Re: Mouse Trails?
On 08/18/13 16:48, Gary Aitken wrote: On 08/17/13 19:08, cpghost wrote: On 08/17/13 18:14, Walter Hurry wrote: On Sat, 17 Aug 2013 17:31:26 +0200, Polytropon wrote: Good ole Xeyes... ;-) But beware, xeyes crashes X server right now! Using xeyes-1.1.1 xorg-server-1.7.7_8,1 on FreeBSD 9.2-PRERELEASE #0 r253323 Sat Jul 13 21:00:32 CEST 2013 amd64 I'm not the only one who's got X server crashes with xeyes: http://lists.freebsd.org/pipermail/freebsd-x11/2012-May/011833.html @Polytropon: what version of xeyes/xorg-server are you using? pkg_info | grep xeyes xeyes-1.1.1 A follow the mouse X demo pkg_info | grep xorg-server xorg-server-1.7.7_8,1 X.Org X server and related programs Works fine here, amd64. How soon does it crash? First mouse movement, program startup, or what? At program startup. Using fluxbox here. I'll try with another WM. Maybe it's a WM problem? No other programs cause X server crashes here. I must say that it caught me by surprise! The behavior I see is: mouse is visible start typing in xterm and cursor disappears xeyes comes up with eyes pointing to where cursor was a second or so later the cursor reappears move the cursor and eyes follow it Gary -cpghost -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mouse Trails?
On 08/17/13 18:14, Walter Hurry wrote: On Sat, 17 Aug 2013 17:31:26 +0200, Polytropon wrote: If LXDE uses an ugly white mouse cursor, try changing it to black (the normal color for mouse cursors on all serious GUI systems). The classical way of solving the where is the mouse cursor problem is to install xeyes. :-) I am reluctant to install Compiz, but xeyes looks to be just the ticket! Good ole Xeyes... ;-) But beware, xeyes crashes X server right now! Using xeyes-1.1.1 xorg-server-1.7.7_8,1 on FreeBSD 9.2-PRERELEASE #0 r253323 Sat Jul 13 21:00:32 CEST 2013 amd64 I'm not the only one who's got X server crashes with xeyes: http://lists.freebsd.org/pipermail/freebsd-x11/2012-May/011833.html @Polytropon: what version of xeyes/xorg-server are you using? -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: where to start with PGP/GPG?
On 08/15/13 14:16, Anton Shterenlikht wrote: I never needed to use pgp till now. So I'm not sure where to start. Is security/gnupg the way to go? Any other advice? security/gnupg + security/pinentry is the way to go. Additionally, if you use this for E-Mail, consider using thunderbird with the enigmail add-on. Works great. -cpghost. Thanks Anton -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Tablet PCs and FreeBSD?
On 08/05/13 23:07, Adam Vande More wrote: On Mon, Aug 5, 2013 at 4:05 PM, Adam Vande More amvandem...@gmail.com mailto:amvandem...@gmail.com wrote: On Mon, Aug 5, 2013 at 1:44 PM, cpghost cpgh...@cordula.ws mailto:cpgh...@cordula.ws wrote: Hello list, what's the status of FreeBSD/arm w.r.t. Tablet PCs? Is there ANY tablet out there that managed to at least boot FreeBSD? (I'm not talking about Xorg etc, just a simple console with FreeBSD base system would suffice for now -- even NetBSD would be great) I'm looking for a Tablet PC that runs Linux/arm (not just Android), and it would be nice if that model was also able to run FreeBSD; and if not now, so in the foreseeable future. Any suggestions w.r.t. models? All I can recall was this thread(read whole thing): http://lists.freebsd.org/pipermail/freebsd-questions/2012-November/246404.html Also asking on freebsd-arm might get you farther. Ah, thanks for the hint! -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Tablet PCs and FreeBSD?
Hello list, what's the status of FreeBSD/arm w.r.t. Tablet PCs? Is there ANY tablet out there that managed to at least boot FreeBSD? (I'm not talking about Xorg etc, just a simple console with FreeBSD base system would suffice for now -- even NetBSD would be great) I'm looking for a Tablet PC that runs Linux/arm (not just Android), and it would be nice if that model was also able to run FreeBSD; and if not now, so in the foreseeable future. Any suggestions w.r.t. models? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Unusual file: /bin/[
On 07/29/13 15:25, Paul Macdonald wrote: Hi, I spotted what i'd call an unusual file in the basejail on a jail install, and have since seen this on other non jailed boxes. -r-xr-xr-x 2 root wheel 11488 Jun 10 12:19 [ That's a perfectly valid UNIX program used in (bourne) shell programming. It has been part of BSD Unix for ages. And I really mean AGES! just checking thats all ok, and i've not been rooted! Don't worry about it. It's perfectly legitimate. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Delete a directory, crash the system
On 07/27/13 21:12, cpghost wrote: A more robust file system would halt all processes, and perform an in-kernel fsck on the filesystem and its internal (in-memory) structures to repair the damage... and THEN resume the processes. However, this is a major project, and we don't have a self-healing filesystem / kernel (... yet). ;-) -cpghost. If we think this further, we may as well start introducing some elements of self-healing or at least self-inspecting in the kernel. How about, for example, a kernel thread that wakes up periodically, walks through VFS structures, and checks their integrity? Perhaps also verifying the underlying inodes as well? Think background fsck, but within the kernel and for kernel structures themselves. Others parts of the kernel could as well self-inspect for consistency with a periodic kernel thread. Some parts are easier than others, so I don't think we could also walk the VM structures (if those are corrupt, even the repair-thread will be running amok). But save for that, most parts of the kernel could use some periodic consistency checking. Make that checking optional via a sysctl(8), and it won't even cost performance. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Delete a directory, crash the system
On 07/27/13 14:58, David Noel wrote: Post the stack trace of the core and maybe someone can help you. panic: ufs_dirrem: Bad link count 2 on parent cpuid = 0 KDB: stack backtrace: #0 0x808680fe at kdb_backtrace+0x5e #1 0x80832cb7 at panic+0x187 #2 0x80a700e3 at ufs_rmdir+0x1c3 #3 0x80b7d484 at VOP_RMDIR_APV+0x34 #4 0x808ca32a at kern_rmdirat+0x21a #5 0x80b17cf0 at amd64_syscall+0x450 #6 0x80b03427 at Xfast_syscall+0xf7 So the system panics in ufs_rmdir(). Maybe the filesystem is corrupt? Have you tried to fsck(8) it manually? Even if the filesystem is corrupt, ufs_rmdir() shouldn't panic(), IMHO, but fail gracefully. Hmmm... -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Delete a directory, crash the system
On 07/27/13 20:57, David Noel wrote: So the system panics in ufs_rmdir(). Maybe the filesystem is corrupt? Have you tried to fsck(8) it manually? fsck worked, though I had to boot from a USB image because I couldn't get into single user.. for some odd reason. Even if the filesystem is corrupt, ufs_rmdir() shouldn't panic(), IMHO, but fail gracefully. Hmmm... Yeah, I was pretty surprised. I think I tried it like 3 times to be sure... and yeah, each time... kaboom! Who'd have thought. Do I just post this to the mailing list and hope some benevolent developer stumbles upon it and takes it upon him/herself to fix this, or where do I find the FreeBSD Suggestion Box? I guess I should file a Problem Report and see what happens from there. Maybe you could ask on freebsd-fs@. That's the list where the filesystem hackers are hanging around. Basically, from /usr/src/sys/ufs/ufs/ufs_vnops.c:ufs_rmdir(): if (dp-i_effnlink 3) panic(ufs_dirrem: Bad link count %d on parent, dp-i_effnlink); if (!ufs_dirempty(ip, dp-i_number, cnp-cn_cred)) { error = ENOTEMPTY; goto out; } (...) Basically, the parent directory has less than 3 entries, but since 2 entries are mandatory (. and ..), the 3rd entry that is missing must belong to the directory being removed. This is inconsistent. And if the parent directory is inconsistent, other bad things could happen. The kernel errs on the side of caution, and panic()s instead of silently returning EINVAL. Actually, this is a sensible thing to do in this context. A more robust file system would halt all processes, and perform an in-kernel fsck on the filesystem and its internal (in-memory) structures to repair the damage... and THEN resume the processes. However, this is a major project, and we don't have a self-healing filesystem / kernel (... yet). ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: devel/poco-ssl BROKEN. Can I use TRYBROKEN?
On Sun, Jan 31, 2010 at 03:09:26PM -0500, b. f. wrote: Hi, devel/poco-ssl has been marked BROKEN= bad plist for some time now. Since I urgently need it for devel work, and as I would prefer to use the port rather than compile POCO directly (which works too), I'm considering bypassing this BROKEN setting with: .if ${.CURDIR:M*/devel/poco-ssl} TRYBROKEN=yes .endif in /etc/make.conf. Is it okay, until devel/poco-ssl is fixed? You can do whatever you want on your own system. The reason given for marking it BROKEN was a bad plist, and if that is the only thing wrong with it, then you need only worry about it leaving unregistered files behind after it is removed, or possibly conflicting with another port. If that's alright with you, then you may as well use NO_IGNORE or TRYBROKEN as a workaround. Okay, I've tried it on a test machine, and it seems to work alright (so far), at least with the few programs I've compiled. It looks like a bad plist only, and I think that I understand the ramifications of it, so I'll stick to this workaround until the port is fixed. Oh, btw, I'm still missing the poco-doc port which pulls in the POCO documentation. :-( Oh, well. If the maintainer won't do it, maybe you could take the time to fix the plist and offer an option to install the docs? I'll have a look as soon as I grok the ports system and find out how to do that. ;-) Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Printing via ulpt0 extremely slow
On Fri, Jan 29, 2010 at 09:08:14PM +0100, Jens Schweikhardt wrote: hello, world\n I have a system with a handful of kernels I chose from with grub. Recently compiled 8-STABLE systems show strange printing behaviour. While a one year old 8.0-CURRENT #0 r185532 has no problem printing to my HP Laserjet 2300d (via cups and USB/ulpt0), newer systems and even 9-CURRENT print extremely slow, on the order of 1 page every 6 minutes. The printer's Data LED blinks sometimes erratically, sometimes is on for a few seconds, with intermittent periods of 1Hz blinking (which is the expected normal behavior). For some reason, CUPS stopped working for me too, after upgrading print/cups-base. Using a HP LaserJet 1320 (Postscript) attached via ulpt0. Exactly the same symptoms. As a workaround, I simply filter PDF files through /usr/local/libexec/cups/filter/pdftops and send that to /dev/ulpt0 directly. I have no idea how to debug this, because nothing shows in the CUPS logs. So I'm wondering what causes this oddity. I've ruled out an issue with hald/dbus which recent systems use for xorg 7.4, by turning them off, rebooting and printing from the console--same slow printing. The cups log says it sent the file succesfully (/var/log/cups/access_log): localhost - - [29/Jan/2010:20:17:11 +0100] POST /printers/LaserJet_2300d HTTP/1.1 200 18530 Send-Document successful-ok I can't find anything obvious in my kernel config that might account for this behavior. I don't think it is related to FreeBSD, because printing worked perfectly only my system (FreeBSD/amd64 r200471) before updating cups-base, and stopped working exactly after that (but printing directly to /dev/ulpt0 still works perfectly). It is probably a cups problem. It does not matter if the printer is on or off when the system starts. I've read about interrupt storms (when printing via lpt0), but vmstat -i looks sane AFAICT: $ vmstat -i interrupt total rate irq16: vgapci0 ahc* 192947 62 irq18: skc0 uhci2++ 3765 1 irq19: fwohci0++ 383725124 irq23: uhci3 ehci1 3700 1 cpu0: timer 6227448 2018 irq256: hdac0 92 0 cpu1: timer 6219346 2015 Total 13031023 4223 Anyone seen something similar? What else can I try to debug this problem? Regards, Jens -- Jens Schweikhardt http://www.schweikhardt.net/ SIGSIG -- signature too long (core dumped) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
devel/poco-ssl BROKEN. Can I use TRYBROKEN?
