RE: Question re: GCC on FreeBSD for AMD64
Ask on the freebsd-amd64 mailing list. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of alexei kozlov Sent: Thursday, January 06, 2005 10:58 AM To: freebsd-questions@freebsd.org Subject: Question re: GCC on FreeBSD for AMD64 Hello, Gurus. My fellow asked me if GCC on FreeBSD for AMD64 supports 64bit memory pointers. He means is it possible to allocate *very* big (4GB and more) chunks of storage? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Webmail Frontend to mailboxes.
-Original Message- From: Peter Risdon [mailto:[EMAIL PROTECTED] Sent: Friday, January 07, 2005 2:17 AM To: Colin J. Raven Cc: Ted Mittelstaedt; FreeBSD Questions Subject: RE: Webmail Frontend to mailboxes. On Fri, 2005-01-07 at 11:12 +0100, Colin J. Raven wrote: On Jan 7 at 09:41, Peter Risdon launched this into the bitstream: On Fri, 2005-01-07 at 09:59 +0100, Colin J. Raven wrote: On Jan 6 at 21:41, Ted Mittelstaedt launched this into the bitstream: Use IMP. [...] Now you mention it, I seem to recall a shedload of issues if you had to download the source and build it by hand. There were definite gotchas in that process I believe. How so? It's PHP. There's nothing to build. There were a number of gotchas that were serious EARLIER ON. Here's a list of the ones I ran into: 1) The versions of IMP and Horde in the ports tree were old and had security holes thus had to be scratched 2) X Windows is a dependency on one of the subsidiary programs so you have to plan your disk partition strategy. 3) IMP's config file used the name wvHtml for the MS Word viewer and first time I ran across this I spent at least an hour finding out that this program had been renamed wv (wv requires imagemagic which requires X and a great many other programs) 4) IMP looks for user programs (like ispell) in /usr/bin not /usr/local/bin 5) many issues with getting Apache mod-SSL running properly with a self-signed key (you have to generate it manually with openssl, the apache docs that say use make key or whatnot don't work) 6) There's no list anywhere of what drivers in php IMP needs you have to guess. (ie: ldap) 7) Using a different imap server than uw-imap might cause trouble with php, as that port installs the uw-imap client libraries. 8) All kinds of dumb-ass file naming issues with default config files from when php went to php4. (ie: .php3 to .php) 9) uw-imap that ports installs was old and had security hole 10) php.ini and local.inc in phplib supplied by Horde has wrong pathnames in it 11) php.ini doesen't have extension-imap.so and mysql.so in it 12) Not clear that dirs horde-1.2.3 and imp-2.2.3 need to be renamed horde and imp 13) - the instructions place phplib into the document root, and local.inc is in there, so a command like: https://machinename.com/horde/phplib/local.inc Will open up the local.inc file in all itÂ’s glory. You can you can move phplib from /usr/local/www/htdocs/horde/phplib to /usr/local/www/phplib and change all the references to point to there. Most of these are due to misinterpretaitons of the install docs, which exist because the install docs were written by someone who thinks that concise writing is a good thing with instructions. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: How long will 4.x be supported?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of sp0ng3b0b Sent: Friday, January 07, 2005 1:49 PM To: [EMAIL PROTECTED] Subject: How long will 4.x be supported? Given the serious stability issues that *some* users are having with 5.3, many are sticking with 4.x for production servers. Will FreeBSD keep the 4.x line alive for a little while longer? Perhaps going into 4.12, 4.13, etc? http://www.freebsd.org/releases/4.10R/announce.html Note the line: The current plans are for one more FreeBSD 4.X release which will be FreeBSD 4.11-RELEASE. It is expected the upcoming FreeBSD 5.3 release will have reached the maturity level most users will be able to migrate to 5.X Keep an eye on the release notes for 4.11 when it goes golden. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Supermicro Hardware and FreeBSD
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, January 07, 2005 2:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Supermicro Hardware and FreeBSD If you nor any of the FreeBSD developers know about the 75xx series of chipsets, I had a feeling something like this would have come out of your trap, so I took the precaution of e-mailing the people yesterday who had filed PR i386/72579 yesterday. The results are available here: http://www.freebsd.org/cgi/query-pr.cgi?pr=72579 The original author of the PR has not responded, and the one followup author responded to my query saying that it was bad hardware, and that his other 75xx-based SuperMicro board works fine. Your friend Boris who was the OP on this thread has also slunk away and hidden since he has not posted a followup to the PR in question either. I posted exactly why 5.x is slower than 4.x, If you know so much about it I suggest you open a new PR on the topic so the development team can look into it. Of course, to do this you have to actually OWN a system with one of these chipsets, running FreeBSD 5.3. We await your PR. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Freebsd 5.3 Performance
-Original Message- From: Robert Watson [mailto:[EMAIL PROTECTED] Sent: Saturday, January 08, 2005 4:26 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Freebsd 5.3 Performance Entertainingly, at the company I work at, we only recently moved from Windows NT 4 to Windows XP, despite the dramatic improvements in Windows between those systems... dramatic improvements in XP over NT4? Robert, are you ill? ;-) Improvements, possibly, if your talking the eye candy on the interface, but NT4 is loads faster on the same hardware than XP is. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Webmail Frontend to mailboxes.
-Original Message- From: Tabor Kelly [mailto:[EMAIL PROTECTED] Sent: Friday, January 07, 2005 11:54 PM To: Ted Mittelstaedt Cc: Peter Risdon; Colin J. Raven; FreeBSD Questions Subject: Re: Webmail Frontend to mailboxes. Ted Mittelstaedt wrote: snip 5) many issues with getting Apache mod-SSL running properly with a self-signed key (you have to generate it manually with openssl, the apache docs that say use make key or whatnot don't work) I am not doubting you that this was an issue. But it is now documented quite nicely in the mod_ssl faq As I said, gotchas that were serious EARLIER ON. (http://www.modssl.org/docs/2.8/ssl_faq.html). Also (as a side note), I use CAcert (http://www.cacert.org) for my key signing needs. Pointless for us, as CAcert's root certificate isn't included in I.E., so the end users have to go through the same honky-tonk to include it in their browsers as if you just make your own certs. We use self-signed certs for a great many production items - e-mail webinterface, account stats, imaps, etc. basically anything that a password would go over. Never had a customer have a problem inserting our self-signed cert into their browser, never had any complaints about it either. Only thing we don't do is take credit card#'s online - not because of the SSL issues, but because our credit card processing software is so old that we would either have to pay $500 for an update to it, or the bank requires us to only take #'s by phone or in person. So far nobody here has thought up a good enough reason to pay a bank $500 for new software just to be able to do this when the old software runs fine. We kind of feel that since the bank is saving money by not having to manually process a pack of CC paper slips, that we shouldn't be the ones paying for software to help the bank save itself money, you know? Maybe if it was some other vendor than a bank Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Freebsd 5.3 Performance
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Sunday, January 09, 2005 1:09 AM To: freebsd-questions@freebsd.org Subject: Re: Freebsd 5.3 Performance Robert Watson writes: RW All I know is that the XP bits don't crash every week, they crash every RW three weeks. :-) My NT4 box crashed almost continuously. I have three machines, running FreeBSD, NT, and XP. All of them will run until I boot them. They don't crash, or at least I can't remember the last time I saw any of them crash (except for a hardware problem that was crashing FreeBSD until I replaced the hardware). All of these operating systems are rock stable when used and administered appropriately. I haven't had XP long enough to prove it, but NT and FreeBSD will run for years without a boot in many cases. Agreed, but this depends on what your doing with NT4. If your an ISP and your running NT4 or 2K or one of the Microsoft server platforms as a virtual host server for customers to use, then it is going to get stuffed up at least once every 3-4 months and have to be rebooted. And if a customer is writing their own ASP code then watch out! Crashes may occur daily! We know this from experience and we have several MCSE's on staff and run the stuff on Compaq Proliants, we know how to admin Microsoft products. Generally in an internal corporate setting where little changes on the server, once you have one of the Windows server platforms properly setup, as long as your using brand-name hardware, they will run for a long time without trouble. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I quit
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of william gatlin Sent: Sunday, January 09, 2005 12:54 AM To: [EMAIL PROTECTED] Subject: I quit Hello, I have spent at least two weeks of my free time downloading 5.3 and trying to get it to work. My opinion is that x.org isn't integrated quite well enough yet for prime time. My BSD books don't have the new commands and other information to be of any use and the Man pages that downloaded were of no help either. Your problem is your under the mistaken assumption that you are supposed to be downloading ISOs and such in order to get a non-Windows desktop. Probably your not an IT professional and coming at this from an end user perspective. If that is the case then you want to quit fooling around with downloading FreeBSD or Slackware or some baloney like that, and go oout and BUY something like a Dell Precision n series 1 workstation with Red Hat Linux preloaded on it. $959, a great deal. Or, if your a cloner, go to your local chop-shop and buy one of their Linux preloads. Fry's Electronics even sells cheap ones of these for about $200 on sale at times. THOSE are the non-Windows, non-Apple solutions that the computer industry has created for people like you and believe me, they are VERY 'ready for prime time' If you find this insulting I would suggest you consider that your last machine you bought undoubtedly came with MS Windows preloaded on it - are you insulted by that? The ISO images that you download over the Internet are for techies who WANT to learn how the system really works underneith. They LIKE IT when things break down because how do you learn anything if you don't have to fix a few problems? They are NOT for people who just want a solid reliable system so they can run Trade Station. For people like you who want to do that, you are supposed to purchase your computer with Linux preloaded on it - Microsoft would say exactly the same thing, although they would say to buy a machine with Windows preloaded on it. Right now I have to have Windows up and running also and am watching it go into a self destruct mode from somthing that it downloaded from the net all by it's self with no human operator touching it. There are so many Popups I had to pull the net cable just to stop it. They don't get no respect. It is my hope that the various Windows emulators will/are working well enough to run some of my mission critical programs. Espesially 'Trade Station' . I can't imagine having thousands of dollars riding on Microsoft reliability. http://www.vmware.com/download/ VMware Workstation 4.5 Download the eval and find out. If it works you purchase it and get support. Even better than the real Windows where you purchase it and don't get support - you have to keep purchasing that in addition, too. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: In reference to the Cheap NAS inquiry....
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Martes Wigglesworth Sent: Saturday, January 08, 2005 9:45 AM To: [EMAIL PROTECTED] Subject: In reference to the Cheap NAS inquiry I am researching the viability of constructing a Network Access Server using FreeBSD, Martes, You will have a lot better luck buying a used US Robotics HyperARC or some such to use as a terminal (modem) server. These take a PRI which allows you to serve 56K. If you only have need of a few ports, buy something like a Perle 8331S Access server http://www.perle.com/products/prod_family/access_servers/833_is.html or a CommPlete 4000 server http://www.multitech.com/PRODUCTS/Families/CommPlete4000/ which you can sometimes find used ones like here: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=1484item=5740567438; rd=1ssPageName=WD1V These devices take ISDN BRIs and allow V.90 dialin to them. And since they have no moving parts they are much more robust than any PC solution. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I quit
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew L. Gould Sent: Sunday, January 09, 2005 6:55 AM To: freebsd-questions@freebsd.org Subject: Re: I quit On Sunday 09 January 2005 02:53 am, william gatlin wrote: Hello, I have spent at least two weeks of my free time downloading 5.3 and trying to get it to work. After figuring out how to get an ISO image, windows couldn't do it because netscape insisted on modifying the file, I loaded it and got a lot of error code 1 messages that I never did figure out. I changed the partitioning and allowed 1/2 a gig for the root directory and loaded it again. All seemed to go well untill I tryed to configure the X.org windowing system. Nothing in /stand/sysinstall would do any configuration of X. Went to the net and got instructions. Finally got X to work and found vidtune. Kdm comes up with a log in screen which just leads to another log in screen. ctrl-alt-backspace won't turn x off as it keeps comming back on it's own. Nothing leads to a window manager other than the little one that comes with X. I re-downloaded the window managers from the net and hoped that would fix it. It didn't. I'm sure that the trouble is in some little config file somewhere or another but I just don't have the time as I need a running system going. My opinion is that x.org isn't integrated quite well enough yet for prime time. My BSD books don't have the new commands and other information to be of any use and the Man pages that downloaded were of no help either. So for now I'm going to try to load Slackware and hope that maybe in a year BSD will be easier to wade through. I have to admit a bit of sorrow in having to do this as I wanted them both on the same machine. At the same time I wish to communicate my respect and admiration for the great job the BSD community is doing and hope in no way to communicate any disregaurd for everyones efforts. Right now I have to have Windows up and running also and am watching it go into a self destruct mode from somthing that it downloaded from the net all by it's self with no human operator touching it. There are so many Popups I had to pull the net cable just to stop it. They don't get no respect. It is my hope that the various Windows emulators will/are working well enough to run some of my mission critical programs. Espesially 'Trade Station' . I can't imagine having thousands of dollars riding on Microsoft reliability. Thank YouBill Gatlin Prime Time, in it's truest sense, would suggest that FreeBSD is targetted at a mass market -- it is not. The mass market is not characterized, primarily, as thinkers. The FreeBSD user community would be better described as system users and administrators who enjoy technical aspects of computing; and who insist on controlling the operating system. I'm not trying to insult you, or suggest that you're not a thinker. I am trying to clear up any misconceptions about FreeBSD. The strengths of MS Windows lead to its weaknesses. The lack of those strengths in FreeBSD lead to a robust, stable operating system; but require more work on the part of the user -- no loose nuts between the chair and the keyboard. (I can't remember where I first heard that phrase.) A couple misconceptions I would like to clear up (some I may have created): 1) FreeBSD isn't really targeted anywhere, because targeting implies there's a marketing department out there listening to customer feedback and telling the software developers what to write. It is liked by sysadmins mainly because sysadmins and developers work on it - but there really isn't anyone in the FreeBSD development group sitting around deliberately making FreeBSD difficult for the new user to use. 2) On request I can preconfigure a FreeBSD system for a business to be EXACTLY targeted to JUST what the business wants their employees to be running. So can any good FreeBSD admin. Thus, the possibility always exists that some 3rd party can come between the raw ISO's and a mass market end user and set it up for the mass market. Nothing in the OS exists that makes this impossible. The fact that many people have already done this with Linux somewhat precludes this from happening, though. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Webmail Frontend to mailboxes.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tabor Kelly Sent: Sunday, January 09, 2005 9:39 AM To: Ted Mittelstaedt Cc: Colin J. Raven; Peter Risdon; FreeBSD Questions Subject: Re: Webmail Frontend to mailboxes. Ted Mittelstaedt wrote: snip Pointless for us, as CAcert's root certificate isn't included in I.E., so the end users have to go through the same honky-tonk to include it in their browsers as if you just make your own certs. Not quite. If they include the CA-Cert root certificate, they only have to do that once for all of your CA-Cert signed certificates. Good point. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Blacklisting IPs
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chris Sent: Monday, January 10, 2005 4:07 PM To: artware Cc: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs artware wrote: Hello again, My 5.3R system has only been up a little over a week, and I've already had a few breakin attempts -- they show up as Illegal user tests in the /var/log/auth.log... It looks like they're trying common login names (probably with the login name used as passwd). It takes them hours to try a dozen names, but I'd rather not have any traffic from these folks. Is there any way to blacklist IPs at the system level, or do I have to hack something together for each daemon? - ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Here's what I do - as root: route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole To the attacker, it looks as if you dropped off the net. This actually isn't the best advice since the incoming packets from the attacker are still using up your bandwidth. It's best to report them and it's not hard to do it. There are automated tools that will do it. As the CTO of an ISP let me tell you that we get about 1 of those reports every few months - that is how few people are reporting them - and we look closely at every one of them. This isn't a situation where the abuse departments of most ISP's are overflowing with so many network abuse notifications that they aren't interested in getting more of them. Now spam notifications - that's a different issue - few people reporting spam know how to do it properly nor how to figure out where to correctly report them, with the unfortunate result that they are quickly becoming useless. Only about 1 in 400 spam notifications I get a week nowadays are even indicating spam coming from our IP range, let alone indicating bona-fied spam. Going after wannabes that are using our service to try breaking into other computers is one of the enjoyable parts of my job, to be honest. It's a lot more fun then sending out form e-mails to spam reports saying some polite variation of look at the source IP number that spam orginated from not the domain name, dumbass Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: support
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jens Holmqvist Sent: Monday, January 10, 2005 4:41 PM To: Anil Gaddam Cc: freebsd-questions@freebsd.org Subject: Re: support there is already a #freebsd on the freenode network and it is everything you want And nothing that I want, I cannot imagine a more unproductive use of computer time than IRC. I can read faster than most people type and I really am not interested in watching you correct your misspellings as you type nor deciphering the plethora of alphabet soup like TTYL, IMHO, etc. etc. that IRC people seem to feel is a requirement. But, if it floats your boat, have fun. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Blacklisting IPs
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jez Hancock Sent: Monday, January 10, 2005 11:42 AM To: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs Another fairly simple option though is to just change the port that sshd listens on since the attacks presume that sshd is listening on port 22. Not always practical though if you have lots of users. If I'm going to attack you I'm going to use nessus to scan all ports on your machine. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: High levels of breakin attempts
Yes Eric, just write a FAQ answer and post it per the following: http://www.freebsd.org/docproj/submitting.html Thanks for volunteering! Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Norgaard Sent: Tuesday, January 11, 2005 12:12 AM To: Gene Cc: [EMAIL PROTECTED] ORG Subject: Re: High levels of breakin attempts Gene wrote: Over the past few months there have been a remarkably high level of brute force attacks logged by sshd. I was wondering, is there a way that sshd (or some other package) can monitor login attempts and if more than say 5 or 6 attempts are made to login from a particular ip address, temporarily block that address (perhaps at the firewall)? It'd be real satisfying to just dump the attackers' packets to the bit bucket and slow 'em down a bit. Sorry, but this topic was discussed just before you posted - see Blacklisting IPs and it is regularly discussed on various lists. Everyone asks that same question, and everyone propose the same solutions, could this be added to the faq? Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: High levels of breakin attempts
