Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body without any commercial interests should do that job, and bootloader/kernel signing should be freely available. On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. My conclusion: boycott products, manufacturers and/or OSes that participate in this scheme. FreeBSD alone won't make any real difference to manufacturers, but I hope there is still enough of the original spirit of freedom within the Linux camp, and perhaps from Google/android to make an impact. I'm pretty sure there can be a way of whitelisting bootloaders and so forth to help prevent low-level malware, but this isn't it. Cheers, Matthew [*] I suggest ICANN might be the right sort of organization to fulfil this role. -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 06/06/2012 08:32, Matthew Seaman wrote: On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. It just means that anyone wishing to run their own kernels would either need to disable secure boot, or purchase/create their own certificate and install it. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
isc-dhcpd - logging client transactions
Hi, I've set up isc-dhcpd (/usr/ports/net/isc-dhcp42-server). The daemon runs, hands out IP-addresses however logging doesn't seem to work. Here's what I've got in the respective config-files: /etc/rc.conf: # dhcpd dhcpd_enable=YES dhcpd_conf=/usr/local/etc/dhcpd.conf dhcpd_ifaces=em0 dhcpd_withumask=022 dhcpd_chuser_enable=YES dhcpd_withuser=dhcpd dhcpd_withgroup=dhcpd dhcpd_chroot_enable=YES dhcpd_devfs_enable=YES dhcpd_rootdir=/var/db/dhcpd /usr/local/etc/dhcpd.conf: ... log-facility local7; /etc/syslog.conf: local7.*/var/log/dhcpd.log /var/log/dhcpd.log is touched, so it exists. Also restarted syslogd and isc-dhcpd. Result: dhcpd works (i.e. I see entries in the leases-file (/var/db/dhcpd/var/db/dhcpd/dhcpd.leases) however nothing is logged to /var/log/dhcpd.log. I can rule out any error with syslogd.conf since when I start isc-dhcp by hand (/usr/local/sbin/dhcpd -d) I get an error message - and this one is definitely logged to /var/log/dhcpd.log. What I really need though is a log of all the DHCP-transactions, i.e. DHCP-requests, address assignments etc. Thanks much in advance for your help, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 06/06/2012 09:45, Bruce Cran wrote: On 06/06/2012 08:32, Matthew Seaman wrote: On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. It just means that anyone wishing to run their own kernels would either need to disable secure boot, or purchase/create their own certificate and install it. Indeed. However disabling secure boot is apparently: * too difficult for users of Fedora * not possible on all platforms (arm based tablets especially) and purchasing your own certificate currently means paying $99 to Microsoft, or else getting a key from the hardware manufacturer (which I very much suspect will not be free either). While I would expect the typical FreeBSD user to be quite capable of disabling secure boot, I know that this is something that will result in realms of questions by new users, alarmist claims that FreeBSD is not secure and general glee amongst the FreeBSD is dying crowd. This is just another misconceived DRM scheme and suffers from all the same old flaws. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, Jun 6, 2012 at 2:38 AM, Matthew Seaman matt...@freebsd.org wrote: On 06/06/2012 09:45, Bruce Cran wrote: On 06/06/2012 08:32, Matthew Seaman wrote: On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. It just means that anyone wishing to run their own kernels would either need to disable secure boot, or purchase/create their own certificate and install it. Indeed. However disabling secure boot is apparently: * too difficult for users of Fedora * not possible on all platforms (arm based tablets especially) and purchasing your own certificate currently means paying $99 to Microsoft, or else getting a key from the hardware manufacturer (which I very much suspect will not be free either). While I would expect the typical FreeBSD user to be quite capable of disabling secure boot, I know that this is something that will result in realms of questions by new users, alarmist claims that FreeBSD is not secure and general glee amongst the FreeBSD is dying crowd. This is just another misconceived DRM scheme and suffers from all the same old flaws. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey http://www.infoworld.com/t/hacking/tech-behind-flame-attack-could-compromise-microsoft-update-194867 Thank you very much . Mehmet Erol Sanliturk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
jerr...@msu.edu wrote: Quoting Kurt Buff kurt.b...@gmail.com: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ This would seem to make compiling from source difficult. I don't see how this MS scam is even at all legal. It is clearly restraint of trade and probably violates some other related laws too. A shame Bush blocked dismembering monopolist Microsoft. The last enormous fines Microsoft paid the EU for monopoly abuse, presumably failed to discipline Microsoft. Time for increased fines, till Microsoft stops abusing its monooly. Would be nice if the fines were so high it forced a free recall by hardware vendors to fix, if it can't be fixed with a UEFI net upgrade. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 06 Jun 2012 10:38:41 +0100 Matthew Seaman articulated: On 06/06/2012 09:45, Bruce Cran wrote: On 06/06/2012 08:32, Matthew Seaman wrote: On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. It just means that anyone wishing to run their own kernels would either need to disable secure boot, or purchase/create their own certificate and install it. Indeed. However disabling secure boot is apparently: * too difficult for users of Fedora * not possible on all platforms (arm based tablets especially) and purchasing your own certificate currently means paying $99 to Microsoft, or else getting a key from the hardware manufacturer (which I very much suspect will not be free either). I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. While I would expect the typical FreeBSD user to be quite capable of disabling secure boot, I know that this is something that will result in realms of questions by new users, alarmist claims that FreeBSD is not secure and general glee amongst the FreeBSD is dying crowd. This is just another misconceived DRM scheme and suffers from all the same old flaws. I don't feel this is misconceived at all. Again, from what I have read, most non-Microsoft operating systems have been able to use UEFI Secure Boot for nearly eight years; however, they have actively refused to do so. However, now Microsoft has stepped up to the plate and is actively taking advantage of the scheme. Actually, Microsoft has been issuing warnings for ten years when a user would attempt to install unsigned drivers. Now the FOSS community is getting its knickers in a knot. They should have taken this into account a long time ago. In any case, we are talking $99 dollars total, not per user here for the certificate. If that is going to cause a problem, I'll donate the $99. In any case, the real problem appears to be how FreeBSD is going to handle drivers which apparently will need to be signed since they work at the kernel level. Apparently Fedora has a working solution for that all ready. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 06/06/2012 11:24, Jerry wrote: They should have taken this into account a long time ago. In any case, we are talking $99 dollars total, not per user here for the certificate. If that is going to cause a problem, I'll donate the $99. It's not the $99 that'll be the problem, but the fact that it's Verisign (actually Symantec, since they bought Verisign) that you deal with. Whereas Globalsign accept applications from individuals, Verisign require company documents before they'll generate a certificate. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 06/06/2012 11:38, Bruce Cran wrote: It's not the $99 that'll be the problem, but the fact that it's Verisign (actually Symantec, since they bought Verisign) that you deal with. Whereas Globalsign accept applications from individuals, Verisign require company documents before they'll generate a certificate. I've just checked, and I'm wrong - they seem to have changed things and now allow signups from individuals. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 06/06/2012 11:24, Jerry wrote: I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? $99 as a one-off payment might seem a trivial cost to you, so much so that you rather rashly promised to pay that for anyone. I won't hold you to it. Even so, there are several thousand readers of this list. I doubt even you could afford to subsidise very many of them... Yes UEFI Secure Boot may have been around for 8 years. The fact that no one has adopted use of it in all that time speaks volumes. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body ... On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own You don't need the signing key if you turn off secure boot in the CMOS. The fedora folk are worried that naive desktop users will not be able to do that, and usage of linux will be impeded. It won't be a significant impediment to users capable of compiling their own kernel. is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Apple keeps it's signing key secret because it gets a share of revenue from the sale of apps. If the fedora key became known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked keys online? That would be surprising. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, Jun 6, 2012 at 3:47 AM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: On 06/06/2012 11:24, Jerry wrote: I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? $99 as a one-off payment might seem a trivial cost to you, so much so that you rather rashly promised to pay that for anyone. I won't hold you to it. Even so, there are several thousand readers of this list. I doubt even you could afford to subsidise very many of them... Yes UEFI Secure Boot may have been around for 8 years. The fact that no one has adopted use of it in all that time speaks volumes. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW What will be the usefulness of a security key for an Open Source Operating System when people are not using mostly proprietary binary packages and nearly all of the supplied binary packages have accompanying sources ? When FreeBSD is installing a binary package or making a port , it is ALWAYS checking integrity of installed parts . Then is there a necessity of a Security Key obtained by paying money ? In Turkish literature , there is a person named as Deli Dumrul means Crazy Dumrul where his name is Dumrul . Crazy Dumrul constructed a bridge over a dried river . If any one passes from the bridge , he was taking money for passing over the bridge for Using the Bridge , and , if any one is NOT passing from the bridge , and walking over the dried river , he was taking money for Not to Use the Bridge . It seems that History is Repeating Thank you very much . Mehmet Erol Sanliturk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 06 Jun 2012 11:47:11 +0100 Matthew Seaman articulated: On 06/06/2012 11:24, Jerry wrote: I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? $99 as a one-off payment might seem a trivial cost to you, so much so that you rather rashly promised to pay that for anyone. I won't hold you to it. Even so, there are several thousand readers of this list. I doubt even you could afford to subsidise very many of them... The $99 was for FreeBSD to deliver the OS, not per user. This is clearly explained in the various URLs listed in this thread. I am sorry if you misunderstood. Of course if a user wants to recompile the kernel, etcetera after having downloaded and installed it from FreeBSD or one of its subsidies, they are on their own. Seriously though, a one time payment of $99 is so trivial I find it hard to believe that anyone is actually bitching about it. I pay many times that amount for golf every month. Yes UEFI Secure Boot may have been around for 8 years. The fact that no one has adopted use of it in all that time speaks volumes. I don't want to get in an argument with you Matthew since you are one of the few on this list that I feel actually thinks before they speak and knows what they are talking about; however, the real reason, in my opinion, is that no one carefully considered the consequences of it. It is a great idea, it offers greater security and again from what I have read it can be disabled by the end user if the vendor so allows. Microsoft does not control the vendors right to allow or disallow that action. In any event, it won't belong before some hacker comes up with a way to circumvent the entire process anyway, In my opinion, so why worry about it. Most FreeBSD users do not use state of the art equipment anyway, so it may be years before they even come up against this problem. By then it will all be ironed out. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 1:36 PM, Jerry wrote: On Wed, 06 Jun 2012 11:47:11 +0100 Matthew Seaman articulated: On 06/06/2012 11:24, Jerry wrote: I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? $99 as a one-off payment might seem a trivial cost to you, so much so that you rather rashly promised to pay that for anyone. I won't hold you to it. Even so, there are several thousand readers of this list. I doubt even you could afford to subsidise very many of them... The $99 was for FreeBSD to deliver the OS, not per user. This is clearly explained in the various URLs listed in this thread. I am sorry if you misunderstood. Of course if a user wants to recompile the kernel, etcetera after having downloaded and installed it from FreeBSD or one of its subsidies, they are on their own. Seriously though, a one time payment of $99 is so trivial I find it hard to believe that anyone is actually bitching about it. I pay many times that amount for golf every month. Look Jerry, Are you serious there ? Having to pay to use a different OS on hardware that you own ? What next, non-approved keyboard, $40 extra ? Non-approved mouse, $30, non-approved USB external drive, $80 ? Don't take it personally but it's people like you willing to bend the knee that encourage such abuse as we're discussing today. The denial of freedom to do what you want with that piece of hardware you just bought. And no, $99 isn't trivial, it has to be 1/6 the price of a standard PC nowadays. I'm *not* paying extra to install a non-MS-approved-lol-seriously OS. This is nothing short of extortion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Somewhat OT - A Makefile Question
Not strictly FBSD, but ... Within a makefile, I need to assign the name of a program as in: FOO = bar. The problem is that 'bar' may also be know as, say, bar.sh. Worse still both bar and bar.sh can exist with one linked to the other. Is there a simple way to determine which form bar or bar.sh on on a given system *at the time the make is run*? If both exist, I will pick one arbitrarily, I just don't want the detection mechanism to fail when this is the case. For example I don't think this works when both are there: FOO = $(shell `which bar bar.sh) Thanks, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 9:32 AM, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body without any commercial interests should do that job, and bootloader/kernel signing should be freely available. On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. My conclusion: boycott products, manufacturers and/or OSes that participate in this scheme. FreeBSD alone won't make any real difference to manufacturers, but I hope there is still enough of the original spirit of freedom within the Linux camp, and perhaps from Google/android to make an impact. I'm pretty sure there can be a way of whitelisting bootloaders and so forth to help prevent low-level malware, but this isn't it. Cheers, Matthew [*] I suggest ICANN might be the right sort of organization to fulfil this role. I agree with the whole post except that last bit about ICANN Matthew. The US already has enough dominance as is, without involving ICANN, a supposedly neutral body (yeah right...) any further. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 1:19 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body ... On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own You don't need the signing key if you turn off secure boot in the CMOS. The fedora folk are worried that naive desktop users will not be able to do that, and usage of linux will be impeded. It won't be a significant impediment to users capable of compiling their own kernel. is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Apple keeps it's signing key secret because it gets a share of revenue from the sale of apps. If the fedora key became known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked keys online? That would be surprising. dan feenberg Key revoked in the BIOS' next version, which will ship by default on newer hardware. No need for checking online. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IP - e-mail
Hi everybody, Let say my computer is connected to the internet with a cable modem and has a dynamic IP address via DHCP. This address is refreshed after every random days. I want to know the new address even when I'm not home. Like send an e-mail with the new IP, I already know how to do this, but how can I track the event when my computer receives the new IP? Any ideas or same issues? Thx! Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/5/12 9:12 PM, Gökşin Akdeniz wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ That's restriction is only for ARM devices which have a label that says Desgined for Windows8. In other words those devices can not boot another os except Windows 8 due to secure boot option enabled by default. The short and the long of it Microsoft is copying Apple on tablets with ARM. Well perhaps it should say designed ONLY for windows8 then ? This has class action written all over it, just like the ready for win7 fiasco where the PCs displaying the sticker could only run the minimalist version of the OS. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 1:57 AM, Chris Hill wrote: On Tue, 5 Jun 2012, G?k?in Akdeniz wrote: For the time being only ARM platform is restricted. True, but I would be astonished if this restriction were not expanded by MS in the future. Just my opinion, but I believe their ultimate goal is to add platforms until the secure boot restriction encompasses most or all desktop and server hardware. This would be over a period of years. I direct you to an older version of the matrix, where microsoft was discussing Paladium and TCPA. These are the exact same. And these are a liberty killer. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Unable to update virtualbox-ose-additions 4.1.16
Hi, I got a VM VirtualBox that use FreeBSD 9-STABLE (updated yesterday). Now I want to update my ports, but I can't update virtualbox-ose-additions 4.1.16 I use the command # portmaster -a -D --no-confirm to update ports with portmaster tool. The error is : [...] The failing command: @cc -m64 -o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/VBoxClient /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/main.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/src/VBox/GuestHost/SharedClipboard/clipboard-helper.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/src/VBox/GuestHost/SharedClipboard/x11-clipboard.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/clipboard.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/seamless.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/seamless-host.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/seamless-x11.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/thread.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/display.o /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/hostversion.o -L/usr/X11R6/lib32 -L/usr/X11R6/lib -L/usr/lib -L/usr/X11R6/lib -L/usr/local/lib -liconv /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/lib/additions/RuntimeGuestR3.a /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/lib/additions/VBoxGuestR3Lib.a /usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/lib/additions/RuntimeGuestR3.a -lX11 -lXrandr -lXt -lsupc++ -lgcc_eh -lXext -lXmu -lpthread -liconv *** Error code 2 Stop in /usr/ports/emulators/virtualbox-ose-additions. *** Error code 1 Stop in /usr/ports/emulators/virtualbox-ose-additions. === make failed for emulators/virtualbox-ose-additions === Aborting update === Update for emulators/virtualbox-ose-additions failed === Aborting update Terminated [...] I posted the full output (with script) here : http://pastebin.com/cmBbqzKx This VM is installed on a Windows 7 host (VirtualBox 4.1.16r78094). # uname -a FreeBSD VirtualBox 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Jun 5 16:03:26 CEST 2012 root@VirtualBox:/usr/obj/usr/src/sys/GENERIC amd64 # pkg_info | grep virtualbox virtualbox-ose-additions-4.1.8 VirtualBox additions for FreeBSD guests Thanks for your help. Regards, Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD9 - I can't get my mouse to work
