Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Erich]

Hi,

On 06 June 2012 23:27:39 Chad Perrin wrote:
> On Wed, Jun 06, 2012 at 03:05:00PM -0400, Jerry wrote:
> > 
> > I don't know of any user personally who purchased a new PC and then
> > threw FreeBSD on it. Most users that I have come into contact with use
> > 2+ year old units that have been replaced by shiny new Windows units. I
> > don't see that changing anytime soon.
> 
I believe that real life is a bit different.

> I have immediately installed FreeBSD on the last four or five laptops I

I do this since 5.2 is out with all my purchases. I did the same thing with 
other machines in my environment.

But I have to admit, that I have had to install twice Fedora because the 
notebook hardware was not supported at that moment of time.

The second Fedora installation will go as soon as get finished my travelling or 
I get me hands on a new hard disk.

Yes, I am in a location where you can enjoy life without any IT shop nearby 
which could even try to pull the money out of my pockets.

What also has to be mentioned is the fact that people have to be more careful 
when shopping for new hardware with FreeBSD in mind. AMD based hardware is here 
of advantage at the moment. But it has other disadvantages.

> purchased, and I get most of my laptops direct from Lenovo.  While my

The machine on which I installed Fedora is also from Lenovo. It would have 
needed a bit of more time to get X running on it. When I ran out of time, I 
installed Fedora which ran out of the box.

Ubuntu did not work out of the box despite being certified.

In this aspect, the full integration of Intel's graphic solution into FreeBSD 
will help acceptance here.

> Significant Other has been installing Debian on her laptops, also

Ah, learning English with FreeBSD. I did not knew of this phrase before.

> acquired from Lenovo, she is probably going to start using FreeBSD
> instead next time.  I know several other people who install FreeBSD on

My 'Significant Other' - you see, I am a fast learner - knows only FreeBSD.

You should see her getting emotional when she has to work with Windows and 
things break in front of her eyes.

She is no IT person at all and wants to use a computer with the ease of using a 
hammer.

Of course, she never faces the problems maintaining a system. All she knows is 
that the machine is starting every time she needs it and continues to work 
until she switches it of.

> Yes, my evidence is anecdotal, but I think your notions of the frequency
> of FreeBSD use other than in a corporate setting are also based on
> anecdotal observations, so we're even.

I can tell you another real ironic story out of the cooperate world. A client 
needed a firewall. He did not believe that we could do it for him using FreeBSD 
and PC hardware. He bought then a 'real' firewall.

You know what OS was running on this hardware?

There was a nice price tag on this hardware too.

Erich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

mount failure

[Gary Aitken]

Running under X with xfce, just did this:

  gpart show -l da0
  gpart delete -i 1 da0
  gpart destroy da0
  
  gpart create -s GPT da0
  gpart bootcode -b /boot/pmbr da0
  
  gpart add -t freebsd-boot -i 1 -s 512K -l gptboot da0
  gpart bootcode -b /boot/gptboot -i 1 da0
  
  gpart add -t freebsd-ufs -a 4K -s 35G -i 2 -l fbsdroot da0
  gpart add -t freebsd-swap -a 4K -s 512M -i 3 -l fbsdswap da0
  gpart add -t freebsd-ufs -a 4K -s 1G -i 4 -l fbsdvar da0
  gpart add -t freebsd-ufs -a 4K -s 512M -i 5 -l fbsdtmp da0
  gpart add -t freebsd-ufs -a 4K -s 893G -i 6 -l fbsdusr da0
  
  newfs /dev/gpt/fbsdroot
  newfs -U /dev/gpt/fbsdvar
  newfs -U /dev/gpt/fbsdtmp
  newfs -U /dev/gpt/fbsdusr
  
  mount /dev/gpt/fbsdroot /mnt/goflex

I then tried to create a snapshot of /
X immediately slowed to less than a crawl, and I couldn't do anything.
At first I could move the pointer a little, but then I lost it.
After a half hour or so, I power-cycled and rebooted.

When I tried to mount the usb drive, I (not surprisingly) got this:

  #mount /dev/gpt/fbsdroot /mnt/goflex/root
  mount: /dev/gpt/fbsdroot : operation not permitted
  WARNING: RW mount of /mnt/goflex denied.  File system is not clean - run fsck.

But when I try to do an fsck, I can't:
  #fsck /dev/gpt/fbsdroot
  fsdk: could not determine filesystem type
(same msg for /dev/gpt and /dev/da0p2)

hints?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Chad Perrin]

On Wed, Jun 06, 2012 at 03:05:00PM -0400, Jerry wrote:
> 
> I don't know of any user personally who purchased a new PC and then
> threw FreeBSD on it. Most users that I have come into contact with use
> 2+ year old units that have been replaced by shiny new Windows units. I
> don't see that changing anytime soon.

I have immediately installed FreeBSD on the last four or five laptops I
purchased, and I get most of my laptops direct from Lenovo.  While my
Significant Other has been installing Debian on her laptops, also
acquired from Lenovo, she is probably going to start using FreeBSD
instead next time.  I know several other people who install FreeBSD on
their new primary-use systems when they get them, including a couple of
developers who do MS Windows development (among other things).  This
doesn't even take into account the servers many of us use, which are even
more likely to get FreeBSD installed, and none of this has anything to do
with corporate accounts or bulk purchases.

Yes, my evidence is anecdotal, but I think your notions of the frequency
of FreeBSD use other than in a corporate setting are also based on
anecdotal observations, so we're even.

-- 
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Somewhat OT - A Makefile Question

[Parv]

in message <4fcf48af@tundraware.com>,
wrote Tim Daneliuk thusly...
>
...
> Within a makefile, I need to assign the name of a program as in:
>
> FOO = "bar".
>
> The problem is that 'bar' may also be know as, say, "bar.sh".
...
> Is there a simple way to determine which form "bar" or "bar.sh" on
> on a given system *at the time the make is run*?  If both exist, I
> will pick one arbitrarily,
...
>  For example I don't think this works when both are there:
>
> FOO = $(shell `which bar bar.sh)

Modify the subshell command to ...

  which bar bar.sh | head -n 1


... as in (for FreeBSD make) ...

  shell=`which zsh sh tcsh csh 2>/dev/null | fgrep -v 'not found' | head -n 3`

  all:
@printf "%s\n" ${shell}



  - parv

-- 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Which FreeBSD for Intel i7-2600S and DQ67SWB3?

[Thomas Mueller]

- Original Message -
From: David Christensen 

I have a new computer with an Intel i7-2600S processor and DQ67SWB3 
motherboard that I'd like to run with ZFS, virtual machine host, 
desktop, Samba, and terminal server (on second NIC).

Can this be done with FreeBSD; if so, which distribution and 
ports/packages do I need?
-

My response, from awkward Insight webmail interface:

This looks like the processor I have, I think you would use amd64.  Almost 
certainly your system is 64-bit as opposed to 32-bit. 

For a new computer, I wouldn't go with anything earlier than FreeBSD 9.0, and 
in my case, upgrading to 9.0-STABLE proved stabler than the 9.0 release.

Base system includes ZFS.  I've never used virtual machines, but VirtualBox is 
popular for this purpose.  Samba is in ports.

I don't recognize or don't remember DQ67SWB3 motherboard model, is it from MSI?

Tom
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Nomen Nescio]

Alejandro Imass  wrote:

> On Wed, Jun 6, 2012 at 3:52 PM, Dave U. Random
>  wrote:
> > Polytropon  wrote:
> >
> >> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
> >> > Having to pay Verisign instead of Microsoft makes no difference: the
> >> > point is why should I have to pay anything to a third party in order to
> >> > run whatever OS I want on a piece of hardware I own?
> >
> > It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD,
> > NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's
> > an overgrown ugly mess.
> >
> > We need to stop buying Intel mafiaware with preinstalled Microshaft 
> > mafiaware
> > and run a free (or in the case of Linux "apparently free") OS on free
> > hardware.
> >
> 
> But this is more to do with the BIOS than with Intel as such.

Intel and Microshaft conspired together and now they get to decide what BIOS
they sell you. They figured out a way to make it harder for non-Winblows OS
to be installed on most commodity shitboxes made after this goes into effect. 

> Wasn't there a FreeBIOS, later LinuxBIOS, now coreboot I believe..? 

I can tell from your question it was a smashing success. Everybody uses
it. Somebody's heard of it?

> So replacing the BIOS entirely wouldn't suffice to override all this
> nonsense?

Probably but very few people can flash their own BIOS. Hell, they can't even
install a copy of Windows bought off the shelf...What if the BIOS has
protection against reflashing? Otherwise it won't be secure...

Just because smart people can work around something doesn't make it right.

Say "NO" to the Intel and Microshaft mafia, say "NO" to "secure boot" that
isn't.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Anonymous Remailer (austria)]

Damien Fleuriot  wrote:

> 
> On 6 Jun 2012, at 21:52, Dave U. Random  
> wrote:
> 
> > Polytropon  wrote:
> > 
> >> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
> >>> Having to pay Verisign instead of Microsoft makes no difference: the
> >>> point is why should I have to pay anything to a third party in order to
> >>> run whatever OS I want on a piece of hardware I own?
> > 
> > It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD,
> > NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's
> > an overgrown ugly mess.
> > 
> > We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware
> > and run a free (or in the case of Linux "apparently free") OS on free
> > hardware.
> > 
> > There are increasing numbers of SBCs and plenty of used servers on
> > Ebay. They're all built better than commodity Intel mafiaware. Good
> > riddance!
> > 
> 
> You have no idea what you're talking about.

I have no idea what you're talking about. Does that count?

> This kind of religious propaganda post is neither constructive nor
> helpful.

But your expansive and well-reasoned "rebuttal" is? Is mafiaware a religious
issue? I thought it was common sense. Thanks for your half-assed attempt to
marginalize it. I don't think you were successful. If at first...

> I don't trust AMD with my servers' CPUs, not since many years ago when
> they had all these overheating problems.

I don't really care about that. But I'm sure you feel better after getting
it off your chest. Still, that doesn't have to do with two major
corporations conspiring to butt-fuck the consumer. At most it involved one
company. So, for now, this is more important than what you wanted to talk
about.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Please help me diagnose this crazy VMWare/FreeBSD 8.x crash

[Mark Felder]

Hi guys I'm excitedly posting this from my phone. Good news for you guys, bad 
news for us -- we were building HA storage on vmware for a client and can now 
replicate the crash on demand. I'll be posting details when I get home to my PC 
tonight, but this hopefully is enough to replicate the crash for any curious 
followers:

ESXi 5
9 or 9-STABLE
HAST 
1 cpu is fine
1GB of ram
UFS SUJ on HAST device
No special loader.conf, sysctl, etc
No need for VMWare tools
Run Bonnie++ on the HAST device

We can get the crash to happen on the first run of bonnie++ right now. I'll 
post the exact specs and precise command run in the PR. We found an old post 
from 2004 when we looked up the process state obtained from CTRL+T -- flswai -- 
which describes the symptoms nearly perfectly.

 http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2004-02/0250.html 

Hopefully this gets us closer to a fix...


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Dave U . Random]

Mark Felder  wrote:

> Yes, let's all run ALPHA and MIPS hardware. I'll just jam my Nvidia card  
> into one of the available slots and everything should work OK, right?

Dear Numbskull,

It's co-dependent hostages like you who enable Intel Mafiaware. According to
your logic we should all be using Windows since everything just works,
right?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: bug in /usr/bin/calendar: "Thu+1" doesn't match on 7th or December

[Julian H. Stacey]

Hi,
Please report bugs with send-pr
(cos bug reports to mail list get lost)
See 
man send-pr
If you can attach a patch to fix it, so much the better

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Reply below not above, cumulative like a play script, & indent with "> ".
 Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix.  http://berklix.org/yahoo/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Julian H. Stacey]

> > (cf. EULA) that you accept those "licensing of hardware".

> Also, I think you'll find that such actions are already illegal
> certainly in the UK, and I believe EU wide.

Yes illegal for English law (England & Scotland have different
contract laws).  Contract terms given after money changes
hands are Not part of contract.  (Reasonable Eh ?)
Case law since in UK, NCP National Car Park lost an appeals court decision
on their nasty disclaimers visible only after you'd paid to enter car park.

(PS Matthew, I noticed in Canterbury NCP built an escape
lane in their car park after.  So one could then queue
up to park, theoreticaly block the lane, & read super fast
all the disclaimers, before deciding to either pay & enter
or take the sharp curve out.

I've always hoped all the (usually American) legal rubbish in the
sealed packages I bought in Germany were on same principle irrelevant,
(but no idea).  USA companies later learnt to ship with front page
in transparent bags, but still not usualy readable till after
purchase.

Maybe USA "restraint of trade" laws could penalise a monopolist
working to convert a market to sell computers that (if amd64) have
been been crippled to only work with associate bsuiness partners ?

Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Reply below not above, cumulative like a play script, & indent with "> ".
 Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix.  http://berklix.org/yahoo/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

bug in /usr/bin/calendar: "Thu+1" doesn't match on 7th or December

[Winston]

Bug report for /usr/bin/calendar

SUMMARY:  calendar does not match "Thu+1" or "Mon+1" in some months.

With one exception, it looks like calendar file dates such as "Thu+1"
and "Mon+1" are failing to match in two cases: (1) the 7th of Jan-Nov,
and (2) December.


DETAILS/EXAMPLES:

FreeBSD crystal 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30 UTC 
2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

The bug occurs whether or not the command line options below are used.
I first noticed it today (a Wednesday) because a Thu+1 event tomorrow was
not in calendar's output.

