Re: How to set device permissions at startup
Herbert J. Skuhra wrote: Den 9. okt. 2009 kl. 05.25 skrev Aryeh M. Friedman aryeh.fried...@gmail.com: Since certain currently unused devices are not created in /dev (specifically in my case /dev/fuse*) how do I tell what ever (I can't tell it is devfs or what) to always make /dev/fuse* (when needed) with 777 perms (the security implications are not an issue here) Have you tried devfs.rules(5)? -Herbert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org yes and since the device doesn't exist at the mount time for devfs they are ignored ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tar --unlink ?
On Fri, 9 Oct 2009 07:58 +0200, guru@ wrote: Hello, To move a file tree from one place to another I see as an example: # tar -cf - local | tar --unlink -xpf - -C /mnt What does '--unlink' do exactly? I can't see it in the man page of tar(1). Thanks in advance matthias man 2 unlink -- ;; dataix.net!jhell 2048R/89D8547E 2009-09-30 ;; BSD since FreeBSD 4.2Linux since Slackware 2.1 ;; 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
On Thu, Oct 08, 2009 at 11:25:12PM -0400, Aryeh M. Friedman wrote: Since certain currently unused devices are not created in /dev (specifically in my case /dev/fuse*) how do I tell what ever (I can't tell it is devfs or what) to always make /dev/fuse* (when needed) with 777 perms (the security implications are not an issue here) See devfs.rules(5). Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpAjOIhCcIn6.pgp Description: PGP signature
Re: tar --unlink ?
El día Friday, October 09, 2009 a las 02:07:21AM -0400, jhell escribió: On Fri, 9 Oct 2009 07:58 +0200, guru@ wrote: Hello, To move a file tree from one place to another I see as an example: # tar -cf - local | tar --unlink -xpf - -C /mnt What does '--unlink' do exactly? I can't see it in the man page of tar(1). Thanks in advance matthias man 2 unlink I know the unlink(2) sys call, but what does this --unlink flag in tar(1) on restore (-x)? matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e g...@unixarea.de - w http://www.unixarea.de/ Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
Roland Smith wrote: On Thu, Oct 08, 2009 at 11:25:12PM -0400, Aryeh M. Friedman wrote: Since certain currently unused devices are not created in /dev (specifically in my case /dev/fuse*) how do I tell what ever (I can't tell it is devfs or what) to always make /dev/fuse* (when needed) with 777 perms (the security implications are not an issue here) See devfs.rules(5). Should of been more specific in the orginal question then I added a rule and since the device doesn't exist at devfs mount time it does not honor the rule ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
On Thu, Oct 8, 2009 at 1:02 AM, per...@pluto.rain.com wrote: At least as far back as SunOs 3.5* the installer was able to auto- size the partitions based on the selected distribution sets. Of course, this means that the installer must know the size of each distribution set -- on each of /, /usr, and /var -- and that the selection of what to install has to happen before the partitioning is actually done. I would think that the sizing of the distribution sets could easily be automated as part of the release process, and that the needed reordering of the installation process would not be all that difficult for someone familiar with sysinstall and accustomed to coding in the language involved. 1.) Look at the PR database and search for sysinstall. See all those open reports, some from 8 years ago? sysinstall needs some babying. There are bugs that need to be addressed, and I'm making those a much higher priority than feature requests, although this isn't to say that you can't submit a feature request anyways. 2.) The problem isn't that the current default partition sizing doesn't work with a newly installed system. It does. The problem is what happens afterwords: compiling a new kernel or two, installing third party software (while it's true that most files from installed ports are installed to /usr/local, that doesn't mean that they are all configured to only write data to /usr/local at run time, obviously), etc. syslogd is installed by default, but there's no way for me to know if you plan on logging to a remote host, or even using this host as a syslog server for multiple hosts, or what your log retention is going to be, nor do I know if this is going to be a database or mail server, so I can't guess the size of /var. Knowing the size of the data to be installed is easily enough done, but it's not going to solve this problem at all. 3.) Although your comparison to SunOS isn't really all that relevant, your complaint about default partition size is. This is something that I'm considering changing, although I expect some backlash/bikeshed. I've not yet run into problems with / unless I had more than 2 kernels around, but I have seen a default-sized /tmp fill up due to some third party software. I was thinking that a more acceptable default layout (leaving swap at it's current default size) would be: / = 1GB /var = 2GB /tmp = 2GB One thing to remember is that these are just suggested defaults. Most experienced users are going to use a custom layout when setting up a new server, so the goal here is to have partition sizes that work for everyone else. Although FreeBSD does work on older hardware, I'd guess that most of the hardware it is being installed on now is less than 10 years old. The defaults we currently have in place are outdated. They are targeted more for older systems, perhaps because sysinstall hasn't been touched in quite a while. I'm looking for community input on this, so feel free to pipe up with your $.02. -- randi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
binutils
Hi Guys, Is there any news on when the version of binutils that ships as part of the base system will be updated? The version that ships with 7.x etc is about 5 years old now. It creates problems on amd64 when compiling mplayer (assembly language directive errors), and can be resolved by installing a newer version of binutils. Feel free to share your thoughts :) Alex. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tar --unlink ?
In the last episode (Oct 09), Matthias Apitz said: El día Friday, October 09, 2009 a las 02:07:21AM -0400, jhell escribió: On Fri, 9 Oct 2009 07:58 +0200, guru@ wrote: To move a file tree from one place to another I see as an example: # tar -cf - local | tar --unlink -xpf - -C /mnt What does '--unlink' do exactly? I can't see it in the man page of tar(1). Thanks in advance man 2 unlink I know the unlink(2) sys call, but what does this --unlink flag in tar(1) on restore (-x)? It's the same as the -U option, provided for gnutar compatibility. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
Randi Harper wrote: I was thinking that a more acceptable default layout (leaving swap at it's current default size) would be: / = 1GB /var = 2GB /tmp = 2GB One thing to remember is that these are just suggested defaults. Most experienced users are going to use a custom layout when setting up a new server, so the goal here is to have partition sizes that work for everyone else. Although FreeBSD does work on older hardware, I'd guess that most of the hardware it is being installed on now is less than 10 years old. The defaults we currently have in place are outdated. They are targeted more for older systems, perhaps because sysinstall hasn't been touched in quite a while. I'm looking for community input on this, so feel free to pipe up with your $.02. I believe it's been years since I didn't bump up the sizes on an install, otherwise I just end up with all this space where it's least likely to save me from a filled disk in the future. While I am actually running some hardware that is over 10 years old with FreeBSD, quite happily, every single hard drive involved has been replaced due to failure or as a preventative measure. You just can't get general purpose disks that small anymoreI'd think that assuming everyone had at least 10 GB disks at this point would be reasonable. I'm all for increased defaults. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: / almost out of space just after installation
On Fri, Oct 9, 2009 at 12:06 AM, Jon Radel j...@radel.com wrote: I believe it's been years since I didn't bump up the sizes on an install, otherwise I just end up with all this space where it's least likely to save me from a filled disk in the future. While I am actually running some hardware that is over 10 years old with FreeBSD, quite happily, every single hard drive involved has been replaced due to failure or as a preventative measure. Oh, I'm not saying people aren't running FreeBSD on older hardware, I'm just guessing that *new* installs mostly happen on hardware that is less than 10 years old. :) -- randi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
When is it worth enabling hyperthreading?
On Wed, 07 Oct 2009 23:24:48 -0400 Pierre-Luc Drouin pldro...@pldrouin.net wrote: Could someone explain me in which cases it is useful to enable hyperthreading on a machine running FreeBSD 8.0 and in which other cases it is not a good idea? Is that possible that hyperthreading is disadvantageous unless the number of active (non-sleeping) threads is really high? For example, if I have an i7 CPU with 4 physical cores and that I run some multi-threaded code that has only 4 threads, it will run almost always (twice) slower with hyperthreading enabled than when I disable it in the BIOS. If I understand correctly, hyperthreading has the advantage of being able to do CPU context switching faster than the OS, but it No. Both context execute simultaneously. Each logical CPU of the two logical CPUs in a core has its own set of registers, LDT and GDT pointer registers, and instruction counter. Both compete for the same remaining set of resources: DAT, TLB, FPU, cache (all levels for a given core), busses to off-chip resources, and--most critically--pipeline slots per clock cycle. Any time a resource shared by the two logical CPUs (what the logical CPUs execute are called CPU threads or hyperthreads) is in use by one logical CPU, it is unavailable for use by the other logical CPU. If a logical CPU needs a resource unavailable due to its being in use by the other logical CPU, the late-comer's processing is suspended until the resource is released by the other logical CPU. Such a lockout situation is not directly detectable in software because the locked-out instruction is still in execution; it's just taking more than the usual number of cycles to complete. On a P4 Prescott chip or the late models of single-cored Xeons, the pipeline structure is apparently less than ideal for sustained simultaneous execution; i.e., there are frequent pairings of instructions that require more than the available pipeline slots of the types required by the two parallel instructions, which causes one of them to spin until the other moves on, opening the next cycle's set of pipeline slots. A simple case can demonstrate the problem, although on most systems this example would likely be infrequent. There is only one FPU pipeline on these chips, so two floating-point instructions executing simultaneously will result in one getting the FPU pipeline slot for the current cycle, while the other one spins until the next cycle, whereupon the other side will spin, etc. What is actually the more common occurrence is that other types of instruction pairs will require, for example, four slots of a type that only has three pipelines. The Core i7 chips (don't know about the other Core iN series) are alleged to have an improved assortment of pipelines w.r.t. typical instruction mixes, although I think there is still only one FPU per core, so the parallelism is supposed to be rather more effective on these chips than on their forerunners in the Pentium/Xeon series. It has been quite a while since I last tried measuring it, but IIRC, a make buildworld on my 3.4 GHz P4 Prescott takes about one to two minutes longer elapsed time in non-hyperthreading mode with MAKEFLAGS set to -j3 than it does with hyperthreading enabled and MAKEFLAGS set to -j5 (i.e., something like 52 - 53 minutes instead of 51 minutes and a few seconds). Your quad-core Core i7 chips ought to provide a much greater benefit with hyperthreading enabled, relatively speaking. The traditional recommendation for the -j flag for make(1) is 3*nCPUs, but hyperthreading doesn't give you a full CPU's worth of extra processing, so your quad-core chips won't give you a full 8 CPUs' worth. In other words, a single, large, parallel make job probably should have -j set to something under 24 yet still greater than 12, as a guess perhaps 20ish. :-) But do try it yourself at different -j values, and let us know how your timings turn out on that chip, along with the model number of the chip. does this context switching systematically instead of only when requested, so it slows things down unless the number of running (non-sleeping) threads is greater or equal to let say the number of physical threads x 1.5-1.75. In general, there is a slight gain, although running parallel floating-point activities is a break-even situation and not worth the bother unless you're just trying to learn OpenMP or some such. When I've disabled hyperthreading, interactive response has often seemed a tad less snappy when running some CPU-bound process at the same time. OTOH, with hyperthreading enabled, I sometimes notice a bit more jerkiness in things like scrolling in firefox, but it's not easy to tell what's really happening there because firefox typically has at least 7 threads itself. :-) Like Bill Moran said, user interfaces do seem a bit more responsive, and I haven't seen any noticeable *loss* in overall performance. The make buildworld example runs long enough
Re: tar --unlink ?