Hi, devel/poco-ssl has been marked BROKEN= bad plist for some time now. Since I urgently need it for devel work, and as I would prefer to use the port rather than compile POCO directly (which works too), I'm considering bypassing this BROKEN setting with: .if ${.CURDIR:M*/devel/poco-ssl} TRYBROKEN=yes .endif in /etc/make.conf. Is it okay, until devel/poco-ssl is fixed? Oh, btw, I'm still missing the poco-doc port which pulls in the POCO documentation. :-( Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem viewing DVDs
On Sun, Jan 17, 2010 at 10:13:55PM +0100, Jens Schweikhardt wrote: hello, world\n Hi Jens, I'm trying to view a Friends DVD (original) on my 8-Current system but none of the dvd viewer apps (eg. ogle and mplayer) work. Investigating I found that I can mount the DVD as a cd9660 file system, but all the *.vob files result in an I/O error when read, while all the non-vobs can be read just fine: /cdrom/video_ts # ls -l total 3841434 -r-xr-xr-x 1 root wheel 12288 Dec 21 2004 video_ts.bup -r-xr-xr-x 1 root wheel 12288 Dec 21 2004 video_ts.ifo -r-xr-xr-x 1 root wheel 3016704 Dec 21 2004 video_ts.vob -r-xr-xr-x 1 root wheel 90112 Dec 21 2004 vts_01_0.bup -r-xr-xr-x 1 root wheel 90112 Dec 21 2004 vts_01_0.ifo -r-xr-xr-x 1 root wheel 7192576 Dec 21 2004 vts_01_0.vob -r-xr-xr-x 1 root wheel 1073739776 Dec 21 2004 vts_01_1.vob -r-xr-xr-x 1 root wheel 1073739776 Dec 21 2004 vts_01_2.vob -r-xr-xr-x 1 root wheel 1073739776 Dec 21 2004 vts_01_3.vob -r-xr-xr-x 1 root wheel 701995008 Dec 21 2004 vts_01_4.vob /cdrom/video_ts # md5 * MD5 (video_ts.bup) = 7c22ee5d3160bc66158b13033ab3f87b MD5 (video_ts.ifo) = 7c22ee5d3160bc66158b13033ab3f87b md5: video_ts.vob: Input/output error MD5 (vts_01_0.bup) = 21acaafc3988d8a296881c878865a7d1 MD5 (vts_01_0.ifo) = 21acaafc3988d8a296881c878865a7d1 md5: vts_01_0.vob: Input/output error md5: vts_01_1.vob: Input/output error md5: vts_01_2.vob: Input/output error md5: vts_01_3.vob: Input/output error md5: vts_01_4.vob: Input/output error and for each file dmesg says acd0: FAILURE - READ_BIG ILLEGAL REQUEST asc=0x6f ascq=0x03 g_vfs_done():acd0[READ(offset=5834752, length=65536)]error = 5 Is this a case of some kind of DRM protection I'm seeing here? Am I missing something else? The drive is a acd0: DVDR HL-DT-ST DVDRAM GH22LS50/TL00 at ata8-master SATA150 (LG GH22) on a Asus P5Q3 Deluxe with Intel P45/ICH10R chipset. this usually happens with CSS scrambled VOBs. Have you tried to extract the VOBs with sysutils/vobcopy (e.g. using its --mirror option)? Just make sure that multimedia/libdvdread is actually compiled with multimedia/libdvdcss as a dependency, before compiling vobcopy. The ports should take care of that though. You may still see acd failures in dmesg using vobcopy (no idea why), but the copied VOBs should still be okay. I have no problems viewing them with mplayer. Regards, Jens -- Jens Schweikhardt http://www.schweikhardt.net/ SIGSIG -- signature too long (core dumped) Good luck, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: GELI file systems unusable after glabel label operations
On Fri, Jan 15, 2010 at 01:25:50AM -0600, Scott Bennett wrote: Check /var/backups. There should be *.eli files there. Those are the automa= tic No joy. :-( metadata backups that 'geli init' makes (at least in 8.0). You can restore those backups with 'geli restore'. Those must be new in 8.0. I don't see any in 7.2, just {aliases,group, master.passwd}.bak{,2} in /var/backups. [No help here, just a me-too...] I can confirm this: no metadata of GELI partitions generated on RELENG_7 were saved in /var/backups, but GELI partitions created since RELENG_8 were! I've noticed this by chance with geli init on an external disk, and thought that geli init would only create metadata backup automatically for disks that are not the same than the one hosting /var/backups (for obvious reasons, i.e. when you want to quickly destroy a key, and for- getting to wipe out the metadata backup). Apparently, it was the version bump, and not the different disks. Good to know indeed. Would a geli backup on those old RELENG_7 GELI partitions (or rather provider partitions) have the same effect as a RELENG_8-style geli init to get those metadata files? Maybe /usr/src/UPDATING should contain a little hint for those of us with old GELI partitions without auto-backups of metadata? I have a new 1 TB drive that I will soon connect to the system and begin creating file systems. I will make gzipped image files with dd(1) of the damaged partitions and store them on the new drive for a while in case a workable idea turns up. I feel your pain (having lost some data in a similar scenario while experimenting with glabel on geli partitions, but not as much as you). There should really be a big obvious warning in the glabel(8) and geli(8) man pages, because that's a big trap waiting to spring on unsuspecting users (POLA violation). :-( -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: XML newbie
On Fri, Dec 11, 2009 at 01:50:40AM -0500, Aryeh Friedman wrote: I am a relative XML newbie (i.e. our backend does spit out some XML I wrote but it just slapped together with no knowledge of the underlaying structure of XML)... Now I am going back and actually learning XML... our main application is to insert XML directly into XHTML documents and use either CSS or XSLT (don't know enough to pick yet) to style them without resorting to javascript... I'm using xsltproc from the port textproc/libxslt to apply custom XSLT style sheets to XML files, resulting in XHTML output. Works great, and is super fast. xsltproc also understands the xmlns:exsl extensions, which means that it can generate multiple output files from a single XML input file, using the exsl:document element (very useful in the context of XHTML generation where you need to create multiple interlinked pages). Now my question what is a good/reasonable set of command line tools for working with/debugging/testing all this in such a way I do not need to rely on the browser... specifically what types (and specific ones if there is a preference) tools do I need and are there any recommended procedures for dealing with XML from the command line in the future we may want to also do Java parsing of XML but that seems to be well handled already in the JDK (1.6) API thanks in advance You can test the XML prior to applying XSLT, using something like xmllint from textproc/libxml2. xmllint is also particularly useful, if your main XML file inputs (with xi:include) other XML files (use the option --xinclude), and it can verify DTD as well. I also use www/linklint on the set of generated XHTML files to check for broken links etc..., though I guess it could be automated at the XML (DTD?) level too. Regards, -cpghost -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rTorrent + FreeBSD + pf = freeze?
On Thu, Nov 19, 2009 at 04:08:53PM -0800, Peter Kieser wrote: This problem has been going on for at least the past 2 years. I've had the exact same issue with rtorrent locking up or restarting machines running FreeBSD, regardless of the hardware used. All I can say is that the machine that runs rtorrent itself doesn't crash (on me), no matter how much traffic it gets. BUT the FreeBSD router that NATs this traffic via pf does crash... and just as you've observed: more frequently lately than before. A crash once or twice a week is common now, while it was once every 4 to 6 months last year... That router also acts as a mail- and webserver, so it is not only dedicated to routing. Maybe that's significant. I don't know what it is, but it seems to happen more often when there's disk activity *on the router* than when the disks are mostly idle. Perhaps disk and net subsystems concurrently using a non-locked resource and killing each other? Have you tried to run rtorrent and the router on two different FreeBSD machines? Does it lock the router, or does it crash the rtorrent box only, or both? -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: hdd voltage
On Tue, Nov 17, 2009 at 07:37:00PM +0100, Polytropon wrote: Additionally, are you sure your service power is good? Even the best power supply will fail if you're not getting 120V/60H at the outlet (or whatever voltage/freq you're supposed to get in your part of the world). In Germany, we only get the purest power made of highest quality electrons, 230V 50Hz 24/7/365. :-) Note that I'm running this power supply for more than 7 years now - the SAME power supply. One pure electron a day keeps the plague[1] away... [1] http://en.wikipedia.org/wiki/Capacitor_plague Sorry, couldn't resist. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rTorrent + FreeBSD + pf = freeze?
On Thu, Oct 22, 2009 at 03:20:20PM -0800, Henrik Hudson wrote: On Wed, 21 Oct 2009, cpghost wrote: I'm experiencing frequent crashes on my soekris net4801 home router for some months now, and I'm wondering if it could be some kind of pf-related bug similar to this on OpenBSD: http://www.mail-archive.com/m...@openbsd.org/msg58042.html More precisely, when I fire up rtorrent-devel on some *other* machine (not the router!), everything runs fine at first. It could also run very fine for many days. BUT should I start a torrent with a large number of seeders which could saturate my link for an extended period of time, the soekris router would suddenly freeze... but not immediately: more like a few hours (3 to 6) or so of relatively heavy traffic. Only a hard reboot of the router would help. Please note that rtorrent is NOT running on the router, only its traffic is being redirected through the router. So I'm suspecting some bug / resource leak in pf that would bring the kernel down somehow. What kind of resources should I monitor (and how)? Maybe that could bring some clues? Oh, before anybody asks: I have no crashdumps, the router freezes totally without panicking. And it doesn't recover automatically even after many hours. Possibly a heat issue? I've seen many a little dlink style or similar router work fine until it has to churn through a lot of packets and then it just can't handle it, starts getting warm doing all the computation and then eventually freezes. I'm not ruling out a memory leak or similar, but I'm currently doing the same with a little atom ITX board and it handles all the torrents for myself and the roomies without issue. I'm using rtorrent myself with pf and 8.0-RC1-stable. I believe the pf code is backported to 7. Also, if it was just a memory leak it will still happen with non-torrent traffic, just most likely slower. Have you tried throttling back the amount of connections and speed that rtorrent makes? I've suspected a heat issue too, but sysutils/env4801 logging every 1 minute didn't show anything suspicious prior to the crashes. The system crashes ONLY on bittorrent traffic. Saturating the link (in one or both directions) even for many days in a row with 5 to 10 concurrent TCP streams to fixed destinations didn't cause any crashes. Yes, I've played with bandwidth and nr. of connections in rtorrent, and, if at all, I have a feeling (but I can't proove it) that the number of concurrent connections doesn't harm, but that the higher the output bandwidth, the more likely the crash. The only thing I didn't test yet was to replace the original DC transformer with another one that is a tad better dimensioned. Those transformers that are sent with the net4801(s) tend to degrade over the years for some reason (drying capacitors?). If it's not a software issue, this could be the cause of the crashes. henrik Thanks for the hints, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
rTorrent + FreeBSD + pf = freeze?
Hi, could a resource leak or bug in pf(4) crash a RELENG_7 router (as of Oct 6th)? I'm experiencing frequent crashes on my soekris net4801 home router for some months now, and I'm wondering if it could be some kind of pf-related bug similar to this on OpenBSD: http://www.mail-archive.com/m...@openbsd.org/msg58042.html More precisely, when I fire up rtorrent-devel on some *other* machine (not the router!), everything runs fine at first. It could also run very fine for many days. BUT should I start a torrent with a large number of seeders which could saturate my link for an extended period of time, the soekris router would suddenly freeze... but not immediately: more like a few hours (3 to 6) or so of relatively heavy traffic. Only a hard reboot of the router would help. Please note that rtorrent is NOT running on the router, only its traffic is being redirected through the router. So I'm suspecting some bug / resource leak in pf that would bring the kernel down somehow. What kind of resources should I monitor (and how)? Maybe that could bring some clues? Oh, before anybody asks: I have no crashdumps, the router freezes totally without panicking. And it doesn't recover automatically even after many hours. Any ideas? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Graphics card recommendation
On Wed, Oct 14, 2009 at 10:55:05AM -0600, Warren Block wrote: On Wed, 14 Oct 2009, jgro...@es.net wrote: nVidia support on i386 FreeBSD is not much better. One can use an nVidia card with 7.1 but under 7.2 one hits the dreaded mtrr error. A Google search finds many posts on how to fix this but none of them seem to work. I could be wrong but nVidia does not seem to be very interested in working with the FreeBSD project to address these problems. ATI also seems to have a problem with mtrr under 7.2. I'm still trying to sort this out. I hope 8.0 will address these problems. All of my cards are ATI and I don't know of the mtrr problem you're talking about. This X1650 works fine on i386 with both 7-STABLE and 8-STABLE. Try starting X with DRI, then quit X, and restart X again. If you don't have DRI anymore, chances are you've hit the ominous MTRR problem. At least, that's what I think it is, from what I've gathered from this list. I seem to have this problem with an ATI HD 3200, using the radeonhd driver under RELENG_7. It's pretty annoying, that if X crashes (or you have to stop it for some reason), you only get DRI support again after rebooting. :-( Having said this, IMHO ATI will probably be better supported in the long run on FreeBSD, because they have released the specs of rather recent chipsets, while nVidia has not (AFAIK). -Warren Block * Rapid City, South Dakota USA -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: java/jdk16 vulnerability?
On Mon, Sep 28, 2009 at 08:48:37PM -0700, Greg Lewis wrote: On Mon, Sep 28, 2009 at 12:10:48PM +0200, cpghost wrote: Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system complains about an old and vulnerable Java version: Your installed version of Java is vulnerable to a severe remote exploit (remote code execution!). You must upgrade to at least Java 5 update 20 or Java 6 update 15 as soon as possible. Freenet has disabled any plugins handling XML for the time being, but this includes searching and chat so you should upgrade ASAP! We're almost certainly vulnerable. The jdk16 port is at Update 3. Ah, I see. Thanks for clarifying. See http://www.cert.fi/en/reports/2009/vulnerability2009085.html for details. Also, please do not use Thaw or Freetalk. The UPnP plugin is enabled, it might present a risk if you have bad guys on your LAN, but without it Freenet will not be able to port forward and will have severe problems. I'm running java/jdk16: phenom# java -version java version 1.6.0_03-p4 Java(TM) SE Runtime Environment (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00) Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00, mixed mode) On 7.2-STABLE: phenom# uname -a FreeBSD phenom.cordula.ws 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue Sep 8 10:43:26 CEST 2009 r...@phenom.cordula.ws:/usr/obj/usr/src/sys/GENERIC amd64 Is that version of Java really vulnerable? If yes, why doesn't # portaudit -Fda report it as such, and could you please update the java/jdk16 port? We need an entry in the VUXML database I guess. Updating java/jdk16 is going to be a slow process. There are lots of changes between Update 3 and Update 15. I've partially merged Update 4, but obviously that still leaves many to go... Looks like *a lot* of work... Any chance to see progress here before 8.0-RELEASE? It's not a big deal, but shipping an updated port without that vuln. would be nice. Greg Lewis Email : gle...@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : gle...@freebsd.org Thanks for the great work supporting JDK natively on FreeBSD, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mplayer: X11 error: BadAlloc (insufficient resources for operation)
On Wed, Sep 30, 2009 at 05:36:40PM +0100, Anton Shterenlikht wrote: I've installed port multimedia/mplayer (mplayer-0.99.11_14) on 9.0-current ia64. Trying to play an mpeg video I get endless stream of X11 error: BadAlloc (insufficient resources for operation) X11 error: BadAlloc (insufficient resources for operation) V: 7.6 190/190 17% 82% 0.0% 0 0 X11 error: BadAlloc (insufficient resources for operation) X11 error: BadAlloc (insufficient resources for operation) X11 error: BadAlloc (insufficient resources for operation) X11 error: BadAlloc (insufficient resources for operation) X11 error: BadAlloc (insufficient resources for operation) X11 error: BadAlloc (insufficient resources for operation) This usually happens when X doesn't have enough resources to allocate to direct viewing with the xv (XView) driver. This is very often related to DRM/DRI or memory problems. As a work around, try playing the video with the x11 driver instead: $ mplayer -vo x11 somefile.avi On a very slow machine, x11 isn't as good as xv driver, but it's better than nothing. On a reasonably fast machine (2 GB or so), you shouldn't notice any difference. Also you can't use full screen mode with x11 driver like with xv, but if your CPU is fast enough, you can use software zooming with the -zoom option. BTW, I often experience that mplayer with -vo xv works very well the first time I start X (directly after booting), but not on subsequent starts of X. I traced this down to the following data point, but was unable to investigate further as I have NO experience in drm/dri debugging: On a first start of X on my machine, xvinfo yields: $ xvinfo X-Video Extension version 2.2 screen #0 Adaptor #0: RadeonHD Textured Video number of ports: 16 port base: 64 operations supported: PutImage supported visuals: depth 24, visualID 0x21 no port attributes defined maximum XvImage size: 8192 x 8192 (...) and mplayer -vo xv ... and everything else works great; while on subsequent starts of X, it returns something like $ xvinfo X-Video Extension version 2.2 screen #0 no adaptors present and mplayer -vo xv yields those X11 BadAlloc errors, and scrolling in tin/rtin, firefox etc... is *painfully* slow. This is with the following kld modules 51 0x80e67000 5ab6dradeon.ko 61 0x80ec2000 11795drm.ko and radeonhd driver: drm0: ATI Radeon HD 3200 Graphics on vgapci0 info: [drm] MSI enabled 1 message(s) vgapci0: child drm0 requested pci_enable_busmaster info: [drm] Initialized radeon 1.29.0 20080528 info: [drm] Setting GART location based on new memory map info: [drm] Loading RS780/RS880 Microcode info: [drm] Resetting GPU info: [drm] writeback test succeeded in 1 usecs drm0: [ITHREAD] It may be similar with other Xorg drivers that can't initialize drm/dri properly, or can't allocate enough memory for DRI to mplayer. X11 BadAlloc can also happen on large videos only, while mplayer is able to play smaller videos with xv... Good luck. Exiting... (End of file) Please advise many thanks -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
java/jdk16 vulnerability?