Example 1: Thu+1

~/.calendar/calendar: 
Thu+1   foo (that's "Thu+1\tfoo\n" in C)

foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 )
&calendar -t 1.$i.2011 -W 9
&end
Jan  6* foo
Feb  3* foo
Mar  3* foo
<- Apr 7 absent
May  5* foo
Jun  2* foo
<- Jul 7 absent
Aug  4* foo
Sep  1* foo
Oct  6* foo
Nov  3* foo
<- Dec 1 absent

foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 )
&calendar -t 1.$i.2012 -W 9
&end
Jan  5* foo
Feb  2* foo
Mar  1* foo
Apr  5* foo
May  3* foo
<- Jun 7 absent
Jul  5* foo
Aug  2* foo
Sep  6* foo
Oct  4* foo
Nov  1* foo
<- Dec 6 absent

foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 )
&calendar -t 1.$i.2013 -W 9
&end
Jan  3* foo
<- Feb 7 absent
<- Mar 7 absent
Apr  4* foo
May  2* foo
Jun  6* foo
Jul  4* foo
Aug  1* foo
Sep  5* foo
Oct  3* foo
<- Nov 7 absent
<- Dec 5 absent

Example 2: Mon+1

foo:
Mon+1   foo ("Mon+1\tfoo\n")

foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 )
&calendar -t 1.$i.2011 -W 9 -f foo
&end
Jan  3* foo
<- Feb 7 absent
<- Mar 7 absent
Apr  4* foo
May  2* foo
Jun  6* foo
Jul  4* foo
Aug  1* foo
Sep  5* foo
Oct  3* foo
<- Nov 7 absent
<- Dec 5 absent

foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 )
&calendar -t 1.$i.2012 -W 9 -f foo
&end
Jan  2* foo
Feb  6* foo
Mar  5* foo
Apr  2* foo
<- May 3 absent <--- EXCEPTION!
Jun  4* foo
Jul  2* foo
Aug  6* foo
Sep  3* foo
Oct  1* foo
Nov  5* foo
<- Dec 3 absent

foreach i ( 1 2 3 4 5 6 7 8 9 10 11 12 )
&calendar -t 1.$i.2013 -W 9 -f foo
&end
<- Jan 7 absent
Feb  4* foo
Mar  4* foo
Apr  1* foo
May  6* foo
Jun  3* foo
Jul  1* foo
Aug  5* foo
Sep  2* foo
<- Oct 7 absent
Nov  4* foo
<- Dec 2 absent

HTH,
 -WBE
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Robert Bonomi]

> From owner-freebsd-questi...@freebsd.org  Wed Jun  6 19:01:14 2012
> From: Chuck Swiger 
> Date: Wed, 06 Jun 2012 16:59:36 -0700
> To: Robert Bonomi 
> Cc: freebsd-questions@freebsd.org
> Subject: Re: Is this something we (as consumers of FreeBSD) need to be
> aware  of?
>
> On Jun 6, 2012, at 4:54 PM, Robert Bonomi wrote:
> [ ... ]
> > It may seem reasonable to you, but is there -legal- basis to do so? 
>
> Go ask your lawyer.  freebsd-questions isn't qualified to provide you with 
> legal advice.

Thank you for your opinion.  However, if you had bothered to read the thread
you woul understand that it was not a solicitation of legal advice.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Chuck Swiger]

On Jun 6, 2012, at 4:54 PM, Robert Bonomi wrote:
[ ... ]
> It may seem reasonable to you, but is there -legal- basis to do so? 

Go ask your lawyer.  freebsd-questions isn't qualified to provide you with 
legal advice.

Regards,
-- 
-Chuck

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Robert Bonomi]

> From owner-freebsd-questi...@freebsd.org  Wed Jun  6 18:13:09 2012
> Date: Thu, 07 Jun 2012 00:09:54 +0100
> From: Bruce Cran 
> To: Robert Bonomi 
> Cc: freebsd-questions@freebsd.org
> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware
>  of?
>
> On 06/06/2012 20:27, Robert Bonomi wrote:
> > Suppose I put up a web app that takes an executable as input, signs it 
> > with my key, and returns the signed filt to the submitter. I don't 
> > divulge the key to anyone, just use it on 'anything'. Anybody 
> > attempting to revoke on _that_ basis is asking for a lawsuit.
>
> To me it would be perfectly reasonable to revoke the key as soon as you 
> signed the first piece of malware.

It may seem reasonable to you, but is there -legal- basis to do so? 

'signing' only provides assurance of the identity of the signer. I did
sign it.  The key has not been compromised.  The software in question 
is tracable to the signer, but the signer never claimed it was 'error free',
what conract or statute did they breach by doing the signing?  


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: UEFI Secure Boot Specs - And some sanity

[Kurt Buff]

Thank you for this.

I didn't realize that a simple (somewhat technical) question asked in
all innocence would generate so much flammage.

Kurt

On Wed, Jun 6, 2012 at 1:13 PM, grarpamp  wrote:
> Isn't there a lot of needless handwaving going on when the spec is
> pretty clear that installing your own complete PKI tree will all
> boil down to what is effectively a jumper on the motherboard?
>
>
> First, some sanity...
>
> Users could fully utilize the UEFI Secure Boot hardware by say:
>
> - Using openssl to generate their keys
> - Jumper the board, burn it into the BIOS in UEFI SB SetupMode
> - Have all the MBR, slice, partition, installkernel, etc tools
> install and manage the signed disk/loader/kernel/module bits
> - Have the BIOS check sigs on whatever first comes off the media
>
> I don't see that the user will actually NOT be able to do this on
> anything but 'designed for windows only' ARM systems. Seeing how
> open Android/Linux is firmly in that space, this will just devalue
> the non open windows product.
>
> There have been 25 years of generic mass produced motherboards.
> And 25 years of open source OS commits to utilize them.
> That is not changing anytime soon. Non generic attempts fail.
>
> Even corporate kings Dell and HP know they would be foolish to sell
> motherboards that will not allow their buyers to swap out the PK
> keys... because they know their buyers run more than just windows
> and that they need various security models.
>
> And if they really were that dumb, there's Gigabyte, Asus, Msi,
> Supermicro, Biostar, etc who will not be so dumb and will soak up
> all the remaining sales gravy.
>
> The masses have seen and now want openness, open systems, sharing.
> The old models are but speed bumps on their own way out the door.
>
> Though it seems a non issue to me, if you want to protest, protest
> for 'Setup Mode'. And not here on this list, but to the hardware
> makers.
>
> We should want to use this PKI in our systems. Not disable it. Not
> pay $100 to terminate the PKI chain early. Not pay $100 to lock us
> into unmodifiable releases (aka: BSD corporate version).
>
> I look forward to seeing the UEFI SB PK SetupMode AMD and Intel
> generic motherboard list :)
>
>
> On to facts...
>
> http://www.uefi.org/
>  Spec Chapter 27 Secure Boot, SetupMode, PK, Shell, etc
>
> https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface
> https://en.wikipedia.org/wiki/Unified_EFI_Forum
> http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
> https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot
> http://mjg59.dreamwidth.org/12368.html
> http://mjg59.livejournal.com/
> https://www.tianocore.org/
> http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&p=962584
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Which FreeBSD for Intel i7-2600S and DQ67SWB3?

[David Christensen]

freebsd-questions:

I have a new computer with an Intel i7-2600S processor and DQ67SWB3 
motherboard that I'd like to run with ZFS, virtual machine host, 
desktop, Samba, and terminal server (on second NIC).


Can this be done with FreeBSD; if so, which distribution and 
ports/packages do I need?



TIA,

David
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Julian H. Stacey]

> > Contract penalty clause maybe ? Lawyers ?
> 
> A limited-liability company with no assets is judgement-proof.

There's set up & running costs (time & money), & other exposure
http://berklix.com/~jhs/mecc/ltd_gmbh.html
Easiest done by those who have done it before, One would
be careful, there's exposure to directors individual
liabilities eg fraud laws perhaps in some scenarios, & not
wanting to be struck off & listed as somone not allowed to
be a director of other companies.


> > Otherwise one of us would purchase a key for $99, & then publish
> > the key so we could all forever more compile & boot our own kernels.
> > But that would presumably break the trap Microsoft & Verisign seek
> > to impose.
> >
> 
> Could it really be that simple?

I doubt it.  Even if so, best avoid one individual in the firing line.

It's not nice being a small company director personaly
targeted by lawyers of a rich malicious company. Being in
another country gives little protection, remote lawyers hire
local lawyers to harass.  They don't even need a good
chance of winning, inventive threats, stress & costs unpleasant.

Best activate officials with big budgets & manpower to fight back.
We should unite with other Free Source groups & approach & inform eg
the Competition Commisioner of the European Union (which has already fined MS 
heavily before on anti monopoly issues)
 http://en.wikipedia.org/wiki/European_Union_Microsoft_competition_case
 
http://www.msnbc.msn.com/id/23366103/ns/business-world_business/t/eu-fines-microsoft-record-billion/

I recall George Bush junior quashed the last go at breaking up
Microsoft, but maybe the present USA govt. could be encouraged to
fine MS, even if they don't fancy breaking the monopoly aka
 http://en.wikipedia.org/wiki/Standard_Oil

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Reply below not above, cumulative like a play script, & indent with "> ".
 Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix.  http://berklix.org/yahoo/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Blank page after log in to phpmyadmin

[Greg Larkin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 6/6/12 7:16 PM, be...@norden1.com wrote:
> I have a blank white page after I log into phpmyadmin. I have
> upgraded to php 5.4.3 along with the extensions. Also upgraded to
> current phpmyadmin. Have checked the error logs and nothing is
> showing in the logs. Any idea what happended. phpmyadmin was
> working before upgrade.
> 
> 

Hi there,

This is typically caused by a PHP-related error of some sort.  Have
you enable the error_log directive in your php.ini file?  If not, do
that and restart your server.  After loading the page again, check the
file and you should have some indication of what's wrong.

Hope that helps,
Greg
- -- 
Greg Larkin

http://www.FreeBSD.org/   - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
http://twitter.com/cpucycle/  - Follow you, follow me


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/P6D8ACgkQ0sRouByUApClwwCfbKt4LmaJ+pKiIss/Av95CuTQ
8nUAnAzfNrx4fs78ej6UFuf0G5i5bpln
=XAa7
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Blank page after log in to phpmyadmin

[betts]

I have a blank white page after I log into phpmyadmin. I have upgraded to
php 5.4.3 along with the extensions. Also upgraded to current phpmyadmin.
Have checked the error logs and nothing is showing in the logs. Any idea
what happended. phpmyadmin was working before upgrade.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Bruce Cran]

On 06/06/2012 20:27, Robert Bonomi wrote:
Suppose I put up a web app that takes an executable as input, signs it 
with my key, and returns the signed filt to the submitter. I don't 
divulge the key to anyone, just use it on 'anything'. Anybody 
attempting to revoke on _that_ basis is asking for a lawsuit.


To me it would be perfectly reasonable to revoke the key as soon as you 
signed the first piece of malware. And then anyone who has used the 
service is left with broken binaries, so the model fails.


--
Bruce Cran
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Portmaster and update progress, suggestion.

[Doug Barton]

On 06/06/2012 15:06, Doug Barton wrote:
> On 06/06/2012 09:11, Leslie Jensen wrote:
>> My initial wish for some information about the build progress is still
>> very much on the table.
> 
> Try the attached patch. 

Actually try this one instead. :)


-- 

This .signature sanitized for your protection
Index: portmaster
===
--- portmaster  (revision 236697)
+++ portmaster  (working copy)
@@ -2208,6 +2208,8 @@
 }
 
 term_printf () {
+   case "$1" in *\>\>*) echo -e "\n\t${PM_PARENT_PORT}${1}" ;; esac
+
[ -n "$PM_NO_TERM_TITLE" ] && return
case "$TERM" in cons*) return ;; esac
 
@@ -2283,7 +2285,6 @@
deps=" (${dep_of_deps}/${num_of_deps})"
 
if [ -n "$PM_DEPTH" ]; then
-   echo "  ${PM_DEPTH}>> ${1#$pd/}"
term_printf " ${PM_DEPTH#* }>> ${1#$pd/}${deps}"
else
[ -n "$UPDATE_ALL" ] && term_printf " >> ${1#$pd/}${deps}"
@@ -2527,19 +2528,16 @@
safe_exit
elif [ -n "$PM_FIRST_PASS" -a -z "$PM_PACKAGES" ]; then
echo "===>>> Initial dependency check complete for $portdir"
-   case "$PM_DEPTH" in *\>\>*) echo "  $PM_DEPTH" ;; esac
else
echo "===>>> Dependency check complete for $portdir"
-   case "$PM_DEPTH" in
-   *\>\>*) echo "  $PM_DEPTH" ;;
-   *)  if [ "$PM_PARENT_PORT" = All ]; then
-   local deps
-   deps=" (${dep_of_deps}/${num_of_deps})"
-   term_printf " >> ${upg_port:-$portdir}${deps}"
-   else
-   term_printf
-   fi ;;
-   esac
+
+   if [ "$PM_PARENT_PORT" = All ]; then
+   local deps
+   deps=" (${dep_of_deps}/${num_of_deps})"
+   term_printf " >> ${upg_port:-$portdir}${deps}"
+   else
+   term_printf
+   fi
fi
 } # dependency_check()
 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Portmaster and update progress, suggestion.

[Doug Barton]

On 06/06/2012 09:11, Leslie Jensen wrote:
> My initial wish for some information about the build progress is still
> very much on the table.

Try the attached patch. It essentially adds the progress info that is
being put in the TERM title to the in-line printout of the dependency
trail that was already there.

