security/pgp on amd64

--- Start of forwarded message --- Hi, Is the port security/pgp working on amd64 system? I copied my public and private keyrings from i386 to amd64 system and I cannot decipher any file, it keeps on complaining that the pass phrase is bad. I already tried to export the key on the i386 an

PCI-X SATA card for FreeBSD

--- Start of forwarded message --- Hi, I am not sure if any card of the type exists, but I am looking for a PCI-X card with external SATA connector (1 or 2) to supports port multiplier. Idea is to attach a bank of disk to use a backup media. TIA, Olivier

cups&samba jailed

Attempting to setup cups and samba into a jail. How do you mount/add device node /dev/ulpt0 within a jail. Essentially I would like to know, how to add device nodes within jail /dev for specifically the devices I want? I have read man pages and tutorials on setting up jails but none show example

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 03:59:44PM -0500, David Kelly wrote: > On Tue, Jun 23, 2009 at 01:10:41PM -0700, Gary Kline wrote: > > > > battery-backed ram sound great for the time being! > > > > if not now [this minute], then relatively soon, i'm guessing > > within a few years somebody wi

Re: upgrading installed ports: time to do it ?

On Tue, 23 Jun 2009 22:21:21 +0100 Chris Whitehouse wrote: > RW wrote: > > On Mon, 22 Jun 2009 20:58:41 +0100 > > Chris Whitehouse wrote: > > > >> I'll probably get flamed for this but since I've been using > >> ports-mgmt/portmanager I've almost forgotten > >> about /usr/ports/UPDATING and al

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 12:30:25PM -0500, Gary Gatten wrote: > If it's fast enough to allow one to work unimpeded, has acceptable > lifetime/reliability, and uses less power/generates less heat than > traditional platter HD - I'd say it's a good solution. It's not a one > size fits all world. >

Untrusted X11 forwarding setup failed

Whenever I $ ssh -X u...@server from my FreeBSD machine, I get the following message (and am successfully logged in): Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding. When I log in to the same

upgrading openoffice.org with portmaster

when I start upgrading openoffice.org it switches from my localized language build to standard us en. Anyone have an idea how to force upgrade to stick with my norwegian build with portmaster ?? Platform freebsd 7.2 stable (x86) Blessed be ___

Re: Certified Hardware

On Tue, Jun 23, 2009 at 03:18:33PM -0400, Thompson, Rhett wrote: > Is it possible for you to provide us with an updated hardware certified > vendor list for FreeBsd. There is no such thing, AFAIK. The volunteers who form the FreeBSD project spend their time improving FreeBSD, not doing formal ce

The worldwide search for CircusPrincess 2009 is on!

The worldwide search for CircusPrincess 2009 is on! The CircusPrincess, a fairytale come true, is no ordinary circus. It's the ultimate celebration of female grace, beauty and talent. And now, for the first time in history, we're inviting the global Internet audience to join us in the nominati

Re: 3d video driver for x1950 / Dawn of war via wine

On Tue, Jun 23, 2009 at 09:54:02PM +, Brad Davison wrote: > > I have a 7.2-RELEASE system for audio processing (Ardour, JACK, etc.) running > on a dual Xeon 2.8, 2gb ram > drm0: on vgapci0 > with xorg7.4_2 > xorg-server-1.16.1,1 > xfce-4.6.1 > > I was wondering if I was using the right dri

Re: Best practices for securing SSH server

Bill Moran wrote: In response to Erik Norgaard : Bill Moran wrote: In response to Erik Norgaard : I do, you can put your interface in promiscuous mode and let the daemon grab packets before they are filtered by the firewall, or open in your firewall for a range of port your knock deamon wi

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 11:12:05PM +0200, Polytropon wrote: > On Tue, 23 Jun 2009 15:59:44 -0500, David Kelly wrote: > > We are already there. SSDs are not slower than mechanical disk > > drives, they are faster. The only detriments are 1) cost, 2) limited > > write life. > > What about power con

RE: What's happening

Since we're speculating, could be the switch disabled the port due to a "security" event of some sort (flapping, bpdu guard/filter, etc.) and it's configured to auto-enable after n minutes. It's all speculation without more info. If this is the only info available, it's nearly worthless.

Re: upgrading installed ports: time to do it ?

