Category Archives: freebsd

vim arrows in MacOSX

freebsd, MacOSX, , ,

I know vim gurus would criticize me for using arrows in vim's insert mode but it's really hard to give them up.

I have this problem when I connect from my linux box to a MacOSX or FreeBSD box over ssh. I find it one of the most annoying things when using vim. When you are in insert mode and hit one of the arrows to move around, instead of the expected action vim will just print A, B, C or D on a new line. This makes vim practically useless.

So either you are very careful and always exit the insert mode before you move or fix the keys.

I think it's hard to always remember to get out of insert mode and it's one extra operation you have to do that I find useless not to mention you will probably have to enter insert again a few seconds after that.

So here's the fix for the arrow keys.  Edit vimrc either the global vimrc ( I'm using vim from macports so my vimrc is /opt/local/share/vim/vimrc ) or ~/.vimrc like this:

$ vim ~/.vimrc
set t_ku= (now type Ctrl-V and press cursor up)
set t_kd= (now type Ctrl-V and press cursor down)
set t_kr= (now type Ctrl-V and press cursor right)
set t_kl= (now type Ctrl-V and press cursor left)

This solution was stolen from vim tips wiki. I posted it here to avoid looking for it again if I need it. It's the second time I am hit by this problem and every time I had to search through a few pages with solutions that didn't work for me

Sendmail as a SMTP-AUTH client on FreeBSD

freebsd, , , ,

This post describes the configuration of Sendmail to use SMTP-AUTH when connecting to a remote MTA to send messages. Such a configuration would be needed in case you have a dynamic ip and your ISP relays the messages for you, but they require authentication. This is not a post about how to set your mta to authenticate users and to relay for them. This will show you how to set it to authenticate itself to other mta that will relay messages for you.

Sendmail comes installed by default on a clean FreeBSD 6.2 system, but is has no support for SMTP authentication using SASL by default, so it needs to be recompiled.

Install Cyrus SASL

You can compile cyrus-sasl2 lib from ports (if you need to set some special options ) or install it as a package:

  1.  

Or just install it from packages with:

  1.  

Recompile Sendmail

First you need to make sure you set the compile flags so that Sendmail uses cyrus-sasl2:

  1.  

and then just recompile it and install:

  1.  

Configure Sendmail

Make sure you have the right mc files. Go to /etc/mail and type: make all install . This will create a .mc file named [your_hostname].mc .
Edit that file, look for a line like “define(`SMART_HOST', `your.isp.....” and replace your.isp with the host that will relay messages for you. After that line add the following lines:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

Note: In case your ISP's MTA does not accept connections on port 25, but another port you can tell sendmail to connect on that port by using something like the following line:

define(`RELAY_MAILER_ARGS', `IPC $h 587')dnl

where 587 is the port where your ips accepts connections for smtp relay.

Now you have to regenerate the .cf file. Type make all install in /etc/mail and you should have everything set in sendmail.cf .
All that's left to do is to create the file that will hold the information about the username and password to use when authenticating to your ISP's MTA : /etc/mail/auth/client-info :

  1.  

Now you can start/restart sendmail and everything should be ok.

PHP pecl freebsd port bug

freebsd, , ,

A bug exists in the pecl cli script on freebsd that will not permit you to install any pecl package.

The problem is that the pecl script needs pcre.so but the script calls php with -n ( don't use php.ini ) so the pcre.so extension is not loaded.

A quick fix is to edit /usr/local/bin/pecl and remove "-n" from the last line so it will look like
exec $PHP -C -q $INCARG -d output_buffering=1 -d safe_mode=0 -d register_argc_argv="On" $INCDIR/peclcmd.php "$@"

I found this bug when I wanted to install the svn extension but it seems the bug is known for some time and there is a patch for it : http://www.freebsd.org/cgi/query-pr.cgi?pr=110209

Qmail with smtp-auth and DomainKeys on FreeBSD

Email, freebsd, , , , ,

I tried to set up qmail with tls and smtp auth on freebsd. I have configured my server with SMTP-AUTH so that I can use it to relay messages for me and other authenticated users. I would like qmail to sign the messages that the authenticated users send through my server.

