Re: Is it possible to suspend to disk with geli+Root on ZFS installation

2013-10-13 Thread Ian Smith
On Sun, 13 Oct 2013 13:17:20 +1000, yudi v wrote:
 > On Mon, Sep 30, 2013 at 2:47 AM, Ian Smith  wrote:
 > > In freebsd-questions Digest, Vol 486, Issue 7, Message: 5
 > > On Sat, 28 Sep 2013 16:25:33 +0200 Roland Smith  wrote:
 > >  > On Fri, Sep 27, 2013 at 05:37:55PM +1000, yudi v wrote:
 > >  > > Hi all,
 > >  > >
 > >  > > Is it possible to suspend to disk (hibernate) when using geli for
 > full disk
 > >  > > encryption.
[..]
 > > I must reiterate, FreeBSD does not support Suspend to Disk (state S4 aka
 > > 'hibernate') on ANY platform, except - perhaps - on machines supporting
 > > S4 in BIOS (hw.acpi.s4bios=1) which are very rarely spotted in the wild.
 > >
 > >  > And even suspend to RAM doesn't work on every machine [2].
 > >  >
 > >  > [2]: https://wiki.freebsd.org/IdeasPage#Suspend_to_disk
 > >
 > > That page IS about Suspend to Disk - but only as a wishlist idea, as it
 > > has been for many years.  Someone did take it on as a Google SoC project
 > > years ago, but nothing ever came of it to my knowledge.
[..]

 > Thanks Ian for clarifying that FreeBSD does not support Suspend to Disk. I
 > just assumed all major distros supported all the suspend states. Now I am
 > looking for a UPS that cleanly shuts down the machine when there is a power
 > outage.

Hi Yudi,

you haven't said what sort of machine (desktop/server/laptop) or how 
long a mains power fail runtime you're after, so it's impossible to 
guess what sort of size UPS you might need ..

 > I am looking at a APC Power-Saving Back-UPS ES 8 Outlet 700VA 230V AS
 > 3112<http://www.apc.com/products/resource/include/techspec_index.cfm?base_sku=BE700G-AZ&total_watts=200&tab=features>,

I don't know about that model; it makes no mention of shutdown alert / 
control at all, only 'some models' have a USB connector, and I couldn't 
find the manual for it there.  Certainly not all 'desktop' UPSes support 
what's needed to communicate and shutdown cleanly, so check carefully 
both the specs and that software (apcupsd or nut) supports the model.

I gather from your timestamp (and that model) that you may be in 
Australia, in which case you could browse from here for the APCs:

http://www.apc.com/products/category.cfm?id=13&ISOCountryCode=au

[However that page currently throws errors on the various model links of 
'Element CACHE.APCTOSECOUNTRYMAPPINGS is undefined in APPLICATION.' :( ]

 > anyone know if apcupsd daemon works fine under FreeBSD or should I be
 > looking at Network UPS Tools (NUT).

I'm sure there are people here who can advise.  I've only setup Eaton 
and PowerWare UPSes, and those on a Debian linux server, using NUT.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Is it possible to suspend to disk with geli+Root on ZFS installation

2013-09-29 Thread Ian Smith
In freebsd-questions Digest, Vol 486, Issue 7, Message: 5
On Sat, 28 Sep 2013 16:25:33 +0200 Roland Smith  wrote:
 > On Fri, Sep 27, 2013 at 05:37:55PM +1000, yudi v wrote:
 > > Hi all,
 > > 
 > > Is it possible to suspend to disk (hibernate) when using geli for full disk
 > > encryption. 
 > 
 > As far as I can tell, FreeBSD doesn't support suspend to disk on all
 > architectures. On amd64 the necessary infrastructure doesn't exist, and on
 > i386 FPU state is lost, there is no multiprocessor support and some MSRs are
 > not restored [1].
 > 
 > [1]: https://wiki.freebsd.org/SuspendResume

Roland, sorry, no; you (and that page) are talking about Suspend to RAM, 
ACPI state S3.  What you've said is correct re Suspend to RAM - though 
some running amd64 have achieved some success on some machines lately; 
most of the issues are with restoring modern video, backlight and such.

Those i386 comments don't apply to my Thinkpad T23s, which suspend and 
resume, in console mode and X, flawlessly on 9.1-R and properly after 
various tweaks on 8.x, 7.x and 6.x - but they're a single core P3-M ..

I must reiterate, FreeBSD does not support Suspend to Disk (state S4 aka 
'hibernate') on ANY platform, except - perhaps - on machines supporting 
S4 in BIOS (hw.acpi.s4bios=1) which are very rarely spotted in the wild.

 > And even suspend to RAM doesn't work on every machine [2].
 > 
 > [2]: https://wiki.freebsd.org/IdeasPage#Suspend_to_disk

That page IS about Suspend to Disk - but only as a wishlist idea, as it 
has been for many years.  Someone did take it on as a Google SoC project 
years ago, but nothing ever came of it to my knowledge.

The last laptop I have that will properly hibernate - ie save RAM and 
all state to disk and power off, then reload all RAM and state on power 
return - is a 300MHz Compaq Armada 1500C (mfg '98), but using the older 
APM BIOS rather than ACPI.  (It's still running, 24/7/365 since 2002 :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Is it possible to suspend to disk with geli+Root on ZFS installation

2013-09-28 Thread Ian Smith
In freebsd-questions Digest, Vol 486, Issue 5, Message: 18
On Fri, 27 Sep 2013 17:37:55 +1000 yudi v  wrote:

 > Hi all,
 > 
 > Is it possible to suspend to disk (hibernate) when using geli for full disk
 > encryption. My set-up is listed below. So I am going to have an encrypted
 > container and ZFS on top. There are two options for the swap with this
 > set-up, either use a swap file on the ZFS pool or use a separate partition
 > for swap and encrypt that. What I want to know is will either of this work
 > with suspend to disk.

FreeBSD does not support suspend to disk (ACPI state S4) at all.  It's 
been some years since I last heard of any attempts to implement STD.

Suspend to RAM (state S3) works on some machines, including mine.  If it 
works on yours then I suspect use of ZFS shouldn't be an extra issue.

I haven't used ZFS, so can't comment on the rest of your message(s).

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Potential Vulnerabilities list on US Cert

2013-09-03 Thread Ian Smith
In freebsd-questions Digest, Vol 483, Issue 2, Message: 1
On Mon, 2 Sep 2013 10:41:44 -0400 Jerry  wrote:

 > I usually check the US Cert listing every week to see if anything
 > interesting is listed. 
 > 
 > I discovered that there are two listings for FreeBSD:
 > 
 > 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077
 > 
 > 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209
 > 
 > I just thought that users should be aware of this.

Thanks for the thought, Jerry.  To add to Lowell's assurance ..

If you followed the links in those vuln reports to the FreeBSD Security 
Advisories and source patches for all supported FreeBSD versions, that 
were applied prior to their announcement on 22nd August in (at least) 
the freebsd-security@ and freebsd-announce@ lists, you could have known 
a week sooner :)

Anyone running a FreeBSD system with possibly untrusted local users 
running multicast (in the case of CVE-2013-3077) or running servers 
using SCTP (in the case of CVE-2013-5209) would naturally have read 
these and have applied updates before the CERT advisories appeared.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: FreeBSD on ThinkPad W530

2013-08-19 Thread Ian Smith
On Wed, 14 Aug 2013 15:40:58 +0200, vermaden wrote:
 > Hi and thanks for reply ;)
 > 
 > > Yay another FreeBSD laptop user!
 > 
 > I use FreeBSD for dekstop/workstation for I do not remember how long:
 > http://vermaden.deviantart.com/art/CorporateBSD-FreeBSD-at-Work-190680188
 > 
 > > Please do this:
 > > * join the freebsd-mobile list;* create PRs for each of your problems with 
 > > -10 above!;
 > 
 > Here are created PRs:
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=181281
 > stack trace after successfull 'umount /mnt' (SDHC card mounted as msdosfs)
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=181282
 > 3h of work on battery on FreeBSD while 10h on Windows

Hi; I'm only going to address this one, so chopping mercilessly ..

 > http://www.freebsd.org/cgi/query-pr.cgi?pr=181283
 > acpi_ibm module is useless on ThinkPad W530
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=181285
 > x11/xorg does not start if Nvidia Optimus is enabled on
 > 
 > > * the power utilisation thing is going to be fun to track down - what kind 
 > > of
 > > CPU is in there? Is it a recent Intel? I'm playing around with their tools 
 > > at the
 > > moment; maybe we can look at the power the CPU is consuming and then
 > > add on the power from each of the other parts in your laptop until we
 > > figure out what's drawing said power

Can't fault the comprensiveness of your PR 181282 :)  I did notice:

dev.cpu.0.cx_lowest: C1

As a starting point, try following mav@'s excellent Tuning Power guide:
https://wiki.freebsd.org/TuningPowerConsumption

I don't know what the i7 or your BIOS does about C-states, but using C2 
and especially if you can get to C3 or equivalent could give a big win; 
with other tunings Alexander managed to double battery life (on a C2D)

You said powerd was 'working' but without indication of effectiveness, 
such as what CPU speeds correspond to idle/light load/full load etc?
You may want to try tuning its default modes/idle/busy settings, and 
measure real power used at different freqs.

I suggest trying the advice there to disable p4tcc and acpi_throttle, 
reducing number of P-states considerably.  Then 'service powerd stop', 
run powerd -v in a console and measure power consumption at various 
loads and CPU frequencies.  If you have no wattmeter, acpiconf -i0 may 
serve as a guide (though you do have to wait a while for changes to be 
reflected); for such monitoring (albeit with working acpi_ibm) I use:

smithi on t23% cat ~/bin/t23stat
#!/bin/sh
echo -n "`date` "
sysctl dev.cpu.0.freq dev.cpu.0.cx_usage
sysctl dev.acpi_ibm | egrep 'fan_|thermal'
sysctl hw.acpi.thermal.tz0.temperature
acpiconf -i0 | egrep 'State|Remain|Present|Volt'

smithi on t23% t23stat
Mon Aug 19 22:09:15 EST 2013 dev.cpu.0.freq: 733
dev.cpu.0.cx_usage: 0.05% 99.94% 0.00% last 529us
dev.acpi_ibm.0.fan_speed: 2254
dev.acpi_ibm.0.fan_level: 1
dev.acpi_ibm.0.thermal: 47 46 42 -1 -1 -1 29 -1
hw.acpi.thermal.tz0.temperature: 47.0C
State:  discharging
Remaining capacity: 95%
Remaining time: 2:36
Present rate:   17313 mW
Present voltage:12236 mV

Cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: 9.2-RC1: Problem with Kernel

2013-08-11 Thread Ian Smith
In freebsd-questions Digest, Vol 479, Issue 8, Message: 10
On Sun, 11 Aug 2013 09:43:57 + (UTC) Walter Hurry  
wrote:
 > On Sat, 10 Aug 2013 21:29:10 +0200, Polytropon wrote:
 > 
 > > On Sat, 10 Aug 2013 19:04:29 + (UTC), Walter Hurry wrote:
 > >> This is 9.2-RC1 on amd64 (upgraded from 9.2-BETA1 by refetching the
 > >> source from releng/9.2 and rebuilding kernel and world).
 > >> 
 > >> The kernel compiles and runs fine using the supplied GENERIC, but when
 > >> I try to use my custom kenel config file, on reboot I get this:
 > >> 
 > >> Mounting from ufs:/dev/ada0p2 failed with error 19
 > >> 
 > >> What module(s) have I missed?
 > > 
 > > Diff against the GENERIC kernel. Maybe "device xhci"?
 > > What bootable media is listed when you type "?" at the mountroot prompt?
 > > If GENERIC boots and your kernel doesn't, there should be a significant
 > > difference regarding the config file's content. :-)
 > 
 > Thanks for the reply. When I type "?" at the mountroot prompt I get:
 > 
 > List of GEOM managed disk devices:
 > 
 > with nothing shown.
 > 
 > After restoring the GENERIC kernel, the output from 'gpart list' is:
 > 
 > Geom name: ada0
[..]
 > Consumers:
 > 1. Name: ada0
 >Mediasize: 21474836480 (20G)
 >Sectorsize: 512
 >Mode: r2w2e3
 > 
 > (This is a small VirtualBox VM.)
 > 
 > Kernel config is at http://paste2.org/h17Ih0PD

Please Walter, it's not fair to make us do the work of figuring out what 
you've changed from GENERIC in that, when all you need to provide is:

# diff -uw /path/to/GENERIC /path/to/YOURKERNEL

More ideal for custom kernel configs - for just these occasions - is:

include GENERIC
ident YOURKERNEL
# custom {no,}device and {no,}options statements

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: FreeBSD slices and the Boot Manager

2013-07-29 Thread Ian Smith
On Mon, 29 Jul 2013 01:04:04 +0200 (CEST), Conny Andersson wrote:
 > Hi Devin,
 > 
 > Apropos sade (sysadmins disk editor). I have it at /usr/sbin/sade and I am
 > running a FreeBSD 8.3. I also mounted FreeBSD 8.1 and FreeBSD 8.2 and found
 > sade at /usr/sbin/ even in these older FreeBSDs.

I can't recall if sade was in 6.x but it certainly is in 7.x.  I think 
Devin meant to say 'in 9 and earlier'.  Yes it's taken from the fdisk 
and bsdlabel sections of sysinstall, but existed long before there was 
talk of deprecating sysinstall, apart from Jordan's self-deprecatory 
comments some 18 years ago suggesting it should be updated/replaced, as 
found under BUGS in sysinstall(8) up to at least 8.2, but not in 9.x:

 This utility is a prototype which lasted several years past its expira-
 tion date and is greatly in need of death.

 > Regards,
 > 
 > Conny
 > 
 > > On Sun, 28 Jul 2013, Teske, Devin wrote:
 > > 
 > > In this case, sade is (or was) a direct by-product of the death of
 > > sysinstall(8). It only exists in 9 or higher.
 > > 
 > > In-fact... sade was (up until recently in HEAD) actual code removed from
 > > sysinstall(8).
 > > 
 > > NOTE: In HEAD, sade(8) is now a direct path to "bsdinstall partedit"

Well that will be alright if 'bsdinstall partedit' now does the hitherto 
missing sade functions, particulary Disklabel Editor functions such as 
allowing one to toggle newfs on particular (BSD) partitions, toggle 
softupdates, use custom newfs options, and delete-and-merge partitions?

 > > I don't know what the long-term goals are for sade, but it's a nice
 > > 4-letter acronym that's a nice keystroke saver (at the very least).

As I said, unless you're into the arcane maths needed to run fdisk and 
bsdlabel manually, sade (or its functions in sysinstall) is the only 
safe and sane way to manage MBR disks.  I'd love to be proven wrong ..

And credit to you, Devin, for developing bsdconfig to replace most of 
sysinstall's other post-installation functions.  I'll have a play with 
that when I upgrade my 9.1 to 9.2 fairly soon.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: FreeBSD slices and the Boot Manager

2013-07-28 Thread Ian Smith
In freebsd-questions Digest, Vol 477, Issue 8, Message: 10
On Sat, 27 Jul 2013 19:39:30 +0200 (CEST) Conny Andersson  
wrote:
 > Hi,
 > 
 > I have a workstation with two factory installed hard disks. The first disk, 
 > ada0, is occupied by a Windows 7 Pro OS (mainly kept for the three year 
 > warranty of the workstation as Dell techs mostly speak the Microsoft 
 > language).

Yes, best humour adherents of the Almighty Bill - keeps them sweet.

 > Instead I have configured the BIOS to boot from the MBR on the second disk 
 > as I most of the time (99%) use FreeBSD. The MBR on ada1 was installed with 
 > sysinstall's option "Install the FreeBSD Boot Manager", when I installed 
 > the FreeBSD 8.3-RELEASE.

Right.  sysinstall(8) - or at least the fdisk and bsdlabel modules that 
constitute sade(8) - remains the only safe and sane way to handle MBR 
disks.  bsdinstall seems fine for GPT, but its paradigm doesn't play so 
well with trying to do the sorts of manipulations you're talking about 
here.  Why noone's tried to update sade(8) for GPT I don't understand; 
it's a far better, more forgiving interface, in my old-fashioned? view.

 > (The latest BIOS version 2.4.0 for Dell T1500 does not support 
 > UEFI/GPT/GUID.)
 > 
 > The second disk ada1, now has three FreeBSD slices:
 > 
 > 1) ada1s1 with FreeBSD 8.1-RELEASE
 > 
 > 2) ada1s2 with FreeBSD 8.2-RELEASE
 > 
 > 3) ada1s3 with FreeBSD 8.3-RELEASE
 > 
 > I want to install the new FreeBSD 8.4-RELEASE on ada1s1 by overwriting the 
 > now existing two first slices. This means that ada1s3, must become ada1s2 
 > instead. Is this possible to do?

Yes and no.  Using sysinstall|sade on my 9.1 laptop -- without setting 
sysctl kern.geom.debugflags=16 so it can't write any inadvertent changes 
to my disk :) -- in the fdisk screen you can delete the first two slices 
freeing their space for a new slice (or two) and you can then allocate 
s1 ok, but the existing s3 is still called s3.  Would that be a problem?

If you only created one slice there you'd have s1 and s3, with s2 and s4 
marked as empty in the MBR shown by fdisk(8).  MBR slice order need not 
follow disk allocations, eg s4 might point to an earlier disk region.

sysinstall|sade has undo options for both fdisk and bsdlabel modules; 
it's easy to play with, no chance of damage - even with foot-shooting 
flag set, unless/until you commit to changes.  If in doubt hit escape 
until it backs right out, nothing will be written.

 > A very important question is if sysinstall's option "Install the FreeBSD 
 > Boot Manager" detects that I have a FreeBSD 8.3 and detect it as slice 2 on 
 > disk 1? So it becomes a boot option when I am rebooting? (Maybe the slice 
 > may come up as ad6s2, because AHCI in FreeBSD 8.4 isn't enabled at the time 
 > of the install.)

If you're running 8.4 sysinstall as init, ie booted into the installer, 
and you've told it to install to s1, then it should set s1 as the active 
partition in the disk table and in boot0cfg's active slice table.  I've 
never tried it with a second disk so I can't confirm that will all play 
nice, but you seem to have installed 3 versions ok before :)

If not, you can run boot0cfg(8) anytime to set the active slice etc, so 
that shouldn't be a worry.  Likely need to set debugflags=16 to do that 
on a running system also .. don't forget to set them back to 0 later!

(For anyone) still nervous about sade for setting up MBR disks, play 
with a spare memstick, setup a couple of slices, boot0cfg etc, allocate 
and delete slices and partitions.  Jordan got that together >15years ago 
so noone would ever need to do those icky slice/partition maths again.  
My theory: few have been brave enough to dare mess with $deity's work, 
though it just needs some updates for modern realities, not abandonment.

[ Polytropon, it's not 'obsolete' at all; still in 9 anyway.  It'll be 
obsolete when there are no more MBR-only systems in use - say 7 years - 
OR when bsdinstall incorporates all the missing good sade(8) features, 
which requires it making a clear distinction between GPT and MBR and 
working accordingly, including cleaning up GPT stuff if MBR chosen.  At 
9.1-R anyway, it doesn't do it so well for MBR.  Try installing over an 
existing desired slice partitioning, newfs'ing everything EXCEPT your 
valuable /home partition.  Not for beginners, yet simple in sade(8) ]

 > If the answer to these questions is yes, then the next two questions arise.
 > 
 > Can I mount ada1s2a (FreeBSD 8.3) from the newly installed FreeBSD 8.4 and 
 > edit my FreeBSD's 8.3-R /etc/fstab according to the new disk layout, and 
 > occasionally run FreeBSD 8.3 without problems? Or do I have to do more to 
 > get it to work?

Except it likely will still be called ada1s3a, it should be no problem. 
Once boot0cfg(8) is working right, you can boot from any bootable slice; 
it 'knows' but doesn't care what (if any) OS is on any other slices.

 > The idea behind this kind of 'reverse' disk layout of mi

Re: Recipie for CPU souffle'

2013-04-04 Thread Ian Smith
In freebsd-questions Digest, Vol 461, Issue 6, Message: 1
(sorry about the threading)
On Wed, 3 Apr 2013 15:12:17 +0200 Polytropon  wrote:
 > On Tue, 02 Apr 2013 19:10:59 -0700, Ronald F. Guilmette wrote:
 > > See how the entire ioctl() interface for these device types is completely
 > > documented IN THE MAN PAGE?  That's the way it should be... None of this
 > > rooting around in the sources for something that should have been 
 > > documented
 > > properly, external to the kernel sources.
 > 
 > I agree that especially to developers, that sounds logical
 > and very helpful. Seems that manpages do not aim for that
 > goal anymore...

Well I can't help but feel this is being taken a tad more seriously than 
speaker(4) deserves - but it was first committed to FreeBSD 1.0 in '93, 
19 years and 9 months ago in what is now SVN revision 4 (!), originally 
written by Eric Raymond in '90 then modified by ache(@) from "386bsd 
only clean version, all SYSV stuff removed", suggesting more ancient 
origins.  So I'm not sure this doesn't rather predate 'anymore' :)

One's referred to the source in /sys/dev/speaker/speaker.h (a few lines) 
and it's not a long jump to peek at /sys/dev/speaker/spkr.c

http://svnweb.freebsd.org/base/head/sys/dev/speaker/spkr.c?annotate=4

This original one is easier to follow at the bare metal level, with 
direct inb() and outb() to the PIT (i8254) timer #2, functions later 
moved into clock.c, making one have to refer to all of 4 source files 
for the 'machine independent' modern version, though I wonder if anyone 
not on x86/pc98 is/was actually using spkr(4)?

With r177648 5 years ago, phk@ said "If somebody cleaned this code up to 
proper style(9), it could become a great educational starting point for 
aspiring kernel hackers."  2 months later: "Move speaker a lot closer to 
style(9)".  It was one of the first devices I could follow, at any rate.

 > > It doesn't have to cover "everything".  But it _should_ completely describe
 > > the programatic interface.
 > 
 > At least is leaves questions, like stating "use the syscalls
 > in order to...", and the reader is left with the most obvious
 > question: _which_ syscalls?

Sometimes examples are the best teachers.  spkrtest(8) is just a sh 
script that writes to the device.  For more sophisticated use (!) spkr.c 
is overcommented, if anything, and it's only ~550 well-spaced lines.

 > > But like I said, somewher along the line, a lot of man page writers
 > > apparently got lazy... VERY lazy.

Mmm, and a few man page readers too?  It's really not rocket science ..

 > But keep in mind they're still alive! Judging from the manpages
 > of... *cough* can I say this? YOu know, more prominent open
 > source operating systems for desktops... they're usually much
 > worse _if_ there is a manpage. In most cases, there's none.

True.  And I can usually get little more sense out of info(1) than from 
windows 'troubleshooter' :)

 > > >> Second order question:  Why can't I just pipe a .wav file to the
 > > >> /dev/speaker device file and have it play?  Wouldn't that make quite
 > > >> a lot of sense?
 > > >
 > > >No, that does not work.
 > > 
 > > Apparently not.
 > > 
 > > Why it doesn't work (or couldn't work) is less clear.
 > 
 > The speaker interface to the _PC speaker_ is not a DSP. It's
 > programming is much simpler. The "note language" that it
 > uses on FreeBSD is much more than other interfaces offer.
 > Better ones have stuff like pitch, duration, turn off.

Not to mention staccato, legato, dotted notes - sophisticated stuff!

[..]

 > > >  % echo "c" > /dev/speaker
 > > 
 > > Humm... now _that_ is both interesting and enlightening.
 > 
 > I actually remember having used something comparable on
 > BASIC, when my brain wasn't fully developed yet. :-)

The note language is _from_ BASIC .. do read the source, Luke(s)!

 >  echo "cdefgab>c" > /dev/speaker
 > 
 > It's still a nice interface to "generate attention sounds"
 > in case you want to make an audible alarm or signal for
 > some specific action, like a program which has aborted,
 > an unverified backup or the successful completition of
 > a task.

Indeed it is.  On an old laptop using APM I used to play little tunes as 
the battery got down to 30, 20, 10%, noiser just before forced suspend,
which saved me not a few times.  A nice little chirp when fully charged.

[..]

 > > >> I wonder if whoever write and distributed this realized that he/she 
 > > >> could
 > > >> be sued for copyright infringement for about 5 of the simple tunes that 
 > > >> are
 > > >> embedded in that thing.  Sad but true.
 > > >> :-(

I hope noone's losing too much sleep, after ~20 uneventful years :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: qjail fork attribution was Handbook Jail Chapter rewrite available for critique (fwd)

2013-04-02 Thread Ian Smith
On Tue, 2 Apr 2013 01:00:44 -0400, Stephen Cook wrote:
 > On 4/1/2013 5:23 AM, Ian Smith wrote:

Actually, I forwarded a message that Joe  posted 
to -jail and -ports.  Proper attribution is what this issue's all about.

It's been pointed out to me privately that cross-posting is frowned upon 
in FreeBSD lists and I would usually concur, but this matter started in 
-questions and I believe that it's an issue of some public importance.

So, it was Joe who wrote:

 > > One does not have to be a lawyer to know the lack of any license verbiage
 > > embedded in computer programs released to the public becomes property of
 > > public
 > > domain forever. Putting license verbiage on your next port version is
 > > unenforceable because it's already property of public domain.

 > I don't know enough about the original disagreement to comment on it, but
 > this part is completely untrue. IANAL but I can use Google and common sense.
 > 
 > Under the Berne Convention, if there is no notice included with a
 > copyrightable work, it defaults to "all rights reserved". Until you receive
 > explicit permission, or a permissive license is included, it is assumed that
 > you *cannot* legally copy or derive from that work.

This certainly appears to be the concensus view.

 > So, if there is no license at all attached to ezjail, as you say, you are
 > infringing copyright. Luckily for you, the ezjail web page declares it to be
 > licensed as Beer Ware after all.

Hm, let's look at a Beerware licence.  There are 106 of them in /usr/src 
at 8.2-RELEASE; here's an apropos one from /usr/src/usr.sbin/jail/jail.8

.\"
.\" Copyright (c) 2000, 2003 Robert N. M. Watson
.\" Copyright (c) 2008 James Gritton
.\" All rights reserved.
.\"
   [.. standard two-clause BSD licence and disclaimer, followed by ..]
.\" 

.\" "THE BEER-WARE LICENSE" (Revision 42):
.\"  wrote this file.  As long as you retain this notice you
.\" can do whatever you want with this stuff. If we meet some day, and you think
.\" this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
.\" 


"As long as you retain this notice" is the issue, at least in spirit;
that is, as long as qjail's original authorship is properly attributed.  

As far as I can tell, Dirk is (rightfully) insisting only upon that.

 > Nothing personal, I just tend to correct people when they make up laws,
 > especially after a long enough period where I didn't get to criticize
 > anyone's grammar. :-)

Indeed.  Feel free to criticise mine, modulo unAmerican spelling :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: qjail fork attribution was Handbook Jail Chapter rewrite available for critique (fwd)

2013-04-01 Thread Ian Smith
Posted so people following -questions can gather what Joe Barbish is 
fishing for in the present thread regarding copyright and licensing.

cheers, Ian

-- Forwarded message --
Date: Tue, 26 Mar 2013 12:26:16 -0400
From: Fbsd8 
To: Dirk Engling 
Cc: po...@freebsd.org, freebsd-j...@freebsd.org
Subject: Re:qjail fork attribution was Handbook Jail Chapter rewrite available
for critique

Dirk Engling wrote:
> Dear JoeB,
> 
> since you just threatened me via private email to expose my evil plans
> of preventing your ubercool project from taking FreeBSD by storm, I
> would like to comment on your views and your project publicly
> 
> On 22.03.13 23:12, Fbsd8 wrote:
> 
> > On the subject of qjail being a fork of ezjail, of course it is.
> 
> So, you've decided to run along with an existing code base to fork a
> project. Congratulations.
> 
> You surely must have had reasons, like including features that the
> original author told you never to implement. Like you found the project
> abandoned and no one replied to your requests.
> 
> Well, except you did not. I found out about your fork by chance, after
> someone directed my attention to your constant bragging and nagging.
> Why, after all, would you ever feel the need to talk to me directly
> about the fork? After all, what common interests might we possibly share?
> 
> So I think the only reason to rip off ezjails code was to boost your ego
> with some impressive looking column of shell script you obviously had
> trouble understanding, which comes as no surprise as you _still_ seem to
> have trouble grasping even the basic concepts of shell scripting:
> 
> http://lists.freebsd.org/pipermail/freebsd-questions/2013-January/248558.html
> 
> http://lists.freebsd.org/pipermail/freebsd-questions/2013-January/247723.html
> 
> Reading this I find it very disturbing that you try to lure users into
> using your bumbling hack that pokes in one of the core security features
> of FreeBSD. To put it more plainly: What you do is dangerous. Stop doing
> it. You're putting your users at risk.
> 
> > British member concluded that the author of ezjail must be British based
> > solely on the spelling of the flavour directory. He also convinced us
> > that his Beerware license was British humor, a joke, and should not be
> > taken serous. In our review of other jail ports we did not see this
> 
> Then tell your "British member" to read up on some contemporary
> literature, maybe Wikipedia
> 
>   http://en.wikipedia.org/wiki/Beerware
> 
> so he has a chance to understand what connects Beerware and FreeBSD. Do
> not use your confused team member as pretext to violate the terms of
> license you obviously found by yourself and chose to ignore.
> 
> > file. It was inserted in the front like they have. We though that was
> > how you make software opensource which was the intention. There are no
> > formal copyright documents; it's just a extrapolation from the FreeBSD
> > comments.
> 
> Besides completely failing to see the point what the difference between
> open source and public domain is, you do not have the slightest idea,
> what a community of people sharing their code as open source is about.
> 
> The simple fact that you resort to Windows and IIS to serve your web
> site should have warned me, that you do not actually have any connection
> to the scene besides your gimme-gimme-gimme attitude.
> 
> To make my point clear: Open source software is about attribution. For
> multiple reasons, most important to me: getting to socialize. Beerware
> is not so much about getting the actual beer, but to have a chance to
> sit together and talk with people sharing common interests. Now you rob
> me of the chance to ever hear from people using my code disguised as yours.
> 
> Another reason, of course, is the pride we take in spending nearly ten
> years on ezjail and we definitely do not like some script kiddie running
> around adorn himself with plumes plucked from our asses.
> 
> > section is not appropriate to include qjail under Freebsd opensource
> > type of license, then we can change the comments to say "totally free to
> > do as you wish as opensource" and leave it at that. If something else is
> > needed, please inform what that is by private email. To continue this
> > this subject in public is not appropriate. Please respect our wish in
> > this matter.
> 
> No, I will not respect your wishes, as you chose to ignore mine. You are
> not totally free to do as you wish with the ezjail authors' code and you
> can not grant that rights to someone else.
> 
> Regarding your fork: I can not and I will not prevent forks from
> happening. So I wish you good luck with it. Maybe you learn some shell
> on the way.
> 
> The qjail port has been marked RESTRICTED by the ports managers and I
> will withdraw my concerns once you find a proper way to indicate
> original authorship in a humble way.
> 
> Regards,
> 
>erdgeist
> 
> 

Dear Dirk Engling

I feel sorry for you. I man w

Re: Handbook Jail Chapter rewrite available for critique (fwd)

2013-03-22 Thread Ian Smith
Joe, your mailer dropped -questions from the ccs on your response. 
Fixed, Ian

-- Forwarded message --
Date: Fri, 22 Mar 2013 18:12:18 -0400
From: Fbsd8 
To: freebsd-j...@freebsd.org
Cc: Ian Smith , Dirk Engling 
Subject: Re: Handbook Jail Chapter rewrite available for critique

Ian Smith wrote:
> On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote:
>  > On 18.03.13 20:16, s...@tormail.org wrote:
>  >  > > to configure things themselves. In my experience, ezjail is a much
> better
>  > > solution. I also see that you are the maintainer/author of qjail and like
>  > > to shovel your opinion as the only solution, both in this "rewrite" and
>  > > all over the FreeBSD forums.
>  >  > Taking a look at the qjail code I can not help to notice several odd
>  > similarities with the ezjail-admin script, down to the very basic bail
>  > out routines. I would not go so far to claim it was just a global
>  > search/replace job but to me the code looks familiar enough to find the
>  >  > # Copyright  2010,  Qjail project. All rights reserved.
>  >  > offensive. I am usually quite open with the license of my software,
>  > beerware is as permissive as it gets. I just can not take some script
>  > kiddie right out copying my code verbatim and selling it as his, not
>  > even acknowledging me as the original author.
>  >  > Anyone here with suggestions how to properly react to this kind of
> "fork"?
> 
> Yes.  Publicity.  Making sure the FreeBSD community gets to finds out.
> 
> You may be polite and un-selfserving enough to not go so far Dirk, but I will.
> Huge swathes of qjail are direct copies of your code, in most cases only with
> the names of the variables changed from ezjail_* to qjail_*.  I found it cute
> renaming 'flavour' to the American spelling.
> 
> Anyone looking at bin/qjail from qjail-2.1.tbz alongside the latest
> ezjail-admin (mine downloaded from your cvsweb) cannot fail to notice
> within the first couple of screens.  Sure there are changes, additions and
> deletions, but to fail to acknowledge the original authorship of this code,
> and the implication that Joe Barbish (aka 'Qjail project') is its original
> author is entirely outrageous; not ethical, even if legal.
> 
> To that end I'm cross-posting this to -questions, where Mr Barbish has also
> posted about his proposed "rewrite" of Chapter 16 of the Handbook, which is
> nothing but a huge and poorly written manual for 'the qjail way', with its
> peculiar assumptions and unique "jailcell" terminology.  "Fourth Generation",
> no less!
> 
> The idea that the "doc gang" would entertain the idea of removing all of the
> worthy content of the present Chapter 16 - even if it does need some updating
> - and replace it with this effort is laughable, yet stranger things have
> happened if there's any disconnect between developers and documenters ..
> witness the Handbook firewalls section, by Joe Barbish.
> 
> cheers, Ian
> 

Boy this simple critique request sure has gotten out of hand. So lets set the
record straight.