On Tuesday 23 June 2009 23:21:21 Chris Whitehouse wrote: > RW wrote: > > On Mon, 22 Jun 2009 20:58:41 +0100 > > > > Chris Whitehouse wrote: > >> I'll probably get flamed for this but since I've been using > >> ports-mgmt/portmanager I've almost forgotten > >> about /usr/ports/UPDATING and all that

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 01:10:41PM -0700, Gary Kline wrote: > On Tue, Jun 23, 2009 at 12:22:19PM -0700, Kurt Buff wrote: > > On Mon, Jun 22, 2009 at 16:07, Gary Kline wrote: > > > > For a small unit like this, SSD is really nice. > > > > But, for my workstations/servers, I'm wondering if a pure >

Re: upgrading installed ports: time to do it ?

Jerry wrote: On Mon, 22 Jun 2009 20:58:41 +0100 Chris Whitehouse wrote: I'll probably get flamed for this but since I've been using ports-mgmt/portmanager I've almost forgotten about /usr/ports/UPDATING and all that pkgdb -Fu stuff or whatever it was. I've upgraded ports just by doing 'portma

Re: What's happening

Well, sorta true. We know that he lost connectivity for 13 minutes. As you said, there are many reasons why this might be so, and several were suggested. The two most likely are: 1) power loss to the switch 2) somebody disconnected the cable, then replaced it Clearly, however, it isn't port nego

Re: Best practices for securing SSH server

In response to Erik Norgaard : > Bill Moran wrote: > > In response to Erik Norgaard : > > > >> - dynamically updating firewall rules on the interface facing the > >> Internet is not on my list of good practices. loading or flushing rules > >> continuously is the recipe for service interruption

Re: upgrading installed ports: time to do it ?

RW wrote: On Mon, 22 Jun 2009 20:58:41 +0100 Chris Whitehouse wrote: I'll probably get flamed for this but since I've been using ports-mgmt/portmanager I've almost forgotten about /usr/ports/UPDATING and all that pkgdb -Fu stuff or whatever it was. I've upgraded ports just by doing 'portmanag

Re: you're not going to believe this.

On Tue, 23 Jun 2009 15:59:44 -0500, David Kelly wrote: > We are already there. SSDs are not slower than mechanical disk drives, > they are faster. The only detriments are 1) cost, 2) limited write life. What about power consumption? Because they seem to be primarily intended for portable devices,

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 13:59, David Kelly wrote: > On Tue, Jun 23, 2009 at 01:10:41PM -0700, Gary Kline wrote: >> >>       battery-backed ram sound great for the time being! >> >>       if not now [this minute], then relatively soon, i'm guessing >>       within a few years somebody will have a so

RE: What's happening

There's not NEARLY enough info in OP to answer this - I can't believe anyone is even trying. It could be many dozen different things. -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Wojciech Puchar Sent: Tuesday, June

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 01:10:41PM -0700, Gary Kline wrote: > > battery-backed ram sound great for the time being! > > if not now [this minute], then relatively soon, i'm guessing > within a few years somebody will have a solid-state device that emulates > the current mech

Re: Best practices for securing SSH server

Daniel Underwood wrote: A port-knocking sequence is really nothing different than a shared password. Technically and conceptually, that's true. But "practically", I'm not sure you're right. If in addition to attempting to enumerate the space of possible passwords, an attacker also enumerates

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 09:46:01PM +0200, Wojciech Puchar wrote: > >>and lifetime. > > > >Even a flash filesystem will have to do wear levelling. > > yes - but it don't have to copy blocks that are free. with disk > emulation - it doesn't know anything about filesystem and don't know > what blocks

Re: Best practices for securing SSH server

> A port-knocking sequence is really nothing different than a shared password. Technically and conceptually, that's true. But "practically", I'm not sure you're right. If in addition to attempting to enumerate the space of possible passwords, an attacker also enumerates the space of possible por

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 12:22:19PM -0700, Kurt Buff wrote: > On Mon, Jun 22, 2009 at 16:07, Gary Kline wrote: > > For a small unit like this, SSD is really nice. > > But, for my workstations/servers, I'm wondering if a pure > battery-backed RAM disk, in RAID1 with a regular hard drive, might be >

Re: Certified Hardware

On Tue, Jun 23, 2009 at 3:18 PM, Thompson, Rhett wrote: > Hi, > > > > Is it possible for you to provide us with an updated hardware certified > vendor list for FreeBsd.   We would like to know if FreeBSD is supported > on HP Blades and which models, network cards, HBA cards for connecting > to SAN'