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Norgaard Sent: Tuesday, January 11, 2005 12:43 AM To: Ted Mittelstaedt Cc: Gene; [EMAIL PROTECTED] ORG Subject: Re: High levels of breakin attempts Ted Mittelstaedt wrote: Yes Eric, just write a FAQ answer and post it per the following: http://www.freebsd.org/docproj/submitting.html Thanks for volunteering! I'll take a look at it, but on the documentation list there was recently a discussion as to what to do with the FAQ: Merge it into the handbook or a complete rewrite. The FAQ and the handbook serve different needs. If the official FAQ is got rid of then someone else will just write one on their website and post it because the need is still there - and the info on theirs could be pretty -wrong-. It's better I think to have an official one even if every question is answered by see section XYZ in the handbook, here's the link to it In many cases, questions should be merged into the handbook, after all if a question continuously reappears so as to create an entry in the FAQ it may be because it is not explained well enough in the man-pages or the handbook. There's different ways of explaining the same thing, and an alterative way may be better for some people than others. There's plenty of people who read my book and felt it explained things better than the Handbook, and vis-versa. But both my book and the handbook had the same info in many cases - so what it boiled down to is that my style was easier for some people to absorb, the handbooks style was easier for other people to absorb. But for the above question, I don't see this fit particularly well into the handbook. Section 14 is where it would fit. Not to offend OP, the occasional reappearance of a question is fine, it was only the short latancy (5h) that made me think, please, read the list also. You obviously forgot when you were in High School and the teacher gave the assignment for the next day, then at 2 minute intervals following this for about 10 minutes kids were asking what's the assignment for tomorrow ;-) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Webmail Frontend to mailboxes.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Risdon Sent: Monday, January 10, 2005 1:32 AM To: Ted Mittelstaedt Cc: Colin J. Raven; FreeBSD Questions Subject: RE: Webmail Frontend to mailboxes. Surely the easiest way to deal with a horde installation on FreeBSD is to install the ports, Now, yes. Then, no - as the versions of the various bits in the ports had security holes in them. And also IMP wasn't completely in the ports dirs when I first started dealing with it. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I quit
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shane Ambler Sent: Monday, January 10, 2005 1:40 AM To: FreeBSD Mailing Lists; [EMAIL PROTECTED] Subject: Re: I quit Out of interest - it was microsoft that stopped Mac OS X for intel being released. Many don't remember or just don't discuss - when apple bought out NeXT - it was running on intel hardware and the first developer release of OS X included an intel version Don't put too much credence in this - an intel version isn't much good to anyone if it only runs on one single motherboard model # in the world. - then came the publicity deal between MS and Apple - MS agreed to continue development of office for mac and bought $15 in Apple stock and Apple agreed to drop all the lawsuits against MS. The intel version has never been heard of since. This is really stretching it. Microsoft has little to fear from Apple bringing out an Intel version of MacOS X, they are much more afraid of Linux. There's really 3 major overriding problems that Apple would have to overcome before doing an intel port of MacOS X: 1) It would lose them immediate sales of Apple hardware since a good number of Mac users would stop buying PowerPC gear. This is particularly true in corporations. Most corporate IT departments cannot stand any gear that doesen't meet the corporate cookie-cutter standard, ie: Mac gear, and even if they have users who are rabid Mac users, if they could field MacOS X on standard Wintel hardware they would do so in a second. Perhaps in the long term they would make up lost revenue on hardware sales by increasing their market share, but there would be an immediate short-term sales loss. And also keep in mind most Mac gear still goes through local Mac dealers, it's not sold online like Dell/HP/Compaq/IBM/Gateway pc gear, if you were a local Mac dealer and all the sudden you had every corner cloner shop undercutting you on sales of Apple Macalikes, you would probably tell Apple 'screw you buddy, I'm going to start selling Wintel clones' 2) Apple selling MacOS X on Wintel gear puts it in direct competition with the corner cloners selling Wintel boxes with RedHat preloads, and they are going to lose big time there. Not to mention the inevitable Macintosh applications that will run on Mac hardware and need to be rebuilt for Macalike hardware, due to stupid bugs and such. 3) If your a conspiracy theorist consider what would happen if Apple were to abandon IBM processors and start using Intel CPU's. Intel nearly got nailed on antitrust violations itself, remember, and it was only because Intel was very eager to negotiate with the FCC and readily submitted to all kinds of restrictions that the entire matter was quietly swept under the rug. (unlike the Microsoft fiasco which did a lot of damage to Microsoft's image, and emboldened the Europeans to nail them) Intel almost certainly would not want to see this as it would increase their market share to unhealthy levels, to the point where they would be at serious risk of an antitrust lawsuit despite their previous cooperation. It is in Intel's interest to see processor competition for PC hardware - quite obviously not a huge amount - but enough so that they are safe from accusations of monopolistic practices. Apple could not move to Intel in a production capacity without good cooperation from Intel, and Intel wouldn't want to cooperate with them because they wouldn't want them to move to Intel chips. The fact that they maintain the intel version of darwin means they can release an intel version at any time. The fact that they maintain it is because they want to get free development time from the open source community. But then maybe they want their bases open so they can change their hardware to intel - they fell out with motorola and now get the G5's from IBM. This is a fantasy. Apple makes more money in one year than you, I, and most likely everyone else on this list will see in a lifetime. Yes, their annual sales are dwarfed by Microsoft's - but they still have money coming out of their arseholes. There comes a time when the money made by an organization doesen't translate anymore into the tangible things it means to you and I - like food, a home, a car, some free time, etc. - and simply becomes a meaningless number with a bunch of zeros behind it. So what - the other guy has more zeros behind his take than you do - both of you have so much money that you could spend the rest of your life boffing every Sports Illustrated model that poses in the swimsuit edition if you felt like it. It becomes nothing more than a game for all of these people. And there have been times before OS X when they looked at getting the Mac OS running on intel hardware - it was between intel and motorola before they changed to the RISC based PPC. Times change. There was a time that Apple was seriously in danger of collapsing. They
RE: Blacklisting IPs
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of artware Sent: Tuesday, January 11, 2005 2:06 PM To: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs These types of attacks don't seem directed -- it's more like fishing for unprotected systems. FWIW, changing the ssh port dropped the illegal user attempts to 0 instantly... I'm sure it did, why does that matter though? Your not intending to run an unprotected system? The point was that your no more secure than you were previously. Fishing attempts aren't what you need to worry about being protected from. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 4.9 rebooting
If this was something like a kernel panic there would be a message in /var/log/messages If nothing is in there then it's probably failing hardware. My experiences in those cases is that no matter what logging you turn on, nothing gets logged, the machine just reboots. If it's a remote colocated server maybe the UPS it's on is shot, and it's getting power fluctuations. Or maybe it's overheating or it's clogged with dust. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Pazarena Sent: Wednesday, January 12, 2005 10:40 AM To: freebsd-questions@freebsd.org Subject: 4.9 rebooting I have a remote server which has begun re-booting every few days. Are there any logs which I can examine that may provide a clue as to the reason? Or any logging I can turn on/up ? I realize that during a reboot, logs are seldom up-to-date, but any clue would be handy. This is a remote co-located server which will take a fairly expensive trip to get hands-on with. I'd like to have ammunition at hand before I commit to the trip. Thanks, Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Default LQR timeout period
Open up your registry editor and go to HEKY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Modem\\Set tings where is the number of your modem (example: 0001). On the right pane search for a string value named InactivityTimeout. Enter the new timeout rate in minutes. For example enter 30 for a 30 minutes timeout. From: http://www.activewin.com/tips/reg/connect_1.shtml Time it took me to find this - 45 seconds. It took you longer to post the request than to type it into a search engine. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bikrant Neupane Sent: Wednesday, January 12, 2005 9:51 PM To: freebsd-questions@freebsd.org; freebsd-net@freebsd.org Subject: Default LQR timeout period Hi We have pppoe server running on FreeBSD 4.9 and 90% of our wireless clients are using MS Windows OS to access the service. I have noticed that when ever there is some problem in the link ( due to AP or SM reboot, switch reboot etc etc ) the pppoe connection closes. I have also noticed that the MS Windows client closes connection at 40-45 seconds after the link is down. I tried to increase default LQR timeout period at Server by using set lqrtimeout to some higher values. That did affected the serverside ppp process but the MS client still disconnected at 40-45 seconds. :( I prefer to set the timeout period somewhere between 120-150 seconds so that even if there is problem in the link the client doesn't get the disconnect notice and have to reconnect again and the client and servers are able to continue same session. Is there any way to control the default LQR timeout period of the Client from the Server end?? My question is more related with ms windows still I am asking this question to freebsd group so that I can solve the problem from the server end ;) regards, Bikrant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: freebsd IT mailing list or newsgroup?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Durham Sent: Saturday, January 15, 2005 8:48 AM To: freebsd-questions@freebsd.org Subject: freebsd IT mailing list or newsgroup? I am the sys admin for a company of about 500 people and I am running Sendmail/Procmail/Spamassassin, Samba, Apache/PHP/MySql on FreeBSD..about 8 servers in 3 offices across the US and soon to be more. Freebsd-questions is wonderful and I find a lot of answers there, but the signal-to-noise is low when you are just looking for IT-oriented information regarding FreeBSD. Especially regarding systems implemented for an office/LAN environment. I was wondering if there is any mailing list or newsgroup devoted to IT on FreeBSD? Google is not returning any hits on this, nor the listing on freebsd.org. Have you seen my book and website? http://www.freebsd-corp-net-guide.com It is out of print now but still available on Amazon. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: not found Image Magick
How about: exec(PATH=$PATH:/usr/local/bin;export PATH;/usr/local/bin/convert test.pdf test.gif); exec spawns inheret a rather restricted set of environmental variables. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 9:54 PM To: freebsd-questions@freebsd.org Subject: gs: not found Image Magick I can execute Image Magick convert PDF to jpg from shell with no problem. If I try from PHP script, like this: ? exec(/usr/local/bin/convert test.pdf test.gif); ? I get the following errors: gs: not found convert: Postscript delegate failed `test.pdf'. convert: missing an image filename `norden.gif'. If I try to convert non-pdf files in php script, it works OK. Any help would be great! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: One Last Plea For Vinum Assistance
Hi Drew, Please read the following: http://www.vinumvm.org/vinum/how-to-debug.html And follow the instructions exactly. And I mean exactly. Also keep the following in mind, Greg will try to help but note carefully the sentence on this webpage: Since I wrote it, FreeBSD has changed its I/O structure, breaking many things in Vinum. At the time of writing, a new version, provisionally called gvinum, is being written I myself have had one serious crash on a vinum RAID volume as a result of a SCSI cable problem that blew away the volume. (2 drives were corrupted, instead of just one, making it impossible for the volume manager to repair by itself) I sent all the info to Greg but ultimately he wasn't able to offer any suggestions on recovering the array so I just wiped it and started over. Note that Greg DID NOT recommend wiping the array. In fact he didn't recommend anything. The lack of any recommendation appears to be his way of telling you your volume is screwed, wipe it and start over Like most UNIX commands, if Greg has nothing to offer, he says nothing at all, he won't tell you he has nothing to offer. So, the lack of a response to your original post you can probably take as an answer, to be honest. This did teach me a lesson that I kind of knew already but didn't think too much about. That is, a software array is no substitute for a hardware array. In other words, vinum is a great thing if what your wanting to do is use a bunch of cheap disks and cheap controller cards to either get a giant partition, or to stripe them together and get faster access. But it's not so good if the intent is to get some crash recovery. I don't use and have never used vinum for /etc, /, /usr, /var or any other system partitions. I only use it for partitions that I want to mount AFTER the system is booted. If I were in your shoes I'd nuke your system and start all over again and rethink how I had it laid out. I would use a single disk for the system then take the rest of the disks and put them together under vinum. Then I'd mount that on /ftp and I'd softlink whatever thing is gopping up space under /usr, for example /usr/local/www, to a directory under /ftp Vinum isn't going to give you any crash recovery for /usr so there is really no point in making /usr a vinum volume. Beyond that I really don't understand why you are putting /usr as a vinum volume, espically as you yourself said Fortunately this volume is up and running or I would really be in a mess I mean, your basically saying your hitting yourself in the face and you feel fortunate you haven't broken your nose yet. Anyway, one other thing I will bring up: How exactly did you update your system? Did you nuke and repave it? Or did you follow the instructions here EXACTLY: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html If you didn't do one or the other of these things then nobody is going to help you. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Drew Tomlinson Sent: Tuesday, January 18, 2005 2:00 PM To: FreeBSD Questions Subject: One Last Plea For Vinum Assistance I sent the message below a couple of times but did not receive any response. I assume that it's because either I have a really difficult problem or am asking something really stupid. :) But anyway, I want to install additional memory in this machine and am sure I will run across the same problems after shutting down. So if anyone has any suggestions on how I might solve this issue, I'd really appreciate the input. Thanks, Drew --- Original Message --- Since an upgrade from 4.9 to 4.10, I've had problems with vinum. The basic problem is that upon reboot, two of my vinum drives show up as referenced and thus create the associated chaos. I've tried many things and fiddled around quite a bit so I can't say exactly what I've done. I can include all of the entries in the history file since Oct. 31 if that's a help but it would be a long list. So prior to digging that deep, I will describe where I stand currently and where I want to finish. Currently, I have one vinum volume that I use for /usr. Fortunately this volume is up and running or I would really be in a mess. Here's the 'vinum list' output in this state: blacklamb# vinum vinum - list 2 drives: D disk1 State: up Device /dev/da0s1h Avail: 0/8383 MB (0%) D disk2 State: up Device /dev/da1s1h Avail: 0/8383 MB (0%) 1 volumes: V usr State: up Plexes: 1 Size: 16 GB 1 plexes: P usr.p0 S State: up Subdisks: 2 Size: 16 GB 2 subdisks: S usr.p0.s0 State: up PO:0 B Size: 8383 MB S usr.p0.s1 State: up PO: 256 kB Size: 8383 MB I want to add another volume and mount it on /ftp. After creating the volume,
RE: Security for webserver behind router?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jay O'Brien Sent: Wednesday, January 19, 2005 10:06 PM To: FreeBSD - questions Subject: Re: Security for webserver behind router? Anthony Atkielski wrote: Jay O'Brien writes: JOB Thanks, but what I want to know is what risk I have with port 80, JOB and only port 80 open. The risk depends on Apache, since that's the daemon answering the phone when someone calls in on port 80. Just make sure you're using the latest version of Apache (1.3.33, if you want the 1.x version, or 2.0.52, if you want the 2.x version). Some earlier versions are vulnerable. As long as Apache is secure, port 80 can be open. I am running Apache 1.3.33, as you suggest I should. You say as long as Apache is secure; what should I do to be sure that Apache is secure? Nothing, you nor nobody can do this. All you can do is subscribe to the Apache mailing list and if someone discovers a hole in Apache at some point in the future, then you can immediately patch your installation with the inevitable patch that will shortly follow. If there isn't a security risk with the FreeBSD system I've described, maybe this question belongs on the Apache mailing list, not here? It is more accurate to say that a properly setup system contains no security holes KNOWN to the general public at the time that it was setup There is no way to guarentee security. People are always working on code looking for holes. Considering the hundred thousand or so lines of code in the source of a FreeBSD system running Apache, it is unrealistic to assume that every single bit of it is completely secure. Even the Motion Picture Association created a hole when they came up with the CSS encryption standard that is used on every DVD sold, and the MPAA has more money than God to throw into coding (well, at least more money than anyone else in the business) in short there is absolutely no guarentee no matter how much money you shit out your arsehole over a project and no matter how much money it's worth to you, that it can be guarenteed to be secure. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: freebsd IT mailing list or newsgroup?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Durham Sent: Monday, January 17, 2005 11:04 AM To: freebsd-questions@freebsd.org Cc: [EMAIL PROTECTED] Subject: Re: freebsd IT mailing list or newsgroup? I guess I would have to say that the niche I am talking about is supporting applications of a corporate/business nature on FreeBSD. One big problem with this is that still, the majority of software business apps are commercial packages, and the vendors of those packages release their apps for platforms that they consider to help them sell their software. The Oracle story is a good example. Back in 1999-2000, Oracle actually completed a port of Oracle to FreeBSD. But they never released it, deciding that there was not enough market for it. Later they released it for Linux, but still, even today, many companies that sell Oracle-related software still don't have Linux ports. Naturally, a lot of software that isn't really a corporate business application (like a web server) is used by business and by corporations. But that is already covered plenty elsewhere. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: freebsd IT mailing list or newsgroup?
-Original Message- From: Jim Durham [mailto:[EMAIL PROTECTED] Sent: Monday, January 17, 2005 10:42 AM To: freebsd-questions@freebsd.org Cc: Ted Mittelstaedt Subject: Re: freebsd IT mailing list or newsgroup? On Saturday 15 January 2005 03:05 pm, Ted Mittelstaedt wrote: Have you seen my book and website? http://www.freebsd-corp-net-guide.com It is out of print now but still available on Amazon. I have the book and I contributed some stuff to you a few years ago 8-) . Thanks! Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Security for webserver behind router?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thanos Tsouanas Sent: Wednesday, January 19, 2005 11:46 PM To: freebsd-questions@freebsd.org Subject: Re: Security for webserver behind router? Just how much secure do you want to be? You can run apache chrooted in its directory. That basically means, that if apache is installed at /var/www/ , you can set it so that it isn't aware of anything that's not under /var/www/ So, even if a security hole is found on apache, and someone does manage to break in, they won't be able to do much to the system, nor gain information about it, but will only be able to deal with /var/www/* ... Not true. Naturally this is more of an academic discussion since the vast majority of cracks are perpetuated against Windows. If they get access to the CGI directory they can launch attacks against the loopback address 127.0.0.1 and thus have access to all services on the server, including the ones that are behind the firewall. They can also attack other hosts on the same subnet and compromise those then head back to the apache box. They can fill the disk up and if /var/tmp is on there then things might stop working. And of course, if the server isn't configured all that well they might find a script that some cronjob is executing, that is located down in the chrooted directory and install their stuff there. If security is all that matters, you might want to have a look at OpenBSD's approach, which runs a modified apache version, chrooted by default. OpenBSD's approach to security is designed to allow Theo de Raadt to run around and lecture everyone else about how crappy their security is. Out of the box an OpenBSD server is pretty useless. Secure but useless. To get it to do anything you have to start turning on things, (like the webserver, etc.) and it's those things that get broken into. It's like when Microsoft ran around claiming that Windows NT 3.51 was C4 security compliant (Air Force manual 33-270) everyone was really impressed but what Microsoft didn't tell you is that NT only met C4 security when it didn't have a network adapter installed!!! P.S. Running apache chrooted is a great idea, and that's how my httpd is running, but it can be a PITA if you try to install it without understainding how it works. I'm sure you feel more secure running it like that, if it makes you happy, go for it. Me, I'm not going to be shutting down my DMZ any time soon. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Strange problem with DSL modem.
