Re: SU+J Lost files after a power failure
David Demelier wrote: Hello there, I'm writing because after a power failure I was unable to log in on my FreeBSD 9.2-RELEASE. The SU+J journal were executed correctly but some files disappeared, including /etc/pwd.db. Thus I was unable to log in. I've been able to regenerate the password database with a live cd but I'm afraid that more files had disappeared somewhere else... I think this is a serious issue, the journal should not truncate files, so something should have gone wrong somewhere.. Any ideas? Should I open a PR? Not sure there is enough to go on for a PR, but something is weird. Friday morning our power went down at home for about three hours after I had already left for work. When I came home I found the router/gateway box was OK. It is still with the old DOS mbr and disklabel scheme, with softupdates, and is a pair of disks gmirrored. The other box is my first foray into the land of GPT, along with SU+J. It was sitting at the 'couldn't mount... Press return for /bin/sh' line. There was an error indicating that replaying one or more journals had failed. I was able to successfully fsck all the other partitions (besides /), then rebooted and system came back up OK. Both of these machines were recently updated to 9.2 Release from 9.1. It has been approximately 9 months, or so, since I last had a power outage like this one. Back then they were still 8.3 I think, did not have SU+J and recovered just fine on their own. This error about the replay of the journal(s) failing is somewhat disconcerting. Beyond that, however, I do not have any other details or data. Nothing to flesh out a PR, but thought I'd mention what I saw in conjunction with your experience. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SU+J Lost files after a power failure
Michael Powell wrote: [snip] The other box is my first foray into the land of GPT, along with SU+J. It was sitting at the 'couldn't mount... Press return for /bin/sh' line. There was an error indicating that replaying one or more journals had failed. I was able to successfully fsck all the other partitions (besides /), then rebooted and system came back up OK. Meant to include also that I booted from a CD with wddiags and ran the Quick test and it found no errors on the disk. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SU+J Lost files after a power failure
Charles Swiger wrote: [snip] Yes. Without journalling, you'd normally perform the full timeconsuming fsck in the foreground. With journalling, it should be able to do a journal replay to restore the filesystem to an OK state, but sometimes that doesn't restore consistency, in which case it usually fires off a background fsck rather than the foreground fsck. In my case the journal replay failed, with an error to that effect. All partitions other than / failed to mount and after hitting enter at the .../bin/sh prompt performed manual fsck on all of them, which found and fixed some stuff. Then shutdown -r and everything came up fine (clean) afterwards. Net result was no data loss for me. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NAT: Handbook vs mailing list
Olivier Nicole wrote: [snip] The mailing list message linked above suggests that the handbook information is the old way and that the correct way is to set ipfw_enable and natd_enable in rc.conf. Then /etc/rc.d/ipfw will load ipfw.ko, and if natd_enable is set, will invoke /etc/rc.d/natd, which loads ipdivert.ko at the right time. From what you copied/explained, natd_enable will load ipdivert.ko and the handbook suggests that you load ipdivert.ko, so either way the module will be loaded. I'd go with the ipfw_enable and natd_enable as it may also do other needed things than just loading a kernel module. +1 on this. It is also present in the /etc/defaults/rc.conf this way as well (of course, use /etc/rc.conf for override customization). The original situation referred to early in the mailing-list content was a timing related problem where the ipdivert module would fail, even after ipfw loading _did_ succeed. Most of the 'old way' is a holdover from before the init system brought in the rc.subr startup scripts (imported from netbsd if memory serves). There have been a couple of hiccups along the way concerning the order things are started. For example, it doesn't really work to start a dhcp client prior to successful network initiate completion. Over time the rc.subr system has evolved and been cleaned up. A long time ago I eschewed running mergemaster when doing source-based upgrades. Just didn't like it and it never seemed like not doing it hurt anything. For quite some time I never experienced any problem with this approach. However, this eventually did bite me in the rump in a very bad way! :-) When running mergemaster while upgrading to a new release you may see these scripts being updated. So they are continuing to evolve, and a lot of this is to start up and configure things as the system comes up in a 'correct' and coherent order. So imho the Handbook is a wee bit outdated. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: failed to create gmirror with the handbook instructions
Andy Zammy wrote: # gpart show ada0s1 gpart: No such geom: ada0s1 By the way, this is after a restart of the machine. There's nothing to back up, I'm installing a fresh os, so I just install on one drive, plug the other in, and start following the handbook instructions for this method. So the only thing in loader.conf is geom_mirror_load=YES. [snip] Since you are beginning to reinstall from scratch, please allow/forgive a small interjection from some of my recent experience with this. Warren is more knowledgeable on this than I am, and I have followed many of his instructions in the past. With the shift towards GPT and away from the old DOS mbr/partition table stuff of the past, the current Handbook pages reflect this. The central point of contention arises from the fact that GPT, GEOM (gmirror), and many hardware RAID controllers require to claim the very last sector of a drive to store their metadata. Obviously, the effect of this collision is a whoever wrote last wrote best - so you can't use combinations of things that all want this sector. The most simple gmirroring is to slice an entire drive, with partitions contained within. The very end of the drive must NOT have any file system on it, and this is usually the case by default as most of the time slicing/partitioning leaves a little free space at the end anyway. This will not work with GPT; only with the old DOS compatible mbr and disklabel scheme. In order to use GPT and gmirror together you gmirror individual partitions (as opposed to the slice) , e.g. gmirror will write its metadata at the end of each partition leaving the very last sector at the end of the drive for GPT. This is what the content on the relevant Handbook pages reflects. More complicated, but allows for the demise of the ancient DOS/mbr partitioning. Notice that if you combine GPT and a hardware RAID controller card the same collision problem noted previously can still happen. If you utilize the BIOS on the controller card for anything it will save its metadata on the last drive sector. When not faced with terabyte sized humongous volumes and the huge amount of time an fsck will consume, the old DOS way with disklabel is still an option that works. The main reason for the journaling is to sidestep waiting for a very long fsck on a huge volume to run to completion before finishing a boot into a cleaned up/repaired file system. If your drive volume is small this is not so much a problem. Indeed my old gateway/firewall/IDS router box I did the old DOS/mbr scheme with gmirror (the old single-slice entire drive and mirror the drive) as the pair of drives are ancient 74GB Raptors. On my web/database test box I did go the GPT and SUJ+journaling route but am not using any mirroring here (yet). I have not experienced any problems with dump - but I also do not use the -L switch. It will show an error/warning about not dumping a live file system this way but I go ahead and do it anyway. IIRC the dump problem you may be seeing may be related to drive snapshotting. The caveat is I can sort of 'get away' with it as my boxen are largely quiescent, but would hesitate to do this on something like a public web/database box that was continually being hammered with lots of traffic. Just tossing out some ideas for your perusal and consideration. The way I used the old DOS/mbr and disklabel scheme on my router machine is very simple, quick to do, and has survived a few power outages now with no data loss (other than the time it takes to rebuild which it does automagically on boot). On the 74GB Raptors this rebuild takes about twenty minutes. Your situation and needs may force you in a different direction. Hence, the proverbial YMMV applies. FWIW. Now for to finally get around to purchasing a new UPS to replace the old one that went up in smoke and died horribly... -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cause of reboot
Patrick Lamaiziere wrote: [snip] I looked last command, reboot ~ ~ AM 03.15 ~ The last time It happened (one month ago) to me it was the hard disk (periodic scripts read a large part of the disk). If the disk is smart capable try a full test with smartctl (sysutils/smartmontools) My gateway/firewall/mail/ids router box at home has 2 GB RAM in it, so normally it has enough extra room that nothing ever pushes over into swap with one exception: the periodic run at 0300. It is generally never more than just a few kilobytes, but I find it slightly surprising nonetheless. If a sector (or more) on the drive that is backing the swap partition has gone bad it might not even be noticeable until something pages out to swap (like my 0300 periodic run). If the drive is a WD the 'Quick' test using the manufacturers' wddiags utility should spot it, and is non-destructive. I have occasionally seen the full test not destroy data - but I wouldn't count on it being non- destructive. However, as long as the remap area isn't full the long test will repair the drive by relocating and mapping out the bad spot. When this silent fading away of magnetic media occurs wrt to higher-end RAID controllers the scrub function in the controller BIOS is where you would want to go. The other problem relative to this that I've run into is the apple before the cart syndrome around backups. I have seen dump fail to allow for backing up data prior to using the full wddiags to repair a drive so you kinda get stuck. If the full test is going to wipe the drive and you can't generate a fresh current backup you're stuck only being able to restore whatever is the last good backup you have on hand. Wouldn't surpise me at all if this were to turn out to be the drive just recently grew one or more bad spots. A bad spot or few on an old drive that gets repaired I might continue to use the drive for a while, maybe even for like a year time-frame wise. If 2 months later it starts growing more bad spots the drive goes in the rubbish bin. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cause of reboot
kpn...@pobox.com wrote: [snip] While we're throwing ideas onto the table let me mention power supplies. Power supplies and hard drives are in a race to see which one will fail first. It may be that the power supply is marginal and added load from the drives being hit hard may send it over the edge. How heavily loaded is the machine in question? Absolute and total agreement with this. As they age and the filter caps leak and dry out more it will eventually become apparent. But in the meantime the output DC can just about meet spec up until really loaded. Then the ripple becomes so excessive it's not quite DC any longer. You can clearly see it using an oscilloscope. The 0300 AM periodic does hammer a machine enough to possibly push a marginal power supply over the edge. I once had a box where the RAM chips would sing with a high-pitched whistle only during the 0300 periodic run. It sounded just like the horizontal output on a television right before destruction. :-) [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!
Brett Glass wrote: All: It's good to see corporate support of BSD, but at the same time I have mixed feelings about certain corporations -- Verisign among them -- hosting BSD-related conferences or becoming involved in the development of BSD-based operating systems. Why? Because Verisign, based in Reston, Virginia (the city next door to Vienna, VA, home of the NSA), has strong ties to this shadowy agency. No. I used to work right down the street from Network Solutions (now known as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was better off to stay where I was. The NSA is headquartered at Ft Meade, near Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few miles down the Dulles Toll Rd to the west. I've been to all these places, so this is not some MapQuest google for me. The NSA, in turn -- as reported in documents recently leaked by Edward Snowden -- has a very strong interest in weakening the security of cryptographic algorithms, cryptographic software, and operating systems. We may want to look this gift horse very carefully in the mouth, or at least monitor very closely contributions of code that might introduce backdoors or weaknesses. On some level I agree with this - to a point. Examine how the NSA maneuvered the NIST to approve and mandate the FIPS-140 protocols, where deeply concealed was a known weak prng. To some of us this is not news - we've known it for a long time. Arguments of pro vs con, good vs evil, ad infinitum ad nauseum, etc, are better served in a different venue. It is so much easier to get away with concealing such things inside the closed-source paradigm. What I like and admire with open source is the code is out there in public for all to examine. These truly arcane crypto stuffs operate at such a high level of mathematical complexity that even very highly skilled cryptographer/mathematicians argue amongst themselves. I am just not that smart, or that highly educated. There are some in the open source community who do have very large propellers on their beanie caps. I defer to them simply because they are smarter then me. I would trust them long before I would trust closed source. I agree about the 'looking the gift horse in the mouth' concept. Bear in mind, however, some of the guys at NIST are pretty smart too. And yet this FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed open source in general) to try and engage, include, and attract to the community the kinds of elite mathematician who may have the facilities to examine the code at a higher level than can dummies like me. Whenever The Citadel wants the public to fixate on any one particular brouhaha I know they are trying to get everyone looking in a particular direction whilst they are pulling something else. Verisign may very well have some other obfuscated agenda. Take a step backwards and try to obtain some view of the bigger picture (hint). Will not elaborate here, even though I do have some crackpot ideas. I find it highly ironic: http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden I got no end of amusement from this. Just my $ 0.02. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re[3]: vBSDcon Website Update
Fish Kungfu wrote: Weird, now it's up. ...Fish DNS takes time to propagate -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Max top end computer for Freebsd to run on
Al Plant wrote: James wrote: Several modest servers applied well will take you further than one big iron—and for less cost. James I agree. I have witnessed the benefit of what you say. Putting your faith in one big server can be a problem if the box fails, especially hardware failure. Keeping a spare server in a rack that can be switched in to service quickly can save you if one dies. Time (waiting for parts), most failures are hardware if your running FreeBSD. Even most Linux boxes. There are 2 approaches, and applying both together is what I favor. Scale up (vertical) is a horsepower per box kind of thing. Scale out (horizontal) adds more of the same kind of box(es) in parallel. The resulting redundancy will keep you up and online. Sizing matters somewhat. Having excess horsepower that sits unused is extra money spent on one box that could have been applied to scale out redundancy. If you can size one machine to match your current and projected workload, then if there are two, or more, of these and one fails the remaining can shoulder the load while you get the broken one back up. Where the balance point is struck will depend on workload. Let's say (hypothetical) one box as a web/database server can handle 1,000 connections/users per second within desired latency and response time. If a spike in demand suddenly comes that box will slow to a crawl (or even fall over) as it tries to keep up, as it is lacking the extra horsepower overhead that would otherwise be sitting idle if it did. Scaling out (horizontally) by adding more boxes will distribute this spike across multiple machines and remain within the desired processing response/latency time so together they can handle 2,000 when the need is present. Need another 1,000? Add another box, and so on. So the trick is to understand your workload. Don't go overboard on just one huge high-power machine which sits mostly idle and takes you offline if it fails. Spend the money on more moderately sized boxen. Me, I like to have at least 3 of everything (if I can) such that they are sized so that 2 of them together can easily handle the desired load. The third one is for redundancy and the 'what-if' spike in demand. Another advantage here is you can take one offline for updates, then put it back online and test it out for problems. If there is no problem then you can take one of the other two down and update it. This way you can do updates without your service being offline. But the trick is still to understand your specific workload first, then spread the money around accordingly. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disable build new pkg format in poudriere
C. L. Martinez wrote: HI all, I need to build some packages without using new pkg format. I would like to accomplish this using poudriere, but is this possible?? Or do I need to use another package builder?? I have tried to build rsync, but when I try to install, this error is returned: tar: +CONTENTS: Not found in archive tar: Error exit delayed from previous errors. pkg_add: tar extract of /poudriere/data/packages/fbsd91_amd64_legacy-default/All/rsync-3.0.9_3.txz failed! pkg_add: unable to extract table of contents file from '/poudriere/data/packages/fbsd91_amd64_legacy- default/All/rsync-3.0.9_3.txz' - not a package? In make config file: WITH_PKGNG=no WITHOUT_X11=yes Try WITHOUT_PKGNG=yes and see if it helps. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problems with port upgrade consistency using portsnap
fddi wrote: [snip] so ther is something wrong in my crontab 0 3 * * * /usr/sbin/portsnap -I cron update pkg_version -vIL= See man portsnap, section TIPS - it shows example of correct way: 0 3 * * * root /usr/sbin/portsnap cron The TIPS section contains more details. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to get kernel source code of free-BSD release 9.1
Chou, David J wrote: Hi, I have created a virtual machine of PC-BSD release 9.1 64 bit in VMware Player Version 5.0.0 build-812388 based on PCBSD9.1-x64-DVD.iso downloaded from ftp://mirrors.isc.org/pub/pcbsd/9.1/amd64/PCBSD9.1-x64-DVD.iso , and setup network configuration and installed Firefox 20.0 by AppCafe, and configured the network setting in Preference-Advanced of Firefox, and I could access Internet. Now I need to build my own customized kernel, but there is no src subdirectory in /usr, so here is my question: 1. Is there any way to install kernel source when I create the virtual machine from PCBSD9.1-x64-DVD.iso ? Not sure about PCBSD as I haven't used it, but with regular FreeBSD I believe you can by selecting the appropriate package distribution group. Been a while since I've done an install, but even so the source will be the static RELEASE bits and not contain any security updates. 2. Any BKM to get the kernel source after the Virtual Machine already created as my case now? Yes - install the devel/subversion port. Go ahead and create the src directory under /usr. Then do: svn checkout svn://svn.freebsd.org/base/releng/9.1 /usr/src Once having checked out you can then issue a svn update /usr/src command to pull in security updates as they become available over time. There are also two US mirrors available such as: svn checkout svn://svn0.us-east.freebsd.org/base/releng/9.1 /usr/src svn checkout svn://svn0.us-west.freebsd.org/base/releng/9.1 /usr/src I have used the us-east one. There is also a project underway to add in to base an 'svnup', similar in scope to how csup replaced cvsup to make it easier in the future. I believe freebsd-update is also a possibility but I have no experience with it. At any rate, more details can be found in the Handbook. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: [snip] Most consider the answer to use WPA2, which I do use too. Many think it is 'virtually' unbreakable, but this really is not true; it just takes longer. I've done WPA2 keys in as little as 2-3 hours before. Are you saying that any WPA2 key can be cracked or or you simply referring to weak keys? I would also like to specifically if it's for weak keys or are all WPA2 personal keys crackable by brute force. Also is WPA2 Enterprise as weak also. Could anyone expand on how weak is WPA2 and WPA2 Enterprise or is this related to weak PSKs only?? I'm just a lowly sysadmin and not any kind of crypto expert. The problem is time and horsepower. While a ridiculously easy key of say 4 characters that is not salted may be doable on a PC, once you start to get to 8-9 characters or more the time it takes begins to get huge fast. It's a matter of can you tie up the resource long enough to wait it out. Throw salting into the mix and it gets longer again. What I do at home is concatenate 2 ham radio call signs of friends that I can remember. Then I sha256 that and select from the end backwards 15 characters. This won't actually defeat the inherent weakness of using a pre- shared key, but it will take longer for a simple brute force. You should also throw in additional characters from your character set beyond just alpha/numerics. Also, my little tinkertoy i5-3570K overclocked up to 4.5GHz is just that - a toy. I can use it to generate a trace file, which I then take to work and replay it using a z196 when they occasionally allow me to play for bit. I also have rainbow tables and dictionary word-lists pregenerated for cheating. Another thing people are playing with is stuffing 4 high end video cards in a box and using them for computation. This enhances the PC platform beyond just using the CPU. There are also people doing this in the cloud. And they will rent you compute time for a fee. :-) The pre-shared key is the weakest as compared to Enterprise. Enterprise WPA is stronger because it is a user account based system which authenticates using 802.1x via a Radius server. You can even assign certificates to user accounts and if they don't have the cert on the client they are trying to connect with, it won't. Throw Kerberos re-ticketing into the mix adds another layer to the onion. I seem to think recalling something about Kerberos re-ticketing something like every 900 seconds, or something like that. Switches and other network equipment that supports 802.1x can also filter out traffic that is not authorized. Bottom line is Enterprise is better than a simple pre-shared key. But it involves radius, dns/dhcp, windows domain controllers, active directory, a PKI infrastrucure and access points that are designed for use in this environment (and they cost more). So while it may be more secure than a simple pre-shared key, it is simply not practical for the home user as they won't have all the 'other' resources required to utilize it. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Arthur Chance wrote: [snip] What I was pondering is some form of L2TP tunnel, or some other form of IPSEC tunnel to form some kind of VPN like communication between the client and the wifi. Just never have begun to find the time to get anywhere with the idea. But basically it would resemble a VPN that only accepts connection from a tunnel endpoint client and not pass any traffic from any other client lacking this VPN-like endpoint. I think such a thing is very possible and have read some articles by people who have done very similar sounding things. Indeed, this is what SSL-VPN providers do via a subscription service so people surfing at open wifi coffee shops tunnel through the local open wifi and setup an encrypted VPN tunnel. A quick note: pfSense (I don't know about m0n0wall) has OpenVPN built in to it. Depending on whether all devices which are going to connect wirelessly can run the client end of OpenVPN, this might be a quick way to get greater security on the WiFi side. This is along the lines of what I was thinking. I am my own CA and can generate certs that no one else has the private keys to. The problem with buying certs from a provider is the gov't has access to the private keys on demand. This was mandated back during the Clinton administration for the US. I do things like turn password auth off on my SSH and only auth via certs. Extending this to other 'connectivities' is a way to make it harder for those with no approved cert to get in. The pairing of firewall and OpenVPN together sounds interesting. Will definitely check it out. Thanks for the pointer! -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Michael Powell wrote: [snip] Are you saying that any WPA2 key can be cracked or or you simply referring to weak keys? I would also like to specifically if it's for weak keys or are all WPA2 personal keys crackable by brute force. Also is WPA2 Enterprise as weak also. Could anyone expand on how weak is WPA2 and WPA2 Enterprise or is this related to weak PSKs only?? Oh, and BTW was going to include this in the last and forgot: http://www.aircrack-ng.org/doku.php?id=cracking_wpa -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: Hi, I'm looking to replace the piece of crap 2wire WiFi router that gets crakced every other day for something with pfSense or m0n0wall Not sure what you mean by 'cracked' here. If you are meaning that someone is using aircrack-ng to break your Wifi authentication key a firewall won't do much to stop this. I use mac address authentication plus wpa2 psk and yet they are still able to connect so it seems that 2Wire's routers are an insecure piece of crap and they are full of holes and back-doors. Just google 2wire vulnerabilities or take a look at this video http://www.youtube.com/watch?v=yTtQGPdSIfM With Kismet able to place a wifi unit into monitor mode you can quickly get a list of everything in the vicinity, including all the MAC addresses of devices connecting the various access points. You can then clone your unit's MAC address to match one in the list. Even though I do use it, MAC access lists are very easy to get around and will only stop those who do not know how to do this. Even in passive mode, without using active attack to speed things up I can crack a WEP key in 45 minutes easily. Doing this passively doesn't expose you. The time it takes depends on how busy the access point is. An active attack can break WEP in 2-3 minutes, or less. I've seen it done between a minute and a minute and a half. Most consider the answer to use WPA2, which I do use too. Many think it is 'virtually' unbreakable, but this really is not true; it just takes longer. I've done WPA2 keys in as little as 2-3 hours before. Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs use these crappy routers on purpose to get some more revenue from cap overruns. Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. The ISPs are seemingly more interested and concerned with protecting Big Media Content's DRM schemes. They have a monetary stake as they move in the direction of deals with 'Big Media', less so the incentive to do more for their retail Internet-access customer. And don't even me started on the advertising industry run-amok. :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: [...] Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? We use 802.1x auth on our switch (and other hardwares) ports at work and this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but with Enterprise grade access points (we have Aruba's), EAP, and Radius we can extend our network Kerberos out through the wifi realm. Without going into details ( way too much/many for the scope here) I basically have an almost completely locked network which just won't allow a device on it that it doesn't recognize. It is a pain, and not perfect either by any stretch. I have more problems with printers as a result than anything else. I do have to keep an open Internet access for visitors to use, but it is separated from our main network with no path between the two. :-) This does provide better security when compared to what consumers are running at home. It is much more complex and requires expensive equipment. And even still, a really high-grade Uber hacker might still find a way in. We hire pen-tester companies about once a year, and while they haven't found any glaring holes there are some grey areas that we wonder if a really motivated Uber hacker spent enough time on... I have entertained on and off the idea of getting a wifi card for my FreeBSD gateway/firewall box at home to see if I could come up with something more resembling something like we have at work. It probably wouldn't be as involved, but I do think (FreeBSD as a very _capable_ and flexible OS) something could be designed that would inherently be somewhat more secure than what I see in the basic ISP home router. I have Verizon's FIOS here with an Actiontec MI424WR-Rev 3 router and I think I could do better. The alternate provider here is Comcast which mostly seems to be using Motorola Surfboard routers, but the bottom line is I don't have any problem cracking any of them. This email is already getting a trifle long, so suffice to say if you really need the best security on a home ISP router the best you can do is turn off the radio and use Ethernet and UTP. This returns to the original focus of your question in that the firewall would be the point of contention and not the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you originally is that changing the firewall is a separate issue from the cracking of Wifi auth keys. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: On Mon, Apr 22, 2013 at 3:45 PM, Michael Powell nightre...@hotmail.com wrote: Alejandro Imass wrote: [...] Really these WEP/WPA2 protocols are not providing the level of protection that is truly necessary in this modern day. You can keep out script kiddies and people who don't have skill, but people who know what they are doing are only slowed down. Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? We use 802.1x auth on our switch (and other hardwares) ports at work and this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but with Enterprise grade access points (we have Aruba's), EAP, and Radius we [...] This email is already getting a trifle long, so suffice to say if you really need the best security on a home ISP router the best you can do is turn off the radio and use Ethernet and UTP. This returns to the original focus of your question in that the firewall would be the point of contention and not the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you originally is that changing the firewall is a separate issue from the cracking of Wifi auth keys. I absolutely got that but I was assuming that a pre-packaged WiFi router with pfSense or m0n0wall would have a more secure wireless hardware and software as well. Now I see the problem is more complex and that the wireless part is vulnerable regardless. So if by cracking the wireless part they can spoof the mac addresses of authorized equipment, what other methods could a BSD-based firewall use to prevent the cracker from penetrating or using the network beyond the WiFi layer? From your response it seems very little or nothing really... Yes - unfortunately this is about the state of things. Not a whole lot you're going to do to improve the consumer grade home router. There are some hardware specific firmware projects that I've never played with such as: http://www.dd-wrt.com/site/index The pre-packaged home equipment is relatively cheap when compared against the top of the line enterprise-grade commercial products. Most are some form of embedded Linux. For example, the MI424WR-Rev3 I have here is busybox ( http://www.busybox.net/ ). If you turn on remote management and telnet into it you get a busybox prompt! With a busybox shell and all busybox commands. The firewall many of these embedded Linux things are using is iptables2, the standard linux firewall package. What I was pondering is some form of L2TP tunnel, or some other form of IPSEC tunnel to form some kind of VPN like communication between the client and the wifi. Just never have begun to find the time to get anywhere with the idea. But basically it would resemble a VPN that only accepts connection from a tunnel endpoint client and not pass any traffic from any other client lacking this VPN-like endpoint. I think such a thing is very possible and have read some articles by people who have done very similar sounding things. Indeed, this is what SSL-VPN providers do via a subscription service so people surfing at open wifi coffee shops tunnel through the local open wifi and setup an encrypted VPN tunnel. Just not enough time in the day. I know it's do-able, just never have found the time to properly approach it. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home WiFi Router with pfSense or m0n0wall?
Alejandro Imass wrote: Hi, I'm looking to replace the piece of crap 2wire WiFi router that gets crakced every other day for something with pfSense or m0n0wall Not sure what you mean by 'cracked' here. If you are meaning that someone is using aircrack-ng to break your Wifi authentication key a firewall won't do much to stop this. -Mike [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pwd.db/spwd.db file corupption when having unsafe system poweroff
Tak Tak wrote: hi everyone, i wanna know what exactly happens for freebsd files and processes, when we shutdown system via pressing hardware power key for 3 seconds? here's what has happened to me, recently: i've faced a strange problem.. on one of my bsd servers, one of my coworkers had defined and edited some system users, and then, instead of safe shutdown, he kept pressing power-button for 3 seconds!.. after next startup, we couldn't login anymore! we had to replace pwd.db and spwd.db files, via bootable-freebsd Fixit mode, and then, everything was fine! we know that we are, for sure, better to use safe shutdown, but i can't guarantee it always happens. what if sudden power off makes same problem??so i can't leave my servers in such situations.. My questins are: what has happened exactly? just in-used corrupted files ?? is there any way to prevent this situation? (instead of having a read-only FS.. i can't apply it on this server for now..). i'm sorry if my question seems dummish! i'm trying to increase my bsd knowledge, but i'm just on my way.. for sure, i appreciate any ideas or answers :) At the risk of illustrating what I'm fuzzy on, possibly those with more in- depth skill can fill in the blanks or tidy up some with more accurate and complete details. Pressing the power button for 4 seconds as described is invoking the ACPI layer to stimulate call(s) down to the system BIOS. Whatever is set in the BIOS wrt to power control and various power-savings modes are passed through the ACPI layer. The problem with this is the acpi module in FreeBSD may, or may not, be a perfect implementation for every possible piece of hardware in existance. The piece of that which really concerns me are individual manufactuer BIOS quirks can be just enough 'off' so as to misbehave even when the FreeBSD acpi implentation is basically sound. The jist of this is (IMHO here - YMMV) is I consider it a bad procedure to turn off a server as you've described. Use the shutdown command properly instead. I would never do what your coworker did to any of my servers. Caveat being sometimes you have no other choice but to do a hard power-down. A hard power-down is done by using the switch on the power supply, and not using the ACPI/BIOS from pressing the power switch on the front. When you do have an 'uh-oh' like this, FreeBSD normally boots back into an unclean file system with corresponding whinings and complaints about how the file system(s) were not properly dismounted. Normally a background fsck ensues after 60 seconds of idle. In your case whatever files were left open and not properly closed this background fsck, had it been allowed to run and complete, would have cleaned this up. The problem starts when someone presses the power off button again, and again, before this process completes. Using the power button ACPI/BIOS only compounds this situation. I have had at one time or another, power failures that occurred almost back to back, only with a few minutes in between. So what happened was on first boot after power came back the power went down again right in the middle of this background fsck. Two more of these and my file system(s) were in pretty not-so-good shape. Luckily I was running gmirror and one of the drives was consistent. So the mirror got rebuilt from the drive with the consistent file system automagically (takes a while), then the system continued to boot, and then the background fsck finally kicked in. Gmirror saved my bacon here. Journaling is also supposed to provide similar error recovery features. I've had this happen twice on 2 different boxen. Needless to say, 2 broken UPS units were scrapped and replaced as a result. I would recommend you do NOT use the power button as you described above. Period. In any event pay particular attention to that very first boot after an 'uh-oh' power off event. Look at top and watch for the background fsck to kick off and complete, returning the machine to quiescent state BEFORE you do ANYTHING else to it. This includes pressing the button on the front. Just my $.02 - but I've had a couple of experiences like this and survived them successfully by doing things my way. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When will binary packages be back?
Mike. wrote: [snip] Additionally, for me, building from ports for me has tended to pull in many, many X-windows support files when they are not needed. Specifically, I run a non-windowing system using command line tools. When I tried to compile Samba from ports, I finally killed the 'make' stage after three hours of compiling X-windows stuff. Nowhere had I ever spcified that the system was running X or any other windowing system. Yet, there it was, three hours of wasted time. In addition to what Jeff has said, for servers where I do not want any X related stuff I place WITHOUT_X11= yes in /etc/make.conf. In addition to make config option(s), there may also be some default stuff here and there in the Mk files. The make.conf line will short circuit these. IIRC there may be some exceptions where you need some (a handful or less) of some X related packages. Seem to think of things like gd, imagemagick, freetype, etc., for PHP kind of things. In these cases, the make.conf line will blanket cover most of what you don't want and you can choose make config options that will pull in only what you absolutely need without starting down the line to everything X-related. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Recipie for CPU souffle'
Ronald F. Guilmette wrote: [[ Mostly, this posting is just a story. But it does include one question, towards the end. See below. ]] Well, I accidentally found what I believe is most likely the reason for the system halts I have been having recently, so I just thought that I would share that. It _is_ a bit humorous. (The mystery system shutdowns have _not_ been due to a power issue, it would appear.) I just now experienced another episode in which the machine powered itself off, as I was working on it, for no apparently good reason. Since it was down anyway, I decided that this would be a good time to pull out that *^%$#@ bleedin' new USB 3.0 PCIe card I had recently installed... just in case that was causing the problem. As I reached in to begin extracting the PCIe card, the tip of one of my fingers accidentally brushed up against my CPU heatsink. I in- stinctively yanked it away immediately. If I had not done so, I would probably have gotten a third degree burn. I left the system off for a couple of minutes after that... to let it cool down a bit before doing anything else... and then I powered it back on, checked that the CPU fan was indeed turning (it was) and then I went immediately to the BIOS and the PC Heath Status. The CPU temperature was listed as being 63c == 145f !!! And this was _after_ I had allowed the system to be powered down for a couple of minutes to cool down!!! So anyway, the fan turned and I watched the CPU temp slowly inch down to something more normal... like in the vicinity of 24c. I don't know what to make of this, except to suspect that some loose wires inside my case got in the way of the CPU fan turning. (I am not neat like some folks. The inside of myu case _is_ really rather sloppy, so this could easly have happened.) I've now installed mbmon and xmbmon and will be watching the CPU temp closely for awhile. I really wish that one or the other of those tools allowed setting a threshold CPU temp, beyond which the tool would emit an ear piercing alarm via the motherboard speaker... you know.. in case the regular external stereo speakers are turned off. question What *is* the best way to achieve the above effect, i.e. to arrange for the machine to scream for help in case it is getting too hot? I don't want it to just die, like it is doing now. I want it to scream so that I can rush over and at least try to do an orderly shutdown. /question Regards, rfg P.S. I am loading the system pretty heavily now, and have been for the last 20+ minutes, and xmbmon is showing me a nice constant 31c for the CPU temp. So for the moment at least, all is well. P.P.S. I have a (relatively) monster sized heatsink in this system, and it sits atop a quite modest 2.7GHz single-core Athlon, so it is not at all surprising that the ``stable'' CPU temp is around 30c (86f). Many old Athlons from the older generation used a thermal pad for heat transfer. It was what looked like a little piece of soft plastic almost something like a milimeter thick and an inch or so square that would have come preapplied to the OEM heat sink which accompanied the CPU in a retail box set. With these processors you cannot just simply smear a lot of thermal grease in there as a replacement. Indeed, doing so (not using a thermal pad) voids the warranty. Thermal grease works best when it is applied as a very thin but evenly distributed layer and the heat sink is then clamped down very tightly so it is in very close contact with the processor. Doing this (using just thermal grease in lieu of the pad) leaves a small void or gap through there will be little heat transfer. You might want to confirm that your processor model requires a thermal pad and not grease. Then hunt some down and use it instead of thermal grease. I seem to recall they were somewhat difficult to locate a place from which to purchase. Also the backing paper was darn near impossible to get off without destroying it (why the OEM cooler had it pre-applied). So get a few of them so you can tear up a couple before you succeed. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: databases/mysql55 to databases/mariadb
Andrei Brezan wrote: [snip] Also what i've noticed is that 'p' as a suffix is for percona. Oops! And I was thinking Percona but for some reason PostgreSQL came out my fingers! DOH! -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: smartd
Polytropon wrote: On Sun, 31 Mar 2013 17:25:32 -0500, ajtiM wrote: I installed smartmontools, start_smartd=yes I have in rc.conf Without further investigation - shouldn't that be smartd_enable=YES conforming to the syntax of other service start commands? At least that might be the reason why smartd doesn't automatically start. Sadly I can't find a reference to how to edit rc.conf in man smartd; at least the manual explains the options well... ;-) This is correct, as per: /usr/ports/sysutils/smartmontools/files/pkg-message.in Don't know if it's a typo in his email but he was missing a on the: daily_status_smart_devices=/dev/ada0 line as well. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problems with IPFW causing failed DNS and FTP sessions
Don O'Neil wrote: Hi everyone. recently my server started having issues with DNS and FTP sessions either not resolving or timing out. I've tracked the issue down to IPFW. if I issue a 'sysctl net.inet.ip.fw.enable=0' then my issues go away. [snip] I'm probably not smart enough to be able to help directly with your problem but I'd like to add that there is a snowballing DNS Amplification ddos attack against SpamHaus going on which is spilling over. I was looking at some weird stuff my Suricata was reporting today when I noticed a large majority of it was coming from CloudFlare CDN. They use anycast packet traffic to deflect and diffuse such attacks for their customers. I'm wondering if your box has just been sitting there doing it's thing and you've made zero changes to it so it is essentially 'steady state' and this problem just sort of came up seemingly out of nowhere. Consider a possibility that the cause may be external and what you're seeing is just IPFW's reaction to it. A friend of mine is on a nearby Verizon subnet and he uses their DNS servers. He noticed minimal hiccup while I have my DNS pointed at OpenDNS and it took them almost a day to get their situation under control. Once they did traffic seemed to return to normal, then I noticed Suricata alerting on return traffic in my pf DNS firewall rule. All the traffic Suricata was complaining about was coming from the CloudFlare CDN. I've never seen this before, so I'm not completely certain what to make of it. My hypothesis is OpenDNS subscribed to CloudFlare's protection, and since it is legit return traffic from my DNS server's lookups the firewall never touched it. I would never have noticed if it wasn't for Suricata. I just don't know enough about it all, just that I was having some flaky DNS stalling and hanging and when it seemed like it returned to normal I began to see this weird stuff from CloudFlare CDN on my DNS traffic. Just would like to point out it may be possible your problem is somehow just a reflection of some noise going on outside your box. As for exactly what you might do about it is for smarter people than me. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Portsnap gets ports that claim to be out of date
John Levine wrote: When I do portsnap update and try building stuff, I get errors like this: ^^ Mk/bsd.port.mk, line 5: warning: You are using a ports file that originated from CVS!! Mk/bsd.port.mk, line 6: warning: The FreeBSD project has switched from CVS to SubVersion. Mk/bsd.port.mk, line 7: warning: This CVS repository is NO LONGER UPDATED! If you see this Mk/bsd.port.mk, line 8: warning: message then your tree is STALE and you need to follow Mk/bsd.port.mk, line 9: warning: the update instructions to receive any more updates. I'm not using CVS, I'm using portsnap. Any ideas? It's a 9.1 system, fully up to date as far as I know. Have you tried doing: portsnap fetch update instead of portsnap update? -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: databases/mysql55 to databases/mariadb
Andrei Brezan wrote: Hello list, Is there a make.conf option that I can use to replace mysql55-[server,client] with mariadb55-[server,client] or i need to use for example pkg set -o databases/mysql55-client:databases/mariadb55-client? What happens if I want to use one port with mysql dependency and another one with mariadb as dependency? This is just a theoretical question, I don't have such a requirement, yet. All this is on 9.1-RELEASE but I think applies to different versions too. Look at: /usr/ports/Mk/bsd.database.mk I only perused it briefly, but I think you want something such as MYSQL_VER=55m. The 'm', or 'p' suffix switches to either MariaDB or PostgreSQL if I understand correctly. At any rate, this is the file that controls this. If it doesn't work (possibly I've got it wrong), I'd suggest a PR to get it added in. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gettext problem in FreeBSD 8.3 system hosed
Antonio Olivares wrote: [snip] As following /usr/port/UPDATING, I ran into a bit of trouble. System is hosed and I cannot update any ports. I tried to follow advice here: 20130316: AFFECTS: users of converters/libiconv and devel/gettext AUTHOR: b...@freebsd.org libiconv now handles the lib/charset.alias file instead of devel/gettext. If you are using pkgng 'and' upgrading from source with portupgrade or portmaster, first delete gettext, upgrade libiconv, then reinstall gettext. # pkg delete -f devel/gettext # portmaster converters/libiconv devel/gettext or # pkg delete -f devel/gettext # portupgrade converters/libiconv devel/gettext [snip] I have tried to follow the instructions included in /usr/ports/UPDATING but I have not succeeded in this machine. I am thinking of moving it to 8.4-BETA1 release and then reworking the ports or deleting them and restarting in case of not having replies I have gotten myself out of trouble before but it can take days to get the machine back in working order :( Not exactly an answer here, in terms of recovery, but more along the lines of trying to figure out how it happened. Did you previously convert this machine to pkgng? The reason I ask is the instructions in UPDATING _only_ apply if you did so. If you did not, then you did not need to pay any attention to that section in UPDATING. I have not yet investigated the changeover to pkgng. I recently just did a portupgrade -a without doing as UPDATING suggested and had no difficulty with either port. So if you have not converted to pkgng then there is/was a misunderstanding in the reading of UPDATING. If you did convert to pkgng then you are in new territory I have not seen yet, and the point is moot. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can anyone direct me to some information about what WITHOUT_PROFILE=YES actually means.