On Wed, 6 Jun 2012, Erich wrote: Hi I have had success on my hardware with this setting: # The working configuration. The mouse daemon in /etc/rc.conf # was dsabled. # # Section ServerLayout # Identifier X.org Configured # Screen 0 Screen0 0 0 # InputDeviceMouse0 CorePointer # InputDeviceKeyboard0 CoreKeyboard # EndSection # # Section ServerFlags # Option AllowEmptyInput false Please don't do that: http://www.wonkity.com/~wblock/docs/html/aei.html # Option AutoAddDevicesfalse This is the right way to disable HAL input device detection. # EndSection ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IP - e-mail
El día Wednesday, June 06, 2012 a las 02:06:48AM -0700, Dánielisz László escribió: Hi everybody, Let say my computer is connected to the internet with a cable modem and has a dynamic IP address via DHCP. This address is refreshed after every random days. I want to know the new address even when I'm not home. Like send an e-mail with the new IP, I already know how to do this, but how can I track the event when my computer receives the new IP? Any ideas or same issues? Hi, Run this in a cronjob: lynx -dump myip.nl | fgrep 'WAN IP' strore the result in a file and when it changes, trigger a mail; HIH matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-questions Digest, Vol 418, Issue 7
2012-06-06 13:36, kwel kwel skrev: Please remove my email from your database i don't want to receive any other mail from you plzz thanks ! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IP - e-mail
Matthias Apitz writes: Let say my computer is connected to the internet with a cable modem and has a dynamic IP address via DHCP. This address is refreshed after every random days. I want to know the new address even when I'm not home. Like send an e-mail with the new IP, I already know how to do this, but how can I track the event when my computer receives the new IP? Run this in a cronjob: lynx -dump myip.nl | fgrep 'WAN IP' strore the result in a file and when it changes, trigger a mail; Or, using only tools in the base system: ifconfig | head | grep inet | awk '{print $2}' Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD9 - I can't get my mouse to work
Hi, On 06 June 2012 6:37:43 Warren Block wrote: On Wed, 6 Jun 2012, Erich wrote: Hi I have had success on my hardware with this setting: # The working configuration. The mouse daemon in /etc/rc.conf # was dsabled. # # Section ServerLayout # Identifier X.org Configured # Screen 0 Screen0 0 0 # InputDeviceMouse0 CorePointer # InputDeviceKeyboard0 CoreKeyboard # EndSection # # Section ServerFlags # Option AllowEmptyInput false Please don't do that: http://www.wonkity.com/~wblock/docs/html/aei.html # Option AutoAddDevicesfalse This is the right way to disable HAL input device detection. Is this really without function now? I could not get X running on the machine I used without using it. My standard practise is to use an empty xorg.conf when installing a fresh X. I add then these lines when X does not work. Erich # EndSection ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IP - e-mail
El día Wednesday, June 06, 2012 a las 09:17:47AM -0400, Robert Huff escribió: Run this in a cronjob: lynx -dump myip.nl | fgrep 'WAN IP' strore the result in a file and when it changes, trigger a mail; Or, using only tools in the base system: ifconfig | head | grep inet | awk '{print $2}' This will not work if your host has some private addr which is NAT'ed by a router; the real test is ask some remote side how I do apear to you? ofc you could do this as well by SSH'ing to some side and asking with netstat(1) there (which may be shows another NAT'ed addr too :-)) Trust me, the above lynx is the nearly only robust version. matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IP - e-mail
m From owner-freebsd-questi...@freebsd.org Wed Jun 6 07:37:57 2012 Date: Wed, 6 Jun 2012 02:06:48 -0700 (PDT) From: =?iso-8859-1?Q?D=E1nielisz_L=E1szl=F3?= laszlo_daniel...@yahoo.com To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Subject: IP - e-mail Hi everybody, Let say my computer is connected to the internet with a cable modem and h as a dynamic IP address via DHCP. This address is refreshed after every r andom days. I want to know the new address even when I'm not home. Like send an e-mai l with the new IP, I already know how to do this, but how can I track the event when my computer receives the new IP? Any ideas or same issues? Schedule a 'cron' job to run as frequently as you like. Have it: a) do an 'ifconfig -a', or maybe just check the 'interface of interest'. b) 'diff' that output against a 'reference' copy from the previous run c) send an email if diff reports differences d) save the ifconfig output for referene in the next run ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012 07:36:24 -0400 Jerry wrote: In any event, it won't belong before some hacker comes up with a way to circumvent the entire process anyway, It sounds like Fedora already have. They say that they are only going to sign a thin shim that loads grub. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: IP - e-mail
-Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] On Behalf Of Robert Huff Sent: Wednesday, June 06, 2012 9:18 AM To: Matthias Apitz Cc: freebsd-questions@freebsd.org Subject: Re: IP - e-mail Matthias Apitz writes: Let say my computer is connected to the internet with a cable modem and has a dynamic IP address via DHCP. This address is refreshed after every random days. I want to know the new address even when I'm not home. Like send an e-mail with the new IP, I already know how to do this, but how can I track the event when my computer receives the new IP? If you are using it so you know what IP to hit from outside your network, I would also recommend taking a look at a service like DynDNS as you would have a DNS name that would auto correct for new IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IP - e-mail
On Wed, 06 Jun 2012 09:11:02 -0500, Robert Bonomi bon...@mail.r-bonomi.com wrote: Matthias, your lynx-based 'solution' does *NOT* solve the OP's question. Incorrect; it does solve his problem. He wants to know -when- his DHCP assigned address changes. Consider what happens if both the expired address and the new address are behind the _same_ NAT translation. The internal addrress changes, but the external one does not. Please people, read carefully: His ISP is handing out his public IP via DHCP. This is normal for consumer internet connections. He doesn't care about his internal RFC 1918 IP which is handed out by his router's DHCP server; that's an easy problem to solve. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Portmaster and update progress, suggestion.
2012-06-04 16:10, Leslie Jensen skrev: 2012-06-04 15:54, Warren Block skrev: % printf \033];Funny Title\007 Works! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Can the reason for me not getting the title to change be that I very often use screen when updating ports? I've tried different combinations and I'm only able to get the title when I work locally. Screen and ssh does not change the title. My initial wish for some information about the build progress is still very much on the table. Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
RW rwmailli...@googlemail.com wrote: On Wed, 6 Jun 2012 07:36:24 -0400 Jerry wrote: In any event, it won't belong before some hacker comes up with a way to circumvent the entire process anyway, It sounds like Fedora already have. They say that they are only going to sign a thin shim that loads grub. not exactly. *GRIN* Fedora'a 'thin shim' will be signed, to keep an (always-, or other) enabled 'secure BIOS' loader happy. Fedora will provide an option -- which will remain 'user-settable' (regardless of whether the 'secure BIOS' signature is mandatory -- to either ENFORCE or IGNORE a requirement for valid 'signatures' on the subsequently loaded pieces of the O/S -- 2nd/3rd/etc-stage boot loaders, the kernel itself, any loadable modules, etc. And, Fedora will sign all _Fedora-supplied_ files that meet that criteria. Thus an end-user can run with 'secure boot' fully enabled, with only signed files being loadable as part of the O/S -- using either Fedora-supplied signed files, -or- files that they, themselves, have signed. OR, with BIOS signing required (the 'thin shim' loader) but signing of subsequent files -not- required, OR, (if the hardware manufacturer allows it) with BIOS signing disabled. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? Maybe a common marketing and sales model comes from software to hardware too: You don't actually own the hardware! When you give money to the manufacturer (maybe through vendors or retailers), you receive hardware _plus_ a limited set of rights which you may exercise on that hardware, maybe for a limited time. By purchasing the hardware that way, you may even have implicitely signed a kind of agreement (cf. EULA) that you accept those licensing of hardware. You do _not_ own it in order to exercise your free will on it, like I have the right to wipe 'Windows' and install something else, which might result in a loss of warranty. You may only run what the manufacturer allows you to run (by providing the proper boot mechanism for it that just works). If the manufacturer may decide that you shouldn't boot that system you bought anymore, he can retract the permissions and the device you paid money for will be rendered into a shiny brick. This _is_ possible, and as human nature teaches: Everything that is possible _will_ be done, no matter if we recognize it immediately or not. And the worst solution prevails, so whatever we may assume about the future, the future will be much worse. :-) Note that flats are a familiar example of this model. You may live in the flat, but by paying a rent you don't own it. What you may do is limited. Another valid interpretation of this problem is of course defective by design and planned obsolescense. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. It seems dangerous. I suspect we (the free source community) will need to campaign, to engage for eg more EU fines against monoplists to force them to back off. I say EU, 'cos they have done it before, so our best bet so far, but it doesnt matter much which governments impose swingeing anti monoploy fines, as long as enough do, to deter MS verisign etc. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
upgrade from 7-stable to 8-stable
