Re: nss_ldap and the linuxulator
Hi, if you look at the message of the linux base port, you will see that this part is discussed there. FreeBSD does not come with ldap by default, so does the linux base port. So far nobody complained loudly about the lack of a nss ldap port for the linuxulator, and nobody felt the pressure to create such a port and talk about it on the emulation list. Anyone who uses ldap in the linuxulator is free to create a corresponding port, quesions in case of problems creating such a port can be asked on the emulation mailinglist. Bye, Alexander. -- Send via an Android device, please forgive brevity and typographic and spelling errors. per...@pluto.rain.com hat geschrieben:Forwarding to emulation@, which is where the linuxulator gurus hang out (AFAIK). Please keep Da Rock in the Cc: Date: Mon, 02 Jan 2012 21:59:57 +1000 From: Da Rock To: freebsd-questions@freebsd.org Subject: nss_ldap and the linuxulator I've just run into this snag again which I've resolved back in 7.x/8.1: the linuxulator cannot handle nss lookups from ldap. I ran a search for nss_ldap fedora 10 and simply extracted from the rpm the libnss_ldap*.so* in the usr/lib into the corresponding directory under /compat/linux. One then only has to copy or setup the ldap.conf in /compat/linux/etc/ and change /compat/linux/etc/nsswitch.conf so the it will check files and ldap as in the base. It works a charm when you have issues like the missus with acroread and others not working inexplicably. Run acroread from the command line will give you the clue: getpwuid_r(): failed due to unknown user id. This solution does fix this categorically. I hope this helps others, but I do have one question: why isn't this included in the ports already? I still haven't yet figured out cups and printer selection yet, but I have made some progress... :) Cheers ___ freebsd-emulat...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-emulation To unsubscribe, send any mail to "freebsd-emulation-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Skype with sound and video support :)
On Tue, 17 May 2011 09:01:41 -0700 "Kevin Oberman" wrote: > Please put the information in this message (or at least most of it) > into ports/UPDATING so a few less people running old kernels will be > bitten by the installation of the new Skype port. And what about a wiki page? This way we can extend it in case something important is uncovered. Bye, Alexander. -- http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8.0: how to exchange order of recognized HDA devices?
Quoting "O. Hartmann" (from Wed, 13 May 2009 07:34:56 +): The problem occured after the installation of an ATI HD4670 graphics board, on which one can find an additional HDA device found by the kernel before the on-board HDA device is found. So many clients, like vlc, mplayer etc. do have problems - they either play no sound through the usual pathways (via on-board soundcard/chip and the attached speakerset and/or headphones). I see 4 mixer-devices: mixer0 through mixer3. mixer0 seems to be attached to the graphics-card, mixer1 shows the usual devices I recognize and mixer 2 and 3 are unknown to me, they show up only 2 facilities. To make things simple: is there a way to change order of the found HDA controller? No, but you can do sysctl hw.snd.default_unit=1 or an appropriate line in /etc/sysctl.conf instead. Bye, Alexander. -- Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: snd_hda questions
Quoting Jimmie James (from Mon, 16 Mar 2009 19:08:52 -0400): With the recent snd_hda changes, I have more audio devices than ever: hdac0: HDA Codec #0: Realtek ALC880 pcm0: at cad 0 nid 1 on hdac0 pcm1: at cad 0 nid 1 on hdac0 pcm2: at cad 0 nid 1 on hdac0 pcm3: at cad 0 nid 1 on hdac0 The new HDA code supports more stuff of your HDA soundchip. As you can see above you have controls for digital output (and maybe input) at pcm0. With hw.snd.default_unit=1 I have (adjusting vol and pcm changes volume level here.) Mixer vol is currently set to 55:55 Mixer pcm is currently set to 50:50 Mixer mix is currently set to 0:0 Here you have probably the line-in and line-out jacks for analog data. With hw.snd.default_unit=2 I have (adjusting vol and pcm does nothing here, 0:0 or 100:100 nothing changes) Mixer vol is currently set to 0:0 Mixer pcm is currently set to 0:0 Mixer mic is currently set to 0:0 Mixer mix is currently set to 60:60 Mixer rec is currently set to 0:0 Recording source: mic The new code knows about front-jacks and rear-jacks, is able to play on multiple channels (think about discrete home cinema surround sound like 5.1 or 7.1). What the above (and below refers to, I don't know, you don't give enough info). With hw.snd.default_unit=3 I have Recording source: Mail notification sounds from Thunderbird are barely audible, and I can't control the volume for it. Can someone point me in the right direction to control/use the different pcm* devices, the man pages aren't totally clear to me. You could look at /dev/sndstat (AFAIK the color codes of the jack are listed there, but I'm not sure about this) and the verbose bootmessage (boot -v), they give more information. You also need to test your loudspeakers/headphone/whatever on each jack for each pcm device. If the sound still does not work as expected with a recent version of FreeBSD, you need to send the (HDA) messages from a verbose boot to this list with a description of what does not work as expected. Bye, Alexander. -- Never go to a doctor whose office plants have died. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RTLD changes for non-native system (was: Re: Why does adding /usr/lib32 to LD_LIBRARY_PATH break 64-bit ?binaries?)