[Sorry for resending: I didn't get any replies] Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system complains about an old and vulnerable Java version: Your installed version of Java is vulnerable to a severe remote exploit (remote code execution!). You must upgrade to at least Java 5 update 20 or Java 6 update 15 as soon as possible. Freenet has disabled any plugins handling XML for the time being, but this includes searching and chat so you should upgrade ASAP! See http://www.cert.fi/en/reports/2009/vulnerability2009085.html for details. Also, please do not use Thaw or Freetalk. The UPnP plugin is enabled, it might present a risk if you have bad guys on your LAN, but without it Freenet will not be able to port forward and will have severe problems. I'm running java/jdk16: phenom# java -version java version 1.6.0_03-p4 Java(TM) SE Runtime Environment (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00) Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00, mixed mode) On 7.2-STABLE: phenom# uname -a FreeBSD phenom.cordula.ws 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue Sep 8 10:43:26 CEST 2009 r...@phenom.cordula.ws:/usr/obj/usr/src/sys/GENERIC amd64 Is that version of Java really vulnerable? If yes, why doesn't # portaudit -Fda report it as such, and could you please update the java/jdk16 port? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
java/jdk16 vulnerability?
Hi Greg, Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system complains about an old and vulnerable Java version: Your installed version of Java is vulnerable to a severe remote exploit (remote code execution!). You must upgrade to at least Java 5 update 20 or Java 6 update 15 as soon as possible. Freenet has disabled any plugins handling XML for the time being, but this includes searching and chat so you should upgrade ASAP! See http://www.cert.fi/en/reports/2009/vulnerability2009085.html for details. Also, please do not use Thaw or Freetalk. The UPnP plugin is enabled, it might present a risk if you have bad guys on your LAN, but without it Freenet will not be able to port forward and will have severe problems. I'm running java/jdk16: phenom# java -version java version 1.6.0_03-p4 Java(TM) SE Runtime Environment (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00) Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00, mixed mode) On 7.2-STABLE: phenom# uname -a FreeBSD phenom.cordula.ws 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue Sep 8 10:43:26 CEST 2009 r...@phenom.cordula.ws:/usr/obj/usr/src/sys/GENERIC amd64 Is that version of Java really vulnerable? If yes, why doesn't # portaudit -Fda report it as such, and could you please update the java/jdk16 port? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to get pf to wait for ng0
On Sat, Sep 19, 2009 at 10:30:14PM -0500, Sam Fourman Jr. wrote: Hello list, I am trying to use FreeBSD 8 RC1 to setup L2 tunnels via mpd5. My problem is the pf.conf file is never parsed because ng0 does not exist yet on startup ng0 is this case is DSL PPPoE to our local telco for internet access. after the DSL dials up (via mpd5) if I do pfctl -d pfctl -e -f /etc/pf.conf everything works as expected. What is the best way to get pf to wait and parse the ruleset until after ng0 exists? That old problem again... ;-) My (somewhat shaky) work around is this: 1. In /etc/rc.d/NETWORKING, add the line # REQUIRE: mpd 2. In /usr/local/etc/rc.d/mpd5, make sure the line # PROVIDE: mpd is present 3. In /usr/local/etc/rc.d/mpd5, add sleep 10 at the bottom. (That's where my solution is shaky: 10 secs is more than enough for me on PPPoE, but it may not be enough for dial-up modems etc.) 4. In /etc/rc.d/pf, add NETWORKING to the # REQUIRE: line: # REQUIRE: FILESYSTEMS netif pflog pfsync NETWORKING 5. In /etc/rc.d/named, add NETWORKING to the # REQUIRE: line: # REQUIRE: SERVERS cleanvar NETWORKING This setup will effectively run mpd5 *before* pf, and will also wait (hopefully) long enough for mpd5 to set up ng0. Then, when pf runs, ng0 will be already there. Of course, there is more than one way to do it. It just happens to work here. Sam Fourman Jr. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: hard disk failure - now what?
On Mon, Aug 24, 2009 at 02:51:41PM -0600, Tim Judd wrote: Buy spinrite, no matter what. It's OS/FS independent. it works on the bits stored on the magnetic platters, NOT on a filesystem. TiVo, Linux, BSD and Mac OSX drives are treated the same. Bits on a magnetic platter. It's recovery stems from the randomization and movement of the head to the sector in question that allows it to salvage any bits it can (for example, other recovery will abandon 512bytes if 1 bit cannot be read. spinrite will recover 512bytes-1bit to a hard drive's spare sector once spinrite says i'm done working with this sector.) It leads to a very successful rate. (Disclaimer: I'm not familiar with spinrite.) 512bytes-1bit may be read back, but you can't be sure that those are the correct bytes! IIRC, sectors are usually protected by some kind of ECC. Simply ignoring the ECC and reading raw magnetic data will all too often result in corrupt sectors. Of course, if you have out-of-band error correction or at least error detection mechanisms (like .PAR or md5/sha1 checksums), raw magnetic recovery is better than nothing, if you're desperate. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /etc/rc.d/named dilemma
On Fri, Aug 21, 2009 at 09:37:09PM -0700, Nerius Landys wrote: I am trying to figure out why DNS lookups are not possible right after the named process has been launched (during bootup). At start, named sends a couple of queries to e.g. root servers. All this requires the network connection to be already up and running; and if you're using a firewall, it also needs to be up and ready. And, more importantly, it requires some time until named is ready to answer lookups... and in the mean time, you've already launched other processes who do queries. I have a similar problem with a little FreeBSD-based home router running net/mpd5 to connect via PPPoE to a DSL line. Because packages (and so mpd) start after all system processes, named has problems to connect to the root servers, pf has problems initializing itself without ng0 interface, ntpd has problems initializing itself,... and when mpd finally established the network connection, it is already too late. I'd love to change the rc-order of the scripts, so that mpd starts first, waits until the link is up, and only then starts the other processes. But until I've found out how to do that the right way, I wrote a little batch script that gets invoked at link-up, and that simply restarts all other processes in the order: pf, named, ntpd, postfix, etc... That's not ideal, but as a kludge, it works for me. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: please help to uninstall FreeBSD!!!
On Mon, Aug 17, 2009 at 10:25:29AM +0200, Polytropon wrote: By the way, where did I read that #define macro names have to be unique within the first 6 (six) letters? :-) The 6 letters limit was actually a restriction of earlier linkers and it affected all identifiers of linkable objects like variables, functions etc... Everybody familiar with FORTRAN libraries like BLAS [1] will remember that cramped namespace. ;-) [1]: http://www.netlib.org/lapack/lug/node145.html -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: please help to uninstall FreeBSD!!!
On Mon, Aug 17, 2009 at 06:18:45PM +0800, Erich Dollansky wrote: On 17 August 2009 pm 18:09:06 cpghost wrote: On Mon, Aug 17, 2009 at 10:25:29AM +0200, Polytropon wrote: By the way, where did I read that #define macro names have to be unique within the first 6 (six) letters? :-) The 6 letters limit was actually a restriction of earlier linkers and it affected all identifiers of linkable objects I did not know that linkers resolved macros those days. Of course they didn't. But knowing that linkers restricted the identifiers' length to 6 chars, it made sense for preprocessors to restrict them as well before passing them to the compiler and linker. Actually, it's a bit more complicated than that, but the basic restriction came from the linkers, the preprocessors only inherited it. Interesting. Erich Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot failure
On Fri, Aug 07, 2009 at 10:31:01AM -0400, Identry wrote: Are you using the GENERIC kernel After more research, I think the answer to this is no. There is a directory called /boot/kernel.old. From my reading, I believe this is the original generic kernel? Try this: # strings /boot/kernel/kernel | grep ':/usr/obj/usr/src/sys/' # strings /boot/kernel.old/kernel | grep ':/usr/obj/usr/src/sys/' -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot failure
On Fri, Aug 07, 2009 at 10:59:13AM -0400, Identry wrote: Try this: # strings /boot/kernel/kernel ? ? | grep ':/usr/obj/usr/src/sys/' # strings /boot/kernel.old/kernel | grep ':/usr/obj/usr/src/sys/' $ strings kernel/kernel |grep ':/usr/obj/usr/src/sys' r...@on.identry.com:/usr/obj/usr/src/sys/INET_ON $ strings kernel.old/kernel |grep ':/usr/obj/usr/src/sys' r...@on.identry.com:/usr/obj/usr/src/sys/INET_ON So both are (probably) custom kernels. Just run a diff between: /usr/src/sys/$ARCH/conf/GENERIC and /usr/src/sys/$ARCH/conf/INET_ON (with ARCH being one of i386, amd64, etc...) GENERIC and INET_ON may be equal; then you're running GENERIC. If not, they you're running a customized kernel. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Secure password generation...blasphemy!
On Tue, Aug 04, 2009 at 10:39:38AM -0600, Modulok wrote: But I'm also looking for a good way to generate high quality crypto keys. In the later case, the data being protected are disk images of clients...mountains of sensitive data. These will be on USB keys, and thus do not need to be memorized. Assuming my clients are not enemies of a state, /dev/random should be a sufficient source for this purpose, correct? i.e: dd if=/dev/random of=foo.key bs=256 count=1 It should be good enough... but you need to do so reading on non-linear key spaces first. Depending on the symmetric cipher, not all keys are equally strong; and if you're unlucky, you may catch one of those bad keys through /dev/random. However, this is a fairly advanced crypto topic. Thanks guys! -Modulok- -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A port for FireGPG?
On Sat, May 23, 2009 at 04:53:53PM +0200, cpghost wrote: On Sat, May 23, 2009 at 12:31:29AM +0200, cpghost wrote: Hi, I'd like to use GnuPG with Webmail (e.g. with gmail or other webmails). AFAICS, the following Firefox add-on would help: http://www.getfiregpg.org/ Unfortunately, according to http://www.getfiregpg.org/install.html one needs to compile an IPC library (?) out of the firefox3 sources, like this: http://blog.getfiregpg.org/2008/10/17/how-to-compile-the-ipc-library/ Is there a port to automate this task, or could someone with the necessary skills please create such a port? That would be great! Just a little follow-up. Those are the (manual) steps to get libipc compiled on FreeBSD/amd64, assuming www/firefox3 is already installed: Hi, this is an update for www/firefox35 # cd /usr/ports/www/firefox35 # make configure # make build (Be patient, it takes some time) # cd work/mozilla-1.9.1/extensions # now fetch libipc (ipc-latest.tar.gz) to /path/to/ipc-latest.zip (source of ipc-latest.tar.gz is https://bugzilla.mozilla.org/attachment.cgi?id=299132) # tar -xvpf /path/to/ipc-latest.zip # chown -R root:wheel ipc (We now have /usr/ports/www/firefox35/work/mozilla-1.9.1/extensions/ipc) # cd ipc now: /usr/ports/www/firefox35/work/mozilla-1.9.1/extensions/ipc # ./makemake -r -o . Here, you need to manually edit (like this): Makefile(topsrcdir = ../..) build/Makefile (topsrcdir = ../../..) public/Makefile (topsrcdir = ../../..) src/Makefile(topsrcdir = ../../..) # gmake (This will create libipc.so, ipc.xpt in: /usr/ports/www/firefox35/work/mozilla-1.9.1/dist/bin/components) # cd /usr/ports/www/firefox35/work/mozilla-1.9.1/dist/bin/components # cp -i libipc.so /usr/local/lib/firefox3/components/ # cp -i ipc.xpt /usr/local/lib/firefox3/components/ (There is no need to install firefox3 again. Only libipc.so and ipc.xpt count) $ cd ~/.mozilla/firefox/the_firefox_profile $ touch .autoreg (And restart firefox3). With that, firegpg add-on works flawlessly. All this can probably be automated with a slave port of www/firefox35. IMPORTANT: you don't want to use the port www/xpi-firegpg. It is extremely outdated (firegpg-0.5.2). Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ATI Radeon X600: no DRI upon X restart :-(
result is 8, (OK) drmOpenDevice: node name is /dev/dri/card0 drmOpenDevice: open result is 8, (OK) drmOpenByBusid: Searching for BusID pci::01:05.0 drmOpenDevice: node name is /dev/dri/card0 drmOpenDevice: open result is 8, (OK) drmOpenByBusid: drmOpenMinor returns 8 drmOpenByBusid: drmGetBusid reports pci::01:05.0 (II) [drm] DRM interface version 1.2 (II) [drm] DRM open master succeeded. (II) RADEONHD(0): [drm] Using the DRM lock SAREA also for drawables. (II) RADEONHD(0): [drm] framebuffer handle = 0xf000 (II) RADEONHD(0): [drm] added 1 reserved context for kernel (II) RADEONHD(0): X context handle = 0x1 (II) RADEONHD(0): [drm] installed DRM signal handler (EE) RADEONHD(0): [pci] Out of memory (-12) (EE) RADEONHD(0): [pci] PCI failed to initialize. Disabling the DRI. (II) RADEONHD(0): [drm] removed 1 reserved context for kernel (II) RADEONHD(0): [drm] unmapping 8192 bytes of SAREA 0xff80007cd000 at 0x8006c4000 (II) RADEONHD(0): [drm] Closed DRM master. [...] This is amd64-CURRENT, uname -a: FreeBSD kushnir1.kiev.ua 8.0-CURRENT FreeBSD 8.0-CURRENT #1: Wed Feb 4 08:15:51 EET 2009 r...@kushnir1.kiev.ua:/usr/obj/usr/src/sys/KUSHNIR amd64 NForce4 based MB (s939) Asus A8N SLI, Athlon 3000+, 512 MB RAM, Radeon X600 PCIE. amd64/RELENG_7 as of Thu Jun 25. Getting this on the console the first time I'm starting X: drm0: ATI Radeon HD 3200 Graphics on vgapci0 info: [drm] MSI enabled 1 message(s) vgapci0: child drm0 requested pci_enable_busmaster info: [drm] Initialized radeon 1.29.0 20080528 info: [drm] Setting GART location based on new memory map info: [drm] Loading RS780 Microcode info: [drm] Resetting GPU info: [drm] writeback test succeeded in 1 usecs drm0: [ITHREAD] info: [drm] Resetting GPU Starting X again the 2nd time works fine, but DRI is then disabled. Those are the loaded kernel modules: % kldstat Id Refs AddressSize Name 1 11 0x8010 be3270 kernel 21 0x80e22000 1b57 atapicam.ko 31 0x80e24000 131b6snd_hda.ko 41 0x80e38000 2e530sound.ko 51 0x80e67000 5a7cdradeon.ko 61 0x80ec2000 115c4drm.ko Any suggestions? No idea. Perhaps asking radeonhd's or drm maintainer directly to have a look? Did you find a work around besides rebooting? TIA, Vladimir Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Versioning File System for FreeBSD?
