from:"michael"

Hi,

I'm sure someone has had this before, but I can't find any reference
to it.

# pkg upgrade
Updating repository catalogue
digests.txz 100%  997KB 997.1KB/s 997.1KB/s   00:00
packagesite.txz 100% 5530KB   1.8MB/s   3.2MB/s   00:03
pkg: Invalid manifest format: mapping values are not allowed in this context
Incremental update completed, 0 packages processed:
0 packages updated, 0 removed and 22568 added.
pkg: No digest falling back on legacy catalog format
packagesite repository catalogue is up-to-date, no need to fetch fresh copy
Nothing to do

This is from a machine freshly converted to pkgng.

Any suggestions?

Thanks,
==ml

-- 
Michael W. Lucas  -  mwlu...@michaelwlucas.com, Twitter @mwlauthor 
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code ILUVMICHAEL gets you 30% off  helps me.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: pkgng problem


Thanks, Matt.

# pkg -vv | sed -ne '/Repositories/,$p'
Repositories:
  packagesite:
 url: http://pkg-test.freebsd.org/pkg-test-freebsd:9:x86:32/latest
 key:
 enabled: yes
 mirror_type: SRV

Also: 

# pkg -v
1.1.4


==ml

-- 
Michael W. Lucas  -  mwlu...@michaelwlucas.com, Twitter @mwlauthor 
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code ILUVMICHAEL gets you 30% off  helps me.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: pkgng problem

Matt,

Another data point on this:

Machines converted to pkgng a couple weeks ago can install new
packages just fine despite showing the same error. And it looks like
they download the new repo information:

# pkg install sysrc
Updating repository catalogue
digests.txz 100%  997KB 997.1KB/s 997.1KB/s   00:00
packagesite.txz 100% 5530KB   1.4MB/s   1.9MB/s   00:04
pkg: Invalid manifest format: mapping values are not allowed in this contex
Incremental update completed, 0 packages processed:
8292 packages updated, 1115 removed and 129 added.
pkg: No digest falling back on legacy catalog format
packagesite repository catalogue is up-to-date, no need to fetch fresh copy
The following 1 packages will be installed:

Installing sysrc: 5.2

The installation will require 39 kB more space

15 kB to be downloaded

Proceed with installing packages [y/N]: y
sysrc-5.2.txz 100%   16KB  15.8KB/s  15.8KB/s   
00:00
Checking integrity... done
[1/1] Installing sysrc-5.2... done

Machines upgraded to pkgng this week, using the same script as I used
a couple weeks ago, cannot install packages.

# pkg install sysrc
Updating repository catalogue
digests.txz 100%  997KB 997.1KB/s 997.1KB/s   00:00
packagesite.txz 100% 5530KB   2.7MB/s   1.5MB/s   00:02
pkg: Invalid manifest format: mapping values are not allowed in this context
Incremental update completed, 0 packages processed:
0 packages updated, 0 removed and 22568 added.
pkg: No digest falling back on legacy catalog format
packagesite repository catalogue is up-to-date, no need to fetch fresh copy
pkg: No packages matching 'sysrc' has been found in the repositories

Not sure if this supports the bad repo theory, but it's interesting.

Thanks,
==ml

-- 
Michael W. Lucas  -  mwlu...@michaelwlucas.com, Twitter @mwlauthor 
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code ILUVMICHAEL gets you 30% off  helps me.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: pkgng problem

On Fri, Aug 16, 2013 at 11:23:41AM -0700, Adrian Chadd wrote:
Have you done a pkg update first, just in case you needed to pull in a
pkgng update?

Yep, tried that.

==ml

-- 
Michael W. Lucas  -  mwlu...@michaelwlucas.com, Twitter @mwlauthor 
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code ILUVMICHAEL gets you 30% off  helps me.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Theft in the Clouds

2013-07-25 Thread Michael Sierchio

Amazon EC2 certainly offers Dedicated Instances, in which the hardware
is dedicated to a single customer.

On Thu, Jul 25, 2013 at 1:15 PM, Jerry je...@seibercom.net wrote:
 Not really a FreeBSD issue, but I did find this article rather
 fascinating.

 http://www.technologyreview.com/news/506976/how-to-steal-data-from-your-neighbor-in-the-cloud/

This is really about side-channel attacks against crypto - not general
data snooping.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: HOWTO monitor changes in installed packages within jails?

2013-07-23 Thread Michael Grimm


On 20.07.2013, at 18:34, Michael Grimm trash...@odo.in-berlin.de wrote:

 On 20.07.2013, at 14:53, Matthew Seaman m.sea...@infracaninophile.co.uk 
 wrote:
 On 20/07/2013 12:09, Michael Grimm wrote:
 
 I did migrate to pkgng some month ago, and ever since I am curious
 how to monitor changes in installed packages within jails. I am
 looking for a functionality/port that works like 490.status-
 pkg-changes for my host.
 
 Question: is there any functionality within the periodic system or a
 port that I might have missed to find?
 
 You can't just run 490.status-pkg-changes directly in your jail?
 
 Yes, I can ;-) 
 
 But! I do have a lot of service jails running at my host, thus I would like 
 to omit modifying every jail's /etc/periodic.conf adding:
 
 | daily_status_pkg_changes_enable=YES# Show package changes
 | pkg_info=pkg info  # Use this program
 
 
 Try this patch:
 
 Thanks for that approach, namely adding pkg -j jailname info for every jail 
 running. Due to my amount of jails I might need to add some looping over jls 
 -N output instead of adding a lot of $daily_status_pkg_changes_flags.
 
 I was hoping that I could omit programming that functionality myself, but I 
 might need to do so.

I ended up in adding:
--- snip 
--- /usr/src/etc/periodic/daily/490.status-pkg-changes  2013-04-03 
17:59:35.894705550 +0200
+++ /etc/periodic/daily/490.status-pkg-changes  2013-07-23 20:19:27.833641916 
+0200
@@ -32,6 +32,24 @@
diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \
| grep '^[-+][^-+]' | sort -k 1.2
fi
+
+# added jail(s) support
+#
+   for jname in `jls -N | grep -v JID | awk '{print $1}'`; do
+   if [ -f $bak/pkg_info_${jname}.bak ]; then
+   mv -f $bak/pkg_info_${jname}.bak 
$bak/pkg_info_${jname}.bak2
+   fi
+   jexec ${jname} ${pkg_info:-/usr/sbin/pkg_info}  
$bak/pkg_info_${jname}.bak
+
+   cmp -sz $bak/pkg_info_${jname}.bak 
$bak/pkg_info_${jname}.bak2
+   if [ $? -eq 1 ]; then
+   echo 
+   echo Changes in installed packages (jail 
${jname}):
+   diff -U 0 $bak/pkg_info_${jname}.bak2 
$bak/pkg_info_${jname}.bak \
+   | grep '^[-+][^-+]' | sort -k 1.2
+   fi
+   done
+
fi
;;
--- snip 

Not perfect, really, but working at my side.

Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Re[3]: vBSDcon Website Update

2013-07-22 Thread Michael Powell

Fish Kungfu wrote:

  Weird, now it's up.
 ...Fish
 

DNS takes time to propagate

-Mike



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

HOWTO monitor changes in installed packages within jails?

2013-07-20 Thread Michael Grimm

Hi --

I did migrate to pkgng some month ago, and ever since I am curious how to 
monitor changes in installed packages within jails. I am looking for a 
functionality/port that works like 490.status-pkg-changes for my host.

Question: is there any functionality within the periodic system or a port that 
I might have missed to find?

Thanks in advance and with kind regards,
Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: HOWTO monitor changes in installed packages within jails?

2013-07-20 Thread Michael Grimm

On 20.07.2013, at 14:53, Matthew Seaman m.sea...@infracaninophile.co.uk wrote:
 On 20/07/2013 12:09, Michael Grimm wrote:

 I did migrate to pkgng some month ago, and ever since I am curious
 how to monitor changes in installed packages within jails. I am
 looking for a functionality/port that works like 490.status-
 pkg-changes for my host.
 
 Question: is there any functionality within the periodic system or a
 port that I might have missed to find?
 
 You can't just run 490.status-pkg-changes directly in your jail?

Yes, I can ;-) 

But! I do have a lot of service jails running at my host, thus I would like to 
omit modifying every jail's /etc/periodic.conf adding:

| daily_status_pkg_changes_enable=YES# Show package changes
| pkg_info=pkg info  # Use this program


 Try this patch:

Thanks for that approach, namely adding pkg -j jailname info for every jail 
running. Due to my amount of jails I might need to add some looping over jls 
-N output instead of adding a lot of $daily_status_pkg_changes_flags.

I was hoping that I could omit programming that functionality myself, but I 
might need to do so.

Thanks for your input and with kind regards,
Michael


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: gpart: table 'da0' is corrupt; operation not permitted

2013-07-16 Thread Michael Sierchio

On Tue, Jul 16, 2013 at 1:44 PM, aurfalien aurfal...@gmail.com wrote:

 Upon doing;

 gpart destroy da0

 I get;

 gpart: Device busy

crude but effective:


DISK=da0

offset=`diskinfo $DISK | awk '{ print $4 - 131072 }'`
dd if=/dev/zero of=/dev/$DISK bs=64k count=1
dd if=/dev/zero of=/dev/$DISK bs=64k seek=$offset

gpart create -s gpt ${DISK}
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: auth.notice on syslog server

2013-06-24 Thread Michael Sierchio

On Mon, Jun 24, 2013 at 5:35 AM, SWENNEN Rudi
rudi.swen...@onprvp.fgov.be wrote:
 Hello FreeBSD-list,

 I have the following two freebsd systems/servers: a server and a client. The 
 syslog of the client is send to the server.
 I was wondering why the auth.notice entry on my server is generating a syslog 
 entry (/dev/console) when I change to root on the client:
 Jun 24 12:01:38 SERVER kernel: Jun 24 12:00:32 CLIENT su: rudi to root on 
 /dev/ttyv0

 Is there a way to limit the auth-facility not to log via syslog if the 
 entry in generated from a remote system?

