Re: Bit order == byte order??
Erik Trulsson ertr1...@student.uu.se wrote: On Thu, Mar 03, 2011 at 11:26:12AM -0500, Frank Solensky wrote: In sys/netinet/ip.h, the first octet of the ip header structure tests the byte ordering to determine the ordering of the header length (ip_hl) and version (ip_v) fields. My question: that always works? While my reading of the language specification document leaves both the ordering of the bits within a byte and the bytes within a longer field as implementation choices, the two are independent of each other. I haven't run into a CPU where this assumption was proven incorrect ... Unless you have a CPU where memory is addressed bit-by-bit rather than byte-by-byte the ordering of bits within a byte is not only completely irrelevant, it is also pretty much impossible to determine programatically. Agreed it is at least difficult to determine programatically, however it is quite important when dealing with hardware that converts between a sequence of bytes and a bitstream, e.g. serial ports, network interfaces, SATA ports. Driver writers had _better_ know which bit of the byte, as well as which byte of a word/longword/quadword, is going on the wire first. The O.P. is absolutely correct that bit order within a byte and byte order within a multibyte field need not, in principle, be the same. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Bit order == byte order??
On Fri, Mar 04, 2011 at 01:09:23AM -0800, per...@pluto.rain.com wrote: Erik Trulsson ertr1...@student.uu.se wrote: On Thu, Mar 03, 2011 at 11:26:12AM -0500, Frank Solensky wrote: In sys/netinet/ip.h, the first octet of the ip header structure tests the byte ordering to determine the ordering of the header length (ip_hl) and version (ip_v) fields. My question: that always works? While my reading of the language specification document leaves both the ordering of the bits within a byte and the bytes within a longer field as implementation choices, the two are independent of each other. I haven't run into a CPU where this assumption was proven incorrect ... Unless you have a CPU where memory is addressed bit-by-bit rather than byte-by-byte the ordering of bits within a byte is not only completely irrelevant, it is also pretty much impossible to determine programatically. Agreed it is at least difficult to determine programatically, however it is quite important when dealing with hardware that converts between a sequence of bytes and a bitstream, e.g. serial ports, network interfaces, SATA ports. Driver writers had _better_ know which bit of the byte, as well as which byte of a word/longword/quadword, is going on the wire first. Although it certainly matters for serial I/O devices which bit goes out first on the wire, you only need to know if the I/O hardware will push out data with the most significant bit first or the least significant bit first and possibly adjust the values you write to the I/O hardware if it does not match the order you want the bits to go out. You still don't need to know anything about in which order bits are stored in a byte inside the CPU or in RAM. -- Insert your favourite quote here. Erik Trulsson ertr1...@student.uu.se ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Cannot build jdk16
Hello! /usr/ports/java/jdk16 instructs me to manually fetch tzupdater-1_3_34-2010o.zip and put it in /usr/ports/distfiles - this file however is no longer available and has been replaced by tzupdater-1_3_35-2011b. So what's the best way of installing jdk16 despite of this? Rename tzupdater-1_3_35-2011b to tzupdater-1_3_34-2010o.zip and make -DNO_CHECKSUM? Many thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot build jdk16
On Fri, 4 Mar 2011 12:23:23 +0100, Redd Vinylene reddvinyl...@gmail.com wrote: Hello! /usr/ports/java/jdk16 instructs me to manually fetch tzupdater-1_3_34-2010o.zip and put it in /usr/ports/distfiles - this file however is no longer available and has been replaced by tzupdater-1_3_35-2011b. So what's the best way of installing jdk16 despite of this? Rename tzupdater-1_3_35-2011b to tzupdater-1_3_34-2010o.zip and make -DNO_CHECKSUM? If you don't depend on tzupdater, you should run make config and disable it prior to the build process. Then it won't be requested. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xdm-options - non-bsd user needs bsd rc.d advice
On Thu, 03 Mar 2011 17:01:10 -0500 John D. Hendrickson and Sara Darnell johnandsa...@cox.net wrote: Hi. I'm a BSD idiot I use [Debian] linux. rc.d question I'm trying to release a project (just below) to the widest possible unix audience. I need a line in /etc/inittab and to have a start/stop in /etc/rc.d, nothing unusual I think. I read many freeBSD rc.d materials and it only convinced me as much as I'd learned: if I'm not running BSD I don't know enough to talk about it :) Usually FreeBSD rc.d scripts are maintained by the port maintainer rather than the upstream project. If you are unclear about it, I would suggest you don't bother. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xdm-options - non-bsd user needs bsd rc.d advice
On Thu, 03 Mar 2011 17:01:10 -0500 John D. Hendrickson and Sara Darnell johnandsa...@cox.net wrote: [snip] If anyone would like to quickly comment I'd love to hear why bsd would be a better choice than ubantu (for what audience it is better). Thanks all, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Hi John, same with me as with Chad Perrin. Sadly, I cannot put my issue right and brief at the same time, so please excuse me being verbose. I started with Linux when being in high-school out of frustration of Windows forcing me to do things their way. After switching my entire environment to Suse Linux and after that to a version of RedHat, I quickly found out that I just switched to a different flavour of being forced to do things a certain way. When at university, I tried Gentoo Linux, learned a lot and solved problems my way. Having bought a notebook later on, I decided trying the then very much in vogue Ubuntu with a Xubuntu installation. Although satisfied with the very usable defaults, I was quickly unnerved by not being able to control things. Later, I tried OpenSolaris and FreeBSD and am now using FreeBSD due to the same reasons as Chad Perrin stated: Being a power-user, wanting to control things and (now diverting from Chad's reasons) wanting to use technology (most importantly ZFS) without being impeded for ideological reasons of viral GPLishness. So, same reasons here as with Chad Perrin, safe for an additionally and lately aquired GPL-allergy. @ Chad: Perhaps you might be happier being coerced to use a Linux with a GNU/Linux flavour like Gentoo or ArchLinux. I have never tried the latter, however, with Gentoo you are very much in control. Gentoo effectively forces you to do your own compiling via portage, so be prepared for a very long install. ArchLinux is to my knowledge binary based and might be quicker to install. Both Gentoo and ArchLinux have a reputation to put the user in charge. What drove me away from Gentoo apart from that GPL-flu was deteriorating quality of system tools. You install what is world in FreeBSD from portage in Gentoo, so when updating your portage, necessary system tools sometimes break. I was driven over the edge when some network-etc syntax changed without telling me and I lost my network connection as a result. I had something different in mind for the weekend and was just furious - so treat Gentoo with care. Cheers, -- Christopher J. Ruwe TZ GMT + 1 signature.asc Description: PGP signature
Re: CPU heating!