Hi Jason, I work for an ISP which is a Qwest Megahost and have dealt plenty with these and several other brands of modems on the Qwest network. I have dealt with the ActionTec people as well, and documented a number of bugs in earlier version of firmware for these modems, some of which have been fixed, others which haven't. You haven't said exactly how your DSL connection is setup. Is this PPPoA or what? Nor how your DSL modem is configured. We need to know that before helping. You should also know that the ISP I work at DOES NOT recommend or specify the ActionTec DSL modem for any corporate or business customers of ours - in short, not for any customer of ours who gives more than a fig about a reliable DSL connection. Frankly it is a shame - Qwest has dumped millions of dollars on pretty good back-end DSLAMs and such only to crap up their DSL network with those CPEs. The ActionTec is fine for the typical garden-variety home user who is so retarded that they refuse to run antivirus software because it's too expensive, and they refuse to regularly update their Windows system so it doesen't get stuffed full of viruses, and has a chip on their shoulder the size of Manhattan because someone dared to tell them they might actually, no God no I can barely say it - they might actually have to PAY A SLIGHT BIT OF REAL MONEY for a DSL modem!! Heavens! After all, by God that fucking phone company should be PAYING ME to subscribe to DSL and your telling me I have to actually pay less money than I waste on Mac Don's steakhouse during the week for a DSL modem?!?! Bessie, get me gun!!! Back in the days when Qwest was still under the delusion that DSL customers actually wanted something in the way of DSL that didn't go down with the frequency of a $5 Tijuana hooker, Qwest specd REAL modems manufactured by Cisco Systems, the model 675 and later 678's. Sadly, Qwest was rudely awakened to the reality that most DSL users wanted cheap, cheap, cheap, cheap, fast, cheap cheap and well as for reliability, what's that?. Cost to the customer on the 678's was $100 and Qwest was eating part of it as the list cost was more than that from Cisco. Cost on today's ActionTec's is $50, and people still bitch, and the ActionTec company probably doesen't see more than $10 per device, if even that. You can't manufacture much of a DSL modem, plus pay for a radio chip for it, for that kind of money. The Cisco 678 is what you what to use. Unfortunately, they are no longer manufactured by Cisco. Cisco is currently making an even better DSL device, the Cisco 827, which works spectacularly well on Qwest's network - but of course Qwest doesen't spec that as list on it is like $600. To give you an example of how bad the ActionTec is, just today I got a call from a customer who had DSL at 2 offices with 827's which went down. Called Qwest, the tech on the phone checked and came back and said that Qwest techs were doing some maintainence on the DSLAM. The tech proceeded to check the history of both lines and tells me that the DSL modems had been up solid for 50 days, and I really should have someone power-cycle them because they had been up for too long Can you imagine? This poor Qwest support tech has been dealing with crap Actiontecs for so long that he actually believes that the DSL modem is SUPPOSED to be rebooted all the time Needless to say, when the Qwest service guys finished screwing with the DSLAM, both 827's came right back online WITHOUT human intervention. Anyway, if you get a 678, and flash-update it to current firmware, (the old firmware in the 678 is like 5 years old and has many problems) and properly configure it, your problems will go away. Unfortunately the downside is that actually doing this is not easy for most people as the steps to do it are rather arcane, the firmware itself has controlled-access on it, and basically unless your ISP will do it for you, or you are willing to spend some time really understanding the process instead of just trying to rush into doing it, as they say, good luck. Once you tell us what your DSL config is, I might be able to give you some suggestions to get the GT701 going. No promises though. Also, one other thing, the Westell C90-36R516 modem will work on the Qwest network also - with one caveat, and of course, some arcane configuration. Both the 678 and the R516 modems are still readily available on Ebay. Unfortunately for the 678 though, others have discovered the same thing about the ActionTecs that I have related here, and pricing on those modems is still rather high. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Osgerby Sent: Thursday, January 20, 2005 9:32 PM To: freebsd-questions@freebsd.org Subject: Strange problem with DSL modem. Hello all, I am hoping someone on this list can help me out with a very frustrating issue I am having. I dual boot one of my machines (a Dell
RE: Strange problem with DSL modem.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Osgerby Sent: Friday, January 21, 2005 12:00 AM To: FreeBSD Questions Subject: RE: Strange problem with DSL modem. Hi Ted, I enjoyed reading your email. Made me laugh, aside from realizing that I have a shitty DSL modem! Ah well. You wrote: You haven't said exactly how your DSL connection is setup. Is this PPPoA or what? Nor how your DSL modem is configured. We need to know that before helping. It was initially set to PPPoA after the auto setup process was run. Later, when I was playing around with it trying to make it work with FreeBSD, I changed it over to PPPoE. But it didn't make any difference, not that I really expected it to. I was just grabbing at straws. How is it configured? Well, what exact information do you need? I will be MORE than happy to provide any details that I can. Right now it is simply connected to the computer through the ethernet card. I haven't changed any of the settings from the default, apart from making the machine's IP the DMZ box to get around the firewall. Even that didn't make any difference. It is still timing out the fetch requests--which seems to be attempting to operate over HTTP--although it has no problems pinging anybody. This is a very bizarre problem. The DSL modem is already running the latest firmware, because I upgraded it as soon as I got the DSL up and running. OK, here's what I would advise you to do. First of all, don't use the NAT in the DSL modem. It's not a very good NAT and there's several advantages to having a public IP address on your FreeBSD system. To do this you need to set the DSL modem into transparent bridging. Go to http://192.168.0.1 and click on setup-advanced setup-begin advanced setup. The first page is informative, click next, the next page select Transparent Bridging, click Next. Keep clicking Next until you get to DHCP server, set this OFF, then click next a few more times till you get to NAT, turn that OFF also (very important!) Keep clicking Next until you get to Save and Restart, click that, the modem will reboot and become a pure bridge. Don't pick and choose the options in the modem setup on the left hand side, use the Advanced Setup wizard as detailed above! click next on ALL the screens even though most of them you won't be changing setup. Don't try to get smart and jump ahead by clicking save and restart on the bottom left before going through all the screens! MAKE SURE NAT IS OFF the ActionTec is so stupid that even in bridged mode if nat is on, it will still try natting the packets! Same with dhcp server. Even in pure bridged mode the actiontec still retains a mac access and and ip address of 192.168.0.1 You should do all this with Internet Explorer under your XP system as the ActionTec's internal webserver is unpredictable with different web browsers. It is also unpredictable with older versions of Internet Explorer, it's easy to get into states where it looks in the browser like you have configured it but when you click save and restart, the modem configuration doesen't actually change. Next, you need to setup PPP on your FreeBSD system per the following: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pppoe.html Qwest.net and MSN use PPPoA which PPPoE for your purposes is essentially the same thing, the difference being one's over ATM the other's over Ethernet. An equivalent under XP would be to setup pppoe on xp, or winpoet on a lesser windows. Ted Thanks, Jason. Ted Mittelstaedt [EMAIL PROTECTED] wrote: Hi Jason, I work for an ISP which is a Qwest Megahost and have dealt plenty with these and several other brands of modems on the Qwest network. I have dealt with the ActionTec people as well, and documented a number of bugs in earlier version of firmware for these modems, some of which have been fixed, others which haven't. You haven't said exactly how your DSL connection is setup. Is this PPPoA or what? Nor how your DSL modem is configured. We need to know that before helping. You should also know that the ISP I work at DOES NOT recommend or specify the ActionTec DSL modem for any corporate or business customers of ours - in short, not for any customer of ours who gives more than a fig about a reliable DSL connection. Frankly it is a shame - Qwest has dumped millions of dollars on pretty good back-end DSLAMs and such only to crap up their DSL network with those CPEs. The ActionTec is fine for the typical garden-variety home user who is so retarded that they refuse to run antivirus software because it's too expensive, and they refuse to regularly update their Windows system so it doesen't get stuffed full of viruses, and has a chip on their shoulder the size of Manhattan because someone dared to tell them they might actually, no God no I can barely say it - they might actually have to PAY A SLIGHT BIT OF REAL MONEY for a DSL modem
RE: 1st degree verbal assault and battery hate crime at Applebees
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of PC GURU Sent: Friday, January 21, 2005 1:27 PM To: [EMAIL PROTECTED] Subject: 1st degree verbal assault and battery hate crime at Applebees So there you have it. What should I do in this situation? What are my rights? I've emailed Applebees twice, and spoke to them twice, but so far they have done nothing. I think an apology is owed and reparations should be given. Sorry guy, you would have had to have been an employee if you wanted a share of that $40,000 settlement. (Here's the URL to prevent anyone else from wasting any more time on this) http://www.thetennesseetribune.com/news/Article/Article.asp?NewsID=30929; sID=16 Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Which Way to Partition.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of stheg olloydson Sent: Friday, January 21, 2005 9:28 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: Which Way to Partition. Hello, This is a bikeshed question, i.e. everyone is expert enough to have an opinion. As such this has been discussed numerous times on this list. search the archives and pick whatever theory seems reasonable for your use. BTW, having GNU/Linux - Freedom in your sig file when posting to a *BSD list is a bit of a _faux pas_, wouldn't you agree? Probably not as much as a faux pas as posting the same message TWICE, stheg, (note message ID's) Message-ID: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Basic Info on Wireless Router Installation and Performance
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bob Perry Sent: Thursday, January 20, 2005 12:37 PM To: freebsd-questions@freebsd.org Subject: Basic Info on Wireless Router Installation and Performance Just joined an ISP that has agreed to provide residential DSL service. Their service is normally limited to commercial operations but they made the offer based on the fact that my OS was FreeBSD. At this stage we have determined that only one of three phone jacks in my apartment is able to sync-up with the DSL. The options, thus far, are to fix the inside phone wiring or install a wireless router. Hi Bob, I see a lot of people are telling you to install wireless but in my experienced opinion, you need to fix your wiring. Your never going to have stable service if you don't, even if you put the DSL modem next to the building MPOE (Median Point of Entry). Go wireless if you want to but get your inside wiring fixed. What we do around here is have people with this kind of problem sign up for Line-Backer insurance from the phone company, wait a few days, then call a trouble ticket into the phone company. (Line Backer is a Qwest product, other phone companies have similar programs) This covers all your inside wiring and the phone techs will come out and fix it properly and you won't get hit with a $150 charge for inside wiring repair. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Hardware RAID
-Original Message- From: Stijn Hoop [mailto:[EMAIL PROTECTED] Sent: Friday, January 21, 2005 1:02 AM To: Sandy Rutherford; [EMAIL PROTECTED] Cc: FreeBSD Questions Subject: Re: Hardware RAID On Thu, Jan 20, 2005 at 05:22:36AM -0800, Sandy Rutherford wrote: On Wed, 19 Jan 2005 22:57:21 -0800, Ted Mittelstaedt [EMAIL PROTECTED] said: This did teach me a lesson that I kind of knew already but didn't think too much about. That is, a software array is no substitute for a hardware array. ... I respectfully disagree here; it is a substitute in some respects, especially if you factor in cost. I think you didn't read my post, I explicitly stated vinum is a great thing if what your wanting to do is use a bunch of cheap disks and cheap controller cards to either get a giant partition, or to stripe them together and get faster access. In other words cost is the only justification for selecting software raid over hardware raid. You haven't really made the case that vinum is better than a hardware array card on any other issue except cost. My vinum volumes allowed me to survive for a long time without backups (bad idea, don't do that), and for the past years have allowed me to survive without having to restore my backups. This through about 5 failing ATA disks and multiple upgrades of the storage space. I'd say it was worth it for me, including reliability. If you need speed, or have the cash, etc, you can go for hardware RAID. But even there I've seen and heard horror stories of incompatible disks, spontaneously lost configurations or even worse, silent data corruption due to a bad disk. I didn't say these things couldn't happen on a hardware array. I said that when these things do happen, it's worse for a software array than a hardware array, and that they happen a lot more on a software array. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Which Way to Partition.
-Original Message- From: Tabor Kelly [mailto:[EMAIL PROTECTED] Sent: Friday, January 21, 2005 11:52 PM To: Greg 'groggy' Lehey Cc: Ted Mittelstaedt; [EMAIL PROTECTED]; stheg olloydson; freebsd-questions@FreeBSD.org Subject: Re: Which Way to Partition. Greg 'groggy' Lehey wrote: On Friday, 21 January 2005 at 22:14:13 -0800, Ted Mittelstaedt wrote: Can we try to change that? Indeed. My first post to this email list (since I have been back from a 3 year hiatus) was a question about the infamous portsdb -uU/portupgrade -uU segfault. My reward for coming back to this list was an angry email from Don Novello ([EMAIL PROTECTED]). Also, if you are going to tell people that they posted duplicate messages, do you need to send that to the whole email list? The message to stheg was people that throw rocks should not live in glass houses, a message he quite obviously understood since he has wisely refrained from responding. The message to the rest of the list was that it isn't nice to criticize people for baloney items, and that if you do so, others are going to come after you. I have found that sort of response to be more effective in the long run to use a ruler to snap the fingers than to make pious hand-wringing or whiny limp appeals to play nice. And I don't mind being called an a-hole for doing it. As a matter of fact, the more people that criticize me for criticizing stheg, the more of a nasty a-hole I look like, which greatly enhances my effectiveness for making people like stheg who start the rock-throwing to quake in their shoes and be more afraid of starting the rock throwing. So, thanks for the cirticism! Perhaps you and some others could give me some more so as to make me an even more effective deterrent to sthenglike behavior :-) Although of course you must not construe this statement as a statement that I wish to interfere with your rights to make as many pious hand-wringing or whiny limp appeals to be nice as you feel necessary, should you feel the need to make pious hand-wringing or whiny limp appeals to be nice, that is. Sorry to have to be so blunt publically, I'm not trying to embarass you, but clearly since you didn't get this, others may have not also. Thus I feel this message also should go for public distribution. Is that enough justification for ccing questions? By the way, could we possibly have more metadiscussion please? You know, I heard this last Christmas there was a sick kid that all he wanted for Christmas was for everyone to send him a Christmas card At least one good thing is we can tell old [EMAIL PROTECTED] that we now have unimpeachable proof that FreeBSD must not have nay problems anymore since there's so few problems people are posting about now that we are now posting about posting about posting!!! ;-) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Hardware RAID
-Original Message- From: Stijn Hoop [mailto:[EMAIL PROTECTED] Sent: Saturday, January 22, 2005 1:01 AM To: Ted Mittelstaedt Cc: Sandy Rutherford; FreeBSD Questions Subject: Re: Hardware RAID I explicitly stated vinum is a great thing if what your wanting to do is use a bunch of cheap disks and cheap controller cards to either get a giant partition, or to stripe them together and get faster access. Yes, but that's what I was refuting in part; I've used it for reliability purposes to great effect, as I stated. So IMHO it's also a great thing if you need reliability for a lower price. Well that may be so but RAID reliability is kind of like this: if there's 10 people running it and 9 of them have no problems and one of them does, then be very afraid! You might be that 10th person. The desirable situation with RAID reliability is to have all 10 people with no problems, and a series of vague rumors that someone heard that a friend of a friend might of had a problem, then when you bother chasing it down you find the person was smoking pipeweed. Another way of saying it is that my kernel crashdump file of a blown-up vinum install that blew my array - which is online for anyone to download if they so choose as I post this - is worth 500 of your testimonals about how reliable vinum is. It was not my intent to describe vinum as being 'better' than the hardware RAID. As I read it, you dismissed software RAID for reliability purposes. I do. From a structural standpoint a lot more things can go wrong with it. I was stating that it can be used for that purpose. My crashdump file says raid isn't a reliable means of getting out of having to backup your data. I didn't say these things couldn't happen on a hardware array. I said that when these things do happen, it's worse for a software array than a hardware array, and that they happen a lot more on a software array. In my experience, when bad things happen, it was the same for the software RAID arrays as for the hardware RAID arrays. How many hardware arrays vs software arrays do you deal with? Over the last decade I think I've directly admined about 20-30 different makes and models of hardware array cards in different servers. I've lost about 3 disks in those. Admittedly not a lot. But so far I've never had one that lost a disk where replacing the disk didn't recover the array. Oh sure, some of them you had to do some really stupid things like take the server down completely for half the day to do it. But they all came back. During this time I've admined exactly 3 servers on software arrays. One was a news server using ccd which ran for years. The other are 2 vinum servers one of which is going strong, the other blew up due to a bad SCSI cable which wrote garbage on 2 drives making the array unrecoverable. In my experience if the reliabilty was equal, none of the software arrays should have given trouble and one or two of the hardware ones should have blown. Now granted in my vinum case the scsi cable is at fault. But, the log clearly shows vinum trying a write to one disk, getting a parity error, trying a write to another, getting another parity error, then the server freezing. The problem with vinum in this instance wasn't the initial parity errors and freezing. In fact, THAT was exactly what should have happend - shut the works down before you write garbage over the entire disk. The problem was that after a very simple error like that only a few blocks of data on the disks would have been bad so the vinum manager should have been able to recover the array to the point that it could be mounted again, so that fsck could have ripped out a handful of files and got the disk clean. Could this same have happend with a hardware array card? Probably. But I would be betting that the recovery routines in any hardware raid could have got the array to the point that a higher level tool like fsck could have got at least some data off it. And in any case, regardless of whether using software or hardware arrays, you should be backing up. I didn't with my software array and data was lost (fortunately not my data, and I don't know if the people who had data on it were backing their data up, they were supposed to, but I don't trust anyone on that) So I was stupid. Don't you or anyone else be stupid - learn from my mistake. Regular vinum does have a few warts (notably, online rebuilding is b0rked) but other than that it's the same procedure: remove bad drive, add new drive, rebuild. I agree that I've seen more failures with software RAID than hardware RAID. And certainly cost is a factor in that. It still comes down to cost vs downtime. What? I don't think I understand what your saying with that statement. RAID when used for reliability is because you cannot be backing up continuously - for example you have a database server that is receiving writes throughout the day, you raid it because you
RE: Samba - microsoft-ds connection?
[EMAIL PROTECTED] wrote: At 08:08 PM 1/22/2005, stheg olloydson wrote: It MS's Directory Service, what is usually called SMB. As long as it's between systems on your network, it's nothing to worry about. Ahah, then maybe there is something to worry about. I'm quite sure my system's been hijacked in the recent past. Once that happens the system is shot, the attackers bury so many back doors in the system that you will never find them all. Microsoft has a number of documents on how to secure their stuff on their website. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: PostgreSQL TCP sockets access?