Yes, on the host that sends the logs.
E.g.,

auth.*,authpriv.*:  /var/log/auth
console.*,cron.*,daemon.*,kern.*,mail.*,ntp.*,security.*,syslog.*,user.*,local.*:
@loghost
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Boot Loader Issue

2013-06-23 Thread Michael Sierchio

On Sun, Jun 23, 2013 at 4:12 PM, Polytropon free...@edvax.de wrote:
 On Sun, 23 Jun 2013 15:47:53 -0700, Doug Hardie wrote:
 I need to alter mountroot so it tries the right partition/slice.
 How do I do that?  I couldn't find anything in the handbook on that.

 You need to install the GPT boot code, e. g.

 # gpart add -t freebsd-boot -l gpboot -b 40 -s 512K ad0

Why the offset?  Why 512k?

 # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ad0

I think it's simpler to make an entry in /boot/loader.conf:

vfs.root.mountfrom=ufs:/dev/ada0s1a
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD slice/partiton setup question

2013-06-18 Thread Michael Sierchio

On Tue, Jun 18, 2013 at 10:44 AM, Istvan Gabor suseuse...@lajt.hu wrote:
 ...
 How can I do this in FreeBSD?
 Can I have slices with only one partition occupying the whole slice?

 Can I do something like the following:

 /dev/ad0s1a /
 /dev/ad0s2e /home
 /dev/ad0s3e /usr/local
 /dev/ad0s5b swap
 /dev/ad0s6e /home/user1
 /dev/ad0s7e /home/user2
 etc.

 where the partitions (a, e, b) occupy the whole slice where they reside on?

Why bother with partitions if you're going to use the whole slice?

Why bother with slices if you won't run out of partitions?

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Re: FreeBSD slice/partiton setup question

2013-06-18 Thread Michael Sierchio

You can simply newfs the device itself, without a volume label, slice,
or partition.  That's the normal thing to do with malloc devices, or
additional disks.  If the disk doesn't require a boot loader, isn't
the root device, etc. that may be the best thing to do.

Your caution about EXT* is spot-in - adequate tools exist for EXT2FS,
but it's still problematic.


- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Any BASIC Gurus around?

2013-06-17 Thread Michael Ross



I'm no BASIC Guru,
but this one line caught my eye while scrolling through your mail:


2010 IF ABS(H1. THEN GOTO 2040


Missing parenthesis?


Regards,

Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: FreeBSD maximum password length

2013-06-17 Thread Michael Sierchio

I know this may seem off-the-wall to some, but I pasted a hashed
password for a user under 9.1 into the /etc/passwd entry for that user
on an 8.3 machine, and auth continues to work properly.  That's nice.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

pkg-devel problem with incremental update

2013-06-11 Thread Michael Gass

Installed pkg-devel 1.1.0.b3 and get the following message about incremental
update whenever update is called.

sudo pkg update
Updating repository catalogue
pkg: incremental update is not possible as repo format is inappropriate, trying 
full upgrade
packagesite repository catalogue is up-to-date, no need to fetch fresh copy

What should I do to make incremental updates possible?

-- 
Michael Gass
mg...@csbsju.edu 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Bourne shell if syntax

2013-06-10 Thread Michael Sierchio

On Mon, Jun 10, 2013 at 12:16 PM, Tim Daneliuk tun...@tundraware.com wrote:

 That wasn't really my point.  I use sentinels because in the face of an
 empty string this:

if [ $PTR =  ]

 Actually evaluates to:

if [ =  ]

 Which throws an error.

Right.  Many scripts seem to assume that sh is bash, and that's
certainly not the case here.

if [ x$BLAH = x ]; then

is the most reliable and portable way of determining if it's a string
of zero length.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

What is the correct CPUTYPE for this machine?

2013-06-08 Thread Michael Gass

I have an old laptop:

FreeBSD 9.1-RELEASE #0 r243826: Tue Dec  4 06:55:39 UTC 2012
r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
CPU: Mobile AMD Duron(tm) Processor (1096.23-MHz 686-class CPU)
Origin = AuthenticAMD  Id = 0x671  Family = 6  Model = 7  Stepping = 1
Features=0x383f9ffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
AMD Features=0xc0480800SYSCALL,MP,MMX+,3DNow!+,3DNow!

What is the correct value for CPUTYPE in make.conf?

Thanks,

mg
-- 
Michael Gass
mg...@csbsju.edu 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: What is the correct CPUTYPE for this machine?

2013-06-08 Thread Michael Gass

On Sat, Jun 08, 2013 at 10:10:10AM -0400, ill...@gmail.com wrote:
 On 8 June 2013 09:34, Michael Gass mg...@csbsju.edu wrote:
 
  I have an old laptop:
 
  FreeBSD 9.1-RELEASE #0 r243826: Tue Dec  4 06:55:39 UTC 2012
  r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
  CPU: Mobile AMD Duron(tm) Processor (1096.23-MHz 686-class CPU)
  Origin = AuthenticAMD  Id = 0x671  Family = 6  Model = 7  Stepping = 1
 
  Features=0x383f9ffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
  AMD Features=0xc0480800SYSCALL,MP,MMX+,3DNow!+,3DNow!
 
  What is the correct value for CPUTYPE in make.conf?
 
 
 Duron was just a low-cost Athlon, da?
 
OK, checking the internet, looks like I should use
CPUTYPE?=k7
as the mobile amd duron 1.1G is a k7 group,
but the make.conf example only lists values like
k8, k6-3, k6-2, k6, and k5.
Which should I use?

mg
-- 
Michael Gass
mg...@csbsju.edu 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Error building math/sage

2013-06-06 Thread Michael Gass

=pmbuildingmain
PM_BUILD_ONLY_LIST=pm_bol
PM_DEL_BUILD_ONLY=pm_dbo
PM_NEEDS_UPDATE= math/sage 
PM_PARENT_PID=65716
PM_PARENT_PORT=math/sage
PM_VERBOSE=vopt
PREFIX=/usr/local
PWD=/usr/ports/math/sage/work/sage-5.9/spkg
PYTHONPATH=/usr/ports/math/sage/work/sage-5.9/local
RANLIB=/usr/local/bin/ranlib
READELF=/usr/local/bin/readelf
SAGE_ATLAS_LIB=/usr/local/lib
SAGE_FAT_BINARY=yes
SAGE_INSTALL_GCC=no
SAGE_LOCAL=/usr/ports/math/sage/work/sage-5.9/local
SAGE_LOGS=/usr/ports/math/sage/work/sage-5.9/logs/pkgs
SAGE_PARALLEL_SPKG_BUILD=
SAGE_PORT=yes
SAGE_ROOT=/usr/ports/math/sage/work/sage-5.9
SAGE_SPKG_INST=/usr/ports/math/sage/work/sage-5.9/spkg/installed
SAVE_SHARED=wopt
SHELL=/bin/sh
SHLVL=2
SIZE=/usr/local/bin/size
STRINGS=/usr/local/bin/strings
SUDO_COMMAND=/usr/local/sbin/portmaster math/sage
SUDO_GID=1001
SUDO_UID=1001
SUDO_USER=mgass
SYSTEMVERSION=
TERM=xterm
TMPDIR=/tmp
UPGRADE_TOOL=portmaster
USER=root
USERNAME=root
_=/usr/bin/env
__MKLVL__=2
build_deps_il=
build_only_dl_g=  
dep_of_deps=0
num_of_deps=0
pbu=/usr/ports/packages/portmaster-backup
pd=/usr/ports
pdb=/var/db/pkg
port_dbdir=/var/db/ports
use_pkgng=yes
***
make: illegal option -- -
usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
[-d flags] [-E variable] [-f makefile] [-I directory]
[-j max_jobs] [-m directory] [-V variable]
[variable=value] [target ...]

real0m0.001s
user0m0.000s
sys 0m0.001s
***
Error building Sage.

The following package(s) may have failed to build:
tail: /usr/ports/math/sage/work/sage-5.9/logs/pkgs/*.log: No such file or 
directory

The build directory may contain configuration files and other potentially
helpful information. WARNING: if you now run 'make' again, the build
directory will, by default, be deleted. Set the environment variable
SAGE_KEEP_BUILT_SPKGS to 'yes' to prevent this.

gmake: *** [build] Error 1
*** [do-build] Error code 1

Stop in /usr/ports/math/sage.
*** [build] Error code 1

Any suggestions?


-- 
Michael Gass
mg...@csbsju.edu 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Error building math/sage

2013-06-06 Thread Michael Gass

On Thu, Jun 06, 2013 at 09:41:46AM -0500, Michael Gass wrote:
 Trying to build math/sage-5.9_1 from ports.  Everything builds
 except sage itself.  
 
 Here is the system info.
 
 FreeBSD dc7800.home.net 9.1-STABLE FreeBSD 9.1-STABLE #0 r251294: Mon Jun  3 
 17:52:11 CDT 2013 root@:/usr/obj/usr/src/sys/HP20130603  amd64
 
 Here is /etc/make.conf
 
 CPUTYPE?=core2
 WITH_PKGNG=yes
 # added by use.perl 2013-06-03 21:30:08
 PERL_VERSION=5.14.2
 TEX_DEFAULT=texlive
 
 Here is output from the build (sorry for any control chars in script).
 Error is around 120 lines down.
 
 port_dbdir=/var/db/ports

..removed lines..

 use_pkgng=yes
 ***
 make: illegal option -- -
 usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
   [-d flags] [-E variable] [-f makefile] [-I directory]
   [-j max_jobs] [-m directory] [-V variable]
   [variable=value] [target ...]
 
 real  0m0.001s
 user  0m0.000s
 sys   0m0.001s
 ***
 Error building Sage.
 