El día Friday, October 09, 2009 a las 01:52:45AM -0500, Dan Nelson escribió: I know the unlink(2) sys call, but what does this --unlink flag in tar(1) on restore (-x)? It's the same as the -U option, provided for gnutar compatibility. Dan, Thanks for your helping answer. Maybe someone with commit right should make a note in the manpage of tar(1). Thanks matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e g...@unixarea.de - w http://www.unixarea.de/ Vote NO to EU The Lisbon Treaty: http://www.no-means-no.eu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
for perl wizards.
Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' If there any another other tools, I'm interested! tia, guys, gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 5.67a release of Jottings: http://jottings.thought.org/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: netbeans 6.0.1 not run
cuongvt wrote: Hi all! full explanation: FreeBSD 7.0-RELEASE (i386) uid=1001(mak) gid=0(wheel) groups=0(wheel),69(network) installed: jdk-1.6.0.3p4_1 diablo-jdk-1.5.0.07.01_10 javavmwrapper-2.3.2 I'm using zsh so I set JAVA_HOME and PATH of java into in my .zshrc. java -version: java 16 jdku3p1 etc etc Then I insralled netbeans from ports, firstly it warned: JAVA_HOME should not be defined. So i removed JAVA_HOME and PATH of java into in my .zshrc, reboot and reinstalled netbeans. Installation went fine. When I try run netbeans: m...@lo0:~netbeans XIO: fatal IO error 0 (Unknown error: 0) on X server :0.0 after 0 requests (0 known processed) with 0 events remaining. Any ideas? P/S:All pkgs were installed via ports* you shall change your java interpreter package. Install jdk1.6 from /usr/ports/java/jdk16, by going to this directory and typing make install. I tried jdk1.6.0 and replaced it instead of diablo-1.5.0. In order to do this you shall try to change javahome directory in netbeans.conf you may find this file in /usr/local/netbeans/etc then: #vi netbeans.conf you may see something like this javahome= /usr/local/diablo-1.5.0 chang that into: javahome=/usr/local/jdk1.6.0 then it will work -- View this message in context: http://www.nabble.com/netbeans-6.0.1-not-run-tp17179367p25817655.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Gary Kline wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' If there any another other tools, I'm interested! That's a problem with shell quoting rather than perl. You're using ' as the delimiter on your command line, so you need to escape any instances within commands. Or you can replace a literal ' with the ASCII character code \x27. However, in the more general sense what you are doing is replacing certain UTF-8 character codes with similar characters from the ASCII range. That sounds to me like a job for iconv(1) -- in ports as converters/libiconv Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: for perl wizards.
On Fri, 9 Oct 2009, Gary Kline wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You're kidding, aren't you? The apostrophe is the same as the single quote, so double quote the execute line. Also, of course, you haven't specified which file(s) to operate on. And finally, there are tons of perl forums, mailing lists, and newsgroups. Pick one to ask perl questions. perl -pi.bak -e s/\xe2\x80\x99/'/g OOo If there any another other tools, I'm interested! check out sed and tr. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: binutils
On 10/9/09, Alex R a...@mailinglist.ahhyes.net wrote: Hi Guys, Is there any news on when the version of binutils that ships as part of the base system will be updated? The version that ships with 7.x etc is about 5 years old now. It creates problems on amd64 when compiling mplayer (assembly language directive errors), and can be resolved by installing a newer version of binutils. Feel free to share your thoughts :) /usr/ports/devel/binutils ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Gary Kline kl...@thought.org wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. If there any another other tools, I'm interested! That hex code rather looks like UTF-8. For conversion between character encodings I recommend recode from the ports collection (ports/converters/recode). For example, to convert file.txt from UTF-8 to ISO8859-15: $ recode utf8..iso8859-15 file.txt To preserve the previous file contents, do this: $ recode utf8..iso8859-15 old.txt new.txt Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Python tricks is a tough one, cuz the language is so clean. E.g., C makes an art of confusing pointers with arrays and strings, which leads to lotsa neat pointer tricks; APL mistakes everything for an array, leading to neat one-liners; and Perl confuses everything period, making each line a joyous adventure wink. -- Tim Peters ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
Aryeh M. Friedman wrote: Herbert J. Skuhra wrote: Den 9. okt. 2009 kl. 05.25 skrev Aryeh M. Friedman aryeh.fried...@gmail.com: Since certain currently unused devices are not created in /dev (specifically in my case /dev/fuse*) how do I tell what ever (I can't tell it is devfs or what) to always make /dev/fuse* (when needed) with 777 perms (the security implications are not an issue here) Have you tried devfs.rules(5)? yes and since the device doesn't exist at the mount time for devfs they are ignored Then you did something wrong, or you're confusing devfs.rules and devfs.conf. Quote from the manpage: The devfs.rules file provides an easy way to create and apply devfs(8) rules, even for devices that are not available at boot. The rules take effect whenever a new node (devide) appears, even after devfs was mounted. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Python is an experiment in how much freedom programmers need. Too much freedom and nobody can read another's code; too little and expressiveness is endangered. -- Guido van Rossum ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
Randi Harper wrote: 1.) Look at the PR database and search for sysinstall. See all those open reports, some from 8 years ago? sysinstall needs some babying. It doesn't need babying, it needs killing. :-) Quotes from the sysinstall(8) manpage: This product is currently at the end of its life cycle and will eventually be replaced. And: This utility is a prototype which lasted several years past its expira- tion date and is greatly in need of death. Actually I hoped that 8.0 would be released with the new installer that has been under development for some time. Unfortunately it doesn't seem to be ready yet. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd I suggested holding a Python Object Oriented Programming Seminar, but the acronym was unpopular. -- Joseph Strout ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Trouble getting new raid array to boot
Then my answer would be missing MBR or boot blocks, an active partition alone won't make a system boot. it's just a flag to say which partition is bootable, but doesn't mean that the boot flag itself makes the partition boot. fdisk(8) and bsdlabel(8) -- see the -B option to both. If you have a dangerously dedicated disk, ignore fdisk. If you don't have a bsdlabel, ignore bsdlabel. I do both on any standard install. I set sade to install a FreeBSD boot manager. Just to be sure, I just tried fdisk -B aacd0 and bsdlabel -B aacd0s1 and I'm still getting the same invalid partition error. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
security run output
Hello list! I'm getting the messages below far one machine and I can't remeber how managed to do that. I want that for my other machines as well, but can not remeber how to activate it. Checking for a current audit database: Database created: Wed Oct 7 03:55:02 CEST 2009 Checking for packages with security vulnerabilities: ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: security run output
Date: Fri, 9 Oct 2009 13:31:56 +0200 From: be...@bah.homeip.net To: freebsd-questions@freebsd.org Subject: security run output Hello list! I'm getting the messages below far one machine and I can't remeber how managed to do that. I want that for my other machines as well, but can not remeber how to activate it. Checking for a current audit database: Database created: Wed Oct 7 03:55:02 CEST 2009 Checking for packages with security vulnerabilities: ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org that would most likely be the portaudit utility /usr/ports/ports-mgmt/portaudit ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Lars Eighner wrote: On Fri, 9 Oct 2009, Gary Kline wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You're kidding, aren't you? Have you not ever overlooked something like a misplaced apostrophe? The OP came with nearly workable code, in which I can tell that he spent some time researching and toying with before asking for help. And finally, there are tons of perl forums, mailing lists, and newsgroups. Pick one to ask perl questions. Why? The OP is not looking for help identifying why a complex subroutine is doing something unexpected. He is asking how to modify portions of his file system on FreeBSD using the command line. Would you have been so harsh if he was asking how to do it with sed? awk? I for one welcome these Perl questions. I've asked them here before, and for simple tasks, will ask them here again. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
xorg-server package update on 7.2-STABLE