It is time to do the above for me. I have done several upgrades within the same major version but have not done a version hop yet. Aside from extra paranoia about backups and the need to rebuild all ports, are there other gotchas to watch out for? I am going to try it on a test VM system first. Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On 2012-06-05 17:20, Jerry wrote: The question that I have not seen answered in this thread is what FreeBSD intents to do. From what I have seen, most FreeBSD users do not use the latest versions of most hardware, so it may be a while before its user base is even effected. I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. In slight defense of RedHat: They do a lot of worrying about enterprise and government customers, many of whom don't really care what platform they are running on - as long as they can get 'support' and it passes their security/operational tests. In that environment, I can easily see some middle-manager decreeing that disabling the signed-boot process is verboten, without any understanding of the meaning or the consequences, and enforcing it on the whole company/division, to the point where any non-signed OS would be thrown out the door. FreeBSD has probably already been thrown out the door at those types of locations, as there is no 'official' support channel. (Yes, for my sins, I work at one of these...) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Proper Port Forwarding
Hi, Can someone suggest an alternative/proper way to port forward using ipfw. Right now I have the following and some bad clients cause too many FIN_WAIT_2 state fwd IP,PORT2 tcp from any to me dst-port PORT1 keep-state This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW stops forwarding using the rule above because of too many dynamic rules Thanks, Simon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 6:45 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. Otherwise the key's purpose is rendered moot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proper Port Forwarding
On Wed, Jun 6, 2012 at 11:31 AM, Simon si...@optinet.com wrote: This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW stops forwarding using the rule above because of too many dynamic rules Change the defaults for the fw.dyn sysctl MIB nodes to something like net.inet.ip.fw.dyn_short_lifetime=3 net.inet.ip.fw.dyn_udp_lifetime=3 net.inet.ip.fw.dyn_rst_lifetime=1 net.inet.ip.fw.dyn_fin_lifetime=1 net.inet.ip.fw.dyn_syn_lifetime=10 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 7:23 PM, Robert Bonomi wrote: Julian H. Stacey j...@berklix.com wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? Contract with _whom_? The party you pay money to -- Verisign -- simply certifies that the party buying the certificate/signing-key -is- who they claim to be. It is *entirely* up to the owner of that certificate/signing-key -who- they allow to use it. If someone/anyone attempts to 'revoke' that certificate/key _other_ than at the request of the owner of that certificate/key, *THAT* party is subject to legal sanctions. Among other things, 'false persona', 'tortuous inter- ference in a business relationship', just to name a few. There is, however, an 'interesting' legal question -- *if* a party were to let 'anybody' use their certificate/key, what is the certificat/key owner's legal liability if someone uses that key to sign malware? Standard contract writeup stipulates that only a limited set of 'authorized' company representatives be given access to the Signing Key. If the key should be divulged, then the key may be revoked by the issuer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proper Port Forwarding
In the last episode (Jun 06), Michael Sierchio said: On Wed, Jun 6, 2012 at 11:31 AM, Simon si...@optinet.com wrote: This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW stops forwarding using the rule above because of too many dynamic rules Change the defaults for the fw.dyn sysctl MIB nodes to something like net.inet.ip.fw.dyn_short_lifetime=3 net.inet.ip.fw.dyn_udp_lifetime=3 net.inet.ip.fw.dyn_rst_lifetime=1 net.inet.ip.fw.dyn_fin_lifetime=1 net.inet.ip.fw.dyn_syn_lifetime=10 Or raise net.inet.ip.fw.dyn_max to a larger number. The default 4096 may be too small. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On Wed, 06 Jun 2012 12:49:53 -0400 Daniel Staal articulated: On 2012-06-05 17:20, Jerry wrote: The question that I have not seen answered in this thread is what FreeBSD intents to do. From what I have seen, most FreeBSD users do not use the latest versions of most hardware, so it may be a while before its user base is even effected. I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. I totally agree with you. Unfortunately that speaks to the sad state of affairs that FreeBSD appears to be in. When it comes to supporting the latest technologies, it tends to be behind the curve when compared to other operating systems. Wireless networking and USB support are only a few examples. I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. Large companies would all ready have the infrastructure in place to handle this sort of problem and as you pointed out would be working with a *nix vendor that could properly meet their needs. Said vendor would have all ready taken care of the UEFI Secure Boot problem. In slight defense of RedHat: They do a lot of worrying about enterprise and government customers, many of whom don't really care what platform they are running on - as long as they can get 'support' and it passes their security/operational tests. In that environment, I can easily see some middle-manager decreeing that disabling the signed-boot process is verboten, without any understanding of the meaning or the consequences, and enforcing it on the whole company/division, to the point where any non-signed OS would be thrown out the door. FreeBSD has probably already been thrown out the door at those types of locations, as there is no 'official' support channel. (Yes, for my sins, I work at one of these...) What sin? You use a product and want it properly supported. You have an absolute right to that. Posting a message on a forum and hoping that someone can answer it is not the type of support a business would want. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why Clang
On Wed, 06 Jun 2012 19:05:59 +0100 Matthew Seaman matt...@freebsd.org wrote: On 06/06/2012 18:28, Thomas D. Dean wrote: Has the discussion on why change to clang been made available? Yes, endlessly. Mostly on lists like freebsd-hackers@... and at various conferences and developer summits. Check the list archives. I would like to know the reasoning. It's simple. gcc-4.2, which is what the base system compiler is derived from is: * fairly old * doesn't perform as well as more recent compilers * doesn't adhere to recently established standards There's another good reason for clang which nobody mentioned so far: clear diagnostics. If you ever had to wade through gcc's debug output and compare several thousand character long template instantiations, just to find where they differ and then see the clear problem descriptions that clang produces instead, you'll understand what I mean. And in combination with libc++, which just arrived on stable, I am finally able to use all the features of C++11 that I want. Try to use e.g. std::regex even on g++47, and just see what happens. Of course, getting rid of GPL is an added benefit ;) After reading all those complaints, I just had to respond and thank everyone involved very much for importing clang and libc++. Great job well done! Best regards, 文鳥 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why Clang
On Wed, Jun 6, 2012 at 9:11 PM, 文鳥 bunc...@googlemail.com wrote: On Wed, 06 Jun 2012 19:05:59 +0100 Matthew Seaman matt...@freebsd.org wrote: On 06/06/2012 18:28, Thomas D. Dean wrote: Has the discussion on why change to clang been made available? You might be interested in this video: http://www.llvm.org/devmtg/2011-11/videos/Davis_LLVMinFreeBSD-mobile.mp4 Yes, endlessly. Mostly on lists like freebsd-hackers@... and at various conferences and developer summits. Check the list archives. I would like to know the reasoning. It's simple. gcc-4.2, which is what the base system compiler is derived from is: * fairly old * doesn't perform as well as more recent compilers * doesn't adhere to recently established standards There's another good reason for clang which nobody mentioned so far: clear diagnostics. If you ever had to wade through gcc's debug output and compare several thousand character long template instantiations, just to find where they differ and then see the clear problem descriptions that clang produces instead, you'll understand what I mean. And in combination with libc++, which just arrived on stable, I am finally able to use all the features of C++11 that I want. Try to use e.g. std::regex even on g++47, and just see what happens. Of course, getting rid of GPL is an added benefit ;) After reading all those complaints, I just had to respond and thank everyone involved very much for importing clang and libc++. Great job well done! Best regards, 文鳥 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- joe gain jacob-burckhardt-str. 16 78464 konstanz germany +49 (0)7531 60389 (...otherwise in ???) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
From owner-freebsd-questi...@freebsd.org Wed Jun 6 13:46:43 2012 Date: Wed, 06 Jun 2012 20:44:57 +0200 From: Damien Fleuriot m...@my.gd To: freebsd-questions@freebsd.org Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? On 6/6/12 7:23 PM, Robert Bonomi wrote: Julian H. Stacey j...@berklix.com wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? Contract with _whom_? The party you pay money to -- Verisign -- simply certifies that the party buying the certificate/signing-key -is- who they claim to be. It is *entirely* up to the owner of that certificate/signing-key -who- they allow to use it. If someone/anyone attempts to 'revoke' that certificate/key _other_ than at the request of the owner of that certificate/key, *THAT* party is subject to legal sanctions. Among other things, 'false persona', 'tortuous inter- ference in a business relationship', just to name a few. There is, however, an 'interesting' legal question -- *if* a party were to let 'anybody' use their certificate/key, what is the certificat/key owner's legal liability if someone uses that key to sign malware? Standard contract writeup stipulates that only a limited set of 'authorized' company representatives be given access to the Signing Key. Which simply begs the question. _who_ decides who is or is not an 'authorized' representative? Or how many such persons are allowed? If the key should be divulged, then the key may be revoked by the issuer. Suppose I put up a web app that takes an executable as input, signs it with my key, and returns the signed filt to the submitter. I don't divulge the key to anyone, just use it on 'anything'. Anybody attempting to revoke on _that_ basis is asking for a lawsuit. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how do I fix this?