Hi, [ I'm late on thread, so briefly ] If you get desperate overheating crashes, try eg /usr/sbin/powerd -a min -b min -n min Thats what I'm doing on one box, till I can remove, review/ regrease. One can also observe subsets of values from sysctl -a | grep temp in a while (1) sysctl .. sleep 2 end loop, while re-invoking various powerd -v with different params. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Mail plain text; Not quoted-printable, Not HTML, Not base 64. Reply below text sections not at top, to avoid breaking cumulative context. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
On 4 March 2011 02:43, Jorge Biquez jbiq...@intranet.com.mx wrote: Thank you all for your time and comments. I guess that I will install a firewall, that way I can also block those Class C's from sending tons of emails to non existing accounts I will read the website to see the best options. Any suggestion is more than welcome. Jorge Biquez At 06:02 p.m. 03/03/2011, you wrote: Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. I thought about blockingwell, never mind - might pi$$ someone off and attract unwanted attention... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto: owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough violating log entries are found within a particular period of time. Everything is totally configurable, and there are plenty of examples that come with it. Patrick On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez jbiq...@intranet.com.mx wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I just need to block some IP class C address that are always trying to discover directories or applications under the web server. They do not do and can not do anything since this server has nothing installed but i am tired of seeing in the logs all the intents they do every 2-3 seconds. I have not installed any kind of firewall yet. What do you think is the best way to accomplish this task? If possible the easiest one. I do not want to do anything else but just bloc IP's, at this moment at least. Thanks in advance. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org you might wamt to look at geoip as well. you can open up services to specif regions then, or block other regions. Can be controversial though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql missing from my home-page WordPress....
Quoth Zbigniew Szalbot on Friday, 04 March 2011: Hello, Thanks duly noted to everyone. I was beginning to wonder if I had lost what mind I've got left! Not used to losing my two trial blog, (1), and beyond that, being dumbfounded at how messy it may be to keep WP current. (2) It seems to me you are making you life more difficult with WP than it needs to be. Keeping WP current is a piece of cake, and you do not need to do it via ports. WP has built-in ftp capabilities and once you provide it with proper credentials, upgrading is as easy as clicking the upgrade button from within WP admin interface. This way you can keep multiple WP installations and easily maintain them. :) I have not had a lot of luck with upgrading from within the admin panel, but it is still easy to upgrade by downloading the latest tarball and simply extracting it over the installation. Then go into the admin panel to see if it requires that you press a button to update the database. Done! Of course, make a backup first. -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com pgpdflAWmvQoM.pgp Description: PGP signature
Re: xdm-options - non-bsd user needs bsd rc.d advice
On Fri, Mar 04, 2011 at 03:28:10PM +0100, Christopher J. Ruwe wrote: Later, I tried OpenSolaris and FreeBSD and am now using FreeBSD due to the same reasons as Chad Perrin stated: Being a power-user, wanting to control things and (now diverting from Chad's reasons) wanting to use technology (most importantly ZFS) without being impeded for ideological reasons of viral GPLishness. I'd say you diverted from what I satated -- though not from my reasons overall. That is actually among the reasons I prefer FreeBSD, even if I didn't mention it. So, same reasons here as with Chad Perrin, safe for an additionally and lately aquired GPL-allergy. My GPL-allergy has been around since late 2003, but has been growing in strength. 2006 was when it finally got to the point where I stopped using Linux-based systems for my own purposes until some video issues forced me back to it last month. @ Chad: Perhaps you might be happier being coerced to use a Linux with a GNU/Linux flavour like Gentoo or ArchLinux. I have never tried the latter, however, with Gentoo you are very much in control. Gentoo effectively forces you to do your own compiling via portage, so be prepared for a very long install. ArchLinux is to my knowledge binary based and might be quicker to install. Both Gentoo and ArchLinux have a reputation to put the user in charge. I'm considering ArchLinux. I've played with Gentoo in the past (2004ish), and did not much find it to my liking -- mostly because of software stability issues and a community overrun with ricers. What drove me away from Gentoo apart from that GPL-flu was deteriorating quality of system tools. You install what is world in FreeBSD from portage in Gentoo, so when updating your portage, necessary system tools sometimes break. I was driven over the edge when some network-etc syntax changed without telling me and I lost my network connection as a result. I had something different in mind for the weekend and was just furious - so treat Gentoo with care. That kind of breakage is among the reasons I didn't like Gentoo. Around that time, Debian was much more stable in practice (even Debian Testing), but things have changed in the Debian world since I last used it for my own purposes five years ago; now, it's prone to breakage as well, evidently. From your description, it sounds like Gentoo wouldn't solve the kinds of problems I'm having with Debian; it would just rearrange the deck chairs on the Titanic. I've heard Arch is a tolerable substitute for FreeBSD when you must use Linux-based systems for some reason. I'm probably going to wipe the system and reinstall this weekend to try to solve my networking issue, and Arch looks like the option I'll try -- though I'll probably check into whether OpenBSD has support for the graphics chipset in this laptop, too (I really doubt it). . . . and then, as soon as the graphics support gets sorted out in FreeBSD, I'll probably wipe again and install FreeBSD. I had FreeBSD installed on it briefly already, and everything about it worked exactly as expected except the graphics, after all. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgptAieZrb8Kp.pgp Description: PGP signature
portmaster -a command fails - *** Error code 1
Hi folks, I see I have some ports that need to be updated, so I'm using portmaster (portmaster -a to be specific), and it fails with the following - === Starting check for build dependencies === Gathering dependency list for textproc/docproj-nojadetex from ports === No dependencies for textproc/docproj-nojadetex === Cleaning for docproj-nojadetex-1.17_4 === /usr/ports/textproc/docproj-nojadetex/work not writable, skipping touch: /usr/ports/textproc/docproj-nojadetex/work/.build_done.docproj._usr_local: Operation not permitted *** Error code 1 Stop in /usr/ports/textproc/docproj-nojadetex. === make failed for textproc/docproj-nojadetex === Aborting update === Update for textproc/docproj-nojadetex failed === Aborting update === Update for misc/freebsd-doc-en failed === Aborting update === You can restart from the point of failure with this command line: portmaster flags misc/freebsd-doc-en textproc/docproj-nojadetex graphics/netpbm graphics/jasper graphics/libglut x11-toolkits/libXmu x11-toolkits/libXt x11/libSM devel/automake x11/libICE x11/libXi graphics/jbigkit graphics/png graphics/tiff graphics/peps print/ghostscript8 graphics/jbig2dec print/cups-image print/cups-client security/gnutls print/gsfonts x11-fonts/fontconfig print/freetype2 graphics/scr2png textproc/docbook-410 textproc/iso8879 textproc/xmlcatmgr textproc/docbook-xml textproc/docbook-xsl textproc/docbook textproc/docbook-420 textproc/docbook-430 textproc/docbook-440 textproc/docbook-450 textproc/docbook-500 textproc/xmlcharent textproc/docbook-sk textproc/docbook-xml-430 textproc/docbook-xml-440 textproc/docbook-xml-450 textproc/dsssl-docbook-modular textproc/fixrtf textproc/html textproc/html2text textproc/jade textproc/linuxdoc textproc/p5-XML-Parser textproc/scr2txt textproc/xhtml www/links1 www/tidy devel/libtool security/ca_root_nss devel/libsigsegv net/openldap24-client devel/pcre devel/apr1 devel/autoconf ftp/curl www/apache22 www/privoxy www/sarg sysutils/webmin Any ideas on what my problem(s) is and how to solve it??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
On 03/04/11 15:37, Ed Flecko wrote: [Snips] Given this: ===/usr/ports/textproc/docproj-nojadetex/work not writable, skipping Any ideas on what my problem(s) is and how to solve it??? Either you've got a read-only /usr/ports or you've forgotten to run as root. [I will admit to doing the latter occasionally.] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
determining freebsd-update status
to determine roughly where a server is in its updates (we're running only RELEASE) i do: 1 - check the 1st 4 fields of the tag file in the freebsd-update working dir. 2 - check the output of freebsd-update IDS. is it the case that freebsd-update IDS checks base system status relative to what's referenced in the tag file? tia tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql missing from my home-page WordPress....