Good morning, The problem I'm having is that startx gives a garbage-filled screen and locks up the console. When I run it through ssh from another computer I can see that it complains: /libexec/ld-elf.so.1: /usr/local/bin/X: Undefined symbol shmctl before dying and leaving the main display buggered up. Rebooting the computer is the only way I've found to un-bugger it. Background - Recently installed fresh i386 7.2-RELEASE, and subsequently had X working with the intel driver. I ran portupgrade -aPP two days ago using packages-7-stable and immediately thereafter experienced the symptoms described above. I see nothing related in /usr/ports/UPDATING since the release date of 7.2. The closest things that turned up Googling variations of the error message has turned up were http://forums.freebsd.org/showthread.php?t=6661 and http://forums.freebsd.org/showthread.php?t=7464 which strike me as close but no cigar. This is close to the hairy edge of my competence, but I tried comparing the dynamic symbol tables of the relevant files with the following results # objdump -T /usr/local/bin/Xorg | grep shmctl 0DF*UND* 0FBSD_1.1 shmctl # objdump -T /lib/libc.so.7 [snip] 00045f64 W DF.text 0FBSD_1.0 shmctl [snip] # pkg_info -W /usr/loca/bin/Xorg /usr/local/bin/Xorg was installed by package xorg-server-1.6.1,1 I interpret this to suggest that the updated Xorg was linked to a different version of the C library and is looking for a version of the symbol that doesn't exist, though perhaps I'm misreading http://people.freebsd.org/~deischen/symver/freebsd_versioning.txt My specific questions are: - Am I on the right track with my diagnostic steps or is this the wrong rabbit hole? - Is this more likely a bug (xorg-server from 7-STABLE shouldn't break ABI with 7.2-RELEASE) or operator error (missing or incorrect update step)? - I would prefer to maintain my system using pre-compiled packages only. Is that feasible, and if so does it come with restrictions that I may have already violated? Any pointers would be appreciated and a solution would be greatly appreciated. Please let me know if there are potentially-relevant details I've omitted. Regards, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
On Fri, 9 Oct 2009, Oliver Fromme wrote: Gary Kline kl...@thought.org wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
From: Randi Harper ra...@freebsd.org I was thinking that a more acceptable default layout (leaving swap at it's current default size) would be: / = 1GB /var = 2GB /tmp = 2GB Similar enough to what I use for general systems that I vote YES. I'd love to add one more - on a drive bigger than, say, 40 GB, adding a separate /home would be wonderful. Maybe allow up to 20 GB for user, all remaining space allocated to /home? Regardless of the second point, the first point is fine, though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Automatic chmod
Hi; I have a python script that automatically writes another script. I need to be able to automatically chmod the script so that it will execute. Also, it appears that's not enough, because when I manually chmod the script (775), it throws this error: fopen: Permission denied TIA, V ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automatic chmod
From: Victor Subervi victorsube...@gmail.com Subject: Automatic chmod To: freebsd-questions@freebsd.org Date: Friday, October 9, 2009, 10:19 AM Hi; I have a python script that automatically writes another script. I need to be able to automatically chmod the script so that it will execute. Also, it appears that's not enough, because when I manually chmod the script (775), it throws this error: fopen: Permission denied TIA, V What user are you running this under? Without seeing code, my first guess is that you are trying to open a file you don't have permission to open. The chmod you are doing only affects the script's permissions, not the permissions of the files it may touch. For more, I suggest posting the code itself. -Rich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Russian Translator
Hi there. I want to be the translator from English to Russian in freebsd.com. I see, that in http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ there is written: Copyright [http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/LEGALNOTICE.html] © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 The FreeBSD Documentation Project But in the Russian page http://www.freebsd.org/doc/ru_RU.KOI8-R/books/faq/ Only Copyright [http://www.freebsd.org/doc/ru_RU.KOI8-R/books/faq/LEGALNOTICE.html] © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 The FreeBSD Documentation Project So, the page in Russian is 3 years old. May i translate new FAQ and commit it to the freebsd.org? -- Vladimir Romanov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automatic chmod
From: Victor Subervi victorsube...@gmail.com Subject: Automatic chmod To: freebsd-questions@freebsd.org Date: Friday, October 9, 2009, 10:19 AM Hi; I have a python script that automatically writes another script. I need to be able to automatically chmod the script so that it will execute. Also, it appears that's not enough, because when I manually chmod the script (775), it throws this error: fopen: Permission denied TIA, V What user are you running this under? Without seeing code, my first guess is that you are trying to open a file you don't have permission to open. The chmod you are doing only affects the script's permissions, not the permissions of the files it may touch. For more, I suggest posting the code itself. Sorry, missed the 'script that writes a script that won't run' piece. First solution isn't likely to be the solution (though still could be), but I still suggest posting the code. -Rich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automatic chmod
User? I only have one user on this shared server. Here's the code:
#!/usr/local/bin/python
import cgitb; cgitb.enable()
import MySQLdb
import cgi
import sys,os
sys.path.append(os.getcwd())
from login import login
user, passwd, db, host = login()
form = cgi.FieldStorage()
picid = int(form['id'].value)
x = int(form['x'].value)
pics = {1:'pic1',2:'pic2',3:'pic3',4:'pic4',5:'pic5',6:'pic6'}
pic = pics[x]
db = MySQLdb.connect(host=host, user=user, passwd=passwd, db=db)
cursor= db.cursor()
sql = select + pic + from productsX where id=' + str(picid) + ';
cursor.execute(sql)
content = cursor.fetchall()[0][0].tostring()
cursor.close()
print '''Content-Type: text/plain
Content-Encoding: base64
'''
print
print content.encode('base64')
TIA,
V
On Fri, Oct 9, 2009 at 10:14 AM, Richard Mahlerwein mahle...@yahoo.comwrote:
From: Victor Subervi victorsube...@gmail.com
Subject: Automatic chmod
To: freebsd-questions@freebsd.org
Date: Friday, October 9, 2009, 10:19 AM
Hi;
I have a python script that automatically writes another script. I need to
be able to automatically chmod the script so that it will execute. Also,
it
appears that's not enough, because when I manually chmod the script (775),
it throws this error:
fopen: Permission denied
TIA,
V
What user are you running this under? Without seeing code, my first guess
is that you are trying to open a file you don't have permission to open.
The chmod you are doing only affects the script's permissions, not the
permissions of the files it may touch.
For more, I suggest posting the code itself.
-Rich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: tar --unlink ?
In the last episode (Oct 09), Matthias Apitz said: El día Friday, October 09, 2009 a las 01:52:45AM -0500, Dan Nelson escribió: I know the unlink(2) sys call, but what does this --unlink flag in tar(1) on restore (-x)? It's the same as the -U option, provided for gnutar compatibility. Thanks for your helping answer. Maybe someone with commit right should make a note in the manpage of tar(1). Thanks There already is a note, at the very end of the manpage: There are alternative long options for many of the short options that are deliberately not documented. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
Randi Harper wrote: / = 1GB /var = 2GB /tmp = 2GB Depending on the size of installed RAM, /tmp could also be a memory disk by default. I do that on all of my machines. I never have /tmp physically on disk anywhere. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Can the denizens of this group enlighten me about what the advantages of Python are, versus Perl ? python is more likely to pass unharmed through your spelling checker than perl. -- An unknown poster and Fredrik Lundh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automatic chmod
I should have mentioned the import of the login works for other scripts, so
that is not the issue.
V
On Fri, Oct 9, 2009 at 10:20 AM, Victor Subervi victorsube...@gmail.comwrote:
User? I only have one user on this shared server. Here's the code:
#!/usr/local/bin/python
import cgitb; cgitb.enable()
import MySQLdb
import cgi
import sys,os
sys.path.append(os.getcwd())
from login import login
user, passwd, db, host = login()
form = cgi.FieldStorage()
picid = int(form['id'].value)
x = int(form['x'].value)
pics = {1:'pic1',2:'pic2',3:'pic3',4:'pic4',5:'pic5',6:'pic6'}
pic = pics[x]
db = MySQLdb.connect(host=host, user=user, passwd=passwd, db=db)
cursor= db.cursor()
sql = select + pic + from productsX where id=' + str(picid) + ';
cursor.execute(sql)
content = cursor.fetchall()[0][0].tostring()
cursor.close()
print '''Content-Type: text/plain
Content-Encoding: base64
'''
print
print content.encode('base64')
TIA,
V
On Fri, Oct 9, 2009 at 10:14 AM, Richard Mahlerwein mahle...@yahoo.comwrote:
From: Victor Subervi victorsube...@gmail.com
Subject: Automatic chmod
To: freebsd-questions@freebsd.org
Date: Friday, October 9, 2009, 10:19 AM
Hi;
I have a python script that automatically writes another script. I need
to
be able to automatically chmod the script so that it will execute. Also,
it
appears that's not enough, because when I manually chmod the script
(775),
it throws this error:
fopen: Permission denied
TIA,
V
What user are you running this under? Without seeing code, my first guess
is that you are trying to open a file you don't have permission to open.
The chmod you are doing only affects the script's permissions, not the
permissions of the files it may touch.
For more, I suggest posting the code itself.
