Re: pkgng questions

[Jeffrey Bouquet]

--- On Thu, 8/30/12, Matt Burke  wrote:

> From: Matt Burke 
> Subject: Re: pkgng questions
> To: "Mark Felder" 
> Cc: po...@freebsd.org
> Date: Thursday, August 30, 2012, 7:44 AM
> On 08/30/12 13:01, Mark Felder
> wrote:
> > I think you're very confused about what pkgng is for.
> At this time, ports
> > are STILL the recommended way to install things and
> keep them up to date.
> 
> Really? I think the last time I compiled X or a web browser
> (until using
> poudriere) was about 10 years ago.
> 

I mix packages and ports here, heavily using zsh;/var/db/pkg/;pipes;portmaster 
and a thumbdrive(ftp) to other machines


> 
> > Pkgng is the first step required for us to get a better
> package management
> > system so we can shift the community towards primarily
> using packages.
> 
> I like packages - they save me compiling massive things on
> my desktop and
> they let me keep my servers running exactly the same
> software built from
> our CI setup.  'make package' is so quick and easy,
> it'd be hard to beat.
> 
> So I thought I'd get a grip on pkgng before pkg_* disappears
> from base.
> 
> I had a couple of questions I wanted to answer -
> 
> 1) How easy does it make keeping my desktop (currently
> releng/9.1 built
> with dtrace) up-to-date
> 2) How much easier will it be to maintain production and
> testing servers?
> 
> 
> The answer has made me start downloading an OpenIndiana
> iso.
> 
> 
> 
> >> 2. Is there a list of ports like nvidia-driver,
> nspluginwrapper,
> >> linux-f10-flashplugin, sampleicc (dependency of
> libreoffice!) which aren't
> >> in pkgng?
> > 
> > Everything can be built into the pkgng format except a
> few ports that need
> > workarounds. There's a list on the wiki.
> > 
> > http://wiki.freebsd.org/pkgng
> > 
> > Go to the bottom "Known Failures" section.
> 
> I don't see any of the examples I gave listed, apart from
> nvidia-driver
> 
> 
> >> 3. How do I force pkg to install/upgrade a single
> package, regardless of
> >> dependencies being out of date?
> > 
> > You should never try to do this anyway; you'll end up
> with packages built
> > against the wrong versions of libraries.
> 
> You're suggesting that I should upgrade an entire machine
> which may have
> proven itself over a period of years to be perfectly stable,
> just because I
> need a small utility which really doesn't care about the man
> page typo
> which caused gettext-0.1.2_3 to change to gettext-0.1.2_4?
> 

Notable here, things which depend upon firefox; gcc46; ...

> 
> >> 4. How do I get poudiere to build against a local
> src/obj tree, or a zfs
> >> snapshot of a pre-built jail, instead of
> 9.0-RELEASE?
> > 
> > The poudriere man page has all the instructions needed
> to create jails of
> > any release version to be used for building packages.
> 
> No, the man page doesn't mention anything about specifying
> where to pull
> the distribution from, only what method of access to use.
> 
> 
> > You don't do it this way. You build everything on your
> poudriere server and
> > push all of your packages to the client. You do this
> every single time. If
> > you decide you want a new package on your client, you
> build it on your
> > poudriere server and have your client request it. If
> you're using
> > poudriere/pkgng, your clients should NEVER be compiling
> ports or installing
> > packages outside of what your poudriere server is
> providing. Poudriere is
> > giving you a "cleanroom" environment where it can
> guarantee that all the
> > packages and their required packages/libraries are
> sane.
> 
> > Pkgng doesn't require ZFS -- poudriere does. Your
> clients should never have
> > poudriere.
> 
> I am confused. If pkg_* are removed, how is a person with a
> single desktop
> machine (worst case, a netbook) expected to operate if they
> need a specific
> port build? Are they to spend a week compiling 1000+ ports
> themselves in a
> poudriere VM?
> 
> Or is the flexibility of FreeBSD ports just not deemed to be
> useful to the
> end user (or person unable to provide a dedicated any more?
> 

I am also perplexed; (unconvinced; ignorant...)..  Waiting for
a more comprehensive comparison to what exists now.  And I've 
read the documentation thoroughly, but not enough times to
fully comprehend all the strata...


> 
> >> 8. Is there a pkgng equivalent of 'ls -lt
> /var/db/pkg' without firing up
> >> sqlite?
> > 
> > Are you looking for the date column (not sure why
> that's useful as it can
> > change due to many things)? Doesn't "pkg info -a"
> suffice?
> 
> 'ls -lt /var/db/pkg' will show me what packages were
> installed sorted by
> day. It is very useful on servers which aren't routinely
> upgraded to the
> latest and greatest untested versions
> 
> 

/var/db/pkg/ here is also indispensable, ( which I
detailed precisely why in a message to the 
freebsd-current list, this month... )  Until I'm forced to
upgrade to /pkg/ instead (I've workarounds and
maybe a PR or two (feature req.) thought out...), I see this as a for

Re: Realtek RTL8191SEvB Linux driver?

[Jeffrey McFadden]

Thanks, all.  I found a manual online.
Jeff

><>><>><>><>><>><>><>
<><<><<><<><<><<><<><

On Tue, Jan 3, 2012 at 7:08 PM, Da Rock <
freebsd-questi...@herveybayaustralia.com.au> wrote:

> On 01/04/12 10:38, Daniel Feenberg wrote:
>
>>
>>
>> On Wed, 4 Jan 2012, Da Rock wrote:
>>
>>  On 01/04/12 02:10, Daniel Feenberg wrote:
>>>
>>>>
>>>>
>>>> On Wed, 4 Jan 2012, Da Rock wrote:
>>>>
>>>>  On 01/03/12 22:10, Jerry wrote:
>>>>>
>>>>>> On Tue, 03 Jan 2012 16:44:30 +1000
>>>>>> Da Rock articulated:
>>>>>>
>>>>>>  On 01/03/12 11:15, Jeffrey McFadden wrote:
>>>>>>>
>>>>>>
>>>>
>>>> Don't ndis(4) ndiscvt and ndisgen(8)  essentially accomplish what the
>>>> OP is requesting? See the handbook section 12.8.1.1:
>>>>
>>>>http://www.freebsd.org/doc/en_**US.ISO8859-1/books/handbook/**
>>>> config-network-setup.html<http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html>
>>>>
>>>> or the man page for ndiscvt:
>>>>
>>>>  
>>>> http://www.gsp.com/cgi-bin/**man.cgi?section=8&topic=**ndiscvt<http://www.gsp.com/cgi-bin/man.cgi?section=8&topic=ndiscvt>
>>>>
>>>>
>>>> While doing the conversion looks a bit beyond what we would expect of
>>>> an end-user, it does seem to offer a path for using hardware whose
>>>> manufacturer does not support FreeBSD. Is there anything beyond licensing
>>>> issues preventing such drivers from being included in the distribution, or
>>>> made downloadable in FreeBSD form?
>>>>
>>>
>>  Oh yes, it is possible, just not probable :)
>>>
>>
>> At
>>
>>  http://sourceforge.net/apps/**mediawiki/ndiswrapper/index.**
>> php?title=Category:USB<http://sourceforge.net/apps/mediawiki/ndiswrapper/index.php?title=Category:USB>
>>
>> almost 800 compatible devices are listed. Not everything, but I have
>> found that a willingness to spend a few dollars on a different card helps
>> immensely in enjoying FreeBSD and Linux. For me at least it is easier to
>> find a compatible card than to write a compatible driver.
>>
> Indeed :)
>
> I did notice that the card in question wasn't on that list. But my own
> experience with ndiswrapper and wifi cards were far less than satisfactory-
> the firmware always got in the road. But I may have just been too stupid at
> the time :)
>
>  I would also observe that most people involved with computers, whether as
>> users or developers, have little symphathy for people with different needs
>> from the device. This is a great impediment to progress. It is a mistake to
>> assume that because you don't need something, another person's desire for
>> it is illegitimate. In this case, I fully agree that it is an injustice
>> that hardware vendors do not supply FreeBSD drivers, but that does not mean
>> that users requiring such drivers are immoral or of poor character, and
>> therefore to be ignored or insulted. There is little that FreeBSD coders
>> and users can do about that injustice directly, however it is within their
>> power to mitigate it with the NDIS wrapper. If that wrapper allows another
>> user to enter the FOSS world, that will (in the fullness of time)
>> contribute to reforming the vendor.
>>
> No they are absolutely not of poor character, I agree. Some messages can
> be misconstrued, though, in that the replies can be terse and more logical
> than sympathetic. Sometimes it is easier to replace with a different card
> than flog a dead horse, although a user may take offense for emotional or
> financial reasons more than logical.
>
> Mitigation is a difficult path as I have found personally, although NDIS
> helps immensely with wired nics (not so much of a problem these days), and
> I believe Luigi Rizzo's work with the linuxulator and drivers is to be
> applauded ten fold. It takes a great deal of time though- I put forward the
> idea when I was still a BSD pup not entirely realising the challenges :)
> Luigi (and his colleagues) has been working hard ever since to facilitate
> the more challenging aspects of multimedia drivers (whether or not that had
> to do with my comments or not, I don't know).
>
> __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions<http://lists.freebsd.org/mailman/listinfo/freebsd-questions>
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Realtek RTL8191SEvB Linux driver?

[Jeffrey McFadden]

On Tue, Jan 3, 2012 at 6:38 PM, Daniel Feenberg  wrote:

>
>
> On Wed, 4 Jan 2012, Da Rock wrote:
>
>  On 01/04/12 02:10, Daniel Feenberg wrote:
>>
>>>
>>>
>>> On Wed, 4 Jan 2012, Da Rock wrote:
>>>
>>>  On 01/03/12 22:10, Jerry wrote:
>>>>
>>>>> On Tue, 03 Jan 2012 16:44:30 +1000
>>>>> Da Rock articulated:
>>>>>
>>>>>  On 01/03/12 11:15, Jeffrey McFadden wrote:
>>>>>>
>>>>>
>>>
>>> Don't ndis(4) ndiscvt and ndisgen(8)  essentially accomplish what the OP
>>> is requesting? See the handbook section 12.8.1.1:
>>>
>>>http://www.freebsd.org/doc/en_**US.ISO8859-1/books/handbook/**
>>> config-network-setup.html<http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html>
>>>
>>> or the man page for ndiscvt:
>>>
>>>  
>>> http://www.gsp.com/cgi-bin/**man.cgi?section=8&topic=**ndiscvt<http://www.gsp.com/cgi-bin/man.cgi?section=8&topic=ndiscvt>
>>>
>>>
>>> While doing the conversion looks a bit beyond what we would expect of an
>>> end-user, it does seem to offer a path for using hardware whose
>>> manufacturer does not support FreeBSD. Is there anything beyond licensing
>>> issues preventing such drivers from being included in the distribution, or
>>> made downloadable in FreeBSD form?
>>>
>>
>  Oh yes, it is possible, just not probable :)
>>
>
> At
>
>  http://sourceforge.net/apps/**mediawiki/ndiswrapper/index.**
> php?title=Category:USB<http://sourceforge.net/apps/mediawiki/ndiswrapper/index.php?title=Category:USB>
>
> almost 800 compatible devices are listed. Not everything, but I have found
> that a willingness to spend a few dollars on a different card helps
> immensely in enjoying FreeBSD and Linux. For me at least it is easier to
> find a compatible card than to write a compatible driver.
>

um, well, yeah, but it's a laptop.  :/  And I bought it before FreeBSD ever
crossed my mind.  


>
> I would also observe that most people involved with computers, whether as
> users or developers, have little symphathy for people with different needs
> from the device. This is a great impediment to progress. It is a mistake to
> assume that because you don't need something, another person's desire for
> it is illegitimate. In this case, I fully agree that it is an injustice
> that hardware vendors do not supply FreeBSD drivers, but that does not mean
> that users requiring such drivers are immoral or of poor character, and
> therefore to be ignored or insulted. There is little that FreeBSD coders
> and users can do about that injustice directly, however it is within their
> power to mitigate it with the NDIS wrapper. If that wrapper allows another
> user to enter the FOSS world, that will (in the fullness of time)
> contribute to reforming the vendor.
>
> Daniel Feenberg
>
>
> __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions<http://lists.freebsd.org/mailman/listinfo/freebsd-questions>
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Realtek RTL8191SEvB Linux driver?

[Jeffrey McFadden]

><>><>><>><>><>><>><>
<><<><<><<><<><<><<><



On Tue, Jan 3, 2012 at 5:30 PM, Da Rock <
freebsd-questi...@herveybayaustralia.com.au> wrote:

> On 01/04/12 02:10, Daniel Feenberg wrote:
>
>>
>>
>>>
>> Don't ndis(4) ndiscvt and ndisgen(8)  essentially accomplish what the OP
>> is requesting? See the handbook section 12.8.1.1:
>>
>>http://www.freebsd.org/doc/en_**US.ISO8859-1/books/handbook/**
>> config-network-setup.html
>>
>> or the man page for ndiscvt:
>>
>>  
>> http://www.gsp.com/cgi-bin/**man.cgi?section=8&topic=**ndiscvt
>>
>>
>> While doing the conversion looks a bit beyond what we would expect of an
>> end-user, it does seem to offer a path for using hardware whose
>> manufacturer does not support FreeBSD. Is there anything beyond licensing
>> issues preventing such drivers from being included in the distribution, or
>> made downloadable in FreeBSD form?
>>
> Oh yes, it is possible, just not probable :)
>
> I had considered that aan answer, but the device is wifi and the firmware


Excuse my ignorance (again) but what does this mean?  "...the Firmware..."
For now I have reverted this machine to Ubuntu; it's just a machine I set
up for my wife to browse the net so she can keep her 30,000 pictures on a
Windows box virus-free and it's too much hassle to have the belkin thingy
sticking out the side trying to get knocked off.  (Just as an aside I don't
know why there seems to be so much resentment for Ubuntu here, it looks
free and open to me, but what do I know?)

