Re: configuring network connection via proxy
On Fri, 18 May 2007 04:46:33 -0400, Steve Bertrand wrote I appreciate your patience and diligence here. However, if I understand correctly (please tell me if I'm wrong anybody), that configuring these settings, whether it be in 'Control Panel' Internet Options, or via the same within IE, you are only configuring a proxy server for any applications/Internet connections that happen through the IE interface. Essentially, IE is a looking glass in this scenario. You type ftp.freebsd.org in your IE browser, and it will tunnel through the proxy set in the 'Control Panel' settings, because you are in IE. If you were to fire up 'cmd' at the command line and run 'ftp', or run a third party FTP application such as IIRC 'CuteFTP', it would not tunnel through what you think it does. If I understand correctly what you are trying to do, then AFAIK, you need to understand beyond the 'Internet Options' of IE, and get into tunneling and proxying beyond the application layer you are sitting at. I know no other way to say it. I have the exact same settings in a default Firefox install on FBSD, and Windows, as I do IE. Just because you go through control panel, it isn't any different. IE is so much part of Windows, it may as well be hard coded in (as a matter of fact, it was, with IE7, they are just starting to separate it). I know what you are trying to explain. But you really get more with setting up proxy in Internet options in Windows (or via IE). As I said before many modern Windows applications, whether from MS or 3rd party, have option to use IE connection settings (or do it automatically). Thus you wouldn't need to change proxy settings in each application but it'd be enough to do it in one place (Internet options / IE). And this is precisely what I would like to achieve on FreeBSD. To have the ability to turn on using of proxy in one place and not to have go through each application (eg web browser, FTP client, portsnap, cvsup, etc.) and change their settings manually (if possible at all). What do you do in Windows that you 'think' is going via proxy, that is done *outside* your Internet Explorer (or any other 'File Manager' type window), that you can't do in FreeBSD? quote: - web browser ... Firefox (and all others) - FTP client ... there isn't one I can't think of, including FireFTP plugin for Firefox - portsnap ... what is a Windows equivalent? (..hrm FTP?) - cvsup ... same as above (..FTP?) Yes, and this is the issue. You need to change your proxy settings in many places instead of just one. So if you have a few applications and must change proxy settings often ... :-(( Are you trying to bypass a corporate firewall? Are you trying to hide information? With accurate information as to what you are trying to proxy around and what protocols (applications) you need to put through the proxy, then any number of solutions can be provided. I'd hate to think you are relying on a few proxy settings within Windows for something they are completely not intended for, especially with a misguided understanding. No. I'm not trying to bypass anything. Let's consider HTTP(S) and FTP for the beginning. I guess I would just need to run a local proxy and configure all apps to use this local proxy and then only change proxy settings in one place. Having some sort of transparent proxy would be even better as I wouldn't have to reconfigure all apps and I would have to run the proxy only if needed. I know there are some big proxies out there but I'm asking for something simple and functional and easy to set up. And this info should be part of the handbook, IMHO. TIA, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade refusin to upgrade a port .. when it shouldn't imho
On Wed, 6 Dec 2006 16:46:24 -0800, Josh Carroll wrote ** Port marked as IGNORE: multimedia/win32-codecs: is forbidden: Remote code execution: http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html Isn't this behaviour flawed ?? Or am I missing something ? You need to make config in /usr/ports/multimedia/win32-codecs, and unselect quicktime. Then the port should install. This is assuming, of course, that you can live without the QT codec(s). Josh OK, I will try it.. Thank you all. But the question remains -- if new port version is not vulnerable why i cannot upgrade to it ?? Cheers, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade refusin to upgrade a port .. when it shouldn't imho
On Thu, 07 Dec 2006 13:46:18 +, Vince wrote mato wrote: On Wed, 6 Dec 2006 16:46:24 -0800, Josh Carroll wrote ** Port marked as IGNORE: multimedia/win32-codecs: is forbidden: Remote code execution: http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html Isn't this behaviour flawed ?? Or am I missing something ? You need to make config in /usr/ports/multimedia/win32-codecs, and unselect quicktime. Then the port should install. This is assuming, of course, that you can live without the QT codec(s). Josh OK, I will try it.. Thank you all. But the question remains -- if new port version is not vulnerable why i cannot upgrade to it ?? Its only not vulnerable if you unselect the quicktime codec. the vulnerability is in the quicktime codec. The port will by default use the stored config in /var/db/ports/win32-codecs/options and if this says to use the quicktime codec then it will not upgrade. This seems pretty sensible to me. Vince I cannot access and check the port's Makefile right now ... Is it Makefile which says (conditionally) hey i'm vulnerable or is it portaudit/VuXML database which says that. I guess the former, otherwise freshports.org should mark the port as vulnerable. Right? Cheers, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade refusin to upgrade a port .. when it shouldn't imho
