin/mail doesn't support Maildir. Can anyone suggest a MUA which has support for Maildir that I can use? I'm looking for something simple and command line, similar to /usr/bin/mail that I can use until I get around to installing Dovecot. The only one I know of off the top of my head is mutt. I've never had much use, and thus experience, with unix MUAs. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Alpine and Mutt, try mutt first and if you do not like it try alpine. There are others (gnus, elm and cone). Elm being more or less the ancester of both pine and mutt. I never tested any of these three though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Geom Gate usage and perf
Hello, Just wondering if anyone is using geom gate and could help me with huge perf issue I am having. Right now the set up is such : 3 drives on the same machine A, exported through geom gate and connected to machine B. On machine B I format the drives as freebsd-vinum and mount them in stripping+mirroring. The end goal is to have High Availability drives. The setup is working, but the perf are awfull. Thinking It was due to software stripping and mirroring slowing the process down I tried with only one drive with a standard UFS format. The perf are still horrible. When the drive is mounted locally on machine A and I copy data with rsync from machine B; I have a steady 12MB/s data transfer rate. When the same drive is mounted with geom gate on machine B, the copy rate is around 6KB/s to 25KB/s The drive was tested for I/O problems twice, and nothing was found. Any idea or suggestion as to where the problem might come from ? Thanks for your help. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Turn off hyperthreading on dual core Atom?
On 29/08/2011 23:15, Brett Glass wrote: At 01:55 PM 8/29/2011, Bruce Cran wrote: Actually, the ULE scheduler does know about HyperThreading and the topology of such CPUs. I don't know what it does with the information, but it probably works to optimize cache usage etc. Alas, during a recent kernel build, I used the -j2 command line option in make and watched as the scheduler repeatedly assigned two instances of cc (the most CPU-intensive program) to the same core. I might be wrong, but that would be the result I expect if I were to pass -j2 to a dual core CPU. If I wanted the the compilation to run on both core I would use -j3. The good old number of cores+1. I think the last compilation slot is used to prepare the next compile/do trivial compile, so that the cores dedicated to compile can switch from one task to the next faster. The interesting test to do would be if you do -j3 would ULE assign the second compile to HT or to second core. During that process, I also watched CPU utilization in top(1). The peak was 46% idle, which means that HTT appeared to be making at most a 4% difference. (If the peak were 50% idle, HTT would be doing nothing at all, because top(1) can't tell that there aren't really 4 CPUs.) H.T varies greatly from one processor to the next, on the Pentium 4 1st gen it is a sad joke, on the Atom it is a small help for easy tasks, on i7 it is almost as good as a real core (Translation : if you use only the HT of a core you will get roughly the same perfs as if you use only the direct core) None the less H.T is just another entry point on the same core, so if HT is not used at all you will have 100% CPU power on direct, if direct is not used at all you will have 30%-95% cpu power on HT (depending on the processor). If both are used at he same time you will get between 45%+20% (P4 1st gen) to 50%+45% (i7 last gen). But since raw CPU power is not the only thing that matters in real world you can get up to +25% perfs on a I7 with HT enabled. --Brett Glass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: graid3 or graid5? with or without gjournal?
On 26/07/2011 08:48, DA Forsyth wrote: Hi all I am busy putting together a new server. I want to avoid using the motherboards raid 'hardware' (intel matrix raid) and rather do it all in software so if anything goes wrong with the motherboard, the drives can work in some other box. I have 4x 1TB drives available for the main data array. graid3 can only use 3 graid5 can use all 4, but is it production ready? any ideas? Take everything I say with a grain of salt, I am still testing these kinds of setup. I do not know about graid5, but gvinum is very slow when used in a raid5 config, this is especially true for meta intensive operations, such as rsync. graid3 should be even worse as Raid3 is supposed to work on the octet level (In software mode it actually writes in sector, but I do not know how it computes). Another thing that strongly encourages me to stay away from graid3, graid5 and gvinum raid5 is that the examples were removed from the handbook. I ended up using gvinum in a mix of concat and stripe. Not as efficient in terms of data space, but much much faster. In your case for example I would cut all the drives in two subdisks and go for a RAID10 setup. The advantage of using graid3 at this point is that the extra 1TB drive I have can then go into the backup server which needs more space anyway. Having suffered data loss on the previous raid5 (intel matrix) array when UFS went bananas due to one drive failing, I am looking at solutions/preventatives. Will gjournal be useful? Thanks -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Book recommendations (slightly OT)
On 26/07/2011 21:57, Mark Moellering wrote: I want to automate some tasks, creating directories, file editing, etc. I was going to pick up a book on shell scripting but wanted to ask the list if; A) I am barking up the wrong tree and should use something else. B) If I am headed in the right direction, what is the best book / resource to use? Thanks in advance Mark Moellering ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org The first thing to do is to define what you want to do with scripting. Most users have now turned to bash, very easy and quite powerful, though it has some specifics you won't find in any other shell. Such as replacing certain simple commands on the shell line by its own internal version, which can be very frustrating. This said it is probably the easiest shell to learn given there are lots and lots of examples, tutorial and users around here. For pure Unix/BSD/Solaris... professional administration, you have to learn tcsh/csh (basically the same thing, tcsh being an improved version). Basically it is a bit like vi. Even if you do not like vi, but want to professionally maintain Unix/BSD/Solaris..., you have to learn it, because one day you will have to log on an old server and vi will be the only modern editor available. Csh/Tcsh will basically be installed on pretty much every computer you might find. And csh can be tricky at time if you only know Bash. On the other hand if you are a user/dev just wanting to automate some of his daily routine, then you can go for pretty much any shell you want. I personally prefer zsh. One shell that is great but you need to be aware of is ksh. The problem of ksh is that it is so different from every other shell that learning it is a bit of a trouble. It is hard to find good example, and it is hard to transcribe ksh scripts and logic unto an other shell. I can only advise you to browse around, look at what every shell has to offer and pick one. Do not hesitate to change if you are not happy. As far as learning a shell goes, well it is more about going for net tutorials and reading man pages over and over again. At first you will be using cat, | and a lot. That is normal, but the only way to progress is to try to use them all as little as possible. (Which generally translates into reading the man page again). Last thing, though it is considered to be a welcome ritual among admins, do backups, lots of backups, and test your scripts with another account that cannot destroy all your files at once. When learning to script you will one day make a stupid mistake, it will be a very simple script and a very stupid mistake. But you will be very happy you have a backup when the worst happens. Classical mistakes involves making a find with exec, but forgetting to target real files only (such as removing all 0 bytes files from a system = say goodbye to /dev, links, sockets etc.) and running a script with a badly set var (like export deluser=FOO; rm -rf /hom/$delusr). Good luck on your learning. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ATA troubles
