SASL for WeeChat

You can encrypt your password for NickServ authentication using blowfish and SASL.

To set “dh-blowfish” by default for all servers:

/set irc.server_default.sasl_mechanism dh-blowfish

(Note that this will only work if your WeeChat was built with libgcrypt support - otherwise, use the “plain” mechanism.)

Additionally, per-server username and password settings can be applied - for instance, with Freenode:

/set irc.server.freenode.sasl_username "_username_" /set irc.server.freenode.sasl_password "_password_"

Apply Security Patches to FreeBSD

From FreeBSD Handbook - Ch 26 Updating FreeBSD:

Security patches are stored on a remote machine and may be downloaded and installed using the following command:

# freebsd-update fetch

# freebsd-update install

An entry in /etc/crontab allows freebsd-update to be run as a nightly cron job:

@daily root freebsd-update cron

Here, freebsd-update will only check if updates exist. If patches exist, they will automatically be downloaded to the local disk but not applied; the root user will be sent an email so they may install them manually.

If anything goes wrong, freebsd-update has the ability to roll back the last set of changes with the following command:

# freebsd-update rollback

Once complete, the system should be restarted if the kernel or any kernel modules were modified. This will allow FreeBSD to load the new binaries into memory.

Manage FreeBSD Ports

The FreeBSD Ports and Packages Collection offers a simple way for users and administrators to install applications. There are currently 22776 ports available.

To fetch the FreeBSD Ports tree for the first time, as root:

# portsnap fetch extract

Install portmaster to manage your ports without external databases or languages:

# cd /usr/ports/ports-mgmt/portmaster

# make install clean

To list all outdated and installed packages from the FreeBSD Ports tree:

# pkg_version -l '>'

(Packages that appear on the left of the > sign are outdated, and may be updated from the sources provided online.)

/usr/ports/UPDATING describes various issues and additional steps users may encounter and need to perform when updating a port, including such things as file format changes, changes in locations of configuration files, or other such incompatibilities with previous versions.

# less /usr/ports/UPDATING

Then, to upgrade all packages/ports:

# portmaster -Da

To update your packages in the future:

# portsnap fetch update

# pkg_version -l '>'

# less /usr/ports/UPDATING

# portmaster -Da

portmaster can also remove stale distfiles with the --clean-distfiles option. To clear old distfiles for all ports and automatically confirm their deletion, use the -t and -y flags respectively, i.e.,:

# portmaster -t -y --clean-distfiles

I perform the following set of commands when a significant error gets introduced into the ports tree:

# portmaster -dys --clean-distfiles

# portmaster -vy --check-depends

Also, if I need to rebuild a specific port and all of its dependencies, I use:

# portmaster -fR www/firefox

GnuTLS for WeeChat

WeeChat supports encrypted IRC connections using GnuTLS. For FreeBSD’s port of WeeChat, as root:

# cd /usr/ports/irc/weechat

# make

[select GnuTLS]

# make install

In WeeChat:

/set weechat.network.gnutls_ca_file "/usr/local/share/certs/ca-root-nss.crt"

/set irc.server.freenode.addresses "chat.freenode.net/7000"

/set irc.server.freenode.ssl on

/set irc.server.freenode.ssl_dhkey_size 1024

/connect freenode

NB: WeeChat’s support for GnuTLS is rather flaky, with numerous bug reports recently surfacing on the net (one such example). WeeChat’s FAQ suggests disabling verification of secure connections with:

/set irc.server.freenode.ssl_verify off

CA Certificates in FreeBSD

From CAcert Wiki - Inclusion Status:

The old ca-roots port (which included the CAcert certificate) was removed with the comment “Not supported by FreeBSD Security Officer anymore”. The current certificate package (ca_root_nss) is a copy of the Mozilla certificate package and FreeBSD is therefore dependent on Mozilla inclusion.

Hence: # pkg_add -rv ca_root_nss

Clean FreeBSD Ports Directories

After building and installing software from the ports collection, you should always remember to clean up the temporary work directories. You can sweep the whole ports tree with the following command:

# portsclean -C

The portsclean utility is part of the portupgrade suite.