Matthew Seaman wrote: mato wrote: On Thu, 07 Dec 2006 13:46:18 +, Vince wrote mato wrote: On Wed, 6 Dec 2006 16:46:24 -0800, Josh Carroll wrote ** Port marked as IGNORE: multimedia/win32-codecs: is forbidden: Remote code execution: http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html Isn't this behaviour flawed ?? Or am I missing something ? You need to make config in /usr/ports/multimedia/win32-codecs, and unselect quicktime. Then the port should install. This is assuming, of course, that you can live without the QT codec(s). Josh OK, I will try it.. Thank you all. But the question remains -- if new port version is not vulnerable why i cannot upgrade to it ?? Its only not vulnerable if you unselect the quicktime codec. the vulnerability is in the quicktime codec. The port will by default use the stored config in /var/db/ports/win32-codecs/options and if this says to use the quicktime codec then it will not upgrade. This seems pretty sensible to me. Vince I cannot access and check the port's Makefile right now ... Is it Makefile which says (conditionally) hey i'm vulnerable or is it portaudit/VuXML database which says that. I guess the former, otherwise freshports.org should mark the port as vulnerable. Right? In general, this sort of security flagging is done via portaudit's own database which is derived mostly from VuXML. To get around the lockout imposed by portaudit you can do: make DISABLE_VULNERABILITIES=yes but a) this doesn't disable any actual vulnerabilities, just the checking for their presence, and b) on your own head be it. Now, in the case of the win32-codecs port, it is done differently. The port Makefile says this: .if defined(WITH_QUICKTIME) FORBIDDEN= Remote code execution: http://vuxml.FreeBSD.org/24f6b1eb-43d5-11 db-81e1-000e0c2e438a.html ADDITIONAL_CODECS_DISTFILES+= qt63dlls-20050115.tar.bz2 \ qtextras-20041107.tar.bz2 PLIST_SUB+= QUICKTIME= .else PLIST_SUB+= QUICKTIME=@comment .endif ie. selecting the Quicktime plugins in the OPTIONS dialog, which causes WITH_QUICKTIME to be defined, means that the port will be marked forbidden, and any attempt to install it will be blocked. A simple 'make config' and unchecking that option will let you install the port with all of the other codecs. Freshports parses the VuXML database to mark ports as vulnerable -- the VuXML data contains a listing of the vulnerable package names and ranges of version numbers. VuXML doesn't actually have a way of distinguishing what options are enabled for the port, although the textual note in the entry explains the situation fairly clearly. It doesn't say Users are advised to reinstall the port with the Quicktime support turned off which might be a nice addition. The system will however prompt users to upgrade to a version of the port after the code to forbid installation with Quicktime stuff enabled was added. Cheers, Matthew Matthew, that is a great answer!! Thank you! :-) The last question would be how to make make(1) /portupgrade/portsystem to ignore FORBIDDEN. Anyway, thanks again. Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: running windows applications and making use of existing ms windows installation
On Thu, 19 Oct 2006 11:09:50 +0200, albi albinootje wrote On 10/19/06, martinko [EMAIL PROTECTED] wrote: I've been reading for some time about VMWare, Wine, Qemu, Bochs and some others, but I'm still not sure which one would (best) fit my needs: I've got a dual boot and I would like to make use of existing Windows (XP) installation, not having to create a new virtual disk/system and install everything from scratch. Can I use existing Windows installation with some of the existing emulation software ?? you didn't mention whether you're using NTFS or not on the windows- partition, if you do use NTFS then you already have a problem because you can't write to that partition by default (not sure how far the rw-development is on FreeBSD) vmware server gives you the possibility to use raw partitions, i've tried that with a linux-partition on an external disc within vmware wine is also a possibility, but wine will by default let you start only 1 app, YMMV last time i tried qemu it didn't support raw partition access afair if i were you i would use vmware-server and do a fresh install, easiest and safest well, i don't expect write access to become available on freebsd any time soon. actually, i've been thinking of using the new ntfs-3g http://www.ntfs-3g.org/ via fuse4bsd http://fuse4bsd.creo.hu/ but that's not available on freebsd (yet). regarding vmware, i've been looking forward to new vmware server, which is free now, but haven't noticed any info on it being ported to freebsd, either. martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where to set SSL compile time cipher string ?