On the subject ezjail not being referenced in the document like it is in the
current version of the online handbook is just a writing content error. The
document being critiqued is the first public draft. Pointing out over sights
like not included ezjail in that section is the type of constructive feedback
that is desired. Any inference it was done on purpose is just crazy. When it
comes to the question of the handbook jail chapter needing updating, A member of
the document team has already offered to partner up with me to get it added to
the handbook as fast as possible. To me that means the document team is already
aware the current handbook jail chapter is outdated and has just been waiting
for someone to write a update which is just what I did. If you people have a
beef with that, take it up with the document team not me. If any of you think
you can do a better job then NOW is the time to step up or shut up.

On the subject of qjail being a fork of ezjail, of course it is.
Qjail was developed by the qjail project team who are a group of FreeBSD users
who live around Angeles City, Philippines. Of the seven members 2 are foreigners
living in the area, one American and one British. Our British member concluded
that the author of ezjail must be British based solely on the spelling of the
flavour directory. He also convinced us that his Beerware license was British
humor, a joke, and should not be taken serous. In our review of other jail ports
we did not see this Beerware license again or for that matter, see it in any of
the 5000+ ports we looked at or use. So the group coincided to the British
members v

Re: Handbook Jail Chapter rewrite available for critique

2013-03-22 Thread Ian Smith
On Thu, 21 Mar 2013 11:21:29 -0400, Alejandro Imass wrote:
 > On Thu, Mar 21, 2013 at 3:35 AM, Ian Smith  wrote:
 > > On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote:

[.. also chopping mercilessly ..]

 > >  > # Copyright  2010,  Qjail project. All rights reserved.
 > >  >
 > >  > offensive. I am usually quite open with the license of my software,
 > >  > beerware is as permissive as it gets. I just can not take some script
 > >  > kiddie right out copying my code verbatim and selling it as his, not
 > >  > even acknowledging me as the original author.
 > >  >
 > >  > Anyone here with suggestions how to properly react to this kind of 
 > > "fork"?
 > >
 > > Yes.  Publicity.  Making sure the FreeBSD community gets to finds out.
 > >
 > 
 > [...]
 > 
 > > To that end I'm cross-posting this to -questions, where Mr Barbish has
 > > also posted about his proposed "rewrite" of Chapter 16 of the Handbook,
 > > which is nothing but a huge and poorly written manual for 'the qjail
 > > way', with its peculiar assumptions and unique "jailcell" terminology.
 > > "Fourth Generation", no less!
 > >
 > 
 > +1
 > 
 > Thank you Ian for cross-posting here.
 > 
 > The first thing I did when I got the new chapter for review was search
 > for the work EzJail and I was curious as to why EzJail is not
 > mentioned anywhere in this new proposal and why it isn't mentioned in
 > the current handbook either under in section "16.5.2 High-Level
 > Administrative Tools in the FreeBSD Ports Collection". If there is
 > __any__ tool that should be mentioned in the jails chapter it is
 > EzJail because it's really easy to use and does a damn good job.

Actually, ezjail has been explicitly mentioned in '16.6 Application of 
Jails' http://www.freebsd.org/doc/handbook/jails-application.html since 
revision 30226 by danger, Mon May 28 20:02:46 2007 UTC, which section 
was just 6 weeks ago updated with a (preceding) similar port reference 
to qjail: http://svnweb.freebsd.org/doc?view=revision&revision=40900

[..]

 > NOW some things start to make sense to me, when I posted a problem
 > with EzJail here last year that very few people, if any, knew what I
 > was talking about. An how could they? if it's not mentioned anywhere
 > in the handbook or that jail man page(s).

man pages aren't an appropriate place to recommend particular ports; 
there are others, and there will be more.  The above are mentioned in 
the handbook page in the context of simpler alternatives to following 
the more detailed procedures presented to actually teach one how jail 
technology may be implemented, which - in my view - is the Good Stuff.

There have been about 20 messages in freebsd-jail@ referring to ezjail 
this year so far before this thread, as in previous years; try browsing 
the archives from http://lists.freebsd.org/pipermail/freebsd-jail/

OTOH, I've seen no prior posts in jail@ about qjail before this thread.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Handbook Jail Chapter rewrite available for critique

2013-03-21 Thread Ian Smith
On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote:
 > On 18.03.13 20:16, s...@tormail.org wrote:
 > 
 > > to configure things themselves. In my experience, ezjail is a much better
 > > solution. I also see that you are the maintainer/author of qjail and like
 > > to shovel your opinion as the only solution, both in this "rewrite" and
 > > all over the FreeBSD forums.
 > 
 > Taking a look at the qjail code I can not help to notice several odd
 > similarities with the ezjail-admin script, down to the very basic bail
 > out routines. I would not go so far to claim it was just a global
 > search/replace job but to me the code looks familiar enough to find the
 > 
 > # Copyright  2010,  Qjail project. All rights reserved.
 > 
 > offensive. I am usually quite open with the license of my software,
 > beerware is as permissive as it gets. I just can not take some script
 > kiddie right out copying my code verbatim and selling it as his, not
 > even acknowledging me as the original author.
 > 
 > Anyone here with suggestions how to properly react to this kind of "fork"?

Yes.  Publicity.  Making sure the FreeBSD community gets to finds out.

You may be polite and un-selfserving enough to not go so far Dirk, but 
I will.  Huge swathes of qjail are direct copies of your code, in most 
cases only with the names of the variables changed from ezjail_* to 
qjail_*.  I found it cute renaming 'flavour' to the American spelling.

Anyone looking at bin/qjail from qjail-2.1.tbz alongside the latest 
ezjail-admin (mine downloaded from your cvsweb) cannot fail to notice
within the first couple of screens.  Sure there are changes, additions 
and deletions, but to fail to acknowledge the original authorship of 
this code, and the implication that Joe Barbish (aka 'Qjail project') is 
its original author is entirely outrageous; not ethical, even if legal.

To that end I'm cross-posting this to -questions, where Mr Barbish has 
also posted about his proposed "rewrite" of Chapter 16 of the Handbook, 
which is nothing but a huge and poorly written manual for 'the qjail 
way', with its peculiar assumptions and unique "jailcell" terminology.  
"Fourth Generation", no less!

The idea that the "doc gang" would entertain the idea of removing all of 
the worthy content of the present Chapter 16 - even if it does need some 
updating - and replace it with this effort is laughable, yet stranger 
things have happened if there's any disconnect between developers and 
documenters .. witness the Handbook firewalls section, by Joe Barbish.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: which X driver for NVIDIA Quadro FX 570M?

2013-02-11 Thread Ian Smith
On Mon, 11 Feb 2013 14:28:30 GMT, Anton Shterenlikht wrote:
 >  From smi...@nimnet.asn.au Mon Feb 11 13:49:38 2013
 > 
 >  On Mon, 11 Feb 2013 10:41:31 GMT, Anton Shterenlikht wrote:
 >   >  From: paranormal 
 >   >  Subject: Re: which X driver for NVIDIA Quadro FX 570M?
 >   >  To: freebsd-questions@freebsd.org
 >   >  Date: Wed, 06 Feb 2013 03:23:40 +0200
 >   > 
 >   >  I have t61p with mentioned card.
 >   >  x11/nvidia-driver works well for me (at least quake, doom, 
 > compiz work).
 >   > 
 >   > Thanks for all the replies.
 >   > 
 >   > I bought a T61p for 220 GBP - what bliss!
 >   > 
 >   > BIOS update - no problem
 >   > HEAD r246552 - no problem
 >   > wireless with iwn0:  - no problem
 >   > sound with hdac0:  - no problem
 >   > CD-RW with cd0:  Removable CD-ROM 
 > SCSI-0 device
 >   >   and sysutils/cdrtools-devel - no problem
 >   > X with nvidia0:  and x11/nvidia-driver - no problem
 >   > flash as per 
 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/desktop-browsers.html
 >   >   (7.2.1.2 Firefox and Adobe Flash Plugin) - no problem
 >   > 
 >   > In fact, no problems at all!
 >   > 
 >   > I can't recommend it enough.
 >   > 
 >   > Anton
 > 
 >  Suspend and resume?
 > 
 > I guess no... However, I'm very ignorant of suspend/resume,
 > so not sure I'm doing the right thing.
 > 
 > - the T61p manual details "standby" and "hibernation" modes.
 > Is this what you refer to by suspend?
 > I can go into standby with Fn+F4, or with "acpiconf -s 3"

Ok, state S3 is what we call suspend, more precisely suspend to RAM 
(STR); windows and so most BIOSes call that state standby.

 > but can't seem to get back. The disk starts, but the
 > screen is corrupted, kind of black with very few white dots.
 > I have to power off/on. 

A common enough tale these days.  I try to remain hopeful someone will 
get a more modern Thinkpad than the T43s (reportedly) or my older T23s 
(certainly) resuming in one unbroken piece every time again, one day ..

 > The Fn+F12, hibernation mode code, does not seem to
 > do anything.
 > 
 > - I've had a quick look at acpi(4) and apm(8).
 > I have:
 > 
 > hw.acpi.supported_sleep_state: S3 S4 S5
 > hw.acpi.s4bios: 0

S3 is suspend to RAM; S4 suspend to disk (STD, unsupported by FreeBSD);
S5 is power off, should work but may bypass some shutdown(8) processing.

S4, STD - 'hibernation' - has two varieties; with s4bios the BIOS itself 
writes machine state and all RAM to disk, usually a preallocated file in 
an msdosfs slice.  I haven't heard of any new boxes supporting this in 
BIOS for years; windows (since ~'95) and Linux (I'm told) support STD.

 > -  Anything I should check/test in BIOS?
 > I see that power management is enabled in BIOS.
 > Is that enough?

It should be, but doesn't seem to work on many.  When it resumes with 
messed up screen, can you ping it, or maybe ssh in, or is it dead?

If you boot it but don't start X, can it come back from suspend?

Frankly, unless you're _really_ keen to get STR working, this could turn 
into not just a rabbithole, but the whole warren - you'll have to really 
want to be the bunny!

Sounds like a very nice machine otherwise :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: which X driver for NVIDIA Quadro FX 570M?

2013-02-11 Thread Ian Smith
On Mon, 11 Feb 2013 10:41:31 GMT, Anton Shterenlikht wrote:
 >  From: paranormal 
 >  Subject: Re: which X driver for NVIDIA Quadro FX 570M?
 >  To: freebsd-questions@freebsd.org
 >  Date: Wed, 06 Feb 2013 03:23:40 +0200
 > 
 >  I have t61p with mentioned card.
 >  x11/nvidia-driver works well for me (at least quake, doom, compiz work).
 > 
 > Thanks for all the replies.
 > 
 > I bought a T61p for 220 GBP - what bliss!
 > 
 > BIOS update - no problem
 > HEAD r246552 - no problem
 > wireless with iwn0:  - no problem
 > sound with hdac0:  - no problem
 > CD-RW with cd0:  Removable CD-ROM SCSI-0 
 > device
 >   and sysutils/cdrtools-devel - no problem
 > X with nvidia0:  and x11/nvidia-driver - no problem
 > flash as per 
 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/desktop-browsers.html
 >   (7.2.1.2 Firefox and Adobe Flash Plugin) - no problem
 > 
 > In fact, no problems at all!
 > 
 > I can't recommend it enough.
 > 
 > Anton

Suspend and resume?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: zoneedit.com

2013-02-04 Thread Ian Smith
In freebsd-questions Digest, Vol 452, Issue 11, Message: 9
On Sat, 2 Feb 2013 11:45:05 -0500 Nick K  wrote:
 > I am posting here hoping that a "Dan" from ZoneEdit.com still monitors this
 > mailing list.
 > I am in a very bad situation and my mail forwarding has been down for over
 > a week -- no response from ZoneEdit support.
 > 
 > I found references to people getting help from "Dan" here:
 > http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2011-01/msg00504.html
 > 
 > My issue(s):
 > 
 > 1.) I can't login to zoneedit.com's "new" interface.  I used to be able to
 > log in to the "legacy" interface -- but apparently I'm in the same boat as
 > Mr. Jack L. Stone was -- in that you can no longer manage zones from the
 > legacy interface.
 > The legacy interface tells me my account is active at the new interface,
 > but the new interface tells me my account does not even exist.
 > 
 > 2.) My mail forwarding service provided by zoneedit.com stopped working
 > approximately last week monday.  It has been working fine since 2002.
 >  Don't you just love it when this stuff happens.
 > 
 > 3.) I can't change my DNS / mail forwarding service, because the email I
 > used for my domain registration at my registrar is one of the emails that
 > gets forwarded (and the forwarding is not working).
 > 
 > If Jack L. Stone or "Dan" from ZoneEdit can get in contact with me I would
 > be very grateful.
 > I don't know what else to do at this point.
 > The company that currently owns ZoneEdit (Dotster) won't help me -- they
 > say they don't have the ability to provide support for ZoneEdit customers.
 > 
 > This is my last hope pretty much.  Dan or Jack if you're out there, please
 > get back to me.

Nick, we've had some rouble with zoneedit recently also.  Someone who's 
clearly using zoneedit.com's mail services registered on a forum we run, 
but the auto registration response bounced and continued to bounce for 2
days, with the following response (edited to protect $poor_innocent):

===
Date: Fri, 25 Jan 2013 14:22:44 +1100
From: Mail Delivery Subsystem 
To: www-d...@folks.nimfm.org
Subject: Warning: could not send message for past 4 hours

The original message was received at Fri, 25 Jan 2013 10:15:45 +1100
from www-data@localhost [127.0.0.1]

- Transcript of session follows -
... while talking to mail.zoneedit.com.:
>>> DATA
<<< 450 4.7.1 Client host rejected: cannot find your reverse hostname, 
[220.233.175.114]
... Deferred: 450 4.7.1 Client host rejected: cannot 
find your reverse hostname, [220.233.175.114]
<<< 554 5.5.1 Error: no valid recipients
Warning: message still undelivered after 4 hours
Will keep trying until message is 2 days old

Reporting-MTA: dns; folks.nimfm.org
Arrival-Date: Fri, 25 Jan 2013 10:15:45 +1100

Final-Recipient: RFC822; xxx...@x.com
Action: delayed
Status: 4.7.1
Remote-MTA: DNS; mail.zoneedit.com
Diagnostic-Code: SMTP; 450 4.7.1 Client host rejected: cannot find your reverse 
hostname, [220.233.175.114]
Last-Attempt-Date: Fri, 25 Jan 2013 14:16:25 +1100
===

I forwarded the above (plus dig results proving there was nothing wrong 
with our reverse DNS on some big nameservers) to postmas...@zoneedit.com 
but have received no response, and of course we have no way to contact 
$poor_innocent.  Not a good look.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: FreeBSD and snd_hdspe last-ditch attempt

2013-01-22 Thread Ian Smith
On Tue, 22 Jan 2013, Ralf Mardorf wrote:
 > Cc: FreeBSD quest 

 > Hi :)

Hi Ralf,

I've been following this saga for a while, with interest but no specific 
knowledge of your gear nor how you intend to use it.  All I can comment 
on is the way you're going about reporting and debugging your issues.

I'm not sure repeating these in questions@ will be much use if you can't 
get answers in multimedia@, but I'll leave that alone for now.  I know 
you're new to FreeBSD from Linux and can't know what advice might be 
useful and what may be wild goose chases, harder to tell in questions@

 > I can use Opera to play YouTube by the analog IOs of the HDSPe AIO sound
 > card. I can use Jack with OSS and play a WAV by Audacity and by Audacious and
 > I also can hear ZynAddSubFX. All of them only use the 2 analog IOs.
 > 
 > If I test VLC with OSS and /dev/dsp or /dev/dsp* (* is for 0 to 7), it
 > doesn't work.

What you're not telling people, now at least, is some of the basics from 
sound(4), ie which hints and sysctls you have set, for example how many 
channels and vchans you have enabled, which /dev/dsp* actually exist now 
(showing with 'ls -l /dev/dsp*' rather than telling), and how thoroughly 
you've taken the advice in sound(4) re setup and debugging, like setting 
sysctl hw.snd.verbose to 4 and reporting 'cat /dev/sndstat' results - 
this will be voluminous I'm sure, but will be needed by whoever is going 
to look at this.  I suggest gathering all the necessary information in 
one place and submitting a PR, if you can't get direct help on lists.

 > I don't know how to use Gnome Music Player Client. It's asking for an ominous
 > host, it's seemingly not the name of the machine.
 > 
 > cat file > /dev/dsp is mentioned in the handbook, but it doesn't work. ALSA
 > completely isn't available.
 > 
 > Is there nobody able to help? Are there no correct instructions what to do?
 > Is anybody else using snd_hdspe besides the coder and me?

I assume you've read what little there is in snd_hdspe(4) and the great 
deal that there is in sound(4) and are now well familiar with it, though 
your messages don't particularly indicate such familiarity.  I realise 
that you're an audio professional, but being a new card with few if any 
other users you may have to do a fair bit of digging, like inspecting 
/sys/dev/sound/pci/hdspe* and playing around with hw.snd tunables.

This is a new driver, first appearing in FreeBSD 10 :) according to 
snd_hdspe(4).  I don't know when it was merged to 9 or what level of 
testing it's had in the field, but I have to assume you've already 
discussed your issues with its author, Ruslan Bukin  ?

Sorry I can't offer anything more concrete, and good luck.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Reading the handbook from console

2013-01-11 Thread Ian Smith
In freebsd-questions Digest, Vol 449, Issue 9, Message: 25
 [ pardon loss of threading ]
On Thu, 10 Jan 2013 15:56:24 -0800  wrote:

 > > From: Polytropon [mailto:free...@edvax.de]
[..]
 > > > > There is no text mode web browser in the base system.
 > > > > Installing one is easy: As the HTML files generated
 > > > > for the Handbook are good quality, they display nicely
 > > > > in lynx, links, and w3m (probably the most prominent
 > > > > three text mode web browsers).
 > > > >
 > > > >
 > > >
 > > > I must know...
 > > >
 > > > What is Polytropon's favorite of those listed? (and perhaps also 
 > > > "elinks" ?)
 > > 
 > > Hard to say, now that X is everywhere... :-)
 > > 
 > > In the past, I've started using lynx because it was "the
 > > default". Somehow I even tend to remember that it was part
 > > of the default installation in around FreeBSD 4 or so...
 > > but that could be wrong.

No that's right, it had been lynx since 2.2, if not earlier.  Somewhere 
early in 5.x, by 5.2 at least, it had changed to links:

===
Options Editor

NameValue   NameValue
-   -
NFS Secure  NO  Install Root/
NFS SlowNO   >> Browser package links <<
NFS TCP NO  Browser Exec/usr/local/bin/links
NFS version 3   YES Media Type  
Debugging   NO  Media Timeout   300
No Warnings NO  Package Temp/var/tmp
Yes to All  NO  Newfs Args  -b 16384 -f 2048
DHCPNO  Fixit Console   serial
IPv6NO  Re-scan Devices <*>
Skip PCCARD NO  Use Defaults[RESET!]
FTP usernameftp
Editor  ee
Tape Blocksize  20
Extract Detail  high
Release Name5.5-STABLE

Use SPACE to select/toggle an option, arrow keys to move,
? or F1 for more help.  When you're done, type Q to Quit.

This is the browser package that will be used for viewing HTML docs
===


 > > Later on I tried w3m and also found it usable.
 > > 
 > > Today I'd say I prefer links for interactive text mode
 > > browsing. Still "lynx -dump" is a welcome tool in some
 > > of my scripts, and never change a running system. :-)

I used to use lynx a lot, browsing the web through a 56k modem in the 
late '90s, however I made far more headway with links as it could deal 
reasonably well with basic functional javascript where lynx couldn't, 
at least then, and I seem to recall an issue with upstream maintenance.


 > Ok, the reason I ask is actually because I have this insane (?) idea of 
 > shoving
 > one of the aforementioned solutions onto the installation media so that 
 > (gasp)
 > we can have that functionality back like we had in the days of sysinstall.

Shock horror! :)  No, not insane at all.  I can't believe the disconnect 
from newer FreeBSD users' needs that bsdinstall presently represents, 
especially those with less than the latest awesome kit, and I applaud 
you carrying on with bsdconfig and improving bsdinstall, about which I 
have far too many suggestions that might steal this topic :)

 > So naturally, my first question is "which one?"
 > 
 > Thoughts?
 > -- 
 > Devin

Well I doubt links works any less well that it did, though it's probably 
not up to all the latest JS, CSS and other recent tricks 'out there'.  
Certainly for the stated purpose of rendering Handbook and FAQ it will 
do fine.  It does (did then) weigh more than lynx but worth it, I feel:

smithi on sola% ls -l `which links`
-r-xr-xr-x  1 root  wheel  2959956 Oct 25  2006 /usr/local/bin/links
smithi on sola% ls -l `which lynx`
-r-xr-xr-x  1 root  wheel  1078068 Jul 26  2006 /usr/local/bin/lynx


Polytropon concludes:

 > > However, The FreeBSD Handbook and the FAQ mostly contain
 > > text, I mean, that's what they are about, and for reading
 > > text I don't see a need for graphics. If I want graphics,
 > > I have X. :-)

Exactly.  Although regarding installing X on 9.1 before newer packages 
are available - and it IS painful or at least very slow to build on the 
likes of 1GHz laptops - I can't see any reason the X that was working 
as of mid-October would be any problem, unless there's been some major 
revision or security scare since?  The 9.x ABI is constant.  I grabbed:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/en-freebsd-doc.tbz
 
(dated 10/16/12 09:13:00) and pkg_add'ed it, and will do the same for X 
when I get 9.1 also going on my 'big' 768MB RAM ThinkPad.

For those with the horsepower, sure, build X, KDE/GNOME, OpenOffice etc.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: pkg_add and 9.1 Release

2013-01-02 Thread Ian Smith
In freebsd-questions Digest, Vol 448, Issue 3, Message: 24
  - please pardon the loss of threading -
On Wed, 2 Jan 2013 02:47:41 -0500 (EST) d...@safeport.com wrote:
 > On Wed, 2 Jan 2013, Matthew Seaman wrote:
 > 
 > > On 02/01/2013 05:20, doug wrote:
 > >> Is this command being phased out? pkg_add -r uses a default environment
 > >> of
 > >> ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.1-release/Latest/
 > >
 > > In fact, yes, pkg_add and the other pkg_tools commands are being phased
 > > out in favour of pkgng.  However it is early days yet, and the problem
 > > you're seeing has nothing to do with that process.  pkgng won't become
 > > the default in 9.x until the next release: until then the status quo
 > > ante persists.

Looking forward to using pkgng on my next 9.1 laptop, thanks Matthew.

 > >> This path does not exist on ftp.freebsd.org.
 > >
 > > Quite so.  It's because of this:
 > >
 > > http://www.freebsd.org/news/2012-compromise.html
 > >
 > > As a consequence, large parts of the package building infrastructure are
 > > quarantined, pending reinstallation.  Also there is a lot of work going
 > > into revising the software used to build the packages with security
 > > enhancements in mind.  So there simply aren't packages available yet to
 > > go with 9.1-RELEASE.
 > 
 > Ah yes, thank you Matthew. I had forgotten about that. I guess the 9.1RC3 
 > packages were removed for the same reason.

ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/ 
is still there, though.  I ran into this from the installed 9.1-RELEASE 
/etc/motd's suggestion of adding Handbook, FAQ etc by using pkg_add -r 
en-freebsd-doc.  I browsed to

ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/docs/en-freebsd-doc-39278,1.tbz

dated October, and figured that should do for now :) I could have set 
PACKAGESITE but it was as easy to fetch(1) that file then pkg_add it.  

If I were going to install say X + KDE on that laptop - which I'm not - 
I'd merrily use what was fresh in October and upgrade as packages become 
available again, and build anything needing 'more freshness' from ports.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: shell script problem

2012-12-24 Thread Ian Smith
In freebsd-questions Digest, Vol 447, Issue 1, Message: 13
On Sun, 23 Dec 2012 18:48:12 +0100 Dh?nin Jean-Jacques 
 > 2012/12/23 Polytropon 

 > > #!/bin/sh
 > >
 > > cat foo.txt | while read LINE1
 > > do
 > > cat bar.txt | while read LINE2
 > > do
 > > if [ "$LINE1" = "$LINE2" ]; then
 > > sw="1"
 > > echo "Current value of sw is : " $sw
 > >
 >   * ps -l | grep $$   *
 > # see subshell here

Yes indeed.

 > >  break
 > > fi
 > > done
 > >
 > 
 >  *  echo " Process: " $$*
 > # And the parent

Yep.

 > >  echo "Value of sw is : " $sw
 > > if [ "$sw" = "0" ]; then
 > > echo "DO SOMETHING!"
 > > fi
 > > sw="0"
 > > done
 > >
 > 
 > I suggest :
 > 
 > -%><-
 > 
 > #!/bin/sh
 > 
 > cat foo.txt | while read LINE1
 > do
 > echo 'One' > $$tmp
 > cat bar.txt |while read LINE2
 > do
 > if [ "$LINE1" = "$LINE2" ]; then
 > echo 'ok' > $$tmp
 > break
 > fi
 > done
 > 
 > if [ `cat $$tmp` = "One" ]; then
 > echo "One !"
 > fi
 > 
 > if [ `cat $$tmp` = "ok" ]; then
 > echo "ok !"
 > fi
 > done

Or, to avoid subshell(s) created in pipeline(s), and subsequent loss of 
variables set in the subshell(s) to their parents, rather than using:

cat foo.txt | while read LINE1
[..]
cat bar.txt | while read LINE2
[..]
done
[..]
done

you can use:

while read LINE1
[..]
while read LINE2
[..]
done < bar.txt
[..]
done < foo.txt

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: audio playback with variable tempo

2012-12-14 Thread Ian Smith
In freebsd-questions Digest, Vol 445, Issue 5, Message: 25
On Fri, 14 Dec 2012 09:52:53 +0100 Polytropon  wrote:
 > On Thu, 13 Dec 2012 16:56:51 -0700, Gary Aitken wrote:
 > > On 12/12/12 23:51, Polytropon wrote:
 > > > On Wed, 12 Dec 2012 16:27:16 -0700, Gary Aitken wrote:
 > > >> Can anyone suggest an audio playback application that allows you to 
 > > >> vary the
 > > >> tempo?  I've used audacity on win systems, but I don't see that in 
 > > >> ports.
 > > > 
 > > > Except that audacity actually _is_ in ports, if you just
 > > > require "adjustable" speed (without editing / saving the
 > > > original file), you could use "mplayer -speed  ",
 > > > or use "mplayer " and use the [ ] and { } keys to
 > > > adjust the speed (if you have OSD on, key 'o') you can
 > > > see the speed (if the file contains video; if not, the
 > > > output will be text only for information purposes).
 > > 
 > > Thanks.  
 > > Speed is not what I want to adjust, as it changes the pitch.
 > > The playback timing needs to be adjusted so everything has the same pitch,
 > > but just comes out faster or slower.
 > 
 > Oh, I see. No problem - Audacity can do that. (And as it has
 > been suggested, if you need to apply batch operation, you
 > can use sox, also in ports.)

sox(1) _can_ be daunting, but has this to say on the $subject:

  tempo [-q] factor [segment [search [overlap]]]
  Change the audio tempo  (but  not  its  pitch).   The  audio  is
  chopped  up  into  segments  which  are then shifted in the time
  domain and overlapped (cross-faded) at points where their  wave-
  forms  are  most similar (as determined by measurement of `least
  squares').

  By default, linear searches are used to find the  best  overlap-
  ping  points;  if  the  optional  -q  parameter  is  given, tree
  searches are used instead, giving a quicker, but possibly  lower
  quality, result.

  factor  gives  the  ratio of new tempo to the old tempo, so e.g.
  1.1 speeds up the tempo by 10%, and 0.9 slows it down by 10%.

  The optional segment parameter selects the  algorithm's  segment
  size  in milliseconds.  The default value is 82 and is typically
  suited to making small changes to the tempo of music; for larger
  changes  (e.g.  a  factor of 2), 50 ms may give a better result.
  When changing the tempo of speech,  a  segment  size  of  around
  30 ms often works well.

  The  optional  search  parameter  gives the audio length in mil-
  liseconds (default 14) over which the algorithm will search  for
  overlapping  points.  Larger values use more processing time and
  do not necessarily produce better results.

  The optional overlap parameter gives the segment overlap  length
  in milliseconds (default 12).

  See  also  speed  for  an  effect  that  changes tempo and pitch
  together, pitch for an  effect  that  changes  tempo  and  pitch
  together,  and  stretch for an effect that changes tempo using a
  different algorithm.

Works for me.  Audacity may do more, but explain less what it's doing?

 > > However, I'm a little confused on what all the devices are related to 
 > > audio.
 > > 
 > > For the default device, which I've set to unit 3 (for pcm3), 
 > > I see the following in /dev:  dsp3.0 mixer3
 > > What are each of these associated with?
 > > The mixer itself shows the following devices:
 > >   vol, pcm, mix, rec, igain, ogain, monitor
 > > Can someone point me to documentation on what these are and how they 
 > > interact?  
 > > It's not obvious to me what the difference between vol and ogain,
 > > or rec and igain, are, for example.  What is mix mixing, and what does 
 > > monitor do?  A schematic would be helpful...
 > 
 > If I remember correctly, monitor is a monitor channel for the
 > inputs, so this channel contains what will be recorded (even
 > though only one of its sources can be recorded at a time).
 > It lets you listen to the recording source.

Gary has a mix device too .. see below.

 > The manpage mentions several mixer devices:
 > 
 >  The list of mixer devices that may be modified are:
 > 
 >vol, bass, treble, synth, pcm, speaker, line, mic, cd, mix, pcm2,
 >rec, igain, ogain, line1, line2, line3, dig1, dig2, dig3, phin,
 >phout, video, radio, and monitor.
 > 
 >  Not all mixer devices are available.
 > 
 > True, my sound card doesn't have all of them. :-)

:)  I was going to challenge you on your 'only one at a time', when I 
discovered the AC97 in my Thinkpad T23 doesn't let me record from 'mix' 
either, which surprised me as years earlier I'd sometimes record from 
mix, usually line + mic, on an ancient Compaq 1500c (Celeron 300MHz, 
made in '98

Re: audio playback with variable tempo

2012-12-13 Thread Ian Smith
In freebsd-questions Digest, Vol 445, Issue 4, Message: 12
On Wed, 12 Dec 2012 16:27:16 -0700 Gary Aitken  wrote:

 > Can anyone suggest an audio playback application that allows you to vary the
 > tempo?  I've used audacity on win systems, but I don't see that in ports.