Let me know what you think,

Doug

-- 

This .signature sanitized for your protection
Index: portmaster
===
--- portmaster  (revision 236697)
+++ portmaster  (working copy)
@@ -2208,6 +2208,8 @@
 }
 
 term_printf () {
+   echo -e "\n\t${PM_PARENT_PORT}${1}"
+
[ -n "$PM_NO_TERM_TITLE" ] && return
case "$TERM" in cons*) return ;; esac
 
@@ -2283,7 +2285,7 @@
deps=" (${dep_of_deps}/${num_of_deps})"
 
if [ -n "$PM_DEPTH" ]; then
-   echo "  ${PM_DEPTH}>> ${1#$pd/}"
+   #echo " ${PM_DEPTH}>> ${1#$pd/}"
term_printf " ${PM_DEPTH#* }>> ${1#$pd/}${deps}"
else
[ -n "$UPDATE_ALL" ] && term_printf " >> ${1#$pd/}${deps}"
@@ -2623,7 +2625,7 @@
[ -z "$dep_of_deps" ] && dep_of_deps=0
export PM_PARENT_PORT num_of_deps dep_of_deps
 
-   term_printf
+   #term_printf
 }
 
 if [ -n "$PM_URB" ]; then
@@ -2783,6 +2785,7 @@
 
numports=$(( $numports + 1 ))
init_term_printf "$port ${numports}/${numports}"
+   term_printf
($0 $ARGS $port) || update_failed=update_failed
. $IPC_SAVE
[ -n "$update_failed" ] && fail "Update for $port failed"
@@ -2825,6 +2828,7 @@
 
num=$(( $num + 1 ))
init_term_printf "$port ${num}/${numports}"
+   term_printf
($0 $ARGS $port) || update_failed=update_failed
. $IPC_SAVE
[ -n "$update_failed" ] && fail "Update for $port failed"
@@ -2978,6 +2982,7 @@
[ -n "$DI_FILES" ] && (read_distinfos)&
 
init_term_printf All
+   term_printf
 
ports_by_category
echo "===>>> Starting check of installed ports for available updates"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6 Jun 2012, at 21:52, Dave U. Random  
wrote:

> Polytropon  wrote:
> 
>> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
>>> Having to pay Verisign instead of Microsoft makes no difference: the
>>> point is why should I have to pay anything to a third party in order to
>>> run whatever OS I want on a piece of hardware I own?
> 
> It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD,
> NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's
> an overgrown ugly mess.
> 
> We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware
> and run a free (or in the case of Linux "apparently free") OS on free
> hardware.
> 
> There are increasing numbers of SBCs and plenty of used servers on
> Ebay. They're all built better than commodity Intel mafiaware. Good
> riddance!
> 

You have no idea what you're talking about.

This kind of religious propaganda post is neither constructive nor helpful.



I don't trust AMD with my servers' CPUs, not since many years ago when they had 
all these overheating problems.___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Dave U . Random]

Wojciech Puchar  wrote:

> anyway NOBODY are forced to buy micro-soft software.

That's almost correct but not quite. In 99% of the cases any Intel commodity
mafiaware comes with a preinstalled Winblows. You're paying for it whether
you want it or not. You can get a refund in many cases but it's more effort
than most peoples' time is worth.

> Nobody is forced to buy a PC.

True. I got rid of all my Intel mafiaware a few years ago and I don't miss
it. It's nice in the winter as well.

> Doing this with PC market will result in larger market share for 
> non-Wintel hardware.

I hope it does but sheeple are stupid and don't care.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

pulseaudio error message

[Carmel]

The message log on my machine is filling up with this error message:

Jun  6 11:36:55 raven pulseaudio[6440]: sink-input.c: Failed to create sink 
input: too many inputs per sink.
Jun  6 11:36:58 raven pulseaudio[6440]: sink-input.c: Failed to create sink 
input: too many inputs per sink.
Jun  6 11:59:54 raven pulseaudio[6440]: sink-input.c: Failed to create sink 
input: too many inputs per sink.
Jun  6 12:00:04 raven pulseaudio[6440]: sink-input.c: Failed to create sink 
input: too many inputs per sink.
Jun  6 12:00:04 raven pulseaudio[6440]: sink-input.c: Failed to create sink 
input: too many inputs per sink.

Sometimes only one or two lines are written and at others it is four or
five lines. Can anyone tell me exactly what is transpiring here?

-- 
Carmel ✌
carmel...@hotmail.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Chad Perrin]

On Wed, Jun 06, 2012 at 02:23:20PM +0200, Damien Fleuriot wrote:
> 
> I agree with the whole post except that last bit about ICANN Matthew.
> 
> The US already has enough dominance as is, without involving ICANN, a
> supposedly neutral body (yeah right...) any further.

Indeed.  The last thing we need is some self-appointed "authority"
purporting to have the last word on what qualifies as "secure".  There is
no need for a third-party certification of secure booting.  If there is
need for such a secure booting mechanism at all, it is a need for the
ability of end-of-chain device owners to be able to set their own keys,
without the involvement of any third parties, and an out-of-band key
verification mechanism.  Once again, I feel it incumbent upon me to point
to examples like OpenPGP's keyserver network as the counter-proposal to a
cetifying "authority" charging money to allow people to control their own
system security in what amounts to a vacant lot scam.

-- 
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Alejandro Imass]

On Wed, Jun 6, 2012 at 3:52 PM, Dave U. Random
 wrote:
> Polytropon  wrote:
>
>> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
>> > Having to pay Verisign instead of Microsoft makes no difference: the
>> > point is why should I have to pay anything to a third party in order to
>> > run whatever OS I want on a piece of hardware I own?
>
> It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD,
> NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's
> an overgrown ugly mess.
>
> We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware
> and run a free (or in the case of Linux "apparently free") OS on free
> hardware.
>

But this is more to do with the BIOS than with Intel as such. Wasn't
there a FreeBIOS, later LinuxBIOS, now coreboot I believe..?
So replacing the BIOS entirely wouldn't suffice to override all this nonsense?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Why Clang

[Robert Bonomi]

> From owner-freebsd-questi...@freebsd.org  Wed Jun  6 12:33:25 2012
> Date: Wed, 06 Jun 2012 10:28:19 -0700
> From: "Thomas D. Dean" 
> To: freebsd-questions@freebsd.org
> Subject: Why Clang
>
> Has the discussion on why change to clang been made available?
>
> I would like to know the reasoning.

There were several reasons;
  1) the proliferation of "non-standard" things that the GNU crowd calls
 'features' in newer versions of the compiler -- some of which actually
 break 'standards compliant' code.
  2) The proliferation of situations under which newer versions of the GCC
 compiler generate 'bad code' -- code that does *NOT* do what it is 
 supposed to do.
  3) The GPL, version *3* -- which applies to all newer versions of the
 GCC compiler -- is unacceptable to a large part of the FreeBSD community.

Items 1) and 2) were ongoing nuisances.  Item 3) all by itself, was the deal 
breaker.

clang was selected over alternatives -- including keeping the 'old' (GPL v2)
GCC, on the basis of:
  a) better standards compliance.
  b) *FAR* better error messages.
  c) guality of generated code.
  d) 'non-restrictive' licensing.


The GPL V3 has been responsible for a lot of people, besides FreeBSD, going
looking for alternatives to any GPL-licensed code. GNU is well on the way
to 'radicalizing' itself out of significance.They would rather be 
ideologically pure than 'widely accepted'.  It _is_ their right to do so,
but it makes life 'difficult' for those who have interests in building
profit-based products using their tools.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

UEFI Secure Boot Specs - And some sanity

[grarpamp]

Isn't there a lot of needless handwaving going on when the spec is
pretty clear that installing your own complete PKI tree will all
boil down to what is effectively a jumper on the motherboard?


First, some sanity...

Users could fully utilize the UEFI Secure Boot hardware by say:

- Using openssl to generate their keys
- Jumper the board, burn it into the BIOS in UEFI SB SetupMode
- Have all the MBR, slice, partition, installkernel, etc tools
install and manage the signed disk/loader/kernel/module bits
- Have the BIOS check sigs on whatever first comes off the media

I don't see that the user will actually NOT be able to do this on
anything but 'designed for windows only' ARM systems. Seeing how
open Android/Linux is firmly in that space, this will just devalue
the non open windows product.

There have been 25 years of generic mass produced motherboards.
And 25 years of open source OS commits to utilize them.
That is not changing anytime soon. Non generic attempts fail.

Even corporate kings Dell and HP know they would be foolish to sell
motherboards that will not allow their buyers to swap out the PK
keys... because they know their buyers run more than just windows
and that they need various security models.

And if they really were that dumb, there's Gigabyte, Asus, Msi,
Supermicro, Biostar, etc who will not be so dumb and will soak up
all the remaining sales gravy.

The masses have seen and now want openness, open systems, sharing.
The old models are but speed bumps on their own way out the door.

Though it seems a non issue to me, if you want to protest, protest
for 'Setup Mode'. And not here on this list, but to the hardware
makers.

We should want to use this PKI in our systems. Not disable it. Not
pay $100 to terminate the PKI chain early. Not pay $100 to lock us
into unmodifiable releases (aka: BSD corporate version).

I look forward to seeing the UEFI SB PK SetupMode AMD and Intel
generic motherboard list :)


On to facts...

http://www.uefi.org/
 Spec Chapter 27 Secure Boot, SetupMode, PK, Shell, etc

https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface
https://en.wikipedia.org/wiki/Unified_EFI_Forum
http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot
http://mjg59.dreamwidth.org/12368.html
http://mjg59.livejournal.com/
https://www.tianocore.org/
http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&p=962584
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Daniel Staal]

On 2012-06-06 15:05, Jerry wrote:

On Wed, 06 Jun 2012 12:49:53 -0400
Daniel Staal articulated:


I don't believe at this point FreeBSD has any intent one way or
another, really.  It's not an immediate problem for any platform
supported by the FreeBSD project, at least for a technically-inclined
user who's willing to check out their BIOS.  (Even if they are using
the latest hardware, the x86-derived platforms aren't going to 
require

this code signing yet.)  So it'll probably be a 'wait and see if it's
something the FreeBSD community needs a solution for' at this point.
But this is just my impression.


I totally agree with you. Unfortunately that speaks to the sad state 
of
affairs that FreeBSD appears to be in. When it comes to supporting 
the

latest technologies, it tends to be behind the curve when compared to
other operating systems. Wireless networking and USB support are only 
a

few examples.


That was not my intended message with the above.  :)  FreeBSD supports 
several server-class hardware platforms.  ARM is not currently a 
server-class hardware platform.  (It's a very interesting platform for 
mobile and small devices, but it has not seen any significant use that I 
am aware of in the market that FreeBSD is primarily aimed at.)  Secure 
Boot - if even a part of the platform - can easily be disabled on those 
platforms.  So it is not a current problem, and there is a fair amount 
of bad feeling about the technology, so it may not ever be a problem.


RedHat is facing severe backlash from the community because it 
supported this technology.  A 'wait and see' approach to whether it 
needs to be supported at all - especially as it doesn't appear to need 
support at present - is a reasonable course.



I don't know of any user personally who purchased a new PC and then
threw FreeBSD on it. Most users that I have come into contact with 
use
2+ year old units that have been replaced by shiny new Windows units. 
I

don't see that changing anytime soon.


*Raises hand*.  I did this with two boxes within the past year.  One 
turned out to be to new for FreeBSD - but Linux didn't have support for 
it yet at that point either.  Now either does.



In slight defense of RedHat: They do a lot of worrying about
enterprise and government customers, many of whom don't really care
what platform they are running on - as long as they can get 'support'
and it passes their security/operational tests.  In that environment,
I can easily see some middle-manager decreeing that disabling the
signed-boot process is verboten, without any understanding of the
meaning or the consequences, and enforcing it on the whole
company/division, to the point where any non-signed OS would be 
thrown

out the door.  FreeBSD has probably already been thrown out the door
at those types of locations, as there is no 'official' support
channel.  (Yes, for my sins, I work at one of these...)


What sin? You use a product and want it properly supported. You have 
an

absolute right to that. Posting a message on a forum and hoping that
someone can answer it is not the type of support a business would 
want.


I'm not sure what sin I committed to be consigned to this place, but it 
must have been heinous.


(And in many cases 'official support' appears to be 'post a message 
about it on our forum, so we can ignore you more efficiently'.)


Daniel T. Staal

---
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Jerry]

On Wed, 6 Jun 2012 15:55:16 -0400
Robert Simmons articulated:

>On Wed, Jun 6, 2012 at 3:05 PM, Jerry  wrote:
>> On Wed, 06 Jun 2012 12:49:53 -0400
>> Daniel Staal articulated:
>>
>>>On 2012-06-05 17:20, Jerry wrote:
>>>
 The question that I have not seen answered in this thread is what
 FreeBSD intents to do. From what I have seen, most FreeBSD users do
 not
 use the latest versions of most hardware, so it may be a while
 before its user base is even effected.
>>>
>>>I don't believe at this point FreeBSD has any intent one way or
>>>another, really.  It's not an immediate problem for any platform
>>>supported by the FreeBSD project, at least for a technically-inclined
>>>user who's willing to check out their BIOS.  (Even if they are using
>>>the latest hardware, the x86-derived platforms aren't going to
>>>require this code signing yet.)  So it'll probably be a 'wait and
>>>see if it's something the FreeBSD community needs a solution for' at
>>>this point. But this is just my impression.
>>
>> I totally agree with you. Unfortunately that speaks to the sad state
>> of affairs that FreeBSD appears to be in. When it comes to
>> supporting the latest technologies, it tends to be behind the curve
>> when compared to other operating systems. Wireless networking and
>> USB support are only a few examples.
>>
>> I don't know of any user personally who purchased a new PC and then
>> threw FreeBSD on it. Most users that I have come into contact with
>> use 2+ year old units that have been replaced by shiny new Windows
>> units. I don't see that changing anytime soon.
>
>I would have to disagree with you there.  I know of quite a few users
>who happen to run one of the world's largest content distribution
>networks (accounting for about one third of the internet's traffic; up
>there with pornography).  They purchased more than just a handful of
>new computers and threw FreeBSD on them:
>
>http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html

It is late and I am tired; however, unless I am misreading this, this
is not dealing with a typical home use but a corporate entity. You
omitted my last paragraph in my reply that clearly dealing with
corporations.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Mark Felder]

Yes, let's all run ALPHA and MIPS hardware. I'll just jam my Nvidia card  
into one of the available slots and everything should work OK, right?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Dave U . Random]

Polytropon  wrote:

> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
> > Having to pay Verisign instead of Microsoft makes no difference: the
> > point is why should I have to pay anything to a third party in order to
> > run whatever OS I want on a piece of hardware I own?