-Rich
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
2009/10/9 Oliver Fromme o...@lurza.secnetix.de Randi Harper wrote: / = 1GB /var = 2GB /tmp = 2GB Depending on the size of installed RAM, /tmp could also be a memory disk by default. I do that on all of my machines. I never have /tmp physically on disk anywhere. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Can the denizens of this group enlighten me about what the advantages of Python are, versus Perl ? python is more likely to pass unharmed through your spelling checker than perl. -- An unknown poster and Fredrik Lundh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org personally i prefer the following layout which i use on work kit. The smallest drives we have are 76 gb sas / 4gb /tmp 4gb /var 8GB /home 4gb swap at least as big as ram on box /usr/local all the rest ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
On Fri, Oct 09, 2009 at 02:18:46AM -0400, Aryeh M. Friedman wrote: Roland Smith wrote: On Thu, Oct 08, 2009 at 11:25:12PM -0400, Aryeh M. Friedman wrote: Since certain currently unused devices are not created in /dev (specifically in my case /dev/fuse*) how do I tell what ever (I can't tell it is devfs or what) to always make /dev/fuse* (when needed) with 777 perms (the security implications are not an issue here) See devfs.rules(5). Should of been more specific in the orginal question then I added a rule and since the device doesn't exist at devfs mount time it does not honor the rule Do you have a ruleset named in /etc/devfs.rules? And is it enabled in /etc/rc.conf? Have you restarted devfs after changing /etc/devfs.rules? Can you post your /etc/devfs.rules, and the output of 'devfs rule show'? Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpWA3xCX7cFM.pgp Description: PGP signature
Re: How to set device permissions at startup
On Fri, Oct 09, 2009 at 12:34:21PM +0200, Oliver Fromme wrote: Aryeh M. Friedman wrote: Herbert J. Skuhra wrote: Den 9. okt. 2009 kl. 05.25 skrev Aryeh M. Friedman aryeh.fried...@gmail.com: Since certain currently unused devices are not created in /dev (specifically in my case /dev/fuse*) how do I tell what ever (I can't tell it is devfs or what) to always make /dev/fuse* (when needed) with 777 perms (the security implications are not an issue here) Have you tried devfs.rules(5)? yes and since the device doesn't exist at the mount time for devfs they are ignored Then you did something wrong, or you're confusing devfs.rules and devfs.conf. Quote from the manpage: The devfs.rules file provides an easy way to create and apply devfs(8) rules, even for devices that are not available at boot. The rules take effect whenever a new node (devide) appears, even after devfs was mounted. But one has to run '/etc/rc.d/devfs restart' for newly added rules to take effect! (or reboot the system, which is overkill). You can try it out by adding a rule to /etc/devfs.rules and running 'devfs rule show' (as root). The new rule won't show up until after one has run 'etc/rc.d/devfs restart'. Maybe I whould add that to the manual page for devfs.rules? I thought this was obvious, because most if not all rc.d scripts work that way, but mayby it's not clear enough. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpC0k2H279Ni.pgp Description: PGP signature
ipfw - TRAFFIC SHAPER
I'm trying to fight with ipfw and unfortunately unsuccessfully... I created following rules ipfw pipe 1 config bw 1Mbit/s ifpw add 8080 pipe 1 tcp from any to any src-port www ifpw add 8080 pipe 1 tcp from any to any dst-port www yet I see peaks of my traffic is way higher them 1Mbit/s i have following modules loaded through kldload 23 0x80cd3000 15db8ipfw.ko 51 0x80cec000 bbc8 dummynet.ko i even load 101 0x80e7d000 14df ipdivert.ko and that still didn't help :( can anyone help me? -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Russian Translator
Владимир Романов wrote: Hi there. I want to be the translator from English to Russian in freebsd.com. ITYM freebsd.org ? I see, that in http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ there is written: Copyright [http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/LEGALNOTICE.html] © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 The FreeBSD Documentation Project But in the Russian page http://www.freebsd.org/doc/ru_RU.KOI8-R/books/faq/ Only Copyright [http://www.freebsd.org/doc/ru_RU.KOI8-R/books/faq/LEGALNOTICE.html] © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 The FreeBSD Documentation Project So, the page in Russian is 3 years old. May i translate new FAQ and commit it to the freebsd.org? freebsd-...@freebsd.org is the best mailing list for discussing translating documentation / FAQS / website. I believe there is a fairly active Russian translation group with which the people over in freebsd-...@... will be able to put you in touch. Any volunteers to help out would be most welcome. Any work you do on translating documents should be submitted via the PR system in the first instance for review and committal. It's only once you've established a track record for producing good, accurate work that you would be considered for a commit-bit yourself. Cheers Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: How to set device permissions at startup
Roland Smith wrote: Oliver Fromme wrote: Quote from the manpage: The devfs.rules file provides an easy way to create and apply devfs(8) rules, even for devices that are not available at boot. The rules take effect whenever a new node (devide) appears, even after devfs was mounted. But one has to run '/etc/rc.d/devfs restart' for newly added rules to take effect! (or reboot the system, which is overkill). Yes, of course. I thought that was obvious. Maybe I whould add that to the manual page for devfs.rules? Agreed, that might be an appropriate clarification. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd With Perl you can manipulate text, interact with programs, talk over networks, drive Web pages, perform arbitrary precision arithmetic, and write programs that look like Snoopy swearing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrade to 7.2 broke network connections-SOLVED
I tried booting up with ACPI disabled, and suddenly the network connections worked like a charm. Thanks, Renee Gehlbach Today I updated a server from 6.4 to 7.2. I cvsup'ed, built world, built kernel, installed kernel, installed world, mergemastered, and rebooted. And sat there, while ntpdate timed out trying to connect to four different servers, while interface status messages slowly scrolled: tx0: device timeout 2 packets tx0: seems we can continue normally rl0: watchdog timeout When it finally timed out, and I logged in, I found that I could ping 127.0.0.1, I could ping 192.168.50.7 (tx0 interface), I could ping the rl0 wan interface, I could not ping the gateway or anything outside of the machine. Looking at dmesg later, I found the same timeout messages repeated again and again, and I found further error messages: tx0: reinitialization tx0: ERROR! Can't stop TxDMA tx0: ERROR! Unknown PHY selected and repeated periodically: tx0: reinitialization tx0: ERROR! Unknown PHY selected I built and installed the generic kernel, and tried again. Same deal. I disabled ipfilter and ntp in rc.conf, removed the configuration lines for all but one interface, and rebooted. Same deal, just shorter boot time without having to wait for ntpdate (grin) I thought, ok.really old NICs. There were some warnings about deprecated features in bootup. I took out both NICs and put in an Intel Pro 10/100/1000 -- obviously supported. Same deal. I previously attempted to update this server several months ago, going from 6.something to 7.1, and had this same problem. After several frustrating days, I restored from backup and updated to latest 6.x, which worked fine. So I assume that I have something configured wrong. If there were hardware compatibility issues this big, this version would never have gone to stable, and people would be screaming about it all over the mailing lists. So my question is.what should be my next troubleshooting step? Thanks for your time, Renee Gehlbach ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw - TRAFFIC SHAPER
alexus wrote: I'm trying to fight with ipfw and unfortunately unsuccessfully... I created following rules ipfw pipe 1 config bw 1Mbit/s ifpw add 8080 pipe 1 tcp from any to any src-port www ifpw add 8080 pipe 1 tcp from any to any dst-port www yet I see peaks of my traffic is way higher them 1Mbit/s i have following modules loaded through kldload 23 0x80cd3000 15db8ipfw.ko 51 0x80cec000 bbc8 dummynet.ko i even load 101 0x80e7d000 14df ipdivert.ko and that still didn't help :( can anyone help me? Do you have an ipfw rule allowing www traffic before rule 8080? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Warren Block wrote: Oliver Fromme wrote: Gary Kline wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. Neither powerful regexes nor escapes will help in this case. A simple basic regex is more than sufficient (in fact this isn't even a regex, it's a fixed string). And the escaping is a problem of the shell, not perl or sed. And by the way, I stongly disagree that perl's escapes are much simpler. In my opinion perl has the most complex escaping and quoting I have seen in any language so far. The basic UNIX philosophy is to use the smallest or simplest tool that does the job. In this case that's clearly sed. (Not to mention the fact that perl isn't even in FreeBSD's base system, so might not be available at all.) Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor, and when was the last time you needed one? -- Tom Cargil, C++ Journal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Capturing netflows
I have run into a need to capture netflows from the internal interface of my FreeBSD 6 server. The internal interface is em0 and the external interface is em1. I am using the following to setup the netflows. /usr/sbin/ngctl -f- SEQ mkpeer em0: netflow lower iface0 name: em0: lower netflow connect em0: netflow: upper out0 mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export connect inet/1.2.3.4:12345 SEQ When I run the commands above, I receive the following message. ngctl: send msg: No such file or directory ngctl: line 1: error in file I am at a complete loss here. My understanding of netgraph is poor at best. Any suggestions would be appreciated. Thanks, Jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw - TRAFFIC SHAPER
On Fri, Oct 9, 2009 at 12:57 PM, Brent Bloxam bre...@beanfield.com wrote: alexus wrote: I'm trying to fight with ipfw and unfortunately unsuccessfully... I created following rules ipfw pipe 1 config bw 1Mbit/s ifpw add 8080 pipe 1 tcp from any to any src-port www ifpw add 8080 pipe 1 tcp from any to any dst-port www yet I see peaks of my traffic is way higher them 1Mbit/s i have following modules loaded through kldload 2 3 0x80cd3000 15db8 ipfw.ko 5 1 0x80cec000 bbc8 dummynet.ko i even load 10 1 0x80e7d000 14df ipdivert.ko and that still didn't help :( can anyone help me? Do you have an ipfw rule allowing www traffic before rule 8080? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org no, nothing related to www, in fact the only rules I have before that one is followings: 00100 19704 3856110 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any that's it... -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw - TRAFFIC SHAPER
On Fri, Oct 9, 2009 at 1:22 PM, alexus ale...@gmail.com wrote: On Fri, Oct 9, 2009 at 12:57 PM, Brent Bloxam bre...@beanfield.com wrote: alexus wrote: I'm trying to fight with ipfw and unfortunately unsuccessfully... I created following rules ipfw pipe 1 config bw 1Mbit/s ifpw add 8080 pipe 1 tcp from any to any src-port www ifpw add 8080 pipe 1 tcp from any to any dst-port www yet I see peaks of my traffic is way higher them 1Mbit/s i have following modules loaded through kldload 2 3 0x80cd3000 15db8 ipfw.ko 5 1 0x80cec000 bbc8 dummynet.ko i even load 10 1 0x80e7d000 14df ipdivert.ko and that still didn't help :( can anyone help me? Do you have an ipfw rule allowing www traffic before rule 8080? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org no, nothing related to www, in fact the only rules I have before that one is followings: 00100 19704 3856110 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any that's it... -- http://alexus.org/ the other thing is kind of weird is when I do ipfw pipe show I get same results no matter how many times I do that su-3.2# ipfw pipe show 1: 2.000 Mbit/s0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp 0 tcp 72.21.81.133/80 64.237.55.83/51986 176846 168906331 44 56988 6909 su-3.2# -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
