Thread: [Pcbsd-developer] Re: PCBSD-Developer digest, Vol 1 #36 - 2 msgs

Status: Beta

Brought to you by: kmoore134

pcbsd-developer

[Pcbsd-developer] Re: PCBSD-Developer digest, Vol 1 #36 - 2 msgs

From: Charles A. L. <lan...@gm...> - 2006-05-01 03:31:59

On 4/26/06, pcb...@li...
<pcb...@li...> wrote:
> I looked at www.pbidir.com today and realized that it is not user
> friendly. My humble suggestions:
>
> 1. List on front page not program names with version numbers but just
> themes like: Web, Utilities, Office... with short description, what you
> can find here.

I think listing software on the 1st page save one click for common
applications, for instance Opera is listed on the 1st page, so I just
have to click twice to get it :)

> 2. In themes like Web, Utilities, Office.. etc. you can see program
> names with short description and last version number. If someone want to
> try out older version they can download it from list below.

Should we keep older versions?

> 3. Most popular software mean not mostly downloaded for all time but
> mostly downloaded per week or month.

Good idea.

> 5. If someone visits pbidir.com he have no information what it is all
> about. More information please. How it is related to PC-BSD and why it
> so good to be true and so on...

Yes, a short explanation could help new visitors. Let's see what I can
come up with...

Thanks for the suggestions, I'll see how I can improve all of the above ;)

--
Charles A. Landemaine.

[Pcbsd-developer] PC-BSD 1.0 kernel features (drm, firewall, ....)

From: Andrei K. <an...@bs...> - 2006-05-14 09:18:33

I start with kernel today:)

changes in default PC-BSD kernel config /root/kernel/MYKERNEL :

machine         i386
#cpu            I486_CPU
#cpu            I586_CPU
cpu             I686_CPU
ident           PCBSD

# Direct Rendering modules for 3D acceleration.
device          drm             # DRM core module required by DRM drivers
device          mach64drm       # ATI Rage Pro, Rage Mobility P/M, Rage XL
device          mgadrm          # AGP Matrox G200, G400, G450, G550
device          r128drm         # ATI Rage 128
device          radeondrm       # ATI Radeon
device          sisdrm          # SiS 300/305, 540, 630

# networking
options         HZ=1000
options         DEVICE_POLLING # not all NICs support polling :( but releases 
IRQs for better networking performance

# PF firewall
device pf
device pflog
device pfsync

# PF ALTQ # not all NICs support ALTQ :(
options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build

Alternative to PF is to use IPFW

options    IPFIREWALL                   
# This option enables IPFW as part of the kernel
options    IPFIREWALL_VERBOSE           
# Enables logging of packets that pass through IPFW and have the 'log' keyword 
specified in the rule set.
options    IPFIREWALL_VERBOSE_LIMIT=5   
# Limits the number of packets logged through syslogd(8) on a per entry basis. 
You may wish to use this option in hostile environments which you want to log 
firewall activity. This will close a possible denial of service attack via 
syslog flooding.
options    IPFIREWALL_DEFAULT_TO_ACCEPT
options    IPDIVERT # This enables the use of NAT functionality.

[Pcbsd-developer] We have serious problem with SSH keys!

From: Andrei K. <an...@bs...> - 2006-05-22 22:03:12

[code]less /etc/ssh/ssh_host_dsa_key.pub[/code]

[quote]ssh-dss 
AAAAB3NzaC1kc3MAAAEBAI3NCpOPcq1NY6Df/80nNanoZ6tvGoEaiAhw//1BLuCZrwhWrttn1YT3ERidgsJemL6tGApjMCrLyRxsHbYZV
/zklvqEcAcwxkPTgO3bLrIISXUIXXtBag88nPrrUrUJISqKgXzI8RZaKAlde6AWVptjnfwz0zrPVuNSLHdb0VUnweh02n/I4MJxXmZODZ9MNJnKTU
V0T9QtD6ThUjgAuHjV7p+9ZeUrXCWTfuZef8ixQMenRxVAzhMGU8P7QcHBf5aG15IICn8F/d2gta6QvsA65OKPrMm8BJL+S+kppZlZL53cWcpuHmj
fgkXA3Ib9T6t6IaIzayxbd11/tERKAhcAAAAVAI1eC1sYgnFvwzvt0ZtQ/ZKW9IIDAAABAQCA9g3UUdqMnsgGlo6krHCvBldTNcOCDvbZw8XBpmYZ
VNUqRQ14esrea2aLs4SPN/5QFDSYFtXfvDsaPfrI2HoW0aLnsNWtrKfpX6rwQUwVIh8gHpPYtSgcn5ReU8JcDaS7J7QLI/fj17PXkX0eqSqfst/QS
Ba48SU0Y5OVOezpF9RVavUCaLrrSDr4qvla9iGlYnD9IE0O516xAUWuJDb1MtdPEX1Lilo9Yb0a5XYIg6+DfrWWZmRcB8pAO73PjSPBEMEV8fTgG6
T/Jb+htps3yX/eAYULt45Q4fGu8rdWj/jfBIwlg6+jt1/M+IKcTdr7IN6ONKimy9pBW7R2ITJjAAABAQCCxteh9kz/8KdbACFOD41l7XTW37Jecli
H2TSSjOFFeJw17aDMQEWPiF+AZoxy0h5Gc0tv+/e/JSiEYAKONprxi+bKoOickyArLHAvC4GmhVGf74WOxb9RjDCgW/u97DIdcAX3YllbUyVBvnW4
vHfatIVUGx/6SM1F3c5Fnjd1A+lmH3Co5rQyLVzVM5zqoHfv/D1w36xBpksNPJ3I2rnaLC9a2KCqeFgx/IgrvBruBuK9mHQIpIseAfRLndWavfQV+
jlFIFbq9p1tU1F38yQESVJbZu0lYcZslYpcNC/RgPpu1MWzy0a1pNzoLkCcryj9cCsQgGQkyq1CrlgrLehT 
root@PCBSD.localhost
ssh_host_dsa_key.pub (END) [/quote]

