OK, so the Spirit rover rolls into a bar. Rover says to the bartender 'excuse me,' bartender ignores him. Rover again says 'excuse me,' bartender ignores him. Martian says to bartender, 'Why don't you answer him?' bartender says 'I know that type, all they ever want is water.':)
Yes it does, run it with -kb. There is also a way to tell the server that all files that match a pattern are binary, it's in the docs. I use it to track revisions of excel files (rather than reinvent our procedures to use LaTeX).
rsync is very good for incremental updates of large files, like backups, and big dns zone files (I learned about it when setting up a slave for a dns blacklist).
BitTorrent might be worth a try too, I don't think it does incremental but should be faster than scp or ftp.
Actually, I bet bittorrent would be good for zone transfers. Rsync is cool too, but bittorrent would be even faster for big zones, like an rbl list (~50 MB).
even better, BIND 9 has no need for the 'root.ca' file, and has compiled in hints. I bet they could just update the root zone with a new serial, and we'll get it.
Here is another, no way to run the queue manually.
IMO, the biggest problem with Sendmail is too many people run it as a daemon, you only need that if you intend on accepting mail from the network. Either don't run it as a daemon, or bind it to 127.0.0.1, if you need better performance (like on a big webserver).
On a side note, you can run Qmail as a daemon, and install sendmail with submit.cf, then it will seamlessly send mail through your Qmail server when executed by scripts and stuff. It doesn't even need to be setuid root anymore.
I bet if Qmail were as widely used as Sendmail, people would find more bugs, it's really more like security by obscurity.
It does not show up because it is a distribution, which is different from a package and different from a port, intuitive, huh?
Get your source media, and do tar tzvf on the archives you installed (Xbin.tgz, Xcfg.tgz), and remove those files. I usually move/usr/X11R6 out of the way instead of removing it, just in case.
one more note I haven't seen mentioned, tar works with journaling filesystems. XFS has a dump utility, but I haven't seen one for ReiserFS (my favorite) or EXT3. I always wondered if we could use dump for EXT2 on EXT3 systems.
If you truly need to restore to the same block numbers, then use dd.
only if you are restoring to an identical disk.
dump, when it works, is the best IMO, it's time estimate is always right on, and it's my favorite way to upgrade hard drives. I do get better performance (faster backups, faster restores, more data on tape) with tar czpSf. If you run out of tape or something, you can also usually get some of the files out, try that with dump. I tried star, but it didn't seem much faster on my system, and I couldn't get it to work with gzip.
one advantage of dump is security, you only need to give the user running dump read to the raw device, in tar you need read to the whole FS, which means root.
Well, you can just copy the binaries into place. And leaving the files owned by a user with no shell, or a user that doesn't exist would really have the same effect as leaving them owned by root, since the only one who can overwrite them is root. Yes, setuid/setgid is different.
So the
only way to get a matching md5 in ports for your trojaned openssh is
to hack openssh's site and freebsd's site
wrong, they just need to hack freebsd's site, change the checksum, and change the location the ports system gets the tarball from, they can leave openssh's site alone.
and the ports system is designed to build software as root, one of the many reasons I avoid it.
I don't know about that, considering in the last month we had 2 big exploits (openssh, and libc resolve bug). The advice for the libc bug was to cvsup the whole system, cause lots of stuff depended on that.
Yes I know the openssh bug affected everyone, but only *BSD has it installed and running by default.
Slashdot Mirror
OK, so the Spirit rover rolls into a bar. Rover says to the bartender 'excuse me,' bartender ignores him. Rover again says 'excuse me,' bartender ignores him. Martian says to bartender, 'Why don't you answer him?' bartender says 'I know that type, all they ever want is water.' :)
logrotate is your friend :)
Yes it does, run it with -kb. There is also a way to tell the server that all files that match a pattern are binary, it's in the docs. I use it to track revisions of excel files (rather than reinvent our procedures to use LaTeX).
rsync is very good for incremental updates of large files, like backups, and big dns zone files (I learned about it when setting up a slave for a dns blacklist).
BitTorrent might be worth a try too, I don't think it does incremental but should be faster than scp or ftp.
Rsync is also the preferred transfer method of pirates, software and treasure hunting ('arrr sync').
Actually, I bet bittorrent would be good for zone transfers. Rsync is cool too, but bittorrent would be even faster for big zones, like an rbl list (~50 MB).
even better, BIND 9 has no need for the 'root.ca' file, and has compiled in hints. I bet they could just update the root zone with a new serial, and we'll get it.
For me this is better: ;)
$ ls -lart
then newest file is printed last. Plus the -lart has a certain BOFHish quality to it
That said, the features I need are:
Here is another, no way to run the queue manually.
IMO, the biggest problem with Sendmail is too many people run it as a daemon, you only need that if you intend on accepting mail from the network. Either don't run it as a daemon, or bind it to 127.0.0.1, if you need better performance (like on a big webserver).
On a side note, you can run Qmail as a daemon, and install sendmail with submit.cf, then it will seamlessly send mail through your Qmail server when executed by scripts and stuff. It doesn't even need to be setuid root anymore.
I bet if Qmail were as widely used as Sendmail, people would find more bugs, it's really more like security by obscurity.
No, they serve NS records, and direct queries for other records to the authoritave servers for each particular domain.
Last I checked, there was no JFS for BSD (no reiserfs, no xfs, no ext3). Softupdates are the only FS optimization I've seen there.
It does not show up because it is a distribution, which is different from a package and different from a port, intuitive, huh?
/usr/X11R6 out of the way instead of removing it, just in case.
Get your source media, and do tar tzvf on the archives you installed (Xbin.tgz, Xcfg.tgz), and remove those files.
I usually move
one more note I haven't seen mentioned, tar works with journaling filesystems. XFS has a dump utility, but I haven't seen one for ReiserFS (my favorite) or EXT3. I always wondered if we could use dump for EXT2 on EXT3 systems.
or cp, gross.
only if you are restoring to an identical disk.
dump, when it works, is the best IMO, it's time estimate is always right on, and it's my favorite way to upgrade hard drives. I do get better performance (faster backups, faster restores, more data on tape) with tar czpSf. If you run out of tape or something, you can also usually get some of the files out, try that with dump. I tried star, but it didn't seem much faster on my system, and I couldn't get it to work with gzip.
one advantage of dump is security, you only need to give the user running dump read to the raw device, in tar you need read to the whole FS, which means root.
Well, you can just copy the binaries into place. And leaving the files owned by a user with no shell, or a user that doesn't exist would really have the same effect as leaving them owned by root, since the only one who can overwrite them is root. Yes, setuid/setgid is different.
it's also a good way to avoid installing stuff you don't want or need
wrong, they just need to hack freebsd's site, change the checksum, and change the location the ports system gets the tarball from, they can leave openssh's site alone.
and the ports system is designed to build software as root, one of the many reasons I avoid it.
Right, that's what I did on some of the systems. You do have to restart the programs loading libc too.
Yes I know the openssh bug affected everyone, but only *BSD has it installed and running by default.
Especially with that recent libc issue that rendered the whole base system vulnerable >:|
reminds me of SCSI interface names, HD (high density), VHDCI (very high density...)
Nice, that's better than cp file{,.`date +%Y%m%d`}
I'm using the iKey on a G4 now. The spacing is great, but I wish the action was lighter.
There is a linux kernel module called monte that lets you do that, but your filesystems have to be mounted read-only, so what's the point.