On 25/07/2011 08:33, Andrea Venturoli wrote: On 07/25/11 02:45, Jerome Herman wrote: At the beginning of June, I installed two WD 1TB Caviar Green SATA Just a shot in the dark : are your drives of the green kind ? Such as Western Digital Caviar Green ? Exactly. I disabled the idle timer though. Also since they are ATA drives make sure you are using 80pins ribbons and that DMA is properly activated in BIOS. They are SATA drives. Ok I must have been way more tired than I thought when I answered... A few things though, WD Green have always been very problematic, in FreeBSD and elsewhere. FreeBSD is just very, very touchy when it comes to ATA errors. The problem you are encountering is not new, cf http://wiki.freebsd.org/JeremyChadwick/ATA_issues_and_troubleshooting . Some people even think there is a cryptic bug somewhere in the ATA driver. I had my share of strange errors, but with gvinum rather than geom_stripe. I now avoid WD caviar green completely. As for SMART test, I would not believe them, SATA drives tends to silently remap bad blocks, leaving SMART counters untouched. A long time ago Scott Long offered to help track this problem, you might want to contact him and see whether he found something. You can also try to reduce DMA level, it must be on UDMA5 by default, try using UDMA 4 (aka UDMA/66) or UDMA 3. Does this apply to SATA? How would I do that? bye Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Android (Re: 2020: Will BSD and Linux be relevant anymore?)
On 24/07/2011 15:41, per...@pluto.rain.com wrote: There_is_ a development kit. I have no idea what-all is involved in setting it up, but if someone were sufficiently motivated it would presumably be possible to develop an app to provide access to bash (and thence any other desired command-line tools). Most androids phone already do have a quite useful and complete shell, the main problem is that most phone are actually root locked. Namely you cannot get any access to nay interesting without getting an access denied. There are tools that will break this protection and grant you root access on the phone, but they are to be used with caution, and most of the time you must first degrade your OS to an older version in order for them to work. So the problem is not a missing app, it is more of the usual vendor lock stuff. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ATA troubles
On 25/07/2011 01:58, Andrea Venturoli wrote: (Sorry for the previous post, I accidentally hit sent, while the messages was still unfinished). Hello everyone. For those interested, this post is a sequel of: http://www.mailinglistarchive.com/html/freebsd-questions%40freebsd.org/2011-06/msg00018.html However, I'll summarize. At the beginning of June, I installed two WD 1TB Caviar Green SATA drives into an Intel-S5000-based production box of mine and it was hell! This server runs 7.3/i386 off a SAS RAID and the two new drives should have worked with gstripe to constitute a secondary storage. I started getting: ad4: WARNING - SETFEATURES SET TRANSFER MODE taskqueue timeout - completing request directly ad4: WARNING - SMART taskqueue timeout - completing request directly ad8: WARNING - SMART taskqueue timeout - completing request directly ad4: WARNING - SETFEATURES SET TRANSFER MODE taskqueue timeout - completing request directly ad4: WARNING - SETFEATURES SET TRANSFER MODE taskqueue timeout - completing request directly ad8: WARNING - SETFEATURES SET TRANSFER MODE taskqueue timeout - completing request directly ad4: WARNING - SETFEATURES ENABLE RCACHE taskqueue timeout - completing request directly and the box would reboot within minutes. This also prevented me from running tests with smartctl. Notice the box had previously a single SATA drive working perfectly. It was suggested I ran wdidle.exe from DOS to prevent the drives from spinning down and it helped: now I was at least able to fsck the stripe and copy something on it. Still I keep getting the above messages; the drives would also occasionally hang and then restart. Uptime raised to some hours, but the box would still reboot. In the meantime the drives went bad (smartd, BIOS and WD-tools proven) and I had them replaced. When they came back, I decided to put up a test box: hardware is completely different from the production box, but still FreeBSD will run from a SCSI drive and the two WD will constitute an additional stripe. First I run WD tools to check the driver and they passed every test (including long one). So I installed FreeBSD 7.3/i386, smartctl and verified the disks again. I created the stripe, fscked it, and copied about 420GB of data via rsync over NFS. It seemed to work fine, but, after about 15 hours, the box rebooted after: ad6: FAILURE - device detached g_vfs_done():stripe/backup[WRITE(offset=1709926940672, length=131072)]error = 6 /mnt/local: got error 6 while accessing filesystem panic: softdep_deallocate_dependencies: unrecovered I/O error Subsequent retries always gave the same results, until I disabled softupdates on the stripe. I then was able to complete the rsync. Not quite happy, I made a local to local copy and started getting a lot of: Jul 24 18:54:28 mydavid kernel: ad4: WARNING - READ_DMA48 UDMA ICRC error (retrying request) LBA=1620416000 Jul 24 18:54:28 mydavid kernel: ad4: FAILURE - READ_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1620416000 Jul 24 18:54:28 mydavid kernel: g_vfs_done():stripe/backup[READ(offset=1659305967616, length=131072)]error = 5 Jul 24 18:54:42 mydavid kernel: ad6: WARNING - READ_DMA48 UDMA ICRC error (retrying request) LBA=1621920384 Jul 24 18:54:42 mydavid kernel: ad6: FAILURE - READ_DMA48 status=51READY,DSC,ERROR error=10NID_NOT_FOUND LBA=1621920384 Jul 24 18:54:42 mydavid kernel: g_vfs_done():stripe/backup[READ(offset=1660846522368, length=131072)]error = 5 I run smartctl's short test on both drives and they were ok; I tried the offline test, but they got interrupted (???). In spite of the messages above, it looked like it was working... However, I was logged in via ssh and had to turn of the client; so I stopped it, went into the console and started it again. Now it looks like one drive is not working fine anymore... Jul 24 23:48:36 mydavid kernel: ad6: FAILURE - READ_DMA48 status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=1671887488 Jul 24 23:48:36 mydavid kernel: g_vfs_done():stripe/backup[READ(offset=1712012836864, length=131072)]error = 5 Jul 24 23:48:39 mydavid kernel: ad6: FAILURE - READ_DMA48 status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=1671897856 Jul 24 23:48:39 mydavid kernel: g_vfs_done():stripe/backup[READ(offset=1712023420928, length=131072)]error = 5 Jul 24 23:48:41 mydavid kernel: ad6: FAILURE - READ_DMA48 status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=1671897888 Jul 24 23:48:41 mydavid kernel: g_vfs_done():stripe/backup[READ(offset=1712023486464, length=131072)]error = 5 Also, smartd is complaining: Jul 24 23:41:59 mydavid smartd[2630]: Device: /dev/ad6, 38 Currently unreadable (pending) sectors Jul 24 23:50:56 mydavid smartd[538]: Device: /dev/ad6, 39 Currently unreadable (pending) sectors After a reboot, I've got back to the NID_NOT_FOUND errors... While I'm still conducting other tests, has anyone any hint on this? Just a shot in the dark : are your drives of the
