Re: How does freebsd supports ipx?

2012-10-14 Thread YC Wang 
2012/10/12 Виталий Туровец :
> 2012/10/12 YC Wang :
>> Hi,all:
>>
>> I read from wikipedia that freebsd supports ipx. But when I tried
>> to set ipx address on em0,it showed the following message:
>>
>> freebsd-yc# ifconfig em0 ipx (netnum.nodenum)
>> ifconfig: socket(family 23,SOCK_DGRAM: Protocol not supported
>>
>> And as I furher trussed the ifconfig process, I found this was
>> probably caused by the failure of the socket syscall:
>>
>> freebsd-yc# truss ifconfig em0 ipx netnum.nodenum
>> ..
>> socket(PF_IPX,SOCK_DGRAM,0)  ERR#43 'Protocol not 
>> supported'
>> ..
>>
>>
>> In contrast however, when calling "socket(PF_IPX,SOCK_DGRAM,0)" on
>> Linux, it will automatically load the ipx kernel module and the socket
>> syscall returns successfully. But I don't find any ipx module in
>> /boot/kernel/ on freebsd.
>>
>>So I wonder how does freebsd supports ipx? Is there any other work
>> I should do for this purpose?
>>
>>And if this isn't the most appropriate list for this question,
>> please let me know.
>>
>>   Thanks
>>   YC Wang
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
>
> I suppose you should add "options IPX" line to your kernel
> configuration file and rebuild/reinstall the kernel.
>
>
> --
>
>
>
>
> ~~~
> WBR,
> Vitaliy Turovets
> NOC Lead @TV-Net ISP
> NOC Lead @Service Outsourcing company
> +38(093)265-70-55
> VITU-RIPE
> X-NCC-RegID: ua.tv

Hi:

I rebuilt the kernel with "option IPX", but it didn't seem to work.
Below was what I did:

1) create a new configure file IPXKERNEL enabling "option IPX"
freebsd-yc# cat /sys/i386/conf/IPXKERNEL
include GENERIC
ident IPXKERNEL
options IPX

2) make buildkerel KERNCONF=IPXKERNEL. When finised, I found that the
ipx source code did get compiled, but hadn't been linked into a kernel
module.
freebsd-yc# find /usr/obj/usr/src/sys/IPXKERNEL/ | grep  ipx
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/arcnet/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/if_ef/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/if_tun/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/netgraph/iface/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/smbfs/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/sppp/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/modules/usr/src/sys/modules/wlan/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/opt_ipx.h
/usr/obj/usr/src/sys/IPXKERNEL/ipx.o
/usr/obj/usr/src/sys/IPXKERNEL/ipx_cksum.o
/usr/obj/usr/src/sys/IPXKERNEL/ipx_input.o
/usr/obj/usr/src/sys/IPXKERNEL/ipx_outputfl.o
/usr/obj/usr/src/sys/IPXKERNEL/ipx_pcb.o
/usr/obj/usr/src/sys/IPXKERNEL/ipx_proto.o
/usr/obj/usr/src/sys/IPXKERNEL/ipx_usrreq.o

3) Still I installed the new kernel with "make installkernel
KERNCONF=IPXKERNEL", and as expected, it was exactly the same to the
old one.
freebsd-yc# ls /boot/kernel > kernel.txt
freebsd-yc# ls /boot/kernel.old/ > kernelold.txt
freebsd-yc# diff kernel.txt kernelold.txt

So do you have any idea about this? The information of my system is:
freebsd-yc# uname -a
FreeBSD freebsd-yc.vm 8.3-RELEASE FreeBSD 8.3-RELEASE #0: Mon Oct 15
11:20:49 CST 2012
r...@freebsd-yc.vm:/usr/obj/usr/src/sys/IPXKERNEL  i386

Thanks,
YC Wang
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Question about find - excluding directories

2012-10-14 Thread Matthew Seaman 
On 15/10/2012 01:32, Paul Schmehl wrote:
> I want to use find to locate files that don't belong to a certain user
> but should belong to that user.  But there are subdirectories I want to
> exclude.
> 
> I have tried using this, but it doesn't work:
> 
> find /path/to/dir -type d ! -uid num \( -type d ! -name dirname -prune \)
> 
> If I leave off the part in parentheses, it finds all the files I'm
> looking for but also files in the subdirs I'm not interested in.
> 
> If I add the parentheses, it doesn't find any files at all.
> 
> This is FreeBSD 8.3 RELEASE.
> 
> So how can I find these files without descending into directories I'm
> not interested in?

