Re: SU+J Lost files after a power failure
On Mon, 14 Oct 2013, Bruce Cran wrote: On 10/14/2013 6:16 PM, CeDeROM wrote: Isn't there Journal to prevent and reverse such damage? Unlike other journaling filesystems, UFS+J only protects the metadata, not the data itself - i.e. I think it ensures you won't have to run a manual fsck, but just like plain old UFS files may be truncated as the journal is replayed. This discussion skirts the critical issue - are files that are not open for writing endangered? No description of the uses of journaling can be considered informative if it doesn't address that explicitly. As a naive user I have always assumed that once closed, a file was invulnerable to improper shutdowns, but this discussion shakes that belief. I expect the answer may be different for SSD and spinning disks. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network Question
Aloha, Sounds like an interesting setup. Do you have one machine acting as a gateway? On Sat, Sep 14, 2013 at 2:28 AM, Al Plant n...@hdk5.net wrote: Eugene wrote: Hi Daniel, The easiest way is to check the LAN Config (or similar) page of the router. They usually allow one to specify fixed IP and hostname for the DHCP clients based on the MAC addresses. Best wishes Eugene -Original Message- From: Daniel Nang Sent: Thursday, September 12, 2013 11:16 PM To: Adam Vande More Cc: freebsd-questions@freebsd.org Subject: Re: Network Question That was easier than I thought. My initial approach already looked something like this, except that for the ip address I always put the machine's name as in: machine1# ssh u...@machine2.example.com which results in ssh: Could not resolve hostname machine2.example.com: hostname nor servname provided, or not known I think the problem here lies with the /etc/hosts file where machine1 and machine2 have to be registered respectively. The thing here is that the ip isn't static which makes this approach somewhat difficult to realize. Got it. Thanks. On Fri, Sep 13, 2013 at 2:51 AM, Adam Vande More amvandem...@gmail.com wrote: On Thu, Sep 12, 2013 at 1:45 PM, Daniel Nang daniel.nan...@gmail.com** wrote: Hello, I have two computers, both running FreeBSD, accessing the web via DHCP from the router. The setup looks like this: Internet | | | machine1.example.com --- Router --- machine.2.example.com - DHCP -- DHCP - Both computers can access the internet with no problems. So far so good... My question is, if I can simultaneously have the computers access the net as in the given picture and also let them communicate with each other e.g. via ssh? machine1# ssh `ip of machine2` -- Adam Vande More __**_ # Aloha, For many years I have 8 Freebsd boxes behind a PF firewall on a static labeled lan. Only one public address feeds the lan. All the boxes can work the internet and can ssh. I found that easier than dhcp. :) ~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740 + http://hawaiidakine.com + http://freebsdinfo.org + + http://aloha50.net - Supporting - FreeBSD 7.2 - 8.0 - 9* + email: n...@hdk5.net All that's really worth doing is what we do for others.- Lewis Carrol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Network Question
Hello, I have two computers, both running FreeBSD, accessing the web via DHCP from the router. The setup looks like this: Internet | | | machine1.example.com --- Router --- machine.2.example.com - DHCP -- DHCP - Both computers can access the internet with no problems. So far so good... My question is, if I can simultaneously have the computers access the net as in the given picture and also let them communicate with each other e.g. via ssh? Thanks Daniel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network Question
Just read your mail. I will have to take some time, to look into what you have said, as I have not yet used the concepts that you spoke about. Another solution would be to install a new network card into both computers and assign static ip addresses to them, but I do not want to do that. Daniel On Fri, Sep 13, 2013 at 3:06 AM, Kurt Buff kurt.b...@gmail.com wrote: On Thu, Sep 12, 2013 at 11:51 AM, Adam Vande More amvandem...@gmail.com wrote: On Thu, Sep 12, 2013 at 1:45 PM, Daniel Nang daniel.nan...@gmail.com wrote: Hello, I have two computers, both running FreeBSD, accessing the web via DHCP from the router. The setup looks like this: Internet | | | machine1.example.com --- Router --- machine.2.example.com - DHCP -- DHCP - Both computers can access the internet with no problems. So far so good... My question is, if I can simultaneously have the computers access the net as in the given picture and also let them communicate with each other e.g. via ssh? machine1# ssh `ip of machine2` There's the rub. How do you determine the IP address of the other machine? DHCP, unless configured with reservations, doesn't guarantee IP addresses to remain the with machines that request addresses. So, there are two ways to solve this problem: o- As I mention above, use reservations in DHCP to tie IP addresses to MAC addresses - this is a fairly manual process, and doesn't scale beyond a few machines.. o- Use a DNS/DHCP solution whereby DNS is dynamically updated with an IP address by the DHCP server when a machine leases an IP address to a machine. This requires some work up front, but then takes care of itself, so scales fairly well. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network Question
That was easier than I thought. My initial approach already looked something like this, except that for the ip address I always put the machine's name as in: machine1# ssh u...@machine2.example.com which results in ssh: Could not resolve hostname machine2.example.com: hostname nor servname provided, or not known I think the problem here lies with the /etc/hosts file where machine1 and machine2 have to be registered respectively. The thing here is that the ip isn't static which makes this approach somewhat difficult to realize. Got it. Thanks. On Fri, Sep 13, 2013 at 2:51 AM, Adam Vande More amvandem...@gmail.comwrote: On Thu, Sep 12, 2013 at 1:45 PM, Daniel Nang daniel.nan...@gmail.comwrote: Hello, I have two computers, both running FreeBSD, accessing the web via DHCP from the router. The setup looks like this: Internet | | | machine1.example.com --- Router --- machine.2.example.com - DHCP -- DHCP - Both computers can access the internet with no problems. So far so good... My question is, if I can simultaneously have the computers access the net as in the given picture and also let them communicate with each other e.g. via ssh? machine1# ssh `ip of machine2` -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Squid 3.2 Reverse Proxy with HTTPS
Hi Dean, Just stumbled upon your post. I'm encountering the exact same issue as you with my freebsd 8.3 squid-3.2.13 server. Have you learned anything new on this issue? Best, Daniel -- daniel duerr | president | ouido.net d...@ouido.net | +1 (831) 531-2272 x103 Managed hosting services for Business ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Commercial Licensing
On Fri, 9 Aug 2013, kpn...@pobox.com wrote: On Fri, Aug 09, 2013 at 08:41:04PM -0500, Someth San wrote: Hello, I'm interested in installing FreeBSD into a small form factor PC for commercial use and was wondering whether there is a EULA in place for that purpose. I would like to avoid the open source requirement of disclosing my codes to a public community. You haven't said if commercial use includes the distribution of executables. Note that the GPL requirement to disclose source applies only if binaries are distributed outside your establishment. You can make commercial use of the device inside your firm of GPL code without violating the GPL. This is often forgotten in discussion, and leads to unnecessary worry. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 2 lines
On Mon, 29 Jul 2013, Terje Elde wrote: On 29. juli 2013, at 18:38, Zyumbilev, Peter pe...@aboutsupport.com wrote: Not sure what is the best way nowadays to get own /24 or at least /26 ? I don't think you ever said if this was two links from the same provider, or two different providers. That's a huge factor in what your options are. You'll have a hard time doing BGP-based failover with a /26. It's just too small a route to be announced globally. This stuff isn't just a technical question, but also one of policy and politics. In order to get to a proper solution, your best option is probably to give the provider(s) a call, and explain what you'd like to do. Depening on a lot of things, one option could be to have the provider owning the IP(s) tunnel it over the other link durin fault. Hard to say if they will, so you really nedd to talk to them. In the meantime, DNS-failover is a lot better than nothing. Did the OP say he was running servers at all? If there are no servers, then any of a number of dual-wan routers will handle the problem with no difficulty and minimal expense. If he is running servers, these routers generally come with built in software to do dynamic updates of DNS, that I understand works, provided you don't have unreasonable expectations about reliability. Just because some institutions can't stand 5 minutes of downtime doesn't mean there isn't a legitimate use for facilities that suffer 5 minutes of downtime several times a year. daniel feenberg NBER Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: to gmirror or to ZFS
On Sat, 20 Jul 2013, Steve O'Hara-Smith wrote: On Sat, 20 Jul 2013 18:14:20 +0100 Frank Leonhardt fra...@fjl.co.uk wrote: It's worth noting, as a warning for anyone who hasn't been there, that the number of times a second drive in a RAID system fails during a rebuild is higher than would be expected. During a rebuild the remaining drives get thrashed, hot, and if they're on the edge, that's when they're going to go. And at the most inconvenient time. Okay - obvious when you think about it, but this tends to be too late. Having the cabinet stuffed full of nominally identical drives bought at the same time from the same supplier tends to add to the probability that more than one drive is on the edge when one goes. It's a pity there are now only two manufacturers of spinning rust. Often this is presummed to be the reason for double failures close in time, also common mode failures such as environment, a defective power supply or excess voltage can be blamed. I have to think that the most common cause for a second failure soon after the first is that a failed drive often isn't detected until a particular sector is read or written. Since the resilvering reads and writes every sector on multiple disks, including unused sectors, it can detect latent problems that may have existed since the drive was new but which haven't been used for data yet, or have gone bad since the last write, but haven't been read since. The ZFS scrub processes only sectors with data, so it provides only partial protection against double failures. Daniel Feenberg NBER -- Steve O'Hara-Smith st...@sohara.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: your mail
See http://www.nber.org/prefs/ On Sat, 29 Jun 2013, Upali Kulasekara wrote: Thank you very much for subscribing me for your mailing list. Upali ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A very 'trivial' question about /root
On Fri, 28 Jun 2013, ASV wrote:
Hi Julian,
you played Devil's advocate well actually as I don't know which idea
would be more audacious, letting httpd access files from your root dir
or exporting /root via nfs. :)
Both of them sound more like a lab scenario than a real one.
A diskless FreeBSD will use an NFS-mounted /root. See:
http://www.freebsd.org/doc/handbook/network-diskless.html
http://www.nber.org/sys-admin/FreeBSD-diskless.html
So it is more than a theoretical possibility. I would also add that
putting stricter permissions on perfectly public information may not
lead to improved security, if it leads to programs and daemons that
would otherwise run as nobody having to run with root priviledges.
daniel feenberg
I understand that launching a chmod 700 /root it's a matter of
something between 1 and 3 seconds. I do also understand that I had /root
closed for long time and never had the need to set permissions back
loose and this triggered my point.
Why is it that open? :)
On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote:
Hi, Reference:
From: ASV a...@inhio.eu
Date: Thu, 27 Jun 2013 21:39:20 +0200
ASV wrote:
Thanks for your reply Polytropon,
I'm using FreeBSD since few years already and I'm kind of aware of the
dynamics related to permissions, many of them are common to many
Unices.
I agree that the installer doesn't put anything secret but as a home dir
for the root user it's highly likely that something not intended to be
publicly readable will end up there soon after the installation.
Which IMHO it's true also for any other user homedir which gets created
by default using a pretty relaxed umask 022, but that seems to be the
default on probably any other UNIX like system I've put my hands on
AFAIR.
Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine
is just a concern about these permission defaults which look to me a bit
too relaxed and cannot find yet a reason why not to restrict it.
After all I believe having good default settings may make the difference
in some circumstances and/or save time.
On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote:
On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote:
There's any reason (and should be a fairly good one) why the /root
directory permissions by default are set to 755 (for sure on releases
8.0/8.1/9.0/9.1)
This is the default permission for user directories, as root
is considered a user in this (special) case, and /root is its
home directory. The installer does not put anything secret
in there, but _you_ might, so there should be no issue changing
it to a more restricted access permission.
Hint: When a directory is r-x for other, then it will be
indexed by the locate periodic job, so users could use the
locate command (and also find) to look what's in there. If
this is not desired, change to rwx/---/---, or rwx/r-x/---
if you want to allow (trusted) users of the wheel group
to read and execute stuff from that directory (maybe homemade
admin scripts in /root/bin that should not be public).
There are few things that touch /root content. System updating
might be one of them, but as it is typically run as root (and
even in SUM), restrictive permissions above the default are
no problem.
To summarize the answer for your question: It's just the default. :-)
I'll play Devil's advocate for a moment ;-)
One reason not to tighten ~root is because one might want
~root/httpuserfile to be readable by httpd to access the crypted
passwords of locked web page. ... ;-)
No not really, that's perverted, I wouldn't reccomend an
http://localhost/~root/ regardless of password locked pages or not.