Who did the port? Perhaps you could e-mail him or her? Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of SigmaX Sent: Tuesday, January 25, 2005 8:17 PM To: freebsd-questions@freebsd.org Subject: PostgreSQL TCP sockets access? Hey; I have a fairly fresh installation of FreeBSD 5.3 running PostGreSQL. I enabled TCP socket connection in the /usr/local/pgsql/data/postgresql.conf file (tcpip_socket = true), and allowed all hosts in pg_hba.conf (host all all 0.0.0.0 0.0.0.0 trust)... but I still get a connection refused error when trying to access the server. Any help? SigmaX -- Registered Linux Freak #: 366,862 My ISP won't talk to me after lodging a support call for helping gettting ADSL hooked up to a WinXP install running under VMWare under Linux on my XBox. 'Anonymous Coward,' in a post on slashdot.org For the eyes of the Lord range throughout the earth to strengthen those whose hearts are fully commited to him. 2 Chronicles 16:9a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 5.3 on Compaq ProLiant 1500
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of jeremy pedersen Sent: Monday, January 24, 2005 6:22 PM To: freebsd-questions@freebsd.org Subject: FreeBSD 5.3 on Compaq ProLiant 1500 I have an old Compaq ProLiant 1500 that I would like to install FreeBSD on, but the installation process freezes while attempting to load the installation. The following is the line(s) on which FreeBSD hangs: device_attach: ida0 attach returned 12 eisab0: PCI-EISA bridge at device 15.0 on pci0 *note, this is using the selection: 1. Boot FreeBSD (default) all the information I have on the server's hardware is as follows: 1) 2 pentium processors at 166Mhz 2) 5 ultra wide SCSI drives in raid 5 configuration. One drive is a logical drive. 3) one CD drive, it is not IDE, but I am not quite sure what else it could be. This is all the information I have to work with. Any help would be appreciated very much. Hi Jeremy, The Compaq Smart Array driver (ida) has had a problem with EISA adapters ever since it was introduced into FreeBSD. I've written the developer and offered to ship him a system, he requested I set up a system and let him remotely access it. Unfortunately I never got the time to do so. If you have a spare ide drive, set it up and put a skeleton FreeBSD system on the ide drive, put it on the Internet so it can be reached, then contact the ida driver and I'm sure he will get it running for you. It would be nice to get this running. In the meantime I use mine to run Solaris 2.5.1 x86. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Running public IP's inside an RFC 1597 network
[EMAIL PROTECTED] wrote: Hello, I'm running a typical Class C RFC 1597 network in my lab. What I want to do is create another network, accessible from my private addresses, that use public IPs. The public IPs exist in the wild but I want to have an isolated environment where I can test what happens in public space, in my lab, before I deploy changes. Hoo boy. OK first of all an IP is an IP is an IP. Machines don't know or care if we humans designate a subnet as public or private. In any case you cannot have 'public' ip's 'inside' a private IP subnet, unless there's some tunnel connection from the public network on the inside to the real outside Internet. All the machines in question are running 5.3-STABLE. What I've setup so far are two test servers, host1 (H1) and host2 (H2) with public IPs, and a gateway (GW) machine with one public IP and one private IP. All three machines are on a switch, the gateway has two NICs, one on the public switch and one on the private switch. e.g., External IPInternal IP Defaultrouter IP - -- --- GW 123.456.789.1/24 10.20.30.40/24 10.20.30.1 H1 123.456.789.154/24 123.456.789.1 H2 123.456.789.161/24 123.456.789.1 I can ping between the 3 public IP's fine until I turn on the GW interface with the private IP. At that point, the GW cannot ping the two public servers. Impossible. Or more accurately, if the GW is correctly configured it don't work this way. a default route such as: 0.0.0.0 0.0.0.0 - 10.20.30.1 is the absolute most general route there is for a machine. ANY route other than another default, is more specific than it, and thus will take priority. In a correctly configured system when you define an interface, such as 123.456.789.1/24 the system automatically creates a /24 route for the 123.456.789.0 subnet that points out that interface. This route is -more specific- than the default, thus ANY IP that has a prefix that matches this subnet will follow the more specific route, and be routed out of the interface. This is a fundamental property of any host. You aren't saying how your 'turning on' the GW interface. If you have NOT defined gateway_enable=YES in the /etc/rc.conf file then it might be possible to get funny behavior like this if you have multiple interfaces active in the system. Or, if you turn on the firewall with a restricted set of access lists, same thing. Obviously I'll need NAT'ing from the GW to H1 and H2 if I want packets from other hosts on my private network to see the public servers. Incorrect. All you need is a route in the 10.20.30.1 router for 123.456.789.0/24 pointing back to 10.20.30.40. Since all the hosts on 123.456.789.0/24 know to use 123.456.789.1 as their default gateway, and that machine knows where 10.20.30.0/24 is, routing works normally. What I can't figure out is how to tell my GW machine that packets destined for the 123.456.789.0/24 network are to go through my other NIC, not out through the GW's default router. It is more useful to stand this question on it's head. As yourself, how can you PREVENT packets from just naturally going out the 123.456.789.1 interface that have a destination prefix of 123.456.789 ? I hope I've explained the situation clearly. Googling and reading the friendly manuals has not revealed a solution to me. Well, what your trying to do is, as they say, pointless, which is why nobody does it, which is why it's not documented. Why don't you tell us what you REALLY are trying to accomplish? What exactly does a 'public space' have that you need to test on that a 'private space' doesen't, and why are you under the impression that it will continue to remain a 'public space' the second you isolate it? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ISDN connection problems
[EMAIL PROTECTED] wrote: Hi, I have a FreeBSD ISDN router running 5.3 with an AVM Fritz card and a 3com etherlink xl. After having mastered the xl driver problem (http://www.freebsd.org/cgi/query-pr.cgi?pr=68435) I noticed that the ISDN connection breaks randomly after some time. The PPP daemon stays up, but the ISDN interface does not send any packets. A ping to an internet address shows the following: ping: sendto: No buffer space available After that the only thing I can do is shutdown PPP and dial in again to get the internet connection working. This is really annoying. I haven't found a solution yet. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Stefan, The xl driver has been a pain in a lot of people's backside for years under earlier versions of FreeBSD. Quit torturing yourself and spend the $15 on another brand of network adapter card. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 4.11 Release
[EMAIL PROTECTED] wrote: On Tue, Jan 25, 2005 at 01:46:25PM -0600, Andrew L. Gould wrote: I just noted that FreeBSD 4.11 has been released and that there are now 2 CD#1's -- one for gnome and one for kde. Does anyone know how exclusive these CD's are? That is, does the gnome CD have kde-lite, or no kde at all? Does kde lack all gnome stuff? None at all. The set of packages became too big to have both gnome-lite and kde-lite on disc 1. Good riddance. This is FreeBSD, no reason to have your new server look like every other Linux box brought online. If your going to make it easy to put a window manager on for the newbies, pick something that's going to definitely make them say hoo boy! I ain't in Kansas anymore! such as Enlightenment. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ISDN connection problems
[EMAIL PROTECTED] wrote: Ted Mittelstaedt wrote: The xl driver has been a pain in a lot of people's backside for years under earlier versions of FreeBSD. Quit torturing yourself and spend the $15 on another brand of network adapter card. The problem is not the 3com card. The ethernet connection works fine if I turn on promiscious mode. And if you keep dismissing avenues to try then your never going to fix the problem. One of the basics of trooubleshooting is that everything in the box is suspect, until the problem is fixed. It is just that some things are more suspect than others. For someone to make a definitive statement that the problem is NOT before the solution is known, is a mark of a closed mind. This is why you are having difficulty finding the fix. The problem may very well not be the 3com card. But unless you try swapping with a different ethernet card, you aren't going to have proof that it isn't - unless you stumble across the solution before you get desperate enough to actually try swapping the card. But, since you want to gamble on doing that, good luck to you. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Need to get DarwinStreamingServer on 5.3R
[EMAIL PROTECTED] wrote: Hi I'm trying to install DSS onto FreeBSD 5.3 The Port wants version 5.0.1.1_2 of the source code tarball, and it's no longer available from the Apple download site. The version in both ZIP and CVS available from the Apple site fails to compile. What's the error message on the compilation? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Need to get DarwinStreamingServer on 5.3R
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Doyle Sent: Thursday, January 27, 2005 3:08 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: RE: Need to get DarwinStreamingServer on 5.3R At 05:31 27/01/2005, Ted Mittelstaedt wrote: [EMAIL PROTECTED] wrote: I'm trying to install DSS onto FreeBSD 5.3 The Port wants version 5.0.1.1_2 of the source code tarball, and it's no longer available from the Apple download site. The version in both ZIP and CVS available from the Apple site fails to compile. What's the error message on the compilation? Ted The compile fails with an error message ... undefined reference to '__gxx_peraonality_v0' *** Error code 1 Stop in /DSS-v5_0_3_2/QTFileTools/QTTrackInfo.tproj. Looks like someome misspelled personality in the code somewhere? The error should be undefined reference to `__gxx_personality_v0' and is caused by not including libstdc++ Since that's a standard library included by g++ when you compile, I suspect you are running into either a compiler bug or perhaps the code is trying to use gcc or ld instead of g++ to link? 4.X used an older version of gcc Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 4.11 Release
Well, why else would I suggest Enlightenment! :-) Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of gabriel Sent: Thursday, January 27, 2005 10:10 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org; Kris Kennaway Subject: Re: FreeBSD 4.11 Release And I quote. eww! =P On Wed, 26 Jan 2005 00:22:19 -0800, Ted Mittelstaedt [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: On Tue, Jan 25, 2005 at 01:46:25PM -0600, Andrew L. Gould wrote: I just noted that FreeBSD 4.11 has been released and that there are now 2 CD#1's -- one for gnome and one for kde. Does anyone know how exclusive these CD's are? That is, does the gnome CD have kde-lite, or no kde at all? Does kde lack all gnome stuff? None at all. The set of packages became too big to have both gnome-lite and kde-lite on disc 1. Good riddance. This is FreeBSD, no reason to have your new server look like every other Linux box brought online. If your going to make it easy to put a window manager on for the newbies, pick something that's going to definitely make them say hoo boy! I ain't in Kansas anymore! such as Enlightenment. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- gabriel, Member of: FreeBSD-Announce FreeBSD-Hardware FreeBSD-Multimedia FreeBSD-questions ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ATA problem
Are you using an old ordinary IDE cable or the super special high density go-fast new style IDE cable? Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of BSD Mail Sent: Thursday, January 27, 2005 7:28 PM To: FreeBSD-questions@freebsd.org Subject: ATA problem Hello, I'm having a problem installing any version of FreeBSD 5.2 and above on a EIDE Western Digital Caviar 80GB. That system was running 4.x without any problems for over 2 years. When I planned to install 5.3 I got the error below. I thought at first it's HD jumper settings not that I changed the current settings Then I thought it's the IDE bus. I did further debugging. I installed different types of Linux and Windows 2k and I got no problem with the HD. I'm able to install FreeBSD 5.1 and any prior release with no problem. I read some threads about 5.3 having problems with some IDEs. If that's the case, what is your suggestion ? I want to take advantage of the nice features in 5.3 plus I got my DVD burner identified for the first time under 5.3. After I boot from CD to proceed with a clean install. When I get hardware probing, as I reach the 'ata' part I get the message below and everything just freeze there. I have to do a hard boot. ad0: 76293MB WDC WD800BB-75FRA0 [155009/16/63] at ata0-master UDMA100 ata1-master: FAILURE - ATA_IDENTIFY status=7fREADY,DMA_READY,DSC,DRQ,CORRECT,INDEX,ERROR error=7fUNCORRECTABLE,MEDIA_CHANGED,NID_NOT_FOUND,MEDIA_CHAN.. REQUEST,ABORTED,NO_MEDIA,ILLEGAL_LENGTH LBA=0 Thank you, -- Regards, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Missing INDEX file in Ports
Hi All, Has anyone seen this before, I just installed 4.11 and in /usr/ports typed make search key=ghostscript and the machine went away for a couple hours to generate an INDEX file. (this is a P75, unfortunately) Has anyone else noticed the INDEX file is missing in the 4.11-RELEASE ports directory? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Missing INDEX file in Ports
-Original Message- From: Michael Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, January 27, 2005 11:02 PM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Missing INDEX file in Ports Has anyone else noticed the INDEX file is missing in the 4.11-RELEASE ports directory? it was removed a few months ago, use 'make fetchindex' Thanks, I had thought it might have been because I installed the ports afterwards rather than during the install, and a script bit it somewhere. Probably this should go into the README file in the ports dir. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Missing INDEX file in Ports
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kent Stewart Sent: Thursday, January 27, 2005 11:19 PM To: freebsd-questions@freebsd.org Cc: Ted Mittelstaedt Subject: Re: Missing INDEX file in Ports On Thursday 27 January 2005 11:00 pm, Ted Mittelstaedt wrote: Hi All, Has anyone seen this before, I just installed 4.11 and in /usr/ports typed make search key=ghostscript and the machine went away for a couple hours to generate an INDEX file. (this is a P75, unfortunately) Has anyone else noticed the INDEX file is missing in the 4.11-RELEASE ports directory? If you cvsup ports-all, INDEX[-56] is deleted. You want to cd /usr/ports make fetchindex The fetch of a compressed file is much faster than generating it :). Even faster would have been for it to be on the same CDROM that the rest of the ports directories were copied from. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Missing INDEX file in Ports
-Original Message- From: Kent Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, January 27, 2005 11:34 PM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Missing INDEX file in Ports On Thursday 27 January 2005 11:30 pm, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kent Stewart Sent: Thursday, January 27, 2005 11:19 PM To: freebsd-questions@freebsd.org Cc: Ted Mittelstaedt Subject: Re: Missing INDEX file in Ports On Thursday 27 January 2005 11:00 pm, Ted Mittelstaedt wrote: Hi All, Has anyone seen this before, I just installed 4.11 and in /usr/ports typed make search key=ghostscript and the machine went away for a couple hours to generate an INDEX file. (this is a P75, unfortunately) Has anyone else noticed the INDEX file is missing in the 4.11-RELEASE ports directory? If you cvsup ports-all, INDEX[-56] is deleted. You want to cd /usr/ports make fetchindex The fetch of a compressed file is much faster than generating it :). Even faster would have been for it to be on the same CDROM that the rest of the ports directories were copied from. You would have to go to the cvsweb.cgi attic to find out how many months it has been removed from ports. Do you really think I care how long it's been removed? Your missing the point. INDEX is supposed to be in the RELEASES on the CDROMs because the CD's are supposed to be self-contained, ie: you should not require an Internet connection to get a complete install. Otherwise there's no point in even bothering to release the CDROMS in the first place. INDEX isn't in SNAPS and such because it makes no sense generating it for a ports tree that's open for committing since new ports could be added at any time. However the ports tree on the CDROM is static, not dynamic. Please note the following: http://www.freebsd.org/releases/4.11R/schedule.html Now, notice down there: Final package build starts Note any ACTUAL date? Obviously whomever was supposed to do the ports stuff for the release didn't follow the procedure exactly correctly, they probably cvsupped the ports at the last minute and forgot to fetch the INDEX, same as they forgot to update the release schedule. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ATA problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of BSD Mail Sent: Friday, January 28, 2005 12:19 AM To: FreeBSD-questions@freebsd.org Cc: Ted Mittelstaedt Subject: Re: ATA problem I'm using the same cables I've been using for long time. A round Single IDE Ultra ATA Cable, 40c/80p 18 inch. I'm using the same exact cable on 5 other FreeBSD machines with no problem at all. Have you downloaded Wdc_cfg.zip from the Western Digital website and firmware updated your EIDE drive? Go to software drivers, WD Caviar 7200RPM, IDE RAID compatibility upgrade, Non-3ware cards. While this is supposed to help only for RAID it might help for you. Apparently WD introduced some goofy timeout thing for these drives to reduces idle acoustic noise in desktop drives Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Missing INDEX file in Ports
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael C. Shultz Sent: Friday, January 28, 2005 3:16 AM To: freebsd-questions@freebsd.org Subject: Re: Missing INDEX file in Ports yeah, but including it would be easier for alot of people. Especially people who are using a slower computer. I agree make index is no fun on a slow computer, but if space is a problem is it really a good idea to put generated files on the CD? INDEX has been included with every CDROM pressing of FreeBSD 4.x previously. And this will be the last 4.X pressing. So, it must have required a really severe space crunch to justify this significant of a deviation. Now, lets's see here: Disc 1 of FreeBSD 4.11 KDE is 647MB Disc 1 of FreeBSD 4.11 Gnome is 576MB The INDEX file is 6MB A cdrom holds 660-700MB of data And I won't even go into the thousands of dollars of network costs involved in fetching a 6Mb index file over the Internet for everyone that could have been included on the CD. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Basic Info on Wireless Router Installation and Performance
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bob Perry Sent: Friday, January 28, 2005 11:33 PM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Basic Info on Wireless Router Installation and Performance Ted, What linebacker did you have in mind? Bob, who is your telephone company? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Missing INDEX file in Ports.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julien Gabel Sent: Friday, January 28, 2005 1:39 AM To: freebsd-questions@freebsd.org Subject: Re: Missing INDEX file in Ports. Your missing the point. INDEX is supposed to be in the RELEASES on the CDROMs because the CD's are supposed to be self-contained, ie: you should not require an Internet connection to get a complete install. Otherwise there's no point in even bothering to release the CDROMS in the first place. Yeah, I totally agree, INDEX should be included in ports.tar.gz for at least RELEASES. Included or not, the release is self contained (and don't require an internet in that case) since the INDEX or INDEX-5 file can always be generated from the local ports tree, via : # cd /usr/ports; make index So can many of the utilities - like perl and X - that are now supplied as binaries. I guess you want to go back to the 386BSD days when you had to build all those things yourself. I think you deserve to have your FreeBSD taken away for a month and be forced to run Solaris 2.5.1. That will teach you to smart off about being able to generate things. How would you like a Sendmail upgrade to take 2 hours, eh? Or let's see even better - how about bootstrapping a usable version of gcc on a SunOS box? Been there, done that. We don't want to go back to those days. There's a reason that precompiled and pregenerated stuff is included in the UNIX distributions. Neither Disk 1's require KDE or GNOME to be generated from the sources, either. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Missing INDEX file in Ports