Re: Lennart Poettering: BSD Isn't Relevant Anymore
On 24/07/2011 00:25, Bruce Cran wrote: On 23/07/2011 22:58, Chad Perrin wrote: Do you realize that MS Windows has nothing equivalent to rc.conf or /etc/network/interfaces? It does: it's in the registry. HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces contains a list of interfaces and their settings. Yeap, just a small detail, it doesn't bind the configuration to a device, but to a connection interface, which in turn is bound either to a control interface or to another service interface. Which in turns can be bound either to a final control interface, to another service interface or even to another connection interface. All these bearing names in form of their class id + uid : {----}\{----} You basically turn around in circle for hours, looking for the next clue, if you do not use windows tools to do the job. Sure you can write WSH/WPS to do the mapping for you, but that is still using windows tools. And I definitly would not edit those manually except for very simple changes, the imbrication of layers of control sets/interfaces/devices can result in unexpected results (for example in the likely case where you have a firewall, a tunnel, a VPN or anything at all also using the interface you are editing). I remember crying tears of blood when I had to remove (not disable, destroy) from one tunnel connection all the 7 different version of IPv6 windows put on each and every network interface. %SystemRoot%\System32\drivers\etc contains several BSD configuration files for DNS settings, protocols etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Lennart Poettering: BSD Isn't Relevant Anymore
On 19/07/2011 08:11, Polytropon wrote: On Tue, 19 Jul 2011 01:39:02 +0200, Jerome Herman wrote: On 19/07/2011 01:21, Gary Gatten wrote: snip This may get me flamed (probably will) but I'm wondering what the relationship is between FreeBSD and PC-BSD? PERHAPS if they were to somehow join forces, share development load, etc. and unify the FreeBSD offerings under one roof; ie: PC-BSD and SERVER-BSD. Basically, PC-BSD is just a layer of candy over an almost untouched FreeBSD, so it is not the same at all than what you can see with Linux distros. PC-BSD offers a new interactive installer, and comes with KDE preinstalled and preconfigured. There's also some autodetect magic under the hood. On sufficiently recent hardware, it works very well. However, its hardware requirements are _high_ above those of a normal FreeBSD system. PC-BSD offers a graphical and simple installer, and an arguably easier package system. As far as I know, the downside of the forced interactivity is now gone, as there's also a command line tool for using PBI packages. Arguing... what is easier at manually locating software using a web browser, manually downloading it and interactively holding the installer's hand while installing software? :-) Well, of course installing is easier. But package management is not just about installing. General management tends to be a little harder, for example if you need a specific version of PHP-LDAP, that matches your server LDAP and your server SASL. Rigid packages won't allow fine grained tweaking that you might need. Also it installs KDE and automatically makes a few decisions. You can actually just use the graphical installer in order to install a standard FreeBSD, even if some tricky options won't be available from the installer (but you can still run sysinstall later to activate them) The default installation works quite well, there's only few things you need to configure (especially if you're not comfortable with the default settings). I have some friends being long-term PC-BSD users, it's just no _my_ cup of tea as I don't like KDE much. I personnally use it as an easy installer for Crypto-ZFS servers. The installer can even be used to install configurations that sysinstall can't. I believe several flavors of Linux have successfully done this. Perhaps for licensing reasons more than technical, but nonetheless there were two offerings each focused on either a desktop or server deployment strategy. But there are mixed forms of systems. Precisely differentiating between a server and a PC isn't always possible. For example, if you have a workstation that is used by more than one user, is this a PC, a _personal_ computer anymore? Or what if you use a laptop computer (maybe due to energy consumption) to act as a server, and once a week you use it as a desktop? Just a thought. I'm not married to any particular OS - it's a tool and I use what suites my needs best. I enjoy FreeBSD and like what it stands for - I would like to see it grow; both technically and in popularity. Well the PC-BSD layer gives a great installer, now the only thing needed would be a great server/daemons management layer. And better german language support in KDE. :-) A FreeBSD distro with LDAP, ACL and MAC management would be nice though. You could create a port that brings all this functionality in one rush. Remember that the ports collection is more than just about installing software - it can be used to even bring such features to the system and configure them. A port that would reboot in single user, use tunefs to activate ACL here and there, activate MAC and move most users to an LDAP auth ? I don't think so. Actually I would be scared if such a port was accepted in the port tree. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Tools to find unlegal files ( videos , music etc )