dweimer wrote: I have ran into a recent issue, after a lot of trouble shooting I have narrowed it down to something in my /etc/src.conf the full file just has: WITHOUT_BIND=YES WITHOUT_NTP=YES WITHOUT_FLOPPY=YES WITHOUT_FREEBSD_UPDATE=YES WITHOUT_PROFILE=YES Of course bind and ntp are added in by ports after the system is built, everything compiles, I have a very specific issue with one thing not working on an installed port, with no apparent error. To make a long story short though one of my build attempts, I forgot to copy the /etc/src.conf file to the new system. And well the problem was gone, when I discovered that's what I did differently, I commented out all lines on a different system rebuilt and installed, sure enough it worked. Looking at the src.conf options that I was using, I can't see how any option other than the WITHOUT_PROFILE could possibly be causing the problem. Though I am in the process of building systems with different options removed in an attempt to find out for sure. The WITHOUT_PROFILE was added from a help document I read some time ago about upgrading from source, and hasn't caused any problems before now. I know it instructs the build process to avoid compiling profiled libraries. But my searching hasn't been able to lead me to what the difference is between a profiled and non-profiled library is. I'm not a code hacker, so take with pinch of salt. In the man page for src.conf it declares that variable values would be ignored, and of course I missed that. While I have WITHOUT_PROFILE= true in my src.conf, the correct use is simply WITHOUT_PROFILE by itself. Since I have never experienced any form of difficulty perhaps the difference here is the quotation marks. Maybe something is malfunctioning from the . See if removing these helps? Also, from what I understand what's in src.conf should only apply to building the system, e.g code located under /usr/src. I've always taken this to mean it should not apply to building anything in ports. My limited understanding is that when you build profiled code you are inserting a little extra debug code which is utilized to measure the time spent within internal structures, such as functions and other sub-routines. Not that I even know how such info would get extracted at runtime, programmers use this to look for areas within their code that hog resources time-wise and zero in on those to concentrate on makeing more efficient/faster. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Software raid VS hardware raid
Artem Kuchin wrote: [snip] The server is going to be a web server with many sites and with mysql running on it. Nothing really really heavy. Currently with run all this on our own server with 8 cores and 16GB ram and 3ware raid1 and cpu load is about 5% :) Everything is quick and responsive. I hope to see the same on a software raid. The controller would be a slight concern. But for what you've described doing I doubt it will be a big deal. The 3Ware may have a faster processor on it than say a generic onboard built-in. But since all we're talking here is a RAID 1 mirror my guess is it may not be a big enough difference to see. Writes will be just as if you are writing to 1 drive, reads will be faster. Maybe that 5% cpu load turns into 6% or 7%. I really don't want to deploy ZFS on a new server where all these site need to migrate because i am kind of don't fix it if it is not broken kind of guy. UFS+journaling+softupdates served us well for years and snapshots are available on ufs too. I understand; I've only played around with ZFS some on Solaris. I may move in that direction some day, but for now My other concern is what happens when one drive goes down if we use gmirror? Is it completelly transparent and bad drive can be hot swapped while server is running and rebuild started? I am thinking now about gpt+gmirror (including boot and swap) I've never actually hot-swapped one but I can't see any reason why not. You can't use the gmirror remove directive when a drive has failed, but you do a gmirror forget device , swap it, then just do gmirror insert device to insert the replaced drive into the mirror. When everything is working as it should gmirror is mostly 'automatic', e.g. after the insert the rebuild just starts. Main thing I appreciated about this is the server stayed up and online after one drive died. My two servers at home are my testbeds to test out things first before doing stuff to the ones at work. I just installed both to 9.1. The difference now is I've used GPT (gpart) and this is new to me. Previously everything was always fdisk and disklabel. Both these machines are setup on one drive at this point and I haven't yet gotten into the mirroring yet. With the old fdisk/disklabel it was simple to just mirror the entire drive itself (slice). The other approach is to mirror partitions. I think I may need to do this as I think this is the way you have to proceed in order to avoid having gpt and gmirror both trying to claim the last sector on the drive (metadata storage). -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Software raid VS hardware raid
Artem Kuchin wrote: Hello! I have to made a decision on choosing a dedicated server. The problem i see is that while i can find very affordable and good options they do not provide hardware raid or even if they do it is not the best hardware for freebsd. The server base conf is 8core 32gb ram 2.8+ ghz. So, maybe someone has personal experience with both worlds and can tell if it really matters in such configuration if i go for software raid. What are the benefits and what are the negatives of software raid? How much is the performance penalty? I am planning to use mirror configuration of two SATA 7200rpm 2TB disks. Nothing fancy. File system planned is UFS with journaling. I can't say for sure exactly what's best for your needs, however, please allow me to toss out some very generic tidbits which may aid you in some way. Historically back when RAID was new, hardware controllers were the only way to go. Back then I would never look at software RAID for a server machine. Best to offload as much work away from the CPU as possible to free it up for running the OS. What has changed is the amount of raw horsepower available from modern-day processors as compared to when RAID first came out. On the multi-core monster CPUs of today software RAID is a perfectly viable consideration because there are CPU cycles to spare, so the performance penalty is less now than it once was. Having said that, there are several other considerations to keep in mind as well. The type of RAID required matters. If you want/need RAID 5/6 it is definitely better to go with hardware RAID because of the horsepower required to do the XOR parity generation. You would want RAID 5/6 running on a hardware controller and not on the CPU. On the other hand, RAID 0, 1, and 10 are fine candidates for software RAID. One thing I've noticed that seems to somewhat get lost in this discussion is equating software-based RAID with not needing to spend money on the expensive RAID controller. At first glance it does seem like quite a waste to spend hundreds of dollars on a really fast RAID controller and then turn all its functionality off and just use it JBOD style. If you truly want performance you still need the processing power of the hardware chip on the (expensive) controller. Most central to this is I/Os per second. This matters more to some workloads than others, with being a database server probably at the top of the list where I/Os per second is king. The better the chip on the controller card the more I/Os per second. Another thing that matters less wrt to server hardware is the third kind of RAID known as fake or pseudo RAID. This is mostly found on desktop PC motherboards and some low-end (cheap) hardware cards. There is a config in the BIOS to set up so-called RAID, but it is only half of the matter - the other half is in the driver. FreeBSD does indeed have support for some of these fake RAID things but I stay far far away from them. Either go hardware or pure software only - the fakeraid is crap. Another thing I'd warn you about is the drives themselves. Take a look: http://wdc.custhelp.com/app/answers/detail/a_id/1397 Many people get very lucky much of the time and don't experience problems with this. Using drives designed for desktop PCs with RAID can be prone to problem. Drives designed for servers are more expensive, but I've always felt it is better to put server drives in servers. :-) In terms of a 'performance penalty' what you will find is it gets shifted away from just losing a few CPU cycles into other areas. If the drives are Advanced Format 4k sector critters and they aren't properly aligned in the partitioning phase of set up performance will take a hit. If the controller chip they are hooked up to is slow, then the entire drive subsystem will suffer. Another thing you will find that will surface as a problem area is the shift away from the old style DOS MBR scheme and towards GPT. Software RAID (and indeed hardware controllers too) store their metadata at the end of the drive and needs to be outside the file system. The problem arises when both the software raid and the GPT partitioning try to store metadata to the same location and collide. Just knowing about this in advance and spending some quality reading time about it prior to trying to set up the box will help greatly. Plenty has been written (even in this list) about this subject by people smarter than me so the info you need is out there, albeit it can be confusing at first. I guess what I'm trying to point out is that low performance wrt software RAID will stem from other things besides just simply consuming a few CPU cycles. Today's CPUs have the cycles to spare. I've been using gmirror for RAID 1 mirrors for a few years now and am happy with this. I have had a few old drives die and the servers stayed up and online. This allowed me to defer the actual drive replacement and not have
Re: Gamin/IMAP issue
Daniel Staal wrote: Since upgrading to 9.1 I've been getting errors retrieving my email via IMAP. They don't appear to actually prevent anything, but they are annoying at least. (And while I haven't noticed anything else that is having the same errors that doesn't mean it's not happening...) The errors I'm getting are: Failed to connect to socket /tmp/fam-daniel/fam- Failed to create cache file: maildirwatch (daniel) Error: Input/output error Check for proper operation and configuration of the File Access Monitor daemon (famd). ('daniel' of course being the name of my user.) I'm using courier-IMAP and gamin. The only thing I can find online on this is someone else on the freebsd forums who had the same problem ~8 years ago, who eventually gave up and switched to fam. (Well, other than the ones that say 'install fam/gamin', which I have installed, but doesn't appear to be working.) I have rebuilt and reinstalled both courier-IMAP and gamin. (I actually did a 'rebuild all dependencies' for gamin.) Permissions on the /tmp and /tmp/fam-daniel directories are as I'd expect. I've also increased kern.maxfiles to 10, to make sure it can handle my large maildir directories. (Though this wasn't a problem before I upgraded.) Not exactly sure where the problem stems from, but one thing you may wish to consider: do make config on the courier-imap port and deselect the 'with gamin' option and rebuild/make reinstall. I ran courier-imap forever without gamin so I suspect it's not really needed. If this works out remove gamin from the box if there is nothing else using it. Same for fam - if it isn't absolutely required by anything get rid of it. Only port I have that actually uses/depends on gamin for me is Samba36. The only thing I can think of why courier-imap might have use for gamin/fam is for shared folders and shared folder indexing. This I do not use. YMMV? Note: /tmp is usually a 'sticky bit' set - mode 1777. I've had a time or two in the past where I've muffed that up. Anyone have any other ideas on where I can start troubleshooting? (And yes, I'm considering upgrading to Dovecot, but I want to know everything is working first.) I just made the move to dovecot2 after 10 years, or so, of using courier- imap. Not that I ever had any trouble with courier-imap either, but the dovecot2 is a little cleaner install with fewer 'satellite' addons. Been using it a month now and am happy with results. It also slid right in and took over the existing Maildir contents from pre-existing courier-imap - I was very happy to see this! -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Gamin/IMAP issue
Peter Vereshagin wrote: Hello. 2013/01/10 10:48:41 -0500 Michael Powell nightre...@hotmail.com = To freebsd-questions@freebsd.org : MP The only thing I can think of why courier-imap might have use for gamin/fam MP is for shared folders and shared folder indexing. This I do not use. YMMV? I think courier-imap uses the gamin and/or fam to look up for the mailbox quota usage, %%. Aha! Never used quotas either, although a regular production-style server config really should. Thanks. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: installing a new device driver
Jack Mc Lauren wrote: Hi all Sorry I ask so much cause I'm a new user to freeBSD :) Hear's the deal. How can I install a new device driver on my OS ? Please explain in details because of the reason I mentioned earlier :) First, please understand that FreeBSD is a mostly, self-contained operating system. Generally speaking the difference is in where the driver itself comes from. There are exceptions, as there are indeed some vendors who provide driver code to the project as third-party add ins, but much driver code is written by and contained within the project itself. This means that you will not go willy-nilly surfing all over the web downloading drivers to install. If you have the source code for the OS installed (it was an option during install) you might want to look at a kernel configuration file for a basic idea on how drivers 'relate' in FreeBSD. On an i386 system there will be a path /usr/src/sys/i386/conf/, and on a 64 bit install the kernel config file will be located under /usr/src/sys/amd64/conf. On a brand new machine with no custom kernel you will see a file under these location(s) called simply GENERIC. This is the kernel configuration file for the OS as distributed and until one generates and compiles their own custom kernel it will be what you are running. Notice lines within the file that begin with 'options' and 'device'. The lines you see that start with 'device' are device driver(s) that are built into the kernel itself. There is such a wide variety in the GERNERIC kernel because it ships as designed to be ready to operate on a plethora of differenet hardware. Many people will build a custom kernel that strips out all of these that they do not need. So what if you strip out something that you do need does that mean that you have to build a new kernel all over again? Quite possibly not, as FreeBSD also has something called 'kernel modules' as well. If you look in /boot/kernel you will notice a lot of files that end in a .so extension. These are kernel modules (think 'drivers' here - it is pretty much the same idea). You can load and unload these kernel modules while a system is running using kldload and kldunload commands. The command kldstat will inform you about ones that are loaded and active. The thing you need to know is you can't kldload a kernel module if that corresponding function is already built-in and present in the running kernel. Example: a kernel config file with 'device em' means the driver is already compiled into the kernel and you will receive an error should you attempt to kldload the if_em.ko kernel module. Just to expand a little for some quick grokage:-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FB 9.1 boot loader problem in VirtualBox
jb wrote: [snip] But I also could not ping: $ ping -c 1 google.com I have VM-Settings-Network Attached to NAT What is the correct setting here ? Vbox will not allow ping and/or traceroute type traffic through NAT. It states this somewhere in the docs. This normal to NAT. I've used both NAT and bridged and have more recently come around to believing that bridged is the better of the two. Especially when/if you wish to serve content to the outside world. Trying to monkey around with the port forwarding rules of the NAT setup is for the birds. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FB 9.1 boot loader problem in VirtualBox
Matthew Seaman wrote: On 06/01/2013 12:09, jb wrote: A general question: to what extent is FB Install aware of installation env (VB here) ? If so, would it make sense to sanitize it to avoid offering install options that are irrelevant/inappropriate ? This is FreeBSD. It doesn't hold your hand and wipe the drool off your chin. You're assumed to know what you're doing, and to be able to configure your systems appropriately. And when you do know, and can configure things, then it doesn't get in your way. The installer doesn't know about all the various possible different execution environments it might get used in. To do so would add a lot of complexity for not very much gain to most users. Instead, it is targeted at the most common installation scenario: direct installation onto a PC with all the standard sort of capabilities.This should produce a working system for the vast majority of use cases, but you may need to go in and twiddle a few knobs and generally tune things up a bit to get the very best results. The converse may be applicable as well, that Vbox has configurability to know a little something about the environment for the proposed guest. When creating a new VM, you can choose BSD in the Operating System drop-down and then choose FreeBSD or FreebSD-64. I've had no trouble installing the 9.1 Release disk1 CD into a Vbox VM (amd64 version). What I have not done is tried all the various partitioning schemes available under Manual config. Possibly one, such as Dos MBR or BSD disklabel which I have not tried, may be broken boot-loading wise. I only went straight down the GPT road. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FB 9.1 boot loader problem in VirtualBox
Michael Powell wrote: [snip] The converse may be applicable as well, that Vbox has configurability to know a little something about the environment for the proposed guest. When creating a new VM, you can choose BSD in the Operating System drop-down and then choose FreeBSD or FreebSD-64. I've had no trouble installing the 9.1 Release disk1 CD into a Vbox VM (amd64 version). What I have not done is tried all the various partitioning schemes available under Manual config. Possibly one, such as Dos MBR or BSD disklabel which I have not tried, may be broken boot-loading wise. I only went straight down the GPT road. Addendum: Also, which I forgot and left out in my haste, I think I have seen most reports of people having trouble seems to have revolved around the Auto partitioning scheme choice in the new bsdinstaller. I avoided it and went straight to Manual as I prefer to do my own. IIRC the Auto provides one slice and one partition and throws everything in there. I still wish to have separate partitions for /, /usr, /var, etc, so I've also never tried the Auto scheme either. Maybe if this is the problem the OP may wish to try avoiding Auto and proceed directly to Manual. Might rule something out. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.1 won't install - GEOM/GRAID issues
Mike. wrote: [snip] Thanks for the reply. The disk in question has never been used for RAID, so if there is RAID metadata on the disk, I do not know how it got there. The disk is (I believe --- it's been a while since I have been inside that box) on a Promise SATA RAID controller, but RAID is not used and has never been used (I have a 3Ware controller for RAID on that box). When things settle down, I'll try to figure out how to sanitize the disk and try to install 9.1 again. If somehow some RAID controller ever wrote out metadata to the disk it will be the last sector or two at the very end. Sometimes some GPT partitioning schemes corrupt this too. If some alien form of GPT partitioning or some form of RAID has written anything to this area it will throw an error when GEOM 'tastes' the disk. You can zero both these areas with dd if=/dev/zero plus disk plus some arithmetic. Another way, and I do sometimes when I go to reuse a disk that's been used for a while, is to use the mfr's diagnostic utility. I know the WD diag utility has an option to write 0's to the entire drive. Sometimes I do this and then run the extended diags just to get a 'feel good' factor on the media. Trouble with this is the larger the disk gets the longer it takes. I just like media scans on old disks before I recycle them to a new project. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: route issue
Yavuz Ma?lak wrote: Hello On freebsd8.2 when i run netstat -rn i see below; # netstat -rn | grep -r 127.0.0.1 127.0.0.1 127.0.0.1 UHS 0 1462933lo0 As flag i think that it should be UH but on my server as above; How can i fix it ? Please show us your entire netstat -rn output, as well as entire ifconfig -a output, and even possibly the relevant network config lines from /etc/rc.conf too. I'm wondering if you have no other interfaces configured so it is defaulting back to this. The 'S' flag usually shows up in manually configured interfaces for network cards, e.g. NICs with an ifconfig line to activate them in /etc/rc.conf. Perhaps you are missing or have something slightly misconfigured in /etc/rc.conf. Possibilities might include no defaultrouter, hostname, etc. Note that /etc/rc.conf should be used for overriding defaults. The defaults are in /etc/defaults/rc.conf and this file should be left alone. Note the following are already in /etc/defaults/rc.conf: network_interfaces=auto # List of network interfaces (or auto). ifconfig_lo0=inet 127.0.0.1 # default loopback device configuration. Maybe you have a network_interfaces=iface1 iface1 [...] iface lo0 manually listing the interfaces in /etc/rc.conf which is overriding the default auto. Just some guessing on my part to give you some ideas. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: aclocal-1.12: error: 'configure.ac'
Polytropon wrote: [snip] Stop in /opt/ports/ports-mgmt/portupgrade. ^^ Don't know if this matters, never tried it that way - this is FreeBSD, not Linux. FreeBSD is not some kind of Linux. With setting $PORTSDIR it should be possible to have a valid (!) ports tree in any location you want. See man 7 ports for details. With that said, the ports tree usually lives under /usr/ports. No idea why it would show up under /opt, except as some carry over Linuxism. Probably you aren't old enough to remember that /opt is not a Linuxism, but a Solarism, Solarisism. It expresses the optimistic attitude that the content of this subtree will work as expected. :-) lol! I'm 55 yrs old. Only tinkered with Solaris on and off briefly, never used it extensively enough for it to remain in the brain. But you're right! [snip] There's nothing wrong with /opt, but I've never found it would be a good place to put the ports tree in. I'm (ab)using /opt myself for software that I manage outside of the ports tree, completely manually: it's basically scripts in /opt/bin, some specific printer filters in /opt/libexec (called by printcap), and few self-contained subtrees of non-ports stuff. In this way, it does not touch the main system. However, having the complete (!) ports in /usr/ports should avoid trouble. What's confusing here is the fact that the OP seems to have a mixed installation. Main reason I tried to point him back to default install conditions is I can build both these ports right now on a box that is 'normal'. Having a standard default setup will also be less trouble at some future time. More maintainable. I'm a sysadmin and there isn't enough time in my day, so everywhere that I can have stuff that 'Just Works' means I can work on some other more pressing problem. The prompt reads: /usr/ports/ports-mgmt/portupgrade sudo make install Also never had much reason to use sudo with FreeBSD. Just a small personal idiosyncrasy. But the error messages say: /usr/bin/touch /opt/ports/lang/ruby18/work/ruby-1.8.7-p370/configure So there seems to be both /usr/ports and /opt/ports... ??? But finally: Stop in /opt/ports/ports-mgmt/portupgrade. Is there some symlinking issue opt-usr? What I was originally wondering about was the *.mk files located in /usr/ports/Mk. Getting the environment configured as per Matthew's instructions seems like what the OP needs to get right if he truly must have his ports tree in /opt. Unless there is some overriding reason why this is absolutely required, it would be far easier just to have a 'default' setup and get on with things. Just built both of these ports successfully as test. Nothing wrong here. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: aclocal-1.12: error: 'configure.ac'