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kris Kennaway Sent: Friday, January 28, 2005 8:51 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org; Michael C. Shultz Subject: Re: Missing INDEX file in Ports On Fri, Jan 28, 2005 at 03:34:46AM -0800, Ted Mittelstaedt wrote: INDEX has been included with every CDROM pressing of FreeBSD 4.x previously. And this will be the last 4.X pressing. So, it must have required a really severe space crunch to justify this significant of a deviation. It was probably just forgotten. Talk to the release engineers. Yes, that is my feeling as well. Glad to see your not using some silly justification to explain that it was deliberately left out. :-) My intent on the initial post was to find out if others were seeing the same thing. Since they are, it's time to e-mail the release people. Unfortunately, though, from the looks of the docs coming out of them, there's little interest in the release team on the 4.xx line anymore so this is probably an exercise in futility. Unfortunately the disappointing thing is that the 3.X release had the same kind of thing happen. The very last 3.X release of FreeBSD had several broken things - notably ESDI support, bad144 no longer worked, even when a few revs earlier it was working fine. Now we are seeing the same thing with 4.11 - a niggly problem that marrs the normally perfect release. I am concerned that if something like INDEX was forgotten, that there's going to be other things forgotten as well. Sigh. We really must learn when to quit on these release trains. 4.10 was a perfect cap on a successful 4.x run. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ISDN connection problems
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stefan Pietsch Sent: Friday, January 28, 2005 6:25 AM To: freebsd-questions@freebsd.org Subject: Re: ISDN connection problems Ted Mittelstaedt wrote: The problem may very well not be the 3com card. But unless you try swapping with a different ethernet card, you aren't going to have proof that it isn't - unless you stumble across the solution before you get desperate enough to actually try swapping the card. But, since you want to gamble on doing that, good luck to you. I replaced the 3com card with an Intel 82559 Pro/100, but it made no change. So I think I will step back to 4.11R, maybe it solves the problem ... If it doesen't then your probably going to need to try another ISDN card. By the way, have you by chance priced out ISDN routers lately? For example: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=73321item=5746457 512rd=1ssPageName=WDVW Cisco 1603's are going for under $20USD. The 1603 is the Euro version of Cisco's ISDN router and understands the Euro ISDN switches (in contrast to the 1604 which doesen't have an ST interface and only understands American ISDN switches) At the ISP I work at we still do a lot of dialup ISDN because we are the only ISP left in town that will guarentee multilinking. During the last year I've pretty much told all customers that we are only supporting the Cisco 1604 anymore, simply because the things are so darn cheap now that it's less of an annoyance factor to me to deal with more than one kind of router. (Despite the fact that I've configured more than a dozen different brands of ISDN routers during the heyday of ISDN) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Docs for Berkeley Make?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jonathon McKitrick Sent: Saturday, January 29, 2005 12:53 PM To: freebsd-questions@freebsd.org Subject: Docs for Berkeley Make? Hi all, I just got the O'Reilly book on GNU Make, but I'd really like to focus on Berkeley Make when possible. Older revisions of the O'Reilly book cover the Berkeley make. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Acroread complains...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steven Friedrich Sent: Sunday, January 30, 2005 8:30 AM To: freebsd-questions@freebsd.org Subject: Acroread complains... When I run mozilla from the command line and ask it to open a pdf, it complains: /usr/local/Acrobat5/Reader/intellinux/bin/acroread: error while loading shared libraries: /usr/local/lib/libartsdsp.so.0: ELF file OS ABI invalid So I ran file on it: % file /usr/local/lib/libartsdsp.so.0 /usr/local/lib/libartsdsp.so.0: ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), not stripped Ideas? Have you done this: cd /usr/ports/print/acroread make install And does it break if you just run acroread in an xterm by itself? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 1st security warning: installed zlib version may contain asecurity bug
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lowell Gilbert Sent: Sunday, January 30, 2005 7:38 AM To: Timothy Luoma Cc: FreeBSD-Questions Questions Subject: Re: 1st security warning: installed zlib version may contain asecurity bug Timothy Luoma [EMAIL PROTECTED] writes: I was trying to configure make 'clamav-0.81' when it complained about this: configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then! I went to zlib.net, downloaded 1.2.2, did './configure make install clean' Is that all I need to do? This is my first security warning so I want to make sure I'm not missing something obvious. It sounds like you're missing the ports collection, to begin with. It will handle dependencies for you, a big help in upgrades. Lowell, Considering that /ports/security/clamav was only updated to clamav 0.81 6 hours ago it is quite expected that the OP would have tried building this himself. And you should try to use the FreeBSD base system upgrades and security advisories for keeping up on security issues, rather than trying to install bits and pieces yourself (unlike, say, Linux, FreeBSD is a whole operating system). zlib is part of the base OS it should be at version 1.2.2 in FreeBSD 4.11R, since version 1.2.2 was released in October 2004. However, all prior FreeBSD will be at 1.2.1. And furthermore there is NO current security advisory on zlib for FreeBSD. I might also point out that http://www.gzip.org/zlib/ still shows the old zlib. This is an easy fix. Download zlib 1.2.2 from http://www.zlib.net and build it according to the instructions and install it in /usr/local. Temporarily rename /usr/lib/libz.a, /usr/lib/libz.so, /usr/lib/libz.so.2, and /usr/lib/libz_p.a to backup files, build clamav (this will shutup clamav and allow it to build) then rename them back. Keep in mind that this WILL NOT fix the zlib security hole in the system. zlib is probably linked into a number of utilities on your system and a proper fix would be to replace the zlib library, and recompile all the utilities in the system that are linked into the static library. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 1st security warning: installed zlib version may containasecurity bug
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ted Mittelstaedt Sent: Sunday, January 30, 2005 4:39 PM To: Lowell Gilbert; Timothy Luoma Cc: FreeBSD-Questions Questions Subject: RE: 1st security warning: installed zlib version may containasecurity bug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lowell Gilbert Sent: Sunday, January 30, 2005 7:38 AM To: Timothy Luoma Cc: FreeBSD-Questions Questions Subject: Re: 1st security warning: installed zlib version may contain asecurity bug Timothy Luoma [EMAIL PROTECTED] writes: I was trying to configure make 'clamav-0.81' when it complained about this: configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then! I went to zlib.net, downloaded 1.2.2, did './configure make install clean' Is that all I need to do? This is my first security warning so I want to make sure I'm not missing something obvious. It sounds like you're missing the ports collection, to begin with. It will handle dependencies for you, a big help in upgrades. Lowell, Considering that /ports/security/clamav was only updated to clamav 0.81 6 hours ago it is quite expected that the OP would have tried building this himself. And you should try to use the FreeBSD base system upgrades and security advisories for keeping up on security issues, rather than trying to install bits and pieces yourself (unlike, say, Linux, FreeBSD is a whole operating system). zlib is part of the base OS it should be at version 1.2.2 in FreeBSD 4.11R, since version 1.2.2 was released in October 2004. Oops, belay this - the version of zlib in FreeBSD is much older and is not vulnerable. clamav is the problem - the check they are making is assuming that any zlib implementation that is not 1.2.2 is vulnerable. The hack that I gave will work to get clamav built on your system - but there is no need to update the zlib libraries. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: rsync statically linked to zlib 1.1.4?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Timothy Luoma Sent: Sunday, January 30, 2005 9:39 PM To: FreeBSD Mailing List Subject: rsync statically linked to zlib 1.1.4? OK, so since I have updated 'zlib' to 1.2.2 I decided that I ought to check for other programs which use it. I installed 'find-zlib' (from ports :-) and ran it like this: $ for i in `echo $PATH | tr ':' ' '` for do for sudo find-zlib $i/* for done /usr/local/sbin/lpadmin: inflate version: 1.2.2 Copyright 1995-2004 Mark Adler /usr/local/bin/espgs: inflate version: 1.2.2 Copyright 1995-2004 Mark Adler /usr/local/bin/gs: inflate version: 1.2.2 Copyright 1995-2004 Mark Adler /usr/local/bin/rsync: inflate version: 1.1.4 Copyright 1995-2002 Mark Adler /usr/local/bin/rsync: zlib cplens table, little endian /usr/local/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4) $ OK, so the only one that looks like trouble is 'rsync' I did 'cd /usr/ports/net/rsync; sudo make deinstall; sudo make install clean' but when I ran 'find-zlib' again, it still reported 1.1.4 Am I missing something? it's either statically linked or it's using the 1.1.4 shared library. 1.1.4 is not vulnerable, only 1.2.0, 1.2.1 are. You can leave it be. the other programs are linked to the shared lib, and when you updated the libz.so file those got updated. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: 1st security warning: installed zlib version maycontainasecurity bug
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Sent: Sunday, January 30, 2005 8:28 PM To: 'FreeBSD-Questions Questions' Subject: RE: 1st security warning: installed zlib version maycontainasecurity bug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ted Mittelstaedt Sent: maandag 31 januari 2005 1:40 To: Lowell Gilbert; Timothy Luoma Cc: FreeBSD-Questions Questions Subject: RE: 1st security warning: installed zlib version may containasecurity bug zlib is part of the base OS it should be at version 1.2.2 in FreeBSD 4.11R, since version 1.2.2 was released in October 2004. Ok, now you got me worried. How do I check my current version? man zlib I am on FreeBSD 4.10R, with the all the latest security patches. Or so I thought. Keep in mind that this WILL NOT fix the zlib security hole in the system. zlib is probably linked into a number of utilities on your system and a proper fix would be to replace the zlib library, and recompile all the utilities in the system that are linked into the static library. If there is a security hole, how come there is no advisory on the FreeBSD site? Or is there a place I did not look? there isn't one, because the CERT advisory only listed 1.2.x you didn't read my second e-mail, obviously. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Proliant 5000
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brad Sent: Monday, January 31, 2005 5:30 PM To: 'Lowell Gilbert' Cc: freebsd-questions@freebsd.org Subject: RE: Proliant 5000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lowell Gilbert Sent: January 31, 2005 8:13 AM To: Brad Cc: freebsd-questions@freebsd.org Subject: Re: Proliant 5000 Brad [EMAIL PROTECTED] writes: Hi, I have recently acquired a Proliant 800 and a Proliant 5000 server. The 800 installed quite cleanly and is currently running FreeBSD 5.3 The 800 is a dual processor machine. When I try to install FreeBSD 5.3 on the 5000 (it's a quad processor machine ) it panic's saying, panic: pmtimer_indentify Has anyone seen this before. As near as I can tell it involves the power management of the computer. Only there isn't any in the bios. Doing a verbose logging on the system I noticed that it has just finished scanning the ISA bus and found nothing. Then it panic's. I would appreciate any thoughts that the community might have. Have you tried turning off ACPI in the install? Ok, when I boot the menu has default and then the second choice is to install with ACPI turned on... Tried that one and it progresses just a tad further. It reports: Orm0: ISA Option ROMs at iomem 0xe8000-0xedfff,0xc8000-0xcbfff,0xc-0xc7fff on isa0 Pmtimer0 on isa0 Then the computer freezes at that point. What else could I tell you about this machine? 4 X 200MHz processors. 512Mb RAM Scsi hardware raid controller. That may be your problem. If the system has an EISA raid array card you cannot install FreeBSD on it. There is a bug in the compaq raid driver it won't work on eisa. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Proliant 5000
-Original Message- From: Greg 'groggy' Lehey [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 10:09 PM To: Ted Mittelstaedt Cc: Brad; Lowell Gilbert; freebsd-questions@FreeBSD.org Subject: Re: Proliant 5000 4 X 200MHz processors. 512Mb RAM Scsi hardware raid controller. That may be your problem. Depends on the RAID controller. Both my machines have RAID controllers (2DH). See http://www.lemis.com/grog/diary-dec2004.html#10: it seems that 5.1 panicked. I'm pretty sure I had no trouble with 5.3, though. If the system has an EISA raid array card you cannot install FreeBSD on it. There is a bug in the compaq raid driver it won't work on eisa. I don't think these machines are *that* old. Greg, yes they are. Here's a writeup on the 5000: http://www.winnetmag.com/Windows/Article/ArticleID/159/159.html Brand new these were $60K according to the article. It's pretty good example of hardware depreciation that something that currently sells for $50 on the used market: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=56106item=5747562 471rd=1 once cost $60K. Incidentally, if you have a copy of Solaris 2.5.1 x86 around, these still make nice little servers - if you are willing to spend the 20+ hours or so needed to install Solaris+patches+gcc+whateveryouwanttorun. If he has an EISA raid card in there he can replace it with one of these: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=56091item=5747208 198rd=1 which will probably boot FreeBSD just fine. Brad, incidentally, I understand that the Linux driver for the Compaq smart array card does speak to the EISA cards, so if you just absolutely don't want to put any more money into this, you can try Linux on it. I don't mean to send you away, that auction lists $4 for the raid card that should work. But I do understand that there are folks who wouldn't even spend the $4. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Proliant 5000
Greg 'groggy' Lehey wrote: http://www.winnetmag.com/Windows/Article/ArticleID/159/159.html Yes, this is about the age I was expecting. The specs are pretty close to my 6500. I didn't realize, that the older RAID cards were EISA, but it's not clear from the article whether they were shipped with the 5000. No it isn't clear - thing is though that most of those servers were sold by VARS (the sister company of the ISP I work at used to be a Compaq VAR and now is an HP VAR) and there was no default factory configuration because the VAR was supposed to analyze the customer's network and quote the appropriate parts. Unfortunately however as you might have guessed the PCI cards were at least a grand more than the EISA cards and so customers being customers, far too many of these were quoted and built with the cheaper EISA card. Many also were upgrade sales of older Compaq 4500's and they just sold the chassis and cpu's and ram, and moved the disks and raid card wholesale from one to the other. If he has an EISA raid card in there he can replace it with one of these: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=56091it em=5747208198rd=1 Look at the shipping costs. That's another $13 before you get started. Damn, there goes the pizza money... :-) And to think I actually bought a CGI card back in 1985 for $50!!! Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Access denied for user 'root'@'localhost' (using password: NO)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Technical Director Sent: Wednesday, February 02, 2005 8:15 PM To: Positive Negative Cc: freebsd-questions@freebsd.org Subject: Re: Access denied for user 'root'@'localhost' (using password: NO) Positive Negative, You might seriously consider not using '[EMAIL PROTECTED]' as well I would bet 10 to 1 that he's installing an application that already is designed NOT to use the mysql root user to access it's database. This is a case of someone who isn't understanding the design of the app he's setting up. It worked only because he was running an out-of-box sql server install which had nothing for a root password. He probably misread the instructions and used root instead of the username that he was supposed to use. since most php scripts read the username/password information in clear text on a nobody:nobody read filesystem. IOW other people can read your files. Do you run php database driven apps on the same server as you use to provide shell services? I don't. If the webserver is configured right it won't allow remote clients to read the scripts, only execute them. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Disk Label Problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Doug Hardie Sent: Wednesday, February 02, 2005 6:33 PM To: f-questions List Subject: Disk Label Problem I have a system with two SCSI disks. da1 has a complete working system on it that I need to clone onto da0. Quit screwing around with sysinstall and use dd, if da0 is larger than da1 you will have no problem (of course you will lose the extra space on da0 but you did say you want to clone them. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: xhost +localhost
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gert Cuykens Sent: Wednesday, February 02, 2005 6:20 PM To: Chris Hodgins Cc: freebsd-questions@freebsd.org Subject: Re: xhost +localhost Don't want to be rude but do you have a specific reason for running xscreensaver as root? Chris Well the reason is very simple actuale lets pretend we have a user gert. User gert has alot of pictures and music stuff phone numbers user gert dont want does things to be gone. Somebody hacks user gert because user gert uses a screensaver. And the hacker deletes all files. User gert is not happy because he lost everything. Do you think user gert gives a chit that the system was untouched because the hacker did not had root permission ? For me its wrong to think user accounts are not importend because they do for the average window xp single user. They dont care about viruses infection on there system reinstalling everything they care about there files. So if sreensaver is a securty risc as root i doesnt mean its not a security risck for a user account. The only differens between a root and user should be that users can not read or mess with other users files. The security sould be EXACTLY the same. So if root can not run a screensaver then the users can also not run a screensaver. While all of this is very interesting academic, if user Gert is dumb enough to leave the console of his UNIX system accessible then user Ted can come along and power cycle it into single user mode and wipe his disks whether he has the root password or not. Or, are you assuming that the 'bios' passwords in the typical PC are immune from 60 seconds of CMOS battery removal? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: gtar failing, please help!