On Thu, Jun 25, 2009 at 12:33:23AM +0200, Polytropon wrote: On Wed, 24 Jun 2009 23:57:34 +0200, cpghost cpgh...@cordula.ws wrote: Yep, you're right. I thought about a way to extend the API in a backwards compatible way, but that's not as easy or straight forward as it seems. In fact, it opens a whole can of worms. If the versioned file system isn't also POSIX compatible (where everything happens in HEAD unless specified otherwise), it's practically useless. The question is: Do you want to take versioning support into the file system intendedly? FreeBSD keeps most things on a per-file basis (ordinary files, devices, processes etc.). Versioning can always be added as a separate solution (using versioning systems as separate programs) that does not make any assumptions on the file system used. As you concluded, the file system's complexity would of course grow with those requirements. In addition to your arguments, just imagine how a fsck for such a file system would have to be implemented... Yep. The more I think about it, the less obvious it becomes. IMHO, file versioning a la VMS would be possible (somehow), but everything beyond that (esp. directory versioning) requires a LOT of careful thinking. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Versioning File System for FreeBSD?
On Thu, Jun 25, 2009 at 01:59:45AM +0200, Roland Smith wrote: On Wed, Jun 24, 2009 at 11:57:34PM +0200, cpghost wrote: Quite true! I see even more ambiguity here: What about a versioned file pointed to by hard links from two versioned directories? The more I think about it, the more problems I can see. Look e.g. at symbolic links. Or looking from the vc side, what about branches (checking out an older version of a file and editing it). Does it automatically become the new head, or are concurrent branches allowed? And even if the semantics were absolutely sound (can they be?), all this meta data really needs to happen on a block level, e.g. how described in that paper. I really wonder if combining a filesystem and a version control system is a good idea? After a good night's sleep, and rethinking the whole concept, I agree that this is not such a good idea after all. At least not until I fully understand how (directory) versioning actually is supposed to work semantically AND under the hood. I'll stick to subversion (and will try git and hg as well), until I find a better solution. And there's another problem here: what if two processes concurrently save (commit?) the same file, and there's a merging conflict? I'd say that two processes should _never_ open the same file for writing at the same time. Since the contents of the file are opaque to the file system but not to the programs, it is impossible for the filesystem to fix merge conflicts. Right! If you have multiple programs working together only one should write to the file in question. The others should communicate with the writing program via IPC. Serializing file access? Yes, that makes sense. Of course, there would be additional API calls to traverse the list of revisions, to access meta data (properties?, tags?, commit logs?, ...) etc., so that the file system remains manageable. VMS had a filesystem that uses versioning: [http://en.wikipedia.org/wiki/Files-11] I was thinking about this before starting this thread. But file versioning (as opposed to full versioning that also includes directory versioning) is probably relatively easy to implement. At least, its semantics are unambiguous. Indeed. It seems the VMS filesystem just tacks a semicolon and a nummer on to the filename. Yep, that's one way to do it. If you're willing to go to the block level, I could imagine the inode of a versioned file linking to versioned direct / indirect blocks, i.e. one inode linking to more than just one (physical) file. To keep things simple, the inode could link to a circular buffer of N (direct/indirect block links). Those versioned files could also COW-share blocks, but that's nothing conceptual, just an optimization. That would be pure file versioning: directories are linking to the inode, and each inode would potentially refer to N revisions of a file. But if it makes sense or not is something else altogether. Thanks for the great brainstorming. Things are clearer to me now. ;-) Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best practices for securing SSH server
On Wed, Jun 24, 2009 at 03:53:15PM +0200, Erik Norgaard wrote: RW wrote: On Tue, 23 Jun 2009 22:37:12 +0200 Erik Norgaard norga...@locolomo.org wrote: You're right, as long as port-knocking as a first pass authentication scheme is not in wide spread use, then any attackers will not waste time port-knocking. If ever port-knocking becomes common, attackers will adapt and start knocking. It would be fairly straightforward to prevent that by having a combination of knocking ports and secret guard ports. When a guard port gets hit the sequence is broken, and the source IP gets blocked for a while. Great: Wouldn't that be the same as monitoring failed login attempts and temporarily blacklisting ips that repeatedly connect through standard methods? Hmmm..., you're right on this point. But port knocking can be useful and provide more security *if* you modify the kocking sequence algorithmically and make it, e.g. a function of time, source IP/range (and other factors). This could prevent a whole class of replay-attacks. Of course, you can modify the keys/passwords algorithmically and make them a function of time, source IP etc. as well... ;-) And while we're at it: how about real OPIE? Or combining SSH keys, OPIE, and port knocking? Erik N?rgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: The question of moving vi to /bin
On Wed, Jun 24, 2009 at 06:13:49AM -0700, b. f. wrote: On Tuesday 23 June 2009 15:41:48 Manish Jain wrote: About ed first. I might annoy a few people (which would gladden me in this particular case), but ed was just one of Ken Thompson's nightmares which he managed to reproduce in Unix with great precision. By no stretch of imagination would it qualify as an editor, because an editor can meaningfully edit only what it can first show. And ed has never had anything to show. A modern operating system like FreeBSD should really be kicking ed out of the distribution completely : bad ideas don't have to be necessarily perpetuated just for the sake of compliance with the original concept of Unix. If you want to make a case for replacing ed(1), you're going to have to come up with some concrete reasons for doing so, not just make a (long and hyperbolic) statement that you don't like it. Please don't touch/remove ed(1)! * It's still very useful on non-curses/termcap capable terminals like raw serial lines etc. * It's also very useful in batch/script mode, as there are some multi-line text processing problems that you can't tackle with sed(1) alone, and where awk(1) or even perl, python etc.. are overkill. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Versioning File System for FreeBSD?
Hi, is there anybody working on a versioning file system for FreeBSD right now? Maybe something like what's discussed here? http://www.pdl.cmu.edu/PDL-FTP/Secure/FAST03_abs.html I don't care if it is native or a layer, geom-ified, fuse-based, or even if it uses subversion as its backend, as long as it provides some kind of transparent versioning. Anything like that in the works? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Best practices for securing SSH server
On Wed, Jun 24, 2009 at 04:50:01PM +0200, Erik Norgaard wrote: cpghost wrote: On Wed, Jun 24, 2009 at 03:53:15PM +0200, Erik Norgaard wrote: But port knocking can be useful and provide more security *if* you modify the kocking sequence algorithmically and make it, e.g. a function of time, source IP/range (and other factors). This could prevent a whole class of replay-attacks. Of course, you can modify the keys/passwords algorithmically and make them a function of time, source IP etc. as well... ;-) I don't think it's worth wasting time trying to repair a conceptually bad idea, in particular when there are so many alternatives. Whichever way you turn around this idea, it boils down to a shared secret. The security of a shared secret is inversely proportional to the people knowing it, while the trouble of changing it is proportional to the number knowing it. You've already got individual passwords in place. If your knock sequence/shared secret is randomly chosen of say 1 million (any number will do for the example) won't you get better security increasing the entropy of the individual passwords equivalently? Agreed. And while we're at it: how about real OPIE? Or combining SSH keys, OPIE, and port knocking? What is the easier solution: implement port knocking or doubling the length of your ssh keys? It all boils down to this: do you login from a secure machine or not? Each tool has its own set of uses. When I want to log in from a public terminal, I prefer OPIE; when I log in from home, I prefer SSH keys. Port knocking is an interesting technique, but as you pointed out, its only useful on machines with very few accounts. Each of the technologies you mention can be tuned for higher security using longer passwords, checking entropy when people choose a new password, more ports in the range of your combination, more knocks etc. I don't get why you wish to combine different technologies rather than tune the well tested and tried already implemented out of the box methods for higher security. I totally agree. BR, Erik -- Erik N?rgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Versioning File System for FreeBSD?
On Wed, Jun 24, 2009 at 06:37:55PM +0200, Roland Smith wrote: On Wed, Jun 24, 2009 at 05:04:22PM +0200, cpghost wrote: Hi, is there anybody working on a versioning file system for FreeBSD right now? I don't care if it is native or a layer, geom-ified, fuse-based, or even if it uses subversion as its backend, as long as it provides some kind of transparent versioning. You could try devel/git? It's not a file system, but a very efficient directory content tracker/version control system. One of the things I use it for is to keep a certain directory in sync between a desktop and a laptop. It works equally well with text or binary files. Yes, that's one possibility. But just like Subversion (which I'm using extensively here), it's not really transparent. Or maybe http://www.nongnu.org/libsqlfs/ will do what you want? Haven't tried that, though. But does it really support versioning? I was actually thinking of a real versioning file system, with an extended POSIX API (yet to be defined), to access all revisions of a file system, just like with Subversion revisions. As an example: opendir(2) would grow an additional and optional argument revision to select either HEAD or some revision of the directory: DIR *dirp; dirp = opendir(/path/to/dir, 0); /* open /path/to/file at HEAD */ dirp = opendir(/path/to/dir); /* same as above, POSIX compat */ dirp = opendir(/path/to/dir, 323); /* open dir at revision 323 */ /* From here on, readdir() would retrieve /path/to/dir entries at the specified revision. */ open(2) could open a file at an earlier revision: FILE *filep; /* open file in HEAD */ filep = open(/path/to/file, O_RDONLY); /* open same path, but at revision 323 */ filep = open(/path/to/file, O_RDONLY, /* 0666 */, 323); unlink(2) would remove an entry from a directory, and bump the revision of the directory. Accessing that path from the new revision wouldn't be possible, but the file would still be there in an earlier revision. Modifying a file would also create new revisions (e.g. at each write(2), or at each close(2), that should be selectable). Of course, there would be additional API calls to traverse the list of revisions, to access meta data (properties?, tags?, commit logs?, ...) etc., so that the file system remains manageable. I didn't try them (yet), but on Linux, there are some experimental versioning file systems like: http://www.ext3cow.com/Welcome.html http://tux3.org/ and there's a (unmaintained?) FUSE file system at: http://wayback.sourceforge.net/ all of which differ in the way POSIX API should be extended and the semantics for versioning. But there's apparently nothing yet in the works for FreeBSD. Perhaps some layer on top of existing file systems, or an extension of UFS/FFS that stores versioning meta data directly at the block level? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Versioning File System for FreeBSD?
On Wed, Jun 24, 2009 at 07:59:18PM +0200, cpghost wrote: open(2) could open a file at an earlier revision: FILE *filep; s/FILE */int /; -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Versioning File System for FreeBSD?
On Wed, Jun 24, 2009 at 09:11:25PM +0200, Roland Smith wrote: Yes, that's one possibility. But just like Subversion (which I'm using extensively here), it's not really transparent. What is? If you have to extend the API like you propose below, all programs that want to use that feature have to be changed. So if you're going around changing your program, why not have it interface to an existing revision control that you are already familiar with? That seems a lot easier that tacking revision control onto a filesystem! Yep, you're right. I thought about a way to extend the API in a backwards compatible way, but that's not as easy or straight forward as it seems. In fact, it opens a whole can of worms. If the versioned file system isn't also POSIX compatible (where everything happens in HEAD unless specified otherwise), it's practically useless. Git is very good at efficiently storing the differences between commits. And every copy of a directory under git control is a full-blown repository, so you can experiment with a copy without fear of fouling up your precious repository. That's true as well. I'm not very familiar with git (as opposed to subversion), but I clearly see its advantages. I was actually thinking of a real versioning file system, with an extended POSIX API (yet to be defined), to access all revisions of a file system, just like with Subversion revisions. As an example: opendir(2) would grow an additional and optional argument revision to select either HEAD or some revision of the directory: DIR *dirp; dirp = opendir(/path/to/dir, 0); /* open /path/to/file at HEAD */ dirp = opendir(/path/to/dir); /* same as above, POSIX compat */ dirp = opendir(/path/to/dir, 323); /* open dir at revision 323 */ /* From here on, readdir() would retrieve /path/to/dir entries at the specified revision. */ open(2) could open a file at an earlier revision: FILE *filep; /* open file in HEAD */ filep = open(/path/to/file, O_RDONLY); /* open same path, but at revision 323 */ filep = open(/path/to/file, O_RDONLY, /* 0666 */, 323); There is some ambiguity here. Does 323 refer to a single file, or to the state of its parent directory? If changing a file doesn't update the version of its parent directory, then why have version numbers for directories? On the other hand, if changing a file updates the revision for the file and its parent directory, the revision for the root directory will increase quite rapidly! Quite true! I see even more ambiguity here: What about a versioned file pointed to by hard links from two versioned directories? And even if the semantics were absolutely sound (can they be?), all this meta data really needs to happen on a block level, e.g. how described in that paper. unlink(2) would remove an entry from a directory, and bump the revision of the directory. Accessing that path from the new revision wouldn't be possible, but the file would still be there in an earlier revision. Modifying a file would also create new revisions (e.g. at each write(2), or at each close(2), that should be selectable). I don't know what you want to do use this for, but a simple trick (used e.g. by Pro/Engineer) is to have your application append a version number after the filename (e.g. foo.prt.1) that is incremented every time the file is saved. This does waste some disk space (or provides redundancy, take your pick). Yes, that's always possible. But that would defeat transparency. And there's another problem here: what if two processes concurrently save (commit?) the same file, and there's a merging conflict? Of course, there would be additional API calls to traverse the list of revisions, to access meta data (properties?, tags?, commit logs?, ...) etc., so that the file system remains manageable. VMS had a filesystem that uses versioning: [http://en.wikipedia.org/wiki/Files-11] I was thinking about this before starting this thread. But file versioning (as opposed to full versioning that also includes directory versioning) is probably relatively easy to implement. At least, its semantics are unambiguous. I didn't try them (yet), but on Linux, there are some experimental versioning file systems like: http://www.ext3cow.com/Welcome.html http://tux3.org/ and there's a (unmaintained?) FUSE file system at: http://wayback.sourceforge.net/ all of which differ in the way POSIX API should be extended and the semantics for versioning. But there's apparently nothing yet in the works for FreeBSD. Perhaps some layer on top of existing file systems, or an extension of UFS/FFS that stores versioning meta data directly at the block level? -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail
Re: Versioning File System for FreeBSD?