Certified Hardware

Hi, Is it possible for you to provide us with an updated hardware certified vendor list for FreeBsd. We would like to know if FreeBSD is supported on HP Blades and which models, network cards, HBA cards for connecting to SAN's. Any help will be greatly appreciated. We need this informatio

Re: slowloris, accf_http and POST requests

On Tue, Jun 23, 2009 at 05:23:19PM +0200, Fabian Keil typed: > Ruben de Groot wrote: > > > On Mon, Jun 22, 2009 at 05:35:56PM -0500, Dan Nelson typed: > > > In the last episode (Jun 22), Ruben de Groot said: > > > > > > > > My main concern here is if applying the trivial patch I posted would > >

Re: What's happening

> > Jun 23 17:09:09 zeus kernel: fxp0: link state changed to DOWN > Jun 23 17:22:25 zeus kernel: fxp0: link state changed to UP look at time. it's 13 minutes down ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo

Re: you're not going to believe this.

and lifetime. Even a flash filesystem will have to do wear levelling. yes - but it don't have to copy blocks that are free. with disk emulation - it doesn't know anything about filesystem and don't know what blocks are free. ___ freebsd-questions@

Re: you're not going to believe this.

On Mon, Jun 22, 2009 at 16:07, Gary Kline wrote: >        you guys aren't going to believe what i just found on the web for >        the ASUS Eee-901 [or is it the "900"].  it was for the 9- and >        10-inch screens.  i was using konq which just segv'd so i am >        taking a break and though

Re: Can't boot 7.2-RELEASE i386 or AMD64 on an Abit KV8 Pro motherboard with Sempron 3100+ CPU

ericr wrote: On Sat, Jun 20, 2009 at 3:10 PM, Kent Stewart wrote: On Saturday 20 June 2009 11:00:45 am ericr wrote: Hi, As the subject says, I can't get the 7.2-RELEASE i386 CD to boot on a system that has: Abit KV8 Pro (K8T800P-8237-6A7L1A1BC-26) motherboard with the most recent BIOS - BIO

Re: Can't boot 7.2-RELEASE i386 or AMD64 on an Abit KV8 Pro motherboard with Sempron 3100+ CPU

--- On Tue, 6/23/09, ericr wrote: > From: ericr > Subject: Re: Can't boot 7.2-RELEASE i386 or AMD64 on an Abit KV8 Pro > motherboard with Sempron 3100+ CPU > To: "Kent Stewart" , freebsd-questions@freebsd.org > Date: Tuesday, June 23, 2009, 12:44 PM > On Sat, Jun 20, 2009 at 3:10 PM, Kent >

Re: Best practices for securing SSH server

On Mon, Jun 22, 2009 at 22:50, prad wrote: > On Mon, 22 Jun 2009 21:16:35 -0400 > Daniel Underwood wrote: > >> Due to the speed and location of the >> connection, it's a relatively high-risk target. >> > why does the speed of a connection make it a higher risk? > is it because bruteforce technique

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 07:23:22PM +0200, Wojciech Puchar wrote: > >> whatever. > > > > Not so. See http://en.wikipedia.org/wiki/Flash_file_system > > > > Most flash devices sold as harddisks have hardware that emulates a > > traditional harddisk, representing it as a (P/S)ATA block device. Unless

Re: What's happening

Robert Huff wrote: > David Kelly writes: > >> > Can anyone explain this: >> > >> > Jun 23 17:09:09 zeus kernel: fxp0: link state changed to DOWN >> > Jun 23 17:22:25 zeus kernel: fxp0: link state changed to UP >> > >> > What's causing this??? >> >> The wire was disconnected during tha

Re: Best practices for securing SSH server

Bill Moran wrote: In response to Erik Norgaard : You add an extra layer of inconvenience and complexity, more things that can fail and possibly result in an insecure server: I would agree with you, except ... - dynamically updating firewall rules on the interface facing the Internet is not

Re: What's happening

David Kelly writes: > > Can anyone explain this: > > > > Jun 23 17:09:09 zeus kernel: fxp0: link state changed to DOWN > > Jun 23 17:22:25 zeus kernel: fxp0: link state changed to UP > > > > What's causing this??? > > The wire was disconnected during that time. Possibly the > hub/swit