It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD,
NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's
an overgrown ugly mess.

We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware
and run a free (or in the case of Linux "apparently free") OS on free
hardware.

There are increasing numbers of SBCs and plenty of used servers on
Ebay. They're all built better than commodity Intel mafiaware. Good
riddance!

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Robert Simmons]

On Wed, Jun 6, 2012 at 3:05 PM, Jerry  wrote:
> On Wed, 06 Jun 2012 12:49:53 -0400
> Daniel Staal articulated:
>
>>On 2012-06-05 17:20, Jerry wrote:
>>
>>> The question that I have not seen answered in this thread is what
>>> FreeBSD intents to do. From what I have seen, most FreeBSD users do
>>> not
>>> use the latest versions of most hardware, so it may be a while before
>>> its user base is even effected.
>>
>>I don't believe at this point FreeBSD has any intent one way or
>>another, really.  It's not an immediate problem for any platform
>>supported by the FreeBSD project, at least for a technically-inclined
>>user who's willing to check out their BIOS.  (Even if they are using
>>the latest hardware, the x86-derived platforms aren't going to require
>>this code signing yet.)  So it'll probably be a 'wait and see if it's
>>something the FreeBSD community needs a solution for' at this point.
>>But this is just my impression.
>
> I totally agree with you. Unfortunately that speaks to the sad state of
> affairs that FreeBSD appears to be in. When it comes to supporting the
> latest technologies, it tends to be behind the curve when compared to
> other operating systems. Wireless networking and USB support are only a
> few examples.
>
> I don't know of any user personally who purchased a new PC and then
> threw FreeBSD on it. Most users that I have come into contact with use
> 2+ year old units that have been replaced by shiny new Windows units. I
> don't see that changing anytime soon.

I would have to disagree with you there.  I know of quite a few users
who happen to run one of the world's largest content distribution
networks (accounting for about one third of the internet's traffic; up
there with pornography).  They purchased more than just a handful of
new computers and threw FreeBSD on them:

http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Mark Felder]

On Wed, 06 Jun 2012 13:44:57 -0500, Damien Fleuriot  wrote:


If the key should be divulged, then the key may be revoked by the issuer.


Revoked how? Wouldn't they have to issue a firmware update to actually  
revoke it? The UEFI firmware doesn't have network access

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Daniel Feenberg]

On Wed, 6 Jun 2012, Damien Fleuriot wrote:




On 6/6/12 6:45 PM, Daniel Feenberg wrote:



On Wed, 6 Jun 2012, Julian H. Stacey wrote:


I do wonder about that. What incentive does the possesor of a signing
key
have to keep it secret?


Contract penalty clause maybe ? Lawyers ?


A limited-liability company with no assets is judgement-proof.



Otherwise one of us would purchase a key for $99, & then publish
the key so we could all forever more compile & boot our own kernels.
But that would presumably break the trap Microsoft & Verisign seek
to impose.



Could it really be that simple? As for hardware vendors putting revoked
keys in the ROM - are they really THAT cooperative? Seems like they
would drag their feet on ROM updates if they had to add a lot of stuff
that won't help them, so that doesn't seem like a great enforcement tool.

dan feenberg



Oh god...

Please realize that once the key is divulged, it gets revoked at the
BIOS' next update.


But my point is that MS doesn't issue the updates, they have to ask the 
BIOS vendors to do so, and then the MB vendors have to take the update, 
and then the users have to install the update. The incentive at each level 
is generally very small. It does create some confusion, but is hardly an 
enforcement mechanism. It would disable older versions of FreeBSD on newer 
hardware, but not much else.


A previous poster has pointed out that MS can't revoke a certificate 
belonging to RH, but I suppose the could ask the BIOS vendors to treat it 
as revoked. I don't know what the response would be.


Daniel Feenberg




Otherwise the key's purpose is rendered moot.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: how do I fix this?

[Roland Smith]

On Tue, Jun 05, 2012 at 03:34:27PM -0700, Gary Kline wrote:
> On Tue, Jun 05, 2012 at 08:04:35AM +0200, Roland Smith wrote:
> > >   what I  want to do is get as current as possible and then 
> > >   install 7.5.  and stay there.
> > 
> > 7.5 what? Do you mean Xorg? Please try and be specific.
> 
>   FreeBSD-7.5.  pretty sure I saw something about 7.4 being
>   upgraded to 7.5.

It doesn't look like it. From
http://www.nl.freebsd.org/releases/7.4R/announce.html: 
"This will be the last release from the 7-STABLE branch."

7.4 is listed as a "legacy" release of the FreeBSD homepage. The only upcoming
release listed is 9.1 somewhere this year.

> > Portmaster will first recurse through the port and all of its dependencies
> > (if any) to handle any port OPTIONS via the 'make config' interface,
> > before going off on the big build.
> 
> 
>   one thing ive been doing is de-selection most  of the
>   options..  the box is my server. we [freebsders] have lost
>   the desktop 'market'   

My desktop and laptop beg to differ. :-) 

UNIX is a toolbox, not an appliance. So it was never meant for the "desktop
market". But that doesn't mean it cannot be used as such.
 
Roland
-- 
R.F.Smith   http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)


pgpJS1MdnhfDM.pgp
Description: PGP signature

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Robert Bonomi]

> From owner-freebsd-questi...@freebsd.org  Wed Jun  6 13:46:43 2012
> Date: Wed, 06 Jun 2012 20:44:57 +0200
> From: Damien Fleuriot 
> To: freebsd-questions@freebsd.org
> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware
>  of?
>
>
>
> On 6/6/12 7:23 PM, Robert Bonomi wrote:
> > "Julian H. Stacey"  wrote:
> >>
> >>> I do wonder about that. What incentive does the possesor of a signing key 
> >>> have to keep it secret? 
> >>
> >> Contract penalty clause maybe ? Lawyers ?
> > 
> > Contract with _whom_?  The party you pay money to -- Verisign -- simply
> > certifies that the party buying the certificate/signing-key  -is- who they 
> > claim to be.
> > 
> > It is *entirely* up to the owner of that certificate/signing-key -who- they
> > allow to use it.
> > 
> > If someone/anyone attempts to 'revoke' that certificate/key _other_ than
> > at the request of the owner of that certificate/key, *THAT* party is subject
> > to legal sanctions.  Among other things, 'false persona', 'tortuous inter-
> > ference in a business relationship', just to name a few.
> > 
> > There is, however, an 'interesting' legal question -- *if* a party were to
> > let 'anybody' use their certificate/key, what is the certificat/key owner's
> > legal liability if someone uses that key to sign malware?
>
> Standard contract writeup stipulates that only a limited set of
> 'authorized' company representatives be given access to the Signing Key.

Which simply begs the question. _who_ decides who is or is not an 'authorized'
representative?   Or how many such persons are allowed?

> If the key should be divulged, then the key may be revoked by the issuer.

Suppose I put up a web app that takes an executable as input, signs it with
my key, and returns the signed filt to the submitter.  I don't divulge the
key to anyone, just use it on 'anything'.  Anybody attempting to revoke on
_that_ basis is asking for a lawsuit.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Why Clang

[Joe Gain]

On Wed, Jun 6, 2012 at 9:11 PM, 文鳥  wrote:
> On Wed, 06 Jun 2012 19:05:59 +0100
> Matthew Seaman  wrote:
>
>> On 06/06/2012 18:28, Thomas D. Dean wrote:
>> > Has the discussion on why change to clang been made available?
>>

You might be interested in this video:
http://www.llvm.org/devmtg/2011-11/videos/Davis_LLVMinFreeBSD-mobile.mp4

>> Yes, endlessly.  Mostly on lists like freebsd-hackers@... and at
>> various conferences and developer summits.  Check the list archives.
>>
>> > I would like to know the reasoning.
>>
>> It's simple.  gcc-4.2, which is what the base system compiler is
>> derived from is:
>>
>> * fairly old
>>
>> * doesn't perform as well as more recent compilers
>>
>> * doesn't adhere to recently established standards
>
> There's another good reason for clang which nobody mentioned so far:
> clear diagnostics. If you ever had to wade through gcc's debug output
> and compare several thousand character long template instantiations,
> just to find where they differ and then see the clear problem
> descriptions that clang produces instead, you'll understand what I
> mean.
> And in combination with libc++, which just arrived on stable, I am
> finally able to use all the features of C++11 that I want. Try to use
> e.g. std::regex even on g++47, and just see what happens.
> Of course, getting rid of GPL is an added benefit ;)
> After reading all those complaints, I just had to respond and thank
> everyone involved very much for importing clang and libc++. Great job
> well done!
>
> Best regards,
>  文鳥
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"



-- 
joe gain

jacob-burckhardt-str. 16
78464 konstanz
germany

+49 (0)7531 60389

(...otherwise in ???)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Why Clang

[文鳥]

On Wed, 06 Jun 2012 19:05:59 +0100
Matthew Seaman  wrote:

> On 06/06/2012 18:28, Thomas D. Dean wrote:
> > Has the discussion on why change to clang been made available?
> 
> Yes, endlessly.  Mostly on lists like freebsd-hackers@... and at
> various conferences and developer summits.  Check the list archives.
> 
> > I would like to know the reasoning.
> 
> It's simple.  gcc-4.2, which is what the base system compiler is
> derived from is:
> 
> * fairly old
> 
> * doesn't perform as well as more recent compilers
> 
> * doesn't adhere to recently established standards

There's another good reason for clang which nobody mentioned so far:
clear diagnostics. If you ever had to wade through gcc's debug output
and compare several thousand character long template instantiations,
just to find where they differ and then see the clear problem
descriptions that clang produces instead, you'll understand what I
mean. 
And in combination with libc++, which just arrived on stable, I am
finally able to use all the features of C++11 that I want. Try to use
e.g. std::regex even on g++47, and just see what happens.
Of course, getting rid of GPL is an added benefit ;)
After reading all those complaints, I just had to respond and thank
everyone involved very much for importing clang and libc++. Great job
well done!

Best regards,
  文鳥
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Jerry]

On Wed, 06 Jun 2012 12:49:53 -0400
Daniel Staal articulated:

>On 2012-06-05 17:20, Jerry wrote:
>
>> The question that I have not seen answered in this thread is what
>> FreeBSD intents to do. From what I have seen, most FreeBSD users do 
>> not
>> use the latest versions of most hardware, so it may be a while before
>> its user base is even effected.
>
>I don't believe at this point FreeBSD has any intent one way or 
>another, really.  It's not an immediate problem for any platform 
>supported by the FreeBSD project, at least for a technically-inclined 
>user who's willing to check out their BIOS.  (Even if they are using
>the latest hardware, the x86-derived platforms aren't going to require
>this code signing yet.)  So it'll probably be a 'wait and see if it's 
>something the FreeBSD community needs a solution for' at this point.  
>But this is just my impression.

I totally agree with you. Unfortunately that speaks to the sad state of
affairs that FreeBSD appears to be in. When it comes to supporting the
latest technologies, it tends to be behind the curve when compared to
other operating systems. Wireless networking and USB support are only a
few examples.

I don't know of any user personally who purchased a new PC and then
threw FreeBSD on it. Most users that I have come into contact with use
2+ year old units that have been replaced by shiny new Windows units. I
don't see that changing anytime soon.

Large companies would all ready have the infrastructure in place to
handle this sort of problem and as you pointed out would be working
with a *nix vendor that could properly meet their needs. Said vendor
would have all ready taken care of the UEFI Secure Boot problem.

>In slight defense of RedHat: They do a lot of worrying about
>enterprise and government customers, many of whom don't really care
>what platform they are running on - as long as they can get 'support'
>and it passes their security/operational tests.  In that environment,
>I can easily see some middle-manager decreeing that disabling the
>signed-boot process is verboten, without any understanding of the
>meaning or the consequences, and enforcing it on the whole
>company/division, to the point where any non-signed OS would be thrown
>out the door.  FreeBSD has probably already been thrown out the door
>at those types of locations, as there is no 'official' support
>channel.  (Yes, for my sins, I work at one of these...)

What sin? You use a product and want it properly supported. You have an
absolute right to that. Posting a message on a forum and hoping that
someone can answer it is not the type of support a business would want.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Proper Port Forwarding

[Dan Nelson]

In the last episode (Jun 06), Michael Sierchio said:
> On Wed, Jun 6, 2012 at 11:31 AM, Simon  wrote:
> 
> > This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW
> > stops forwarding using the rule above because of "too many dynamic
> > rules"
> 
> Change the defaults for the fw.dyn sysctl MIB nodes
> 
> to something like
> 
> net.inet.ip.fw.dyn_short_lifetime=3
> net.inet.ip.fw.dyn_udp_lifetime=3
> net.inet.ip.fw.dyn_rst_lifetime=1
> net.inet.ip.fw.dyn_fin_lifetime=1
> net.inet.ip.fw.dyn_syn_lifetime=10

Or raise net.inet.ip.fw.dyn_max to a larger number.  The default 4096 may be
too small.

-- 
Dan Nelson
dnel...@allantgroup.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/6/12 7:23 PM, Robert Bonomi wrote:
> "Julian H. Stacey"  wrote:
>>
>>> I do wonder about that. What incentive does the possesor of a signing key 
>>> have to keep it secret? 
>>
>> Contract penalty clause maybe ? Lawyers ?
> 
> Contract with _whom_?  The party you pay money to -- Verisign -- simply
> certifies that the party buying the certificate/signing-key  -is- who they 
> claim to be.
> 
> It is *entirely* up to the owner of that certificate/signing-key -who- they
> allow to use it.
> 
> If someone/anyone attempts to 'revoke' that certificate/key _other_ than
> at the request of the owner of that certificate/key, *THAT* party is subject
> to legal sanctions.  Among other things, 'false persona', 'tortuous inter-
> ference in a business relationship', just to name a few.
> 
> There is, however, an 'interesting' legal question -- *if* a party were to
> let 'anybody' use their certificate/key, what is the certificat/key owner's
> legal liability if someone uses that key to sign malware?
> 
>


Standard contract writeup stipulates that only a limited set of
'authorized' company representatives be given access to the Signing Key.