On Wed, Jun 24, 2009 at 11:26:50PM +0200, Morten Grunnet Buhl wrote: * cpghost cpgh...@cordula.ws [2009-06-24 17:04 +0200]: Hi, is there anybody working on a versioning file system for FreeBSD right now? - I don't know how fare along hammerfs is in being ported to FreeBSD. But from what I have heard, feature-wise, it might be something that meets your needs. Ah, yes, that's interesting too. I'll investigate it. Thanks for the hint! An alternative could be ZFS with its snapshot ability. IMHO, ZFS snapshots are a little bit too coarse versioning for what I have in mind. I'm seeking something more precise. Not entirely a subversion-on-filesystem replacement, but rather close, if possible. Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 04:06:18PM -0500, Gary Gatten wrote: Whatever happened to BeOS? http://www.haiku-os.org/ -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 10:13:43PM +0200, Roland Smith wrote: On Wed, Jun 03, 2009 at 09:35:31PM +0200, Polytropon wrote: On Wed, 3 Jun 2009 13:46:15 -0500, Gary Gatten ggat...@waddell.com wrote: Isn't there an OpenVMS somewhere? There is an open source clone in the works: http://www.freevms.net/ No idea of the state it is in. The OZONE OS [http://www.o3one.org/] uses a lot of VMS concepts. Thank you! A wounderful hint. BTW, since we're talking about vintage OSes: anyone knows of a BS2000 clone, emulator, ...? http://ts.fujitsu.com/products/bs2000/index.html http://en.wikipedia.org/wiki/BS2000 I'm especially interested in an emulation of the old terminal-based BS2000 before they introduced POSIX compat in 1992 (i.e. BS2000 as of between 1986 and 1992). For other emulators of old hardware, we have the great collecton of /usr/ports/emulators/simh plus images, but nothing BS2000-ish (yet). Or do we? TIA, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 08:49:50AM +0200, Wojciech Puchar wrote: I mean things like sending private data to someone else, scanning for other programs i have on disk, my addressbook etc. Given enough incentive, it unfortunately seems even open source developers will resort to sneaky tactics: http://arstechnica.com/open-source/news/2009/05/mozilla-ponders-policy-change-after-firefox-extension-battle.ars but it's at least much more difficult. And - my other rule fits very well here. Avoid OVERCOMPLEX programs. Unfortunately there are no well done WWW browsers for unix in the world. links -g is an exceptions, but in the same time it's quite limited. But have best fonts :) You're right: browser code is overly complex, and a nightmare to audit properly for security purposes. That's why when working in a sensitive environment, I browse the web primarily with elinks (with JavaScript disabled, of course), and secondarily and only when absolutely necessary with the usual firefox+noscript+abp... both browsers running in a virtual box (qemu, virtualbox) dedicated to this purpose and this purpose only. Of course, I'm taking more precautions, as running in a box may still not be 100% secure, if someone creative enough found a way to break out of the guest OS into the host OS; but everything else is just irresponsible and way too risky, from a security point of view. Surely, not everyone has the same security requirements, and YMMV. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 11:24:02AM +0200, Wojciech Puchar wrote: secondarily and only when absolutely necessary with the usual firefox+noscript+abp... both browsers running in a virtual box (qemu, virtualbox) dedicated to this purpose and this purpose only. Exaggeration IMHO. just make sure your normal user has 700 permissions, create another and run browser from it. What about permissions in X? Even if you started the browser as another user, you'd still have to xhost + that user. And from there, it's easy to hijack the X session (including keylogging etc.). So you'll start another Xorg process as the other user, but are you sure both processes are totally isolated and can't communicate via unix-domain sockets etc? Checked all perms of all devices, all FIFOs etc? The point is: if you start *any* untrusted program on your host OS, there's a remote possibility that you've overlooked something (your example with 0700 permissions for home dirs is a good example, but there's a lot more), and that the process starts seeing stuff it isn't meant to see. And even chroot(2) isn't perfect. Remember: http://unixwiz.net/techtips/chroot-practices.html http://wiki.netbsd.se/How_to_break_out_of_a_chroot_environment That's just the tip of the iceberg. You never know what's still lurking out there on the host OS, and when you need strong security, a virtualized environment for untrusted processes as a minimum is a *must-have*. And even then, that is risky, if the emulator or paravirtualizer contains bugs and flaws. You can get a little bit more confidence with virtualizers if emulated CPU arch != host CPU arch (e.g. when emulating PPC, 68000 or even more exotic processors on x86), but that's dog slow for modern day browsing even on fast machines. So it's not always practical to do so (though when security is paramount, browsing slowing may well be the price to pay). And obviously, the emulator sill needs to resist especially crafted bytecode that may crash it in a very specific way (read: an exploit of an emulator's bug)! Of course, I'm taking more precautions, as running in a box may still not be 100% secure, if someone creative enough found a way to break out of the guest OS into the host OS; but everything else is just Nobody would write specially prepared webpage exactly for You to break ;) That's right, and that's why non-Windows users are less exposed to the usual risks. But still, one has to be careful. It's a matter of protecting yourself from big brothers that watch others. Or from little brothers that explicitly target your infrastructure (think: industrial espionage etc.). Those attackers are much more worrying that your usual suspects, script kiddies et al., as contrary to the broad attackes of the latter, the former usually have more resources, including time, to conduct targeted penetration attempts into your secure environment. You see, security is more than just protecting the normal desktop user from vanilla attacks. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to reset a connection stuck in CLOSE_WAIT state
On Wed, Jun 03, 2009 at 05:38:24PM +0700, Olivier Nicole wrote: Hi, I am runnig FlexNet license manager on FreeBSD (6.4), this is alinux application, but it is running smoothly. The problem occurs sometime at stop time, it will not stop cleanly and leave a connection in CLOSE_WAIT state. As a result, the ports are not freed and the license managerserver cannot restart. Is there a simple way to force reset the hanging connection? /usr/sbin/tcpdrop maybe? Not sure it would reset/kill the connection immediately though. You'll have to try it. Best regards, Olivier -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 01:15:32PM +0200, Wojciech Puchar wrote: there, it's easy to hijack the X session (including keylogging etc.). You mean Xorg can easily be hijack'ed that way? If you can connect to the X server, you can also attach any kind of monitoring software to it. Think vncserver and the like... So you'll start another Xorg process as the other user, but are you Nothing forbids you to start 2 X servers and do console switching. That's what I do, and it's easy enough. It's a matter of protecting yourself from big brothers that watch others. Or from little brothers that explicitly target your infrastructure (think: industrial espionage etc.). Those attackers are much more worrying that your usual suspects, script kiddies et al., as contrary to the broad attackes of the latter, the former usually have more resources, including time, to conduct targeted penetration attempts into your secure environment. But they will not attack your company for sure. It always depends on the company... There are MUCH simpler methods. Just pay few bucks to charwoman to look at papers glued to monitor with passwords on them ;), or maybe a minute more to look at different places. Oh yes indeed: THAT's always bee the more serious threat, security-wise. And don't forget about TEMPEST-like kinds of attack: you can't imagine just how much information you give away on the electromagnetic spectrum, even if you don't use WLANs... information that can be picked up a few hundred meters away or even more outside of your security perimeter and reconstructed. Talking about (justified?) paranoia: some 10 years ago, we had some routing equipment in a server room that was NOT in the basement (i.e. it had a window to the outside). Guess what? We had to put black electrician's tape on the switches' LEDs, because it turned out that those LEDs were blinking at the exact rate of the transmitted data, bit-for-bit, and that anyone with a telescope and an optical sensor could have picked that pattern up, and reconstructed the data stream. Scary, uh? Are you sure the employees in your company doesn't do that? :) I can't, but that's the job of our security dept. They're conducting the background checks. If they still missed a human troyan, well, that's life. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 09:53:07AM -0400, Glen Barber wrote: My colleagues never understood (nor do they to this day) my paranoia regarding security and untrusted code. I always point them in the same direction: http://cm.bell-labs.com/who/ken/trust.html YES! An absolute classic. We're using it to teach sysadmin trainees about trust and security very early on in their careers. Always an excellent reminder. Another perfect example that open source alone can't guarantee security: I remember a CPAN perl module that used to warn you that you shouldn't blindly install software as root without checking it first. It didn't do anything harmful (really just a 'warn'), but potentially, it could have wreaked havoc... at least until someone spotted and reported it. I don't recall exactly what module it was or if it is still in CPAN now, but that was also a good reminder to be careful and use common sense. Glen Barber http://www.dev-urandom.com http://www.linkedin.com/in/glenjbarber -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Open_Source
On Wed, Jun 03, 2009 at 04:45:42PM +0200, Wojciech Puchar wrote: You mean Xorg can easily be hijack'ed that way? If you can connect to the X server, you can also attach any kind of monitoring software to it. Think vncserver and the like... vncserver creater new X server. Can't monitor yours unless you have special module for X server installed and loaded (it is in ports) Okay, okay, how about this? * http://www.keyfrog.org/ * http://www.randombit.net/code/logger.c * /usr/ports/security/xspy * /usr/ports/security/uberkey Now back to work... -cpghost -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Strange text from kernel then detaching USB drive: sldoosstf sd/e v irceemo
On Mon, Jun 01, 2009 at 01:13:38PM +0400, ? ? wrote: Hello all ! I got a very confusing messages from kernel then detaching one of my USB external HD (used only for backups): May 29 12:40:08 perforce kernel: GEOM_LABEL: Label ufs/Backup5 removed. May 29 12:40:08 perforce kernel: GEOM_LABEL: Label for provider da0s1 is ufs/Backup5. May 29 12:40:08 perforce kernel: GEOM_LABEL: Label for provider da0s1 is msdosfs/ . May 29 12:40:32 perforce kernel: umass0: at uhub3 port 1 (addr 2) disconnected May 29 12:40:32 perforce kernel: (da0:uGmEaOsMs_-LsAiBmE0L::0 :La0b:e0l) :m sldoosstf sd/e v irceemo May 29 12:40:32 perforce kernel: v(edda.0: May 29 12:40:32 perforce kernel: umGaEsOsM-_sLiAmBE0L::0 :L0a:b0e)l: ruefmso/vBiancgk udpe5v irceem oevnetdr.y May 29 12:40:32 perforce kernel: May 29 12:40:32 perforce kernel: umass0: detached I don't understand messages between umass0: at uhub3 port 1 (addr 2) disconnected and umass0: detached. It's a known problem on SMP systems. Citing from: http://wiki.freebsd.org/BugBusting/Commonly_reported_issues Scrambled or garbled kernel output, such as: SdMaP0:: AP1 6C0P.U0 0#0M1B /Lsa utnrcahnesdf!e da0: SSMEPA:G AATPE CSPTU3 3#617 5L3auLnWc hHePdS!3 Sep 5 00:34:38 test kernel: Waiting (max 60 Sep 5 00:34:38 test kernel: seScyonncdisn)g fdoirs kssy,s tvenmo dperso creesmsa i`nsiynngc.e.r.' to3 stop...0 0 done Sep 5 00:34:38 test kernel: All buffers synced. ... snip ... Workaround (partial): Use options PRINTF_BUFR_SIZE=256 in your kernel configuration. This will decrease the amount of interspersed output, but does not solve issue entirely What does it mean? Best Regards, Alexander Derevyanko. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sponsoring FreeBSD
On Wed, May 27, 2009 at 02:36:18PM +0200, Kian T. Gould - AOE media GmbH wrote: Dear FreeBSD Team, We are a small Open Source company in Germany, and due to our close connection to the Open Source world we sponsor several successful Open Source projects that help us in our daily work and/or are great contributions to the OS world as such. Therefore we have also picked your project as a possible recipient of sponsorship. Kian, every donation is highly welcome. Please have a look at http://www.freebsdfoundation.org/donate/sponsors.shtml As you can see, every donor is mentioned, no matter how small the amount. They'll display a link for donations of $5,000 or more, and a logo for donations of $10,000 or more. The donation page is here: http://www.freebsdfoundation.org/donate/ Kian Gould AOE media GmbH Borsigstr. 3 65205 Wiesbaden Germany Tel. +49 (0) 6122 70 70 7 -111 Fax. +49 (0) 6122 70 70 7 -199 Mobil: +49 (0) 177 38 191 09 e-Mail: kian.go...@aoemedia.de Web: http://www.aoemedia.de/ Kind regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Canon printer and TurboPrint
On Fri, May 29, 2009 at 03:13:13PM +0200, Wojciech Puchar wrote: Done the same with HP Laserjet 4000 duplex - it even received an IP automatically via DHCP, so I just had to arp -a and edit /etc/hosts and /etc/printcap. The lpq / lprm tools seemed to operate on the printer server inside the printer. For non-ethernet printers like my laserjet 4 there are often available original print server modules for them for really nothing (i paid 10$) if not, and you need ethernet connectivity, then this http://www.edimax.com/en/produce_detail.php?pd_id=50pl1_id=7pl2_id=34 is a perfect choice. i recommend it for every unix user. Thanks for the pointer! I was actually looking for a set of ethernet print servers, and this looks very promising. Can you confirm that the PS-1206P works well under RELENG_7? As they are advertised as mostly for windows, i actually found configuring it under unix very simple exactly as you said (/etc/printcap), while incredibly complex under windows ;) TIA, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Canon printer and TurboPrint
On Sat, May 30, 2009 at 05:18:07PM +0200, Wojciech Puchar wrote: is a perfect choice. i recommend it for every unix user. Thanks for the pointer! I was actually looking for a set of ethernet print servers, and this looks very promising. Can you confirm that the PS-1206P works well under RELENG_7? it can't. Okay, thank you. I'll order one and test drive it here, and if it works as it should, I'll order the remaining 200 or so if we're satisfied. ;) it's ethernet device not PC peripheral so it doesn't run under FreeBSD or whatever, but on LAN :) in /etc/printcap add: printer1:blahblah:sh:rm=IP.number.put.here:sd=/var/spool/lpd/printer1:lf=/var/log/printer1: I know how to do that, but thanks nonetheless. We have a lot of these little boxes around: http://www.dlink.com/products/?pid=322 hooked on old HP DeskJets for moderate to heavy office use, but knowing about alternatives is always good. and go. Of course add postscript filters if you like Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Deinstall software
On Sat, May 30, 2009 at 09:35:35PM +0200, Polytropon wrote: You can even keep it out of /usr employing the /opt Linuxism. :-) /opt is actually a Solarism... ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: superpages?