Quoting Daniel O'Connor <[EMAIL PROTECTED]> (from Tue, 28 Oct 2008 10:18:10 +1030): On Tuesday 28 October 2008 01:31:16 M. Warner Losh wrote: In message: <[EMAIL PROTECTED]> Oliver Fromme <[EMAIL PROTECTED]> writes: : Daniel O'Connor wrote: : > On Friday 24 October 2008 23:20:59 Peter Jeremy wrote: : > > > this will make system trying to bind 32-bit libs to 64-bit : > > > program. it can't work : > > : > > rtld shouldn't attempt to bind 32-bit libs to 64-bit programs. : > : > The same problem happens with the Linux run time linker - it merrily : > tries to link FreeBSD libraries to Linux binaries with predictable : > results.. : : You *can* link Linux libraries with FreeBSD binaries (and : vice versa), if the library does not perform any syscalls, : e.g. it is a pure computation library or similar. : : > That said it would be really nice if it ignored incompatible libraries : > :) : : No. Please don't put such pseudo-cleverness into rtld. : It wouldn't be an improvement, in fact it might break some : working configurations. Yes. I have a bunch of printer drivers that I've used that link in linux shared libraries... They are in ports... Good point.. The problem is really the Linux linker - it will find a FreeBSD library and try and use it ahead of a Linux one later in the search path - this prevents stuff working :) I have this exact problem with libfontconfig and Xilinx ISE. Perhaps instead of ignore, use last.. But then it doesn't really matter for the FreeBSD linker - I imagine I would have to convince Linux folks it's a good idea. Please ignore for a moment that we are not talking about changing the FreeBSD RTLD anymore: Would it make sense (for us and/or for GNU) to first search for libs for the current system and if none are found to try the others? Bye, Alexander. -- There is hardly a thing in the world that some man can not make a little worse and sell a little cheaper. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Low/Jerky performance in FreeBSD 7
Quoting Vince Hoffman <[EMAIL PROTECTED]> (from Mon, 19 May 2008 22:45:29 +0100): Yani Brankov wrote: Hey guys, Hi I recently updated to FreeBSD 7 and noticed that my box started to perform as windows does under heavier loads. The mouse starts to be Which scheduler? ULE or BSD? Try the other one you use currently. Bye, Alexander. -- Gleemites, n.: Petrified deposits of toothpaste found in sinks. -- Rich Hall & Friends, "Sniglets" http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: (S)ATA performance in FBSD 6.2/7.0
Quoting Cheffo <[EMAIL PROTECTED]> (from Fri, 02 Mar 2007 13:38:45 +0200): Hi, Ted Mittelstaedt wrote: - Original Message - From: "O. Hartmann" <[EMAIL PROTECTED]> To: ; Sent: Friday, March 02, 2007 1:38 AM Subject: (S)ATA performance in FBSD 6.2/7.0 The last days I tried to figure out why some of my lab's FreeBSD boxes and also mine at home seem to be outperformed by some Linux setups around here and I saw something interesting. blah blah blah deleted Before digging into this problem deeper with benchmarks, could anyone explain why FreeBSD reaches this 33 MB/s limit (sounds like UDMA 33 man mount read section on "async" linux by default mounts async freebsd