Oleg simonoff wrote: Hi to all! Want to to ask the unix community about my problem. Don`t know what to do. racking my brain over ... The system freeBSD 8.2 Got some trouble with compilation portupgrade-2.4.9.9,2 /usr/ports/ports-mgmt/portupgrade sudo make install ... === Configuring for ruby-1.8.7.370,1 /usr/bin/touch /opt/ports/lang/ruby18/work/ruby-1.8.7-p370/configure aclocal-1.12: error: 'configure.ac' or 'configure.in' is required *** Error code 1 Stop in /opt/ports/lang/ruby18javascript:doImageSubmit('Send'). *** Error code 1 Stop in /opt/ports/lang/ruby18. *** Error code 1 Stop in /opt/ports/ports-mgmt/portupgrade. *** Error code 1 Stop in /opt/ports/ports-mgmt/portupgrade. ^^ Don't know if this matters, never tried it that way - this is FreeBSD, not Linux. FreeBSD is not some kind of Linux. With that said, the ports tree usually lives under /usr/ports. No idea why it would show up under /opt, except as some carry over Linuxism. You probably need to wipe the Linuxism and start over as a FreeBSD user. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: KDE trouble, perhaps related to display wizard usage
Ralf Mardorf wrote: Hi :) the KDE 4 desktop does cause issues, since I set up the panel and then booted with display wizard enabled, on PC-BSD 8.2 64-bit. The last panel I add often isn't visible and accessible, but the first panel did work before I restarted with display wizard enabled. I add several panels, that are invisible and not accessible. Resetting graphics and monitor settings using display wizard doesn't solve the issue. Opened window apps aren't shown on the desktop. Any ideas what's broken that I can't access, resp. seldom can access the panel and that the application's windows aren't accessible (only shown in the panel, assumed there is a panel, but not shown on the desktop)? FWIW changing the X settings doesn't please me, I'll test a xorg.conf that I used with Linux and for sure I'll switch to another DE, on Linux I e.g. prefer Xfce4, but I guess first I should set up the default install to my needs. I don't use KDE with FreeBSD any longer, however, FWIW a couple of generic ideas to maybe get you started. I've never had much luck with the KDE system config monitor tool. But one thing to notice - if only 3 resolutions such as 640,800, 1024 are listed it may be an indicator you have only these VESA modes available. This is most likely due to not having the mfr's binary blob drivers installed, rather than using the open source variants. The open source versions (Nouveau for Nvidia) lag behind the mfr blob in terms of performance and feature support. KDE really demands having the best drivers runnning. Performance issues can be examined in a couple of areas. You can disable the Desktop Effects as well as change the rendering backend from OpenGL to XRender. XRender might be more suitable for older, really low end video cards while OpenGL is more horsepower intensive. I've used radeonhd driver before a couple of years ago, and nowadays use a Nvidia GTS 450. What I don't have experience with is the Intel graphics. However, the essential thing of getting off of VESA and into hardware accelerated via drivers might be something to look at. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: KDE trouble, perhaps related to display wizard usage
Ralf Mardorf wrote: On Thu, 2012-12-13 at 13:08 -0500, Michael Powell wrote about drivers. I tested vesa, ati and radeonhd before I posted my request. There where tons of resolutions available and there aren't performance issues. Just the frequencies are to low. However, at the moment I want to be able to use GUIs on KDE, to get a panel back, that is always accessible. Perhaps KDE gets broken, when I edited the panel settings, buy using the correlated GUI. OK - in spite of X supposedly being capable of true auto-configure these days I still use a hand-crafted xorg.conf to get what I want. That being said, this description gives me the idea that this is a KDE problem and not Xorg related, per se. Easiest way to test KDE is to either rename the .kde folder to something like .kde-backup and log out and back in again. You can achieve the same thing by creating another user account as well, and when you log in as that user you will be starting KDE config all over again from scratch. If problem disappears with this there is a botched KDE config somewhere. This also sounds vaguely like something I heard about wrt to some Plasma bug a version or two back in KDE. Don't recall exact details as I never experienced it. One time when I did have some small glitch I found when I renamed or deleted the ~/.kde/share/config/kwinrc file and restarted KDE, starting over fixed my problem. YMMV Could also try Googling something concerning 'disappearing Plasma panels' and see if there are any hits on this as a Plasma related bug. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When Is The Ports Tree Going To Be Updated?
Matthew Seaman wrote: [snip] And now I need to find an alternative to handle the src updates using svn or something... SVN works, but isn't amazingly quick. If you're on a release branch you can get the src (and just the src) using freebsd-update(8), which should be pretty speedy and which I think is going to be the officially blessed method for non-developers to keep up to date. Although anyone will still be able to use SVN if they want to. You'll need to tweak /etc/freebsd-update.conf slightly to get just the system sources. It's pretty obvious what to do. As a result of the security incident I switched away from csup and am now using portsnap for ports, and svn for source. The only disconcerting item I noticed is the 500-some MB .svn directory now under /usr/src/. Can using freebsd-update for source update(s) eliminate the need for this 500MB waste of space? Or is there some switch for svn which could accomplish same? Thanks - Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HELP: some process eat my /var
Eugen Konkov wrote: how to find which process take space? You might want to look at fstat and lsof. fstat is in system while lsof is an add-on third party port. Keep in mind that when you do find the space you are looking for it will be held 'open' as an open file in the file system as long as the process is running. During normal operations you can shut down the process and release the space so it can be deleted. This is relatively straightforward as long as everything is 'normal'. The more difficult position arises when a process has behaved abnormally, including going zombie, crashing, etc. With the 'abnormal' there can be a chance that even though the process is gone you may encounter difficulty trying to delete/recover the space because the file system still considers it an open file. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Famp Server
Hamisi Jabe wrote: i started installing apache22 and it worked, then i installed mysql it worked fine, also when i installed php5 it worked fine too but when i browse php file it displays the codes not the information like i created a php file to display the current settings ?php echo phpinfo(); ? in the /usr/local/www/apache22/data directory i did everything as root http://www.iceflatline.com/2011/11/how-to-install-apache-mysql-php-and- phpmyadmin-on-freebsd/ check this tutorial which i used to configure the famp on my server [snip] Under the IfModule mime_module section in you httpd.conf try adding: AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps and restart Apache. Also double check that the Apache PHP module was installed when you built PHP. There will be a line like the following: LoadModule php5_modulelibexec/apache22/libphp5.so -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Famp Server
Peter Vereshagin wrote: Hello. 2012/10/29 16:28:11 -0400 Michael Powell nightre...@hotmail.com = To freebsd-questions@freebsd.org : MP Perhaps by way of example I can illustrate: I run Apache as FastCGI with the MP event-mpm, mysql, memcached, and PHP in the FPM configuration. It is a MP highly customized and tuned environment which is easily obtained utilizing MP the inherent configurability of the FreeBSD ports system. jfmi: Which of them can not be found in a 'gentoo'? I do not know. Never ran Gentoo. Never had the time to try every 'distro'. Some imprecise and poor wording on my part when I said something about 'all', when I should have said the 3 that I did try. Mistake on my part. [snip] What if being a proper sysadm means ability to deploy a package on thousands (tens of thaousands, etc.) of machines? In formal terms this means create a package and install on the every machine. This cannot be a several packages because this makes the whole task less quick and the solution less reliable. And the creation of such a package can be a more trivial task for sysadm than the such of a package installation or upgrade by itself. Such a metaport can be a person-scale/company-wide solution, not a public one so no harm for the general freebsd usage approaches/pphilosophy which is a kind of a public stuff. I completely agree with this. However, noting the most recent email it looks as if he still hasn't quite got the hang of installing software on FreeBSD yet. I believe there is a chapter in the Handbook devoted to it. One would still need to learn how to install software on FreeBSD in order to make use of a meta port; after all - it is still the same process. I do not think a meta port is a solution for not learning how to install software. My suggestion is centered around the idea that learning to install software is a prerequisite to using a meta port. I think we should be guiding him towards acquiring that understanding, then if such a meta port comes into being he will be able to make use of it as well. I do not disagree with the potential utility of a meta port. This is a 'horse before the cart' situation where one cannot replace the other. We should be helping him learn how to install software. A meta port should be a separate issue of its own, and not be attempting to replace not knowing how to install software. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How does freebsd supports ipx?
YC Wang wrote: [snip] syscall returns successfully. But I don't find any ipx module in /boot/kernel/ on freebsd. So I wonder how does freebsd supports ipx? Is there any other work I should do for this purpose? I believe what you read in Wikipedia may be out of date. Someone correct me if I'm wrong, but I seem to recall that IPX was dropped from FreeBSD and is no longer supported. The code went unmaintained for too long and succumbed to bit rot, so eventually it was pulled. What I am unclear about is exactly when this happened. It wasn't all that long ago. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.3 with LSI MegaRAID 9265-8i
Joe Mays wrote: Well, this is a real problem. I have nothing where I am to build and burn an ISO, and I am trying to work with someone several states away through an IKVM switch. The server-to-be is on a port on the switch and I need them to download the ISO via FTP and burn it to a disc and drop it in the tray. Right now I'll happily pay $50 to to anyone who can provide me with an ISO of 8.3 stable in a location that I can provide to the person in missouri so he can download it and create the DVD. I'm serious. Paypal is at the ready. Perhaps the latest testing snapshot may be useful. These are intended for testing, and not really aimed at production. ftp://ftp.allbsd.org/pub/FreeBSD-snapshots/amd64-amd64/8.3-RELENG_8-20121005-JPSNAP/cdrom/ Don't know if that's exactly what you're looking for. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.1 - 8.3
Laszlo Danielisz wrote: Hey Guys, If I want to upgrade from 8.1-RELEASE-p11 to 8.3 do I need to also update installed packages? One more thing: by when has 8.3 release maintenance? Maybe I'm blind but I haven't found the date on freebsd.org When updating within a major release version such as 8.1 to 8.x the ABI is stable and remains the same so it is not necessary to update the third party packages/ports. It becomes necessary to rebuild/update whenever changing from one major release to another, such as from 8.x to 9.x for example. If you use csup and a supfile to update src, just use tag=RELENG_8_3 to pull in the security maintenance release bits. Currently it is at P4. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.1 - 8.3
Laszlo Danielisz wrote: Great Mike, May I ask what is ABI? ABI is short for Application Binary Interface, and is a low-level interface between programs and the operating system [kernel] they run on. You may have seen API as well - short for Application Programming Interface. This generally/usually is relevant to programs talking to other programs. In FreeBSD, if changes to the ABI are deemed necessary, this will generally serve as a demarcation point between one major version revision and the next one coming along, e.g 7.x, 8.x, 9.x, and so on. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Error after upgrading to php 5.4.6
Bas Smeelen wrote: [snip] My previous response was sent too early :( I still get errors in apache [Tue Sep 04 08:14:42 2012] [error] [client 192.168.1.189] PHP Warning: Unknown: Unable to allocate memory for pool. in Unknown on line 0, referer: http://sys.ose.nl/cacti/graph_view.php?action=treetree_id=1leaf_id=21 [Tue Sep 04 08:14:43 2012] [notice] child pid 56172 exit signal [Segmentation fault (11) [Tue Sep 04 08:14:43 2012] [notice] child pid 56163 exit signal [Segmentation fault (11) [Tue Sep 04 08:14:53 2012] [error] [client 192.168.1.189] PHP Warning: Unknown: Unable to allocate memory for pool. in Unknown on line 0, referer: http://sys.ose.nl/cacti/graph_view.php?action=treetree_id=1leaf_id=7 [Tue Sep 04 08:15:59 2012] [notice] child pid 56169 exit signal [Segmentation fault (11) So now I will comment out all extensions and start investigating. Well it turns out to be apc.so, this comes with core php I guess? For completeness: The php manual states this is for alternative php cache. http://php.net/manual/en/book.apc.php I use xcache. However, whenever I rebuild PHP I also rebuild xcache. Sometimes when the change is very small you may get away with not doing it, but whenever updating between major versions it is a must. I had this happen one time too many and just got into the habit of whenever I rebuild/update PHP I rebuild xcache as well. I believe it pulls in includes form PHP during it's build process so if PHP changes too much xcache will segfault, or just outright refuse to load. [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Error after upgrading to php 5.4.6
Paul Macdonald wrote: On 03/09/2012 12:26, Darrell Betts wrote: My php pages will no longer render in a web browser after upgrading to php 5.4.6. Used port upgrade to do this. Running apache 2.2.22_6. Checked the error log and this is what I receive [notice] child pid 38232 exit signal Segmentation fault (11) This does this on all php pages. Any idea how to fix this error? [snip] try editing your /usr/local/etc/php/extensions.ini, comment out all extensions (restart apache) and see if it stops seg faulting. If it works, add in the modules one by one until it stops. Previously i've seen people posting about the order being important Some while back I thought portupgrading PHP caused the extensions.ini to be edited after each and every extension rebuild/reinstall, causing a shuffle like effect. Since I do a backup before, including all configs, I got into the habit of just copying my old extensions.ini back into place afterwards prior to restarting PHP and/or web servers. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
bsd wrote: Le 21 août 2012 à 04:10, John Levine a écrit : Are you running pecl-APC? If so, what version? There's a major issue with the latest. Hmmn, that might have been it. I backed down to 5.3, but when I have a chance I'll try 5.4 again without APC. Tried it without APC, didn't help. We're back to the theory that there's something in PHP 5.4.5 that builds OK on 9.0 but not on 8.x. I suggest that you start with a fresh php.ini file in order to have up to date values. If you have compiled it with cli, you can post the output of php -v here so we can figure out more precisely what is going on with your install… I am running PHP 5.4.5 on 7.4 without problem - I had problem upon install, but they all came from php.ini not beeing up to date (AFAIR). I have seen at one time or another a problem with the order modules were loaded in php.ini occur. One thing I noticed is if/when this happens you see modules completely fail to load in the error log, as opposed to module(s) that do load but then segfault when called by PHP code. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Warning - FreeBSD (*BSD) entanglement in Linux ecosystem
Mark Felder wrote: Those in on the core teams here are very well aware. Did you notice we've survived this long without ALSA? :-) However, this is very good reading for anyone who hasn't looked at Linux lately, and it's worth mentioning that this is snowballing quickly. I used to really like some Linux distros. I've been working closely with FreeBSD for 3 years now and after watching Linux change in those 3 years from this distance I'm not sure I want to go back. Everything that originally excited me about *nix operating systems is gone; it's a big convoluted mess now. This isn't a good sign and I hope someone has the sense enough to stand their ground and tell RedHat/Poettering NO. You hit the nail on the head for me. For quite a few years I have tried Skype on various flavors of Linux machines all with the same end result: in order to use the microphone Pulseaudio had to be disabled. It's as if the guy that started it (Poettering) never conceived needing to use a microphone with a sound server and never tried it. So, in my opinion Pulseaudio is software left unfinished. Never mind such unfinished and untested as it was, it was mind-numbing to see all the 'distros' incorporate it as a default. Then Poettering moved on to systemd. My reservations are several. Developeritus notwithstanding, I am left to wonder whether he will 'finish' systemd or walk away from it when he gets bored with it, leaving it in the same kind of mess he left Pulseaudio. Now I truly like the idea and concept of Pulseaudio - it would just be nice if the author and project made it work the way an end-user sitting in front of his computer expects it to work. So called 'developeritus' is a fundamental disconnect between coders who code to please themselves and pat themselves on the back for adding 'features' and end-users who utilize computers to do other work. Anyway, enough rant from the my $.02 dept. I perceive the 'developeritus' affliction as a huge elephant in the open source software room that no one wants to talk about. I am definitely NOT against technological advances in software and the state of the art moving forward; indeed I welcome it. But, if it's broken like Pulseaudio I don't want to have anything to do with it. If it means using it requires me to spend countless hours trying to make it work instead of putting the time towards paying work then I do not need it getting in my way. Devs who code for ego gratification among their peers instead of trying to produce something a computer user might need should attempt to connect to this concept. And I see somewhat more connect in the FreeBSD community, which is a line-item on my list of what attracts me to continue using it. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache 2.2 and php 5.4.5 failing on freebsd 8.3
John R. Levine wrote: Then perhaps you should downgrade to lang/php53 and lang/php53-extensions and compare the results! Good thought, I just did that. Results: php5.3: works fine as far as I can tell php5.4: fails in random ways This suggests there is a bug in 5.4 which only is apparent on FreeBSD 8.x. I note that the packages for 8.x have gone away on the distribution server, so I expect they're not regression testing 8.x any more [snip] I had pretty much the same experience. I run apache22 with the event mpm in conjunction with php-fm, utilizing mod_fastcgi to connect the two. This is so I can have a threaded web server and separate it from questionable thread-safe PHP code. I had built PHP with the threading option, and with 5.4.x I had flaky segfaults in some modules. I suspected at the time that there were regressions in thread-safety in more than one module but had zero time to deal with it. I went back down to 5.3.xx just as you and have had no trouble since. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Issue with kernel building
antonin tessier wrote: Hi, I have a problem when I try to build my own kernel. I had never got such a one; here is my kernel configuration file and the building errors that it makes. [snip] # make kernel KERNCONF=GOLLUM MAKE=make sh /usr/src/sys/conf/newvers.sh GOLLUM Stop in /usr/obj/usr/src/sys/GOLLUM. I have snipped out content for brevity; rather let's focus on evidence of incorrect procedure on your part. While there still exists 2 ways of accomplishing this, the so-called new method is standard. An example of how to do this can be found contained within a commented out section in the beginning of /usr/src/Makefile. While this information is on how to completely rebuild/update the entire system from source, the commands to build and install a new kernel are present. Please note the following: make buildkernel KERNCONF=somekernelfilename make installkernel KERNCONF=somekernelfilename You are on almost the right track but you are referencing above incorrect paths to this kernel config process. For an i386 box/install your kernel config file would be located in /usr/src/sys/i386/conf and for a 64-bit amd64 install this location is /usr/src/sys/amd64/conf. The best way to begin with customising a kernel is to simply copy the GENERIC config you will find in the conf directory mentioned (whichever is your box - i386 or amd64) to something like, for example, GOLLUM. Then cd to /usr/src and perform the above described commands. Hints: Prior to attempting to rebuild again cd to /usr/obj and delete anything under /usr/obj. There will exist here content left over from the previous failed attempt. Keep in mind whenever you install a new kernel your present kernel (and its matching modules) get moved to kernel.old. What this means is that the GENERIC you have with a base install will be moved to kernel.old and can be used in the event the new kernel won't boot. Realize this: after the next rebuild process this kernel.old will be replaced _again_. In which case you might now have 2 broken kernels with not an easy way to recover. This is just some generic stuff to try and get you back on track. I would recommend an extended reading of the Handbook, as all of these instructions are present there. Hope this halps. :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with pkgconf and glib.