On Fri, Mar 04, 2011 at 07:27:44AM -0800, Chip Camden wrote: I have not had a lot of luck with upgrading from within the admin panel, but it is still easy to upgrade by downloading the latest tarball and simply extracting it over the installation. Then go into the admin panel to see if it requires that you press a button to update the database. Done! Of course, make a backup first. . . . and Heaven help you if you had to make any nontrivial changes to your local install of WordPress to make up for some of its many deficiencies, and don't have a detailed record of exactly what changes you made, since I know of no upgrade methodology for WordPress that don't destroy such changes in a way that makes it effectively impossible to just apply a patch to reintroduce them. WordPress developers apparently like to substantially change the way things look in all the core files (thus breaking patches made from earlier versions) without substantively changing the way things work or the readability of the code. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpstENE4ZRWH.pgp Description: PGP signature
Re: portmaster -a command fails - *** Error code 1
Thanks gentlemen; I was not running portmaster as root. When I re-run portmaster -a as root, I get the following: === Starting check for runtime dependencies === Gathering dependency list for devel/automake from ports === Dependency check complete for devel/automake en-freebsd-doc-20100625 textproc/docproj-nojadetex graphics/netpbm graphics/jasper graphics/libglut x11-toolkits/libXmu x11-toolkits/libXt x11/libSM devel/automake === Installing for automake-1.11.1 === Generating temporary packing list === Checking if devel/automake already installed === automake-1.11.1 is already installed You may wish to ``make deinstall'' and install this port again by ``make reinstall'' to upgrade it properly. If you really wish to overwrite the old port of devel/automake without deleting it first, set the variable FORCE_PKG_REGISTER in your environment or the make install command line. *** Error code 1 Stop in /usr/ports/devel/automake. Suggestions? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot build jdk16
04.03.2011 14:23, Redd Vinylene пишет: Hello! /usr/ports/java/jdk16 instructs me to manually fetch tzupdater-1_3_34-2010o.zip and put it in /usr/ports/distfiles - this file however is no longer available and has been replaced by tzupdater-1_3_35-2011b. So what's the best way of installing jdk16 despite of this? Rename tzupdater-1_3_35-2011b to tzupdater-1_3_34-2010o.zip and make -DNO_CHECKSUM? Many thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=155270 -- Regards, Ruslan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql missing from my home-page WordPress....
Quoth Chad Perrin on Friday, 04 March 2011: On Fri, Mar 04, 2011 at 07:27:44AM -0800, Chip Camden wrote: I have not had a lot of luck with upgrading from within the admin panel, but it is still easy to upgrade by downloading the latest tarball and simply extracting it over the installation. Then go into the admin panel to see if it requires that you press a button to update the database. Done! Of course, make a backup first. . . . and Heaven help you if you had to make any nontrivial changes to your local install of WordPress to make up for some of its many deficiencies, and don't have a detailed record of exactly what changes you made, since I know of no upgrade methodology for WordPress that don't destroy such changes in a way that makes it effectively impossible to just apply a patch to reintroduce them. WordPress developers apparently like to substantially change the way things look in all the core files (thus breaking patches made from earlier versions) without substantively changing the way things work or the readability of the code. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] Yes, I've been bitten by that. Nowadays I confine all of my customizations to plugins or theme files, os I can always drop in their latest version and then check to see if they broke the plugins somehow (which has happened on occasion). -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com pgp0HDrqpcqog.pgp Description: PGP signature
Re: portmaster -a command fails - *** Error code 1
On 03/04/11 17:00, Ed Flecko wrote: Thanks gentlemen; I was not running portmaster as root. When I re-run portmaster -a as root, I get the following: === Starting check for runtime dependencies === Gathering dependency list for devel/automake from ports === Dependency check complete for devel/automake en-freebsd-doc-20100625 textproc/docproj-nojadetex graphics/netpbm graphics/jasper graphics/libglut x11-toolkits/libXmu x11-toolkits/libXt x11/libSM devel/automake === Installing for automake-1.11.1 ===Generating temporary packing list === Checking if devel/automake already installed ===automake-1.11.1 is already installed You may wish to ``make deinstall'' and install this port again by ``make reinstall'' to upgrade it properly. If you really wish to overwrite the old port of devel/automake without deleting it first, set the variable FORCE_PKG_REGISTER in your environment or the make install command line. *** Error code 1 Stop in /usr/ports/devel/automake. Suggestions? Do what it says? make -C /usr/ports/devel/automake deinstall reinstall or maybe (note the lack of -a here) env FORCE_PKG_REGISTER=yes portmaster devel/automake and then try portmaster -a again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xdm-options - non-bsd user needs bsd rc.d advice
Readers will surely see more and more people having similar reasons why those who happily use FreeBSD do not want to go back to Linux, or even worse, Windows. I may include myself here, with the special case that I've never been a Windows user, so my mind is clean and healthy and unspoiled of MICROS~1's strange ideas of how things work. :-) On Fri, 4 Mar 2011 15:28:10 +0100, Christopher J. Ruwe c...@cruwe.de wrote: I started with Linux when being in high-school out of frustration of Windows forcing me to do things their way. In my case, it happened in school, simply because of the reason that I needed a versatile typesetting system (text, formulas, graphs) to print to a laser printer. As LaTeX was already available on Linux, I started with Slackware which was a very UNIX-like system (a positive opinion!) at that time. Later on, I did use PTS-Linux (derived from DLD, a german Linux distribution, if I remember correctly), as well as S.u.S.E.-Linux (its formal name at that time). While I found that generic UNIX knowledge was applicable everywhere, Linux knowledge was not, as you could see from file names and locations, procedures, and configuration statements which could not be transferred 1:1 between the systems. When at university, I tried Gentoo Linux, learned a lot and solved problems my way. Having bought a notebook later on, I decided trying the then very much in vogue Ubuntu with a Xubuntu installation. Although satisfied with the very usable defaults, I was quickly unnerved by not being able to control things. University was the time when I found out about FreeBSD. Having generic UNIX knowledge already (Linux, Solaris, IRIX) I could predict (!) where things are on a FreeBSD system, how they act, and what they do. This was my main reason to keep using this system, exlusively as a home desktop since version 4.0, without any disadvantages so far. I doubt that Linux would have delivered the quality I'm looking for: The quality of not being forced to abandon fully functional hardware simply because new defaults tell me I need a plentycore CPU and tenmelonhundred GB of RAM, just to keep doing the same things. As a developer, targetting Linux (as a family of operating systems) is not very easy, as they all do differ in some way. At least there is source code to consult if problems arise, but sometimes you're searching through header files to find out what *foo() is today. :-) What drove me away from Gentoo apart from that GPL-flu was deteriorating quality of system tools. You install what is world in FreeBSD from portage in Gentoo, so when updating your portage, necessary system tools sometimes break. Linux does not differentiate between the system and everything else; even the kernel can be seen as a package on the system. Along with different packaging systems, distributions differ in what packages they use to make their base system (default amount of installation). For developers, FreeBSD is an EXCELLENT operating system as it offers consistency, compatibility and interoperatbility at a good speed ratio (won't run slower after upgrading). The code quality and the availability of good documentation (man pages, handbook, FAQ), even accessible LOCALLY with no Internet connection at hand, makes it a strong partner for DURABLE solutions in software development. A friendly and intelligent community adds to the sum. The sum is SUPERIOR to what I could experience in my career. I know this is a quite general statement and doesn't help the OP in particular, but I thought it would be worth sharing it. I hope it was. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
Thanks Aurthur. :-) It's funny...I DID what it asks and it still didn't work (make deinstall, etc.). Apparently, I installed it from a package, so I did a pkg_delete automake and then started my portmaster -a again and it seems to be running fine. :-) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: determining freebsd-update status