Re: No sound, no mouse and now X applications won't start

On Tue, Jun 23, 2009 at 07:11:48PM +0530, Manish Jain wrote: > Hi, > > I have solved most of the problems listed in my previous message with > help from Roland Smith. > > The fact still remains that FreeBSD-7.2 has some definite problems on > AMD hardware : > > 1) On multi-core systems, the co

Re: Can't boot 7.2-RELEASE i386 or AMD64 on an Abit KV8 Pro motherboard with Sempron 3100+ CPU

On Sat, Jun 20, 2009 at 3:10 PM, Kent Stewart wrote: > On Saturday 20 June 2009 11:00:45 am ericr wrote: > > Hi, > > > > As the subject says, I can't get the 7.2-RELEASE i386 CD to boot on a > > system that has: > > > > Abit KV8 Pro (K8T800P-8237-6A7L1A1BC-26) motherboard with the most recent > >

RE: you're not going to believe this.

If it's fast enough to allow one to work unimpeded, has acceptable lifetime/reliability, and uses less power/generates less heat than traditional platter HD - I'd say it's a good solution. It's not a one size fits all world. -Original Message- From: owner-freebsd-questi...@freebsd.org [ma

Re: you're not going to believe this.

99.8% solution waiting for the 99.9% solution. As for "emulating a hard drive", its only slow relative to potential it's a nonsense to pay for emulation layer that slows down real devices. And random filesystem writes could be much faster on flash than on disk - if properly designed _

Re: you're not going to believe this.

whatever. Not so. See http://en.wikipedia.org/wiki/Flash_file_system Most flash devices sold as harddisks have hardware that emulates a traditional harddisk, representing it as a (P/S)ATA block device. Unless you can bypass this, there is no need for a special filesystem. yes this is exactly

Re: Best practices for securing SSH server

In response to Erik Norgaard : > Daniel Underwood wrote: > >> I do not believe that tricks like running ssh on a > >> non standard port or using port-knocking provide > >> much extra security. > > > > I can understand that varying the port is not a very strong defensive > > measure, but I don't u

Re: Problem starting slapd (FIXED)

On Tue, 23 Jun 2009 11:03:16 -0400 Carmel NY wrote: > On Tue, 23 Jun 2009 16:46:42 +0200 > Peter Boosten wrote: > > > Check permissions on /var/run/openldap > > drwxr-xr-x 2 ldapldap 512B Jun 23 10:57 openldap/ > > They appear to be correct. I might add, that I did a complet

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 09:31:06AM +0200, Wojciech Puchar wrote: > > > you guys aren't going to believe what i just found on the web for > > the ASUS Eee-901 [or is it the "900"]. it was for the 9- and > > 10-inch screens. i was using konq which just segv'd so i am > > taking a b

Re: Thanks [upgrading installed ports: time to do it ?]

On Tue 23 Jun 2009 at 07:09:28 PDT dan wrote: I used both pkg_updating and portupdate-scan to scan UPDATING [pkg_updating did not show an entry suggesting to update python to version 2.6 (which Portupdate-scan did)]. Well, I just learned something from this thread. I didn't know about these t

Re: Best practices for securing SSH server

Daniel Underwood wrote: I do not believe that tricks like running ssh on a non standard port or using port-knocking provide much extra security. I can understand that varying the port is not a very strong defensive measure, but I don't understand your point about port-knocking. If you configur

Re: ~/.ssh directory permissions

2009/6/23 Peter Boosten : > > > On 23 jun 2009, at 16:06, Daniel Underwood wrote: > >> Looking at my ~/.ssh directory, I see the following permissions: >> >> -rw-r--r-- >> >> Which I understand to be equivalent to 644. >> >> I read here that >> ~/.ss

Re: you're not going to believe this.

On Tue, 23 Jun 2009 09:31:06 +0200 (CEST), Wojciech Puchar wrote: > today we have huge flash disks for really cheap, but still don't have > native flash filesystem in any OS, be it FreeBSD or windoze or mac os x or > whatever. > > This flash chips have to emulate hard drive, which slows them d

Re: What's happening

On Tue, Jun 23, 2009 at 05:28:51PM +0200, Jack Raats wrote: > Can anyone explain this: > > Jun 23 17:09:09 zeus kernel: fxp0: link state changed to DOWN > Jun 23 17:22:25 zeus kernel: fxp0: link state changed to UP > > What's causing this??? The wire was disconnected during that time. Possibly t

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 07:52:27AM -0700, Gary Kline wrote: > On Tue, Jun 23, 2009 at 09:31:06AM +0200, Wojciech Puchar wrote: > > > > today we have huge flash disks for really cheap, but still don't > > have native flash filesystem in any OS, be it FreeBSD or windoze or > > mac os x or whatever.