Alternatively, here’s a shell script:

1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/sh
#
# Search for ports that contain a "work" subdirectory,
# then go into that port directory and perform a
# make clean
for i in `find /usr/ports -name work -type d`
do
cd `echo "$i" | sed 's//[^/]*$///'`
make clean
done

Tweak Samba Performance in FreeBSD

For improved Read/Write speeds in Samba, build the ports package as follows:

# cd /usr/ports/net/samba35

# make

[select AIO_SUPPORT]

# make install clean

In /boot/loader.conf:

1
2
aio_load="YES"

In /etc/sysctl.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
## Tweaks for Samba
kern.ipc.maxsockbuf=16777216
kern.ipc.nmbclusters=32768
kern.ipc.somaxconn=32768
kern.maxfiles=65536
kern.maxfilesperproc=32768
kern.maxvnodes=800000
net.inet.tcp.delayed_ack=0
net.inet.tcp.inflight.enable=0
net.inet.tcp.path_mtu_discovery=0
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.recvbuf_inc=524288
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.recvspace=65536
net.inet.tcp.rfc1323=1
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.sendbuf_inc=524288
net.inet.tcp.sendspace=65536
net.inet.udp.maxdgram=57344
net.inet.udp.recvspace=65536
net.local.stream.recvspace=65536
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.mssdflt=1460

In /usr/local/etc/smb.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[global]
workgroup = MASTER.LIT
netbios name = SMB_PDC
server string = Descartes
interfaces = re0
log file = /var/log/samba/log.%m
max log size = 50
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
hosts allow = 10.254.0.
use sendfile = yes
strict locking = no
min receivefile size = 131072
aio read size = 1
aio write size = 1
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT

… and reboot for the changes to take effect.

FreeBSD Packages

The following is a list of packages I have installed on my FreeBSD NAS:
(from # pkg_info -a)


### Information for bash-4.1.9:

Comment:
**The GNU Project's Bourne Again SHell**

Description:
This is GNU Bash.  Bash is the GNU Project's Bourne Again SHell,
a complete implementation of the POSIX.2 shell spec, but also
with interactive command line editing, job control on architectures
that support it, csh-like features such as history substitution and
brace expansion, and a slew of other features.

WWW: http://cnswww.cns.cwru.edu/~chet/bash/bashtop.html


### Information for bash-completion-1.2_2,1:

Comment:
**Programmable completion library for Bash**

Description:
This is a programmable completion convenience library for the bash(1)
shell. It features the ability to tab-complete arguments for many common
programs.

WWW: http://bash-completion.alioth.debian.org/


### Information for dmidecode-2.10:

Comment:
**A tool for dumping DMI (SMBIOS) contents in human-readable format**

Description:
Dmidecode is a tool or dumping a computer's DMI (some say SMBIOS) table
contents in a human-readable format. The output contains a description of the
system's hardware components, as well as other useful pieces of information
such as serial numbers and BIOS revision.

WWW: http://www.nongnu.org/dmidecode/


### Information for fdupes-1.50.p2:

Comment:
**Fdupes is a program for identifying or deleting duplicate files**

Description:
FDUPES is a program for identifying or deleting duplicate files residing within
specified directories.

WWW: http://netdial.caribe.net/~adrian2/fdupes.html


### Information for htop-0.8.3_2:

Comment:
**A better top(1) - interactive process viewer**

Description:
htop is an enhanced version of top, the interactive process viewer,
which can display the list of processes in a tree form.

Comparison between 'htop' and 'top'

    * In 'htop' you can scroll the list vertically and horizontally
    to see all processes and full command lines.
    * In 'top' you are subject to a delay for each unassigned
    key you press (especially annoying when multi-key escape
    sequences are triggered by accident).
    * 'htop' starts faster ('top' seems to collect data for a while
    before displaying anything).
    * In 'htop' you don't need to type the process number to
    kill a process, in 'top' you do.
    * In 'htop' you don't need to type the process number or
    the priority value to renice a process, in 'top' you do.
    * In 'htop' you can kill multiple processes at once.
    * 'top' is older, hence, more tested.

WWW: http://htop.sourceforge.net/


### Information for iozone-3.370:

Comment:
**Performance Test of Sequential File I/O**

Description:
Iozone: 'IO Zone' Benchmark Program

Iozone tests the speed of sequential I/O to actual files.  Therefore,
this measurement factors in the efficiency of your machine's file
system, operating system, C compiler, and C runtime library.  It
produces a measurement which is the number of bytes per second that
your system can read or write to a file.

WWW: http://www.iozone.org/


### Information for linux_base-f10-10_3:

Comment:
**Base set of packages needed in Linux mode for i386/amd64 (Linux Fedora 10)**

Description:
This port contains packages from a near-minimal installation of Fedora 10
Linux.  These packages, in conjunction with the linux kernel module,
form the basis of the Linux compatibility environment. It is designed to
provide a nice user experience by using the FreeBSD configuration for
corresponding Linux stuff where possible. Because of this any work which
needs to chroot into the linux base may not work as expected (no fallthrough
to the FreeBSD config possible).

This port is only available for the i386/amd64 architecture (i386/32 bit mode).

If you want to run X11 applications, install the x11/linux-xorg-libs port.

For cross-development this port is not suitable, you should use a linux_dist
port instead in this case.


### Information for lsof-4.85A,5:

Comment:
**Lists information about open files (similar to fstat(1))**

Description:
Lsof (LiSt Open Files) lists information about files that are open by the
running processes.  An open file may be a regular file, a directory, a block
special file, a character special file, an executing text reference, a
library, a stream or a network file (Internet socket, NFS file or Unix domain
socket).