But it shows how lateral head scratching might be
appropriate before removing read perms on ~root/ .
{ A bit like wrong ownership on / can surprisingly kill AMD NFS
access } ... some unexpected constraints can take some thinking
through, It might be quickest for a number of us to just try chmod
700 ~root for a while see if we get trouble.
Cheers,
Julian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Restarting exports disturbs clients
When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` it kills the jobs on clients that have files open on the fileserver. This is pretty inconvenient for users (and us). Is there a way around this? We have noticed that a Linux fileserver can restart nfs without distrubing clients (other than a short pause). The Linux restart doesn't restart the locking mechanism - is that the difference? We could do without locks, even without NFSv4, for that matter, if it would let us change exports without disturbing users. Perhaps there there is an NFS shutdown procedure that we should be using? Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Restarting exports disturbs clients
On Fri, 3 May 2013, Graham Allan wrote: On Fri, May 03, 2013 at 02:08:26PM +0200, Bernt Hansson wrote: 2013-05-03 12:49, Daniel Feenberg skrev: When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` That seems a bit harsh, try /etc/rc.d/nfsd restart or /etc/nfsserver restart. Sending SIGHUP to mountd has always been the right way to have it reread the exports file - should really be much less disruptive than restarting the service. We have tried both and both disruptive NFS clients. dan feenberg Graham -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD-update?
On Thu, 25 Apr 2013, Steve O'Hara-Smith wrote: The problem under discussion is that the kernel version does not change when a freebsd-update update does not include a kernel change. Perhaps we could adopt the Linux practice of placing the release information in /etc/issue Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD-update?
On Thu, 25 Apr 2013, Polytropon wrote: On Thu, 25 Apr 2013 07:37:01 -0400 (EDT), Daniel Feenberg wrote: On Thu, 25 Apr 2013, Steve O'Hara-Smith wrote: The problem under discussion is that the kernel version does not change when a freebsd-update update does not include a kernel change. Perhaps we could adopt the Linux practice of placing the release information in /etc/issue ... In /etc/issue, you write something like %s/%m %r to print the information before the login prompt. Or you use something like the traditional im=\r\n%s/%m (%h) (%t) in /etc/gettytab. This is written as though it applies to FreeBSD, but I was under the impression that FreeBSD didn't do anything with /etc/issue. There isn't any man page for it, and when I created a file /etc/issue it wasn't presented at login. Is there something else I need to do? I am using 9.1 Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: RSync exclusion
On 18/04/2013 9:30 PM, Jos Chrispijn wrote: rsync -avrz -e ssh /files/ backupr@x.x.x.x:/vol1/FreeBSD/$DATE/ Just a thought, but have you looked at rsnapshot? http://www.rsnapshot.org/ http://www.freshports.org/sysutils/rsnapshot/ It uses rsync, but manages a directory tree with hard links to unchanged files. It would solve your problem, but in a different way. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: how access inside from outside when nat is done from inside to outside
On 4/04/2013 6:41 PM, s m wrote: request packets: src:192.168.2.1 dst: 192.168.1.1 reply packets: src: 192.168.2.50 dst:192.168.2.1 This sort of thing tends to happen when the the packets are not being sent via divert socket properly. Look carefully, step by step, at your ipfw rules which send packets to natd. Also, run natd -v in a separate window instead of running it as a daemon, and it will show you the packets which go through natd, and what is done with them. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where's the metadata?
On 29/03/2013 12:29 PM, Ronald F. Guilmette wrote: So what_is_ the best tool for just simply taking some sort of drive... like a USB flash drive, or any other kind of drive for that matter... and returning it to it's actual size? Did you try using fdisk? It is probably a standard MBR boot record, not a GEOM one. Just a thought... Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Copying memstick image to a USB (flash/thumb) drive
On 28/03/2013 8:10 AM, Ronald F. Guilmette wrote: Question: Why exactly is conv=sync is there? I found this on http://www.mkssoftware.com/docs/man1/dd.1.asp If you specified conv=sync and this input block is smaller than the specified input block size, dd pads it to the specified size with null bytes. When you also specify a block or unblock conversion, dd uses spaces instead of null bytes. So the last block of output gets padded with 0x00 at the end to fill the input block size (from bs=...) Question: Why exactly is the bs=10240 is there? Wouldn't the default of 512 do just as well? It would, but then you would have FILESIZE/512 reads and writes instead of FILESIZE/10240 reads and writes - 20 times more. The end result is the same, but the large bs makes the operation go faster. I routinely use bs=655360 simply because it is a big number divisible by 512, which I can easily remember. 512000 would do just as well, though... Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 27/03/2013 4:18 AM, Joseph Olatt wrote: Any ideas/suggestions on this will be appreciated. Thanks, -- Doug A little while back I wrote a system to do a simple Two Factor Authentication and dynamic manipulation of PF (Packet Filter) Tables. I created it to prevent brute-force attacks on the servers that I have exposed on the Internet. I'm happy to share a program I wrote which slows down the brute force attackers. It simply counts the SYN packets from a given IP and limits the rate per minute by dropping the packet if they are coming too fast. Uses ipfw divert sockets, so would work if you prefer ipfw over pf. If you have a known set of OK IP addresses, you can allow them in ipfw rules before the packets get passed through ratelimit. ratelimit usage: -p size maximum packet size (default: 16384 bytes) -d port divert port number (default: 1) -r rate rate at which 50% of packets are dropped (default: 4) -f rate rate at which 100% of packets are dropped (default: 8) -l secs number of seconds to sleep between syslog() calls (default: 30) -z path path of pidfile (default: /var/run/ratelimit.pid) -hthis message Have you looked at simply using a non-standard port? Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 27/03/2013 10:37 AM, Michael Ross wrote: I'm happy to share a program I wrote which slows down the brute force attackers. It simply counts the SYN packets from a given IP and limits the rate per minute by dropping the packet if they are coming too fast. Uses ipfw divert sockets, so would work if you prefer ipfw over pf. Me Me Me! ...ahem. I do prefer IPFW over PF and would very much like to try it out, so please do share. OK, here 'tis https://secure.clari.net.au/ratelimit2.tgz Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On 27/03/2013 12:59 PM, Michael Ross wrote: I'd like to be able to change the time window: http://gurder.ross.cx/misc/ratelimit.patch Neat. Thanks for that. Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Remote IP to script over inetd
Hi Radek, On 25/03/2013 10:09 PM, Radek Krejc(a wrote: #!/bin/sh echo $REMOTEHOST getpeername() info is not available in Bourne shell directly. You need to use perl or C or So you can do something like this: -- #!/usr/bin/perl # Example code from http://perldoc.perl.org/functions/getpeername.html use Socket; $hersockaddr= getpeername(SOCK); ($port, $iaddr) = sockaddr_in($hersockaddr); $herhostname= gethostbyaddr($iaddr, AF_INET); $herstraddr = inet_ntoa($iaddr); # $herstraddr is of form 12.34.56.78 # Now you know the remote IP address, do what we want to do # eg run a shell script and put IP into $1 $cmd = /root/redirects.sh $herstraddr; exec($cmd); -- PS, if you are just sending an HTTP redirect or similar, you don't need to run the script as root. Cheers, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Client Authentication
On Sat, 23 Mar 2013, Doug Hardie wrote: On 23 March 2013, at 21:51, Mehmet Erol Sanliturk m.e.sanlit...@gmail.com wrote: Using Static IP in the client side , and checking Static IP of the user may be a possibility : In that way , any message from another IP will not be accepted . If this is possible for your systems , it may be checked for usability . One difficulty is that each user should obtain a Static IP and can not connect to his/her ISP from another IP . Good side is that nobody can connect to ISP of the user from another IP : It supplies hardware security ( we are assuming that the user computer is not captured ) .. That is an interesting idea, but unfortunately our users tend to travel a lot and need to be able to access mail from anywhere. Also, static IPs can get quite expensive from some ISPs. Our users are pretty much on fixed incomes and any expense is a hardship for them. Can you filter outgoing mail with Spamassassin? How about refusing to relay mail from addresses in a good DNSBL? Do you rate-limit outgoing mail? Can you just refuse to relay mail from other continents, using a geolocation service? daniel feenberg -- Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: route BGP
Hi, On 22/03/2013 12:28 PM, just man man wrote: do you have configuration routing BGP in freebsd ? thank you I use quagga, because that's what I have been using for the last 10 years. http://www.freshports.org/net/quagga-re/ http://www.freshports.org/net/quagga/ You might also like to try OpenBGPD http://www.freshports.org/net/openbgpd/ Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dumb down a Netgear Smart Switch
On Wed, 20 Mar 2013, Sergio de Almeida Lenzi wrote: Em Ter, 2013-03-19 às 17:09 -1000, Al Plant escreveu: Aloha, Anybody on our list who can tell me how to set a Netgear GS108T 8 Port Smart Switch (Gigabit) to pass thru to a modem under FreeBSD. I have 2 other (non Smart) ones working with FreeBSD just fine in my rack and need to have the new one connect with a DSL modem on a static address. I have one of that model, and if you reset to factory defaults it should act as a dumb switch. There are some options that could be set that would interfere with operation (flow control, port negotiation, etc) but I am confident that none are set in the factory default configuration. (Stick a pin in the hole while power cycling). daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Leaking disk space
On 21/03/2013 3:55 AM, Dan Thomas wrote: Stopping Postgres doesn't fix it, but rebooting does which points at Have you used fstat to identify the big growing file which is taking up the space, and which process has the file open? A file which has been unlinked from all directories won't be seen by du, but it does not free disk space until no process has it open. USER CMD PID FD MOUNT INUM MODE SZ|DV R/W root syslogd476488 /4317027 -rw-r--r-- 19776 w root syslogd476489 /4317041 -rw--- 63 w That might help to track it down. Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Revoke a DHCP lease early?
On Sat, 9 Mar 2013, Modulok wrote: List, I'm running isc-dhcpd to serve leases to clients. Is there a way to expire a lease before it normally would, i.e. force a client to re-negotiate a lease early? Perhaps some shell command akin to the following (which would be nice, but obviously doesn't work):: dhcpd --revoke 192.168.1.24 I am pretty sure there is no message the dhcp server can send to a client to request it give up its IP address unless the client has asked for an address or renewal. dhcpd is a server, it doesn't initiate commands. I expect that if you modified the entry in the dhcpd.conf file and restarted dhcpd that the client would be assigned (and use) a new address the next time it tried to renew (which is typically when half the lease has been used up). My view tends to be confirmed here - http://www.cites.illinois.edu/ipam/leases.html daniel feenberg How do you revoke a client's lease prematurely? Thanks. -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jail question
Bernt Hansson wrote:
I would like to install an old version of freebsd let's say 4.6 in a
jail. Is that possible.
Host is 8.3-stable amd64
Things like ps won't run, but you can copy static binaries from host:/rescue to
jail:/{bin,sbin} as appropriate and that helps a lot.
I just installed a 5.4-RELEASE/i386 jail on a 9.1-STABLE/amd64 system.
Mysqld would not run (dumped core), so I relocated that to a separate jail
running 9.1-STABLE/amd64
One gotcha I found is that while you can run an old i386 system in a jail on an
amd64 host, you can't build an amd64 kernel with COMPAT_AOUT, so if you have an
a.out binary from days of old, you need an i386 kernel.
Devin Teske wrote:
Yes, this is possible.
When I get into work, I'll share with you the recipe (I have a script called update4.sh
which I run after building [or rsync'ing] a 4.x box to an 8.x box to become a vimage; note that I
didn't say jail -- 4.x runs better as a VNET jail than a regular jail).
We've not had much luck in running 4.x as a non-vnet jail under 8.x whereas
vnet-jail works wonders (with a couple binaries replaced, like netstat,
ifconfig, ps, and top for example).