You'll have found audacity by now, but audio/sox does that and a zillion 
other things (mixing, pitch bend, all sorts of filtering and effects ..) 
if you're happy working from commandline or scripts and can handle a 
HUGE man page that's pretty much a background to audio processing in 
general.  It's very fast and light, too, for recording or playback.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Reprieve [was: Re: FreeBSD 9.1-RC1 Available... (fwd)]

2012-09-19 Thread Ian Smith
Folks,

Seems that those (like me) concerned about 9.1 release branch activity 
not having been exported to CVS, requiring moving to SVN and abandoning 
c*sup source updating 'all of a sudden', can relax migration schedules a 
bit, for now .. though it's been a good 'gee-up' for me, at least.

Probably worth mentioning that this only ever affected RELENG_9_1, ie 
9.1 BETAs and RCs, not RELENG_9 (ie 9-STABLE) sources.

Thanks Bjoern!

cheers, Ian

-- Forwarded message --
Date: Tue, 18 Sep 2012 12:20:23 + (UTC)
From: Bjoern A. Zeeb 
To: FreeBSD Release Engineering Team 
Cc: freebsd-stable 
Subject: Re: FreeBSD 9.1-RC1 Available...

On Thu, 23 Aug 2012, Ken Smith wrote:

Hi,

let me reply to the very initial email in this monster of public thread.

> With both the doc and ports repositories now moved to SVN it has been
> decided to not export the 9.1 release branch activity to CVS.  So
> csup/cvsup update mechanisms are not available for updating to 9.1-RC1.
> If you would like to use SVN the branch to use is releng/9.1.

RELENG_9_1 is now exported the CVS as well and will be for as long as
things will be exported to CVS.   It will take another few hours to
get near your local mirror as they'll all be chewing on each other the
next 12 hours.  Enjoy!

Any further discussions on src export I'll leave to other people
wearing hats.

/bz

-- 
Bjoern A. Zeeb You have to have visions!
 Stop bit received. Insert coin for new address family.
___
freebsd-sta...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: kinternet alternative in FreeBSD

2012-09-16 Thread Ian Smith
In freebsd-questions Digest, Vol 432, Issue 6, Message: 15
On Fri, 14 Sep 2012 11:26:57 +0200 Polytropon  wrote:
 > On Fri, 14 Sep 2012 11:05:03 +0200, suseuse...@lajt.hu wrote:
 > > Matthias, Polytropon:
[..]
 > > Thank you for your answers.
 > > I am using KDE 3.5.10. I would like to use FreeBSD as a desktop machine
 > > for replacing openSUSE if it is possible at all.
 > 
 > I don't see a reason why this shouldn't be possible. Many years
 > ago, FreeBSD 4 obsoleted Linux as my home desktop, and I do not
 > regret the choice. Depending on what _you_ actually *do* with
 > your computer, there _may_ be certain "obstacles".
 > 
 > > For clarity, I do not need exactly kinternet, I want only an GUI frontend
 > > for pppdial which possibly resides in system tray and can be used to 
 > > control
 > > network connections.

 > As I said, I've heared of a tool named kppp, and according to
 > the traditional naming convention in KDE (of _that_ time), I
 > assume this is a KDE program for dealing with ppp. Even though
 > networking is done at OS level which doesn't have such a tight
 > integration with desktop environments as this is done in
 > Linux (as the "big three" desktop environments are quite
 > Linux-centric), ppp can be invoked by the user (if he has
 > been granted the required permissions by the system administrator).
 > If a KDE program can "communicate" with the ppp command line
 > tool, it should work.

Well the trouble is that KPPP only ever supported pppd, and FreeBSD had 
finally dropped pppd by 8.0.  Many users requested user ppp(8) support 
in KDE and specifically KPPP, since nearly everyone was using ppp(8) 
even while pppd was supported.  KDE folks showed no interest, and noone 
on "our side" worked on adding ppp(8) support - as I recall, anyway :)

No wonder Linux folks hide pppd operation in wrappers and tray gadgets; 
manually configuring pppd on Mandrake or Debian with half a zillion conf 
files is a job best left to robots, indeed.  It wasn't nearly so bad on 
FreeBSD, as detailed in: http://www.freebsd.org/doc/handbook/ppp.html 
(for FreeBSD 7.X only) but pppd still lacked functionality that had been 
straightforward in ppp(8) since at least '98 when I set it up for ISP 
dialout and 3 dialup 33.6kbps modems .. no X on that box of course.

 > > In openSUSE kinternet is a frontend for smpppd package.
 > > smpppd requires ppp. I will try to look into it whether  smpppd  can
 > > work with FreeBSD's ppp.
 > 
 > That sounds like an interesting approach. Good luck!

On this 8.2-R system I checked /usr/ports; no mention of smpppd. 
grepping /usr/ports/net/* for pppd|PPPD found a few things, including a 
port of pppd itself, presumably one could install that.

t23% find /usr/ports -iname \*smpppd\*
t23% find /usr/ports/net -exec grep -Hi smpppd {} \;
t23% find /usr/ports/net -exec grep -Hi pppd {} \;
[.. snippets ..]
/usr/ports/net/Makefile:SUBDIR += pppd23
[..]
/usr/ports/net/l2tpd/files/patch-Makefile: # pools to pass to pppd ...
/usr/ports/net/poptop/files/patch-pptpctrl.c:   
  syslog(LOG_DEBUG, "CTRL: pppd speed = %s", speed);
/usr/ports/net/poptop/files/patch-pptpctrl.c:+  
  syslog(LOG_DEBUG, "CTRL: BSD userland ppp system label = %s",
[..]
usr/ports/net/pppd23/Makefile:# New ports collection makefile for: pppd 2.3.11
[..]
/usr/ports/net/pptpclient/files/patch-aa:-PPPD = /usr/sbin/pppd
/usr/ports/net/pptpclient/files/patch-aa:+PPPD = /usr/sbin/ppp
/usr/ports/net/rp-pppoe/Makefile:# New ports collection makefile for: popular 
pppd pppoe client
[..]
/usr/ports/net/xisp/pkg-descr:The xisp package implements a 
  user-friendly X interface to pppd/chat

The latter might be of use with the ports pppd 2.3 (or later by now)

"The xisp package implements a user-friendly X interface to pppd/chat
and provides maximum feedback from the dial-in and login phases on a
browser screen, as well as a manual login terminal window. It also
provides greater versatility in interrupting a call in progress and in
general enhances the user's feeling of "what's going on", especially
if he/she is not all that well acquainted with the intricacies of
system log files. Xisp also has means to track your phonecosts.

WWW: http://xisp.hellug.gr/";

So if suseuser wants to stick with the familiar rather than learning to 
use FreeBSD's ppp(8), perhaps some of that may help.

 > I know that's basically possible. Many years ago, I wrote
 > a Tcl/Tk-based frontend with buttons to enable / disable
 > the connection, see the status and the elapsed time. If
 > that has been possible, chances are good that KDE in its
 > much advanced manner has something comparable.

Maybe there's something new in KDE4.  I'm sticking with 3.5 on my T23; 
I only have 768MB RAM :) and it does everything I need on the desktop.

It's not that hard to setup KDE desktop bottons to run whatever scripts 
you might need to start/stop/whatever with user ppp(8), but I've never 
bothered since mpd does a fine job of fulltime

Re: 9.0 release hang in quiescent X [Solved]

2012-08-21 Thread Ian Smith
On Tue, 21 Aug 2012 09:54:14 -0600, Gary Aitken wrote:
 > Having run for a couple of days now without problems, 
 > I'm guardedly optimistic I've solved this problem.
 > It appears the problem had nothing to do with screen blanking.
 > The solution was to disable memory mapping in BIOS,
 > whose purpose is to recover the memory addresses reserved for hardware
 > in old PC architectures.  
 > It means some memory will never be used, but that's better than a hang. 
 > 
 > http://vip.asus.com/forum/view.aspx?id=20110131214116581&board_id=1&model=M4A89TD+PRO%2fUSB3&page=1&SLanguage=en-us

That's great news Gary, good hunting.

I read that forum post, which did look worth trying.  Whether it's a 
BIOS bug or just something to watch out for I don't know, but it seems 
to be a trap for the unwary; so many BIOS settings are poorly explained.

Those guys were losing 768MB or more, but had plenty to spare.  You?

I'm still running an older Xorg here, so had no idea about any default 
10 minute blanktime.  I'll remember that ..

[..]

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: 9.0 release hang in quiescent X

2012-08-19 Thread Ian Smith
In freebsd-questions Digest, Vol 428, Issue 7, Message: 4
On Fri, 17 Aug 2012 13:51:07 -0600 Gary Aitken  wrote:
 > On 08/16/12 00:04, Matthew Seaman wrote:
 > > On 16/08/2012 05:45, Gary Aitken wrote:
 > ...
 > >> Running 9.0 release on an amd 64 box, standard kernel, 16GB, SSD (/,
 > >> /usr, /var, /tmp) + HDDs, visiontek 900331 graphics card (ati radeon
 > >> hd5550).
 > >>
 > >> As long as I am using the system, things seem to be fine.  However,
 > >> when I leave the system idle for an extended period of time (e.g.
 > >> overnight, out for the day, etc.), it often refuses to return from
 > >> whatever state it is in.  The screen is blank and in standby for
 > >> power saving, and  Fn won't get me a console prompt.  The
 > >> only way I know to recover is to power off and reboot.
 > ...
 > >> Can someone suggest a good way to proceed to figure out what's going
 > >> on?
 > > 
 > > Can you get network access to the machine when it gets into this state?
 > 
 > I enabled remote logins and when the system hangs, I can neither log 
 > in nor ping it.  I can do both of those prior to a hang.

Hi Gary.  Please wrap text less than 80 columns on freebsd lists; I was 
going to reply to a later message but it had got too messy.  Turned out 
this one is more useful anyway, so I've taken the liberty ..

 > > If you can't, that suggests the OS is hanging or crashing, possibly in
 > > response to going into some sort of power-saving mode.

Now we know that you can't, what Matthew says is pretty likely the case.

 > > As to working out what the underlying cause of the problem is: that's
 > > harder.  I'd try experimenting with the power saving settings for your
 > > graphics display.  If you can turn them off as a test, and the machine
 > > then survives for an extended period of idleness, you'll have gone a
 > > long way towards isolating the problem.

Have you yet tried turning off any and all power saving settings, until 
your monitor quits blanking/suspending, and the machine keeps running?

The monitor isn't blanking by itself, BIOS suspend & power off settings 
for screen, disk etc shouldn't affect a running FreeBSD system (but turn 
them off anyway!) - so we're left with something you've set yourself, 
presumably via your (which?) window manager, which then has Xorg, using 
your hardware's particular driver, do the dirty work on the hardware.

Just that it's not clear you've yet isolated the main suspect.  There's 
buggy hardware, buggy ACPI/BIOS implementations, buggy video drivers; it 
makes sense to rule out another hardware problem by leaving video on.

 > My display, a NEC multisync LCD 1970NX, has a menu item for "Off 
 > Timer" but it is set to "off"  As far as I can tell there are no 
 > other power saving options on the display itself.

Even if the display failed completely, it won't make FreeBSD crash.

 > Could this be related to the sync rates?  I'm using whatever X.org 
 > and the drivers decided to come up with, which is 63.9kHz H, 59.9Hz 
 > V.

Again, that could only mess up the display, FreeBSD wouldn't care, but 
you've said you can't ping or login so it seems more likely software.

 > I have the following in rc.conf:
 >   powerd_enable="YES" # Run powerd to lower our power usage.
 >   powerd_flags="-a hiadaptive -n hiadaptive -p 250"

Sure.  No relation to video; despite people regularly wanting to add 
such features, it sticks to its one job like a good little unix tool.

 > I presume screen blanking is independent of cpu frequency rates, but 
 > it's not clear to me how the screen blanking is controlled.  How does 
 > screen blanking interact with BIOS?  My screen blanks, but it's not 
 > clear to me if it's BIOS or the os that's doing it.

Something you set is doing it :)  If running say KDE, suspects would 
include screen'savers' (as many have mentioned), window manager power 
settings (setting/peripherals/display/powercontrol on kde3), and lastly 
as Warren mentioned, settings for Xorg itself, in xorg.conf (if any).

As for BIOS, well make sure any video messing with is turned off, but 
except BIOS settings expressed as AML code to ACPI, the OS ignores it.

 > man acpi indicates acpi should not be disabled:
 >   "Disabling all or part of ACPI on non-i386 platforms (i.e., 
 > platforms where ACPI support is mandatory) may result in a 
 > non-functional system."

That's correct.  Systems with more than one CPU rely on ACPI, period.  
Anyway, in the other thread Polytropon has boldly taken on, we see ACPI 
enabled.  [BTW don't worry about those 'reservation failed' messages if 
not followed by indications of some failed subsystem; they really should 
only be shown on verbose dmesg IMO, as they tend to alarm people - QED]

 > On 08/16/12 00:06, Steve O'Hara-Smith wrote:
 > >Are you running any kind of screensaver ?
 > >Sometimes the OpenGL screen saver modules crash without proper
 > > hardware support. If you're running a screensaver try disabling it and just
 > > using display 

Re: weird problem with 9.0 Release and ed0

2012-08-11 Thread Ian Smith
In freebsd-questions Digest, Vol 427, Issue 6, Message: 16
On Fri, 10 Aug 2012 12:39:36 +0200 "Christoph P.U. Kukulies" 
 wrote:
 > Am 10.08.2012 11:40, schrieb Christoph P.U. Kukulies:
 > > Am 10.08.2012 11:28, schrieb Christoph P.U. Kukulies:
 > >> The problem need not to be confined to 9.0. It stated to develop 
 > >> under 5.1 already.
 > > read: started to develop...
 > >>
 > >> I'm running a natd gateway machine that was developing strange 
 > >> behaviour such that the
 > >> outside interface (ed0, BNC connector) that was connected via a small 
 > >> media converter switch to
 > >> the providers sync line had dropouts. The machine couldn't ping into 
 > >> the Internet and also couldn't be pinged.
 > >>
 > >> I first thought it was the switch/media converter, but another 
 > >> (Windows XP) machine that was on the
 > >> same BNC cable worked flawlessly.

That XP box was directly on the outside, not inside nat'd via this one?

 > >> So I decided to migrate that 5.1 machine to a 9.0 machine. The 
 > >> situation now is that I have the9.0 machine
 > >> at the BNC cable and simultanously the old FreeBSD 5.1 gateway on the 
 > >> same BNC cable but through a
 > >> TP adapter. This was the old machine works fine and I can care about 
 > >> the new machine.

Not quite clear .. can you sketch your network configuration?

 > >> Is there a known problem with ed0 cards that have the Realtek 8029 
 > >> chipset. Do they need some
 > >> special flags like memory mapping or irq?

Long time since I've run anything with 10base2/BNC, but it used to work 
ok, on an ed0.

 > >> When I for example boot the 9.0 machine the comping up of the em0 (on 
 > >> mainboard interface results in a highlighted
 > >> kernel message on the console. The coming up of the ed0 is not 
 > >> flagged this way. And as a result the
 > >> ed0 interface seems to be dead.

Does the outside interface have a static address, or do you use DHCP 
via the provider's switch/hub/whatever?  Show /etc/rc.conf setup.  It 
smells a bit like the interface may not be up soon enough at that time; 
the ntpd message below could also indicate something like that re ipv6.

 > >> Here some excerpts of dmesg:
 > >> em0:  port 0x4400-0x441f 
 > >> mem 0x9310-0x9311,0x93124000-0x93124fff irq 20 at device 25.0 
 > >> on pci0
 > >> em0: Using an MSI interrupt
 > >> em0: Ethernet address: 00:1c:c0:37:b2:9f
 > >>
 > >> ed0:  port 0x1000-0x101f irq 22 at device 1.0 on pci7
 > >> ed0: Ethernet address: 00:e0:7d:7c:2b:4a
 > >>
 > >> I also see this:
 > >> Jul 30 23:03:54 forum ntpd[1711]: unable to create socket on ed0 (20) 
 > >> for fe80::
 > >> 2e0:7dff:fe7c:2b4a#123

You should get more / better clues if you boot with verbose messages.

 > > Forgot to add this info:
 > >
 > > ed0: flags=8843 metric 0 mtu 1500
 > > ether 00:e0:7d:7c:2b:4a
 > > inet 80.72.44.230 netmask 0xfff0 broadcast 80.72.44.239
 > > inet6 fe80::2e0:7dff:fe7c:2b4a%ed0 prefixlen 64 scopeid 0xa
 > > nd6 options=29
 > > media: Ethernet autoselect (10base2/BNC)
 > >
 > 
 > Must add some more info:
 > 
 > My kernel config:
 > 
 > cpu I486_CPU
 > cpu I586_CPU
 > cpu I686_CPU
 > ident   DIVERT
 > 
 > makeoptions DEBUG=-g# Build kernel with gdb(1) debug 
 > symbols
 > options IPFIREWALL
 > options IPFIREWALL_VERBOSE
 > options IPFIREWALL_VERBOSE_LIMIT=10
 > options IPDIVERT
 > options IPFIREWALL_DEFAULT_TO_ACCEPT
 > 
 > (the rest like in GENERIC).

Just to mention: you don't actually need to include FIREWALL* or DIVERT 
in kernels these days; a GENERIC kernel will work fine, loading modules 
as needed.  Only exception is if you needed FIREWALL_FORWARD, which it 
appears you don't.

 > Strange thing:
 > 
 > I cannot ping neither the outside interface address nor the inside 
 > (172.27.2.115)
 > 
 > --
 > Christoph Kukulies

Please show output from:

# egrep 'ifconfig|firewall|natd|gateway|ntpd' /etc/rc.conf
# cat /etc/natd.conf
# ipfw show
# netstat -finet -rn

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Waking system up from suspend-to-ram at specified time.

2012-07-30 Thread Ian Smith
In freebsd-questions Digest, Vol 425, Issue 13, Message: 13
On Sat, 28 Jul 2012 21:37:48 +0200 Piotr Czachur  wrote:
 > Dear users,
 > 
 > Does FreeBSD support waking system up from S3 (suspend to RAM) state
 > at specified time? On Linux, it can be achieved using rtcwake command
 > that uses RTC support in kernel.

Not yet, unless I've missed something since 2010 (not impossible :) 

 > If it's not supported, maybe I can somehow enable waking from S3 using
 > BIOS autoresume option? It powers my box on from complete off, but
 > fails to wake it up from S3. What works for now is waking from S3
 > using Wake-on-LAN.
 >
 > Cheers,
 > Piotrek

On my Thinkpad T23, BIOS autostart (not autoresume) time setting also 
works only from a cold start.  WoL also worked from 'off' but not from 
S3, but that was on 8.1-STABLE.  What version are you running, and on 
what machine?  Some reports indicate success may depend on which BIOS.

I'll forward you offlist a couple of never-completed drafts that turned 
up in postponed messages from 2010 while hunting mail about this, to 
(bcc'd) avg@, brucec@ and mav@, after researching this in response to an 
ACPI PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern%2F73823&cat=

Then at least, you also had to modify Linux shutdown behaviour to avoid 
writing the clocktime back to the RTC if a wake time had been set, as 
RTC writes did not preserve the RTC wake interrupt bit, for some reason.

FreeBSD also does not preserve (gratuitously zeroes) that bit on all RTC 
writes, which is easily enough fixable, mostly in writertc.c, with few 
other places needing mods that I could see.  Ah yes, plus a (cleanroom) 
utility not unlike rtcwake, but once writertc() is fixed that should be 
relatively trivial, without needing to mess with the shutdown code.

Present circumstances don't permit me to work on this further, but I do
think it could be a worthwhile and not so hard project for 'someone' :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re[2]: ipfw counters for tables

2012-07-23 Thread Ian Smith
On Mon, 23 Jul 2012 13:13:47 +0300, Eugen Konkov wrote:
 > , Ian.
 > ?? ?? 23  2012 ?., 8:27:50:
 > IS> In freebsd-questions Digest, Vol 424, Issue 10, Message: 10
 > IS> On Sun, 22 Jul 2012 14:55:46 +0300 Eugen Konkov  
 > wrote:
 > IS> Hi Eugen,
 > 
 >  >> I use ipfw tables to allow host to access to internet.
 >  >> is there counter for matched packets/bytes for table entry like for 
 >  >> ipfw rule?
 >  >> 
 >  >> #ipfw show 901
 >  >> rule packetsbytes
 >  >> 00901  302271108  27717115967 allow ip from 10.10.1.3 to any
 >  >> 
 >  >> #ipfw table 7 list
 >  >> ---table(7)---
 >  >> 10.7.60.41/32 100
 >  >> 
 >  >> No counters here (((
 > 
 > IS> No, there are no individual counters for matched entries in tables.  
 > IS> Apart from extra space cost, the accounting time cost would be huge; 
 > IS> lookups are fast but updating radix trees per match would be very slow.

Sorry, I was likely wrong about time cost.  Once you find an entry it's 
there for the updating, but you will have to use write locking on table 
entries, perhaps they're just read locked for lookups now?  I haven't 
read ipfw for years.  Adding new table entries is what's really slow.

 > IS> Also, a table may be referenced in multiple rules, or even twice in the
 > IS> same rule, so what could such a count really indicate?

I guess you'll know how you want to use them, so objection overruled :)

 > IS> Of course, counts for matching the table are in the rule/s concerned:
 > 
 > IS> 16100583003060562 deny log logamount 20 ip from table(1) to any 
 > in recv ng0
 > IS> 16200 4449 226060 deny log logamount 20 tcp from
 > IS> table(25) to any dst-port 25,110 in recv ng0 setup
 > IS> 23000   45   2700 allow log logamount 100 tcp from
 > IS> table(22) to w.x.y.z dst-port 22 in recv ng0 setup

 > but if lookup function will return matched entry, then calling rule
 > may update appropriate counter.

Sounds like a good experiment in your local codebase, with some tests 
for speed and space costs?  64 bit counters?  Might as well store the 
32 bit timestamp too, just like the rule updating code does, I guess?

 > matchedentry= lookup_table( PACKETDATA );
 > updatecounter(matchedentry);

Code it up :)  Post to freebsd-ipfw@ and see what Luigi and crew say.

 > #ipfw show 16100
 > 16100583003060562 deny *counttable* log logamount 20 ip from 
 > table(1) to any in recv ng0
 >  5300 10.5.0.1/32
 >300562 10.5.0.7/32
 >   8000  6 10.5.0.2/32
 > 
 > will this be slow?

Well, display is from userland ipfw, where slow isn't very relevant. 
It'll be what it adds to kernel code and memory requirements that may 
matter.  I'm not sure how you could make this feature optional, short of 
a kernel config option .. but what do I know?

 > IS> Myself, I'd be more interested in a last-match timestamp than a count 
 > IS> for table entries, but that won't happen either for the above reasons :)

I often use ipfw -t show (or -ted show) so I guess with -t or -T it may 
show last access timestamps along with packet/byte counts too, as usual?

I'll be happy to test it when you've got working patches.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipfw counters for tables

2012-07-22 Thread Ian Smith
In freebsd-questions Digest, Vol 424, Issue 10, Message: 10
On Sun, 22 Jul 2012 14:55:46 +0300 Eugen Konkov  wrote:

Hi Eugen,

 > I use ipfw tables to allow host to access to internet.
 > is there counter for matched packets/bytes for table entry like for 
 > ipfw rule?
 > 
 > #ipfw show 901
 > rule packetsbytes
 > 00901  302271108  27717115967 allow ip from 10.10.1.3 to any
 > 
 > #ipfw table 7 list
 > ---table(7)---
 > 10.7.60.41/32 100
 > 
 > No counters here (((

No, there are no individual counters for matched entries in tables.  
Apart from extra space cost, the accounting time cost would be huge; 
lookups are fast but updating radix trees per match would be very slow.

Also, a table may be referenced in multiple rules, or even twice in the 
same rule, so what could such a count really indicate?

Of course, counts for matching the table are in the rule/s concerned:

16100583003060562 deny log logamount 20 ip from table(1) to any in recv 
ng0
16200 4449 226060 deny log logamount 20 tcp from table(25) to any 
dst-port 25,110 in recv ng0 setup
23000   45   2700 allow log logamount 100 tcp from table(22) to w.x.y.z 
dst-port 22 in recv ng0 setup

Myself, I'd be more interested in a last-match timestamp than a count 
for table entries, but that won't happen either for the above reasons :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Format a USB flash drive using gpart

2012-07-09 Thread Ian Smith
On Sun, 8 Jul 2012 21:00:40 +0100, Bruce Cran wrote:
 > On 08/07/2012 16:06, Ian Smith wrote:
 > > In general they're not distinct in usage from any other type of disk.
 > 
 > The more expensive disks of course support TRIM so you'd want to pass -t to
 > newfs to enable it.

Thanks.  Next time I blow around AU$455 on a 120GB flashdrive, I'll be 
glad to be better informed about getting the most out of it :)

At least with sysinstall|sade you can set extra newfs options such as 
-t, and as importantly for me, you can toggle whether or not to newfs 
particular partition/s, such as leaving say /home alone on an existing 
partitioning, which didn't seem straightforward with bsdinstall last I 
tried (admittedly at 9.0-BETA1) but I've not followed later updates.

I might take Matthew's suggestion and try the PCBSD 9 installer; I did 
boot a PCBSD 8 memstick at one stage, and was surprisingly impressed -
or I could use freebsd-update instead of sources to go from 7.4 to 9.1

"It's the options that drive ya crazy" -- Silly Symphony C.'83

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Format a USB flash drive using gpart

2012-07-08 Thread Ian Smith
In freebsd-questions Digest, Vol 422, Issue 10, Message: 29
On Sun, 8 Jul 2012 07:41:59 -0400 Carmel  wrote:
 > On Sat, 7 Jul 2012 20:36:36 -0600 (MDT)
 > Warren Block articulated:
 > 
 > > On Sat, 7 Jul 2012, Carmel wrote:
 > > 
 > > > This is probably a dumb question, but does gpart even work on a USB
 > > > flash drive? I have not been able to figure out how to do it. I
 > > > want to erase the entire drive and format it for a FreeBSD UFS2
 > > > file system.
 > > 
 > > Yes, gpart will work with pretty much any storage device.
 > > 
 > > If you want the drive to be bootable, it needs boot blocks.  This is 
 > > easier with GPT than MBR.  For an 8G drive:
 > > 
 > > # gpart create -s gpt da0
 > > # gpart add -t freebsd-boot -s 512k da0
 > > # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 da0
 > > # gpart add -t freebsd-ufs -b 1M -s 7G da0
 > > # gpart add -t freebsd-swap da0
 > > # newfs -U /dev/da0p2
 > 
 > Thanks Warren, you win the prize for the most detailed answer.
 > Polytropon gave me the easiest answer if I just want to use the drive
 > as a simple storage device; however, if at some point I actually want
 > to go beyond that your answer is what I would require.
 > 
 > Interestingly enough, I searched through the man pages and FreeBSD help
 > but never came across anything that specifically addressed flash drive.
 > Perhaps I was just not looking hard enough.

In general they're not distinct in usage from any other type of disk.

 > Perhaps, and I know that this will offend some purists, but a nice GUI
 > that would do what your instructions detail above would be helpful.
 > There is no way that I am going to remember all of those instructions in
 > six months time. Just my 2¢.

Well one of the reasons I'm replying to this is to keep a copy of 
Warren's recipe handy :)  Another is to point out that rumours of the 
death of MBR partitioning, especially on small disks, are premature.

I know your question specified gpart, but the easiest way I know of to 
put UFS filesystems on flash drives is to use sade(8), incorporating the 
fdisk & bsdlabel & newfs functions from sysinstall .. it still works as 
well as ever, however "old-fashioned" or "deprecated" some may call it.

sade's GUI at the curses level :) and does all the heavy maths for you, 
both for slicing the disk and partitioning the slice(s).  As mentioned 
in boot0cfg(8), you have to set  # sysctl kern.geom.debugflags=16
before sade (or anything) can write to any GEOM disk's boot sectors.  
Remember to reset it to 0 later.

You might even like to put a small msdosfs slice first, so you can use 
some of that stick to transfer files between UFS and DOS systems.  And 
yes you can multiboot from a memstick if you (or sade) put boot0 on it, 
assuming your computer supports booting from USB drives.

I don't know what the gpart equivalent of boot0 is, if there is one yet? 
Last I heard, seemed you had to use Linux tools to multiboot GPT disks.

There was some muttering about updating sade to handle GPT too .. that 
would be very welcome, maybe restoring some of the lost functionality 
from sysinstall/sade back into bsdinstall, both for GPT and MBR systems.

cheers, Ian___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: OT: Robotics or embedded or hardware programming... what is this called?

2012-06-28 Thread Ian Smith
On Mon, 25 Jun 2012 09:43:35 -0600 (MDT), Warren Block wrote:
 > On Mon, 25 Jun 2012, Ian Smith wrote:
 > 
 > > On Fri, 22 Jun 2012 06:47:48 -0600 (MDT), Warren Block wrote:
 > > > On Fri, 22 Jun 2012, Ian Smith wrote:
 > > >
 > > > Well, there is devel/arduino.  It's not emdedded Linux, but an IDE for
 > > > writing and downloading code.  The Arduino is a small embedded controller
 > > > based on the Atmel AVR microcontrollers.  They are quite powerful, easy 
 > > > to
 > > > program, and accessible for experimenters.  You can skip the Arduino
 > > > environment if you like, using the same lower-level tools like avr-gcc
 > > > directly.  And the Arduino board can be used as a programmer, downloading
 > > > code to plain AVR chips and avoiding the need for more Arduino boards. 
 > > > Talk
 > > > about the Arduino on FreeBSD is generally on the freebsd-embedded mailing
 > > > list.
 > > 
 > > Thanks Warren.  I got the wrong idea that Arduino ran an embedded Linux
 > > from a friend, a Linux-using Electrical Engineer, but not a programmer.
 > > I'd also (too) briefly glanced at www.arduino.cc and noted Windows, Mac
 > > and Linux references, and Linux binaries, but had no idea you had ported
 > > the GUI.  Could you perhaps try pushing the FreeBSD port upstream to
 > > Arduino, so people can find out that it exists from there?
 > 
 > There was an updated entry mentioning the port in the Playground, which now
 > seems to have reverted back to the old not-yet-working procedure for FreeBSD
 > 6.1.  And I see that 1.0.1 is out, so now the port needs to be updated.
 > There doesn't appear to be a way for me to edit that.  I can send mail to the
 > site about mentioning the FreeBSD port on the downloads page.  Or you can, if
 > you like.

MAMBM .. I'd promised myself I wouldn't spend any more time on this :) 

That wiki is fairly messed up, but its search helps a bit; searching for 
'FreeBSD' (ie googling 'FreeBSD site:http://arduino.cc/playground') 
turns up more than is indexed from the sidebar, including some pages not 
apparently accessible otherwise.  It really needs the main index editing 
(as well as http://arduino.cc/playground/Learning/FreeBSD) to point to 
(say) 'Installing Arduino on other platforms' after the Linux one, but 
it'd be a bit of work.  Yes, even just a link in the Downloads section 
would help, but making FreeBSD support more obvious sure wouldn't hurt.

 > Something I forgot to mention earlier is that it may now be possible to buy
 > Arduinos or compatibles at Radio Shack stores in the US.

Yes they're definitely getting out there. Tandy / RS abandoned the kit 
market here, but Jaycar (2011 cat) has Uno-compatible boards for $40 and 
a Duemilanove-compatible with onboard Ethernet 'shield' for $70.  Hmm.

Despite indexing FreeBSD under Linux(!), anybody interested in embedded 
monitoring, control and/or robotics with Arduino or Atmel uCs in general 
should find something of interest in 'The World Famous Index of Arduino 
& Freeduino Knowledge' at http://www.freeduino.org/

sucked in, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: OT: Robotics or embedded or hardware programming... what is this called?

2012-06-24 Thread Ian Smith
On Fri, 22 Jun 2012 06:47:48 -0600 (MDT), Warren Block wrote:
 > On Fri, 22 Jun 2012, Ian Smith wrote:
 > 
 > > I thought I saw something somewhere (maybe just wishful thinking) about
 > > FreeBSD on the Arduino, which normally runs a sort of embedded Linux,
 > > that could be very interesting; the hardware is cheap (kits at Jaycar
 > > stores in Australia anyway), very modular design, and there are heaps of
 > > fascinating projects.  I want the quadricopter to follow me around the
 > > room at parties - at my age I need something really impressive :)
 > 
 > Well, there is devel/arduino.  It's not emdedded Linux, but an IDE for
 > writing and downloading code.  The Arduino is a small embedded controller
 > based on the Atmel AVR microcontrollers.  They are quite powerful, easy to
 > program, and accessible for experimenters.  You can skip the Arduino
 > environment if you like, using the same lower-level tools like avr-gcc
 > directly.  And the Arduino board can be used as a programmer, downloading
 > code to plain AVR chips and avoiding the need for more Arduino boards.  Talk
 > about the Arduino on FreeBSD is generally on the freebsd-embedded mailing
 > list.