Re: self-serving redeux/revisited, and more questions?

On Mon, 22 Jun 2009 08:14:47 -0700, Gary Kline wrote: > ok, sorry. "Brain fault: Core dump" :-) Core fault: brain dump. :-) -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-question

What's happening

Can anyone explain this: Jun 23 17:09:09 zeus kernel: fxp0: link state changed to DOWN Jun 23 17:22:25 zeus kernel: fxp0: link state changed to UP What's causing this??? Thanks for yout time Jack Raats ___ freebsd-questions@freebsd.org mailing list ht

Re: slowloris, accf_http and POST requests

Ruben de Groot wrote: > On Mon, Jun 22, 2009 at 05:35:56PM -0500, Dan Nelson typed: > > In the last episode (Jun 22), Ruben de Groot said: > > > > > > My main concern here is if applying the trivial patch I posted would > > > break anything in the http protocol layer. And if not, why isn't the >

Re: Checksum mismatches when csup-ing.

Paul van der Zwan wrote: [snip] >> > Well at least I am not the only one seeing these errors. I think we can > rule out a local problem and will have to wait for someone to fix this. > >> Note: I use cvsup to maintain a local copy of the cvs repository. >> It is not clear if you too is doing that

Re: No sound, no mouse and now X applications won't start

On Tuesday 23 June 2009 15:41:48 Manish Jain wrote: > I hope the next release will address these problems, as well as a pretty > reasonable request from me much earlier to move vi from /usr/bin to > /bin. Even in single-user mode, you almost always need an editor. Which is why you have ed(1) - bot

Re: cannot find -lltdl

kalin m wrote: > > > Chris Rees wrote: >> 2009/6/23 kalin m : [snip] >> >> >> Why aren't you using ports? >> > > there isn't ports for all that i need compiling with 5.2.10. Yes there is. You install the main PHP5 port first, then follow up by installing the php5-extensions port. When

Re: Problem starting slapd

On Tue, 23 Jun 2009 16:46:42 +0200 Peter Boosten wrote: > Check permissions on /var/run/openldap drwxr-xr-x 2 ldapldap 512B Jun 23 10:57 openldap/ They appear to be correct. I might add, that I did a complete deinstall of the port, removed the /usr/local/etc/openldap directory

Re: you're not going to believe this.

On Tue, Jun 23, 2009 at 09:31:06AM +0200, Wojciech Puchar wrote: > > > you guys aren't going to believe what i just found on the web for > > the ASUS Eee-901 [or is it the "900"]. it was for the 9- and > > 10-inch screens. i was using konq which just segv'd so i am > > taking a b

Re: ~/.ssh directory permissions

On 23 jun 2009, at 16:06, Daniel Underwood wrote: Looking at my ~/.ssh directory, I see the following permissions: -rw-r--r-- Which I understand to be equivalent to 644. I read here that ~/.ssh ought to have permissions 700. Which is prefera

Re: Checksum mismatches when csup-ing.

On 23 jun 2009, at 15:53, Erik Trulsson wrote: On Tue, Jun 23, 2009 at 02:43:36PM +0200, Paul van der Zwan wrote: On 23 jun 2009, at 05:55, Frank Shute wrote: On Mon, Jun 22, 2009 at 07:17:40PM +0200, Paul van der Zwan wrote: The last few days I see a dozens of Checksum mismatches when cs

Re: Problem starting slapd

On 23 jun 2009, at 16:39, Carmel NY wrote: FreeBSD-7.2 openldap-server-2.4.16_1 I just installed this port. For some reason it will not start correctly. I have all of the information entered in the /etc/rc.conf file and the slapd.conf and ldap.conf files are configured correctly. There is n

Re: Problem starting slapd

On 6/23/09, Carmel NY wrote: > FreeBSD-7.2 > openldap-server-2.4.16_1 > > I just installed this port. For some reason it will not start > correctly. I have all of the information entered in the /etc/rc.conf > file and the slapd.conf and ldap.conf files are configured correctly. > > There is no 'PI