On Thu, May 28, 2009 at 02:50:16PM +0200, Wojciech Puchar wrote: maybe not new news but i just found this: http://www.h-online.com/open/FreeBSD-7-2-released-now-with-Superpages--/news/113204 It says about pages 4KB and 4MB and that it's done automatically. Two questions: 1) is it on all architectures including amd64? As amd64 supports 4KB, 2MB and 1GB pages it sounds inconsistent with the above. 2) how does this automatic selection work. By just having program with large continous data space (like squid proxy) will it put that data on 2MB pages. The following excerpt from: http://www.freebsd.org/releases/7.2R/relnotes-detailed.html may be helpful: [amd64, i386] The FreeBSD virtual memory subsystem now supports fully transparent use of superpages for application memory; application memory pages are dynamically promoted to or demoted from superpages without any modification to application code. This change offers the benefit of large page sizes such as improved virtual memory efficiency and reduced TLB (translation lookaside buffer) misses without downsides like application changes and virtual memory inflexibility. This is disabled by default and can be enabled by setting a loader tunable vm.pmap.pg_ps_enabled to 1. if it's true i would be enough reason to upgrade to 7.2 on 2 computers. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Canon printer and TurboPrint
On Thu, May 28, 2009 at 06:31:41PM +0200, Polytropon wrote: As it has truthfully been mentioned, it would be possible for Adobe to release a native version of Flash for FreeBSD, even if they don't put their sources into BSDL. But they don't want to. (It's their right to do so, of course.) More likely, they simply decided that supporting our OS was not worth it, because we don't have the user base of Win32 or Linux. Can you say the same thing about a FBSD box? Not even close. This is intended to be that way. The printer manufactureres and the majority of their customers decided it. Basically put: you get what you pay for. Classic (non-win) printers do have circuitry on board to process PCL or PostScript, whereas el-cheapo win-printers come without this circuitry, and delegate pagesetting to a software driver. Same for modems vs. win-modems. Of course, all this is well-known for a long time now. But what's worrying, is that economics of scale make it increasingly difficult to locate classic printers (and modems). Fortunatly, they are still being made here and there, but for how long? What will we do a few years down the road in an environment where win-${device}s are ubiquitous? Ultimately, we'll need a full-featured windowsolator a la NDISwrapper et al., so that we can use the Windows-only drivers natively on FreeBSD/{i386,amd64}. At least x86-based systems will then work, although ARM and other platforms would still be left out in the cold. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Streaming server
On Tue, May 26, 2009 at 12:31:54AM +0200, Wojciech Puchar wrote: Sorry, mistake: s/file streaming/file download/ when you play file directly from HTTP/FTP source it's streaming too. just much more simple, portable, and cachable by squid/other proxies Yes, you're right. For static content, buffering a TCP connection is certainly good enough. But for live streams and video conferencing, buffering adds latency (and the bigger the buffer, the higher the latency). The effect is then similar to what you observe if you talked on a geostationary satellite network, doing multiple uplink-downlink hops (many times 1/3 of a second). That's quite noticeable and pretty annoying. Some people prefer a couple of lost frames to this latency, and that's why protocols like RTP do have their uses (even if we ignored multicasting). And for a real-world example: just look at the way the GSM network deals with lost frames in the traffic channels (TCH) of the Um interface (radio link between BTS and MS): they're not requested again, but simply compensated for with error correction codes, or even dropped. A TCP-like link there would be non-sensical. This may not apply to the control channels, where latency is not so important, as opposed to data integrity, but for the voice traffic itself, it makes perfect sense. Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
rtmpdump (was: Re: Streaming server)
While we're talking about streaming protocols: how comes we don't have rtmpdump in the ports? http://lkcl.net/rtmp/ Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rtmpdump (was: Re: Streaming server)
On Tue, May 26, 2009 at 03:21:26PM +0200, Polytropon wrote: On Tue, 26 May 2009 15:11:41 +0200, cpghost cpgh...@cordula.ws wrote: While we're talking about streaming protocols: how comes we don't have rtmpdump in the ports? Maybe because of mplayer -streamdump rtsp:// ... ? :-) I've not checked, but using -streamdump with mplayer lets you dump most datastreams (coming from another file, a DVD, a HTTP link or something else) into a file (see -dumpfile). Hmmm... are you sure? Looking at the sources of rtmpdump-1.6 and mplayer's RTSP library, that's a totally different beast. The protocol strings supported by rtmpdump are: rtmp:// rtmpt:// rtmps:// rtmpe:// rtmpte:// rtmpfp:// Not that this wouldn't be a nice extension to mplayer though... ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Software RAID
On Tue, May 26, 2009 at 01:15:41PM -0500, Gary Gatten wrote: Why avoid ZFS on x86? That's because ZFS works best with huge amounts of (Kernel-)RAM, and i386 32-bit doesn't provide enough adressing space. Btw, I've tried ZFS on two FreeBSD/amd64 test machines with 8GB and 16GB of RAM, and it looks very promising. I wouldn't put it on production servers yet, but will eventually, once FreeBSD's ZFS integration matures and stabilizes. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Streaming server
On Mon, May 25, 2009 at 09:30:30PM +0200, Wojciech Puchar wrote: make search key=streaming in the ports directory. IMHO, streaming versus downloading is more bandwidth intensive overall. and give NO adventages. anyway - file that is available through FTP/HTTP or similar way you can stream too. just without any extra tools both under windoze and unix. You're aware of UDP-based real-time streaming protocols, right? RTP being one of them: http://tools.ietf.org/html/rfc3550 In streaming vs. file download there's a trade off. In file streaming, all data must arrive, and it doesn't matter that retransmission of lost packets temporarily interrupts the transmission (that's what TCP does very well). In streaming, lost packets are tolerated, as long as the transmission doesn't hang (e.g. due to retransmissions). Here, UDP- based protocols are often a better choice. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Streaming server
On Mon, May 25, 2009 at 11:06:57PM +0200, cpghost wrote: On Mon, May 25, 2009 at 09:30:30PM +0200, Wojciech Puchar wrote: make search key=streaming in the ports directory. IMHO, streaming versus downloading is more bandwidth intensive overall. and give NO adventages. anyway - file that is available through FTP/HTTP or similar way you can stream too. just without any extra tools both under windoze and unix. You're aware of UDP-based real-time streaming protocols, right? RTP being one of them: http://tools.ietf.org/html/rfc3550 In streaming vs. file download there's a trade off. In file streaming, ^^^ Sorry, mistake: s/file streaming/file download/ all data must arrive, and it doesn't matter that retransmission of lost packets temporarily interrupts the transmission (that's what TCP does very well). In streaming, lost packets are tolerated, as long as the transmission doesn't hang (e.g. due to retransmissions). Here, UDP- based protocols are often a better choice. The point here is that you need special servers and clients for streaming, that are not based on plain old TCP. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A port for FireGPG?
On Sat, May 23, 2009 at 12:31:29AM +0200, cpghost wrote: Hi, I'd like to use GnuPG with Webmail (e.g. with gmail or other webmails). AFAICS, the following Firefox add-on would help: http://www.getfiregpg.org/ Unfortunately, according to http://www.getfiregpg.org/install.html one needs to compile an IPC library (?) out of the firefox3 sources, like this: http://blog.getfiregpg.org/2008/10/17/how-to-compile-the-ipc-library/ Is there a port to automate this task, or could someone with the necessary skills please create such a port? That would be great! Just a little follow-up. Those are the (manual) steps to get libipc compiled on FreeBSD/amd64, assuming www/firefox3 is already installed: # cd /usr/ports/www/firefox3 # make configure # make build (Be patient, it takes some time) # cd work/mozilla/extensions # now fetch libipc (ipc-latest.tar.gz) to /path/to/ipc-latest.zip (source of ipc-latest.tar.gz is https://bugzilla.mozilla.org/attachment.cgi?id=299132) # tar -xvpf /path/to/ipc-latest.zip # chown -R root:wheel ipc (We now have /usr/ports/www/firefox3/work/mozilla/extensions/ipc) # cd ipc now: /usr/ports/www/firefox3/work/mozilla/extensions/ipc # ./makemake -r -o . # gmake (This will create libipc.so, ipc.xpt in: /usr/ports/www/firefox3/work/mozilla/dist/bin/components) # cd /usr/ports/www/firefox3/work/mozilla/dist/bin/components # cp -i libipc.so /usr/local/lib/firefox3/components/ # cp -i ipc.xpt /usr/local/lib/firefox3/components/ (There is no need to install firefox3 again. Only libipc.so and ipc.xpt count) $ cd ~/.mozilla/firefox/the_firefox_profile $ touch .autoreg (And restart firefox3). With that, firegpg add-on works flawlessly. All this can probably be automated with a slave port of www/firefox3. Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: netbooks vs FreeBSD
On Sat, May 23, 2009 at 10:40:35PM +0200, Wojciech Puchar wrote: I respectfully disagree. As much as I hate Apple as a company, I currently have a MacBook Pro that gets over 4 hours of battery life and has a 200+gig HDD in it. i wrote somehow incompatible :) your macbook pro would run even more hours on the same battery with flash drive. Generally true, but with exceptions: a 2.5 HDD draws approx. 4 Watts, and you can reduce overall consumption by spinning down when idle. OTOH, a Flash drive doesn't draw that much power when idle or when read, but when writing, it is substantial (and slow). A RAM-based SSD has yet another power profile... i don't know how much your CPU gets power, and ... how oversized battery it has And to get ever more OT: my biggest gripe with current laptops and netbooks is that it is usually difficult to find external batteries, that you could either strap on or below the box (in parallel switching) or that you could hot-swap easily without having to shut down. Even a bigger external battery that you could plug into the DC input would be good enough for most uses, but you'll have to DIY, as you won't find an easy on-the-shelf solution in your electronics store. I don't mind if the internal battery lasts only 90-150 minutes, as long as I can easily swap it with the spare batteries or an external battery that I'd carry in my backback. If you need at least 8-10 hours (or even more) of continuous autonomy, that's pretty important, IMHO. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kb problem.
On Thu, May 21, 2009 at 08:06:18PM -0400, Ali Muridi Ahmed wrote: I bought my macbook alum while on vacation in Dubai.. when I bought the macbook, it had an arabic/english keyboard, it wasn't a problem.. figured out which button is the return/enter shift etc.. When trying to install freebsd on macbook, using sysinstall, I keep having wrong key input .. like the whole key was reassigned. For example, pressed X to try and exit the installation but It opened up a different menu, tried to press C to go to the Config part of the sysinstall, but it exit the installation. .. how do I fix it? Once you're able to get past sysinstall by trial and error, just use kbdcontrol(1) to change the keymap. Basically, all you have to do is to copy one of the keymaps from /usr/share/syscons/keymaps, and modify it according to your layout. Then use kbdcontrol(1) to activate it. Of course, this doesn't apply to Xorg: that's another can of worms. Check out setxkbmap(1) and /usr/local/share/X11/xkb for that. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
A port for FireGPG?