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Bear Sent: Wednesday, February 02, 2005 5:22 PM To: freebsd-questions@freebsd.org Subject: Re: gtar failing, please help! for me, my experience down scsi tape units and freebsd has been a road into the black abyss. I've finally got the tape dumps to work -- but it took many hours of trial and error. btw, I wonder how many tape unit users get burned by the fact that they don't test their tapes -- and when they need the tape find that it was bad.. Probably lots - I always use the compare switch in my tar backup scripts to avoid that. Have you ever had the un-pleasure of working with Sun's tar, though? no compare switch, and the kernel only reports tape block errors to the console. (assuming your lucky enough to have a tapedrive that reports errors back to the kernel that the kernel understands) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: apache13_modssl + mod_php4 + php4-extenstions + mysql323-* +myphpadmin = ...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ken Hawkins Sent: Wednesday, February 02, 2005 12:55 PM To: Ken Hawkins Cc: Ken Hawkins; freebsd-questions@freebsd.org freebsd-questions@freebsd.org Subject: Re: apache13_modssl + mod_php4 + php4-extenstions + mysql323-* +myphpadmin = ... ok a bit of tearing around yields this: [web1:etc/apache/logs] root# find /usr \* -print | xargs grep -l bindtextdomain grep: /usr/bin/suidperl: No such file or directory /usr/local/man/man3 /usr/local/man/whatis /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Locale/gettext/g ettext.so /usr/local/lib/perl5/site_perl/5.8.5/mach/Locale/gettext.pm /usr/local/lib/libintl.a /usr/local/lib/libintl.so [web1:etc/apache/logs] root# find /usr \* -print | xargs grep -l mysql_pconnect grep: /usr/bin/suidperl: No such file or directory /usr/local/lib/php/20020429/mysql.so /usr/local/include/php/ext/mysql/php_mysql.h where I am failing the functions are there I think that i have hosed my php.ini file which the include_path is: include_path= ./:/usr/local/lib/php/:/usr/local/share/pear/bootstrap/:/usr/lo cal/www/data/psw/include/:/usr/local/www/data/psw/mods:/usr/loc al/www/data/mod:/usr/local/www/data/psw/polls/:/usr/local/www/d ata/polls ; UNIX: /path1:/path2 Windows: \path1;\path2 what should the entries be for this? I take it that the install from a port will not overwrite the php.ini file if it is found and this could be a hangover from an old install. anyone know what the include_path should look like? Hi Ken, I just got done installing Horde/IMP and I hate to tell you but php.ini doesen't even exist. From the looks of it the ports people got together and worked out an alternative way of specifying variables for php instead of using php.ini. Probably to avoid the problems that you mentioned of ports overwriting php files. any help is greatly appreciated as I am ready to tear it out and go again Well, here's how I did it: 1) Install apache cd /usr/ports/www/apache13-modssl webmail# make install cd /usr/local/etc/apache/ssl.csr openssl req -new server.csr cd /usr/local/etc/apache/ssl.key openssl rsa -in ../ssl.csr/privkey.pem -out server.key cd /usr/local/etc/apache/ssl.crt openssl x509 -in ../ssl.csr/server.csr -out server.crt -req -signkey ../ssl.key/server.key -days 365 vi /usr/local/etc/apache/httpd.conf around line 1124 in the: ## ## SSL Virtual Host Context ## group, comment out ServerName new.host.name (apache can determine it's own name on boot) and change ServerAdmin to [EMAIL PROTECTED] cd /etc vi rc.conf add in: apache_enable=YES apache_flags=-DSSL apache_pidfile=/var/run/httpd.pid reboot server to make sure it starts 2) Install mysql cd /usr/ports/databases/mysql40-server make OVERWRITE_DB=yes install this installs both the server and the client libraries and links them together Mod /etc/rc.conf and add: mysql_enable=YES 3) Install PHP4 cd /usr/ports/databases/php4-mysql make install this installs php4 and ties it into the SQL server The httpd.conf file must also be modified to add the following: AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps 4)...from this point on everything else is IMP/Horde specific. but I think now you could install myphpadmin and it would work fine now. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: apache13_modssl + mod_php4 + php4-extenstions+mysql323-*+myphpadmin = ...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas Foster Sent: Thursday, February 03, 2005 1:54 PM To: Ken Hawkins; freebsd-questions@freebsd.org Subject: Re: apache13_modssl + mod_php4 + php4-extenstions+mysql323-*+myphpadmin = ... I would think that you need to have a PHP.ini... I can assure you that you don't. you would not be able to enable/disable certain features without it.. That is probably true - but that doesen't mean you need it. I installed PHP 4.3.10 from ports today on another machine to check what youre saying.. and the PHP.ini was placed in /usr/local/etc/.. It shouldn't have been - the php installation always places php.ini-dist there, it's up to you to modify it and rename it php.ini Your other machine probably wan't a clean install. I can tell you that the system I have Horde/IMP running on right now has no /usr/local/etc/php.ini file in it yet php is picking up the horde include_path from somewhere. so I am not sure what youre running into Neither am I. I was always used to having to modify php.ini in the past on previous horde/IMP installs. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ssh default security risc
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Giorgos Keramidas Sent: Thursday, February 03, 2005 10:01 PM To: Gert Cuykens Cc: freebsd-questions@freebsd.org; Chris Hodgins Subject: Re: ssh default security risc On 2005-02-04 01:04, Gert Cuykens [EMAIL PROTECTED] wrote: On Fri, 04 Feb 2005 00:05:34 +, Chris Hodgins [EMAIL PROTECTED] wrote: True but the point is without the ssh root enabled there is nothing you can do about it to stop them if they change your user password What user password? You are using SSH keys, as many have noted in earlier posts of the thread, right? :P Seriously now. What gave you the crazy idea that having local access as an unprivileged user means that automatically you are also root? Effort is *still* needed. Effort that the average Joe Random Cracker is _NOT_ going to spend. You may also want to consider than having SSH enabled for root means there is only ONE step at becoming root from any remote location. Having to SSH as a user first, with the right combination of SSH keys and passwords, and then use su(1) with yet another password is at least one more step. Why is the first, 1-step procedure safer than the second? I think I'm going to interject a few things here to this discussion, which has turned into a rediculous religious argument. In answer to your question about a 1-step procedure safer than the second, well as a matter of fact there are circumstances when it is. For example: 1) When the ssh install that permits root login is using ipfw or tcp wrappers to restrict incoming ssh to a defined IP address, compared to a ssh installation that doesen't permit root login that allows incoming ssh from any IP in the world. 2) When the ssh install that permits root login is using an authorized keys file that only permits the root user to ssh in from a host defined with a canonical name, compared to a ssh installation that disallows root login and doesen't restrict by hostname for ordinary users. 3) When the ssh install that permits root login has a /root/.ssh/rc that specifies a specific command that exits and closes the session after being run, and blocks all ordinary users from sshing in, compared to a ssh installation that doesen't permit root login that allows ordinary users to spawn a shell. Now, these are just 3 examples I can think of off the top of my head. And I'm sure your going to squawk dirty pool, and claim that you wern't meaning these 'spechel cases' that are exceptions, excuse, excuse, excuse. The point is that making blanket inferences like your doing, such as that disabling root ssh is always more safer than allowing it, is very risky. There are -very few- instances in computer security where a blanket statement always applies. Each scenario must be analysed independently, with an eye to -every possible vector- that an attacker can take. I repeatedly see lots and lots of times on this list people bragging about constructing these byzantine security blankets for remote access to their servers, and at the same time bragging about being too much a cheapskate to bother paying the few bucks a month to their ISP to get a static IP assignment for their clients, as if the entire paradigm of access list restrictions somehow doesen't exist. Not to mention that even without a static IP assigned to your home or other locations that you normally ssh in from, it's pretty simple to block off huge chunks of the Internet, particularly blocks assigned to Red China, where a huge amount of cracking and spamming originates from. Well let me tell you this, if your idea of securing your machine is to follow a few axioms that you picked up here and there, then good luck. The day that the thief makes off with your laptop/desktop/whatever that you left behind a door that you accidentally forgot to lock, or the joker down the hall gets the worn out backup tape out of your garbage that you didn't bother to erase, or the cracker installs a remote control program with a keyboard logger on that Windows box in the lab that you run Putty on every once in a while to get into your own systems, you are going to come to the sudden realization that you really didn't know anything about what you were thinking. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: MySQL query tool and Administrator
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Schmehl Sent: Thursday, February 03, 2005 2:19 PM To: Damian Sobieralski; freebsd-questions@freebsd.org Subject: Re: MySQL query tool and Administrator Go to /usr/ports/emulators/linux_base/ and install the linux emulator port. Then you can install the query browser. I've played with it a little. It works OK but tends to core occasionally. My God Paul, this is FreeBSD we are talking about, not Windows!!! Granted he will need the Gnome desktop installed since it calls for glib-2.0 and libxml-2.0 but the source is at the URL he gave, download it, unzip it, untar it, cd to ~mysql-query-browser and run configure then make and make install. No wonder you found it unstable. Since when does anyone run a Linux binary of a program that has source available?!?!? shaking head Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: license terms
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Diener, Michael Sent: Thursday, February 03, 2005 11:15 AM To: freebsd-questions@freebsd.org Subject: license terms If someone is using FreeBSD and 4.4BSD, are the FreeBSD Copyright and 4.4BSD Copyright the only agreements that apply? The legal page has links to GNU licenses, so it is not clear if those licenses also have some applicability, or in what cases they might apply. Thanks for any help you can give. The ONLY time that the GNU licenses have any effect at all on what your doing is if your building a software product that contains code that is under the GPL that you intend to redistribute. There's no license applicability of either license if all your doing is just running FreeBSD as a server or such. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: email and messanging
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean Murphy Sent: Thursday, February 03, 2005 9:41 AM To: freebsd-questions@freebsd.org Subject: email and messanging Is there a project that anyone is using that has the features of groupwise, openexchange or exchange? Features such as calender/todo list that other users can add to another users, public folders, etc... http://www.horde.org Be warned, while it's in the FreeBSD ports collection, the ports collection only gets you about 90% of the way to having it up and running. It is also every bit as complex to configure as MS Exchange is. If you have never worked with Horde or mysql, plan on spending a week on getting up and running on the administration of it and read -every bit- of documentation on it. But once you do get it online it is well worth it. The interface on the latest stuff is every bit as slick as the interface on Exchange. http://www.opengroupware.org/ This is another effort which, like Lotus Notes, has everything but the kitchen sink stuffed into it and is as equally incomprehensible. Phrases in the description like: provide access to all functionality and data through open XML-based interfaces and APIs I am not sure I even understand. What it appears to be is the idea that you build this thing and stuff it in in place of your Exchange server, then use all the free Outlook clients that come with MS Office to connect to the server and provide front ends. Thus you get the benefit of the slick MS interface and software at the user end, along with the benefit of not having to spend a pile of money on Microsoft CAL's and a mountain of money on an Exchange server. I'm not sure I completely agree with this approach - I'd rather see no dependencies on Microsoft's front ends - but I suppose denying Redmond their $10K for a piggy server is a good thing. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ssh default security risc
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Giorgos Keramidas Sent: Friday, February 04, 2005 12:09 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: ssh default security risc [snip great advice about securing ssh access] I was (perhaps not so) obviously referring to all other things being equal, allowing ssh access to a plain user is safer than allowing direct ssh access to root. Much better - and such a statement is an academic, (not a religious), comparison - which is where the discussion should be. Unfortunately the OP - in typical troll fashion, although I'm not accusing him of being a troll - yet - provided absolutely no details of what the heck his environment was or what he was really doing - which usually lays rich ground for the discussion to spin out of control. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 3.2
Greg, forgive the top post, If you are a volunteer then you can do what you want - what are they going to do, fire you? Har har. Seriously - from a legal perspective you have absolutely no obligation to follow their restrictions unless of course they were smart enough to have you sign a piece of paper before they let you in the door. No contractual relationship exists between you and them now, you can ignore what they tell you to do with impunity as long as you don't break any civil laws, ie: theft, malicious mischief, etc. All they can do is tell you your not welcome in the door anymore. If nobody at the school knows anything about FreeBSD then they won't know the difference between 3.2 and 4.11. What does this system boot into - a console with a login prompt on it. Do you think 4.11 will be any different? I cannot imagine in any case that this server, as old as it is, is running on any special hardware. I would bet that I have better hardware in my scrap pile in the basement than this server. You probably do too. If you try running 3.2 your just going to set yourself up for failure. My guess is that this is probably what they want. They have this old server in the corner that whomever is in charge of their network hates, that person wants it to crash and burn to have an excuse to get rid of it and spend the money on a nice new Windows box. You are just helping this person out by giving him a breather so he can work on windowizing some other system, once he gets done with that one your FreeBSD 3.2 system will be gone quicker than grapes through a goose. To be perfectly honest you really need to rethink your help. There's probably a dozen other charities in the area that have worse need than this ungrateful school, and would happily let you upgrade to a current FreeBSD version which wouldn't be a nightmare for you to administer. Take it from me I'm an old hand at volunteering. Volunteers bring their talents to an organization because the organization needs their assistance. It's not the other way round. The second the organization stops valuing the volunteer is when they start telling the volunteer that they don't need the volunteer's efforts, and that the volunteer can only stay on if the volunteer does it the organization's way. But what you and the organization appear to be missing is that this kind of a relationship isn't a volunteer relationship - it's an employer/employee relationship. Now I am not saying that all charities out there just wouldn't love to have a raft of volunteers come in that they can boss around and tell exactly what to do. What I am saying is that charities that actually do this generally find quite quickly that they have no volunteers left. About the only ones that can get away with doing it this way are political campaigns, or charities like hospitals that people volunteer for because they want it to look good on a resume or some such. Everyone else, if they want to maintain a raft of volunteers, they cannot play the control freak card, they have to give the volunteers that they get, some leeway. Believe me, there's far more organizations looking for volunteers than volunteers looking for organizations. If you are willing to donate your time, your a valuable commodity - and if this school wants to get the free labor, they can't put these kinds of self-defeating restrictions on your efforts. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 03, 2005 5:12 AM To: Andrew Lewis; freebsd-questions@freebsd.org Subject: Re: FreeBSD 3.2 Yea, that is in the works, here is alittle more info, the school that I am working with is moving mostly to winblows, and they do not have anyone to support the BSD machine or linux machine that they have. So the nice guy that I am, I am donating my time to the school to work on the servers and some of the sites. I got them to let me keep some of the websites on the BSD server so that I can have better control over the sites and software. But updating is out of the question at the momment because of policy and budget so I have to work with what I have at the momment. Only thing that I can do is add software at this time. That is why I need the info for FreeBSD 3.2 Greg On Thu, 03 Feb 2005 12:28:56 + [EMAIL PROTECTED] wrote: At this momment I am not allowed to up date from FreeBSD 3.2 to another version, this machine sits at a school and there policies are slow Time to suggest a change of policy. ;) Suggest that they need to keep the server current; that you need to do a full upgrade on another drive; pop that drive into the existing server; resurrect the bits you need keep that installation current! No-one's going to make you, but long-term this is a more sensible policy. ;) -AL. ___ freebsd-questions@freebsd.org mailing list
RE: Docs for Berkeley Make?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jonathon McKitrick Sent: Thursday, February 03, 2005 7:12 AM To: Greg 'groggy' Lehey Cc: freebsd-questions@freebsd.org; Ted Mittelstaedt Subject: Re: Docs for Berkeley Make? On Wed, Feb 02, 2005 at 01:23:23PM +1030, Greg 'groggy' Lehey wrote: : Older revisions of the O'Reilly book cover the Berkeley make. : : No, unfortunately not. Firstly this is a completely different book, : and secondly the old (Oram/Talbott) book also didn't cover Berkeley : Make. There's a little in my book Porting UNIX Software (out of : print but available at http://www.lemis.com/grog/PUS/. It's not very : much, though. Thanks for the link, I'll check it out. I have a new project at work which will be developed under Linux, and I was hoping to write makefiles that would work under both OSes using the same make command. But now I'm not so sure that will work. I don't understand why BSD make and GNU make diverged so much. They didn't diverge. Both have a set of core commands that they understand. The difference is in the extra candy, which you really don't need or want to use anyway, unless the project becomes gigantic. There's only a handful of open source projects out there which justify the extra fancy crapoola in GNU make, in my experience. Unfortunately there's far too many of them that require gmake simply because the programmer became enamored of some gimgaw in gmake that had a high coolness factor. It is really sad to see software that consists of about 10 source files, that has a makefile that's so non-standard that it requires gmake. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Access denied for user 'root'@'localhost' (using password: NO)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Technical
Director
Sent: Thursday, February 03, 2005 3:47 AM
To: Ted Mittelstaedt
Cc: Positive Negative; freebsd-questions@freebsd.org;
Technical Director
Subject: RE: Access denied for user 'root'@'localhost' (using password:
NO)
On Thu, 3 Feb 2005, Ted Mittelstaedt wrote:
Do you run php database driven apps on the same server as you use to
provide shell services? I don't. If the webserver is configured
right it won't allow remote clients to read the scripts, only execute
them.
Ted,
Shared hosting sites, in my experience anyways which I will
grant doesn't
mean much, is that your ftp access gives you:
-rw-r--r-- {$your_name} {$web_group} somefile.php
where {$web_group} is a common group that everyone belongs to and other
is always readable just cause it's easier leaving the
file/directory mask
as is.
Yes I see. I might also submit that the ISP dumb enough to give a
customer the root userID and password on the mysql server that
they are running on that shared server deserves what they get.
Meaning that if you can cd to some other users dir you can
read that file.
As well, in the case of php at least, web use of php does not
require the
execute bit to be set at all, only the read bit.
Yes, that is a good point - but I wasn't referring to that though.
The webserver should know that if it's got a .php extension that
it's supposed to run the file, not give it out plaintext to some
remote bozo with a web browser.
Again I speak for web use php scripts.
It is true that if you have a shared server setup with php, and you
are selling/giving/whatever customer access to php on this server,
that a customer foolish enough to have a php script setup world-readable
that has his database name and userID and password in it,
is basically allowing any other customer that has access to this
server, access to his database. And that other customer through
ignorance
or malice could wipe out the first customers data. Of course, this
doesen't compromise any other customers database on that mysql server
a we are presuming that the ISP has issued individual userID's and
passwords for each database to every customer. (NOT the root password)
Speaking as an ISP I would say if this happened to one of our customers
I would pretty much have the attitude of too bad, not our problem
as this would have meant that the customer with the trashed database
would have not actually bothered to read the information packet we
gave to him when he first requested php access on his shared site.
I think most other ISPs would have the same attitude. We're a nasty
bunch.