If the key should be divulged, then the key may be revoked by the issuer.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Proper Port Forwarding

[Michael Sierchio]

On Wed, Jun 6, 2012 at 11:31 AM, Simon  wrote:

> This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW
> stops forwarding using the rule above because of "too many dynamic rules"

Change the defaults for the fw.dyn sysctl MIB nodes

to something like

net.inet.ip.fw.dyn_short_lifetime=3
net.inet.ip.fw.dyn_udp_lifetime=3
net.inet.ip.fw.dyn_rst_lifetime=1
net.inet.ip.fw.dyn_fin_lifetime=1
net.inet.ip.fw.dyn_syn_lifetime=10
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/6/12 6:45 PM, Daniel Feenberg wrote:
> 
> 
> On Wed, 6 Jun 2012, Julian H. Stacey wrote:
> 
>>> I do wonder about that. What incentive does the possesor of a signing
>>> key
>>> have to keep it secret?
>>
>> Contract penalty clause maybe ? Lawyers ?
> 
> A limited-liability company with no assets is judgement-proof.
> 
>>
>> Otherwise one of us would purchase a key for $99, & then publish
>> the key so we could all forever more compile & boot our own kernels.
>> But that would presumably break the trap Microsoft & Verisign seek
>> to impose.
>>
> 
> Could it really be that simple? As for hardware vendors putting revoked
> keys in the ROM - are they really THAT cooperative? Seems like they
> would drag their feet on ROM updates if they had to add a lot of stuff
> that won't help them, so that doesn't seem like a great enforcement tool.
> 
> dan feenberg


Oh god...

Please realize that once the key is divulged, it gets revoked at the
BIOS' next update.

Otherwise the key's purpose is rendered moot.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Proper Port Forwarding

[Simon]

Hi,

Can someone suggest an alternative/proper way to port forward using ipfw. Right
now I have the following and some bad clients cause too many FIN_WAIT_2 state

fwd IP,PORT2 tcp from any to me dst-port PORT1 keep-state

This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW
stops forwarding using the rule above because of "too many dynamic rules"

Thanks,
Simon


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Portmaster and update progress, suggestion.

[Warren Block]

On Wed, 6 Jun 2012, Leslie Jensen wrote:

Can the reason for me not getting the title to change be that I very often 
use screen when updating ports?


Sure, the escape codes are interpreted by screen, not Terminal.  There 
may be a way to pass them through.  tmux has some options for that, but 
I haven't really tried them and have not used screen.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Why Clang

[Mehmet Erol Sanliturk]

On Wed, Jun 6, 2012 at 10:39 AM, Waitman Gobble  wrote:

> On Jun 6, 2012 10:32 AM, "Thomas D. Dean"  wrote:
> >
> > Has the discussion on why change to clang been made available?
> >
> > I would like to know the reasoning.
> >
> > Or, is it simply a gratuitous  change?
> >
> > Tom Dean
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
> i believe it at least partially has to do with license. FreeBSD does not
> "ship" (maybe correct word?) with any GPLv3 licensed software.
>
> Waitman Gobble
> San Jose California USA
>


Because  commercial companies using FreeBSD in their proprietary products
are NOT willing to use
GPL v3 licensed software due to severe restrictions which commercial
companies can NOT fulfill in their proprietary products .

If FreeBSD uses GPL v3 software in its production , it will lost commercial
company  supporters and users base .

This my understanding from previously read messages .

Thank you very much .

Mehmet Erol Sanliturk
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Why Clang

[Matthew Seaman]

On 06/06/2012 18:28, Thomas D. Dean wrote:
> Has the discussion on why change to clang been made available?

Yes, endlessly.  Mostly on lists like freebsd-hackers@... and at various
conferences and developer summits.  Check the list archives.

> I would like to know the reasoning.

It's simple.  gcc-4.2, which is what the base system compiler is derived
from is:

* fairly old

* doesn't perform as well as more recent compilers

* doesn't adhere to recently established standards

Clearly an update was necessary.  Unfortunately, later versions of gcc
have switched to GPLv3, which is a viral license and unacceptable to the
FreeBSD project.

Therefore clang was chosen from amongst a number of alternatives as the
best replacement.  That makes it sound as if clang is a second class
option compared to recent gcc, but this is certainly not the case:
results from clang are comparable to the latest gcc versions and the
design of clang is such that further optimizations and improvements can
be readily incorporated.

> Or, is it simply a gratuitous  change?

I can assure you that the changes were not made specifically to annoy
you.  Of course there were very solid technical reasons behind what was
selected.

Cheers,

Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey





signature.asc
Description: OpenPGP digital signature

Re: Why Clang

[Brian W.]

On Wed, Jun 6, 2012 at 10:39 AM, Waitman Gobble  wrote:

> On Jun 6, 2012 10:32 AM, "Thomas D. Dean"  wrote:
> >
> > Has the discussion on why change to clang been made available?
> >
> > I would like to know the reasoning.
> >
> > Or, is it simply a gratuitous  change?
> >
> > Tom Dean
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
> i believe it at least partially has to do with license. FreeBSD does not
> "ship" (maybe correct word?) with any GPLv3 licensed software.
>
> Waitman Gobble
> San Jose California USA
> ___
>
> It seems that GPLv3 and the desire to make clang the default in FreeBSD 10
are 2 of the reasons.

Brian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Matthew Seaman]

On 06/06/2012 17:21, Polytropon wrote:
> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
>> Having to pay Verisign instead of Microsoft makes no difference: the
>> point is why should I have to pay anything to a third party in order to
>> run whatever OS I want on a piece of hardware I own?
> 
> Maybe a common marketing and sales model comes from software
> to hardware too: You don't actually own the hardware! When
> you give money to the manufacturer (maybe through vendors
> or retailers), you receive hardware _plus_ a limited set
> of rights which you may exercise on that hardware, maybe
> for a limited time. By purchasing the hardware that way,
> you may even have "implicitely signed" a kind of agreement
> (cf. EULA) that you accept those "licensing of hardware".
> You do _not_ own it in order to exercise your free will
> on it, like "I have the right to wipe 'Windows' and install
> something else", which might result in a loss of warranty.
> You may only run what the manufacturer allows you to run
> (by providing the proper boot mechanism for it that "just
> works"). If the manufacturer may decide that you shouldn't
> boot that system you bought anymore, he can retract the
> permissions and the device you paid money for will be
> rendered into a shiny brick.

Sure, manufacturers can propose that if they wish -- and I guess a lot
of mobile phone contracts are like that.

However, I'd never touch server hardware under those sort of terms.
Quite apart from such considerations as not letting disks that have held
confidential data out of my control unless they have been securely
destroyed -- would I be allowed to do that to a disk I didn't actually
own?  The idea that a third party could effectively hold a business to
ransom by withdrawing permission to choose what operating system is run
is completely unacceptable.  No sane business would accept that.

Also, I think you'll find that such actions are already illegal
certainly in the UK, and I believe EU wide.

> This _is_ possible, and as human nature teaches: Everything
> that is possible _will_ be done, no matter if we recognize
> it immediately or not. And the worst solution prevails, so
> whatever we may assume about the future, the future will be
> much worse. :-)

Umm... corporations will always try it on, and politicians will always
act in whatever way they think will work out best (and being on good
terms with an important corporation that can also happen to pay for an
overwhelmingly large lobbying effort does tend to make it seem like a
no-brainer to our elected representatives).

Corporations should be reminded that they are subject to exactly the
same laws as everybody else, regardless of their wealth.  Politicians
should be reminded that their best interest is precisely the best
interest of the people that vote them into office, and no one else.

Or in other words, the worst will only happen if we let it.

> Note that flats are a familiar example of this model.
> You may live in the flat, but by paying a rent you don't
> own it. What you may do is limited.

No idea what the law is in Germany, but in the UK this applies to any
property that you might buy of any type.  You don't get ownership
per-se, just various rights over the property, like residence and
access.  Should you find that your property contains, say, a large
natural gas source, you won't get any return from it, as mineral rights
are not part of the usual property deal.

I own my flat, and I do pay ground rent.  Officially one peppercorn per
year, but I've never seen anyone angrily shaking an empty pepper pot at
me in all the years I've been here.  I also pay a service charge for
maintaining the common areas, which could in theory get me evicted
should I fail to pay it for a sufficiently long time, and so could be
confused with rent -- but it really isn't.

> Another valid interpretation of this problem is of course
> "defective by design" and "planned obsolescense".

The big advantage of the rental model of acquiring shiny toys is that
once the shine has worn off, it's up to the leasing company to fulfil
all the weee regulations and dispose of the dead kit.  That's pretty
expensive otherwise.

Cheers,

Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk   Kent, CT11 9PW





signature.asc
Description: OpenPGP digital signature

Re: Why Clang

[Waitman Gobble]

On Jun 6, 2012 10:32 AM, "Thomas D. Dean"  wrote:
>
> Has the discussion on why change to clang been made available?
>
> I would like to know the reasoning.
>
> Or, is it simply a gratuitous  change?
>
> Tom Dean
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"

i believe it at least partially has to do with license. FreeBSD does not
"ship" (maybe correct word?) with any GPLv3 licensed software.

Waitman Gobble
San Jose California USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Why Clang

[Thomas D. Dean]

Has the discussion on why change to clang been made available?

I would like to know the reasoning.

Or, is it simply a gratuitous  change?

Tom Dean
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Robert Bonomi]

"Julian H. Stacey"  wrote:
>
> > I do wonder about that. What incentive does the possesor of a signing key 
> > have to keep it secret? 
>
> Contract penalty clause maybe ? Lawyers ?

Contract with _whom_?  The party you pay money to -- Verisign -- simply
certifies that the party buying the certificate/signing-key  -is- who they 
claim to be.

It is *entirely* up to the owner of that certificate/signing-key -who- they
allow to use it.

If someone/anyone attempts to 'revoke' that certificate/key _other_ than
at the request of the owner of that certificate/key, *THAT* party is subject
to legal sanctions.  Among other things, 'false persona', 'tortuous inter-
ference in a business relationship', just to name a few.

There is, however, an 'interesting' legal question -- *if* a party were to
let 'anybody' use their certificate/key, what is the certificat/key owner's
legal liability if someone uses that key to sign malware?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Wojciech Puchar]

Maybe a common marketing and sales model comes from software
to hardware too: You don't actually own the hardware! When
you give money to the manufacturer (maybe through vendors
or retailers), you receive hardware _plus_ a limited set
of rights which you may exercise on that hardware, maybe
for a limited time. By purchasing the hardware that way,
you may even have "implicitely signed" a kind of agreement



anyway NOBODY are forced to buy micro-soft software.
Nobody is forced to buy a PC.

Doing this with PC market will result in larger market share for 
non-Wintel hardware.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: upgrade from 7-stable to 8-stable

[Odhiambo Washington]

On Wed, Jun 6, 2012 at 7:39 PM, Brian W.  wrote:

> It is time to do the above for me. I have done several upgrades within the
> same major version but have not done a version hop yet. Aside from extra
> paranoia about backups and the need to rebuild all ports, are there other
> gotchas to watch out for? I am going to try it on a test VM system first.
>
> Brian
>
>
See here - http://people.freebsd.org/~rse/upgrade/

Tested/proven methods!

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Daniel Feenberg]

On Wed, 6 Jun 2012, Julian H. Stacey wrote:


I do wonder about that. What incentive does the possesor of a signing key
have to keep it secret?


Contract penalty clause maybe ? Lawyers ?


A limited-liability company with no assets is judgement-proof.



Otherwise one of us would purchase a key for $99, & then publish
the key so we could all forever more compile & boot our own kernels.
But that would presumably break the trap Microsoft & Verisign seek
to impose.



Could it really be that simple? As for hardware vendors putting revoked 
keys in the ROM - are they really THAT cooperative? Seems like they would 
drag their feet on ROM updates if they had to add a lot of stuff that 
won't help them, so that doesn't seem like a great enforcement tool.


dan feenberg
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?]

[Daniel Staal]

On 2012-06-05 17:20, Jerry wrote:


The question that I have not seen answered in this thread is what
FreeBSD intents to do. From what I have seen, most FreeBSD users do 
not

use the latest versions of most hardware, so it may be a while before
its user base is even effected.


I don't believe at this point FreeBSD has any intent one way or 
another, really.  It's not an immediate problem for any platform 
supported by the FreeBSD project, at least for a technically-inclined 
user who's willing to check out their BIOS.  (Even if they are using the 
latest hardware, the x86-derived platforms aren't going to require this 
code signing yet.)  So it'll probably be a 'wait and see if it's 
something the FreeBSD community needs a solution for' at this point.  
But this is just my impression.


In slight defense of RedHat: They do a lot of worrying about enterprise 
and government customers, many of whom don't really care what platform 
they are running on - as long as they can get 'support' and it passes 
their security/operational tests.  In that environment, I can easily see 
some middle-manager decreeing that disabling the signed-boot process is 
verboten, without any understanding of the meaning or the consequences, 
and enforcing it on the whole company/division, to the point where any 
non-signed OS would be thrown out the door.  FreeBSD has probably 
already been thrown out the door at those types of locations, as there 
is no 'official' support channel.  (Yes, for my sins, I work at one of 
these...)


Daniel T. Staal

---
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

upgrade from 7-stable to 8-stable

[Brian W.]