Hi, I'd like to use GnuPG with Webmail (e.g. with gmail or other webmails). AFAICS, the following Firefox add-on would help: http://www.getfiregpg.org/ Unfortunately, according to http://www.getfiregpg.org/install.html one needs to compile an IPC library (?) out of the firefox3 sources, like this: http://blog.getfiregpg.org/2008/10/17/how-to-compile-the-ipc-library/ Is there a port to automate this task, or could someone with the necessary skills please create such a port? That would be great! Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 7.2 = no sound
On Thu, May 07, 2009 at 11:50:27AM +0100, Lars Hecking wrote: I upgraded my system to 7.2 with cvsup, and sound has stopped working. I'm running gnome, and both (...) Sound module loaded: yes # kldstat |grep snd 41 0xc09d6000 1abf8snd_hda.ko # cat /dev/sndstat FreeBSD Audio Driver (newpcm: 32bit 2007061600/i386) Installed devices: pcm0: HDA Sigmatel STAC9205X PCM #0 Analog at cad 0 nid 1 on hdac0 kld snd_hda [MPSAFE] (1p:3v/1r:1v channels duplex default) pcm1: HDA Sigmatel STAC9205X PCM #1 Analog at cad 0 nid 1 on hdac0 kld snd_hda [MPSAFE] (0p:0v/1r:1v channels) dmesg: pcm0: HDA Sigmatel STAC9205X PCM #0 Analog at cad 0 nid 1 on hdac0 pcm1: HDA Sigmatel STAC9205X PCM #1 Analog at cad 0 nid 1 on hdac0 Have you tried to set hw.snd.default_unit to the right port? From snd_hda(4): The default audio device may be tuned by setting the hw.snd.default_unit sysctl, as described in sound(4), or explicitly specified in application settings. That's the most common cause for sound problems after the snd_hda upgrade. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: filesystem: 12h to delete 32GB of data
On Wed, May 06, 2009 at 05:34:24PM +0200, Wojciech Puchar wrote: - it took about 12 hours to delete these 30GB of files and sub-directories (smarty cache files: many small files in many dirs). It's a little bit surprising, as it's on a recent HP proliant DL360 g5 with SAS disks (Raid1) running freebsd 6.x ( /dev/da0s1f on /usr (ufs, local, soft-updates) ) if you would use no raid or software raid it will behave normally. it takes 30 minutes for me to delete 300GB of squid files on ordinary SATA disk , millions of small files. Alternatively, you could assign a dedicated filesystem for the cache and when cleaning up: * stop the app (or disable caching), * umount * newfs * mount * restart the app (or reenable caching). newfs is MUCH faster than manually deleting gazillions of files. If you don't like the (small) downtime during newfs, you could also play with two or more dedicated filesystems, and rotate between them (though that would be a waste of disk space). I can't recall how many times I've used a fresh newfs-ed filesystem instead of removing stuff one file at a time. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: basic
On Wed, May 06, 2009 at 06:00:32PM +0200, Polytropon wrote: On Wed, 6 May 2009 14:32:47 +0200, giorgio novello gio@vodafone.it wrote: Do you want obtain new market share? Develop e visual-basic like language, or asp vb and your OS will be a best seller FreeBSD isn't for beginners, it's for professionals. There wouldn't be Visual BEGINNERs All-Purpose Symbolic Instruction Code, but isual PROFESSIONALSs All-Purpose Symbolic Instruction Code, Visual Pasic, VP. It already exists: The tools for making Qt and Gtk+ applications. Then, there are NetBeans and Eclipse and so on - everything already there. :-) Well, programming languages and environments are a matter of personal choice and taste, and there *are* coders who use VB professionally, i.e. to make a living. Actually an awful lot of them (*shudder*). And let's not forget Mono for the runtime arch, which runs on FreeBSD: /usr/ports/lang/mono If VB runs under Wine (?), it could theorically be used to create NET code which could run via mono, i.e. all under FreeBSD. Of course, software written with wxWidgets, Qt, et. al. (either with C++ or indirectly using Perl, Python, ... bindings) would be much more portable... ;-) And for the weekend: 10 GOTO KNEIPE 20 INPUT BIER You forgot the most important step: 30 GOTO 20 -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FOR MARK
On Tue, May 05, 2009 at 07:25:47AM +1000, Warren Liddell wrote: After finally managing to get some encoding options from this list everything went smoothley untill it got to the burning part .. below is the error i got enterprise# ls dvd.iso enterprise# growisofs -dvd-video -Z /dev/cd1 dvd.iso 1. you probably meant -dvd-compat instead of -dvd-video 2. for premastered isos, use this syntax: -Z /dev/cd1=dvd1.iso (don't forget the = sign) What am i missing//not doing correctly ? -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MAKE_JOBS_SAFE et al. missing in documentation?
Shouldn't the following variables be mentioned in the Porter's Handbook and in ports(7)? (from /usr/ports/Mk/bsd.port.mk) # MAKE_JOBS_SAFE #- This port can safely be built on multiple cpus in parallel. # The make will be invoked with -jX parameter where X equals # number of cores present in the system. # MAKE_JOBS_UNSAFE #- Disallow multiple jobs even when user set a global override. # To be used with known bad ports. # DISABLE_MAKE_JOBS #- Set to disable the multiple jobs feature. User settable. # FORCE_MAKE_JOBS #- Force all ports to be built with multiple jobs, except ports # that are explicitly marked MAKE_JOBS_UNSAFE. User settable. # MAKE_JOBS_NUMBER #- Override the number of make jobs to be used. User settable. This is incredibly useful and a lot of ports actually compile cleanly with MAKE_JOBS_SAFE, though they are still not yet marked as such. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Modern FreeBSD Installer?
On Fri, Apr 24, 2009 at 10:20:00AM -0500, Martin McCormick wrote: Wojciech Puchar writes: as you can do everything easily in text mode, it just points out that GUI installer is nonsense. The real problem happens when the GUI is considered to be all anybody needs. I think there's no need to worry (yet). Some of us use FreeBSD on headless systems (which often don't even have the VGA and keyboard circuitry). And of course, we install via remote serial consoles. Anything purely GUI-oriented with no alternative would mean instant migration to OpenBSD or another OS for purely practical reasons. So, no, I don't see text-based sysinstall disappear anytime soon. ;-) Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Modern FreeBSD Installer?
On Thu, Apr 23, 2009 at 12:50:46AM -0700, Michael David Crawford wrote: The partitioner will allow you to create more partitions than the FreeBSD partition table will allow. Rather than giving it the name of a special file in the /dev/directory, it will name it just X. You can create as many partitions named X as you like. Then the newfs will fail. I experienced this the other day, and have been meaning to file a bug report about it. Yes, this is a long standing problem. On one or both of {Open,Net}BSD, the number of possible partitions per slice is higher. I'd really wish FreeBSD's bsdlabel(8) would allow for more partitions. The problem here is not with sysinstall though. From bsdlabel(8): The partition table can have up to 8 entries. It contains the following information: # The partition identifier is a single letter in the range `a' to `h'. By convention, partition `c' is reserved to describe the entire disk. Take away 'b' for swap, and 'c' for the whole disk, you can only use 6 partitions per slice (including the root partition) on the bootable slice. That's clearly not enough, esp. on big disks, and with complex setups. :-( Mike -- Michael David Crawford m...@prgmr.com -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Modern FreeBSD Installer?
On Fri, Apr 24, 2009 at 12:10:50AM +0200, Paul B. Mahol wrote: On 4/23/09, cpghost cpgh...@cordula.ws wrote: On Thu, Apr 23, 2009 at 12:50:46AM -0700, Michael David Crawford wrote: The partitioner will allow you to create more partitions than the FreeBSD partition table will allow. Rather than giving it the name of a special file in the /dev/directory, it will name it just X. You can create as many partitions named X as you like. Then the newfs will fail. I experienced this the other day, and have been meaning to file a bug report about it. Yes, this is a long standing problem. On one or both of {Open,Net}BSD, That problem is fixed in 8.0 with introducion of gpart(8) the number of possible partitions per slice is higher. I'd really wish FreeBSD's bsdlabel(8) would allow for more partitions. The problem here is not with sysinstall though. From bsdlabel(8): Ah, gpart(8), good hint! Not yet familiar with that. Apparently, it's already in 7.x. I have no spare disk right now to give it a try. Would it already support 8+ partitions on RELENG_7, or do we have to wait for 8.0? Paul Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dump | Restore
On Mon, Apr 20, 2009 at 12:46:05PM +0200, Wojciech Puchar wrote: use rsh not ssh unless you really need encryption. Sure, you *could* do that, but be sure to encrypt *and* sign the backup stream beforehand, e.g. using openssl or gnupg... And even then, anyone sniffing that poorly encrypted (at layer 2) wireless LAN connection could still hijack the password, log into the backup host, and delete or corrupt the (encrypted) dump files. Perhaps it's better to use ssh anyway, even for encrypted and signed dump files. Creating and transfering a couple of key files to the clients and backup host and using ssh(1) is not hard. Really not. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lightweight webserver that can run php
On Sat, Apr 18, 2009 at 09:56:09AM -0400, Mikel King wrote: Does anyone have any suggestions for a lightweight webserver that will run php? Most light weight webservers like nginx and lighttpd only run PHP as a cgi mod. With lighttpd, you can do both CGI and FastCGI: http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModCGI http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModFastCGI Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PDF Authoring tool, suggestions?
On Thu, Apr 16, 2009 at 08:50:44PM -0600, Modulok wrote: I'm looking for recommendations for a BSD-friendly, PDF authoring tool (Not a viewer, see below.) Not a tool, but a python library: print/py-reportlab2 It's flexible enough to solve your image-embedding problem. ;-) Suggestions? -Modulok- -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Block device to regular file?
I'm trying to recover some deleted files from a UFS2 file system with the sleuthkit. Unfortunatly, most sleuthkit utilities expect regular image files and won't operate on block devices: phenom# fls /dev/ad4s1e Sector offset supplied is larger than disk image (maximum: 0) Of course, I could always dd(1) the block device into another file system, and analyze that: phenom# dd if=/dev/ad4s1e of=/mnt/ad4s1e.dd phenom# fls /mnt/ad4s1e.dd | more regular-output-of-fls but unfortunatly, the file system I'm trying to analyze is VERY large and I don't have enough disk space elsewhere to take an image. Now, is there an easy way to turn a block device into something that would behave like a regular file? Something like mdconfig -t vnode, but in reverse? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Block device to regular file?
On Tue, Apr 14, 2009 at 07:18:43PM +0200, Polytropon wrote: On Tue, 14 Apr 2009 18:17:24 +0200, cpghost cpgh...@cordula.ws wrote: I'm trying to recover some deleted files from a UFS2 file system with the sleuthkit. Unfortunatly, most sleuthkit utilities expect regular image files and won't operate on block devices: phenom# fls /dev/ad4s1e Sector offset supplied is larger than disk image (maximum: 0) Because I already have my own sad story of data loss, I could provide the idea of using FreeBSD's memory disks. I've always used this to get TSK tools working the other way round, when I had a dd copy, but required a device file. Maybe this works as well in your case when you create a virtual note for the device file: # mdconfig -a -t vnode -u 10 -f /dev/ad4s1e md10 You can now use TSK with /dev/md10, but I can't confirm that it won't complain. Hmmm, I'm getting this: phenom# mdconfig -a -t vnode -o readonly -f /dev/ad4s1e mdconfig: ioctl(/dev/mdctl): Invalid argument phenom# mdconfig -a -t vnode -f /dev/ad4s1e mdconfig: ioctl(/dev/mdctl): Invalid argument So, it doesn't seem to work. But it was a good idea. Probably block devices aren't mappable like regular files. Of course, I could always dd(1) the block device into another file system, and analyze that: phenom# dd if=/dev/ad4s1e of=/mnt/ad4s1e.dd phenom# fls /mnt/ad4s1e.dd | more regular-output-of-fls but unfortunatly, the file system I'm trying to analyze is VERY large and I don't have enough disk space elsewhere to take an image. I would strongly advice you *not* to experiment with the original disk, because this *may* lead you to more problems. Hard disks are cheap today. Buy a fresh disk and make a dd copy onto it. Work with this dd copy only - if the dd copy is a real copy (and therefore replicates the defects of the original file system). If at all, the block device would have to be used in read-only mode. But that's not the issue here. The file system itself is over 470GB (it occuples the whole 500GB disk), and while I do have spare 500GB disks, the whole image won't fit into a filesystem: it will be slightly too big. Bigger disks won't work on that mobo without a bios upgrade, which is not yet available for that machine. I'll probably try to dd(1) the disk with conv=sparse, hoping that it will compress enough to fit, but I was hoping to find a FUSE daemon or something like that, that would turn a block device into a regular file (preferably in read-only mode). In my case, I'm talking about a ca. 80 GB partition which needs 4 hours to be transferred. Yup, 80 GB are still manageable enough. The disk I have to recover was set up by someone who didn't have a clue in sensible filesystem layout. :-( Always have in mind that your data may be more important than the money for a new disk and the time spent for the dd copy. Of course. Now, is there an easy way to turn a block device into something that would behave like a regular file? Something like mdconfig -t vnode, but in reverse? Maybe you could dd the partition into a (named) pipe and then run TSK on this pipe? Nope. Apparently, TSK tools also seek back, so... :( Anyway, I'm not sure if this is such a good idea... Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Block device to regular file?
On Tue, Apr 14, 2009 at 09:36:22PM +0200, Roland Smith wrote: On Tue, Apr 14, 2009 at 07:48:16PM +0200, cpghost wrote: On Tue, Apr 14, 2009 at 07:18:43PM +0200, Polytropon wrote: On Tue, 14 Apr 2009 18:17:24 +0200, cpghost cpgh...@cordula.ws wrote: I'm trying to recover some deleted files from a UFS2 file system with the sleuthkit. Unfortunatly, most sleuthkit utilities expect regular image files and won't operate on block devices: For the record, FreeBSD doesn't have block devices. They are all character devices. Compare the output of ls -l /dev | grep '^b' with that of ls -l /dev | grep '^c'. Ups, right. My mistake. Might this be what is bugging sleuthkit? They try to get the file size of the char device... phenom# mdconfig -a -t vnode -o readonly -f /dev/ad4s1e mdconfig: ioctl(/dev/mdctl): Invalid argument The vnode type md can only use regular files. See md(4). Yep. but unfortunatly, the file system I'm trying to analyze is VERY large and I don't have enough disk space elsewhere to take an image. Well, fls and other sleuthkit programs support split images. Will it fit if you divide it into several smaller files? Good idea: that's one possible solution. I would strongly advice you *not* to experiment with the original disk, because this *may* lead you to more problems. very good advice IMHO. Correct. I'm VERY careful with the original disk. But that's not the issue here. The file system itself is over 470GB (it occuples the whole 500GB disk), and while I do have spare 500GB disks, the whole image won't fit into a filesystem: it will be slightly too big. Maybe it will fit if you play with the newfs parameters of the new disk? Shrinking the reserved space, enlarging the block and fragment size and reducing the number of inodes, that kind of thing. If the file won't fit (still copying), I'll hook up a couple of 500GB disks to the box, and will try to newfs a bigger file system across all of them via gconcat(8). I haven't tried it before, but I hope it will work. Thanks for all the help. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: Postfix rejects from Freebsd server
On Fri, Apr 10, 2009 at 05:31:22AM +, Da Rock wrote: I know this may be OT, but I could use some help on this one. I've completed a major changeover in network provider, and I've now got a proper static ip including ptr records for my mail server (the only service that really counts on this anyway). If I resolveip for my ip address it shows up my mail server name, and YET I still get deferred rejection from the freebsd mx's. Can anyone shed some light on this? Pls cc as I'm not subscribed to the list via this account If you're just getting 4xx error codes, but the mails are accepted after a while, it's simply greylisting. That's normal behaviour of the FreeBSD mail server(s). -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: First time user problems
On Thu, Mar 19, 2009 at 03:30:33PM -0400, Alhaji Barrie wrote: To put it simply, I am missing the syntax for the user name and password. Can someone help with the step by step process of getting past the original login screen? Just remember that username and password are case sensitive. Perhaps you had CAPS LOCK engaged when asked during installation? Alhaji I Barrie Network Security Analyst -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Text mode dialog library like TSO
On Fri, Mar 20, 2009 at 12:13:52AM +0100, Polytropon wrote: For a special application, I need a programmable dialog library that has... well, how to describe it... anyone know SIOS? Or at least TSO? A bit like this. A kind of form-driven screen layout. Besides dialog(3), there's also a C++ class library that emulates Borland's Turbo Vision's SAA interface. Two implementations are in ports: devel/rhtvision devel/tvision -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: who broke snd_hda? SOLVED
On Sat, Mar 14, 2009 at 09:43:18PM -0400, Jimmie James wrote: hw.snd.default_unit=1 -- This has fixed everything, from the looks of it. Not 100% sure what =1 means, but I have sound now. snd_hda can now drive multiple physical output units (pcm0, pcm1, ...). I guess 1 refers to pcm1 (in your case, that would be the first analog output unit HDA Realtek ALC880 PCM #1 Analog). -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Speeding up exit(2)?