To me, [EMAIL PROTECTED] pretty much implied that the poster was
managing the mysql server. I cannot imagine him having this
kind of access on a shared server. (at least, not on one that was
run by any halfway competent ISP that is)
Actually as a point of fact about once a quarter I have a customer
e-mail me that he thinks that we must not have any security on our
shared webserver since he can do a cd ../ then ls -l and see everyone's
files. (we give shell access on some of our shared webservers) That
is the time I explain that it's really none of our business if a customer
chooses to exercise their right to NOT change the permissions bits
on their files. That usually quiets the smart guy down
espically after I explain that he's quite obviously chosen not to
change the permissions bits on his own files as well. :-)
Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: seems there is some problem with load
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Akhthar Parvez. K Sent: Friday, February 04, 2005 12:49 AM To: [EMAIL PROTECTED] Subject: seems there is some problem with load Hi All, I have recompiled kernel to include SMP. Thereafter, I can see the load is greater than or equals 5 at any time. I can see that system is taking above 50% of server resources in this server. CPU states: 5.8% user, 2.1% nice, 51.7% system, 4.8% interrupt, 35.5% idle Mem: 1716M Active, 1056M Inact, 354M Wired, 121M Cache, 199M Buf, 240M Free Swap: 2048M Total, 1068K Used, 2047M Free I have never seen that system uses above 50%, in my other server, it's near 2%. Any idea?? Here's the output of top on my FreeBSD 4.11 server with dual PPro 200Mhz CPU's: last pid: 94053; load averages: 0.00, 0.00, 0.00 up 204+12:21:41 01:54:03 33 processes: 1 running, 32 sleeping CPU states: 0.2% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.8% idle Mem: 78M Active, 13M Inact, 25M Wired, 3896K Cache, 22M Buf, 2684K Free Swap: 241M Total, 211M Used, 30M Free, 87% Inuse I suppose this must have some meaning to you? How about an OS version for your OS at least? Better yet would be a complete description of what the hardware is, what the OS is, the kernel file you used to recompile with, and what your doing with this server. We are God's, but we aren't mindreaders. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chris Hodgins Sent: Friday, February 04, 2005 2:17 PM To: Erik Norgaard Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: favor No. You could however request that your own pages/articles are removed as you would be the legal copyright holder for those.I think. ;) No actually you can't, you don't have legal basis for this. If you post on a public forum, by implication you are giving that forum permission to publish your copyrighted material. Since at the time of publication of that post, the FreeBSD mailing list was being archived, you also by implication gave your permission for FreeBSD to put it into their archives. These are first publication rights and once you give them out you cannot get them back, because after publication they don't exist any longer. By analogy, I write a book and give Addison Wesley permission to publish it, well I can get the rights to -future- publication back from them (if I pay them) but for the books that are out there, the purchasers of them have a legal right to possess copies of my work, regardless of whether I have changed my mind or not, since they purchased the book when AW still had rights to publish. The only thing that Valerie Andrewlevich, as a copyright holder of her posts, can do is block 3rd parties such as Google or other search engines from re-publishing her copyrighted material - ie: her post - becase in her initial post back in 2003 she never gave permission for Google to republish her material, and Google and other search engines all republish under Fair Use doctrine. (which basically means you cannot sue them for publishing your work as long as they stop publication the second you inform them that their rights to publish under Fair Use are terminated, and as long as they have published in a way that doesen't slander or otherwise impunge your good name) And of course, all of this goes out the window if the use of the copyright is for satire - as the courts have held that satire is constitutionally protected, and that it's reasonable to assume that a satirist would never be able to get permission from a copyright holder to publish their work. Which means I can say Valerie sounds like her kids aren't keeping her busy enough as she has so much time for looking at search engines, followed by an excerpt of her original post, and I have legal right to do it and she has no right to stop me, because such a statement is satire and thus protected. I think the point the OP was trying to make is that he would not like those posts to appear at all. :) He is a She, unless Valerie has suddenly become a boy's name, and she quite obviously shows a shocking lack of knowledge about how much effort that she is asking the archive manager to go to, just to satisfy her ego. I might also point out that that list of churches on www.momsandkids.org is also undoubtedly published under Fair Use, I doubt the site managers got permission from every one of those churches to link to them. I sure hope she isn't affiliated with them - sauce for the goose and all that, you know. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Friday, February 04, 2005 7:40 PM To: freebsd-questions@freebsd.org Subject: Re: favor Ted Mittelstaedt writes: TM If you post on a public forum, by implication you are giving that TM forum permission to publish your copyrighted material. No, you're not. Yes you are. What do you think publishing is? And quit shooting from the hip before you read the entire post as I already explained that that any other type of publication external to the forum ... and that includes mirroring on a Web site archive is not covered under the first publishing rights you granted to the public forum but rather under Fair Use. No, you didn't, unless joining the forum required you to _explicitly_ agree to these terms. Yes you did. Laws on publishing are pretty clear. If you go carrying a sign in a public place in order to get it captured on film - such as at a political rally that Channel One news is filming - then later on switch parties then you cannot go back to Channel One and demand they airbrush your sign out of their archives. Why do you think that Channel One doesen't go getting consent signatures from every one of the 1000 people at the rally? Nobody gives out these rights by posting to a forum. Sorry but yes they do. If what you say were true, you could walk into a photography museum, take pictures of the photos, and publish those pictures. In fact, this is normally an infringement of copyright. Only if photographs are prohibited. And in just about every museum out there photographs ARE prohibited, as a matter of fact, simply for this reason. Even if a guard doesen't come running up to you, the facts are that you have no permission to take the photograph, thus no right to publish it. Many museums do take a reserved approach to where they will not come running up to you and take away your camera, but you still don't have rights. But I have been in a number of museums - the Guggenheim in NY, the British Museum in London - where the guards there will indeed come running up to you. The British Museum in fact has Photography prohibited placards next to EVERY one of their master paintings just so as to make sure that THEY get the revenue from sale of images of their paintings, not you. HOWEVER there are PLENTY of places - such as the inside of many churches for example - where photographs ARE permitted. In those cases you are perfectly permitted to take a picture of artwork in the church and then go publish it all you want. Of course everyone else is too so the facts are that no magazine or periodical is going to buy your pictures because if they want a picture too they can take them themselves. TM The only thing that Valerie Andrewlevich, as a copyright holder TM of her posts, can do is block 3rd parties such as Google or other TM search engines from re-publishing her copyrighted material - ie: TM her post - becase in her initial post back in 2003 she never gave TM permission for Google to republish her material, and Google and other TM search engines all republish under Fair Use doctrine. The applicability of fair use to Google's republication has not been established by jurisprudence, AFAIK. Yes, I am aware of that - IN THE UNITED STATES - laws differ in other countries though. As an author of course you ought to know that I am on the side of electronic publishing being considered the same as print publishing. I think that every sane person in the country that really understands these issues is also. Naturally the electronic content creators are continually trying to get laws into place that consider e-publishing as some sort of special publishing exempt from the First Amendment. Is that what YOU want? Until case law has defined e-publishing as under First Amendment rights it is in that grey area of could be interpreted one way and could be interpreted the other. I am SQUARELY in favor of interpreting it under First Amendment rights which include Fair Use, which is why I came down on poor Valerie like a ton of bricks, because what she is doing sets a dangerous precedent that has implications far, far beyond her piddly little website, or for that matter beyond our piddly mailing list. Sooner or later there will of course be a court case on this. If you want to count yourself on the Dark Side then go ahead and keep yapping that posts aren't publishing. I hope one day that you end up in North Korea or China where there are no First Amendment rights for any kind of publishing, book or paper or e-publishing. Then maybe you might understand how important it is to keep fighting for them. Therefore until a court says otherwise, Google has Fair Use rights. Period. You disagree - go find a court to back you up and come back here when you do. You might also consider that how the e-publishing community treats this issue - as we are doing right now
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Hauber Sent: Friday, February 04, 2005 9:31 PM To: freebsd-questions@freebsd.org Subject: Re: favor On Friday 04 February 2005 11:52 pm, Anthony Atkielski wrote: Mike Hauber writes: MH Not wanting to jump into this, because I think the whole of the MH argument is ridiculous... But, in a nutshell... Aren't you MH trying to make the same argument that SCO is trying to make? I'm not familiar with SCO's argument. The principles of copyright have existed for a long time. People seem to think that the Internet is somehow a copyright-free zone, where anyone can do anything, but that just isn't the case, as accumulating jurisprudence proves. MH (all due respect, of course) I just don't see the validity of I MH don't care if the code was legally released to the open source MH communities eons ago! I don't care how much time and effort has MH been spent building on it. It's mine and I want it back! Explicitly releasing something and implicitly releasing it are two different things. In general, one never implicitly relinquishes a copyright. In some domains of IP, this happens: the failure to actively defend a trademark can cause it to be lost, for example. But copyrights remain, even if nothing is done to defend them, and copyrighted material is never implicitly licensed to anyone. If I were to send you an email and a header (or signature) stated that you were not privy to the contents of the email, then you could be in serious trouble. By sending the email to you, I am implying that you are allowed to view it. Correct. On a public forum (such as this) where there is growth, it is logically implied (if I have any sense) that if I were to post to this forum, it would not only be available on the mirrored lists, but on the future mirroring lists as well. I would be foolish to assume otherwise. Mike, this is where the crotch of the matter is. Anthony is from the camp of people out there who want to have the law make the rediculous assumption that ALL posts on public forums are absolutely positively verifyable. The case law he's talking about is arising from incidents, mainly right now on stock trading forums and such, where a poster has repeatedly posted verifyable information of who he is to the point that everyone trusts that postings made that contain his 'stamps' are indeed from him - the poster then one day posts some copyrighted trade secret that causes a stock run or some such - someone loses hundreds if not thousands of dollars - then next thing you know the lawyers are in there. However if an incident occurred where one day a post appeared on one of these stock forums from a poster that nobody has ever heard of before, that was attributed to Mr X, that contained copyrighted trade secrets of Mr Y, then the poster never appeared again, there's extremely little chance that Mr. Y could successfully sue Mr X if Mr. X were to claim he'd never heard of such a forum or of Mr. Y before. Of course such a post probably wouldn't be believed by most of the investors on the forum, so it's doubtful that it would have any effect. Now you see the dilemma of Mr. X in these situations - to cause trouble, he has to implicate himself beyond a reasonable doubt, - which makes it easy to sue him and win. Thank God that so far in this country the courts aren't run by people as stupid as to not be able to distinguish the facts of these matters. Anthony does have a few things right but he's stirring in a lot of wishful thinking with a few facts. Yes, everything is copyrighted. Yes, if I make a post I'm not giving my copyright up to the forum. But NO, that doesen't mean the forum has no right to publish. That is why there are such things as a right to publish and it is different then the copyright. Also keep in mind that a LOT of the copyright activity we are seeing is over the issue of software copyrights - because way back a long time ago there was no body of law available to protect against software piracy, so the software vendors decided to use the fiction that their software was the same thing as a book or painting, thus making it elegible for copyright status. However most folks in the business realize the problems of this and the software industry is working on creating an entirely separate legal animal called a software license that contains some good bits out of copyright case law, and some good bits out of product patent law. The difficulty is that while copyright has the Berne convention that is globally effective, software patenting and licensing has no such global agreements. So we are going to see that tie in with software and copyrights for a good long time yet, maybe another century even. Just don't get the idea that some of the stuff that has come out of that effort - like the DMCA - are going to get applied to copyrights on
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Norgaard Sent: Friday, February 04, 2005 11:35 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: favor Mike Hauber wrote: Fact is, the cats out of the bag, and I have yet to meet a cat that likes bags. :) I went on radio some years ago, now I realize that the radiowaves are about to hit alien civilizations. Too late, I understand the Queen of Golgafrinchin heard you and thinks you sound delicious, and is on it's way here for a bite. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 3.2
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chuck Swiger Sent: Friday, February 04, 2005 10:34 AM To: Ted Mittelstaedt Cc: [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: Re: FreeBSD 3.2 Ted Mittelstaedt wrote: [ ... ] Seriously - from a legal perspective you have absolutely no obligation to follow their restrictions unless of course they were smart enough to have you sign a piece of paper before they let you in the door. No contractual relationship exists between you and them now, you can ignore what they tell you to do with impunity as long as you don't break any civil laws, ie: theft, malicious mischief, etc. All they can do is tell you your not welcome in the door anymore. Ted, it's better to give no advice than bad advice. This is especially true when the issue is a legal matter, and you are not a lawyer. Oh I always love these kinds of statements. Even if I am a lawyer (which I'll say I'm not, to save you from arguing that I am not) guess what - unless I'm retained by you or the OP for the purposes of giving legal advice, even as a lawyer, my advice has no legal significance whatsover. Yes, that's true - a lawyer's advice has no significance - unless paid for. I am qualified here on this topis as an expert witness however, and as a matter of fact, lawyers pay people like me to explain how laws like this apply to the real world. And of course I'll also gloss over the whole issue that your implying that laws are uninterpretable by the average person unless they are a lawyer. Riiggghhttt. So I guess you get a lawyer every time you get a parking ticket, eh? ;-) See 18 USC 1030: http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_ 1030000-.html Interesting cite, let's look a bit more closely though: (a)(1) having knowingly accessed a computer without authorization He has authorization to -access- the computer. Note that access is not spelled out as a definition in section (e) (a)(1) or exceeding authorized access OK, so here we have something - as you could argue that updating the system is exceeding the authorized access on the machine, right? Except that, continuing on in this section: and by means of such conduct...unauthorized disclosure for reasons of national defense Ok, so section (a)(1) isn't applicable. So continuing on: (a)(2) exceeds authorized access, and thereby obtains-... information from any department or agency of the United States I'll skip (a)(2)(a) and (a)(2)(c) as they obviously aren't applicable. So it sounds like you might have a case here - except for one problem, that a backup-reformat-reinstall isn't accessing information in the computer over and above his authorized access. I'll admit this is a grey area and can be argued both ways - but bear with me and follow along. He obviously has permission for a certain level of access already on this machine. If he's administering it, as he says he is, then he has permission to access stuff like the root account that controls all settings and configuration of the system, ie: the environment of the system. Now here is the catch. The OP as administrator of the system has permission to access all the bits he needs to be able to effect a backup, reformat and install of a new version of FreeBSD. He has this because it's the same dataset of information that as administrator he already has permission to access. He does not really need to know anything about the data inside the FreeBSD environment. In short, the OP hasn't actually obtained information here. He's just taken the information inside the environment and shoved it aside, did some administrative things (the reformat) then brought the information back. Just like a blind man moving eggs around in a box, he's obtained no information about what's inside the eggs. Now you may argue this, but clearly the intent of the law of section (a)(2)(b) is that the person has obtained information for some sort of use. Maybe he wants to sell it, maybe he wants to just look at it. However you slice it, the law appears to intend that the information obtainer once they have obtained the information, they actually know what the information is. The OP when doing a reformat operation to update the system, he doesen't actually know what the information really is. So, I don't see how you can argue that he obtained information, so that this section applies, but feel free to do so. So, (a)(2) isn't applicable either. Let's continue on: (a)(3)without authorization to access any nonpublic computer ... such conduct affects that use by or for OK, so you could argue that a repair operation would affect the use by or for And that is true - it could. However, a good repair by definition would not result in the affecting of the use by or for, we aren't talking he nukes FreeBSD and reloads Windows which would substantially affect the use of the machine, we are talking he
RE: ssh default security risc
-Original Message- From: Sandy Rutherford [mailto:[EMAIL PROTECTED] Sent: Saturday, February 05, 2005 12:48 AM To: Ted Mittelstaedt Cc: Giorgos Keramidas; Gert Cuykens; freebsd-questions@freebsd.org; Chris Hodgins Subject: RE: ssh default security risc On Thu, 3 Feb 2005 22:54:14 -0800, Ted Mittelstaedt [EMAIL PROTECTED] said: restrictions somehow doesen't exist. Not to mention that even without a static IP assigned to your home or other locations that you normally ssh in from, it's pretty simple to block off huge chunks of the Internet, particularly blocks assigned to Red China, where a huge amount of cracking and spamming originates from. For what it's worth (not much), most of the cracking attempts that have been showing up recently in my logs are from the USA. Interesting - I wonder if that is because the recent virus activity has opened up giant holes in the US. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Docs for Berkeley Make?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jonathon McKitrick Sent: Friday, February 04, 2005 5:05 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Docs for Berkeley Make? On Fri, Feb 04, 2005 at 01:20:02AM -0800, Ted Mittelstaedt wrote: : The difference is in the extra candy, which you really don't need or want : to use anyway, unless the project becomes gigantic. : : There's only a handful of open source projects out there which justify : the extra : fancy crapoola in GNU make, in my experience. Unfortunately there's : far too many of them that require gmake simply because the programmer : became enamored of some gimgaw in gmake that had a high coolness factor. : It is really sad to see software that consists of about 10 source files, : that has a makefile that's so non-standard that it requires gmake. Well, I was just using existing BSD makefiles to learn with. But then I got interested in learning libraries. I'm still trying to find a tool or shortcut for handling sonames the best way. But then I found out we are doing a very large project on Linux. I want to make it work on both RH Linux (the target) and FreeBSD (to work on/use at home, of course). I've been learning about the GNU autotools, which seem very finicky, to say the least, but at the same time I don't have to worry about details, like linux-vs-BSD library details And it would be easy to handle, for instance, the difference between the names of serial ports on the 2 platforms. If this were only for BSD, I'd use the makefile framework. But it's not. And it's going to be a large enough project that I don't have the time to constantly fiddle with makefiles and such. And obviously, this also has to work with CVS. I'm the only developer with *any* real Unix experience, and that's very modest experience, to say the least. Any other ideas I should look into? I think the GNU autotools are what you want. And there is no prerequisite to use gmake with them. The biggest problem with the autotools is that too many programmers get the idea that the way to use the autotools is to copy some other project's configuration and just edit it a bit and slap it into their program. In other words a short cut. Be warned, this is very bad. You really need to read all the autotools documents, digest them, and write your configs from scratch. You don't want people laughing at you because your checking for libcrypt yet nothing in your program requires it. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: How to compile linux apps?