On 19/07/2011 12:54, Damien Fleuriot wrote: On 7/19/11 11:06 AM, C. P. Ghost wrote: On Tue, Jul 19, 2011 at 8:55 AM, Damien Fleuriotm...@my.gd wrote: On 19 Jul 2011, at 08:15, Frank Bonnetf.bon...@esiee.fr wrote: In France it's illegal and I have my boss's instruction : - find and delete the files that's all. Bon courage then... A file can not be illegal per se, so you won't be able to detect these by looking up names or contents. Even then, if a file is labeled as personal, privacy protection applies and it is *unlawful* for you to process it. (That is in the same way that your employer is strictly forbidden from peeking inside your email messages clearly labeled as personal, even if they were received on your work mailbox.) Exactly! Speaking with my university sysadmin hat on: you're NOT allowed to peek inside personal files of your users, UNLESS the user has waived his/her rights to privacy by explicitly agreeing to the TOS and there's legal language in the TOS that allows staff to inspect files (and then staff needs to abide by those rules in a very strict and cautious manner). So unless the TOS are very explicit, a sysadmin or an IT head can get in deep trouble w.r.t. privacy laws. The poorly written IT TOS of a company can never bypass the law, regardless of anything you agreed to in your company's TOS. It *is* unlawful for them to even open your files as long as they are clearly labeled as private. Well in France it is even worst than that. All communications are to be considered as private unless both end of the communication agree they are not. We have a nice judicial case, namely the arret Nikon, that basically states it in every possible way. The case was such, an employee used the email address comerc...@nikon.fr to send a virulent critic of his employer to a big client. When caught he said that the recipient of the mail was a friend and that the communication was private. He won. To open them, they would require a judge's injunction, for example in cases of pedo pornography or the like. Well you do not need such a high case, suspicion of misbehavior (fault, fraud, bad publicity etc.) are sufficient. You may want to look for files that are unusually large. They could possibly be ISOs, dvdrips, HD movie dumps... Not to forget encrypted RAR files (which btw. could contain anything, including legitimate content, so be careful here). It would be unlawful to try to brute force the files' password ;) We have the same problem here with users sharing movies on the file servers, and what makes it worse is some of their movie files are legit because they're, for example, official trailers that are reworked and redistributed to our customers. You won't win this, tell your boss it can not be done. What can technically be done is that the copyright owner provides a list of hashes for his files, and requests that you traverse your filesystems, looking for files that match those hashes. AND, even then, all you can do is flag the files, and you'll have to check with the user that he/she doesn't own a license permitting him/her to own that file! Not to mention that: 1/ you'll be doing the copyright protection company's job. This is going to cost you time = money, while it's going to cost them nothing and earn them the copyright holder's money. 2/ as you rightfully pointed out, hashes are exceedingly far from foolproof, for example a downloaded movie could be gzipped, or just tared, and that would completely change its md5/sha hashes. Hell, even stripping 1 second from the ending credits would make the hash fail. Even though they are called hashes, files sent by media companies are more like FFT spectrum analysis. You can still fool them by changing the least important bits in pictures. Better talk with your users and resolve the problem using non-technical means. Inventive users WILL always outsmart any technical solution that you implement: this is a race you absolutely can't win. Head CP's advice Frank, you can't win this, for real. Today you try to find suspicious files, tomorrow your inventive/tech-savvy users will rename their files so they look private, they'll encrypt them with GPG, they'll pack them in a password-protected rar, they'll embed their MP3s in powerpoint documents... True you cannot win by guessing the content of files. But from my experience downloaders are most of the time easy to catch. Basically just get a disk usage by user and you have your culprits. The best way to block illegal download before they happen. I found that closing most ports and requiring a login and password before giving access to unknown websites works wonder. (The access to the website is not blocked in any way, but you have to login first). You can not and will not win this, you'll only be wasting your time and your company's money. Again and still out of curiosity, are the files available on the internet ? If not, you REALLY shouldn't be
Re: Lennart Poettering: BSD Isn't Relevant Anymore
On 17/07/2011 15:02, C. Bergström wrote: On 07/17/11 07:43 PM, Dick Hoogendijk wrote: Op 17-7-2011 14:17 schreef Subbsd: community decreases. It is a pity that many developers of FreeBSD have left in Apple, the small part works over {NET,OPEN,DRAGONFLY}.BSD but as a whole it already absolutely small small groups of people. And do you feel this will be the end of FreeBSD? I doubt that *BSD will *end*, but at which point does lack of usage make an OS irrelevant? 1) Is it used in production? If so does it serve a critical role? 2) What commercial support options are available? (Also what popular commercial/proprietary software are available ) 3) How well is it keeping pace with existing sw and hw technologies? 4) How focused and productive is the development community? I have some personal views on the above, but I consider *BSD severely lacking in a few areas. (No I can't personally help and only kick these questions off from the sidelines) Software typically exists to solve a problem. What problem is *BSD trying to solve? If something serves a purpose then there should be no denying it's future relevance. The problem *BSD is trying to solve (in my humble opinion) is reliable long term maintenance, from developers and sysadmin point of view. Linux frequent API/ABI breaks makes it a real hell to maintain. And the ever changing method of configuration/ever moving location of configuration files doesn't help. *BSD are stable in every sense of the word. This of course implies that there are a lot fewer advanced features in BSD than in Linux (by advanced I actually mean hyped). But then again most of these features end up in the rubbish can with Linux. SE-Linux ? Realtime ? Hal ? Containers ? You do not want to look in what state they are in. And you hardly want to learn how to use them as the entire thing is very likely to change completely before 6 months are passed. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Lennart Poettering: BSD Isn't Relevant Anymore
On 18/07/2011 22:22, Jerry wrote: On Mon, 18 Jul 2011 14:44:15 -0500 Gary Gatten articulated: snip I've always been curious why Linux seemed to take off so fast when other FOSS / non Winblow$ OS's were available for some time with not much traction; OS/2, BeOS, *nix with X11, etc. Not just on the desktop, but servers as well. Supported versions of Linux such as RHEL, Suse, etc. seem to have made more headway into the enterprise computing environment in the last ten years than *BSD did in the last 30. I think the explanation is rather simple, Give the user what he wants, not what you think he wants. I would highly advise against doing such a thing. So much evil in Ask me what you want, I will give you what you asked. I did this only once, some stupid foe in management asked me to activate and send him every little warning of anything that would happen to the production servers. I advise against it, but he insisted, I then stubbornly refused and he threaten to have me fired. So I activated the every thing SNMP trap I could think of and forwarded him. In the first hour, even before any backup or maintenance operation, he received about 10 000 mails. You are never going to satisfy every conceivable user, so concentrate on the core users. Microsoft has done that extremely well. On the latest Windows 7, getting