Completely untested, but the usual thing with find(1) is down to the way
it evaluates its arguments from left to right in a lazy fashion.  So, if
it has enough to know it is going to generate a true or false result
after '-type d ! -uid num', it won't then go on to evaluate the rest of
the line, meaning it will never see the effects of '-prune'.

If you want to have exceptions, it is generally better to put them
earlier in the command line:

find /path/to/dir \( -type d ! -name dirname -prune \) -type d ! -uid num

Or you could use '-path' to match any path containing 'dirname' without
the bracketed subexpression:

find /path/to/dir -type d ! -path 'dirname*' ! -uid

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature

Re: blackend from svn

2012-10-14 Thread Matthew Seaman 
On 14/10/2012 22:37, Darrel wrote:
> Having just installed a new system, I am considering using svn to
> get some docs.  Perhaps I will create doc under /usr/local like
> this:
> 
> # cd /usr/local
> # mkdir doc

The canonical location is /usr/doc -- this stuff is part of FreeBSD
itself, so shouldn't really sit under ${LOCALBASE}

> and then:
> 
> svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1/
> 
> I already am running current and stable- this computer is mainly
> for using VirtualBox to test Linux stuff that some contracts are
> asking for.
> 
> Does this method of having a local copy of docs around seem alright,
> or does someone know that there is a better way?

That should work fine, if what you are after are the .xml source files
the documentation is compiled from.  Note that compiling all this stuff
into HTML or PDF requires a moderately large toolchain to be installed.
(see: textproc/docproj* in ports.)

Also, the URL doc/release/9.1.0/en_US.ISO8859-1 -- that's a tag in SVN,
meaning it is never going to be updated.  Check out HEAD if you want to
be able to track changes.

You always used to be able to install a pre-compiled doc bundle from the
install media.  What with changes over the last several months I don't
know if that is still possible, but if it is, then that would probably
be more suitable if all you want is to have a reference copy of the docs
to hand.

Cheers,

Matthew
-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature

Re: Sysctls and privacy

2012-10-14 Thread schultz 

Says who?  Is this your requirement?  Why?


I meant I don't see how it can be done differently.


If this is really a serious concern of yours, you have much bigger fish to
fry than sysctl(8).


Can you elaborate a bit more on this please?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Sysctls and privacy

2012-10-14 Thread Adam Vande More 
On Sun, Oct 14, 2012 at 8:33 PM,  wrote:

>
>> Here is the catch. I know I can read-only mount most static filesystems
> from a template. However, the mutable ones have to be copied.
>

Says who?  Is this your requirement?  Why?


> Because someone might know the program memory, cpu or network usage
> patterns
> and extrapolate from the data. Firefox is a good example because it
> eats up huge amounts of RAM and garbage collects it quite fast. So when
> that pattern shows up you know someone is probably using Firefox.
> This, of course, also applies to other programs.
>

If this is really a serious concern of yours, you have much bigger fish to
fry than sysctl(8).

-- 
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Sysctls and privacy

2012-10-14 Thread schultz 

Did you specify elsewhere what a 'visible' does mean to you?

  - if this means network connectivity then you can put jails on the same
network, e. g. the same address on a lo(4) interface

  - if this means a read-only access to the directory located outside of a
jail then her4e is the trick:

  mount_nullfs -o ro /path/to/inject /your/jail/mount/detination


I did mean the second case. Your solution seems reasonable. Only
change I would do is check for symlinks in the path within the jail
roots to avoid symlink attacks.


The same trick can be done for every directory the freebsd base system
consists of. Excluding those different for each jail, e. g. /var,  
/etc. Nullfs

daesn't consume your disk space except for additional fstab lines, something
about a dozen per jail. (=


Here is the catch. I know I can read-only mount most static filesystems
from a template. However, the mutable ones have to be copied. This means
installing ports forces me to copy /usr/local, which is around half a
gigabyte (I have some pre-installed ports).