On Fri, Mar 04, 2011 at 11:32:11AM -0500, Tom Worster thus spake: to determine roughly where a server is in its updates (we're running only RELEASE) i do: 1 - check the 1st 4 fields of the tag file in the freebsd-update working dir. Just because the 1st 4 fields are populated, doesn't necessarily imply it is running at that version. The tag is stating what it has recently seen as available on the update server, but that doesn't mean that those updates have been installed. 2 - check the output of freebsd-update IDS. is it the case that freebsd-update IDS checks base system status relative to what's referenced in the tag file? No. The hash index file is pulled from the update server for the installed release, and your system is compared with that. tia tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -jgh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
On 03/04/11 17:36, Ed Flecko wrote: Thanks Aurthur. :-) It's funny...I DID what it asks and it still didn't work (make deinstall, etc.). A tip for the future: always say what you've tried. It lets us save our waning mind reading powers for important cases, like working out what the wife actually wants for her birthday when all she says is oh, any little thing will do. :-) Apparently, I installed it from a package, so I did a pkg_delete automake and then started my portmaster -a again and it seems to be running fine. Ah, the third option which I forgot to mention. It's always the option one forgets to mention that works. In theory package install and port install are supposed to be the same (modulo config options). In practice there are odd cases, and automake seems to provoke them. Thinking back, I've had to pkg_delete it before now in order to upgrade, and I always install from ports. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: determining freebsd-update status
thanks for the answers, jason. two more questions below. On 3/4/11 1:09 PM, Jason Helfman jhelf...@e-e.com wrote: On Fri, Mar 04, 2011 at 11:32:11AM -0500, Tom Worster thus spake: to determine roughly where a server is in its updates (we're running only RELEASE) i do: 1 - check the 1st 4 fields of the tag file in the freebsd-update working dir. Just because the 1st 4 fields are populated, doesn't necessarily imply it is running at that version. The tag is stating what it has recently seen as available on the update server, but that doesn't mean that those updates have been installed. ok. 2 - check the output of freebsd-update IDS. is it the case that freebsd-update IDS checks base system status relative to what's referenced in the tag file? No. The hash index file is pulled from the update server for the installed release, and your system is compared with that. the installed release being what exactly? and how does freebsd-update determine what it is? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
these situations arise quite often where you have to delete a port before portmaster will continue. sometimes you can predict it by reading /usr/ports/UPDATING not that this is the only reason to read UPDATING. On 3/4/11 1:37 PM, Arthur Chance free...@qeng-ho.org wrote: On 03/04/11 17:36, Ed Flecko wrote: Thanks Aurthur. :-) It's funny...I DID what it asks and it still didn't work (make deinstall, etc.). A tip for the future: always say what you've tried. It lets us save our waning mind reading powers for important cases, like working out what the wife actually wants for her birthday when all she says is oh, any little thing will do. :-) Apparently, I installed it from a package, so I did a pkg_delete automake and then started my portmaster -a again and it seems to be running fine. Ah, the third option which I forgot to mention. It's always the option one forgets to mention that works. In theory package install and port install are supposed to be the same (modulo config options). In practice there are odd cases, and automake seems to provoke them. Thinking back, I've had to pkg_delete it before now in order to upgrade, and I always install from ports. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: determining freebsd-update status
On Fri, Mar 04, 2011 at 02:05:15PM -0500, Tom Worster thus spake: thanks for the answers, jason. two more questions below. np On 3/4/11 1:09 PM, Jason Helfman jhelf...@e-e.com wrote: On Fri, Mar 04, 2011 at 11:32:11AM -0500, Tom Worster thus spake: to determine roughly where a server is in its updates (we're running only RELEASE) i do: 1 - check the 1st 4 fields of the tag file in the freebsd-update working dir. Just because the 1st 4 fields are populated, doesn't necessarily imply it is running at that version. The tag is stating what it has recently seen as available on the update server, but that doesn't mean that those updates have been installed. ok. 2 - check the output of freebsd-update IDS. is it the case that freebsd-update IDS checks base system status relative to what's referenced in the tag file? No. The hash index file is pulled from the update server for the installed release, and your system is compared with that. the installed release being what exactly? What the system is running. and how does freebsd-update determine what it is? From the code, it appears to use `uname -r` and `uname -m`, for release and architecture, respectively. -jgh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql missing from my home-page WordPress....
[Just a top post to say that recent troubles of unknown cause on my server --7.3-- have drained time from my thought of joining the Blogger World.] On Fri, Mar 04, 2011 at 09:09:20AM -0800, Chip Camden wrote: Quoth Chad Perrin on Friday, 04 March 2011: On Fri, Mar 04, 2011 at 07:27:44AM -0800, Chip Camden wrote: I have not had a lot of luck with upgrading from within the admin panel, but it is still easy to upgrade by downloading the latest tarball and simply extracting it over the installation. Then go into the admin panel to see if it requires that you press a button to update the database. Done! Of course, make a backup first. I make bups of bups; the thing is that when I _thought_ i had upgraded by push-button nothing had actually happened. My version had not been uprev'd to 3.1; it was still a 3.0.4. Etc. I'mall but certain this would have been the same if I were running Linux. ...So yes, I will d/load stuff, move or scp it into my www/data/blog/* and extract. My proposed site is titled ...And miles to go before I sleep; the blog directory is, literally blog. (I posted a question on the forum about where to change the author info and someone said it was www.home/blog/author/authorID --IIRC. I didn't understand the answer.) . . . and Heaven help you if you had to make any nontrivial changes to your local install of WordPress to make up for some of its many deficiencies, and don't have a detailed record of exactly what changes you made, since I know of no upgrade methodology for WordPress that don't destroy such changes in a way that makes it effectively impossible to just apply a patch to reintroduce them. WordPress developers apparently like to substantially change the way things look in all the core files (thus breaking patches made from earlier versions) without substantively changing the way things work or the readability of the code. I just found the WP-3.1.zip file in my ~/Downloads directory. I had not looked. On the WP.org forum I claimed to be running 3.1 rather than 3.0.4. Could have have nosed me somehow? How tightly integrated are the clients integrated with WordPress? Another thin I don't quite get is whether this group in a non-profit [.org] or a for-profit [.com]. I've seen some instructive videos for this effort; I'm assuming that these are for the .com/commercial side. Is there a place on the WP .org side that has a series of tutorials-- 001 to NNN that I should read? This one isn't going to be plug-in-an-use; it looks like it demands at least a moderate learning curve. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] Yes, I've been bitten by that. Nowadays I confine all of my customizations to plugins or theme files, os I can always drop in their latest version and then check to see if they broke the plugins somehow (which has happened on occasion). Yipes. Thanks for the clue. gary -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix Journey Toward the Dawn, E-Book: http://www.thought.org The 7.98a release of Jottings: http://jottings.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: license of the code in freebsd documantation
On Thu, Mar 03, 2011 at 11:53:14PM +0900, Kouichiro Iwao wrote: I'm writing a script based on the code in freebsd docs, and caring about the license of it. The original scripts are example 6 and 7 of the following page. How do I have to treat my code if I distribute it? http://www.freebsd.org/doc/en/articles/ldap-auth/client.html I know freebsd docs is licensed under The FreeBSD Documantation License but don't know about codes in them. -- kiwao m...@club.kyutech.ac.jp Since those scripts have been contributed to the FreeBSD project, I would treat them as if they had the standard FreeBSD license. If you do that, then you should be playing safe i.e they're almost certainly not under a more restrictive license. Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html pgpbLhE2OcjMH.pgp Description: PGP signature
Re: mysql missing from my home-page WordPress....