It is time to do the above for me. I have done several upgrades within the
same major version but have not done a version hop yet. Aside from extra
paranoia about backups and the need to rebuild all ports, are there other
gotchas to watch out for? I am going to try it on a test VM system first.

Brian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Julian H. Stacey]

> I do wonder about that. What incentive does the possesor of a signing key 
> have to keep it secret? 

Contract penalty clause maybe ? Lawyers ?

Otherwise one of us would purchase a key for $99, & then publish
the key so we could all forever more compile & boot our own kernels.
But that would presumably break the trap Microsoft & Verisign seek
to impose.

It seems dangerous.  I suspect we (the free source community) will need
to campaign, to engage for eg more EU fines against monoplists to force 
them to back off.

I say EU, 'cos they have done it before, so our best bet so far,
but it doesnt matter much which governments impose swingeing anti
monoploy fines, as long as enough do, to deter MS & verisign etc. 

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Reply below not above, cumulative like a play script, & indent with "> ".
 Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix.  http://berklix.org/yahoo/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Polytropon]

On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote:
> Having to pay Verisign instead of Microsoft makes no difference: the
> point is why should I have to pay anything to a third party in order to
> run whatever OS I want on a piece of hardware I own?

Maybe a common marketing and sales model comes from software
to hardware too: You don't actually own the hardware! When
you give money to the manufacturer (maybe through vendors
or retailers), you receive hardware _plus_ a limited set
of rights which you may exercise on that hardware, maybe
for a limited time. By purchasing the hardware that way,
you may even have "implicitely signed" a kind of agreement
(cf. EULA) that you accept those "licensing of hardware".
You do _not_ own it in order to exercise your free will
on it, like "I have the right to wipe 'Windows' and install
something else", which might result in a loss of warranty.
You may only run what the manufacturer allows you to run
(by providing the proper boot mechanism for it that "just
works"). If the manufacturer may decide that you shouldn't
boot that system you bought anymore, he can retract the
permissions and the device you paid money for will be
rendered into a shiny brick.

This _is_ possible, and as human nature teaches: Everything
that is possible _will_ be done, no matter if we recognize
it immediately or not. And the worst solution prevails, so
whatever we may assume about the future, the future will be
much worse. :-)

Note that flats are a familiar example of this model.
You may live in the flat, but by paying a rent you don't
own it. What you may do is limited.

Another valid interpretation of this problem is of course
"defective by design" and "planned obsolescense".


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Robert Bonomi]

RW  wrote:
> On Wed, 6 Jun 2012 07:36:24 -0400 > Jerry wrote:
>
>
> > In any event, it won't belong before some hacker comes up with a way
> > to circumvent the entire process anyway,
>
> It sounds like Fedora already have. They say that they are only going to
> sign a thin shim that loads grub.

"not exactly."  *GRIN*

Fedora'a 'thin shim' will be signed, to keep an (always-, or other) enabled
'secure BIOS' loader happy.

Fedora will provide an option -- which will remain 'user-settable' (regardless
of whether the 'secure BIOS' signature is mandatory -- to either ENFORCE or
IGNORE a requirement for valid 'signatures' on the subsequently loaded pieces
of the O/S -- 2nd/3rd/etc-stage boot loaders, the kernel itself, any loadable
modules, etc.   And, Fedora will sign all _Fedora-supplied_ files that meet
that criteria.  Thus an end-user can run with 'secure boot' fully enabled,
with only signed files being loadable as part of the O/S -- using either
Fedora-supplied signed files, -or- files that they, themselves, have signed.
OR, with BIOS signing required (the 'thin shim' loader) but signing of
subsequent files -not- required, OR, (if the hardware manufacturer allows it)
with BIOS signing disabled.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Portmaster and update progress, suggestion.

[Leslie Jensen]

2012-06-04 16:10, Leslie Jensen skrev:



2012-06-04 15:54, Warren Block skrev:

% printf "\033];Funny Title\007"



Works!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscr...@freebsd.org"




Can the reason for me not getting the title to change be that I very 
often use screen when updating ports?


I've tried different combinations and I'm only able to get the title 
when I work locally.


Screen and ssh does not change the title.


My initial wish for some information about the build progress is still 
very much on the table.


Thanks

/Leslie

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Mark Felder]

On Wed, 06 Jun 2012 09:11:02 -0500, Robert Bonomi  
 wrote:



Matthias, your lynx-based 'solution' does *NOT* solve the OP's question.


Incorrect; it does solve his problem.


He wants to know -when- his DHCP assigned address changes.  Consider
what happens if both the expired address and the new address are behind
the _same_ NAT translation.  The internal addrress changes, but the
external one does not.


Please people, read carefully: His ISP is handing out his public IP via  
DHCP. This is normal for consumer internet connections. He doesn't care  
about his internal RFC 1918 IP which is handed out by his router's DHCP  
server; that's an easy problem to solve.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

RE: IP -> e-mail

[Sean Cavanaugh]

> 
> > I would also recommend taking a look at a service like DynDNS as you
> > would have a DNS name that would auto correct for new IP.
> 
> the IP provider in Germany do not assign a static DNS name to you if yo do
> not have a static IP.
> 

Hence the Dynamic DNS option. Granted OP would have to run a client on their
device to actively track the change but it would update the DNS record
within a small window of the IP change.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD9 - I can't get my mouse to work

[Warren Block]

On Wed, 6 Jun 2012, Erich wrote:


Hi,

On 06 June 2012 6:37:43 Warren Block wrote:

On Wed, 6 Jun 2012, Erich wrote:


Hi

I have had success on my hardware with this setting:

#   The working configuration. The mouse daemon in /etc/rc.conf
#   was dsabled.
#
#   Section "ServerLayout"
#   Identifier "X.org Configured"
#   Screen  0  "Screen0" 0 0
#   InputDevice"Mouse0" "CorePointer"
#   InputDevice"Keyboard0" "CoreKeyboard"
#   EndSection
#
#   Section "ServerFlags"
#   Option  "AllowEmptyInput"   "false"


Please don't do that: http://www.wonkity.com/~wblock/docs/html/aei.html


#   Option  "AutoAddDevices""false"


This is the right way to disable HAL input device detection.


Is this really without function now? I could not get X running on the machine I 
used without using it.


AEI is not without function, it's just usually not the function desired. 
AutoAddDevices Off is all that's needed to prevent xorg-server from 
using HAL for input device detection.  So far, I have not found a 
situation where AEI Off is still required, and more than a few where it 
causes problems.


Better yet is to rebuild xorg-server with the HAL option disabled.  For 
example, xfce does not require or benefit from HAL.  Other software may 
still need it.



My standard practise is to use an empty xorg.conf when installing a fresh X. I 
add then these lines when X does not work.


Fair enough.  Just leave out the AEI line.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Matthias Apitz]

El día Wednesday, June 06, 2012 a las 09:11:02AM -0500, Robert Bonomi escribió:

> 
> Matthias Apitz  opined:
> > El dia Wednesday, June 06, 2012 a las 09:17:47AM -0400, Robert Huff 
> > escribio:
> > > Matthias Apitz  opined:
> > > >  
> > > >  lynx -dump myip.nl | fgrep 'WAN IP'
> > > >  
> > > >  strore the result in a file and when it changes, trigger a mail;
> > > 
> > >   Or, using only tools in the base system:
> > > 
> > > ifconfig | head | grep "inet " | awk '{print $2}'
> >
> > This will not work if your host has some private addr which is NAT'ed by a
> > router; 
> 
> FALSE TO FACT.  Given the OP's actual request.

The OP request is a bit uncertain and I interpreted it as he wants to
know how to 'phone' home. The OP talks about a cable modem and DHCP and
about the addr for the computer. If your computer is connected to the
'modem' by ethernet or Wifi and the IP is assigned by DHCP to the modem,
you will never see any change in your computer. It just stays for ever,
for example, 192.168.2.1 while the router has 192.168.2.2 and all this
network is NAT behind the router WAN IP. In this szenario your ifconfig
solution will not help.

May be the OP should clarify his situation and what he really wants.

matthias
-- 
Matthias Apitz
e  - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Lowell Gilbert]

Dánielisz László  writes:

> Let say my computer is connected to the internet with a cable modem and has a 
> dynamic IP address via DHCP. This address is refreshed after every random 
> days.
> I want to know the new address even when I'm not home. Like send an e-mail 
> with the new IP, I already know how to do this, but how can I track the event 
> when my computer receives the new IP?
> Any ideas or same issues?

dhclient-script(8) has provision for running scripts on any DHCP event,
and provides both new and old IP addresses in environment variables. If
they're different, fire off an e-mail.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[RW]

On Wed, 6 Jun 2012 02:06:48 -0700 (PDT)
Dánielisz László wrote:

> Hi everybody,
> 
> Let say my computer is connected to the internet with a cable modem
> and has a dynamic IP address via DHCP. This address is refreshed
> after every random days. I want to know the new address even when I'm
> not home. Like send an e-mail with the new IP, I already know how to
> do this, but how can I track the event when my computer receives the
> new IP? Any ideas or same issues?

Have you considered dynamic dns? If you don't actually need the address
it would allow you to access the machine by hostname. Even if you do,
polling the dns is as good a way as any of detecting the change. 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Matthias Apitz]

El día Wednesday, June 06, 2012 a las 10:03:26AM -0400, Sean Cavanaugh escribió:

> > Matthias Apitz writes:
> > 
> > >  > Let say my computer is connected to the internet with a cable
> > > modem and has a dynamic IP address via DHCP. This address is
> > > refreshed after every random days.
> > >
> > >  > I want to know the new address even when I'm not home. Like  send
> > > an e-mail with the new IP, I already know how to do this,  but how can
> > > I track the event when my computer receives the new  IP?
> > >
> 
> If you are using it so you know what IP to hit from outside your network,

I understand that the OP is not at home when the change occurs, but
wants to connect to home;

> I would also recommend taking a look at a service like DynDNS as you would
> have a DNS name that would auto correct for new IP.

the IP provider in Germany do not assign a static DNS name to you if yo do
not have a static IP. 

matthias
-- 
Matthias Apitz
e  - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Robert Bonomi]

Matthias Apitz  opined:
> El dia Wednesday, June 06, 2012 a las 09:17:47AM -0400, Robert Huff escribio:
> > Matthias Apitz  opined:
> > >  
> > >  lynx -dump myip.nl | fgrep 'WAN IP'
> > >  
> > >  strore the result in a file and when it changes, trigger a mail;
> > 
> >   Or, using only tools in the base system:
> > 
> > ifconfig | head | grep "inet " | awk '{print $2}'
>
> This will not work if your host has some private addr which is NAT'ed by a
> router; 

FALSE TO FACT.  Given the OP's actual request.

> the real test is ask some remote side "how I do apear to you?"
> ofc you could do this as well by SSH'ing to some side and asking with
> netstat(1) there (which may be shows another NAT'ed addr too :-))

Matthias, your lynx-based 'solution' does *NOT* solve the OP's question.

He wants to know -when- his DHCP assigned address changes.  Consider
what happens if both the expired address and the new address are behind
the _same_ NAT translation.  The internal addrress changes, but the 
external one does not.

To do what the OP _asked_, parsing the 'ifconfig' output *is* the correct
approach.

_IF_, on the other hand, he wants to know when the 'externally visible'
address (a _very_ different question) for that host changes, then your 
approach is the correct one.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

RE: IP -> e-mail

[Sean Cavanaugh]

> -Original Message-
> From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-
> questi...@freebsd.org] On Behalf Of Robert Huff
> Sent: Wednesday, June 06, 2012 9:18 AM
> To: Matthias Apitz
> Cc: freebsd-questions@freebsd.org
> Subject: Re: IP -> e-mail
> 
> 
> Matthias Apitz writes:
> 
> >  > Let say my computer is connected to the internet with a cable
> > modem and has a dynamic IP address via DHCP. This address is
> > refreshed after every random days.
> >
> >  > I want to know the new address even when I'm not home. Like  send
> > an e-mail with the new IP, I already know how to do this,  but how can
> > I track the event when my computer receives the new  IP?
> >

If you are using it so you know what IP to hit from outside your network, I
would also recommend taking a look at a service like DynDNS as you would
have a DNS name that would auto correct for new IP.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[RW]

On Wed, 6 Jun 2012 07:36:24 -0400
Jerry wrote:


> In any event, it won't belong before some hacker comes up with a way
> to circumvent the entire process anyway,

It sounds like Fedora already have. They say that they are only going to
sign a thin shim that loads grub.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Robert Bonomi]

m
> From owner-freebsd-questi...@freebsd.org  Wed Jun  6 07:37:57 2012
> Date: Wed, 6 Jun 2012 02:06:48 -0700 (PDT)
> From: =?iso-8859-1?Q?D=E1nielisz_L=E1szl=F3?= 
> To: "freebsd-questions@freebsd.org" 
> Subject: IP -> e-mail
>
> Hi everybody,
>
> Let say my computer is connected to the internet with a cable modem and h
> as a dynamic IP address via DHCP. This address is refreshed after every r
> andom days.
> I want to know the new address even when I'm not home. Like send an e-mai
> l with the new IP, I already know how to do this, but how can I track the
> event when my computer receives the new IP?
> Any ideas or same issues?