Thanks Warren.  I got the wrong idea that Arduino ran an embedded Linux 
from a friend, a Linux-using Electrical Engineer, but not a programmer. 
I'd also (too) briefly glanced at www.arduino.cc and noted Windows, Mac 
and Linux references, and Linux binaries, but had no idea you had ported 
the GUI.  Could you perhaps try pushing the FreeBSD port upstream to 
Arduino, so people can find out that it exists from there?

I hope to explore further once I get 9.x running; this 8.2-R system 
is chokka, not enough remaining space for a JDK, nor even a JRE :)

 > The Microchip PIC microcontrollers compete with the AVR.  There are some
 > FreeBSD ports for programming those, but there are many varying chips and the
 > hardware needed to program some of them differs.  I don't know if there is
 > anything directly comparable to the Arduino IDE.  ARM processors have become
 > so cheap that they are starting to compete in this arena also.

I looked at PICs ages ago, but just wasn't enticed by their instruction 
set; as an old S/3[67]0 bod I've always fallen for the more orthogonal 
processors like the Signetics 2650 (hands up who's heard of that!), 
680[59]/68K and more lately AVRs, Harvard architecture despite little- 
endianness.  Not sure there's room left in my head for MIPS or ARM ..

 > > On the FreeBSD side there's advanced work, I gather, on ARM and Atmel
 > > MEGA 32-bit and MIPS platforms at least.  Personally I consider these
 > > 'big iron' and far prefer writing in macro assembler for little Atmel
 > > Tiny25s and such, but that's strictly "Look Ma, no OS!" programming.
 > 
 > Another option: the freebsd-wireless list has had some very interesting
 > traffic about the TP-Link TL-WR1043ND, a $50 MIPS-based wireless router with
 > Atheros 802.11n chipset, USB, and gigabit Ethernet which can run FreeBSD
 > directly.  Not sure how usable it is at present.

Interesting.  I'm subs'd to wireless@ and embedded@ (previously small@) 
but obviously haven't been paying enough attention :)  Thanks again.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: OT: Robotics or embedded or hardware programming... what is this called?

2012-06-21 Thread Ian Smith
In freebsd-questions Digest, Vol 420, Issue 10, Message: 17
On Wed, 20 Jun 2012 19:54:27 -0600 Modulok  wrote:

 > Sorry for the off-topic post. There are a lot of technically adept people on
 > this list, so I thought I'd try my luck here:

On recent volcanic form, this scarcely measures on the OT scale :)

 > I want to get started programming for hardware. Motors, sensors, actuators, 
 > etc.
 > I have a programming background, (python, PHP, C++) but no experience with 
 > code
 > that drives hardware. (Motors, sensors, etc.)
 > 
 > I *don't* want closed-source "kit robots" where the point is to build the 
 > robot
 > the book and thats it. I also don't want ladder logic-based PMC's. Some kind 
 > of
 > micro-controller that runs a *nix flavor (or a BSD flavor!) would be great! 
 > (If
 > that's what I need.) Basically, I want to do stuff like "if input1() is True
 > then apply_voltage_on_output3()", etc. Build my own traffic light, coffee
 > maker, mars rover, automatic-plant waterer, whatever.

Sure.  Fun and potentially profitable stuff.  Wish I had a spare life ..

 > What do you call this? Embedded programming? Generic hardware programming?
 > Robotics programming? Are there prefabricated, standard embedded boards and
 > hardware specs that play together like PC parts do? In short, I don't even 
 > know
 > where to start.

Try browsing from http://lists.freebsd.org/pipermail/freebsd-embedded/ 
to see if that's of interest.  Getting FreeBSD up on various embedded 
platforms is the focus there, but I've seen robotics references too.

I see also, but haven't explored these (both look moderately busy):
 http://lists.freebsd.org/pipermail/freebsd-arm/
 http://lists.freebsd.org/pipermail/freebsd-mips/

 > Even general pointers to books/websites would be great. Once I know what it's
 > called I can google much more effectively ;)

I think once you find a platform you're interested in, you'll google up 
a perhaps bewildering array of support websites and forums, with books 
to suit.  For me it's about the processor instruction set and hardware 
functionality, but I gather you're looking for higher level language 
implementations, so you'll want to sniff and taste a few.

I thought I saw something somewhere (maybe just wishful thinking) about 
FreeBSD on the Arduino, which normally runs a sort of embedded Linux, 
that could be very interesting; the hardware is cheap (kits at Jaycar 
stores in Australia anyway), very modular design, and there are heaps of 
fascinating projects.  I want the quadricopter to follow me around the 
room at parties - at my age I need something really impressive :)

On the FreeBSD side there's advanced work, I gather, on ARM and Atmel 
MEGA 32-bit and MIPS platforms at least.  Personally I consider these 
'big iron' and far prefer writing in macro assembler for little Atmel 
Tiny25s and such, but that's strictly "Look Ma, no OS!" programming.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: hwpstate0 set frequency err 6

2012-06-14 Thread Ian Smith
In freebsd-questions Digest, Vol 419, Issue 9, Message: 2
On Wed, 13 Jun 2012 10:33:49 -0400
Lynn Steven Killingsworth  wrote:

 > This is the fourth time I have installed FreeBSD while learning the in's and
 > out's.  I have a new mainboard this time (ASUS M5A97 EVO + AMD FX 8120.)

 > I have set up dual booting because of a few legacy apps.  When the boot of
 > OS gets to the login prompt I begin to get the error message 'hwpstate0 set
 > frequency err 6'

 > During installation my super-workstation started to run as though it were
 > getting the absolutely maximum stress test.  The fans on my new Corsair H80
 > started to whine as well.  The 'stress test' effect starts the three next
 > times I have booted so I am not booting into FreeBSD at the moment.

 > Any advice?

Only that it seems perhaps similar or related to some threads in May on 
freebsd-stable@ subject: "[stable 9] broken hwpstate calls" that may or 
may not have yet resulted in a patch you could try.

http://lists.freebsd.org/pipermail/freebsd-stable/2012-May/thread.html

Thread continues in June, as a perhaps more general p-state discussion.

 > Thanks Lynn Steven Killingsworth

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: how to allow by MAC

2012-06-13 Thread Ian Smith
On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote:
 > > "Bill" == Bill Yuan  writes:
 > Bill> I want to create a white list MAC address,  Only the machine which 
 > it's MAC
 > Bill> in the white list will be allowed,  all others will be blocked.
 > 
 > Bad idea.  Since (a) every MAC address that *is* allowed is transmitted
 > in the clear and (b) it's trivial to spoof a MAC address.
 > 
 > This. is. no. security.

Indeed, that's right Randal.  But I got the impression from Bill's mails 
that this is more likely just something inside his internal network.

 > Please stop even trying.

Well I don't think learning how to use ipfw properly at layer2 is a bad 
idea in itself, and I wouldn't want to discourage anyone from that.

For some years I ran a filtering transparent bridge with ipfw + dummynet 
for a small network of about 20 mostly W98, XP and Mac boxes sharing one 
slow ADSL gateway between various assorted community groups (talk about 
herding cats! :) and MAC filtering was one of the handiest tools when 
some box or other got owned (again!) by some virus and started spewing 
spam, provider complains and/or cuts access .. you know the deal.

In that sort of environment, none of the punters had any clue about 
forging MACs or anything vaguely like that, and it stopped people 
randomly plugging boxes into the network.  Horses for courses.

I replied in more detail to another from Bill privately, copy follows.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Is this something we (as consumers of FreeBSD) need to be aware of?

2012-06-11 Thread Ian Smith
In freebsd-questions Digest, Vol 418, Issue 19, Message: 23
On Sun, 10 Jun 2012 16:56:49 -0400 Jerry  wrote:
 > On Sun, 10 Jun 2012 22:06:26 +0200
 > Julian H. Stacey articulated:
[..]
 > >As a start here's :  http://berklix.org/uefi/
 > >
 > >URLs welcome. Contact names welcome. Volunteers welcome.
 > 
 > It is posts like this that basically turn my stomach. A product, any
 > product, should succeed or fail based on its own merits and not because
 > some government agency aided or thwarted it. Most, it not nearly all PC
 > manufacturers exist solely because of Microsoft. The PC market balloons
 > every time Microsoft releases a new version of Windows. Seriously now,
 > how many PC were sold because FreeBSD released version 9 of its OS? If
 > you want to beat someone, you make a better product. You don't go
 > running to your mamma asking for protection. That stinks of
 > socialism/fascism. The UEFI specification has existed for years.
 > Supposedly, Linux has been capable of using it for 8+ years. I have
 > no idea if FreeBSD is even capable of handling it. It wouldn't
 > surprise me it if couldn't though. What this really tells me is that
 > there has been way to much procrastination by the FOSS. Microsoft
 > simply took advantage of an existing standard (remember "standards"
 > something the FOSS is always crying about) and now FOSS is begging for
 > mercy. This is more than just slightly funny, it is pathetic. If 1% of
 > the effort of spreading this BS over UEFI had gone into working on a
 > solution for UEFI two years ago, we wouldn't be having this discussion
 > at all.

I'vw been wondering when this topic would summon our longest-serving 
resident troll for Microsoft out of the woodwork for a proper full-tilt 
rant, replete with inimitable "socialism/fascism" jibe.  Gotta love it!

Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: how to allow by MAC

2012-06-10 Thread Ian Smith
In freebsd-questions Digest, Vol 418, Issue 18, Message: 1
On Sun, 10 Jun 2012 17:43:39 +0800 Bill Yuan  wrote:

 > how to allow by MAC in ipfw
 > 
 > currently i set the rule like below
 > 
 > 1  allow ip from any to any MAC any to 
 > 1  allow ip from any to any MAC  any
 > 2 deny all from any to any
 > 
 > i want to only allow the mac address to go through the freebsd firewall,
 > 
 > but I found it is not working on my freebsd but it works on pfsense!
 > 
 > so maybe that means the environment is not the same ? and how to setup the
 > ipfw properly to support this ?

Bill, you did get some good clues in the earlier thread, but it's not 
clear if you took note of them.  There's also been some confusion ..

Firstly, read up on layer2 (ethernet, MAC-level) filtering options in 
ipfw(8).  Thoroughly, several times, until you've got it.  Seriously.

After enabling sysctl net.link.ether.ipfw=1 (add it to /etc/sysctl.conf) 
ipfw will be invoked 4 times instead of the normal 2, on every packet.

Read carefully ipfw(8) section 'PACKET FLOW', and see that only on the 
inbound pass invoked from ether_demux() and the outbound pass invoked 
from ether_output_frame() can you test for MAC addresses (or mac-types); 
the 'normal' layer3 passes examine packets that have no layer2 headers.

You could just add 'layer2' to any rules filtering on MAC addresses, and 
omit MAC addresses from all layer 3 (IP) rules, but I'd recommend using 
a method like shown there to separate layer2 and layer3 flows early on:

   # packets from ether_demux
   ipfw add 10 skipto 1000 all from any to any layer2 in
   # packets from ip_input
   ipfw add 10 skipto 2000 all from any to any not layer2 in
   # packets from ip_output
   ipfw add 10 skipto 3000 all from any to any not layer2 out
   # packets from ether_output_frame
   ipfw add 10 skipto 4000 all from any to any layer2 out
 
So at (eg) 1000 and 4000 place your incoming and outgoing MAC filtering 
rules (remembering the reversed order of MAC addresses vs IP addresses, 
and to allow broadcasts as well), pass good guys and/or block bad guys, 
then deal with your normal IPv4|v6 traffic in a separate section(s).

Or you could just split the flows into two streams, one for layer2 for 
your MAC filtering, the other for layer3, ie the rest of your ruleset.

HTH, Ian  [please cc me on any reply]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Proper Port Forwarding

2012-06-07 Thread Ian Smith
In freebsd-questions Digest, Vol 418, Issue 10, Message: 7
On Wed, 06 Jun 2012 14:31:24 -0400 "Simon"  wrote:

 > Can someone suggest an alternative/proper way to port forward using ipfw. 
 > Right
 > now I have the following and some bad clients cause too many FIN_WAIT_2 state
 > 
 > fwd IP,PORT2 tcp from any to me dst-port PORT1 keep-state
 > 
 > This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW
 > stops forwarding using the rule above because of "too many dynamic rules"

Michael's and Dan's suggestions of adjusting sysctl net.inet.ip.fw.dyn* 
variables are good; consider also using 'limit' instead of 'keep-state', 
which works the same except limiting the number of open connections to a 
specified number.  See ipfw(8) /limit and /EXAMPLES for more, but eg:

 fwd IP,PORT2 tcp from any to me dst-port PORT1 limit src-addr 9

to prevent any one source address opening more than 9 connections, or

 fwd IP,PORT2 tcp from any to me dst-port PORT1 limit dst-port 42

to limit total open connections by everyone to dst-port PORT1 to 42.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Address to reach human operator regarding problems with list?

2012-05-30 Thread Ian Smith
In freebsd-questions Digest, Vol 417, Issue 4, Message: 26
On Wed, 30 May 2012 06:31:38 -0400 "Thomas Mueller"  
wrote:

 [Matthew Seaman wrote:]
 > > freebsd-questions-owner@... is correct, except that to my knowledge
 > > there isn't really a moderator for freebsd-questions (it's an open list
 > > that anyone can post to without having to be a member) and that address
 > > ultimately gets dealt with by postmas...@freebsd.org.

'Ultimately' being operative; I gather it rather depends on workload.  
It does sound a little odd that writing to freebsd-questions-owner@ is 
interpreted as mail to a subs-only list (moderators@), which may be well 
down the TODO queue of the postmaster@ team.

 > > The message you got about "held for moderation" is standard boiler-plate
 > > from mailman, and probably not appropriate for your specific circumstances.

I think mentioning the whole circumstance to postmaster@, including the 
result of posting to freebsd-questions-owner@ could be worthwhile; I 
wouldn't suggest every little mail issue should go to postmaster@, but 
apart from Tom's immediate problem, there may be a functional issue.

 > > On the whole though, you shouldn't need to contact anyone about the
 > > warning you received.   It generally occurs when your mail system
 > > rejects messages from the freebsd-questions@... list as spam.  As there
 > > is a certain amount of spam that does appear on the list, this is an
 > > absolutely legitimate practice: trouble is, it's hard for the FreeBSD
 > > mail system to distinguish deliberate non-acceptance of spam from
 > > accidental non-acceptance of traffic due to a broken mailer.

Indeed.  Considering the number of lists and the number of subscribers, 
I think mailman (and spamassassin recipes) do a great job, though it's 
always going to be a battle chasing the latest spammer techniques; the 
recent spamruns with multiple 'From:' addresses being a case in point, 
not a pretty look seeing spam 'apparently' by FreeBSD committers ..

 > > Mailman has an adaptive system that scores you based on how many rejects
 > > you generate in a certain time period.  If you log into mailman at eg.
 > > http://lists.freebsd.org/mailman/options/freebsd-questions
 > > you can see your current score.  Mine is currently 2.0 (out of 5.0) and
 > > has been about that for quite some time.  So long as your score is not
 > > too large, I wouldn't worry about the message you received.  Even if
 > > your score does go over the threshold, you can just use that same
 > > interface to re-enable delivery.

I hadn't checked for ages, but see my score is now 1.0, probably from a 
couple of days downtime last month ie delayed delivery.  This would help 
Tom see if mailman 'knows' anything about his problem, but not what was 
happening to cause that?

 > I contacted my Internet service provider, Insight Cable, about the 
 > problem, and they need a copy of any message that bounces, so they 
 > can see what went awry.

Bit strange asking you to provide copies of messages you didn't get :)

Are they providing your inbound MX server, ie is that where your mail is 
received?  I gather you're not running your own mailserver.  It should 
not be hard to find any such bounces from/to mx2.freebsd.org in their 
mail or spam logs, if it was they who bounced them?  If not, who did?

 > So I can't just ignore the problem.

I rather suspect that even if each bounce is logged at freebsd.org (and 
it might be some task to find yours, beyond that they've been counted), 
that it could be non-trivial to locate the offending source messages.  
Not impossible, Message-IDs are likely logged, but last-resort stuff.

OTOH this may be something postmaster@ does routinely, what do I know :)

 > Maybe I should resend the message to postmas...@freebsd.org instead 
 > of freebsd-questions-ow...@freebsd.org?
 > 
 > This problem relates to FreeBSD emailing lists in general, not just 
 > one list such as questions@ .

Yes, in this case I think you should, after exploring the options 
Matthew outlined.  Be sure to show complete headers of any and all 
messages you need to forward to postmaster@.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Newsyslog | Cronjob faulty? (fwd)

2012-05-27 Thread Ian Smith
Jos, did you not get my response to your original query over a week ago?

I see it made the list archives.  Anyway this second time around, Robert 
Bonomi wins gold for the best guess, with even fewer clues to go on :-)

cheers, Ian  (who probably said too much, but doesn't resile)

-- Forwarded message --
Date: Sat, 19 May 2012 05:03:23 +1000 (EST)
From: Ian Smith 
To: Jos Chrispijn 
Cc: freebsd-questions@freebsd.org
Subject: Re: Newsyslog | Cronjob faulty?

In freebsd-questions Digest, Vol 415, Issue 4, Message: 12
On Wed, 16 May 2012 21:44:53 +0200 Jos Chrispijn  wrote:

 > At midnight (00.00) I run this cronjob from my crontab:
 > 
 > Crontab:
 > 00  *   *   *   *   rootnewsyslog

By 'my' crontab, do you mean the system crontab, /etc/crontab ?

If so, that's nearly but not quite the default syntax of:

#minute hourmdaymonth   wdaywho command
# Rotate log files every hour, if necessary.
0   *   *   *   *   rootnewsyslog

Note the single '0'.  I don't know if '00' is valid.  And it doesn't 
mean 'at midnight', it means whenever the minute is 0, any hour, any 
day, any month, any weekday; ie newsyslog is run hourly, on the hour.

And the default entry in /etc/newsyslog.conf for maillog is:

/var/log/maillog640  7 *@T00  JC

So it's newsyslog using newsyslog.conf(5) that creates maillog if it 
doesn't yet exist, rotates it to maillog.0 at midnight (T00), thereafter
compressing it with bzip2 (J).

 > For some reason this goes wrong; (if I run 'newsyslog' on any other 
 > time, there is no error message).
 > 
 > bzip2: Can't open input file /var/log/maillog.0: No such file or directory.
 > newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero 
 > status (1)
 > 
 > /var/log:
 > -rw-r-  1 rootwheel 63162 May 16 21:20 maillog
 > -rw-r-  1 rootwheel   109 May 16 00:00 maillog.0.bz2
 > -rw-r-  1 rootwheel 73674 May 16 00:00 maillog.1
 > -rw-r-  1 rootwheel   111 May 15 00:00 maillog.2.bz2
 > -rw-r-  1 rootwheel 73050 May 15 00:00 maillog.3
 > -rw-r-  1 rootwheel   109 May 14 00:00 maillog.4.bz2
 > -rw-r-  1 rootwheel184042 May 14 00:00 maillog.5
 > 
 > Can somebody tell me what goes wrong here?

Looks likely two instances of newsyslog racing at midnight; one makes 
maillog.0.bz2 from the just-rolled maillog.0, the other finds maillog.0 
has disappeared before getting to run bzip2 on it?  So, two files per 
day, and the above message?

 > On my other FreeBSD server the same cronjob goes ok...

Check /etc/crontab and /etc/newsyslog.conf on both, and make sure you're 
not also trying to run a user crontab for root, apart from /etc/crontab?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipfw subnetting

2012-05-21 Thread Ian Smith
On Mon, 21 May 2012 16:30:59 +0100, Paul Macdonald wrote:
 > On 21/05/2012 14:50, Ian Smith wrote:
 > > In freebsd-questions Digest, Vol 416, Issue 1, Message: 26
 > > On Mon, 21 May 2012 10:06:12 +0100 Paul Macdonald  wrote:
 > > 
 > >   >  can anyone suggest what i'm doing wrong here.
 > >   >
 > >   >  Desired:drop everything from 180.0.0.0 to 180.255.255.255
 > >   >
 > >   >  ipfw -q add 137 deny all from 180.0.0.0/8 to any
 > > 
 > > t23# ipfw -q add 137 deny all from 180.0.0.0/8 to any
 > > t23# ipfw show 137
 > > 001370   0 deny ip from 180.0.0.0/8 to any
 > > 
 > > So what doesn't work?  (apart from scattergun removal of small pieces of
 > > a whole lot of Asian countries, incl. Japan, Indonesia, Australia, .. :)

 > it was intended as a required temporary measure,
 > but even though it was listed in my ipfw list, i was/am still seeing traffic
 > coming in via addresses such as 180.248.x.x

Ok.  Coming in to what service/s?

 > A very open firewall test script is as follows:
 > 
 > 00010 allow ip from any to any via lo0
 > 00081 deny log ip from 180.0.0.0/8 to any
 > 00100 check-state
 > 00101 allow tcp from any to any established
 > 00102 allow ip from any to any out keep-state
 > 00103 allow icmp from any to any
 > 65535 deny ip from any to any
 > 
 > but i'm still seeing traffic from
 > 
 > 180.149.29.102

Banglalion Communications Ltd. WiMAX Operator. Bangladesh.

 > 180.234.116.61
 > 180.234.36.44
 > 180.234.237.119
 > 180.234.72.115

Augere Wireless Broadband Bangladesh Limited. (FWIW)

 > I must be doing something wrong!

If you're using just that order, denying 180/8 BEFORE the check-state, 
then incoming traffic from 180/8 not being dropped (and logged) at rule 
81 would represent a serious bug in ipfw, worthy of a PR.  But this 
may not be quite as it seems .. for example, even when dropped you'll 
see such packets from tcpdump, which are hooked before the firewall.

Where and how, past the firewall, are you detecting this traffic?  What 
sort of traffic?  Are you sure sysctl net.inet.ip.fw.enable=1 ? Seeing 
`ipfw show` over a period, even better `ipfw -t show` with timestamps, 
could convince us the firewall was actually otherwise working ..

In your later post to Michael you had that rule 137 AFTER check-state, 
which means that packets from 180/8 - in response to outbound requests 
by you (or your rootkit :) to those addresses - might indeed pass.

 > 00102 allow ip from any to any out keep-state

keep-state for 'ip' or 'all' traffic (rather than specifying tcp, udp or 
icmp) doesn't make much sense, and could have dangerous consequences of 
allowing any sort of return traffic from (say) 180/8 initiated from your 
end, but only if check-state were BEFORE you've denied 180/8 traffic.

Rather than show the script, please post results from ipfw show, and a 
few of the log entries of denied packets (with your addresses obscured 
if need be).  And some logging from where you're detecting those hosts?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipfw subnetting

2012-05-21 Thread Ian Smith
In freebsd-questions Digest, Vol 416, Issue 1, Message: 26
On Mon, 21 May 2012 10:06:12 +0100 Paul Macdonald  wrote:

 > can anyone suggest what i'm doing wrong here.
 > 
 > Desired:drop everything from 180.0.0.0 to 180.255.255.255
 > 
 > ipfw -q add 137 deny all from 180.0.0.0/8 to any

t23# ipfw -q add 137 deny all from 180.0.0.0/8 to any
t23# ipfw show 137
001370   0 deny ip from 180.0.0.0/8 to any

So what doesn't work?  (apart from scattergun removal of small pieces of 
a whole lot of Asian countries, incl. Japan, Indonesia, Australia, .. :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: problems with networking and route command

2012-05-20 Thread Ian Smith
In freebsd-questions Digest, Vol 415, Issue 6, Message: 1
On Fri, 18 May 2012 08:07:16 -0400
David Banning  wrote:

 > > > It is machines that connect and receive via DHCP 192.168.1.2 and above 
 > > > that
 > > > can't connect to the internet though the server.  I don't know a whole
 > > > lot about route - I have been attempting a variation of route commands
 > > > without success.

[Chuck Swiger wrote:]
 > > You need to implement NAT on this box, since 192.168.0.0/16 is an 
 > > RFC-1918 unrouteable private network range.

 > I previously connected to the internet using ppp with the -nat option
 > and now my connection has changed - so that makes sense.
 > 
 > So I implemented natd.
 > 
 > Unfortunately natd does not work as yet.  I followed the setup as laid 
 > out in "man natd" and also used the layout in;
 > 
 > http://www.freebsddiary.org/ipfw.php

I've since seen Derek's response in the archives (I get the digests) at 
http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241035.html 
and I agree that 1998 is far too old to be of much use. I differ however 
about advisability of referring to the Handbook IPFW page, which frankly 
sucks - the only section of the Handbook that does, that I know of; you 
will find ipfw(8) and /etc/rc.firewall to be much better friends.

 > Here is my natd setup
 > 
 > 1. Compiled IPFIREWALL & IPDIVERT into my kernel - went fine.

Didn't need to, both will load from modules from the /etc/rc.d scripts. 
Many these days prefer to use in-kernel NAT (firewall_nat_enable="YES") 
instead, but natd still works as ever; you can always switch later.

 > Here is my rc.conf network related entries;
 > 
 > natd_enable="YES"
 > natd_interface="rl0"
 > natd_flags="-f /etc/natd.conf"
 > gateway_enable="YES"
 > ifconfig_rl0="inet 64.40.244.36 netmask 255.255.255.240"
 > defaultrouter="64.40.244.33"
 > ifconfig_vr0="DHCP"
 > ifconfig_vr0=up
 > ifconfig_vr0="inet 192.168.1.1"

Only the last ifconfig_vr0 counts, but that's ok, DHCP is for clients, 
not where vr0 gets its address from, right?  Ah, you fix that below ..

 > network_interfaces="rl0 vr0 lo0"
 > ifconfig_lo0="inet 127.0.0.1"
 > firewall_enable="YES"
 > firewall_script="/etc/firewall.rules"
 > firewall_type="simple"
 > firewall_logging="YES"

firewall_type only applies where firewall_script="/etc/rc.firewall", 
however that would be ignored by your custom /etc/firewall.rules.

 > dhcpd_ifaces="vr0"
 > dhcpd_enable="YES"
 > 
 > My firewall rules;
 > 
 > ipfw add 64000 allow ip from any to any
 > ipfw add divert natd all from any to any via rl0
 > ipfw add allow tcp from any to 192.168.2.1 139
 > ipfw add allow tcp from any to 192.168.1.1 139

That won't work; after specifying the current rule as 64000, subsequent 
unnumbered rules will be placed at 64100, 64200 etc - so they will never 
be reached.  If you put that 'allow all' at the end that would work, 
although a default policy of 'deny all' is very much safer.

 > ipfw add 6000 deny tcp from any to 64.40.244.36 139
 > ipfw add 6010 deny tcp from any to 64.40.244.36 445

These two will now be the first rules encountered, being so numbered.  
You'll also want to deny an awful lot more than NETBIOS packets to your 
outside address, see below.

 > ipfw add deny tcp from any to any 139

And that will go at the end, again after everything has been allowed.  
Always use 'ipfw list' or 'ipfw show' to check your running ruleset.

I would seriously advise you to consider using the rc.firewall 'simple' 
ruleset, at least as a basis, for a setup like yours.  It's designed 
specifically to protect small networks, and particularly to place the 
NAT rules in just the right place between inbound and outbound anti- 
spoofing rules.  See /etc/defaults/rc.conf for the variables you can set 
that should work more or less out of the box, though you may want to 
modify rc.firewall (or better, a copy of it, say rc.myfirewall) if you 
need to any add particular rules for specific services you need.

It will also protect your IPv6 network, if that's relevant to you.

 > My /etc/natd.conf;
 > 
 > interface rl0
 > use_sockets yes
 > same_ports yes

Should be ok.  You already have natd_interface="rl0" in rc.conf.
Consider 'unregistered_only yes', particularly if not using the 
anti-spoofing rules provided in rc.firewall 'simple'.

 > My /etc/services includes the line;
 > 
 > natd 8668/divert  # Network Address Translation socket
 > 
 > Output of ifconfig;
 > 
 > # ifconfig
 > fwe0: flags=8802 mtu 1500
 > ether 02:11:d8:b3:0e:43
 > ch 1 dma -1
 > vr0: flags=8843 mtu 1500
 > inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
 > inet6 fe80::16d6:4dff:fe47:88ae%vr0 prefixlen 64 scopeid 0x2 
 > ether 14:d6:4d:47:88:ae
 > media: Ethernet autoselect (100baseTX )
 > status: active
 > rl0: flags=8843 mtu 1500
 > inet 64.40.244.36 netmask 0xfff0 broadcast 64.40.244.47
 > inet6 fe80::211:95ff:fe66:7162%rl0 prefixle

Re: Newsyslog | Cronjob faulty?

2012-05-18 Thread Ian Smith
In freebsd-questions Digest, Vol 415, Issue 4, Message: 12
On Wed, 16 May 2012 21:44:53 +0200 Jos Chrispijn  wrote:

 > At midnight (00.00) I run this cronjob from my crontab:
 > 
 > Crontab:
 > 00  *   *   *   *   rootnewsyslog

By 'my' crontab, do you mean the system crontab, /etc/crontab ?

If so, that's nearly but not quite the default syntax of:

#minute hourmdaymonth   wdaywho command
# Rotate log files every hour, if necessary.
0   *   *   *   *   rootnewsyslog

Note the single '0'.  I don't know if '00' is valid.  And it doesn't 
mean 'at midnight', it means whenever the minute is 0, any hour, any 
day, any month, any weekday; ie newsyslog is run hourly, on the hour.

And the default entry in /etc/newsyslog.conf for maillog is:

/var/log/maillog640  7 *@T00  JC

So it's newsyslog using newsyslog.conf(5) that creates maillog if it 
doesn't yet exist, rotates it to maillog.0 at midnight (T00), thereafter
compressing it with bzip2 (J).

 > For some reason this goes wrong; (if I run 'newsyslog' on any other 
 > time, there is no error message).
 > 
 > bzip2: Can't open input file /var/log/maillog.0: No such file or directory.
 > newsyslog: `bzip2 -f /var/log/maillog.0' terminated with a non-zero 
 > status (1)
 > 
 > /var/log:
 > -rw-r-  1 rootwheel 63162 May 16 21:20 maillog
 > -rw-r-  1 rootwheel   109 May 16 00:00 maillog.0.bz2
 > -rw-r-  1 rootwheel 73674 May 16 00:00 maillog.1
 > -rw-r-  1 rootwheel   111 May 15 00:00 maillog.2.bz2
 > -rw-r-  1 rootwheel 73050 May 15 00:00 maillog.3
 > -rw-r-  1 rootwheel   109 May 14 00:00 maillog.4.bz2
 > -rw-r-  1 rootwheel184042 May 14 00:00 maillog.5
 > 
 > Can somebody tell me what goes wrong here?

Looks likely two instances of newsyslog racing at midnight; one makes 
maillog.0.bz2 from the just-rolled maillog.0, the other finds maillog.0 
has disappeared before getting to run bzip2 on it?  So, two files per 
day, and the above message?

 > On my other FreeBSD server the same cronjob goes ok...

Check /etc/crontab and /etc/newsyslog.conf on both, and make sure you're 
not also trying to run a user crontab for root, apart from /etc/crontab?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: help debug bwn(4) wireless

2012-05-07 Thread Ian Smith
In freebsd-questions Digest, Vol 414, Issue 1, Message: 13
On Sun, 06 May 2012 21:48:19 +0100 Chris Whitehouse  wrote:
 > On 06/05/2012 17:31, Ian Smith wrote:
 > > Anton, I'm not sure what the state of the art is for multiple network
 > > profiles for such as wireless vs wired, home and work etc, but look
 > > around.  I recall one called just 'profile' from years ago, and more
 > > recently talk of 'failover' setups for wired/wireless nets (probably in
 > > n...@freebsd.org), but I've no time for hunting tonight.  Anyone?
 > 
 > Would that be lagg?
 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-aggregation.html

It would indeed, thanks Chris.  "Example 32-3. Failover Mode Between 
Wired and Wireless Interfaces" might almost meet Anton's requirements?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: help debug bwn(4) wireless

2012-05-06 Thread Ian Smith
In freebsd-questions Digest, Vol 413, Issue 11, Message: 21
On Sat, 5 May 2012 19:26:00 -0400 (EDT) Chris Hill  wrote:
 > On Sat, 5 May 2012, Robert Bonomi wrote:
 > 
 > > Anton Shterenlikht  wrote;
 > 
 > [snip]
 > 
 > >> ...I still find the whole networking area perfectly impenetrable. (If 
 > >> you can recommend a really introductory book on the subject, I'd 
 > >> really appreciate it.
 > 
 > [snip]
 > 
 > > See also "TCP/IP Network Administration".  This is an "O'Reilley 
 > > Associates" book.  Virtually *everything* they publish is excellent. 
 > > If they've ever published an even mediocre book, _I_ have never 
 > > encountered it.
 > 
 > Anton, I'll second that recommendation. 'TCP/IP Network Administration' 
 > by Craig Hunt is an outstanding book; it taught me a lot about 
 > networking, really made the subject comprehensible. The other O'Reilly 
 > book that I found indispensable when getting started was 'Essential 
 > System Administration' by Aeleen Frisch. In fact, why don't I just "me 
 > too" about O'Reilly. Everything of theirs that I have seen has been 
 > excellent.