Brian, This package does some unportable stuff, one of the biggies is making assumptions about the system getopt. Your going to have to make some mods to it and no guarentees it will work even once you get it installed. Let us know, though. Anyway here's the list: 1) CD to /usr/ports/devel/libgnugetopt make DON'T DO MAKE INSTALL cd ./work/libgnugetopt-1.2 cp getopt1.c /usr/home/brian/allin1-0.5.0/src cp getopt.h /usr/home/brian/allin1-0.5.0/src cp getopt.c /usr/home/brian/allin1-0.5.0/src cd /usr/home/brian/allin1-0.5.0/src using your favorite text editor, open the Makefile located in the src directory in the distribution and make the following changes: CFLAGS = -ggdb -Wall -O2 -I /usr/X11R6/include MODULES = allin1.o dockhelper.o memory.o battery.o cpu.o \ network.o filesys.o confparse.o seti.o getopt.o getopt1.o INCLUDES = dockhelper.h memory.h battery.h cpu.h network.h filesys.h seti.h \ confparse.h getopt.h Now, in the allin1.c program, use a text editor and make the following changes: #include getopt.h needs to be #include getopt.h add in #include sys/time.h line 215 of the program lists: strcpy(eth.intf_name,eth); change this to your network adapter interface, for example if it's tl0 change this to: strcpy(eth.intf_name,tl); (this may need to be changed elsewhere in addition to this place, I did not bother looking over the code that well) Now, in the filesys.c program, use a text editor and make the following changes: get rid of the line #include sys/vfs.h and replace it with #include sys/param.h #include sys/mount.h Now you can do make and you will get a binary. copy the allin1.conf.example to your home directory and edit it, then try running the binary on an Xterm and see what happens. It does appear to want to run best in Fluxbox I hope you have it installed. If it doesen't work, then e-mail the author of the program http://ilpettegolo.altervista.org/linux_allin1.en.shtml with the changes you have done, and he may go ahead and add in some ifdefs to the program to allow it to compile on FreeBSD out of the box, as well as fix whatever else on it doesen't work. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brian John Sent: Saturday, February 05, 2005 10:01 PM To: freebsd-questions@freebsd.org Subject: How to compile linux apps? Hello, I'm trying to compile the 'allin1' dockapp for fluxbox. When I type 'make', I get the following errors: n# make gcc -ggdb -Wall -O2 -c allin1.c allin1.c:32:22: X11/Xlib.h: No such file or directory In file included from allin1.c:34: dockhelper.h:86: error: syntax error before '*' token dockhelper.h:89: error: syntax error before p dockhelper.h:92: error: syntax error before '*' token dockhelper.h:95: error: syntax error before src dockhelper.h:98: error: syntax error before '*' token dockhelper.h:98: warning: type defaults to `int' in declaration of `dh_display' dockhelper.h:98: warning: data definition has no type or storage class In file included from allin1.c:37: cpu.h:54: error: syntax error before Pixmap allin1.c: In function `main': allin1.c:174: error: syntax error before event allin1.c:414: warning: implicit declaration of function `XPending' allin1.c:415: warning: implicit declaration of function `XNextEvent' allin1.c:415: error: `event' undeclared (first use in this function) allin1.c:415: error: (Each undeclared identifier is reported only once allin1.c:415: error: for each function it appears in.) allin1.c:417: error: `Expose' undeclared (first use in this function) allin1.c:418: warning: implicit declaration of function `XCheckTypedEvent' allin1.c:421: error: `DestroyNotify' undeclared (first use in this function) allin1.c:422: warning: implicit declaration of function `XCloseDisplay' *** Error code 1 Stop in /usr/home/brian/allin1-0.5.0/src. Any clue how I can compile this? Thanks /Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sandy Rutherford Sent: Saturday, February 05, 2005 3:55 PM To: freebsd-questions@freebsd.org Subject: Re: favor On Sat, 5 Feb 2005 11:43:32 +0100, Anthony Atkielski [EMAIL PROTECTED] said: MH But that's different in that it was never released to a public forum MH in the first place (explicitly or otherwise). I'm not sure what you mean by public forum. A server accessible from the Internet without any special authorization mechanism is about as public as anything can get, particularly if there is something else linking to it that allows spiders to find it. This is not so clear. In a March 2004 decision regarding P-to-P music sharing, Justice von Finckenstein of the Federal Court of Canada ruled that: The mere fact of placing a copy on a shared directory in a computer where that copy can be accessed via a P2P service does not amount to distribution. Before it constitutes distribution, there must be a positive act by the owner of the shared directory, such as sending out the copies or advertising that they are available for copying. A parallel here would be that placing copyright material on a public website would not amount to distribution and therefore, not be a copyright infringement. Of course, it could be argued that if Google started linking to it, that would constitute advertisement. However, it is hard to see that as the prerequisite positive act on the part of the web site owner. It is more a positive act on Google's part. In his ruling, Finckenstein pointed out that there is a parallel with public libraries. A public library does not infringe on copyright, simply by having books available for loan. There was an interesting case a number of years ago by some guy who had put up a website with a bunch of Multics stuff on it (I believe, it might have been VMS not Multics) The guy handed out the URL to some people he knew all of whom passed around the URL and all of whom agreed was a most useful site. The URL was passed to a number of additional people and posted on some other websites and pretty soon the guy was angrily e-mailing people telling them to stop linking to his site. You can imagine what the reactions by the sites were (your domain name and site are public and I'll link to it if I want) He eventually took it down. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Saturday, February 05, 2005 5:56 PM To: freebsd-questions@freebsd.org Subject: Re: favor Sandy Rutherford writes: SR This is not so clear. In a March 2004 decision regarding P-to-P music SR sharing, Justice von Finckenstein of the Federal Court of Canada ruled SR that: SR SRThe mere fact of placing a copy on a shared directory in a computer SRwhere that copy can be accessed via a P2P service does not amount to SRdistribution. Before it constitutes distribution, there must be a SRpositive act by the owner of the shared directory, such as sending out SRthe copies or advertising that they are available for copying. Or allowing a Web site to be indexed by a search engine. I'll grant that a site that is public but not linked to or indexed by anyone could be assimilated with a non-public venue. This is a bit of twisting of the definition of site that is public in my opinion. Suppose I setup a webserver at example.com that will only respond to http://www.example.com/12345678qwerty/ and will ignore any other HTTP requests (such as to www.example.com, www.example.com/index.html, etc. I think it would be incredibly difficult to argue that this is a public server in any way. The trailing /12345678qwerty/ is in effect an access password to the material on the website. Just because there's no real .htaccess or some such real HTTP password authentication on the site, doesen't make it a public site. An access password is a password, regardless of whether delivered as a trailing URL or in an HTTP-auth request. SR A parallel here would be that placing copyright material on a public SR website would not amount to distribution and therefore, not be a SR copyright infringement. Of course, it could be argued that if Google SR started linking to it, that would constitute advertisement. Absolutely. SR However, it is hard to see that as the prerequisite positive act SR on the part of the web site owner. It is more a positive act on SR Google's part. Google doesn't find out about sites through magic. Webmasters must request that their sites be indexed. Not true, Google also picks up sites from links off other sites. Someone could go out and setup a brand new domain example.com, this will be publically available via WHOIS, someone else finds it, tacks on www to the domain making www.example.com, finds a website there, links to it, and bang - google finds it. Fortunately, caselaw so far has held that there's no requirement to ask for permission to link, see: http://www.gigalaw.com/library/ticketmaster-tickets-2000-03-27.html So at least the courts aren't idiots yet, here. Of course, linking to a site that's password-protected, with a link that provides both the site URL and the password, might be considered a bit differently if the purpose of the link was to do something illegal (particularly if it fell under the DMCA restrictions) And of course including another person's site in a frameset of yours is definitely illegal without permission, as it is appropriating another person's copyrighted material for your own use, because doing this makes their material part of your site. SR In his ruling, Finckenstein pointed out that there is a parallel with SR public libraries. A public library does not infringe on copyright, SR simply by having books available for loan. That's not really a parallel. I agree with this, there is no parallel. The people that argue that downloading music from other people is loaning the material are fools. Libraries loan books and in so doing move content from one place to another; they do not _copy_ content. Many times more than books - most large libraries have extensive CD and DVD collections. Ours for example gets first-run DVD's the same time that the local Blockbuster rental place does. Of course, there's a huge waiting list for them :-) Infringement involves illegal reproduction in the vast majority of cases (on rare occasions it can involve unlicensed use, such as in the case of unlicensed performances of theatrical works). SR Interestingly enough, Finckenstein also ruled that the act of SR downloading copyright material from a P-to-P server also does not SR infringe copyright. As far as I know, unlimited P-to-P sharing of SR copyright material is still fully legal in Canada. I'm not sure that Finckenstein fully understood the issue, then. No, in this I think he did. It's one thing to download a copyrighted piece of material, the copyright violation occurs when the copyrighted piece is actually played on the destination computer, cd player, etc. because only at that instant of use does multiple copies of the material come into existence and the original creator is damaged. Consider the process of downloading, the copyrighted material passes through a great number of
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Marella Sent: Saturday, February 05, 2005 4:35 PM To: freebsd-questions@freebsd.org Subject: Re: favor Am I the only one longing for a freebsd-legal mail list that I will not subscribe to? Hmm - let's see now, FreeBSD's entire reason for existence is to keep UNIX from being legally locked up by copyright holders so that people like you can play with it - and you purport to be completely uninterested in legal issues? I guess only the FreeBSD legal issues that don't directly affect you - now what were those again? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Running top without a shell -- more questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Saturday, February 05, 2005 5:49 PM To: freebsd-questions@freebsd.org Subject: Re: Running top without a shell -- more questions John writes: J No, there are HUGE security concerns. The big problem is that J many things have shell escapes. Top, as far as I know, does not. But it's shell escapes that generally create the security concerns, no? No, it depends on the application program. For example, ftp does not have a shell escape. But if you set up the ftp client program as a shell prompt for a user account with no password, then anyone and their dog could log into your system and send themselves a copy of your password file. (granted on FreeBSD it wouldn't have the crypted passwords, but it would have all the userID's so the cracker doesen't have much work to do) I've seen a few customers do baloney like this with commercial UNIX programs. Basically they setup the terminals so that instead of the users having to give a userID and password to login, the user just switches on the terminal and bang, the application program comes up on the screen. The usual piss-ant excuse is that the users whine about having to remember a username and password. I sometimes ask them if they have trained their night janitors and cleaning people on the application or if they just let them learn by themselves. Some application programs allow you to issue commands to the UNIX system even though they might not give you a shell prompt, so you can see where someone could have some fun. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Sendmail masquerading configuration
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ian Moore Sent: Sunday, February 06, 2005 2:07 AM To: freebsd-questions@freebsd.org Subject: Sendmail masquerading configuration Hi, I'm hoping someone can help me with this. I want to make sendmail (on a 5.3-Release server) leave the host name out of the sender address when sending mail from that machine. I.E. mail from root currently has a sender address of [EMAIL PROTECTED], I want it to be [EMAIL PROTECTED] instead. Not possible, I think, as I recall masquerading only works on users not in the T macro. (ie: Trusted Users) root is most definitely in this macro. Masquerading is a bullshit way of doing this kind of thing anyhow. Use the -f switch if your calling the sendmail binary directly from programs. If your using /bin/mail as a MUA, then get a better one like Elm or Pine that lets you do this. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Leaving a Computer Running ?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peterhin Sent: Saturday, February 05, 2005 2:45 PM To: freebsd-questions@freebsd.org Subject: Leaving a Computer Running ? Is it better to leave a computer (a stand alone) running continuously or is it OK to shut it down at the end of the day.? It is better to shut it down at the end of the day, unless it will have periods of time (such as weeks) where it will need to be left on continuously. I remember years ago someone mentioned that it is better for the circuitry to leave it running. No. The problem is in disk drives and power supply and CPU fans. Fans in computers today aren't what they used to be. Most of them have very bad or nonexistent dust shields and so the longer they run the more dust gets into their bearings, whereupon the bearings eventually get clogged and the fan stops turning. Periodically taking apart the PC and blowing it out with compressed air does not lengthen the life of the fans, although it is a good idea to do as it helps the machine run cooler (as long as the fan is still working) Once the fan stops the electronics overheats and becomes unreliable. Disk drives are particularly suceptible to damage from overheating and will fail years before a circuit board in an overheat situation. In a clean room or positive pressure network room, where there is an extremely low level of dust, off-the-shelf computer fans will last many years longer than fans in a typical home PC. So for the daily driver PC's you want to turn them off to lengthen the life of the fans. For PC's left on for long periods, they have a different problem because disk drives that spin at full speed continuiously (as server drives do, servers have power saving disabled on their drives of course for obvious reasons) the disk will eventually overheat in just about all the garden-variety case designs. (you can fix this yourself of course, by adding more fans to the cases) Once the drive overheats the lubrication migrates out of the bearings and if the drive is turned off for more than 6-8 hours, it cools down enough to the point that the drive will never spin up again. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Saturday, February 05, 2005 3:08 AM To: freebsd-questions@freebsd.org Subject: Re: favor Except that it's not covered under fair use. It requires an explicit license. No. Many content creators take the attitude that any republishing isn't covered under Fair Use. That is understandable because the Fair Use doctorine is deliberately broad, has no real litmus test once again by design, and many bona-fied infringers try to talk their way out of prosecution by hiding behind Fair Use. So many content creators would rather just make it easy on themselves and not have to look at individual situations to determine if it's Fair Use or an infringement, so they just assume the position that Fair Use doesen't exist. This attitude is a lot more prevalent among graphic media creators than authors, because pictures pack a lot more content in a small package. So I understand where your coming from. TM If you go carrying a sign in a public place in order to get it TM captured on film - such as at a political rally that Channel One TM news is filming - then later on switch parties then you cannot go TM back to Channel One and demand they airbrush your sign out of their TM archives. Why do you think that Channel One doesen't go getting TM consent signatures from every one of the 1000 people at the rally? A discussion forum isn't a public place in that sense, because it imposes restrictions on access. If you have to sign up, register, subscribe or anything of the kind in order to post to the forum, it's not public. Well unless things have changed very recently, you do not have to sign up to post to the FreeBSD Questions mailing list. You have to sign up to receive copies of posts to it, but questions has always been left open for posting. This has caused complaints in the past. FreeBSD has always blocked spammers by requiring the reverse-address lookup requirement, which does block legitimate posts from time to time. In any case with other mailing lists, such as the public ones that require signing up, you are confusing an access restriction with signing up. Signing up to post to a public mailing list does not constitute an access restriction, because anybody can sign up, and the only purpose of having signups is to block spammers. You might have been able to argue at one time in the past that a signup on a mailing list constituted an access restriction. However today, most mailing lists would not be able to function at all without signups because of the amount of spam. Thus, signups to them are now an integral requirement for them to operate, thus a court would look at any additional restrictions that the signup applied, not just the fact that there was a signup. Your arguing that a political rally is a public forum because there's no restrictions for someone to be there holding a sign - but there are restrictions because you have to wear clothing to be there or they would toss you out. You have to understand English so that you don't hold the sign upside down. etc. etc. So according to your logic political rallies could not ever be public events unless absolutely no restrictions were placed on them. I'll keep that in mind and next time there's a political rally I'll be sure to send my constitutionally-protected-by-freedom-of-expression-artistic-nude- dancers to it to insure that it's a public rally. ;-) If anyone exerts any control on the content of the forum, either through restrictions on access or direct editing of the content, then the forum is not public--and additionally the person exerting control assumes liability for the entire contents of the forum. That is true. However keep in mind that spamming is now a federal crime. Thus it is illegal (in the United States) for the FreeBSD mailing list maintainers to assist spammers. Forwarding spam to you assists spammers. Thus it is arguable they are required by law exert control on the list to block spam. You cannot argue that since the government now by law requires them to block spam that the forum is now no longer public because they are following the law. (well you could, but that's so twisted that I think a court would toss it) Naturally you are correct if there's additional editorial control over the content of the FreeBSD questions mailing list than spam blocking, that the forum becomes non-public. Have you seen this control here? TM Only if photographs are prohibited. Even if pictures are not prohibited, you may not take pictures and republish them. That's an infringement of copyright. Museums being what they are you would have to assume that everything in a museum that was younger than a couple hundred years and is printed or sculpted or painted or otherwise created for artistic expression or performance, is indeed copyrighted. But for museums that display old masters the situation is
RE: Leaving a Computer Running ?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Sunday, February 06, 2005 3:25 AM To: freebsd-questions@freebsd.org Subject: Re: Leaving a Computer Running ? Ted Mittelstaedt writes: TM In a clean room or positive pressure network room, where there is TM an extremely low level of dust, off-the-shelf computer fans will TM last many years longer than fans in a typical home PC. What about filters? HEPA-quality required. On my current FreeBSD server (not in a clean room, alas!), the fans that I installed have washable plastic filters, which removes part of the dust. Worthless for this kind of problem. The particles that are the problem go right through these. I'd love to find disposable filters that capture more dust and can simply be tossed at regular intervals. Ideally, they wouldn't interfere with airflow too much, but I realize that catching all dust and maintaining airflow are almost mutually exclusive. You just put in a bigger filter and more fans for that problem. What are needed are better fans. The old VAX/VMS systems had fans that ran perfectly balanced, forever, even when coated with crud. Currently I have two 8-cm fans blowing directly past the disk drives, in order to keep them as cool as possible (not that the drives are that busy, but I'm trying to be prudent). TM For PC's left on for long periods, they have a different problem TM because disk drives that spin at full speed continuiously (as TM server drives do, servers have power saving disabled on their TM drives of course for obvious reasons) the disk will eventually TM overheat in just about all the garden-variety case designs. TM (you can fix this yourself of course, by adding more fans to TM the cases) Once the drive overheats the lubrication migrates TM out of the bearings and if the drive is turned off for more TM than 6-8 hours, it cools down enough to the point that the drive TM will never spin up again. Interesting! Have you actually had this happen? Yes, about 6 times over the last 10 years. All of it was crap small minitowers or otherwise airflow-restricted cases that let the drive heat up too hot to touch. Sometimes hitting it with a hammer - hard - right when you apply power will get them going again. I've had drives fail on restart but not because they wouldn't spin up (as far as I know). I've had drives fail very quickly when I've packed too many of them into a single case (as in weeks or months). We needed the additional space and we were lucky to get the drives--asking for more fans or a better case or anything like that would have been an exercise in futility. Yup, happens all the time. You needed a Go Big Red Fan for that situation. (read Neal Stephenson's The Big U for an explanation) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Sendmail host lookup problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hexren Sent: Sunday, February 06, 2005 1:46 PM To: freebsd-questions@freebsd.org Subject: Sendmail host lookup problem I have a LAN in the 192.168.0 range. I am trying to send mail from 192.168.0.78 (gc-infra.steenbuck.net) to 192.168.0.29 (bettchen.steenbuck.net). This leeds to 550 errors. Host unknown (Name server: bettchen.steenbuck.net: host not found) 192.168.0.29 is also acting as my DNS Server. Both machines have correct (or so I hope) entries in the nameserver. Either you don't have correct entries in the nameserver, or your /etc/resolv.conf on gc-infra is not using 192.168.0.29 as it's nameserver. What is the output of nslookup on gc-infra when you key in the bettchen.steenbuck.net name? What is it when you issue a set type=mx at the nslookup prompt followed by the bettchen.steenbuck.net name? What is it when you key in the IP number 192.168.0.29? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: favor
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Atkielski Sent: Sunday, February 06, 2005 6:43 AM To: freebsd-questions@freebsd.org Subject: Re: favor TM Well unless things have changed TM very recently, you do not have to sign up to post to the FreeBSD TM Questions mailing list. You have to sign up to receive copies of TM posts to it, but questions has always been left open for posting. If you have to subscribe to receive it, then it's not entirely public. But - you don't. You can post to the list without signing up then go visit the archives with a web browser to read the replies to your post. TM In any case with other mailing lists, such as the public ones that TM require signing up, you are confusing an access restriction with TM signing up. They are one and the same. Any signing up action generally creates an implicit or explicit contract. Not in the case of a public mailing list where the signup operation only assists in the use of it. In the case of a public mailing list with an archive, signups are not required to access the list. (unless the archive requires a login to access) And you do not need posting ability on a this kind of a list to make use of the data on it. The subscriber is granted some specific access in exchange for completing the subscription procedure. Ideally the subscription process requires the subscriber to explicitly acknowledge his agreement with the terms of the contract. Just signing up to receive it is sufficient to make it non-public. If you accept that then newspapers aren't public because you have to subscribe to them. Television isn't public because in many areas that don't get a TV signal (it's blocked by mountains, etc.) you have to subscribe to a cable service to get it. The town square isn't public because it's owned by the city government who can chase you off of it because you didn't buy a parade permit. Basically, all venues are non-public. The requirements of contract law are not waived simply because they are inconvenient for one party. A contract, once concluded, remains binding even if one party finds it troublesome to live up to its obligations under the contract. Except that a signup on a mailing list is no more a contract than unwrapping the shrink wrap on a piece of software. TM Your arguing that a political rally is a public forum because there's TM no restrictions for someone to be there holding a sign - but there TM are restrictions because you have to wear clothing to be there or TM they would toss you out. Those restrictions, where they exist, are not imposed by the rally organizers, they are imposed by statutory law. Not in Oregon, at least, where nude dancing is constitutionally protected. No, it does not, if no editorial control is exerted over the list. If what you say is true, then every ISP and every node participating in the transmission of any e-mail message becomes liable if that message is spam, even if no control on content is exerted by any of these entities. Obviously, that's not the way it works. You can't have it both ways. If what you say is true then there is no editorial control over the mailing list. TM Have you seen this control here? Yes. Ah. That I see is the crux of the matter. Your mad at the list maintainers for blocking one of your posts. ;-) Seriously, when did you see this control? I am curious as I've not seen yet even the most objectional post removed or objectional person blocked. TM But for museums that display old masters the situation is different. TM They know that they have no copyright rights over a painting that is TM 400 years old, and if they didn't prohibit pictures, they would not TM be able to prevent the publishing of books of pictures of their TM paintings. Many museums allow you to take pictures freely. The usual restriction, if there is one, is on flash photography. However, property owners can restrict what may be done on their property, within broad limits. So they can prevent you from taking photos inside their property. Right, that is exactly what I was saying earlier. TM I don't assert that and never have. I assert that with e-publishing TM that there are not multiple venues like your trying to claim that TM there are. But there _are_ multiple venues: open Web sites, protected Web sites, open but unindexed sites, P2P networks, FTP servers, e-mail servers, and so on. Permission for publication in one of these venues does not imply permission in all others. Just because they all use computers doesn't mean that they are all one and the same. Alright, I'll narrow that - there's not multiple venues with a mailing list, there's only differences in delivery. I can subscribe to a Braille version of the newspaper and a regular version. Content is identical except for pictures, of course. It's the same venue. Delivery is different.
RE: Re[2]: Sendmail host lookup problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hexren Sent: Sunday, February 06, 2005 2:49 PM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re[2]: Sendmail host lookup problem -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hexren Sent: Sunday, February 06, 2005 1:46 PM To: freebsd-questions@freebsd.org Subject: Sendmail host lookup problem I have a LAN in the 192.168.0 range. I am trying to send mail from 192.168.0.78 (gc-infra.steenbuck.net) to 192.168.0.29 (bettchen.steenbuck.net). This leeds to 550 errors. Host unknown (Name server: bettchen.steenbuck.net: host not found) 192.168.0.29 is also acting as my DNS Server. Both machines have correct (or so I hope) entries in the nameserver. TM Either you don't have correct entries in the nameserver, or your TM /etc/resolv.conf on gc-infra is not using 192.168.0.29 as it's TM nameserver. TM What is the output of nslookup on gc-infra when you key in TM the bettchen.steenbuck.net name? What is it when you issue TM a set type=mx at the nslookup prompt followed by the TM bettchen.steenbuck.net name? What is it when you key in the TM IP number 192.168.0.29? TM Ted TM ___ TM freebsd-questions@freebsd.org mailing list TM http://lists.freebsd.org/mailman/listinfo/freebsd-questions TM To unsubscribe, send any mail to [EMAIL PROTECTED] - [gc-infra:~]#nslookup bettchen.steenbuck.net Server: 192.168.0.29 Address:192.168.0.29#53 This is a problem, the output should read: Server: bettchen.steenbuck.net Address:192.168.0.29 Name: bettchen.steenbuck.net Address: 192.168.0.29 Name: bettchen.steenbuck.net Address: 192.168.0.29 - [gc-infra:~]#nslookup set type=mx bettchen.steenbuck.net Server: 192.168.0.29 Address:192.168.0.29#53 bettchen.steenbuck.net mail exchanger = 10 bettchen.steenbuck.net. Here's another possible problem, the output should read: bettchen.steenbuck.net preference=10, mail exchanger = 10 bettchen.steenbuck.net (followed by some glue data) - [gc-infra:~]#nslookup 192.168.0.29 Server: 192.168.0.29 Address:192.168.0.29#53 29.0.168.192.in-addr.arpa name = bettchen.steenbuck.net.0.168.192.in-addr.arpa. name should be bettchen.steenbuck.net, not bettchen.steenbuck.net.0.168.192.in-addr.arpa. Post your zone files in bettchen as well as named.conf Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