I have been looking into unionfs to solve this, but the BUGS section in
the man page scared me a bit. :-)


I don't think so. It's a task of the configuration of a second system without
hardware initialization and so on, and then spreading your configs around
other jails.


I mean configuring a user account is much simpler than configuring a jail.
Still this is not at all a good reason not to use jails. :-)


jail goes beyond with its jail_devfs_rules


I mean these changes are necessary in a user-based protection model.


What do you mean 'visible' here? Do you just chmod a-rwx on them? Say, to
avoid listing the /usr/bin/su you should chmod a-rx /usr/bin which  
is far from

the best idea...


I either chmod ug-s or chmod o-rwx.


Sounds interesting but doesn't seem googleable to me. Any URLs for xorg
patches and/or for the list of such a ports please?


I didn't find any URL too. The fact is the x11-servers/xorg-server has
the path /tmp/.X[n]-lock for the lock file hardcoded. Since I ended up
using many small Xephyr instances to isolate GUI applications, someone
could use that file before to prevent my application from starting. So
I myself made the (very small) patch, and compiled the port manually.


Ouch! a RELENG_9 feature...


If it does not go away in future versions I am happy with it.


How could the one know out that from overall system statistics only?


Because someone might know the program memory, cpu or network usage patterns
and extrapolate from the data. Firefox is a good example because it
eats up huge amounts of RAM and garbage collects it quite fast. So when
that pattern shows up you know someone is probably using Firefox.
This, of course, also applies to other programs.

Also, if you do know someone is going to run a single program in the
machine, you might just have the memory footprint of that program by
subtraction, and that reveals quite a lot.

I do realize this has a great deal of paranoia, but it is an issue
nonetheless.


ok but that can be the loss of a privacy of some other user?


Not if you have a single (human) user on the machine. Also, this
is quite informal reasoning.

Sure. You can convert PDFs to the set of images, reassemble them  
into your own

PDFs without the logs and post then.


Not without loss of quality, indexing and compactness. Also, steganography
might be employed by the attacker.


So without the need for the outside network connectivity there shouldn't be
much  care. (=


This can be done, it just is not practical. Additionally, unfortunately
some untrusted users have to have internet connection. I know they can
gather important personal identifying information (/etc/passwd). In
this sense, I have another question: can a user of jails realize he or
she is not in a real FreeBSD system? If so, how much about the host
can he or she gather?


Can't remind that. (=


I never said you did implement it. :-)


Err... what?


Before serving a sysctl, the kernel could check if UID == 0 or
if UID is in the special GID.


But they can hide the system statistics and improve the privacy, the what you
need having the consistency already? I have no idea if 'security' includes
'privacy', sorry.


Using emulators/virtual machines improves the situation for sure, but yet
that is not a silver bullet in terms of security, since these tools are
designed to be compatibility tools, not security tools. Also, the added
overhead does not justify it.


But it seems to. What if the code isolated doesn't interfere?


If it does not interfere then we have a proper (but slow) solution.


Do you mean here the emulators never release memory allocated once? And why
jail limits matter after that? Clarify please.


Yes, that is the point. There are situations in which the total memory
used by a program is very high and the maximum memory used at any time
is very low. The memory used by the emulator at any time is the total
memory due to its inabil

Question about find - excluding directories

2012-10-14 Thread Paul Schmehl 
I want to use find to locate files that don't belong to a certain user but 
should belong to that user.  But there are subdirectories I want to exclude.


I have tried using this, but it doesn't work:

find /path/to/dir -type d ! -uid num \( -type d ! -name dirname -prune \)

If I leave off the part in parentheses, it finds all the files I'm looking 
for but also files in the subdirs I'm not interested in.


If I add the parentheses, it doesn't find any files at all.

This is FreeBSD 8.3 RELEASE.

So how can I find these files without descending into directories I'm not 
interested in?


Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
***
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Graphiz broke because of swig

2012-10-14 Thread Joseph a Nagy Jr 
On 10/14/2012 12:13 PM, Polytropon wrote:
> On Sun, 14 Oct 2012 10:37:47 -0500, Joseph a Nagy Jr wrote:
>> I was installing my system earlier (dual-boot Ubuntu 12.04LTS/FreeBSD
>> 9.0; Ubuntu was already present) and while installing subversion, one of
>> the many co-dependencies of the many programs that were being installed
>> was graphviz. Apparently I selected some support options relating to
>> swig that broke the compile of graphiz (and therefore everything else).
>> Is there a way to remedy this?
> 
> You can reconfigure the port (and its dependencies, in case you
> don't exactly know in which port the problem occured) by doing:
> 
>   # cd /usr/ports/graphics/graphviz/
>   # make clean
>   # make rmconfig-recursive
>   # make config-recursive
>   ... now process all config screens as needed ...
>   # make install
> 
> In case something stops on the way, investigate _there_. It may
> be possible that you need a "make deinstall && make reinstall"
> step, depending in what currently is installed on your system.

Thanks, I hate seeming like a noob but its been a while since I've had
to get under the hood, so to speak.

> Note that using port management tools might be an easier approach
> here, but utilizing the power of "bare bone ports" could lead to
> better diagnostic messages.

I was just following the handbook's suggestion of installing subversion
(which on a bare system led to hours of compilations that broke because
I didn't know swig was a program to handle what I was optioning in for
graphviz or that it was broken and not used).

> Anyway, always consult /usr/ports/UPDATING for news. You would
> (for example) find something like this:
> 
> 20080507:
>   AFFECTS: Perl interface users of audio/gramofile
>   AUTHOR: ra...@freebsd.org
> 
>   Perl support is removed due to devel/swig11 removal in ports.  If you use
>   the Perl interface, you are encouraged to use the new Audio::Gramofile
>   found on CPAN (contact me for the ports).
> 
> Note that this is a quite old message, quoted as an example only
> because it relates to swig.

Thanks, I'll definitely do so next time. (:

>> I'd rather not reinstall the entire
>> system. Thanks.
> 
> The system is managed independently from the installed software,
> so actually don't fear: no need to do this.
> 
> 

Haha, you have no idea what sort of troubles I sometimes cause for
myself in this regard. ;) When I muck something up, I muck it up good!
-- 
Yours in Christ,

Joseph A Nagy Jr
"Whoever loves instruction loves knowledge, But he who hates correction
is stupid." -- Proverbs 12:1
Emails are not formal business letters, whatever businesses may want.
Original content CopyFree (F) under the OWL http://owl.apotheon.org


signature.asc
Description: OpenPGP digital signature

blackend from svn

2012-10-14 Thread Darrel 

Hello,

Having just installed a new system, I am considering using svn to
get some docs.  Perhaps I will create doc under /usr/local like
this:

# cd /usr/local
# mkdir doc

and then:

svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1/

I already am running current and stable- this computer is mainly
for using VirtualBox to test Linux stuff that some contracts are
asking for.

Does this method of having a local copy of docs around seem alright,
or does someone know that there is a better way?

Thank you,
Darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD9 - Fresh install (2)

2012-10-14 Thread Mike Clarke 
On Sunday 14 October 2012 19:05:32 Jos Chrispijn wrote:

> The slice one and two idea is perhaps Windows related, but I thought if
> I want to update my FreeBSD9 t0, let's say 10 or 11, I only have to
> clean slice one and put BSD on that again (having the backup slice
> untouched).

My approach would be to go for 3 slices. Slice 1 would be a suitable size to 
hold the OS and swap, I have quite a lot of ports installed on my desktop PC 
so would go for about 20 to 30 GB. This could be less for a server but with 
1TB you can afford to be generous. This can then be partitioned to suit with 
whatever combinations of /, /usr, /usr/local, /var. /tmp and swap suits your 
fancy.

The second slice would be the same size as the first and be left empty for now 
as a spare.

The third slice, the rest of the disk, would be for all of your data and could 
be partitioned (or not) to suit your needs for /home and any other local data 
requirements. If there's to be any large mysql databases then I'd put them 
here with symlinks from /var where mysql normally expects to find them.

When you come to upgrade to the next FreeBSD release just install it into the 
spare second slice and boot from that instead of the first. If you experience 
any serious problems with the upgrade then nothing has been lost and you can 
just revert to booting of the first slice until things are sorted out.

The above is all assuming you're using UFS. If you're going to use ZFS then 
there are other possibilities like using sysutils/beadm from ports 
 to manage multiple boot 
environments in a single partition.