 The following package(s) may have failed to build:
 tail: /usr/ports/math/sage/work/sage-5.9/logs/pkgs/*.log: No such file or 
 directory
 
 The build directory may contain configuration files and other potentially
 helpful information. WARNING: if you now run 'make' again, the build
 directory will, by default, be deleted. Set the environment variable
 SAGE_KEEP_BUILT_SPKGS to 'yes' to prevent this.
 
 gmake: *** [build] Error 1
 *** [do-build] Error code 1
 
 Stop in /usr/ports/math/sage.
 *** [build] Error code 1
 
 Any suggestions?
 
 

Got it to install.  Kept getting the above problem when usning portmaster.
So I did a make clean in the sage directory and then make install clean.
That did it.

Mike Gass

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Max top end computer for Freebsd to run on

2013-06-03 Thread Michael Powell

Al Plant wrote:

 James wrote:
 Several modest servers applied well will take you further than one big
 iron—and for less cost.
 
 James I agree. I have witnessed the benefit of what you say. Putting
 your faith in one big server can be a problem if the box fails,
 especially hardware failure.
 
 Keeping a spare server in a rack that can be switched in to service
 quickly can save you if one dies. Time (waiting for parts), most
 failures are hardware if your running FreeBSD. Even most Linux boxes.
 

There are 2 approaches, and applying both together is what I favor. Scale up 
(vertical) is a horsepower per box kind of thing. Scale out (horizontal) 
adds more of the same kind of box(es) in parallel. The resulting redundancy 
will keep you up and online.

Sizing matters somewhat. Having excess horsepower that sits unused is extra 
money spent on one box that could have been applied to scale out redundancy. 
If you can size one machine to match your current and projected workload, 
then if there are two, or more, of these and one fails the remaining can 
shoulder the load while you get the broken one back up.

Where the balance point is struck will depend on workload. Let's say 
(hypothetical) one box as a web/database server can handle 1,000 
connections/users per second within desired latency and response time. If a 
spike in demand suddenly comes that box will slow to a crawl (or even fall 
over) as it tries to keep up, as it is lacking the extra horsepower overhead 
that would otherwise be sitting idle if it did. Scaling out (horizontally) 
by adding more boxes will distribute this spike across multiple machines and 
remain within the desired processing response/latency time so together they 
can handle 2,000 when the need is present. Need another 1,000? Add another 
box, and so on.

So the trick is to understand your workload. Don't go overboard on just one  
huge high-power machine which sits mostly idle and takes you offline if it 
fails. Spend the money on more moderately sized boxen. Me, I like to have at 
least 3 of everything (if I can) such that they are sized so that 2 of them 
together can easily handle the desired load. The third one is for redundancy 
and the 'what-if' spike in demand.

Another advantage here is you can take one offline for updates, then put it 
back online and test it out for problems. If there is no problem then you 
can take one of the other two down and update it. This way you can do 
updates without your service being offline. But the trick is still to 
understand your specific workload first, then spread the money around 
accordingly.

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Disable build new pkg format in poudriere

2013-06-03 Thread Michael Powell

C. L. Martinez wrote:

 HI all,
 
  I need to build some packages without using new pkg format. I would
 like to accomplish this using poudriere, but is this possible?? Or do
 I need to use another package builder??
 
  I have tried to build rsync, but when I try to install, this error is
  returned:
 
 tar: +CONTENTS: Not found in archive
 tar: Error exit delayed from previous errors.
 pkg_add: tar extract of
 /poudriere/data/packages/fbsd91_amd64_legacy-default/All/rsync-3.0.9_3.txz
 failed!
 pkg_add: unable to extract table of contents file from
 '/poudriere/data/packages/fbsd91_amd64_legacy-
default/All/rsync-3.0.9_3.txz'
 - not a package?
 
  In make config file:
 
 WITH_PKGNG=no
 WITHOUT_X11=yes

Try  WITHOUT_PKGNG=yes and see if it helps.

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Should I move to amd64 ?

2013-05-30 Thread Michael Gass

I am currently using a 9.1-RELEASE with an i386 install.
The hardware is a core 2 duo with 2 GB of RAM.  My video card 
is an ati radeon hd 2400 xt. Things work fine.

Would I gain anything by starting over and doing an AMD64 install
or would that be a bad idea?  Would my system perform better, worse, 
or the same after the change? I may eventually bring the memory up
to 4GB, but not anytime soon.

I understand some ports my not work - like WINE - but I do not use
WINE. Would there be other problems?

-- 
Michael Gass
mg...@csbsju.edu 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Should I move to amd64 ?

2013-05-30 Thread Michael Gass


I am currently using a 9.1-RELEASE with an i386 install.
The hardware is a core 2 duo with 2 GB of RAM.  My video card 
is an ati radeon hd 2400 xt. Things work fine.

Would I gain anything by starting over and doing an AMD64 install
or would that be a bad idea?  Would my system perform better, worse, 
or the same after the change? I may eventually bring the memory up
to 4GB, but not anytime soon.

I understand some ports my not work - like WINE - but I do not use
WINE. Would there be other problems?

-- 
Michael Gass
mg...@csbsju.edu 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: swap partition leads to instability?

2013-05-29 Thread Michael Sierchio

On Sun, May 26, 2013 at 6:17 PM, Adam Vande More amvandem...@gmail.comwrote:



 Normal dynamic wear leveling on a modern SSD will be better than
 imposing an FS- backed swap for 4GB partion occupying a small fraction
 of total drive space.


Quite so.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: BSD sleep

2013-05-28 Thread Michael Sierchio

On Tue, May 28, 2013 at 4:45 PM, Joshua Isom jri...@gmail.com wrote:


 You think it's trivial until you read this:

 http://infiniteundo.com/post/**25326999628/falsehoods-**
 programmers-believe-about-timehttp://infiniteundo.com/post/25326999628/falsehoods-programmers-believe-about-time


Some days have 86400 seconds, some have 86401.  There is a provision for
two leap seconds to be applied at once, but that hasn't ever happened.
 Still, a truly correct clock, set to UTC, might someday read

23:59:59
23:59:60
23:59:61
00:00:00

How many seconds did that hour have?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: swap partition leads to instability?

2013-05-26 Thread Michael Sierchio

The Intel SLC mSATA drives I use in embedded devices don't support TRIM,
but - it doesn't seem to matter. Actually, I'm confident that just using
bare partitions for swap is fine, and I haven't had any of the trouble I
witnessed with MLC devices. The difference is that the size is limited to
under 32GB.

- M

On Sun, May 26, 2013 at 4:32 PM, Warren Block wbl...@wonkity.com wrote:

On Sun, 26 May 2013, Polytropon wrote:

On Sun, 26 May 2013 16:09:06 +0700, Erich Dollansky wrote:

Hi,

On Sun, 26 May 2013 01:58:32 -0700 (PDT)
M. V. bored_to_deat...@yahoo.com wrote:

I have a 24/7 network server/gateway with FreeBSD-8.2 on a SSD drive.
it's partitioned as normal (/ , /tmp, /var , /usr and swap) for a
long time now. But recently I heard from a FreeBSD expert that I
shouldn't have swap partition for my server, and having swap
partition could make my server unstable. this was so strange for me,
and I searched a lot but couldn't find a reason for this claim.

because it is a false claim. I never ever have had any system with
working hard, that gave a problem because of the swap space.

I think the problem here is that he's using a SSD.
As soon as the swap partition is being in heavy use,
which means it receives many writes, this may lead
to the SSD wearing out, decreasing its lifetime.

Another problem with SSDs is that they can have difficulty with wear
leveling. This is even worse with swap because there is no way to use TRIM
to tell the SSD about blocks that have been freed.

The workaround is a swapfile on UFS with TRIM enabled. It works fine, and
even better when you update the rc scripts for shutdown.

Here's an article on setup:
http://www.wonkity.com/~**wblock/docs/html/ssd.htmlhttp://www.wonkity.com/~wblock/docs/html/ssd.html

And here is the PR with a patch:
http://www.freebsd.org/cgi/**query-pr.cgi?pr=bin/168544http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/168544

__**_
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-**
unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Case sensitive usernames and sendmail - mystic voodoo

2013-05-26 Thread Michael Sierchio

On Sun, May 26, 2013 at 6:17 PM, Polytropon free...@edvax.de wrote:

 On Sun, 26 May 2013 18:44:41 -0600, Modulok wrote:
  I know usernames are case-sensitive, I thought emails were
  too.

 If I remember e-mail basics correctly: No. They're not.
 For example, f...@example.com, f...@example.com and f...@example.com
 and all upper/lowercase variations are the same as f...@example.com.