On Fri, 9 Oct 2009, Oliver Fromme wrote: Warren Block wrote: Oliver Fromme wrote: Gary Kline wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. Neither powerful regexes nor escapes will help in this case. Certainly \x will not help in sed; sed doesn't have it. A simple basic regex is more than sufficient (in fact this isn't even a regex, it's a fixed string). And the escaping is a problem of the shell, not perl or sed. And by the way, I stongly disagree that perl's escapes are much simpler. In my opinion perl has the most complex escaping and quoting I have seen in any language so far. I was thinking of the escapes needed for sed that should not be needed. Some of those are shell problems, many are due to the regex library. More basic things than \x are missing. \t, for instance, or useful \s instead of picking spaces or tabs or trying to navigate using | in sed expressions. The basic UNIX philosophy is to use the smallest or simplest tool that does the job. In this case that's clearly sed. Since sed doesn't have \x, it would appear that sed does not do the job. Maybe I just don't see it. And in most cases, the external simplicity of a tool is more important to the user than its internals. Put another way, if you have it, and it does a better/easier/faster job, why *not* use it? (Not to mention the fact that perl isn't even in FreeBSD's base system, so might not be available at all.) But the OP is using it, so that's clearly not the case here. Or in most FreeBSD installations. It's possible Mastering Regular Expressions has influenced my thinking on this. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Warren Block wrote: Oliver Fromme wrote: Warren Block wrote: Oliver Fromme wrote: Gary Kline wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. Neither powerful regexes nor escapes will help in this case. Certainly \x will not help in sed; sed doesn't have it. Right, that's an annoying flaw in sed (it doesn't even support the \0 syntax for octal values, which is more standard than \x). Normally I just type such characters literally, which is accepted fine by sed (it is 8 bit clean). However, in this particular case I really recommend to use the recode tool (ports/conversion/recode) to convert from UTF-8 to some other encoding. Much easier, and more correct. E2-80-99 (unicode 2019) isn't even a real apostrophe in UTF-8, it's a right single quotation mark. An apostrophe would be ASCII 27. Maybe the OP should configure his software to not save the file with UTF-8 encoding in the first place. I'm not an OOo user, so I can't tell how to do that. But obviously the OP doesn't want the file to be stored as UTF-8. It's possible Mastering Regular Expressions has influenced my thinking on this. This isn't about regular expressions at all. This is about replacing fixed strings. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs. -- Robert Firth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
Oliver Fromme wrote: Roland Smith wrote: Oliver Fromme wrote: Quote from the manpage: The devfs.rules file provides an easy way to create and apply devfs(8) rules, even for devices that are not available at boot. The rules take effect whenever a new node (devide) appears, even after devfs was mounted. But one has to run '/etc/rc.d/devfs restart' for newly added rules to take effect! (or reboot the system, which is overkill). Yes, of course. I thought that was obvious. Maybe I whould add that to the manual page for devfs.rules? Agreed, that might be an appropriate clarification. Best regards Oliver It should be included because not everyone uses the standard /etc/rc.* hierachy. For example I have a completely custom rc which before I did an other hack to make this issue not an issue read: #!/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/boot/kernel:/boot/modules export PATH kldload fuse swapon -a fsck -p mount -rw / mount -a sysctl vfs.usermount=1 ntfs-3g /dev/ad4s1 /mnt/c /usr/local/etc/rc.d/hald onestart hostname aryeh-desktop.istudentunion.com ifconfig ale0 192.168.2.2 ifconfig lo0 127.0.0.1 route add 127.0.0.1 102.168.2.2 route add default 192.168.2.1 named ntpdate pool.ntp.org cupsd noip2 sendmail -bd -q1m ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
postfix/amavids/sa/etc in FreeBSD jail?
is a FreeBSD jail enough of a virtualized OS to run a full filtering MX config setup exactly as on a native FreeBSD? Len ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
best FBSD version for commercial use.
Hello Gurus, Im planing to move out of my FreeBSD 4.8-R! which served me like a charm for many years. But not sure if I should go for 6.3 or 7.2 This server will be a DNS server, apache, shell accounts..php, mysql.. anything i should be aware of? Advices? Thank you. Marwan _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
On Fri, Oct 9, 2009 at 1:28 PM, Marwan Sultan dead_l...@hotmail.com wrote: Hello Gurus, Im planing to move out of my FreeBSD 4.8-R! which served me like a charm for many years. But not sure if I should go for 6.3 or 7.2 This server will be a DNS server, apache, shell accounts..php, mysql.. anything i should be aware of? Advices? Thank you. Marwan 7.2 6.4 is the last release in 6.x so no 6.3 unless specifically needed. 8.0 is nearly here. Do a clean install, it will be easier for you in the long run. Probably easiest to do a trial run by installing to VM first eg VirtualBox guest. You wouldn't find hardware issues, but you might work out the exact steps you'll need to take to help minimize downtime. /usr/src/UPDATING can give you some specific info. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
On Fri, 9 Oct 2009, Warren Block wrote: On Fri, 9 Oct 2009, Oliver Fromme wrote: Gary Kline kl...@thought.org wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. Because sed is stable and perl is getting all OO and flaky. Sed will work like sed for so long as there are unix-like systems. It is not clear that perl is going to continue to work. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Capturing netflows
Jay Hall wrote: I have run into a need to capture netflows from the internal interface of my FreeBSD 6 server. The internal interface is em0 and the external interface is em1. I am using the following to setup the netflows. /usr/sbin/ngctl -f- SEQ mkpeer em0: netflow lower iface0 name: em0: lower netflow connect em0: netflow: upper out0 mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export connect inet/1.2.3.4:12345 SEQ When I run the commands above, I receive the following message. ngctl: send msg: No such file or directory ngctl: line 1: error in file I am at a complete loss here. My understanding of netgraph is poor at best. Any suggestions would be appreciated. Been a while since I used it but I used to use this script based on this email http://www.mail-archive.com/freebsd-questions@freebsd.org/msg103671.html #!/usr/sbin/ngctl -f mkpeer fxp0: tee lower right connect fxp0: fxp0:lower upper left mkpeer fxp0:lower netflow right2left iface0 name fxp0:lower.right2left netflow mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export connect inet/w.x.y.x:6667 hope that helps, Vince Thanks, Jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
On Oct 9, 2009, at 2:28 PM, Marwan Sultan wrote: Hello Gurus, Im planing to move out of my FreeBSD 4.8-R! which served me like a charm for many years. But not sure if I should go for 6.3 or 7.2 This server will be a DNS server, apache, shell accounts..php, mysql.. anything i should be aware of? Advices? Thank you. Marwan Recommend sticking with 7.x branch until 8.0 has been through one or two solid releases. Then you should be able to perform a csup and rebuild the world to the current version of 8.x at the time. Regards, Mikel King CEO, Olivent Technologies Senior Editor, BSD News Network Columnist, BSD Magazine 6 Alpine Court, Medford, NY 11763 o: 631.627.3055 skype:mikel.king http://olivent.com http://mikelking.com http://twitter.com/mikelking ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
Aryeh M. Friedman wrote: Oliver Fromme wrote: Roland Smith wrote: But one has to run '/etc/rc.d/devfs restart' for newly added rules to take effect! (or reboot the system, which is overkill). Yes, of course. I thought that was obvious. Maybe I whould add that to the manual page for devfs.rules? Agreed, that might be an appropriate clarification. It should be included because not everyone uses the standard /etc/rc.* hierachy. For example I have a completely custom rc which before I did an other hack to make this issue not an issue read: Well, if you completely rewrite /etc/rc, then you're on your own anyway, and you're supposed to know what you're doing. In general it is not a good idea and will lead to serious foot-shooting. By the way, what is the reason that you don't use the standard rc(8) facilities? I don't see anything in you custom script that wouldn't be covered by them. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd A language that doesn't have everything is actually easier to program in than some that do. -- Dennis M. Ritchie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
On Fri, 9 Oct 2009, Oliver Fromme wrote: Warren Block wrote: Certainly \x will not help in sed; sed doesn't have it. Right, that's an annoying flaw in sed (it doesn't even support the \0 syntax for octal values, which is more standard than \x). From my perspective, sed is a tiny, gooey center of usefulness nearly completely obscured by annoying flaws. That's not fair to sed, since most of its flaws can be more fairly described as legacy behavior. Maybe the OP should configure his software to not save the file with UTF-8 encoding in the first place. I'm not an OOo user, so I can't tell how to do that. But obviously the OP doesn't want the file to be stored as UTF-8. Sure. That removes the need for any of these tools. It's possible Mastering Regular Expressions has influenced my thinking on this. This isn't about regular expressions at all. This is about replacing fixed strings. The OP was using a regex. But my question was why sed instead of Perl? tr(1) was also suggested, and is probably better than sed in this case. Of course, tr is another tool that Perl can replace with added functionality. Likewise Ruby, which has about the same command-line options as Perl but is less likely to be installed on a typical FreeBSD system. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to set device permissions at startup
Oliver Fromme wrote: Aryeh M. Friedman wrote: Oliver Fromme wrote: Roland Smith wrote: But one has to run '/etc/rc.d/devfs restart' for newly added rules to take effect! (or reboot the system, which is overkill). Yes, of course. I thought that was obvious. Maybe I whould add that to the manual page for devfs.rules? Agreed, that might be an appropriate clarification. It should be included because not everyone uses the standard /etc/rc.* hierachy. For example I have a completely custom rc which before I did an other hack to make this issue not an issue read: Well, if you completely rewrite /etc/rc, then you're on your own anyway, and you're supposed to know what you're doing. In general it is not a good idea and will lead to serious foot-shooting. By the way, what is the reason that you don't use the standard rc(8) facilities? I don't see anything in you custom script that wouldn't be covered by them. Mostly a matter of style... namely I personally like to know every last detail of how my machine boots (even having the hald and dbus onestarts is too much relience on magic code (code that works but is overly complex and hard to understand) but I was not able to deduce by reading their startup srcipts/man pages/ps -agx listings what args they needed so had to use the rc.d's)... in general it is a bad thing to have code that is not 100% user understandable (read not 100% author unreadable)... the metaphor I often give is it is like the difference between a modern computer controlled car and say a model T or VW bug (the first being so complex that only an expert can work on it and the second being simple enough that any mechincally inclined owner can work on it)... same thing with devfs (an other common example is ipfw and natd [those man pages are greate because if you read them close enough it tells you everything you need to know to set up a vpn router/firewall from scratch) there are a number of cases where stuff is not fully documented for stuff like this in the base system and/or ports (sysutils/fusefs-ntfs is a classic example because it fails to state that you need to export the PATH with /usr/loca/sbin on it) Bottom line 99% of the weird aspects in my rc (calling rc.d's and such) are due to incomplete documentation ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Oliver Fromme wrote: This isn't about regular expressions at all. This is about replacing fixed strings. Fixed strings are regular expressions. Pretty unexciting ones, but perfectly valid none the less. This has been your daily pedantry minute. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: best FBSD version for commercial use.