Schedule a 'cron' job to run as frequently as you like.
Have it:
  a) do an 'ifconfig -a', or maybe just check the 'interface of interest'.
  b) 'diff' that output against a 'reference' copy from the previous run
  c) send an email if diff reports differences
  d) save the ifconfig output for referene in the next run 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Matthias Apitz]

El día Wednesday, June 06, 2012 a las 09:17:47AM -0400, Robert Huff escribió:

> >  Run this in a cronjob:
> >  
> >  lynx -dump myip.nl | fgrep 'WAN IP'
> >  
> >  strore the result in a file and when it changes, trigger a mail;
> 
>   Or, using only tools in the base system:
> 
> ifconfig | head | grep "inet " | awk '{print $2}'

This will not work if your host has some private addr which is NAT'ed by a
router; the real test is ask some remote side "how I do apear to you?"
ofc you could do this as well by SSH'ing to some side and asking with
netstat(1) there (which may be shows another NAT'ed addr too :-))

Trust me, the above lynx is the nearly only robust version.

matthias
-- 
Matthias Apitz
e  - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD9 - I can't get my mouse to work

[Erich]

Hi,

On 06 June 2012 6:37:43 Warren Block wrote:
> On Wed, 6 Jun 2012, Erich wrote:
> 
> > Hi
> >
> > I have had success on my hardware with this setting:
> >
> > #   The working configuration. The mouse daemon in /etc/rc.conf
> > #   was dsabled.
> > #
> > #   Section "ServerLayout"
> > #   Identifier "X.org Configured"
> > #   Screen  0  "Screen0" 0 0
> > #   InputDevice"Mouse0" "CorePointer"
> > #   InputDevice"Keyboard0" "CoreKeyboard"
> > #   EndSection
> > #
> > #   Section "ServerFlags"
> > #   Option  "AllowEmptyInput"   "false"
> 
> Please don't do that: http://www.wonkity.com/~wblock/docs/html/aei.html
> 
> > #   Option  "AutoAddDevices""false"
> 
> This is the right way to disable HAL input device detection.

Is this really without function now? I could not get X running on the machine I 
used without using it.

My standard practise is to use an empty xorg.conf when installing a fresh X. I 
add then these lines when X does not work.

Erich
> 
> > #   EndSection
> 
> 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Robert Huff]

Matthias Apitz writes:

>  > Let say my computer is connected to the internet with a cable
>  modem and has a dynamic IP address via DHCP. This address is
>  refreshed after every random days.
>
>  > I want to know the new address even when I'm not home. Like
>  send an e-mail with the new IP, I already know how to do this,
>  but how can I track the event when my computer receives the new
>  IP?
>
>  Run this in a cronjob:
>  
>  lynx -dump myip.nl | fgrep 'WAN IP'
>  
>  strore the result in a file and when it changes, trigger a mail;

Or, using only tools in the base system:

ifconfig | head | grep "inet " | awk '{print $2}'


Robert Huff

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: freebsd-questions Digest, Vol 418, Issue 7

[Bernt Hansson]

2012-06-06 13:36, kwel kwel skrev:




Please remove my email from your database i don't want to receive any other 
mail from you plzz thanks !


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: IP -> e-mail

[Matthias Apitz]

El día Wednesday, June 06, 2012 a las 02:06:48AM -0700, Dánielisz László 
escribió:

> Hi everybody,
> 
> Let say my computer is connected to the internet with a cable modem and has a 
> dynamic IP address via DHCP. This address is refreshed after every random 
> days.
> I want to know the new address even when I'm not home. Like send an e-mail 
> with the new IP, I already know how to do this, but how can I track the event 
> when my computer receives the new IP?
> Any ideas or same issues?

Hi,

Run this in a cronjob:

lynx -dump myip.nl | fgrep 'WAN IP'

strore the result in a file and when it changes, trigger a mail;

HIH

matthias
-- 
Matthias Apitz
e  - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD9 - I can't get my mouse to work

[Warren Block]

On Wed, 6 Jun 2012, Erich wrote:


Hi

I have had success on my hardware with this setting:

#   The working configuration. The mouse daemon in /etc/rc.conf
#   was dsabled.
#
#   Section "ServerLayout"
#   Identifier "X.org Configured"
#   Screen  0  "Screen0" 0 0
#   InputDevice"Mouse0" "CorePointer"
#   InputDevice"Keyboard0" "CoreKeyboard"
#   EndSection
#
#   Section "ServerFlags"
#   Option  "AllowEmptyInput"   "false"


Please don't do that: http://www.wonkity.com/~wblock/docs/html/aei.html


#   Option  "AutoAddDevices""false"


This is the right way to disable HAL input device detection.


#   EndSection

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Unable to update virtualbox-ose-additions 4.1.16

[Alexandre]

Hi,

I got a VM VirtualBox that use FreeBSD 9-STABLE (updated yesterday).
Now I want to update my ports, but I can't update 
I use the command <# portmaster -a -D --no-confirm> to update ports with
portmaster tool.

The error is :
[...]
The failing command:
@cc  -m64   -o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/VBoxClient
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/main.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/src/VBox/GuestHost/SharedClipboard/clipboard-helper.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/src/VBox/GuestHost/SharedClipboard/x11-clipboard.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/clipboard.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/seamless.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/seamless-host.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/seamless-x11.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/thread.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/display.o
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/obj/VBoxClient/hostversion.o
  -L/usr/X11R6/lib32  -L/usr/X11R6/lib  -L/usr/lib  -L/usr/X11R6/lib
 -L/usr/local/lib   -liconv
/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/lib/additions/RuntimeGuestR3.a

/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/lib/additions/VBoxGuestR3Lib.a

/usr/ports/emulators/virtualbox-ose-additions/work/VirtualBox-4.1.16/out/freebsd.amd64/release/lib/additions/RuntimeGuestR3.a
  -lX11   -lXrandr   -lXt   -lsupc++   -lgcc_eh   -lXext   -lXmu
-lpthread   -liconv
*** Error code 2

Stop in /usr/ports/emulators/virtualbox-ose-additions.
*** Error code 1

Stop in /usr/ports/emulators/virtualbox-ose-additions.

===>>> make failed for emulators/virtualbox-ose-additions
===>>> Aborting update

===>>> Update for emulators/virtualbox-ose-additions failed
===>>> Aborting update

Terminated
[...]

I posted the full output (with "script") here : http://pastebin.com/cmBbqzKx

This VM is installed on a Windows 7 host (VirtualBox 4.1.16r78094).

# uname -a
FreeBSD VirtualBox 9.0-STABLE FreeBSD 9.0-STABLE #0: Tue Jun  5 16:03:26
CEST 2012 root@VirtualBox:/usr/obj/usr/src/sys/GENERIC  amd64

# pkg_info | grep virtualbox
virtualbox-ose-additions-4.1.8 VirtualBox additions for FreeBSD guests

Thanks for your help.

Regards,
Alexandre
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/6/12 1:57 AM, Chris Hill wrote:
> On Tue, 5 Jun 2012, G?k?in Akdeniz wrote:
> 
>> For the time being only ARM platform is restricted.
> 
> True, but I would be astonished if this restriction were not expanded by
> MS in the future. Just my opinion, but I believe their ultimate goal is
> to add platforms until the "secure boot" restriction encompasses most or
> all desktop and server hardware. This would be over a period of years.
> 

I direct you to an older version of the matrix, where microsoft was
discussing Paladium and TCPA.

These are the exact same.

And these are a liberty killer.


http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/5/12 9:12 PM, Gökşin Akdeniz wrote:
>>
>> UEFI considerations drive Fedora to pay MSFT to sign their kernel
>> binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/
>>
> 
> That's restriction is only for ARM devices which have a label that says
> "Desgined for Windows8". In other words those devices can not boot
> another os except Windows 8 due to secure boot option enabled by
> default.
> 
> The short and the long of it Microsoft is copying Apple on tablets with
> ARM.
> 

Well perhaps it should say "designed ONLY for windows8" then ?

This has "class action" written all over it, just like the "ready for
win7" fiasco where the PCs displaying the sticker could only run the
minimalist version of the OS.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

IP -> e-mail

[Dánielisz László]

Hi everybody,

Let say my computer is connected to the internet with a cable modem and has a 
dynamic IP address via DHCP. This address is refreshed after every random days.
I want to know the new address even when I'm not home. Like send an e-mail with 
the new IP, I already know how to do this, but how can I track the event when 
my computer receives the new IP?
Any ideas or same issues?

Thx!
Laszlo
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/6/12 1:19 PM, Daniel Feenberg wrote:
> 
> 
> On Wed, 6 Jun 2012, Matthew Seaman wrote:
> 
>> On 05/06/2012 23:10, Jerry wrote:
>>> I thought this URL  also shown
>>> above, answered that question.
>>
>> Signing bootloaders and kernels etc. seems superficially like a good
>> idea to me.  However, instant reaction is that this is definitely *not*
>> something that Microsoft should be in charge of.  Some neutral[*] body
> ...
>> On deeper thought though, the whole idea appears completely unworkable.
>> It means that you will not be able to compile your own kernel or
>> drivers unless you have access to a signing key.  As building your own
> 
> You don't need the signing key if you turn off secure boot in the CMOS.
> The fedora folk are worried that naive desktop users will not be able to
> do that, and usage of linux will be impeded. It won't be a significant
> impediment to users capable of compiling their own kernel.
> 
>> is pretty fundamental to the FreeBSD project, the logical consequence is
>> that FreeBSD source should come with a signing key for anyone to use.
>>
>> Which completely abrogates the whole point of signing
>> bootloaders/kernels in the first place: anyone wishing to create malware
>> would be able to sign whatever they want using such a key.  It's
>> DRM-level stupidity all over again.
> 
> I do wonder about that. What incentive does the possesor of a signing
> key have to keep it secret? Apple keeps it's signing key secret because
> it gets a share of revenue from the sale of apps. If the fedora key
> became known it wouldn't hurt fedora. Can the UEFI BIOS consult a list
> of revoked keys online? That would be surprising.
> 
> dan feenberg


Key revoked in the BIOS' next version, which will ship by default on
newer hardware.

No need for checking online.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/6/12 9:32 AM, Matthew Seaman wrote:
> On 05/06/2012 23:10, Jerry wrote:
>> I thought this URL  also shown
>> above, answered that question.
> 
> Signing bootloaders and kernels etc. seems superficially like a good
> idea to me.  However, instant reaction is that this is definitely *not*
> something that Microsoft should be in charge of.  Some neutral[*] body
> without any commercial interests should do that job, and
> bootloader/kernel signing should be freely available.
> 
> On deeper thought though, the whole idea appears completely unworkable.
>  It means that you will not be able to compile your own kernel or
> drivers unless you have access to a signing key.  As building your own
> is pretty fundamental to the FreeBSD project, the logical consequence is
> that FreeBSD source should come with a signing key for anyone to use.
> 
> Which completely abrogates the whole point of signing
> bootloaders/kernels in the first place: anyone wishing to create malware
> would be able to sign whatever they want using such a key.  It's
> DRM-level stupidity all over again.
> 
> My conclusion: boycott products, manufacturers and/or OSes that
> participate in this scheme.  FreeBSD alone won't make any real
> difference to manufacturers, but I hope there is still enough of the
> original spirit of freedom within the Linux camp, and perhaps from
> Google/android to make an impact.
> 
> I'm pretty sure there can be a way of whitelisting bootloaders and so
> forth to help prevent low-level malware, but this isn't it.
> 
>   Cheers,
> 
>   Matthew
> 
> [*] I suggest ICANN might be the right sort of organization to fulfil
> this role.
> 


I agree with the whole post except that last bit about ICANN Matthew.

The US already has enough dominance as is, without involving ICANN, a
supposedly neutral body (yeah right...) any further.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Somewhat OT - A Makefile Question

[Tim Daneliuk]

Not strictly FBSD, but ...

Within a makefile, I need to assign the name of a program as in:

FOO = "bar".

The problem is that 'bar' may also be know as, say, "bar.sh".  Worse still
both "bar" and "bar.sh" can exist with one linked to the other.  Is there
a simple way to determine which form "bar" or "bar.sh" on on a given
system *at the time the make is run*?  If both exist, I will pick
one arbitrarily, I just don't want the detection mechanism to fail when
this is the case.  For example I don't think this works when both
are there:

FOO = $(shell `which bar bar.sh)

Thanks,
--

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Damien Fleuriot]

On 6/6/12 1:36 PM, Jerry wrote:
> On Wed, 06 Jun 2012 11:47:11 +0100
> Matthew Seaman articulated:
> 
>> On 06/06/2012 11:24, Jerry wrote:
>>> I think you are in error there Matthew. From what I have read The $99
>>> goes to Verisign, not Microsoft - further once paid you can sign as
>>> many binaries as you want.
>>
>> Having to pay Verisign instead of Microsoft makes no difference: the
>> point is why should I have to pay anything to a third party in order to
>> run whatever OS I want on a piece of hardware I own?
>>
>> $99 as a one-off payment might seem a trivial cost to you, so much so
>> that you rather rashly promised to pay that for anyone. I won't hold
>> you to it.  Even so, there are several thousand readers of this list.
>> I doubt even you could afford to subsidise very many of them...
> 
> The $99 was for FreeBSD to deliver the OS, not per user. This is
> clearly explained in the various URLs listed in this thread. I am sorry
> if you misunderstood. Of course if a user wants to recompile the
> kernel, etcetera after having downloaded and installed it from FreeBSD
> or one of its subsidies, they are on their own. Seriously though, a
> one time payment of $99 is so trivial I find it hard to believe that
> anyone is actually bitching about it. I pay many times that amount for
> golf every month.
> 

Look Jerry,


Are you serious there ?
Having to pay to use a different OS on hardware that you own ?

What next, non-approved keyboard, $40 extra ?
Non-approved mouse, $30, non-approved USB external drive, $80 ?


Don't take it personally but it's people like you willing to bend the
knee that encourage such abuse as we're discussing today.
The denial of freedom to do what you want with that piece of hardware
you just bought.

And no, $99 isn't trivial, it has to be 1/6 the price of a standard PC
nowadays.

I'm *not* paying extra to install a non-MS-approved-lol-seriously OS.
This is nothing short of extortion.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Jerry]

On Wed, 06 Jun 2012 11:47:11 +0100
Matthew Seaman articulated:

>On 06/06/2012 11:24, Jerry wrote:
>> I think you are in error there Matthew. From what I have read The $99
>> goes to Verisign, not Microsoft - further once paid you can sign as
>> many binaries as you want.
>
>Having to pay Verisign instead of Microsoft makes no difference: the
>point is why should I have to pay anything to a third party in order to
>run whatever OS I want on a piece of hardware I own?
>
>$99 as a one-off payment might seem a trivial cost to you, so much so
>that you rather rashly promised to pay that for anyone. I won't hold
>you to it.  Even so, there are several thousand readers of this list.
>I doubt even you could afford to subsidise very many of them...