I'll third it Chris.  Apart from Tanenbaum's seminal 'Computer Networks' 
(qv) a decade earlier, I learned most of what I needed to setup mail, 
DNS, other servers and TCP/IP networking in general from Hunt's book.

I also borrowed Frish's excellent book (for about five years :) and 
found it invaluable for all sorts of sysadmin tasks, including good 
shell scripting techniques, covering a wide range of unixish OSes.

Anton, I'm not sure what the state of the art is for multiple network 
profiles for such as wireless vs wired, home and work etc, but look 
around.  I recall one called just 'profile' from years ago, and more 
recently talk of 'failover' setups for wired/wireless nets (probably in 
n...@freebsd.org), but I've no time for hunting tonight.  Anyone?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: help debug bwn(4) wireless

2012-05-04 Thread Ian Smith
On Fri, 4 May 2012 21:03:07 +0100, Anton Shterenlikht wrote:
[..]
 > wlan0: flags=8843 metric 0 mtu 1500
 > ether 00:c0:49:58:00:fe
 > inet 192.168.1.104 netmask 0xff00 broadcast 192.168.1.255 
 > nd6 options=29
 > media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
 > status: associated
 > ssid lagartixa channel 11 (2462 MHz 11g) bssid 00:18:39:e6:46:b6
 > country US authmode WPA2/802.11i privacy ON deftxkey UNDEF
 > AES-CCM 2:128-bit txpower 30 bmiss 7 scanvalid 450 bgscan
 > bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
 > wme roaming MANUAL
 > 
 > I run wpa_supplicant:
 > 
 > # wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf 
 > Trying to associate with 00:18:39:e6:46:b6 (SSID='lagartixa' freq=2462 MHz)
 > Associated with 00:18:39:e6:46:b6
 > WPA: Key negotiation completed with 00:18:39:e6:46:b6 [PTK=CCMP GTK=CCMP]
 > CTRL-EVENT-CONNECTED - Connection to 00:18:39:e6:46:b6 completed (auth) 
 > [id=0 id_str=]
 > 
 > I got issued the ip address by my wireless router.
 > 
 > I see the card on the router:
 > 
 > DHCP Active IP Table  
 > DHCP Server IP Address:   192.168.1.1
 > Client Host Name IP Address  MAC Address Expires 
 >  192.168.1.104   00:c0:49:58:00:fe   23:58:54
 > 
 > I get /etc/resolve.conf set up automatically
 > (through the wired connection):
 > 
 > % cat /etc/resolv.conf
 > # Generated by resolvconf
 > search cable.virginmedia.net
 > nameserver 194.168.4.100
 > nameserver 194.168.8.100
 > 
 > 
 > But I just can't get the wireless connection,
 > even to the router:
 > 
 > % ping 192.168.1.1
 > PING 192.168.1.1 (192.168.1.1): 56 data bytes
 > ping: sendto: No route to host
 > ping: sendto: No route to host
 > ^C

What sayeth 'netstat -finet -rn' ?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Limiting closed port RST response

2012-05-02 Thread Ian Smith
On Wed, 2 May 2012, Arthur Chance wrote:
 > On 05/01/12 20:01, Ian Smith wrote:
 > > In freebsd-questions Digest, Vol 413, Issue 4, Message: 7
 > > On Tue, 01 May 2012 12:59:36 +0100 Arthur Chance
 > > wrote:
 > > 
 > >   >  Every once in a while the nightly periodic security checks tell me 
 > > I've
 > >   >  got a kernel message
 > >   >
 > >   >  Limiting closed port RST response from N to 200 packets/sec
 > >   >
 > >   >  where N>  200. The problem is that it doesn't say which port was
 > >   >  involved. Is there any way to find that out so I can try tracking down
 > >   >  the problem? AFAICT tcpdump doesn't have a way saying "closed ports on
 > >   >  this machine" as a filter.
 > > 
 > > % sysctl -ad | grep vain
 > > net.inet.tcp.log_in_vain: Log all incoming TCP segments to closed ports
 > > net.inet.udp.log_in_vain: Log all incoming UDP packets
 > 
 > Thanks, that's what I need.

There's another option you may want to consider, especially once you 
work out who or what's originating these.  From an /etc/sysctl.conf:

#% 9/8/6
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1

#% 7/10/8
# can't use this and respond to traceroutes
# net.inet.udp.blackhole: Do not send port unreachables for refused connects
# net.inet.udp.blackhole=1

# net.inet.tcp.blackhole: Do not send RST when dropping refused connections
#% 14/4/10 was 1, still see some resets sent (see /sys/netinet/tcp_input.c)
net.inet.tcp.blackhole=2

 > > With sysctl net.inet.tcp.log_in_vain=1 you get a message per instance,
 > > likely aggregated into 'last message repeated N times' at those rates. I
 > > add ipfw rules for heavy hitters on particular ports&/or from
 > > particular hosts to cut both the noise and (albeit slight) load.
 > 
 > This is on an internal LAN behind a firewall, so there isn't (I hope!)
 > anything external causing it. There's a motley bunch of hardware and software
 > sharing the LAN and I'd like to identify the source of the problem just for
 > my peace of mind.

Good idea.  There are a few reasons you may see inbound TCP connections 
you're not expecting, including general background noise from bots 
scanning everyone for everything, late responses from genuine outbound 
connection attempts, and bots hitting other sites using your forged IP 
address, so you get a bunch of SYN ACK packets out of the blue, most 
often from port 80 to some random (or particular) port.

If using udp.log_in_vain=1 too, you'll see such as late responses from 
DNS servers (even from localhost) and assorted bot scans, and at times 
unsolicited responses from DNS servers from someone/s again forging your 
IP address in requests, possible on a large scale.  These may look like 
attacks on your system, but you're just one of many forged addresses, 
the attack being on (what you see as) the source system, big in 2010.

Happy hunting, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Limiting closed port RST response

2012-05-01 Thread Ian Smith
In freebsd-questions Digest, Vol 413, Issue 4, Message: 7
On Tue, 01 May 2012 12:59:36 +0100 Arthur Chance  wrote:

 > Every once in a while the nightly periodic security checks tell me I've 
 > got a kernel message
 > 
 > Limiting closed port RST response from N to 200 packets/sec
 > 
 > where N > 200. The problem is that it doesn't say which port was 
 > involved. Is there any way to find that out so I can try tracking down 
 > the problem? AFAICT tcpdump doesn't have a way saying "closed ports on 
 > this machine" as a filter.

% sysctl -ad | grep vain
net.inet.tcp.log_in_vain: Log all incoming TCP segments to closed ports
net.inet.udp.log_in_vain: Log all incoming UDP packets

With sysctl net.inet.tcp.log_in_vain=1 you get a message per instance, 
likely aggregated into 'last message repeated N times' at those rates. I 
add ipfw rules for heavy hitters on particular ports &/or from 
particular hosts to cut both the noise and (albeit slight) load.

If you'd rather not have these (hardly uncommon) messages spamming 
/var/log/messages, use something along these lines in /etc/syslog.conf:

*.notice;authpriv.none;kern.!=info;mail.crit;news.err;ntp.err;local0.none;ftp.none
  /var/log/messages
kern.=info  /var/log/kerninfo.log

# touch /var/log/kerninfo.log
# service syslogd restart

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Postfix + Courier IMAP local email problems

2012-04-15 Thread Ian Smith
In freebsd-questions Digest, Vol 410, Issue 12, Message: 2
On Sat, 14 Apr 2012 10:51:36 -0500 (CDT)
Robert Bonomi  wrote:
 | Ron  wrote:
 > > OK, I found the problem.  It was the hostname not being set correctly.  
 > > What threw me was that it was correct in the rc.conf file, but I did not 
 > > know you needed to reboot the machine to have it take effect.  It just 
 > > never occurred to me to run 'hostname' and see since I was seeing it 
 > > correctly in the rc.conf.
 > 
 > FYI, while it's true tht rc.conf is processed only t boot time, you don't
 > _have_ to reboot when you make a change.  What you _do_ need to do is run
 > the same commands the the rc processing does.  Unfortunately, with the 
 > 'rc.d'-style process, where rc.conf just sets environment variables, and
 > everything else happens 'by magic', it can be a major effort to figure 
 > out -what- commands need to be run when you change something, and 'reboot'
 > *is* the simplest way to get the  job done.  One reason _I_ much prefer
 > the "old" BSD-style '/etc/rc.boot' and '/etc/rc.local' approch.  It was
 > =far= simpler to see exactly what was going on, in what order, and with
 > what params.  Tracking stuff through the rc.d/* swamp is a 'project' -- 
 > there is a whole nuther 'command language' to master.  :((

It's really not all that complicated to change hostname(1)

t23# grep hostname /etc/rc.conf
hostname="t23.smithi.id.au"
t23# hostname
t23.smithi.id.au
t23# hostname boofar
t23# hostname
boofar
t23# csh
boofar# exit
exit
t23# hostname
boofar
t23# hostname t23.smithi.id.au
t23# hostname
t23.smithi.id.au

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: current pids per tty

2012-04-04 Thread Ian Smith
In freebsd-questions Digest, Vol 409, Issue 5, Message: 3
On Wed, 04 Apr 2012 08:03:11 -0700, per...@pluto.rain.com wrote:
 > "ill...@gmail.com"  wrote:
 > 
 > > (there is an executable named /usr/bin/jobs, but . . .
 > > well run "cat /usr/bin/jobs" & see for yourself).
 > 
 > Whoa!  Does /usr/bin/jobs even work?
 > 
 >   $ cat /usr/bin/jobs
 >   #!/bin/sh
 >   # $FreeBSD: src/usr.bin/alias/generic.sh,v 1.2.10.1.4.1 2010/06/14 
 > 02:09:06 kensmith Exp $
 >   # This file is in the public domain.
 >   builtin ${0##*/} ${1+"$@"}
 > 
 > It looks as if generic.sh intends to have the same effect as the
 > builtin matching the name under which the script is run, but at
 > least for "jobs" I don't think it will DTRT because it will run
 > in the wrong context:
 > 
 > * The builtin "jobs" command will report all background jobs known
 >   to the shell in which it is issued.
 > 
 > * Because it is a shebang script, running /usr/bin/jobs will cause
 >   the shell in which it is run to fork/exec an instance of /bin/sh,
 >   and that instance will execute the /usr/bin/jobs script, thus it
 >   will will be the new /bin/sh instance that executes _its_ builtin
 >   "jobs" command -- reporting nothing, since _that_ instance has not
 >   put anything into the background (and has no knowledge of what-all
 >   its parent shell may have put in the background).

Quite so:

t23# jobs -l
t23# sleep 60 &
[1] 86793
t23# jobs -l
[1]  + 86793 Running   sleep 60
t23# /usr/bin/jobs -l
t23# jobs -l
[1]  + 86793 Running   sleep 60
t23# sh
# jobs -l
# sleep 60 &
# jobs -l
[1] + 86819 Running   sleep 60
# /usr/bin/jobs -l
# jobs -l
[1] + 86819 Running   sleep 60
# exit
t23# jobs -l
[1]  + 86793 Running   sleep 60
t23# jobs -l
[1]86793 Done  sleep 60
t23# jobs -l
t23#

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: FreeBSD Security in Multiuser Environments

2012-04-02 Thread Ian Smith
In freebsd-questions Digest, Vol 408, Issue 10, Message: 5
On Sat, 31 Mar 2012 21:05:00 +0700 Erich Dollansky 
 wrote:
 > On Saturday 31 March 2012 20:26:14 Julian H. Stacey wrote:
[..]
 > > Da Rock wrote:
 > > > On 03/31/12 17:46, Julian H. Stacey wrote:
[..]
 > > > > schu...@ime.usp.br wrote:
 > > > >> Hello,
 > > > >>
 > > > >> I would like to raise a discussion about the security features
 > > > >> of FreeBSD as a whole and how they might be employed to actually
 > > > >> derive some meaningful guarantees.

 > > > > We have a list specialy for freebsd-security@. Please use it.

I thought this to be sensible advice.  Before seeing that I'd thought of 
copying it to rwatson@ who I figured might take an interest due to his 
involvement with Capsicum, acl(3) and such, but he certainly reads that 
list anyway (and more than likely, not this one :)

 > > > Hang on, hold the phone: The security list (specifically) is for 
 > > > security announcements. At least that what it said when I subscribed to 
 > > > it...
 > > 
 > > Wrong.

Correct :)

 > > For list of mail lists see:
 > >http://lists.freebsd.org/mailman/listinfo
 > > 
 > > Specifically:
 > >freebsd-secur...@freebsd.org
 > >http://lists.freebsd.org/mailman/listinfo/freebsd-security
 > > 
 > >freebsd-security-notificati...@freebsd.org
 > >http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications

 > this sounds very confusing for people who have simple question:
 > 
 > 'General system administrator questions of an FAQ nature are 
 > off-topic for this list, but the creation and maintenance of a FAQ is 
 > on-topic. Thus, the submission of questions (with answers) for 
 > inclusion into the FAQ is welcome. Such question/answer sets should 
 > be clearly marked as (at least "FAQ submission") such in the subject. 
 > '

schultz' post was nothing in the way of an FAQ issue, but a request for 
discussion of a wide range of system security issues, far indeed from a 
'simple question'.  Had you posted the two paragraphs before the one you 
quote above, this may have been a little clearer.  To wit:

"This is a technical discussion list covering FreeBSD security issues. 
The intention is for the list to contain a high-signal, low-noise 
discussion of issues affecting the security of FreeBSD.

"Welcome topics include Cryptography (as it relates to FreeBSD), OS bugs 
that affect security, and security design issues. Denial-of-service 
(DoS) issues are less important than problems that allow an attacker to 
achieve elevated privelige, but are still on-topic."

 > This sounds that 'schultz' would be wrong there.

Not at all Erich, quite the opposite in my view; as someone who's been 
subscribed to freebsd-security@ for 12 or so years, I look forward to 
seeing informed responses to some of schultz' issues.  In any event, 
{s,}he promptly took Julian's advice to post it there, where one aspect 
has already attracted responses from des@ and pjd@

The best way to get a good sense of what issues are acceptible and/or 
useful topics for which lists, without having to subscribe, is to browse 
a list's archives for several months.  Works for me.  In this case try:

http://lists.freebsd.org/pipermail/freebsd-security/

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: IPFW transparent VS dummynet rules

2012-01-07 Thread Ian Smith
On Sat, 7 Jan 2012, budsz wrote:
 > Hi folks,
 > 
 > I already found the mistake of my ruleset sequence on my box, for ex:
 > 
 > ${fwcmd} add 30 fwd ${ipproxy},${portproxy} tcp from ${ipclproxy} to
 > any dst-port ${porthttp} in via ${ifint0}
 > 
 > ${fwcmd} add 52 pipe 2 ip from any to ${ipclient} via ${ifint0}
 > ${fwcmd} add 53 pipe 3 ip from ${ipclient} to any via ${ifint0}
 > ${fwcmd} pipe 2 config bw ${bwcldown} mask dst-ip 0x
 > ${fwcmd} pipe 3 config bw ${bwclup} mask src-ip 0x
 > 
 > With this ruleset sequence, the limiter didn't work but fwd rules working.
 > If I switching like:
 > 
 > ${fwcmd} add 52 pipe 2 ip from any to ${ipclient} via ${ifint0}
 > ${fwcmd} add 53 pipe 3 ip from ${ipclient} to any via ${ifint0}
 > ${fwcmd} pipe 2 config bw ${bwcldown} mask dst-ip 0x
 > ${fwcmd} pipe 3 config bw ${bwclup} mask src-ip 0x
 > 
 > ${fwcmd} add 70 fwd ${ipproxy},${portproxy} tcp from ${ipclproxy} to
 > any dst-port ${porthttp} in via ${ifint0}
 > 
 > The limiter working but fwd didn't work. Anyone have a clue for fix
 > this dilemma?

Quoting ipfw(8):

 fwd | forward ipaddr | tablearg[,port]
 Change the next-hop on matching packets to ipaddr, which can be
 an IP address or a host name.  The next hop can also be supplied
 by the last table looked up for the packet by using the tablearg
 keyword instead of an explicit address.  The search terminates if
 this rule matches.

Note particularly the last sentence.  You'll have to do your dummynet 
piping first, if it is to apply also to forwarded packets.

(sysctl)
  net.inet.ip.fw.one_pass: 1
 When set, the packet exiting from the dummynet pipe or from
 ng_ipfw(4) node is not passed though the firewall again.  Other-
 wise, after an action, the packet is reinjected into the firewall
 at the next rule.

It seems that you may have one_pass set to 1.  Set to 0, packets will 
continue through the ruleset on exit from pipe/s, so to your fwd rule.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipfw And ping

2011-12-04 Thread Ian Smith
In freebsd-questions Digest, Vol 391, Issue 10, Message: 25
On Sun, 04 Dec 2011 01:44:53 -0600 Tim Daneliuk  wrote:
 > On 12/04/2011 01:04 AM, Ian Smith wrote:
 > 
 > 
 > >
 > > For one, google 'icmp redirect attack'
 > 
 > But isn't that handled by setting:
 > 
 > 
 > net.inet.icmp.drop_redirect=1

Yes, but generally clearer to allow what you want and drop the rest.

 > > # This is the ICMP rule we generally use:
 > > #   ipfw add 10 allow icmp from any to any in icmptypes 
 > > 0,3,4,11,12,14,16,18
 > 
 > 
 > Hmmm I just tried this and it seems to break ping...

That doesn't allow inbound pings, no.  Add type 8 if you want to permit 
inbound pings from anywhere, or use eg my example to do so selectively.

If you mean outbound pings, well you still have to allow outbound ICMP 
after denying what you don't want inbound .. here it is again:

$fwadd pass icmp from any to any in recv ${ext_if} ${recv_types}
# omit the following line if you included type 8 in $recv_types
$fwadd pass icmp from ${pingok} to any in recv ${ext_if} icmptypes 8
$fwadd deny log icmp from any to any in recv ${ext_if}
$fwadd pass icmp from any to any# outbound, and inside

cheers, Ian  (Please cc me; I take questions@ as a digest, can be slow)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipfw And ping

2011-12-03 Thread Ian Smith
In freebsd-questions Digest, Vol 391, Issue 9, Message: 9
On Fri, 02 Dec 2011 10:35:45 -0600 Tim Daneliuk  wrote:

 > On 12/01/2011 05:45 PM, Jon Radel wrote:
 > >
 > > On 12/1/11 6:25 PM, Tim Daneliuk wrote:
 > >
 > >> ${FWCMD} add allow icmp from any to any
 > >>
 > >> It does work but, two questions:
 > >>
 > >> 1) Is there a better way?

 > > Consider allowing only the ICMP that does things you want to do. 
 > > Google something like "icmp types to allow" for some hints and 
 > > opinions. Just as an example, you can independently control being 
 > > able to ping others and others being able to ping you.

 > >> 2) Will this cause harm or otherwise expose the server to some
 > >> vulnerability?

 > > Well, if you allow all ICMP types, it's possible to make your 
 > > little packets go places you didn't really want them to go, and 
 > > similar network breakage. You can also find those who feel strongly 
 > > that allowing others to ping your machines gives them way too much 
 > > information about what you have at which IP address. On the other 
 > > hand, working ping and traceroute can be very handy to figure out 
 > > what's wrong when the network breaks. But do you open up access on 
 > > your server?---well not so much, though having said that I'm ready 
 > > for somebody to remind me of some obscure attack that uses ICMP for 
 > > more than information gathering. :-)
 > >
 > > --Jon Radel

 > I have been so advised by a number of people to do just this and I am 
 > investigating.
 > 
 > I am not horribly concerned about this, though, because the machine 
 > in question is a NATing front end for a private, non-routable LAN and 
 > the associated nameserver uses split-horizon DNS to make all the 
 > internal name-ip associations invisible outside the LAN.  So ... I 
 > don't really see much threat here.  I am throttling ICMP rates via 
 > sysctl because - AFAIK - the only overt ICMP attack is to flood a 
 > target in hopes of getting Denial Of Services.
 > 
 > As with you, I remain open to someone presenting a scenario
 > wherein a particular ICMP protocol could actually cause harm...

For one, google 'icmp redirect attack'

#% stock rc.firewall doesn't permit _ANY_ ICMP, even TCP-required!
#% see http://www.iana.org/assignments/icmp-parameters

#% from 19/1/99 freebsd-security (compacted):
# This is the ICMP rule we generally use:
#   ipfw add 10 allow icmp from any to any in icmptypes 0,3,4,11,12,14,16,18
# This allows "safe" ICMP's to get in, so that ping, traceroute, etc.
# work, while blocking potentially unsafe ICMP's.
# See /sys/netinet/ip_icmp.h for definitions of the ICMP types.
# -Archie
# Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

Since then I've used, on multi-host and NAT'd setups, more or less this:

recv_types='icmptypes 0,3,4,11,12,14,16,18' # reject most pings :(
#% can use keep-state for outbound icmp but then ANY icmptype matches!
#% 26/3/7 still need to generally deny inbound pings except friendlies
# pingok="{ was a list of IP addresses[/masks] allowed to ping }"
#% XXX better using a pre-loaded table (for OOB on the fly additions)
pingok="table\(8\)"
$fwadd pass icmp from any to any in recv ${ext_if} ${recv_types}
$fwadd pass icmp from ${pingok} to any in recv ${ext_if} icmptypes 8
$fwadd deny log icmp from any to any in recv ${ext_if}
$fwadd pass icmp from any to any# outbound, and inside

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: where to ask about problems with bsdinstall in 9.0RC2?

2011-11-22 Thread Ian Smith
On Tue, 22 Nov 2011 11:40:45 -0500, William Bulley wrote:
 > According to Ian Smith  on Sat, 11/19/11 at 13:29:
 > > 
 > > Unfortunately that concentrates on creating a GPT layout, encouraging a 
 > > Linux-like single (plus a boot) partition - forget using dump/restore -
 > > and says nothing much about installing over an existing setup with MBR 
 > > partitioning and multiple slices, a not uncommon setup on many existing 
 > > laptops .. eg here I want to install over a previous 7.2-RELEASE 60GB 
 > > slice partitioned as I want it - 1GB /, 4GB /var, 16GB /usr and ~37GB 
 > > /home.  Further, I want to preserve /home as is, despite having backups.
 > > 
 > > sysinstall's partitioning is more sophisticated; you get to specifically 
 > > toggle on or off newfs'ing each partition, as well as specifying newfs 
 > > options if you want.  So it's clear whether you'll be newfs'ing / and 
 > > which other partitions, and which you'll be leaving alone, eg /home.
 > > 
 > > On BETA1 I recorded "Extract Error while extracting base.txz: can't set 
 > > user=0/group=0 for /var/empty Can't update time for /var/empty .." which 
 > > someone/s else also reported, which turned out to be misleading .. the 
 > > basic problem is that the filesystem isn't empty, ie as after newfs.
 > 
 > I hate to be a pest about this, but bsdinstall just isn't working for me.
 > I grabbed the 9.0RC2 bootonly ISO for i386 and tried again to load this
 > onto this Dell laptop.  This time the *.txz files had to be gotten over
 > the network which took longer that with the DVD1 ISO.   :-(
 > 
 > The files were fetched, and checked/verified, then the actual installation
 > (extraction) began.  Unfortunately, I got the same error pop-up message.
 > This time I have the exact text of that error message:
 > 
 >"Error while extracting base.txz: Can't
 > set user=0/group=0 for var/emptyCan't
 > update time for var/empty"
 > 
 > Note the missing space or CR before the second "Can't"
 > 
 > What confused me at first was the missing slash ("/") character before the
 > two "var" pathnames.  But I now understand that is because I am updating
 > (not installing) from a previously working (was 8.2-STABLE in this case)
 > system where the four partitions (root, swap, /var, and /usr) are present
 > and full of FreeBSD files, etc.

Sorry William, this arrived not long after I crashed, 18-hour odd time 
difference .. I've since seen Frank Shute advise how to csup from 8.2-S 
to RELENG_9_0 and in your case that's likely the easiest way to go.

As you see, you got exactly the same error I got with BETA1, and for the 
same reason - bsdinstall isn't running newfs on your existing partitions 
before trying to extract the distribution.  I thought that was going to 
be fixed before release, but clearly not yet.  It really needs the newfs 
toggle option of sysinstall/sade before it'll be useful as sysinstall.

You'd have to boot your DVD1, go into Live CD (formerly Fixit) mode and 
run newfs manually - if running sysinstall from there doesn't work?  I 
recall your 8.2 system was on slice 1, so likely:

# newfs /dev/ad0s1a # /
# newfs /dev/ad0s1e; newfs /dev/ad0s1f  # /usr, /var

Then probably have to reboot DVD1 - I don't know if you can get back 
into the installer from fixit mode? - then the install should work, but 
of course you've by then lost your 8.2 system entirely.

 > If this is a "feature" of bsdinstall, then it should be mentioned in the
 > documentation somewhere.  I used the "Manual" configuration method where
 > I was asked to name the mount points for root, /var and /usr.  My question
 > is this: "if bsdinstall can't handle installing over top of an already
 > existing system on disk, then why ask the user for mount points on those
 > already existing partitions?"  This seems weird to me.

The docs are very much a work in progress.  Even sysinstall requires you 
to at least enter the mountpoints for your existing partitions (within a 
slice); they're needed for install and of course to build /etc/fstab.  

In my case, wanting to preserve /home, seems I'll have to NOT supply a 
mountpoint for that partition in order for it to be left alone, and then 
add it into fstab afterwards, probably having to merge any newly created 
user there from /usr/home, revert the symlink etc.  Messy.

 > So now I am back to square one.  I want to load 9.0RC2 onto this laptop
 > for reasons that aren't relevant to this thread, yet I am unable to do
 > so because as of 9.0 sysinstall has been replaced by bsdinstall.  

Did you try running sy

Re: 9.0 and bsdinstall - avoiding updating the MBR

2011-11-21 Thread Ian Smith
In freebsd-questions Digest, Vol 390, Issue 1, Message: 18
On Mon, 21 Nov 2011 01:47:27 + Bruce Cran  wrote:
 > I'm planning to install FreeBSD alongside a whole range of Windows 
 > builds for testing. In 8.x it's possible to tell the installer not to 
 > bother updating the MBR so you can use something like EasyBCD to boot it 
 > via the Windows bootloader instead. Is it still possible on 9.0-RC2 
 > using bsdinstall? I don't seem to remember seeing any option to avoid 
 > writing out the new boot code.

Hi, I gather not (yet?)  Can save the MBR with (eg) 'boot0cfg -f ~/mymbr 
adaX' for safety, dd it back if need be, and/or use fdisk(8) -p, -t and 
-f flags to save, test and restore just the slice table.

At least they're precautions I'm taking, really not wanting to clobber 
win2k (for BIOS updates :), 8.2-RELEASE or a shared UFS partition when 
next trying to install 9.0-RC2 to slice 2, currently 7.4-RELEASE ..

% boot0cfg -v ad0
#   flag start chs   type   end chs   offset size
1   0x00  0:  1: 1   0x0b   1023:  5:63   63  8385867
2   0x00   1023:255:63   0xa5   1023: 13:63  8385930125821080
3   0x00   1023:255:63   0xa5   1023: 15:63134207010 33543342
4   0x80   1023:255:63   0xa5   1023: 14:63167750730 66685815

version=2.0  drive=0x80  mask=0xf  ticks=182  bell=# (0x23)
options=packet,update,nosetdrv
volume serial ID a8a8-a8a8
default_selection=F4 (Slice 4)

% fdisk -p ad0
# /dev/ad0
g c232581 h16 s63
p 1 0x0b 63 8385867
p 2 0xa5 8385930 125821080
p 3 0xa5 134207010 33543342
p 4 0xa5 167750730 66685815
a 4

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: where to ask about problems with bsdinstall in 9.0RC2?

2011-11-19 Thread Ian Smith
In freebsd-questions Digest, Vol 389, Issue 8, Message: 6
On Fri, 18 Nov 2011 19:08:22 -0500 William Bulley  wrote:
 > According to Edward Martinez  on Fri, 11/18/11 at 
 > 19:53:
 > > 
 > >Have you tried installing with "ACPI" disabled.
 > >
 > > http://www.freebsd.org/doc/handbook/bsdinstall-install-trouble.html#Q3.10.2.1.
 > > 
 > >  this also may be of some help:
 > >  http://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html
 > 
 > Thanks.
 > 
 > I will try disabling "ACPI" but this wasn't necessary for the install
 > of 8.2-RELEASE from CD which, as I said, went in just as I expected.

I doubt that's your problem, going by my experiences with BETA1 and 
following the freebsd-current archives for a couple of months; others 
have described similar problems installing over existing slices, and in 
my mind it points to a relatively large deficiency in bsdinstall versus 
sysinstall (still available from 'Live CD' mode, at BETA1 anyway)

 > I would not think that much would have changed in 9.0RC2 in this area.
 > Maybe I am wrong about that.
 > 
 > The second URL describes the Manual vs. Guided install and partition
 > section of bsdinstall.  I had read this several days before the 9.0RC2
 > install attempt from DVD.  It seemed pretty reasonable, but a little bit
 > different from sysinstall.  Was worth a try.

Unfortunately that concentrates on creating a GPT layout, encouraging a 
Linux-like single (plus a boot) partition - forget using dump/restore -
and says nothing much about installing over an existing setup with MBR 
partitioning and multiple slices, a not uncommon setup on many existing 
laptops .. eg here I want to install over a previous 7.2-RELEASE 60GB 
slice partitioned as I want it - 1GB /, 4GB /var, 16GB /usr and ~37GB 
/home.  Further, I want to preserve /home as is, despite having backups.

 > What I saw when I selected Manual partitioning, was a complete tree:
 > 
 > ad0
 >ad0s1   [FreeBSD Boot Manager from 8.2]
 >ad0s1a   [was my previous root partition]
 >ad0s1d   [was my previous swap partition]
 >ad0s1d   [was my previous /var partition]
 >ad0s1e   [was my previous /usr partition]
 > 
 > or something very close to that, missing only my mount points from my
 > previous 8.2-STABLE system.  I added the mount points (this is the area
 > where I thought bsdinstall had some weaknesses in the "User Experience")
 > and went on after selecting "Finish".

sysinstall's partitioning is more sophisticated; you get to specifically 
toggle on or off newfs'ing each partition, as well as specifying newfs 
options if you want.  So it's clear whether you'll be newfs'ing / and 
which other partitions, and which you'll be leaving alone, eg /home.

 > The problem occurred much later after I selected all four install files.
 > When I said the equivalent of "Go", it began the process of loading them
 > off the DVD, checking their checksums, and compressing them prior to
 > installing them.  It was while processing the first (base.txz) chunk
 > that the popup appeared giving me the "unable to write" or "unable to
 > uncompress" message.  Can't recall the exact error now some hours later...  
 > :-(

On BETA1 I recorded "Extract Error while extracting base.txz: can't set 
user=0/group=0 for /var/empty Can't update time for /var/empty .." which 
someone/s else also reported, which turned out to be misleading .. the 
basic problem is that the filesystem isn't empty, ie as after newfs.

The workaround given then was to boot in Live CD (aka Fixit) mode, and 
newfs the appropriate partitions, manually or with SADE - in your case 
probably all of /, /var and /usr - and then rerun the install onto clear 
partition/s; it's not and never should be required to scrap existing 
partitioning.

Something else not clearly evident to me is (or at least was) that if 
you don't supply a mountpoint for a partition, it won't be used; in my 
case I'd have to leave my /home partition unmentioned so it would be 
left alone .. after all, every partition on every slice is listed as a 
possible install target.  I admit not having tried this again since, 
after feeling a bit lucky not to have destroyed my whole 7.2 slice, but 
that was BETA1 after all ..