What is your key?

I imagine that all PC-BSD installations got the same key... This is just 
insane....

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html

Re: [Pcbsd-developer] We have serious problem with SSH keys!

From: Tim M. <ti...@pc...> - 2006-05-22 22:25:43

Hi,

> What is your key?
>
> I imagine that all PC-BSD installations got the same key... This is just
> insane....
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html

Whoops! Well spotted. Not a *serious* issue, you couldn't compromise the 
security of a PC-BSD installation with this knowledge, it could be used 
however to 'spoof' one.

1.1 is coming up soon, we could easily fix this for new installations. 
Existing systems can be easily patched, I'll talk to Kris about getting this 
fixed.

Thanks Andrei,

Tim

-- 
Tim McCormick
PC-BSD System Developer
ti...@pc...

Re: [Pcbsd-developer] Re: PCBSD-Developer digest, Vol 1 #36 - 2 msgs

From: Andrei K. <an...@bs...> - 2006-05-01 09:42:24

Charles A. Landemaine wrote:
> On 4/26/06, pcb...@li...
> <pcb...@li...> wrote:
>> I looked at www.pbidir.com today and realized that it is not user
>> friendly. My humble suggestions:
>>
>> 1. List on front page not program names with version numbers but just
>> themes like: Web, Utilities, Office... with short description, what you
>> can find here.
>
> I think listing software on the 1st page save one click for common
> applications, for instance Opera is listed on the 1st page, so I just
> have to click twice to get it :)
>
First page is crowded right now and it is difficult to find something in 
this mess.
And "userfriendly"  means  that  if you can find something even without 
searching by just following the path.
For example: I want to try out different browser> I click on front page 
"Internet" link/icon> Found link to "Browsers"> Then I see browsers 
sorted by rating/alphabet whatever> click on Opera> I see different 
versions of Opera, like FreeBSD native PBI, Linux version with Flash and 
maybe older versions(not everyone have 64bit processors with gigs of ram 
and older programs is less hungry for computation power, maybe I don't 
like new version and I want to compare new functions with older 
version... )> I download package I want and I am happy now ;)
>> 2. In themes like Web, Utilities, Office.. etc. you can see program
>> names with short description and last version number. If someone want to
>> try out older version they can download it from list below.
>
> Should we keep older versions?
>
Yes we should, if there is no serious vulnerabilities. New version does 
not mean that it is better quality automagically.
>> 3. Most popular software mean not mostly downloaded for all time but
>> mostly downloaded per week or month.
>
> Good idea.
Maybe there should be options for sorting/statistics.
>> 5. If someone visits pbidir.com he have no information what it is all
>> about. More information please. How it is related to PC-BSD and why it
>> so good to be true and so on...
>
> Yes, a short explanation could help new visitors. Let's see what I can
> come up with...
>
Some words about pbidir forum. Is it vise to have separate forum for pbi?
> Thanks for the suggestions, I'll see how I can improve all of the 
> above ;)
Any time.

[Pcbsd-developer] PC-BSD 1.0 kernel features (drm, firewall, ....)

From: Andrei K. <an...@bs...> - 2006-05-14 09:24:02

I start with kernel today:)

changes in default PC-BSD kernel config /root/kernel/MYKERNEL :

machine =A0 =A0 =A0 =A0 i386
#cpu =A0 =A0 =A0 =A0 =A0 =A0I486_CPU
#cpu =A0 =A0 =A0 =A0 =A0 =A0I586_CPU
cpu =A0 =A0 =A0 =A0 =A0 =A0 I686_CPU
ident =A0 =A0 =A0 =A0 =A0 PCBSD