Anyway, back to the point, I mostly started using PC-BSD because it's more
secure than Windows, and because even at my age (retired) I can continue to
learn something just for the fun of it, and because... well, it's difficult
to express.  I've messed with Linux on and off since Debian 1.2, then had
to focus hard on Windows so I could get good enough at it to make a living
as a Windows desktop tech in a nationwide health care company... now I find
myself attracted to PC-BSD, which has the same stated intent, btw, as
Ubuntu, to make a desktop that "ordinary users" (which just about defines
me) can use.

Excuse the blather.  The point:  Does anyone think it might be worth the
effort to try to run ndisgen on the Windows drivers?

makes it damn near impossible to use in this way. NDIS setup is less than
> user friendly at the best of times without the additional hoops for the
> firmware loading. I've tried it myself before.
> __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD Kernel Internals Documentation

[Jeffrey McFadden]

><>><>><>><>><>><>><>
<><<><<><<><<><<><<><



On Tue, Jan 3, 2012 at 4:39 PM, Jerry  wrote:

> On Mon, 2 Jan 2012 12:33:20 -0700
> Chad Perrin articulated:
>
> > > Now you have really peaked


Piqued.  Although it is misused here.  Google it.

my interest. On any given day, on a
> > > Windows based forum, the terms: "FreePiss", open-sore", "Lsuck"
> > > etcetera are freely thrown around. On Linux based forums, terms
> > > like: "Winblows", "Microsucks", etcetera are freely used. Would you
> > > please be so kind as to explain to me why it is morally correct to
> > > use one set of terms but not the other? It is either right or it is
> > > wrong. You cannot be slightly pregnant. I personally find such
> > > terms morally repugnant; however, since they are commonly used on
> > > this forum it appears that they are socially acceptable. Would you
> > > not concur or are you going to try and bullshit your way out of
> > > this one?
> >
> > 1. I didn't say it was "morally correct" to use one set of derogatory
> > forms and "morally incorrect" to use the other.  You are attributing
> > arguments to me I never made.
>
> I just spent a half hour rereading every post on this thread to see if
> I had inadvertently stated that you had stated in any way that it was
> "morally correct". Guess what, there aren't any such statements.
> Neither did I make a claim that you supported such actions. I never
> attributed any such remarks to you. I simple asked for you to explain
> why it would be morally correct to do so. Your reading comprehensive
> skills are seriously lacking. The fact that you would spend time to
> defend yourself against a non-existent claim totally amazes me.
> Seriously, have you ever been diagnosed with paranoia?
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Realtek RTL8191SEvB Linux driver?

[Jeffrey McFadden]

I have a Toshiba Satellite U505-S2950 laptop with a Realtek RTL8191SEvB
wireless card built in.  FreeBSD doesn't recognize this card and can't use
it, but Ubuntu does.

Would it be possible to go glom a Linux driver off the web someplace and
install it in my FreeBSD and get the wireless to work?  I'm using a USB
Belkin in it now, but that's an unhandy thing sticking out like it does.

Thanks,

Jeff
><>><>><>><>><>><>><>
<><<><<><<><<><<><<><
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: freebsd-questions Digest, Vol 395, Issue 10

[Jeffrey McFadden]

On Sat, Dec 31, 2011 at 6:00 AM, wrote:

> Send freebsd-questions mailing list submissions to
>freebsd-questions@freebsd.org
>


> Matthew Seaman wrote:


> Message: 9
> Date: Sat, 31 Dec 2011 09:34:02 +
> From: Matthew Seaman 
> Subject: Re: very small network
> To: freebsd-questions@freebsd.org
> Message-ID: <4efed70a.8080...@infracaninophile.co.uk>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 31/12/2011 04:12, Jeffrey McFadden wrote:
> > I bought into FreeBSD with a DVD of PC-BSD.  It's great, but the PC-BSD
> > user manual is not up to the level of the FreeBSD manual.  In the latter
> I
> > have found, as you all suggested, all the necessary information.
> >
> > I haven't set the network up yet but I expect to be able to run both
> server
> > and client NFS on each machine to enable networking both ways.  They are
> > all laptops of one sort  or another (Asus eee, Toshiba Satellite, late
> > model Sony Vaio)  and it sort of depends on where I sit which machine
> needs
> > to be client and which server, if that makes any sense.
>
> Perfect sense.
>
> One thing I'd expect PC-BSD to have (or at least to make easy to enable)
> is Apple-esque zeroconf networking.  That means you should be able to
> plug a new build machine into your network, and it will discover other
> machines on the net and give you the ability to mount filesystems, or
> print to attached printers, and all without having a designated central
> controlling server.  I take it this is the sort of thing you mean by
> setting up your network?
>

As I look, yes, PC-BSD does have such a thing, and it has a "network
browser" built into it, too.  It almost looks like it is designed to use
Samba even between BSD machines; does this make sense?

>
> This is a very attractive model as it is very simple from the user point
> of view.  You don't necessarily need to have any dedicated servers,
> although such things as a DHCP server are still useful (I suspect your
> broadband router probably has that function).  On the other hand, it is
> probably a bit harder to set up than a strict client-server setup with
> dedicated servers.
>

It is attractive, but I don't see any way to configure exported filesystems
other than going back to NFS, which is all right, but I'm trying to
understand what this other option might mean to me.

>
> The key software requirement here is to set up multicast DNS.  There are
> a number of packages in the ports to do this -- mDNSresponder, howl, but
> what I'd recommend is avahi as it is best integrated with other software
> packages.  For the shared networking thing, you can use samba between
> FreeBSD machines, but you'll need to build samba from ports since the
> AVAHI option isn't enabled by default.
>

As you may know, PC-BSD has a system they call PBI (Push Button
Installation) to install pre-built packages via a "software manager" app on
the system.  Needless to say, it does not offer all 23K+ ports.  There is a
.PBI version of Samba; I wonder if it has Avahi enabled by default.

>
>Cheers,
>
>Matthew
>

Thanks for the help,

Jeff

>
>
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: axe(4) and Plugable USB2-E1000 (or: general USB Ethernet advice)

[Jeffrey McFadden]

On Sun, Jan 1, 2012 at 10:26 AM, Rotate 13  wrote:

> I am looking for a USB ethernet adapter which works with very stable
> driver in FreeBSD.  To effect this end, I went through section 4 man
> pages, and made list of drivers for USB ethernet chips.  The problem
> is, many are apparently not widely available or in current production
> - but I found ASIX AX88178 and ASIX AX88772 (axe(4)) in various
> devices from http://plugable.com/ .  I am mostly interested in ASIX
> AX88178 due to faster speed (albeit limited by USB2 speed).
>
> My questions:
>
>* Does anybody have good or bad experience with Plugable USB2-E1000
> (ASIX AX88178) in FreeBSD?  Stability is utmost concern, followed by
> performance.  I note, Amazon.com page for product says also it has
> Realtek RTL8211CL PHY - I do not understand why, and cannot find info
> explaining this.  Is perhaps slower USB2-E100 with ASIX AX88772 more
> compatible?
>
>* Any advice on rock-solid usage of USB Ethernet in FreeBSD, and
> pointers to other products will be much appreciated.ss G USB
>

I can't address your other questions, but the Belkin Wireless G USB adapter
model FSD7050 is working without fail for me, and last I knew was still on
the market.

Jeff

>
> Thanks in advance.
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sour grapes .. was FreeBSD Kernel Internals Documentation

[Jeffrey McFadden]

On Sun, Jan 1, 2012 at 12:41 PM, doug  wrote:

> I wish someone with some FreeBSD weight would make this request, but I
> think this thread got a little off topic.
>

Oh buddy...

>
> The main thrust of the FreeBSD project seems to be making the best server
> OS possible. That I think they do that pretty well. I have long held that
> to be viable long term in the server game you have to at least be credible
> in the desktop game. I hope some of the desktop projects will bear fruit in
> this area.


I bought into FreeBSD as PC-BSD and am enjoying it greatly.  It beats
Windows, for me, and makes considerably more structural sense than the
Linuxes I have experienced (Debian and, more recently, Ubuntu.) The boot
configuration and directory structure is more comprehensible.

If I were not too old and (more to be point) too obsolete technically I
> would put my efforts where my thoughts lead me. As it is, I use FreeBSD as
> a desktop because it requires me to get into areas just administering a
> server farm would never take me. The upsie fpr me is that never crashes.
> That it works okay on an 800MHz, 500MB old dell server does not hurt
> either. The pain that comes with that is my choice.
>

I never had the skill and still don't.  As users go I'm pretty
knowledgeable, and in fact was once a Windows network desktop tech in a big
hospital corporation, but as far as writing code and making a serious
difference, nope, sorry, I never learned how.

>
> That said, FreeBSD has a giant disadvantage in the desktop world. In
> trying to find if there will be any sort for my current laptop


I don't know what your current laptop is, but PC-BSD is running fine on my
Sony Vaio VPC-EC2TFX/W1, on my Asus eee, and it runs acceptably on my
Toshiba Satellite U505-S2950, although it tend to forget the screen size on
that one and need to be reminded from time to time.

I came across a comment from Robert Noland saying that Xorg is becoming
> more and more Linux centric. That is a problem the FreeBSD project can not
> overcome.


Sure it can, the same way Linux got where it is today - get people's
interest.  I think PC-BSD should help.  Or, some FreeBSD project people can
contribute to the Xorg project as well... it's not over, we're just where
we are.


> That along with the way Intel does its video drivers makes supporting new
> stuff non trivial if not daunting.
>

And that, alas, is beyond my ability to even address.

Jeff

>
> __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

very small "workgroup" network

[Jeffrey McFadden]

I feel really inferior to the community here, but I have to ask because I
simply don't know:

What do I need to do to create a small (3 PC-BSD) home network?  I could do
this in no time in Windows, but I don't know how to find, configure, and
enable the files necessary  to make these machines talk to each other and
allow browsing to shared resources.  h The connectivity is in place (each
can access the internet.)

I've Googled considerably and not found instructions.  Just a pointer to
instructions on the web somewhere would be fine.

Blushing and grateful,

Jeff

><>><>><>><>><>><>><>
<><<><<><<><<><<><<><
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Upgrading

[Jeffrey Everling]

Dear sir/madam

On my work I have a system which uses FreeBSD 6.3 as platform.
Now we want to upgrade to 8.2 but do we need to upgrade to 7.x first?
The update manual to 8.2 on the site does not mention 6.x

-- 
Kindly Regards,

Jeffrey Everling
SURFnet
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

You have 1 new message from Jeffrey!

[Jeffrey]

  

Hi!
You have 1 new message from Jeffrey! 

Click here to view your message now:

http://link.z.woomyfriends.com/t.d?O4GmI9L1CVSorj=woome/newuser/vsi/2v2rju/_0utm_2source=woom&utm_2medium=virl&utm_2campaign=ALL1st

 - WooMe Team




sent by WOO Media Inc., 11751 Mississippi Ave #150, Los Angeles CA 90025, USA
unsubscribe / manage emails you receive from WooMe here:
http://link.z.woomyfriends.com/t.d?X4GmI9L1CVSorj=woome/unsubscribe_2email/7072f23890a39bcee30500faf09d3525943d5f7c/_0utm_2source=woom&utm_2medium=virl&utm_2content=unsub&utm_2campaign=ALL1st



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

You have 1 new message from Jeffrey!

[Jeffrey]

  

Hi!
You have 1 new message from Jeffrey! 

Click here to view your message now:

http://link.z.woomyfriends.com/t.d?f4GmI9L1HPSorj=woome/newuser/vsi/2v2r10/_0utm_2source=woom&utm_2medium=virl&utm_2campaign=ALL1st

 - WooMe Team




sent by WOO Media Inc., 11751 Mississippi Ave #150, Los Angeles CA 90025, USA
unsubscribe / manage emails you receive from WooMe here:
http://link.z.woomyfriends.com/t.d?PYGmI9L1HPSorj=woome/unsubscribe_2email/d7a395631df79c808691c0c981fffccd251aaa45/_0utm_2source=woom&utm_2medium=virl&utm_2content=unsub&utm_2campaign=ALL1st



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Freebsd, postfix and push email

[Jeffrey Goldberg]

On Mar 28, 2010, at 3:49 PM, krad wrote:

> On 28 March 2010 21:38, Dan Nelson  wrote:
> In the last episode (Mar 28), Ron said:
> > Jeffrey Goldberg wrote:

> > > IMAP, but not POP3, can be used to push, but the iPhone mail client
> > > doesn't support that [...]

> > So how is Mobil Me and Exchange Servers (MS, Zimbra, etc) doing it?

> For ActiveSync at least, the phone has to keep a TCP connection to the
> server open 24/7, and the server sends a notification when a new mail
> arrives.  MobileMe probably works the same way.  The IMAP protocol supports
> a similar "notify on new mail" option, but for some reason Apple doesn't use
> it in their client.

My understanding is that Apple wants all persistent connections to the iPhone 
to go through them, so that there is only one connection.  This is, putatively, 
for battery life issues.  Every pushable client on the iPhone doesn't maintain 
its own TCP connection but works through an API and has to have their service 
approved by Apple.

Apple made an exception for Exchange so that I could sell iPhones to businesses.

For better information than my possibly misremembered speculation, you would do 
well to check iPhone developer communities.

-j

-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Freebsd, postfix and push email

[Jeffrey Goldberg]

On Mar 28, 2010, at 1:36 AM, per...@pluto.rain.com wrote:

> Er, no.  POP3 and IMAP are "pull" services, wherein the client
> polls the server periodically for any newly-arrived messages.

IMAP, but not POP3, can be used to push, but the iPhone mail client doesn't 
support that as far as I know.  It does support being pushed to over Mobile Me, 
but not on regular IMAP.