Devin,
Please share your script with us all (especially me :-) )
Thanks,
Danny
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I made a mess. libc
On 22/02/2013 4:44 PM, Shane Ambler wrote: You missed the earlier suggestion - at the single user prompt for a shell don't just hit enter - type in /rescue/sh This suggestion was gold for me, but in a different way. I have for years lamented the passing of static binaries in /bin and /sbin. I forget who mentioned that /rescue/* are statically linked - I had never known that. Today I have just built a 5.4-RELEASE jail on a 9.1-STABLE system, and being able to include a statically linked 9.1-STABLE 'ps' is very useful. The 5.4 version of ps is useless in this jail. And just in case the significance is lost on Bernt, /rescue/sh does not rely on libc, so it won't care if libc is broken. Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot ssh into a box with DHCP assigned IP address
From: Fleuriot Damien m...@my.gd To: me...@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address Date: Wed, 20 Feb 2013 10:31:22 +0100 Cc: freebsd-questions@freebsd.org On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht me...@bristol.ac.uk wrote: I have a laptop with FreeBSD -current, with ip address assigned via DHCP. The laptop has neither a static ip address, nor a domain. I can ping the laptop fine, but cannot ssh into it. The sshd is running, /etc/ssh/ssd_config seems fine, /etc/hosts.allow is fine. However, /etc/hosts is just the default: While on the problem machine, can you ssh to localhost? ssh to the IP address? I would suspect the problem is in /etc/hosts.allow or /etc/hosts.deny, or perhaps the subnet mask is incorrect. The lack of a domain should not be a problem. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: http://localhost/phpmyadmin
On 21/02/2013 9:09 AM, Armando Palax wrote: sorry as I can access my localhost from my phpmyadmin, what happens is that I need to create a database and I can not enter because the strip http://localhost/phpmyadmin error. would help me thanks More information is needed. What error do you get? Is httpd running? Do you get the phpmyadmin login page? Have you looked in the httpd error log? What do you get if you visit http://localhost/ Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
amd64 and COMPAT_AOUT
I'm migrating a lot of services to a new server running 9.1 amd64. I have a VMWare FreeBSD 3.3 server I want to decommission, which is running a client's website with a shopping cart system in an a.out binary (source code lost long ago). I have just tried to build a new kernel on the 9.1/amd64 machine with COMPAT_AOUT added to /usr/src/sys/amd64/conf/NEWKERNEL but ... root@corella:/usr/src/sys/amd64/conf # config NEWKERNEL NEWKERNEL: unknown option COMPAT_AOUT COMPAT_AOUT is recognised in i386/conf The funny thing is that in amd64/conf/NOTES is device gzip#Exec gzipped a.out's. REQUIRES COMPAT_AOUT! Is it possible to get 9.1/amd64 to run i386 a.out binaries? What might I be missing? Thanks, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Software raid VS hardware raid
On Mon, 28 Jan 2013, Per olof Ljungmark wrote: On 01/28/13 21:43, Artem Kuchin wrote: Hello! I have to made a decision on choosing a dedicated server. The problem i see is that while i can find very affordable and good options they do not provide hardware raid or even if they do it is not the best hardware for freebsd. The server base conf is 8core 32gb ram 2.8+ ghz. So, maybe someone has personal experience with both worlds and can tell if it really matters in such configuration if i go for software raid. What are the benefits and what are the negatives of software raid? How much is the performance penalty? I am planning to use mirror configuration of two SATA 7200rpm 2TB disks. Nothing fancy. File system planned is UFS with journaling. I won't delve into detail here but if the data is important HW RAID is where you want to be. Perhaps you could give us a little more details A problem with HW RAID is that if the controller breaks, you need to get an identical controller to replace it, or the data will be lost. With software raid, you can read the data on any machine that will boot FreeBSD. That is a great convenience compared to searching eBay for an obsolete controller with the proper rev level. We haven't noticed any speed disadvantage on modern multi-core hardware and RAID 1. The advantages of HW raid escape me - I understand that years ago it provided OS independence and reduced CPU load, but it no longer provides the former, and with 8 cores do you need the latter while waiting for a disk platter to spin? ZFS is worthwhile, too, especially since you have a good amount of memory. That would give you snapshots and some other desirable features, such as background scanning for defects that UFS doesn't have. about what the purpose of the server is? Mission-critical or low cost? Those two tends to be mutually exclusive... Surely the presence of SATA drives shows that low cost is essential. Mirroring and ZFS provide very important advantages. HW raid seems to fill a much needed gap (apologies to Brian Kernigan). daniel feenberg We are HP-only but have good experience from LSI as well. Just my $0.02. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with diskless/nfs
On Sun, 20 Jan 2013, Bernt Hansson wrote: Hello list! I'm trying to set up a diskless workstation, but I fail. The boot process stops at Can't find kernel then the OK prompt appear. In the log I have this: mountd[1200]: mount request denied from 10.0.0.6 for /news/spool/ad16/x86 pxeboot loads but can't find the kernel because of this. in inetd.conf I have this for tftpd tftpdgram udp waitroot/usr/libexec/tftpd tftpd -l -s /news/spool/ad16/x86 It seems like it is some problem with nfs. kernel is loaded by tftp - so nfs isn't the problem. Find a tftp client and see if the kernel is available to it. I suspect the kernel isn't world-readable and executable. It may also be that tftpd isn't available beyond localhost - did you edit hosts.allow? See http://www.nber.org/sys-admin/FreeBSD-diskless.html for our experiences with diskless boot. daniel feenberg NBER Any help is welcome. /B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: recommendation instead of portmanager
--As of January 11, 2013 11:07:58 PM +0100, Artifex Maximus is alleged to have said: I am using portmanager for updating my ports. I love its -p switch. Is there any similar program with such option? I am asking because portmanager is gone from ports tree. --As for the rest, it is mine. As of when? I still see it. (And I'm dreading it ever going away: It's the only port update tool I've tried that's never broken my system, and the only one that can handle errors in any sensible way, in my opinion.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Gamin/IMAP issue
Since upgrading to 9.1 I've been getting errors retrieving my email via
IMAP. They don't appear to actually prevent anything, but they are
annoying at least. (And while I haven't noticed anything else that is
having the same errors that doesn't mean it's not happening...)
The errors I'm getting are:
Failed to connect to socket /tmp/fam-daniel/fam-
Failed to create cache file: maildirwatch (daniel)
Error: Input/output error
Check for proper operation and configuration
of the File Access Monitor daemon (famd).
('daniel' of course being the name of my user.) I'm using courier-IMAP and
gamin. The only thing I can find online on this is someone else on the
freebsd forums who had the same problem ~8 years ago, who eventually gave
up and switched to fam. (Well, other than the ones that say 'install
fam/gamin', which I have installed, but doesn't appear to be working.) I
have rebuilt and reinstalled both courier-IMAP and gamin. (I actually did
a 'rebuild all dependencies' for gamin.) Permissions on the /tmp and
/tmp/fam-daniel directories are as I'd expect. I've also increased
kern.maxfiles to 10, to make sure it can handle my large maildir
directories. (Though this wasn't a problem before I upgraded.)
Anyone have any other ideas on where I can start troubleshooting? (And
yes, I'm considering upgrading to Dovecot, but I want to know everything is
working first.)
Daniel T. Staal
---
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Gamin/IMAP issue
--As of January 10, 2013 10:48:41 AM -0500, Michael Powell is alleged to have said: Not exactly sure where the problem stems from, but one thing you may wish to consider: do make config on the courier-imap port and deselect the 'with gamin' option and rebuild/make reinstall. I ran courier-imap forever without gamin so I suspect it's not really needed. If this works out remove gamin from the box if there is nothing else using it. Same for fam - if it isn't absolutely required by anything get rid of it. Only port I have that actually uses/depends on gamin for me is Samba36. Definatly an option, though I'd like to know what - exactly - went wrong, as I haven't touched those options on this box in a couple of years. (And it's apparently gamin *or* fam: They would conflict if you installed them both. I have gamin.) As it's just a personal box I can get away with trying to hunt down elusive snarks. ;) The only thing I can think of why courier-imap might have use for gamin/fam is for shared folders and shared folder indexing. This I do not use. YMMV? I don't either, but I get the error basically any time I open anything. I think Peter's idea that it's trying to check usage quotas (which I also don't use...) is more likely correct. Note: /tmp is usually a 'sticky bit' set - mode 1777. I've had a time or two in the past where I've muffed that up. Yep, that's what I was expecting. ;) Anyone have any other ideas on where I can start troubleshooting? (And yes, I'm considering upgrading to Dovecot, but I want to know everything is working first.) I just made the move to dovecot2 after 10 years, or so, of using courier- imap. Not that I ever had any trouble with courier-imap either, but the dovecot2 is a little cleaner install with fewer 'satellite' addons. Been using it a month now and am happy with results. It also slid right in and took over the existing Maildir contents from pre-existing courier-imap - I was very happy to see this! I'm mostly just hearing good things about it, especially that it's slightly faster. It doesn't make much difference to me, but on the other hand I have a couple of folders I do have to wait a moment to open... Mainly though, since I don't have any actual complaints about Courier (other than this new issue, which doesn't appear to primarily Courier's fault), it's not going to be moving up my priority list very fast. ;) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Reading the handbook from console
--As of January 10, 2013 12:37:06 PM -0600, Scott Eberl is alleged to have said: I went ahead and installed the FreeBSD handbook onto my system and I was able to find it on disk per the motd notes but I'm wondering if there is a preferred method for reading these since they are in html format. I tried w3m and lynx and it looks like they are both not installed. Is there something i'm missing for reading these or do I just need to install a cli browser? --As for the rest, it is mine. You'd need to install a cli browser, for the standard install. (Or a PDF viewer, IIRC.) You can go back and change your options for the handbook port if you want as well - one of the other options is to install it in plain text format, either as well or instead. (Other formats there are options for include PDF, Postscript, and a couple of HTML options.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.0 vs 9.1
--As of January 10, 2013 8:02:01 PM -0600, Scott Eberl is alleged to have said: OK can someone please explain this to me in detail? I've been reading all the release notes I can find and I'm not understanding why after upgrading to 9.1 I have to compile from source to install stuff now. It takes forever and asks me questions I have no idea what the answer is to. Early today I installed irssi which I had to do with make clean install because just doing pkg_add -r irssi complains about not being able to find the url of it. Should I just reinstall 9.0 and not upgrade, will ports work correctly then? --As for the rest, it is mine. It's not really because of the release; the same problem actually affects 9.0, but you don't notice it because you can still get old packages. The basic problem is that there was a security breach in the Freebsd build and distribution network. Therefore, until parts of it have been rebuilt, it cannot be trusted. So, there are no trusted servers to build packages at the moment. This was mentioned in a security advisory a while back - well before the release. Since trusted packages of old versions of ports still exist in the required locations, 9.0 can see them. There is no particular reason to believe those packages wouldn't work under 9.1, but on the other hand there is no particular reason to believe that *all* of them still work, (other than there shouldn't have been any changes that affected them) and it is known that they are out of date, so they haven't been moved to the required locations for 9.1. The Freebsd team is working on rebuilding their build and distribution network, but it will take time, and I believe getting 9.1 out may have been considered higher priority. (Mostly because it was so close to done.) Until then, building from source is secure and trusted - and is the only way to get up-to-date ports for *either* 9.0 or 9.1. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gPXE booting FreeBSD?
On Tue, 4 Dec 2012, Rick Miller wrote: Hi All, Does anyone have any experience booting FreeBSD via gPXE and have pointers to relevant documentation and/or blog posts? In the last paragraph of our description of PXE booting FreeBSD: http://www.nber.org/sys-admin/FreeBSD-diskless.html we report that gpxelinux did not work for us. (It hangs once a menu item is selected, or if more than one choice is available). Have you tried and gotten better/worse/similar results? Our trial was about a year ago, it would be worth trying again. dan feenberg NBER -- Take care Rick Miller ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VPS FreeBSD Hosting
On Sun, 25 Nov 2012, Jim Flowers wrote: I gave up maintaining my own hardware for providing cloud computing services about 10 years ago and have been using several dedicated server services with root-access FreeBSD since about 6.0. with good results. At the time VPS looked like too many problems. Now, however, it looks like there are quite a number of mature VPS hosting services that are FreeBSD-centric at very attractive prices. Most offer KVM or VPS-instance access to allow rebooting and reinstallation. Can anyone comment on the providers and the technology in the context of having used them specifically for FreeBSD in the last few years? Good? Bad? Indifferent? We have had good experience with pair.com and rootbsd.com. Both were used for websites. We never had any problems with either, so I can't report on their problem solving skills, but customer service from both was good for the handful of routine questions we had. dan feenberg Fairly modest duty - spam filtering, mailboxes, websites, storage, reverse proxy and the like. Oh yeah, some development. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anybody use the Dell 3010??