# Direct Rendering modules for 3D acceleration.
device =A0 =A0 =A0 =A0 =A0drm =A0 =A0 =A0 =A0 =A0 =A0 # DRM core module req=
uired by DRM drivers
device =A0 =A0 =A0 =A0 =A0mach64drm =A0 =A0 =A0 # ATI Rage Pro, Rage Mobili=
ty P/M, Rage XL
device =A0 =A0 =A0 =A0 =A0mgadrm =A0 =A0 =A0 =A0 =A0# AGP Matrox G200, G400=
, G450, G550
device =A0 =A0 =A0 =A0 =A0r128drm =A0 =A0 =A0 =A0 # ATI Rage 128
device =A0 =A0 =A0 =A0 =A0radeondrm =A0 =A0 =A0 # ATI Radeon
device =A0 =A0 =A0 =A0 =A0sisdrm =A0 =A0 =A0 =A0 =A0# SiS 300/305, 540, 630

# networking
options =A0 =A0 =A0 =A0 HZ=3D1000
options =A0 =A0 =A0 =A0 DEVICE_POLLING # not all NICs support polling :( bu=
t releases=20
IRQs for better networking performance

# PF firewall
device pf
device pflog
device pfsync

# PF ALTQ # not all NICs support ALTQ :(
options =A0 =A0 =A0 =A0 ALTQ
options =A0 =A0 =A0 =A0 ALTQ_CBQ =A0 =A0 =A0 =A0# Class Bases Queuing (CBQ)
options =A0 =A0 =A0 =A0 ALTQ_RED =A0 =A0 =A0 =A0# Random Early Detection (R=
ED)
options =A0 =A0 =A0 =A0 ALTQ_RIO =A0 =A0 =A0 =A0# RED In/Out
options =A0 =A0 =A0 =A0 ALTQ_HFSC =A0 =A0 =A0 # Hierarchical Packet Schedul=
er (HFSC)
options =A0 =A0 =A0 =A0 ALTQ_PRIQ =A0 =A0 =A0 # Priority Queuing (PRIQ)
options =A0 =A0 =A0 =A0 ALTQ_NOPCC =A0 =A0 =A0# Required for SMP build

Alternative to PF is to use IPFW

options =A0 =A0IPFIREWALL =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=20
# This option enables IPFW as part of the kernel
options =A0 =A0IPFIREWALL_VERBOSE =A0 =A0 =A0 =A0 =A0=20
# Enables logging of packets that pass through IPFW and have the 'log' keyw=
ord=20
specified in the rule set.
options =A0 =A0IPFIREWALL_VERBOSE_LIMIT=3D5 =A0=20
# Limits the number of packets logged through syslogd(8) on a per entry bas=
is.=20
You may wish to use this option in hostile environments which you want to l=
og=20
firewall activity. This will close a possible denial of service attack via=
=20
syslog flooding.
options =A0 =A0IPFIREWALL_DEFAULT_TO_ACCEPT
options =A0 =A0IPDIVERT # This enables the use of NAT functionality.

Re: [Pcbsd-developer] PC-BSD 1.0 kernel features (drm, firewall, ....)

From: Kris M. <kri...@co...> - 2006-05-15 13:48:19

Andrei,

I may go ahead and roll an alternate kernel with these options, and make 
it selectable on the System Utility :) Thanks for the suggestions.



---
Kris Moore


Andrei Kolu wrote:
> I start with kernel today:)
> 
> changes in default PC-BSD kernel config /root/kernel/MYKERNEL :
> 
> machine         i386
> #cpu            I486_CPU
> #cpu            I586_CPU
> cpu             I686_CPU
> ident           PCBSD
> 
> # Direct Rendering modules for 3D acceleration.
> device          drm             # DRM core module required by DRM drivers
> device          mach64drm       # ATI Rage Pro, Rage Mobility P/M, Rage XL
> device          mgadrm          # AGP Matrox G200, G400, G450, G550
> device          r128drm         # ATI Rage 128
> device          radeondrm       # ATI Radeon
> device          sisdrm          # SiS 300/305, 540, 630
> 
> # networking
> options         HZ=1000
> options         DEVICE_POLLING # not all NICs support polling :( but releases 
> IRQs for better networking performance
> 
> # PF firewall
> device pf
> device pflog
> device pfsync
> 
> # PF ALTQ # not all NICs support ALTQ :(
> options         ALTQ
> options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
> options         ALTQ_RED        # Random Early Detection (RED)
> options         ALTQ_RIO        # RED In/Out
> options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
> options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
> options         ALTQ_NOPCC      # Required for SMP build
> 
> Alternative to PF is to use IPFW
> 
> options    IPFIREWALL                   
> # This option enables IPFW as part of the kernel
> options    IPFIREWALL_VERBOSE           
> # Enables logging of packets that pass through IPFW and have the 'log' keyword 
> specified in the rule set.
> options    IPFIREWALL_VERBOSE_LIMIT=5   
> # Limits the number of packets logged through syslogd(8) on a per entry basis. 
> You may wish to use this option in hostile environments which you want to log 
> firewall activity. This will close a possible denial of service attack via 
> syslog flooding.
> options    IPFIREWALL_DEFAULT_TO_ACCEPT
> options    IPDIVERT # This enables the use of NAT functionality.
> 
> 
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
> _______________________________________________
> PCBSD-Developer mailing list
> PCB...@li...
> https://lists.sourceforge.net/lists/listinfo/pcbsd-developer
> 
>