-j


-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Q: recommendation for external USB disk

[Jeffrey Goldberg]

On Jan 11, 2010, at 6:32 AM, Matthias Apitz wrote:

> Can someone recommend a good external USB disk for backups which works
> with FreeBSD 8.0 and has more than 512 GByte? Thx in advance

Pretty much anything that you consider to be a reliable supplier will do.  
There are no specific FreeBSD requirements as far as I know.

I recommend that you get a disk that is externally powered instead of with 
power supplied over USB.

Earlier versions of FreeBSD had problems with USB connected devices.  In 
particular if they were removed or powered down without dismounting, this could 
lead to a kernel panic.  This problem has been fixed, but I still am extra 
careful with my USB backup disks:

(1)  Power for the back-up disks should be on a UPS
(2)  umount the file systems on the back-up disk when not in use.

Cheers,

-j


-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: spamassassin Y2010 bug

[Jeffrey Goldberg]

On Jan 3, 2010, at 2:10 PM, Matthew Seaman wrote:

> There's a .shar of the new port at:
> 
>  http://www.infracaninophile.co.uk/sa-utils.shar
> 
> Comments, critique are welcome.  Unless there are any killer bugs, I'll
> send-pr(1) in a week or so.

Thanks for doing that.  It looks great to me.  I just wonder about it being 
enabled by default.  I don't know what official policy is (if such a thing 
exists), but my experience with FreeBSD ports is that while they install 
things, the user must still explicitly enable them.

So if might be a good idea to set the defaults to "NO" and include a 
pkg-message that instructs people to add the enabling lines in 
/etc/periodic.conf.local

I'm also wondering about the name of the port.  This really is only one utility.

Anyway, those are trivial concerns.  The substance of your port all looks very 
good to me.

Cheers,

-j



-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: spamassassin Y2010 bug

[Jeffrey Goldberg]

On Jan 2, 2010, at 8:45 AM, RW wrote:

> On Sat, 02 Jan 2010 13:15:25 +
> Matthew Seaman  wrote:
> 
>> However, neither of these have been accepted by the
>> p5-Mail-SpamAssassin port maintainer.
> 
> It's not really a one-size fits all problem - it depends on which
> channels you use and  whether you want sa-compile (which isn't
> supported by either script quoted).

Of course both of these scripts could be easily modified to meet local needs.  
The second script already had some customization hooks built in.

> sa-update is very cheap to run - if there's no update it's just a dns
> lookup. If you're using the auto-generated "sought" rules you may wish
> to update several times a day. OTOH sa-compile is very cpu intensive,
> and once a day may be too much.

That is all true.  If you are maintaining a high traffic site (for which 
sa-compile would be useful) then you will probably be rolling your own 
maintenance scripts anyway.  But none of this is not a reason to not include 
something like these in the SA port.

Alternatively, if someone were sufficiently motived they could put together an 
SA utilities port that installs a number of maintenance scripts which a user 
can enable.

> One other thing is that just I always use sa-update with
> --gpghomedir. If you use the default you loose any third-party public
> keys each time the SA port is reinstalled.

That is useful to know.

Thank you both for your help on getting me to maintain my system better.

Cheers,

-j


-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: spamassassin Y2010 bug

[Jeffrey Goldberg]

On Jan 1, 2010, at 5:19 PM, RW wrote:

> On Fri, 1 Jan 2010 15:05:54 -0600
> Jeffrey Goldberg  wrote:
> 
> 
>> it is likely that
>> some fix will be in with the next batch of rule updates for those who
>> use sa-update.
> 
> It's already available in sa-update.

Great.

How do I know if I am running sa-update?  When installing SpamAssassin from 
ports I was prompted as to whether I wanted to do this (I said "yes"), but I 
don't see anything about it in any crontab I can find nor in /etc/periodic or 
/usr/local/etc/periodic.

I'm on 8-STABLE.

Cheers,

-j


-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

spamassassin Y2010 bug

[Jeffrey Goldberg]

I've submitted a PR for this, but email administrators who use SpamAssassin may 
wish to take immediate action.

There is a SpamAssassin rule which treats messages with dates after 2009 as 
"far in the future".  This adds about 3 points to the SA score, so is very 
substantial.

I've posted details and links here

  http://jpgoldberg.blogspot.com/2010/01/sky-is-falling-first-y2010-bug.html

But as an immediate, though possibly temporary, work around I would recommend 
just adding

  score FH_DATE_PAST_20XX   0

to your own local.cf file to disable the rule.

There is discussion on the SA mailing list, and it is likely that some fix will 
be in with the next batch of rule updates for those who use sa-update.  But if 
you aren't willing to wait or you don't use sa-update, I recommend the above 
workaround.

Cheers,

-j

-- 
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: usenet configuration

[Jeffrey Goldberg]

On Oct 2, 2009, at 2:21 AM, Bernt Hansson wrote:


Aflatoon Aflatooni said the following on 2009-10-01 19:17:

What is needed in order to run nntp?


INN https://www.isc.org/software/inn
A faq for INN is at http://www.eyrie.org/~eagle/faqs/inn.html

Diablo gttp://www.openusenet.org/diablo
A faq for diablo is at the above address.

DNews http://www.netwinsite.com/dnews.htm

Typhoon (not free/open) http://www.highwinds-software.com/


And if the needs are small, one might be able to get away with just  
running leafnode.  Leafnode is *not* a full NNTP server, but for small  
networks with limited needs, it might be sufficient.


I'm not familiar at all with Typhoon and Diablo.  The last time I used  
DNews (a very very long time ago) it had some really nice design  
features that made it appropriate for situations between what one  
would use leafnode and INN, but it was buggy (this was a long time  
ago, those bugs have probably been fixed).  INN, of course, is the  
sendmail, of Usenet servers.


Cheers,

-j


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Whic mail server?

[Jeffrey Goldberg]

On Sep 27, 2009, at 8:01 AM, Aflatoon Aflatooni wrote:


Hi,
I am running a server that is acting as the mail server for only  
internal users (about 50 users). Currently we are running Sendmail,  
but reading on other discussions I noticed that qmail and other  
programs are suggested.


If you have no compelling reason to switch from sendmail, stick with  
that.



I am wondering if qmail is thought to be better than sendmail.


My personal favorites in order are

 exim
 postfix
 sendmail
 carrier pigeons
 messages in bottles
 qmail
 smoke signals
 ...
 MS Exchange
 ...
 whatever system dogs use when they smell each others' excrement.
 ...
 Lotus Notes

You can't go wrong with the first three: exim, postfix, and sendmail.   
There are reasons why I have the preferences that I do, but they don't  
apply to you or your needs.  So unless you are having problems with  
sendmail, just stay with that.



Any suggestions on spam filters like spam-assassin?


There are many ways to integrate spam-assassin and sendmail, and they  
will all be in the ports system.  Look at mail/spamass-milter


Another approach (not using milters) is a spamassassin+procmail  
solution.  I prefer the milter as it allows you to reject mail early  
in the process.


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: named issue

[Jeffrey Goldberg]

On Sep 25, 2009, at 2:00 PM, Jos Chrispijn wrote:


[named]

Lately I get messages like thin in my all.log:

named[605]: too many timeouts resolving '*.*.*.*.zen.spamhaus.org/ 
A' (in 'zen.spamhaus.ORG'?): disabling EDNS


(*) is random ip address


These are queries your mailservers are making to the spamhaus blocking  
list.


How many queries to the ZEN Spamhaus DNSBL are you making per day?  If  
you exceed their "non-commercial" usage, they will cut you off.


See

 http://www.spamhaus.org/organization/dnsblusage.html

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: What should be backed up?

[Jeffrey Goldberg]

On Aug 23, 2009, at 7:14 PM, Karl Vogel wrote:


  Touching a timestamp file and backing up stuff newer than that works
  fine for things you modify, but I frequently copy over source  
tarballs

  and the timestamp method won't work for those.


This is one of the several reasons that I use rsync (via rsnapshot).   
At each increment, it backs up the minimum that is need.  With the  
cost of having a complete backup which duplicates what you would find  
in a reinstall, you have a complete system.


Suppose you accidently trash something from the original  
installation.  It may be easier to restore it from your backups than  
going to original installation media.  Disk space is cheap, so having  
a complete back-up (under most circumstances) makes sense.  With -- 
link-dest you can maintain many snapshots with the minimal of copying,  
transmitting, and writing files.


Of course everyone's back up needs are different, and what works for  
me isn't necessarily the best for others.  But if you haven't looked  
at rsnapshot, I'd recommend that you do before writing your own  
scripts.  Even if you don't use rsnapshot itself, look at what it does  
with rsync.


Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: What should be backed up?

[Jeffrey Goldberg]

On Aug 21, 2009, at 2:33 PM, John Almberg wrote:

I am currently using rsnapshot to back up these directories on a  
FreeBSD 7.2 webserver:


/etc
/usr/home
/usr/local
/var/cron

These directories contain all the data and config files that I  
use... I think...


Question: am I missing anything crucial?


My general advice is to back up everything and then explicitly  
excluding those things that you know that you don't need.  Here is my  
exclude list from my rsnapshot.conf


 exclude /var/log
 exclude /var/tmp
 exclude /usr/obj
 exclude /usr/ports/distfiles
 exclude /usr/local/squid

Also I backup by file system, so I'm already excluding /tmp

It is far to easy to forget something that needs to be backed up.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: freebsd

[Jeffrey Goldberg]

On Aug 17, 2009, at 5:30 AM, BONGANI MANGANYE wrote:


am doing research about freebsd ,so can you help me with this
information
1. features, benefits and setbacks
2. Functionality and features
3. versions, strong and weak points
4. Unique features


I am delighted that university courses are assigning research projects  
like this.  Point 4 on your list will not only require looking at  
information about FreeBSD but at its alternatives.


When you are done with the assignment, please put it up on a website  
and post a link to it back here.  Many members of this mailing list  
would enjoy reading it.  People may even be willing to comment on  
drafts (check to see whether that is alright with the person who  
assigned this project.)


Best wishes with your assignment.

Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Cleaning email

[Jeffrey Goldberg]

On Aug 7, 2009, at 6:42 AM, Olivier Nicole wrote:


reading around the FAQ for FreeBSD mailing list, I see that the
mailing list server does some message cleaning (converting HTML to
text, etc).



I don't want just any solution, that works more or less, but the very
well tested solution used by FreeBSD mailing lists.


On the mailing list this is done by the mailing list system, mailman,  
which is in ports/mail/mailman.


But the cleaning stuff is just part of a much larger system (mailing  
list management), so I don't think you can get it to do what you want.


There is a milter,

 ports/mail/mime-defang

which, while it can do many other things (that you don't need to  
enable, also does this.  I haven't used it in more than 5 years, so I  
can't speak for how well it works.  But I did set it up for an  
organization that had lots of Outhouse users on desktops that were  
vulnerable to malicious HTML.


mimedefang is also useful for blocking certain types of attachments as  
well.


There may be better, special purpose tools that do what you want.  You  
could also look at the mailman source (python) to see how it does its  
cleaning.


-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Sendmail Masqurading and root mails

[Jeffrey Goldberg]

On Aug 2, 2009, at 8:22 PM, Danny Carroll wrote:


I've added the following to the default sendmail mc file:

MASQUERADE_AS(`mypublicdomain.com')dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_DOMAIN(beasie.lan)dnl

Recompiled the cf files and restarted sendmail.

Here is the kicker.  If I log in as a normal user it masquerades just
fine.

If I simply "su -"  to root, the masquerading works fine and the  
mail is

sent as the original logged in user.

But if I log in as root via the console then it does not alter the  
messages.


By default sendmail does not MASQUERADE root (figuring that you get  
root mail from several of your machines and want to see which machine  
it is from).  In the old days there was a feature  
"NO_MASQUERADE_ROOT", but looking through cf/README I see that that is  
one of the many things that have changed since I last seriously worked  
with sendmail.


Now sendmail has a class of "exposed" users.  These are usernames for  
which masquerading shouldn't take place.  By default, root is in there.


There is an .mc file directive

  EXPOSED(`username')

which, according to the documentation, adds usernames to the list that  
shouldn't be masqueraded.  Unfortunately, I don't see a mechanism for  
removing members from the E (Exposed) class.


You could try

 EXPOSED()

or

 EXPOSED(`')

to see if either will remove things in the E class.

The offending line in the generated .cf file is

 C{E}root

if you still end up with that, then root will not get masqueraded.

So if the above doesn't work, there probably is a clean way of  
clearing a class from the .mc file, but I don't know what it is.   
Hopefully others will be able to answer.


In the worst case, you could manually edit the generated .cf file, to  
remove the

 C{E}root
line, but that is not really a road I would recommend going down.

At the risk of suggesting something that you probably know you should  
do in the long run, but would take a lot of tedious work to set up,  
you should probably move away from having your private network be .lan.


Instead use .private.mypublicdomain.com and set up a local (on your  
private network) nameserver for that private subdomain.


Sorry I couldn't be of more help.

Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Sendmail Masqurading and root mails

[Jeffrey Goldberg]

On Aug 2, 2009, at 8:22 PM, Danny Carroll wrote:


MASQUERADE_AS(`mypublicdomain.com')dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_DOMAIN(beasie.lan)dnl

Recompiled the cf files and restarted sendmail.

Here is the kicker.  If I log in as a normal user it masquerades just
fine.

If I simply "su -"  to root, the masquerading works fine and the  
mail is

sent as the original logged in user.

But if I log in as root via the console then it does not alter the  
messages.


I found the answer to your problem here:

 http://www.grok.org.uk/docs/smroot.html


The file that is being included which has the

  EXPOSED_USER(`root')

line lives at

 /usr/share/sendmail/cf/domain/generic.m4

Just make a copy of that file, call it beasie.m4, remove the  
"EXPOSE_USER" directive from your copy and then change


 DOMAIN(generic)

to

 DOMAIN(beasie)

in your mail .mc file.