-- 
Mike Clarke
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Join me on Fancy

2012-10-14 Thread Georgiana Boboc 


You've been invited by vintage_traffic to join Fancy!

To activate your invitation, go to:
http://www.thefancy.com/register?invitation_key=8db10c0d23549d0215dbd0131b926cc32bfdf097

All the best,
Team Fancy


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD9 - Fresh install (2)

2012-10-14 Thread Warren Block 

On Sun, 14 Oct 2012, Jos Chrispijn wrote:


I was intending this on my 1TB hard disk (FreeBSD only):

Two slices of 500G

Slice one:
1g/


Don't use less than 2G here.  You have room.


4gswap
7g/var


Way more than is needed, unless you plan to store non-FreeBSD stuff 
there.  mysql does that, I've heard.  For a normal FreeBSD install, 2G 
for /var is plenty, maybe more if you want to keep lots of log files or 
mail.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD9 - Fresh install (2)

2012-10-14 Thread Jos Chrispijn 

I was intending this on my 1TB hard disk (FreeBSD only):

Two slices of 500G

Slice one:
1g/
4gswap
7g/var
1g/tmp
487g  /var

Slice two:
500g  /backup

I question myself why I should use a 1TB hard disk, but it came with the 
hardware J-)
I might better use 2x350G hard disks, but the server I use can only 
physical contain one piece.


The slice one and two idea is perhaps Windows related, but I thought if 
I want to update my FreeBSD9 t0, let's say 10 or 11, I only have to 
clean slice one and put BSD on that again (having the backup slice 
untouched).


thanks,
Jos Chrispijn

Polytropon:

On Sat, 13 Oct 2012 19:59:22 +0200, Jos Chrispijn wrote:

When setting up my 1TB harddisk for FreeBSD 9.0, I have some questions
about partioning:
I think of creating two partitions of 5Gb; one for the standard FreeBSD
file layour and a second one with a /backup slice on it.
Does this make sense?

What exactly do you intend to backup (and why) onto a second
partition on the same disk? Sure, it is possible to do so,
but you should make yourself clear _what_ you want to do and
why, then it will imply _how_ will do it the best way -- even
though there might be more than one best way... :-)

Also depending on your needs, 5GB may be too few to hold a full
installation of OS and programs (even though I've managed to
get a full 5.2 installation plus tons of programs on a 6 GB disk,
with 50% of free space afterwards).

What do you do with the remaining 900 GB of the disk? :-)

Also, please make yourself familiar with the terminology of what
a partitions and what a slice is, and see it in the proper context
of MBR vs. GPT partitioning.

If I take your use of the TT (termini technici) literally, you
would have one partition containing everything rooted to /, and
a second partition that contains the same. You would either manually
have a backup mechanism from the 1st to the 2nd partition, or you
could configure them in some automated mirroring mechanism. But
I don't see a real use case when doing so on the _same_ disk.
Still it would be possible, and it could even be helpful in some
bad case scenario.




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Graphiz broke because of swig

2012-10-14 Thread Polytropon 
On Sun, 14 Oct 2012 10:37:47 -0500, Joseph a Nagy Jr wrote:
> I was installing my system earlier (dual-boot Ubuntu 12.04LTS/FreeBSD
> 9.0; Ubuntu was already present) and while installing subversion, one of
> the many co-dependencies of the many programs that were being installed
> was graphviz. Apparently I selected some support options relating to
> swig that broke the compile of graphiz (and therefore everything else).
> Is there a way to remedy this?

You can reconfigure the port (and its dependencies, in case you
don't exactly know in which port the problem occured) by doing:

# cd /usr/ports/graphics/graphviz/
# make clean
# make rmconfig-recursive
# make config-recursive
... now process all config screens as needed ...
# make install

In case something stops on the way, investigate _there_. It may
be possible that you need a "make deinstall && make reinstall"
step, depending in what currently is installed on your system.

Note that using port management tools might be an easier approach
here, but utilizing the power of "bare bone ports" could lead to
better diagnostic messages.