Jeff Tipton wrote: On 07/30/2012 17:19, Christopher Hilton wrote: I'm trying to build emacs with gtk2 on my build box and I'm running into trouble with pkgconf from /usr/ports/devel/pkgconf. The build process dies in devel/gobject-introspection and complains that it cannot find header files for gio-unix-2.0. From what I can see the problem looks like the fact that pkgconf is returning the wrong include path for these header files, running: [snip] I have the same problem with devel/gobject-introspection. It's also a dependecy for Xorg. A couple of days ago devel/pkg-config was removed from ports as deprecated, and replaced with devel/pkgconf, and consequently the build dependencies of many ports were changed. Maybe this recent change is not thoroughly worked out? When I first saw it in UPDATING and did the command I believe it was not completely correct, as it did nothing. That was something on the order of 3 or 4 days ago. Just csup'd today and the command in UPDATING I think contained something slightly different, and is now correct. Before, it did not remove/replace pkg-config. Today it did. Perhaps a ports tree refresh and if using portupgrade do this: portupgrade -fo devel/pkgconf pkg-config-\* This did remove pkg-config and replace it with pkgconf, like I expected it to do 3-4 days ago and didn't. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disk Errors
dweimer wrote: [snip] SMART Attributes Data Structure revision number: 10 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAGSVALUE WORST THRESH FAIL RAW_VALUE 1 Raw_Read_Error_Rate POSR-- 117 099 006-145191418 [...] 7 Seek_Error_Rate POSR-- 078 060 030-77590473 [...] 195 Hardware_ECC_Recovered -O-RC- 025 023 000-145191418 [...] 241 Total_LBAs_Written -- 100 253 000-1480696469 242 Total_LBAs_Read -- 100 253 000-922627427 [snip] Really, most of the numbers don't look really bad, but I'd cast a leery eye towards the way these three correlate. Read errors from bad spots in the magnetic media are one thing, but notice how the drive is recovering data with built-in ECC routines. Then notice that the seek error rate is moving along at a similar pace. There is a possibility that this is a purely mechanical weakness in the head positioning function, just barely not bad enough for to allow the drive to attempt to hide it through ECC. When I suspect media failure I generally use the manufacturers diagnostic utility to scan for defective media. I haven't used many Seagates in a long time so mostly this means WD's wddiags, which can be downloaded as a bootable CD .iso image. Seagate will have something similar. The quick scan is meant to be non-destructive while the long scan usually is. (I just had an old Raptor drive grow 5 bad spots recently, and the long scan fixed it without destroying any data - a first for me that) As long as the remap space area on the drive is not full usually these diagnostics have a good chance to fix bad spots. If it's an infrequent affair then one may just continue to use it. If I see new bad sectors a week later it is an indication that the drive has outlived it's usefulness and I replace it. If it's another year before I get a small handful of bad spots I may just let the diags fix it and continue to use. That is - as long as the remap space is not full. Once that happens any new bad spots are permanent and cannot be done anything about. Time to replace drive. The difference here is bad spots developing in the media on the platter(s) as opposed to the problem actually stemming from head seek position-location problems. None of the diags can do anything about head seek troubles, only identify if the problem is media on the platter(s) related. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question about missing posix shared mutex
Daniel Ylitalo wrote: Hi guys! According to the sphinxsearch dev-team freebsd does not support posix pthread shared mutex but later on i found this post that gave some pointers that it might been implemented into freebsd 9: http://freebsd.1045724.n5.nabble.com/What-is-the-status-of-thread-process- shared-synchronization-td4224458.html However 9.0-RELEASE doesnt have it so i tried out 9-STABLE but it isnt in there either. There is also a pretty long bugthread on sphinxsearch's bugtracker about it: http://sphinxsearch.com/bugs/view.php?id=1041 Basically my question is if there is work being done on this and if we will see it in 9.1? Or should i abandon freebsd for our sphinxhosts? :( Sorry not to answer your question, but have you tried installing any of the following from the ports system to see if they work? http://www.freebsd.org/cgi/ports.cgi?query=sphinxstype=all I do not use this and have no experience with it, but if these ports are indeed broken it might be nice for the port maintainer to know about. If they work, then why fuss over theoretics? -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is ZFS production ready?
Hooman Fazaeli wrote: I meant, is it now possible to have 2TB FS with UFS? Yes. The 2TB limitation so many are used to applies more to the tools than the UFS2 file system itself. UFS2 has a max volume size of 2^73, or 8 Zeta-Bytes. If you utilize the old Dos MBR scheme with old fdisk and disklabel tools you will still face the 2TB volume limit. Use Gpart, Glabel, and GPT partitioning instead. A quick and short example: http://www.mebsd.com/configure-freebsd-servers/big-partitions-in-freebsd-bigger-than-2tb.html However, fsck'ing such large volumes will take considerable time if such a thing needs doing. There is the new Soft-update plus Journaling coming along with the advent of 9.x, which is supposed to ameliorate this. Not completely sold on it yet, as I don't have enough knowledge/experience yet. Some may say it's not just quite ready for prime time yet, but I don't really know definitively myself. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache PHP suhosin load
n dhert wrote: On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for compatibility with existing applications, but the most recent version in the php52 branch $ php --version PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May 7 2012 08:45:58) From time to time, I notice in a top output, that a huge number of httpd daemons are being started, making the load rapidly increase to levels of 5, 10, 15, ... and very slow interactive respons ... Stopping apache makes the load rapidly decrease to a normal level. I noticed at the console, at stopping apache, several messages such as Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php', line 654) (the file value differs, but it's always suhosin .. canany mismatch - heap overflow detected) My PHP has following options set # cd /usr/ports/lang/php52 My PHP has following options set # cd /usr/ports/lang/php52 # make showconfig === The following configuration options are available for php52-5.2.17_8: CLI=on: Build CLI version CGI=on: Build CGI version APACHE=on: Build Apache module DEBUG=off: Enable debug SUHOSIN=on: Enable Suhosin protection system (not for jails) MULTIBYTE=off: Enable zend multibyte support IPV6=on: Enable ipv6 support MAILHEAD=off: Enable mail header patch REDIRECT=off: Enable force-cgi-redirect support (CGI only) DISCARD=off: Enable discard-path support (CGI only) FASTCGI=on: Enable fastcgi support (CGI only) FPM=off: Enable fastcgi process manager (CGI only) PATHINFO=on: Enable path-info-check support (CGI only) LINKTHR=off: Link thread lib (for threaded extensions) Is that heap overlow causing the trouble? Has suhosin to do something with it? Most likely - yes. I noticed in your config above you built and installed the Apache PHP module in addition to CGI/FastCGI. If you are running Apache in a FastCGI mode you should check and make sure the following is indeed commented out like below: #LoadModule php5_modulelibexec/apache22/libphp5.so The general purpose meaning of this error is that PHP has detected some form of memory corruption. But as to why/what exactly it doesn't help much. The general way I used to look at Apache and PHP problems was to isolate pieces. Like only loading the core PHP and no extensions by renaming the extensions.ini to extensions.ini.bak. This is bound to cause problems as most PHP apps today require a certain basic number of modules enabled in order to work. 2 things to troubleshoot looking for a bad module: comment each out one at a time and restart. When you comment out the bad one you will no longer see the error. Another second item to be aware of is sometimes certain module combinations need to be loaded in extensions.ini in a specific order. Figuring out this order can be nightmarish, should it ever actaully be found to be a problem. Long time ago someone wrote a script to automate this. I seem to have a distant memory that back in early PHP 5.2.x days I had a problem with the mcrypt module. Maybe try commenting that one out first. If you don't need it leave it that way. I also seem to have experienced this error a second time, and it was from a bad interaction between Suhosin patch and two other build options being enabled, one was the Mailhead and I don't remember what the other one was(maybe it was IPv6). I found when I disabled these 2 things I could build with the Suhosin patch and stuff ran correctly. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB device activity when not mounted
Polytropon wrote: On Wed, 13 Jun 2012 22:26:16 -0600, Gary Aitken wrote: I can understand why I would see activity on a USB device when it's first plugged in. But why do I see continued activity (i.e. the light blinks on a usb disk or memory stick)? When I umount one of these, they keep being beat up on and it makes me nervous... At what point is it sync'd and safe to unplug? I assume when the umount returns, but what's going on after that? I don't think that's a problem. I've got a USB stick here that has a blinkenlight as soon as it's powered on (plugged in), even if there is no reading / writing / mounting activity. After you've successfully performed umount, the USB stick _is_ synced and can safely be removed, no matter what you assume the funny lights want to tell you. Maybe that's just a modern feature to make the USB stick more entertaining. :-) I think der Blinkenlights is a Windows thing - some Windows driver bit turns it on and off. When you click the 'safe to remove' thing it's supposed to turn it off to tell you it's OK to pull it out. Totally meaningless and useless 'feature' if you're not using Windows, aside from the entertainment. :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.3 + MySQL 5.0.95
Simon wrote: Hint: Please learn to not top post. It makes it more difficult to arrange answers coherently. Possible but extremely unlikely, I always had issues whenever I tried to build MySQL server myself. The hardware where this is running has been very stable. I don't have any issues whatsoever making world, etc... There is no segfault which is what usually happens when you have memory issues. And why would MySQL community server run stable if it was somehow my hardware? Bottom line, if this was hardware issue, the server would have paniced long ago. I wish I could get some input from someone running MySQL server with 300+ queries a second and what MySQL version/build they are running. -Simon On Wed, 13 Jun 2012 11:36:48 -0700, Chuck Swiger wrote: On Jun 13, 2012, at 11:34 AM, Simon wrote: I upgrade to FreeBSD 8.3-p3 and installed MySQL 5.0.95 from ports. It runs fine until it dies silently. Does anyone run a heavy loaded MySQL under such setup? how can I troubleshoot this? I could never compile a stable MySQL server from the ports and always relied on MySQL community server binaries but there is no binary for latest 5.0.xx This sounds like marginal hardware which is failing under load. Make sure you can run something like memtest86 or prime95 overnight without errors I don't know about 300+ queries per second, but I have been running MySQL since version 3.x.x, and so on, without much difficulty. It has been very stable for me for many years. Hardware related problems can be a cause of general flakiness one person can see while many, many others do not experience. Can be things such as old, weak, under rated power supply that has poor regulation and excessive ripple under load. This can actually resemble RAM problems at times, because with things like memtest there will be failures. It can be other things as well, such as a disk controller running a driver that has a bug. Rather than ramble through myriad possibilities, a general rule I've noticed over many years of dealing with computers: Hardware is often involved when the problem is very random, while when you can reproduce a specific error condition repeatedly by executing a set of commands or instructions in particular and specific order it is software related. I also question why you would want to run such an old version. Particularly I am aware that versions 5.0.50 and 5.0.51 contain several serious bugs. I run the latest version of the 5.1.xx branch, with an eye to moving towards 5.5.xx very soon. I have always compiled from the ports system. I have also tuned my.cnf according to the examples and the documentation recommendations. One of the first things you should look at is what about the compilation process on your machine is producing your flaky, crashy binaries. Using a GCC from ports?, CLANG?, remove any so-called 'optimizations' from your make.conf, etc. In the make config for building MySQL do _not_ select the 'build optimized binaries' choice (which sets -O3 optimization) and see if that makes a difference. I have used the -O3 in my builds for many years and never had a problem. Circle outwards in looking at OS tuning. An example would be vmstat -i, looking for a piece of hardware with a run away interrupt storm. Other things like IPC, SYSVSHM, Semaphores, and other such structure pools looking for resource starvation. If hardware proves not to be central to the problem, see if you can arrange a way to _not_ load it so heavily. If it runs at a lower load without crashing it might indicate you need some tuning. I would look at the hardware very hard. I would look at how you are building the compilation. I would also _not_ use this version, but rather at least 5.1.x and preferably (especially if this is a new start up) look at trying the latest in the 5.5.xx series. The 5.5.xx is supposed to offer better performance, and maybe with your 300+ per second query rate maybe you should focus on the version with the best performance. Bottom line: Many thousands of people and companies have run MySQL for many years and had it work just fine. Your particular situation is an aberration of some form. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysqld startup issue
Gary Aitken wrote: I've done the following after having a running system with a running mysql on it: moved user accounts, although no logical move: /usr/home/foo was = /hd1/foo now /usr/home = /hd1/home and /hd1/foo is now /hd1/home/foo repartitioned the SSD and restored the system from a dump taken prior to repartitioning. removed all ports and reinstalled them Although I have not really experienced much in the way of toruble with this, as my systems are not very 'busy', it can be better to boot from a LiveCD to do the dump because no files are open for writing and all your MySQL files will be static. No possibility of change during the dump. That being said, I have done dumps from live filesystems and have been able to restore them many times. Forewarned is forearmed. Unfortunately, mysqld won't start: 120611 10:55:52 [Warning] Can't create test file /var/db/mysql/breakaway.lower-test 120611 10:55:52 [Warning] Can't create test file /var/db/mysql/breakaway.lower-test mysqld: Table 'mysql.plugin' doesn't exist 120611 10:55:52 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it. 120611 10:55:52 InnoDB: The InnoDB memory heap is disabled 120611 10:55:52 InnoDB: Mutexes and rw_locks use GCC atomic builtins 120611 10:55:52 InnoDB: Compressed tables use zlib 1.2.5 120611 10:55:52 InnoDB: Initializing buffer pool, size = 128.0M 120611 10:55:52 InnoDB: Completed initialization of buffer pool 120611 10:55:52 InnoDB: Operating system error number 13 in a file operation. InnoDB: The error means mysqld does not have the access rights to InnoDB: the directory. InnoDB: File name ./ibdata1 InnoDB: File operation call: 'create'. InnoDB: Cannot continue operation. I have had trouble before when playing with these files outside of MySQL. What happens is if they get out of sync with the index they will become totally unusable. There are recovery procedures in the docs, but if memory serves it was just easier to delete the ib_logfile(x) and allow MySQL to recreate from scratch. Probably not central to your problem, per se, just thought I'd make mention in passing. I would recommend consulting the docs on this subject of index/logfile recovery prior to any blindly mucking about. Running mysqld --verbose shows: basedir /usr/local general-log-file/var/db/mysql/breakaway.log Usually this file is of the form FQDN hostname.err ls -aol /usr/local/libexec/mysqld -rwxr-xr-x 1 root wheel - 9558944 Jun 11 10:40 mine shows: testbed# ls -aol /usr/local/libexec/mysqld -r-xr-xr-x 1 root wheel - 6694672 May 10 11:16 /usr/local/libexec/mysqld /usr/local/libexec/mysqld ls -dl /var/db/mysql drwxr-xr-x 2 mysql mysql 512 Jun 11 10:31 /var/db/mysql and my /var/db shows the below for the mysql directory: drwxr-xr-x 21 mysql mysql3072 Jun 4 12:09 mysql cd / find . -ls | grep my.cnf shows nothing. This looks like some kind of access / setuid problem, but I'm not sure what. Suggestions? Beginning with the mysql_enable=YES I have found when using rc startup scripts you need the entire path: /usr/local/etc/rc.d/mysql-server blah Moving on to permissions. Don't recall specifically, but if memory serves during the port install/reinstall there is a choice displayed to keep/use a previous mysql:mysql user and group combo. Perhaps an incorrect choice allows for deleting this - never known as I have always chosen to not delete but to reuse the old accounts. Nevertheless, in /etc/group there should be an entry like this: mysql:*:88: And the user account as shown by vipw will look like this: mysql:*:88:88::0:0:MySQL Daemon:/nonexistent:/sbin/nologin These should both be handled 'automagically' by the ports build system. You can cd to /var/db and do a chown -R mysql:mysql mysql if you want to ensure file ownership is correct, provided the above referenced entries are in place. The ports these days will place the my.cnf file in /usr/local/etc instead of the old location of /var/db/mysql. I believe it is still supposed to fall back to /var/db/mysql if not found. One thing I found out when I was having a problem was that MySQL will not source this file if permissions on it are world read/write. Not exactly sure what it's supposed to be (I'm sure this can be found in the docs) but I've just chmod'd it 444 when I'm done with edits. I do not grasp why any movement of your home directories mentioned at the top would matter to MySQL. I suspect something more to do with the removed all ports and reinstalled them part. The mysql.plugin tells you to run an update script to update schema. There is more info on this in the docs. Don't believe that is the main problem. I suspect either you have InnoDB configs not being read in my.cnf or that InnoDB logfiles or index got corrupted by the backup process. If you have MyIsam tables and you comment out in my.cnf the activation (once you get my.cnf
Re: Proper Port Forwarding