Quoth Gary Kline on Friday, 04 March 2011: ✂ snip ✂ it into my www/data/blog/* and extract. My proposed site is titled ...And miles to go before I sleep; the blog directory is, literally blog. (I posted a question on the forum about where to change the author info and someone said it was www.home/blog/author/authorID --IIRC. I didn't understand the answer.) ✂ snip ✂ It's in the MySQL database. You change it by going into the admin panel (www.home/blog/wp-admin) then go to the general settings (on the left sidebar, under Settings click General or navigate to www.home/blog/wp-admin/options-general.php). ✂ snip ✂ I just found the WP-3.1.zip file in my ~/Downloads directory. I had not looked. On the WP.org forum I claimed to be running 3.1 rather than 3.0.4. Could have have nosed me somehow? How tightly integrated are the clients integrated with WordPress? Another thin I don't quite get is whether this group in a non-profit [.org] or a for-profit [.com]. Wordpress.org is the site for the open source Wordpress project. It's where you download sources, and where everything's documented. Wordpress.com is a site where you can sign up for a free account that they host. You might want to bookmark http://codex.wordpress.org/Main_Page ✂ snip ✂ -- Sterling (Chip) Camden | sterl...@camdensoftware.com | 2048D/3A978E4F http://chipsquips.com | http://camdensoftware.com | http://chipstips.com pgpWQEvbihQfs.pgp Description: PGP signature
Re: Simplest way to deny access to a class C
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten ggat...@waddell.com wrote: Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. Fortunately this is a relatively low risk with fail2ban, because to spoof a failed SSH connection you need to spoof a whole three-way TCP handshake.This could happen, but only if the attacker is on the same subnet as the affected customer or can intercept all their traffic for a man-in-the-middle attack. A bigger risk is customers fat-fingering their password repeatedly and locking themselves out. ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Purchased Binaries
I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. I am not convinced I want to run production software on the Linux compatibility suite. No good reason other than it sounds like its adding a lot more opportunities for breakage. This has to be an always up application. I have virtually no knowledge of CentOS other than it was installed on one server when I got it. Any chance those binaries might work on FreeBSD? I am planning on starting with FreeBSD 8.2 since its just out and working fine on one of my servers, but could use an earlier version if required to make this stuff run. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
On Fri, 4 Mar 2011 13:24:32 -0800, Doug Hardie bc...@lafn.org wrote: I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. I am not convinced I want to run production software on the Linux compatibility suite. FreeBSD itself offers a Linux ABI - an alternative binary interface. Maybe you'll need additional libraries or programs that are provided by linux-* ports. No good reason other than it sounds like its adding a lot more opportunities for breakage. It's often said that FreeBSD's Linux ABI runs Linux programs faster and better than pure Linux, but as I don't use Linux programs on my FreeBSD systems, I can't be more specific on this claim. This has to be an always up application. I have virtually no knowledge of CentOS other than it was installed on one server when I got it. Any chance those binaries might work on FreeBSD? That's really hard to estimate without further knowledge. You should at least TRY to run the application in question and see if it brings up further requirements or problems, and upon that experience, make further decisions. I am planning on starting with FreeBSD 8.2 since its just out and working fine on one of my servers, but could use an earlier version if required to make this stuff run. It shouldn't be neccessary to use older versions of FreeBSD. However you can install the COMPAT[4567] components (kernel settings and ports) to provide that level of OS access if it should be required. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD kernel init slower than linux
Hello, I know this is a awful subject, but I recently tried a Gentoo on my laptop and I was surprised to see Linux booting about 2-3 times faster than FreeBSD. I don't talk about the init/rc script but only kernel initialisation. For linux kernel it's around 5-6 seconds vs 15-18 seconds for FreeBSD. Why FreeBSD is so slower than Linux to boot the kernel? Cheers, -- David Demelier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel init slower than linux
I guess part of it must have something to do with how the devices are identified by the FreeBSD kernel vs linux. I know also that when using a ZFS boot partition, it takes a lot longer to my system to boot compared to UFS... On Fri, Mar 4, 2011 at 5:10 PM, David Demelier demelier.da...@gmail.comwrote: Hello, I know this is a awful subject, but I recently tried a Gentoo on my laptop and I was surprised to see Linux booting about 2-3 times faster than FreeBSD. I don't talk about the init/rc script but only kernel initialisation. For linux kernel it's around 5-6 seconds vs 15-18 seconds for FreeBSD. Why FreeBSD is so slower than Linux to boot the kernel? Cheers, -- David Demelier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xdm-options - non-bsd user needs bsd rc.d advice
On Fri, Mar 4, 2011 at 9:34 AM, Polytropon free...@edvax.de wrote: While I found that generic UNIX knowledge was applicable everywhere, Linux knowledge was not, as you could see from file names and locations, procedures, and configuration statements which could not be transferred 1:1 between the systems. I find that's true even going between true UNIX systems, like FreeBSD and Solaris. Maybe it was different back in the SunOS days, but modern Solaris has a lot of very Solaris-specific tools that work in opaque ways; for example, you don't edit links to /etc/init.d anymore, you create an XML service description file and use svcadm to manipulate it in some hidden database. There are still BSD-ish tools in Solaris (and GNU tools, too), but Solaris purists will strongly discourage you from using them. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel init slower than linux
On Fri, 2011-03-04 at 23:10 +0100, David Demelier wrote: Why FreeBSD is so slower than Linux to boot the kernel? I think it's because no concerted effort has been put into optimizing the boot time on FreeBSD. I tested a stripped-down kernel on my iBook G4 a while ago and it would boot in a couple of seconds - but that was without any network card, USB support etc. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
On 4 March 2011, at 14:45, Charlie Kester wrote: On Fri 04 Mar 2011 at 13:24:32 PST Doug Hardie wrote: I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. Are you bidding against a Linux guy for this job? No. I have the job. That doesn't sound like a reasonable demand. Does he want your final answer on Monday, or do you think you can buy some time for further investigation He is under the gun and needs to get this working last week. if you tell him about FreeBSD's support for the Linux ABI, etc.? He is pretty much non-technical and will go with any solution I believe will work. Maybe bring in a FreeBSD laptop and do a demo where you install some Linux binary from the web and show him that it runs? (Be sure to practice the demo beforehand!) I still wouldn't give him an ironclad guarantee that the software he bought will run too, but perhaps the demo will raise his confidence level enough to give you a chance to find out. Pretty much I will have the real software on Monday and will need to get it up and going very quickly. I want to use FreeBSD because all the other parts of what he needs I already have running on various FreeBSD servers. Also, I very much like the FreeBSD approach (like to pf) of don't break things that previously worked without workarounds so that production systems are not killed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
On Fri 04 Mar 2011 at 13:24:32 PST Doug Hardie wrote: I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. Are you bidding against a Linux guy for this job? That doesn't sound like a reasonable demand. Does he want your final answer on Monday, or do you think you can buy some time for further investigation if you tell him about FreeBSD's support for the Linux ABI, etc.? Maybe bring in a FreeBSD laptop and do a demo where you install some Linux binary from the web and show him that it runs? (Be sure to practice the demo beforehand!) I still wouldn't give him an ironclad guarantee that the software he bought will run too, but perhaps the demo will raise his confidence level enough to give you a chance to find out. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