On Tue, Jun 05, 2012 at 03:34:27PM -0700, Gary Kline wrote: On Tue, Jun 05, 2012 at 08:04:35AM +0200, Roland Smith wrote: what I want to do is get as current as possible and then install 7.5. and stay there. 7.5 what? Do you mean Xorg? Please try and be specific. FreeBSD-7.5. pretty sure I saw something about 7.4 being upgraded to 7.5. It doesn't look like it. From http://www.nl.freebsd.org/releases/7.4R/announce.html: This will be the last release from the 7-STABLE branch. 7.4 is listed as a legacy release of the FreeBSD homepage. The only upcoming release listed is 9.1 somewhere this year. Portmaster will first recurse through the port and all of its dependencies (if any) to handle any port OPTIONS via the 'make config' interface, before going off on the big build. one thing ive been doing is de-selection most of the options.. the box is my server. we [freebsders] have lost the desktop 'market' My desktop and laptop beg to differ. :-) UNIX is a toolbox, not an appliance. So it was never meant for the desktop market. But that doesn't mean it cannot be used as such. Roland -- R.F.Smith http://rsmith.home.xs4all.nl/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpJS1MdnhfDM.pgp Description: PGP signature
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Damien Fleuriot wrote: On 6/6/12 6:45 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. But my point is that MS doesn't issue the updates, they have to ask the BIOS vendors to do so, and then the MB vendors have to take the update, and then the users have to install the update. The incentive at each level is generally very small. It does create some confusion, but is hardly an enforcement mechanism. It would disable older versions of FreeBSD on newer hardware, but not much else. A previous poster has pointed out that MS can't revoke a certificate belonging to RH, but I suppose the could ask the BIOS vendors to treat it as revoked. I don't know what the response would be. Daniel Feenberg Otherwise the key's purpose is rendered moot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 06 Jun 2012 13:44:57 -0500, Damien Fleuriot m...@my.gd wrote: If the key should be divulged, then the key may be revoked by the issuer. Revoked how? Wouldn't they have to issue a firmware update to actually revoke it? The UEFI firmware doesn't have network access ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On Wed, Jun 6, 2012 at 3:05 PM, Jerry je...@seibercom.net wrote: On Wed, 06 Jun 2012 12:49:53 -0400 Daniel Staal articulated: On 2012-06-05 17:20, Jerry wrote: The question that I have not seen answered in this thread is what FreeBSD intents to do. From what I have seen, most FreeBSD users do not use the latest versions of most hardware, so it may be a while before its user base is even effected. I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. I totally agree with you. Unfortunately that speaks to the sad state of affairs that FreeBSD appears to be in. When it comes to supporting the latest technologies, it tends to be behind the curve when compared to other operating systems. Wireless networking and USB support are only a few examples. I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. I would have to disagree with you there. I know of quite a few users who happen to run one of the world's largest content distribution networks (accounting for about one third of the internet's traffic; up there with pornography). They purchased more than just a handful of new computers and threw FreeBSD on them: http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware and run a free (or in the case of Linux apparently free) OS on free hardware. There are increasing numbers of SBCs and plenty of used servers on Ebay. They're all built better than commodity Intel mafiaware. Good riddance! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Yes, let's all run ALPHA and MIPS hardware. I'll just jam my Nvidia card into one of the available slots and everything should work OK, right? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On Wed, 6 Jun 2012 15:55:16 -0400 Robert Simmons articulated: On Wed, Jun 6, 2012 at 3:05 PM, Jerry je...@seibercom.net wrote: On Wed, 06 Jun 2012 12:49:53 -0400 Daniel Staal articulated: On 2012-06-05 17:20, Jerry wrote: The question that I have not seen answered in this thread is what FreeBSD intents to do. From what I have seen, most FreeBSD users do not use the latest versions of most hardware, so it may be a while before its user base is even effected. I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. I totally agree with you. Unfortunately that speaks to the sad state of affairs that FreeBSD appears to be in. When it comes to supporting the latest technologies, it tends to be behind the curve when compared to other operating systems. Wireless networking and USB support are only a few examples. I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. I would have to disagree with you there. I know of quite a few users who happen to run one of the world's largest content distribution networks (accounting for about one third of the internet's traffic; up there with pornography). They purchased more than just a handful of new computers and threw FreeBSD on them: http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html It is late and I am tired; however, unless I am misreading this, this is not dealing with a typical home use but a corporate entity. You omitted my last paragraph in my reply that clearly dealing with corporations. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On 2012-06-06 15:05, Jerry wrote: On Wed, 06 Jun 2012 12:49:53 -0400 Daniel Staal articulated: I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. I totally agree with you. Unfortunately that speaks to the sad state of affairs that FreeBSD appears to be in. When it comes to supporting the latest technologies, it tends to be behind the curve when compared to other operating systems. Wireless networking and USB support are only a few examples. That was not my intended message with the above. :) FreeBSD supports several server-class hardware platforms. ARM is not currently a server-class hardware platform. (It's a very interesting platform for mobile and small devices, but it has not seen any significant use that I am aware of in the market that FreeBSD is primarily aimed at.) Secure Boot - if even a part of the platform - can easily be disabled on those platforms. So it is not a current problem, and there is a fair amount of bad feeling about the technology, so it may not ever be a problem. RedHat is facing severe backlash from the community because it supported this technology. A 'wait and see' approach to whether it needs to be supported at all - especially as it doesn't appear to need support at present - is a reasonable course. I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. *Raises hand*. I did this with two boxes within the past year. One turned out to be to new for FreeBSD - but Linux didn't have support for it yet at that point either. Now either does. In slight defense of RedHat: They do a lot of worrying about enterprise and government customers, many of whom don't really care what platform they are running on - as long as they can get 'support' and it passes their security/operational tests. In that environment, I can easily see some middle-manager decreeing that disabling the signed-boot process is verboten, without any understanding of the meaning or the consequences, and enforcing it on the whole company/division, to the point where any non-signed OS would be thrown out the door. FreeBSD has probably already been thrown out the door at those types of locations, as there is no 'official' support channel. (Yes, for my sins, I work at one of these...) What sin? You use a product and want it properly supported. You have an absolute right to that. Posting a message on a forum and hoping that someone can answer it is not the type of support a business would want. I'm not sure what sin I committed to be consigned to this place, but it must have been heinous. (And in many cases 'official support' appears to be 'post a message about it on our forum, so we can ignore you more efficiently'.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
UEFI Secure Boot Specs - And some sanity
Isn't there a lot of needless handwaving going on when the spec is pretty clear that installing your own complete PKI tree will all boil down to what is effectively a jumper on the motherboard? First, some sanity... Users could fully utilize the UEFI Secure Boot hardware by say: - Using openssl to generate their keys - Jumper the board, burn it into the BIOS in UEFI SB SetupMode - Have all the MBR, slice, partition, installkernel, etc tools install and manage the signed disk/loader/kernel/module bits - Have the BIOS check sigs on whatever first comes off the media I don't see that the user will actually NOT be able to do this on anything but 'designed for windows only' ARM systems. Seeing how open Android/Linux is firmly in that space, this will just devalue the non open windows product. There have been 25 years of generic mass produced motherboards. And 25 years of open source OS commits to utilize them. That is not changing anytime soon. Non generic attempts fail. Even corporate kings Dell and HP know they would be foolish to sell motherboards that will not allow their buyers to swap out the PK keys... because they know their buyers run more than just windows and that they need various security models. And if they really were that dumb, there's Gigabyte, Asus, Msi, Supermicro, Biostar, etc who will not be so dumb and will soak up all the remaining sales gravy. The masses have seen and now want openness, open systems, sharing. The old models are but speed bumps on their own way out the door. Though it seems a non issue to me, if you want to protest, protest for 'Setup Mode'. And not here on this list, but to the hardware makers. We should want to use this PKI in our systems. Not disable it. Not pay $100 to terminate the PKI chain early. Not pay $100 to lock us into unmodifiable releases (aka: BSD corporate version). I look forward to seeing the UEFI SB PK SetupMode AMD and Intel generic motherboard list :) On to facts... http://www.uefi.org/ Spec Chapter 27 Secure Boot, SetupMode, PK, Shell, etc https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface https://en.wikipedia.org/wiki/Unified_EFI_Forum http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot http://mjg59.dreamwidth.org/12368.html http://mjg59.livejournal.com/ https://www.tianocore.org/ http://www.avrfreaks.net/index.php?name=PNphpBB2file=viewtopicp=962584 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why Clang