See also fstat(1) in the base system.

WWW: http://people.freebsd.org/~abe/


### Information for mc-4.7.5:

Comment:
**Midnight Commander, a free Norton Commander Clone**

Description:
GNU Midnight Commander is a user-friendly yet powerful file manager
and visual shell, useful to novice and guru alike. It provides a
clear, user-friendly, and somewhat protected interface to a Unix
system while making many frequent file operations more efficient and
preserving the full power of the command prompt. You will wonder how
you could ever live without it.

WWW: http://www.midnight-commander.org


### Information for most-5.0.0_1:

Comment:
**A pager (like less) which has support for windows and binary files**

Description:
most is a pager (like less) that displays, one windowful at a time,
the contents of a file on a terminal.  It pauses after each windowful
and prints the following on the window status line: the screen, the
file name, current line number, and the percentage of the file so far
displayed.

In addition to displaying ordinary text files, most can also display
binary files as well as files with arbitrary ascii characters.  As an
option, autosensing of binary files can be disabled (via the -k
option), thereby allowing one to browse files encoded in a different
language (Japanese, Korean, Chinese, etc).

WWW: http://www.jedsoft.org/most/
FTP: ftp://ftp.jedsoft.org/pub/davis/most


### Information for pkg_cutleaves-20090810:

Comment:
**Interactive script for deinstalling 'leaf' packages**

Description:
pkg_cutleaves finds installed 'leaf' packages, i.e. packages that are
not referenced by any other installed package, and lets you decide for
each one if you want to keep or deinstall it (via pkg_deinstall(1)).


### Information for portmaster-3.6.1:

Comment:
**Manage your ports without external databases or languages**

Description:
This script uses the existing ports infrastructure to track dependencies,
and keep them up to date.  It is written in /bin/sh so it has no dependencies.

Portmaster has the following features:
  * Updates and repairs (as needed) entries for dependencies in both +CONTENTS
    and +REQUIRED_BY files for both the port that is being updated, and any
    ports that depend on it
  * Runs make config recursively through all ports before starting build
  * Downloads distfiles in the background
  * Recursively checks and upgrades (or installs) all dependencies
  * User can force upgrades of all dependent ports
  * Offers the user the opportunity to delete stale distfiles
  * Supports ports/MOVED and non-default settings of PORTSDIR and PKG_DBDIR
  * Interactive update mode (prompts for each update)
  * Option to rebuild port, and ports that depend on it
  * Options to make packages out of installed, and new ports
  * Option to clean out stale port dependencies
  * Options to list installed ports by category, and those with new versions
  * Packages can be used for installation either exclusively, if available,
    or only for build dependencies

    *** Package installation support requires FreeBSD 6.4 or newer ***

LICENSE: BSD

WWW: http://dougbarton.us/portmaster.html


### Information for portupgrade-2.4.8_1,2:

Comment:
**FreeBSD ports/packages administration and management tool suite**

Description:
Portupgrade is a tool to upgrade installed packages via ports or
packages.  You can upgrade installed packages without having to
reinstall depending or dependent packages.  It can automatically trace
dependency chains up and down upgrading packages recursively.

This package also includes the following utilities:
portinstall:    Helps you install new ports in a handy way.
portcvsweb:    Instantly lets you browse change history via CVSweb.
portversion:    Replaces pkg_version(1) and helps you upgrade packages
        with portupgrade(1). (runs much faster)
portsclean:    Cleans ports workdir's, unreferenced distfiles,
        old and orphan shared libraries, and stale packages.
portsdb:    Creates binary database from the ports INDEX.
ports_glob:    Expands ports globs.
pkg_deinstall:    Wraps pkg_delete(1) and provides additional features.
pkg_fetch:    Fetches packages from a remote site.
pkg_glob:    Expands package globs.
pkg_which:    Checks which package a file came from quickly.
pkgdb:        Manages and searches the package database.
pkgdu:        Display a disk usage for installed packages.

Author: Akinori MUSHA  (Not the current maintainer)
Maintainer: freebsd-ruby mailing list
WWW: http://wiki.freebsd.org/portupgrade


### Information for pydf-9:

Comment:
**A python implementation of df**

Description:
pydf is all-singing, all-dancing, fully colourised df(1)-clone
written in python.

WWW: http://kassiopeia.juls.savba.sk/~garabik/software/pydf/


### Information for samba35-3.5.11:

Comment:
**A free SMB and CIFS client and server for UNIX**

Description:
The Samba suite is a set of programs which run under the FreeBSD
operating system. These programs deliver most of the important
functionality of a Microsoft Lan Manager server. That is, they support
remote access to FreeBSD filespace and FreeBSD printers from Lan Manager
compatible clients. In practical terms, this means that such clients can
connect to and use FreeBSD filespace as if it was a local disk drive, or
FreeBSD printers as if they were local printers.