I haven't yet discovered whether or how bsdinstall handles setting 
boot0cfg for multi-boot systems, and I've seen no mention of boot0cfg or 
anything similar (apart from Linuxisms like GRUB) for GPT setups at all.

 > So the extraction step failed the first file, and I never made it to
 > the Post-Installation phase, sigh...  :-(

Yep.  I'd hoped this might be fixed (or at least documented?) by now, 
but I think bsdinstall has to be considered still in development at this 
stage - ie, for 9.0 - except for such as installing to new systems, for 
which it appears to be working very well.  Some have implied that the 
sort of installs we're attempting should require prior experti

Re: recursive copy with spaces in descendants

2011-11-06 Thread Ian Smith
In freebsd-questions Digest, Vol 387, Issue 10, Message: 34
On Sat, 5 Nov 2011 18:49:29 -0400 Chris  wrote:
 > On Sat, Nov 5, 2011 at 6:20 PM, Michael Sierchio  wrote:
 > > On Sat, Nov 5, 2011 at 3:15 PM, Chris  wrote:
 > >> I apologize for the lack of detail. The command I'm using is:
 > >> ( cd /usr/local/etc/transmission/home/Downloads/ ; tar cf - . ) | ( cd
 > >> /mnt/usb ; tar xf - )
 > >
 > > Show, don't tell. What does tar report when you run it?

Indeed this helps, especially now we also know it's msdosfs ..

 > The following messages display:
 > 
 > ./: Can't set user=921/group=921 for .
 > ./Reboot S1 - 01 [3FD6C4B2].mkv: Can't create 'Reboot S1 - 01 [3FD6C4B2].mkv'
 > 
 > The last message (can't create) repeats for all files in the
 > directory. Running 'ls -al /mnt/usb' yields:
 > 
 > drwxr-xr-x   1  rootwheel 32768Dec 31 1979  .
 > drwxr-xr-x   1  rootwheel 512Nov  5 03:04  ..
 > 
 > Where /mnt/usb was originally empty in the first place.

Something I've seen noone mention is that msdosfs has no concept of user 
or group, so "Can't set user=921/group=921 for ." makes perfect sense. 

Your 'ls -al' above showing "root wheel" indicates permissions related 
to the mount point.  If you'd mounted it as a normal user it could show 
"user user" ownerships, unrelated to what msdosfs stores on the disk. 
Similarly, mount_msdosfs(8) -u, -g and -m switches don't affect what's 
written to the disk, but only how the filesystem appears to FreeBSD.

For example, a 'cp -pR /etc /mnt/usb" also complains about not being 
able to set the ownership or permissions (other than DOS' read-only 
attribute) on target files, but it will still copy them ok, including 
filenames with spaces - but not with '&,+' or other non-DOS characters.

So maybe tar gives up before writing, because the ownership is wrong?

Perhaps the -o and -p options to tar(1) might help here, but the bottom 
line is that msdosfs is not really a suitable target for UFS files.  I 
tend to use zip(1)  - which keeps perms and ownership, though not hard 
links - to stash dirs and files on msdosfs, but format flash disks - or 
at least one or more slices on them - as UFS for real backup purposes.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Fast personal printing _without_ CUPS

2011-10-31 Thread Ian Smith
In freebsd-questions Digest, Vol 386, Issue 9, Message: 5
On Sat, 29 Oct 2011 07:28:24 -0400 Jerry  wrote:
 > On Fri, 28 Oct 2011 17:27:03 -0500 (CDT)
 > Robert Bonomi articulated:
 > 
 > > Your insistance on trying to impose -your- standards on the world, and
 > > denying them the 'freedom of choice' to make their own decisions on
 > > the matter -- e.g. "anyone offering such products should be to some
 > > degree held legally responsible to their worth" -- is a fascist
 > > mind-set. You 'know better' than anybody else, what is 'right' _for_
 > > them.  
 > > 
 > > BTW, I'd _love_ to see Microsoft "held legally respnsible" for _their_
 > > product shortcomings.  They'd be out of business in a week at the
 > > outside.
 > 
 > Once again your argument is pathetic. Microsoft has been held legally
 > responsible by laws written to curtail the robber barons (railroad &
 > oil) of the 19 and early 20th century.) Of course the EC, or is that
 > the USSREC, strongly backed (pushed) by Opera, a maker of a web browser
 > so pathetic that in two years a new upstart, "Chrome" actually has a
 > larger market share, led a fight to curtail Microsoft's market share.

Actually, it was to curtail modern-day robber barons destroying their 
competition by the usual raft of monopolistic and anti-competitive 
techniques, but let's roll on through your gloriously OTT troll ..

 > This is Fascism at its best. A totally free and open market is the best
 > way to insure the survival of the fittest. Of course socialists cannot
 > survive in that environment and rush off to find ways of getting
 > governments involved in protecting their turf.

Calling everyone who finds Microsoft's predatory behaviours 'socialist' 
(let alone 'fascist') and wrongly reducing to absurdity Darwin's theory 
to this primitive 'survival of the fittest' mantra is counterproductive 
to your usual function of participating in this list to sow bulk FUD on 
behalf of Microsoft.  If I were Bill, you'd get no $points for this one.

 > I have absolutely no problem with holding Microsoft legally responsible
 > when they release a product with a bug or security flaw. However, this
 > must be enforced across the board and against every entity that
 > releases software irregardless of its price. It should probably even
 > include "port maintainers" who release defective ports. Lets be honest,
 > if that is even possible for a socialist like yourself, that if you
 > want to go down that road then lets go -- all the way.

Microsoft would love that.  They can pay fines out of the coffee and 
biscuit jar without blinking, while non-behemoths would be bankrupt.  
You would no doubt find this fair enough; survival of the fattest.

 > Microsoft's very existence depends on its ability to create an
 > operating system that allows users to fully use programming and devices
 > that they choose to deploy. If they cannot achieve that goal then they
 > die, or else have a market share equivalent to FreeBSD, virtually
 > undetectable. Microsoft has done a fairly good job of that. FreeBSD,
 > an the other non-windows operating systems, have not achieved that
 > goal although a few forward thinking developers like those associated
 > with Ubuntu have made huge strides in that direction.

You are mistaken if you think the raison d'etre of FreeBSD is, or ever 
has been, or ever will be, to achieve Microsoft's goals of a system so 
simple (albeit by obfuscation of complexity) that even a fool can use 
it, aimed at a mass consumer market.  You are wrong if you see FreeBSD, 
or the other BSDs, or other unix-based or unix-inspired systems (apart 
from Apple and a few more reactionary Linux advocates) as 'competing' in 
the same 'market' as Microsoft.

 > When it comes to
 > technological advances, FreeBSD is at the bottom of the list. It is
 > there primarily because of people who are simply willing to accept
 > inferiority as the norm.

Microsoft's list, for sure.  So transparent, Jerry.

 > I know I piss people off by my style of
 > writing. I am just not the sort of person, a socialist primarily, who
 > bends over and takes it up the ass everyday rather than say "ENOUGH,
 > lets fix this friggin mess." You cannot even get a decent "N - protocol"
 > wireless device, or even a not so decent one for that matter, to work
 > on FreeBSD while the rest of the world has had working solutions for 5
 > years. What the hell are they waiting for -- the second coming of the
 > invisible man in the sky? Friggin PATHETIC. However, our esteemed
 > leadership has managed to bump the version numbers from at least 6 to
 > the soon to be 9 and we still have no working solution for an easy
 > method of securing and installing printer drivers, or any drivers for
 > that matter. Having to modify obscure system files and settings to get
 > a simple sound card to work is always a PLUS. Pathetically enough, there
 > are users who do actually feel that way.

Apart from yourself, for obvious reasons, people who 

Re: ipfw: getsockopt(IP_FW_ADD): Invalid argument

2011-07-06 Thread Ian Smith
On Wed, 6 Jul 2011, Unga wrote:
 > On Tue, 7/5/11, Ian Smith  wrote:
 > > > Does anybody successfully use the "ipfw fwd"? If so
 > > > in which FreeBSD version?
 > 
 > > Not I, but many do.  On the face of it the rule looks
 > > correct.  Do you 
 > > have a TCP service running on localhost:1234 ?  Does
 > > wlan0 exist?  You 
 > > may do better posting to the freebsd-ipfw list, with more
 > > information.
 > 
 > > cheers, Ian
 >
 > Hi Ian
 >
 > I have added 'options IPFIREWALL' and rebuilt all, now 'ipfw fwd' 
 > works well.
 >
 > So the 'options IPFIREWALL_FORWARD' alone is insufficient, the
 > 'options IPFIREWALL' is also required.

Right; I guess if you're building it into kernel you have to configure 
all relevant options there too.  That could be more explicitly stated.

 > Thank you and all others who helped me in this regard.

Glad it's working.  Another win for the collective wisdom ..

cheers, Ian___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ipfw: getsockopt(IP_FW_ADD): Invalid argument

2011-07-05 Thread Ian Smith
In freebsd-questions Digest, Vol 370, Issue 2, Message: 14
On Mon, 4 Jul 2011 09:11:07 -0700 (PDT) Unga  wrote:
 > --- On Mon, 7/4/11, Unga  wrote:
 > 
 > > From: Unga 
 > > Subject: ipfw: getsockopt(IP_FW_ADD): Invalid argument
 > > To: freebsd-questions@freebsd.org
 > > Date: Monday, July 4, 2011, 11:48 AM
 > > Hi all
 > > 
 > > Following ipfw rule develop error indicated in the subject
 > > line:
 > > ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any 1234
 > > out via wlan0
 > > 
 > > What I want to do is forward any packet going to port 1234
 > > to 127.0.0.1:1234.
 > > 
 > > I have built the kernel with "options     
 > >    IPFIREWALL_FORWARD".
 > > 
 > > What's the error here? Is the rule incorrect?
 > > 
 > > This is FreeBSD 8.1.
 > > 
 > > Many thanks in advance.
 > > 
 > > Unga
 > > 
 > 
 > Does anybody successfully use the "ipfw fwd"? If so in which FreeBSD version?

Not I, but many do.  On the face of it the rule looks correct.  Do you 
have a TCP service running on localhost:1234 ?  Does wlan0 exist?  You 
may do better posting to the freebsd-ipfw list, with more information.

cheers, Ian___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: mount /unmount

2011-07-04 Thread Ian Smith
In freebsd-questions Digest, Vol 370, Issue 2, Message: 19
On Mon, 04 Jul 2011 20:43:23 +0100 Matthew Seaman 
 wrote:
 > On 04/07/2011 15:53, tethys ocean wrote:
 > >> If a partition was not unmounted cleanly (eg. the machine crashed, or
 > >> > the power was cut off suddenly) then fsck(8) should be used to check and
 > >> > fix any problems on the filesystem.  If you've booted into single-user
 > >> > mode, then definitely fsck any partitions before trying to mount them.
 > >> >
 > > *I guess If I can do fsck without unmount partition I can lost all my data
 > > isn't it?*
 > 
 > fsck on an unmounted partition will change on-disk data structures in
 > ways that the kernel doesn't expect.  So, yes, one consequence is that
 > you can lose or corrupt data.  You probably wouldn't lose everything in
 > the partition -- but you would tend to cause corruption predominantly in
 > files that are more actively used.
 > 
 > So don't do that.

Actually fsck is smarter than to damage data on mounted partitions; it 
forces the -n switch (NO WRITE) on a mounted partition so is perfectly 
safe to use, as long as you're aware that it can't correct any errors, 
and indeed will most often list some apparent errors that are merely 
temporary inconsistencies in the present state of the filesystem such 
as open files, viz:

sola# mount -p
/dev/ad0s2a /   ufs rw  1 1
devfs   /devdevfs rw0 0
/dev/ad0s2d /varufs rw,noatime  2 2
/dev/ad0s2e /usrufs rw,noatime  2 2
devfs   /var/named/dev  devfs rw0 0

sola# fsck /var
** /dev/ad0s2d (NO WRITE)
** Last Mounted on /var
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE I=24  OWNER=mysql MODE=100600
SIZE=0 MTIME=Feb  6 23:59 2011
CLEAR? no

UNREF FILE I=60  OWNER=mysql MODE=100600
SIZE=0 MTIME=Feb  6 23:59 2011
CLEAR? no

UNREF FILE I=86  OWNER=mysql MODE=100600
SIZE=0 MTIME=Feb  6 23:59 2011
CLEAR? no

UNREF FILE I=24830  OWNER=root MODE=140666
SIZE=0 MTIME=Mar  2 03:32 2011
CLEAR? no

** Phase 5 - Check Cyl groups
2579 files, 96883 used, 29956 free (1132 frags, 3603 blocks, 0.9% fragmentation)

sola# fsck /usr
** /dev/ad0s2e (NO WRITE)
** Last Mounted on /usr
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE I=804237  OWNER=smithi MODE=100640
SIZE=0 MTIME=Jun 29 20:29 2011
CLEAR? no

** Phase 5 - Check Cyl groups
401132 files, 8584016 used, 3155190 free (88926 frags, 383283 blocks, 0.8% 
fragmentation)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipfw nat inbound keep-state with net.inet.ip.fw.one_pass=0

2011-06-25 Thread Ian Smith
On Thu, 23 Jun 2011, umage wrote:

 > Some points:
 > 1) I did use the handbook as reference, and my ruleset mimics the layout used
 > there.

Excuse the late response, I've been away.  The best reference, apart 
from ipfw(8), is /etc/rc.firewall.  'Nuff said.

 > 2) Handbook uses divert natd, which I used until I switched to the kernel nat
 > approach.

Assuming that was working, is changing to ipfw nat the only difference?  
Or is that when you added fwd to the mix?  Is 192.168.0.55 another box 
on the LAN, or an IP alias on this box?  What says 'netstat -finet -rn'?
Is this on FreeBSD 8.x?

 > 3) I did not find any concrete examples of ipfw nat rule usage, so I'm using
 > them the old natd way.

Apart from the 'NAT, REDIRECT AND LSNAT' section in ipfw(8), natd(8) is 
still useful as fuller reference, given a few less, renamed parameters.  
As mentioned in that section, libalias(3) gives detail of all functions.

 > I did some more experiments, and noticed that for example, an inbound
 > connection can still communicate both ways after the initial state table rule
 > expires (20 seconds for some reason).

ipfw(8) 'SYSCTL VARIABLES' covers timeouts (sysctl net.inet.ip.fw.dyn_*) 
20 seconds suggests a SYN timeout, so a TCP connection - but see below.

Perhaps that 'works' because you're not denying established connections 
and using only 'setup' on keep-state rules, again assuming TCP protocol?

 > If they communicate while the state
 > entry is alive, the timeout resets, but it seems like it doesn't matter at
 > all. This leads me to believe that 'ipfw nat' keeps an internal state table,
 > which cannot be viewed, but is checked when doing check-state. Or
 > something... which I have no way of knowing.

NAT aliasing tables are entirely distinct from ipfw dynamic rule state 
tables.  Try adding 'log' (and maybe same_ports) to ipfw nat parameters 
at least while debugging connections.  That log, 'ipfw -ted show' and 
a tcpdump on each interface should show exactly what's going on.

'ipfw nat 1 show config'.

 > Here's a pruned version of the ruleset I used. Rule 600 is the one that adds
 > that remote <--> local state table entry that messes everything up. If I omit
 > keep-state on it, then traffic from the local side will be the one creating
 > the states when replying, with a 5-second timeout.

sysctl net.inet.ip.fw.dyn_udp_lifetime is 5 seconds by default.  So now 
we're talking UDP?  Please be more specific, or best, cut&paste results.

 > 
 > $fw add 100 allow all from any to any via $lan_if

This passes all packets coming in from the LAN, bound for anywhere - ie 
this box OR the outside - but before/without performing NAT - as well as 
passing packets being transmitted to the LAN, whether locally generated 
or routed after having been NAT'd on inbound pass.  Not what you wanted.

You mentioned packets mistakenly reaching the outside with 192.168.* 
source addresses, that'll be this rule.  Try specifying 'in recv $if' 
and 'out xmit $if' avoiding 'via' when it's ambiguous, especially on 
outbound packets where 'via $if' is also true when they've come _in_ on 
that specified interface.  You need to do outbound NAT first anyway.

 > $fw nat 1 config if $wan_if redirect_port 192.168.0.55:12345 12345
 > $fw add 200 nat 1 ip4 from any to any in via $wan_if

Ok, you're doing inbound NAT before checking state, however you've not 
specified protocol (tcp or udp) with redirect_port.  I can't find any 
example in ipfw(8), natd(8) or libalias(3) where proto is optional, but 
I haven't read the code or tried this myself.  We can't tell from this 
(or rule 600) whether your port '12345' is TCP or UDP.

 > $fw add 300 check-state

At this point any packet, in or out, matching dynamic state tables will 
execute the action of the matching keep-state rule.  For packets going 
out to the WAN the action is a skipto, so all ip4 packets matching that 
flow will execute the 'skipto 800', where you NAT the outbound packets, 
and allow the corresponding return packets.

 > $fw add 400 skipto 800 ip4 from any to any out via $wan_if keep-state

Again, 'out via $wan_if' is ambiguous, and includes packets _received_ 
on $wan_if and now being transmitted to the inside, again before NAT.  
Specify 'out xmit' if you only want to apply this to packets being sent 
out to $wan_if, as I think you do; these are the only ones you want to 
perform NAT on anyway.

 > $fw add 500 allow all from any to any out keep-state

Ok, only inbound packets get to here, and they've already been NAT'd ..

 > $fw add 600 allow all from any to any dst-port 12345 in keep-state
 > $fw add 700 deny all from any to any in

While 'all | ip' will work for tcp or udp packets, better to specify the 
protocol targetted.

Ok, not only outbound packets get here, but also the return packets 
coming in with matching state, from the skipto.

 > $fw add 800 nat 1 ip4 from any to any out
 > $fw add 900 allow all from any to any

Bottom line is you nee

Re: ipfw nat inbound keep-state with net.inet.ip.fw.one_pass=0

2011-06-23 Thread Ian Smith
In freebsd-questions Digest, Vol 368, Issue 6, Message: 21
On Tue, 21 Jun 2011 20:16:32 +0200 umage  wrote:

 > Hi, I'm an ipfw user that finally got the opportunity to set up NAT on
 > an interface with a public IP. I was doing some multi-homing experiments
 > using ipfw fwd combined with outbound ipfw nat - and since I needed to
 > run both, and both immediately ended ipfw ruleset execution, I had to
 > turn off net.inet.ip.fw.one_pass.
 > 
 > This is where I discovered that with that setting turned off, my inbound
 > NAT rule stopped working. Seems that with one-pass execution, the NAT
 > rule also performs keep-state of some sort, the dynamic state table
 > looks ok and everything works fine. But if I turn it off, and do my own
 > "allow all in keep-state" after applying a static NAT rule on an inbound
 > connection, I see that the state table has the remote IP on the left
 > side and mine on the right side. I also see that my NAT setup breaks and
 > my packets are sent to the internet with a 192.168.0.x source address.

It's not possible to tell what's going on from just such a description 
without sharing your ruleset with us.  Offhand it smells like you may 
have your nat rule/s in the wrong place with respect to check-state or 
keep-state rule(s).  If you show us your ruleset (with any sensitive 
addresses anonymised if need be) and network configuration, then your 
problem may become evident.

On the face of it, 'allow all in keep-state' is a very dangerous rule, 
and I'd advise a comparison of your ruleset to the relevant section in 
/etc/rc.firewall.  You should ignore the IPFW section in the Handbook, 
written by someone who prefers ipfilter and containing many errors; 
ipfw(8) is your friend.

 > I'd like to ask if I'm doing anything wrong, or whether this is a bug. I
 > checked the issue tracker, but found no relevant issues there. I also
 > tried asking around, but it seems noone even uses ipfw anymore.

Depends where you ask; the freebsd-ipfw list archives may assist.  Most 
problems turn out to be usage related, not to say there aren't still 
some bugs being addressed, lately several related to ipfw nat.

 > Triggering the issue requires a modified kernel (ipfw forward and ipfw
 > nat are not available by default), requires using ipfw nat (a relatively
 > new thing) instead of the old natd daemon, and requires changing the
 > value of a system setting.

ipfw nat requires no kernel configuration, it'll load as a module.  The 
only part of ipfw requiring kernel configuration nowadays is ipfw fwd, 
which can't be loaded as a module as it impacts many parts of the stack.

Neither do you have to use ipfw nat; natd works as well as ever, but I'd 
be surprised if this isn't an issue more to do with your rule placement.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Query about FreeBSD and primary partitions requirements

2011-06-12 Thread Ian Smith
In freebsd-questions Digest, Vol 366, Issue 8, Message: 5
On Sat, 11 Jun 2011 14:23:48 -0700 per...@pluto.rain.com wrote:
 > Matthew Seaman  wrote:
 > 
 > > On 11/06/2011 08:18, Bret Busby wrote:
 > > > the current FreeBSD Handbook ... states
 > > > "FreeBSD must be installed into a primary partition."
 > > > 
 > > > However, in the last couple of days, I have been advised that
 > > > FreeBSD can be installed in, and, quite happily runs in, a
 > > > logical partition within an extended partition.
 > > > 
 > > > Has anyone other than the person who advised me of that, tested
 > > > the installation and operation of FreeBSD, within a logical
 > > > patition of an extended partition ...?
 > >
 > > FreeBSD can mount and use filesystems created on partitions inside
 > > 'extended partition' type slices (cue standard exposition of the
 > > difference between partitions and slices in FreeBSD-speak.)  True.
 > >
 > > However, I believe that you may well have difficulty *booting*
 > > FreeBSD unless the kernel (ie. /boot) can be read from a primary
 > > partition.
 > 
 > I presume the purpose of boot0ext.S is to build a boot0 (FreeBSD MBR)
 > variant capable of booting from what MS call an "extended partition"
 > -- boot0.S being used when booting from a "primary partition" -- but
 > I've never tried to use it.  I'm having enough "fun" trying to boot
 > from a _different_ "unusual" configuration.

Diffing boot0.S and boot0ext.S shows the latter to be a two-sector (1KB) 
boot with more detailed strings about different partition types, some 
difference in SIO code, support for 'BIOS EDD extensions' and CHS vs LBA 
(ie, older stuff) but nothing I could spot towards decoding 'extended 
partitions'; it seems from CVS logs to have been kept as a nod to jhk's 
original 2-sector boot0 code, and hasn't been touched for 7 years.

Having run OS/2 for several years before moving to FreeBSD in '98 I had 
to learn about mounting 'drives' within 'extended partitions' as adXs5, 
adXs6 etc, to recover about 7 OS/2 filesystems from 2 disks.  Last I 
looked the HPFS code was still in the tree, only needing compiling; very
similar to the (old) NTFS code by the same author, it worked fine R/O.

Anyway, space allocation within the 'extended partition' is implemented 
as a linked list, so booting from one of these used to need something 
like OS/2's boot manager (itself consuming a small primary partition) or 
GRUB ono to chase down and load the desired boot partition, assuming you 
managed from the command line to newfs it as UFS in the first place (?)

 > > Also, I don't think sysinstall(8) groks extended partitions very
 > > well,
 > 
 > if at all ...

Not at all; sysinstall just sees it as a primary partition (ie FreeBSD 
slice) of type 0x05 (IIRC) ie as a non-bootable partition, completely 
ignored by boot0{,ext} or any 'normal' MBR code for that matter .. the 
FreeBSD convention of naming these as s5 etc is a convenient fiction.

 > > so you will probably have some fun doing the actual installation.
 > 
 > Indeed.

Best left as an exercise for the (morbidly curious) student :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: How to be an imap Client?

2011-04-22 Thread Ian Smith
In freebsd-questions Digest, Vol 359, Issue 7, Message: 1
On Thu, 21 Apr 2011 21:27:13 -0700 per...@pluto.rain.com wrote:
 > To: freebsd-questions@freebsd.org
 > 
 > Jerry  wrote:
 > 
 > > >  > Actually yes. Ignoring for a moment the reply you sent me
 > > >  > directly, conveniently bypassing the group forum,
 > > > 
 > > > perry's message, like this one, was likely posted to you, cc the
 > > > list. That's long been customary on freebsd lists, even this
 > > > 'kindergarten' one; noone 'conveniently bypassed' anything.  If you
 > > > don't like private copies, sent as a courtesy, just delete them and
 > > > move on.
 > >
 > > Wrong, it was sent directly, not CC'd. As per my stated policy, it was
 > > answered/referred to on the list forum. I am seriously considering
 > > changing that policy to also include reporting them as Spam.
 > 
 > Before making any such accusations, you had better make D@#% sure of
 > your facts, lest you find yourself on the wrong end of a libel suit.
 > 
 > My email client respects Reply-To: and I checked my logs just to be
 > sure.  That reply, as this one, was sent _only_ to the list.

Apologies for assuming you must have cc'd Jerry.  I should have checked 
your original post in freebsd-questions Digest, Vol 359, Issue 4, which 
shows any ccs, but not headers such as Reply-To: per message ..

Message: 23
Date: Wed, 20 Apr 2011 23:22:35 -0700
From: per...@pluto.rain.com
Subject: Re: How to be an imap Client?
To: freebsd-questions@freebsd.org
Message-ID: <4dafcd2c.tj0+rgq2u5+tzv2y%per...@pluto.rain.com>
Content-Type: text/plain; charset=us-ascii

Jerry  wrote:

> On Wed, 20 Apr 2011 10:01:28 -0500
> Martin McCormick  articulated:
> > ... our entire network is on the blacklist ...
>
> Why are you blacklisted? It seems correcting that problem
> would be my first priority.

Being a university, okstate.edu has students, most of whom are
not in the CIS department or in any way under control of the CIS
department's sysadmin.  Need I say more?

--

Having admin'd small clubs of at most 25 members mostly using regularly 
virus-, trojan- and malware-infested Windows boxes, I can hardly imagine 
having to deal with perhaps half of 25,000 similarly vulnerable laptops, 
at least 1% of which will be trying hard to spam or portscan the planet 
at any given time - nearly all, as Martin points out, without intent or 
knowledge of their poor blighted owners .. and they're a smarter crew!

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: How to be an imap Client?

2011-04-21 Thread Ian Smith
On Thu, 21 Apr 2011 07:34:32 -0400 Jerry  wrote:
 > On Wed, 20 Apr 2011 23:22:35 -0700
 > per...@pluto.rain.com  articulated:
 > 
 > > Jerry  wrote:
 > > 
 > > > On Wed, 20 Apr 2011 10:01:28 -0500
 > > > Martin McCormick  articulated:
 > > > > ... our entire network is on the blacklist ...
 > > >
 > > > Why are you blacklisted? It seems correcting that problem
 > > > would be my first priority.
 > > 
 > > Being a university, okstate.edu has students, most of whom are
 > > not in the CIS department or in any way under control of the CIS
 > > department's sysadmin.  Need I say more?
 > 
 > Actually yes. Ignoring for a moment the reply you sent me directly,
 > conveniently bypassing the group forum,

perry's message, like this one, was likely posted to you, cc the list. 
That's long been customary on freebsd lists, even this 'kindergarten' 
one; noone 'conveniently bypassed' anything.  If you don't like private
copies, sent as a courtesy, just delete them and move on.

The last thing we need is people here to troll on behalf of M$ stamping 
their feet, demanding we change the way we've always used these lists.

 > are you implying that these
 > students are using the University's web mail for possible illegal
 > actions and no one is policing that action?

Ah Jerry, good to see you end your admonition with a little humour!

cheers, ian

"He only does it to annoy, because he knows it teases" -- Lewis Carroll
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: ipdivert.ko

2011-04-05 Thread Ian Smith
In freebsd-questions Digest, Vol 357, Issue 3, Message: 8
On Tue, 5 Apr 2011 00:58:50 +0930 Sebastian Ramadan  wrote:

 > I wish to cause ipdivert.ko to load at boot time. Currently, ipfw.ko loads
 > correctly at boot time with ipfw_load="YES" in /boot/loader.conf, but
 > ipdivert.ko does not load at boot time with ipdivert_load="YES". I'm able to
 > load it using kldload, though. dmesg doesn't seem to be giving any clues as
 > to why ipdivert won't load... What am I doing wrong?
 > 
 > Regards, Sebastian Ramadan.
 > My uname -a, /boot/loader.conf, kldstat and a successful load of ipdivert
 > using kldload after boot time:
 > domU-12-31-39-02-15-3A# uname -a
 > FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb
 > 21 20:13:46 UTC 2011
 > r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN
 > i386
 > domU-12-31-39-02-15-3A# cat /boot/loader.conf
 > ipfw_load="YES"
 > ipdivert_load="YES"
 > domU-12-31-39-02-15-3A# kldstat
 > Id Refs AddressSize Name
 >  18 0xc000 4000 kernel
 >  21 0xc2bb3000 1ext2fs.ko
 >  31 0xc2d1f000 11000ipfw.ko
 >  41 0xc2d3 d000 libalias.ko

Hmm, I'm a bit curious as to why libalias.ko was loaded.  You don't 
have 'firewall_nat_enable="YES"' in rc.conf, do you?

Anyway, loader.conf isn't the way to go for loading ipfw or ipdivert 
(presumably for use by natd?) these days.

Instead you want these in /etc/rc.conf:

ipfw_enable="YES"
natd_enable="YES"

plus any required ipfw_ and natd_ variables (see /etc/defaults/rc.conf)

Then /etc/rc.d/ipfw will load ipfw.ko, and if natd_enable is set, will 
invoke /etc/rc.d/natd, which loads ipdivert.ko at the right time.

 > domU-12-31-39-02-15-3A# uname -a
 > FreeBSD domU-12-31-39-02-15-3A 8.2-RELEASE FreeBSD 8.2-RELEASE #13: Mon Feb
 > 21 20:13:46 UTC 2011
 > r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN
 > i386
 > domU-12-31-39-02-15-3A# kldload ipdivert
 > domU-12-31-39-02-15-3A# kldstat
 > Id Refs AddressSize Name
 >  1   10 0xc000 4000 kernel
 >  21 0xc2bb3000 1ext2fs.ko
 >  32 0xc2d1f000 11000ipfw.ko
 >  41 0xc2d3 d000 libalias.ko
 >  51 0xc3cc7000 4000 ipdivert.ko
 > 
 > My dmesg:
 > domU-12-31-39-02-15-3A# dmesg
 > Copyright (c) 1992-2011 The FreeBSD Project.
 > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 > The Regents of the University of California. All rights reserved.
 > FreeBSD is a registered trademark of The FreeBSD Foundation.
 > FreeBSD 8.2-RELEASE #13: Mon Feb 21 20:13:46 UTC 2011
 > r...@chch.daemonology.net:/usr/obj/i386/usr/src/sys/XEN i386

[..]

 > start_init: trying /sbin/init
 > ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based
 > forwarding disabled, default to deny, logging disabled
 > ipfw0: bpf attached

There are a number of outstanding PRs regarding module loading by natd 
and (if used) firewall_nat, and the use of these by /etc/rc.firewall.  

If enabling natd in rc.conf instead doesn't fix your issue, write to me 
privately and I'll put you onto some patches - but unless you're also 
(or instead) using kernel NAT (ipfirewall_nat - which needs to load 
libalias.ko) then the above settings should do you.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Bridge, dpcpd, sshd

2011-03-23 Thread Ian Smith
In freebsd-questions Digest, Vol 355, Issue 4, Message: 33
On Wed 23 Mar 2011 22:20:06 + (GMT) Chris  wrote:

 > I have a server machine that I use as DHCP server, sshd login etc, 
 > and since I have multiple Ethernet interfaces on it, I would like to 
 > use two of those for the internal network to avoid adding one more 
 > ethernet switch for just one extra machine. DHCP should configure 
 > hosts on both those interfaces and all the hosts should be on the 
 > same subnet.
 > 
 > So, I set up a bridge interface as per the FreeBSD handbook (ch. 
 > 31.5), but now dhcpd is refusing to start during boot as it claim 
 > that the "bridge0" interface doesn't exist. If I manually start dhcpd 
 > with the same parameters after the machine has come up, it will start 
 > and it will also work as expected and assign addresses to users 
 > connecting from teh bridge interface.
 > 
 > sshd seems to do something similar, it refuses to start, but can 
 > manually be re-started later on.
 > 
 > Is this some kinf of expected behavior, or does it sound like I'm 
 > doing something badly wrong? Can I force bride0 to be configured 
 > earlier in the boot so it is always there when the daemons start 
 > waking up?
 > 
 > Configuration info below.
 > 
 > TIA,
 >   Chris
 > 
 > = rc.conf extract 
 > dhcpd_enable="YES"
 > dhcpd_ifaces="bridge0"
 > cloned_interfaces="bridge0"
 > ifconfig_bridge0="addm dc0 addm dc1 up"
 > ifconfig_bridge0="inet 172.16.0.100/24"

There's your problem, and the response by Nerius Landys (read in the 
archives, as it hasn't arrived here in a digest yet :) would seem to 
indicate correct config - except that it has nothing to do with the 
order of assignments in rc.conf, but that your first ifconfig_bridge0
assignment is replaced, not added to, by the second.