You remember incorrectly ;-)

The local part of an address (before the @ sign) is case-sensitive (with
the exception of postmas...@example.com)

Everything to the right of the @ is indeed case insensitive, but everything
to the left might be case sensitive, depending on local policy.  This means
you must preserve the case of everything to the left of the @ sign.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: setup journaling for root partition

2013-05-23 Thread Michael Sierchio

On Wed, May 22, 2013 at 10:53 PM, s m sam.gh1...@gmail.com wrote:

 thanks Michael for your quick reply:)
 yes, i can boot from usb freebsd flash and use fixit mode.
 i have root, var, tmp, usr and swap on my system. i create an extra swap
 partition to use it as journal provider for root partition.

 in fixit mode, first i run two below command in order to abel load
 gjournal:

 ln -s /dist/lib /lib
 ls -s /dist/boot/kernel /boot/modules

 then
 gjournal load

 and after that: gjournal label -f ad3s1a ad3s1g (ad3s1a is root
 partition and ad3s1g is swap partition for journal provider)

 but this error is shown:
 gjournal cannot clear metadata on ad3s1a: operation not permitted
 what is wrong here??? i really don't know how to fix it:


Try using -v to get more verbose output.  I am at a loss here, too.
 Perhaps you can try

gjournal load
dd if=/dev/zero of=/dev/ad3s1g bs=1m
gjournal clear -v ad3s1a
gjournal label -vf ad3s1a ad3s1g

and see what it says, if anything.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: file corruption solution (soft-update or ZFS)

2013-05-23 Thread Michael Sierchio

On Thu, May 23, 2013 at 5:33 AM, Warren Block wbl...@wonkity.com wrote:

 ..

  One thing mentioned earlier is that ZFS wants lots of memory.  4G-8G
 minimum, some might say as much as the server will hold.


Not necessarily so - deduplication places great demands on memory, but that
can be satisfied with dedicated cache devices (on SSD for performance and
safety reasons).  Without dedup, the requirements are more modest.

Softupdates guarantee metadata consistency, but do nothing to address data
integrity. ZFS has copy-on-write semantics (which solve a problem that even
hardware RAID can't), and end-to-end checksums to detect/prevent data
corruption (large drives will have uncorrectable bit errors over their
lifetime).

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: MySQL hangs server completely

2013-05-22 Thread Michael Ross

On Wed, 22 May 2013 15:52:45 +0200, Alejandro Imass aim...@yabarana.com  
wrote:



Hi,

We've been having this problem with a customer for a while and it
seems that some funky query makes MySQL use 100% of CPU. Nevertheless,
even though you can see in top that it's only 1 CPU in 100% (out of 8)
the server eventually becomes useless and stops responding completely.

So my question is, how does a user process hang the whole server? What
system resources could MySQL be draining to make the server stop
responding completely?



In laymans terms - can't do better - MySQL racing itself to obtain a (  
table | memory | file ) lock?


I know I can death-stall the MySQL server at a customer's site if I give  
it a big enough query ( like, DROPping a table, recreating it and pushing  
backup data inside ) while cron's hourly backup-dump is running on the  
database. Just the MySQL server, the machine itself hasn't stalled yet -  
but I'm sitting at the console while doing this, so I don't know what  
would eventually happen if I'd let it sit for a while.



Regards,

Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: setup journaling for root partition

2013-05-22 Thread Michael Sierchio

On Wed, May 22, 2013 at 10:27 PM, s m sam.gh1...@gmail.com wrote:

 thanks Michael, but in all documentation about journaling, tunefs is used
 as below: tunefs -J enable ad3s1X.journal. ad3s1X.journal is created by
 gjournal command: gjournal label ad3s1a ad3s1g that assign ad3s1g as
 journal provider for ad3s1a and create ad3s1a.journal which contains ad3s1a
 as data provider and ad3s1g as journal provider.

 my problem is, i can not run gjournal command for root partition in fixit
 mode nor single user mode. you mean, i should just use tunefs command on
 ad3s1X (root partition)? if yes, then where journal provider for root
 partition is located? in root partition?


Ah, sorry -  lack of careful reading on my part.  Can you boot from
installation media and use the fixit mode?  This still won't work if the
last sector of the partition is in use by the filesystem  You'll need a
spare partition of some size to be the journal provider, as in the example.

The very best approach is to create a gjournal and then newfs.  How is your
disk organized?  One big root partition with everything on it?

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: setup journaling for root partition

On Mon, May 20, 2013 at 10:59 PM, s m sam.gh1...@gmail.com wrote:

 hello everybody

 i want to setup a journal partition for my root partition. but i do not
 know how to do that. in FreeBSD handbook, it is done in single user mode,
 unmount the desired partition and assign the journal partition to it. i
 test this procedure and it is done for /usr partition but for root
 partition, it can not be unmount in single user mode.


See the man page on gjournal

 To configure journaling on the UFS file system using gjournal, one
should
 first create a gjournal provider using the gjournal utility, then run
 newfs(8) or tunefs(8) on it with the -J flag which instructs UFS to
coop-
 erate with the gjournal provider below.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: setup journaling for root partition

AFAIK Softupdates journaling still breaks snapshot functionality - which
makes it unusable for me. I wouldn't assume that the O.P. doesn't want we
he's asking for.

- M

On Tue, May 21, 2013 at 7:42 AM, Arthur Chance free...@qeng-ho.org wrote:

On 05/21/13 12:43, saeedeh motlagh wrote:

thanks Julien, but i think it's not true. man page for newfs seys that
journaling is done via gjournal and in freebsd handbook it says do
journaling with gjournal for UFS file system.

you mean i should create a partition and just enable journaling for it
with
-J flag?

i think my problem is, my gjournal can not act correctly in fixit mode
because i can load it in single user mode and every thing is ok but in
fixit mode, i can not load it and all commands return errors.

please help me to make a journal for my root:(((

Look more carefully at the newfs man page. Option -J (upper case) is
gjournal type journalling, option -j (lower case) is native UFS soft update
journalling. It's the latter one you want.

This is on RELEASE-9.1 though. What version are you on?

--
In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a
new race of servants. Called Uruk-Oh-Hai in the Black Speech, they
were cruel and delighted in torturing spelling and grammar.

_Lord of the Rings 2.0, the Web Edition_

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: setup journaling for root partition

On Tue, May 21, 2013 at 8:20 AM, Warren Block wbl...@wonkity.com wrote:

On Tue, 21 May 2013, Arthur Chance wrote:

  On 05/21/13 15:46, Michael Sierchio wrote:

 AFAIK Softupdates journaling still breaks snapshot functionality - which
 makes it unusable for me. I wouldn't assume that the O.P. doesn't want we
 he's asking for.


 Good point, I'd forgotten that problem as I don't use UFS snapshots. I
 can imagine it would be a killer for some people.


 It is, especially if you use dump/restore.


Or tarsnap (which is what we use for backups here), or... there are many
use cases for snapshots.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: setup journaling for root partition

On Tue, May 21, 2013 at 10:14 PM, s m sam.gh1...@gmail.com wrote:

 thanks guys for your attentions.

 i want to setup journaling in FreeBSD 8.2. i compare soft-update and
 journaling and choose journaling (it is more suitable for my goals).

 i want to enable journaling for all my partitions. i can do it for all
 partitions except root in single user mode. i can not do it for root
 because i can not unmount root in single user mode.


No, but you don't need to.  In single user mode, root is mounted read-only.
 You can run tunefs on the root fs device.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: problems with port upgrade consistency using portsnap

2013-05-19 Thread Michael Powell

fddi wrote:

[snip]
 
 so ther is something wrong in my crontab
 
 0 3 * * * /usr/sbin/portsnap -I cron update  pkg_version -vIL=

See man portsnap, section TIPS - it shows example of correct way:

0 3 * * * root /usr/sbin/portsnap cron

The TIPS section contains more details.

[snip]

-Mike 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: How to get kernel source code of free-BSD release 9.1

2013-05-19 Thread Michael Powell

Chou, David J wrote:

 Hi,
 
 I  have created a virtual machine of PC-BSD release 9.1 64 bit in VMware
 Player Version 5.0.0 build-812388 based on PCBSD9.1-x64-DVD.iso downloaded
 from ftp://mirrors.isc.org/pub/pcbsd/9.1/amd64/PCBSD9.1-x64-DVD.iso , and
 setup network configuration and installed Firefox 20.0 by AppCafe, and
 configured the network setting in Preference-Advanced of Firefox, and I
 could  access Internet.
 
 Now I need to build my own customized kernel, but there is no src
 subdirectory in /usr, so here is my question:
 
   1.  Is there any way to install kernel source when I create the  virtual
   machine from PCBSD9.1-x64-DVD.iso ?

Not sure about PCBSD as I haven't used it, but with regular FreeBSD I 
believe you can by selecting the appropriate package distribution group. 
Been a while since I've done an install, but even so the source will be the 
static RELEASE bits and not contain any security updates.

   2.  Any BKM to get the kernel source after the Virtual Machine already
   created as my case now?

Yes - install the devel/subversion port. Go ahead and create the src 
directory under /usr. Then do:

svn checkout svn://svn.freebsd.org/base/releng/9.1 /usr/src

Once having checked out you can then issue a svn update /usr/src command to 
pull in security updates as they become available over time.

There are also two US mirrors available such as:

svn checkout svn://svn0.us-east.freebsd.org/base/releng/9.1 /usr/src
svn checkout svn://svn0.us-west.freebsd.org/base/releng/9.1 /usr/src

I have used the us-east one. There is also a project underway to add in to 
base an 'svnup', similar in scope to how csup replaced cvsup to make it 
easier in the future.

I believe freebsd-update is also a possibility but I have no experience with 
it. At any rate, more details can be found in the Handbook.

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: List Spam Filtering

2013-05-11 Thread Michael Ross

On Thu, 09 May 2013 02:26:26 +0200, Julian H. Stacey j...@berklix.com  
wrote:



Hi questions@ ( spammer not cc'd )

Reference:

From:   Aaron Seligman aselig...@altitudedigitalpartners.com
Reply-to:   aselig...@altitudedigitalpartners.com
Date:   Wed, 08 May 2013 18:59:07 + (UTC)
Subject:Re: Display  Video Campaigns-Inventory Needed
Message-id: 1368039547.0568389241738...@mf7.sendgrid.net



Happy hump-day,

We have an opportunity with an RTB partner to monetize

INT Geo's; UK, CAN, AUS

Video: (Pre-roll, mid-roll and post-roll)



If list write access was changed to Subscribers Only:
  - List could silently discard such spam.
  - Postmaster@  ( webmaster@ weeding web archives) would have less  
work.
  - Less individual need to select spam phrases to copy to personal  
filters
( less time searching WTF dialect American above meant in English  
;-).