On Mon, 19 Nov 2012, Polytropon wrote: On Mon, 19 Nov 2012 06:00:29 -0500, Jerry wrote: On Mon, 19 Nov 2012 11:43:06 +0100 Polytropon articulated: Allow me to provide just one example: More in the series of bizarre UEFI bugs http://mjg59.dreamwidth.org/20187.html That doesn't appear to be a bug. It appears that the code is doing exactly what the designer wanted it to do. At best this was an oversight by the designer; at worse just plain incompetence. That's quite possible. We've seen poorly implemented ACPI behaviour in modern BIOS as well, or manufacturers intendedly going their way to limit hardware in what it can do or what it will support. It's just my fear that UEFI won't do better per se, and that lazy or incompetent people will screw it up, and make it worse. The article mentions legacy boot to restore a somewhat normal behaviour... The only way for FreeBSD (or Linux, for that matter) to survive in a world where hardware vendors care only about Windows, is to make sure that FreeBSD only depends upon features that Windows uses. If a hardware or firmware specification requires feature X, but Windows doesn't use feature X, then vendors won't test feature X, and FreeBSD can't depend on it being functional. So it shouldn't be required by FreeBSD. It can be used, provided it isn't required. In this case it may mean that FreeBSD must identify itself as Windows, just as all browsers identify themselves as IE. You might say this was enabling vendors to provide buggy systems, but as long as FreeBSD is small it does not have the power to affect vendors. Insisting on correctness from vendors has no effect when it is FreeBSD doing the insisting. It is only when FreeBSD is more widely used that it can adopt the role of enforcing standards on vendors, and it can not become widely used if it starts insisting on standards prematurely. daniel feenberg -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anybody use the Dell 3010??
On Mon, 19 Nov 2012, Mehmet Erol Sanliturk wrote: On Mon, Nov 19, 2012 at 4:55 AM, Daniel Feenberg feenb...@nber.org wrote: On Mon, 19 Nov 2012, Polytropon wrote: On Mon, 19 Nov 2012 06:00:29 -0500, Jerry wrote: On Mon, 19 Nov 2012 11:43:06 +0100 Polytropon articulated: Allow me to provide just one example: More in the series of bizarre UEFI bugs http://mjg59.dreamwidth.org/**20187.htmlhttp://mjg59.dreamwidth.org/20187.html The only way for FreeBSD (or Linux, for that matter) to survive in a world where hardware vendors care only about Windows, is to make sure that FreeBSD only depends upon features that Windows uses. If a hardware or firmware specification requires feature X, but Windows doesn't use feature X, then vendors won't test feature X, and FreeBSD can't depend on it being functional. So it shouldn't be required by FreeBSD. It can be used, provided it isn't required. In this case it may mean that FreeBSD must identify itself as Windows, just as all browsers identify themselves as IE. The above paragraph is completely meaningless , because neither *BSD , nor Linux is a marginal operating system . Please see http://www.top500.org/statistics/list/ Select from this Operating System Family where in world's 500 super computers , Windows is on ONLY 3 computers , the rest is almost Linux 469 , Unix 20 , BSD-based 1 computers and others . http://www.asus.com/Static_WebPage/OS_Compatibility/ http://www.asus.com/websites/global/aboutasus/OS/Linux.pdf contains Linux distributions supported in ASUS desktop boards . Some trade marked servers excluded , Linux and *BSD run on many server hardware . It isn't what vendors should care about. I agree they should care about FreeBSD. But by and large they don't. Arguing that they should serves no purpose. They have poor moral character, that is why they don't care and also why they are impervious to argument, except from large customers. The handful of server vendors that are exceptions do not detract from the force of my argument. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 permissions in the / directory
On Wed, Nov 14, 2012 at 05:12:59PM -0500, Joseph Mays wrote: Have a recently set up 9.1 RC1 system. Someone (not me, just sayin') did a chmod 600 in the / directory. Needless to say this caused numerous problems. I tried to change them back as best I could by comparing them to an older directory, but some things are still not right. Trying to log in, via either console or ssh as anyone other than root. Ssh gets: %ssh mays@[redacted] Password: Last login: Wed Nov 14 15:50:37 2012 Could not chdir to home directory /home/mays: Permission denied /bin/tcsh: Permission denied Connection to [redacted] closed. % followed by a disconnect. Console complains about the /home/user directory not being there (though it is and the permissions look normal), says it's logging in with slash instead, then says /bin/tcsh: no such file or directory, though /bin/tcsh is there and permissions look fine. I'm attaching a screenshot of the message log that shows up on console logins. So, two questions. What is causing the problem, and does anyone have anything that shows what the normal / directory permissions for 9.1 RC1 should look like? First, login fails to read the user's home directory, because the permissions on either /usr or /home (depending on whether your /home is a directory, or a symlink to /usr/home) don't allow it to see any contained files or directories, even though, from what you say, all contained files and subdirectory permissions are correct. It then attempts to fall back to using / as an emergency home for this session, but then fails to find /bin/tcsh, because the permissions on /bin prevent it from seeing anything it contains. Second, you can restore most, if not all, of the correct permissions with the mtree tool. Log in as root, and then run this: # cd / # mtree -Uef /etc/mtree/BSD.root.dist The mtree specification file, /etc/mtree/BSD.root.dist, contains a list of the files and directories that are installed in a standard FreeBSD system, along with the correct ownership and permissions for those objects. The -U flag tells mtree to modify any objects that don't match the specification, and the -e flag tells it not to warn about files it finds on disk but not in the specification file. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpnuhNxAl49N.pgp Description: PGP signature
Re: GELI+ZFS failed disk issue
On 2012-10-04 11:45, Andre Goree wrote: Hello all. Wondering I can pick your brains regarding a situation I've run into. I've followed this article on setting up my FreeBSD 9 install on ZFS w/GELI encyrption -- sans the part about having 'bootdir' on a mirror, which, sadly, likely would've saved me from my current problem: https://www.dan.me.uk/blog/2012/05/06/full-disk-encryption-with-zfs-root-for-freebsd-9-x/ The server ran great and I had no issues until this past weekend, when my hard drive that contains the OS pool (including /, /boot, etc.) FAILED. I'm now in the situation where my encryption key file cannot be accessed, since it is on a failed disk. I can live without the stuff on the OS pool, however I have another pool containing many GBs of data (music, video, documents, etc.) that I desperately need and cannot lose. Whats worse is that I never got around to setting up backups for this data (damn laziness!). Unless you've got your key saved somewhere I don't see a lot of options for you. There is one thing you might be able to try: There has to be a copy of the /boot directory someplace on that (failed) disk with the keys in an unencrypted form, otherwise it would have been unable to boot at all. Depending on how the disk failed, there's a chance that (relatively small) section of the disk survived, and could be recoverable by a disk-recovery service. But that's my only thought to a hope... Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wifi for Lenovo Laptop
On 2012-08-29 11:42, Chris wrote: Hi, I've tried to search the lists but can't find anything, but please point me to an existing resource if available. I recently got a Lenovo ThinkPad Edge E530 (3259-9VG) laptop and would like to get the Wifi card running (fresh FreeBSD 9.0 install), but I'm failling as it has been at least 5 years since I used with wifi under FreeBSD. The card is not automatically detected (interface not listed in ifconfig) so I'm assuming I have to either load a kernel module or go the NDIS path. It seems like on Windows, the same driver is used for E430, E435, E530 and E535, so in case anyone is using one of these models, please let me know if have things running. So some questions that might point me in the right direction: - How can I find out which type of card this laptop actually has (can I read it out of dmesg, some PCI listing or whatever)? All I can find are product sheets saying that it has 11b/g/n, but doesn't help me to find a driver. I Is there some meta-module that loads all the native wifi drivers that I can use that I can test? There's a couple of different Wifi options for that machine, so which one you have may make a difference. There looks to be some information on identifying which card you have here: http://www.thinkwiki.org/wiki/Wireless_Network_Adapters (Though they don't have your model listed yet, I think it's a new model...) I'm guessing you probably have a 'Thinkpad' card, which recently has been Realtek, but you'd have to check that. Note that replacing it with a generic mini-PCI wireless card may not work: Lenovo has been known to have their BIOS only recognize 'official' replacement parts. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Building a FreeBSD desktop.
On Tue, 21 Aug 2012, d...@safeport.com wrote: On Mon, 20 Aug 2012, James D. Parra wrote: I was looking to build a desktop to learn FreeBSD and was wondering if there is a list of parts to build one or to just look at the hardware comparability list? I just don't want to order wrong parts. If don't want to make the full commitment to building a desktop, a good way to learn about FreeBSD is to install within a virtual machine. Either VMWare or VirtualBox will serve you well. If you have a system you want to try you can also check out http://laptop.bsdgroup.de/freebsd/index.html. That is a great resource for laptops, too bad it isn't mentioned in the Handbook compatibility chapter. We have purchased many desktop motherboards for FreeBSD over the years, from Intel, Gigabyte, ASUS, MSI and others. None mentioned FreeBSD compatibility, none was on any list promising FreeBSD compatibility and none has failed to boot and run well. That said, rarely the onboard ethernet has not been recognized and we had to add a PCI NIC until the next version of FreeBSD included the proper drivers. No NIC has ever been incompatible in our experience. We have not ever tested APM or ACPI, and if you follow the newsgroup you will know that those are sometimes problematic. Notice how few laptops support APM or ACPI with FreeBSD. Also, while onboard video has always worked for us, some people will notice that the drivers do not always provide the full performance available in Windows. We have not found the Handbook compatibility list very helpful. The list is mostly by chip, which card vendors don't mention in their literature. It would be nice to see a list of currently available products, by retail model number. That doesn't exist as far as I can tell. So it comes down mostly to your feelings about those issues. If you will be upset by less than optimal 3D graphics perforance, there is a risk. Otherwise, don't worry. But why order parts? If you want to learn FreeBSD, just take any old windows box and install FreeBSD over the existing windows install. It will work fine and won't cost you anything. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to refresh network card buffer?