On Fri, 9 Oct 2009 15:04:42 -0400, Mikel King mikel.k...@olivent.com wrote: Recommend sticking with 7.x branch until 8.0 has been through one or two solid releases. Then you should be able to perform a csup and rebuild the world to the current version of 8.x at the time. So you would not recommend 8 (as RC1 at the state of the moment) for commercial use. Regarding your explaination, I do understand this. It's often mentioned that x.0 releases aren't that good. But allow me a follow-up question: Is 8.0-RC1 already recommendable for a home desktop, or would 7.2 be the version of choice? I'm asking this because of the many improvements especially the USB subsystem has gotten in 8 which would be important for the plug and play experience for USB devices... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Lars Eighner wrote: On Fri, 9 Oct 2009, Warren Block wrote: That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. Because sed is stable and perl is getting all OO and flaky. Sed will work like sed for so long as there are unix-like systems. It is not clear that perl is going to continue to work. What utter tosh. Perl's Object Oriented features have been in place for years and, believe it or not, perl programs written for Perl 4 still continue to work with little or no modification under the very latest perl release, right alongside the stuff written yesterday that uses all the very latest features. That's a damn sight better track record than almost any other actively developed language you could mention. There's nothing that forces you to program Perl in an OO style -- procedural style works just fine. You could probably make a fair stab at writing in a purely functional style (like Ocaml) if you felt that way inclined. I get very irritated with the current vogue in certain quarters for doing down Perl. So what if you personally don't like coding in Perl? No one is holding a gun to your head and making you do it. Write in what ever language suits you, but don't try and force me to conform to your prejudices. Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: best FBSD version for commercial use.
On Fri, 9 Oct 2009 18:28 -, dead_line@ wrote: Hello Gurus, Im planing to move out of my FreeBSD 4.8-R! which served me like a charm for many years. But not sure if I should go for 6.3 or 7.2 This server will be a DNS server, apache, shell accounts..php, mysql.. anything i should be aware of? Advices? Thank you. Marwan If its of any relevance to you a major service provider pairLite is upgrading all of their servers to 7.2, See attached email for details. -- ;; dataix.net!jhell 2048R/89D8547E 2009-09-30 ;; BSD since FreeBSD 4.2Linux since Slackware 2.1 ;; 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E From jh...@5p.local Thu Oct 8 15:48:05 2009 -0400 Return-Path: m...@cbs.pair.com Return-Path: m...@cbs.pair.com Received: from dimension.5p.local (localhost [127.0.0.1]) by dimension.5p.local (8.14.3/8.14.3) with ESMTP id n98K077l038552 for jh...@localhost; Thu, 8 Oct 2009 16:01:24 -0400 (EDT) (envelope-from m...@cbs.pair.com) Delivered-To: jhellent...@gmail.com Received: from gmail-pop.l.google.com [74.125.65.109] by dimension.5p.local with POP3 (fetchmail-6.3.11) for jh...@localhost (single-drop); Thu, 08 Oct 2009 16:01:24 -0400 (EDT) Received: by 10.204.77.142 with SMTP id g14cs59270bkk; Thu, 8 Oct 2009 12:48:07 -0700 (PDT) Received: by 10.90.128.9 with SMTP id a9mr875658agd.117.1255031286234; Thu, 08 Oct 2009 12:48:06 -0700 (PDT) Received: from cbs.pair.com (cbs.pair.com [66.39.3.3]) by mx.google.com with SMTP id 33si516696iwn.123.2009.10.08.12.48.05; Thu, 08 Oct 2009 12:48:06 -0700 (PDT) Received-SPF: pass (google.com: domain of m...@cbs.pair.com designates 66.39.3.3 as permitted sender) client-ip=66.39.3.3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of m...@cbs.pair.com designates 66.39.3.3 as permitted sender) smtp.mail=m...@cbs.pair.com Received: (qmail 87941 invoked by uid 0); 8 Oct 2009 19:48:05 - Date: 8 Oct 2009 19:48:05 - Message-ID: 20091008194805.87939.qm...@cbs.pair.com From: pairLite Support supp...@pairlite.com To: jhellent...@gmail.com Subject: Server Upgrade X-Bogosity: Ham, tests=bogofilter, spamicity=0.313408, version=1.2.0 X-IMAPbase: 1255121849 1 Status: R X-Status: X-Keywords: X-UID: 1 Hello, This message is from pair Networks -- your Web site hosting provider. Your Web hosting server is scheduled to be upgraded within the next two weeks. Details about the upgrade are available here: http://www.pairlite.com/support/72-upgrade.html This notice relates to the upgrade of www6.pairlite.com on Wednesday, October 14, 2009. If you have any comments or questions about the upgrade, please contact supp...@pairlite.com. If you encounter any problems with your Web hosting account as a result of the upgrade, please contact urg...@pairlite.com right away. Thank you for your business and continued support! The pairLite Support team http://www.pairlite.com/support/ pair Networks, Inc. supp...@pairlite.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
On Fri, Oct 9, 2009 at 8:28 PM, Marwan Sultan dead_l...@hotmail.com wrote: Hello Gurus, Im planing to move out of my FreeBSD 4.8-R! which served me like a charm for many years. But not sure if I should go for 6.3 or 7.2 This server will be a DNS server, apache, shell accounts..php, mysql. I would definitely go with a 7.2 install (until 8.0 is marked as production ready by the fBSD dev team). And if you're running on half reasonably modern hardware go with the AMD64 port. Uhm just one piece of advice though, 4.8R was released in 2003 and support for that release was ended YEARS ago. Security updates for fBSD 4.x were ended in November 2006 and you're machine has been vulnerable since. Frankly its a wonder that is hasn't been ripped to shreds and used for any number of malevolent tasks. Keeping fBSD up to date isn't a very difficult task and I would suggest that you invest the time in this task. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: / almost out of space just after installation
On Fri, 9 Oct 2009 17:28:09 +0200 (CEST) Oliver Fromme o...@lurza.secnetix.de wrote: Randi Harper wrote: / = 1GB /var = 2GB /tmp = 2GB Depending on the size of installed RAM, /tmp could also be a memory disk by default. I don't see why it should depend on the amount of RAM, since it would normally be swap-backed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
On Fri, 9 Oct 2009, Polytropon wrote: On Fri, 9 Oct 2009 15:04:42 -0400, Mikel King mikel.k...@olivent.com wrote: Recommend sticking with 7.x branch until 8.0 has been through one or two solid releases. Then you should be able to perform a csup and rebuild the world to the current version of 8.x at the time. So you would not recommend 8 (as RC1 at the state of the moment) for commercial use. Regarding your explaination, I do understand this. It's often mentioned that x.0 releases aren't that good. But allow me a follow-up question: Is 8.0-RC1 already recommendable for a home desktop, or would 7.2 be the version of choice? I'm asking this because of the many improvements especially the USB subsystem has gotten in 8 which would be important for the plug and play experience for USB devices... 8.0 also has the ability to run www/linux-f10-flashplugin10. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
2009/10/9 Polytropon free...@edvax.de: On Fri, 9 Oct 2009 15:04:42 -0400, Mikel King mikel.k...@olivent.com wrote: Recommend sticking with 7.x branch until 8.0 has been through one or two solid releases. Then you should be able to perform a csup and rebuild the world to the current version of 8.x at the time. So you would not recommend 8 (as RC1 at the state of the moment) for commercial use. Regarding your explaination, I do understand this. It's often mentioned that x.0 releases aren't that good. 8.0 seems to be that good, but businesses who make their money from their computers should probably be conservative. Also, the upgrade path for 7.x to 8.x is amusingly painless, so being safe has a very low cost here. But allow me a follow-up question: Is 8.0-RC1 already recommendable for a home desktop, or would 7.2 be the version of choice? I'm asking this because of the many improvements especially the USB subsystem has gotten in 8 which would be important for the plug and play experience for USB devices... I have been using 8-CURRENT since February updating from source once or twice a week. I am without trepidation in asserting that it is frankly the best release of FreeBSD I have used. Assuming that something horrible doesn't happen between RC1 RELEASE (asteroid strike, second coming of John Holmes, land war in Asia) I wouldn't fear the *.0 syndrome. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Security blocking question
Hi, The production server that has a public IP address has SSH enabled. This server is continuously under dictionary attack: Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91 Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91 Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91 Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91 Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91 Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91 Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91 Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91 Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91 Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91 Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91 Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91 Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91 Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91 Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91 Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91 Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security blocking question
On Fri, Oct 9, 2009 at 4:45 PM, Aflatoon Aflatooni aaflato...@yahoo.comwrote: Hi, The production server that has a public IP address has SSH enabled. This server is continuously under dictionary attack: Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91 Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91 Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91 Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91 Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91 Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91 Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91 Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91 Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91 Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91 Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91 Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91 Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91 Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91 Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91 Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91 Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. Thanks /usr/ports/security/denyhosts -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security blocking question
On Fri, Oct 09, 2009 at 02:45:51PM -0700, Aflatoon Aflatooni wrote: [...] Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. If there are only a handful, then I'd suggest that you put a whitelist of IP addresses in your firewall config. -- Jonathan Chen j...@chen.org.nz -- A little learning is a dangerous thing but a lot of ignorance is just as bad. - Bob Edwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security blocking question
On Fri, Oct 9, 2009 at 5:45 PM, Aflatoon Aflatooni aaflato...@yahoo.com wrote: Hi, The production server that has a public IP address has SSH enabled. This server is continuously under dictionary attack: Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91 Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91 Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91 Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91 Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91 Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91 Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91 Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91 Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91 Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91 Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91 Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91 Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91 Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91 Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91 Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91 Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. Thanks I don't think OpenSSH has this feature. You would have to look to a firewall solution for this (I recommend PF). There is also software in the ports collection that I've heard of to help this problem. I've never used any of them, but fail2ban seems to be a popular one. I would also recommend using a non-standard SSH port if possible. It would cut down on the bot spam considerably. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Security blocking question