Newbies would be told subscribe before posting in all of:
/etc/motd
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Automatic list bounce response.
Only clueless, lazy,  spammers might be lost. A net gain.

Cheers,
Julian



I'm curious how much spam you get through this list.

Just counted, and I have about 2 Spams per week for the last month,
that's more than usual.


Regards,

Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

ls(1), rm(1) - No such file or directory even though they are there.

2013-05-04 Thread Michael Bird


Hi List,

There is a rather curious problem that I have, which I haven't encountered 
before.
I make regular backups of my packages and put them onto an external usb drive,
which is mounted read/write via sysutils/fusefs-ntfs.


Now these backups don't exist no more and at the same time they are there. That 
is to say, upon issuing ls and/or rm on the command line I get rather strange 
results. 
Here are some of my outputs:


mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % ls
[a long list that has been cut out]
zip-3.0.tbz
mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % ls zip-3.0.tbz 
ls: zip-3.0.tbz: No such file or directory

Some have files that (don't) exist have i-nodes and some haven't:

mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % ls -i zip-3.0.tbz 
ls: zip-3.0.tbz: No such file or directory
mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % ls -i 
linux-f10-tiff-3.8.2.tbz 
2469 linux-f10-tiff-3.8.2.tbz

Running rm on the folder I get No such file or directory for every single 
entry:

mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % rm *
[a long list that has been cut out]
rm: linux-f10-tiff-3.8.2.tbz: No such file or directory

Yet again some of the files can be test via gzip and some can't:

mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % gzip -t 
linux-f10-tiff-3.8.2.tbz
mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % echo $?
0
mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages % gzip -t zip-3.0.tbz 
gzip: can't stat: zip-3.0.tbz: No such file or directory
mike@machine1:/mnt/Programs/FreeBSD/91binaries/packages %


Looks like the this part of the file system is corrupt. I also booted the drive 
up under 
Windows and got the same result. The files are there, but can't be read, 
overwritten
or deleted.


What does the list say about the above mentioned?

Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: enter single user mode from boot menu

2013-04-28 Thread Michael Sierchio

On Sun, Apr 28, 2013 at 4:04 PM, Polytropon free...@edvax.de wrote:



 After the BTX loader has started, keep hammering the space
 bar. :-)

 At some point, you'll see the

 Ok
 _

 prompt. This is where you enter the command

 boot -s

 to go into single-user mode. The kernel will load as you would
 expect, but no further action (rc.d startup) will be taken. Instead
 you have to confirm the shell (/bin/sh by default) by pressing
 enter at the

 When prompted Enter full pathname of shell or RETURN for /bin/sh:

 prompt; and then you're left at the

 # _

 prompt, which means you're in single user mode. Type exit to
 start into multi-user mode as usual.


In single user mode, the root filesystem will be the only one mounted, and
it will be mounted read-only.

If you need to make changes (Correcting a fat-fingered edit to /etc/fstab,
for example), you'll need to mount root rw.

mount -u -o rw /

is the minimal command to do that.  You might also find it easier to mount
/tmp and /var if they're separate filesystems... YMMV, etc.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-24 Thread Michael Powell

Alejandro Imass wrote:

[snip]
 Most consider the answer to use WPA2, which I do use too. Many think
 it is 'virtually' unbreakable, but this really is not true; it just
 takes longer. I've done WPA2 keys in as little as 2-3 hours before.

 Are you saying that any WPA2 key can be cracked or or you simply
 referring to weak keys?
 
 I would also like to specifically if it's for weak keys or are all
 WPA2 personal keys crackable by brute force. Also is WPA2 Enterprise
 as weak also. Could anyone expand on how weak is WPA2 and WPA2
 Enterprise or is this related to weak PSKs only??
 

I'm just a lowly sysadmin and not any kind of crypto expert.  The problem is 
time and horsepower. While a ridiculously easy key of say 4 characters that 
is not salted may be doable on a PC, once you start to get to 8-9 characters 
or more the time it takes begins to get huge fast. It's a matter of can you 
tie up the resource long enough to wait it out. Throw salting into the mix 
and it gets longer again. 

What I do at home is concatenate 2 ham radio call signs of friends that I 
can remember. Then I sha256 that and select from the end backwards 15 
characters. This won't actually defeat the inherent weakness of using a pre-
shared key, but it will take longer for a simple brute force. You should 
also throw in additional characters from your character set beyond just 
alpha/numerics.

Also, my little tinkertoy i5-3570K overclocked up to 4.5GHz is just that - a 
toy. I can use it to generate a trace file, which I then take to work and 
replay it using a z196 when they occasionally allow me to play for bit.  I 
also have rainbow tables and dictionary word-lists pregenerated for 
cheating. Another thing people are playing with is stuffing 4 high end video 
cards in a box and using them for computation. This enhances the PC platform 
beyond just using the CPU. There are also people doing this in the cloud. 
And they will rent you compute time for a fee.  :-)

The pre-shared key is the weakest as compared to Enterprise. Enterprise WPA 
is stronger because it is a user account based system which authenticates 
using 802.1x via a Radius server. You can even assign certificates to user 
accounts and if they don't have the cert on the client they are trying to 
connect with, it won't. Throw Kerberos re-ticketing into the mix adds 
another layer to the onion. I seem to think recalling something about 
Kerberos re-ticketing something like every 900 seconds, or something like 
that. Switches and other network equipment that supports 802.1x can also 
filter out traffic that is not authorized.

Bottom line is Enterprise is better than a simple pre-shared key. But it 
involves radius, dns/dhcp, windows domain controllers, active directory, a 
PKI infrastrucure and access points that are designed for use in this 
environment (and they cost more). So while it may be more secure than a 
simple pre-shared key, it is simply not practical for the home user as they 
won't have all the 'other' resources required to utilize it.

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-24 Thread Michael Powell

Arthur Chance wrote:

[snip]
 What I was pondering is some form of L2TP tunnel, or some other form of
 IPSEC tunnel to form some kind of VPN like communication between the
 client and the wifi. Just never have begun to find the time to get
 anywhere with the idea. But basically it would resemble a VPN that only
 accepts connection from a tunnel endpoint client and not pass any traffic
 from any other client lacking this VPN-like endpoint. I think such a
 thing is very possible and have read some articles by people who have
 done very similar sounding things. Indeed, this is what SSL-VPN providers
 do via a subscription service so people surfing at open wifi coffee shops
 tunnel through the local open wifi and setup an encrypted VPN tunnel.
 
 A quick note: pfSense (I don't know about m0n0wall) has OpenVPN built in
 to it. Depending on whether all devices which are going to connect
 wirelessly can run the client end of OpenVPN, this might be a quick way
 to get greater security on the WiFi side.
 

This is along the lines of what I was thinking. I am my own CA and can 
generate certs that no one else has the private keys to. The problem with 
buying certs from a provider is the gov't has access to the private keys on 
demand. This was mandated back during the Clinton administration for the
US. I do things like turn password auth off on my SSH and only auth via 
certs. Extending this to other 'connectivities' is a way to make it harder 
for those with no approved cert to get in.  

The pairing of firewall and OpenVPN together sounds interesting. Will 
definitely check it out. Thanks for the pointer!

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-24 Thread Michael Powell

Michael Powell wrote:

 [snip]
 Are you saying that any WPA2 key can be cracked or or you simply
 referring to weak keys?
 
 I would also like to specifically if it's for weak keys or are all
 WPA2 personal keys crackable by brute force. Also is WPA2 Enterprise
 as weak also. Could anyone expand on how weak is WPA2 and WPA2
 Enterprise or is this related to weak PSKs only??
 

Oh, and BTW was going to include this in the last and forgot:

http://www.aircrack-ng.org/doku.php?id=cracking_wpa

-Mike




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-22 Thread Michael Powell

Alejandro Imass wrote:

 On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell nightre...@hotmail.com
 wrote:
 Alejandro Imass wrote:

 Hi,

 I'm looking to replace the piece of crap 2wire WiFi router that gets
 crakced every other day for something with pfSense or m0n0wall

 Not sure what you mean by 'cracked' here. If you are meaning that someone
 is using aircrack-ng to break your Wifi authentication key a firewall
 won't do much to stop this.

 
 I use mac address authentication plus wpa2 psk and yet they are still
 able to connect so it seems that 2Wire's routers are an insecure piece
 of crap and they are full of holes and back-doors. Just google 2wire
 vulnerabilities or take a look at this video
 http://www.youtube.com/watch?v=yTtQGPdSIfM

With Kismet able to place a wifi unit into monitor mode you can quickly get 
a list of everything in the vicinity, including all the MAC addresses of 
devices connecting the various access points.  You can then clone your 
unit's MAC address to match one in the list. Even though I do use it, MAC 
access lists are very easy to get around and will only stop those who do not 
know how to do this.

Even in passive mode, without using active attack to speed things up I can 
crack a WEP key in 45 minutes easily. Doing this passively doesn't expose 
you. The time it takes depends on how busy the access point is. An active 
attack can break WEP in 2-3 minutes, or less. I've seen it done between a 
minute and a minute and a half.

Most consider the answer to use WPA2, which I do use too. Many think it is 
'virtually' unbreakable, but this really is not true; it just takes longer. 
I've done WPA2 keys in as little as 2-3 hours before. 

 Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs
 use these crappy routers on purpose to get some more revenue from cap
 overruns.
 