On Fri, 10 Aug 2012, Cos wrote: Hi all The background is I have around 100pcs router-like products. they all have a fixed IP address 192.168.1.100 and of course different MAC address. I need to connect them one by one to configure. The trouble is while I disconnect one unit and change to another unit, the FreeBSD can not recognize the unit immediately. It need around more than 10 minutes to ping 192.168.1.200 successfully. I can refresh it by ifconfig ue0 down and ifconfig ue0 up, it works but I think the way is not smart. I guess there is something like buffer to record IP and MAC pair has to be cleaned. Could anybody advise? Try arp -d 192.168.1.200 as superuser to delete the MAC address from the local ip-to-mac table. dan feenberg -- with kind regards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: compare zfs xfs and jfs o
--As of August 5, 2012 10:29:16 AM -0600, Chad Perrin is alleged to have said: I think that XFS JFS are more mature filesystems than ZFS, but the feature set of ZFS i ahead in the future. For a NFS server first I'll go with ZFS because the consistence in disk and speed will gonna be the differentiator. The idea that ZFS is faster than XFS is certainly a new one for me. Do you have some benchmarks for that? --As for the rest, it is mine. Particularly in this use-case: From my reading ZFS has a performance hit when used as a base filesystem for NFS. (Largely because it insists on *actually following* the NFS spec, and not taking some shortcuts that are common elsewhere...) Not that I have tested that, even on my NFS server. (Which runs ZFS - there are other excellent reasons to use it, and speed isn't a major concern for that particular box.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
On-access AV scanning
Are there any current options available to support on-access antivirus scanning on FreeBSD? security/dazuko doesn't build on FreeBSD more recent than 8[0], so that's a non-starter, and it looks as if the FreeBSD zfs implementation lacks support for the vscan property[1], so using vscan with c-icap[2] is apparently not an option, either. I am in no way clever enough to even consider attempting to add vscan support. I met the new CIO of my company yesterday, and out of that conversation, I am putting together a case for getting a FreeBSD or Solaris workstation to replace the aged Windows XP machine I've been on for the last three years. My first choice would be FreeBSD, but I need to convince him that AV provisions are adequate to meet corporate IT policy guidelines. With the hardware specifications we are looking at, it would be possible to configure a full, on-demand scan every few hours, but on-access capability would be nice. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! Thanks for any hints, Dan [0]: security/dazuko/Makefile:22 [1]: cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c:1456-1461 (FreeBSD 9.1-PRERELEASE from two days ago) [2]: https://www.sunwfrk.com/2009/04/19/zfs-with-on-access-virus-scan/ -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgph8o2CvNoPi.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain of dismissal. I don't want to lose my job, because you said I didn't need AV software. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp5nybljJpkE.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain Well, there is AV software for FreeBSD - we use Kaspersky on our FreeBSD based mailserver, but the viruses it looks for are Windows viruses. I don't know if that will satisfy your IT policy. Maybe you should be looking at Cygwin? Or, can FreeBSD run under HyperV? Thanks, Daniel. I have looked at Kaspersky, and various others, but the main sticking point, as I see it, is that there is no on-access scanning capability in any of the AV packages available for FreeBSD. It's not essential to build my case, but it would certainly strengthen it. I use ClamAV on my home mail server, and it works well. I have also tested it out on a desktop machine to run on-demand scans, and it works just fine, and doesn't impose so much of a load as to be a nuisance. We have had a couple of virus outbreaks recently, so this is quite a high profile concern around here at the moment. The CIO is from a technical background, so I might well be able to convince him of FreeBSD's strengths as a very secure system, but I will still need to accede to the IT policy, sadly - no way around it. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpmcMu7t87SO.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain Well, there is AV software for FreeBSD - we use Kaspersky on our FreeBSD based mailserver, but the viruses it looks for are Windows viruses. I don't know if that will satisfy your IT policy. Maybe you should be looking at Cygwin? Or, can FreeBSD run under HyperV? daniel feenberg NBER of dismissal. I don't want to lose my job, because you said I didn't need AV software. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 01:23:36PM +0200, Polytropon wrote: On Fri, 27 Jul 2012 12:00:19 +0100, Daniel Bye wrote: All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain of dismissal. Why is the AV software running on FreeBSD not sufficient in the opinion of your superior (or by the guidelines of the corporate directives)? And those who bring a smartphone to work (private or company use), how do they run AV software on those _IT devices_? :-) Oh, and how is AV software brought to the company network printers, the LAN gear and WLAN APs and everything else that can be infected, exploited, ruined or damaged? Or do they simply not count as desktop/workstation as you mentioned? In that case: Happy attack vectors. :-) Well, no, they don't count, according to our policy, because they're not desktops. I know, I know - but I didn't write the damn policy - I just have to live by it! :-/ Excuse my sarcasm, but there's a little truth in it, when seen from an IT security point of view. I know, you make valid points - but I am merely a minor functionary on the content development department, and not a global IT policy maker. If it were up to me, everyone in the company would be on UNIX of some kind or other, but it just isn't up to me. Hopefully, I can convince those that need convincing that what is available is sufficient. I've only been using FreeBSD for the last 13 years, after all, and in that time can count on the fingers of no hands the number of security flaws that have allowed any of the machines under my care to be compromised... I know that's no reason for complacency, and that I have been lucky, but it's still a comforting statistic. Thanks for your thoughts, guys. Of course, I'm going to extol FreeBSD's virtues (it'd be great to get it in the datacentre, wouldn't it?), and we'll see how we go! Really, I _do_ understand your problem (or better the problems others created for you). Try to get more specific statements to what kind of AV software with which action attributes is required and try to construct a solution that will be sufficient in the _view_ of the responsible superiors. The less they do actually understand, the easier it should be. FreeBSD does _have_ AV software, but not _for_ FreeBSD per se (as it cannot be infected by viruses, trojans and malware that are designed explicitely for Windows platforms), but it can very well detect them. This all still does not help against human stupidity. Aye, quite so. Preaching to the choir, brother. Feel free to show this article and make use of its arguments: Robert McMillan: Is Antivirus Software a Waste of Money? http://www.wired.com/wiredenterprise/2012/03/antivirus/ Thanks for the link - I'll certainly have a read of it, and might well drop the link in my email to him. A _responsible_ and well-educated IT representative should form his own intelligent opinions, instead of trying to blindly corporate guidelines which are possibly _impossible_ to instantiate. Oh, this guy isn't frightened of change, so I'm just trying to build the best case I can for his accepting FreeBSD. He seems very reasonable, and I'm sure will be able to make an informed decision based on what I tell him, and his own knowledge and experience. To be honest, when I asked him for a UNIX workstation, I was expecting him to just laugh at me, so to be given the opportunity to make a case for FreeBSD came as a very welcome surprise. My idea for a solution: You can use a file access monitor (FAM) to detect when a new file enters the system, and then immediately have it scanned by a virus scanner you have already installed from ports. Yep - exactly the solution that occurred to me a few minutes ago. A project for the weekend! Because looking after a 6-month-old baby doesn't take up all our time... Next issue: You need a virus scanner that inspects network packets! :-) lol. Don't! Like I said, I'm just a code jockey in the content development department - all that stuff happens way up there, out sight of us mere bottom-dwellers! Cheers, Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpDEDncQmqJK.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 01:52:16PM +0200, Damien Fleuriot wrote: FUSE ClamFS Ah, thanks for that. I'll check it out. But then, FUSE... ew... I know. But, if it gets me my workstation... ;-) Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp6MJm1b2W4J.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 07:15:29PM +0700, Erich Dollansky wrote: Hi, On Fri, 27 Jul 2012 12:47:29 +0100 Daniel Bye freebsd-questi...@slightlystrange.org wrote: On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? why should it be available when it is not needed? Because the IT policy (currently) requires it. I don't agree with that policy, but there you are - I don't have the authority to simply ignore it. FreeBSD doesn't need this as there are no viruses on that system. Ok, this is a bad reasoning. Thanks, Daniel. I have looked at Kaspersky, and various others, but the main sticking point, as I see it, is that there is no on-access scanning capability in any of the AV packages available for FreeBSD. You will not find them. The scanners running on FreeBSD are looking for Windows pests. Yes, I know. But we have petabytes of file systems shared over SMB/CIFS, so if a Windows machine inroduces something to the network, it strikes me as reasonable that if my (still putative) FreeBSD system finds it before another Windows system, I have potentially prevented a much wider problem. It's not essential to build my case, but it would certainly strengthen it. I use ClamAV on my home mail server, and it works well. I have also tested it out on a desktop machine to run on-demand scans, and it works just fine, and doesn't impose so much of a load as to be a nuisance. Does it scan for FreeBSD viruses? I would wonder. I wouldn't waste your time wondering, if I were you. Of course they *all* look for malware that infests Windows machines. But, that nontwithstanding, I have to adhere to the policy, whether I like it or not. We have had a couple of virus outbreaks recently, so this is quite a high profile concern around here at the moment. The CIO is from a technical background, so I might well be able to convince him of FreeBSD's strengths as a very secure system, but I will still need to accede to the IT policy, sadly - no way around it. You will have to give it a miss then. The security concepts of FreeBSD are 100% different. They will never match this kind of policy. Yes, and I am hoping that that fact is enough to persuade him that the current policy (which he inherited, by the way, he didn't have a hand it its establishment) is no longer applicable in an increasingly mixed environment (Polytropon brought up the obvious matter of smartphones and tablets and other devices). Thanks for your thoughts. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpZZcvYWv02S.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 10:02:26AM -0500, Paul Schmehl wrote: --On July 27, 2012 11:43:08 AM +0100 Daniel Bye freebsd-questi...@slightlystrange.org wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? Clamav. I use it on my home mail server (I have a Windows machine on my network, so want to trap anything nasty that comes in to protect that). It integrates well with exim's malware ACL checks. I did some testing several years ago with ClamAV, Sophos and McAfee (scanning incoming mail), and ClamAV was comparable to McAfee in detection rates - over 98%. Yes, it's a good product, no doubt. If you run the daemon you have on access scanning. Seems like that would satisfy the policy. No - the daemon only provides on-demand scanning on FreeBSD. That is, it only scans files that are explicitly passed to it by some other process - usually an MTA or the clamscan command line tool. On-access scanning requires an additional layer on top of the file system, which intercepts certain file system operations, sending files transparently to the scanner. Opening a file in your editor, for example, might cause the file to first be scanned before your editor can get it. Likewise, trying to download something from the web in your browser would cause the file to be scanned before it's saved to disk. That's what the dazuko port was for (although it doesn't work on FreeBSD9, and the latest version is a Linux-only rewrite.) As Polytropon pointed out, it should be possible to create a passing approximation by using FAM/Gamin. Thanks, everyone, for all your input. I think I have enough to be able to put a strong case forward. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpWnIudkhITd.pgp Description: PGP signature
Re: Question about install from ports
On Mon, Jul 23, 2012 at 03:45:35AM -0700, Mr U wrote:
hi all
I want to install openbox from ports collection.
freebsd attempting to download libxml2 from fr.rpmfind.net but
I don't know why connection speed slow down after a while and finally
failed.
is it possible to change download location (mirror) or is it possible to
download file manually
and add file in openbox dir?
If you can find the file on a faster site, you can download it and put it in
/usr/ports/distfiles/rpm/i386/fedora/10/ and restart the OpenBox build, or
you can put these two settings in /etc/make.conf:
MASTER_SITE_BACKUP?=\
ftp://ftp.uk.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
Change the uk to point to a site near to your geographical location. With
these lines, your ports system will first look for distfiles on the FreeBSD
mirror site, and will only go to the MASTER_SITE in a port's Makefile if the
FreeBSD site doesn't have the required file. This is sometimes faster than
going to the MASTER_SITE first.
Or, as RW suggested, try setting RANDOMIZE_MASTER_SITES.
Dan
--
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
pgpbbi9WCa4Im.pgp
Description: PGP signature
Re: Question about install from ports
On Mon, Jul 23, 2012 at 08:08:47AM -0700, Mr U wrote:
thank you dan
but how i can use RANDOMIZE_MASTER_SITES temporary?
i tried google but i didn't find any info about this!!!
It's just a shell variable, so you can temporarily set it by defining it on
the command line for which you want it to apply. In this case, you'd want to
go back to the OpenBox directory, and type
RANDOMIZE_MASTER_SITES=1 make all install clean
(That's the number one after the `='. It doesn't really matter what value it
is set to - the important thing is that it's set)
For this one command, RANDOMIZE_MASTER_SITES is in effect.
Looking at this again, it seems I got myself confused as to where you should
download the distribution file. I think your system is trying to download a
plain tbz file, and not an RPM. If that's the case, the downloaded file will
actually go in /usr/ports/distfiles. The fact you mentioned fr.rpmfind.net
was enough to send me off down the wrong path...
Sorry for making things more complicated than they needed to be!
Dan
- Original Message -
From: Daniel Bye freebsd-questi...@slightlystrange.org
To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org
Cc:
Sent: Monday, July 23, 2012 6:29 PM
Subject: Re: Question about install from ports
On Mon, Jul 23, 2012 at 03:45:35AM -0700, Mr U wrote:
hi all
I want to install openbox from ports collection.
freebsd attempting to download libxml2 from fr.rpmfind.net but
I don't know why connection speed slow down after a while and finally
failed.
is it possible to change download location (mirror) or is it possible to
download file manually
and add file in openbox dir?
If you can find the file on a faster site, you can download it and put it in
/usr/ports/distfiles/rpm/i386/fedora/10/ and restart the OpenBox build, or
you can put these two settings in /etc/make.conf:
MASTER_SITE_BACKUP?= \
ftp://ftp.uk.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
Change the uk to point to a site near to your geographical location. With
these lines, your ports system will first look for distfiles on the FreeBSD
mirror site, and will only go to the MASTER_SITE in a port's Makefile if the
FreeBSD site doesn't have the required file. This is sometimes faster than
going to the MASTER_SITE first.
Or, as RW suggested, try setting RANDOMIZE_MASTER_SITES.
Dan
--
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
--
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
pgpBLKGxZjMLX.pgp
Description: PGP signature
Re: fsck on FAT32 filesystem?