Anyway, always consult /usr/ports/UPDATING for news. You would
(for example) find something like this:

20080507:
  AFFECTS: Perl interface users of audio/gramofile
  AUTHOR: ra...@freebsd.org

  Perl support is removed due to devel/swig11 removal in ports.  If you use
  the Perl interface, you are encouraged to use the new Audio::Gramofile
  found on CPAN (contact me for the ports).

Note that this is a quite old message, quoted as an example only
because it relates to swig.



> I'd rather not reinstall the entire
> system. Thanks.

The system is managed independently from the installed software,
so actually don't fear: no need to do this.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Graphiz broke because of swig

2012-10-14 Thread Matthew Seaman 
On 14/10/2012 16:37, Joseph a Nagy Jr wrote:
> I was installing my system earlier (dual-boot Ubuntu 12.04LTS/FreeBSD
> 9.0; Ubuntu was already present) and while installing subversion, one of
> the many co-dependencies of the many programs that were being installed
> was graphviz. Apparently I selected some support options relating to
> swig that broke the compile of graphiz (and therefore everything else).
> Is there a way to remedy this? I'd rather not reinstall the entire
> system. Thanks.

# cd /usr/ports/graphics/graphviz
# make config

Adjust the swig related options, then reinstall graphviz using whatever
your favourite ports management tools are.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature

Wine-fbsd64 updated to 1.5.15 (32bit Wine for 64bit FreeBSD)

2012-10-14 Thread David Naylor 
Hi,

Packages [1] for wine-fbsd64-1.5.15 have been uploaded to mediafire [2].  The 
packages for FreeBSD 10 use the pkgng [3] format.  

Please read the installation messages, if you use the nVidia graphics driver, 
for further information.  

If you are having trouble with the FreeBSD-9 packages, please update to a 
newer version of FreeBSD.  

Regards,

David

[1]
 MD5 (wine-1.5.x-freebsd8/wine-fbsd64-1.5.15,1.tbz) = 
0e3f2bf82ed767c93924a048eb2945d5
 MD5 (wine-1.5.x-freebsd9/wine-fbsd64-1.5.15.1.txz) = 
4cf6a54d40dd65e48dd0ee6aa736832d
 MD5 (wine-1.5.x-freebsd10/wine-fbsd64-1.5.15,1.txz) = 
8fa11946ced1ef05d74489c74be16815
[2] http://www.mediafire.com/wine_fbsd64
[3] http://wiki.freebsd.org/pkgng


signature.asc
Description: This is a digitally signed message part.

Graphiz broke because of swig

2012-10-14 Thread Joseph a Nagy Jr 
I was installing my system earlier (dual-boot Ubuntu 12.04LTS/FreeBSD
9.0; Ubuntu was already present) and while installing subversion, one of
the many co-dependencies of the many programs that were being installed
was graphviz. Apparently I selected some support options relating to
swig that broke the compile of graphiz (and therefore everything else).
Is there a way to remedy this? I'd rather not reinstall the entire
system. Thanks.
-- 
Yours in Christ,

Joseph A Nagy Jr
"Whoever loves instruction loves knowledge, But he who hates correction
is stupid." -- Proverbs 12:1
Emails are not formal business letters, whatever businesses may want.
Original content CopyFree (F) under the OWL http://owl.apotheon.org


signature.asc
Description: OpenPGP digital signature

Re: Sysctls and privacy

2012-10-14 Thread Peter Vereshagin 
Hello.

2012/10/13 12:09:39 -0300 schu...@ime.usp.br => To Peter Vereshagin :
> > y
> > Hello.
> >
> > it's a -questions@ here, right? (=
> 
> Indeed. :-)

Ouch! it's already not... But I Cc: there. Oops?

> > What's a specific of the case?
> 
> I need quite a lot of such "jails", with some being able to see others,
> including the case where one "jail" may be visible to many. However, a
> "jail" being visible does not mean it can be modified by the observing
> "jail".

Did you specify elsewhere what a 'visible' does mean to you?

  - if this means network connectivity then you can put jails on the same
network, e. g. the same address on a lo(4) interface

  - if this means a read-only access to the directory located outside of a
jail then her4e is the trick:

  mount_nullfs -o ro /path/to/inject /your/jail/mount/detination

> The first implementation I thought of was using users and groups. I imagine
> I can do this with jails and read-only mounts, but I would like to avoid
> making a clean system per jail since disk space would not be enough.