wireless up and running is the most effortless thing I have done in awhile. Keeping it up is a different beast, not even mentioning the constant disconnect/reconnect operations if by any chance you sit between two AP, you will learn new meanings for pain if your wifi is not natively supported by windows. Most of the time Windows wifi management, and closed vendors wifi management do not get along too well. True there were huge progress made in Windows 7, but honestly I still do prefer the FreeBSD approach were I can choose my AP once and for all. Windows does everything but fill in the password. On FreeBSD, well lets just say if that even if they had a driver for the wireless card I have installed, getting it up and running would be another matter. Correct me if I am wrong, but even network manager is not available on FreeBSD is it? I never saw the use of the tool network manager under Linux. Very honestly I turn it off and remove it as soon as I can. The only thing it ever did to me is giving headaches. FreeBSD forces you to pick your wireless card carefully. But it is not a huge problem. I have not checked in awhile. I know that there are some programs listed, but none of them work as seamlessly as Microsoft's. It is a basic truism in any business that in order to beat your rival, you have to produce a better product or one that costs less and still maintains the same basic usability. FreeBSD users are expected to be able to read and to use this ability. Sure this does cut FreeBSD from quite a lot of potential users, but then again making an OS for people who do not want to read the manual is a very bad idea. Simply creating a free product that is not as usable is not enough. If you cannot accomplish that, then at least try to create the illusion of it. FreeBSD has failed at the goal also. From my personal experience - which is relatively limited - it seems applications just work on Linux? When I need to compile an app, it takes a few mins on Linux - but may take me a few weeks on FBSD. Granted someone more knowledgeable with FBSD, Compilers, etc. could do it much faster than I. Anyway, if someone has a brief explanation of why Linux has apparently triumphed (in so far as installed base, desktop penetration, etc.) where so many others have failed (including IBM with OS/2) I'd be interested in hearing those thoughts. OS/2 was IBM's fault from the beginning. They insisted that it be tied to the 286 processor. Gates attempted to talk them out of it in a famous meeting in Armonk, NY. IBM refused and effectively wrote it's own death sentence with OS/2. As with any product, first impressions are crucial. Their first one failed. Unfortunately, so many FOSS pundits have not learned this simple lesson. From Wikipedia: OS/2 1.x targeted the 80286 processor: IBM insisted on supporting the Intel 80286 processor, with its 16-bit segmented memory mode, due to commitments made to customers who had purchased many 80286-based PS/2's because of IBM's promises surrounding OS/2.[16] Until release 2.0 in April 1992, OS/2 ran in 16-bit protected mode and therefore could not benefit from the Intel 80386's much simpler 32-bit flat memory model and virtual 8086 mode features. This was especially painful in providing support for DOS applications. While, in 1988, Windows/386 2.1 could run several cooperatively multitasked DOS applications, including expanded memory (EMS) emulation, OS/2 1.3, released in 1991, was still limited to one 640KB DOS box. ___ freebsd-questions@freebsd.org mailing list
Re: Lennart Poettering: BSD Isn't Relevant Anymore
On 19/07/2011 01:21, Gary Gatten wrote: snip This may get me flamed (probably will) but I'm wondering what the relationship is between FreeBSD and PC-BSD? PERHAPS if they were to somehow join forces, share development load, etc. and unify the FreeBSD offerings under one roof; ie: PC-BSD and SERVER-BSD. Basically, PC-BSD is just a layer of candy over an almost untouched FreeBSD, so it is not the same at all than what you can see with Linux distros. PC-BSD offers a graphical and simple installer, and an arguably easier package system. Also it installs KDE and automatically makes a few decisions. You can actually just use the graphical installer in order to install a standard FreeBSD, even if some tricky options won't be available from the installer (but you can still run sysinstall later to activate them) I personnally use it as an easy installer for Crypto-ZFS servers. I believe several flavors of Linux have successfully done this. Perhaps for licensing reasons more than technical, but nonetheless there were two offerings each focused on either a desktop or server deployment strategy. Just a thought. I'm not married to any particular OS - it's a tool and I use what suites my needs best. I enjoy FreeBSD and like what it stands for - I would like to see it grow; both technically and in popularity. Well the PC-BSD layer gives a great installer, now the only thing needed would be a great server/daemons management layer. But that is very tough to create. Some dedicated distributions exists that do have this layer, such as FreeNAS or PFSense. But I am not a big fan of either. The thing is, once you get the hang of FreeBSD, you end up missing the additional options and tweaks that an automated GUI will necessarily hide. A FreeBSD distro with LDAP, ACL and MAC management would be nice though. Now, if only FreeBSD could find a mascot that didn't offend me so much... G PS: yes, I'm being sarcastic about being offended; referring to threads that pop up on occasion re Beastie font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: trying for 1920x1080 was: Re: Attempting to get an X11 server running
On 30/06/2011 23:42, Dieter BSD wrote: Now to see if I can get this wimpy rage xl to do 1920x1080. Please don't mess with modelines, it should not be needed any more. Just set the resolutions desired in the Screen/Display section. If modelines are really required, get them out of /var/log/Xorg.0.log. But they almost certainly are not. Though if you *really* wanted to, there's cvt(1): The cvt utility helpfully created a couple of modelines which I think should work, but Xorg doesn't appear to use it. I know it sees it, because if I put in a typo it complains. :-) But the modelines don't appear in the log file, even with Option ModeDebug and -logverbose 100. I do get these: (II) MACH64(0): Modeline 1920x1080x0.0 148.50 1920 2008 2052 2200 1080 1084 1089 1125 +hsync +vsync (67.5 kHz) (II) MACH64(0): Modeline 1920x1080x60.0 172.80 1920 2040 2248 2576 1080 1081 1084 1118 -hsync +vsync (67.1 kHz) but it doesn't use them: (II) MACH64(0):default monitor: Using hsync range of 30.00-83.00 kHz (II) MACH64(0):default monitor: Using vrefresh range of 56.00-76.00 Hz (II) MACH64(0):default monitor: Using maximum pixel clock of 170.00 MHz (II) MACH64(0): Estimated virtual size for aspect ratio 1.7778 is 1920x1080 (II) MACH64(0): Maximum clock: 124.00 MHz [ ... ] (II) MACH64(0): Not using driver mode 1920x1080 (bad mode clock/interlace/doublescan) (II) MACH64(0): Not using driver mode 1280x1024 (bad mode clock/interlace/doublescan) (II) MACH64(0): Not using driver mode 1920x1080 (bad mode clock/interlace/doublescan) (WW) MACH64(0): Shrinking virtual size estimate from 1920x1080 to 1400x1050 (--) MACH64(0): Virtual size is 1400x1050 (pitch 1408) (**) MACH64(0): *Default mode 