Some of the most popular Lan Manager compatible clients include Lan
Manager itself, Windows for Workgroups, OS/2 and Windows NT.

WWW: http://www.samba.org/


### Information for screen-4.0.3_10:

Comment:
**A multi-screen window manager**

Description:
Screen is a full-screen window manager that multiplexes a physical terminal
between several processes (typically interactive shells).
Each virtual terminal provides the functions of a DEC VT100 terminal and, in
addition, several control functions from the ANSI X3.64 (ISO 6429) and ISO
2022 standards (e.g. insert/delete line and support for multiple character
sets). There is a scrollback history buffer for each virtual terminal and a
copy-and-paste mechanism that allows moving text regions between windows.

WWW: http://www.gnu.org/software/screen/


### Information for sudo-1.7.4.6:

Comment:
**Allow others to run commands as root**

Description:
This is the CU version of sudo.

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity.  The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.

WWW: http://www.courtesan.com/sudo/


### Information for vim-lite-7.3.81:

Comment:
**Vi "workalike", with many additional features (Lite package)**

Description:
Vim is a virtually compatible, extremely enhanced, version of the UNIX
text editor vi.

There are a lot of enhancements above Vi: multi level undo, multi-windows
and buffers, syntax highlighting, command line editing, filename completion,
on-line help, visual selection, etc..

Many features above standard vi's have been added:
    multiple windows and buffers, multi level undo, command line history,
    filename completion, selection highlighting, block operations (including
    column/rectangular blocks), syntax highlighting, on-line help, etc.
    Embeded Perl, Tcl, and Python support.
    See ":help vi_diff" for a summary of the differences between Vim and Vi.

    An X-windows aware or a full X-windows GUI version can also be built
    that allows full use of the mouse and pull-down menus

See http://www.vim.org/why.html for a full explanation of Vim's features.

Portability to all UNIX platforms, AmigaOS, Archimedes, Atari MiNT, BeOS,
M$-DOS, MacOS, OS/2, VMS, WinNT+Win95.

-- David    (obrien@cs.ucdavis.edu)
WWW: http://www.vim.org/


### Information for weechat-0.3.4:

Comment:
**A lightweight and user friendly ncurse based IRC client**

Description:
WeeChat (Wee Enhanced Environment for Chat) is a fast and light IRC
client. Everything can be done with a keyboard, and it is customizable
and extensible with scripts. For the moment, only ncurse GUI is
supported by this port.

WWW: http://weechat.org


### Information for zsh-4.3.10_4:

Comment:
**The Z shell**

Description:
Zsh is a UNIX command interpreter (shell) which of the standard shells
most resembles the Korn shell (ksh), although it is not completely
compatible.  It includes enhancements of many types, notably in the
command-line editor, options for customising its behaviour, filename
globbing, features to make C-shell (csh) users feel more at home and
extra features drawn from tcsh (another `custom' shell).

If you want to use zsh completion system, you should type the following
commands:

    $ autoload -U compinstall
    $ compinstall

See also zshcompsys(1) manpage. :)

WWW: http://www.zsh.org/

Ubuntu Oneiric Ocelot Installation

With a freshly installed FreeBSD 8.2-Release on my system, I knew that I had a lot of tinkering to do on the extremely bare bones system. With that in mind, I also chose to install a meta-distribution of Linux that had everything set up from the get go, so as to have a working environment while I slowly tweaked FreeBSD.

Enter Ubuntu Linux 11.10 “Oneiric Ocelot”

7365437102_b129fb882f

Negative reviews of the product from other users did not affect my decision to use Oneiric one bit. Never having frequently used the old Gnome 2 GUI, I hardly found Gnome 3’s GUI to be offensive - in fact, I found it quite easy to use. With Oneiric, all of my devices were detected, 3D graphics acceleration was working splendidly, and web-browsing was smooth as could be. Additionally, with the help of this site, my Oneiric installation was also able to fully utilize my FreeBSD’s zpools.

FreeBSD as NAS

Upon searching for a local file-serving solution, I chanced upon FreeNAS (which was based on FreeBSD.) While FreeNAS offered a very flexible GUI to enable network services, it was essentially a stripped-down version of FreeBSD that lacked tools that were normally present in a vanilla FreeBSD installation. Additionally, FreeNAS’s installation menu did not provide a ‘fixit shell’ that I could use to create a custom ZFS root layout. As I was already using a barebones FreeBSD system for web hosting, I decided to alter it slightly to make room for indefinite data storage (ZFS).

I re-installed FreeBSD (8.2) on a ZFS root with GPT following this guide. I had to additionally run /stand/sysinstall as root to configure my network settings, and to install the Samba package as well as other miscellaneous packages.