Re: Multi-homed FreeBSD

On 6/23/09, Matej Šerc wrote: > Hi, > > we have a FreeBSD machine currently using PPPoE with NAT. As we already have > the cable connection which is about the same speed, I was just wondering of > doing some load balancing for the outside connection. I have no experiences > with that and will be r

Problem starting slapd

FreeBSD-7.2 openldap-server-2.4.16_1 I just installed this port. For some reason it will not start correctly. I have all of the information entered in the /etc/rc.conf file and the slapd.conf and ldap.conf files are configured correctly. There is no 'PID' file created. Below is what I receive whe

Re: slowloris, accf_http and POST requests

Ruben de Groot wrote: > On Mon, Jun 22, 2009 at 05:35:56PM -0500, Dan Nelson typed: >> In the last episode (Jun 22), Ruben de Groot said: >> > >> > My main concern here is if applying the trivial patch I posted would >> > break anything in the http protocol layer. And if not, why isn't the >> > P

Re: cannot find -lltdl

Chris Rees wrote: 2009/6/23 kalin m : hi all.. this is a bit awkward i'm building php 5.2.10 from source on freebsd 7.0. using: ./configure --with-layout=GNU --with-config-file-scan-dir=/usr/local/etc/php --disable-all --enable-libxml --with-libxml-dir=/usr/local --enable-reflection

Re: Checksum mismatches when csup-ing.

Paul van der Zwan wrote: > > On 23 jun 2009, at 05:55, Frank Shute wrote: > >> On Mon, Jun 22, 2009 at 07:17:40PM +0200, Paul van der Zwan wrote: >>> >>> The last few days I see a dozens of Checksum mismatches when csup-ing >>> src-all from cvsup.freebsd.org. >>> No errors appear on ports-all. >

Re: ~/.ssh directory permissions

Thanks. Might as well set to 700 then. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ~/.ssh directory permissions

On Tue, Jun 23, 2009 at 10:06:03AM -0400, Daniel Underwood wrote: > Looking at my ~/.ssh directory, I see the following permissions: > > -rw-r--r-- > > Which I understand to be equivalent to 644. > > I read here that > ~/.ssh ought to have permiss

Thanks [upgrading installed ports: time to do it ?]

Hello ! Thanks alll of you for taking time to answer my mail. I really appreciate it. I have (well...the system has) succesfully done the upgrade. I used both pkg_updating and portupdate-scan to scan UPDATING [pkg_updating did not show an entry suggesting to update python to version 2.6 (which

~/.ssh directory permissions

Looking at my ~/.ssh directory, I see the following permissions: -rw-r--r-- Which I understand to be equivalent to 644. I read here that ~/.ssh ought to have permissions 700. Which is preferable, and why? __

links for hal and hplip

For those of you, like myself, struggling with hal and printing (separate issues), check out the links below. You will note that the freebsd gnome page is at freebsd.org, but the freebsd kde page is at freebsd.kde.org. The hplip information at the kde site is not specific to kde. The hal faq at

Re: Checksum mismatches when csup-ing.

On Tue, Jun 23, 2009 at 02:43:36PM +0200, Paul van der Zwan wrote: > > On 23 jun 2009, at 05:55, Frank Shute wrote: > > > On Mon, Jun 22, 2009 at 07:17:40PM +0200, Paul van der Zwan wrote: > >> > >> The last few days I see a dozens of Checksum mismatches when csup-ing > >> src-all from cvsup.free

Re: Best practices for securing SSH server

> I do not believe that tricks like running ssh on a > non standard port or using port-knocking provide > much extra security. I can understand that varying the port is not a very strong defensive measure, but I don't understand your point about port-knocking. If you configure a complex and seemi

Multi-homed FreeBSD

Hi, we have a FreeBSD machine currently using PPPoE with NAT. As we already have the cable connection which is about the same speed, I was just wondering of doing some load balancing for the outside connection. I have no experiences with that and will be really glad if someone could point some thi

Re: No sound, no mouse and now X applications won't start

Message: 11 Date: Sat, 20 Jun 2009 16:34:00 -0400 From: Jerry Subject: Re: No sound, no mouse and now X applications won't start To: freebsd-questions@freebsd.org Message-ID: <20090620163400.62143...@scorpio.seibercom.net> Content-Type: text/plain; charset=US-ASCII On Sun, 21 Jun 2009 01:31:45 +

Re: Checksum mismatches when csup-ing.