1400x1050: 122.0 MHz, 64.9 kHz, 60.0 Hz (II) MACH64(0): Modeline 1400x1050x60.0 122.00 1400 1488 1640 1880 1050 1052 1064 1082 +hsync +vsync (64.9 kHz) What is this 124.00 MHz clock? Should I be using 124 or 170? The 1400x1050 being 122 makes me think it is using 124 as the limit. It isn't clear what it means by bad mode clock/interlace/doublescan. Other rejections have reasons that make sense, vrefresh out of range, insufficient memory and so on. If the pixel clock is the problem, would reducing the color depth help? It won't, it would help only if your card was short on memory. WARNING : from there on I am assuming (given the figures from xorg) that you are using an old CRT to play with. If it is an LCD screen, do not try any of the following modelines. LCD are tricky beast when it comes to modelines. Nonetheless even if the modelines I give should be safe, It is surprisingly easy to turn an old/cheap CRT monitor into an X-Ray emitting bomb. Sure it won't be emitting that much X-Ray, but if you spend hours right in front of it... So make sure that the monitor is not making strange noises, overheating, or accumulating static after you change the modelines. All this said : Pixel (or dot) clock is the speed at which the video card can provide data to the monitor. Specific time for sync and blanking must also be taken into account. Your only option would be to : - go for interlaced mode : Modeline 1920x1080@60i 77.60 1920 1952 2240 2272 1080 1104 1110 1135 interlace - go for low low refresh rate (48hz - I won't give you the modeline as the probablity of damaging your screen are high) - And eventually decreasing the blanking time/sync time (But it is tricky to do, and it can damage monitors) A must read if you are tweaking monitors : http://www.linuxdoc.org/HOWTO/XFree86-Video-Timings-HOWTO/overd.html (Old, but the only place where they teach you in detail about dot clock problems) Basically in order to do 1920x1080@60hz you would need 183Mhz of pixel dot clock at the very least. If you are confident that your monitor can take a little bit of shaking (It should not harm it - but don't blame me if it does), you could try this : Modeline 1456x819@72 124.00 1456 1488 1952 1984 819 834 844 860 If you have a good monitor that do not refuses this strange resolution right away, you should have a pretty nice picture. The xrandr utility doesn't help: xrandr --fb 1920x1080 -display :0 xrandr: screen cannot be larger than 1400x1050 (desired size 1920x1080) xrandr --size 1920x1080 -display :0 Size 1920x1080 not found in available modes Current xorg.conf: Section ServerLayout Identifier X.org Configured # Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard # need Option AutoAddDevices Off to avoid the non-working hald # run moused instead Option AutoAddDevices Off EndSection Section Module Disable record EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/sysmouse Option
Re: Two Networks on one System
On 06/21/11 12:41, Damien Fleuriot wrote: On 6/21/11 2:32 AM, Jerome Herman wrote: So depending on the client route, packets from a given IP address can land on either interface. Actually two clients nated behind the same public address might end up on both interfaces at the same time. Even though your solution should work 99% of the time , it can lead to pretty strange behavior. I am not completely sure of how reply-to works, notably with keep state (and of course OpenBSD manuals on PF are down right now, at least from here). I remember attempting similar setups and having quite a lot of trouble with ICMP (especially RST for that matter). This does not depend on the route the client takes, but rather on the IP the client tries to reach, wouldn't you agree ? Most of the problems I was afraid of were lifted when further explanations where given. But just for the records I would like to explain further what I meant, adding some examples. 1°) It is perfectly possible for a public IP to be routed differently depending on the ISP. Actually it is quite common when you have multiple provider to create shortcuts in the routing table. Let us say your main provider is ISP A who is officially routing your public IP, but you also have a privileged link with ISP B who will redirect any request made to your public IP to a private IP on your network (NAT or DMZ, your pick). All clients from ISP A will come to your public IP directly, all clients from ISP B will go through your private IP, but clients from ISP C ? Well it will depends on whether the route they elect goes to ISP A or ISP B first. 2°) Even if there are two distinct public addresses A B , what happens when two nated computers behind an public address Z try to connect to the server at the same time ? reply-to disturbs the normal flow of answers, in case two connections are attempted from the same distant address at the same moment (second SYN received before first SYN/ACK is sent ) what is supposed to happen. I think each connection will receive a proper SYN/ACK from the right interface, but I cannot find anything to confirm/infirm this. 3°) Another thing that can happen, in case the interface selection is route dependent, is that the route can change between packet N and packet N+1. In this case using reply-to will very probably lead to a connection RST on the second interface while the first will go into timeout. So basically these were the problematics I was trying to point out in my previous mail. Hope I am clearer now Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 06/21/11 18:45, Damien Fleuriot wrote: On 6/21/11 6:30 PM, Jerome Herman wrote: On 06/21/11 12:41, Damien Fleuriot wrote: This does not depend on the route the client takes, but rather on the IP the client tries to reach, wouldn't you agree ? Most of the problems I was afraid of were lifted when further explanations where given. But just for the records I would like to explain further what I meant, adding some examples. 1°) It is perfectly possible for a public IP to be routed differently depending on the ISP. Actually it is quite common when you have multiple provider to create shortcuts in the routing table. Let us say your main provider is ISP A who is officially routing your public IP, but you also have a privileged link with ISP B who will redirect any request made to your public IP to a private IP on your network (NAT or DMZ, your pick). All clients from ISP A will come to your public IP directly, all clients from ISP B will go through your private IP, but clients from ISP C ? Well it will depends on whether the route they elect goes to ISP A or ISP B first. This has to do with BGP, transits and peerings, this is not really relevant to your case of having 2 public IPs served by a box. But then, to answer your question: Let's say you have 2 public and 1 private IP on the box. Traffic to public IP A has a reply-to to the ISP's router in network A. Traffic to public IP B has a reply-to to the ISP's router in network B. Traffic to private IP C has a reply-to to the ISP's router in network C. No, the problem is the following : Traffic to public IP A going through ISP X goes to interface 1 configured with public IP A Traffic to public IP A going through ISP Y goes to interface 2 configured with private IP C And no this is not a fantasy config that can only be found once every millennium when following a unicorn. There are actually quite a lot of setups that use