On Sun, 22 Oct 2006 11:00:46 -0400, Lowell Gilbert wrote martinko [EMAIL PROTECTED] writes: I'm not sure I understood this correctly but at http://www.openssl.org/docs/apps/ciphers.html I've read something about cipher list and defaults etc. And I would like to tell my system to build SSL with ``high'' encryption cipher suites. Where can I set this preference pls ?? I've searched through make.conf and man pages but haven't found anything. Any particular reason? After all, that won't make your system more secure... well, i guess the reason was basically the same one i have with mozilla/seamonkey -- first thing i do on fresh install is to disable all the weak ciphers (like DES etc). anyway, the question was if and how, not why.. ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: running windows applications and making use of existing ms windows installation
On Tue, 28 Nov 2006 06:40:43 -0500, Bill Moran wrote mato [EMAIL PROTECTED] wrote: On Thu, 19 Oct 2006 11:09:50 +0200, albi albinootje wrote On 10/19/06, martinko [EMAIL PROTECTED] wrote: I've been reading for some time about VMWare, Wine, Qemu, Bochs and some others, but I'm still not sure which one would (best) fit my needs: I've got a dual boot and I would like to make use of existing Windows (XP) installation, not having to create a new virtual disk/system and install everything from scratch. Can I use existing Windows installation with some of the existing emulation software ?? you didn't mention whether you're using NTFS or not on the windows- partition, if you do use NTFS then you already have a problem because you can't write to that partition by default (not sure how far the rw-development is on FreeBSD) vmware server gives you the possibility to use raw partitions, i've tried that with a linux-partition on an external disc within vmware wine is also a possibility, but wine will by default let you start only 1 app, YMMV last time i tried qemu it didn't support raw partition access afair According to the docs, it does support raw partition images, which you should be able to create using dd. I haven't tried this, though. Do you think I could supply raw disk device directly to Qemu ?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kern.maxfiles exceeded soon after KDE or Gnome started
Adi Pircalabu wrote: On Fri, 20 Oct 2006 14:11:30 +0200 martinko wrote: I've installed KDE 3.5.4 and Gnome 2.14 on a new GENERIC installation of 6.2-PRERELEASE. Both desktop environments syslog error about exceeding kern.maxfiles limit soon after their started. While with Window Maker and many open apps, and even with Xfce 4.2, I usually have between 200 to 500 kern.openfiles, kern.maxfiles (defaults to 1064) is obviously too low for KDE/Gnome or I'm running into an issue or sth. As I haven't noticed recommendation on kern.maxfiles on project pages nor during installation of the ports, I'd like to ask the community what are the sane recommended numbers ?? See /usr/ports/devel/gamin/pkg-message on how to handle this. Hi Adi, Thanks for your pointer! Anyway, I do not open large folders (as suggested in gamin/pkg-message) and still run into issue already at startup. Also I failed to notice any warning on Gnome or KDE sites. It might help other users to avoid the same issue. Regards, Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]