From owner-freebsd-questi...@freebsd.org Wed Jun 6 12:33:25 2012 Date: Wed, 06 Jun 2012 10:28:19 -0700 From: Thomas D. Dean tomd...@speakeasy.org To: freebsd-questions@freebsd.org Subject: Why Clang Has the discussion on why change to clang been made available? I would like to know the reasoning. There were several reasons; 1) the proliferation of non-standard things that the GNU crowd calls 'features' in newer versions of the compiler -- some of which actually break 'standards compliant' code. 2) The proliferation of situations under which newer versions of the GCC compiler generate 'bad code' -- code that does *NOT* do what it is supposed to do. 3) The GPL, version *3* -- which applies to all newer versions of the GCC compiler -- is unacceptable to a large part of the FreeBSD community. Items 1) and 2) were ongoing nuisances. Item 3) all by itself, was the deal breaker. clang was selected over alternatives -- including keeping the 'old' (GPL v2) GCC, on the basis of: a) better standards compliance. b) *FAR* better error messages. c) guality of generated code. d) 'non-restrictive' licensing. The GPL V3 has been responsible for a lot of people, besides FreeBSD, going looking for alternatives to any GPL-licensed code. GNU is well on the way to 'radicalizing' itself out of significance.They would rather be ideologically pure than 'widely accepted'. It _is_ their right to do so, but it makes life 'difficult' for those who have interests in building profit-based products using their tools. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, Jun 6, 2012 at 3:52 PM, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware and run a free (or in the case of Linux apparently free) OS on free hardware. But this is more to do with the BIOS than with Intel as such. Wasn't there a FreeBIOS, later LinuxBIOS, now coreboot I believe..? So replacing the BIOS entirely wouldn't suffice to override all this nonsense? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, Jun 06, 2012 at 02:23:20PM +0200, Damien Fleuriot wrote: I agree with the whole post except that last bit about ICANN Matthew. The US already has enough dominance as is, without involving ICANN, a supposedly neutral body (yeah right...) any further. Indeed. The last thing we need is some self-appointed authority purporting to have the last word on what qualifies as secure. There is no need for a third-party certification of secure booting. If there is need for such a secure booting mechanism at all, it is a need for the ability of end-of-chain device owners to be able to set their own keys, without the involvement of any third parties, and an out-of-band key verification mechanism. Once again, I feel it incumbent upon me to point to examples like OpenPGP's keyserver network as the counter-proposal to a cetifying authority charging money to allow people to control their own system security in what amounts to a vacant lot scam. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
pulseaudio error message
The message log on my machine is filling up with this error message: Jun 6 11:36:55 raven pulseaudio[6440]: sink-input.c: Failed to create sink input: too many inputs per sink. Jun 6 11:36:58 raven pulseaudio[6440]: sink-input.c: Failed to create sink input: too many inputs per sink. Jun 6 11:59:54 raven pulseaudio[6440]: sink-input.c: Failed to create sink input: too many inputs per sink. Jun 6 12:00:04 raven pulseaudio[6440]: sink-input.c: Failed to create sink input: too many inputs per sink. Jun 6 12:00:04 raven pulseaudio[6440]: sink-input.c: Failed to create sink input: too many inputs per sink. Sometimes only one or two lines are written and at others it is four or five lines. Can anyone tell me exactly what is transpiring here? -- Carmel ✌ carmel...@hotmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Wojciech Puchar woj...@tensor.gdynia.pl wrote: anyway NOBODY are forced to buy micro-soft software. That's almost correct but not quite. In 99% of the cases any Intel commodity mafiaware comes with a preinstalled Winblows. You're paying for it whether you want it or not. You can get a refund in many cases but it's more effort than most peoples' time is worth. Nobody is forced to buy a PC. True. I got rid of all my Intel mafiaware a few years ago and I don't miss it. It's nice in the winter as well. Doing this with PC market will result in larger market share for non-Wintel hardware. I hope it does but sheeple are stupid and don't care. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6 Jun 2012, at 21:52, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware and run a free (or in the case of Linux apparently free) OS on free hardware. There are increasing numbers of SBCs and plenty of used servers on Ebay. They're all built better than commodity Intel mafiaware. Good riddance! You have no idea what you're talking about. This kind of religious propaganda post is neither constructive nor helpful. I don't trust AMD with my servers' CPUs, not since many years ago when they had all these overheating problems.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Portmaster and update progress, suggestion.
On 06/06/2012 09:11, Leslie Jensen wrote: My initial wish for some information about the build progress is still very much on the table. Try the attached patch. It essentially adds the progress info that is being put in the TERM title to the in-line printout of the dependency trail that was already there. Let me know what you think, Doug -- This .signature sanitized for your protection Index: portmaster === --- portmaster (revision 236697) +++ portmaster (working copy) @@ -2208,6 +2208,8 @@ } term_printf () { + echo -e \n\t${PM_PARENT_PORT}${1} + [ -n $PM_NO_TERM_TITLE ] return case $TERM in cons*) return ;; esac @@ -2283,7 +2285,7 @@ deps= (${dep_of_deps}/${num_of_deps}) if [ -n $PM_DEPTH ]; then - echo ${PM_DEPTH} ${1#$pd/} + #echo ${PM_DEPTH} ${1#$pd/} term_printf ${PM_DEPTH#* } ${1#$pd/}${deps} else [ -n $UPDATE_ALL ] term_printf ${1#$pd/}${deps} @@ -2623,7 +2625,7 @@ [ -z $dep_of_deps ] dep_of_deps=0 export PM_PARENT_PORT num_of_deps dep_of_deps - term_printf + #term_printf } if [ -n $PM_URB ]; then @@ -2783,6 +2785,7 @@ numports=$(( $numports + 1 )) init_term_printf $port ${numports}/${numports} + term_printf ($0 $ARGS $port) || update_failed=update_failed . $IPC_SAVE [ -n $update_failed ] fail Update for $port failed @@ -2825,6 +2828,7 @@ num=$(( $num + 1 )) init_term_printf $port ${num}/${numports} + term_printf ($0 $ARGS $port) || update_failed=update_failed . $IPC_SAVE [ -n $update_failed ] fail Update for $port failed @@ -2978,6 +2982,7 @@ [ -n $DI_FILES ] (read_distinfos) init_term_printf All + term_printf ports_by_category echo === Starting check of installed ports for available updates ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Portmaster and update progress, suggestion.
On 06/06/2012 15:06, Doug Barton wrote: On 06/06/2012 09:11, Leslie Jensen wrote: My initial wish for some information about the build progress is still very much on the table. Try the attached patch. Actually try this one instead. :) -- This .signature sanitized for your protection Index: portmaster === --- portmaster (revision 236697) +++ portmaster (working copy) @@ -2208,6 +2208,8 @@ } term_printf () { + case $1 in *\\*) echo -e \n\t${PM_PARENT_PORT}${1} ;; esac + [ -n $PM_NO_TERM_TITLE ] return case $TERM in cons*) return ;; esac @@ -2283,7 +2285,6 @@ deps= (${dep_of_deps}/${num_of_deps}) if [ -n $PM_DEPTH ]; then - echo ${PM_DEPTH} ${1#$pd/} term_printf ${PM_DEPTH#* } ${1#$pd/}${deps} else [ -n $UPDATE_ALL ] term_printf ${1#$pd/}${deps} @@ -2527,19 +2528,16 @@ safe_exit elif [ -n $PM_FIRST_PASS -a -z $PM_PACKAGES ]; then echo === Initial dependency check complete for $portdir - case $PM_DEPTH in *\\*) echo $PM_DEPTH ;; esac else echo === Dependency check complete for $portdir - case $PM_DEPTH in - *\\*) echo $PM_DEPTH ;; - *) if [ $PM_PARENT_PORT = All ]; then - local deps - deps= (${dep_of_deps}/${num_of_deps}) - term_printf ${upg_port:-$portdir}${deps} - else - term_printf - fi ;; - esac + + if [ $PM_PARENT_PORT = All ]; then + local deps + deps= (${dep_of_deps}/${num_of_deps}) + term_printf ${upg_port:-$portdir}${deps} + else + term_printf + fi fi } # dependency_check() ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 06/06/2012 20:27, Robert Bonomi wrote: Suppose I put up a web app that takes an executable as input, signs it with my key, and returns the signed filt to the submitter. I don't divulge the key to anyone, just use it on 'anything'. Anybody attempting to revoke on _that_ basis is asking for a lawsuit. To me it would be perfectly reasonable to revoke the key as soon as you signed the first piece of malware. And then anyone who has used the service is left with broken binaries, so the model fails. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Blank page after log in to phpmyadmin
I have a blank white page after I log into phpmyadmin. I have upgraded to php 5.4.3 along with the extensions. Also upgraded to current phpmyadmin. Have checked the error logs and nothing is showing in the logs. Any idea what happended. phpmyadmin was working before upgrade. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Blank page after log in to phpmyadmin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/6/12 7:16 PM, be...@norden1.com wrote: I have a blank white page after I log into phpmyadmin. I have upgraded to php 5.4.3 along with the extensions. Also upgraded to current phpmyadmin. Have checked the error logs and nothing is showing in the logs. Any idea what happended. phpmyadmin was working before upgrade. Hi there, This is typically caused by a PHP-related error of some sort. Have you enable the error_log directive in your php.ini file? If not, do that and restart your server. After loading the page again, check the file and you should have some indication of what's wrong. Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/cpucycle/ - Follow you, follow me -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/P6D8ACgkQ0sRouByUApClwwCfbKt4LmaJ+pKiIss/Av95CuTQ 8nUAnAzfNrx4fs78ej6UFuf0G5i5bpln =XAa7 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. There's set up running costs (time money), other exposure http://berklix.com/~jhs/mecc/ltd_gmbh.html Easiest done by those who have done it before, One would be careful, there's exposure to directors individual liabilities eg fraud laws perhaps in some scenarios, not wanting to be struck off listed as somone not allowed to be a director of other companies. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? I doubt it. Even if so, best avoid one individual in the firing line. It's not nice being a small company director personaly targeted by lawyers of a rich malicious company. Being in another country gives little protection, remote lawyers hire local lawyers to harass. They don't even need a good chance of winning, inventive threats, stress costs unpleasant. Best activate officials with big budgets manpower to fight back. We should unite with other Free Source groups approach inform eg the Competition Commisioner of the European Union (which has already fined MS heavily before on anti monopoly issues) http://en.wikipedia.org/wiki/European_Union_Microsoft_competition_case http://www.msnbc.msn.com/id/23366103/ns/business-world_business/t/eu-fines-microsoft-record-billion/ I recall George Bush junior quashed the last go at breaking up Microsoft, but maybe the present USA govt. could be encouraged to fine MS, even if they don't fancy breaking the monopoly aka http://en.wikipedia.org/wiki/Standard_Oil Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Which FreeBSD for Intel i7-2600S and DQ67SWB3?