Really these WEP/WPA2 protocols are not providing the level of protection 
that is truly necessary in this modern day. You can keep out script kiddies 
and people who don't have skill, but people who know what they are doing are 
only slowed down.

The ISPs are seemingly more interested and concerned with protecting Big 
Media Content's DRM schemes. They have a monetary stake as they move in the 
direction of deals with 'Big Media', less so the incentive to do more for 
their retail Internet-access customer. And don't even me started on the 
advertising industry run-amok.   :-)

-Mike



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-22 Thread Michael Powell

Alejandro Imass wrote:

 [...]
 
 Really these WEP/WPA2 protocols are not providing the level of protection
 that is truly necessary in this modern day. You can keep out script
 kiddies and people who don't have skill, but people who know what they
 are doing are only slowed down.

 
 Thanks for the detailed explanation! So, are there ways to run a
 secure WiFi network? It would seem that in my case I have neighbours
 that know what they're doing so should I just forget about WiFi go
 back to UTP?
 

We use 802.1x auth on our switch (and other hardwares) ports at work and 
this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but 
with Enterprise grade access points (we have Aruba's), EAP, and Radius we 
can extend our network Kerberos out through the wifi realm. Without going 
into details ( way too much/many for the scope here) I basically have an 
almost completely locked network which just won't allow a device on it that 
it doesn't recognize. It is a pain, and not perfect either by any stretch. I 
have more problems with printers as a result than anything else.  I do have 
to keep an open Internet access for visitors to use, but it is separated 
from our main network with no path between the two.  :-) 

This does provide better security when compared to what consumers are 
running at home. It is much more complex and requires expensive equipment. 
And even still, a really high-grade Uber hacker might still find a way in. 
We hire pen-tester companies about once a year, and while they haven't found 
any glaring holes there are some grey areas that we wonder if a really 
motivated Uber hacker spent enough time on...

I have entertained on and off the idea of getting a wifi card for my FreeBSD 
gateway/firewall box at home to see if I could come up with something more 
resembling something like we have at work. It probably wouldn't be as 
involved, but I do think (FreeBSD as a very _capable_ and flexible OS) 
something could be designed that would inherently be somewhat more secure 
than what I see in the basic ISP home router. I have Verizon's FIOS here 
with an Actiontec MI424WR-Rev 3 router and I think I could do better. The 
alternate provider here is Comcast which mostly seems to be using Motorola 
Surfboard routers, but the bottom line is I don't have any problem cracking 
any of them.

This email is already getting a trifle long, so suffice to say if you really 
need the best security on a home ISP router the best you can do is turn off 
the radio and use Ethernet and UTP. This returns to the original focus of 
your question in that the firewall would be the point of contention and not 
the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you 
originally is that changing the firewall is a separate issue from the 
cracking of Wifi auth keys. 

-Mike
 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-22 Thread Michael Powell

Alejandro Imass wrote:

 On Mon, Apr 22, 2013 at 3:45 PM, Michael Powell nightre...@hotmail.com
 wrote:
 Alejandro Imass wrote:

 [...]

 Really these WEP/WPA2 protocols are not providing the level of
 protection that is truly necessary in this modern day. You can keep out
 script kiddies and people who don't have skill, but people who know
 what they are doing are only slowed down.


 Thanks for the detailed explanation! So, are there ways to run a
 secure WiFi network? It would seem that in my case I have neighbours
 that know what they're doing so should I just forget about WiFi go
 back to UTP?


 We use 802.1x auth on our switch (and other hardwares) ports at work and
 this utilizes a Radius server. At work we are mostly a $MS WinderZ shop,
 but with Enterprise grade access points (we have Aruba's), EAP, and
 Radius we
 [...]

 This email is already getting a trifle long, so suffice to say if you
 really need the best security on a home ISP router the best you can do is
 turn off the radio and use Ethernet and UTP. This returns to the original
 focus of your question in that the firewall would be the point of
 contention and not the cracking of WEP/WPA2 auth keys. What I was wanting
 to point out to you originally is that changing the firewall is a
 separate issue from the cracking of Wifi auth keys.

 
 I absolutely got that but I was assuming that a pre-packaged WiFi
 router with pfSense or m0n0wall would have a more secure wireless
 hardware and software as well. Now I see the problem is more complex
 and that the wireless part is vulnerable regardless. So if by cracking
 the wireless part they can spoof the mac addresses of authorized
 equipment, what other methods could a BSD-based firewall use to
 prevent the cracker from penetrating or using the network beyond the
 WiFi layer? From your response it seems very little or nothing
 really...
 
Yes - unfortunately this is about the state of things. Not a whole lot 
you're going to do to improve the consumer grade home router. There are some 
hardware specific firmware projects that I've never played with such as: 

http://www.dd-wrt.com/site/index  

The pre-packaged home equipment is relatively cheap when compared against 
the top of the line enterprise-grade commercial products. Most are some form 
of embedded Linux. For example, the MI424WR-Rev3 I have here is busybox ( 
http://www.busybox.net/ ). If you turn on remote management and telnet into 
it you get a busybox prompt! With a busybox shell and all busybox commands. 
The firewall many of these embedded Linux things are using is iptables2, the 
standard linux firewall package. 

What I was pondering is some form of L2TP tunnel, or some other form of 
IPSEC tunnel to form some kind of VPN like communication between the client 
and the wifi. Just never have begun to find the time to get anywhere with 
the idea. But basically it would resemble a VPN that only accepts connection 
from a tunnel endpoint client and not pass any traffic from any other client 
lacking this VPN-like endpoint. I think such a thing is very possible and 
have read some articles by people who have done very similar sounding 
things. Indeed, this is what SSL-VPN providers do via a subscription service 
so people surfing at open wifi coffee shops tunnel through the local open 
wifi and setup an encrypted VPN tunnel. 

Just not enough time in the day. I know it's do-able, just never have found 
the time to properly approach it.

-Mike



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Home WiFi Router with pfSense or m0n0wall?

2013-04-21 Thread Michael Powell

Alejandro Imass wrote:

 Hi,
 
 I'm looking to replace the piece of crap 2wire WiFi router that gets
 crakced every other day for something with pfSense or m0n0wall

Not sure what you mean by 'cracked' here. If you are meaning that someone is 
using aircrack-ng to break your Wifi authentication key a firewall won't do 
much to stop this.


-Mike
[snip]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: pwd.db/spwd.db file corupption when having unsafe system poweroff

2013-04-16 Thread Michael Powell

Tak Tak wrote:

 hi everyone,
 
 i wanna know what exactly happens for freebsd files and processes,
 when we shutdown system via pressing hardware power key for 3 seconds?
 
 here's what has happened to me, recently:
 i've faced a strange problem.. on one of my bsd servers, one of my
 coworkers had defined and edited some system users, and then, instead
 of safe shutdown, he kept pressing power-button for 3 seconds!..
 after next startup, we couldn't login anymore! we had to replace
 pwd.db and spwd.db files, via bootable-freebsd Fixit mode, and then,
 everything was fine!
 
 we know that we are, for sure, better to use safe shutdown, but i
 can't guarantee it always happens. what if sudden power off makes same
 problem??so i can't leave my servers in such situations..
 
 My questins are:
 what has happened exactly? just in-used corrupted files ??
 is there any way to prevent this situation? (instead of  having a
 read-only FS.. i can't apply it on this server for now..).
 
 i'm sorry if my question seems dummish! i'm trying to increase my bsd
 knowledge, but i'm just on my way..
 
 for sure, i appreciate any ideas or answers :)

At the risk of illustrating what I'm fuzzy on, possibly those with more in-
depth skill can fill in the blanks or tidy up some with more accurate and 
complete details.

Pressing the power button for 4 seconds as described is invoking the ACPI 
layer to stimulate call(s) down to the system BIOS. Whatever is set in the 
BIOS wrt to power control and various power-savings modes are passed through 
the ACPI layer. The problem with this is the acpi module in FreeBSD may, or 
may not, be a perfect implementation for every possible piece of hardware in 
existance. The piece of that which really concerns me are individual 
manufactuer BIOS quirks can be just enough 'off' so as to misbehave even when 
the FreeBSD acpi implentation is basically sound. The jist of this is (IMHO 
here - YMMV) is I consider it a bad procedure to turn off a server as you've 
described. Use the shutdown command properly instead. I would never do what 
your coworker did to any of my servers. Caveat being sometimes you have no 
other choice but to do a hard power-down. A hard power-down is done by using 
the switch on the power supply, and not using the ACPI/BIOS from pressing 
the power switch on the front.

When you do have an 'uh-oh' like this, FreeBSD normally boots back into an 
unclean file system with corresponding whinings and complaints about how the 
file system(s) were not properly dismounted. Normally a background fsck 
ensues after 60 seconds of idle. In your case whatever files were left open 
and not properly closed this background fsck, had it been allowed to run and 
complete, would have cleaned this up. The problem starts when someone 
presses the power off button again, and again, before this process completes. 
Using the power button ACPI/BIOS only compounds this situation.

I have had at one time or another, power failures that occurred almost back 
to back, only with a few minutes in between. So what happened was on first 
boot after power came back the power went down again right in the middle of 
this background fsck. Two more of these and my file system(s) were in pretty 
not-so-good shape. Luckily I was running gmirror and one of the drives was 
consistent. So the mirror got rebuilt from the drive with the consistent 
file system automagically (takes a while), then the system continued to 
boot, and then the background fsck finally kicked in. Gmirror saved my bacon 
here. Journaling is also supposed to provide similar error recovery 
features. I've had this happen twice on 2 different boxen. Needless to say, 2 
broken UPS units were scrapped and replaced as a result.