Cheers,

-j




--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: feedback, comments on this php-delimiter scrubbing program?

[Jeffrey Goldberg]

On Jun 16, 2009, at 12:02 PM, Gary Kline wrote:


this works, but still gives a warning.  it's sloppy coding, but
as a second version...


You've got some superfluous tests for EOF in some places, and you may  
also be missing some.


Your approach has been to "look ahead" with an extra getc() when you  
come across an interesting character.  I recommended that instead of  
doing that you keep a variable "state" to keep track of where you are  
(and have very recently been) instead of looking ahead.


I haven't tried your code, but I suspect that it behaves incorrectly  
with input


  (1) that has a '<' as a final character
  (2) that includes things like "<<<"

There is a systematic (if a bit tedious) way to make sure that you  
check every condition.  When you've worked enough on this, you can  
peek at an answer which I've attached.


(For the rest of you, I know that it would be more efficient to make  
the big switch on state instead of on input character, but for  
pedagogical reasons I did it the other way around.  I deliberately  
avoided other available tunings).


The extensive comments in the code should make it clear what is going  
on.  Once you understand the concepts here it should be very easy to  
write code to do similar things in the future.


-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/



gkline.c
Description: Binary data



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: feedback, comments on this php-delimiter scrubbing program?

[Jeffrey Goldberg]

On Jun 16, 2009, at 10:30 AM, Gary Kline wrote:


I thought my initial getchar() != EOF would handle that.
But then there's that do-forever loop.


As I said, the most common problem people had was failing to check of  
EOF in all the places it could occur, and so looping forever.


Do not rely on the input being well formed.


 I remember Jeffrey's
post and tried a case 'EOF' or case '-1';  thar gives me
compiler errors.


Look at the man page for getchar() paying close attention to the type  
of what it returns.


You should really take the pointers from Jeffrey Goldberg and  
record states
and decide based on the state, rather then inlined switch  
statements, if only

for readability.


Even for a very simple task, the logic of your code is very very hard  
to read.  Clarify the logic (using the idea of a "state") and you will  
find that this can be programmed very simply.



-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: flaw found [in my own program]

[Jeffrey Goldberg]

On Jun 8, 2009, at 7:15 PM, Gary Kline wrote:


not surprisingly, i found a fla w in my getc(fp) program that
tried to read past "" ...  the example i added to my
test file was simply the 2 bytes "<" and "?".  so if you have a
stray

"

Back in the days when I taught introductory C programming, one the the  
early homework assignments was to write a filter that would strip C- 
style comments.  As a follow-up they had to do this allowing for  
nested comments.


I don't think I can recover things from the back-up tapes that I have  
for that corse material, but the approach I directed people toward was  
to have a variable, let's call it status that records one of four states


 OUTSIDE  /* just reading normally, not in the material to be striped  
*/

 AFTER_LT /* You've read in a '<' and are looking for a '?' */
 INSIDE   /* You are in the material to be stripped */
 AFTER_Q  /* You are in the material to be stripped and have just  
read a '?' */


then use a switch statement on the character you are reading in.

   switch(c) {
 case '<': ...
 case '?': ...
 case '>': ...
 case EOF: ...
 default: ...
   }

In each case, you look at the current state, decide whether the write  
'c' to output and what state to change to.  The most common mistake  
students would make would be to forget the EOF case.  I suspect that  
you may have done the same.


-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: NO_PROFILE option in FBSD-7.2

[Jeffrey Goldberg]

On Jun 8, 2009, at 11:59 AM, Tim Judd wrote:


If that's related to 'world', all world-related build options should
be placed in src.conf now.  What make.conf was to world+ports, is now
src.conf = world, make.conf = ports


What is the appropriate location for KERNCONF, which I still have in / 
etc/make.conf ?





--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Secure unsalted or fixed salt symmetric encryption?

[Jeffrey Goldberg]

On May 25, 2009, at 2:00 PM, Roland Smith wrote:


You could use the -S option and specify a constant salt. It might make
the encrypted materials easier to break, though. You can generate a
random salt with openssl as well:



Or you can use the -nosalt option. But as explained in
[http://www.openssl.org/docs/apps/enc.html], using a random salt by
default is a design decision because: "Without the -salt option it is
possible to perform efficient dictionary attacks on the password".  
That

doesn't sound good, does it?


This is being used for file encryption, not password encryption.  So a  
dictionary attack isn't all that likely unless the encrypted files are  
of a specific nature (known template which remains constant while only  
small parts of the file vary).


Note that without salt (or with constant salt) an attacker would know  
which files are identical both within a snapshot or across them.  But  
this is pretty much what the OP wants the back-up system to know, so I  
guess that would be okay.


If you are using a (e.g. USB connected) disk as backup, use geli(8)  
to encrypt

the whole disk instead of encrypting each file separately.


The OP may be doing something like rsync over an insecure network.   
But in the absence of details about the OPs situation it's hard to  
make solid recommendations.  As you suggest, encrypting the resulting  
back-up filesystem is probably the the best option if the back-up  
filesystem is exacted to be the target of attack.


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Meta: useless text/plain part [Was: Ethernet - Internet I/O]

[Jeffrey Goldberg]

On May 3, 2009, at 2:28 PM, Jerry wrote:


On Sun, 3 May 2009 16:30:16 -0300
Exemys  wrote:


This is a message in multipart MIME format.  Your mail client should
not be displaying this. Consider upgrading your mail client to view
this message correctly.


What is this all about?


Exemys' mailer is broken.  Here are the details:

Exemys sent mail that was of type

  multipart/alternative

meaning that each part is an alternative view of the content.   
However, exemys' mailer doesn't actually do what it should and the  
part that was text/plain just had the text that we saw while the other  
part (presumably text/html) had the real content.


Mailman, the mailing list system used for the list, correctly cuts out  
text/html parts of multipart/alternative messages and just sends on  
the text/plain alternative to the list members.


So the problem is that the original poster's mail headers falsely  
claim that the parts are genuine alternatives while in fact the text  
part is just a notice to read the other alternate.


Mailman is behaving correctly in my view, stripping out any HTML  
alternates and just going with the text/plain alternative.  Exemys'  
mailer is broken in that it sends messages that claim to provide a  
text/plain alternative, but doesn't actually honor that claim.


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Honey pot email address

[Jeffrey Goldberg]

On May 1, 2009, at 11:57 PM, Andrew wrote:

Does anyone have any ideas on how to get on as many spammers mailing  
lists as possible?


The single fastest way is to post to Usenet using that address as a  
"from" address.  You should start seeing lots of spam within 48 hours  
of that.


Then once you start getting spam to that address use the "unsubscribe"  
mechanisms in the spam.  That not only confirms that the address works  
and is read by a human, but that it is read by a gullible human.  This  
will make that address a high value spam address.


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: mergemaster -U overwriting modified files

[Jeffrey Goldberg]

On Apr 25, 2009, at 5:10 AM, Peter Schuller wrote:


Unfortunately I recently discovered that it does not seem to do what
you might expect. For example it nuked my mailer.conf on one machine,
and my /etc/namedb/named.conf (!!!) on another machine.


Me, too.  I lost exactly those two files during recent updates on two  
machines, using -Ui to mergemaster.


After restoring them from back-up, I've added them to the exclude list  
in mergemaster.rc as


 IGNORE_FILES='/etc/motd /etc/namedb/named.conf /etc/mail/mailer.conf'

Until I saw your post and the other responses, I had just assumed that  
I'd been somehow careless when running mergemaster.  But now it looks  
like a bug.  I've been using -Ui for mergemaster for a while now, but  
only seem to have experienced this problem recently.


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ntp problem

[Jeffrey Goldberg]

On Apr 20, 2009, at 11:19 AM, Lisa Casey wrote:


Running FreeBSD 5.3  IN /etc/ntp.conf I have:

server time.nist.gov prefer
server tock.gpsclock.com


Your actual question has already been answered, but I'd like to point  
out that people really shouldn't be using those NTP servers unless you  
have a very specific reason to.  You will get just as good  (or  
better) time and help distribute load if you use


 server 0.north-america.pool.ntp.org
 server 1.north-america.pool.ntp.org
 server 2.north-america.pool.ntp.org
 server 3.north-america.pool.ntp.org

(I'm assuming that north-america is appropriate for you given you  
current setting).


And if you have a static IP address and a reliable connection and  
server (good network uptime), please consider joining the pool.  It  
takes negligible resources.


  http://www.pool.ntp.org/en/join.html

And more information about this pool of NTP servers is available at

 http://www.pool.ntp.org/

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: portupgrade question

[Jeffrey Goldberg]

On Apr 6, 2009, at 8:59 PM, Glen Barber wrote:


On Mon, Apr 6, 2009 at 9:55 PM, new_guy  wrote:



Is there a way to use portupgrade without all the stopping for config
questions?



You could add:

  BATCH=yes

to /etc/make.conf.


Or use the --batch command line option to portupgrade.

Or use the -c option (as mentioned by someone else in this thread) to  
do all of the config questions up front.  I didn't know about that one.


-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Quirk with latex-suite]

[Jeffrey Goldberg]

On Mar 5, 2009, at 2:28 AM, David Karapetyan wrote:


Hello; I am having a funny little problem with latex-suite.


Is that the name of the port?  I don't see anything by that name in my  
ports tree.  Googling around, I see that latex-suite is a plug-in for  
vim.



When I press
, and am prompted with a list of environments to insert, no matter
which I choose, it is inserted with a superfluous " that appears right
before the cursor. So, for example,

\begin{equation}
"cursor_is_here
\end{equation}


One thing to check is whether your version of latex-suite is  
appropriate for your version of vim.  It may be that move to vim 7  
broke something.



Does latex-suite do this by default? What file do I need to edit to
change this setting (I'd like to get rid of the quote mark).


I'm afraid I've never used it (on any platform, though I think I might  
give it a try).  If you don't get any useful help on the FreeBSD list,  
try joining


 https://lists.sourceforge.net/lists/listinfo/vim-latex-devel

Also the Usenet group comp.text.tex is remarkably helpful.

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Can stock syslog do hostA -> fileA?

[Jeffrey Goldberg]

On Feb 26, 2009, at 8:19 AM, Paul Halliday wrote:


I am collecting syslogs from a PIX and a couple of Barracudas. It
would be a lot easier for each to have their own logfile. I have been
poking around a bit; I saw this one:

+host1 /var/log/host1

but it doesn't appear to work.


Years ago I tried and failed at the same.  Since then, I've moved to  
syslog-ng which I've been extremely happy with.


Here is the bit in my syslog-ng.conf file for logging things from  
remote hosts


# for stuff from remote hosts:
destination hosts {
file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH 
$DAY"

owner(daemon) group(wheel) dir_owner(daemon) dir_group(wheel)
perm(0640) dir_perm(0750) create_dirs(yes));
};

log {
source(s_udp);
destination(hosts);
};


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: off topic: reporting attempts to access computers

[Jeffrey Goldberg]

On Feb 19, 2009, at 12:00 PM, Andrew Gould wrote:


What information should I send to an ab...@* address when reporting a
break-in attempt?

My logs show a dictionary attack of invalid user names against port  
22.


So source of these is almost always some other compromised Unix-like  
system.



I obtained an ab...@* email address using 'whois' and reported
the beginning and ending date/times and the originating IP address.


When reporting the times, be sure to make the time zone clear.

Is there any other information I need to send?  Is there someone  
else I

should notify?


There's no general answer to that.  It really depends the specifics of  
the case.  For example, a small business might have a small netblock  
and an abuse address, but aren't competent to deal with your  
notification.  Think of a small business that has a bunch of Window's  
clients and one ancient RedHat system that hasn't been maintained for  
years and was set up by someone who doesn't work there anymore.  In  
that case, it might be useful to inform their provider as well.


Back when I used to report these things, I had a template message for  
doing so.


Most of the attacks I receive are from other continents, so I just  
block the

network range found via 'whois'.


If you block, and your firewall will log the failed attempts, then you  
may also look at participating in DShield


  http://www.dshield.org/howto.html

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: sendmail not listening on port 465

[Jeffrey Goldberg]

On Feb 17, 2009, at 3:41 PM, Seur Bors wrote:

I'm having problems with Sendmail. Everything is working fine,  
except that

the sendmail daemon is not listening on port 465. [...]



DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl


You are aware that using port 465 was never fully a standard is, at  
best, deprecated.


Your daemon options say to use port "smtps", check to see whether that  
is defined in /etc/services

and see what happens if you replace Port=smtps with Port=465

But do reconsider whether you need to be listening on 465 in the first  
place.  You can (and should) simply use TLS on the submission port, 587.


-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Wierd Port Problem

[Jeffrey R. Hellem]

I aborted a make now it will not make php5-dba

[r...@server /usr/ports/databases/php5-dba]# make
===>  PHPizing for php5-dba-5.2.8
cd: can't cd to /usr/ports/databases/php5-dba/work/php-5.2.8/ext/dba
*** Error code 2
1 error
*** Error code 2

Stop in /usr/ports/databases/php5-dba.


the work directory doesn't exist

i cleared /var/db/ports

it still won't make
 anyone have suggestions?
i tried make clean

[r...@server /usr/ports/databases/php5-dba]# make clean
===>  Cleaning for php5-dba-5.2.8
[r...@server /usr/ports/databases/php5-dba]#

i tried make install

[r...@server /usr/ports/databases/php5-dba]# make install
install: /usr/ports/databases/php5-dba/work/php-5.2.8/ext/dba/modules/dba.so:
No such file or directory
*** Error code 71
1 error
*** Error code 2

Stop in /usr/ports/databases/php5-dba.

i tried make

[r...@server /usr/ports/databases/php5-dba]# make
===>  PHPizing for php5-dba-5.2.8
cd: can't cd to /usr/ports/databases/php5-dba/work/php-5.2.8/ext/dba
*** Error code 2
1 error
*** Error code 2

Stop in /usr/ports/databases/php5-dba.

still nothing
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Launching Vim

[Jeffrey Goldberg]

On Jan 14, 2009, at 9:39 PM, Rem P Roberti wrote:

Can someone give me a heads up on this.  I just installed vim, but  
when I try to launch

the program I get this error message:

/libexec/ld-elf.so.1: Shared object "libperl.so" not found, required  
by "vim"


Is this a path problem?  The actual file libperl.so recides in /usr/ 
local/lib/perl5/5.8.9/mach/CORE/libperl.so


I take it that you also recently upgraded perl.  Did you follow the  
instructions in /usr/ports/UPDATING regarding perl?