On Thu, 19 Jul 2012, Carmel wrote: On Thu, 19 Jul 2012 10:15:17 +0200 (CEST) Wojciech Puchar articulated: 1) There's a _reason_ the gov't requires hard drives with anthing higher than 'somewhat' classified data on them to be =physically= destroyed before leving the secure area. no. for modern hard drives it was already proved that dd if=/dev/zero of=/dev/disk bs=1m is enough to make data unreadable. for very old drives it may not Would you be so kind as to point out the proof of that statement? Please provide an address or location where the documentation supporting that statement can be found. By the way, NOT READABLE is not equal to UNRECOVERABLE. I hesitate to intervene in this dispute, but my posting Can intelligence agencies recover overwritten data? at http://www.nber.org/sys-admin/overwritten-data-gutmann.html will iluminate this discussion. dan feenberg -- Carmel ? carmel...@hotmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: power failure, boot, and fsck
On Mon, 9 Jul 2012, Matthew Seaman wrote: On 09/07/2012 04:22, Patrick Donnelly wrote: UFS: /dev/ad10s3f (/usr) Automatic file system check failed, help! error aborting boo (sending sigtem to parent)! init: /bin/sh on /etc/rc terminated abnormally, going to single user mode. enter full pathname of shell or RETURN for /bin/sh: In single-user mode I just `fsck /dev/da0s1a` and reboot. That fixes the problem. However, I would like this to be automatic on boot. It would be annoying if I'm out-of-town and the server cannot recover without my help. Any tips? fsck does run automatically when a filesystem does not get shut down cleanly. However, fsck cannot fix all of the problems a filesystem can experience without risk of loss of data. In those cases, there is no option but to stop and ask the operator to intervene. Won't soft updates solve this problem? http://www.freebsd.org/doc/en/books/handbook/configtuning-disk.html The handbook says. We recommend to use Soft Updates on all of your file systems. but doesn't mention booting specifically. This isn't something I have tried (we boot over the network). Your best bet is to avoid an unclean shutdown entirely. Buy a UPS. We have lots of UPS systems. They constitute a single point of failure, a prodigous amount of hazardous waste every couple of years. I'd sure like to drop them - and not on my foot. I should say that we stopped using soft updates because the background fsck was very slow, but that was on very large partitions. On a boot drive with no user data, the timing would be fine. dan feenberg Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Question about missing posix shared mutex
Hi guys! According to the sphinxsearch dev-team freebsd does not support posix pthread shared mutex but later on i found this post that gave some pointers that it might been implemented into freebsd 9: http://freebsd.1045724.n5.nabble.com/What-is-the-status-of-thread-process-shared-synchronization-td4224458.html However 9.0-RELEASE doesnt have it so i tried out 9-STABLE but it isnt in there either. There is also a pretty long bugthread on sphinxsearch's bugtracker about it: http://sphinxsearch.com/bugs/view.php?id=1041 Basically my question is if there is work being done on this and if we will see it in 9.1? Or should i abandon freebsd for our sphinxhosts? :( Best regards Daniel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portupgrade -- is there a way to only build and update ports that actually NEED it?
On 2012-06-25 11:47, John Levine wrote: You would think there's an option to portupgrade that says don't upgrade every single package I've got, but if somewhere in the dependency chain I need a newer version of a thing, then do it. The problem is that the versioning in the ports system doesn't distinguish between upgrades that present interface changes and upgrades that are just nits, new features, or minor bug fixes. Port makefiles can contain version dependency info, e.g., this port needs at least version N.M of package X, but few of them do. This has bitten me in the past with PHP and pcre. In fact, PHP5 won't work with old versions of pcre, but the PHP port maintainer refuses to put in version dependency info, because he thinks that every port should be up to date all the time. There's also the issue of things like Perl modules - most of them will just work, even with a newer version of perl, but a few have sections that need to be compiled against perl itself. So if you update the Perl port, you need to at least recompile those. (I'm simplifying a bit.) But there is no good way to mark in general which ports will 'just work' with an updated dependency, and which care what version of the dependency was installed when they were compiled. This is separate from versioned dependencies: Again to use Perl modules as an example, DBI for instance is will work with any version of perl since 5.8 or so - but if you change which version of perl you are using you'll need to recompile and reinstall. Rebuilding everything is a bit overkill, but it beats missing one that needed to be rebuilt. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is ZFS production ready?
On 2012-06-21 08:12, Евгений Лактанов wrote: 21.06.2012 15:52, Wojciech Puchar пишет: stick with UFS. It JUST WORKS(R), and is trusty. And it works fast. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I see the trend here. That guy is determined to shove his opinion down the throat of everybody. Stop it, tis most annoying. Back to the topic. ZFS support has matured greatly since the last time you tried it, currently freebsd supports zfs pool v. 28 in the last updates. Try it, it won't disappoint you. Agreed. Wojciech Puchar is in my 'probable troll' file at this point, from his interactions on several topics. ZFS is stable and tested, and works well if you have the resources. That means RAM as well as hard disks - and if you don't have the resources, most of ZFS's advantages wouldn't be coming into play anyway. I have seen no reason to believe at this point (under FreeBSD 9) that it is any less stable than any other filesystem. It is still fairly new relatively, but I and others have used it with no problems, on boxes of various sizes. Getting the best performance may take some tweaking on occasion, but in general it should be very good. (And getting the best performance out of a multi-terabyte drive array will take tweaking no matter what file system you are trying.) My one note to the above would be to advise against using it for swap - unless you have enough RAM to make sure you never swap. It doesn't do well in that role, in my experience. (Though that was under a slightly earlier version.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB device activity when not mounted
On Thu, 14 Jun 2012, Mike Clarke wrote: On Thursday 14 June 2012 07:05:11 Polytropon wrote: I don't think that's a problem. I've got a USB stick here that has a blinkenlight as soon as it's powered on (plugged in), even if there is no reading / writing / mounting activity. After you've successfully performed umount, the USB stick _is_ synced and can safely be removed, no matter what you assume the funny lights want to tell you. Is it possible that there is volitile memory buffering in the stick that may not have been written to flash when umount thinks it is complete, and the flashing light is an indication that power is still required to complete the write to non-volitile memory? Futhermore, are we sure that umount even waits for a sync? There is no mention of that in the man page and I don't recall any long waits for umount to return. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Making a bootable backup (hard)disk... how?
On Sun, 10 Jun 2012, Ronald F. Guilmette wrote: What I don't understand (and what I wish someone would enlighten me about) is just this: It would seem that in order to implement these dump levels, dump must be keeping a record somewhere, for each file in the filesystem, of the level at which that file was last dumped. But where is this infor- mation stored, exactly?? I won't be able to sleep until I know. Only the dates of the levels of backup are stored, in /etc/dumpdates. Then the fact that a file has been dumped is inferred by comparing the file's last mod date with the dates in /etc/dumpdates. See the -T and -u options of the dump man page where this is implied but perhaps not actually stated. It does occur to me that /etc is not a felicitous place to keep this information, but given the desirability of dumping filesystems in read only state, placing the dump dates in the filesystem itself isn't feasible. daniel feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Which FreeBSD for Intel i7-2600S and DQ67SWB3?
--As of June 7, 2012 3:30:52 PM -0700, David Christensen is alleged to have said: For a new computer, I wouldn't go with anything earlier than FreeBSD 9.0, and in my case, upgrading to 9.0-STABLE proved stabler than the 9.0 release. STFW: http://lists.freebsd.org/pipermail/freebsd-questions/2012-March/239742.ht ml It looks like -STABLE are daily development/ test builds (?): It's a bit more nuanced: -STABLE is -RELEASE plus features that are believed to be complete and tested. -CURRENT is -STABLE plus features that are still under development. I'd call -STABLE test - but not quite development - builds, if that makes sense. ftp://ftp.allbsd.org/pub/FreeBSD-snapshots/amd64-amd64/ I'm looking for stability. I'll try the 9.0-RELEASE: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/ This generally my choice. You can be sure it's considered final-product ready. It also allows you to use freebsd-update to get patches. (Unless you compile your own.) I don't recognize or don't remember DQ67SWB3 motherboard model, is it from MSI? Intel: http://www.intel.com/content/www/us/en/motherboards/desktop-motherboards/ desktop-board-dq67sw.html I'm not sure what the B3 suffix means, but it's on the box. A few other questions for the list, please: 1. Does FreeBSD support encrypted disk partitions (slices)? Yes, see the Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html (Actually, many of your questions can be answered from the handbook. ;) ) Using them in conjunction with ZFS is a bit complicated, but can be done. (Generally, you'd want to use an encrypted slice as a disk to put ZFS on.) ZFS itself does not currently support encryption. 2. Does the X server in FreeBSD (?) support Intel HD 2000 integrated graphics? That's Sandy Bridge, and is supported as of 9.0. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body ... On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own You don't need the signing key if you turn off secure boot in the CMOS. The fedora folk are worried that naive desktop users will not be able to do that, and usage of linux will be impeded. It won't be a significant impediment to users capable of compiling their own kernel. is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Apple keeps it's signing key secret because it gets a share of revenue from the sale of apps. If the fedora key became known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked keys online? That would be surprising. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On 2012-06-05 17:20, Jerry wrote: The question that I have not seen answered in this thread is what FreeBSD intents to do. From what I have seen, most FreeBSD users do not use the latest versions of most hardware, so it may be a while before its user base is even effected. I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. In slight defense of RedHat: They do a lot of worrying about enterprise and government customers, many of whom don't really care what platform they are running on - as long as they can get 'support' and it passes their security/operational tests. In that environment, I can easily see some middle-manager decreeing that disabling the signed-boot process is verboten, without any understanding of the meaning or the consequences, and enforcing it on the whole company/division, to the point where any non-signed OS would be thrown out the door. FreeBSD has probably already been thrown out the door at those types of locations, as there is no 'official' support channel. (Yes, for my sins, I work at one of these...) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, 6 Jun 2012, Damien Fleuriot wrote: On 6/6/12 6:45 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. But my point is that MS doesn't issue the updates, they have to ask the BIOS vendors to do so, and then the MB vendors have to take the update, and then the users have to install the update. The incentive at each level is generally very small. It does create some confusion, but is hardly an enforcement mechanism. It would disable older versions of FreeBSD on newer hardware, but not much else. A previous poster has pointed out that MS can't revoke a certificate belonging to RH, but I suppose the could ask the BIOS vendors to treat it as revoked. I don't know what the response would be. Daniel Feenberg Otherwise the key's purpose is rendered moot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On 2012-06-06 15:05, Jerry wrote: On Wed, 06 Jun 2012 12:49:53 -0400 Daniel Staal articulated: I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. I totally agree with you. Unfortunately that speaks to the sad state of affairs that FreeBSD appears to be in. When it comes to supporting the latest technologies, it tends to be behind the curve when compared to other operating systems. Wireless networking and USB support are only a few examples. That was not my intended message with the above. :) FreeBSD supports several server-class hardware platforms. ARM is not currently a server-class hardware platform. (It's a very interesting platform for mobile and small devices, but it has not seen any significant use that I am aware of in the market that FreeBSD is primarily aimed at.) Secure Boot - if even a part of the platform - can easily be disabled on those platforms. So it is not a current problem, and there is a fair amount of bad feeling about the technology, so it may not ever be a problem. RedHat is facing severe backlash from the community because it supported this technology. A 'wait and see' approach to whether it needs to be supported at all - especially as it doesn't appear to need support at present - is a reasonable course. I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. *Raises hand*. I did this with two boxes within the past year. One turned out to be to new for FreeBSD - but Linux didn't have support for it yet at that point either. Now either does. In slight defense of RedHat: They do a lot of worrying about enterprise and government customers, many of whom don't really care what platform they are running on - as long as they can get 'support' and it passes their security/operational tests. In that environment, I can easily see some middle-manager decreeing that disabling the signed-boot process is verboten, without any understanding of the meaning or the consequences, and enforcing it on the whole company/division, to the point where any non-signed OS would be thrown out the door. FreeBSD has probably already been thrown out the door at those types of locations, as there is no 'official' support channel. (Yes, for my sins, I work at one of these...) What sin? You use a product and want it properly supported. You have an absolute right to that. Posting a message on a forum and hoping that someone can answer it is not the type of support a business would want. I'm not sure what sin I committed to be consigned to this place, but it must have been heinous. (And in many cases 'official support' appears to be 'post a message about it on our forum, so we can ignore you more efficiently'.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Tue, 5 Jun 2012, Polytropon wrote: On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ I may reply with another link: http://mjg59.dreamwidth.org/12368.html I have a pretty basic question that probably displays some ignorance... Does the loader need to be signed? Once signed, can it load anything, or just things MS has approved? If MS signs the kernel, can the kernel run anything, or just things MS has approved? If RH has a signed kernel, do they have to sign all the userland programs that run under that kernel? Can users sign programs compiled from source? If MS only has to sign the first link in the chain, then the $99 certificate is not really a problem except for the pure of heart. If MS or someone else has to sign all the way down to the userland binaries, then users of FreeBSD will have to turn off secure boot in CMOS, and it will lose a few users. But I can't tell from the discussions mentioned above. Either way, I don't think it will destroy FreeBSD, or Linux, but I would be interested anyway. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Tue, 5 Jun 2012, Jerry wrote: On Tue, 5 Jun 2012 17:00:14 -0400 (EDT) Daniel Feenberg articulated: On Tue, 5 Jun 2012, Polytropon wrote: On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ I may reply with another link: http://mjg59.dreamwidth.org/12368.html I have a pretty basic question that probably displays some ignorance... Does the loader need to be signed? Once signed, can it load anything, or just things MS has approved? If MS signs the kernel, can the kernel run anything, or just things MS has approved? If RH has a signed kernel, do they have to sign all the userland programs that run under that kernel? Can users sign programs compiled from source? If MS only has to sign the first link in the chain, then the $99 certificate is not really a problem except for the pure of heart. If MS or someone else has to sign all the way down to the userland binaries, then users of FreeBSD will have to turn off secure boot in CMOS, and it will lose a few users. But I can't tell from the discussions mentioned above. Either way, I don't think it will destroy FreeBSD, or Linux, but I would be interested anyway. I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. It says once paid you can sign as many binaries as you want but I don't know if that means as many different binaries or as many copies of the same binary. Later it says they will write a new bootloader that MS will sign and adding support for verifying that the kernel it's about to boot is signed with a trusted key but I don't know if that kernel is signed by MS or RH, or if MS gets to approve it. Finally it says we'll be sanitising the kernel command line to avoid certain bits of functionality that would permit an attacker to cause even a signed kernel to launch arbitrary code but does arbitrary code refer to something I would want to do as a sys-admin? dan feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