this trick to work. I really can not see what your concern is, here. In fact, this is pretty much what we use here, we have RDR rules set up on our firewalls to pass packets to our reverse proxies' private IPs. 2°) Even if there are two distinct public addresses A B , what happens when two nated computers behind an public address Z try to connect to the server at the same time ? reply-to disturbs the normal flow of answers, in case two connections are attempted from the same distant address at the same moment (second SYN received before first SYN/ACK is sent ) what is supposed to happen. I think each connection will receive a proper SYN/ACK from the right interface, but I cannot find anything to confirm/infirm this. What you need to take into account is that these are 2 different connections each with an ID, a source IP (shared: Z) and a source port (randomized). This will not be messed up by reply-to. That is what I thought, but I can't seem to find a proper doc on the nook and crannies of reply-to and route-to. And I am always a bit cautious about the idea of checking BSD code myself to get answers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Two Networks on one System
On 21/06/2011 00:13, Jon Radel wrote: Can networks A and B talk to each other? I suspect not, otherwise things would be just working even if all traffic went to the primary's gateway, but I just wanted to check that there wasn't something else bad happening. On the assumption that A and B are completely disconnected, then the only solution for this problem that I know of is to do policy-based routing using the source address or interface to make routing decisions, rather than using solely the destination address. This is actually relatively trivial to do using PF. pass in on nic_a reply-to ($nic_a $gw_a) pass in on nic_b reply-to ($nic_b $gw_b) From what I understand, there are two different ISP providing access to two different interfaces. In this case I am very concerned with all the bizarre things that a reply-to might trigger. What I mean is that nothing guarantees that a distant address will access the box from the same interface every time. I do not know what causes connection to be made on either nic_a or nic_b. Three things come to mind : - Multiple DNS resolution for an entry - Different routing rewriting depending on the ISP - An IP block being migrated from ISP A to ISP B with routes being updated while clients are connected So depending on the client route, packets from a given IP address can land on either interface. Actually two clients nated behind the same public address might end up on both interfaces at the same time. Even though your solution should work 99% of the time , it can lead to pretty strange behavior. I am not completely sure of how reply-to works, notably with keep state (and of course OpenBSD manuals on PF are down right now, at least from here). I remember attempting similar setups and having quite a lot of trouble with ICMP (especially RST for that matter). I guess that in order to cover all solutions there would be need to know what is exactly happening. The most important thing would be to know if both IP addresses on the server are public, or if there are private with DMZ/Port routing/NAT etc. If there is only a master DNS on the server, then I guess the worst thing that could happen would be strange timeouts and connection reset. But I there are data to be updated from the outside (DB, slave DNS, logs, mails etc.) things could turn out pretty badly. Actually I think the rules should be following not only the IP, but also the flags and the ports. Keep-state should take care of this once the connection is properly initiated, but during handshake I do not see how to guarantee proper resolution. Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long Day's Journey into Bleep
On 09/06/2011 02:56, Gary Kline wrote: Well, people, It's been a long, long century. I've been down for 5 days. Couldn't understand _why_ I couldn't ping anywhere [expect the Server itself]. Finally, tho, it became more and more likely that my FreeBSD was fine ... even tho I kept stripping the most likely problem points. My large 16-port LinkSys router was either *it* or it was some kind of bug unknown to geekdom. After a friend bought me a new (and tiny) 8-port switch, yes! I could ping everywhere. I'm still bringing back the dozens of things I removed from ethic. And testing new ideas. But I have a general question: have any of you wizards who run your own domains or otherwise use a switch [or hub] *ever* had it just-quit?! It is solid-state. Yes, the box is within my feet/foot reach. I have accidently kicked it i suppose, but still. After wandering in the wilderness for 5 days,mmph, dunno. gary PS: yes, this is a serious question. 1) I like things-Cisco, and LinkSys. I just bought this switch about 2.5 years ago, so I really am looking for feedback. PPS: Another question to ask about upgrading is next. I had a lot of faulty switch, either going all out by themselves or doing stranger things. The most common thing is of course the defective port - One port will start spurting errors and eventually die, with little to no impact on the rest of the ports. (easy to detect : ping on one port vs ping on an other port) Another common error is the I want full duplex error. The switch will announce itself as full duplex before falling back to half duplex immediately. Most of the time the port will act fine, but under heavy load you will have a nice panel of network error happening one after the other. (Also easy to detect : force connected elements to half duplex for test, if everything starts working again you got your problem) Of course there is also the problem with not so anti-loopback switches - that cause packets to go round and round and round and round. (ping will be very inconsistent in its timing, going from a few ms to entire seconds) On pure level 2 switches I had few other problems - though two took me days to figure out : 1 - Faulty power source : The switch could simply not bear full load anymore. Various errors, packet corruption, DHCP errors, misrouting and so on. When tested port by port, functions by functions the switch would work wonders. I spent an entire week testing every boxes for virus/trojan/rootkits/DHCP rogue servers. The problem was only solved after I changed every element of the network one by one. Final diagnostic made by Netgear 2 - Memory corruption (suspected, not validated) : Everything would work fine from 9 A.M to 3 to 4 P.M for an entire branch, then the network would slow to a crawl. Rebooting the switches would solve the problem for a while and then it would be nightmare again after less than an hour. Some boxes would complain about duplicate IP addresses. We managed to find that most of the defective IP addresses converged to just one switch - from there we theorized that there was a problem with the ARP cache of the switch that would make it explode after a sufficient number of updates (since there was a lot of VPN connection made after 3PM, we imagined that it was the triggering factor). We took of the switch and replaced it, but no light came from the manufacturer to either confirm or infirm our theories. Jerome ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