by default mounts sync you can change FBSD to async then watch your fs scramble during a power failure no big deal, it's only your data. Ted If SYNC is default how can you explain this: [12:[EMAIL PROTECTED]:~# mount /dev/ad4s3a on / (ufs, local, synchronous) devfs on /dev (devfs, local) /dev/ad4s3d on /tmp (ufs, local, soft-updates) /dev/ad4s3f on /usr (ufs, local, soft-updates) /dev/ad4s3e on /var (ufs, local, soft-updates) [...] So I'm pretty sure that for type ufs async is default. Both of you are wrong. By default "noasync" is used. This is different from sync and async. Feel free to look up the difference. Also I do not see why sync should report different speeds for copy and benchmark tools if they do the same thing? Because cp may behave differently than the tools used to benchmark. A dd may be more portable in this case. Just to be sure I added to my /tmp entry async in /etc/fstab: /dev/ad4s3d /tmpufs rw,async 2 2 umounted and mounted again and still have: /dev/ad4s3d on /tmp (ufs, local, soft-updates) IIRC when SU is used, async is not used even if specified. But I' not sure about this. Asides from the linux async-by-default there's maybe also the write-cache-off penalty in FreeBSD. But I'm not sure it is off by default. I disable the WC myself in loader.conf everywhere to be on the safe side and I don't feel like experimenting ATM (I'm ill in bed). If the same conditions are tested in FreeBSD and linux (which is not easy, as we don't share a common FS implementation, even when we support the same FS type) and the sync/async and WC related stuff can be ruled out, it may be a problem in the (S)ATA code and it would be nice if we would know about this. So please dig deeper into this (it can also be a problem with our cp or GEOM or whatever). Bye, Alexander. -- "I heard one time you single-handedly defeated a hoard of rampaging of somethings in the something something system." -Fry http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Creative Sound Blaster X-Fi Xtreme Audio
Quoting "O. Hartmann" <[EMAIL PROTECTED]> (from Tue, 13 Feb 2007 14:57:56 +0100): All right, then the question shouldn't be lined up on snd_emu10kx, I saw that this type of soundcard utilize the CMedia CMI8738 chipset and there is already a driver called snd_cmi. The big, bad, ugly question is: will FreeBSD 7.0-CURRENT support any of the X-Fi soundcards from creative? No. Creative doesn't provide docs for any product. At the moment, I have onboard sound (which is boring) and Soundblaster Audigy SE, which is NOT supported by FreeBSD 7 and OSS driver for amd64 crashes the box - so need alternatives. There are some options: - usb audio device (I have one from Creative) - envy24 based one * http://www.freebsd.org/cgi/man.cgi?query=snd_envy24&apropos=0&sektion=0&manpath=FreeBSD+7-current&format=html * http://www.freebsd.org/cgi/man.cgi?query=snd_envy24ht&apropos=0&sektion=0&manpath=FreeBSD+7-current&format=html - an used one Bye, Alexander. -- It isn't whether you win or lose, it's how much money you end up with. -- Jack T. Shakespeare http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bugzilla instead of current problem system for bugs and features?