--As of June 2, 2012 6:32:39 PM -0400, Simon is alleged to have said: This thread confused me. Is the conclusion of this thread that ZFS is slow and breaks beyond recovery? I keep seeing two sides to this coin. I can't decide whether to use ZFS or hardware RAID. Why does EMC use hardware RAID? --As for the rest, it is mine. It appears to be the conclusion of Wojciech Puchar that ZFS is slow, and breaks beyond recovery. The rest of us don't appear to have issues. I will agree that ZFS could use a good worst-case scenario 'fsck' like tool. However, between at home and at work (where it's used on Solaris), the only time I've ever been in a situation where it would be needed was when I was playing with the disks in several low-level tools; the situation was entirely self-inflicted, and would have caused major trouble for any file system. (If I'd been storing data on it, I would have needed to go to backups. Again, this would have been the case for any file system.) ZFS can be a complicated beast: It's not the best choice for a single, small, disk. It may take tuning to work to it's full potential, and it's fairly resource-intensive. However, for large storage sets there is no other file system out there at the moment that's as flexible, or as useful, in my opinion. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
On Fri, 1 Jun 2012, Wojciech Puchar wrote: Assuming that filesystem doesn't need offline filesystem check utility because it never crash is funny. zfs scrub...??? when starting means crash quickly? Well.. no. Certainly with computers that never have hardware faults and assuming ZFS doesn't have any software bugs you may be right. But in real world you will be hardly punished some day ;) Additionally ZFS works directly at the block level of the HD meaning that it is slightly different to the 'normal' file systems in storing information and is also self healing.. doesn't other filesystem work on block level too? if no - then at what level? If the OP really intended to stripe disks with no parity or mirror for ZFS , then that is probably a mistake. If the disks are /tmp, it might make sense to stripe disks without parity, but no need for ZFS. The OP did say JBOD, which to me means that each disk is a separate disk partition with no striping or parity. Again, in that case I don't see any need for ZFS. As for ZFS being dangerous, we have a score of drive-years with no loss of data. The lack of fsck is considered in this intelligently written piece http://www.osnews.com/story/22423/Should_ZFS_Have_a_fsck_Tool_ The link to the emotional posting by Jeff Bomwick is broken, but the original is available at: http://mail.opensolaris.org/pipermail/zfs-discuss/2008-October/022324.html daniel feenberg nber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
--As of May 31, 2012 11:24:41 AM -0700, Dennis Glatting is alleged to have said: 2) Under heavy I/O my systems freeze for a few seconds. I haven't looked into why but they are completely unresponsive. Note I am also using compressed volumes (gzip), which puts a substantual load on the kernel. --As for the rest, it is mine. I'm not using as huge a dataset, but I was seeing this behavior as well when I first set my box up. What was happening was that ZFS was caching *lots* of writes, and then would dump them all to disk at once, during which time the computer was completely occupied with the disk I/O. The solution (suggested from http://wiki.freebsd.org/ZFSTuningGuide) for me was: vfs.zfs.txg.timeout=5 in loader.conf. That only allows it to cache writes for 5 seconds, instead of the default 30. This appears to be the default in the latest versions of FreeBSD, so if you are running an upgraded 9, ignore me. ;) (But check the page linked above: There are other suggestions to try.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network Cards Compatibility
On Thu, 17 May 2012, Christian ROUSSEAU wrote: Greetings, I would like to have a list of the free bsd compatible network cards . Is it compatible with realtek chipset drivers. That comes with most PC's? Just guessing, you have to restrict yourself to a very limited selection? You would do better to post a list of the cards available to you and ask what will work. I have purchased many very inexpensive ($10) NICs and never had a compatibility problem with whatever was the latest FreeBSD version available at the time, although very expensive cards, and very new motherboard with embedded NICs have sometimes not worked. Also, if you are running an older version of FreeBSD you may have more difficulties. My cynical view is that the vendors of cheap cards don't bother to make modifications to the reference design, so they remain compatible. The official list of compatible NICs is sometimes difficult to reconcile with what is available in the local Micro-Center or Fry's, and I expect the situation is no better where you live. http://www.freebsd.org/relnotes/CURRENT/hardware/support.html#ETHERNET The Intel Pro/1000 is our current favorite card, but is $35. It supports PXE booting, which we do a lot. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Server
On Thu, 17 May 2012, lpeth wrote: FreeBSD Dear Sirs; I have a 8core, 32 GB ram server I built myself. AMD cpu, with Supermicro motherboard. I want to use FreeNAS as a database system, and I'm wondering what it will cost to use FreeBSD with FreeNAS. I see the Version I would like is $40 for a four CD set, but that does not mean I get to use the server version of it. What is the server version going to cost? Sincerely, Mark T. Evans FreeNAS is effectively a FreeBSD distribution emphasizing storage. It is open source and free of cost: http://www.freenas.org/ The CDs are nice, but you can download an ISO also. iXSystems have TrueNAS, which is costly. My understanding is that FreeNAS is a subset of TrueNAS. See: http://www.ixsystems.com/storage/ix/truenas/ for more information. Daniel Feenberg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD X?
--As of May 17, 2012 8:36:38 PM -0400, Vance Siemens is alleged to have said: http://www.trollaxor.com/2012/05/freebsd-x-berkeley-unix-apple-quality.ht Um, wasn't April 1st *last* month? Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best mail setup for home server?
--As of May 5, 2012 10:21:10 AM -0500, Joshua Isom is alleged to have said: I currently use my FreeBSD system as my generic unix server and some coding, along with occasional multimedia. I'd installed postfix years ago and kept using it. Right now, I use getmail with cron, dspam, and dovecot to handle my gmail account. I've never set up outgoing mail which makes changing email clients, or devices, annoying. Currently postfix is set to use dovecot's deliver command so that dovecot can sort and handle it. Before I deal with setting postfix to relay the mail, dealing with firewalls and other possible issues, is there a better alternative? I'd prefer that local mail just works even if I lose internet, and any email that gets as far as my server will at least eventually mail. --As for the rest, it is mine. I've been using Postfix for a decade to do basically this; no major problems, and it doesn't take much to set up. No reason to go to something else. (Even for speed: I've used it for work on a site handling millions of messages a day...) As has been said, a local resolver will help. The thing to watch for is what mail you'll let it accept: It's moderately easy to set it up as an open relay, which you *don't* want to do. Accept from the local network is fine; I've never needed to set up authenticated sending from outside that, though I keep meaning to when I have some free time... The dynamic IP problem can be a hassle, and lead to weird losses of mail. My solution has just been to call the ISP and get a 'business' line, with a static IP, though forwarding to their mail relay would work as well. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update not updating reported patchlevel
On 2012-05-04 10:45, Polytropon wrote: Allow me to extent the approach: For -STABLE versions (e. g. if updated per CVS), those files could contain the build number and the date of the currently installed -STABLE snapshot. A separation of a kernel version file and a world version file is useful in cases the kernel won't be touched, so no need to update its version file (as well as the kernel itself) by a binary update. The files should be easily parsable. They could even contain an assignment in sh syntax, as well as comments (for BSDL and $FreeBSD$ information). Their templates could be stored in the /usr/src subtree for the etc/ structure, so programs like make and mergemaster could access them from there. Maybe a binary command could be added to the base system to query this information (maybe getent could do that?). Here are some suggestions: /etc/kernversion VERSION=8.2 BRANCH=STABLE BUILD=12345 DATE=2011-08-01 12:34:56 or /etc/kernversion VERSION=8.4 BRANCH=RELEASE PATCH=2 DATE=2012-02-02 02:02:02 /etc/sysversion VERSION=8.4 BRANCH=RELEASE PATCH=4 DATE=2012-04-04 04:04:04 This shows: Kernel has last been updated to patchlevel 2 (to check with uname -r will show that version), but the system has been updated two more times to patchlevel 4. The notation could be X.Y-pZ or X.Y.Z for -RELEASE installations, and X.Y-B for -STABLE installations. However, it's not hard to write any custom parser and composer if urgently needed. Maybe things also present in uname -a output (such as architecture and OS name) could be included, but I think that's not required because it's mostly obvious. :-) I think you could still get a machine-parseable version on one line, that's also a bit nicer for human reading. Perhaps something like this? (Partly inspired by RedHat's /etc/redhat-release) /etc/sysversion FreeBSD RELEASE 8.4-p4: 2012-04-04 04:04:04 You should be able to parse that with a few lines of C or shell, and it looks like something set up to be read by humans. You just need to define - and stick to - which pieces of information will be in there in what order. (For instance, I'd prefer '9.0-p0' to '9.0' Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
bsdpan-* ports, portmanager, and @comment ORIGIN:
I'm working on developing some stuff in Perl on my box, which works fairly well unless I go to update my system. Anytime I do, I get the following error from portmanager: `rCreateInstalledDbVerifyContentsFile 0.4.1_9 error: @comment ORIGIN: not found in /var/db/pkg/bsdpan-$MODULE_NAME` Where $MODULE_NAME is one of the modules I've installed via CPAN, instead of using the FreeBSD ports system. It will advise me to delete the package and then try manually reinstalling it - which works, *if* I install the Ports version. Then running portmanager again will just pick the next module from the list, and go on, until I've uninstalled everything I installed via CPAN and installed it from Ports. Which would be fine, if annoying, if everything actually was available in Ports. But it's not: I'm using several modules that aren't available from Ports, and of course the modules I'm *developing* aren't available from Ports. So, is there any way to *avoid* getting that error? Some way where I can actually use the ports system to keep my stuff up to date? (Even if it doesn't include the manually-installed software?) Or do I just have to avoid anything Perl-related from the Ports system and install everything manually? (Or - likely at that point - find a different OS to work on. It'd be less hassle to switch OSes than to try to make sure *nothing* using Perl is installed from the Ports.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsdpan-* ports, portmanager, and @comment ORIGIN:
--As of April 29, 2012 12:46:52 PM -0400, Jerry is alleged to have said: Which would be fine, if annoying, if everything actually was available in Ports. But it's not: I'm using several modules that aren't available from Ports, and of course the modules I'm *developing* aren't available from Ports. Which specific modules are not available? In the past I had to port a few Perl modules into FreeBSD or else install them via CPAN as you have done. If it is a simple module, I can show you how to do it or make a port for it myself. Also, you should be aware that many modules are available in the ports system, but not under the correct CPAN name. Don't ask why; I did once and got so much BS that I just abandoned the question. --As for the rest, it is mine. I'm still in early development, so the list is likely to grow as the project moves along. The main one that's causing me trouble at the moment is CGI::Application::Plugin::CompressGzip, although I've noticed that several others of the CGI::Application set that look interesting and useful aren't in the ports system. And, of course, there is the modules I'm developing for this project. Making ports for each one feels like a band-aid though: It's a 'solution' that's just going to grow in complexity and scope the longer it goes on, and isn't really fixing anything other than the individual symptoms. A real solution to me would either be a way to get @comment ORIGIN: to automatically populate in the bsdpan-* (CPAN) module install process, or a way to get portmanager to ignore modules installed via that process. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsdpan-* ports, portmanager, and @comment ORIGIN:
--As of April 29, 2012 1:36:55 PM -0400, Jerry is alleged to have said: UNTESTED: In the /usr/local/etc/portmanager/pm-020.conf file, add the specific port(s) you are trying to bypass. EXAMPLE: IGNORE|www/tidy| Again, this is untested, but I have used it for other ports that I needed to skip. --As for the rest, it is mine. Yes, that works for *ports.* Unfortunatly, it doesn't appear to work for non-ports that are installed but show up in the ports system. (The bsdpan-* stuff.) (Note: The error I quoted earlier is the very first thing that shows up when I run portmanager - it then goes on to collect installed port data, and notes but skips a couple that I had already put in to be ignored. The error I'm having appears to occur before that step - and interferes with the proper collection of installed port data.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsdpan-* ports, portmanager, and @comment ORIGIN:
--As of April 29, 2012 1:36:55 PM -0400, Jerry is alleged to have said: I will have a look at the CPAN module: CGI::Application::Plugin::CompressGzip later today or tomorrow and see if I can make a port of it for you. --As for the rest, it is mine. Sorry, I should have put this in the other email... While I'd thank you for the consideration and effort, I'd consider this time poorly spent: CGI::Application::Plugin::CompressGzip is not the problem, it's just the current showstopper symptom. The problem is the bsdpan system, which tries to integrate CPAN with the ports system. It needs to either: A. Work. or B. Get out of the way. If you want to spend time on this, please rather than create a band-aid, see if you can find the root problem in wherever the bsdpan system is, and submit a patch upstream (to whomever is in charge of that) to fix it. (Or remove it.) It might take a bit longer, but instead of fixing it for *me* *this week,* you'd fix it for *everyone* for quite a bit longer. I'm hoping someone on this list knows some of where that might be, or might even be the person to talk to in order to get it fixed. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bsdpan-* ports, portmanager, and @comment ORIGIN:
--As of April 29, 2012 8:11:19 PM +0100, RW is alleged to have said: So, is there any way to *avoid* getting that error? Some way where I can actually use the ports system to keep my stuff up to date? (Even if it doesn't include the manually-installed software?) It think you should be able to prevent the package entries by setting DISABLE_BSDPAN in the environment. --As for the rest, it is mine. Semi-successful: It appears to work for `cpanp` installed modules, but not `cpan` installed modules. And for some reason, p5-CPANPLUS won't install correctly (no errors, it just doesn't actually install the client), so `cpanp` is a `cpan` installed module... (And yes, this is after reinstalling them.) So it looks like it's getting me partway there, but not all the way. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how often to update ports?