Michael Sierchio wrote: On Wed, Jun 6, 2012 at 11:31 AM, Simon si...@optinet.com wrote: This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW stops forwarding using the rule above because of too many dynamic rules Change the defaults for the fw.dyn sysctl MIB nodes to something like net.inet.ip.fw.dyn_short_lifetime=3 net.inet.ip.fw.dyn_udp_lifetime=3 net.inet.ip.fw.dyn_rst_lifetime=1 net.inet.ip.fw.dyn_fin_lifetime=1 net.inet.ip.fw.dyn_syn_lifetime=10 There is also this you can place in /etc/sysctl.conf: net.inet.tcp.fast_finwait2_recycle=1 I do this for my web servers. It helps reduce the volume somewhat of FIN_WAIT_2 from building up by expiring them sooner. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dependencies for dns/unbound
Rada alive wrote: I was hoping to test dns/unbound as a lighter-weight DNS cache service to replace BIND. A few hours into make install i decided to abort and have a look at the dependencies. Can someone tell me why a DNS server needs packages like graphics/jpeg and x11/randrproto? This I do not know. Is there a way to build unbound on my system without all the trash? Try placing WITHOUT_X11= yes in /etc/make.conf I tried emailing the port maintainer but my message bounced back. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: why I am upset
Fernando Apesteguía wrote: [snip] Just serious now. I see you are frustrated, but it woul help if you gave the list a hint of what the actual problem is. You complained a lot, but you didn't specify the problem! He didn't because it is so extremely obvious a case of pure PEBKAC. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: foo
Robert Bonomi wrote: From bonomi Wed May 23 03:14:43 2012 Date: Wed, 23 May 2012 03:14:43 -0500 (CDT) From: Mail Delivery Subsystem mailer-dae...@mail.r-bonomi.com To: r...@mail.r-bonomi.com Subject: Postmaster notify: see transcript for details This is a MIME-encapsulated message --q4N8Egh0088941.1337760883/mail.r-bonomi.com The original message was received at Wed, 23 May 2012 03:14:37 -0500 (CDT) from bonomi@localhost with id q4N8Ebh0088939 - The following addresses had permanent fatal errors - freebsd-questio...@freebsd.org (reason: 550 5.1.1 freebsd-questio...@freebsd.org: Recipient address rejected: undeliverable address: No mailbox by that name) - Transcript of session follows - ... while talking to mx1.freebsd.org.: DATA 550 5.1.1 freebsd-questio...@freebsd.org: Recipient address rejected: undeliverable address: No mailbox by that name 550 5.1.1 freebsd-questio...@freebsd.org... User unknown 554 5.5.1 Error: no valid recipients --q4N8Egh0088941.1337760883/mail.r-bonomi.com Content-Type: message/delivery-status Reporting-MTA: dns; mail.r-bonomi.com Arrival-Date: Wed, 23 May 2012 03:14:37 -0500 (CDT) Final-Recipient: RFC822; freebsd-questio...@freebsd.org Action: failed Status: 5.1.1 Remote-MTA: DNS; mx1.freebsd.org Diagnostic-Code: SMTP; 550 5.1.1 freebsd-questio...@freebsd.org: Recipient address rejected: undeliverable address: No mailbox by that name Last-Attempt-Date: Wed, 23 May 2012 03:14:42 -0500 (CDT) --q4N8Egh0088941.1337760883/mail.r-bonomi.com Content-Type: text/rfc822-headers Return-Path: bonomi Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id q4N8Ebh0088939 for freebsd-questio...@freebsd.org; Wed, 23 May 2012 03:14:37 -0500 (CDT) Date: Wed, 23 May 2012 03:14:37 -0500 (CDT) From: Robert Bonomi bonomi Message-Id: 201205230814.q4n8ebh0088...@mail.r-bonomi.com To: freebsd-questio...@freebsd.org Subject: Re: hard link identification In-Reply-To: d5b45194-70f2-4149-b9dd-56cdefb60...@fisglobal.com --q4N8Egh0088941.1337760883/mail.r-bonomi.com-- Excuse me for being dense, but _what_ exactly is the problem here? You're going to see these whenever you try and send to an address that does not exist - that is: freebsd-questio...@freebsd.org Should freebsd-questio...@freebsd.org not actually be freebsd- questi...@freebsd.org? Or this some super-double-secret list that the rest of us are not privy?;-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw subnetting
Paul Macdonald wrote: [snip] It has been many years since I used IPFW as I moved on to IPFILTER, and then on to PF which is what I use now. I don't even recall exactly why I chose to utilize both setting directionality of flow per specific interface. I suspect that somehow there is some rule occurring prior to your block rule that is somehow allowing the traffic to pass. Bear in mind the following ruleset (specified in /etc/rc.conf via firewall_script=/etc/firewall/fwrules is for a tributary end-point using a ppp dialup modem connection. It may not be suitable for a proper network to network firewall. I used it for years, and as far as I know it worked well (I am not an expert). It is also doing NAT which you may not be doing (that would just be one line difference in any case the DIVERT line). # Firewall rules fwcmd=/sbin/ipfw $fwcmd -f flush $fwcmd add allow all from any to any via lo0 $fwcmd add allow all from any to any via xl0 $fwcmd add deny log all from any to 127.0.0.0/8 # Stop private networks (RFC1918) from entering the outside interface. $fwcmd add deny log ip from 192.168.0.0/16 to any in via ppp0 $fwcmd add deny log ip from 172.16.0.0/12 to any in via ppp0 $fwcmd add deny log ip from 10.0.0.0/8 to any in via ppp0 $fwcmd add deny log ip from any to 192.168.0.0/16 in via ppp0 $fwcmd add deny log ip from any to 172.16.0.0/12 in via ppp0 $fwcmd add deny log ip from any to 10.0.0.0/8 in via ppp0 # Stop draft-manning-dsua-01.txt nets on the outside interface $fwcmd add deny all from 0.0.0.0/8 to any in via ppp0 $fwcmd add deny all from 169.254.0.0/16 to any in via ppp0 $fwcmd add deny all from 192.0.2.0/24 to any in via ppp0 $fwcmd add deny all from 224.0.0.0/4 to any in via ppp0 $fwcmd add deny all from 240.0.0.0/4 to any in via ppp0 $fwcmd add deny all from any to 0.0.0.0/8 in via ppp0 $fwcmd add deny all from any to 169.254.0.0/16 in via ppp0 $fwcmd add deny all from any to 192.0.2.0/24 in via ppp0 $fwcmd add deny all from any to 224.0.0.0/4 in via ppp0 $fwcmd add deny all from any to 240.0.0.0/4 in via ppp0 $fwcmd add divert natd all from any to any via ppp0 $fwcmd add check-state $fwcmd add allow tcp from any to any 80 via ppp0 #port opened for web server - tcp_drop_synfin was removed $fwcmd add deny log udp from any to me in recv ppp0 $fwcmd add allow udp from any to any via ppp0 keep-state $fwcmd add allow log icmp from any to any icmptypes 3,4 $fwcmd add deny log tcp from any to any in recv ppp0 setup $fwcmd add allow tcp from any to any out xmit ppp0 setup keep-state $fwcmd add allow tcp from any to any via ppp0 established keep-state $fwcmd add allow log icmp from any to any icmptypes 8 out xmit ppp0 $fwcmd add allow log icmp from any to any icmptypes 0 in recv ppp0 $fwcmd add allow log icmp from any to any icmptypes 11 in recv ppp0 $fwcmd add 65432 deny log tcp from any to any $fwcmd add 65433 deny log udp from any to any $fwcmd add 65434 deny log icmp from any to any $fwcmd add 65435 deny log ip from any to any The main thing that would change for you immediately would be to alter the interface of ppp0 to the exterior interface on your box that is facing the outside Internet. And '$fwcmd add allow all from any to any via xl0' - here xl0 would be whichever is your interior LAN facing interface. Perhaps this example may be useful to you. If you can get something that works and others can find flaws in my approach it can be improved further. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Please help me diagnose this crazy VMWare/FreeBSD 8.x crash
Mark Felder wrote: OK guys I've been talking with another user who can recreate this crash and the last bit of information we've learned seems to be leaning towards interrupts/IRQ issues like someone (bz@ perhaps?) suggested. I'm still trying to test this myself, but the other user was able to recreate my crash pretty much on demand. The fix was to not use the first NIC in the VM because it will always share an IRQ with mpt0. Once mpt0 is on its own the crash does not seem to be reproducible anymore. [snip] I am not anywhere near your level in this subject area. My understanding is limited and do not have the in-depth experience. However, please allow me to possibly add an idea or two. I am shakedown testing FreeBSD 9 in a VirtualBox VM - so there is definitely a degree of 'apples vs oranges' present. VirtualBox (as I am using it) is a userland app and not a bare-metal hypervisor. When I set up the VM I chose to use the synthetic SAS controller as that would best represent actual server hardware in my workplace, along with the corresponding mpt driver in the FreeBSD 9 guest. Please note some of the following for comparative purposes only: [...] Event timer LAPIC quality 400 ACPI APIC Table: VBOX VBOXAPIC FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0 Version 1.1 irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: VBOX VBOXXSDT on motherboard acpi0: Power Button (fixed) acpi0: Sleep Button (fixed) Timecounter HPET frequency 14318180 Hz quality 950 Timecounter ACPI-fast frequency 3579545 Hz quality 900 acpi_timer0: 32-bit timer at 3.579545MHz port 0x4008-0x400b on acpi0 [...] em0: Intel(R) PRO/1000 Legacy Network Connection 1.0.3 port 0xd000-0xd007 mem 0xf000-0xf001 irq 19 at device 3.0 on pci0 [...] mpt0: LSILogic SAS/SATA Adapter port 0xd100-0xd1ff mem 0xf082-0xf083,0xf084-0xf085 irq 22 at device 22.0 on pci0 mpt0: MPI Version=1.5.0.0 [...] The em0 is the first Intel NIC in Vbox and notice how it and mpt0 come up with distinctly different IRQs. A sysctl -a |grep mpt returns this: device mpt kern.sched.preemption: 1 kern.sched.preempt_thresh: 80 dev.mpt.0.%desc: LSILogic SAS/SATA Adapter dev.mpt.0.%driver: mpt dev.mpt.0.%location: slot=22 function=0 dev.mpt.0.%pnpinfo: vendor=0x1000 device=0x0054 subvendor=0x1000 subdevice=0x8000 class=0x01 dev.mpt.0.%parent: pci0 dev.mpt.0.debug: 3 dev.mpt.0.role: 1 Very curious how 'irq 22 at device 22.0' and 'dev.mpt.0.%location: slot=22' all match with a '22'. The obvious thing here is we are comparing a userland Vbox guest to a VMWare hypervisor. From what little I know concerning any of this, to me it sounds vaguely like an APIC, LAPIC, and IO/APIC bug. There are known bugs wrt to BIOS setting up IRQ routing incorrectly, and/or providing incorrect ACPI and/or IMS tables to operating systems. The parallel in this case would be the logical or synthetic so-called BIOS that the VMWare hypervisor presents to the FreeBSD guest at guest boot time. In this case the truest fix for the problem would fall to VMWare, e.g. if the hypervisor is setting up tables in such a way as to create the shared IRQ problem in the first place. If my idea/theory/potential hypothesis has any merit. I do not understand why any of this would be different depending upon which guest is installed, but I also know absolutely nothing about VMWare hypervisor internals. Is there any other way we can make mpt0 get its own dedicated IRQ without having to do this? The problem is that it causes us to have to make rc.conf changes, pf.conf changes, and who knows what other software could be on these machines that is trying to bind to a specific NIC... Very possibly Andrew's device.hints is probably your best shot at a workaround. Wish you the best of luck in any case. You have done quite a job in researching this problem even to arrive at this point. Thank-you for that, and for sharing it with the community. Even though I can't really offer the kind of assistance you require, I have followed along with interest for self edification. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD vice OS X memory management
Adam Vande More wrote: On Thu, Apr 26, 2012 at 12:04 AM, jb jb.1234a...@gmail.com wrote: If so, should FreeBSD adopt NetBSD's MM subsys, or just improve itself surgically ? You ought first establish there is a problem. What you have cited is recently reinvigorated trend that has taken on the air of the BDS is dying troll. What you have is a set of computer users with no understanding of kernel internals attempting to diagnose some sort of possibly legitimate problem by reaching conclusion via rumor and guesswork. These people can be taken about as seriously as those who insist the moon landing was fake and other bizarre ignorant pseudo-science. http://workstuff.tumblr.com/post/19036310553/two-things-that-really-helped- speed-up-my-mac-and http://dywypi.org/2012/02/back-on-linux.html When you have a test case illustrating your feared FreeBSD VM shortcomings, you may at that point begin to attract developer interest. To the OP: A potential first test case where the symptom is my system slows to a crawl and starts paging out to disk might be to build a kernel with the SCHED_4BSD scheduler. There have been a couple of edge/corner cases that sound like this. That is, if you really have a problem and want to try eliminating one possibility. Another thing that shows up in things like top is it breaks and does not report accurate values for anything when userland and kernel are out of sync, that is if it runs at all without segfaulting. World and kernel being out of sync would be operator error. In this case the values you are using to somehow relate the symptom to memory management would be false. As far as all the rest, such as something being deeply broken in OS X memory management, mentions of NetBSD memory management, etc, are all irrelevant. It is this wild mix of stuff seemingly non-related to any problem in FreeBSD per se, that makes this look like a troll. If you really are having a problem with FreeBSD you are going to have to do a lot better than this in terms of providing some data points which define the problem. I am in agreement with Adam here: either you can work the problem or you can troll. I don't see any indication yet of any real problem analysis, only a wild mix of stuff non-related to FreeBSD sprinkled with some magic 'memory management' dust. Sorry if this comes across the wrong way, but this really looks like troll material to me too - it has a great resemblance to a pattern trolls have used for many years. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: upgrade of portupgrade
n dhert wrote: Today, my nightly run of portsnap informed me there is un update for: # pkg_version -vIL= portupgrade-2.4.9.3.2 needs updating (index has 2.4.9.3_1,2) Since there is no special entry in /usr/ports/UPDATING about the portupgrade update, I started my weekly # portupgrade -yaRrpb this gives: ... --- Upgrade of ports-mgmt/portupgrade started at: Mon, 23 Apr 2012 08:37:14 +0 200 --- Upgrading 'portupgrade-2.4.9.3,2' to 'portupgrade-2.4.9.3_1,2' (ports-mgmt /portupgrade) --- Build of ports-mgmt/portupgrade started at: Mon, 23 Apr 2012 08:37:14 +020 0 --- Building '/usr/ports/ports-mgmt/portupgrade' === Cleaning for portupgrade-2.4.9.3_1,2^M === License BSD accepted by the user^M === Found saved configuration for portupgrade-2.4.6,2^M === Extracting for portupgrade-2.4.9.3_1,2^M = SHA256 Checksum mismatch for pkgtools-2.4.9.3.tar.bz2.^M === Refetch for 1 more times files: pkgtools-2.4.9.3.tar.bz2 ^M === License BSD accepted by the user^M === Found saved configuration for portupgrade-2.4.6,2^M = pkgtools-2.4.9.3.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.^M = Attempting to fetch http://heanet.dl.sourceforge.net/project/portupgrade/pkgt ools/2.4.9.3/pkgtools-2.4.9.3.tar.bz2^M fetch: http://heanet.dl.sourceforge.net/project/portupgrade/pkgtools/2.4.9.3/pkg tools-2.4.9.3.tar.bz2: Moved Temporarily^M it does 5 more at other places, then = Attempting to fetch http://freefr.dl.sourceforge.net/project/portupgrade/pkgt ools/2.4.9.3/pkgtools-2.4.9.3.tar.bz2^M fetch: pkgtools-2.4.9.3.tar.bz2: local file (79394 bytes) is longer than remote file (79377 bytes)^M ... then 10 more 'Attempting to fetch' with Moved temporarily then = Attempting to fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/pkgtool s-2.4.9.3.tar.bz2^M === License BSD accepted by the user^M === Found saved configuration for portupgrade-2.4.6,2^M = SHA256 Checksum mismatch for pkgtools-2.4.9.3.tar.bz2.^M === Giving up on fetching files: pkgtools-2.4.9.3.tar.bz2 ^M Make sure the Makefile and distinfo file (/usr/ports/ports-mgmt/portupgrade/dist info)^M are up to date. If you are absolutely sure you want to override this^M check, type make NO_CHECKSUM=yes [other args].^M *** Error code 1^M ^M Stop in /usr/ports/ports-mgmt/portupgrade.^M *** Error code 1^M ^M Stop in /usr/ports/ports-mgmt/portupgrade.^M *** Error code 1^M ^M Stop in /usr/ports/ports-mgmt/portupgrade.^M --- Build of ports-mgmt/portupgrade ended at: Mon, 23 Apr 2012 08:37:45 +0200 (consumed 00:00:30) --- Upgrade of ports-mgmt/portupgrade ended at: Mon, 23 Apr 2012 08:37:45 +020 0 (consumed 00:00:30) What's this problem with pkgtools ??? I have a $ ls -la /usr/ports/distfiles/pkgtools-2.4.9.3.tar.bz2 -rw-r--r-- 1 root wheel 79394 Aug 23 2011 /usr/ports/distfiles/pkgtools-2.4.9.3.tar.bz2 but no 2.4.9.3_1,2 version And, strange: if I try http://www.freebsd.org/ports, Search for pkgtools in All it finds nothing ??? Isn't that package described ?? Search for portupgrade instead. What's going on here and how to solve it ?? I just did this upgrade utilizing portupgrade 2 days ago - 04/20/12 03:34 and did not experience any trouble. However, I noticed the name of the file that was downloaded here was: pkgtools-pkgtools-b99f3ce.tar.gz. This file was 98949 bytes in size. Today I have csup'd my ports tree and did a make fetch for this port and it downloaded a file of the same name as you have described. This file is 79377 bytes in size. I did a make for the port and it again built without error. Sounds like something was out of sync at the time you tried this. Try refreshing your ports again and see if it has been fixed. Also consider the possibility that the mirror you were using wasn't completely up to date. Either the mirror will have caught up since then, or try another mirror. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re[2]: newfs create to little inodes
Rob Farmer wrote: On Mon, Apr 16, 2012 at 10:02 AM, Robert Bonomi bon...@mail.r-bonomi.com wrote: Something about -your- installation is causing you to run out of inodes. This is a release engineering issue in 9.0, not just his installation. The defaults are screwed up. See bin/162659. Yes - I experienced this early on with first attempts at looking over 9.0 in a Virtualbox VM. I don't remember if it was 5 or 6GB size of the initial 'everything in one filesystem (/)' install which triggered it, but when I increased it to 8GB, and/or larger, the error the OP describes went away. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Questions about Jail
James Y Chen wrote: Hi I think Jail on FreeBSD 8.2 can generate 2 jailed machine using the same version of FreeBSD, for example, on a 8.2 AMD64 Jailer, I can create 2 or more FreeBSD 8.2 amd64 Jailed machine. My question is: can I install other version of FreeBSD on the Jailed environment? If yes, which steps shall I do? Still using make world or other easier way? In many respects a Jail is more like a super-duper chroot, as opposed to other virtualization technologies such as VMWare, Xen, or KVM hypervisor(s). The closest parallel is probably Solaris Containers, if you are familiar with Solaris. There will only be one running kernel at the heart of a jail based machine. So the bottom line short answer to your question is basically no. Possibly you may wish to read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-intro.html -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: booting a CD-ROM