Quoting Abdullah Al-Marrie <[EMAIL PROTECTED]> (from Thu, 4 Jan 2007 10:27:49 +0300): Why not use bugzilla for bugs and feature requests? isn't easier and more organized than current problem system? We are evaluating our options: http://wiki.freebsd.org/Bugtracking Bye, Alexander. -- The warning message we sent the Russians was a calculated ambiguity that would be clearly understood. -- Alexander Haig http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: porting the RealPlayer]
Quoting Ion-Mihai Tetcu <[EMAIL PROTECTED]> (from Sun, 20 Aug 2006 21:47:15 +0300): On Sun, 20 Aug 2006 11:19:07 -0700 Matt Olander <[EMAIL PROTECTED]> wrote: Hi all, I met with a developer of the Real Player at Linux World. She says they would *love* to port a native version of the Real player to FreeBSD. Yay! She even showed me that they have an older FreeBSD dev environment set up and are ready to start to try compiling it for release after we get it up to date. Yay ! Good work :) Now we just need to convince Adobe too... We need a couple of FreeBSD experts to assist with questions/expertise/feedback to make sure this gets finished ;-) Please send me your name/email off list and I'll reply to her with a shortlist of who can help them. Since it's great to volunteer others ;-) maybe netchild@ (cc'ed) has time for this ? I don't mind helping out, if time permits. But I'm curious, why did you suggest me? Original Message [ ... ] Also, we're currently only running nightly builds for the stable branch on FreeBSD. Do you think we should be running the current branch as well? That's where all the new functionality is going - like playlists and Windows Media (ahem.. if you have a license for it). Depending on how long porting work takes, FreeBSD may want to just skip the currently released player and go for all the new technology. From our point of view it would be no problem to have both in the Ports Tree (The second as -devel). This assumes they are willing to offer beta versions for public testing instead of only building it "for personal pleasure". On a somewhat related topic, which FreeBSD build platforms are targeted? 4.x, 5.x, 6.x, -current, i386, amd64, sparc64, ...? Regarding the architecture this is more out of curiosity on my side, but for the FreeBSD versions I'm asking because we have a SoC student working on implementing parts of the new Open Sound System (OSS) API which may provide some benefits to realplayer. This code will first arrive in -current (the SoC is coming to an end, so I will commit this maybe next month... depending upon reviews and tests), but I could try to come up with a patch for 6.x as well. A list of new IOCTLs is at http://wiki.freebsd.org/RyanBeasley/ioctlref. With a patch for 6.x they could check at runtime if the IOCTLs are supported and use the new features if desired (= developing software for the features of tomorrow... ;-) ). I also want to MFC some stuff in the sound system (bug fixes and new drivers), so depending on their needs I should do that "soon" or at least provide patches to them. Bye, Alexander. -- Mulder: Modell psyched the guy out. He put the whammy on him. Scully: Please explain to me the scientific nature of the 'whammy'. "The X-Files: Pusher" http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Esound + skype...
Quoting Adi Pircalabu <[EMAIL PROTECTED]> (from Wed, 16 Aug 2006 12:23:48 +0300): [maintainer Cc-ed] On Wed, 16 Aug 2006 14:43:26 +1000 Norberto Meijome wrote: > What about > sysctl hw.snd.maxautovchans= > where is the number of programs you want to allow to play at > the same time. ahhh.. magic :) I remembered something like this, but I thought it was solely due to a sound daemon. Well, in this case, how about writing few notes about these sysctl tunables in net/skype/pkg-descr? Ionut, is it worthy? AFAIK it is described in the handbook, and if it isn't it should be. So it's not something to put into any pkg-descr. Bye, Alexander. -- The pollution's at that awkward stage. Too thick to navigate and too thin to cultivate. -- Doug Sneyd http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Esound + skype...