On Fri, Mar 04, 2011 at 01:24:32PM -0800, Doug Hardie wrote: I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. I am not convinced I want to run production software on the Linux compatibility suite. No good reason other than it sounds like its adding a lot more opportunities for breakage. This has to be an always up application. I have virtually no knowledge of CentOS other than it was installed on one server when I got it. Any chance those binaries might work on FreeBSD? I am planning on starting with FreeBSD 8.2 since its just out and working fine on one of my servers, but could use an earlier version if required to make this stuff run. Linux binaries . . . ? That's unlikely to work on FreeBSD without the Linux compatibility layer. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgp3SoqmkGlvG.pgp Description: PGP signature
Re: FreeBSD kernel init slower than linux
On Fri, Mar 4, 2011 at 2:51 PM, Bruce Cran br...@cran.org.uk wrote: I think it's because no concerted effort has been put into optimizing the boot time on FreeBSD. I tested a stripped-down kernel on my iBook G4 a while ago and it would boot in a couple of seconds - but that was without any network card, USB support etc. I think that's correct. There was a concerted effort to optimize boot time on Linux once people started to run it on netbooks, where fast booting is a big deal. FreeBSD concentrates mostly on servers, and no one really cares how long it takes a server to boot because you don't boot them very often... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
On Fri, Mar 4, 2011 at 2:54 PM, Doug Hardie bc...@lafn.org wrote: Pretty much I will have the real software on Monday and will need to get it up and going very quickly. I want to use FreeBSD because all the other parts of what he needs I already have running on various FreeBSD servers. Also, I very much like the FreeBSD approach (like to pf) of don't break things that previously worked without workarounds so that production systems are not killed. The only problem I can see -- assuming it runs at all -- is that any tech support contracts for the software will likely assume you're running it under Linux. They may not be happy trying to troubleshoot it under FreeBSD and may want to blame the OS for any problems you encounter. I try to run commercial software on officially supported operating systems just for that reason. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
fail2ban by default only bans an IP for 10 minutes, and that's configurable. It can also email you anytime it imposes a ban, so one can keep an eye on things at least in the beginning to see if it's causing a problem for legitimate users. On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten ggat...@waddell.com wrote: Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. I thought about blockingwell, never mind - might pi$$ someone off and attract unwanted attention... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough violating log entries are found within a particular period of time. Everything is totally configurable, and there are plenty of examples that come with it. Patrick On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez jbiq...@intranet.com.mx wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I just need to block some IP class C address that are always trying to discover directories or applications under the web server. They do not do and can not do anything since this server has nothing installed but i am tired of seeing in the logs all the intents they do every 2-3 seconds. I have not installed any kind of firewall yet. What do you think is the best way to accomplish this task? If possible the easiest one. I do not want to do anything else but just bloc IP's, at this moment at least. Thanks in advance. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
On Fri, Mar 4, 2011 at 7:14 PM, Patrick Gibson gibblert...@gmail.comwrote: fail2ban by default only bans an IP for 10 minutes, and that's configurable. It can also email you anytime it imposes a ban, so one can keep an eye on things at least in the beginning to see if it's causing a problem for legitimate users. On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten ggat...@waddell.com wrote: Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. I thought about blockingwell, never mind - might pi$$ someone off and attract unwanted attention... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto: owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough violating log entries are found within a particular period of time. Everything is totally configurable, and there are plenty of examples that come with it. Patrick On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez jbiq...@intranet.com.mx wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I just need to block some IP class C address that are always trying to discover directories or applications under the web server. They do not do and can not do anything since this server has nothing installed but i am tired of seeing in the logs all the intents they do every 2-3 seconds. I have not installed any kind of firewall yet. What do you think is the best way to accomplish this task? If possible the easiest one. I do not want to do anything else but just bloc IP's, at this moment at least. I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Thanks in advance. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -a command fails - *** Error code 1
On Fri, 04 Mar 2011 18:37:32 + Arthur Chance free...@qeng-ho.org wrote: On 03/04/11 17:36, Ed Flecko wrote: Thanks Aurthur. :-) It's funny...I DID what it asks and it still didn't work (make deinstall, etc.). ... Apparently, I installed it from a package, so I did a pkg_delete automake and then started my portmaster -a again and it seems to be running fine. Ah, the third option which I forgot to mention. It's always the option one forgets to mention that works. In theory package install and port install are supposed to be the same (modulo config options). In practice there are odd cases, and automake seems to provoke them. Thinking back, I've had to pkg_delete it before now in order to upgrade, and I always install from ports. It's not really a matter of ports verses packages, a make deinstall calls pkg_delete. The suggestion You may wish to ``make deinstall'' and install this port again... shouldn't be taken too seriously, since it just a standard response to a make install on an already installed port. It probably fails because what's needed is to delete the package, not delete and reinstall. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
multimedia/py-gstreamer build failure
Anyone have an idea on this? It's blocking dozens of apps that need updating. --- Installing 'py27-gstreamer-0.10.21' from a port (multimedia/py-gstreamer) --- Building '/usr/ports/multimedia/py-gstreamer' === Cleaning for py27-gstreamer-0.10.21 === License LGPL21 accepted by the user === Extracting for py27-gstreamer-0.10.21 = SHA256 Checksum OK for gst-python-0.10.21.tar.bz2. === Patching for py27-gstreamer-0.10.21 === py27-gstreamer-0.10.21 depends on file: /usr/local/lib/python2.7/site-packages/libxml2mod.so - found === py27-gstreamer-0.10.21 depends on file: /usr/local/bin/python2.7 - found === py27-gstreamer-0.10.21 depends on executable: gmake - found === py27-gstreamer-0.10.21 depends on package: gstreamer-plugins=0.10.0 - found === py27-gstreamer-0.10.21 depends on executable: pkg-config - found === py27-gstreamer-0.10.21 depends on executable: pygobject-codegen-2.0 - found === py27-gstreamer-0.10.21 depends on shared library: glib-2.0.0 - found === Configuring for py27-gstreamer-0.10.21 checking for a BSD-compatible install... /usr/bin/install -c -o root -g wheel checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /usr/local/bin/gmkdir -p checking for gawk... gawk checking whether gmake sets $(MAKE)... yes checking nano version... 