I'm not sure that this will solve your problem, but it might.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Performing installed ports upgrade / leaving some software intact

[Jeffrey Goldberg]

On Jan 14, 2009, at 12:03 PM, Zbigniew Szalbot wrote:

1/ backing up the hacked [mailman] files and restoring them later  
(but I will

overwrite the newer files with older ones perhaps breaking something).
2/ making them read only (but the end result will be the same and
upgrading as root I will overwrite them anyway).


Keep in mind mailman is all python.  There really is nothing to  
recompile after a system upgrade.  (Unless you are upgrading python  
which you aren't).


Cheers,

-j
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: receiving mail

[Jeffrey Goldberg]

On Jan 14, 2009, at 1:02 PM, Chuck Swiger wrote:


On Jan 13, 2009, at 11:51 PM, Pieter Donche wrote:





What's wrong? Why does this not work out of the box ??


Given the security history of sendmail, it's not prudent to enable  
sendmail by default.


It's not just that, but people who don't understand how mail transport  
works, shouldn't be running mail servers.


I expect to deal with sendmail for as long as I administer Unix  
boxes, but alternatives like Postfix in particular would be my  
preference from a number of standpoints.


I'm in the same position.  I starting running alternatives to sendmail  
in the late 90s on systems that I knew I was always going to maintain,  
but for systems that would be passed to others to maintain, I stuck  
with installing sendmail because there was much more expertise.  Now a- 
days, I'm happy to set up Postfix on such systems (but will still use  
exim for myself).


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: bash versus sh test builtin

[Jeffrey Goldberg]

On Jan 11, 2009, at 9:07 PM, Dan Nelson wrote:


UID=$(id -u)
if [ $UID -ne 0 ] ; then
echo not root
fi

UID is not a variable set by /bin/sh, which is why the test fails.


Ah.  Thank you.  I was, as you see, barking up the wrong tree.  Thank  
you for setting me strait on this.


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

bash versus sh test builtin

[Jeffrey Goldberg]

The -ne operator for [ in /bin/sh doesn't seem to work as in bash.   
Also the bash behavior here is what matches /bin/[ most closely.



$ /bin/sh
$ if [ $UID -ne 0 ] ; then
> echo not root
> fi
[: -ne: unexpected operator
$ exit
$ echo $SHELL
/usr/local/bin/bash
[jeff...@dobby ~/src/mount-rsnap]$ if [ $UID -ne 0 ] ; then
> echo not root
> fi
not root

Does anyone have a recommendation of how to run this simple test in / 
bin/sh and how to write tests reasonably portably?


-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Portsnap "Not Found" Issues

[Jeffrey Goldberg]

On Jan 5, 2009, at 2:40 PM, Matthew Pounsett wrote:

I'm seeing a similar error on a different metadata file from  
portsnap1.  portsnap3 seems to be working for me at the moment.


I'm having problems on 2 and 3 (haven't tried 1).  But I did get much  
further when portsnap3.


$ sudo portsnap -s portsnap3.freebsd.org fetch update
Looking up portsnap3.freebsd.org mirrors... none found.
Fetching snapshot tag from portsnap3.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Sun Jan  4 11:29:12 CST 2009 to Mon Jan  5 13:49:44 CST  
2009.

Fetching 3 metadata patches.. done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 530 patches. 
10 
 
20 
 
30 
 
40 
 
50 
 
60 
 
70 
 
80 
 
90 
 
100 
 
110 
 
120 
 
130 
 
140 
 
150 
 
160 
 
170 
 
180 
 
190 
 
200 
 
210 
 
220 
 
230 
 
240 
 
250 
 
260 
 
270 
 
280 
 
290 
 
300 
 
310 
 
320 
 
330 
 
340 
 
350 
 
360 
 
370 
 
380 
 
390 
 
400 
 
410 
 
420 
 
430 
440450460470480490500510520530  
done.

Applying patches... done.
Fetching 90 new ports or files... /usr/sbin/portsnap: cannot open  
e12e83e8518a445d192fa06546e06cfd4eee82824a1a5d36e508ac7cb78968f8.gz:  
No such file or directory

snapshot is corrupt.

Anyway, I'll wait a day or two before trying again.

Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: editing dhcpd.conf file

[Jeffrey Goldberg]

On Dec 30, 2008, at 11:53 AM, Pieter Donche wrote:

Now, when someone already registered his laptop, and buys a new
latop to replace the old (a different MAC address), can then omshell
be used to record the change in the /usr/local/etc/dhcpd.conf file?
Does omshell edit the  /usr/local/etc/dhcpd.conf?

Or is the only way to make changes to that file, to use an plain text
editor, make the change manually and do a /usr/local/etc/rc.d/isc- 
dhcpd restart afterwards ?


I hadn't heard about omshell or OMAPI until seeing your post.  So my  
answer is based on no experience other than just reading its man pages.


It appears that OMAPI does not edit the dhcpd.conf file.  However,  
changes made through OMAPI will be reflected in dhcpd.leases with the  
line


 dynamic;

indicating that the lease was created via OMAPI.  Thus, in principle  
one could write a daemon that would watch dhcpd.leases for new dynamic  
leases and then call something that would edit dhcpd.conf.  I don't  
know if anyone has put that together, but it would make sense to ask  
in places where OMAPI is discussed.


Best of luck with this,

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Firewalls using a DNSbl (and distributed ssh attacks)

[Jeffrey Goldberg]

It's not a big issue, but I'm wondering if there is a DNSBl that lists  
IPs that are engaging in brute force ssh attacks.  And if there is  
such a list, is there a way to integrate that information into a  
firewall or sshd.


As I've said this really isn't a big issue for me, as the brute force  
attempts at sshd are nothing but an annoyance as I review logs.


The attacks that I'm seeing appear to be coordinated and distributed.   
That is, there will be one attempt on username "fred" from one IP  
immediately followed by an attempt on "freddy" from another IP  
followed by an attempt on "fredrick" from a third source and so on.


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: large binary, why not strip ?

[Jeffrey Goldberg]

On Nov 18, 2008, at 8:45 AM, Paul B. Mahol wrote:


And what about /usr/local/lib/** ?


Interesting.  I found that only 11 are stripped on my system compared  
to 272 not stripped


That is pretty much the opposite of the ratio I round in /usr/local/ 
bin where there were something like 350 stripped and only 35 not  
stripped.


Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MTA on non-standard port

[Jeffrey Goldberg]

On Oct 26, 2008, at 7:23 PM, Jeremy Chadwick wrote:

1) Incoming SMTP (e.g. someIP:* --> yourIP:25)
2) Outbound SMTP (e.g. yourIP:* --> someIP:25)

#2 has become prominent in the past few years, and is applied by ISPs
because they want to curb their customers sending spam out onto the
Internet (usually as a result of viruses, trojans, etc.), getting  
their

IPs blocked by DNSBLs and giving them a bad social rep.  Instead, they
force customers to relay outbound mail through their own SMTP servers
(called a "smart host" in sendmail terms).

There's absolutely no way around this; you can beg them all you want,
but the chances of them adding a pass-through for you is very slim.


If you want to do direct to MX mailing, you are going to need to  
negotiate that separately.  At the very least you will need a static  
IP address.  If you pay for that, then you will probably be allowed to  
do direct to MX mailing.


On the whole, I think that Access Service Providers are right in this  
policy.  Back in the old days of smaller ASPs, there were several that  
had a simple policy.  You could be allowed destination:25 traffic  
merely by asking for it.  They figured that anyone smart enough to ask  
for it knew what they were doing.  But it was blocked by default.


But keep in mind that if you don't have a static IP address, the mail  
hosts you try to reach are also very likely to block you.



The Linksys router has two outbound firewall rules applied to it: it
only allows bsdIP on my LAN to connect to someIP:25,587 -- thus, only
one machine on my LAN is allowed to speak SMTP to the world.  I do  
this
purely as a precautionary measure (in case one of my friends comes  
over

with his/her laptop, which happens to be infected and sends spam, etc.
-- it won't work, period).


Wise choice.  I wish more home and business networks did that.

Eventually they stated that I could send mail through their mail  
servers

on port 587.  I quickly set this up, and found it failed -- their
servers require SMTP AUTH on port 587, no exceptions (note: this is
NOT mandatory by the RFC; it's OPTIONAL).


Again.  I think that this is fit and proper.


The reason I do not like siphoning mail through Comcast: their mail
servers are known to act wonky or /dev/null mail for mysterious  
reasons.


Then pay money to a company whose business depends on doing mail  
right.  I use fastmail.fm which I highly recommend.



I hope the experience with your ISP is better than mine.  Good luck.


A business account (needed for a static IP address) is expensive.  But  
don't expect to mail directly to MX (without going through some  
mailhub, either comcast's or a service that you pay separately for)  
without one.


Cheers,

-j
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Mailman + Apache + Cookies + FreeBSD

[Jeffrey Goldberg]

On Oct 10, 2008, at 1:45 AM, Odhiambo Washington wrote:


Could you downgrade Mailman and see if the problem still persists?
I run the combination you have (except Mailman is 2.1.9 and FreeBSD is
6.3) and I haven't had an issue. Might be a bug introduced in Mailman
2.1.11


I'm running mailman 2.1.11 (installed from ports) without the  
described problem.


So in at least one case, Apache, FreeBSD and Mailman 2.1.11 work  
without exhibiting the described problem.


-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

HW recommendations for light weight server

[Jeffrey Goldberg]

I know that this is pretty far off topic, but I'm asking anyway.

I need to purchase/rebuild a relatively light-weight server for a  
small LAN.  It will run a small MySQL server, DNS, DHCP, nagios, LDAP,  
syslog-ng and a few other things, serving only a LAN.  My previous box  
running this was a cheapo Fry's reject.  I went through two power  
supplies on that one, before I gave up on it.


My current box is an HP Pavilion Slimline s3220n

  
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01154947&lc=en&dlc=en&cc=us&lang=en&product=3548659

that I got at a CompUSA fire sale.  Although it is still running, the  
case near the power supply is very hot to the touch and it is giving  
off a terrible stench.  CPU temperatures are perfectly fine, but I'm  
taking the smell as a very bad sign.  That machine came with many  
things that I don't use (DVD burner (only used during FreeBSD  
installation), TV tuner, Wireless, etc) so they shouldn't be drawing  
any power.


I need something that will run 24/7 in an environment that can  
sometimes get up to 30C.  (I live in Texas, and try not to over do the  
air conditioning.)


Something with an amd64 architecture would make the transition easier,  
since I might be able to use my current disk.


So any thoughts or recommendations will be welcome.  If people wish to  
email me off list, I'll provide a summary of responses.


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: USB Drive Reliability

[Jeffrey Goldberg]

On Aug 19, 2008, at 9:43 AM, Warren Block wrote:


On Mon, 18 Aug 2008, Jeffrey Goldberg wrote:

I have one system (7.0) which becomes extremely unstable if I have  
a USB drive connected.  I usually get a system crash in 10 to 30  
minutes after mounting the USB drive.  It has never crashed without  
the USB drive attached, and it has never gone for more than three  
days with it attached. [...]


Unfortunately, the crashing system is a small form machine and  
there is no way to put in a different USB controller.  The USB  
drive was for backups, which I now do over the network to the  
machine that is working just fine.


That might indicate a cable problem, even just being too long.  A  
line-powered hub added between a problematic USB card reader and  
computer fixed an unreliable situation here.


Unfortunately that hasn't solved the problem.

Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: alternatives to mergemaster

[Jeffrey Goldberg]

On Sep 6, 2008, at 1:20 PM, Christian Laursen wrote:


I always run mergemaster in auto upgrade mode. From the man page:

-U  Attempt to auto upgrade files that have not been user  
modi-

   fied.

This can also be achieved by putting "AUTO_UPGRADE=yes" in
/etc/mergemaster.rc.


AUTO_UPGRADE isn't documented in mergemaster(8).

I guess it's time for me to submit my first documentation patch  
(unless someone beats me to it).


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Forwarding all mail to a local user

[Jeffrey Goldberg]

[mailed and posted]

On Aug 31, 2008, at 8:00 PM, Ivan Rambius Ivanov wrote:


I have the following questions. How can I forward all mail sent to
@localhost to a [EMAIL PROTECTED], where rambius is my own
user account in my FreeBSD system and  can be anything
including a user name that does not exist on the local machine?



I have default sendmail installation as provided by the base system
with no modifications of my own.


You should edit

 /etc/mail/virtusertable

to include a line like

 @localhost  [EMAIL PROTECTED]

There is a sample virtusertable you can look at.

After you have edited the virtusertable file, you should run

 make maps

in that directory.

Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Complex text layout

[Jeffrey Goldberg]

On Aug 30, 2008, at 4:11 AM, [EMAIL PROTECTED] wrote:

I am trying to get my website to support multilanguage fonts,  
complex text layouts. An example of what I am trying is to have the  
fonts of other languages appear rather than boxes or question marks.


This is purely an HTML/web-design question, and has nothing really to  
do with FreeBSD even if your webserver is a FreeBSD system.  You  
should look at the LANG and DIR attributes.  Also, you should set up  
your pages do use UTF-8 as a character set.  To instruct your server  
to declare that documents are UTF-8 by default, you can set


  AddDefaultCharset utf-8

in your Apache configuration.