I might also add, if it's only a handful that have legitimate access requirements, maybe black hole all ip's from locations (countries, etc.) they'll never be in. We see a lot of bad traffic from well, certain countries and we simply null route them. Or if I feel like playing a bit I'll route them to a tar-pit and honey pot just to see what they do. Pretty entertaining sometimes! :) -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Adam Vande More Sent: Friday, October 09, 2009 4:48 PM To: Aflatoon Aflatooni Cc: freebsd-questions@freebsd.org Subject: Re: Security blocking question On Fri, Oct 9, 2009 at 4:45 PM, Aflatoon Aflatooni aaflato...@yahoo.comwrote: Hi, The production server that has a public IP address has SSH enabled. This server is continuously under dictionary attack: Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91 Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91 Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91 Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91 Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91 Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91 Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91 Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91 Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91 Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91 Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91 Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91 Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91 Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91 Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91 Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91 Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. Thanks /usr/ports/security/denyhosts -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security blocking question
Aflatoon Aflatooni wrote: Hi, The production server that has a public IP address has SSH enabled. This server is continuously under dictionary attack: Oct 8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91 Oct 8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91 Oct 8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91 Oct 8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91 Oct 8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91 Oct 8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91 Oct 8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91 Oct 8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91 Oct 8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91 Oct 8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91 Oct 8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91 Oct 8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91 Oct 8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91 Oct 8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91 Oct 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91 Oct 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91 Is there a way that I could configure the server so that if there are for example X attempts from an IP address then for the next Y hours all the SSH requests would be ignored from that IP address? There are only a handful of people who have access to that server. Yes. In pf.conf: table ssh-bruteforce persist [...] block drop in log quick on $ext_if from ssh-bruteforce [...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) plus you'll need to add a cron job to clear old entries out of the ssh-bruteforce table after a suitable amount of time has passed. Use expiretable to do that. Note: in practice I've found that it's a *really good idea* to implement a SSH whitelist of addresses that will never be bruteforce blocked like this -- it's very easy to lock yourself out even if everything you're doing is entirely legitimate. Coding that is left as an exercise for the reader. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Error Compiling qt4-dbus
Running AMD64 7.2-STABLE src kernel upto date an trying to get ports updated when encountering the below issue which is now affecting a lot of programs.. cd /usr/ports/devel/dbus-qt4/work/qt-x11-opensource-src-4.5.2/./tools/qdbus/qdbus make first c++ -c -O2 -fno-strict-aliasing -pipe -O2 -Wall -W -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_XML_LIB -DQT_CORE_LIB -DQT_SHARED -I/usr/local/share/qt4/mkspecs/freebsd-g++ -I. -I../../../include/QtCore -I../../../include/QtXml -I../../../include -I../../../include/QtDBus -I.moc/release-shared -I/usr/local/include -o .obj/release-shared/qdbus.o qdbus.cpp g++ -Wl,-O1 -pthread -Wl,-rpath,/usr/local/lib/qt4 -Wl,-rpath,/usr/local/lib/qt4 -o ../../../bin/qdbus .obj/release-shared/qdbus.o-L/usr/local/lib/qt4 -L/usr/ports/devel/dbus-qt4/work/qt-x11-opensource-src-4.5.2/lib -L/usr/local/lib -lQtDBus -L/usr/local/lib/qt4 -L/usr/local/lib -pthread -pthread -pthread -pthread -pthread -pthread -lQtXml -pthread -pthread -lQtCore -lz -lm -pthread -lgthread-2.0 -lglib-2.0 -liconv .obj/release-shared/qdbus.o(.text+0xdc): In function `printArg(QVariant const)': : undefined reference to `QDBusUtil::argumentToString(QVariant const)' *** Error code 1 Stop in /usr/ports/devel/dbus-qt4/work/qt-x11-opensource-src-4.5.2/tools/qdbus/qdbus. *** Error code 1 Stop in /usr/ports/devel/dbus-qt4/work/qt-x11-opensource-src-4.5.2/tools/qdbus/qdbus. *** Error code 1 Stop in /usr/ports/devel/dbus-qt4/work/qt-x11-opensource-src-4.5.2/tools/qdbus. *** Error code 1 Stop in /usr/ports/devel/dbus-qt4. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security blocking question
- Original Message From: Gary Gatten ggat...@waddell.com To: Adam Vande More amvandem...@gmail.com; Aflatoon Aflatooni aaflato...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Fri, October 9, 2009 5:53:10 PM Subject: RE: Security blocking question I might also add, if it's only a handful that have legitimate access requirements, maybe black hole all ip's from locations (countries, etc.) they'll never be in. We see a lot of bad traffic from well, certain countries and we simply null route them. Or if I feel like playing a bit I'll route them to a tar-pit and honey pot just to see what they do. Pretty entertaining sometimes! :) My experience has been that honeypot is good to catch internal hackers. I have also noticed that we get dictionary attacks from zombies in North America. I have managed to capture a Perl script that they use and it just retransmits the command from the IP of the server that have the Perl script installed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
On Oct 9, 2009, at 3:40 PM, Polytropon wrote: On Fri, 9 Oct 2009 15:04:42 -0400, Mikel King mikel.k...@olivent.com wrote: Recommend sticking with 7.x branch until 8.0 has been through one or two solid releases. Then you should be able to perform a csup and rebuild the world to the current version of 8.x at the time. So you would not recommend 8 (as RC1 at the state of the moment) for commercial use. Regarding your explaination, I do understand this. It's often mentioned that x.0 releases aren't that good. But allow me a follow-up question: Is 8.0-RC1 already recommendable for a home desktop, or would 7.2 be the version of choice? I'm asking this because of the many improvements especially the USB subsystem has gotten in 8 which would be important for the plug and play experience for USB devices... Well the general rule of thumb has always been that unless you NEED a feature of the newest version it is best to continue running the existing stable release on your mission critical production boxes. Once the current release is passed the initial .0 stage most feel it is safe to adopt it in a production environment. Sometimes this may take a little longer than expected, but I would wait until 8.1 before I put it on my mission critical production boxes. Cheers, Mikel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Automated login, X and xdm
Dear list, in order to do something that I haven't done for many years, I'd like to have some suggestions or pointers if I do it right. It's a strange, but still typical idea. :-) Here's the problem: A FreeBSD workstation should run X for a specified user after system startup. If the user logs out, he should not drop to CLI mode; instead, an xdm login should be shown to allow him (or someone else) to log in and use X. In the past, I created the auto-login as follows: First, I create an entry in /etc/gettytab, right after the default: entry; it contains the al= definition for auto-login as explained in man 5 gettytab. The name of the user is USER in this example; in fact, is is a valid username on the system: autologin:\ :al=USER:tc=Pc: Then I change the getty argument from Pc to autologin in /etc/ttys: ttyv0 /usr/libexec/getty autologin cons25l1 on secure This automatically logs in the user USER specified as above. In order to start X when he logs in, I put the following lines in his ~/.login: #!/bin/sh mesg y [ ! -f /tmp/.X0-lock ] startx The user's shell is the C-Shell, so it works. I see the upcoming problem: If a user already started X, then xdm cannot start (as usually done by setting on for xdm in /etc/ttys). My idea would be to do something like this into the user's ~/.login file: #!/bin/sh mesg y # very first start of X at (automatic) login # this line will fail if X is already running, but # start it if not [ ! -f /tmp/.X0-lock ] startx # after leaving X, xdm should be started, but not if # it's already running [ ! -f /tmp/.X0-lock ] sudo xdm # after xdm is started, dialog mode is back, so the # last entry quits any session after exiting from X logout Normally, there would be the following setting to only run xdm, without autologin, in /etc/ttys: ttyv8 /usr/local/bin/xdm -nodaemon xterm on secure But this interferes with the autologin, right? What is the usual way to go? Is there something more elegant? How about exec startx? Thanks for your ideas and time! -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
2009/10/9 Mikel King mikel.k...@olivent.com On Oct 9, 2009, at 3:40 PM, Polytropon wrote: On Fri, 9 Oct 2009 15:04:42 -0400, Mikel King mikel.k...@olivent.com wrote: Recommend sticking with 7.x branch until 8.0 has been through one or two solid releases. Then you should be able to perform a csup and rebuild the world to the current version of 8.x at the time. So you would not recommend 8 (as RC1 at the state of the moment) for commercial use. Regarding your explaination, I do understand this. It's often mentioned that x.0 releases aren't that good. But allow me a follow-up question: Is 8.0-RC1 already recommendable for a home desktop, or would 7.2 be the version of choice? I'm asking this because of the many improvements especially the USB subsystem has gotten in 8 which would be important for the plug and play experience for USB devices... Well the general rule of thumb has always been that unless you NEED a feature of the newest version it is best to continue running the existing stable release on your mission critical production boxes. Once the current release is passed the initial .0 stage most feel it is safe to adopt it in a production environment. Sometimes this may take a little longer than expected, but I would wait until 8.1 before I put it on my mission critical production boxes. Cheers, Mikel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org definitely stay away from the 6.x branch now that 7.x is very stable. Apart from it been out of date I found 6 had quite a few serious performance issues on SMP systems for quite a few applications. 7 generally rocks, and 8 looks even better, however isn't quite there yet. I have seen a few issues on the usb stack. I'm sure these will get fixed shorty however I wouldnt want to use it in production quite yet ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: for perl wizards.