I've noticed that when a huge, partially or totally swapped out process exits, there is a lot of disk activity going on, before the process truly dies. This is not necessarily due to sync(2), because it also happens with CPU bound processes that write very little output. Not sure what's really going on there, but apparently, the process reads in pages from swap that have been paged out previously (according to top(1)). Couldn't this be avoided and the paged out pages simply discarded without reading them back in? Or do those pages contain necessary data at this point (page directories etc.)? -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Speeding up exit(2)?
On Sun, Mar 15, 2009 at 10:27:53AM +0100, Wojciech Puchar wrote: Not sure what's really going on there, but apparently, the process reads in pages from swap that have been paged out previously (according to top(1)). is it your program and you are sure it's on exit? Every memory hungry program is concerned; and yes: it happens exactly on exit. it's because the program is writted the way it's doing a lot of things (probably unneeded) on exit. Have a look at what happens during exit: /usr/src/sys/kern/kern_exit.c:exit1() especially at the call to vm_waitproc(): /usr/src/sys/vm/vm_glue.c:vm_waitproc which calls vmspace_exitfree(): /usr/src/sys/vm/vm_map.c:vmspace_exitfree() Now, vmspace_exit() and vmspace_exitfree() ultimately call: /usr/src/sys/vm/vm_map.c:vmspace_dofree() It then goes deep into the bowels of vm amd pmap, and that's the place where the pages are paged in again (I think). not exit(2) itself -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Speeding up exit(2)?
On Sun, Mar 15, 2009 at 11:09:00AM +0100, Wojciech Puchar wrote: is it your program and you are sure it's on exit? Every memory hungry program is concerned; and yes: it happens exactly on exit. strange. i just wrote a test program #include stdio.h int test[1024*1024*128]; main() { int a; for(a=0;a1024*1024*128;a++) test[a]=a; puts(end); } it fills 512MB RAM and then ends. i have 256MB RAM in laptop it swapped a lot, then wrote end and immediately exited. Hmmm... yes, it's strange. With malloc-ed space, exit is also very fast. On a 2 GB machine with amd64, exit is almost immediate: - snip -- #include stdio.h #include stdlib.h #include unistd.h #include strings.h #define NRGIGS 4 #define BIGSIZE (1024*1024*1024) #define SOMETIME 15 main() { int a; char *p; for (a=0; aNRGIGS; a++) { p = (char *)malloc(BIGSIZE); bzero(p, BIGSIZE); } printf(about to end in %d seconds...\n, SOMETIME); sleep(SOMETIME); printf(end now.\n); return 0; } - snip - If I find a way to isolate the problem, I'll post it here. Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Speeding up exit(2)?
On Sun, Mar 15, 2009 at 10:48:49AM -0500, Dan Nelson wrote: In the last episode (Mar 15), cpghost said: I've noticed that when a huge, partially or totally swapped out process exits, there is a lot of disk activity going on, before the process truly dies. This is not necessarily due to sync(2), because it also happens with CPU bound processes that write very little output. Not sure what's really going on there, but apparently, the process reads in pages from swap that have been paged out previously (according to top(1)). Are you sure this is actually in _exit, and not in a cleanup function executed by the application as it exits? If there is a large linked list, for example, and the author has decided to actually free the list before exiting instead of just letting it disappear when the process exits, each swapped-out page will have to be brought back in as the list is traversed. C++ programs may have destructors doing this behind the scenes. Yes, that's quite possible. Meanwhile, I'm suspecting that free(3) is the culprit, and not the vm subsystem itself; though I was not yet able to construct a good example to be sure. And you're quite right: cleaning up paged-out linked lists or other dynamic data structures, either explicitly or via C++ destructors is also an obvious reason for swap activity. Didn't think of it first. Best way to figure out what's going on is to attach to the program with gdb while it's swapping, and print a stack trace. I'll try this. Very good idea. Also, since you mentioned a totally swapped out process exiting, are you terminating it externally with kill -9? It may be writing a core dump, which will force the kernel to pull back swapped-out pages to write them to the core file. Also an excellent point. I'm just killing them with Ctrl-C (SIGINT), which won't result in a core dump. But a core dump would also reawaken the pages, that's quite clear. Dan Nelson dnel...@allantgroup.com Thanks for all the hints. The fog is slowly lifting. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Speeding up exit(2)?
On Mon, Mar 16, 2009 at 03:24:51AM +1100, Ian Smith wrote: On Sun, 15 Mar 2009 11:01:41 +0100 cpghost cpgh...@cordula.ws wrote: On Sun, Mar 15, 2009 at 10:27:53AM +0100, Wojciech Puchar wrote: Not sure what's really going on there, but apparently, the process reads in pages from swap that have been paged out previously (according to top(1)). is it your program and you are sure it's on exit? Every memory hungry program is concerned; and yes: it happens exactly on exit. it's because the program is writted the way it's doing a lot of things (probably unneeded) on exit. Have a look at what happens during exit: /usr/src/sys/kern/kern_exit.c:exit1() especially at the call to vm_waitproc(): /usr/src/sys/vm/vm_glue.c:vm_waitproc which calls vmspace_exitfree(): /usr/src/sys/vm/vm_map.c:vmspace_exitfree() Now, vmspace_exit() and vmspace_exitfree() ultimately call: /usr/src/sys/vm/vm_map.c:vmspace_dofree() It then goes deep into the bowels of vm amd pmap, and that's the place where the pages are paged in again (I think). Sounds right. This is easy to demonstrate on a laptop with 160MB RAM, running a bunch of servers + X + KDE, then running Mozilla, then opening about 30 tabs of pages, many of which run vast and buggy javascript .. By this stage mozilla is about 150MB with about 60MB resident, and swap is pushing 200MB. *seriously* paging, just on flipping to another tab. Now close mozilla and watch top while it's shutting down. Go and pour yourself a cuppa, there's no hurry .. Apart from having to close each tab/window, freeing all its resources, bits of the executable itself need to be paged in to do various things, which may need to page out some more. What's amazing is that it can do that for several minutes, coming out unscathed when it finally quits! Yes, that's exactly what I'm seeing. And of course, after firefox finally shuts down, everything else is also (mostly) paged out, including most of X, so it takes some time to get a fully responsive system again. It's amazing how closing a process can actually make the system even less responsive. But as Dan has pointed out, firefox et al. are probably written in such a way that they reawaken all their dynamic data structures from swap while cleaning up. There's not much one can do from the OS side to prevent this from happening. (extreme example, but a true story from a wild ebay session yesterday :) not exit(2) itself Well that just starts that big VM ball rolling, so to speak .. so it's a tad more complex than a program that fills memory (+ swap) then exits. Yup, that's obviously more complicated: C++ dtors, atexit() handlers, etc. are called at this point. VM itself seems fast enough to clean up the vm space of any process without much swap I/O (but I'm not 100% sure yet). cheers, Ian Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Speeding up exit(2)?
On Sun, Mar 15, 2009 at 05:57:47PM +, Kris Kennaway wrote: Wojciech Puchar wrote: By this stage mozilla is about 150MB with about 60MB resident, and swap is pushing 200MB. *seriously* paging, just on flipping to another tab. Now close mozilla and watch top while it's shutting down. Go and pour yourself a cuppa, there's no hurry .. just tested with opera - the same. crappy software rulez ;) Yes, clearly web browsers should be optimized for speed of exiting. That's correct. Normally systematic freeing of resources is one of the best ways to prevent memory leaks in long running programs, so it can't be too bad to free/delete all malloc-ed/new-ed chunks upon exit. But here, the opposite may be better: there should be a faster way to exit, bypassing all manual and automatic cleaners. But that's up to every single program and not OS'es business. Thanks again for all the insight. Kris -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USENET?
On Mon, Mar 09, 2009 at 11:39:43AM +0100, Wojciech Puchar wrote: news/pan seems to work OK, if you want a GUI. But be aware that nowadays, you'll probably have to pay a monthly fee for usenet. ISPs don't seem to routinely offer it as part of the deal anymore like they used to. at least in Poland there are free. and for my clients i have nntpcache'd news from Gda?sk University. Actually, in most parts of the world, news are still freely available with many ISPs (you may have to ask them explicitly), except for alt.binaries.* which are quite bandwidth intensive. Your typical small ISP would rather save the bandwidth it takes to transfer all articles, esp. if only a fraction of them are accessed by their customers. It simply doesn't make sense for them to host binaries, unlike dedicated news providers which have enough customers to justify the expenses. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: what is the X11 equiv of /dev/null
On Mon, Mar 02, 2009 at 06:42:26PM -0500, Aryeh M. Friedman wrote: I was thinking is there someway to direct a X11 app to target the X11 equiv of /dev/null ? Not quite what I want is to have it so no graphic (non-virtual) output is sent How about setting up an X server on another machine (or another console), and redirect the output of your X11 app to it by setting DISPLAY accordingly? Something like: % env DISPLAY=mynullhost:10.0 myxapp % env DISPLAY=:1.0 myxapp Or, if you start your app from within X and just want to hide its windows, you could also try to configure your favorite window manager to automatically hide all windows from a particular application (if your wm allows it and if your X11 app tells its name in an X11 resource (check out RESOURCES in X(7), and -xrm)). -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to repeat playing mp3 with mpg123
On Mon, Mar 02, 2009 at 10:55:29PM +0800, lacalling wrote: Since mpg123 does not support repeat model, i tried to write a script to play mp3 repeatedly. I tried bash like this for((;;)) do mpg123 [mp3] done but it keeps running new mpg123 in background . You asked for it to run in the background (with ''). In fact, you're spawning many mpg123 processes here... but mpg123 [mp3] in foreground cant be terminated by control C Not too familiar with mpg123 (I'm using mplayer), but in such close loops, Ctrl-C usually works, but not as intended: it stops one mpg123 process (unless mpg123 sets its signal mask in such a way as to block or ignore SIGINT?), but the next one resumes almost immediately thereafter. To Ctrl-C the loop itself is not easy, because the time slice between the end of one mpg123 process and the start of the next one (when the shell is in the foreground) is pretty tiny. Try adding a 'sleep 1' or something like that after mpg123, and it will be easier. Could anyone provide more ideas. thank you. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: xorg-fbserver / xorg-server fails upgrade
On Mon, Feb 16, 2009 at 03:27:15PM +0100, Ewald Jenisch wrote: Hi, While upgrading a machine during upgrade of /usr/ports/x11-servers/xorg-vfbserver/work/xorg-server-1.5.3 the build process fails with the errors given below. Same problem here. glxdriswrast.c:39:39: error: GL/internal/dri_interface.h: No such file or directory In file included from glxdriswrast.c:49: glxdricommon.h:32: error: expected ':', ',', ';', '}' or '__attribute__' before'*' token (...) glxdriswrast.c:530: error: '__GLXDRIscreen' has no member named 'driver' glxdriswrast.c:531: error: '__GLXDRIscreen' has no member named 'driver' *** Error code 1 Stop in /usr/ports/x11-servers/xorg-server/work/xorg-server-1.5.3/glx. *** Error code 1 A painful Xorg upgrade indeed... :-( Any ideas what can be wrong here and how to overcome this problem? No idea. I'm stuck here. Any hint? Thanks much in advance for any clue, -ewald PS: FreeBSD 7.1, AMD64 platform, kernel/system up2date as per Feb 5. Same here on FreeBSD 7.1-STABLE #0: Sun Feb 22 22:26:25 CET, GENERIC, amd64 with current ports tree. Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: hi
On Sun, Feb 22, 2009 at 04:07:44PM +, Saifi Khan wrote: The existing users provide continuity not growth. To be popular FreeBSD needs growth. Growth comes from new users ! It depends on the kind of new users. The aim of FreeBSD is not to be the most popular OS out there. Has never been. The main driving force is to attract good developers who like technical challenges and who love to tinker. It's nice to have a solid and large user base, but IMHO, that's not the main priority. Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Please Help Me ...
On Mon, Feb 16, 2009 at 08:15:41AM +0330, Ali Reza wrote: Hi i am Install FreeBsd 7.1 in to Detacetad Server where Are Support Cpanel Whm .. ? Please Answer Me ... cPanel and WHM are commercial products: http://www.cpanel.net/products/cpwhm/cpanel11/index.html Apparently, they also support FreeBSD, since many FreeBSD web hosters do provide cPanel to their customers. Just have a look at their website and ask there. ;-) My Blog http://weblog.teamnet.ir Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OT: SVN checkout checksumming
On Thu, Feb 05, 2009 at 01:37:26AM +0200, Giorgos Keramidas wrote: On Wed, 04 Feb 2009 10:20:25 -0500, FreeBSD free...@optiksecurite.com wrote: Hi everyone, I have asked this question on the svnforum.org and didn't got a good answer, so I try it here. I want to use SVN to automate the update process of a custom application. So, I'm planning to indicate to every PC to update periodically to a specific branch of the repository. The problem is that I need to be sure the files where not corrupted during the transfer. So, I'm planning to generate the hash (SHA or MD5, doesn't really matters) of every file downloaded by SVN on the client. For this to work, I need to compare the hashes with their server-side equivalent. I looked at the post-commit hooks and it looks pretty interesting but is anyone doing something similar? How are you creating the file containing the hash of the committed file? Let's assume for a moment that you install a post-commit hook that generates a SHA-256 checksum of all the files in the latest repo revision on the svn server. For the sake of simplicity, let's assume that this file is a simple, plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is the revision number you are check-summing. How are you going to *safely* transmit those SHA-256 checksums to the client on 'svn checkout'? Well, sorry to bring this back up, but again: how about signing NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD Project? If there's a way to *safely* get the corresponding public key, checking the signature of the NUMBER.sha256 files would be trivial. This doesn't solve the problem entirely, but it would alleviate it somewhat (it's easier to get the GnuPG Public Key *once* over a secure channel when you have access to it, e.g. when traveling abroad etc... than having to rely everytime on a secure channel for the SVN updates (which may not always be available due to intrusive MITM)). -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org