AddDefaultCharset is document at

  http://httpd.apache.org/docs/2.0/mod/core.html#adddefaultcharset

If you don't have access to the Apache configuration, you can declare  
the charset to use within each document in the HTML, with something like


 

within the HEAD portion of the document.

The LANG and DIR attributes are documented at

  http://htmlhelp.com/reference/html40/attrs.html#lang

though that is more of a reference document than a "how to".


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MTA advice ??

[Jeffrey Goldberg]

On Aug 25, 2008, at 12:49 AM, Matthew Seaman wrote:


Jeffrey Goldberg wrote:

In the old days, if one MTA couldn't reach another it would hold  
stuff in its queue for four or five days.  Now, most MTAs appear to  
be configured to give up after 24 hours.


In which case those mail systems are not in compliance with the RFCs.
RFC 2821 Section 4.5.4.1 says:

 Retries continue until the message is transmitted or the sender gives
 up; the give-up time generally needs to be at least 4-5 days.  The
 parameters to the retry algorithm MUST be configurable.


Thanks for that.  I will point that out to the appropriate postmasters  
the next time I see delivery attempts give up before this.  Not that  
it will do much good, but I will try.


I wonder whether rfc-ignorant.org has a category for this.  Hold  
on ... Nope.  They don't have this category of (2)821 violation.


The original poster may wish to take a look at rfc-ignorant.org to  
make sure that they feel confident that they can run an Internet- 
friendly mailserver.


Cheers,

-j




--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: MTA advice ??

[Jeffrey Goldberg]

On Aug 24, 2008, at 1:06 PM, pete wrote:

I have a hosted domain that recently changed their mail filtering. I  
am not happy with the new setup


I have my email hosted by fastmail.fm.  I am extremely happy with  
them.  (They really understand IMAP and the needs to "power" email  
users).


and am considering setting up my own. Looking for tips on setting up  
something on my freeBSD 6.1 box.


Running your own MTA is not for the faint-hearted.

My ISP is cablevision IO. Not sure what they allow, ie: whether I  
can have my hosted domain set to use my cable IP as a MTA


The main question is whether you have a static IP.  The IP address  
that you appear to have sent your message from, 69.118.77.111, does  
not appear to be a static IP address.


You will not be able to send directly from that IP to most mail  
servers on the net.  So if you intend to use your system for sending  
mail, you will have to go through a "smart host" (probably your ISPs  
designated out bound SMTP server).


Receiving mail directly will be more possible, but tricky.  You will  
need to use a dynamic DNS system.  Also do consider uptime and  
reliability.  In the old days, if one MTA couldn't reach another it  
would hold stuff in its queue for four or five days.  Now, most MTAs  
appear to be configured to give up after 24 hours.  So if your  
mailserver is down for a day, mail will be bounced and never delivered  
to you.


Also looking for advice on which software would serve me bet in this  
instance.


exim, postfix and sendmail are all good choices.  I personally prefer  
exim, but I think that someone in your position would do best with  
postfix.


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Security questions, seeing more then one dhcp client.

[Jeffrey Goldberg]

On Aug 21, 2008, at 10:38 PM, Christopher Joyner wrote:

I am seeing two dhcp clients connected to my wireless router.  Does  
that mean someone other then me is on it?


Do you have a Wii?  Or maybe an iPhone or other similar device?  Or a  
network printer?  There is a fair chance that the other client is  
something that should be there that you've just forgotten about.  
However, there is also also a reasonable chance that it is a security  
breach if you are running an unsecured wireless network.


What I would recommend is that you probe the unknown device with  
something like nmap (available from ports security/nmap) with  
something like


  nmap -O -sV IP-ADDRESS-OF-MYSTERY-DEVICE

That should give you a fair amount of information about the device.

Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to use dig with an ip list

[Jeffrey Goldberg]

On Aug 18, 2008, at 10:25 PM, Fraser Tweedale wrote:


On Mon, Aug 18, 2008 at 10:18:07PM -0500, Jeffrey Goldberg wrote:

You'll want to change line four to

 echo "$LINE " `dig +short -x $LINE`

for a cleaner output.

The original works fine for me in ash.  Definitely nothing wrong  
with yours

though.  What have I overlooked?


Sorry, I misread what you actually wrote for what I would have written  
(before correction).  What you have is perfectly correct.


Or, in the words of Emily Latela: Nevermind.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to use dig with an ip list

[Jeffrey Goldberg]

On Aug 18, 2008, at 9:03 PM, Paul Schmehl wrote:

I know I'm missing the obvious.  I want to use an IP list to  
generate an ip+hostname list.  IOW, I want to go from this:


x.x.x.x
y.y.y.y

to this;

x.x.x.x foo.domain.tld
y.y..y.y bar.domain.tld

What's the best/easiest way to do this?


Easiest:

$ for i in `cat ip-list`; do
> echo -n "$i "
> dig +short -x $i
> done

Better might be to use something in p5-net-DNS so that you don't make  
N separate calls to dig.


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to use dig with an ip list

[Jeffrey Goldberg]

On Aug 18, 2008, at 10:13 PM, Fraser Tweedale wrote:


==
#!/bin/sh
while read LINE
do
echo $LINE `dig +short -x $LINE`
done
===


You'll want to change line four to

 echo "$LINE " `dig +short -x $LINE`

for a cleaner output.

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: USB Drive Reliability

[Jeffrey Goldberg]

[mailed and posted]

On Aug 17, 2008, at 7:36 PM, Jason C. Wells wrote:

I realize that this is primarily a tech support forum. I wasn't  
asking for a solution to the problem.  I was asking for other  
peoples experiences. If the USB support in FreeBSD was spotty  
according to other people, as has been reported, then I plan to not  
even try to work on it more until I install 7.1.


Just for the record:

- crashes the system on attachment
- crashes the system on detachment
- the system hangs on attachment but resumes responding if you pull  
the drive
- installing the drive results in the little blue light coming on  
with dmesg reporting attachment, but attempts to mount fail with  
"device not configured" or somesuch

- dataloss on the device that chkdisk in DOS couldn't save


Dien dobre Jason,

I have one system (7.0) which becomes extremely unstable if I have a  
USB drive connected.  I usually get a system crash in 10 to 30 minutes  
after mounting the USB drive.  It has never crashed without the USB  
drive attached, and it has never gone for more than three days with it  
attached.  Usually the failure is much sooner.  This was with 7.0- 
RELEASE.  I haven't checked since I've moved to 7-STABLE.


I have another system (identical software, different hardware) which  
is solid as a rock with the identical USB drive attached.


Unfortunately, the crashing system is a small form machine and there  
is no way to put in a different USB controller.  The USB drive was for  
backups, which I now do over the network to the machine that is  
working just fine.


Best of luck with this.

-j


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Best SMTP Gateway Program and Reporting Tools

[Jeffrey Goldberg]

On Aug 12, 2008, at 3:22 PM, Josh Kidd wrote:

I just wanted to pose this question to the list on people's opinions  
as
to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc)  
[...]


Depending on the nature of the site and needs, my preferences tend to  
run exim, then postfix, then sendmail.  But opinions will vary  
greatly.  Many very smart people for whom I have a great deal of  
respect do not share my particular preferences.



is and what the best log analysis tool for that SMTP program is.


If I wanted to be a bit unhelpful just to make a point, I would say  
perl (or grep depending on taste).  It depends on needs.



We are currently using Symantec Mail Security for our  outgoing SMTP
Gateway but want to employ an open-source solution instead. My problem
is our main requirement is to have a way to view the logs on a web  
based

interface that will allow our system administrators when a customer
complains they didn't receive an email to be able to go into the logs
and search by date/time and view the activity for that period to
determine if the mail went through our system or if it was blocked and
if so why.


It should be very easy to roll your own.  I know that exim comes with  
a number of GUI useful monitoring tools, but I don't know if this  
functionality is there.  But I do think that several of the tools come  
close.  They aren't web based, but X11 tools.  Also (if your privacy  
policy allows it) there's a configuration setting for logging subjects.



I've heard of and read about a few different programs like SMA and
Anteater and pflogstats, but I don't know if these will have the
functionality I need to allow admins to search logs for a specific
date/time and/or specific phrase/address on a web based interface.


Maybe someone has already done this, but it really wouldn't be a  
difficult thing to develop your own tool for doing this.


-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: shutdown/reboot suggestion

[Jeffrey Goldberg]

On Aug 9, 2008, at 3:22 PM, Michael Grant wrote:


More than once, through carelessness, and I'm sure I'm not alone, I
have inadvertently shutdown or rebooted the wrong machine.  I'm sure
some of you know that all too familiar feeling when you see
"Connection closed" instead of your desktop being rebooted.


I use a combination of tricks.

1. I have the hostname in my prompt.
2. I have a separate color scheme for ssh sessions for each host I  
commonly connect to, and a generic color scheme for ssh sessions for  
other hosts.  These are all distinct from my term window color scheme  
for my local host.
3. I rarely run as root, so all of my shutdown's use sudo.  My  
password isn't the same on all hosts.


This doesn't work perfectly, but it does help avoid this kind of  
problem.




I have a suggestion with respect to these commands.  What if they
could be modified to require the hostname of the machine as their
first argument, otherwise, they refuse to bring the machine down?

 shutdown -h now

becomes:

 shutdown example.com -h now


As others have pointed out, you can easily make scripts to do that.

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: email disclaimer

[Jeffrey Goldberg]

On Jul 29, 2008, at 6:13 AM, Odhiambo Washington wrote:


I can tell you it is "impossible". Why?
While you can actually write a script to try to do it, you'll more
likely end up breaking the e-mail format, because it will not be too
easy to rightly guess the content-type/boundaries in replies.


If one converted all messages to mutlipart/mixed and added the  
disclaimer as text/plain part with a content-disposition: inline, then  
you might be able to safely ensure that each message had exactly one  
copy of the disclaimer.  But any script will have to be fully and  
completely aware of all MIME structures, so using various perl  
libraries is where I would start.


But of course you are right in that if you were replying to an  
unsnipped reply there is no way to know the structure of the quoted  
material in the first reply, so removing it from the quoted section  
may well be impossible to do reliably.


On a side note, I'm wondering if the original poster is familiar with  
the arguments presented in


  http://www.goldmark.org/jeff/stupid-disclaimers/

I haven't updated that in years, but I think that the points still hold.

-j


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Binary upgrade from legacy version + ports

[Jeffrey Goldberg]

On Jul 28, 2008, at 2:52 AM, Jan Henrik Sylvester wrote:


Svein wrote:
> Is there a problem using the prebuilt packages from STABLE on a
> RELEASE box? If I want to run RELEASE, and still use the latest
> packages? The ABI is consistent between STABLE and RELEASE, right?

Yes, there is a problem. See my posting here:

http://lists.freebsd.org/pipermail/freebsd-questions/2008-June/177553.html

Unfortunatelly, I have not got an answer, but it is obvious packages  
using this new symbol must fail:


I recently discovered this through a blunder of my own.  I accidently  
"updated" a 7-STABLE machine to 7-RELEASE, and discovered, among some  
other problems, that sudo failed with the same error you report.


(I've now put a link to USE-THIS-SUPFiLE to stable-supfile in /usr/ 
local/etc/cvsup to avoid the blunder in the future.)


-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: /var full

[Jeffrey Goldberg]

On Jun 19, 2008, at 9:40 AM, Paul Schmehl wrote:

As you can see from the df -i I posted (to which you responded),  
inode exhaustion is not an issue.


You are probably right about that, but could you also post the result of

 sudo tunefs -p /var

That won't tell us what is in use, but it will confirm whether /var  
was set up with funky parameters or not.  Also, the last time I ran  
out of inodes, the error messages made it clear that that was what was  
happening instead of merely giving a disk full error.


 I'm leaning toward some sort of bug in mysql version 5.0.51 which  
creates a temporary file (in the wrong place) and then doesn't  
release it until it exhausts the space on the drive.  In any case,  
I'm going to report it to the mysql folks as such and hope they can  
figure out what the cause is.


That would be my guess.  I haven't seen a mention of that of the mysql  
lists, but I don't follow the lists closely.   (For the most part, I  
just go and clean out the mail folder they collect in every week or so.)


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

Re: Enforce minimal file/ dir permissions

[Jeffrey Goldberg]

On Jun 16, 2008, at 7:21 AM, Bill Moran wrote:


Look at MAC and the bsdextended module (filesystem firewall):
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html


I've recently been looking at those myself, and while I think that I  
have developed some limited understanding "in principle" about how MAC  
works, I need a great deal more practical guidance.  Is there some  
extended tutorial with cookbook or other resource that will actually  
help someone who doesn't fully grok this work out a policy and rules  
that will do more good than harm?


Yes, I've used google, but haven't yet come across what I need.

Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD and User Security

[Jeffrey Goldberg]

On Jun 12, 2008, at 3:24 PM, David Naylor wrote:

This is a general enquiry.  What had sparked my interest in this  
subject is
the above mentioned article.  In this case it is a workstation used  
to access
and manage account and cash flows.  The threat would be anyone  
gaining access

to 'divert' funds to incorrect  accounts, for obvious personal gains.


How much money are we talking about?  If it is billions of NZD that is  
one thing, if it is thousands of NZD that is another.  The question is  
would someone with resources make a concerted effort to specifically  
target your system?  If so, you should hire a local professional.


If your concern is more about the kinds of wide spread automated  
attacks, then really it's just a matter of doing the basic sorts of  
things.  Disabling root SSH logins, have your perimeter firewall check  
for unusual out-bound traffic, and of course, keeping the system  
properly updated.