The same trick can be done for every directory the freebsd base system
consists of. Excluding those different for each jail, e. g. /var, /etc. Nullfs
daesn't consume your disk space except for additional fstab lines, something
about a dozen per jail. (=

> Also, the configuration of such environment is much, much simpler than
> a jails version.

I don't think so. It's a task of the configuration of a second system without
hardware initialization and so on, and then spreading your configs around
other jails.

> To be sincere, I have not discarded the possibility of a jails solution
> with clever mounts to preserve space, but it did not occur to me yet.
> 
> > What changes?
> 
> Changing the default permissions on devices (e.g sound),

jail goes beyond with its jail_devfs_rules

> not allowing
> any file to be setuid and be visible to ordinary users,

What do you mean 'visible' here? Do you just chmod a-rwx on them? Say, to
avoid listing the /usr/bin/su you should chmod a-rx /usr/bin which is far from
the best idea...

> patching some ports to avoid attacks on /tmp
> (X server),

Sounds interesting but doesn't seem googleable to me. Any URLs for xorg
patches and/or for the list of such a ports please?

> exercising memory and process limits via rctl,

Ouch! a RELENG_9 feature... 

>  changing
> some system configurations (see_other_uids, etc), disabling access to
> the system log, stopping useless (to me) daemons, setting per user
> ZFS quotas and probably a few more I can't remember at the moment.
> 
> > What kind of danger is this? This system info expose seems nothing to do 
> > with
> > making the system work unexpectedly.
> 
> Indeed, but then all users might infer which programs are running and when.

How could the one know out that from overall system statistics only?

> It's not about consistency loss, it's about privacy loss.

ok but that can be the loss of a privacy of some other user?

> > You didn't mention you must have an outside network connection. Should your
> > untrusted software have it? Just unplug it otherwise.
> 
> The untrusted software runs for a reason, and that is I need its output.
> Some outputs are not that amenable to verification (pdf files for instance),
> and I can not exclude the possibility I myself might post some of these
> outputs online, for instance. They may however, contain the logs.

Sure. You can convert PDFs to the set of images, reassemble them into your own
PDFs without the logs and post then.

So without the need for the outside network connectivity there shouldn't be
much  care. (=

> > You can make the special chroot/jail environment for the users keeping them
> > away from the access to the binaries exposing sysctls. And permit them the
> > write access only to the volumes mounted as '-o noexec'.
> >
> > There should be the way(s) to bypass this, at the least one of the  
> > DSLs  e. g.
> > ruby, python, perl, php used in that environment may provide API for sysctls
> > or the modules can be built to use sysctl api from C. Thus you should keep
> > your C compiler and any of the soucres e. g. /usr/src to present on that
> > environment.
> >
> > Even with that who knows if your software doesn't use sysctl(3)  
> > functions. But
> > the 'basic user programs' shouldn't.
> 
> That is a real solution for the problem I have asked. However, for my
> use cases not being able to produce executables is too restrictive.
> 
> > I don't think it's possible at the moment. Do you think this can be
> > implemented without performance loss? Sysctl is a kind of the kernel 
> > stuff...
> 
> Assuming you did implement the user blocking code for the sysctls, I

Can't remind that. (=

> couldn't help but imagine the group one would be one added "if" that
> checks membership of an UID to a group.

Err... what?

> > How about emaulators/qemu, virtualbox, etc?
> 
> They are not security tools.

But they can hide the system stat

OT: gEDA, SPICE, electronic cad/simulation

2012-10-14 Thread Da Rock 
I'm struggling with this damn gEDA/SPICE thing - I think I have gEDA 
schem figured, but I can't be sure because I can't test it. For the life 
of me I can't seem to get my head around it, but then I might just be 
too tired.


Can anyone point out what I'm missing? I open geda, create a sch file 
(circuit), and then run gnetlist -g spice-sdb . I then run 
ngspice (or gspiceui) but it comes up with errors over the 555 (U1) and 
diodes (d?) I'm running like this:


Error on line 9 : d1 2 0 unknown
 unable to find definition of model unknown - default assumed
Error on line 13 : u1 0 4 3 +9v 1 4 5 +9v unknown
 unable to find definition of model +9v - default assumed

 unknown parameter (4)
Doing analysis at TEMP = 27.00 and TNOM = 27.00


CPU time since last call: 0.040 seconds.