freebsd-questions: I have a new computer with an Intel i7-2600S processor and DQ67SWB3 motherboard that I'd like to run with ZFS, virtual machine host, desktop, Samba, and terminal server (on second NIC). Can this be done with FreeBSD; if so, which distribution and ports/packages do I need? TIA, David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: UEFI Secure Boot Specs - And some sanity
Thank you for this. I didn't realize that a simple (somewhat technical) question asked in all innocence would generate so much flammage. Kurt On Wed, Jun 6, 2012 at 1:13 PM, grarpamp grarp...@gmail.com wrote: Isn't there a lot of needless handwaving going on when the spec is pretty clear that installing your own complete PKI tree will all boil down to what is effectively a jumper on the motherboard? First, some sanity... Users could fully utilize the UEFI Secure Boot hardware by say: - Using openssl to generate their keys - Jumper the board, burn it into the BIOS in UEFI SB SetupMode - Have all the MBR, slice, partition, installkernel, etc tools install and manage the signed disk/loader/kernel/module bits - Have the BIOS check sigs on whatever first comes off the media I don't see that the user will actually NOT be able to do this on anything but 'designed for windows only' ARM systems. Seeing how open Android/Linux is firmly in that space, this will just devalue the non open windows product. There have been 25 years of generic mass produced motherboards. And 25 years of open source OS commits to utilize them. That is not changing anytime soon. Non generic attempts fail. Even corporate kings Dell and HP know they would be foolish to sell motherboards that will not allow their buyers to swap out the PK keys... because they know their buyers run more than just windows and that they need various security models. And if they really were that dumb, there's Gigabyte, Asus, Msi, Supermicro, Biostar, etc who will not be so dumb and will soak up all the remaining sales gravy. The masses have seen and now want openness, open systems, sharing. The old models are but speed bumps on their own way out the door. Though it seems a non issue to me, if you want to protest, protest for 'Setup Mode'. And not here on this list, but to the hardware makers. We should want to use this PKI in our systems. Not disable it. Not pay $100 to terminate the PKI chain early. Not pay $100 to lock us into unmodifiable releases (aka: BSD corporate version). I look forward to seeing the UEFI SB PK SetupMode AMD and Intel generic motherboard list :) On to facts... http://www.uefi.org/ Spec Chapter 27 Secure Boot, SetupMode, PK, Shell, etc https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface https://en.wikipedia.org/wiki/Unified_EFI_Forum http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot http://mjg59.dreamwidth.org/12368.html http://mjg59.livejournal.com/ https://www.tianocore.org/ http://www.avrfreaks.net/index.php?name=PNphpBB2file=viewtopicp=962584 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
From owner-freebsd-questi...@freebsd.org Wed Jun 6 18:13:09 2012 Date: Thu, 07 Jun 2012 00:09:54 +0100 From: Bruce Cran br...@cran.org.uk To: Robert Bonomi bon...@mail.r-bonomi.com Cc: freebsd-questions@freebsd.org Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? On 06/06/2012 20:27, Robert Bonomi wrote: Suppose I put up a web app that takes an executable as input, signs it with my key, and returns the signed filt to the submitter. I don't divulge the key to anyone, just use it on 'anything'. Anybody attempting to revoke on _that_ basis is asking for a lawsuit. To me it would be perfectly reasonable to revoke the key as soon as you signed the first piece of malware. It may seem reasonable to you, but is there -legal- basis to do so? 'signing' only provides assurance of the identity of the signer. I did sign it. The key has not been compromised. The software in question is tracable to the signer, but the signer never claimed it was 'error free', what conract or statute did they breach by doing the signing? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Jun 6, 2012, at 4:54 PM, Robert Bonomi wrote: [ ... ] It may seem reasonable to you, but is there -legal- basis to do so? Go ask your lawyer. freebsd-questions isn't qualified to provide you with legal advice. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
From owner-freebsd-questi...@freebsd.org Wed Jun 6 19:01:14 2012 From: Chuck Swiger cswi...@mac.com Date: Wed, 06 Jun 2012 16:59:36 -0700 To: Robert Bonomi bon...@mail.r-bonomi.com Cc: freebsd-questions@freebsd.org Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? On Jun 6, 2012, at 4:54 PM, Robert Bonomi wrote: [ ... ] It may seem reasonable to you, but is there -legal- basis to do so? Go ask your lawyer. freebsd-questions isn't qualified to provide you with legal advice. Thank you for your opinion. However, if you had bothered to read the thread you woul understand that it was not a solicitation of legal advice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
bug in /usr/bin/calendar: Thu+1 doesn't match on 7th or December
Bug report for /usr/bin/calendar SUMMARY: calendar does not match Thu+1 or Mon+1 in some months. With one exception, it looks like calendar file dates such as Thu+1 and Mon+1 are failing to match in two cases: (1) the 7th of Jan-Nov, and (2) December. DETAILS/EXAMPLES: FreeBSD crystal 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 The bug occurs whether or not the command line options below are used. I first noticed it today (a Wednesday) because a Thu+1 event tomorrow was not in calendar's output. Example 1: Thu+1 ~/.calendar/calendar: Thu+1 foo (that's Thu+1\tfoo\n in C) foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 ) calendar -t 1.$i.2011 -W 9 end Jan 6* foo Feb 3* foo Mar 3* foo - Apr 7 absent May 5* foo Jun 2* foo - Jul 7 absent Aug 4* foo Sep 1* foo Oct 6* foo Nov 3* foo - Dec 1 absent foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 ) calendar -t 1.$i.2012 -W 9 end Jan 5* foo Feb 2* foo Mar 1* foo Apr 5* foo May 3* foo - Jun 7 absent Jul 5* foo Aug 2* foo Sep 6* foo Oct 4* foo Nov 1* foo - Dec 6 absent foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 ) calendar -t 1.$i.2013 -W 9 end Jan 3* foo - Feb 7 absent - Mar 7 absent Apr 4* foo May 2* foo Jun 6* foo Jul 4* foo Aug 1* foo Sep 5* foo Oct 3* foo - Nov 7 absent - Dec 5 absent Example 2: Mon+1 foo: Mon+1 foo (Mon+1\tfoo\n) foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 ) calendar -t 1.$i.2011 -W 9 -f foo end Jan 3* foo - Feb 7 absent - Mar 7 absent Apr 4* foo May 2* foo Jun 6* foo Jul 4* foo Aug 1* foo Sep 5* foo Oct 3* foo - Nov 7 absent - Dec 5 absent foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 ) calendar -t 1.$i.2012 -W 9 -f foo end Jan 2* foo Feb 6* foo Mar 5* foo Apr 2* foo - May 3 absent --- EXCEPTION! Jun 4* foo Jul 2* foo Aug 6* foo Sep 3* foo Oct 1* foo Nov 5* foo - Dec 3 absent foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 ) calendar -t 1.$i.2013 -W 9 -f foo end - Jan 7 absent Feb 4* foo Mar 4* foo Apr 1* foo May 6* foo Jun 3* foo Jul 1* foo Aug 5* foo Sep 2* foo - Oct 7 absent Nov 4* foo - Dec 2 absent HTH, -WBE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
(cf. EULA) that you accept those licensing of hardware. Also, I think you'll find that such actions are already illegal certainly in the UK, and I believe EU wide. Yes illegal for English law (England Scotland have different contract laws). Contract terms given after money changes hands are Not part of contract. (Reasonable Eh ?) Case law since in UK, NCP National Car Park lost an appeals court decision on their nasty disclaimers visible only after you'd paid to enter car park. (PS Matthew, I noticed in Canterbury NCP built an escape lane in their car park after. So one could then queue up to park, theoreticaly block the lane, read super fast all the disclaimers, before deciding to either pay enter or take the sharp curve out. I've always hoped all the (usually American) legal rubbish in the sealed packages I bought in Germany were on same principle irrelevant, (but no idea). USA companies later learnt to ship with front page in transparent bags, but still not usualy readable till after purchase. Maybe USA restraint of trade laws could penalise a monopolist working to convert a market to sell computers that (if amd64) have been been crippled to only work with associate bsuiness partners ? Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bug in /usr/bin/calendar: Thu+1 doesn't match on 7th or December