gs_stol...@juno.com wrote: I have an old FreeBSD system that I haven't used for a long time and I have forgotten the passwords. This machine has FreeBSD-4.3 and FreeBSD-4.7 on it, and also MS' Windows98 . I tried getting onto that system by booting with a CD-ROM which started going and gave me the following messages: boot from ATAPI CD-ROM CD Loader 1.2 Building the boot loader arguments Relocating the loader and the BTX The system then did not output for a liitle over 5 minutes and then typed: Starting the and after this I waited for over 5 minutes but the system did not type anything else. Then I tried booting that CD-ROM on another system where it booted successfully and the program on it ( FreesBIE version 2) ran and I could communicate with it. I suspect a problem with the boot loader on the first system. Where can I get a new boot loader for that system?Since I want to get a modern FreeBSD (version 9.1 or higher), I expect that will include a new multi-system loader on it that I can use on the old system if I can load just that. How can I load just the boot loader? Also, what is the structure of the password files (is this on the web with a per system-version note so if it has been changed over time, I can find those I need) on those systems, and how can I find and clear out the password for root so I can get in and set its password and then the other passwords? Thanks in advance for your help. You did not specify which/what version of FreeBSD CD-ROM you were attempting this with. IIRC way back then bootable CDs used a floppy-emulation mechanism. If the hardware and its' BIOS is that old a modern day boot CD won't work as it is not emulating a floppy disk any longer. Your best bet would be to locate a FreeBSD version 4.7 disk and try that. A long time ago there used to be included 2 floppy images that could be written out to floppy disks, thus creating bootable floppies. In lieu of not being able to boot from CD-ROM if there is a 1.44MB floppy drive in the box you may be able to boot off the floppies. I'm a little rusty with dim memories, but essentially you want to boot into single user mode. I think it used to be you'd break into the loader by hitting the space bar during the the little twirlie period when a '/' is spinning in the upper left corner of your screen. You would need some basic familiarity with vi such as how to do a basic edit and then save the file. Essentially what vipw does is open the password file using vi as the editor. You could then null out the root password by replacing the crypto string in the second field with a * character. When you save the file using vi commands and exit you will see a message about the password database being updated. This is actually a FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#FORGOT-ROOT-PW Note the instructions for mounting / read-write, and the mount -a. The vipw lives in /usr/sbin, so /usr needs to be mounted in order to use it. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ps, clang and make variables
R Skinner wrote: Stupid question, but I need to clarify and make sure I'm right here: what should I see as the running process if clang is compiling? ATM I see cc1plus. I'm trying to set CC and friends make variables to clang for a build, but it doesn't appear to be 'sticking'. It seems to change the shell env to bash, but that shouldn't be the problem. So I'm trying to work out whats up. FWIW I'm trying to build libreoffice with clang as it doesn't build, or more accurately doesn't build and test correctly. It doesn't appear to honor the CC variables (CC, CXX, CPP, etc). Worth a shot anyway :) I have done the buildworld/buildkernel dance with the following in /etc/make.conf a few weeks back. Haven't played with it recently though. .if !defined(CC) || ${CC} == cc CC=clang .endif .if !defined(CXX) || ${CXX} == c++ CXX=clang++ .endif .if !defined(CPP) || ${CPP} == cpp CPP=clang-cpp .endif # Don't die on warnings NO_WERROR= WERROR= # Don't forget this when using Jails! NO_FSCHG= I got this from: http://wiki.freebsd.org/BuildingFreeBSDWithClang Good Luck! -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Please help me diagnose this crazy VMWare/FreeBSD 8.x crash
Mark Felder wrote: Alright guys, I'm at the end of my rope here. For those that haven't seen my previous emails here's the (not so) quick breakdown: Overview: FreeBSD ?? - 7.4 never crash FreeBSD 8.0 - 8.2 crashes FreeBSD 8-STABLE, 8.3, and 9.0 are untested (Sorry, not possible in our production at this time, and we were hoping we could base some stuff on 8.3 for long term stability...) ESXi: Confirmed ESXi 4.0 - 5.0 has this problem. Haven't tested on others. [snip] I think we've finally found enough data that this is definitely something in the FreeBSD world. I'm going to begin prepping some of the known crashy servers with more debugging. Any suggestions on what I should build the kernel with? They never do a proper panic, but I definitely want to at least *try* to get into the debugger the next time it crashes. And when it crashes, what the heck should I be running? I've never played with the KDB before... Thank you for any suggestions and help you can give me I am definitely out of my league here and this is way over my head, to be sure. Just a couple of shots in the dark for possibly covering a couple more data points for your research. And I am a tad fuzzy on both as I have never needed to dig into either because I've not had any trouble with either. IIRC there are three different timer subsystems one may choose from. You may want to look into expirementation with each of the three, just to see if this changes any observed behaviors. Or to possibly rule it out. Your situation sounds like a candidate for reverse logic - if I can't get any handle on what's wrong I start at the opposite end and try to make a list of what is right in an attempt to leave a smaller subset to probe. I also think this most likely has nothing to do with what's happening, but for some reason it just pops into my head. Try disabling msi in /boot/loader.conf like this: hw.pci.enable_msi=0 hw.pci.enable_msix=0 At least if it makes no difference maybe this will exclude it from being a 'possible'. Developers who are more in-depth aware of what the differences are between 7.x and 8.x/9.x in the development timeline can probably provide a better picture so as to narrow the field of what to look at. This is way over my head, just wish I could help - I know and have experienced the kind of quandary you have here (I feel for you). :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Email issues, relay failure
Jon Radel wrote: On 2/25/12 10:26 AM, Bender, Chris wrote: On telnet w IP it says unable to connect. ... Its weird that the delivery on A says deferred connection timed out but on tcpdump I see the port 25 If you can't establish a TCP connection from A to your relay server on port 25, I'd expect all of the above. If you can't establish a TCP connection to port 25 at all from A, I'd stop focusing on the details of the e-mail server on the relay machine (as they're likely to be beside the point) and start focusing on what is blocking the traffic from A. Have you audited all the firewalls involved? To be really focused, if you see traffic (both ways) at the relay server when A tries to talk to port 25, but A is convinced that no TCP connection is established, either you're stomping on things at the relay server (do your attempts to telnet to port 25 fail immediately or just sit there for a good long time and then fail?), the reply packets from relay to A are getting mis-routed, or A is ignoring the packets coming in from the relay. Can you ping from the relay to A? There's a distinct difference between failure to establish a TCP connection (look to the network stuff) and the e-mail server giving you an error response rejecting your attempt to transfer mail or just quietly loosing the mail (look to the e-mail servers). It can also depend on a difference between residential vs business account at the ISP between them. If it was working fine and absolutely nothing was changed at either end, one posibility is an ISP implemented a policy of forcing mail submission to port 587, and whatever blocking they then started on port 25 is what broke the connection. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.3-BETA1 installation problem
Omer Faruk SEN wrote: [edited to relocate top post] [snip] If you need to clear the old MBR the old way, use a LiveFS or Fixit shell and do this (as root): sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. This will zero out any old MBR. A time or two when I've seen this error this fixed it up and the install proceeds as normal. As Warren said before, don't use the W, just Q and sysinstall will queue and issue all the commands at a later point. Already done that but still habe the same issue. I can dd and sysctl but after installing without using W at disk label screen still no luck. I have also done sysctl kern.geom.debugflags=16 on fixit and restarted installation but still getting the same error. I apologize over minor language difficulties, as I'm as guilty as anyone. But I do find the above slightly confusing, as I cannot tell for certain whether you have executed the commands correctly, or not. I can easily assume that you did and the problem indeed is somewhere else. The purpose of the sysctl command is to make it so that the subsequent dd can actually complete it's write to zero the MBR. If you were to examine this sector in a hex editor you would see all zeroes if the dd was successful. If it's anything other than all zeroes the write did not happen. If the write didn't happen then the problem would remain. Historically, I had this problem when I pulled an old backup disk off the shelf to swap into a box with a failed drive. The old disk still had the previous install of version 6.2 on it. I'm not certain exactly what changed, but some fuzzy glint of memory seems to make me think it was some kind of change in partition labeling between 6.2 and 7.x which rendered 7.x unable to properly read and modify the disk. Trying to install 7.x over the old 6.2 continually failed with exactly the same error as you describe until I booted from a LiveFS CD and did the above 2 commands. Another difference is that I have _not_ done this procedure in a FIXIT shell; I'm just assuming here that it would work the same way but could be wrong. There are several other things that jump out at me that I will include for ideas. A RAID controller sometimes will store it's metadata on the last sector of a disk. I doubt that this would cause a problem until or unless you were trying to use a GEOM class like gmirror which does the same thing and would clash. If so, you'd need to zero this sector as well. I doubt that this is the situation. You could also play around with BIOS controller configurations as well. For example, you would not want to be using Intel MatrixRAID. So NO to setting the controller to any kind of RAID setting in BIOS - and for an SSD you really want to select AHCI. The only other choice is Legacy support. I'm also a little apprehensive of installing to ad6 - you might try as an experiment unplugging any/all other drives you don't want to take chances with and plug up the SSD as ad0 to see if this changes anything. I have FBSD 9 installed in a VM for testing, and I believe it has switched to the new ATA_CAM layer as default now. I have also configured my 8.2 machines the same way so the drives are now ada0 instead of the old ad0 naming scheme. I do not know if this change has gone into the 8.3 Beta you are having trouble with. Examine your dmesg output and you can determine this. If your drive(s) are showing up as ada0 then possibly sysinstall doesn't know how to deal with this. I thought this was supposed to start with 9, and do not really know anything about 8.3 Beta. One thing I'd try is to see if installing 8.2 RELEASE would work. If it did, then the devs probably need some kind of PR filed so they will be aware. I won't see 8.3 until it becomes RELEASE, as I run production machines and I just am not interested in any potential upgrade until 8.3 achieves RELEASE status. But if attempting to install 8.2 RELEASE does the same thing it would circle me back to believing the crux of the problem is whatever was on the drive previously - and that needs to be successfully erased before your install will proceed. You should also reboot the box after doing these 2 commands, don't just try and continue on with sysinstall - reboot first. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.3-BETA1 installation problem
Warren Block wrote: On Fri, 24 Feb 2012, Omer Faruk SEN wrote: Already done that but still habe the same issue. I can dd and sysctl but after installing without using W at disk label screen still no luck. I have also done sysctl kern.geom.debugflags=16 on fixit and restarted installation but still getting the same error. [Please don't top-post, it makes responding more difficult.] If you need to clear the old MBR the old way, use a LiveFS or Fixit shell and do this (as root): sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 The sysctl is not necessary. The dd may not erase enough of the disk. It will erase a bsdlabel, but not the MBR/PMBR. As always, be warned that this will erase the partition table on that disk, so make sure it's the correct target disk and that you have full backups: dd if=/dev/zero of=/dev/adX bs=512 count=34 Excellent idea here. It covers GPT too, for as if a Linux distro was on the disk previously, or anything else using GPT. For me I only needed the one because my problem was only a change from FBSD 6.2 to 7.x something, no GPT involved - my problem was only disklabel related. Replace X with the correct drive number. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.3-BETA1 installation problem
Warren Block wrote: On Wed, 22 Feb 2012, Omer Faruk SEN wrote: I am trying to install FreeBSD 8.3-BETA1 to a system with ssd disk recognized as ad6. At fixit mode i can dd device but at installer (sysinstall) when I configured disk and using w installer is unable to format devices stating that Unable to find device node for /dev/ad6s1b in dev. The creation of file systems will be aborted any suggestion on what may be the reason for that or is it a bug on installer Using Write is one of the causes for that. Don't Write, just choose Quit after making selections. (There are other causes, like old partitioning information on the disk. Removing that with gpart destroy or just dd-ing zeros over it is the cure in that case.) If you need to clear the old MBR the old way, use a LiveFS or Fixit shell and do this (as root): sysctl kern.geom.debugflags=16 and: dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1 where x equals your drive number. This will zero out any old MBR. A time or two when I've seen this error this fixed it up and the install proceeds as normal. As Warren said before, don't use the W, just Q and sysinstall will queue and issue all the commands at a later point. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How much space do I need on / for a 7.4 to 8 stable upgrade?
Adam Vande More wrote: On Wed, Feb 22, 2012 at 11:47 AM, Joe Moore joe.mo...@holidaycompanies.comwrote: I have 65MB of free space on /. Is that going to be enough? I've already moved tftpboot to /usr, cleaned out /root, /boot/kernel.old, and /tmp. What else could I clean out if I need more space? I'm thinking some executables in /rescue. ls -l shows most of them being 4MB each but that can't be right. I don't know the specific numbers of what you'll need but you can probably delete the *.symbol files(they aren't needed by default). i386 also produces smaller files/mem imprint than most equivalent amd64 bins. I did this and the only i386 box I have left uses 96MB on / while the amd64 ones hover around 105MB, give or take a few. I believe adding WITHOUT_PROFILE= true to /etc/src.conf prevents them from being built/installed in subsequent builds. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache22 + php5 (package not ports) ~ spawn-fcgi ?
alexus wrote: I dont think you really grasping what I was asking.. I am aware that I can build from source, yet I'm trying to stay away from that route due to a lot of overhead going forward... I'm also aware that php5 or actually apache22 doesn't come with mod_php as well, and as alternative I'm willing to go spawn-fcgi route instead, and this is what I'm interested in. I'm looking for some blog/howtos of people already done it on freebsd and not just a general fastcgi.com site :) So, if anyone have an experience or know a good resources that may be useful for me at this point of time, I'd highly appreciate if you can post it here. You do not need spawn-fcgi wrt to PHP. I install software by compiling through the ports system, as it is just so much more maintainable in the long run. Also, you are more able to select build options which are better suited to your needs and environment. I have built Apache outside the ports tree in the long-ago past, so I do understand how. It's just there really is not a great reason to do so. In my case, I utilize the apache-event MPM in conjunction with FastCGI. Originally I began with mod_fcgi, and it seemed to work well. When I learned that mod_fastcgi was supposed to work better with PHP-FPM I switched to it when I made the change to PHP-FPM. PHP-FPM runs on it's own at boot and has it's own startup scripts. You can set the options to do this when you build the base PHP port by choosing WITH_CLI=true, WITH_CGI=true, WITH_FPM=true and you will not need spawn- fcgi; PHP-FPM supplies this functionality [e.g 'long-running process'] by design. Also there is a .conf you can use to adjust your PHP CGI pools in a much more granular way than with spawn-fcgi. Irregardless of which MPM you run Apache with, the next step is to connect Apache through mod_fastcgi to these running instance(s) of PHP. Here is an example from httpd.conf for this: [...] LoadModule fastcgi_module libexec/apache22/mod_fastcgi.so [...] IfModule mod_fastcgi.c Alias /php-cgi /usr/local/www/fastcgi/php-cgi #FastCGIExternalServer /usr/local/www/fastcgi/php-cgi -flush -host 127.0.0.1:9000 FastCGIExternalServer /usr/local/www/fastcgi/php-cgi -flush -socket /tmp/php- fm.sock AddType application/x-httpd-php .php Action application/x-httpd-php /php-cgi Directory /usr/local/www/fastcgi/ Order deny,allow Deny from all Files php-cgi Order allow,deny Allow from all /Files /Directory /IfModule Notice I use a socket, and this socket is configured in the php-fpm.conf. The normal default is to use the TCP loopback. This also is probably not the best config available, but it supplies my very basic needs. If you are trying to set up Apache with mod_fastcgi, go with PHP-FPM as your CGI version of the PHP port build (set in the make config options) and it will be easy. IMHO this is a better way to go than spawn-fcgi, especially wrt to PHP specifically. --Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: gpart usage during install
Robert Simmons wrote: I'm just installing a 9.0-RELEASE instance in Virtual Box to check things out. I ran into something odd. With 8.x I install certain things into a geli encrypted partition. To do this I have to use a fixit shell and a manual install. Now, I'm trying to do the same thing in 9.0, but when I get to the partitioning stage of the install, and I select the option to setup the partitions in a shell, I get the following error from gpart. What has changed? What am I doing wrong? # gpart create -s GPT ad0 gpart: arg0 'ad0': Invalid argument 9 is using the new ATA_CAM layer now, so your drive will look like: ada0 instead of the old ad0. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can clang compile RELENG_9?