Total CPU time: 0.040 seconds.

Current dynamic memory usage = 0 bytes,
Dynamic memory limit = 32742.316406 MB.

Warning: can't parse '0': ignored
Warning: can't parse '0': ignored
Warning: can't parse '0': ignored
Warning: singular matrix:  check nodes 1 and 1

Warning: singular matrix:  check nodes 1 and 1

Note: starting dynamic Gmin stepping
Trying gmin =   1.E-03 Note: One successful Gmin step
Trying gmin =   1.E-04 Note: One successful Gmin step
Trying gmin =   1.E-05 Note: One successful Gmin step
Trying gmin =   1.E-06 Note: One successful Gmin step
Trying gmin =   1.E-07 Note: One successful Gmin step
Trying gmin =   1.E-08 Note: One successful Gmin step
Trying gmin =   1.E-09 Note: One successful Gmin step
Trying gmin =   1.E-10 Note: One successful Gmin step
Trying gmin =   1.E-11 Note: One successful Gmin step
Trying gmin =   1.E-12 Note: One successful Gmin step
Trying gmin =   1.E-12 Note: One successful Gmin step
Warning: singular matrix:  check nodes 1 and 1

Warning: Dynamic Gmin stepping failed
Note: starting source stepping
Supplies reduced to   0.% Warning: singular matrix:  check nodes 1 and 1


Trying gmin =   1.E-02 Note: One successful Gmin step
Trying gmin =   1.E-03 Note: One successful Gmin step
Trying gmin =   1.E-04 Note: One successful Gmin step
Trying gmin =   1.E-05 Note: One successful Gmin step
Trying gmin =   1.E-06 Note: One successful Gmin step
Trying gmin =   1.E-07 Note: One successful Gmin step
Trying gmin =   1.E-08 Note: One successful Gmin step
Trying gmin =   1.E-09 Note: One successful Gmin step
Trying gmin =   1.E-10 Note: One successful Gmin step
Trying gmin =   1.E-11 Note: One successful Gmin step
Trying gmin =   1.E-12 Note: One successful Gmin step
Note: One successful source step
Supplies reduced to   0.1000% Warning: singular matrix:  check nodes 1 and 1

Supplies reduced to   0.% Warning: singular matrix:  check nodes 1 and 1

Warning: source stepping failed
doAnalyses: iteration limit reached

run simulation(s) aborted
Syntax error: expression not understood 'v(5)-v(+9v) v(3)-v(2) v(5)-v(4) 
v(+9v) v(1) v(2) v(3) v(4) v(5)'.


There is nada on google about any of this - but I suspect it is missing 
model files or something, and before I go attaching to yet another 
mailing list, I thought I'd run it by here first as I'm sure there are 
some who use this and have experience with it on FreeBSD 9.


TIA guys
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD 9.1 RC2

2012-10-14 Thread George Kontostanos 
On Wed, Oct 10, 2012 at 12:18 PM, andrew clarke  wrote:
> On Tue 2012-10-09 15:54:23 UTC-0500, ajtiM (lum...@gmail.com) wrote:
>
>> I saw that is no more iso for FreeBSD RC1. Now is for RC2. Is it possible or
>> better safe to use freebsd-update to update 9.1 RC1 to RC2, please?
>
> You can use "freebsd-update upgrade -r 9.1-RC2".
>
> Safe? You probably wouldn't want to use it on a production server.

Use what? freebsd-update or RC2?

We have productions machines running FreeBSD 9.1-beta1. The only
reason why we don't upgrade them yet is because they are currently
running very stable and a reboot is not even worth it.

-- 
George Kontostanos
---
http://www.aisecure.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: editing pdf files

2012-10-14 Thread Mike Clarke 
On Saturday 13 October 2012 21:47:01 Gary Kline wrote:

>  SO: Is pdfimages going to spit of 6t50 files?  as noted
> in last email, only  a couple of these images are of any interest

Probably. But Gimp accepts PDF files and gives you the option of importing 
images of  individual selected pages. You might then be able to extract the 
text with some OCR software.

-- 
Mike Clarke
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"