Le 04/03/2011 22:24, Doug Hardie a écrit : I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. I am not convinced I want to run production software on the Linux compatibility suite. No good reason other than it sounds like its adding a lot more opportunities for breakage. This has to be an always up application. I have virtually no knowledge of CentOS other than it was installed on one server when I got it. Any chance those binaries might work on FreeBSD? I am planning on starting with FreeBSD 8.2 since its just out and working fine on one of my servers, but could use an earlier version if required to make this stuff run. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Based on what little informations you gave us, I will risk an analysis. I might be completly wrong, but most of the time this is how things happen : One developper who has validated his product only on CentOS and Debian means troubles. When you have even just a little money on the side you start testing on Red Hat/Suse Enterprise and at least try it on Solaris. Always up means web, control or real-time. First the program is in binary form - you probably won't have access to any code or compiling instructions - which means that Case 1 : It is a fully contained dedicated binary. Generally this is only the case whith extremely specialised binaries, for exemple a controller for a mechanical device. Generally these programs reads input from a file/stream/socket/device and writes to the same kind of folw for the output. In this specific case you might want to try linux compatibility. But I would hardly recommand it as you might loose all form of support in the process. Case 2 : It is an all in one program. Basically it means it will have a GUI or a web interface. This means most of the time that quite a lot of libraries are hardlinked or rt-linked, and that quite a lot of assumptions are made about the underlaying system (Bash is present, GTK libs too, the system is x86 or has x86 compatibiliy layer, terminal is in ISO and not UTF, X11 is installed etc.). Sometimes even the paths are hard coded. In this case go Debian - the exact same version the developper uses for testing. CentOS is ab interressing piece of software but it is very different from FreeBSD in many regards, and it is a bit overkill to use it for just one specific application. Case 3 : Even though it is propriatary, you do have access to source code and compile instructions. Then native FreeBSD is definitly worth a try. Try to get as much testing time as you can from the client and the dev. Prepare a Debian on the side just in case. In this kind of scenario (basically when the client needs a brand new binary you never heard of before installed for yesterday morning) I tend to use virtual machine as much as I can. If the application is not I/O hungry (disk or network) create a VM under Debian that you will be able to monitor from your FreeBSD. I would recommand VirtualBox if X11 is already in place on the server. During the testing phase take as many snapshots as possible. In the end, even if you go for dedicated hardware, you still will have a pack of different setups you can refer to. And monitoring memory comsuption is a must on closed binaries comming form small companies... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it a good idea to use DHCP for point to point connections ?
Le 13/10/2010 22:25, Elliot Finley a écrit : we did this with DSL customers. But instead of using a unique gateway for each Client, just use IP Unnumbered and proxy arp for your loopback interface. I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanjher...@dichotomia.frwrote: Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it a good idea to use DHCP for point to point connections ?
Le 14/10/2010 16:33, Nathan Vidican a écrit : On Thu, Oct 14, 2010 at 9:16 AM, Jerome Hermanjher...@dichotomia.frwrote: Le 13/10/2010 22:25, Elliot Finley a écrit : we did this with DSL customers. But instead of using a unique gateway for each Client, just use IP Unnumbered and proxy arp for your loopback interface. I was about to say that this solution seemed extremely sensitive to spoofing. But I figured out that my solution was not necessarily better. Looks like I will have to go for hardware solution after all... I am currently checking on Cisco private vlan system. But I am not a big fan of Cisco (Well to be perfectly honest I love the hardware...). Does anyone know of an alternative ? Jerome Herman On Wed, Oct 13, 2010 at 9:02 AM, Jerome Hermanjher...@dichotomia.fr wrote: Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a thought, but might be a lot easier. It is indeed a lot easier. Unfortunatly it cannot be used in this case. Basically it is an hotel that is already wired in CAT.6. We ant the clients to be able to connect through wire without resorting to routers or DSL modem, with just DHCP set up. The hotel is composed of 33 small residences connected with fiber. The idea is to avoid the part where we buy 33 layer3 switches at 3000$ a piece. Jerome Herman -- Nathan Vidican nat...@vidican.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPSec/racoon key time to live
Le 14/10/2010 16:26, Erik Norgaard a écrit : Hi: I'm up against configuring a number of different systems with host-host IPSec AH-only. The systems use different versions of racoon. Questions: - Must the key lifetime be the same in both ends? In theory both ends are supposed to negotiate and select the smallest lifetime between the hosts. Reality is quite different, there are as many implementations of IPSec as there are debices implementing it, or close. And connecting in IPSec with a Cisco or a Checkpoint can be quite tedious. My opinion : avoid unnecessary headaches : put the same lifetime on both ends. - Can key lifetime be configured per host-host connection? Yes. Jerome Herman Thanks, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Is it a good idea to use DHCP for point to point connections ?
Hello, Given the price (an tedious management) of layer 3 switches I was thinking about using modified DHCP to distribute addresses with a /32 netmask (255.255.255.255) The Idea : Create a cheap (and preferably not dirty) way to have client isolation, without creating tons of vlan. Pratictal overview : The DHCP server will be serving IP addresses and gateways with a /32 mask. Client1 would recieve IP adress of 241.0.0.1 with a netmask of 255.255.255.255 and a gateway of 240.0.0.1 Client2 would recieve IP adress of 241.0.0.2 with a netmask of 255.255.255.255 and a gateway of 240.0.0.2 Client3 would recieve IP adress of 241.0.0.3 with a netmask of 255.255.255.255 and a gateway of 240.0.0.3 etc. Of course the gateway will have to have as many IP as there are clients (Unless I am mistaken) The questions : - Is there something similar already existing ? It must not require any configuration on the client side other than activating DHCP. - Would this work ? I do not see why it would not, though I am a little anxious about having tens of point to point connections going to the same physical port. - I could not find anything forbidding it in RFC2131, but then again I might be wrong. Am I ? - One problem remains that is solved by vlan isolation but not by DHCP isolation : rogue DHCP servers. Any Idea to crush those ? I hope it is not inappropriate to post this on this list. But it is an interesting problem (I think). Jerome Herman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org