I would recommend you do NOT use the power button as you described above. 
Period. In any event pay particular attention to that very first boot after 
an 'uh-oh' power off event. Look at top and watch for the background fsck to 
kick off and complete, returning the machine to quiescent state BEFORE you do 
ANYTHING else to it. This includes pressing the button on the front.

Just my $.02 - but I've had a couple of experiences like this and survived 
them successfully by doing things my way.

-Mike
   


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: When will binary packages be back?

2013-04-10 Thread Michael Powell

Mike. wrote:

[snip]
 
 
 Additionally, for me, building from ports for me has tended to pull in
 many, many X-windows support files when they are not needed.
 
 Specifically, I run a non-windowing system using command line tools.
 When I tried to compile Samba from ports, I finally killed the 'make'
 stage after three hours of compiling X-windows stuff.
 
 Nowhere had I ever spcified that the system was running X or any other
 windowing system.  Yet, there it was, three hours of wasted time.
 

In addition to what Jeff has said, for servers where I do not want any X 
related stuff I place WITHOUT_X11= yes in /etc/make.conf. In addition to make 
config option(s), there may also be some default stuff here and there in the 
Mk files. The make.conf line will short circuit these.

IIRC there may be some exceptions where you need some (a handful or less) of 
some X related packages. Seem to think of things like gd, imagemagick, 
freetype, etc., for PHP kind of things. In these cases, the make.conf line 
will blanket cover most of what you don't want and you can choose make 
config options that will pull in only what you absolutely need without 
starting down the line to everything X-related.

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: EC2 Instances Future

2013-04-10 Thread Michael Sierchio

I still follow Colin's original pattern of using a minimal Linux
grub boot EBS device (1GB), ext2fs, with the root partition being on
another  (ufs2) EBS device.  This works very well, with a couple of
caveats -

- Install e2fsprogs (pkg or port) - you will need it, on occasion when
modifying the boot device (after mounting rw).

- Kernel upgrades are tricky, so be careful

- Edit /etc/freebsd-update.conf intelligently to prevent unintended consequences

Apart from that, I have been running i386 and amd64 instances this
way, both 8.3 and 9.1, without difficulty (apart from some Xen clock
weirdness in 8.3).

No Windoze Tax. ;-)

- M


On Wed, Apr 10, 2013 at 10:05 AM, jflowers jflow...@ezo.net wrote:
 Is there anything likely to be available in the future (3 months to a year) to
 avoid the Windows tax on FreeBSD instances for the smaller (t1.micro,
 m1.small, m1.medium) types?  I understand the problem but don't find anything
 much online about a possible solution.  Probably because I don't understand as
 much as I think.

 Thanks.

 --
 Jim Flowers jflow...@ezo.net

 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Problems with IPFW causing failed DNS and FTP sessions

2013-04-01 Thread Michael Sierchio

Okay, what's your DNS setup?  Are you running a recursive cache that
contacts the root servers directly?  Using your ISP's servers?  Etc.

As a mitigation step, I tried pointing my caches to 8.8.8.8 and
8.8.4.4. - but it turns out that Google is intentionally blocking
(returning NX responses to) many netblocks right now because they
contain hosts known to be part of the botnet in the DDOS DNS
amplification attack.

I'm mirroring the root zone everywhere I have a cache, and it's helping.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Recipie for CPU souffle'

2013-04-01 Thread Michael Powell

Ronald F. Guilmette wrote:

 
 [[ Mostly, this posting is just a story.  But it does include one
question, towards the end.  See below. ]]
 
 Well, I accidentally found what I believe is most likely the reason
 for the system halts I have been having recently, so I just thought
 that I would share that.  It _is_ a bit humorous.  (The mystery system
 shutdowns have _not_ been due to a power issue, it would appear.)
 
 I just now experienced another episode in which the machine powered
 itself off, as I was working on it, for no apparently good reason.
 
 Since it was down anyway, I decided that this would be a good time to
 pull out that *^%$#@ bleedin' new USB 3.0 PCIe card I had recently
 installed... just in case that was causing the problem.
 
 As I reached in to begin extracting the PCIe card, the tip of one of
 my fingers accidentally brushed up against my CPU heatsink.  I in-
 stinctively yanked it away immediately.  If I had not done so, I
 would probably have gotten a third degree burn.
 
 I left the system off for a couple of minutes after that... to let it
 cool down a bit before doing anything else... and then I powered it
 back on, checked that the CPU fan was indeed turning (it was) and then
 I went immediately to the BIOS and the PC Heath Status.
 
 The CPU temperature was listed as being 63c == 145f !!!  And this was
 _after_ I had allowed the system to be powered down for a couple of
 minutes to cool down!!!
 
 So anyway, the fan turned and I watched the CPU temp slowly inch down
 to something more normal... like in the vicinity of 24c.
 
 I don't know what to make of this, except to suspect that some loose
 wires inside my case got in the way of the CPU fan turning.  (I am
 not neat like some folks.  The inside of myu case _is_ really rather
 sloppy, so this could easly have happened.)
 
 I've now installed mbmon and xmbmon and will be watching the CPU temp
 closely for awhile.
 
 I really wish that one or the other of those tools allowed setting a
 threshold CPU temp, beyond which the tool would emit an ear piercing
 alarm via the motherboard speaker... you know.. in case the regular
 external stereo speakers are turned off.
 
 question
 What *is* the best way to achieve the above effect, i.e. to arrange
 for the machine to scream for help in case it is getting too hot?
 
 I don't want it to just die, like it is doing now.  I want it to scream
 so that I can rush over and at least try to do an orderly shutdown.
 /question
 
 
 
 Regards,
 rfg
 
 
 P.S.  I am loading the system pretty heavily now, and have been for the
 last 20+ minutes, and xmbmon is showing me a nice constant 31c for the
 CPU temp.  So for the moment at least, all is well.
 
 P.P.S.  I have a (relatively) monster sized heatsink in this system, and
 it sits atop a quite modest 2.7GHz single-core Athlon, so it is not at
 all surprising that the ``stable'' CPU temp is around 30c (86f).

Many old Athlons from the older generation used a thermal pad for heat 
transfer. It was what looked like a little piece of soft plastic almost 
something like a milimeter thick and an inch or so square that would have 
come preapplied to the OEM heat sink which accompanied the CPU in a retail 
box set.

With these processors you cannot just simply smear a lot of thermal grease 
in there as a replacement. Indeed, doing so (not using a thermal pad) voids 
the warranty. Thermal grease works best when it is applied as a very thin 
but evenly distributed  layer and the heat sink is then clamped down very 
tightly so it is in very close contact with the processor. Doing this (using 
just thermal grease in lieu of the pad) leaves a small void or gap through 
there will be little heat transfer.

You might want to confirm that your processor model requires a thermal pad 
and not grease. Then hunt some down and use it instead of thermal grease. I 
seem to recall they were somewhat difficult to locate a place from which to 
purchase. Also the backing paper was darn near impossible to get off without 
destroying it (why the OEM cooler had it pre-applied). So get a few of them 
so you can tear up a couple before you succeed.

-Mike
 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: databases/mysql55 to databases/mariadb

2013-03-31 Thread Michael Powell

Andrei Brezan wrote:
[snip]
 Also what i've noticed is that 'p' as a suffix is for percona.

Oops! And I was thinking Percona but for some reason PostgreSQL came out my 
fingers! DOH!

-Mike


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: use of the kernel and licensing

2013-03-31 Thread Michael Ross


On Sun, 31 Mar 2013 16:31:43 +0200, Polytropon free...@edvax.de wrote:


On Sun, 31 Mar 2013 09:39:29 -0400, Joe wrote:

Does one have to file legal paper work with the government to be issued
a copyright on software?


With _which_ government? :-)

Basic understanding of copyright is: The stuff _you_ write
happens automatically under _your_ copyright, because you
are the creator. There is nothing you need to do to achieve
the copyright - it's yours by acting. At the moment you
write something like (C) Joe Sixpack 2012 it's set in
stone.

There might be other ways to prove (!) copyright, e. g. when
one of your files appears in someone else's work, but now
with the originator line saying (C) Nick Nosewhite 2013.
In case of a court trial which involves copyright, you can
prove from your CVS log of creation (or whatever source
management system or even file system you use) that _you_
have been writing that code, nobody else.




Does any software not having a copyright statement or any license
comments included in the source mean that it's public domain?


I would assume this. Imagine a snippet of code with no author
mentioned in it (or in the source it comes from, or any file
it is accompanied by), how would you be able to conclude
something _else_ than this is public domain with _no_
copyright holder?


I think you are wrong here.

quoting http://en.wikipedia.org/wiki/Public_domain_software:
Under the Berne Convention, which most countries have signed, an author  
automatically obtains the exclusive copyright to anything they have  
written, and local law may similarly grant copyright, patent, or trademark  
rights by default. The Berne Convention also covers programs. Therefore, a  
program is automatically subject to a copyright, and if it is to be placed  
in the public domain, the author must explicitly disclaim the copyright  
and other rights on it in some way.


Note the wording explicitly disclaim.

While German law has something like a triviality threshold which may  
well apply to very small code snippets,

i'd say no included license by default means all rights reserved.


Regards,

Michael
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: smartd

2013-03-31 Thread Michael Powell

Polytropon wrote:

 On Sun, 31 Mar 2013 17:25:32 -0500, ajtiM wrote:
 I installed smartmontools, start_smartd=yes I have in rc.conf
 
 Without further investigation - shouldn't that be
 
 smartd_enable=YES
 
 conforming to the syntax of other service start commands?
 At least that might be the reason why smartd doesn't
 automatically start. Sadly I can't find a reference to
 how to edit rc.conf in man smartd; at least the manual
 explains the options well... ;-)

This is correct, as per: 

/usr/ports/sysutils/smartmontools/files/pkg-message.in

Don't know if it's a typo in his email but he was missing a  on the:

daily_status_smart_devices=/dev/ada0 line as well.