0 (release) checking whether to enable maintainer-specific portions of Makefiles... no checking build system type... i386-portbld-freebsd8.2 checking host system type... i386-portbld-freebsd8.2 checking how to print strings... printf checking for style of include used by gmake... GNU checking for gcc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking dependency style of cc... gcc3 checking for a sed that does not truncate output... /usr/bin/sed checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for fgrep... /usr/bin/grep -F checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... (cached) 262144 checking whether the shell understands some XSI constructs... yes checking whether the shell understands +=... no checking how to convert i386-portbld-freebsd8.2 file names to i386-portbld-freebsd8.2 format... func_convert_file_noop checking how to convert i386-portbld-freebsd8.2 file names to toolchain format... func_convert_file_noop checking for /usr/bin/ld option to reload object files... -r checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for dlltool... dlltool checking how to associate runtime and link libraries... printf %s\n checking for ar... ar checking for archiver @FILE support... no checking for strip... strip checking for ranlib... ranlib checking command to parse /usr/bin/nm -B output from cc object... ok checking for sysroot... no checking for mt... mt checking if mt is a manifest tool... no checking how to run the C preprocessor... cpp checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir... .libs checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC -DPIC checking if cc PIC flag -fPIC -DPIC works... yes checking if cc static flag -static works... yes checking if cc supports -c -o file.o... yes checking if cc supports -c -o file.o... (cached) yes checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... freebsd8.2 ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for gcc... (cached) cc checking whether we are using the GNU C compiler... (cached) yes checking whether cc accepts -g... (cached) yes checking for cc option to accept ISO C89... (cached) none needed checking dependency style of cc... (cached) gcc3 checking for cc option to accept ISO C99... -std=gnu99 checking for cc
Fwd: multimedia/py-gstreamer build failure [SOLVED]
It would appear there was some python 2.6 cruft left floating around, rebuilding gstreamer and related ports fixed this. Sorry about the noise. `/usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/gst' CC _gst_la-gst-argtypes.lo CC _gst_la-gstmodule.lo CC _gst_la-pygstiterator.lo CC _gst_la-pygstminiobject.lo CC _gst_la-pygstvalue.lo CC _gst_la-pygstexception.lo GENgst.c Traceback (most recent call last): File ../codegen/codegen.py, line 1575, in module sys.exit(main(sys.argv)) File ../codegen/codegen.py, line 1532, in main o = override.Overrides(arg, path=extendpath) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 49, in __init__ self.handle_file(filename) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 92, in handle_file self.__parse_override(buf, startline, filename) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 174, in __parse_override self.handle_file(filename) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 92, in handle_file self.__parse_override(buf, startline, filename) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 174, in __parse_override self.handle_file(filename) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 92, in handle_file self.__parse_override(buf, startline, filename) File /usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/codegen/override.py, line 104, in __parse_override command = words[0] IndexError: list index out of range gmake[3]: *** [gst.c] Error 1 gmake[3]: Leaving directory `/usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/gst' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21/gst' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/ports/multimedia/py-gstreamer/work/gst-python-0.10.21' gmake: *** [all] Error 2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
Check out portsentry perhaps? I used to use it quite a bit. Whenever someone would hit one of a number of defined ports, I'd automatically add a rule denying them in IPFW and also drop their route to a non-existent IP on my class C. On 03/04/11 16:14, Patrick Gibson wrote: fail2ban by default only bans an IP for 10 minutes, and that's configurable. It can also email you anytime it imposes a ban, so one can keep an eye on things at least in the beginning to see if it's causing a problem for legitimate users. On Thu, Mar 3, 2011 at 4:02 PM, Gary Gattenggat...@waddell.com wrote: Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. I thought about blockingwell, never mind - might pi$$ someone off and attract unwanted attention... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough violating log entries are found within a particular period of time. Everything is totally configurable, and there are plenty of examples that come with it. Patrick On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquezjbiq...@intranet.com.mx wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I just need to block some IP class C address that are always trying to discover directories or applications under the web server. They do not do and can not do anything since this server has nothing installed but i am tired of seeing in the logs all the intents they do every 2-3 seconds. I have not installed any kind of firewall yet. What do you think is the best way to accomplish this task? If possible the easiest one. I do not want to do anything else but just bloc IP's, at this moment at least. Thanks in advance. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Dave Robison Sales Solution Architect II FIS Banking Solutions 510/621-2089 (w) 530/518-5194 (c) 510/621-2020 (f) da...@vicor.com david.robi...@fisglobal.com _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel init slower than linux
On 4 Mar 2011, at 23:10, David Demelier demelier.da...@gmail.com wrote: Hello, I know this is a awful subject, but I recently tried a Gentoo on my laptop and I was surprised to see Linux booting about 2-3 times faster than FreeBSD. I don't talk about the init/rc script but only kernel initialisation. For linux kernel it's around 5-6 seconds vs 15-18 seconds for FreeBSD. Why FreeBSD is so slower than Linux to boot the kernel? Cheers, -- David Demelier __ I'll drift a bit off topic here, just slightly. To be honest, I for one would much rather have a bsd kernel that takes a bit more time to boot, than a Linux one. Have you seen the rate at which debian publishes kernel updates ? We reboot some servers every week here, to apply this or that new kernel. Bsd takes longer, but over the course of a month we might reboot them once vs thrice for Linux. Overall, and discounting all the upgrading hassle, who boots faster now ? 1x freebsd or 3x Linux ? ;) To accelerate boot time you may also recompile a custom kernel and remove support for all the stuff you don't need, like all these outdated NIC drivers, wifi, scsi if you run sata... I run kernels with support for just one sata raid controller, 3 NIC drivers, remove support for all the USB stuff except the keyboard in case we need local console access, remove UFS ACL support (never used it, not sure I ever will). Hell I even remove support for the parallel port... Dramatically speeds up the boot process.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Purchased Binaries