--As of March 30, 2012 4:31:49 PM -0400, Aleksandr Miroslav is alleged to have said: So I'm curious, how often do you keep your ports update, and what are the reasons for doing so? --As for the rest, it is mine. I do my home server on a monthly schedule, unless I see something come up in portaudit. I find it easier to keep roughly up to date, and that's a convient timeframe. It's also how often I go on call at work, so I have a reminder. ;) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Printer recommendation please
Hello I use a HP LaserJet 1320n from a handicap workshop for some Euros. it works great. It is connected via internal LAN with a lot of features. I put it into the WLAN via an access point and a switch. No problems so far. Can also get connected via USB. ps works just fine. best regards Daniel Am 30.03.2012 17:38, schrieb Karel Miklav: Could you please recommend me a home printer that works nicely with FreeBSD? HP inkjets aren't that bad, FreeBSD drivers are allright, but I'd like to shift towards some kind of PostScript laser. Xerox Phaser 6500 looks nice, but I can not economically justify my appetite. Is there a cheaper alternative or maybe PostScript printers aren't that good idea anyway, heh? -- Thanks, Karel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Many SATA disks
We would like to build a FreeBSD machine ourselves with many (~15) SATA drives, but NOT use a RAID controller. We want to be able to remove any drive and connect it to an ordinary motherboard SATA port and mount the filesystem using only the OS provided drivers and tools. I have built many FreeBSD systems, but never used port multipliers and don't know which controllers advertised as RAID controllers will support a plain pass-thru mode. Would anyone like to make a suggestion from actual experience? The system will be used solely for archiving, so performance is not critical, but portability of the partitions to other systems is necessary. Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nVidia card manufacturer recommendations
On Wed, 14 Mar 2012 13:00:30 +, Arthur Chance free...@qeng-ho.org wrote: On 03/14/12 08:57, Arthur Chance wrote: Somewhere, possibly here, a while back I saw a remark that certain manufacturer's nVidia cards worked reliably with the nVidia supplied drivers and others usually have problems because they tweak nVidia's reference spec. Of course, I didn't bookmark it and neither Google nor searching the last years' worth of the freebsd-questions@ archives has turned it up. Can anyone recommend which manufacturers I should look at and/or which I should avoid? I'm specifically looking at the low end GT520. I've just realised that I probably should have added for an amd64 system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I have a 1024MB Club 3D GeForce GT 520 Low Profile and it works like a charm. with the drivers in the ports. cheers -- Daniel Dowse \\|// (o o) -ooO-(_)-Ooo- - Der hoechste Genuss besteht in der- - Zufriedenheit mit sich selbst. Jean-Jacques Rousseau - - - () ascii ribbon campaign - against html mail - - /\- against microsoft attachments - - -Please Dont forget to reply below quoted text section - - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: imap server performance benchmarks
--As of March 9, 2012 12:44:55 PM +1000, Da Rock is alleged to have said: I'm reconsidering my current setup (postfix/courier) for imap and I was doing some research on performance comparisons between imap server setups. I stumbled on this article just just about fell of my chair laughing when I read the last article on future benchmarking tests to perform: research.microsoft.com/pubs/138302/lisa.pdf Considering I have close to a hundred folders or more, and an average of 50,000 emails in each (yes, not good, and I am working on archiving but it won't help _that_ much) with nearly 200,000 in just one! I got a real kick out of the comment that no sane email user would have more than 21,000 emails in a folder - that would make me certifiable :D Oh, and that most email wouldn't be more than a GB or so... mine's edging 6GB already... So, all jokes aside, I contemplated that I would make an ideal test case to the extreme for benchmarking imap servers. Anyone have any suggestions on what to test/how? Anyone have some tools they have created for a similar challenge? I have my own ideas, but if anyone wants me to try something I'd be willing to give it a shot. --As for the rest, it is mine. No idea, but as someone who recently had to trim one of his mail folders (same setup) as it was having trouble with over 210,000 messages, I'd be interested in your results. ;) Daniel T. STaal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB Logitech QuickCam Ultra Vision
On Fri, 02 Mar 2012 10:26:07 +1000, Da Rock freebsd-questi...@herveybayaustralia.com.au wrote: On 03/02/12 06:25, sean wrote: Hello All, I am unable to get the built in mic of a Logitech QuickCam Ultra Vision to capture sound. I have been testing it using Skype. -lsusb shows the logitech device. -Device sound and snd_ich is complied into my custom kernel. -running FreeBSD 9.0-STABLE FreeBSD 9.0-STABLE #0: Mon Feb 20 04:40:40 EST 2012 amd64 -The Skype test call produces sound and can capture video through the camera. -mixer show the mic at 97:97 Which mixer? Check `ls /dev/mixer*`, and use `mixer -f /dev/mixerwhatever numbers show up in previous cmd`. -webcamd_enabled=YES entered into /etc/rc.conf Would anyone have some ideas on what check? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Hi, usbconfig -d ugenX.Y do_request 0x22 0x01 0x100 0x86 0x03 0x80 0xBB 0x00 usbconfig -d ugenX.Y reset usbconfig -d ugenX.Y do_request 0x22 0x01 0x100 0x86 0x03 0x80 0xBB 0x00 and then restart webcamd. may help, it worked on my Logitech Business Pro Cam cheers -- Daniel Dowse \\|// (o o) -ooO-(_)-Ooo- - Jim, Wahnsinn dient keinem Zweck.- - Er kennt keine Vernunft, aber er kann ein Ziel haben!- - (Spock) - - - []-/| DISLIKE ! - - []-\ _| - - U www.fsf.org/facebook - - - () ascii ribbon campaign - against html mail - - /\- against microsoft attachments - - - - Please reply below quoted text section- - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Email issues, relay failure, perhaps Jails is causing it.
--As of February 26, 2012 8:20:14 AM +0100, Bernt Hansson is alleged to have said: http://www.uk.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html Have you tried to telnet into the other jailed hostnames and ip-addresses, like telnet rt3.* 25 What does it say? Can you connect? There seems to be either a jail problem or a routing problem You can look at your routing table with netstat -r --As for the rest, it is mine. This is my strong suspicion as well. To separate out what the problem is: 'su' to root in the jailed system. Shut down postfix. (`postfix stop`, or `/etc/rc.d/postfix stop`) Then run `nc -l 25`. This will echo anything that comes in on port 25 direct to your terminal. Then try telneting to it. If it works, the problem is postfix. If it doesn't, restart postfix and ignore it: It's not the problem. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On Sat, 25 Feb 2012, Da Rock wrote: On 02/25/12 12:03, David Brodbeck wrote: On Fri, Feb 24, 2012 at 5:15 AM, Daved...@g8kbv.demon.co.uk wrote: Those address links need changing to graphic's, so that most address harvesting bots won't get anything usable. Mk1 eyeball can still see what's what, but if you have to use the info, you have to re-type it manually. I really don't recommend that. Keep in mind not everyone can use the Mk1 eyeball. Websites need to be accessible to blind people using screen reader software, too. And therein lies the problem. How do you maintain accessibility while preventing bots from harvesting? You can't have your cake and eat it too... :) Only solution lies in a security gate of good filters and blocklists. But occasionally one or two will still pass. An email address can be hidden from bots without violating section 508, for instance: feenberg is at nber dot org or some variant won't be picked up by a robot. But is it really practical to treat an email address as a secret, when it will be shared with hundreds of correspondents? I have mostly thought that was hopeless. We do it on our website because we don't want to bother arguing with people. daniel feenberg feenb...@nber.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SMTP error: 552 5.6.0 Headers too large (32768 max)
On Thu, February 23, 2012 2:01 pm, Julian H. Stacey wrote: Those 388 probably explain why I just saw on a FreeBSD-6.4 host: ] fetchmail: SMTP error: 552 5.6.0 Headers too large (32768 max) ] fetchmail: mail from MAILER-DAEMON@ bounced to owner-freebsd-questi...@freebsd.org ] fetchmail: SMTP listener refused delivery My sympathies go to postmaster@ team who are probably already receiving lots of bounces noise on this. PS Yes I realise I should upgrade that 6.4 box to 8.2 (as headers made it through the more modern SMTP of list server), but my local tech. constraints etc delay me ). Sounds like it's working as a decent spam filter to me. What setting to I have to change to make it do that again? ;) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: One or Four?
--As of February 19, 2012 3:30:15 PM +0100, Julian H. Stacey is alleged to have said: Beside the point: the Wrong list was posted to. questions@ list was created to help beginners, not to debate invite votes to determine future design. FreeBSD lists have remits so people can read write lists most tuned to interests. Tossing non beginner support topics in questions@ deprives other lists. Not all on hackers@ current@ the many other list want to be on questions@ vice versa. Please read list remits subscribe post most appropriate list per topic. --As for the rest, it is mine. I don't get 'beginners' from 'User questions and technical support'. It's probably the best place for most beginner's questions, but that isn't the same as 'the list is for beginners'. Hackers@ might have been appropriate for this question, but it's not really a *technical* question: It's a *preference* question. As such asking the group of general users isn't a bad idea, as it's their preferences that the question was aimed at... It was a question for the users of FreeBSD. Adressing it to the list for user questions may be an interesting interpretation of the grammar, but it's not an invalid one. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
I just install free bsd 8.2 and i can send mail out but cant recieve. From recipient end its combining the hostname and domain name. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: Mail
-- Forwarded message -- From: Daniel Lewis innervisionnetw...@gmail.com Date: Sun, Feb 19, 2012 at 2:23 PM Subject: Mail To: freebsd-questions@freebsd.org I just install free bsd 8.2 and i can send mail out but cant recieve. From recipient end its combining the hostname and domain name. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