The $99 was for FreeBSD to deliver the OS, not per user. This is
clearly explained in the various URLs listed in this thread. I am sorry
if you misunderstood. Of course if a user wants to recompile the
kernel, etcetera after having downloaded and installed it from FreeBSD
or one of its subsidies, they are on their own. Seriously though, a
one time payment of $99 is so trivial I find it hard to believe that
anyone is actually bitching about it. I pay many times that amount for
golf every month.

>Yes UEFI Secure Boot may have been around for 8 years.  The fact that
>no one has adopted use of it in all that time speaks volumes.

I don't want to get in an argument with you Matthew since you are one of
the few on this list that I feel actually thinks before they speak and
knows what they are talking about; however, the real reason, in my
opinion, is that no one carefully considered the consequences of it. It
is a great idea, it offers greater security and again from what I have
read it can be disabled by the end user if the vendor so allows.
Microsoft does not control the vendors right to allow or disallow that
action.

In any event, it won't belong before some hacker comes up with a way
to circumvent the entire process anyway, In my opinion, so why worry
about it. Most FreeBSD users do not use state of the art equipment
anyway, so it may be years before they even come up against this
problem. By then it will all be ironed out.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__


signature.asc
Description: PGP signature

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Mehmet Erol Sanliturk]

On Wed, Jun 6, 2012 at 3:47 AM, Matthew Seaman <
m.sea...@infracaninophile.co.uk> wrote:

> On 06/06/2012 11:24, Jerry wrote:
> > I think you are in error there Matthew. From what I have read The $99
> > goes to Verisign, not Microsoft - further once paid you can sign as
> > many binaries as you want.
>
> Having to pay Verisign instead of Microsoft makes no difference: the
> point is why should I have to pay anything to a third party in order to
> run whatever OS I want on a piece of hardware I own?
>
> $99 as a one-off payment might seem a trivial cost to you, so much so
> that you rather rashly promised to pay that for anyone. I won't hold you
> to it.  Even so, there are several thousand readers of this list.  I
> doubt even you could afford to subsidise very many of them...
>
> Yes UEFI Secure Boot may have been around for 8 years.  The fact that no
> one has adopted use of it in all that time speaks volumes.
>
>Cheers,
>
>Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
>  Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> JID: matt...@infracaninophile.co.uk   Kent, CT11 9PW
>
>

What will be the usefulness of a security key for an Open Source Operating
System when people are not using mostly "proprietary" binary packages and
nearly all of the supplied binary packages have accompanying sources ?

When FreeBSD is installing a binary package or making a port , it is ALWAYS
checking integrity of installed
parts .

Then is there a necessity of a "Security Key" obtained by paying money ?

In Turkish literature , there is a person named as "Deli Dumrul" means
"Crazy Dumrul" where his name is "Dumrul" .

"Crazy Dumrul" constructed a bridge over a dried river . If any one passes
from the bridge , he was taking money for passing over the bridge for
"Using the Bridge"  , and , if any one is NOT passing from the bridge , and
walking over the dried river , he was taking money for "Not to Use the
Bridge" .

It seems that "History is Repeating" 


Thank you very much .

Mehmet Erol Sanliturk
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Daniel Feenberg]

On Wed, 6 Jun 2012, Matthew Seaman wrote:


On 05/06/2012 23:10, Jerry wrote:

I thought this URL  also shown
above, answered that question.


Signing bootloaders and kernels etc. seems superficially like a good
idea to me.  However, instant reaction is that this is definitely *not*
something that Microsoft should be in charge of.  Some neutral[*] body

...

On deeper thought though, the whole idea appears completely unworkable.
It means that you will not be able to compile your own kernel or
drivers unless you have access to a signing key.  As building your own


You don't need the signing key if you turn off secure boot in the CMOS. 
The fedora folk are worried that naive desktop users will not be able to 
do that, and usage of linux will be impeded. It won't be a significant 
impediment to users capable of compiling their own kernel.



is pretty fundamental to the FreeBSD project, the logical consequence is
that FreeBSD source should come with a signing key for anyone to use.

Which completely abrogates the whole point of signing
bootloaders/kernels in the first place: anyone wishing to create malware
would be able to sign whatever they want using such a key.  It's
DRM-level stupidity all over again.


I do wonder about that. What incentive does the possesor of a signing key 
have to keep it secret? Apple keeps it's signing key secret because it 
gets a share of revenue from the sale of apps. If the fedora key became 
known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked 
keys online? That would be surprising.


dan feenberg
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Matthew Seaman]

On 06/06/2012 11:24, Jerry wrote:
> I think you are in error there Matthew. From what I have read The $99
> goes to Verisign, not Microsoft - further once paid you can sign as
> many binaries as you want.

Having to pay Verisign instead of Microsoft makes no difference: the
point is why should I have to pay anything to a third party in order to
run whatever OS I want on a piece of hardware I own?

$99 as a one-off payment might seem a trivial cost to you, so much so
that you rather rashly promised to pay that for anyone. I won't hold you
to it.  Even so, there are several thousand readers of this list.  I
doubt even you could afford to subsidise very many of them...

Yes UEFI Secure Boot may have been around for 8 years.  The fact that no
one has adopted use of it in all that time speaks volumes.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk   Kent, CT11 9PW



signature.asc
Description: OpenPGP digital signature

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Bruce Cran]

On 06/06/2012 11:38, Bruce Cran wrote:
It's not the $99 that'll be the problem, but the fact that it's 
Verisign (actually Symantec, since they bought Verisign) that you deal 
with. Whereas Globalsign accept applications from individuals, 
Verisign require company documents before they'll generate a certificate.




I've just checked, and I'm wrong - they seem to have changed things and 
now allow signups from individuals.


--
Bruce Cran
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Bruce Cran]

On 06/06/2012 11:24, Jerry wrote:


They should have taken this into account a long time ago. In any
case, we are talking $99 dollars total, not per user here for the
certificate. If that is going to cause a problem, I'll donate the $99.


It's not the $99 that'll be the problem, but the fact that it's Verisign 
(actually Symantec, since they bought Verisign) that you deal with. 
Whereas Globalsign accept applications from individuals, Verisign 
require company documents before they'll generate a certificate.


--
Bruce Cran
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Jerry]

On Wed, 06 Jun 2012 10:38:41 +0100
Matthew Seaman articulated:

>On 06/06/2012 09:45, Bruce Cran wrote:
>> On 06/06/2012 08:32, Matthew Seaman wrote:
>>> On deeper thought though, the whole idea appears completely
>>> unworkable. It means that you will not be able to compile your own
>>> kernel or drivers unless you have access to a signing key.  As
>>> building your own is pretty fundamental to the FreeBSD project, the
>>> logical consequence is that FreeBSD source should come with a
>>> signing key for anyone to use.
>
>> It just means that anyone wishing to run their own kernels would
>> either need to disable secure boot, or purchase/create their own
>> certificate and install it.
>
>Indeed.  However disabling secure boot is apparently:
>
>   * too difficult for users of Fedora
>
>   * not possible on all platforms (arm based tablets especially)
>
>and purchasing your own certificate currently means paying $99 to
>Microsoft, or else getting a key from the hardware manufacturer (which
>I very much suspect will not be free either).

I think you are in error there Matthew. From what I have read The $99
goes to Verisign, not Microsoft - further once paid you can sign as
many binaries as you want.

>While I would expect the typical FreeBSD user to be quite capable of
>disabling secure boot, I know that this is something that will result
>in realms of questions by new users, alarmist claims that "FreeBSD is
>not secure" and general glee amongst the "FreeBSD is dying" crowd.
>
>This is just another misconceived DRM scheme and suffers from all the
>same old flaws.

I don't feel this is misconceived at all. Again, from what I have read,
most non-Microsoft operating systems have been able to use UEFI Secure
Boot for nearly eight years; however, they have actively refused to do
so. However, now Microsoft has stepped up to the plate and is
actively taking advantage of the scheme. Actually, Microsoft has been
issuing warnings for ten years when a user would attempt to install
unsigned drivers. Now the FOSS community is getting its knickers in a
knot. They should have taken this into account a long time ago. In any
case, we are talking $99 dollars total, not per user here for the
certificate. If that is going to cause a problem, I'll donate the $99.
In any case, the real problem appears to be how FreeBSD is going to
handle drivers which apparently will need to be signed since they work
at the kernel level. Apparently Fedora has a working solution for that
all ready.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__



signature.asc
Description: PGP signature

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Julian H. Stacey]

jerr...@msu.edu wrote:
> Quoting Kurt Buff :
> 
> > UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries
> > http://cwonline.computerworld.com/t/8035515/1292406/565573/0/
> >
> > This would seem to make compiling from source difficult.
> >
> 
> I don't see how this MS scam is even at all legal.
> It is clearly restraint of trade and probably violates some other
> related laws too.

A shame Bush blocked dismembering monopolist Microsoft.  
The last enormous fines Microsoft paid the EU for monopoly abuse,
presumably failed to discipline Microsoft. 

Time for increased fines, till Microsoft stops abusing its monooly.
Would be nice if the fines were so high it forced a free recall by
hardware vendors to fix, if it can't be fixed with a UEFI net upgrade.

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Reply below not above, cumulative like a play script, & indent with "> ".
 Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix.  http://berklix.org/yahoo/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Mehmet Erol Sanliturk]

On Wed, Jun 6, 2012 at 2:38 AM, Matthew Seaman  wrote:

> On 06/06/2012 09:45, Bruce Cran wrote:
> > On 06/06/2012 08:32, Matthew Seaman wrote:
> >> On deeper thought though, the whole idea appears completely unworkable.
> >>   It means that you will not be able to compile your own kernel or
> >> drivers unless you have access to a signing key.  As building your own
> >> is pretty fundamental to the FreeBSD project, the logical consequence is
> >> that FreeBSD source should come with a signing key for anyone to use.
>
> > It just means that anyone wishing to run their own kernels would either
> > need to disable secure boot, or purchase/create their own certificate
> > and install it.
>
> Indeed.  However disabling secure boot is apparently:
>
>   * too difficult for users of Fedora
>
>   * not possible on all platforms (arm based tablets especially)
>
> and purchasing your own certificate currently means paying $99 to
> Microsoft, or else getting a key from the hardware manufacturer (which I
> very much suspect will not be free either).
>
> While I would expect the typical FreeBSD user to be quite capable of
> disabling secure boot, I know that this is something that will result in
> realms of questions by new users, alarmist claims that "FreeBSD is not
> secure" and general glee amongst the "FreeBSD is dying" crowd.
>
> This is just another misconceived DRM scheme and suffers from all the
> same old flaws.
>
>Cheers,
>
>Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.
> PGP: http://www.infracaninophile.co.uk/pgpkey
>
>
>


http://www.infoworld.com/t/hacking/tech-behind-flame-attack-could-compromise-microsoft-update-194867


Thank you very much .

Mehmet Erol Sanliturk
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Is this something we (as consumers of FreeBSD) need to be aware of?

[Matthew Seaman]

On 06/06/2012 09:45, Bruce Cran wrote:
> On 06/06/2012 08:32, Matthew Seaman wrote:
>> On deeper thought though, the whole idea appears completely unworkable.
>>   It means that you will not be able to compile your own kernel or
>> drivers unless you have access to a signing key.  As building your own
>> is pretty fundamental to the FreeBSD project, the logical consequence is
>> that FreeBSD source should come with a signing key for anyone to use.

> It just means that anyone wishing to run their own kernels would either
> need to disable secure boot, or purchase/create their own certificate
> and install it.

Indeed.  However disabling secure boot is apparently:

   * too difficult for users of Fedora

   * not possible on all platforms (arm based tablets especially)

and purchasing your own certificate currently means paying $99 to
Microsoft, or else getting a key from the hardware manufacturer (which I
very much suspect will not be free either).

While I would expect the typical FreeBSD user to be quite capable of
disabling secure boot, I know that this is something that will result in
realms of questions by new users, alarmist claims that "FreeBSD is not
secure" and general glee amongst the "FreeBSD is dying" crowd.

This is just another misconceived DRM scheme and suffers from all the
same old flaws.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature

isc-dhcpd - logging client transactions

[Ewald Jenisch]

Hi,

I've set up isc-dhcpd (/usr/ports/net/isc-dhcp42-server). The daemon
runs, hands out IP-addresses however logging doesn't seem to work.

Here's what I've got in the respective config-files:

/etc/rc.conf:
# dhcpd
dhcpd_enable="YES"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_ifaces="em0"
dhcpd_withumask="022"
dhcpd_chuser_enable="YES"
dhcpd_withuser="dhcpd"
dhcpd_withgroup="dhcpd"
dhcpd_chroot_enable="YES"
dhcpd_devfs_enable="YES"
dhcpd_rootdir="/var/db/dhcpd"

/usr/local/etc/dhcpd.conf:
...
log-facility local7;

/etc/syslog.conf:
local7.*/var/log/dhcpd.log


/var/log/dhcpd.log is "touch"ed, so it exists.

Also restarted syslogd and isc-dhcpd.


Result: dhcpd works (i.e. I see entries in the leases-file
(/var/db/dhcpd/var/db/dhcpd/dhcpd.leases) however nothing is logged to
/var/log/dhcpd.log.

I can rule out any error with syslogd.conf since when I start isc-dhcp
"by hand" (/usr/local/sbin/dhcpd -d) I get an error message - and this
one is definitely logged to /var/log/dhcpd.log.

What I really need though is a log of all the DHCP-transactions,
i.e. DHCP-requests, address assignments etc.

Thanks much in advance for your help,
-ewald
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"