Le 04/03/2011 22:24, Doug Hardie a écrit : I have a client who has purchased some software. I don't know anything much about it yet other than it claims to run on Debian and CentOS. I suspect its binaries. I will have access to things like the developer, name etc. on Monday. However, thats when he needs to know if I can make it run on FreeBSD. I am not convinced I want to run production software on the Linux compatibility suite. No good reason other than it sounds like its adding a lot more opportunities for breakage. This has to be an always up application. I have virtually no knowledge of CentOS other than it was installed on one server when I got it. Any chance those binaries might work on FreeBSD? I am planning on starting with FreeBSD 8.2 since its just out and working fine on one of my servers, but could use an earlier version if required to make this stuff run. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Based on what little informations you gave us, I will risk an analysis. I might be completly wrong, but most of the time this is how things happen : One developper who has validated his product only on CentOS and Debian means troubles. When you have even just a little money on the side you start testing on Red Hat/Suse Enterprise and at least try it on Solaris. Always up means web, control or real-time. First the program is in binary form - you probably won't have access to any code or compiling instructions - which means that Case 1 : It is a fully contained dedicated binary. Generally this is only the case whith extremely specialised binaries, for exemple a controller for a mechanical device. Generally these programs reads input from a file/stream/socket/device and writes to the same kind of folw for the output. In this specific case you might want to try linux compatibility. But I would hardly recommand it as you might loose all form of support in the process. Case 2 : It is an all in one program. Basically it means it will have a GUI or a web interface. This means most of the time that quite a lot of libraries are hardlinked or rt-linked, and that quite a lot of assumptions are made about the underlaying system (Bash is present, GTK libs too, the system is x86 or has x86 compatibiliy layer, terminal is in ISO and not UTF, X11 is installed etc.). Sometimes even the paths are hard coded. In this case go Debian - the exact same version the developper uses for testing. CentOS is ab interressing piece of software but it is very different from FreeBSD in many regards, and it is a bit overkill to use it for just one specific application. Case 3 : Even though it is propriatary, you do have access to source code and compile instructions. Then native FreeBSD is definitly worth a try. Try to get as much testing time as you can from the client and the dev. Prepare a Debian on the side just in case. In this kind of scenario (basically when the client needs a brand new binary you never heard of before installed for yesterday morning) I tend to use virtual machine as much as I can. If the application is not I/O hungry (disk or network) create a VM under Debian that you will be able to monitor from your FreeBSD. I would recommand VirtualBox if X11 is already in place on the server. During the testing phase take as many snapshots as possible. In the end, even if you go for dedicated hardware, you still will have a pack of different setups you can refer to. And monitoring memory comsuption is a must on closed binaries comming form small companies... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Hello. I guess something simple could work For some reason, don ask me why becasue I did not find why, the: Order Deny, Allow Deny IP Allow all under httpd.conf and outsite as .htaccess does not work but for now teh thing is simple, to block a class C, those guys are stupiod and programmed bad an application (I guess) and are pointing to one of my domains... since 4 weeks ago I am receiving this kind of access: 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 They change IP's , from the same Class C. No trying to do anything else, hack or send email So I decided to block the Class C. I guess that with the deny, allow directives under Apache would be enough but they do not work. I am under Apache 1.3x and all works fine but that directives do not. I tried , read and not be able to make them work so that's why I decided to block them and block others, those yes are trying to hack, the simplest way. anyway I will see if the: hosts.allow / hosts.deny would help. If needed I would upgrade to latest version of FreeBSD Apache or whatever needed. Even when they do not do anything my server, a 386 that has been running Freebsd the last 13 years since Freebsd 3.x is supporting this extra load and besides they are wasting my bandwidth. I can not do anything and no problem but I'd like to solve this and continue learning Freebsd. Thanks for your time. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
Null (bogus) route that /24 seems the most simple to me: 5 seconds and no upgrades or add ons. - Original Message - From: Jorge Biquez [mailto:jbiq...@intranet.com.mx] Sent: Friday, March 04, 2011 08:07 PM To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Hello. I guess something simple could work For some reason, don ask me why becasue I did not find why, the: Order Deny, Allow Deny IP Allow all under httpd.conf and outsite as .htaccess does not work but for now teh thing is simple, to block a class C, those guys are stupiod and programmed bad an application (I guess) and are pointing to one of my domains... since 4 weeks ago I am receiving this kind of access: 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] OPTIONS / HTTP/1.1 200 - - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] PROPFIND /Backup-usuarios HTTP/1.1 301 323 - Microsoft-WebDAV-MiniRedir/5.1.2600 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] PROPFIND /Backup-usuarios/ HTTP/1.1 200 40833 - Microsoft-WebDAV-MiniRedir/5.1.2600 They change IP's , from the same Class C. No trying to do anything else, hack or send email So I decided to block the Class C. I guess that with the deny, allow directives under Apache would be enough but they do not work. I am under Apache 1.3x and all works fine but that directives do not. I tried , read and not be able to make them work so that's why I decided to block them and block others, those yes are trying to hack, the simplest way. anyway I will see if the: hosts.allow / hosts.deny would help. If needed I would upgrade to latest version of FreeBSD Apache or whatever needed. Even when they do not do anything my server, a 386 that has been running Freebsd the last 13 years since Freebsd 3.x is supporting this extra load and besides they are wasting my bandwidth. I can not do anything and no problem but I'd like to solve this and continue learning Freebsd. Thanks for your time. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Simplest way to deny access to a class C
The original question had to do with requests to a web server, and it would not be practical nor typical to route all http traffic through inetd. As well, tcpwrappers require manual work; mod_security and fail2ban are both ban automatically based on specified criteria and patterns. While mod_security only works for Apache, fail2ban works for any service that writes out to a log file. We have it watching our instances of Apache, Postfix, Cyrus IMAP, and sshd services for repeated login failure within a short period of time. It has done wonders. Patrick On Fri, Mar 4, 2011 at 4:30 PM, Outback Dingo outbackdi...@gmail.com wrote: On Fri, Mar 4, 2011 at 7:14 PM, Patrick Gibson gibblert...@gmail.com wrote: fail2ban by default only bans an IP for 10 minutes, and that's configurable. It can also email you anytime it imposes a ban, so one can keep an eye on things at least in the beginning to see if it's causing a problem for legitimate users. On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten ggat...@waddell.com wrote: Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. I thought about blockingwell, never mind - might pi$$ someone off and attract unwanted attention... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough violating log entries are found within a particular period of time. Everything is totally configurable, and there are plenty of examples that come with it. Patrick On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez jbiq...@intranet.com.mx wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I just need to block some IP class C address that are always trying to discover directories or applications under the web server. They do not do and can not do anything since this server has nothing installed but i am tired of seeing in the logs all the intents they do every 2-3 seconds. I have not installed any kind of firewall yet. What do you think is the best way to accomplish this task? If possible the easiest one. I do not want to do anything else but just bloc IP's, at this moment at least. I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Thanks in advance. Jorge Biquez ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel init slower than linux
On 4 March 2011 17:10, David Demelier demelier.da...@gmail.com wrote: Hello, I know this is a awful subject, but I recently tried a Gentoo on my laptop and I was surprised to see Linux booting about 2-3 times faster than FreeBSD. I don't talk about the init/rc script but only kernel initialisation. For linux kernel it's around 5-6 seconds vs 15-18 seconds for FreeBSD. Why FreeBSD is so slower than Linux to boot the kernel? USB probe times for FreeBSD are extremely long. I'm not sure of Linux parallelizes this or just waits until rc time. Wireless seems to be a similar issue here. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org