Specifically, the two threats would be remote attach (such as  
spyware being

deployed, or gaining remote access)


I haven't played around with it, but you might want to look at  
Mandatory Access Control (described in the Handbook).  It's something  
that has been on my "to learn" list for a while, but I am getting  
through that list very slowly.  From what you've said, it sounds like  
you are talking about a multi-user system.  Something like MAC really  
may be the best approach to preventing individual users from being  
tricked into doing stupid things.



or physical access (in which case keeping
the username and password safe will be the only option?  Assuming  
their is no

compromise on the human side)


For a typical machine, physical access means all access.  If I have  
physical access to a machine, I may be able to boot it from my own  
boot media (a CD for example) and then read everything on the hard  
disks.  I could remove the disks and copy them.  I could install a  
physical keystroke logger between the keyboard and the box.  There  
really is a lot that can be done with physical access.


So if you have reason to believe that attackers would have physical  
access to the machine, you should use encrypted file systems.


Note that with both MAC and encrypted file systems you run an  
increased risk of locking yourself out of the system by accident.


So what measures you wish to take, with their additional costs and  
risks, depends on a careful and realistic view of what the threats are.


I've enjoyed this discussion.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD and User Security

[Jeffrey Goldberg]

On Jun 12, 2008, at 8:19 AM, David Naylor wrote:

I think this argument is rather mute, just because there are no  
programs

exploiting security vulnerabilities does not been there are not
vulnerabilities,


But it is far from moot if you are interested in the actual threat  
against your system.  In a sense, using a less popular OS is a form of  
"security by obscurity" which is not to be heavily relied on, but  
still it does make a real, practical, difference in the case that you  
described.



and a determined cracker would create his own program.


You have not articulated what you are trying to defend against.  Do  
you anticipate determined crackers going after your particular system  
and what resources will such attackers have?  We can't talk about a  
system being "secure" in general, but the question needs to be framed  
in terms of "secure against what".



That said I hope there are, actually, no vulnerabilities.


That is demanding too much.  What you need to hope for is a  
combination of "no known unpatched vulnerabilities at the moment" and  
more importantly "procedures and practices to keep things that way".   
As Bruce Schneier likes to say, "Security is not a product but a  
process".  The vast majority of actual system compromises involve  
failure of system administrators to keep systems patched and follow  
good security practices.


One reason that I switched from Linux to FreeBSD is that I find it  
much easier to maintain FreeBSD, particularly in terms of security  
updates.  I have been responsible for Linux machines that did get  
rooted because I was having problems keeping them up-to-date for a  
variety of reasons.



[Security through obscurity is just an illusion]


In your post you mentioned concern about spyware.  It is not an  
illusion that FreeBSD has not been targeted by spyware writers while  
Windows has.  Even if some of that is the consequence of security by  
obscurity, it is no illusion.  Of course we need to understand that  
those security benefits from obscurity are fragile, but we shouldn't  
dismiss it entirely.


Again, what sorts of benefits such things may add (or subtract)  
depends on the nature of the attacker.


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD and User Security

[Jeffrey Goldberg]

On Jun 11, 2008, at 9:05 PM, [EMAIL PROTECTED] wrote:


On Wed, Jun 11, 2008 at 08:51:16PM -0500, Jeffrey Goldberg wrote:



The next time I reboot the one server I've got with an
SVM capable processor I'm going to disconnect the power (to make  
sure that
I'm getting a real reboot instead of a spoofed one) and then on  
reboot I

will disable SVM in the BIOS.


How do you know that the bios has not been reflashed by a virus,  
trojan,

or rootkit?


Aghh!!


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: generating random passwords

[Jeffrey Goldberg]

On Jun 11, 2008, at 7:46 PM, Andrew Berry wrote:

Any idea what the name of the project for the Security framework is?  
I can't seem to find anything on Google. I'd love to be able to  
access keychains from OS X on other platforms, without resorting to  
dumping everything to plaintext.


This looks like a good place to start.

 http://developer.apple.com/opensource/security/index.html

I, too, would like my OS X Keychains to be portable.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD and User Security

[Jeffrey Goldberg]

On Jun 11, 2008, at 8:08 PM, cpghost wrote:


On Wed, 11 Jun 2008 19:45:51 -0500
Jeffrey Goldberg <[EMAIL PROTECTED]> wrote:



First it should consume memory.  A very complete test of memory
through a modified memtest should be able to detect whether system
reported memory is accurate.



What if memtest already runs within the virtualization box? How can it
determine what the "right" amount of memory is supposed to be?


I was assuming that that would be known by the operator.


And if
the virtualizer hot-patched memtest instructions, either on loading it
or dynamically while it runs, it  could make it report whatever it
liked.


Of course.


Secondly, a blue pill would need to be reinserted after a hard
reboot.  Therefore a look at the boot process (of a non-live system)
should be able to see whether there is something that reinserts the
blue pill.



Yes, but you've got to have a very close look at it, as it won't
necessarily appear on the screen -- being caught as well by the
virtualizer. And Joanna also has a paper about fooling hardware
capture cards into reporting bogus data on her site, so you won't
even be able to detect that RAM contains something else upon boot
than those hardware capture cards are supposedly reporting.


Yes.  I've now read through some of Rutowska's slides (following the  
link provided by dfeustel in another post in this thread).



If all this is as she's described, it is truly brilliant from a
technical POV... and a very worrying thought as well.


Yes it is worrying.  The next time I reboot the one server I've got  
with an SVM capable processor I'm going to disconnect the power (to  
make sure that I'm getting a real reboot instead of a spoofed one) and  
then on reboot I will disable SVM in the BIOS.


But mostly I'm just in admiration of people who can think of things  
this clever (even if they are very scary and dangerous things).


Thank y'all for a very enlightening discussion.

-j


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD and User Security

[Jeffrey Goldberg]

On Jun 11, 2008, at 7:17 PM, [EMAIL PROTECTED] wrote:


A relatively new security threat known as 'The Blue Pill', based upon
hardware, is a class of virtual rootkits that can silently take over
Intel and AMD systems. A good site to visit to learn about these  
virtual

rootkits is http://invisiblethings.org/index.html.


That is simple (in concept) yet absolutely brilliant!  I'm sure that  
people much smarter that I am have thought about these things more  
carefully than I have, but I'm not convinced that a blue pill would be  
completely undetectable.


First it should consume memory.  A very complete test of memory  
through a modified memtest should be able to detect whether system  
reported memory is accurate.


Secondly, a blue pill would need to be reinserted after a hard  
reboot.  Therefore a look at the boot process (of a non-live system)  
should be able to see whether there is something that reinserts the  
blue pill.


But even if detection is possible these ways, a Blue Pill would be  
extremely difficult to detect once inserted, and so the focus would  
have to be entirely on prevention.


Again, these are just my first thoughts after looking at this very  
briefly.  The people who come up with this stuff and do proper  
analysis are both smarter and more knowledgeable than I am.


Cheers,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD and User Security

[Jeffrey Goldberg]

[mailed and posted]

On Jun 11, 2008, at 4:03 PM, YANSWBVCG wrote:


It is my understanding that since 1995 all computers must have a
hardware back door that permits undetectable access by the  
government to

the computer. This capability can be implemented using System
Monitor(Maintenance) Mode which is built into all x86 computers now.  
It
would appear that, if you are connected to the internet, the  
government

has access to your computer.


This is not the place to get into this debate, but I think that  
someone should state for the record that the vast majority of security  
experts would disagree with you.


However, I fully acknowledge that if the National Security Agency or  
GCHQ or the like wanted to break into any one of my systems, I'm sure  
that they could.


But the question wasn't about making a system that could withstand  
something like the NSA but instead about defending against run of the  
mill spyware.  Switching from Windows to FreeBSD would obviously  
improve matters for that kind of attack, but the real answers to the  
original question require an understanding of the nature of the  
threats and the nature of the counter measures far beyond what was  
evident in the question.  After all, most spyware is installed with  
the users' consent (though the user may not know that it is sypware.)


For just about everyone, I recommend pretty much anything written by  
Bruce Schneier.  As as start there is his very brief "How to think  
about security" essay:


 http://www.schneier.com/crypto-gram-0204.html#1

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: generating random passwords

[Jeffrey Goldberg]

On Jun 11, 2008, at 11:35 AM, Bill Campbell wrote:


One of the biggest problems with random passwords is that they
end up written on yellow-stickies on the monitor or under the
keyboard.


I'm going to take this opportunity to preach. Everyone should be using  
a good password management system.  Otherwise people will use either  
weak passwords or will use passwords which are predictable from other  
passwords.  (That is using the same password or variants of the same  
password for many separate realms.)


I don't run FreeBSD on desktops so I haven't looked at the various  
tools available.  On OS X, I use 1password which makes excellent use  
of the OS X Keychain system, and has terrific webbrowser integration.   
I'm fairly sure that the Apple Keychain libraries have been or can be  
ported to FreeBSD, but it might require GnuStep.


On Window's I recommend Password Safe.  In ports, sysutils/pwsafe  
provides a CLI utility that can manage Password Safe data.  And  
security/gorilla provides a tcl/tk GUI for pwsafe.  I've used both on  
OS X, and the work fine, but I much prefer 1password in that  
environment.


I've never looked at things like kwallet or other Unixish password  
management systems.  But once again, I recommend that everyone use a  
proper password management system.


-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: no reverse DNS causing connectivity problems

[Jeffrey Goldberg]

[mailed and posted]

On Jun 9, 2008, at 8:57 PM, Jake Evans wrote:

I've had a few people complain that when they telnet/ssh/ftp/web to  
our server, it's slow... I've traced the problem to them having no  
reverse on their IPs.


You should configure your servers to not do the reverse lookup.  Not  
resolving is certainly the default for Apache.  For sshd, set UseDNS  
to "no" in /etc/ssh/sshd_config.  As for telnet and ftp, I don't know  
where that might be configured.


Of course I don't know your needs and situation, but some people might  
consider it a reasonable policy to disallow ssh and telnet (and  
certainly mail) from hosts that don't have proper PTR records.


-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Grep Guru

[Jeffrey Goldberg]

On Jun 8, 2008, at 5:50 PM, Raphael Becker wrote:


find . -type -f -exec grep   {} \+

-exec foo {} \+ behaves like xargs foo
-exec foo {} \; exec foo for every file


Way cool!  I hadn't known that about find(1).

Cheers,

-j
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Looking for gurus willing to help write Freebsd tutorials

[Jeffrey Goldberg]

On Jun 4, 2008, at 2:34 PM, Jerry McAllister wrote:


Maybe everyone should make their own and use it.
FreeBSD is a user created Open Software project after all.


I used to have a "Powered by FreeBSD" button with the BSDie on a  
mailing list server that I'd set up for the PTA for my daughter's  
school in Texas.  I figured that I could handle any complaints or  
questions that I got about it.


But then I heard one of the teachers explain to other staff that if  
she ever was shopping and the final price of items totaled up to $6.66  
she would make sure to add another item so that she wouldn't have to  
be part of a transaction involving 666.  (I guess she never would have  
been a customer of Demon Internet in the UK which started out with the  
telephone prefix for their dial-up pool being 666).


At that point, I decided that my problem wouldn't be with responding  
to complaints and queries, but the problem would be with the people  
who never complained directly to me, but who shunned the service or  
complained about me.  So now there is just a text link without the  
button.  Whether you want to call this self-censorship or not, I think  
that I made the right decision.  In the same way that when I volunteer  
at the school, I don't where controversial T-Shirts.  (Though who  
would have thought that my "Friends don't let friends use Windows"  
shirt would cause complaints!)


So I agree with your point.  If you like the old BSDie, use it.  If  
you like the new logo, use that.  If you want something else, you are  
free to roll your own.


Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Need to build a new mail server

[Jeffrey Goldberg]

On May 30, 2008, at 10:39 AM, DAve wrote:

That so much time and effort is spent telling everyone how bad qmail  
is still amazes me.


Is it still the case that qmail does not reject mail during SMTP  
transaction, but instead will do an "accept and then later bounce"?


If this is still true, then I don't care if qmail turns out to be a  
great way to manage your mail server.  It is a terrible network citizen.


Anyway, here are my personal prejudices about MTAs:

Sendmail:  There was a time when I would set things up for clients  
with sendmail because if I got hit by a bus, there were more people  
around with sendmail skills then exim skills.  Also there was a time  
when only sendmail did milters.  (And of course there was a time when  
there was only sendmail).  But my feeling about sendmail has always  
been that it was designed backwards in that things that should have  
been hard coded (parsing 822 addresses) were done in the configuration  
file and things that should have been configurable (throttling  
intervals) were hard coded.


For someone with a simple set-up using FreeBSD, sendmail may be the  
best choice still because it is already there.  Likewise for someone  
who wants to have their MTA to factor numbers or solve the towers of  
hanoi, sendmail is for them.


exim: If I were setting up a large complicated installation for say an  
ISP or a mail hosting system, exim is what I would use.  I've heard  
people say that they didn't understand the configuration file, but I  
don't see what the problem is.  It is straight forward and direct.   
You just need to remember that in some sections of the configuration  
file, the order of directives matter.  exim also has this built-in  
procmail replacement (exim filters) in its mail delivery.  Of course,  
sieve has largely replaced the need for this.


postfix: This would be my first recommendation to someone starting  
from the beginning for most sites.  If there is no legacy need for  
sendmail, and we are not talking about very large and complex  
arrangements requiring exim, then postfix solid, reasonably flexible,  
easy to set up and probably now has a user base to rival sendmail.


I have never managed a qmail, Lotus Notes or MS Exchange system.  But  
my MTAs have had to interact with them.  I feel that they should never  
be allowed to face the Internet.  They are just too loose in their  
interpretations of standards and conventions.


-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD based router ...

[Jeffrey Goldberg]

On May 29, 2008, at 1:36 AM, Wojciech Puchar wrote:

that's the adventage. but edimax 6104K router with 5 ethernets  
running netbsd is both cheaper smaller and faster with it's 175Mhz 2  
instr/cycle MIPS CPU. 16MB RAM+2MB flash isn't much but enough to fit.


I will keep that in mind the next time I need to build or recommend or  
purchase such a device.  I wasn't aware that you could get NetBSD with  
enough usable tools on 2MB, but I see that now.