Quoting Norberto Meijome <[EMAIL PROTECTED]> (Tue, 15 Aug 2006 23:20:26 +1000): > $ esddsp skype > ERROR: ld.so: object '/usr/local/lib/libesddsp.so' from LD_PRELOAD cannot be > preloaded: ignored. > ERROR: ld.so: object '/usr/local/lib/libesd.so' from > LD_PRELOAD cannot be preloaded: ignored. This is because esddsp just load a lib to the program you specify. Since you are calling the FreeBSD native esddsp, you try to add the FreeBSD native lib to the linux skype. This doesn't work. > I then tried audio/linux-esound, (and had to install audio/linux-alsa-lib > too), > but it seems /compat/linux/usr/bin/esd cannot find the sound device: > > > $ /usr/compat/linux/usr/bin/esd > ALSA lib confmisc.c:672:(snd_func_card_driver) cannot find card '0' > ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_card_driver > returned error: No such device ALSA lib confmisc.c:392:(snd_func_concat) error > evaluating strings ALSA lib conf.c:3493:(_snd_config_evaluate) function > snd_func_concat returned error: No such device ALSA lib > confmisc.c:1072:(snd_func_refer) error evaluating name ALSA lib > conf.c:3493:(_snd_config_evaluate) function snd_func_refer returned error: No > such device ALSA lib conf.c:3962:(snd_config_expand) Evaluate error: No such > device ALSA lib pcm.c:2099:(snd_pcm_open_noupdate) Unknown PCM default I seems the linux esd tries to use ALSA. Since we don't have ALSA support... > i tried mounting devfs in /compat/linux/dev/ and pointing esd to it > ( -d /compat/linux/dev/dsp) but: > $ /usr/compat/linux/usr/bin/esd -d /compat/linux/dev/dsp > - using device /compat/linux/dev/dsp > ALSA lib pcm.c:2099:(snd_pcm_open_noupdate) Unknown PCM /compat/linux/dev/dsp This will not work, linux programs fall back to the FreeBSD path (if there's no linux directory, so make sure /compat/linux/dev doesn't exists and it will do so magic and access the native /dev). > > so > 1) is it possible to run a sound server (i.e., basically something that > allows > several streams to play simultaneously without locking the dsp) so that both > native AND emulated apps will be happy with? > 2) am I missing something big ? What about sysctl hw.snd.maxautovchans= where is the number of programs you want to allow to play at the same time. Bye, Alexander. -- 93: Emacs Warum werden die Funktionen nicht mit Passwörtern versehen? (Frank Klemm) http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sound not work on Intel D945GNTL
Quoting Valeriy Klimentiev <[EMAIL PROTECTED]> (from Fri, 14 Jul 2006 16:38:34 +1100): device = '82801G (ICH7 Family) High Definition Audio' It's not supported currently. You can find alpha quality drivers in the archive of the multimedia mailinglist, search for recent messages about HDA. Bye, Alexander. -- "Reflections on Ice-Breaking" Candy Is dandy But liquor Is quicker. -- Ogden Nash http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: linux_base-fc4
Quoting Boris Samorodov <[EMAIL PROTECTED]> (from Tue, 20 Jun 2006 15:07:48 +0400): On Tue, 20 Jun 2006 13:33:48 +0300 Ion-Mihai Tetcu wrote: On Tue, 20 Jun 2006 13:33:06 +0300 Ion-Mihai "IOnut" Tetcu <[EMAIL PROTECTED]> wrote: > On Tue, 20 Jun 2006 14:09:31 +0400 > Boris Samorodov <[EMAIL PROTECTED]> wrote: > > > On Tue, 20 Jun 2006 12:23:19 +0300 Ion-Mihai "IOnut" Tetcu wrote: > > > > > /me whispers 'cvs diff -uN' and misc/tinderbox :) > > > > > Or send it over andI'll run a test on one of my tindyes. > > > > Here it is. > > Looks OK: > http://sce-tindy.tecnik93.com/tb-exp/index.php?action=describe_port&id=781 Should I commit ? Alexander, would you mind? No, feel free to give approval to itetcu to commit it. ;-) Bye, Alexander. P.S.: I see Boris as one of currently two people which can be described as maintainers of the emulation@ owned ports. And I'm nagging portmgr to get a commit bit for him. Additionally there's no lock on emulation@ owned ports (except the usual "hands of if you do not really know what you are doing", and the linux infrastructure has a lot of pitfalls...). -- Selling GoodYear Eagle F1 235/40ZR18, 2x 4mm + 2x 5mm, ~130 EUR you have to pick it up between Germany/Saarland and Luxembourg/Capellen http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Security warning with sshd
Pat Maddox <[EMAIL PROTECTED]> wrote: Hey guys, thanks for the help so far. I'm going to post this to the freebsd-pf list to see if anyone has any ideas...but I'm using PF, and here's the config. Hopefully you can take a look and see what the problem may be. As I said earlier, I'm not positive why I'm getting those errors, but I believe it's because my SSH connection is getting cut off whenever I enable the firewall. I've also been looking for a way to not be cut off (since it's very annoying), and it seems like figuring out and correcting these errors will also fix the second problem. You have to enable the firewall before you use ssh. A stateful firewall can't know about connections which get setup before the firewall is started. Since the firewall starts with a clean state, it has to assume that no connection is valid and blocks every already established traffic. So the behavior you see is what you requested from the system by starting the firewall after starting a ssh session. There's no need to be scared, it's not a security flaw, but you have to change your expectations. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 Don't you feel more like you do now than you did when you came in? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Security warning with sshd