Dennis Glatting wrote: I get errors when trying to compile RELENG_9 with clang. Is clag suppose to work when it comes to compiling the OS or am I missing something: [snip] I can't speak to RELENG_9, but I have successfully rebuilt the RELEASE with CLANG (make/install world kernel). My /etc/make.conf as per instructions I found on the wiki: .if !defined(CC) || ${CC} == cc CC=clang .endif .if !defined(CXX) || ${CXX} == c++ CXX=clang++ .endif .if !defined(CPP) || ${CPP} == cpp CPP=clang-cpp .endif # Don't die on warnings NO_WERROR= WERROR= # Don't forget this when using Jails! NO_FSCHG= This was with amd64, have not tried any 32 bit. With custom kernel as well. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 9.0 ICH8M trouble, no HDD found, unable to install.
Jasper Valentijn wrote: L.S., I'm not able to install FreeBSD on a Sony Vaio vgn-cr31s. The problem seems to be related to PR kern/153440, http://www.freebsd.org/cgi/query-pr.cgi?pr=153440cat=. The FreeBSD-9.0-RELEASE-i386-memstick.img was used to try the install and extraction of the information below, verbose dmesg output and pciconf output. Does anybody have a workaround for this problem? If I could/should provide more information, just ask. I do not have this hardware, so these are just a couple of wild guessses from the blue on my part. I am also looking only at 64 bit platforms here, so if there is any signifigant difference with 32 bit I can't look/see. First, you might try using the 2 option on the boot menu and then 'load acpi_sony' followed by 'boot'. If this works, then you are indeed fortunate. If this is the case, at the end of the install when it gives you the chance to edit files put acpi_sony_load=YES in /boot/loader.conf prior to rebooting. Second has to do with AHCI support, and I'm a little fuzzy here. IIRC Intel began AHCI support with the ICH6 chip. With the advent of FreeBSD 9 the underlying mechanism has changed to the new ATA_CAM layer, with ahci support a default. Check your BIOS (if possible) to see what options are available. You may try disabling AHCI by switching to Legacy IDE mode and see what changes. If it works when you do this it confirms this to be where the problem lies. Also ensure you are not using any BIOS config for AHCI+RAID. Now you don't really want to run a modern day box without AHCI as you lose things like NCQ resulting in performance loss. Especially for SSDs as they demand it. You may be able to play around a little using the loader (press 2) to set and unset various variables. For example, hint.ahci.X.msi=0 would turn off MSI support. As far as specific settings for controlling ATA_CAM and/or other AHCI support I'm fuzzy on this. Perhaps if you reach this point someone more knowlegable can chime in. But if you were to find a sysctl that made it magically work with AHCI you could put it in loader.conf to make it permanent. As far as what I can tell from the PR you mentioned, if you saw the exact same behavior after having installed FBSD 8.1 and then subsquently trying to upgrade to 8.2 it would nail it to matching the PR. Sometimes there are hardware identifiers like PCI ID's that just need to be added to source for some minor offshoot/revision chip to be recognized properly. If you got down to this by process of elimination you would probably at that point want to work with a developer (someone much smarter than me) to get support added. If this were to become the case this is desirable as it would remove the problem for anyone else coming along later. Hope this helps any, as it's just basically just a couple of wild guesses to maybe get you started. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: UPDATING 20120116 -- x11/xcb-util -- instructions not working
Conrad J. Sabatier wrote: On Wed, 25 Jan 2012 08:53:39 -0600 Mark Felder f...@feld.me wrote: For the life of me I can't work around this xcb-util issue. This is a pretty fresh install and I have not made any workaround symlinks. I ran: # portmaster -R -r xcb-util-0 And the problem persists. It didn't even complete all the packages because some were still erroring on missing xcb libraries. Example, editors/mousepad: libtool: link: cannot find the library `/usr/local/lib/libxcb-aux.la' or unhandled argument `/usr/local/lib/libxcb-aux.la' gmake[2]: *** [mousepad] Error 1 I'm getting this same error in several ports. Just exactly which package is supposed to be providing libxcb-aux.la? And why isn't it? I'm not exactly certain about this, and so am probably wrong. I thought the '*.la' files were 'linker archives' created by libtool. But I never really got completely through the process of fully understanding exactly how all the autotools, make and gmake, and libtool operate. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: php5 port seems broken
Tim Kellers wrote: On 1/22/12 5:35 PM, Tim Dunphy wrote: Hello list, I'm attempting to install php5 from my ports tree. I've attempted the latest version ( 5.3.9 located in /usr/ports/lang/php5) and the 'latest stable' (5.2.17 located in /usr/ports/lang/php52). The result is pretty much the same: [snip] = php-5.3.9.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch http://dk.php.net/distributions/php-5.3.9.tar.bz2 fetch: http://dk.php.net/distributions/php-5.3.9.tar.bz2: Requested Range Not Satisfiable = Attempting to fetch http://de.php.net/distributions/php-5.3.9.tar.bz2 fetch: http://de.php.net/distributions/php-5.3.9.tar.bz2: Requested Range Not Satisfiable = Attempting to fetch http://es.php.net/distributions/php-5.3.9.tar.bz2 fetch: http://es.php.net/distributions/php-5.3.9.tar.bz2: Requested Range Not Satisfiable = Attempting to fetch http://fi.php.net/distributions/php-5.3.9.tar.bz2 fetch: http://fi.php.net/distributions/php-5.3.9.tar.bz2: Requested Range Not Satisfiable = Attempting to fetch http://fr.php.net/distributions/php-5.3.9.tar.bz2 [snip] When I went to portupgrade mine on 16 Jan I experienced exactly the same. I ended up locating the tarball somewhere, downloaded it, and placed it in distfiles manually. Then the portupgrade went without hitch. I was just wondering if anyone might have a guess as to why this wasn't working? My bet is bad links pointing at a bad tarball. [snip] I just portupgraded my php5 this morning and I was able to fetch the distfile without trouble. It might just be a partially dled file and a checksum mismatch. Sounds like the situation was discovered fairly quick and corrected. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to force 'device' sources to not compile?
Коньков Евгений wrote: I have errors while compile kernel === et (all) cc -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/KES_KERN_v9/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -fno-common -g -I/usr/obj/usr/src/sys/KES_KERN_v9 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-sse -mno-mmx -msoft-float -ffreestanding -fstack-protector -std=iso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/et/../../dev/et/if_et.c /usr/src/sys/modules/et/../../dev/et/if_et.c: In function 'et_dma_alloc': /usr/src/sys/modules/et/../../dev/et/if_et.c:782: error: 'ET_RING_ALIGN' undeclared (first use in this function) /usr/src/sys/modules/et/../../dev/et/if_et.c:782: error: (Each undeclared identifier is reported only once /usr/src/sys/modules/et/../../dev/et/if_et.c:782: error: for each function it appears in.) /usr/src/sys/modules/et/../../dev/et/if_et.c:790: error: 'ET_STATUS_ALIGN' undeclared (first use in this function) /usr/src/sys/modules/et/../../dev/et/if_et.c:845: error: 'struct et_softc' has no member named 'sc_rx_mini_tag' /usr/src/sys/modules/et/../../dev/et/if_et.c:854: error: 'struct et_softc' has no member named 'sc_rx_tag' /usr/src/sys/modules/et/../../dev/et/if_et.c:864: error: 'struct et_softc' has no member named 'sc_tx_tag' how to disable 'et' from compiling? Why? Since others do not seem to have this problem wouldn't it instead be a better idea to discover what you are doing wrong? Simply trying to 'not build et' will not reveal what is wrong - fixing what is wrong would be better. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PF/ALTQ - Stable TSC?
APseudoUtopia wrote: Hello, I'm setting up pf with altq support in my kernel on freebsd 9.0-Stable (soon to switch to the -RELEASE once it's available). The system is a quad-core Xeon E31220, running amd64. I've done a bit of googling and found various results. I know the freebsd handbook says ALTQ_NOPCC is required on SMP systems. My kern.timecounter.smp_tsc=1, which says the TSC is safe to use in SMP mode. Is it still required to use ALTQ_NOPCC on _ALL_ smp systems? Basically I'm just seeing very different answers with my own research, which is why I'm posting to this list. In the /usr/src/sys/conf/NOTES on an 8.2 box it has this to say: ALTQ requires a stable TSC so if yours is broken or changes with CPU throttling then you must also have the ALTQ_NOPCC option. I take this to mean that if your TSC is absolutely rock solid and does not vary or adjust when CPU throttling kicks in you may very well get away with not having it. My take on this is it probably doesn't hurt to leave it in, as it would be a safety net in place for a just in case scenario in which case it would enhance stability. Cheap insurance. I suspect the Handbook line you were referring to might date back to the 5.x days, with the quote above being recent. A lot of work in the three timecounters available went as water under the bridge some time ago. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: difference between cvsup and csup?
Foo JH wrote: Hello guys, I notice FreeBSD is now using (and probably has been for a while) csup instead of cvsup. The parameters looking identical - at least from the no-gui perspective. Can anyone advise what the difference is, and perhaps educate me on how this came to be? I'm certainly not any kind of expert, but please note by examining the dependencies you will notice cvsup requires ezm3. This is a portable version of Modula-3 ( http://en.wikipedia.org/wiki/Modula-3 ), upon which cvsup is designed. Csup is a rewrite of cvsup in the C language, and as such can be included as part of the base operating system. It is only linked against a few system libraries. This also means it can be built using the same tools and system compiler whenever the system itself is updated. Csup is faster, built-in, and has no third party dependencies. Theoretically it should have less potential for problems. Cvsup is a third party port, which itself depends on other third party ports. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Quick build of stripped-down kernel
Brett Glass wrote: Everyone: Happy Thanksgiving! This week, I've been building FreeBSD 9.0-RC2 kernels for various machines, and on some of the older and slower ones it's been taking quite a long time. One of the reasons for this is that even if you strip 98% of the drivers out of the kernel, they are all still built as loadable modules. The machines in question will NEVER use those modules, so it's a waste of time and disk space. How hard would it be to create a build target for make that would avoid building the loadable modules and just leave them out of the directory where the new kernel is placed after installation? I am not intimately familiar with the cascade of makefiles that does the build I could probably figure out what to tweak, but if someone who is expert in this can help it would be appreciated. It would save me countless hours. Unless the man pages are out of date and inaccurate this used to be done with make.conf and NO_MODULES. I thought this had been moved into src.conf, but I don't see it in the man page for src.conf. man make.conf for details, as it is also possible to control which modules you want or do not want built as well. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Make buildworld don't run
Zantgo wrote: I write make buildworld, this is the answer: #make buildworld make: don't know how to make buildworld. Stop Since this works just fine for all those who have learned how to use FreeBSD I can only assume this indicates you do not know what you are doing. PS: I use FreeBSD 9.0 RC1, and I try to follow current This is a poor choice for anyone new to FreeBSD. There are mainly 3 branches of FreeBSD to consider: -CURRENT is for developers and other contributors working on the next version of FreeBSD, -STABLE is somewhat in the middle in that it will have patches for problems that have been fixed in current and merged back to earlier release versions of code, and RELEASE. There is also a SECURITY branch where only security patches are updated to RELEASE. Since it is obvious you do not know what you are doing the best place for you to begin is RELEASE. Install and begin using a RELEASE version as a learning tool. This means version 8.2! The Handbook may have pieces which are old and could stand updating, but largely it is _THE_ reference you should be working your way through as you proceed to learn FreeBSD. The greatest bulk of what you need to learn is in there. It comes in versions other than English too: http://www.freebsd.org/doc/es_ES.ISO8859-1/books/handbook/index.html If your only exposure to date with computers has been with Windows and you are looking to expand your reach, you will first find that the *Nix world is heavy on reading documentation and trying to figure stuff out for yourself first, before splattering help channels with every little thing that comes along. Once you have made some intial effort you will find that you are in a better position to provide better details on how we can help you. We cannot help you with the effort you need to make in learning the basics, and these basics are all contained in the documentation. I will make no effort to address your error. First of all, you should not be starting in FreeBSD with a release candidate and following -CURRENT. Your error is the result of trying to jump over learning what you need to know. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Make buildworld don't run
Zantgo wrote: El 02-11-2011, a las 17:00, Michael Powell nightre...@hotmail.com escribió: If your only exposure to date with computers has been with Windows and you are looking to expand your reach, you will first find that the *Nix world is heavy on reading documentation and trying to figure stuff out for yourself first, before splattering help channels with every little thing that comes along. Once you have made some intial effort you will find that you are in a better position to provide better details on how we can help you. We cannot help you with the effort you need to make in learning the basics, and these basics are all contained in the documentation. I will make no effort to address your error. First of all, you should not be starting in FreeBSD with a release candidate and following -CURRENT. Your error is the result of trying to jump over learning what you need to know Now this worked for me and at one time thought to hold steady, but I thought that opened many dependencies, and need more current packages so take care not release Nope. Make buildworld is how you begin a source-based upgrade to the operating system. This is completely different and separate from anything package related. You are completely on the wrong track with this. Study the Handbook some more and this may become apparent. When you refresh your ports tree (which handles dependency tracking whether you are installing from ports or using packages) you will always be looking at the latest ports/packages. This is true no matter which branch of the OS you are using. Install RELEASE, refresh your ports tree, and you will still have all the 'most current packages'. You do *NOT* need to be running - CURRENT in order to have the 'most current packages'! This still reiterates the need for you to read and study the documentation. All of this information is present in the documentation. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: The ports are really funcional?
Polytropon wrote: On Mon, 31 Oct 2011 11:45:44 -0300, Zantgo wrote: then, as the system must be configured?, I thought as I was was perfect. I have a laptop with intel core i5. The ports should work without any further configuration change, no matter if you've installed via Internet or from an installation media. If you encounter problems, please post informative text to this list, i. e. the command you've executed and the relevant error messages, and maybe specific things you've changed, e. g. global CFLAGS and other things one should not do. :-) We should probably try and discover if he had learned how to update the ports tree as well. Many new users can easily get the ports tree installed by simply agreeing to the suggestion in sysinstall, but do not yet know it is best to update it first prior to installing software. I have always suspected that unknowingly utilizing the already out-of-date tree from the initial install is probably what causes most newcomers' problems with ports. My practice is to only do a basic install plus ports tree, with no third party application packages. Then update ports tree and begin installing apps. I learned this the hard way from experience over 11 years ago. When I first started with FreeBSD (circa 4.0.0) I would have some packages installed and then try using the ports system, and stuff would break. Learning to cvsup the ports tree is what took care of a lot of that. Then I learned portupgrade and things got even better again. But I recall the jumbled mish- mash of brokenness I had early on as a neophyte, and what the OP is describing sounds a lot like my early experience. Learning to properly admin the system made all of that a thing of the distant past. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Breakin attempt
Polytropon wrote: On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote: I suspect that these sorts of attacks are fairly normal if you're running ssh on the standard port. I used to have lots of 'break-in attempts' before I moved the ssh server to a different port. Is there _any_ reason why moving from port 22 to something different is _not_ a solution? Reason why I'm asking: Moving SSH away from its default port seems to be a relatively good solution as break-in attempts concentrate on default ports. So in case a sysadmin decides to move SSH to a hidden location, what could be an argument against this decision? One such relatively minor argument might be the use by external entities for the ability to connect in a standardized way. Such a client may need to connect but has no way of knowing in advance what port to use. The only readily available means for them to locate you might be DNS, with them only knowing you by hostname. I tend to discount this as they would still need some form of auth, whether a user account/password combination or a certificate. In either case, this needs to be configured in advance - so there's no reason a port number couldn't be included when communicating how to login to the third party. There is also some remote possibility that the third party has some internal (albeit brain-dead) policy of mandating the use of some software that cannot be configured to use a port other than 22. I would consider such a software to be inherently 'broken by design', and not a good enough reason for me to 'break' my system just to make them happy. After all, aren't they the ones who want to connect to me and shouldn't the responsibility be on them to do it in accordance with what I have configured? I restrict any SSH access to my systems to certificate only, with password turned off. Only a trusted few will have these certificates, and these people will know what port to use because I told them. Just changing the port to some high number non well-known will not entirely stop a port scan if said scan is walking up every single port one after another. But simply changing it to something like 42347 works wonders for knocking down about 90% of script-kiddies. I just don't see SSH as the best tool for giving anonymous remote-access to the general public of the IntarWebZ in general. If access is not anonymous there must be some admin config done previous to the access. Providing anonymous access via SSH sort of defeats the purpose for using SSH in the first place. :-) Just my $.02 - Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: www.clubrunner.ca
Mike Jeays wrote: I find weird behaviour with this site. It works fine on Windows systems, but Firefox on FreeBSD (and also Firefox, Opera and Chrome on Ubuntu) fails to connect. It immediately tries to retrieve www.clubrunner.ca/Home, but then the connection hangs. Does anyone have any clues, please? Does charset=windows-1252 ring any bells? I only looked at it very briefly, but my first impression is this is just one of the most terribly coded pages I've seen recently. I wouldn't waste any time with something as much a mess as this. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: updating 8.1 release
wayne mitchell wrote: hey just tried to update a system using 'csup' current system is: 8.1 RELEASE on a amd machine (amd64 GENERIC kernel) tried downloading the CURRENT branch ( tag=. ) when running make buildworld get an exit with error at /usr/lib/libmagic system gives various warnings about unknown file types and incorrect variable bounds then exits with error 1 - 'cannot find any magic files' tried this again with ( tag=RELENG_8 ) - exact same problem tried this again with ( tag=RELENG_8.2 ) - exact same problem also tried make buildworld in multi-user -and- single-user where should i expect to find any magic files on the system tree ? thanks I wouldn't worry about this. Be better to find out what is wrong. It is unclear exactly what you are trying to achieve, so I'll try some crystal- ball gazing. Going from 8.1 to HEAD might actually be broken at any one given point in time. Not always, but the possibility exists. If you are dead set on this, read the -CURRENT list for hints on breakage. If you are trying to set up a server for use in some form of stable environment I would suggest not using -CURRENT, but rather consider the security branch of either 8.1-RELEASE or 8.2-RELEASE. The csup tags are RELENG_8_1 and RELENG_8_2 respectively. Example supfile: *default host=cvsup.nl.freebsd.org *default base=/usr *default prefix=/usr *default release=cvs tag=RELENG_8_2 *default delete use-rel-suffix compress src-all Then cd to /usr/obj and do rm -rf *. This will remove leftovers of previous failed build attempts. Once this is cleaned up and you have the correct source (such as 8.2-RELEASE security branch), then just cd /usr/src and kick off the dance with a make buildworld. I just updated 9 machines from 8.2 to the 8.2 security branch and experienced zero trouble. I can't speak to whether -CURRENT will build, as my boxen are for production use and not for development work. If you continue to have a problem trying to update to RELENG_8_2 you are doing something wrong. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org