I compiled qmail-tls from ports, checked the smtp-auth and qmailqueue options, then I compiled qmail-dk and selected the SMTP-AUTH patch. I set up my private and public keys, I set up bin/qmail-dk for qmailqueue as described on this page : http://jeremy.kister.net/howto/dk.htm but still not results. It just does not want to add the DomainKeys signature but instead it tries to verify the messages. Continue reading Qmail with smtp-auth and DomainKeys on FreeBSD

freebsd 7.0 outperforms linux

freebsd, Linux, , , ,

The development version of FreeBSD ( 7.0 ) seems to scale a lot better then linux on SMP systems.

A combination of latest freebsd scheduler ULE 2.0 that is built into FreeBSD 7.0, the libthr threading library and a patch (not commited, yet ? ) that addresses poor scalability of file descriptor locking and some other patches is what made a system with 8 core amd64 cpu and 16 GB of ram outperform linux by a factor of 4 in MySQL tests.

The tests were performed using sysbench OLTP benchmark, a tool designed for testing mysql performance.

Brief test results: Linux is actually a little ( ~ 2% ) faster then FreeBSD for less then 9 clients, but when the number of clients grows to 20 linux performance drops a lot and FreeBSD's performance stays the same.

More details about the test here:

http://people.freebsd.org/~kris/scaling/mysql.html

first freebsd 6.2 bugs found

freebsd, ,

Just one day after the release and we have the first bugs that show up in the FreeBSD errata.

bug #1 Some isolated crashes were reported for arcmsr, the driver for Areca ARC-11xx and ARC-12xx series of SATA II RAID controllers. This problem is still being investigated. Users that have problems are advised to consider backing out the driver update or installing a version of this driver directly from Areca

bug #2 is a kernel bug related to Unix domain sockets. A patch for this problem has been committed to HEAD and RELENG_6, and is a candidate for an errata patch to RELENG_6_2 after further testing.

bug #3 was observer on systems with heavy network activity. the problem seems to be with the kernel memory allocator. A partial workaround for this problem is to add the following line to /boot/loader.conf and reboot:

kern.ipc.nmbclusters="0"

More details about the bugs in this release on Errata

FreeBSD 6.2 RELEASE

freebsd, ,

FreeBSD 6.2 was released today at 00:29:19 -0500 🙂

The release brings a lot of bug fixes and new features like official support for binary updates with freebsd-update, ipfw packet tagging, linux emulation support for sysfs, kde 3.5.4, gnome 2.16.1, bind 9.3.3 . Check out the complete list of new features and bug fixes in freebsd 6.2 for more.

easy way to create a random password

freebsd, General, Linux, security

Sometimes you just need a quick way to create a random password without installing special random password generators.

Here is an easy way to create a random password using standard tools that are available on most of the unix flavours:

head -c 10 /dev/random | base64

or if you don't have the base64 program but you have uuencode

head -c 10 /dev/random | uuencode -m -

This will create a password based on a 10 bytes long random sequence.

If you want longer or shorter passwords just replace "-c 10" with "-c x", where x is the number of random bytes you want to use.

freebsd securelevel setup

freebsd, General, security, ,

FreeBSD securelevel is a security mechanism implemented in the kernel that restricts certain tasks depending on the level that is active. Not even the super user will be able to bypass this mechanism if well setup.

From securelevel man page :

-1 Permanently insecure mode - always run the system in level 0 mode.
This is the default initial value.

0 Insecure mode - immutable and append-only flags may be turned off. All devices may be read or written subject to their permissions.

1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded.

2 Highly secure mode - same as secure mode, plus disks may not be opened for writing (except by mount(2)) whether mounted or not. This level precludes tampering with file systems by unmounting them, but also inhibits running newfs(8) while the system is multiuser.

In addition, kernel time changes are restricted to less than or equal to one second. Attempts to change the time by more than this will log the message ``Time adjustment clamped to +1 second''.

3 Network secure mode - same as highly secure mode, plus IP packet filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and dummynet(4) configuration cannot be adjusted.

Continue reading freebsd securelevel setup