Stephen Major <[EMAIL PROTECTED]> wrote: The issue he is having I had the exact same problems, as soon as I changed my config to the one below poof no more problems. You can set your firewall however you want. I was just saying what gets rid of the problem he is having with ssh. I wasn't commenting the ssh issue, since it isn't clear why the problem exists. At least I haven't seen a problem analysis where the cause of this was shown. Maybe I missed it. So your posting may be the right solution or not. I don't know yet, and I don't care about this in this mail, since I wasn't talking about the ssh issue (see below). So instead of ripping apart what I have said why do you not provide a better solution to the original question asked. I wasn't ripping apart what you said. I just wanted to be helpful and share a little bit of knowledge. You're mixing stateful with non-stateful rules and this may result in unwanted packets traveling through the firewall. I thought you (and maybe others) may be interested in this. BTW.: in some environments this is a hole in the firewall and needs to be fixed, so one shouldn't use this part of your example. Since the security mailinglist is in the CC, we can't let this problem be uncommented. Another helpful suggestion: Please don't quote everything and please write your comments below the parts where they belong. This is common behavior in the FreeBSD lists and doing the opposide will result in less (useful) responses from some members of the lists (because it makes the mail harder to read and people may decide to not spend the time to read the mail and point out problem solutions or small bugs in your offering of a solution). Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 To add insult to injury. -- Phaedrus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Security warning with sshd
Stephen Major <[EMAIL PROTECTED]> wrote: This is due to a mis-configured firewall. If you are using IPFW there are many tutorials out there that tell you to do the wrong thing. And almost all of them contradict each other. Below is a basic script that only allows in and out SSH sessions and blocks all the garbage. Of coarse you must add any other services you need. The key here is that you allow connections from any to any established. Then on all outgoing tcp connections be sure to use the setup keep-state flags. The keep-state flag puts the rule into the dynamic rules table. Then the allow connections from any to any established allows already established connections to flow without going through the ruleset again. When I did this the error messages you are now experiencing went away. I'm *dis*allowing established connections in my firewall, and everything works as expected. You just need to expect the right thing. :-) "established" is a non-stateful filter rule, so it matches on the presence/absence of some TCP flags. I can't get to the ipfw statistics yet, but tere are a lot of established packets which are rejected. Needless to say that there's normal traffic (ssh, https, smtp, imaps, ...) which goes through the firewall just well. ### check the traffic's state $ipfwcmd $flags add 00500 check-state Here you have the statefull equivalent of the "established" rule, so every successfully setup connection ("keep-state") already passes because of this rule. $ipfwcmd $flags add 00501 allow tcp from any to any established Here you can switch to "reject" or "deny" instead of allowing it. Everything should just continue to work (if it doesn't, most likely you forgot a "keep-state" somewhere). With this a reconfiguration of the firewall results in dropping established connections. ## outbound section ## ### Allow out ssh $ipfwcmd $flags add 02150 allow tcp from me 22 to any out via $oif setup keep-state What are you trying to do here? Outgoing connections from ssh clients have a src port above 1024. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 Avoid strange women and temporary variables. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD's Visual Identity: Outdated?