-Mike



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Problems with IPFW causing failed DNS and FTP sessions

It would be really helpful if you'd post the ruleset.

At first glance, your stateful rules seem rather wrong, unless there's
a check-state above.  Also, in and out aren't discriminating enough -
every packet is seen by the ruleset more than once.  You should think
in terms of interfaces, direction, etc.

Are you doing NAT?  Stateful rules with NAT are indeed possible, but subtle.

Your problem has nothing to do with server load, and probably
everything to do with not-terribly-well-conceived ruleset.  Please
post yours here.

- M

On Sun, Mar 31, 2013 at 8:34 PM, Don O'Neil li...@lizardhill.com wrote:
 Hi everyone. recently my server started having issues with DNS and FTP
 sessions either not resolving or timing out. I've tracked the issue down to
 IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away.



 I have the basic rules like this for dns;



 01160 allow udp from any to any dst-port 53 in keep-state

 01161 allow tcp from any to any dst-port 53 in keep-state

 01162 allow udp from any to any dst-port 53 out keep-state

 01163 allow tcp from any to any dst-port 53 out keep-state



 When I try an nslookup sometimes they fail, sometimes they get through, even
 if I change my DNS server to google, my ISP, or even OpenDNS. the firewall
 seems to be causing the issue.



 I have about 65 rules in all.



 Any ideas what could be causing this? My server load is low, usually
 hovering around .2



 How can I look at the actual amount of traffic that the IPFW module is
 processing and track down potential performance issues? My server isn't
 pushing much data, only around 4-5 Mbps sustained.



 Thanks!





 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Problems with IPFW causing failed DNS and FTP sessions

2013-03-31 Thread Michael Powell

Don O'Neil wrote:

 Hi everyone. recently my server started having issues with DNS and FTP
 sessions either not resolving or timing out. I've tracked the issue down
 to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go
 away.
 
[snip]

I'm probably not smart enough to be able to help directly with your problem 
but I'd like to add that there is a snowballing DNS Amplification ddos 
attack against SpamHaus going on which is spilling over. I was looking at 
some weird stuff my Suricata was reporting today when I noticed a large 
majority of it was coming from CloudFlare CDN. They use anycast packet 
traffic to deflect and diffuse such attacks for their customers. 

I'm wondering if your box has just been sitting there doing it's thing and 
you've made zero changes to it so it is essentially 'steady state' and this 
problem just sort of came up seemingly out of nowhere. Consider a 
possibility that the cause may be external and what you're seeing is just 
IPFW's reaction to it.

A friend of mine is on a nearby Verizon subnet and he uses their DNS 
servers. He noticed minimal hiccup while I have my DNS pointed at OpenDNS 
and it took them almost a day to get their situation under control. Once 
they did traffic seemed to return to normal, then I noticed Suricata alerting 
on return traffic in my pf DNS firewall rule. All the traffic Suricata was 
complaining about was coming from the CloudFlare CDN. I've never seen this 
before, so I'm not completely certain what to make of it. My hypothesis is 
OpenDNS subscribed to CloudFlare's protection, and since it is legit 
return traffic from my DNS server's lookups the firewall never touched it. I 
would never have noticed if it wasn't for Suricata. 

I just don't know enough about it all, just that I was having some flaky DNS 
stalling and hanging and when it seemed like it returned to normal I began 
to see this weird stuff from CloudFlare CDN on my DNS traffic. Just would like 
to point out it may be possible your problem is somehow just a reflection of 
some noise going on outside your box. As for exactly what you might do about 
it is for smarter people than me.

-Mike



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Problems with IPFW causing failed DNS and FTP sessions

I'll give you a more cogent reply tomorrow - if you use keep-state
rules, you want to be a little more specific - for tcp, you want
allow tcp from X to Y setup keep-state - i.e. you start the stateful
rule on packets that have the SYN flag set.  There are some other
oddities here - I'm guessing that the firewall rules are there to
protect this box itself...  in which case your stateful rules really
need only to consider outbound traffic, and to allow replies.  Let
me know if that assumption is erroneous.  More later.  Time for 

- M

On Sun, Mar 31, 2013 at 9:33 PM, Don O'Neil li...@lizardhill.com wrote:
 Thanks for the response... here's my full rullset:

 # ipfw list
 00100 check-state
 00101 allow tcp from any to any established
 00102 allow ip from any to any out keep-state
 00103 allow icmp from any to any
 00201 allow ip from any to any via lo0
 00202 allow ip from any to 127.0.0.0/8
 00203 allow ip from 127.0.0.0/8 to any
 00204 deny tcp from any to any frag
 00301 deny log logamount 50 ip from any to any ipoptions rr
 00302 deny log logamount 50 ip from any to any ipoptions ts
 00303 deny log logamount 50 ip from any to any ipoptions lsrr
 00304 deny log logamount 50 ip from any to any ipoptions ssrr
 00305 deny log logamount 50 tcp from any to any tcpflags syn,fin
 00306 deny log logamount 50 tcp from any to any tcpflags syn,rst
 01110 allow tcp from any to any dst-port 20 in
 0 allow tcp from any to any dst-port 20 out
 01112 allow tcp from any to any dst-port 21 in
 01113 allow tcp from any to any dst-port 21 out
 01114 allow tcp from any to any dst-port 990 in
 01115 allow tcp from any to any dst-port 990 out
 01116 allow udp from any to any dst-port 990 in
 01117 allow udp from any to any dst-port 990 out
 01118 allow tcp from any to any dst-port 989 in
 01119 allow tcp from any to any dst-port 989 out
 01120 allow udp from any to any dst-port 989 in
 01121 allow udp from any to any dst-port 989 out
 01122 allow tcp from any to any dst-port 1024-65000 keep-state
 01125 allow tcp from any to any dst-port 22 in
 01126 allow tcp from any to any dst-port 22 out
 01130 allow tcp from any to any dst-port 25 in
 01131 allow tcp from any to any dst-port 25 out
 01132 allow tcp from any to any dst-port 587 in
 01133 allow tcp from any to any dst-port 587 out
 01134 allow tcp from any to any dst-port 2525 in
 01135 allow tcp from any to any dst-port 2525 out
 01140 allow tcp from any to any dst-port 110 in
 01141 allow tcp from any to any dst-port 110 out
 01142 allow tcp from any to any dst-port 995 in
 01143 allow tcp from any to any dst-port 995 out
 01144 allow tcp from any to any dst-port 2110 in
 01145 allow tcp from any to any dst-port 2110 out
 01150 allow tcp from any to any dst-port 143 in
 01151 allow tcp from any to any dst-port 143 out
 01152 allow tcp from any to any dst-port 993 in
 01153 allow tcp from any to any dst-port 993 out
 01160 allow udp from any to any dst-port 53 in keep-state
 01161 allow tcp from any to any dst-port 53 in keep-state
 01162 allow udp from any to any dst-port 53 out keep-state
 01163 allow tcp from any to any dst-port 53 out keep-state
 01170 allow tcp from any to any dst-port 80 in
 01171 allow tcp from any to any dst-port 80 out
 01172 allow tcp from any to any dst-port 443 in
 01172 allow tcp from any to any dst-port 443 out
 01180 allow tcp from any to any dst-port  in
 01181 allow tcp from any to any dst-port  out
 65535 deny ip from any to any


 I've tried these rules;

 01160 allow udp from any to any dst-port 53 in
 01161 allow tcp from any to any dst-port 53 in
 01162 allow udp from any to any dst-port 53 out
 01163 allow tcp from any to any dst-port 53 out

 Without the keep-state option, and the problem is still persisting...

 The weird thing is that I've run these rules for a number of years without
 any issues until just recently. I've checked my interface stats to make sure
 there aren't a bunch of fragmented packets or errors, and there aren't. I'm
 not running NAT, it's a publically accessible IP address.

 -Original Message-
 From: Michael Sierchio [mailto:ku...@tenebras.com]
 Sent: Sunday, March 31, 2013 8:58 PM
 To: Don O'Neil
 Cc: freebsd-questions@freebsd.org
 Subject: Re: Problems with IPFW causing failed DNS and FTP sessions

 It would be really helpful if you'd post the ruleset.

 At first glance, your stateful rules seem rather wrong, unless there's a
 check-state above.  Also, in and out aren't discriminating enough - every
 packet is seen by the ruleset more than once.  You should think in terms of
 interfaces, direction, etc.

 Are you doing NAT?  Stateful rules with NAT are indeed possible, but subtle.

 Your problem has nothing to do with server load, and probably everything to
 do with not-terribly-well-conceived ruleset.  Please post yours here.

 - M

 On Sun, Mar 31, 2013 at 8:34 PM, Don O'Neil li...@lizardhill.com wrote:
 Hi everyone. recently my server started having issues with DNS and FTP

Re: Problems with IPFW causing failed DNS and FTP sessions

On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell nightre...@hotmail.com wrote:

 I'm probably not smart enough to be able to help directly with your problem
 but I'd like to add that there is a snowballing DNS Amplification ddos
 attack against SpamHaus going on which is spilling over

Yes, this is very much true.  The ICANN servers are dropping packets
like mad, and many of the .com servers as well.  I am mirroring the
root zone locally to mitigate.

It works to forward DNS to Google's servers (8.8.8.8, 8.8.4.4.) EXCEPT
- they are blocking some net blocks (issuing spurious negative
responses) because of large numbers of nets with hosts in the botnet
participating in the attack.

- M
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Problems with IPFW causing failed DNS and FTP sessions