It's important to know that /etc/rc.conf is a sh script that is sourced 
(that is, executed inline) at the end of /etc/defaults/rc.conf and so 
its statements are executed sequentially.  These statements just assign 
values to variables, and have no bearing at all on the order in which 
the rc.d system will actually use them; that depends on rcorder(8).

Nerius has indicated use of e.g:

 > ipv4_addrs_bridge0="192.168.0.254/24"

to assign address(es) to the bridge, avoiding your problem above.

 > ifconfig_dc0="up"
 > ifconfig_dc1="up"
 > 
 > = sshd.conf extract =
 > ListenAddress 172.16.0.100
 > 
 > === the dhcpd.conf is quite standard and does not say anything about 
 > the interfaces, that info is in rc.conf above 
 > 
 > === /var/log/messages extract 
 >  dhcpd: bridge0: not found

Yes; at that time your bridge hadn't been created, ie it had no members.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Shell script termination with exit function in backquotes

2011-03-20 Thread Ian Smith
in freebsd-questions Digest, Vol 354, Issue 10, Message: 4
On Sat, 19 Mar 2011 12:15:26 -0400 Maxim Khitrov  wrote:

 > Here's another, but related, problem that I just ran into. The man page 
 > reads:
 > 
 >  Commands may be grouped by writing either
 >(list)
 >  or
 >{ list; }
 >  The first form executes the commands in a subshell.  Note that built-in
 >  commands thus executed do not affect the current shell...
 > 
 > Here's my script:
 > 
 > 
 > #!/bin/sh
 > 
 > { A=1; }; echo $A
 > echo | { B=2; };  echo $B
 > { C=3; } > /dev/null; echo $C
 > 
 > 
 > And here's the output:
 > 
 > 
 > 1
 > 
 > 3
 > 
 > 
 > Where did the '2' go? Again, I have to assume that when stdin is piped
 > to a group of commands, those commands are executed in a subshell
 > despite curly braces. But where is this behavior documented? It seems
 > that there are a lot of corner cases that can only be understood if
 > you are familiar with the shell implementation. Documentation can
 > certainly be improved in places.

See sh(1) /Pipelines - last para:

 Note that unlike some other shells, sh executes each process in the pipe-
 line as a child of the sh process.  Shell built-in commands are the
 exception to this rule.  They are executed in the current shell, although
 they do not affect its environment when used in pipelines.

The braces aren't relevant because it's a pipeline, so even without:

 echo | B=2; echo $B

writes '', but

 echo | { B=2; echo $B; }

or (equivalent within a pipeline)

 echo | ( B=2; echo $B; )

writes '2'.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: logging to dmesg from userland

2011-03-14 Thread Ian Smith
In freebsd-questions Digest, Vol 354, Issue 1, Message: 15
On Sun, 13 Mar 2011 19:08:20 -0700 per...@pluto.rain.com wrote:

 > I am looking for a way to write into the kernel message buffer --
 > the one that dmesg prints out -- from a userland program, to help
 > in relating kernel printf messages to the userland operations which
 > provoked them.  (Yes, I am aware of the potential DoS implications:
 > the capability should be restricted to root, or at least to the
 > "operator" group.  I expect to use it only in single-user mode.)

Perry, interesting to see that unprivileged users can use logger to spam 
/var/log/messages (by default), on 5.5  and 7.4-PRE anyway.  I've 
long assumed that I could do that just because I'm in wheel, but not so.

 > Is there a program, or a system call, which can do this?  logger(1)
 > seemed a likely prospect, but either it doesn't have this capability
 > or I haven't found the formula.

Had a bit of a play around earlier, and as an unprivileged user can do:

%who am i
subs ttyv6Mar 14 18:06
%id -p
uid subs
groups  subs
%logger -p kern.notice hello from subs at kern.notice
%logger -p kern.crit hello from subs at kern.crit

logger(1) without -p writes to user.notice, which writes only to 
/var/log/messages (with standardish syslog.conf settings), but of the 
two above, only the latter one to kern.crit wound up in 'dmesg -a'

sola# dmesg | grep subs
sola# dmesg -a | grep subs
Mar 15 00:07:35 sola subs: hello from subs at kern.crit
Mar 15 00:07:35 sola subs: hello from subs at kern.crit

but twice!

Both appear in /var/log/messages, one of each, but only the latter also 
appeared - again twice - in /var/log/console.log .. not sure why twice, 
but syslog.conf can be tricky .. anyway, later trying other kern.levels:

%logger -p kern.err hello from subs at kern.err
%logger -p kern.alert hello from subs at kern.alert
%logger -p kern.warning hello from subs at kern.warning

All three go to messages, but just these two added to dmesg -a output:

Mar 15 00:44:54 sola subs: hello from subs at kern.err
Mar 15 00:45:37 sola subs: hello from subs at kern.alert

Moreover on my 7.4 system I tested also with kern.emerg, which indeed 
sent the emerg message to all open consoles, including root's!

Other kern. levels may work too, as may other facilities? and YMMV.

Colour me very surprised not having to be root to do any of those, 
especially those that do write to the kernel message buffer ..

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: spam?

2011-03-13 Thread Ian Smith
In freebsd-questions Digest, Vol 353, Issue 11, Message: 4
On Sun, 13 Mar 2011 11:57:03 + Bruce Cran  wrote:
 > On Sun, 2011-03-13 at 06:49 -0500, ajtiM wrote:
 > > In the last week I got four emails like this one today:
 > > 
 > > From: mailto:br...@cran.org.uk";>br...@cran.org.uk
 > > To: mailto:per...@pluto.rain.com";>per...@pluto.rain.com
 > > CC: mailto:free...@edvax.de";>free...@edvax.de,  > href="mailto:lum...@gmail.com";>lum...@gmail.com,  > href="mailto:freebsd-
 > > questi...@freebsd.org">freebsd-questions@freebsd.org

[I guess it's a gmail option whether to quote messages with addresses 
shown as HTML urls?  Other people seem to be able to avoid doing that]

 > That's not from me - it's from a company called ParkLogic who are
 > forging emails.  See
 > http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2010-12/msg00591.html
 >  for more details.

G'day Bruce,

unfortunately trying to follow that through by 'next in thread' on 
derkeiler.com lands at a message that they've censored, declaring:

 "Error 410: The page you requested has been removed
 The page you requested has been removed due to inappropriate content."

>From there, they leave you no way to finish the thread, in particular to 
my detailed wannabe FAQ - in reply to you, as it happened - on how folks 
might solve this issue at:

http://lists.freebsd.org/pipermail/freebsd-questions/2010-December/225226.html

That report may or may not help gmail users, as Chris Brennan reported 
gmail provides no way to filter on message headers such as Message-ID, 
still at least it shows how to determine that these messages are indeed 
forgeries.  Maybe by now parklogic realise that targetting gmail users 
will cause the most mischief?  Evil doesn't necessarily mean stupid ..

As for derkeiler.com's apparently arbitrary censorship, you can see the 
message they removed, two messages before mine by thread, here:

http://lists.freebsd.org/pipermail/freebsd-questions/2010-December/225236.html

Apart from charging Svein Skogen with 'signature too long' :) I can't 
imagine why they or their robot might have taken offense.  At least at 
lists.freebsd.org only something pretty extreme may provoke our esteemed 
postmaster into removing a message, and there's less obfuscation there 
of email addresses (like parklogic.com) .. for better or worse.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Nonsensical Web Log Entries

2011-03-09 Thread Ian Smith
In freebsd-questions Digest, Vol 353, Issue 5, Message: 21
On Wed, 09 Mar 2011 15:02:57 -0500 pe...@vfemail.net wrote:
 > At 03:06 PM 3/9/2011, Robert Bonomi wrote:
 > >>
 > >> I was looking at my Web log this morning, and a bunch of nonsensical 
 > >> entries like these caught my attention:
 > >>
 > >> 124.226.181.80 - - [09/Mar/2011:09:49:58 -0500] "GET 
 > >> http://www.yahoo.com/ HTTP/1.0" 301 294 "-" "Mozilla/4.0 (compatible; > 
 > >> MSIE 6.0; Windows NT 5.1; SV1)"
 > >> 123.10.97.102 - - [09/Mar/2011:09:50:01 -0500] "GET 
 > >> http://makeabank.com/faq.cgi HTTP/1.0" 404 3485 "-" "Mozilla/4.0 
 > >> (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
 > >> 115.225.166.2 - > - [09/Mar/2011:09:50:04 -0500] "GET 
 > >> http://join1.winhundred.com/affiliate/link.php?ref=35840&productid=7178 
 > >> HTTP/1.0" 404 3485 "http://www.wingclips.com/"; "Mozilla/4.0 (compatible; 
 > >> > MSIE 6.0; Windows NT 5.1; SV1)"
 > >> 114.97.197.184 - - [09/Mar/2011:09:50:15 -0500] "GET 
 > >> http://www.tosunmail.com/proxyheader.php HTTP/1.0" 301 313 
 > >> "http://www.cashsoldier.com/VerifyerLevel.php"; "Mozilla/4.0 (compatible; 
 > >> MSIE 6.0; Windows NT 5.1; SV1)"
 > >>
 > >> Is my FreeBSD box serving as some kind of Web proxy?
 > >
 > >Your box is _not_ doing the proxying.  that's why it's signalling errors
 > >for those requests.
 > >
 > >The perpetrators are _hoping_ you are running a misconfigured proxying 
 > >front-
 > >end.
 > 
 > Does this entry change your conclusion:
 > 
 >  188.134.62.20 - - [09/Mar/2011:12:15:04 -0500] "GET 
 > http://images.google.com/ HTTP/1.1" 200 13134 "-" "-"

No, Robert is right.

Note that the first four you listed were all HTTP/1.0 requests.  The 
ones with anything after the last '/' are 404 (page not found) except 
the last.  Not sure about that 301, do you have a proxyheader.php?

The more recent one is HTTP/1.1 with nothing after the last / so the 
http://images.google.com is ignored, and I expect you may find that 
your home page (ie requests for just '/') serve up 13134 bytes?

Ar least that's what happens here with apache 1.3; here's a few examples 
from a seldom-accessed vhost where lots of requests are bogus, usually 
appearing across multiple vhosts (ie, from a sweep over IP addresses)

24.106.193.92 - - [01/Feb/2011:23:05:21 +1100] "GET http://www.ya.ru:80/ 
HTTP/1.0" 200 2327 "-" "Mozilla/4.0 (compatible; Synapse)"

(this one fetched the home page, see below)
 
83.20.184.159 - - [02/Feb/2011:10:43:04 +1100] "GET / HTTP/1.1" 403 287 "-" "-"

(requests w/ no referer (sic) and no browser ("-" "-") are denied here)

217.174.232.11 - - [03/Feb/2011:20:31:16 +1100] "GET / HTTP/1.1" 200 2327 "-" 
"Opera/9.00 (Windows NT 5.1; U; en)"
88.250.12.104 - - [03/Feb/2011:20:36:45 +1100] "GET / HTTP/1.1" 200 2327 "-" 
"Opera/9.00 (Windows NT 5.1; U; en)"

(accepted requests, this static / page always serves 2327 bytes)

109.61.188.165 - - [05/Feb/2011:20:46:04 +1100] "GET http://www.yahoo.com/ 
HTTP/1.1" 403 287 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
84.127.236.75 - - [06/Feb/2011:10:25:53 +1100] "GET http://www.ebay.com/ 
HTTP/1.1" 403 287 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

(forbidden browser strings &/or IP addresses in $apachedir/access.conf)

91.195.136.10 - - [07/Feb/2011:02:33:55 +1100] "GET http://images.google.com/ 
HTTP/1.1" 200 2327 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; 
WOW64; .NET CLR 1.1.4322; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 
3.0.30729; .NET4.0C; .NET4.0E)"

Oh look, one just like yours, but with an acceptable browser string .. 
so it got the homepage, attempted proxying request being just ignored.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: [RELEASE] host-setup(1): a dialog(1)-based utility for configuring FreeBSD

2011-02-11 Thread Ian Smith
On Fri, 11 Feb 2011, Eitan Adler wrote:

 > Nice Script!
 > I intend to steal parts of it for my own use.

It's great when you can plunder without robbing anyone :)

 > > P.S. Maybe I ought to expand it to IPv6 considering that the IPv4
 > > address space has [reportedly] finally ran out (is that true?).
 > >
 > 
 > All the available IPs were allocated to the RIRs. AFIK the RIRs have
 > not had to deny anyone for insufficiency yet - but it will happen
 > soon.

Yes Devin, best not leave it till August!

For those wanting a near-obsessively detailed analysis of IPv4 depletion 
stats and predictions over many years, hard to go past Geoff Huston's:

http://www.potaroo.net - blog
http://www.potaroo.net/ispcol/2010-10/when.html - explanatory column Oct '10
http://www.potaroo.net/tools/ipv4/index.html - the modelling as of today

cheers, Ian

(Sorry, missed the cc to hackers@, adding questions@ back in the loop)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: [RELEASE] host-setup(1): a dialog(1)-based utility for configuring FreeBSD

2011-02-11 Thread Ian Smith
In freebsd-questions Digest, Vol 349, Issue 8, Message: 15
On Thu, 10 Feb 2011 19:53:53 -0800 Devin Teske  wrote:
 > Hi All,
 > 
 > I'd like to announce the release of a new script. A script that I've
 > developed for our field engineers that I'd like to share with the rest
 > of the world.
 > 
 > http://druidbsd.sourceforge.net/download/host-setup.txt
 > 
 > host-setup(1) is a dialog(1)-based utility (written in sh(1)) designed
 > to make configuring FreeBSD more efficient.

Nice, if only as great bedtime reading so far; I've already learned some 
new techniques.  I expect to steal lots of it wholesale (acknowledged :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: httpd-modsec2_debug.log: Operation not permitted

2011-01-15 Thread Ian Smith
On Sat, 15 Jan 2011, Ian Smith wrote:
 > On Sat, 15 Jan 2011, per...@pluto.rain.com wrote:
[..]
 >  > Last I knew having a file open, even for writing, was no protection
 >  > against its last link being removed.  The _inode_ won't go away
 >  > until the last handle is closed, but the _directory entry_ can still
 >  > be removed.
 > 
 > Accepting that, why wouldn't root be permitted to rm these files?  It's 
 > been shown that they don't have immutable, append-only or other flags 
 > set.  Clearly the filesystem is writable, if full.

Still bugging me .. maybe the _directory_ has some system flag/s set?

sola# mkdir test
sola# cd test
sola# touch a b c
sola# ls -lao
total 14
drwxr-xr-x  2 root  wheel  -   512 Jan 16 02:31 .
drwxr-xr-x  4 root  wheel  - 11264 Jan 16 02:31 ..
-rw-r--r--  1 root  wheel  - 0 Jan 16 02:31 a
-rw-r--r--  1 root  wheel  - 0 Jan 16 02:31 b
-rw-r--r--  1 root  wheel  - 0 Jan 16 02:31 c
sola# chflags schg .
sola# ls -lao
total 14
drwxr-xr-x  2 root  wheel  schg   512 Jan 16 02:31 .
drwxr-xr-x  4 root  wheel  -11264 Jan 16 02:31 ..
-rw-r--r--  1 root  wheel  -0 Jan 16 02:31 a
-rw-r--r--  1 root  wheel  -0 Jan 16 02:31 b
-rw-r--r--  1 root  wheel  -0 Jan 16 02:31 c
sola# rm c
rm: c: Operation not permitted
sola# touch d
touch: d: Operation not permitted
sola# chflags noschg .
sola# rm c
sola# ls -lao
total 14
drwxr-xr-x  2 root  wheel  -   512 Jan 16 02:32 .
drwxr-xr-x  4 root  wheel  - 11264 Jan 16 02:31 ..
-rw-r--r--  1 root  wheel  - 0 Jan 16 02:31 a
-rw-r--r--  1 root  wheel  - 0 Jan 16 02:31 b

So on the directory, setting schg achieves Subject behaviour/message, 
while sappnd permits adding (and truncating!) but not deleting files.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: httpd-modsec2_debug.log: Operation not permitted

2011-01-15 Thread Ian Smith
On Sat, 15 Jan 2011, per...@pluto.rain.com wrote:
 > Ian Smith  wrote:
 > 
 > > Swe, I suspect the reason you can't just delete these files is
 > > likely because something has them open for writing, and the system
 > > won't let you remove such files, naturally enough.
 > 
 > Really?  Must be a fairly recent change -- and IMO not necessarily
 > a good one.  For one thing, it would break one of the long-standing
 > methods for ensuring that scratch files get cleaned up when a
 > program exits, even under circumstances which don't allow for signal
 > handlers to be run.

Hmm, on reflection you're probably right.  I was thinking that removing 
a file being written by a root-owned process would force that process to 
fail on write and exit, but maybe that's not what's happening here.

 > Last I knew having a file open, even for writing, was no protection
 > against its last link being removed.  The _inode_ won't go away
 > until the last handle is closed, but the _directory entry_ can still
 > be removed.

Accepting that, why wouldn't root be permitted to rm these files?  It's 
been shown that they don't have immutable, append-only or other flags 
set.  Clearly the filesystem is writable, if full.

I'm still curious about what fstat reveals, and it'd be extra weird if 
they can't be deleted or truncated in single-user mode, eh?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: httpd-modsec2_debug.log: Operation not permitted

2011-01-14 Thread Ian Smith
In freebsd-questions Digest, Vol 345, Issue 9, Message: 10
On Thu, 13 Jan 2011 23:35:26 +0100 Polytropon  wrote:
 > On Thu, 13 Jan 2011 23:08:33 +0100, Swe Gill  wrote:
 > > That is the problem. One file sizes upto 50GB and other 3 GB...
 > > 
 > >  52872944 -rw-rw   1 root  wheel  50G Jan 13 22:51
 > > httpd-modsec2_audit.log
 > >   3320928 -rw-rw   1 root  wheel 3.2G Jan 13 22:51
 > > httpd-modsec2_debug.log
 > > 
 > > I am just standing nowhere to remove the files
 > > 
 > > have tried by setting flags, changing modes all as a root but no luck
 > > yet...
 > > 
 > > Any help?
 > 
 > Is your system running on a raised securelevel maybe? See
 > in "man security" where this is mentioned, section "SECURING
 > THE KERNEL CORE, RAW DEVICES, AND FILE SYSTEMS". It seems
 > that this could cause different behaviour in relation to flags.

That's possible, but perhaps it may be simpler than that?

 > I will _not_ advise you to kill the files per inode (fsdb,
 > clri) because this could cause further filesystem trouble. :-)

Indeed it could :)

Swe, I suspect the reason you can't just delete these files is likely 
because something has them open for writing, and the system won't let 
you remove such files, naturally enough.  See what you get by running:

 # fstat /path/to/httpd-modsec2_*.log

If that shows any processes writing to those files, you need to stop 
that/those processes.  From the filenames my guess would be apache, in 
which case you'd need to stop it, perhaps best by:

 # /usr/local/etc/rc.d/apache stop  # or apache2, whatever it's called.

then check again with fstat.  If that doesn't work for some reason then:

 # shutdown now

to single-user mode will terminate any process accessing those files.

Either way, you can then rm safely, or probably better, truncate each to 
zero bytes (thus keeping their ownership and permissions intact) by eg:

 # echo -n '' > filename

Then restart apache|whatever, or hit ^D or 'exit' to restart multiuser 
if you had to go that far to stop anything keeping those file/s open.

As previously advised, configuring and running newsyslog (or logrotate 
or suitable others) to manage keeping logs to reasonable sizes is well 
worth implementing, now that you've been bitten.  If you don't want to 
look at your logs too often or need blow-by-blow details, reducing the 
logging level to more severe problems may prove more useful longterm.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Which php??

2011-01-13 Thread Ian Smith
In freebsd-questions Digest, Vol 345, Issue 7, Message: 11
On Thu, 13 Jan 2011 11:13:02 + Paul Macdonald  wrote:
 > On 13/01/2011 00:18, Gary Kline wrote:
 > > autoconf: required version 2.68 not found
 > some stuff here to try for autoconf issues
 > 
 > http://forums.freebsd.org/showthread.php?t=20284
 > 
 > Alternatively you might want to try installing prebuillt packages 
 > instead of building ports, a lot less hassle.
 > 
 > pkg_delete php5*
 > 
 > 
 > pkg_add -r php5
 > pkg_add -r php5-extensions
 > 
 > (I'm not sure what extensions the package has, but i'd be surprised if 
 > it didn't include mysql)

You'd also be surprised if the php5 package didn't include the Apache 
module, right?  That's why lots of people installed PHP in the first 
place, no?  Lots of people have been thus surprised, for years now.

Seeing Gary already has the module built, he could save it, remove then 
install the package and replace the module IF php was otherwise built 
with the same options, but the only way to get the module is build it.

In the almost singular case of php, I'd stick with building the port(s).

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop [solved]

2011-01-07 Thread Ian Smith
On Thu, 6 Jan 2011 21:41:11 -0500, Chris Brennan wrote:
 > On Thu, Jan 6, 2011 at 6:04 PM, Bruce Cran  wrote:
 > 
 > > http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition has a good guide for
 > > installing the base manually (you can ignore the gpart and zfs
 > > commands if you want). I found I had to copy the base and kernel
 > > directories from the install ISO to a UFS-formatted USB stick first
 > > though since the LiveFS CD doesn't have the distributions.
 > >
 > > --
 > > Bruce Cran
 > >
 > 
 > Bruce, your a lifesaver! +1 for you and your wiki page. +1 for Warren's page
 > (
 > http://www.wonkity.com/~wblock/docs/html/disksetup.html#_the_old_standard_way_tt_fdisk_8_tt_and_tt_bsdlabel_8_tt)
 > and +5 for Ian and his incredible patience. Hodgepodging Warren's and
 > Bruce's pages together got me a working base. Laptop is now installed w/o
 > the assistance of a boot cd or the usb hard-drive I was using.

That's great news Chris, congratulations for perseverance.  It could be 
argued that it shouldn't be this hard, but I don't need any argument ..

 > I did have to grab a DVD of 8.1 and burn it to a DVDRW, just so I could get
 > access to /dist/8.1-*. That being said, I think I am going to look at
 > setting up that same external hd w/ a full 8.2-R root when it's ready, so I
 > have a full, local tree to utilize for weird installs like this (I don't
 > know why I never did that before)

Excellent idea.

Just for curiousity's sake, after all that what do you wind up with for:

 # fdisk -s ad4
 # bsdlabel ad4s1

?, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-06 Thread Ian Smith
On Thu, 6 Jan 2011, Adam Vande More wrote:
 > On Thu, Jan 6, 2011 at 3:06 AM, Ian Smith  wrote
 > 
 > > Your dd of the first 71 sectors looked right, MBR looks ok, sectors 1-62
 > > are zeroes, boot1 and boot2 from sector 63-70 seem normal, after you
 > > used 'W' to write anyway; can't say for sure that the bsdlabel is ok,
 > > but see no reason to suppose otherwise.  What says 'bsdlabel ad4s1'
 > > while you've still got one?
 > >
 > 
 > This is a pretty easy problem to replicate if you are pressing W, and that
 > "issue" has existed for quite some time.  If you press W then Q at
 > sysinstall fdisk then attempt to force write disklabel screens you will get
 > the error.  Just setup the slices and partitions as you want and let
 > sysinstall handle the writing of information.  There is a big warning box
 > that says not to use force write except under certain conditions and this is
 > not one of them.

Adam, I think you may have missed a lot from the earlier messages in 
this thread.  Admittedly it's long and likely tedious, but trying to 
help somebody get the OS installed is about as basic as it gets for me; 
I'd be hugely relieved if someone with more / better clues took it on.

We didn't get to try W)rite from the fdisk and label screens until long 
after all attempts at letting sysinstall deal with things had failed to 
even slice the disk, bombing on this error every time.  Chris' disk is 
brand new, nothing installed.  W)riting from sysinstall succeeded at 
least in creating ad4s1 in the MBR and writing the bootblocks to that 
slice.  I made it very clear this is not something to do without due 
care; in the circumstances there was absolutely nothing to be lost.

And then the GPT issue, of which I was totally ignorant.  Fixed.

 > If you google the error message in the OP, the first result is:
 > 
 > http://forums.freebsd.org/showthread.php?t=1675

I can't see anything there that informs any solution to this issue, that 
doesn't cover everything Chris has tried.  If you can, please elaborate?

 > Failing that, I can't see other than a hardware issue, unless somehow
 > > sysinstall is broken and you may do better manually running fdisk and
 > > bsdlabel and newfs per Handbook and manuals?
 > >
 > 
 >  This doesn't say hardware error to me at all, at least not a disk hardware
 > issue.  The message was present across two disks, and if there truly is a
 > problem writing to the media a complete zeroing of the drive would be
 > apparent then.

Chris has this issue with one disk only, so I'm not sure what you mean?

If it's not hardware related (or HP firmware, as Mike suggested), maybe 
it is an issue with sysinstall.  Manual fdisk & bsdlabel & newfs would 
confirm that or otherwise, but Chris will have to hunt up mans, docs and 
howtos on doing that himself, they're out there.  On the other hand it's 
useful learning, and nothing he tries can make matters any worse.

[ I can't comment on auto-allocated partitions, the last time I thought 
that was even vaguely a useful idea was my first install of 2.2.6 :^]

If you have any spare magic dust to sprinkle on this, please do so.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-06 Thread Ian Smith
On Thu, 6 Jan 2011 09:11:55 +, Bruce Cran wrote:
 > On Thu, 6 Jan 2011 20:06:42 +1100 (EST)
 > Ian Smith  wrote:
 > 
 > > Just be sure NOT to use the 'A' option for auto-partitioning again;
 > > I'm sure I saw some problem with that on 8.1, not sure if it's fixed
 > > on 8.2 (Bruce?) so I suggest allocating the BSD partitioning you
 > > really want.
 > 
 > I've not fixed anything related to that.

Oh, I must have dreamed it all; found nothing in local -stable archives, 
went hunting on sysinstall cvsweb but found anything there, don't know 
how to search svn yet; life's too short.  Thanks for teaching some GPT.

Sorry, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-06 Thread Ian Smith
On Wed, 5 Jan 2011, Chris Brennan wrote:
 > On Wed, Jan 5, 2011 at 12:44 AM, Ian Smith  wrote:
 > >
 > > Saw Chris' later message that -F isn't there for him, but here's what
 > > should be, on the data, the sure-fire way to clobber that last sector:
 > >
 > >  dd if=/dev/zero of=/dev/ad4 oseek=1465149167
 > >
 > > which command SHOULD report just 512 bytes written (we're sure it can't
 > > write past the end of the disk with no count specified), after which:
 > >
 > >  dd if=/dev/ad4 iseek=1465149167 | hd
 > >
 > > SHOULD show zeroes from  to 01ff (ie next block 0200)
 > > If not, there really must be some hardware issue with writing?
 > >
 > > Hopefully getting there!

 > Fixit# sysctrl kern.geom.debugflags=16
 > kern.geom.debugflags: 0 -> 16
 > Fixit# dd if=/dev/zero of=/dev/ad4 oseek=1465149167
 > dd: /dev/ad4: end of device
 > 2+0 records in
 > 1+0 records out
 > 512 bytes transferred in 0.011 secs (51195 bytes/sec)

So that's right.

 > Fixit# dd if=/dev/ad4 iseek=1465149167 | hd
 > 1+0 records in
 > 1+0 records out
 >   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
 > ||
 > 512 bytes transferred om 0.009863 secs (51912 bytes/sec)
 > *
 > 0200

And that's right - the GPT secondary header is now gone.

 > restarting and back to sysinstall from BETA1 is nice dice ... same original
 > error ... can I just zero the whole drive?

Sure you can - but I'd be (happy to be) surprised at this point if it's 
going to do much good.  If nothing else it's a full surface write test, 
and you could check afterwards that it's all been zeroed, hd showing 
just a few lines (as above) over the whole disk (dd if=/dev/ad4 | hd)

We seem to have ruled out the remnants of a GPT problem, having Bruce 
and Warren to thank for pointing it out; it's bound to catch others.

Your dd of the first 71 sectors looked right, MBR looks ok, sectors 1-62 
are zeroes, boot1 and boot2 from sector 63-70 seem normal, after you 
used 'W' to write anyway; can't say for sure that the bsdlabel is ok, 
but see no reason to suppose otherwise.  What says 'bsdlabel ad4s1' 
while you've still got one?

Just be sure NOT to use the 'A' option for auto-partitioning again; I'm 
sure I saw some problem with that on 8.1, not sure if it's fixed on 8.2 
(Bruce?) so I suggest allocating the BSD partitioning you really want.

Failing that, I can't see other than a hardware issue, unless somehow 
sysinstall is broken and you may do better manually running fdisk and 
bsdlabel and newfs per Handbook and manuals?  If that worked you could 
still use sysinstall, skip fdisk and labelling steps and install the 
distributions, ports tree, doc packages and other sysinstall goodies.

If it still persisted after that I'd subscribe and report the issue to 
freebsd-stable in as much detail as needed for some more fresh eyes.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a perl question

2011-01-05 Thread Ian Smith
In freebsd-questions Digest, Vol 344, Issue 4, Message: 14
On Tue, 4 Jan 2011 23:24:01 -0700 Chad Perrin  wrote:
 > On Tue, Jan 04, 2011 at 09:33:03AM -0800, Randal L. Schwartz wrote:
 > > > "Patrick" == Patrick Bihan-Faou  
 > > > writes:
 > > 
 > > Patrick> cat asdf.txt | grep -v XYZ | grep -v bla
 > > 
 > > And yet, you still have the "Useless Use of Cat".
 > 
 > The weirdest thing about most useless uses of cat is that not using cat
 > would actually be a little clearer and involve fewer keystrokes -- as in
 > this case.

Do you know of any 'less useless' or more economical way to do such as:

 % cat /boot/boot1 /boot/boot2 | diff - /boot/boot
 %

?, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-04 Thread Ian Smith
On Tue, 4 Jan 2011, Warren Block wrote:
 > On Tue, 4 Jan 2011, Chris Brennan wrote:
 > 
 > > On Tue, Jan 4, 2011 at 3:56 AM, Ian Smith  wrote:
 > > 
 > > > On Mon, 3 Jan 2011 16:31:17 -0500, Chris Brennan wrote:
 > > > [.. trimming ccs, selectively quoting and de-gmailing a bit ..]
 > > > 
 > > 
 > > Trimmings! Oh nevermind. I don't know what possessed me to  go and look
 > > at the debug window. But I do and I see the following.
 > > 
 > > GEOM: ad4: the primary GPT table is corrupt or invalid.
 > > GEOM: ad4: using the secondary instead -- recovery strongly advised.
 > > 
 > > This is even after zero the beginning and the end of the drive 
 > > Something is hinky!

Indeed.  Well Chris attached the following to his prior email, which 
made it to the list being text, dmesg didn't, application/octet-stream: 
http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20110104/c370dd77/dmesg-0001.obj

But confirming the GEOM messages shown above, here's the 'smoking gun':

  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ||
*
4000  45 46 49 20 50 41 52 54  00 00 01 00 5c 00 00 00  |EFI PART\...|
4010  2b b3 b7 fa 00 00 00 00  ef 66 54 57 00 00 00 00  |+fTW|
4020  01 00 00 00 00 00 00 00  22 00 00 00 00 00 00 00  |"...|
4030  ce 66 54 57 00 00 00 00  45 51 13 4c 0e 0e e0 11  |.fTWEQ.L|
4040  95 6e 00 1d 72 5b f5 d6  cf 66 54 57 00 00 00 00  |.n..r[...fTW|
4050  80 00 00 00 80 00 00 00  86 d2 54 ab 00 00 00 00  |..T.|
4060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ||
*
4200

So that is really the last 33 sectors of the disk (0x4200 = 16896d, / 
512 = 33) and the last sector does indeed have the 'GPT EFI' signature 
(ref: http://en.wikipedia.org/wiki/GUID_Partition_Table), so the seek 
and count looks right, matching the read command I'd suggested:

 >  dd if=/dev/ad4 iseek=1465149135 count=33 | hd

Seems odd that it hasn't been zeroed, but all the sectors before it are 
(ie there's just the header, no actual 128-byte partition entries if I'm 
interpreting this correctly), so maybe there's still some off-by-one in 
counting from the end of the disk for writing, not knowing the actual dd 
command used .. you're not wrong that negative offsets can be tricky!