On Thu, 23 Dec 2004 12:27:31 +0100 jsha <[EMAIL PROTECTED]> wrote: > I am writing this e-mail hoping that someone will share my thoughts > on how the world's best operating system should represent its attributes > and users to the rest of the world. You know that you write this a t a time where a lot of people are visiting their family and don't have email access or don't read the mailinglists? At least this is the case for a lot of FreeBSD committers. > Being an architect as well as graphic designer, I feel it is about time > for a complete revamp of the visual aesthetics of the FreeBSD project. Even if a lot of committers won't/can't answer now: there are people which agree with you (maybe not all, but you know what we say about bikesheds, don't you?). > The current logo and everything pertaining to it has long since lost its > modern touch. I believe that if this image is strenghtened, so is the > way outsiders view the FreeBSD project and the way they would judge it > compared to other open source operating systems. > > 1. Not only is the logo misleading (associating evil) but it also looks We had an discussion a while ago about this. The way I understand the conclusion is: we have a mascot, but no logo (we may use our mascot like other people use a logo ATM). And we want to keep the mascot. We may be interested in a logo, but a logo is a bikeshed topic. Since we're more developers than designers, nobody stepped up to proceed on this topic (at least I don't know about it if someone proceeded further). If you want to put your energy into creating a logo, there will be people which listen to you. >like something 10-year-olds could produce in Paint Shop Pro ten years >ago. OpenBSD has an artistic touch to theirs, however I was very >disappointed when I heard that the new NetBSD logo was in effect. This is a little bit harsh. I suggest to stay with facts and suggestions. Keep such rants for your personal pleasure, we don't need them. > 2. If it wasn't for the interesting content and structure of the FreeBSD >website, it would be among the less beautiful. Yes, it serves its >purpose well by being simple and straight to the point. But a redesign >could offer just the same -- simplicity and accuracy -- without being >ugly. The doc team is progressing in this direction... at least if I read the content between the lines of commit logs right. I think they try to separate the content from the design at the moment (the prerequisite to use the full power of CSS). I suggest to get in contact with them to not reinvent the wheel. > 3. The installation, even though it's text-only, could also be improved >by simple restructuring to act more cognitive and human-centered than >previously. Everything pertaining to the eye is important to improve. Yes. AFAIK the Freesbie project is integrating the bsdinstaller (the installer DragonFly uses) ATM. We will see how this works out and depending on this there may be interest to integrate the installer into FreeBSD. > 4. There should be some kind of FreeBSD business card and letterhead >available to all that support this project. Even if there are some people which don't think this is needed, I like this idea. In may day to day job I'm working as a consultant, so I know where/how/why this may be beneficial (or not). > How do I know though, that if I manage to pull together a team to work > on this refined vision, that we won't be totally ignored even though we > produce the most magnificent result? We can't guarantee that any of your work will be adopted, but I don't think your work will be ignored (be prepared to get a lot of critique... positive and negative one). Bye, Alexander. -- The best things in life are free, but the expensive ones are still worth a look. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: folding client stopped working, is it because of linux?
On Mon, 23 May 2005 23:21:21 -0400 jason henson <[EMAIL PROTECTED]> wrote: > I did a system update and after that my folding @ home client will not > work without me doing make install in linux_base-8 ports dir. BTW, > linux is already installed from before the update and even after > reinstalling after the update the systems seems to forget it is there > after a reboot. I can type make install and the port installs, but > since I don't do a make clean first it returns immediatily. After I do > this [EMAIL PROTECTED] runs fine. My network card uses the nvnet driver from > ports > which still works at boot with out me needing to make install for the Run "kldstat" after the reboot and look out for linux.ko. If it isn't there, you haven't added the linux kernel module to the kernel (either in the kernel-config or as a module in /boot/loader.conf). > linux port. I believe this driver requires the linux emulation to work btw. It doesn't depend upon the linuxolator. Bye, Alexander. -- To boldly go where I surely don't belong. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD's Visual Identity: Outdated?