Thank you,

-j



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD based router ...

[Jeffrey Goldberg]

On May 28, 2008, at 3:08 PM, Wojciech Puchar wrote:

For small and medium sized enterprises that really just need  
firewall, NAT, static routing and are fine with 100Mb ether on the  
router, I've been happy with using soekris net48XX boxes using  
m0n0wall




small but expensive. used 486-pentium hardware is for free.


486 hardware with three NICs, a CF drive, and run off of a few watts  
of DC power tend not to free.


But of course a free 486 box may very well fit your needs.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD based router ...

[Jeffrey Goldberg]

On May 28, 2008, at 11:06 AM, Rob wrote:


These guys have a 2 or 4 port nic for < $100:
http://www.soekris.com/lan16x1.htm


For small and medium sized enterprises that really just need firewall,  
NAT, static routing and are fine with 100Mb ether on the router, I've  
been happy with using soekris net48XX boxes using m0n0wall


  http://m0n0.ch/wall/

or pfsense

 http://www.pfsense.com/

both FreeBSD based.

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Bind DNS

[Jeffrey Goldberg]

On May 22, 2008, at 9:10 PM, Ruel Luchavez wrote:


Hi ALL,

Is it possible in BIND DNS to block images in a certain sites? like  
for

example the popular friends site ( friendster),
i want to block most images in that site so that client will be  
irritated

that their images don't load perfectly. but s till
they can visit their site?


DNS is not the right level to be doing that unless you know that the  
images are actually served from a different server than the other  
content on the site (which is unlikely).


An HTTP proxy, Squid in particular, will be the right tool.  About a  
year ago, I saw a description where someone had put in a filter in  
Squid to blur or rotate all images.  The screen shots of that where  
hilarious, but I can't remember exactly where this was posted.


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Lock down the all-staff email list? sendmail, alias, majordomo?

[Jeffrey Goldberg]

On May 19, 2008, at 10:23 AM, brad davison wrote:



Our company has a sendmail server 8.13.8 running on FBSD 6.2 with  
procmail.  We currently have an alias set up for our all-staff email  
(we only have about 200 users).  Someone recently sent out an email  
to the all-staff that someone didn't like, so now I have to restrict  
who can send to it.


 or B) a list program like majordomo or something that I can keep  
people from using who isn't 'the boss'?


That is the option I recommend.  Look at the mailman port.  Mailman is  
a very nice (though not perfect) mailing list management system.


I see that there is also a port for majordomo if that is what you  
prefer.  But I find that mailman is easier for my users to cope with.


What is the best way to have a list that only certain users are able  
to send to?

I am open to suggestions that will get me out of this situation.


You have already given the answer.  Use a mailing list management  
system like majordomo.  I recommend mailman.


By the way, mailman is what is used for managing the FreeBSD mailing  
lists.  The announce list is set up so that only certain individuals  
can post to it.


-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: telnet to mail server from outside does not get 220, telnet from inside works

[Jeffrey Goldberg]

On May 12, 2008, at 9:04 AM, brad davison wrote:


But if I try the same thing from 'outside' the firewall I get:

%telnet email..com 25
Trying 67.x.x.x...
Connected to email.xxx.com.
Escape character is '^]'.
Connection closed by foreign host.


Have you checked to see what your mail logs say about those connection  
attempts?


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Question about a recent installation

[Jeffrey Goldberg]

On May 5, 2008, at 6:17 PM, doug wrote:

To give limited priviledges I think sudo (as in linux??) would be  
used.


I concur that sudo is really a very good way of managing privileges.   
I don't even know the root passwords on the systems that I administer  
(OK, I do have them stored in a nice secured place if I ever do need  
them).


Cheers,

-j


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: living with freebsd

[Jeffrey Goldberg]

On May 5, 2008, at 12:12 AM, prad wrote:


i'd like to know how people live with freebsd.


My FreeBSD systems are light weight servers only, so what I do is  
specific to my circumstances and tastes.



do you use only ports or only packages or a mixture?


I only use ports, but I suppose that if I had some really large things  
to install like OOo, I would consider using packages.



do you upgrade from version to version using freebsd tools or do it
manually?


I use csup and will rebuild world and the kernel as needed.  I've got  
a fairly stripped down kernel to improve boot times.  But again, I  
kind of find it "cool" to compile the whole OS.  It may be irrational  
and non-optimal.  That's why I said some of this is a matter of taste  
as well as circumstances.


My choice of when to upgrade the OS really depends on what I need.  I  
don't like to be too far behind.  I recently moved one system for 7.0  
RELEASE to 7 STABLE because of a specific fix that affected one of my  
systems.



do you have a different approach regarding the above depending on
whether it is for a server or a desktop?


I suspect that for a desktop, I would be more tempted to keep closer  
to GENERIC and use packages.  But I only have FreeBSD servers on which  
I don't even run an X11 server.


Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Installing PERL modules from CPAN (instead of ports)

[Jeffrey Goldberg]

On May 4, 2008, at 11:59 AM, Sahil Tandon wrote:

Yes, making a new port is the easiest way to install something
from CPAN.


I do prefer to keep everything organized in ports, so I created my  
first port:


http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/123382

Let's hope I didn't totally mess it up. :-)


I found myself in an identical position and did the same thing  
(created a port for the first time) for Lchown.


I suspect that now that I've overcome the initial barrier, I will be  
submitting more ports.  And I might even remember to attach the .shar  
file to my PR next time.


Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [CRON] Recommended FTP client to download and upload files?

[Jeffrey Goldberg]

On May 3, 2008, at 9:46 AM, Gilles wrote:


I need to run a CRON job to download files from one FTP server if
they're more recent, and upload them to another FTP server. The files
all live in one directory, so there's no need for recursion.

What command-line FTP client would you recommend for this?


lftp in ports.

It is very scriptable and has built in facilities to only copy "newer"  
files.


Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Problems mounting by label

[Jeffrey Goldberg]

I am trying to set up labels on a USB HD so that I can mount it in the  
same place each time I connect it.


The short version is that from what I've done (which I will detail  
below) when I try to


 $ sudo mount /dev/ufs/Back1s1 /Volumes/Back1
 mount: /dev/ufs/Back1s1 : Invalid argument

While

 $ sudo mount /dev/da4s1 /Volumes/Back1

does work.

Using the latter defeats the purpose however, since I want eventually  
to mount things to a different mount point depending on their label.


Here is more detail of what I've done so far.  I'm running RELENG_7_0

One thing that I've noticed is that /dev/da4s1 and /dev/ufs/Back1s1  
have different device numbers:


ls -l /dev/da4* /dev/ufs
crw-r-  1 root  operator0, 121 Apr 10 03:57 /dev/da4
crw-r-  1 root  operator0, 122 Apr 10 03:57 /dev/da4s1

/dev/ufs:
total 0
crw-r-  1 root  operator0, 123 Apr 10 03:57 Back1
crw-r-  1 root  operator0, 124 Apr 10 03:57 Back1s1

But that might not mean anything.

I first used fdisk to change the active slice to be of FreeBSD type  
(I'm not planning on using these disks for other systems.)  Here is  
what fdisk currently reports


$ fdisk /dev/da4
*** Working on device /dev/da4 ***
parameters extracted from in-core disklabel are:
cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl)

Figures below won't work with BIOS for partitions not in cyl 1
parameters to be used for BIOS calculations are:
cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl)

Media sector size is 512
Warning: BIOS sector numbering starts with sector 1
Information from DOS bootblock is:
The data for partition 1 is:
sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD)
start 16065, size 156280320 (76308 Meg), flag 80 (active)
beg: cyl 1/ head 0/ sector 1;
end: cyl 512/ head 254/ sector 63
The data for partition 2 is:

The data for partition 3 is:

The data for partition 4 is:


I also used glabel to try to get a label on it, but couldn't see how I  
could use the glabel information for mounting.


here is what glabel reports for the device

$ glabel dump /dev/da4s1
Metadata on /dev/da4s1:
Magic string: GEOM::LABEL
Metadata version: 2
   Label: Backup 1

So not knowing how to use the glabel information for mounting I used  
the -L option to newfs when I created the USF2 filesystem on /dev/da4s1


$ tunefs -p /dev/da4s1
tunefs: ACLs: (-a) disabled
tunefs: MAC multilabel: (-l)   disabled
tunefs: soft updates: (-n) disabled
tunefs: gjournal: (-J) disabled
tunefs: maximum blocks per file in a cylinder group: (-e)  2048
tunefs: average file size: (-f)16384
tunefs: average number of files in a directory: (-s)   64
tunefs: minimum percentage of free space: (-m) 8%
tunefs: optimization preference: (-o)  time
tunefs: volume label: (-L) Back1
[EMAIL PROTECTED] /dev/ufs]$

(oops, I probably should turn on ACLs for this, but that is another  
matter).


Any pointers to help in getting this slice mountable in the same place  
every time.  I feel like I must be very close to how this should be  
done, but something is a bit off.


Cheers,

-j








--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: USB HD based backup schemes

[Jeffrey Goldberg]

On Apr 26, 2008, at 3:38 PM, David N wrote:


We used to use RSnapshot http://www.rsnapshot.org/ to backup to an
external disk, its a great tool that also does incremental via hard
links which is a plus.


Just after I posted, I started thinking about rsync.  I hadn't known  
about rsync's hard link feature.


So once I saw that, the trail did lead me to rsnapshot.  The only  
thing I don't like about it is the security hole it demands of remote  
machines to be able to back up to them.



so to recover, you have to reinstall the base OS
and rsync the files back to get it up and running again.


I'd be happy with that.

It may have problems locking active files, I've never tested it with  
a DB before.


I can also take a DB snapshot before running the dump.


But since then, we've moved to bacula.


Bacula does look impressive.  I'll probably get there some day.  If I  
can deal with the security issue for the remote back-up this will be a  
perfect solution.  If I can't I won't do remote back-up on the machine  
that is awkward to reach, I'll just have to re-arrange things.


Thanks.

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Pine Corupting Inbox

[Jeffrey Goldberg]

On Apr 26, 2008, at 2:58 PM, Chris Maness wrote:


I am not having any problems whith other users,


Then my suspicion grows stronger that something in your own particular  
pine configuration is putting your mail in a place where imapd can't  
see it.  So in addition to what I've suggested, have you looked for  
any errors logged by imapd in your system logs?


Cheers,

-j

--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

USB HD based backup schemes

[Jeffrey Goldberg]

I am hoping that this is on-topic for the questions list.  If not, I  
apologize.


I have a couple of FreeBSD systems, and I must confess that I haven't  
set systematic back-ups of them.


I've taken a quick look at both the Bacula and Amanda documentation,  
but for reasons below I'll list why I don't think that they are idea  
for my rather simple situation.


Each system has less than 20G to be backed up, including OS and  
ports.  One of the systems, dobby, is physically difficult to get to.   
I would like dobby to be a network client for backup.  The other,  
kreacher, is more conveniently placed, and actually has a cool little  
USB hard-drive drive dock.  I've tested that and it works.  I'd like  
this other machine


So far, what I've been doing is running level 0 dumps on both kreacher  
and dobby.  In each case, I've had enough space in /tmp to create dump  
files in /tmp.  When done on kreacher, I've copied them over to a USB  
drive.  The ones from dobby I've scp'ed over to kreacher.


At worst I could script this, but it I can't be sure I'll always have  
the space in /tmp.  I need to get the mounting of the USB drive clean  
and stuff like that.  Also, always running Level 0 dumps is bad for a  
number of obvious reasons.


My needs aren't to be able to always have the ability to recover some  
file to the state it was a week ago Thursday.  (I wouldn't mind that,  
but that's not my primary goal).  My primary goal is disaster  
recovery:  In the event of a disk crash, fire, or I really mess up the  
system.  Kreacher will shortly be running mysql-server with a couple  
of very small databases.  Otherwise this are pretty static servers  
(light mail, DNS, DHCP, light HTTP).  Neither machine can hold  
additional disks internally or is otherwise expandable.


Both Amanda seems designed for back-up to tape.  Bacula, frankly,  
seems too complicated.


I'm sure that I could roll my own with dump or such, but I'm sure that  
I would leave important things out and that this has already been done  
by people who are smarter and more experienced than I am.  So  
recommendations please.



--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Pine Corupting Inbox

[Jeffrey Goldberg]

On Apr 21, 2008, at 12:53 PM, Chris Maness wrote:

I think that pine is corrupting my inbox, so that it is unreadable  
by UW-IMAPD.  When using squirrelmail after using pine I see the  
headers, but squirrelmail is unable to open the e-mails.


When you read your mail with (al)pine with it picking up mail directly  
from /var/spool/mail, (al)pine will move the mail from /var/spool/mail  
into mailbox folders in your home directory.


Now normally, this puts the mail in a place where it can still be  
picked up by uw-imap server.  Indeed, under default configurations the  
uw-imap server will perform pretty much the same action when it gets  
new mail out of /var/spool/mail.  So when everything is working right,  
even reading the mail locally with pine shouldn't mess things up as  
they have for you.


 I switched over to alpine since I do understand that pine is no  
longer supported.  If other people have experienced this it would be  
nice to have at least a notice when it is installed.  I have used  
pine for almost 10 years without this problem, but maybe this is an  
incompatability with a newer version of UW-IMAPD.


Here is what I would do to start diagnosing my first guess at the  
problem:


(1) Set up (or use) a clean vanilla user account, say fred.
(2) Send fred mail.
(3) log in as fred and have fred read mail with pine, with as close to  
a default configuration as possible.

(4) See if fred can see his mail via squirrelmail.  If so
(5) Look around ~/fred to find where pine put the mail.
(6) Compare the mail file locations for ~/fred and for you.
(7) If there are difference (which is what I'm expecting), then look  
through your .pinerc


Post back a report about how those steps go.  If things break at step  
4, then still do step (5) and report that back here.


Good luck.

Cheers,

-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"