On Tue, Jun 23, 2009 at 02:43:36PM +0200, Paul van der Zwan wrote: > > > On 23 jun 2009, at 05:55, Frank Shute wrote: > >> On Mon, Jun 22, 2009 at 07:17:40PM +0200, Paul van der Zwan wrote: >>> >>> The last few days I see a dozens of Checksum mismatches when csup-ing >>> src-all from cvsup.freebs

Re: Best practices for securing SSH server

"why does the speed of a connection make it a higher risk?" Super-fast connections are ideal targets for people to install private fileservers (among other things). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/

The Gimp

Due to some meteorological disasters I've had to replace my 6.1 FreeBSD system and I've installed 7.2 on the refurbished i386 computer: freebsd [22:03] ~>uname -a FreeBSD freebsd.connect-a.com.au 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 08:49:13 UTC 2009 My desktop is KDE Version 4.2.2 (n

Re: Checksum mismatches when csup-ing.

On 23 jun 2009, at 05:55, Frank Shute wrote: On Mon, Jun 22, 2009 at 07:17:40PM +0200, Paul van der Zwan wrote: The last few days I see a dozens of Checksum mismatches when csup-ing src-all from cvsup.freebsd.org. No errors appear on ports-all. Is there a problem with the cvs repository ? M

Re: cannot find -lltdl

2009/6/23 kalin m : > > > hi all.. > > this is a bit awkward > > i'm building php 5.2.10 from source on freebsd 7.0. using: > > ./configure --with-layout=GNU --with-config-file-scan-dir=/usr/local/etc/php > --disable-all --enable-libxml --with-libxml-dir=/usr/local > --enable-reflection --progr

Re: Best practices for securing SSH server

99% of crack attempts are done by "kevin mitnick" methods, not password cracking. Absolutely true. Mitnick was an early exponent of Social Engineering attacks, which are still the easiest and most effective methods for Mitnick just chose the best possible friend - human stupidity. It never f

Re: Best practices for securing SSH server

99% of crack attempts are done by "kevin mitnick" methods, not password cracking. You're right about the probability of password breaking, but personally I installed denyhosts just because I got sick of this: indeed, it's very useful but it's not a requirement at all to be secure :) The only

Re: slowloris, accf_http and POST requests

On Mon, Jun 22, 2009 at 05:35:56PM -0500, Dan Nelson typed: > In the last episode (Jun 22), Ruben de Groot said: > > > > My main concern here is if applying the trivial patch I posted would break > > anything in the http protocol layer. And if not, why isn't the POST method > > included in the htt

Re: freebsd-questions Digest, Vol 264, Issue 3

DA Forsyth wrote: On 22 Jun 2009 , freebsd-questions-requ...@freebsd.org entreated about "freebsd-questions Digest, Vol 264, Issue 3": I am trying to find out the temperature of my CPU. After a whole night from dusk till dawn of searching the Web like a furious spider, I got the following re

Re: Best practices for securing SSH server

2009/6/23 Wojciech Puchar : >> If for some reason you would prefer to use password authentication, I >> would recommend that you look into automatic brute force detection. >> There are a number of utilities in ports available for this purpose, >> including security/sshguard and security/denyhosts.

Re: Best practices for securing SSH server

You can't do more than maybe 10 attempts/second this way, while cracking 10 character password consisting of just small letters and digits needs 10 characters is a longer than usual password. Most people have been conditioned into using a 7 or 8 character password, which is at least a so that

Re: Best practices for securing SSH server

Wojciech Puchar wrote: >> If for some reason you would prefer to use password authentication, I >> would recommend that you look into automatic brute force detection. >> There are a number of utilities in ports available for this purpose, >> including security/sshguard and security/denyhosts. > >

Re: you're not going to believe this.

you guys aren't going to believe what i just found on the web for the ASUS Eee-901 [or is it the "900"]. it was for the 9- and 10-inch screens. i was using konq which just segv'd so i am taking a break and thought i'd share this. last night, i could bar

The worldwide search for CircusPrincess 2009 is on!

The worldwide search for CircusPrincess 2009 is on! The CircusPrincess, a fairytale come true, is no ordinary circus. It's the ultimate celebration of female grace, beauty and talent. And now, for the first time in history, we're inviting the global Internet audience to join us in the nominati