On Thu, 23 Dec 2004 12:27:31 +0100 jsha <[EMAIL PROTECTED]> wrote: > I am writing this e-mail hoping that someone will share my thoughts > on how the world's best operating system should represent its attributes > and users to the rest of the world. You know that you write this a t a time where a lot of people are visiting their family and don't have email access or don't read the mailinglists? At least this is the case for a lot of FreeBSD committers. > Being an architect as well as graphic designer, I feel it is about time > for a complete revamp of the visual aesthetics of the FreeBSD project. Even if a lot of committers won't/can't answer now: there are people which agree with you (maybe not all, but you know what we say about bikesheds, don't you?). > The current logo and everything pertaining to it has long since lost its > modern touch. I believe that if this image is strenghtened, so is the > way outsiders view the FreeBSD project and the way they would judge it > compared to other open source operating systems. > > 1. Not only is the logo misleading (associating evil) but it also looks We had an discussion a while ago about this. The way I understand the conclusion is: we have a mascot, but no logo (we may use our mascot like other people use a logo ATM). And we want to keep the mascot. We may be interested in a logo, but a logo is a bikeshed topic. Since we're more developers than designers, nobody stepped up to proceed on this topic (at least I don't know about it if someone proceeded further). If you want to put your energy into creating a logo, there will be people which listen to you. >like something 10-year-olds could produce in Paint Shop Pro ten years >ago. OpenBSD has an artistic touch to theirs, however I was very >disappointed when I heard that the new NetBSD logo was in effect. This is a little bit harsh. I suggest to stay with facts and suggestions. Keep such rants for your personal pleasure, we don't need them. > 2. If it wasn't for the interesting content and structure of the FreeBSD >website, it would be among the less beautiful. Yes, it serves its >purpose well by being simple and straight to the point. But a redesign >could offer just the same -- simplicity and accuracy -- without being >ugly. The doc team is progressing in this direction... at least if I read the content between the lines of commit logs right. I think they try to separate the content from the design at the moment (the prerequisite to use the full power of CSS). I suggest to get in contact with them to not reinvent the wheel. > 3. The installation, even though it's text-only, could also be improved >by simple restructuring to act more cognitive and human-centered than >previously. Everything pertaining to the eye is important to improve. Yes. AFAIK the Freesbie project is integrating the bsdinstaller (the installer DragonFly uses) ATM. We will see how this works out and depending on this there may be interest to integrate the installer into FreeBSD. > 4. There should be some kind of FreeBSD business card and letterhead >available to all that support this project. Even if there are some people which don't think this is needed, I like this idea. In may day to day job I'm working as a consultant, so I know where/how/why this may be beneficial (or not). > How do I know though, that if I manage to pull together a team to work > on this refined vision, that we won't be totally ignored even though we > produce the most magnificent result? We can't guarantee that any of your work will be adopted, but I don't think your work will be ignored (be prepared to get a lot of critique... positive and negative one). Bye, Alexander. -- The best things in life are free, but the expensive ones are still worth a look. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Error message
On Mon, 29 Nov 2004 08:17:40 -0600 Mike Horwath <[EMAIL PROTECTED]> wrote: > On Mon, Nov 29, 2004 at 06:12:20PM +0530, Akhthar Parvez. K wrote: > > Hi All, > > > > I am getting the following error message in /var/log/messages > > > > tail -f /var/log/messages > > Nov 29 07:24:31 speedy /kernel: pid 83876 (httpd), uid 65534: exited on > > signal 4 > > Nov 29 07:24:31 speedy /kernel: pid 84126 (httpd), uid 65534: exited on > > signal 4 > > [snipper] > > #define SIGILL 4 /* illegal instr. (not reset when caught) */ > > > Anyhave has any idea why it's coming? I am not getting any error > > messsages in apache error logs. > > Only time I have seen this kind of thing is bad hardware. It may also be the case that the wrong CPUTYPE is/was specified in /etc/make.conf. Bye, Alexander. -- The best things in life are free, but the expensive ones are still worth a look. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: where are the jabber man pages?
On Sun, 11 Jan 2004 11:17:56 -0600 "Andrew L. Gould" <[EMAIL PROTECTED]> wrote: > A list of files that are installed by a port can be found in the "pkg-plist" > file of the ports directory. man-pages aren't listed in the plist in the ports directory (but they are listed in /var/db/pkg//+CONTENTS), they get listed in the Makefile in a MANx variable. Bye, Alexander. -- I will be available to get hired in April 2004. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SecFix for databases/firebird, please review
On Wed, 27 Aug 2003 08:33:43 -0700 Joshua Oreman <[EMAIL PROTECTED]> wrote: > > > You also still don't add: > > > > > > buf[sizeof(buf) - 1] = '\0'; > > > > > > after all strncat(3)s. > > > > Hmmm... yes, I see the problem... > > >From strncat(3): > char* strncat (char * restrict s, const char * restrict append, size_t count); > [ ... ] > The strncat function appends not more than count characters from > append, and then adds a terminating `\0'. > (emphasis added) ^^^ > > So here there really isn't a problem. Are you sure? Lets see (pseudocode): target[100]="abcde"; source="123456"; strncat(target, source, 5); What's the result (just by looking at the man-page): - abcde12345 - abcde12345\0 - abcde1234\0 Now, write a program which verifies your assumption. Bye, Alexander. -- The best things in life are free, but the expensive ones are still worth a look. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"