Lars Eighner wrote: On Fri, 9 Oct 2009, Warren Block wrote: On Fri, 9 Oct 2009, Oliver Fromme wrote: Gary Kline kl...@thought.org wrote: Whenever I save a wordpeocessoe file [OOo, say] into a text file, I get a slew of hex codes to indicate the char to be used. I'm looking for a perl one-liner or script to translate hex back into ', , -- [that's a dash), and so forth. Why does this fail to trans the hex code to an apostrophe? perl -pi.bak -e 's/\xe2\x80\x99/'/g' You need to escape the inner quote character, of course. I think sed is better suited for this task than perl. That's twice now people have suggested sed instead of perl. Why? For many uses, perl is a better sed than sed. The regex engine is far more powerful and escapes are much simpler. Because sed is stable and perl is getting all OO and flaky. Sed will work like sed for so long as there are unix-like systems. It is not clear that perl is going to continue to work. Given that it seems as though you do know what you are doing (which makes me believe that you actually have the ability to provide valuable input), why would you be so negative? You have the answers. Why not use your energy in sharing it with a positive spin? Steve ps. 'twas tough resisting feeding the troll regarding the Perl comments. However, those who use it know the truth, and those who haven't will eventually learn the truth. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
text2html ?
I had a contractor uppgrade a freebsd machine a while back. Now I am finding things that did not get done corectly. The latest is that I have some other machines that create text files copy them over to this machine, and put them iin the webservers space. Looks like in the past, these files were procesed by /usr/local/bin/text2html, which O would almost certainly have installed from a port. But, I cannot seem to find this port. Can anyone sugest either where I can find this utlity, or what I might use as an alternative? The text files to process are very simple reports of system statistics. Thanks for any ideas. -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: text2html ?
On Fri, 9 Oct 2009 19:19:54 -0400, stan st...@panix.com wrote: Can anyone sugest either where I can find this utlity, or what I might use as an alternative? The text files to process are very simple reports of system statistics. Maybe this is usable for you: Port: txt2html-2.45 Path: /usr/ports/textproc/txt2html Info: Convert raw text to something with a little HTML formatting Port: html-pretty-1.01 Path: /usr/ports/textproc/html-pretty Info: HTML and SGML prettyprinter and text-to-HTML/SGML converter Port: htmlise-0.2 Path: /usr/ports/textproc/htmlise Info: Formats plain text as HTML Result of % cd /usr/ports % make search name=html | less then /text and some /. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security blocking question
On Oct 9, 2009, at 11:56 PM, Matthew Seaman wrote: plus you'll need to add a cron job to clear old entries out of the ssh-bruteforce table after a suitable amount of time has passed. Use expiretable to do that. I believe that security/expiretable is superfluous nowadays since pfctl supports the -T expire directive. Best wishes, Svante Kvarnström Mob.: +46 702 38 34 00 PGP.sig Description: This is a digitally signed message part
Re: / almost out of space just after installation
On Thu, 8 Oct 2009 23:39:58 -0700, Randi Harper ra...@freebsd.org said: R I was thinking that a more acceptable default layout (leaving swap at R it's current default size) would be: R / = 1GB R /var = 2GB R /tmp = 2GB I usually create something like this: / = 200M /usr = 8G /var = 2G /stage = 8G /home = everything else * Root stays small, so I can have backup root partitions all over without feeling guilty about wasting space. * /tmp is a limited-size memory disk. * /usr and /var are on separate partitions, preferably on different drives so I'm not seeking all over creation if /, /usr, and /var are busy. Also, filling up /usr/tmp or /var/log will be annoying but not critical. * /stage is a staging area, usually for backups to another host. I put it on a different drive than /home, so I don't compete too much with my users when, say, doing hourly backups: # cd /home # find . -newer /last/bkup -depth -print | pax -x cpio -wd | bzip2 -c /stage/bkup.bz2 # touch /last/bkup # su bkup -c 'scp -c arcfour /stage/bkup.bz2 remote:/some/place' Could we also have some nicer defaults for /etc/fstab? # Device MountFStype Options Dump Pass # - /dev/ad0s1a /ufsrw 11 devfs/dev devfs rw 00 fdescfs /dev/fd fdescfsrw 00 proc /procprocfs rw 00 md /tmp mfsrw,-s512m 20 /dev/ad0s1b none swap sw 00 # /dev/ad0s1d /usr ufsrw,noatime,snapshot 22 /dev/ad0s1e /var ufsrw,noatime,snapshot 22 /dev/ad0s1f /homeufsrw,noatime,nosuid,snapshot 22 # # CD/DVD: #/dev/acd0/cdrom cd9660 ro,noauto 00 # # CD/DVD/RW: #/dev/cd0 /cdrom cd9660 ro,noauto 00 # - -- Karl Vogel I don't speak for the USAF or my company A society that champions freedom of religion but at the same time countenances state regulation of education has a great deal of explaining to do. --James R. Otteson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
Marwan Sultan wrote: Im planing to move out of my FreeBSD 4.8-R! which served me like a charm for many years. But not sure if I should go for 6.3 or 7.2 This server will be a DNS server, apache, shell accounts..php, mysql.. IMHO, i think that you should wait until 8.0-R out. Sincerely, -- Byung-Hee HWANG ∑ WWW: http://izb.knu.ac.kr/~bh/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Automatic chmod
From: Victor Subervi victorsube...@gmail.com
Subject: Re: Automatic chmod
To: mahle...@yahoo.com, freebsd-questions@freebsd.org
Date: Friday, October 9, 2009, 11:20 AM
User? I only have one user on this shared server. Here's the code:
#!/usr/local/bin/python
import cgitb; cgitb.enable()
import MySQLdb
import cgi
import sys,os
sys.path.append(os.getcwd())
from login import login
user, passwd, db, host = login()
form = cgi.FieldStorage()
picid = int(form['id'].value)
x = int(form['x'].value)
pics = {1:'pic1',2:'pic2',3:'pic3',4:'pic4',5:'pic5',6:'pic6'}
pic = pics[x]
db = MySQLdb.connect(host=host, user=user, passwd=passwd, db=db)
cursor= db.cursor()
sql = select + pic + from productsX where id=' + str(picid) + ';
cursor.execute(sql)
content = cursor.fetchall()[0][0].tostring()
cursor.close()
print '''Content-Type: text/plain
Content-Encoding: base64
'''
print
print content.encode('base64')
I finally got to where I could test this. I'm no Python expert (in fact, this
was the first time I've touched it), but your code, with heavy modifications to
slim it to something that can run on my system, seems to be mostly OK. Here's
the code I ended up with:
**
#!/usr/local/bin/python
import cgitb; cgitb.enable()
import MySQLdb
import cgi
import sys,os
sys.path.append(os.getcwd())
user=root
passwd=
db=mysql
host=localhost
form = cgi.FieldStorage()
db = MySQLdb.connect(host=host, user=user, passwd=passwd, db=db)
cursor= db.cursor()
sql = select User from user;
cursor.execute(sql)
content = cursor.fetchall()
cursor.close()
print '''Content-Type: text/plain
Content-Encoding: base64
'''
print
print content
**
That all seems to work as I would expect and gives not unreasonable output.
Not that I know it's correct or what's needed, but it seems to print what you'd
think it would.
Can you try running a test script that does, Oh, say, something like the below
to see if it works? (AGAIN, I don't know python AND I'm not testing this, just
hand-writing it so excuse my code!)
#!/usr/local/bin/python
print '''Content-Type: text/plain
'''
print Hopefully this works
At this point, I really haven't much more to go on. The above may pinpoint
what sort of permissions issue it is. Besides, if it works, you could slowly
add in lines from your previous example until you find the offending line...
Also, If you haven't already done so, you may want to try posting in some
python help forums or something. This doesn't have the feel of a FreeBSD
specific problem, so there's bound to be other Python folks who've hit this and
solved it before.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: text2html ?
-Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of stan Sent: Friday, October 09, 2009 6:20 PM To: Free BSD Questions list Subject: text2html ? I had a contractor uppgrade a freebsd machine a while back. Now I am finding things that did not get done corectly. The latest is that I have some other machines that create text files copy them over to this machine, and put them iin the webservers space. Looks like in the past, these files were procesed by /usr/local/bin/text2html, which O would almost certainly have installed from a port. But, I cannot seem to find this port. Can anyone sugest either where I can find this utlity, or what I might use as an alternative? The text files to process are very simple reports of system statistics. Thanks for any ideas. pa...@utd65257# cd /usr/ports/ pa...@utd65257# make search name=text2html pa...@utd65257# make search name=txt2html Port: txt2html-2.51 Path: /usr/ports/textproc/txt2html Info: Convert raw text to something with a little HTML formatting Maint: jada...@freebsd.org B-deps: p5-ExtUtils-CBuilder-0.24 p5-ExtUtils-ParseXS-2.19 p5-Getopt-ArgvFile-1.11 p5-Module-Build-0.30 p5-YAML-0.68 p5-YAML-Syck-1.05 perl-5.8.9 R-deps: p5-ExtUtils-CBuilder-0.24 p5-ExtUtils-ParseXS-2.19 p5-Getopt-ArgvFile-1.11 p5-Module-Build-0.30 p5-YAML-0.68 p5-YAML-Syck-1.05 perl-5.8.9 WWW:http://txt2html.sourceforge.net/ Paul Schmehl (pschmehl_li...@tx.rr.com) In case it isn't already obvious, my opinions are my own and not those of my employer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: best FBSD version for commercial use.
My 2 cents, as far as I know 7.1 will be maintained longer than 7.2 according to the freebsd.org website. That is, security fixes will be rolled out for 7.1 a while after 7.2 reaches End Of Life. That made me decide to go with 7.1 when I had to make the switch from 7.0 a few months ago. 8.0 was not out at that time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