 > Today I also found that zeroing the beginning and end of the drive didn't
 > seem to be enough.  I had the start of a huffy email about how hard it was to
 > calculate the end of a drive in blocks, and how dd didn't have a negative
 > oseek to seek backwards from the end.  But then I checked gpart(8)... and it
 > turns out that
 > 
 > # gpart destroy -F da0
 > 
 > works.  Be very careful that you've got the right drive there, of course.

Saw Chris' later message that -F isn't there for him, but here's what 
should be, on the data, the sure-fire way to clobber that last sector:

 dd if=/dev/zero of=/dev/ad4 oseek=1465149167

which command SHOULD report just 512 bytes written (we're sure it can't 
write past the end of the disk with no count specified), after which:

 dd if=/dev/ad4 iseek=1465149167 | hd

SHOULD show zeroes from  to 01ff (ie next block 0200)
If not, there really must be some hardware issue with writing?

Hopefully getting there!

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-04 Thread Ian Smith
167ad4s18freebsd165

Check: 1453521 * 16 * 63 = 1465149168 sectors, numbered 0..1465149167

So since iseek=0 starts at sector 0, then iseek=1465149167 starts at the 
last sector, right?  So:

 dd if=/dev/ad4 iseek=1465149104 count=63 | hd

shows the last 63 sectors (last track) of the drive.  If this isn't all 
zeroes (which is worth knowing, and recording) then make it so with:

 dd if=/dev/zero of=/dev/ad4 oseek=1465149104 count=63

which is ok for your blank disk, but for a disk in use you should only 
zero the last 33 sectors as (way) below; there may be [meta]data before.

 > > In the OEM world of the likes of HP, DELL, etc, when this happens a lot of
 > > times they kludge together a work around driver that you can get from their
 > > tech support. It masks the hardware/firmware problem in software, and is
 > > almost always a Windows-centric thing.
 > 
 > *shudder* that's all, just *shudder*

There were also (at least used to be) reports of troubles with some SATA 
cables, and as you've replaced your HD it might be worth checking your 
cable attachments are good, nothing twisted or under sideways pressure?

 > > Bad thing here is the old: "but it worked in 7.x, only fails with 8.x...".
 > > Whenever I see _that_ I think "developer involvement/smarter people than me
 > > required...".

I have exactly that problem resuming from suspend on my Thinkpad T23 on 
all 8.x, where it worked fine from 6.1 through 7.4-PRERELEASE.  So far 
the smarter people are saying nothing; maybe I've offended some gods?

 > Well, the irony here, the failing drive is *ALSO* 8.1, I can slap 
 > that back in and fire it up, it still boots and works, I just didn't 
 > want to take the risk of the drive's cheese sliding off it's cracker.

How hard is it to replace the SATA cable in these?  I haven't time to 
hunt now, but recall a swathe of messages to -stable a couple of years 
ago about SATA problems that were entirely solved by replacing cables.

[..]

 > On Sun, Jan 2, 2011 at 2:19 AM, Ian Smith  wrote:
 > > On /dev/ad4, oseek=0 zeroes sector 0, the MBR including DOS partition
 > > (FreeBSD slice) table, so that would kill all the slice data, so sure,
 > > ad4s1 won't exist.  oseek=1 just zeroes an unused sector as we've seen.
 > 
 > > What you _can_ do from that state is:
 > 
 > > dd if=/dev/zero of=/dev/ad4 oseek=63 count=8
 > 
 > > which will remove the first 4K of (what will be) slice 1, in case
 > > there's a misconfigured bsdlabel there, for later.  I'm not convinced
 > > this is likely your problem, but it can't hurt before slice 1 exists (by
 > > virtue of having an entry in the MBR, when it should show up in /dev)
 > 
 > I'll give this a shot and let the list know what I find.

Again, getting a copy of what's there before zeroing may be helpful.

 > > Do you mean you dd'd the memstick.img to the external USB drive?  And
 > > that booted ok?  And sysinstall found it ok, as /dev/ad0a?  Details!
 > 
 > Haha! yes, I dd'd the memstick image to the external USB drive. It did boot
 > just fine, but not ad /dev/ad0a, it booted the drive as /dev/da0a. Which is
 > a 1gb partition, the other 59gb remained unused/unsliced. I don't have and
 > media where I could write a 1GB image to w/o wasting a DVD and just couldn't
 > justify that loss of space lol.

Sorry, typo: /dev/da0a.  Yes the images are 'hybrid' unsliced disks.  
If you check with fdisk da0 you'll see it appears as slice 4, of about 
24MB.  The boot sector is /boot/boot1 with a munged MBR entry pointing 
to itself (ie slice s4 starts at sector 0), sectors 1-7 are /boot/boot2, 
with an also munged bsdlabel in sector 1.  From an 8.1-R memstick.img:

t23% fdisk -s da0
/dev/da0: 967 cyl 64 hd 32 sec
PartStartSize Type Flags
   4:   0   5 0xa5 0x80
t23% bsdlabel da0c  # (da0a whinges about size error)
# /dev/da0c:
8 partitions:
#size   offsetfstype   [fsize bsize bps/cpg]
  a:  1852024   16unused0 0
  c:  18520400unused0 0 # "raw" part, don't edit

You should be able to find 1GB USB sticks for close to free these days; 
longer term sysinstall needs to be taught to boot/use sliced USB media.

 > > Given you've shown previously that s1 starts at sector 63, so will:
 > 
 > > sysctl kern.geom.debugflags=16
 > > dd if=/dev/zero of=/dev/ad4 oseek=63 count=8
 > 
 > Fixit# sysctl kern.geom.debugflags=16
 > sysctl kern.geom.debugflags: 0 -> 16
 > Fixit# dd if=/dev/zero of=/dev/ad4 oseek=63 count=8
 > 8+0 Records in
 > 8+0 records out
 > 4096 bytes transferred in 0.431880 secs (9484 bytes/sec)

Ok, so

Re: a new hard-drive in a 2y/o laptop

2011-01-02 Thread Ian Smith
On Mon, 3 Jan 2011, Ian Smith wrote:

 >  dd if=/dev/zero of=/dev/da4 skip=N
 > 
 > where N is the known total number of sectors minus 34, should do it?

Argh .. that should be seek=N, not skip.  Up way too late ..

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-02 Thread Ian Smith
On Sun, 2 Jan 2011 10:22:55 +, Bruce Cran wrote:
 > On Fri, 31 Dec 2010 01:13:57 -0500
 > Chris Brennan  wrote:
 > 
 > > No worries on missing it, I'm not sure that helped, I farted around
 > > with it again earlier today with little more in the way of success.
 > > What I tried was to just set up '/' and swamp and it still prompted
 > > me about not being able to find /dev/ad4s1b.
 > 
 > See my post later in the thread: this most likely has nothing to do
 > with the partition layout but the fact that FreeBSD is finding an old
 > partition scheme.

Even dodgier than waiting to quote a message from a digest that hasn't 
arrived yet is hand-indenting a paste from pipermail :) but I'll hang 
this off your thread, thanks Bruce ..

 > > On Sun, 02 Jan 2011 01:39:13 -0500
 > > Michael Powell  wrote:
 >
 > > "Unable to find device node for /dev/ad4s1b in /dev! The creation of 
 > > filesystems will be aborted." Then pressing "OK" brings this:
 > > "Couldn't make filesystems properly. Aborting."
 > > 
 > > This from sysinstall and occurs after fdisk, labeling, at the point
 > > when sysinstall then tries to write out the config to the disk and
 > > newfs.
 >
 > This can happen if you've had it partitioned using GPT at some point 
 > - in that case you need to use dd to zero the first _and_ last 
 > sectors of the disk.

Although it's a brand new disk, quoting Chris' original message after 
skipping the shutdown when too hot issue:

 > gonna let it cool down and try the smart tests again. Incidentally, I 
 > was able to boot a gentoo disc and set up an ext4 filesystem on the 
 > same disk and it worked fine, so I don't understand why freebsd can't 
 > preform a newfs on the drive.

Hmm, should we bet against a gentoo install using GPT these days?

Finding out about the actual disk layout in gpt(8), gpart(8) etc proving 
fruitless and finding nothing in Handbook, FAQ or wiki, I resorted to 
http://en.wikipedia.org/wiki/GUID_Partition_Table for hopefully correct 
information.  I hadn't even known that sectors 1-33 were used for the 
GPT (making Mike's zeroing of sector 1 sensible even on sliced disks), 
nor that the last 33 sectors were for its backup table, thanks.  So:

 dd if=/dev/zero of=/dev/da4 skip=N

where N is the known total number of sectors minus 34, should do it?

If not, we can't rule out Mike's concerns about BIOS incompatibility 
or such, but this sure sounds like the next thing Chris should try.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-01 Thread Ian Smith
On Sun, 2 Jan 2011 01:15:35 -0500, Chris Brennan wrote:
 > On Sat, Jan 1, 2011 at 10:20 PM, Ian Smith  wrote:
[..]
 > >  The bsdlabel lives in sector 1 (counting from 0) of the slice concerned,
 > > specifically the first 0x114 (276d) bytes, in the second sector of the
 > > boot blocks.  As noted above, in unsliced disks such as memstick.img
 > > that's sector 1 of the entire disk, but in ordinary sliced disks it's in
 > > sector 1 of the _slice_, so if you'd used (here using Chris' ad4)
 > >
 > >  dd if=/dev/zero of=/dev/ad4s1 oseek=1 bs=512 count=1
 > >
 > >
 > I would happily run this, but ad4s1 doesn't exist, and hasn't (that I know
 > of), I did do oseek=0 and oseek=1 on /dev/ad4 tho and that didn't change
 > anything, it still says it can't find /dev/ad4s1b (swap obviously)

On /dev/ad4, oseek=0 zeroes sector 0, the MBR including DOS partition 
(FreeBSD slice) table, so that would kill all the slice data, so sure, 
ad4s1 won't exist.  oseek=1 just zeroes an unused sector as we've seen.

What you _can_ do from that state is:

 dd if=/dev/zero of=/dev/ad4 oseek=63 count=8

which will remove the first 4K of (what will be) slice 1, in case 
there's a misconfigured bsdlabel there, for later.  I'm not convinced 
this is likely your problem, but it can't hurt before slice 1 exists (by 
virtue of having an entry in the MBR, when it should show up in /dev)

 > > At 6.x (and 7.x, I think) it could have been 'dangerously dedicated' ie
 > > unsliced .. which option has been removed in 8.x _except_ regarding the
 > > memstick.img (appearing as /dev/daXa) .. not half confusing, eh?
 > >
 > >
 > I actually noticed this today, I had issues writing 8.2BETA1 to a 2GB
 > MicroSD card, so I used a 2.5" external hard-drive and from the fixit prompt
 > I noticed that it wrote a 1gb partition for the BETA1 image and left the
 > rest of the desk untouched (ann 59gb of it).

Do you mean you dd'd the memstick.img to the external USB drive?  And 
that booted ok?  And sysinstall found it ok, as /dev/ad0a?  Details!

 > >  sysctl kern.geom.debugflags=16
 > >  dd if=/dev/zero of=/dev/ad4s1 bs=512 count=8
 > >
 > > will remove slice 1's boot blocks entirely, including the bsdlabel.

Given you've shown previously that s1 starts at sector 63, so will:

 sysctl kern.geom.debugflags=16
 dd if=/dev/zero of=/dev/ad4 oseek=63 count=8

 > > [excuse broken threading, but unless cc'd I have to reply to the digest]
 > 
 > I've been trying to keep you in my replies

Getting yours fine; that was re my reply to Mike's message.

 > but your down-under, so I don't get your replies till after 1am my 
 > time... Anywho, it's late and I need to be up in 8hrs, hopefully this 

Yeah North America is so yesterday from here (well, 16 hours for you :)

 > can be figured out ... I would hate for the disk to be defective in 
 > some way.

Of course that's not impossible, but you did say you'd installed some 
linux on it ok?  Clutching at straws, is there anything in your BIOS 
regarding different SATA modes you can play with? (No SATA disks here)

Something else you could try is W)riting the slice table + MBR out from 
the fdisk menu, then quit sysinstall and reboot.  You can do the same 
after labelling but before newfs'ing .. not generally recommended, but 
safe enough on a blank disk.

If you do the latter, you'll have to reenter your mount points later, so 
make a note of the order and size of partitions that you specified.

Hopefully somebody else has a take on all this, I'm out of ideas ..

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2011-01-01 Thread Ian Smith
In freebsd-questions Digest, Vol 343, Issue 10, Message: 23
On Fri, 31 Dec 2010 19:37:10 -0500 Michael Powell  
wrote:
 > Ian Smith wrote:
 > 
 > > In freebsd-questions Digest, Vol 343, Issue 5, Message: 10
 > > On Tue, 28 Dec 2010 11:02:45 -0500 Chris Brennan 
 > > wrote:
 > >  > On Tue, Dec 28, 2010 at 2:23 AM, Michael Powell
 > >  > wrote:
 > >  > 
 > >  > > Try zeroing out the mbr:
 > >  > >
 > >  > > Boot a LiveFS CD, then at a root prompt do:
 > >  > >
 > >  > > sysctl kern.geom.debugflags=16  and:
 > >  > >
 > >  > > dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1
 > >  > >
 > >  > > where x equals your drive number. This will zero out any old MBR.
 > > 
 > > Er, no, Mike.  The MBR is in sector 0 of the disk; that would zero out
 > > sector 1 as oseek=1 skips over sector 0.  What's in sector 1 depends on
 > > how/whether the disk is sliced.  In a 'dangerously dedicated' (unsliced)
 > > disk like a memory stick perhaps, this would usually be /boot/boot1 and
 > > include the bsdlabel.  In a sliced disk, sectors 1 to 62 are typically
 > > unused, the first slice usually starting at sector 63.
 > > 
 > > t23% fdisk -s ad0
 > > /dev/ad0: 232581 cyl 16 hd 63 sec
 > > PartStartSize Type Flags
 > >1:  63 8385867 0x0b 0x00
 > >2: 8385930   125821080 0xa5 0x80
 > >3:   13420701033543342 0xa5 0x00
 > >4:   16775073066685815 0xa5 0x00
 > > 
 > > If you really want to zero out sector 0, leave out the oseek (or use
 > > oseek=0) - but you're better off using 'fdisk -Bi' to init a new disk.
 > > 
 > 
 > Yes - true enough. Was thinking partition table and typed 'mbr'. 

Well, what's commonly called 'the partition table' is bytes 0x1be-1ff of 
the MBR, so I was confused by your writing to sector 1 rather than 0, 
but have a new theory to test, seeing Chris isn't making any progress; 
this maybe a victim of the old 'slice vs partition' terminology issue.

 > In my case, a temporary replacement disk had FreeBSD 6.2 on it. Something 
 > changed wrt to disklabeling on the way to 8-Release and the old 6.2 being 
 > present created a situation where that region on the disk was invisible to 
 > the new labeling and wouldn't write out. A new install of 8-Release 
 > (sysinstall) would error out with the same message as Chris when it came to 
 > the point of writing out to the disk. For me, the above 2 commands fixed my 
 > situation. Even though his error is the same, I think his problem may be  
 > different from mine.

The bsdlabel lives in sector 1 (counting from 0) of the slice concerned, 
specifically the first 0x114 (276d) bytes, in the second sector of the 
boot blocks.  As noted above, in unsliced disks such as memstick.img 
that's sector 1 of the entire disk, but in ordinary sliced disks it's in 
sector 1 of the _slice_, so if you'd used (here using Chris' ad4)

 dd if=/dev/zero of=/dev/ad4s1 oseek=1 bs=512 count=1

- rather than of=/dev/ad4 - then you would indeed be zeroing out the 
label, ie the 'partition table' in FreeBSD-speak.  Is that perhaps what 
you had to do to that 6.2 disk, which I suppose was a sliced disk?

At 6.x (and 7.x, I think) it could have been 'dangerously dedicated' ie 
unsliced .. which option has been removed in 8.x _except_ regarding the 
memstick.img (appearing as /dev/daXa) .. not half confusing, eh?

In any case, it'd be a cheap trick for Chris to try from Fixit, and 
though it seems unlikely there'd be anything 'leftover' from an earlier 
install, maybe earlier failure/s have left a broken bsdlabel there?

So at this still-uninstalled stage it couldn't hurt to zero that sector, 
or even the first 4KB of ad4s1 .. which is /boot/boot1 plus /boot/boot2 
(which equals /boot/boot !) before the label section gets written.  ie:

 sysctl kern.geom.debugflags=16
 dd if=/dev/zero of=/dev/ad4s1 bs=512 count=8

will remove slice 1's boot blocks entirely, including the bsdlabel.

cheers, Ian

[excuse broken threading, but unless cc'd I have to reply to the digest]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: a new hard-drive in a 2y/o laptop

2010-12-30 Thread Ian Smith
On Thu, 30 Dec 2010 11:17:48 -0500, Chris Brennan wrote:
 > On Thu, Dec 30, 2010 at 12:24 AM, Ian Smith  wrote:
 > 
 > > I don't expect this to be anything like that.  Please show a) how many
 > > slices you allocated and how big this FreeBSD slice is and b) how you
 > > partitioned the FreeBSD slice into (and sizes of) / /var/ /usr [/tmp?]
 > > and especially swap.
 > >
 > > I wouldn't allocate any less than 1GB for your root (/) partition esp.
 > > if building custom kernel/s; maybe that's fixed in sysinstall for 8.2?

 > I cleaned out the thread, leaving only your last bit of questions here.

Goodo.  I'll try chopping a bit too ..

 > I did apparently screw up the 'dd' cmd, I retyped it correctly, below is my
 > (very carefully) retyped recreation of the Fixit prompt;
 > 
 > [..]
 > Fixit# dd if=/dev/zero of=/dev/ad4 oseek-0 bs=512 count=1

Assuming that's 'oseek=0', which is the default anyway.

 > 1+0 records in
 > 1+0 records out
 > 512 bytes transferred ub 0.044723 secs (11448 bytes/sec)
 > Fixit# fdisk -Bi /dev/ad4
 > *** Working on device /dev/ad4 ***
 > parameters extracted from in-core disklabel are:
 > cylinders=1453521 heads=16 sectors/tracks=63 (1008 blks/cyl)
 > 
 > Figures below won't work with BIOS for partitions not in cyl 1
 > parameters to be used for BIOS calculations are:
 > cylinders=1453521 heads=16 sectors/tracks=63 (1008 blks/cyl)
 > 
 > Do you want to change our idea of what BIOS thinks ? [n]
 > [..]
 > 
 > This is where I stopped, admittedly, I do not know how to use FreeBSD's
 > fdisk. For the sake of brevity and to move along, I'll break fdisk here and
 > move back to sysinstall and provide what information I can this way.

Fair enough.  'what BIOS thinks' here is fine on modern disks/boxes, but 
the issue here is what a new(ish) user might conceive of as 'modern'!

 > >From sysinstalls menu, I choose 'Standard', next is the usual message about
 > fdisk partitioning schemes. After this, I get a 'User Confirmation Request',
 > which is very similar to the warning I received above. It says
 > 
 > [..]
 > WARNING: It is safe to use a geometry of 1453521/16/63 for ad4 on computers
 > with modern BIOS versions. If this disk is to be uised on an old machine it
 > is recommended that it does not have more then 65535 cylinders, more then
 > 255 heads, or more then 63 sectors per track.
 > 
 > Would you like to keep using the current geometry?
 > 
 >  
 > [..]
 > 
 > This is where I have two choices
 > 
 > Choice 1 (YES) produces the following in fdisk when choosing 'a' to use the
 > whole disk.
 > 
 > [..]
 > OffsetSize(ST)EndNamePTypeDescSubtype
 > Flags
 > 06362-12unused0
 > 6314651491051465149167ad4s18freebsd165
 > [..]

Yes, you should go with this.  'modern BIOS versions' here refers to 
anything later than (roughly) the mid-90s!  An 'old machine' in this 
context - remembering sysinstall was originally written then - was one 
not using LBA (logical block addressing), when 8GB was a fairly big HD 
at least for IDE, when the 'big guys' were mostly using SCSI disks.

That message is actually a lot less scary than it was until a couple of 
years ago, when it used to cause much more angst and regular posts, see:

http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/sysinstall/disks.c.diff?r1=1.160;r2=1.161;f=h

 > Choice 2 (NO) produces the following in fdisk when choosing 'a' to use the
 > whole disk.
 > [..]
 > If you are not sure about this, please consult the Hardware Guide in the
 > Documentation submenu or use the {G}eometry command to change it. Remember:
 > You need to eneter whatever your BIOS thinks the geometry is! For IDE, it's
 > what you were told in the BIOS setup. For SCSI, It's the translation mode
 > your controller is using. Do NOT use a ''physical geometry''.
 > 
 > [..]
 > 
 > [..]
 > OffsetSize(ST)EndNamePTypeDescSubtype
 > Flags
 > 06362-12unused0
 > 6314651440021465144064ad4s18freebsd165
 > 146514406551031465149167-12unused0
 > [..]
 > 
 > Decidedly, the end result is approximately 698GB for the usable partition,
 > the second choice giving me a padding on both sides of the freebsd slice.

You don't say what alternative geometry you entered here, if any .. but 
really this whole thing needs to go away.  Maybe it needs some heuristic 
to see if it could _even possibly_ be an ancient HD needin

Re: a new hard-drive in a 2y/o laptop

2010-12-29 Thread Ian Smith
In freebsd-questions Digest, Vol 343, Issue 5, Message: 10
On Tue, 28 Dec 2010 11:02:45 -0500 Chris Brennan  wrote:
 > On Tue, Dec 28, 2010 at 2:23 AM, Michael Powell 
 > wrote:
 > 
 > > Try zeroing out the mbr:
 > >
 > > Boot a LiveFS CD, then at a root prompt do:
 > >
 > > sysctl kern.geom.debugflags=16  and:
 > >
 > > dd if=/dev/zero of=/dev/adx oseek=1 bs=512 count=1
 > >
 > > where x equals your drive number. This will zero out any old MBR.

Er, no, Mike.  The MBR is in sector 0 of the disk; that would zero out 
sector 1 as oseek=1 skips over sector 0.  What's in sector 1 depends on 
how/whether the disk is sliced.  In a 'dangerously dedicated' (unsliced) 
disk like a memory stick perhaps, this would usually be /boot/boot1 and
include the bsdlabel.  In a sliced disk, sectors 1 to 62 are typically 
unused, the first slice usually starting at sector 63.

t23% fdisk -s ad0
/dev/ad0: 232581 cyl 16 hd 63 sec
PartStartSize Type Flags
   1:  63 8385867 0x0b 0x00
   2: 8385930   125821080 0xa5 0x80
   3:   13420701033543342 0xa5 0x00
   4:   16775073066685815 0xa5 0x00

If you really want to zero out sector 0, leave out the oseek (or use 
oseek=0) - but you're better off using 'fdisk -Bi' to init a new disk.

 > > I have seen this exact error before, and this is what took care of it.
 > >
 > > -Mike

Mmm .. it's not clear from Chris' original message exactly what he did.

 > Mike,
 > 
 > Thanks for that little tip, I tried it this morning and it hung for about 30
 > second w/ no cd/hd activity, then it resumed w/ a beep, it printed some
 > garbage on the console, the only ledgeable was the following
 > 
 > [..]
 > Invalid partition tableError loading operating systemMissing
 > operating system1+0 records in
 > 1+0 records out
 > 512 bytes transferred in 2.712151 secs (189 bytes/sec)
 > [..]

This doesn't make sense.  Rather than 'I tried it' please show the exact 
command/s you are issuing.  Given it's a new disk you can afford to make 
mistakes, but once you have anything valuable on a disk you need to take 
extreme care with dd(1), it's so easy to fatfinger something wrong.

eg, what you show above would indicate just what you'd get by running:

dd if=/dev/ad4 count=1

ie, using 'if=' not 'of=', with of=/dev/stdout implied, ie to console.

If you do want to look at one or more raw sectors, it's very much safer 
piping dd's stdout to hd (hexdump), as the delays and beep you mention 
are consistent with piping raw bytes out to the console .. often this 
can blow your console settings away (I've done it too many times :)

If you initialise a disk with the default MBR (or it came that way) then 
that's usually what's in /boot/mbr - or /boot/boot0 if you've chosen the 
FreeBSD boot manager, or something else if using (say) grub.

t23% dd if=/boot/mbr | hd
  fc 31 c0 8e c0 8e d8 8e  d0 bc 00 7c be 1a 7c bf  |.1.|..|.|
0010  1a 06 b9 e6 01 f3 a4 e9  00 8a 31 f6 bb be 07 b1  |..1.|
0020  04 38 2f 74 08 7f 75 85  f6 75 71 89 de 80 c3 10  |.8/t..u..uq.|
0030  e2 ef 85 f6 75 02 cd 18  80 fa 80 72 0b 8a 36 75  |u..r..6u|
0040  04 80 c6 80 38 f2 72 02  8a 14 89 e7 8a 74 01 8b  |8.r..t..|
0050  4c 02 bb 00 7c f6 06 bd  07 80 74 2d 51 53 bb aa  |L...|.t-QS..|
0060  55 b4 41 cd 13 72 20 81  fb 55 aa 75 1a f6 c1 01  |U.A..r ..U.u|
0070  74 15 5b 66 6a 00 66 ff  74 08 06 53 6a 01 6a 10  |t.[fj.f.t..Sj.j.|
0080  89 e6 b8 00 42 eb 05 5b  59 b8 01 02 cd 13 89 fc  |B..[Y...|
0090  72 0f 81 bf fe 01 55 aa  75 0c ff e3 be b9 06 eb  |r.U.u...|
00a0  11 be d1 06 eb 0c be f0  06 eb 07 bb 07 00 b4 0e  ||
00b0  cd 10 ac 84 c0 75 f4 eb  fe 49 6e 76 61 6c 69 64  |.u...Invalid|
00c0  20 70 61 72 74 69 74 69  6f 6e 20 74 61 62 6c 65  | partition table|
00d0  00 45 72 72 6f 72 20 6c  6f 61 64 69 6e 67 20 6f  |.Error loading o|
00e0  70 65 72 61 74 69 6e 67  20 73 79 73 74 65 6d 00  |perating system.|
00f0  4d 69 73 73 69 6e 67 20  6f 70 65 72 61 74 69 6e  |Missing operatin|
0100  67 20 73 79 73 74 65 6d  00 90 90 90 90 90 90 90  |g system|
0110  90 90 90 90 90 90 90 90  90 90 90 90 90 90 90 90  ||
*
01b0  90 90 90 90 90 90 90 90  90 90 90 90 90 80 00 00  ||
01c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ||
*
01f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  |..U.|
0200
1+0 records in
1+0 records out
512 bytes transferred in 0.079548 secs (6436 bytes/sec)

Look familiar? :)  That's what 'dd if=/dev/ad4 count=1 | hd' would show 
on a disk with default MBR, except there'd be the slice data in the MBR 
section of the boot sector, starting at 0x1be, ending with 'sig' 55aa.

 > Restarting the install process, again accepting defaults, I am again

Again, please be more explicit.  Defaults for what?  One slice covering 
the whole disk might be assumed for

Re: what process is sending this packet?

2010-12-27 Thread Ian Smith
In freebsd-questions Digest, Vol 343, Issue 3, Message: 10
On Mon, 27 Dec 2010 06:30:05 -0800 S Mathias  wrote:

 > I can see, that theres a program that keeps sending packets on port 25:
 > 
 > Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 
 > DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP 
 > SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
 > Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 
 > DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP 
 > SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
 > Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 
 > DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55854 DF PROTO=TCP 
 > SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
 > Dec 27 14:12:10 a kernel: [ 6361.649059] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 
 > DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55855 DF PROTO=TCP 
 > SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
 > 
 > but where or how could i find out, that what process sends these packets?

I believe you've posted to the wrong list; this looks pretty much like a 
linux box running the ipchains firewall to me .. we have one of those:

r...@pigs:~ # uname -a
Linux pigs.wxyz.org 2.4.36 #1 Tue Jul 22 13:13:24 GMT 2008 i686 pentium3 i386 
GNU/Linux

>From its /var/log/messages:

Dec 28 14:47:07 pigs kernel: INPUT IN=ppp0 OUT= MAC= SRC=84.100.172.194 
DST=w.x.y.z LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52491 DF PROTO=TCP SPT=2381 
DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0
Dec 28 14:47:15 pigs kernel: INPUT IN=ppp0 OUT= MAC= SRC=84.100.172.194 
DST=w.x.y.z LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=53751 DF PROTO=TCP SPT=2635 
DPT=22 WINDOW=5808 RES=0x00 SYN URGP=0

I'm hoping to check out Luigi's linux port of ipfw + dummynet sometime, 
but have yet to hear of ipchains - let alone (ugh!) tc - on FreeBSD :)

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: kernel config file according to config(5): inconsistent ?

2010-12-26 Thread Ian Smith
On Sun, 26 Dec 2010, Bruce Cran wrote:
 > On Mon, 27 Dec 2010 01:50:45 +1100 (EST)
 > Ian Smith  wrote:
 > 
 > > Probably should be easy, but from trying to parse that and lang.l I
 > > get the vague impression (at best) that Rob's original should have
 > > worked?
 > > 
 > > Too much partying probably .. care to enlighten us?
 > 
 > The NOOPTION token doesn't accept an Opt_list, just a Save_Id - it's
 > just OPTIONS and MAKEOPTIONS that can have a list.

Ah, indeed.  So the config(5) nooption[s] entry is plain wrong, or at 
least 'ahead of the code' :) and whitespace is ignored anyway.

Interesting parser; thanks for the introductory crash course!

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: kernel config file according to config(5): inconsistent ?

2010-12-26 Thread Ian Smith
On Sun, 26 Dec 2010, Bruce Cran wrote:
 > On Mon, 27 Dec 2010 00:29:47 +1100 (EST)
 > Ian Smith  wrote:
 > 
 > > Arguably unforgiving parsing and/or imprecise description.  Try eg:
 > > 
 > > nooptions NFSCLIENT, NFSSERVER, NFSLOCKD, NFS_ROOT
 > > 
 > > with no space[s] before comma[s], as is generally conventional.
 > 
 > That doesn't work either. It should be fairly easy to see what's wrong
 > since the parser's in usr.sbin/config/config.y .

That'll teach me to punt on conventional generality :)

Probably should be easy, but from trying to parse that and lang.l I get 
the vague impression (at best) that Rob's original should have worked?

Too much partying probably .. care to enlighten us?

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: kernel config file according to config(5): inconsistent ?

2010-12-26 Thread Ian Smith
In freebsd-questions Digest, Vol 342, Issue 9, Message: 1
On Sat, 25 Dec 2010 04:38:08 -0800 Rob  wrote:

 > I read the guidelines in the man pages of config(5) on how to make a 
 > customized 
 > kernel config file:
 > 
 >  nooption name [, name [...]]
 >  nooptions name [, name [...]]
 >  Remove the specified kernel options from the list of previously
 >  defined options.  This directive can be used to cancel the
 >  effects of option or options directives in files included using
 >  include.
 > 
 > So I put following in my MYKERNEL config file:
 > 
 > include GENERIC
 > 
 > nocpu I486_CPU
 > nocpu I586_CPU
 > ident MYKERNEL
 > 
 > nomakeoptions DEBUG
 > 
 > nooptions MD_ROOT
 > nooptions NFSCLIENT , NFSSERVER , NFSLOCKD , NFS_ROOT
 > nooptions MSDOSFS , CD9660
 > nooptions PROCFS , PSEUDOFS
 > 
 > The comma separated items seemed to cause an error when I do the buildkernel.
 > If I remove the commas and make a 'nooptions' per item, then it is OK.
 >
 > Something seems to be inconsistent here, right?
 > 
 > Same inconsistency for "nodevices" with the syntax in the manpages and the 
 > real 
 > config file

Arguably unforgiving parsing and/or imprecise description.  Try eg:

nooptions NFSCLIENT, NFSSERVER, NFSLOCKD, NFS_ROOT

with no space[s] before comma[s], as is generally conventional.

cheers, Ian
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


  1   2   3   4   5   6   >