Hi, Please report bugs with send-pr (cos bug reports to mail list get lost) See man send-pr If you can attach a patch to fix it, so much the better Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Mark Felder f...@feld.me wrote: Yes, let's all run ALPHA and MIPS hardware. I'll just jam my Nvidia card into one of the available slots and everything should work OK, right? Dear Numbskull, It's co-dependent hostages like you who enable Intel Mafiaware. According to your logic we should all be using Windows since everything just works, right? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Please help me diagnose this crazy VMWare/FreeBSD 8.x crash
Hi guys I'm excitedly posting this from my phone. Good news for you guys, bad news for us -- we were building HA storage on vmware for a client and can now replicate the crash on demand. I'll be posting details when I get home to my PC tonight, but this hopefully is enough to replicate the crash for any curious followers: ESXi 5 9 or 9-STABLE HAST 1 cpu is fine 1GB of ram UFS SUJ on HAST device No special loader.conf, sysctl, etc No need for VMWare tools Run Bonnie++ on the HAST device We can get the crash to happen on the first run of bonnie++ right now. I'll post the exact specs and precise command run in the PR. We found an old post from 2004 when we looked up the process state obtained from CTRL+T -- flswai -- which describes the symptoms nearly perfectly. http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2004-02/0250.html Hopefully this gets us closer to a fix... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Damien Fleuriot m...@my.gd wrote: On 6 Jun 2012, at 21:52, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware and run a free (or in the case of Linux apparently free) OS on free hardware. There are increasing numbers of SBCs and plenty of used servers on Ebay. They're all built better than commodity Intel mafiaware. Good riddance! You have no idea what you're talking about. I have no idea what you're talking about. Does that count? This kind of religious propaganda post is neither constructive nor helpful. But your expansive and well-reasoned rebuttal is? Is mafiaware a religious issue? I thought it was common sense. Thanks for your half-assed attempt to marginalize it. I don't think you were successful. If at first... I don't trust AMD with my servers' CPUs, not since many years ago when they had all these overheating problems. I don't really care about that. But I'm sure you feel better after getting it off your chest. Still, that doesn't have to do with two major corporations conspiring to butt-fuck the consumer. At most it involved one company. So, for now, this is more important than what you wanted to talk about. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Alejandro Imass a...@p2ee.org wrote: On Wed, Jun 6, 2012 at 3:52 PM, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiaware and run a free (or in the case of Linux apparently free) OS on free hardware. But this is more to do with the BIOS than with Intel as such. Intel and Microshaft conspired together and now they get to decide what BIOS they sell you. They figured out a way to make it harder for non-Winblows OS to be installed on most commodity shitboxes made after this goes into effect. Wasn't there a FreeBIOS, later LinuxBIOS, now coreboot I believe..? I can tell from your question it was a smashing success. Everybody uses it. Somebody's heard of it? So replacing the BIOS entirely wouldn't suffice to override all this nonsense? Probably but very few people can flash their own BIOS. Hell, they can't even install a copy of Windows bought off the shelf...What if the BIOS has protection against reflashing? Otherwise it won't be secure... Just because smart people can work around something doesn't make it right. Say NO to the Intel and Microshaft mafia, say NO to secure boot that isn't. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Which FreeBSD for Intel i7-2600S and DQ67SWB3?
- Original Message - From: David Christensen dpchr...@holgerdanske.com I have a new computer with an Intel i7-2600S processor and DQ67SWB3 motherboard that I'd like to run with ZFS, virtual machine host, desktop, Samba, and terminal server (on second NIC). Can this be done with FreeBSD; if so, which distribution and ports/packages do I need? - My response, from awkward Insight webmail interface: This looks like the processor I have, I think you would use amd64. Almost certainly your system is 64-bit as opposed to 32-bit. For a new computer, I wouldn't go with anything earlier than FreeBSD 9.0, and in my case, upgrading to 9.0-STABLE proved stabler than the 9.0 release. Base system includes ZFS. I've never used virtual machines, but VirtualBox is popular for this purpose. Samba is in ports. I don't recognize or don't remember DQ67SWB3 motherboard model, is it from MSI? Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT - A Makefile Question
in message 4fcf48af@tundraware.com, wrote Tim Daneliuk thusly... ... Within a makefile, I need to assign the name of a program as in: FOO = bar. The problem is that 'bar' may also be know as, say, bar.sh. ... Is there a simple way to determine which form bar or bar.sh on on a given system *at the time the make is run*? If both exist, I will pick one arbitrarily, ... For example I don't think this works when both are there: FOO = $(shell `which bar bar.sh) Modify the subshell command to ... which bar bar.sh | head -n 1 ... as in (for FreeBSD make) ... shell=`which zsh sh tcsh csh 2/dev/null | fgrep -v 'not found' | head -n 3` all: @printf %s\n ${shell} - parv -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On Wed, Jun 06, 2012 at 03:05:00PM -0400, Jerry wrote: I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. I have immediately installed FreeBSD on the last four or five laptops I purchased, and I get most of my laptops direct from Lenovo. While my Significant Other has been installing Debian on her laptops, also acquired from Lenovo, she is probably going to start using FreeBSD instead next time. I know several other people who install FreeBSD on their new primary-use systems when they get them, including a couple of developers who do MS Windows development (among other things). This doesn't even take into account the servers many of us use, which are even more likely to get FreeBSD installed, and none of this has anything to do with corporate accounts or bulk purchases. Yes, my evidence is anecdotal, but I think your notions of the frequency of FreeBSD use other than in a corporate setting are also based on anecdotal observations, so we're even. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mount failure
Running under X with xfce, just did this: gpart show -l da0 gpart delete -i 1 da0 gpart destroy da0 gpart create -s GPT da0 gpart bootcode -b /boot/pmbr da0 gpart add -t freebsd-boot -i 1 -s 512K -l gptboot da0 gpart bootcode -b /boot/gptboot -i 1 da0 gpart add -t freebsd-ufs -a 4K -s 35G -i 2 -l fbsdroot da0 gpart add -t freebsd-swap -a 4K -s 512M -i 3 -l fbsdswap da0 gpart add -t freebsd-ufs -a 4K -s 1G -i 4 -l fbsdvar da0 gpart add -t freebsd-ufs -a 4K -s 512M -i 5 -l fbsdtmp da0 gpart add -t freebsd-ufs -a 4K -s 893G -i 6 -l fbsdusr da0 newfs /dev/gpt/fbsdroot newfs -U /dev/gpt/fbsdvar newfs -U /dev/gpt/fbsdtmp newfs -U /dev/gpt/fbsdusr mount /dev/gpt/fbsdroot /mnt/goflex I then tried to create a snapshot of / X immediately slowed to less than a crawl, and I couldn't do anything. At first I could move the pointer a little, but then I lost it. After a half hour or so, I power-cycled and rebooted. When I tried to mount the usb drive, I (not surprisingly) got this: #mount /dev/gpt/fbsdroot /mnt/goflex/root mount: /dev/gpt/fbsdroot : operation not permitted WARNING: RW mount of /mnt/goflex denied. File system is not clean - run fsck. But when I try to do an fsck, I can't: #fsck /dev/gpt/fbsdroot fsdk: could not determine filesystem type (same msg for /dev/gpt and /dev/da0p2) hints? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org